Feat: add mpd role and enable it to nas

home.yml

@@ -1,16 +1,97 @@
 ---
+- name: nas
+  hosts: nas
+  become: true
+  vars_files:
+    - vars/users.yml
+    - vars/home.yml
+    - vars/nas.yml
+
+  pre_tasks:
+    - name: Update
+      apt:
+        update_cache: true
+        upgrade: true
+
+  roles:
+    - role: core
+
+    - role: ssh
+      tags:
+        - ssh
+
+    - role: samba_server
+      tags:
+        - samba_server
+
+    - role: nfs_server
+      tags:
+        - nfs_server
+
+    - role: nut
+      tags:
+        - nut
+
+    - role: geerlingguy.docker
+      tags:
+        - docker
+
+    - role: mpd
+      tags:
+        - mpd
+
+    - role: minidlna
+      tags:
+        - minidlna
+
+  tasks:
+    - name: Include user
+      include_role:
+        name: "user"
+      loop:
+        - "{{ admin }}"
+      loop_control:
+        loop_var: user
+      tags:
+        - user
+
+    - name: Remove firstboot user
+      ansible.builtin.user:
+        name: foo
+        state: absent
+        remove: yes
+      tags:
+        - user
+
+    - name: Set up monitoring server
+      debug:
+        msg: Todo
+
+    - name: Set up homeassistant
+      debug:
+        msg: Todo
+
+
+          #- name: Set up collectd
+          #  include_role:
+          #    name: collectd
+
 - name: backup
   hosts: backup
   vars_files:
+    - vars/home.yml
     - vars/backup.yml
     - vars/backup_secret.yml
 
   tasks:
     - name: NFS shares client
-      include_role: 
+      include_role:
         name: nfs_client
 
     - name: Set up borgmatic
-      include_role: 
+      include_role:
         name: borgmatic
 
+    - name: Set up collectd
+      include_role:
+        name: collectd

inventories/home.ini

@@ -1,2 +1,5 @@
 [backup]
 ChouxBackupVM
+
+[nas]
+Nas

roles/collectd/molecule/default/converge.yml

@@ -3,10 +3,9 @@
   become: yes
   hosts: all
   vars:
-    - collectd_network_server: testvagrant
     - collectd_network_server: 192.168.2.240
     - collectd_network_port: 25826
-    
+
   pre_tasks:
     - name: Update apt cache
       apt:

roles/collectd/molecule/default/tests/test_default.py

@@ -1,10 +1,12 @@
 """Role testing files using testinfra."""
 import pytest
 
+
 def test_installed_packages(host):
     collectd = host.package("collectd-core")
     assert collectd.is_installed
 
+
 def test_config(host):
     collectd_config = host.file("/etc/collectd/collectd.conf")
     assert collectd_config.exists
@@ -12,6 +14,7 @@ def test_config(host):
     dtypes = host.file("/usr/share/collectd/types.db")
     assert dtypes.exists
 
+
 def test_service(host):
     collectd = host.service("collectd")
     assert collectd.is_enabled

roles/core/defaults/main.yml

@@ -35,3 +35,31 @@ pacman_admin:
 pacman_pkgs:
   - "{{ pacman_base }}"
   - "{{ pacman_admin }}"
+
+
+debian_base:
+  - vim
+  - tmux
+  - git
+  - gnupg
+  - zsh
+  - sudo
+
+debian_admin:
+  - wget
+  - ruby
+  - htop
+  - iotop
+  - nmap
+  - sshpass
+  - rsync
+  - unzip
+  - cifs-utils
+  - traceroute
+  - smartmontools
+  - vifm
+  - w3m
+
+debian_pkgs:
+  - "{{ debian_base }}"
+  - "{{ debian_admin }}"

roles/core/meta/main.yml

@@ -1,52 +0,0 @@
-galaxy_info:
-  author: your name
-  description: your role description
-  company: your company (optional)
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
-  license: license (GPL-2.0-or-later, MIT, etc)
-
-  min_ansible_version: 2.1
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
-  # To view available platforms and versions (or releases), visit:
-  # https://galaxy.ansible.com/api/v1/platforms/
-  #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
-
-  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
-
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.

