Initial commit

.gitignore

@@ -0,0 +1 @@
+vars/all.yml

README.md

@@ -0,0 +1 @@
+# archlinux-ansible

arch-install/ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+roles_path = ./roles

arch-install/inventory/hosts.yml

@@ -0,0 +1,4 @@
+all:
+  hosts:
+    192.168.2.232:
+      ansible_user: root

arch-install/main.yml

@@ -0,0 +1,14 @@
+---
+- name: Install Arch linux.
+  hosts: all
+  vars_files:
+    - vars/all.yml
+
+  roles:
+    - prep
+    - disk
+    - base-system
+    - users
+    - crypto-keyfile
+    - grub
+    - initcpio

arch-install/roles/base-system/tasks/main.yml

@@ -0,0 +1,54 @@
+- name: Run pacstrap.
+  command: >
+    pacstrap /mnt 
+      base base-devel linux linux-firmware 
+      efibootmgr grub openssh networkmanager btrfs-progs python
+      vim git zsh
+
+- name: Generate fstab.
+  shell: genfstab -U /mnt >> /mnt/etc/fstab
+
+- name: Set localtime.
+  command: arch-chroot /mnt ln -sf /usr/share/zoneinfo/{{ timezone }} /etc/localtime
+
+- name: Sync time to hardware.
+  command: arch-chroot /mnt hwclock --systohc
+
+- name: Select locales.
+  lineinfile:
+    path: /mnt/etc/locale.gen
+    regexp: '^#en_US\.UTF-8 UTF-8'
+    line: en_US.UTF-8 UTF-8
+
+- name: Generate locales.
+  command: arch-chroot /mnt locale-gen
+
+- name: Save locale to /etc/locale.conf.
+  copy:
+    dest: /mnt/etc/locale.conf
+    content: "LANG=en_US.UTF-8"
+
+- name: Save keyboard layout to /etc/vconsole.conf.
+  copy:
+    dest: /mnt/etc/vconsole.conf
+    content: "KEYMAP=us"
+
+- name: Set hostname.
+  copy:
+    dest: /mnt/etc/hostname
+    content: "{{ hostname }}"
+
+- name: Configure /etc/hosts.
+  copy:
+    dest: /mnt/etc/hosts
+    content: |
+      127.0.0.1         localhost
+      ::1               localhost
+      127.0.0.1         {{ hostname }}.localdomain {{ hostname }}
+
+- name: Enable important services.
+  command: "arch-chroot /mnt systemctl enable {{ item }}"
+  with_items:
+    - sshd.service
+    - NetworkManager.service
+    - fstrim.timer

arch-install/roles/crypto-keyfile/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+- name: Create crypto keyfile.
+  shell:
+    cmd: |
+      dd bs=512 count=8 if=/dev/urandom of=/mnt/crypto_keyfile.bin
+      echo {{ luks_password }} | cryptsetup luksAddKey /dev/{{ disk }}2 /mnt/crypto_keyfile.bin
+    creates: /mnt/crypto_keyfile.bin
+
+- name: Set proper permission on crypto keyfile.
+  file:
+    path: /mnt/crypto_keyfile.bin
+    mode: 0000
+
+- name: Set proper permissions on boot folder.
+  file:
+    path: /mnt/boot
+    mode: g-rwx,o-rwx

arch-install/roles/disk/tasks/create-boot-fs.yml

@@ -0,0 +1,6 @@
+- name: Create ESP filesystem.
+  filesystem:
+    device: /dev/{{ disk }}1
+    state: present
+    type: vfat
+    opts: -F32

