commit
5afb1444e1
@ -0,0 +1 @@ |
|||||||
|
vars/all.yml |
@ -0,0 +1,2 @@ |
|||||||
|
[defaults] |
||||||
|
roles_path = ./roles |
@ -0,0 +1,4 @@ |
|||||||
|
all: |
||||||
|
hosts: |
||||||
|
192.168.2.232: |
||||||
|
ansible_user: root |
@ -0,0 +1,14 @@ |
|||||||
|
--- |
||||||
|
- name: Install Arch linux. |
||||||
|
hosts: all |
||||||
|
vars_files: |
||||||
|
- vars/all.yml |
||||||
|
|
||||||
|
roles: |
||||||
|
- prep |
||||||
|
- disk |
||||||
|
- base-system |
||||||
|
- users |
||||||
|
- crypto-keyfile |
||||||
|
- grub |
||||||
|
- initcpio |
@ -0,0 +1,54 @@ |
|||||||
|
- name: Run pacstrap. |
||||||
|
command: > |
||||||
|
pacstrap /mnt |
||||||
|
base base-devel linux linux-firmware |
||||||
|
efibootmgr grub openssh networkmanager btrfs-progs python |
||||||
|
vim git zsh |
||||||
|
|
||||||
|
- name: Generate fstab. |
||||||
|
shell: genfstab -U /mnt >> /mnt/etc/fstab |
||||||
|
|
||||||
|
- name: Set localtime. |
||||||
|
command: arch-chroot /mnt ln -sf /usr/share/zoneinfo/{{ timezone }} /etc/localtime |
||||||
|
|
||||||
|
- name: Sync time to hardware. |
||||||
|
command: arch-chroot /mnt hwclock --systohc |
||||||
|
|
||||||
|
- name: Select locales. |
||||||
|
lineinfile: |
||||||
|
path: /mnt/etc/locale.gen |
||||||
|
regexp: '^#en_US\.UTF-8 UTF-8' |
||||||
|
line: en_US.UTF-8 UTF-8 |
||||||
|
|
||||||
|
- name: Generate locales. |
||||||
|
command: arch-chroot /mnt locale-gen |
||||||
|
|
||||||
|
- name: Save locale to /etc/locale.conf. |
||||||
|
copy: |
||||||
|
dest: /mnt/etc/locale.conf |
||||||
|
content: "LANG=en_US.UTF-8" |
||||||
|
|
||||||
|
- name: Save keyboard layout to /etc/vconsole.conf. |
||||||
|
copy: |
||||||
|
dest: /mnt/etc/vconsole.conf |
||||||
|
content: "KEYMAP=us" |
||||||
|
|
||||||
|
- name: Set hostname. |
||||||
|
copy: |
||||||
|
dest: /mnt/etc/hostname |
||||||
|
content: "{{ hostname }}" |
||||||
|
|
||||||
|
- name: Configure /etc/hosts. |
||||||
|
copy: |
||||||
|
dest: /mnt/etc/hosts |
||||||
|
content: | |
||||||
|
127.0.0.1 localhost |
||||||
|
::1 localhost |
||||||
|
127.0.0.1 {{ hostname }}.localdomain {{ hostname }} |
||||||
|
|
||||||
|
- name: Enable important services. |
||||||
|
command: "arch-chroot /mnt systemctl enable {{ item }}" |
||||||
|
with_items: |
||||||
|
- sshd.service |
||||||
|
- NetworkManager.service |
||||||
|
- fstrim.timer |
@ -0,0 +1,17 @@ |
|||||||
|
--- |
||||||
|
- name: Create crypto keyfile. |
||||||
|
shell: |
||||||
|
cmd: | |
||||||
|
dd bs=512 count=8 if=/dev/urandom of=/mnt/crypto_keyfile.bin |
||||||
|
echo {{ luks_password }} | cryptsetup luksAddKey /dev/{{ disk }}2 /mnt/crypto_keyfile.bin |
||||||
|
creates: /mnt/crypto_keyfile.bin |
||||||
|
|
||||||
|
- name: Set proper permission on crypto keyfile. |
||||||
|
file: |
||||||
|
path: /mnt/crypto_keyfile.bin |
||||||
|
mode: 0000 |
||||||
|
|
||||||
|
- name: Set proper permissions on boot folder. |
||||||
|
file: |
||||||
|
path: /mnt/boot |
||||||
|
mode: g-rwx,o-rwx |
@ -0,0 +1,6 @@ |
|||||||
|
- name: Create ESP filesystem. |
||||||
|
filesystem: |
||||||
|
device: /dev/{{ disk }}1 |
||||||
|
state: present |
||||||
|
type: vfat |
||||||
|
opts: -F32 |
@ -0,0 +1,28 @@ |
|||||||
|