roles/core/molecule/default/converge.yml

@@ -1,6 +1,7 @@
 ---
 - name: Converge
   hosts: all
+  become: yes
   tasks:
     - name: "Include core"
       include_role:

roles/core/molecule/default/molecule.yml

@@ -1,10 +1,20 @@
 ---
 dependency:
   name: galaxy
+
 driver:
   name: vagrant
+  provider:
+    name: virtualbox
+
 platforms:
-  - name: instance
+  - name: archlinux
+    box: "archlinux/archlinux"
+    pre_build_image: true
+  - name: Debian
+    box: "debian/bullseye64"
+    pre_build_image: true
+
 provisioner:
   name: ansible
 verifier:

roles/core/tasks/archlinux.yml

@@ -0,0 +1,7 @@
+---
+- name: Archlinux - Install pkgs
+  community.general.pacman:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ pacman_pkgs }}"
+

roles/core/tasks/debian.yml

@@ -0,0 +1,6 @@
+---
+- name: Debian - Install pkgs
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ debian_pkgs }}"

roles/core/tasks/main.yml

@@ -1,10 +1,7 @@
 ---
 # tasks file for core
-- name: Install pkgs
-  community.general.pacman:
-    name: "{{ item }}"
-    state: present
-  with_items: "{{ pacman_pkgs }}"
+- name: Install os-specific packages
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
 
 - name: Configure sudoers
   template:

roles/minidlna/defaults/main.yml

@@ -0,0 +1,14 @@
+---
+# defaults file for minidlna
+minidlna_network_interface: eth0
+minidlna_network_port: 8200
+
+minidlna_friendly_name: Ansible DLNA server
+
+minidlna_media_dir: /var/lib/minidlna
+minidlna_db_dir: /var/cache/minidlna
+minidlna_log_dir: /var/log/minidlna
+
+minidlna_root_container: "."
+
+minidlna_inotify: "yes"

roles/minidlna/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# handlers file for minidlna
+- name: restart minidlna
+  service:
+    name: minidlna
+    state: restarted

roles/minidlna/tasks/debian.yml

@@ -0,0 +1,6 @@
+---
+- name: Debian - Install minidlna
+  apt:
+    name:
+      - minidlna
+    state: present

roles/minidlna/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+# tasks file for nut
+- name: Install os-specific packages
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
+
+- name: Copy minidlna.conf
+  template:
+    src: minidlna.j2.conf
+    dest: /etc/minidlna.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart minidlna
+
+- name: start and enable minidlna
+  service:
+    name: minidlna
+    enabled: yes
+    state: started
+

