Feat(user): clean tmux install

README.md

@@ -1,3 +1,5 @@
-# Ansible Molecule Vagrant - test
+# Deploying my computers
 
-## 2021-12-22:
+## Combava
+
+    sudo ANSIBLE_STDOUT_CALLBACK=yaml ansible-playbook combava.yml --ask-vault-pass

combava.yml

@@ -4,18 +4,30 @@
   become: true
   vars_files:
     - vars/users.yml
-  vars:
-    users:
-      - "{{ me }}"
-      - "{{ admin }}"
+    - vars/combava.yml
   pre_tasks:
     - name: update pacman cache
       community.general.pacman:
         update_cache: yes
-  roles:
-    - arch_aur
-    - core
-    - workstation
-    - users
-    - dotfiles
-      #- gnome
+
+  tasks:
+    - name: Set up aur env
+      include_role: 
+        name: arch_aur
+
+    - name: Install core packages
+      include_role: 
+        name: core
+
+    - name: Set up workstation
+      include_role: 
+        name: workstation
+
+    - name: Include user
+      include_role:
+        name: "user"
+      loop:
+        - "{{ me }}"
+        - "{{ admin }}"
+      loop_control:
+        loop_var: user

home.yml

@@ -0,0 +1,98 @@
+---
+- name: nas
+  hosts: nas
+  become: true
+  vars_files:
+    - vars/users.yml
+    - vars/home.yml
+    - vars/nas_secrets.yml
+    - vars/nas.yml
+
+  pre_tasks:
+    - name: Update
+      apt:
+        update_cache: true
+        upgrade: true
+
+  roles:
+    - role: core
+
+    - role: ssh
+      tags:
+        - ssh
+
+    - role: samba_server
+      tags:
+        - samba_server
+
+    - role: nfs_server
+      tags:
+        - nfs_server
+
+    - role: nut
+      tags:
+        - nut
+
+    - role: geerlingguy.docker
+      tags:
+        - docker
+
+    - role: mpd
+      tags:
+        - mpd
+
+    - role: minidlna
+      tags:
+        - minidlna
+
+  tasks:
+    - name: Include user
+      include_role:
+        name: "user"
+      loop:
+        - "{{ admin }}"
+      loop_control:
+        loop_var: user
+      tags:
+        - user
+
+    - name: Remove firstboot user
+      ansible.builtin.user:
+        name: foo
+        state: absent
+        remove: yes
+      tags:
+        - user
+
+    - name: Set up monitoring server
+      debug:
+        msg: Todo
+
+    - name: Set up homeassistant
+      debug:
+        msg: Todo
+
+
+          #- name: Set up collectd
+          #  include_role:
+          #    name: collectd
+
+- name: backup
+  hosts: backup
+  vars_files:
+    - vars/home.yml
+    - vars/backup.yml
+    - vars/backup_secret.yml
+
+  tasks:
+    - name: NFS shares client
+      include_role:
+        name: nfs_client
+
+    - name: Set up borgmatic
+      include_role:
+        name: borgmatic
+
+    - name: Set up collectd
+      include_role:
+        name: collectd

inventories/home.ini

@@ -0,0 +1,5 @@
+[backup]
+ChouxBackupVM
+
+[nas]
+Nas

requirements.txt

@@ -1,4 +1,6 @@
+ansible==5.1.0
 ansible-compat==0.5.0
+ansible-core==2.12.1
 arrow==1.2.1
 attrs==21.4.0
 bcrypt==3.2.0
@@ -7,7 +9,7 @@ Cerberus==1.3.2
 certifi==2021.10.8
 cffi==1.15.0
 chardet==4.0.0
-charset-normalizer==2.0.9
+charset-normalizer==2.0.10
 click==8.0.3
 click-help-colors==0.9.1
 colorama==0.4.4
@@ -23,8 +25,10 @@ jinja2-time==0.2.0
 MarkupSafe==2.0.1
 molecule==3.5.2
 molecule-vagrant==1.0.0
+multipledispatch==0.6.0
 packaging==21.3
 paramiko==2.9.1
+pathspec==0.9.0
 pluggy==1.0.0
 poyo==0.5.0
 py==1.11.0
@@ -39,11 +43,13 @@ python-slugify==5.0.2
 python-vagrant==0.5.15
 PyYAML==5.4.1
 requests==2.27.0
+resolvelib==0.5.4
 rich==10.16.2
 selinux==0.2.1
 six==1.16.0
 subprocess-tee==0.3.5
-testinfra==6.0.0
+tabulate==0.8.9
 text-unidecode==1.3
 toml==0.10.2
 urllib3==1.26.7
+yamllint==1.26.3

roles/.vagrant/bundler/global.sol

@@ -1 +0,0 @@
-{"dependencies":[["racc",["~> 1.4"]],["nokogiri",["~> 1.6"]],["rexml",[">= 0"]],["formatador",["~> 0.2"]],["excon",["~> 0.71"]],["mime-types-data",["~> 3.2015"]],["mime-types",[">= 0"]],["builder",[">= 0"]],["fog-core",["~> 2.1"]],["json",[">= 0"]],["ruby-libvirt",[">= 0.7.0"]],["fog-xml",["~> 0.1.1"]],["multi_json",["~> 1.10"]],["fog-json",[">= 0"]],["fog-libvirt",[">= 0.6.0"]],["vagrant-libvirt",["= 0.7.0"]]],"checksum":"8fb75bcc7ceadece358816f104fd6957b12a29b3415d84307b15e0266c9c38e6","vagrant_version":"2.2.19"}

roles/.vagrant/machines/default/virtualbox/action_provision

@@ -1 +0,0 @@
-1.5:88d04ce1-4b15-4a61-9633-872ba9382671

roles/.vagrant/machines/default/virtualbox/action_set_name

@@ -1 +0,0 @@
-1641372873

roles/.vagrant/machines/default/virtualbox/box_meta

@@ -1 +0,0 @@
-{"name":"archlinux/archlinux","version":"20211201.40458","provider":"virtualbox","directory":"boxes/archlinux-VAGRANTSLASH-archlinux/20211201.40458/virtualbox"}

roles/.vagrant/machines/default/virtualbox/creator_uid

@@ -1 +0,0 @@
-1000

roles/.vagrant/machines/default/virtualbox/id

@@ -1 +0,0 @@
-88d04ce1-4b15-4a61-9633-872ba9382671

roles/.vagrant/machines/default/virtualbox/index_uuid

@@ -1 +0,0 @@
-6de8af4689ef4d91bedd37146eaa50e7

roles/.vagrant/machines/default/virtualbox/private_key

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA4c9PfVN1TDwLYPPo0jhpVCNN0Sgencxm4O2QiUwH5Evl4R9q
-m3t9n8kfGrvT3AzMxt91HB9NgfdxU9k30t5Bk43yeSyCdAFBKvBCFG6QYq7ZoEVh
-BSrsIvr1TSjmlAjdlPjWJ+fRiZd6aM4HPHbEhXUQ0M5GQvTUw8uM25HdMp+IUFDf
-wsflqwSX4Ap3oMteY7+Url0b1UsbiTdWevaim1ujuTECWU5Z4KNHn29YteTxujUT
-uk7+tpEmU7/1F8jvzxHLxrj25XS0/HwhXhSCQ36vNiOZPakBvLM8b/Qf9LQRKm3T
-XhE3vtk8ijTX7yj5BOXVmsy0fIrqwCUzW/PPwQIDAQABAoIBAASXx+EfsnITgpO9
-Qk4MUbAha7LGYyEIiEso6dixEDQHiyxyDCQPdfWrDJPpoByIsh2Va/dfd58eHlL7
-RxRl6uWKbJUkX57ma6Ho8x8hRJSNQ+Xro1aMkfMAMb8ZBt+Z8o/WI9z57RwkVZwO
-HL2RGNwyDl6A45L3EeDNohbRN7OQ21QBLyHCjpvyo+l7HeLzmlvmo/BjBN0SG+mF
-ofFBF38V2PQG3pZbcay7PtjD7MpEKYGPVlwmajMEZzU0Gponun2zXVspbzRAw8tq
-Dw1Eu9gjLLEfexaYSTrJBr6hghtxDr/AvlJnUMfzKxhAMkfBdzsSf1GLZoImQc8L
-fTAOZvECgYEA/oSx99jo9v8OdxGC97+wtYE85guH0VZX+14jcjhSyYNT6gxKWolK
-KfbyJ6JTaHaSR6AZXeLmPk6ELZf7yT67VCz7Q4uF+2y2BThy2yQEACifocLDAuNw
-E0KQ/alVnxQGGy3MdqgZjc3zKNtYnfP9EbgIKYtSBBX5xbLvcN+pIC0CgYEA4x/U
-2F5PySAaQpV8Skjoebx8Lus+Sw4H3sAxww7HzxLHYb3V1FL8sO93+cTiBnz6wAyA
-vjKs3I314fSNeZPaNP9CTuZaqnzIqfhNK3gjHX8d4pEcj87qaukWnt2dyRjq/tuA
-5ES6jp6FFYXl60AqXqaaw6yg5X4KuBo2Sor3VmUCgYEA8mzD8vYZWAIy7fixDXf5
-Qbjan6eF8z/Rx6ywCIBbYnODfx+7xqaUDIqZtmSoG40s4ao93y5a7iftQFxOSC5H
-UfMSVRDVSlkOusQ8qjyQzvHisroG835c5wt1fRdIZaA1/LdP1AljZa0wGc9rhe+7
-MaBfrep08U1ZPhSkepeeyPUCgYB8y7697IRWdMc5Er4qawkh6skpVqTxxJHaeSxe
-iz6KrzzSneZiNf8WkV4Q5Xd0LTPyVmxfFaUZwv752s/pn63kNOWQSM5Eoy/3BLIS
-Un6o9HHNTgKtmfoAKHb/b7IFDyYAR0f5JTKEruFdRCdjLeyZ+V1Maww1TR5CrlRq
-fRUOaQKBgQCGrP7IZ1mK/CR/vOW3Uq4J6q4/PgvKEnUDbIARUVA8ACMklELjcGNH
-oiFc/gaQSS9u1typz2OpqCZZuA7kuPjD4B7okfrYOjJtNRfaaAe0eVkZ06IhfxgM
-4T8xIVSuP78ZoPmfXKFoHU1vEgWiQ5YpSe18t+4IrmozRHS+QuCK+A==
------END RSA PRIVATE KEY-----

