From 82df1fd1bf0101b485172aad20ad30f781f127bf Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Wed, 3 May 2023 23:56:33 +0200
Subject: [PATCH] add wireguard config for jefke other updates

---
 ansible.cfg                         |  2 +-
 roles/keepassxc/files/keepassxc.ini |  4 +-
 roles/neovim/tasks/main.yml         |  1 +
 roles/system/files/ssh_config       | 23 ++++++++----
 roles/system/tasks/main.yml         |  1 +
 roles/wireguard/vars/main.yml       | 58 ++++++++++++++++++-----------
 6 files changed, 57 insertions(+), 32 deletions(-)

diff --git a/ansible.cfg b/ansible.cfg
index 0253d3a..0f701f2 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,5 @@
 [defaults]
-roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
+roles_path=roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
 inventory=inventory
 playbook_dir=playbooks
 vault_password_file=util/secret-service-client.sh
diff --git a/roles/keepassxc/files/keepassxc.ini b/roles/keepassxc/files/keepassxc.ini
index 2eca6b0..82a470e 100644
--- a/roles/keepassxc/files/keepassxc.ini
+++ b/roles/keepassxc/files/keepassxc.ini
@@ -6,10 +6,11 @@ CustomProxyLocation=
 Enabled=true
 
 [FdoSecrets]
-Enabled=true
 -NoConfirmDeleteItem=true
+Enabled=true
 
 [GUI]
+AdvancedSettings=true
 MinimizeOnClose=true
 MinimizeOnStartup=true
 ShowTrayIcon=true
@@ -27,6 +28,7 @@ AdvancedMode=false
 ExcludedChars=
 Length=40
 SpecialChars=false
+Type=0
 UpperCase=true
 
 [SSHAgent]
diff --git a/roles/neovim/tasks/main.yml b/roles/neovim/tasks/main.yml
index 14d6f43..df410fd 100644
--- a/roles/neovim/tasks/main.yml
+++ b/roles/neovim/tasks/main.yml
@@ -63,6 +63,7 @@
     section: "Default Applications"
     option: "{{ item }}"
     value: "nvim.desktop"
+    no_extra_spaces: true
   loop: "{{ default_apps }}"
 - name: Copy neovim.bashrc
   copy:
diff --git a/roles/system/files/ssh_config b/roles/system/files/ssh_config
index 2e513ae..b24bda2 100644
--- a/roles/system/files/ssh_config
+++ b/roles/system/files/ssh_config
@@ -1,8 +1,8 @@
 AddKeysToAgent  yes
 
 Host brussels
-        HostName brussels.studlab.os3.nl
-        User pkunis
+        HostName 145.100.104.43
+        User root
 
 Host github.com
         HostName github.com
@@ -10,14 +10,21 @@ Host github.com
         IdentitiesOnly yes
 
 Host max
-        HostName max.lan
+        HostName max.dmz
         User root
 
 Host lewis
-        HostName lewis.lan
+        HostName lewis.hyp
         User root
 