roles/minidlna/templates/minidlna.j2.conf

@@ -0,0 +1,132 @@
+# This is the configuration file for the MiniDLNA daemon, a DLNA/UPnP-AV media
+# server.
+#
+# Unless otherwise noted, the commented out options show their default value.
+#
+# On Debian, you can also refer to the minidlna.conf(5) man page for
+# documentation about this file.
+
+# Specify the user name or uid to run as (root by default).
+# On Debian system command line option (from /etc/default/minidlna) overrides this.
+#user=minidlna
+
+
+# Path to the directory you want scanned for media files.
+#
+# This option can be specified more than once if you want multiple directories
+# scanned.
+#
+# If you want to restrict a media_dir to a specific content type, you can
+# prepend the directory name with a letter representing the type (A, P or V),
+# followed by a comma, as so:
+#   * "A" for audio    (eg. media_dir=A,/var/lib/minidlna/music)
+#   * "P" for pictures (eg. media_dir=P,/var/lib/minidlna/pictures)
+#   * "V" for video    (eg. media_dir=V,/var/lib/minidlna/videos)
+#   * "PV" for pictures and video (eg. media_dir=PV,/var/lib/minidlna/digital_camera)
+media_dir={{ minidlna_media_dir }}
+
+# Set this to merge all media_dir base contents into the root container
+# (The default is no.)
+#merge_media_dirs=no
+
+# Path to the directory that should hold the database and album art cache.
+db_dir={{ minidlna_db_dir }}
+
+# Path to the directory that should hold the log file.
+log_dir={{ minidlna_log_dir }}
+
+# Type and minimum level of importance of messages to be logged.
+#
+# The types are "artwork", "database", "general", "http", "inotify",
+# "metadata", "scanner", "ssdp" and "tivo".
+#
+# The levels are "off", "fatal", "error", "warn", "info" or "debug".
+# "off" turns of logging entirely, "fatal" is the highest level of importance
+# and "debug" the lowest.
+#
+# The types are comma-separated, followed by an equal sign ("="), followed by a
+# level that applies to the preceding types. This can be repeated, separating
+# each of these constructs with a comma.
+#
+# The default is to log all types of messages at the "warn" level.
+#log_level=general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn
+
+# Use a different container as the root of the directory tree presented to
+# clients. The possible values are:
+#   * "." - standard container
+#   * "B" - "Browse Directory"
+#   * "M" - "Music"
+#   * "P" - "Pictures"
+#   * "V" - "Video"
+#   * Or, you can specify the ObjectID of your desired root container
+#     (eg. 1$F for Music/Playlists)
+# If you specify "B" and the client device is audio-only then "Music/Folders"
+# will be used as root.
+root_container={{ minidlna_root_container }}
+
+# Network interface(s) to bind to (e.g. eth0), comma delimited.
+# This option can be specified more than once.
+network_interface={{ minidlna_network_interface }}
+
+# Port number for HTTP traffic (descriptions, SOAP, media transfer).
+# This option is mandatory (or it must be specified on the command-line using
+# "-p").
+port={{ minidlna_network_port }}
+
+# URL presented to clients (e.g. http://example.com:80).
+#presentation_url=/
+
+# Name that the DLNA server presents to clients.
+# Defaults to "hostname: username".
+friendly_name={{ minidlna_friendly_name }}
+
+# Serial number the server reports to clients.
+# Defaults to the MAC address of nework interface.
+#serial=
+
+# Model name the server reports to clients.
+#model_name=Windows Media Connect compatible (MiniDLNA)
+
+# Model number the server reports to clients.
+# Defaults to the version number of minidlna.
+#model_number=
+
+# Automatic discovery of new files in the media_dir directory.
+inotify={{ minidlna_inotify }}
+
+# List of file names to look for when searching for album art.
+# Names should be delimited with a forward slash ("/").
+# This option can be specified more than once.
+album_art_names=Cover.jpg/cover.jpg/AlbumArtSmall.jpg/albumartsmall.jpg
+album_art_names=AlbumArt.jpg/albumart.jpg/Album.jpg/album.jpg
+album_art_names=Folder.jpg/folder.jpg/Thumb.jpg/thumb.jpg
+
+# Strictly adhere to DLNA standards.
+# This allows server-side downscaling of very large JPEG images, which may
+# decrease JPEG serving performance on (at least) Sony DLNA products.
+#strict_dlna=no
+
+# Support for streaming .jpg and .mp3 files to a TiVo supporting HMO.
+#enable_tivo=no
+
+# Which method to use for registering in TiVo: 'bonjour' (default) or
+# legacy 'beacon'
+#tivo_discovery=bonjour
+
+# SSDP notify interval, in seconds.
+#notify_interval=895
+
+# Path to the MiniSSDPd socket, for MiniSSDPd support.
+#minissdpdsocket=/run/minissdpd.sock
+
+# Always set SortCriteria to this value, regardless of the SortCriteria
+# passed by the client
+# e.g. force_sort_criteria=+upnp:class,+upnp:originalTrackNumber,+dc:title
+#force_sort_criteria=
+
+# maximum number of simultaneous connections
+# note: many clients open several simultaneous connections while streaming
+#max_connections=50
+
+# set this to yes to allow symlinks that point outside user-defined media_dirs.
+#wide_links=no

roles/mpd/.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

roles/mpd/.yamllint

@@ -0,0 +1,33 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable

roles/mpd/defaults/main.yml

@@ -0,0 +1,22 @@
+---
+# defaults file for mpd
+mpd_name: Music Player Daemon
+mpd_restore_paused: true
+mpd_auto_update: true
+mpd_follow_inside_symlinks: true
+mpd_follow_outside_symlinks: false
+
+mpd_music_directory: /var/lib/mpd/music
+mpd_playlist_directory: /var/lib/mpd/playlists
+
+mpd_db_file: /var/lib/mpd/mpd.db
+mpd_sticker_file: /var/lib/mpd/sticker.db
+mpd_state_file: /var/lib/mpd/mpdstate
+
+mpd_user: mpd
+mpd_bind_to_address: any
+
+mpd_outputs:
+  - name: "Null Output"
+    type: "null"
+

roles/mpd/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# handlers file for mpd
+- name: restart mpd
+  service:
+    name: mpd
+    state: restarted

roles/mpd/molecule/default/INSTALL.rst

@@ -0,0 +1,23 @@
+*********************************
+Vagrant driver installation guide
+*********************************
+
+Requirements
+============
+
+* Vagrant
+* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule_vagrant'

roles/mpd/molecule/default/converge.yml

@@ -0,0 +1,7 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: "Include mpd"
+      include_role:
+        name: "mpd"

roles/mpd/molecule/default/molecule.yml

@@ -0,0 +1,11 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: vagrant
+platforms:
+  - name: instance
+provisioner:
+  name: ansible
+verifier:
+  name: ansible

roles/mpd/molecule/default/verify.yml

@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Example assertion
+    assert:
+      that: true

roles/mpd/tasks/debian.yml

@@ -0,0 +1,7 @@
+---
+- name: Debian - Install mpd
+  apt:
+    name:
+      - mpd
+      - mpc
+    state: present