arch-install/roles/disk/tasks/create-btrfs.yml

@@ -0,0 +1,28 @@
+- name: Create btrfs in LUKS container.
+  filesystem:
+    device: /dev/mapper/cryptroot
+    state: present
+    type: btrfs
+
+- name: Mount new filesystem to /mnt.
+  mount:
+    state: mounted
+    src: /dev/mapper/cryptroot
+    path: /mnt
+    fstype: btrfs
+    opts: defaults,noatime,compress=zstd
+
+- name: Create Btrfs @ subvolume.
+  command:
+    cmd: btrfs subvolume create /mnt/@
+    creates: /mnt/@
+
+- name: Create Btrfs @/root subvolume.
+  command:
+    cmd: btrfs subvolume create /mnt/@/root
+    creates: /mnt/@/root
+
+- name: Create Btrfs @/home subvolume.
+  command:
+    cmd: btrfs subvolume create /mnt/@/home
+    creates: /mnt/@/home

arch-install/roles/disk/tasks/create-luks-container.yml

@@ -0,0 +1,14 @@
+- name: Make sure LUKS container is closed.
+  luks_device:
+    device: /dev/{{ disk }}2
+    state: closed
+
+- name: Make sure LUKS container exists and is open.
+  luks_device:
+    device: /dev/{{ disk }}2
+    state: opened
+    name: "{{ luks_name }}"
+    type: luks1
+    cipher: aes-xts-plain64
+    hash: sha256
+    passphrase: "{{ luks_password }}"

arch-install/roles/disk/tasks/format-disk.yml

@@ -0,0 +1,22 @@
+- name: Create EFI system partition
+  parted:
+    device: /dev/{{ disk }}
+    state: present
+    label: gpt
+    name: ESP
+    number: 1
+    part_start: 1MiB
+    part_end: 512MiB
+    flags: [esp]
+    fs_type: fat32
+
+- name: Create LUKS partition
+  parted:
+    device: /dev/{{ disk }}
+    state: present
+    label: gpt
+    name: LUKS
+    number: 2
+    part_start: 512MiB
+    part_end: 100%
+    fs_type: ext4

arch-install/roles/disk/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- include_tasks: format-disk.yml
+- include_tasks: unmount.yml
+- include_tasks: create-luks-container.yml
+- include_tasks: create-boot-fs.yml
+- include_tasks: create-btrfs.yml
+- include_tasks: unmount.yml
+- include_tasks: mount.yml

arch-install/roles/disk/tasks/mount.yml

@@ -0,0 +1,27 @@
+- name: Mount @/root to /mnt.
+  mount:
+    state: mounted
+    src: /dev/mapper/{{ luks_name }}
+    path: /mnt
+    fstype: btrfs
+    opts: defaults,noatime,compress=zstd,subvol=@/root
+
+- name: Mount @/home to /mnt/home.
+  mount:
+    state: mounted
+    src: /dev/mapper/{{ luks_name }}
+    path: /mnt/home
+    fstype: btrfs
+    opts: defaults,noatime,compress=zstd,subvol=@/home
+
+- name: Make sure /mnt/boot/efi exists.
+  file:
+    path: /mnt/boot/efi
+    state: directory
+
+- name: Mount boot partition to /mnt/boot/efi.
+  mount:
+    state: mounted
+    src: /dev/{{ disk }}1
+    path: /mnt/boot/efi
+    fstype: vfat

arch-install/roles/disk/tasks/unmount.yml

@@ -0,0 +1,8 @@
+- name: Make sure everything is unmounted.
+  mount:
+    state: unmounted
+    path: "{{ item }}"
+  with_items:
+    - /mnt/boot/efi
+    - /mnt/home
+    - /mnt

arch-install/roles/grub/files/grub

@@ -0,0 +1,14 @@
+#GRUB_DEFAULT=saved
+GRUB_TIMEOUT=5
+GRUB_DISTRIBUTOR="Arch"
+GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID={{ luks_partition_uuid }}:{{ luks_name }}"
+GRUB_CMDLINE_LINUX=""
+GRUB_PRELOAD_MODULES="btrfs part_gpt"
+GRUB_ENABLE_CRYPTODISK=y
+#GRUB_SAVEDEFAULT=true
+GRUB_TIMEOUT_STYLE=menu
+GRUB_TERMINAL_INPUT=console
+GRUB_GFXMODE=auto
+GRUB_GFXPAYLOAD_LINUX=keep
+GRUB_DISABLE_RECOVERY=true
+GRUB_THEME="/usr/share/grub/themes/Xenlism-Arch/theme.txt"