-Host forgejo
-        HostName git.pim.kunis.nl
-        Port 56287
-        User git
+Host hermes
+        HostName hermes.dmz
+        User root
+
+Host atlas
+        HostName atlas.hyp
+        User root
+
+# Default user
+Host *
+    User root
diff --git a/roles/system/tasks/main.yml b/roles/system/tasks/main.yml
index d28ff3f..e2941c7 100644
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@@ -18,6 +18,7 @@
       - vim
       - telegram-desktop
       - wget
+      - vlc
 - name: Install .gitconfig
   template:
     src: "{{ role_path }}/templates/.gitconfig.j2"
diff --git a/roles/wireguard/vars/main.yml b/roles/wireguard/vars/main.yml
index 6448004..68ca9ec 100644
--- a/roles/wireguard/vars/main.yml
+++ b/roles/wireguard/vars/main.yml
@@ -6,32 +6,46 @@ wireguard_interfaces:
     endpoint: "84.245.14.149:51820"
     allowed_ips: "0.0.0.0/0, ::0/0"
     preshared_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          30323832316230326261663365363938306161623639643261376164373563346665643261656632
-          6432616232633465356565653638333830396561613435300a666662353138346638636631366661
-          64393963323364323531363732333566653865353933356330653566313637613465656336656562
-          3539636466383232340a313961383861656662303434356335343539346364313937663439356665
-          37373466373763636434313632643365333434336561643361346130373964396530313339623739
-          6565306236643866663765313636333139366331356164393939
+      $ANSIBLE_VAULT;1.1;AES256
+      30323832316230326261663365363938306161623639643261376164373563346665643261656632
+      6432616232633465356565653638333830396561613435300a666662353138346638636631366661
+      64393963323364323531363732333566653865353933356330653566313637613465656336656562
+      3539636466383232340a313961383861656662303434356335343539346364313937663439356665
+      37373466373763636434313632643365333434336561643361346130373964396530313339623739
+      6565306236643866663765313636333139366331356164393939
     private_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          66373536666638303935653866346565636236613831616139316437336564653732646538333431
-          3366386633353633313932373730373738663534303138630a336539366539623832343034396438
-          62626163663135323138353965316361396164633736313435396435653338393661366638363032
-          6637383765663066380a613330326566313764663635326335353964343438316336613130393462
-          61663539656433336135396362623862623336613464346139356466633365663939346366346335
-          3561326462646131346238633334613539623161653838386435
+      $ANSIBLE_VAULT;1.1;AES256
+      66373536666638303935653866346565636236613831616139316437336564653732646538333431
+      3366386633353633313932373730373738663534303138630a336539366539623832343034396438
+      62626163663135323138353965316361396164633736313435396435653338393661366638363032
+      6637383765663066380a613330326566313764663635326335353964343438316336613130393462
+      61663539656433336135396362623862623336613464346139356466633365663939346366346335
+      3561326462646131346238633334613539623161653838386435
   - name: atlas
     always: true
     address: "10.42.0.2/32"
     peer_public_key: "NLI4IsIgb4if2FhP8BXJupTlC/guZfY4tG91dZ4t8jE="
-    endpoint: "atlas.lan:51820"
+    endpoint: "atlas.hyp:51820"
     allowed_ips: "10.42.0.1/32"
     private_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          39396361643039633361303266326166376236626430336534303330373766303063373839643031
-          6561323836616535323931643335313438306338396264360a653830353237396665373436316466
-          35353063646263353163303836383762313034653563663634613139303136323739626334313232
-          3162366232656534630a636639626134343638316665306362396363363034616163616662326136
-          62363632393536356562306562366431383962646330353035323137613865333636356663363763
-          6137333432336533646534656437633539633065663931643633
+      $ANSIBLE_VAULT;1.1;AES256
+      39396361643039633361303266326166376236626430336534303330373766303063373839643031
+      6561323836616535323931643335313438306338396264360a653830353237396665373436316466
+      35353063646263353163303836383762313034653563663634613139303136323739626334313232
+      3162366232656534630a636639626134343638316665306362396363363034616163616662326136
+      62363632393536356562306562366431383962646330353035323137613865333636356663363763
+      6137333432336533646534656437633539633065663931643633
+  - name: jefke
+    always: true
+    address: "10.42.1.2/32"
+    peer_public_key: "IzTDzZGPKlGyVjW8MKyP0aFpVZ6Ul/o5fJJZ3pQKGFc="
+    endpoint: "jefke.hyp:51820"
+    allowed_ips: "10.42.1.1/32"
+    private_key: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      39396361643039633361303266326166376236626430336534303330373766303063373839643031
+      6561323836616535323931643335313438306338396264360a653830353237396665373436316466
+      35353063646263353163303836383762313034653563663634613139303136323739626334313232
+      3162366232656534630a636639626134343638316665306362396363363034616163616662326136
+      62363632393536356562306562366431383962646330353035323137613865333636356663363763
+      6137333432336533646534656437633539633065663931643633