roles/.vagrant/machines/default/virtualbox/synced_folders

@@ -1 +0,0 @@
-{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/media/documents/scripts/test_ansible/roles","disabled":false,"__vagrantfile":true}}}

roles/.vagrant/machines/default/virtualbox/vagrant_cwd

@@ -1 +0,0 @@
-/media/documents/scripts/test_ansible/roles

roles/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory

@@ -1,3 +0,0 @@
-# Generated by Vagrant
-
-default ansible_host=127.0.0.1 ansible_port=2222 ansible_user='vagrant' ansible_ssh_private_key_file='/media/documents/scripts/test_ansible/roles/.vagrant/machines/default/virtualbox/private_key'

roles/.vagrant/rgloader/loader.rb

@@ -1,9 +0,0 @@
-# This file loads the proper rgloader/loader.rb file that comes packaged
-# with Vagrant so that encoded files can properly run with Vagrant.
-
-if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
-  require File.expand_path(
-    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
-else
-  raise "Encoded files can't be read outside of the Vagrant installer."
-end

roles/arch_aur/tasks/main.yml

@@ -16,20 +16,13 @@
     create: yes
     validate: 'visudo -cf %s'
 
-- name: Install base-devel
+- name: Install base-devel and cmake
   community.general.pacman:
-    name: base-devel
+    name: 
+      - base-devel
+      - cmake
     state: present
 
-      # - name: Git clone ansible-aur
-      #   git:
-      #     repo: https://github.com/kewlfft/ansible-aur.git
-      #     dest: ~/.ansible/plugins/modules/aur
-      #     version: master
-      #     accept_hostkey: yes
-      #   become: yes
-      #   become_user: aur_builder
-
 - name: Install Yay
   aur:
     name: yay

roles/borgmatic/README.md

@@ -0,0 +1,28 @@
+Borgmatic
+=========
+
+Deploy borgmatic and configure it.
+
+
+Role Variables
+--------------
+
+Available variables are listed below, along with default values (see defaults/main.yml):
+
+    borg_source_directories # list of folder to backup
+    borg_repository # list of repositories
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+

roles/borgmatic/defaults/main.yml

@@ -0,0 +1,35 @@
+---
+# defaults file for borgmatic
+borgmatic_name: default
+borg_encryption_passphrase: ''
+borg_source_directories: []
+borg_repository: []
+borg_exclude_patterns: []
+borgmatic_config_file: "/etc/borgmatic/{{ borgmatic_name }}.yaml"
+borgmatic_large_repo: true
+borgmatic_hooks:
+  on_error:
+  - echo "`date` - Error while creating a backup."
+  before_backup:
+  - echo "`date` - Starting backup."
+  after_backup:
+  - echo "`date` - Finished backup."
+borgmatic_checks:
+  - repository
+borgmatic_check_last: 3
+borgmatic_store_atime: true
+borgmatic_store_ctime: true
+borgmatic_relocated_repo_access_is_ok: false
+borg_one_file_system: true
+borg_exclude_from: []
+borg_encryption_passcommand: false
+borg_lock_wait_time: 5
+borg_ssh_command: false
+borg_remote_path: false
+borg_remote_rate_limit: 0
+borg_retention_policy:
+  keep_hourly: 3
+  keep_daily: 7
+  keep_weekly: 4
+  keep_monthly: 6
+create_repo: False

roles/borgmatic/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+# handlers file for borgmatic
+- name: reload systemd
+  systemd: 
+    daemon_reload: yes

roles/borgmatic/molecule/default/converge.yml

@@ -0,0 +1,26 @@
+---
+- name: Converge
+  hosts: all
+  become: yes
+  vars:
+    - borg_source_directories:
+      - /media/test1/
+      - /media/test2/
+    - borg_repository:
+      - /backup/
+    
+  pre_tasks:
+    - name: Update apt cache
+      apt:
+        update_cache: yes
+
+    - name: Create sources directories
+      file:
+        path: "{{ item }}"
+        state: directory
+      with_items: "{{ borg_source_directories + borg_repository}}"
+
+  tasks:
+    - name: "Include borgmatic"
+      include_role:
+        name: "borgmatic"

roles/borgmatic/molecule/default/molecule.yml

@@ -3,12 +3,17 @@ dependency:
   name: galaxy
 driver:
   name: vagrant
+  provider:
+    name: virtualbox
 platforms:
-  - name: archlinux
-    box: "archlinux/archlinux"
   - name: Debian
     box: "debian/bullseye64"
+    pre_build_image: true
+
 provisioner:
   name: ansible
 verifier:
   name: testinfra
+  options:
+    sudo: true
+    v: 3

roles/borgmatic/molecule/default/tests/test_default.py

@@ -0,0 +1,20 @@
+"""Role testing files using testinfra."""
+import pytest
+
+def test_installed_packages(host):
+    borgbackup = host.package("borgbackup")
+    assert borgbackup.is_installed
+    borgmatic = host.package("borgmatic")
+    assert borgmatic.is_installed
+
+def test_borgmatic_config(host):
+    config_file = "/etc/borgmatic/default.yaml"
+    config = host.file(config_file)
+    assert config.exists
+    valid_config = host.run(f"sudo validate-borgmatic-config -c {config_file}")
+    assert valid_config.succeeded
+
+def test_borgmatic_service(host):
+    borgmatic_service = host.service("borgmatic_default") 
+    assert borgmatic_service.is_valid
+    assert borgmatic_service.is_enabled

roles/borgmatic/tasks/main.yml

@@ -0,0 +1,67 @@
+---
+# tasks file for borgmatic
+- name: debug
+  debug:
+    msg: "{{ borgmatic_config_file }}"
+
+- name: Assert borg_source_directories not empty
+  assert:
+    that: "{{ borg_source_directories != [] }}"
+
+- name: Assert borg_repository not empty
+  assert:
+    that: "{{ borg_repository != [] }}"
+
+- name: stat on sources
+  stat:
+    path: "{{ item }}"
+  with_items: "{{ borg_source_directories }}"
+  register: sources_exists
+
+- name: Assert sources exists
+  assert:
+    that: "{{ item }}.stat.exists"
+  with_items: "{{ sources_exists.results }}"
+
+- name: Install borg and borgmatic
+  apt:
+    name: "{{ item }}"
+    state: present 
+  with_items:
+    - borgbackup
+    - borgmatic
+
+- name: Make dir for borgmatic in etc
+  file:
+    path: "/etc/borgmatic"
+    state: directory
+
+- name: Borgmatic config
+  template:
+    src: config.yaml.j2
+    dest: "{{ borgmatic_config_file }}"
+    mode: 644
+    validate: "validate-borgmatic-config -c %s"
+
+- name: copy systemd service
+  template:
+    src: service.j2
+    dest: "/lib/systemd/system/borgmatic_{{ borgmatic_name }}.service"
+    mode: 644
+  notify: "reload systemd"
+
+- name: copy systemd timer for executing borgmatic after boot
+  template:
+    src: afterboot.timer.j2
+    dest: "/lib/systemd/system/borgmatic_{{ borgmatic_name }}.timer"
+  notify: "reload systemd"
+
+- name: disable service
+  systemd:
+    name: "borgmatic_{{ borgmatic_name }}.service"
+    enabled: no
+
+- name: enable timer
+  systemd:
+    name: "borgmatic_{{ borgmatic_name }}.timer"
+    enabled: yes