arch-install/roles/grub/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: grub mkconfig
+  command: arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg

arch-install/roles/grub/tasks/grub-theme.yml

@@ -0,0 +1,16 @@
+---
+- name: Clone theme repository.
+  git:
+    repo: https://github.com/xenlism/Grub-themes
+    dest: /tmp/Grub-themes
+    clone: true
+    version: main
+
+- name: Copy theme to grub.
+  copy:
+    src: /tmp/Grub-themes/xenlism-grub-arch-1080p/Xenlism-Arch
+    remote_src: true
+    dest: /mnt/usr/share/grub/themes
+    owner: root
+    group: root
+    mode: 0755

arch-install/roles/grub/tasks/main.yml

@@ -0,0 +1,26 @@
+- name: Install packages.
+  command: arch-chroot /mnt pacman -Sy grub efibootmgr os-prober --noconfirm
+
+- include_tasks: grub-theme.yml
+
+- name: Get luks partition id.
+  shell: blkid /dev/{{ disk }}2 -o value | head -1
+  register: luks_partition_uuid
+
+- name: Get nested value.
+  set_fact:
+    luks_partition_uuid: "{{ luks_partition_uuid.stdout }}"
+
+- name: Copy grub default config.
+  template:
+    src: files/grub
+    dest: /mnt/etc/default/grub
+    owner: root
+    group: root
+    mode: 0644
+  notify: grub mkconfig
+
+- name: Install grub.
+  command:
+    cmd: arch-chroot /mnt grub-install --efi-directory=/boot/efi --bootloader-id=grub
+    creates: /mnt/boot/efi/EFI/grub

arch-install/roles/initcpio/files/mkinitcpio.conf

@@ -0,0 +1,4 @@
+MODULES=()
+BINARIES=(/usr/bin/btrfs)
+FILES=(/crypto_keyfile.bin)
+HOOKS=(base udev autodetect modconf block filesystems keyboard fsck encrypt btrfs)

arch-install/roles/initcpio/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: run mkinitcpio
+  command: arch-chroot /mnt mkinitcpio -P

arch-install/roles/initcpio/tasks/main.yml

@@ -0,0 +1,8 @@
+- name: Copy mkinitcpi config.
+  copy:
+    src: files/mkinitcpio.conf
+    dest: /mnt/etc/mkinitcpio.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: run mkinitcpio

arch-install/roles/prep/tasks/main.yml

@@ -0,0 +1,25 @@
+---
+- name: Check if EFI directory exists.
+  stat:
+    path: /sys/firmware/efi
+  register: efi_directory_exists
+
+- name: Fail if not in EFI or UEFI.
+  fail:
+    msg: This playbook only support EFI/UEFI!
+  when: not efi_directory_exists.stat.exists
+
+- name: Check internet connectivity.
+  uri:
+    url: https://archlinux.org
+    status_code: "200"
+    timeout: 30
+
+- name: Sync time.
+  command: timedatectl set-ntp true
+
+- name: Install packages.
+  pacman:
+    name: git
+    update_cache: true
+    state: present

arch-install/roles/users/tasks/main.yml

@@ -0,0 +1,2 @@
+- name: Set root password.
+  shell: arch-chroot /mnt sh -c "echo root:{{ root_password }} | chpasswd"

arch-install/vars/all.example.yml

@@ -0,0 +1,6 @@
+disk: sda
+luks_name: cryptroot
+luks_password: password123
+timezone: Europe/Stockholm
+hostname: arch123
+root_password: password123

arch-install/vars/all.yml

@@ -0,0 +1,6 @@
+disk: sda
+luks_name: cryptroot
+luks_password: password123
+timezone: Europe/Stockholm
+hostname: arch123
+root_password: password123