roles/mpd/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+# tasks file for mpd
+- name: Install os-specific packages
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
+
+- name: Copy mpd.conf
+  template:
+    src: mpd.conf.j2
+    dest: /etc/mpd.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart mpd

roles/mpd/templates/mpd.conf.j2

@@ -0,0 +1,32 @@
+music_directory         "{{ mpd_music_directory }}"
+playlist_directory      "{{ mpd_playlist_directory }}"
+
+db_file                 "{{ mpd_db_file }}"
+sticker_file            "{{ mpd_sticker_file }}"
+state_file              "{{ mpd_state_file }}"
+
+user                    "{{ mpd_user }}"
+bind_to_address         "{{ mpd_bind_to_address }}"
+log_file                "syslog"
+
+restore_paused          "{% if mpd_restore_paused %}yes{% else %}no{% endif %}"
+auto_update             "{% if mpd_auto_update %}yes{% else %}no{% endif %}"
+follow_inside_symlinks  "{% if mpd_follow_inside_symlinks %}yes{% else %}no{% endif %}"
+follow_outside_symlinks "{% if mpd_follow_outside_symlinks %}yes{% else %}no{% endif %}"
+
+zeroconf_enabled        "yes"
+zeroconf_name           "{{ mpd_name }}"
+
+input {
+    plugin "curl"
+    verify_peer "yes"
+    verify_host "yes"
+}
+
+{% for output in mpd_outputs %}
+audio_output {
+{% for k, v in output.items() %}
+    {{ k }} "{{ v }}"
+{% endfor %}
+}
+{% endfor %}

roles/mpd/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for mpd

roles/nfs_server/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for nfs_server

roles/nfs_server/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+# handlers file for nfs_server
+- name: reload nfs
+  command: 'exportfs -ra'

roles/nfs_server/tasks/debian.yml

@@ -0,0 +1,7 @@
+---
+- name: Debian - Install nfs
+  apt:
+    name:
+      - nfs-common
+      - nfs-kernel-server
+    state: present

roles/nfs_server/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+# tasks file for nfs_server
+- name: Install os-specific packages
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
+
+- name: Ensure directories to export exist
+  file:  # noqa 208
+    path: "{{ item.src }}"
+    state: directory
+  with_items: "{{ nfs_exports }}"
+
+- name: Copy exports file.
+  template:
+    src: exports.j2
+    dest: /etc/exports
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload nfs
+
+- name: Ensure nfs is running.
+  service: "name=nfs-kernel-server state=started enabled=yes"
+  when: nfs_exports|length

roles/nfs_server/templates/exports.j2

@@ -0,0 +1,13 @@
+# /etc/exports: the access control list for filesystems which may be exported
+#   to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#
+{% for export in nfs_exports %}
+{{ export.src }} {{ export.allowedIP }}({{ export.options }})
+{% endfor %}

roles/nfs_server/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

roles/nfs_server/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - nfs_server

roles/nfs_server/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for nfs_server

roles/nut/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for nut

roles/nut/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# handlers file for nut
+- name: restart nut-server
+  service:
+    name: nut-server
+    state: restarted

roles/nut/tasks/debian.yml

@@ -0,0 +1,6 @@
+---
+- name: Debian - Install nut
+  apt:
+    name:
+      - nut
+    state: present

roles/nut/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+# tasks file for nut
+- name: Install os-specific packages
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
+
+- name: Enable standalone mode for Nut
+  lineinfile:
+    path: /etc/nut/nut.conf
+    regexp: '^MODE='
+    line: MODE=standalone
+  notify: restart nut-server
+
+- name: Copy ups.conf
+  template:
+    src: ups.conf.j2
+    dest: /etc/nut/ups.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart nut-server

roles/nut/templates/ups.conf.j2

@@ -0,0 +1,7 @@
+maxretry = 3
+
+{% for ups in upss %}
+[{{ ups.name }}]
+        driver = {{ ups.driver }}
+        port = {{ ups.port }}
+{% endfor %}

roles/nut/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for nut

roles/pihole/defaults/main.yml

@@ -0,0 +1,12 @@
+---
+# directories
+pihole_container_name: pihole
+pihole_data_directory: "{{ docker_home }}/pihole"
+
+pihole_docker_image: pihole/pihole:2022.05
+pihole_hostname: pihole
+pihole_domainname: lan
+pihole_ip: 192.168.2.2
+pihole_TZ: 'France/Paris'
+pihole_subnet: 192.168.2.0/24
+pihole_gateway: 192.168.2.1