roles/borgmatic/templates/afterboot.timer.j2

@@ -0,0 +1,11 @@
+#jinja2: lstrip_blocks: "True", trim_blocks: "True"
+{{ ansible_managed | comment }}
+[Unit]
+Description=Run borgmatic {{ borgmatic_name }} backup
+
+[Timer]
+OnBootSec=2min
+Persistent=true
+
+[Install]
+WantedBy=timers.target

roles/borgmatic/templates/config.yaml.j2

@@ -0,0 +1,187 @@
+#jinja2: lstrip_blocks: "True", trim_blocks: "True"
+---
+# From borgbase/ansible-role-borgbackup
+
+{{ ansible_managed | comment }}
+
+# Full config: https://torsion.org/borgmatic/docs/reference/config.yaml
+location:
+    source_directories:
+{% for dir in borg_source_directories %}
+        - {{ dir }}
+{% endfor %}
+
+    # Stay in same file system (do not cross mount points).
+    one_file_system: {{ borg_one_file_system }}
+    repositories:
+{% if borg_repository is iterable and (borg_repository is not string and borg_repository is not mapping) %}
+  {% for repo in borg_repository %}
+        - {{ repo }}
+  {% endfor %}
+{% elif borg_repository is defined and borg_repository is string %}
+        - {{ borg_repository }}
+{% endif %}
+
+    # Store atime into archive.
+    atime: {{ borgmatic_store_atime }}
+
+    # Store ctime into archive.
+    ctime: {{ borgmatic_store_ctime }}
+
+{% if borg_exclude_patterns %}
+    # Any paths matching these patterns are excluded from backups. Globs and tildes
+    # are expanded. See the output of "borg help patterns" for more details.
+    exclude_patterns:
+{% for dir in borg_exclude_patterns %}
+        - '{{ dir }}'
+{% endfor %}
+{% endif %}
+{% if borg_exclude_from %}
+    # Read exclude patterns from one or more separate named files, one pattern per
+    # line. See the output of "borg help patterns" for more details.
+    exclude_from:
+{% for dir in borg_exclude_from %}
+        - {{ dir }}
+{% endfor %}
+{% endif %}
+
+    # Exclude directories that contain a CACHEDIR.TAG file. See
+    # http://www.brynosaurus.com/cachedir/spec.html for details.
+    exclude_caches: true
+
+    # Exclude directories that contain a file with the given filename.
+    exclude_if_present: .nobackup
+
+    # Alternate Borg remote executable. Defaults to "borg".
+    # remote_path: borg1
+{% if borg_remote_path %}
+    remote_path: {{ borg_remote_path }}
+{% endif %}
+
+# Repository storage options. See
+# https://borgbackup.readthedocs.io/en/stable/usage.html#borg-create and
+# https://borgbackup.readthedocs.io/en/stable/usage/general.html#environment-variables for
+# details.
+storage:
+    encryption_passphrase: {{ borg_encryption_passphrase }}
+
+    # The standard output of this command is used to unlock the encryption key. Only
+    # use on repositories that were initialized with passcommand/repokey encryption.
+    # Note that if both encryption_passcommand and encryption_passphrase are set,
+    # then encryption_passphrase takes precedence.
+    # encryption_passcommand: secret-tool lookup borg-repository repo-name
+{% if borg_encryption_passcommand %}
+    encryption_passcommand: {{ borg_encryption_passcommand }}
+{% endif %}
+
+    # Type of compression to use when creating archives. See
+    # https://borgbackup.readthedocs.org/en/stable/usage.html#borg-create for details.
+    # Defaults to no compression.
+    compression: auto,zstd
+
+    # Remote network upload rate limit in kiBytes/second.
+{% if borg_remote_rate_limit %}
+    remote_rate_limit: {{ borg_remote_rate_limit }}
+{% endif %}
+
+    # Command to use instead of just "ssh". This can be used to specify ssh options.
+    # ssh_command: ssh -i ~/.ssh/id_ed25519
+{% if borg_ssh_command %}
+    ssh_command: {{ borg_ssh_command }}
+{% endif %}
+
+    # Umask to be used for borg create.
+    umask: 0077
+
+    # Maximum seconds to wait for acquiring a repository/cache lock.
+    lock_wait: {{ borg_lock_wait_time }}
+
+    # Name of the archive. Borg placeholders can be used. See the output of
+    # "borg help placeholders" for details. Default is
+    # "{hostname}-{now:%Y-%m-%dT%H:%M:%S.%f}". If you specify this option, you must
+    # also specify a prefix in the retention section to avoid accidental pruning of
+    # archives with a different archive name format. And you should also specify a
+    # prefix in the consistency section as well.
+    archive_name_format: '{hostname}-{{ borgmatic_name }}-{now:%Y-%m-%d-%H%M%S}'
+
+    # Bypass Borg error about a repository that has been moved.
+    relocated_repo_access_is_ok: {{ borgmatic_relocated_repo_access_is_ok }}
+
+# Retention policy for how many backups to keep in each category. See
+# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-prune for details.
+# At least one of the "keep" options is required for pruning to work.
+retention:
+{% if borg_retention_policy.keep_secondly is defined %}
+    # Number of secondly archives to keep.
+    keep_secondly: {{ borg_retention_policy.keep_secondly }}
+{% endif %}
+
+{% if borg_retention_policy.keep_minutely is defined %}
+    # Number of minutely archives to keep.
+    keep_minutely: {{ borg_retention_policy.keep_minutely }}
+{% endif %}
+
+{% if borg_retention_policy.keep_hourly is defined %}
+    # Number of hourly archives to keep.
+    keep_hourly: {{ borg_retention_policy.keep_hourly }}
+{% endif %}
+
+{% if borg_retention_policy.keep_daily is defined %}
+    # Number of daily archives to keep.
+    keep_daily: {{ borg_retention_policy.keep_daily }}
+{% endif %}
+
+{% if borg_retention_policy.keep_weekly is defined %}
+    # Number of weekly archives to keep.
+    keep_weekly: {{ borg_retention_policy.keep_weekly }}
+{% endif %}
+
+{% if borg_retention_policy.keep_monthly is defined %}
+    # Number of monthly archives to keep.
+    keep_monthly: {{ borg_retention_policy.keep_monthly }}
+{% endif %}
+
+{% if borg_retention_policy.keep_yearly is defined %}
+    # Number of yearly archives to keep.
+    keep_yearly: {{ borg_retention_policy.keep_yearly }}
+{% endif %}
+
+    # When pruning, only consider archive names starting with this prefix.
+    # Borg placeholders can be used. See the output of "borg help placeholders" for
+    # details. Default is "{hostname}-".
+    prefix: '{hostname}-{{ borgmatic_name }}'
+
+# Consistency checks to run after backups. See
+# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-check and
+# https://borgbackup.readthedocs.org/en/stable/usage.html#borg-extract for details.
+consistency:
+    # List of one or more consistency checks to run: "repository",
+    # "archives", "data", and/or "extract". Defaults to
+    # "repository" and "archives". Set to "disabled" to disable
+    # all consistency checks. "repository" checks the consistency
+    # of the repository, "archives" checks all of the archives,
+    # "data" verifies the integrity of the data within the
+    # archives, and "extract" does an extraction dry-run of the
+    # most recent archive. Note that "data" implies "archives".
+    checks:
+    {% for checks in borgmatic_checks %}
+        - {{ checks }}
+    {% endfor %}
+
+    # Restrict the number of checked archives to the last n. Applies only to the "archives" check.
+    check_last: {{ borgmatic_check_last }}
+
+    # When performing the "archives" check, only consider archive names starting with
+    # this prefix. Borg placeholders can be used. See the output of
+    # "borg help placeholders" for details. Default is "{hostname}-".
+    prefix: '{hostname}-{{ borgmatic_name }}'
+
+# Shell commands or scripts to execute before and after a backup or if an error has occurred.
+# IMPORTANT: All provided commands and scripts are executed with user permissions of borgmatic.
+# Do not forget to set secure permissions on this file as well as on any script listed (chmod 0700) to
+# prevent potential shell injection or privilege escalation.
+hooks:
+{% for hook in borgmatic_hooks %}
+    {{ hook }}:
+        {{ borgmatic_hooks[hook] | to_nice_yaml(indent=2) | trim | indent(8) }}
+{% endfor %}

