From 5afb1444e1cd0d541443b8d0e76d3df3f379ae83 Mon Sep 17 00:00:00 2001 From: Rasmus Rosengren Date: Wed, 18 Aug 2021 02:31:27 +0200 Subject: [PATCH] Initial commit --- .gitignore | 1 + README.md | 1 + arch-install/ansible.cfg | 2 + arch-install/inventory/hosts.yml | 4 ++ arch-install/main.yml | 14 +++++ arch-install/roles/base-system/tasks/main.yml | 54 +++++++++++++++++++ .../roles/crypto-keyfile/tasks/main.yml | 17 ++++++ .../roles/disk/tasks/create-boot-fs.yml | 6 +++ .../roles/disk/tasks/create-btrfs.yml | 28 ++++++++++ .../disk/tasks/create-luks-container.yml | 14 +++++ arch-install/roles/disk/tasks/format-disk.yml | 22 ++++++++ arch-install/roles/disk/tasks/main.yml | 8 +++ arch-install/roles/disk/tasks/mount.yml | 27 ++++++++++ arch-install/roles/disk/tasks/unmount.yml | 8 +++ arch-install/roles/grub/files/grub | 14 +++++ arch-install/roles/grub/handlers/main.yml | 3 ++ arch-install/roles/grub/tasks/grub-theme.yml | 16 ++++++ arch-install/roles/grub/tasks/main.yml | 26 +++++++++ .../roles/initcpio/files/mkinitcpio.conf | 4 ++ arch-install/roles/initcpio/handlers/main.yml | 3 ++ arch-install/roles/initcpio/tasks/main.yml | 8 +++ arch-install/roles/prep/tasks/main.yml | 25 +++++++++ arch-install/roles/users/tasks/main.yml | 2 + arch-install/vars/all.example.yml | 6 +++ arch-install/vars/all.yml | 6 +++ 25 files changed, 319 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 arch-install/ansible.cfg create mode 100644 arch-install/inventory/hosts.yml create mode 100644 arch-install/main.yml create mode 100644 arch-install/roles/base-system/tasks/main.yml create mode 100644 arch-install/roles/crypto-keyfile/tasks/main.yml create mode 100644 arch-install/roles/disk/tasks/create-boot-fs.yml create mode 100644 arch-install/roles/disk/tasks/create-btrfs.yml create mode 100644 arch-install/roles/disk/tasks/create-luks-container.yml create mode 100644 arch-install/roles/disk/tasks/format-disk.yml create mode 100644 arch-install/roles/disk/tasks/main.yml create mode 100644 arch-install/roles/disk/tasks/mount.yml create mode 100644 arch-install/roles/disk/tasks/unmount.yml create mode 100644 arch-install/roles/grub/files/grub create mode 100644 arch-install/roles/grub/handlers/main.yml create mode 100644 arch-install/roles/grub/tasks/grub-theme.yml create mode 100644 arch-install/roles/grub/tasks/main.yml create mode 100644 arch-install/roles/initcpio/files/mkinitcpio.conf create mode 100644 arch-install/roles/initcpio/handlers/main.yml create mode 100644 arch-install/roles/initcpio/tasks/main.yml create mode 100644 arch-install/roles/prep/tasks/main.yml create mode 100644 arch-install/roles/users/tasks/main.yml create mode 100644 arch-install/vars/all.example.yml create mode 100644 arch-install/vars/all.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cab324d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +vars/all.yml \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..5fb5f02 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# archlinux-ansible diff --git a/arch-install/ansible.cfg b/arch-install/ansible.cfg new file mode 100644 index 0000000..4ece02d --- /dev/null +++ b/arch-install/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +roles_path = ./roles \ No newline at end of file diff --git a/arch-install/inventory/hosts.yml b/arch-install/inventory/hosts.yml new file mode 100644 index 0000000..e012c74 --- /dev/null +++ b/arch-install/inventory/hosts.yml @@ -0,0 +1,4 @@ +all: + hosts: + 192.168.2.232: + ansible_user: root diff --git a/arch-install/main.yml b/arch-install/main.yml new file mode 100644 index 0000000..7d740df --- /dev/null +++ b/arch-install/main.yml @@ -0,0 +1,14 @@ +--- +- name: Install Arch linux. + hosts: all + vars_files: + - vars/all.yml + + roles: + - prep + - disk + - base-system + - users + - crypto-keyfile + - grub + - initcpio