roles/pihole/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+# tasks file for pihole
+- name: Create pihole Directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ pihole_data_directory }}"
+    - "{{ pihole_data_directory }}/pihole"
+    - "{{ pihole_data_directory }}/dnsmasq.d"
+
+- name: Copy docker-compose.yml
+  template:
+    src: docker-compose.j2.yml
+    dest: "{{ pihole_data_directory }}/docker-compose.yml"
+    owner: root
+    group: root
+    mode: 0644
+
+      # - name: Start docker-compose
+      #   docker_compose:
+      #     project_src: "{{ pihole_data_directory }}"
+      #   when: pihole

roles/pihole/templates/docker-compose.j2.yml

@@ -0,0 +1,36 @@
+---
+services:
+  pihole:
+    container_name: {{ pihole_container_name }}
+    image: {{ pihole_docker_image }}
+    hostname: {{ pihole_hostname }}
+    domainname: {{ pihole_domainname }}
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "67:67/udp"
+      - "80:80/tcp"
+      - "443:443/tcp"
+    environment:
+      TZ: {{ pihole_TZ }}
+      ServerIP: {{ pihole_ip }}
+    volumes:
+      - './pihole/:/etc/pihole/'
+      - './dnsmasq.d/:/etc/dnsmasq.d/'
+    cap_add:
+      - NET_ADMIN
+    restart: unless-stopped
+    networks:
+      pihole-macvlan:
+        ipv4_address: {{ pihole_ip }}
+
+networks:
+  pihole-macvlan:
+    driver: macvlan
+    driver_opts:
+      parent: eth0
+    ipam:
+      config:
+        - subnet: {{ pihole_subnet }}
+          gateway: {{ pihole_gateway }}
+          ip_range: {{ pihole_ip }}/32

roles/samba_server/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for samba_server

roles/samba_server/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# handlers file for samba_server
+- name: restart smbd
+  service:
+    name: smbd
+    state: restarted

roles/samba_server/tasks/debian.yml

@@ -0,0 +1,7 @@
+---
+- name: Debian - Install samba
+  apt:
+    name:
+      - samba
+        #- samba-common
+    state: present

roles/samba_server/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+# tasks file for nfs_server
+- name: Install os-specific packages
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
+
+- name: Ensure directories to export exist
+  file:
+    path: "{{ item.path }}"
+    state: directory
+  with_items: "{{ samba_exports }}"
+
+- name: Include smb_share.conf
+  lineinfile:
+    dest: /etc/samba/smb.conf 
+    backup: yes
+    line: "include = /etc/samba/smb_share.conf"
+
+- name: Copy exports file.
+  template:
+    src: smb_share.conf.j2
+    dest: /etc/samba/smb_share.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart smbd
+
+- name: Ensure samba is running.
+  service:
+    name: smbd
+    state: started 
+    enabled: yes
+  when: samba_exports|length

roles/samba_server/templates/smb_share.conf.j2

@@ -0,0 +1,9 @@
+{% for export in samba_exports %}
+[{{ export.name }}]
+        comment = {{ export.comment }}
+        browseable = {{ export.browseable | default("yes")}}
+        public = {{ export.public | default("yes") }}
+        path = {{ export.path}}
+        writable = {{ export.writable | default("yes") }}
+{% endfor %}
+

roles/samba_server/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for samba_server

roles/ssh/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/ssh/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+# defaults file for ssh
+sshd_configfilename: /etc/ssh/sshd_config
+

roles/ssh/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+# handlers file for ssh
+- name: restart sshd
+  service: name=ssh state=restarted

roles/ssh/tasks/debian.yml

@@ -0,0 +1,5 @@
+---
+- name: Debian - Install ssh
+  apt:
+    name: openssh-server
+    state: present

roles/ssh/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+# tasks file for core
+- name: Install os-specific packages
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
+
+- name: Add identity key to authorized keys on host
+  authorized_key:
+    user: "{{ ssh_target_user }}"
+    key: "{{ ssh_publickey }}"
+  register: add_identity_key
+  when: ssh_target_user is defined and ssh_publickey is defined
+
+- name: Disable empty password login
+  lineinfile:
+    dest: "{{ sshd_configfilename }}"
+    regexp: '^#?PermitEmptyPasswords'
+    line: 'PermitEmptyPasswords no'
+  notify: restart sshd
+
+- name: Disable remote root login
+  lineinfile:
+    dest: "{{ sshd_configfilename }}"
+    regexp: '^#?PermitRootLogin'
+    line: 'PermitRootLogin no'
+  notify: restart sshd
+
+- name: Disable password login
+  lineinfile:
+    dest: "{{ sshd_configfilename }}"
+    regexp: '^(#\s*)?PasswordAuthentication '
+    line: 'PasswordAuthentication no'
+  when:
+    - add_identity_key is succeeded
+    - not add_identity_key is skipped
+  notify: restart sshd

roles/ssh/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for ssh

roles/user/tasks/archlinux.yml

@@ -9,3 +9,6 @@
     name: git
     state: present 
 
+- name: init sway
+  import_tasks: sway.yml
+  when: ("sway" in user.config.stowing)

roles/user/tasks/dotfiles.yml

@@ -23,6 +23,3 @@
   import_tasks: vim.yml
   when: '"vim" in user.config.stowing'
 