roles/borgmatic/templates/service.j2

@@ -0,0 +1,14 @@
+#jinja2: lstrip_blocks: "True", trim_blocks: "True"
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=borgmatic {{ borgmatic_name }}backup
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=oneshot
+
+# Delay start to prevent backups running during boot. Note that systemd-inhibit requires dbus and
+# dbus-user-session to be installed.
+ExecStart=/usr/bin/systemd-inhibit --who="borgmatic {{ borgmatic_name }}" --why="Prevent interrupting scheduled backup" /usr/bin/borgmatic -c {{ borgmatic_config_file }} --verbosity -1 --syslog-verbosity 1

roles/borgmatic/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - borgmatic

roles/borgmatic/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for borgmatic

roles/collectd/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for collectd

roles/collectd/files/types.db

@@ -0,0 +1,316 @@
+absolute                value:ABSOLUTE:0:U
+apache_bytes            value:DERIVE:0:U
+apache_connections      value:GAUGE:0:65535
+apache_idle_workers     value:GAUGE:0:65535
+apache_requests         value:DERIVE:0:U
+apache_scoreboard       value:GAUGE:0:65535
+ath_nodes               value:GAUGE:0:65535
+ath_stat                value:DERIVE:0:U
+backends                value:GAUGE:0:65535
+bad_peb_count           value:COUNTER:0:U
+bitrate                 value:GAUGE:0:4294967295
+blocked_clients         value:GAUGE:0:U
+bool                    value:GAUGE:0:1
+bucket                  value:GAUGE:0:U
+buffer                  value:GAUGE:0:18446744073709551615
+bytes                   value:GAUGE:0:U
+cache_eviction          value:DERIVE:0:U
+cache_operation         value:DERIVE:0:U
+cache_ratio             value:GAUGE:0:100
+cache_result            value:DERIVE:0:U
+cache_size              value:GAUGE:0:1125899906842623
+capacity                value:GAUGE:0:U
+ceph_bytes              value:GAUGE:U:U
+ceph_latency            value:GAUGE:U:U
+ceph_rate               value:DERIVE:0:U
+changes_since_last_save value:GAUGE:0:U
+charge                  value:GAUGE:0:U
+clock_last_meas         value:GAUGE:0:U
+clock_last_update       value:GAUGE:U:U
+clock_mode              value:GAUGE:0:U
+clock_reachability      value:GAUGE:0:U
+clock_skew_ppm          value:GAUGE:0:1000000
+clock_state             value:GAUGE:0:U
+clock_stratum           value:GAUGE:0:U
+compression             uncompressed:DERIVE:0:U, compressed:DERIVE:0:U
+compression_ratio       value:GAUGE:0:2
+commands                value:DERIVE:0:U
+connections             value:DERIVE:0:U
+conntrack               value:GAUGE:0:4294967295
+contextswitch           value:DERIVE:0:U
+controller              value:GAUGE:0:18446744073709551615
+cookies                 value:DERIVE:0:U
+count                   value:GAUGE:0:U
+counter                 value:COUNTER:U:U
+cpu                     value:DERIVE:0:U
+cpu_affinity            value:GAUGE:0:1
+cpufreq                 value:GAUGE:0:U
+current                 value:GAUGE:U:U
+current_connections     value:GAUGE:0:U
+current_sessions        value:GAUGE:0:U
+delay                   value:GAUGE:-1000000:1000000
+delay_rate              value:GAUGE:0:U
+derive                  value:DERIVE:0:U
+df                      used:GAUGE:0:1125899906842623, free:GAUGE:0:1125899906842623
+df_complex              value:GAUGE:0:U
+df_inodes               value:GAUGE:0:U
+dilution_of_precision   value:GAUGE:0:U
+disk_allocation         value:GAUGE:0:U
+disk_capacity           value:GAUGE:0:U
+disk_error              value:GAUGE:0:U
+disk_io_time            io_time:DERIVE:0:U, weighted_io_time:DERIVE:0:U
+disk_latency            read:GAUGE:0:U, write:GAUGE:0:U
+disk_merged             read:DERIVE:0:U, write:DERIVE:0:U
+disk_octets             read:DERIVE:0:U, write:DERIVE:0:U
+disk_ops                read:DERIVE:0:U, write:DERIVE:0:U
+disk_ops_complex        value:DERIVE:0:U
+disk_physical           value:GAUGE:0:U
+disk_time               read:DERIVE:0:U, write:DERIVE:0:U
+dns_answer              value:DERIVE:0:U
+dns_notify              value:DERIVE:0:U
+dns_octets              queries:DERIVE:0:U, responses:DERIVE:0:U
+dns_opcode              value:DERIVE:0:U
+dns_qtype               value:DERIVE:0:U
+dns_qtype_cached        value:GAUGE:0:4294967295
+dns_query               value:DERIVE:0:U
+dns_question            value:DERIVE:0:U
+dns_rcode               value:DERIVE:0:U
+dns_reject              value:DERIVE:0:U
+dns_request             value:DERIVE:0:U
+dns_resolver            value:DERIVE:0:U
+dns_response            value:DERIVE:0:U
+dns_transfer            value:DERIVE:0:U
+dns_update              value:DERIVE:0:U
+dns_zops                value:DERIVE:0:U
+domain_state            state:GAUGE:0:U, reason:GAUGE:0:U
+dpdk_telemetry          value:COUNTER:0:U
+drbd_resource           value:DERIVE:0:U
+duration                seconds:GAUGE:0:U
+email_check             value:GAUGE:0:U
+email_count             value:GAUGE:0:U
+email_size              value:GAUGE:0:U
+energy                  value:GAUGE:U:U
+energy_wh               value:GAUGE:U:U
+entropy                 value:GAUGE:0:4294967295
+errors                  value:DERIVE:0:U
+evicted_keys            value:DERIVE:0:U
+expired_keys            value:DERIVE:0:U
+fanspeed                value:GAUGE:0:U
+file_handles            value:GAUGE:0:U
+file_size               value:GAUGE:0:U
+files                   value:GAUGE:0:U
+filter_result           value:DERIVE:0:U
+flow                    value:GAUGE:0:U
+fork_rate               value:DERIVE:0:U
+freepages               value:GAUGE:0:U
+frequency               value:GAUGE:0:U
+frequency_error         value:GAUGE:-1000000:1000000
+frequency_offset        value:GAUGE:-1000000:1000000
+fscache_stat            value:DERIVE:0:U
+gauge                   value:GAUGE:U:U
+hash_collisions         value:DERIVE:0:U
+health                  value:GAUGE:0:18446744073709551615
+http_request_methods    value:DERIVE:0:U
+http_requests           value:DERIVE:0:U
+http_response_codes     value:DERIVE:0:U
+humidity                value:GAUGE:0:100
+if_collisions           value:DERIVE:0:U
+if_dropped              rx:DERIVE:0:U, tx:DERIVE:0:U
+if_errors               rx:DERIVE:0:U, tx:DERIVE:0:U
+if_multicast            value:DERIVE:0:U
+if_octets               rx:DERIVE:0:U, tx:DERIVE:0:U
+if_packets              rx:DERIVE:0:U, tx:DERIVE:0:U
+if_rx_dropped           value:DERIVE:0:U
+if_rx_errors            value:DERIVE:0:U
+if_rx_nohandler         value:DERIVE:0:U
+if_rx_octets            value:DERIVE:0:U
+if_rx_packets           value:DERIVE:0:U
+if_tx_dropped           value:DERIVE:0:U
+if_tx_errors            value:DERIVE:0:U
+if_tx_octets            value:DERIVE:0:U
+if_tx_packets           value:DERIVE:0:U
+invocations             value:DERIVE:0:U
+io_octets               rx:DERIVE:0:U, tx:DERIVE:0:U
+io_ops                  read:DERIVE:0:U, write:DERIVE:0:U
+io_packets              rx:DERIVE:0:U, tx:DERIVE:0:U
+ipc                     value:GAUGE:0:U
+ipt_bytes               value:DERIVE:0:U
+ipt_packets             value:DERIVE:0:U
+irq                     value:DERIVE:0:U
+job_stats               value:DERIVE:0:U
+latency                 value:GAUGE:0:U
+links                   value:GAUGE:0:U
+load                    shortterm:GAUGE:0:5000, midterm:GAUGE:0:5000, longterm:GAUGE:0:5000
+max_ec                  value:COUNTER:0:U
+media                   value:GAUGE:0:18446744073709551615
+memory_bandwidth        value:DERIVE:0:U
+md_disks                value:GAUGE:0:U
+memcached_command       value:DERIVE:0:U
+memcached_connections   value:GAUGE:0:U