diff --git a/arch-install/roles/base-system/tasks/main.yml b/arch-install/roles/base-system/tasks/main.yml new file mode 100644 index 0000000..9b776a6 --- /dev/null +++ b/arch-install/roles/base-system/tasks/main.yml @@ -0,0 +1,54 @@ +- name: Run pacstrap. + command: > + pacstrap /mnt + base base-devel linux linux-firmware + efibootmgr grub openssh networkmanager btrfs-progs python + vim git zsh + +- name: Generate fstab. + shell: genfstab -U /mnt >> /mnt/etc/fstab + +- name: Set localtime. + command: arch-chroot /mnt ln -sf /usr/share/zoneinfo/{{ timezone }} /etc/localtime + +- name: Sync time to hardware. + command: arch-chroot /mnt hwclock --systohc + +- name: Select locales. + lineinfile: + path: /mnt/etc/locale.gen + regexp: '^#en_US\.UTF-8 UTF-8' + line: en_US.UTF-8 UTF-8 + +- name: Generate locales. + command: arch-chroot /mnt locale-gen + +- name: Save locale to /etc/locale.conf. + copy: + dest: /mnt/etc/locale.conf + content: "LANG=en_US.UTF-8" + +- name: Save keyboard layout to /etc/vconsole.conf. + copy: + dest: /mnt/etc/vconsole.conf + content: "KEYMAP=us" + +- name: Set hostname. + copy: + dest: /mnt/etc/hostname + content: "{{ hostname }}" + +- name: Configure /etc/hosts. + copy: + dest: /mnt/etc/hosts + content: | + 127.0.0.1 localhost + ::1 localhost + 127.0.0.1 {{ hostname }}.localdomain {{ hostname }} + +- name: Enable important services. + command: "arch-chroot /mnt systemctl enable {{ item }}" + with_items: + - sshd.service + - NetworkManager.service + - fstrim.timer diff --git a/arch-install/roles/crypto-keyfile/tasks/main.yml b/arch-install/roles/crypto-keyfile/tasks/main.yml new file mode 100644 index 0000000..d997b65 --- /dev/null +++ b/arch-install/roles/crypto-keyfile/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: Create crypto keyfile. + shell: + cmd: | + dd bs=512 count=8 if=/dev/urandom of=/mnt/crypto_keyfile.bin + echo {{ luks_password }} | cryptsetup luksAddKey /dev/{{ disk }}2 /mnt/crypto_keyfile.bin + creates: /mnt/crypto_keyfile.bin + +- name: Set proper permission on crypto keyfile. + file: + path: /mnt/crypto_keyfile.bin + mode: 0000 + +- name: Set proper permissions on boot folder. + file: + path: /mnt/boot + mode: g-rwx,o-rwx diff --git a/arch-install/roles/disk/tasks/create-boot-fs.yml b/arch-install/roles/disk/tasks/create-boot-fs.yml new file mode 100644 index 0000000..b9753f7 --- /dev/null +++ b/arch-install/roles/disk/tasks/create-boot-fs.yml @@ -0,0 +1,6 @@ +- name: Create ESP filesystem. + filesystem: + device: /dev/{{ disk }}1 + state: present + type: vfat + opts: -F32 diff --git a/arch-install/roles/disk/tasks/create-btrfs.yml b/arch-install/roles/disk/tasks/create-btrfs.yml new file mode 100644 index 0000000..1d1c776 --- /dev/null +++ b/arch-install/roles/disk/tasks/create-btrfs.yml @@ -0,0 +1,28 @@ +- name: Create btrfs in LUKS container. + filesystem: + device: /dev/mapper/cryptroot + state: present + type: btrfs + +- name: Mount new filesystem to /mnt. + mount: + state: mounted + src: /dev/mapper/cryptroot + path: /mnt + fstype: btrfs + opts: defaults,noatime,compress=zstd + +- name: Create Btrfs @ subvolume. + command: + cmd: btrfs subvolume create /mnt/@ + creates: /mnt/@ + +- name: Create Btrfs @/root subvolume. + command: + cmd: btrfs subvolume create /mnt/@/root + creates: /mnt/@/root + +- name: Create Btrfs @/home subvolume. + command: + cmd: btrfs subvolume create /mnt/@/home + creates: /mnt/@/home diff --git a/arch-install/roles/disk/tasks/create-luks-container.yml b/arch-install/roles/disk/tasks/create-luks-container.yml new file mode 100644 index 0000000..a3ec1cb --- /dev/null +++ b/arch-install/roles/disk/tasks/create-luks-container.yml @@ -0,0 +1,14 @@ +- name: Make sure LUKS container is closed. + luks_device: + device: /dev/{{ disk }}2 + state: closed + +- name: Make sure LUKS container exists