Reproduces the hal9k-display Arch Linux host (a multi-screen kiosk/display
machine at hal9k.dk).
# 1. Install Ansible + community collections
pip install ansible
ansible-galaxy collection install community.general ansible.posix
# 2. Decrypt secrets when you need to edit them
ansible-vault edit vars/secrets.yml
# 3. Run the playbook
ansible-playbook -i inventory.ini site.yml
.vaultpasscontains the vault password and must not be committed to version control. It is already listed in.gitignore.ansible.cfgpoints Ansible at it automatically viavault_password_file = .vaultpass.
| Role | What it does |
|---|---|
base |
Hostname, locale (en_US.UTF-8), timezone (Europe/Copenhagen), keyboard (us), zram swap, GRUB |
networking |
systemd-networkd + systemd-resolved; Ethernet/WLAN/WWAN DHCP profiles |
users |
hal9k user (uid 1000), SSH authorised key, sudo, autologin on tty1, sway autostart from .bashrc |
packages |
All explicitly-installed pacman packages (pacman -Qe) |
mosquitto |
Local MQTT broker on port 1883 + bridge to mqtt.hal9k.dk:8883 |
kiosk |
Sway config, Firefox multi-screen kiosk (kiosk.sh), serve.py screen-grabber HTTP API, refresh helper, ydotool daemon, clock web app |
mqtt_logger |
Python mqtt-logger service (uv venv), InfluxDB env file, user systemd unit |
heartbeat |
/usr/local/bin/hal9k-heartbeat + systemd timer (minutely MQTT heartbeat) |
vars/secrets.yml (ansible-vault encrypted):
| Variable | Description |
|---|---|
mosquitto_remote_password |
Password for the hal9k user on mqtt.hal9k.dk |
mqtt_logger_influxdb_token |
InfluxDB API token for influxdb.belunktum.dk |
- The
kiosk/files/GortonDigitalLight.otffont is included as-is from the running host. Replace with a licensed copy if needed. - The
mqtt-loggerPython source is vendored underroles/mqtt_logger/files/mqtt_logger_src/.uv syncis run on the target to build the virtualenv. - No disk partitioning / GRUB installation is automated — the playbook assumes
a working Arch Linux base install (UEFI, GPT, btrfs with subvolumes
@,@home,@pkg,@log, EFI partition at/boot).