+memcached_items         value:GAUGE:0:U
+memcached_octets        rx:DERIVE:0:U, tx:DERIVE:0:U
+memcached_ops           value:DERIVE:0:U
+memory                  value:GAUGE:0:281474976710656
+memory_lua              value:GAUGE:0:281474976710656
+memory_throttle_count   value:DERIVE:0:U
+multimeter              value:GAUGE:U:U
+mutex_operations        value:DERIVE:0:U
+mysql_bpool_bytes       value:GAUGE:0:U
+mysql_bpool_counters    value:DERIVE:0:U
+mysql_bpool_pages       value:GAUGE:0:U
+mysql_commands          value:DERIVE:0:U
+mysql_handler           value:DERIVE:0:U
+mysql_innodb_data       value:DERIVE:0:U
+mysql_innodb_dblwr      value:DERIVE:0:U
+mysql_innodb_log        value:DERIVE:0:U
+mysql_innodb_pages      value:DERIVE:0:U
+mysql_innodb_row_lock   value:DERIVE:0:U
+mysql_innodb_rows       value:DERIVE:0:U
+mysql_locks             value:DERIVE:0:U
+mysql_log_position      value:DERIVE:0:U
+mysql_octets            rx:DERIVE:0:U, tx:DERIVE:0:U
+mysql_select            value:DERIVE:0:U
+mysql_sort              value:DERIVE:0:U
+mysql_sort_merge_passes value:DERIVE:0:U
+mysql_sort_rows         value:DERIVE:0:U
+mysql_slow_queries      value:DERIVE:0:U
+nfs_procedure           value:DERIVE:0:U
+nginx_connections       value:GAUGE:0:U
+nginx_requests          value:DERIVE:0:U
+node_octets             rx:DERIVE:0:U, tx:DERIVE:0:U
+node_rssi               value:GAUGE:0:255
+node_stat               value:DERIVE:0:U
+node_tx_rate            value:GAUGE:0:127
+objects                 value:GAUGE:0:U
+operations              value:DERIVE:0:U
+operations_per_second   value:GAUGE:0:U
+packets                 value:DERIVE:0:U
+pending_operations      value:GAUGE:0:U
+percent                 value:GAUGE:0:100.1
+percent_bytes           value:GAUGE:0:100.1
+percent_inodes          value:GAUGE:0:100.1
+perf                    value:DERIVE:0:U
+pf_counters             value:DERIVE:0:U
+pf_limits               value:DERIVE:0:U
+pf_source               value:DERIVE:0:U
+pf_state                value:DERIVE:0:U
+pf_states               value:GAUGE:0:U
+pg_blks                 value:DERIVE:0:U
+pg_db_size              value:GAUGE:0:U
+pg_n_tup_c              value:DERIVE:0:U
+pg_n_tup_g              value:GAUGE:0:U
+pg_numbackends          value:GAUGE:0:U
+pg_scan                 value:DERIVE:0:U
+pg_xact                 value:DERIVE:0:U
+ping                    value:GAUGE:0:65535
+ping_droprate           value:GAUGE:0:1
+ping_stddev             value:GAUGE:0:65535
+players                 value:GAUGE:0:1000000
+pools                   value:GAUGE:0:U
+power                   value:GAUGE:U:U
+pressure                value:GAUGE:0:U
+protocol_counter        value:DERIVE:0:U
+ps_code                 value:GAUGE:0:9223372036854775807
+ps_count                processes:GAUGE:0:1000000, threads:GAUGE:0:1000000
+ps_cputime              user:DERIVE:0:U, syst:DERIVE:0:U
+ps_data                 value:GAUGE:0:9223372036854775807
+ps_disk_octets          read:DERIVE:0:U, write:DERIVE:0:U
+ps_disk_ops             read:DERIVE:0:U, write:DERIVE:0:U
+ps_pagefaults           minflt:DERIVE:0:U, majflt:DERIVE:0:U
+ps_rss                  value:GAUGE:0:9223372036854775807
+ps_stacksize            value:GAUGE:0:9223372036854775807
+ps_state                value:GAUGE:0:65535
+ps_vm                   value:GAUGE:0:9223372036854775807
+pstates_enabled         value:GAUGE:0:1
+pubsub                  value:GAUGE:0:U
+queue_length            value:GAUGE:0:U
+records                 value:GAUGE:0:U
+redis_command_cputime   value:DERIVE:0:U
+requests                value:GAUGE:0:U
+response_code           value:GAUGE:0:U
+response_time           value:GAUGE:0:U
+root_delay              value:GAUGE:U:U
+root_dispersion         value:GAUGE:U:U
+route_etx               value:GAUGE:0:U
+route_metric            value:GAUGE:0:U
+routes                  value:GAUGE:0:U
+satellites              value:GAUGE:0:U
+segments                value:GAUGE:0:65535
+serial_octets           rx:DERIVE:0:U, tx:DERIVE:0:U
+signal_noise            value:GAUGE:U:0
+signal_power            value:GAUGE:U:0
+signal_quality          value:GAUGE:0:U
+slurm_job_state         value:GAUGE:0:U
+slurm_node_state        value:GAUGE:0:U
+slurm_backfilled_jobs   value:DERIVE:0:U
+slurm_cycles            value:DERIVE:0:U
+slurm_cycle_last        value:GAUGE:0:U
+slurm_cycle_duration    value:DERIVE:0:U
+slurm_last_cycle_depth  value:GAUGE:0:U
+slurm_cycle_depth       value:DERIVE:0:U
+slurm_job_stats         value:DERIVE:0:U
+slurm_queue_length      value:DERIVE:0:U
+smart_attribute         current:GAUGE:0:255, worst:GAUGE:0:255, threshold:GAUGE:0:255, pretty:GAUGE:0:U
+smart_badsectors        value:GAUGE:0:U
+smart_powercycles       value:GAUGE:0:U
+smart_poweron           value:GAUGE:0:U
+smart_temperature       value:GAUGE:-300:300
+snr                     value:GAUGE:0:U
+spam_check              value:GAUGE:0:U
+spam_score              value:GAUGE:U:U
+spl                     value:GAUGE:U:U
+swap                    value:GAUGE:0:1099511627776
+swap_io                 value:DERIVE:0:U
+sysevent                value:GAUGE:0:1
+tcp_connections         value:GAUGE:0:4294967295
+tdp                     value:GAUGE:U:U
+temperature             value:GAUGE:U:U
+threads                 value:GAUGE:0:U
+time_dispersion         value:GAUGE:-1000000:1000000
+time_offset             value:GAUGE:-1000000:1000000
+time_offset_ntp         value:GAUGE:-1000000:1000000
+time_offset_rms         value:GAUGE:-1000000:1000000
+time_ref                value:GAUGE:0:U
+timeleft                value:GAUGE:0:U
+timestamp               value:GAUGE:0:18446744073709551615
+total_bytes             value:DERIVE:0:U
+total_connections       value:DERIVE:0:U
+total_events            value:DERIVE:0:U
+total_objects           value:DERIVE:0:U
+total_operations        value:DERIVE:0:U
+total_requests          value:DERIVE:0:U
+total_sessions          value:DERIVE:0:U
+total_threads           value:DERIVE:0:U
+total_time_in_ms        value:DERIVE:0:U
+total_values            value:DERIVE:0:U
+turbo_enabled           value:GAUGE:0:1
+transitions             value:DERIVE:0:U
+uptime                  value:GAUGE:0:4294967295
+uncore_ratio            value:GAUGE:0:U
+users                   value:GAUGE:0:65535
+vcl                     value:GAUGE:0:65535
+vcpu                    value:GAUGE:0:U
+virt_cpu_total          value:DERIVE:0:U
+virt_vcpu               value:DERIVE:0:U
+vmpage_action           value:DERIVE:0:U
+vmpage_faults           minflt:DERIVE:0:U, majflt:DERIVE:0:U
+vmpage_io               in:DERIVE:0:U, out:DERIVE:0:U
+vmpage_number           value:GAUGE:0:4294967295
+volatile_changes        value:GAUGE:0:U
+voltage                 value:GAUGE:U:U
+voltage_threshold       value:GAUGE:U:U, threshold:GAUGE:U:U
+vs_memory               value:GAUGE:0:9223372036854775807
+vs_processes            value:GAUGE:0:65535
+vs_threads              value:GAUGE:0:65535
+
+#
+# Legacy types
+# (required for the v5 upgrade target)
+#
+arc_counts              demand_data:COUNTER:0:U, demand_metadata:COUNTER:0:U, prefetch_data:COUNTER:0:U, prefetch_metadata:COUNTER:0:U
+arc_l2_bytes            read:COUNTER:0:U, write:COUNTER:0:U
+arc_l2_size             value:GAUGE:0:U
+arc_ratio               value:GAUGE:0:U
+arc_size                current:GAUGE:0:U, target:GAUGE:0:U, minlimit:GAUGE:0:U, maxlimit:GAUGE:0:U
+mysql_qcache            hits:COUNTER:0:U, inserts:COUNTER:0:U, not_cached:COUNTER:0:U, lowmem_prunes:COUNTER:0:U, queries_in_cache:GAUGE:0:U
+mysql_threads           running:GAUGE:0:U, connected:GAUGE:0:U, cached:GAUGE:0:U, created:COUNTER:0:U