-- name: init sway
-  import_tasks: sway.yml
-  when: '"sway" in user.config.stowing'

roles/user/tasks/main.yml

@@ -7,8 +7,10 @@
 # Create user
 - name: Ensure wheel group exists
   group:
-    name: wheel
+    name: "{{ item }}"
     state: present
+  with_items: "{{ user.groups | replace(' ', '') | split(',') }}"
+
 
 - name: "{{ username }} --  create user "
   ansible.builtin.user:
@@ -22,15 +24,13 @@
     system: "{{ user.system | default('no') }}"
     create_home: true
 
-# 
 - name: "{{ username }} -- Add public key"
-  authorized_key: 
-    user: "{{ user.username }}" 
+  authorized_key:
+    user: "{{ user.username }}"
     key: "{{ lookup('file', item.keyfile) }}"
     state: present
   with_items: "{{ user.public_key | default([]) }}"
 
-# Dotfiles
 - name: "{{ username }} -- set dotfiles"
   import_tasks: dotfiles.yml
 

roles/workstation/defaults/main.yml

@@ -40,7 +40,7 @@ pacman_cli:
   - python-pynvim
   - dialog
 
-pacman_terms: 
+pacman_terms:
   - rxvt-unicode
   - xdotool
   - alacritty
@@ -104,12 +104,18 @@ pacman_fonts:
 
 pacman_programming:
   - pandoc
+
   - python
   - python-virtualenv
   - python-pip
   - graphviz
   - python-black
   - pyenv
+  - flake9
+
+  - yamllint
+  - ansible-lint
+
   - nodejs
   - yarn
 
@@ -164,7 +170,7 @@ pacman_pkgs:
 aur_utils:
   - autofs
 
-aur_fonts: 
+aur_fonts:
   - ttf-ubuntu-mono-derivative-powerline-git
   - ttf-inconsolata-lgc-for-powerline
   - ttf-droid-sans-mono-slashed-powerline-git
@@ -202,4 +208,3 @@ gdm_settings:
 # Autofs
 autofs:
   - host: nas
-

vars/backup.yml

@@ -13,9 +13,14 @@ nfs_shares:
     export: /mnt/DocNas/Commun
     options: defaults,_netdev,rsize=8192,wsize=8192
 
-
+borgmatic_name: on_start
 borg_source_directories: "{{ nfs_shares | map(attribute='mount_point') }}"
 borg_repository: /backup/borgmatic
-
-
-
+borgmatic_hooks:
+  on_error:
+  - echo "`date` - Error while creating a backup."
+  before_backup:
+  - echo "`date` - Starting backup."
+  after_backup:
+  - echo "`date` - Finished backup."
+  - poweroff

vars/home.yml

@@ -0,0 +1,33 @@
+--- 
+ssh_publickey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7aeBuq7TC8bRATkXa3QY4icPSz9apd2ZSVfnMZD+ta waha@Combava-2022-03-23"
+
+
+nfs_exports:
+  - src: '/mnt/DocNas/Benjamin'
+    allowedIP: '192.168.2.0/24'
+    options: 'rw,sync,all_squash,anonuid=998,anongid=100,no_subtree_check'
+  - src: '/mnt/DocNas/Commun'
+    allowedIP: '192.168.2.0/24'
+    options: 'rw,sync,all_squash,anonuid=998,anongid=100,no_subtree_check'
+  - src: '/mnt/DocNas/Margot'
+    allowedIP: '192.168.2.0/24'
+    options: 'rw,sync,all_squash,anonuid=998,anongid=100,no_subtree_check'
+
+samba_exports:
+  - name: Scans
+    comment: "Dépots des documents scannés"
+    browsable: 'yes'
+    public: 'yes'
+    writable: 'yes'
+    path: "/mnt/DocNas/Commun/Scans"
+
+  - name: Margot
+    comment: "Documents de Margot pour accès depuis windows"
+    browsable: 'yes'
+    public: 'yes'
+    writable: 'yes'
+    path: "/mnt/DocNas/Margot"
+
+collectd_network_server: 192.168.2.240
+collectd_network_port: 25826
+