and is open. + luks_device: + device: /dev/{{ disk }}2 + state: opened + name: "{{ luks_name }}" + type: luks1 + cipher: aes-xts-plain64 + hash: sha256 + passphrase: "{{ luks_password }}" diff --git a/arch-install/roles/disk/tasks/format-disk.yml b/arch-install/roles/disk/tasks/format-disk.yml new file mode 100644 index 0000000..0eb7f53 --- /dev/null +++ b/arch-install/roles/disk/tasks/format-disk.yml @@ -0,0 +1,22 @@ +- name: Create EFI system partition + parted: + device: /dev/{{ disk }} + state: present + label: gpt + name: ESP + number: 1 + part_start: 1MiB + part_end: 512MiB + flags: [esp] + fs_type: fat32 + +- name: Create LUKS partition + parted: + device: /dev/{{ disk }} + state: present + label: gpt + name: LUKS + number: 2 + part_start: 512MiB + part_end: 100% + fs_type: ext4 diff --git a/arch-install/roles/disk/tasks/main.yml b/arch-install/roles/disk/tasks/main.yml new file mode 100644 index 0000000..1fcc6e5 --- /dev/null +++ b/arch-install/roles/disk/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- include_tasks: format-disk.yml +- include_tasks: unmount.yml +- include_tasks: create-luks-container.yml +- include_tasks: create-boot-fs.yml +- include_tasks: create-btrfs.yml +- include_tasks: unmount.yml +- include_tasks: mount.yml diff --git a/arch-install/roles/disk/tasks/mount.yml b/arch-install/roles/disk/tasks/mount.yml new file mode 100644 index 0000000..cb32222 --- /dev/null +++ b/arch-install/roles/disk/tasks/mount.yml @@ -0,0 +1,27 @@ +- name: Mount @/root to /mnt. + mount: + state: mounted + src: /dev/mapper/{{ luks_name }} + path: /mnt + fstype: btrfs + opts: defaults,noatime,compress=zstd,subvol=@/root + +- name: Mount @/home to /mnt/home. + mount: + state: mounted + src: /dev/mapper/{{ luks_name }} + path: /mnt/home + fstype: btrfs + opts: defaults,noatime,compress=zstd,subvol=@/home + +- name: Make sure /mnt/boot/efi exists. + file: + path: /mnt/boot/efi + state: directory + +- name: Mount boot partition to /mnt/boot/efi. + mount: + state: mounted + src: /dev/{{ disk }}1 + path: /mnt/boot/efi + fstype: vfat diff --git a/arch-install/roles/disk/tasks/unmount.yml b/arch-install/roles/disk/tasks/unmount.yml new file mode 100644 index 0000000..148f0a2 --- /dev/null +++ b/arch-install/roles/disk/tasks/unmount.yml @@ -0,0 +1,8 @@ +- name: Make sure everything is unmounted. + mount: + state: unmounted + path: "{{ item }}" + with_items: + - /mnt/boot/efi + - /mnt/home + - /mnt diff --git a/arch-install/roles/grub/files/grub b/arch-install/roles/grub/files/grub new file mode 100644 index 0000000..c7c5412 --- /dev/null +++ b/arch-install/roles/grub/files/grub @@ -0,0 +1,14 @@ +#GRUB_DEFAULT=saved +GRUB_TIMEOUT=5 +GRUB_DISTRIBUTOR="Arch" +GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID={{ luks_partition_uuid }}:{{ luks_name }}" +GRUB_CMDLINE_LINUX="" +GRUB_PRELOAD_MODULES="btrfs part_gpt" +GRUB_ENABLE_CRYPTODISK=y +#GRUB_SAVEDEFAULT=true +GRUB_TIMEOUT_STYLE=menu +GRUB_TERMINAL_INPUT=console +GRUB_GFXMODE=auto +GRUB_GFXPAYLOAD_LINUX=keep +GRUB_DISABLE_RECOVERY=true +GRUB_THEME="/usr/share/grub/themes/Xenlism-Arch/theme.txt" diff --git a/arch-install/roles/grub/handlers/main.yml b/arch-install/roles/grub/handlers/main.yml new file mode 100644 index 0000000..c6691a8 --- /dev/null +++ b/arch-install/roles/grub/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: grub mkconfig + command: arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg diff --git a/arch-install/roles/grub/tasks/grub-theme.yml b/arch-install/roles/grub/tasks/grub-theme.yml new file mode 100644 index 0000000..f373af0 --- /dev/null +++ b/arch-install/roles/grub/tasks/grub-theme.yml @@ -0,0 +1,16 @@ +--- +- name: Clone theme repository. + git: + repo: https://github.com/xenlism/Grub-themes + dest: /tmp/Grub-themes + clone: true + version: main + +- name: Copy theme to