roles/collectd/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# handlers file for collectd
+- name: Restart collectd
+  systemd:
+    name: collectd
+    state: restarted

roles/collectd/molecule/default/converge.yml

@@ -0,0 +1,19 @@
+---
+- name: Converge
+  become: yes
+  hosts: all
+  vars:
+    - collectd_network_server: 192.168.2.240
+    - collectd_network_port: 25826
+
+  pre_tasks:
+    - name: Update apt cache
+      apt:
+        update_cache: yes
+    - name: set hostname
+      hostname:
+        name: vagrantcollectd
+  tasks:
+    - name: "Include collectd"
+      include_role:
+        name: "collectd"

roles/collectd/molecule/default/molecule.yml

@@ -0,0 +1,19 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: vagrant
+  provider:
+    name: virtualbox
+platforms:
+  - name: Debian
+    box: "debian/bullseye64"
+    pre_build_image: true
+
+provisioner:
+  name: ansible
+verifier:
+  name: testinfra
+  options:
+    sudo: true
+    v: 3

roles/collectd/molecule/default/tests/test_default.py

@@ -0,0 +1,21 @@
+"""Role testing files using testinfra."""
+import pytest
+
+
+def test_installed_packages(host):
+    collectd = host.package("collectd-core")
+    assert collectd.is_installed
+
+
+def test_config(host):
+    collectd_config = host.file("/etc/collectd/collectd.conf")
+    assert collectd_config.exists
+
+    dtypes = host.file("/usr/share/collectd/types.db")
+    assert dtypes.exists
+
+
+def test_service(host):
+    collectd = host.service("collectd")
+    assert collectd.is_enabled
+    assert collectd.is_running

roles/collectd/molecule/default/verify.yml

@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Example assertion
+    assert:
+      that: true

roles/collectd/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+# tasks file for collectd
+
+- name: Install collectd
+  apt:
+    name: collectd-core
+    state: present
+
+- name: Make config dir
+  file:
+    path: "/etc/collectd/"
+    state: directory
+
+- name: Copy dtypes.db
+  copy:
+    src: types.db
+    dest: /usr/share/collectd/types.db
+
+- name: Feed config
+  template:
+    src: collectd.conf.j2
+    dest: /etc/collectd/collectd.conf
+    mode: 644
+  notify:
+    - Restart collectd
+
+- name: Enable collectd service
+  systemd:
+    name: "collectd.service"
+    enabled: yes

roles/collectd/templates/collectd.conf.j2

@@ -0,0 +1,18 @@
+Hostname    "{{ collectd_hostname | default(inventory_hostname) }}"
+TypesDB     "/usr/share/collectd/types.db"
+
+LoadPlugin network
+<Plugin "network">
+    Server "{{ collectd_network_server }}" "{{ collectd_network_port }}"
+</Plugin>
+
+LoadPlugin cpu
+LoadPlugin load
+LoadPlugin memory
+
+LoadPlugin df
+<Plugin "df">
+  IgnoreSelected true
+</Plugin>
+
+

roles/collectd/tests/test.yml

@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - users
+    - collectd

roles/collectd/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for collectd

roles/core/defaults/main.yml

@@ -29,7 +29,37 @@ pacman_admin:
   - cifs-utils
   - traceroute
   - smartmontools
+  - vifm
+  - w3m
 
 pacman_pkgs:
   - "{{ pacman_base }}"
   - "{{ pacman_admin }}"
+
+
+debian_base:
+  - vim
+  - tmux
+  - git
+  - gnupg
+  - zsh
+  - sudo
+
+debian_admin:
+  - wget
+  - ruby
+  - htop
+  - iotop
+  - nmap
+  - sshpass
+  - rsync
+  - unzip
+  - cifs-utils
+  - traceroute
+  - smartmontools
+  - vifm
+  - w3m
+
+debian_pkgs:
+  - "{{ debian_base }}"
+  - "{{ debian_admin }}"

roles/core/files/sudoers

@@ -0,0 +1,7 @@
+root  ALL=(ALL) ALL
+%sudo ALL=(ALL) ALL
+
+Defaults env_reset
+Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+#includedir /etc/sudoers.d

roles/core/meta/main.yml

@@ -1,52 +0,0 @@
-galaxy_info:
-  author: your name
-  description: your role description
-  company: your company (optional)
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
-  license: license (GPL-2.0-or-later, MIT, etc)
-
-  min_ansible_version: 2.1
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
-  # To view available platforms and versions (or releases), visit:
-  # https://galaxy.ansible.com/api/v1/platforms/
-  #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
-
-  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
-
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.

roles/core/molecule/default/converge.yml

@@ -1,6 +1,7 @@
 ---
 - name: Converge
   hosts: all
+  become: yes
   tasks:
     - name: "Include core"
       include_role:

roles/core/molecule/default/molecule.yml

@@ -1,10 +1,20 @@
 ---
 dependency:
   name: galaxy
+
 driver:
   name: vagrant
+  provider:
+    name: virtualbox
+
 platforms:
-  - name: instance
+  - name: archlinux
+    box: "archlinux/archlinux"
+    pre_build_image: true
+  - name: Debian
+    box: "debian/bullseye64"
+    pre_build_image: true
+
 provisioner:
   name: ansible
 verifier:

roles/core/tasks/archlinux.yml

@@ -0,0 +1,7 @@
+---
+- name: Archlinux - Install pkgs
+  community.general.pacman:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ pacman_pkgs }}"
+

roles/core/tasks/debian.yml

@@ -0,0 +1,6 @@
+---
+- name: Debian - Install pkgs
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ debian_pkgs }}"

roles/core/tasks/main.yml

@@ -1,8 +1,15 @@
 ---
 # tasks file for core
-- name: Install pkgs
-  community.general.pacman:
-    name: "{{ item }}"
-    state: present
-  with_items: "{{ pacman_pkgs }}"
+- name: Install os-specific packages
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
 
+- name: Configure sudoers
+  template:
+    src: files/sudoers
+    dest: /etc/sudoers
+    mode: 0440
+
+- name: Create sudo group
+  group:
+    name: sudo
+    state: present

roles/dotfiles/defaults/main.yml

@@ -1,8 +0,0 @@
----
-me:
-  username: 'user1'
-
-config2stow: ["nvim", "tmux", "zsh"]
-
-autofs:
-  - host: nas

roles/dotfiles/molecule/default/converge.yml

@@ -1,8 +0,0 @@
----
-- name: Converge
-  hosts: all
-  tasks:
-    - name: "Include dotfiles"
-      include_role:
-        name: "dotfiles"
-        become: true

roles/dotfiles/molecule/default/tests/test_default.py

@@ -1,23 +0,0 @@
-"""Role testing files using testinfra."""
-
-
-def test_stow_installed(host):
-    stow = host.package("stow")
-    assert stow.is_installed
-
-def test_dotfile_cloned(host):
-    homepath = host.run("pwd").stdout[:-1]
-    dotfiles = host.file(homepath + "/.dotfiles")
-    assert dotfiles.exists
-
-def test_dotfile_stowed(host):
-    homepath = host.run("pwd").stdout[:-1]
-    nvim = host.file(homepath + "/.config/nvim/")
-    assert nvim.exists
-    tmux = host.file(homepath + "/.tmux/")
-    assert tmux.exists
-    zshenv = host.file(homepath + "/.zshenv")
-    assert zshenv.exists
-    zsh = host.file(homepath + "/.config/zsh/")
-    assert zsh.exists
-

roles/dotfiles/tasks/gnome.yml

@@ -1,42 +0,0 @@
----
-- name: <super + q> to close window
-  dconf:
-    key: "/org/gnome/desktop/wm/keybindings/close"
-    value: "['<Super>q']"
-    state: present
-
-- name: <super + enter> to fire a terminal - binding
-  dconf:
-    key: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/binding"
-    value: "'<Super>Return'"
-    state: present
-
-- name: <super + enter> to fire a terminal - command
-  dconf:
-    key: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/command"
-    value: "'urxvt'"
-    state: present
-
-- name: <super + enter> to fire a terminal - name
-  dconf:
-    key: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/name"
-    value: "'Terminal'"
-    state: present
-
-- name: Shell theme
-  dconf:
-    key: "/org/gnome/shell/extensions/user-theme/name"
-    value: "'Materia-dark-compact'"
-    state: present
-
-- name: Gtk theme
-  dconf:
-    key: "/org/gnome/desktop/interface/gkt-theme"
-    value: "'Materia-dark-compact'"
-    state: present
-
-- name: Icon theme
-  dconf:
-    key: "/org/gnome/desktop/interface/icon-theme"
-    value: "'Tela-orange-dark'"
-    state: present