vars/nas.yml

@@ -0,0 +1,34 @@
+---
+
+# Docker install
+docker_apt_arch: arm64
+docker_compose_version: "v2.6.0"
+docker_compose_arch: armv6
+docker_users: 
+  - "{{ admin.username }}"
+docker_home: /var/docker
+
+# Pihole
+pihole_docker_image: pihole/pihole:2022.05
+pihole_ip: 192.168.2.202
+
+# Nut
+upss:
+  - name: eaton650
+    driver: usbhid-ups
+    port: auto
+
+# minidlna
+minidlna_friendly_name: "Nas dlna"
+minidlna_media_dir: /mnt/DocNas/Commun/musique/
+
+# Mpd
+mpd_name: Mpd NAS
+mpd_music_directory: /mnt/DocNas/Commun/musique
+mpd_outputs:
+  - type: "httpd"
+    name: "Nas mpd stream"
+    encoder: "vorbis"        # optional, vorbis or lame
+    port: "8000"
+    bitrate: "128"            # do not define if quality is defined
+    format: "44100:16:1"

vars/users.yml

@@ -1,57 +1,59 @@
 $ANSIBLE_VAULT;1.1;AES256
-38303462353430643533393465663064663537633263396635356362363064336662343166633961
-3264346231663663306566313731633232313439666631300a346534356238386437393630646139
-32366364623362613032316131306566666366306235303462393239653633653330323139326363
-3737633539303536390a333465303366386233363566393530313764303334653939623437376366
-36356266353363643338313161663161373337643436373562623337336335346436303133306332
-36363062653765336130306531393630386339623962613334303964623164313039396636653061
-63393661323639353432653832613766313964316437316231633862653362636237623266623164
-35626466313232326236346165366433326333633464643437366533626336326262343834326464
-35613466316238633065303237633733616665373735393764656236636463616365656531663433
-30623264626363656532313864363331666665623736396261663864316439643338663832633436
-61636235326362336335383232396131306331333131633965623965363465393465303165396266
-37653230626638363162666639343461343635303136653638323735613331343535363064343566
-33393130633738346266346164626336303433313563323462663030396566343137306366666332
-37376335343261643338356637386361643861316464363439393338303461626365313531366135
-65356535396162346566333439653537343038353437376366303330306665343866313732386637
-61626165653062313963343132383831313332366639666466383064373463356536623966663836
-39633964633838396638643963313064343936373561636263636666303365333333663264663661
-37303436383238396638666331363339393461336633646631383537666461346138373538656430
-36373136626532643233663636383164653766393937303430306136336565643238353533363536
-64613838386634386435383038393064663831653561313963366333623931643933303331343039
-36323430386465373339656638373135346336316136306461353931366636356565663662383166
-30383934643430616338633365653638366162363539356366353430366361373235626165346335
-64393666376261656431313664393336373134646461346431376534666138636362306230396361
-64643266373536363533363332393830303437306133373563323962333737373734313335613234
-32346230636233363335383766353438633363333266643366646138666163643932663963643164
-36336363636330623036663135626432343234623636623461366339346262313465366239393663
-66373737306161643738376631373339316132343039343032393039666533366230373236326638
-37393033666463336261336132316633646262363161636433363831623834646230626435363334
-32363337393337373663376630326133656131393638636364633662306562373039626565643331
-62633136633639393264353632633161353932643937626564386134353761366230376237396661
-66333865363737613731303530663262313662353033353739653166613332613733323465316439
-62396261653532613835633637613131353664396338663166313439373061633762326439393530
-64393434303661366664353837323261653631343237616435656530616564303464626638653935
-35303531326663333632613039633163626635653864386433326362636332643961393838663234
-30666631306566356461303365326332663664316561393439343034643464356337613837653236
-32623465623766626331353937313561343035353031306435613638356333313564666238663632
-61303337643836376562393762386535373732323835663265366261633663303632343534303564
-38383434613034616639663738313561373134643463316535313664653961613034623939363765
-39643864323364376334643665643637336230363339643633636336343231356532346135666563
-37646265626661313861323235336639303236353665653335666633633036346565666633306234
-39383462363534663061393832313133336337613566383934393464376262616461643361643238
-37656364653461363366353766633764356666396365613636353330373637643565383262626261
-39316465383033313161323262653236626230663234636133616661653335636330643566663566
-34633132396436323232353437623835383065313835393933663236353765373731363934323061
-61363333396236646535336664303365313134666564326562343766363837303831623735366434
-66373236363436383161623336316534373563656266663066363165633962363962393066376665
-64646539333931613834633664383535363431353862343436323863323637643135353534313065
-66346633613233643961333865643362313762366236316364356562393235663565306263643763
-31396530336131653830613763333563363639623832656634303366326563313534653465663161
-66333532333234366666663638333861336237353230356165356535363230396539303666346130
-66623031366231396131666561333564326166326535303834326639363962343432386635626334