grub. + copy: + src: /tmp/Grub-themes/xenlism-grub-arch-1080p/Xenlism-Arch + remote_src: true + dest: /mnt/usr/share/grub/themes + owner: root + group: root + mode: 0755 diff --git a/arch-install/roles/grub/tasks/main.yml b/arch-install/roles/grub/tasks/main.yml new file mode 100644 index 0000000..0e211b6 --- /dev/null +++ b/arch-install/roles/grub/tasks/main.yml @@ -0,0 +1,26 @@ +- name: Install packages. + command: arch-chroot /mnt pacman -Sy grub efibootmgr os-prober --noconfirm + +- include_tasks: grub-theme.yml + +- name: Get luks partition id. + shell: blkid /dev/{{ disk }}2 -o value | head -1 + register: luks_partition_uuid + +- name: Get nested value. + set_fact: + luks_partition_uuid: "{{ luks_partition_uuid.stdout }}" + +- name: Copy grub default config. + template: + src: files/grub + dest: /mnt/etc/default/grub + owner: root + group: root + mode: 0644 + notify: grub mkconfig + +- name: Install grub. + command: + cmd: arch-chroot /mnt grub-install --efi-directory=/boot/efi --bootloader-id=grub + creates: /mnt/boot/efi/EFI/grub diff --git a/arch-install/roles/initcpio/files/mkinitcpio.conf b/arch-install/roles/initcpio/files/mkinitcpio.conf new file mode 100644 index 0000000..fe88467 --- /dev/null +++ b/arch-install/roles/initcpio/files/mkinitcpio.conf @@ -0,0 +1,4 @@ +MODULES=() +BINARIES=(/usr/bin/btrfs) +FILES=(/crypto_keyfile.bin) +HOOKS=(base udev autodetect modconf block filesystems keyboard fsck encrypt btrfs) diff --git a/arch-install/roles/initcpio/handlers/main.yml b/arch-install/roles/initcpio/handlers/main.yml new file mode 100644 index 0000000..ccfcb3b --- /dev/null +++ b/arch-install/roles/initcpio/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: run mkinitcpio + command: arch-chroot /mnt mkinitcpio -P diff --git a/arch-install/roles/initcpio/tasks/main.yml b/arch-install/roles/initcpio/tasks/main.yml new file mode 100644 index 0000000..21d39e5 --- /dev/null +++ b/arch-install/roles/initcpio/tasks/main.yml @@ -0,0 +1,8 @@ +- name: Copy mkinitcpi config. + copy: + src: files/mkinitcpio.conf + dest: /mnt/etc/mkinitcpio.conf + owner: root + group: root + mode: 0644 + notify: run mkinitcpio diff --git a/arch-install/roles/prep/tasks/main.yml b/arch-install/roles/prep/tasks/main.yml new file mode 100644 index 0000000..999c46d --- /dev/null +++ b/arch-install/roles/prep/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: Check if EFI directory exists. + stat: + path: /sys/firmware/efi + register: efi_directory_exists + +- name: Fail if not in EFI or UEFI. + fail: + msg: This playbook only support EFI/UEFI! + when: not efi_directory_exists.stat.exists + +- name: Check internet connectivity. + uri: + url: https://archlinux.org + status_code: "200" + timeout: 30 + +- name: Sync time. + command: timedatectl set-ntp true + +- name: Install packages. + pacman: + name: git + update_cache: true + state: present diff --git a/arch-install/roles/users/tasks/main.yml b/arch-install/roles/users/tasks/main.yml new file mode 100644 index 0000000..7092784 --- /dev/null +++ b/arch-install/roles/users/tasks/main.yml @@ -0,0 +1,2 @@ +- name: Set root password. + shell: arch-chroot /mnt sh -c "echo root:{{ root_password }} | chpasswd" diff --git a/arch-install/vars/all.example.yml b/arch-install/vars/all.example.yml new file mode 100644 index 0000000..99b947c --- /dev/null +++ b/arch-install/vars/all.example.yml @@ -0,0 +1,6 @@ +disk: sda +luks_name: cryptroot +luks_password: password123 +timezone: Europe/Stockholm +hostname: arch123 +root_password: password123 diff --git a/arch-install/vars/all.yml b/arch-install/vars/all.yml new file mode 100644 index 0000000..99b947c --- /dev/null +++ b/arch-install/vars/all.yml @@ -0,0 +1,6 @@ +disk: sda +luks_name: cryptroot +luks_password: password123 +timezone: Europe/Stockholm +hostname: arch123 +root_password: password123