roles/dotfiles/tasks/main.yml

@@ -1,32 +0,0 @@
----
-- name: Install for arch
-  import_tasks: arch.yml
-  when: ansible_os_family == "Archlinux"
-
-- name: Install for debian
-  import_tasks: debian.yml
-  when: ansible_os_family == "Debian"
-
-- name: Clone dotfiles
-  ansible.builtin.git:
-    repo: 'https://git.opytex.org/lafrite/dotfiles.git'
-    dest: ~/.dotfiles
-  become: true
-  become_user: "{{ me.username }}"
-
-- name: stow configs
-  ansible.builtin.command:
-    cmd: stow {{ item }}
-    chdir: ~/.dotfiles/
-  with_items: "{{ config2stow }}"
-  become: true
-  become_user: "{{ me.username}}"
-
-- name: home mounts
-  import_tasks: home_mounts.yml
-
-- name: Gnome config
-  import_tasks: gnome.yml
-  become: true
-  become_user: "{{ me.username }}"
-  when: no # soucis avec la version de psutil

roles/gnome/defaults/main.yml

@@ -1,19 +0,0 @@
----
-# defaults file for gnome
-pacman_gnome:
-  - gnome
-  - gdm
-  - gnome-tweaks
-  - gparted
-  - transmission-gtk
-  - quodlibet
-  - networkmanager
-  - network-manager-applet
-  - gnome-keyring
-  - grsync
-  - soundconverter
-  - picard
-  - shotwell
-  - pitivi
-  - seahorse
-  - python-psutil

roles/gnome/handlers/main.yml

@@ -1,2 +0,0 @@
----
-# handlers file for gnome

roles/gnome/molecule/default/tests/test_default.py

@@ -1,10 +0,0 @@
-"""Role testing files using testinfra."""
-
-
-def test_hosts_file(host):
-    """Validate /etc/hosts file."""
-    f = host.file("/etc/hosts")
-
-    assert f.exists
-    assert f.user == "root"
-    assert f.group == "root"

roles/gnome/tasks/arch.yml

@@ -1,35 +0,0 @@
----
-# tasks file for gnome
-- name: Install gnome packages
-  pacman:
-    name: "{{ item }}"
-    state: present
-  with_items: "{{ pacman_gnome }}"
-
-- name: Install look and feel
-  pacman: 
-    name: 
-      - materia-gtk-theme
-      - gnome-icon-theme-extras
-      - arc-solid-gtk-theme
-      - arc-gtk-theme
-      - gnome-themes-extra
-      - gnome-icon-theme-symbolic
-      - gnome-icon-theme
-      - adwaita-icon-theme
-    state: present
-
-- name: Install AUR Icons and gtk themes
-  aur:
-    name: "{{ item }}"
-    use: makepkg
-    state: present
-  with_items:
-    - plata-theme
-    - gnome-colors-icon-theme
-    - numix-icon-theme-git
-    - numix-circle-icon-theme-git
-    - tela-icon-theme-git
-  become: yes
-  become_user: aur_builder
-

roles/gnome/tasks/main.yml

@@ -1,81 +0,0 @@
----
-# tasks file for gnome
-- name: Install gnome for arch
-  import_tasks: arch.yml
-  when: ansible_os_family == "Archlinux"
-
-
-- name: enable service gdm
-  systemd:
-    name: gdm
-    enabled: yes
-
-- name: disable old network services
-  systemd:
-    name: '{{ item }}'
-    enabled: no
-  with_items:
-    - dhcpcd
-  ignore_errors: yes
-
-- name: enable service NetworkManager
-  systemd:
-    name: NetworkManager
-    enabled: yes
-
-- name: <super + q> to close window
-  dconf:
-    key: "/org/gnome/desktop/wm/keybindings/close"
-    value: "['<Super>q']"
-    state: present
-  become: true
-  become_user: "{{ me.username }}"
-
-- name: <super + enter> to fire a terminal - binding
-  dconf:
-    key: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/binding"
-    value: "'<Super>Return'"
-    state: present
-  become: true
-  become_user: "{{ me.username }}"
-
-- name: <super + enter> to fire a terminal - command
-  dconf:
-    key: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/command"
-    value: "'urxvt'"
-    state: present
-  become: true
-  become_user: "{{ me.username }}"
-
-- name: <super + enter> to fire a terminal - name
-  dconf:
-    key: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/name"
-    value: "'Terminal'"
-    state: present
-  become: true
-  become_user: "{{ me.username }}"
-
-- name: Shell theme
-  dconf:
-    key: "/org/gnome/shell/extensions/user-theme/name"
-    value: "'Materia-dark-compact'"
-    state: present
-  become: true
-  become_user: "{{ me.username }}"
-
-- name: Gtk theme
-  dconf:
-    key: "/org/gnome/desktop/interface/gkt-theme"
-    value: "'Materia-dark-compact'"
-    state: present
-  become: true
-  become_user: "{{ me.username }}"
-
-- name: Icon theme
-  dconf:
-    key: "/org/gnome/desktop/interface/icon-theme"
-    value: "'Tela-orange-dark'"
-    state: present
-  become: true
-  become_user: "{{ me.username }}"
-

roles/gnome/vars/main.yml

@@ -1,2 +0,0 @@
----
-# vars file for gnome

roles/minidlna/defaults/main.yml

@@ -0,0 +1,14 @@
+---
+# defaults file for minidlna
+minidlna_network_interface: eth0
+minidlna_network_port: 8200
+
+minidlna_friendly_name: Ansible DLNA server
+
+minidlna_media_dir: /var/lib/minidlna
+minidlna_db_dir: /var/cache/minidlna
+minidlna_log_dir: /var/log/minidlna
+
+minidlna_root_container: "."
+
+minidlna_inotify: "yes"

roles/minidlna/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# handlers file for minidlna
+- name: restart minidlna
+  service:
+    name: minidlna
+    state: restarted

roles/minidlna/tasks/debian.yml

@@ -0,0 +1,6 @@
+---
+- name: Debian - Install minidlna
+  apt:
+    name:
+      - minidlna
+    state: present

roles/minidlna/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+# tasks file for nut
+- name: Install os-specific packages
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
+
+- name: Copy minidlna.conf
+  template:
+    src: minidlna.j2.conf
+    dest: /etc/minidlna.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart minidlna
+
+- name: start and enable minidlna
+  service:
+    name: minidlna
+    enabled: yes
+    state: started
+