-63333035383765356333393430643038306539383439613532376461336164663534386235333634
-39623732363566396164633537663435306231663334663734313238336330653237393639616164
-32313630623031646462626337653864633933653264613139323538353331336535653132353436
-35366664386437306136383061663961383430346166386335373861623931326538626266653136
-37333332333534396365
+35336565363737316334623530646337653466323336323836623037303733616161326333393961
+6535393139613761383731373635326430313966346231630a356433656632323638623236613763
+33343030643261313638623636313334616465623262393131356261353430353164396563373433
+6336633639656231630a353532623939326337393137343631333138373133623332656334326333
+30396138303735626561353266383434653636323838633637393335393532306336636336346334
+34373039636164303535656530636632336166326237376539333030633330616137313932336361
+38396132396265346231383237353835373433636438363365343664393333356132353439396438
+65663131643130626437346237343532343732353039396637336363643862656436353965356362
+34326163633261633235313065353262653738373766323537313962353566633162613333386435
+65323666656561323461323161636332313236313437666139363436323333353366376236643965
+36666439636662343161373732626535376637313532333464306231613130313932333466326461
+36383962363839303063353836313231316438616338653132643162336435663438366431366237
+63323738363163346332386438346165343161396435643034636332353665623935646331653763
+33356637613239613861333731313733303538363463333539376236393663656536386363323165
+64626662656466623261343037303930353239386433343766363535653964643534313434613735
+61396339353631663966303038353233333832663438653931626164316164643432333039326634
+63376365613963396134643738666330666135656364323139633738663162366139613564363639
+65383262333935636637383265623236306462663732333161656439383538303166356337663334
+61616161316636623763623439313461376365636139633365363433383037353266663534396430
+66313239663762396438633132653864633034383236653962346237346536343565386332396332
+35656263626665313762653234333764336161643163373565356362386462396137393035323835
+38323535313937643039663336356361306162653836313766333266306633623333623731303162
+38313633613163613438613636666437356534346263326139643739616631313233353931373237
+61353530643163623338653966356236656533353236646534303163633030303536323130336436
+64396333306131633364373236393531646632653432393933613631663536373461346435643236
+65353463383939623731346238626266396230306432306639656534373163333230386339613037
+30613566663262313133346665626336313538393963653762666238613662396163323866626134
+34303065623065343536613263326464326163633633333739653061343837363133646262623732
+38306238373532356262663337343931636137646331653761636334633239643738363737303935
+35393132623836356462613232356634306662623835656665336263656138633365373563643435
+62333764616136646237663764616533613432396161316662613866633432653536363563363466
+32353033613935386364656662333230663537636364363961653037336638643031613062356330
+31306431653638656664383664326338333534333962366631653161626464343831353332316533
+35623438663862643834663964616363613261326536346538643833656438643538346361666163
+36323032306162653738613134373462663464316536343530303736323035626331663632613139
+32343166353737306136643038616335653634306630313832383434323162356137353235643732
+61646666633864383062396163663334343132323266633165633266376266393266643737613936
+66396538623763376636306639313062373132653334346163313161666366323938626562383739
+30656162356534626639663332393462343666373039353662316131336337346462343764653630
+34666533646137343664333334306135363438633461643835356261346162353761613533653230
+65353435616562366461613963356637386631313863326463383562633461613537313065666365
+65326534633935383366316536326266383236643330656139336266613734393539303463326538
+64623062386137306230323631633838616362313333303264363762616466623663393033653130
+38333264656564633136336135353339303232633262373333376133306538323131376239633761
+36646664306262336465306535306333633939646130653664313234363065383330616439326562
+63383738343961363131363665383230396434613566653631393464336239306131633462383536
+65376264333766383762396133666466643938303661353466393166633065653562353864326430
+32663637326161333334386661663931333335633830386263393661346637623933396661616662
+32326337373566633064633430353739326461643734356363343239313365623033363361623739
+64313739656561383839646138386333626135333938336635383966366531376564353931306161
+34643961396437306161396166343365626633333964373766663935323061363763366237363936
+34353432306261386561646364386163633163326235613536373737326663616337663738326636
+30623631336130663839376366306639346361326536653331373861383564646135633331373762
+64323931383930353138316132626366386462356138313332363331346230333630336330373236
+61643865646634306266636531333436646636666666383330343635353638353432633164613337
+39646132396238356263363564653731636266396235383235323765303638333634316265643239
+34333739346433373864633433643066613836346261636262633165653336623464633537656631
+3930663862366434626630313533666362353930316634393133