roles/minidlna/templates/minidlna.j2.conf

@@ -0,0 +1,132 @@
+# This is the configuration file for the MiniDLNA daemon, a DLNA/UPnP-AV media
+# server.
+#
+# Unless otherwise noted, the commented out options show their default value.
+#
+# On Debian, you can also refer to the minidlna.conf(5) man page for
+# documentation about this file.
+
+# Specify the user name or uid to run as (root by default).
+# On Debian system command line option (from /etc/default/minidlna) overrides this.
+#user=minidlna
+
+
+# Path to the directory you want scanned for media files.
+#
+# This option can be specified more than once if you want multiple directories
+# scanned.
+#
+# If you want to restrict a media_dir to a specific content type, you can
+# prepend the directory name with a letter representing the type (A, P or V),
+# followed by a comma, as so:
+#   * "A" for audio    (eg. media_dir=A,/var/lib/minidlna/music)
+#   * "P" for pictures (eg. media_dir=P,/var/lib/minidlna/pictures)
+#   * "V" for video    (eg. media_dir=V,/var/lib/minidlna/videos)
+#   * "PV" for pictures and video (eg. media_dir=PV,/var/lib/minidlna/digital_camera)
+media_dir={{ minidlna_media_dir }}
+
+# Set this to merge all media_dir base contents into the root container
+# (The default is no.)
+#merge_media_dirs=no
+
+# Path to the directory that should hold the database and album art cache.
+db_dir={{ minidlna_db_dir }}
+
+# Path to the directory that should hold the log file.
+log_dir={{ minidlna_log_dir }}
+
+# Type and minimum level of importance of messages to be logged.
+#
+# The types are "artwork", "database", "general", "http", "inotify",
+# "metadata", "scanner", "ssdp" and "tivo".
+#
+# The levels are "off", "fatal", "error", "warn", "info" or "debug".
+# "off" turns of logging entirely, "fatal" is the highest level of importance
+# and "debug" the lowest.
+#
+# The types are comma-separated, followed by an equal sign ("="), followed by a
+# level that applies to the preceding types. This can be repeated, separating
+# each of these constructs with a comma.
+#
+# The default is to log all types of messages at the "warn" level.
+#log_level=general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn
+
+# Use a different container as the root of the directory tree presented to
+# clients. The possible values are:
+#   * "." - standard container
+#   * "B" - "Browse Directory"
+#   * "M" - "Music"
+#   * "P" - "Pictures"
+#   * "V" - "Video"
+#   * Or, you can specify the ObjectID of your desired root container
+#     (eg. 1$F for Music/Playlists)
+# If you specify "B" and the client device is audio-only then "Music/Folders"
+# will be used as root.
+root_container={{ minidlna_root_container }}
+
+# Network interface(s) to bind to (e.g. eth0), comma delimited.
+# This option can be specified more than once.
+network_interface={{ minidlna_network_interface }}
+
+# Port number for HTTP traffic (descriptions, SOAP, media transfer).
+# This option is mandatory (or it must be specified on the command-line using
+# "-p").
+port={{ minidlna_network_port }}
+
+# URL presented to clients (e.g. http://example.com:80).
+#presentation_url=/
+
+# Name that the DLNA server presents to clients.
+# Defaults to "hostname: username".
+friendly_name={{ minidlna_friendly_name }}
+
+# Serial number the server reports to clients.
+# Defaults to the MAC address of nework interface.
+#serial=
+
+# Model name the server reports to clients.
+#model_name=Windows Media Connect compatible (MiniDLNA)
+
+# Model number the server reports to clients.
+# Defaults to the version number of minidlna.
+#model_number=
+
+# Automatic discovery of new files in the media_dir directory.
+inotify={{ minidlna_inotify }}
+
+# List of file names to look for when searching for album art.
+# Names should be delimited with a forward slash ("/").
+# This option can be specified more than once.
+album_art_names=Cover.jpg/cover.jpg/AlbumArtSmall.jpg/albumartsmall.jpg
+album_art_names=AlbumArt.jpg/albumart.jpg/Album.jpg/album.jpg
+album_art_names=Folder.jpg/folder.jpg/Thumb.jpg/thumb.jpg
+
+# Strictly adhere to DLNA standards.
+# This allows server-side downscaling of very large JPEG images, which may
+# decrease JPEG serving performance on (at least) Sony DLNA products.
+#strict_dlna=no
+
+# Support for streaming .jpg and .mp3 files to a TiVo supporting HMO.
+#enable_tivo=no
+
+# Which method to use for registering in TiVo: 'bonjour' (default) or
+# legacy 'beacon'
+#tivo_discovery=bonjour
+
+# SSDP notify interval, in seconds.
+#notify_interval=895
+
+# Path to the MiniSSDPd socket, for MiniSSDPd support.
+#minissdpdsocket=/run/minissdpd.sock
+
+# Always set SortCriteria to this value, regardless of the SortCriteria
+# passed by the client
+# e.g. force_sort_criteria=+upnp:class,+upnp:originalTrackNumber,+dc:title
+#force_sort_criteria=
+
+# maximum number of simultaneous connections
+# note: many clients open several simultaneous connections while streaming
+#max_connections=50
+
+# set this to yes to allow symlinks that point outside user-defined media_dirs.
+#wide_links=no

roles/mpd/.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

roles/mpd/defaults/main.yml

@@ -0,0 +1,22 @@
+---
+# defaults file for mpd
+mpd_name: Music Player Daemon
+mpd_restore_paused: true
+mpd_auto_update: true
+mpd_follow_inside_symlinks: true
+mpd_follow_outside_symlinks: false
+
+mpd_music_directory: /var/lib/mpd/music
+mpd_playlist_directory: /var/lib/mpd/playlists
+
+mpd_db_file: /var/lib/mpd/mpd.db
+mpd_sticker_file: /var/lib/mpd/sticker.db
+mpd_state_file: /var/lib/mpd/mpdstate
+
+mpd_user: mpd
+mpd_bind_to_address: any
+
+mpd_outputs:
+  - name: "Null Output"
+    type: "null"
+

roles/mpd/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# handlers file for mpd
+- name: restart mpd
+  service:
+    name: mpd
+    state: restarted

roles/mpd/molecule/default/converge.yml

@@ -2,6 +2,6 @@
 - name: Converge
   hosts: all
   tasks:
-    - name: "Include gnome"
+    - name: "Include mpd"
       include_role:
-        name: "gnome"
+        name: "mpd"

roles/mpd/molecule/default/molecule.yml

@@ -8,4 +8,4 @@ platforms:
 provisioner:
   name: ansible
 verifier:
-  name: testinfra
+  name: ansible

roles/mpd/molecule/default/verify.yml

@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Example assertion
+    assert:
+      that: true

roles/mpd/tasks/debian.yml

@@ -0,0 +1,7 @@
+---
+- name: Debian - Install mpd
+  apt:
+    name:
+      - mpd
+      - mpc
+    state: present

roles/mpd/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+# tasks file for mpd
+- name: Install os-specific packages
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
+
+- name: Copy mpd.conf
+  template:
+    src: mpd.conf.j2
+    dest: /etc/mpd.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart mpd

roles/mpd/templates/mpd.conf.j2

@@ -0,0 +1,32 @@
+music_directory         "{{ mpd_music_directory }}"
+playlist_directory      "{{ mpd_playlist_directory }}"
+
+db_file                 "{{ mpd_db_file }}"
+sticker_file            "{{ mpd_sticker_file }}"
+state_file              "{{ mpd_state_file }}"
+
+user                    "{{ mpd_user }}"
+bind_to_address         "{{ mpd_bind_to_address }}"
+log_file                "syslog"
+
+restore_paused          "{% if mpd_restore_paused %}yes{% else %}no{% endif %}"
+auto_update             "{% if mpd_auto_update %}yes{% else %}no{% endif %}"
+follow_inside_symlinks  "{% if mpd_follow_inside_symlinks %}yes{% else %}no{% endif %}"
+follow_outside_symlinks "{% if mpd_follow_outside_symlinks %}yes{% else %}no{% endif %}"
+
+zeroconf_enabled        "yes"
+zeroconf_name           "{{ mpd_name }}"
+
+input {
+    plugin "curl"
+    verify_peer "yes"
+    verify_host "yes"
+}
+
+{% for output in mpd_outputs %}
+audio_output {
+{% for k, v in output.items() %}
+    {{ k }} "{{ v }}"
+{% endfor %}
+}
+{% endfor %}

roles/mpd/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for mpd

roles/nfs_client/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+# defaults file for nfs_client
+shares:
+  - mount_point: /media/nfs/default
+    server: test.lan
+    export: /test
+    options: defaults

roles/nfs_client/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for nfs_client

roles/nfs_client/molecule/default/INSTALL.rst

@@ -0,0 +1,23 @@
+*********************************
+Vagrant driver installation guide
+*********************************
+
+Requirements
+============
+
+* Vagrant
+* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule_vagrant'

roles/nfs_client/molecule/default/converge.yml

@@ -0,0 +1,24 @@
+---
+- name: Converge
+  hosts: all
+  become: yes
+  vars:
+    - shares:
+      - mount_point: /media/nfs/default
+        server: test.lan
+        export: /test
+        options: defaults
+      - mount_point: /media/nfs/other
+        server: test.lan
+        export: /other
+        options: defaults
+
+  pre_tasks:
+    - name: Update apt cache
+      apt:
+        update_cache: yes
+
+  tasks:
+    - name: "Include nfs_client"
+      include_role:
+        name: "nfs_client"

roles/nfs_client/molecule/default/molecule.yml

@@ -0,0 +1,19 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: vagrant
+  provider:
+    name: virtualbox
+platforms:
+  - name: Debian
+    box: "debian/bullseye64"
+    pre_build_image: true
+
+provisioner:
+  name: ansible
+verifier:
+  name: testinfra
+  options:
+    sudo: true
+    v: 3

roles/nfs_client/molecule/default/tests/test_default.py

@@ -0,0 +1,7 @@
+"""Role testing files using testinfra."""
+import pytest
+
+def test_installed_packages(host):
+    nfs_common = host.package("nfs-common")
+    assert nfs_common.is_installed
+

roles/nfs_client/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+# tasks file for nfs_client
+
+- name: Install nfs-common
+  apt:
+    name: "{{ item }}"
+    state: present 
+  with_items:
+    - nfs-common
+
+- name: Ensure rpcbind is running (Debian)
+  systemd: 
+    name: rpcbind 
+    state: started 
+    enabled: yes
+
+- name: Ensure nfs mount points exist
+  file:
+    path: "{{ item.mount_point }}"
+    state: directory
+  with_items: "{{ nfs_shares }}"
+
+- name: Add nfs shares to fstab
+  mount:
+    src: "{{ item.server }}:{{ item.export }}"
+    path: "{{ item.mount_point }}"
+    opts: "{{ item.options }}"
+    state: mounted
+    fstype: nfs
+  with_items: "{{ nfs_shares }}"
+