- name: Create btrfs in LUKS container. |
||||||
|
filesystem: |
||||||
|
device: /dev/mapper/cryptroot |
||||||
|
state: present |
||||||
|
type: btrfs |
||||||
|
|
||||||
|
- name: Mount new filesystem to /mnt. |
||||||
|
mount: |
||||||
|
state: mounted |
||||||
|
src: /dev/mapper/cryptroot |
||||||
|
path: /mnt |
||||||
|
fstype: btrfs |
||||||
|
opts: defaults,noatime,compress=zstd |
||||||
|
|
||||||
|
- name: Create Btrfs @ subvolume. |
||||||
|
command: |
||||||
|
cmd: btrfs subvolume create /mnt/@ |
||||||
|
creates: /mnt/@ |
||||||
|
|
||||||
|
- name: Create Btrfs @/root subvolume. |
||||||
|
command: |
||||||
|
cmd: btrfs subvolume create /mnt/@/root |
||||||
|
creates: /mnt/@/root |
||||||
|
|
||||||
|
- name: Create Btrfs @/home subvolume. |
||||||
|
command: |
||||||
|
cmd: btrfs subvolume create /mnt/@/home |
||||||
|
creates: /mnt/@/home |
@ -0,0 +1,14 @@ |
|||||||
|
- name: Make sure LUKS container is closed. |
||||||
|
luks_device: |
||||||
|
device: /dev/{{ disk }}2 |
||||||
|
state: closed |
||||||
|
|
||||||
|
- name: Make sure LUKS container exists and is open. |
||||||
|
luks_device: |
||||||
|
device: /dev/{{ disk }}2 |
||||||
|
state: opened |
||||||
|
name: "{{ luks_name }}" |
||||||
|
type: luks1 |
||||||
|
cipher: aes-xts-plain64 |
||||||
|
hash: sha256 |
||||||
|
passphrase: "{{ luks_password }}" |
@ -0,0 +1,22 @@ |
|||||||
|
- name: Create EFI system partition |
||||||
|
parted: |
||||||
|
device: /dev/{{ disk }} |
||||||
|
state: present |
||||||
|
label: gpt |
||||||
|
name: ESP |
||||||
|
number: 1 |
||||||
|
part_start: 1MiB |
||||||
|
part_end: 512MiB |
||||||
|
flags: [esp] |
||||||
|
fs_type: fat32 |
||||||
|
|
||||||
|
- name: Create LUKS partition |
||||||
|
parted: |
||||||
|
device: /dev/{{ disk }} |
||||||
|
state: present |
||||||
|
label: gpt |
||||||
|
name: LUKS |
||||||
|
number: 2 |
||||||
|
part_start: 512MiB |
||||||
|
part_end: 100% |
||||||
|
fs_type: ext4 |
@ -0,0 +1,8 @@ |
|||||||
|
--- |
||||||
|
- include_tasks: format-disk.yml |
||||||
|
- include_tasks: unmount.yml |
||||||
|
- include_tasks: create-luks-container.yml |
||||||
|
- include_tasks: create-boot-fs.yml |
||||||
|
- include_tasks: create-btrfs.yml |
||||||
|
- include_tasks: unmount.yml |
||||||
|
- include_tasks: mount.yml |
@ -0,0 +1,27 @@ |
|||||||
|
- name: Mount @/root to /mnt. |
||||||
|
mount: |
||||||
|
state: mounted |
||||||
|
src: /dev/mapper/{{ luks_name }} |
||||||
|
path: /mnt |
||||||
|
fstype: btrfs |
||||||
|
opts: defaults,noatime,compress=zstd,subvol=@/root |
||||||
|
|
||||||
|
- name: Mount @/home to /mnt/home. |
||||||
|
mount: |
||||||
|
state: mounted |
||||||
|
src: /dev/mapper/{{ luks_name }} |
||||||
|
path: /mnt/home |
||||||
|
fstype: btrfs |
||||||
|
opts: defaults,noatime,compress=zstd,subvol=@/home |
||||||
|
|
||||||
|
- name: Make sure /mnt/boot/efi exists. |
||||||
|
file: |
||||||
|
path: /mnt/boot/efi |
||||||
|
state: directory |
||||||
|
|
||||||
|
- name: Mount boot partition to /mnt/boot/efi. |
||||||
|
mount: |
||||||
|
state: mounted |
||||||
|
src: /dev/{{ disk }}1 |
||||||
|
path: /mnt/boot/efi |
||||||
|
fstype: vfat |
@ -0,0 +1,8 @@ |
|||||||
|
- name: Make sure everything is unmounted. |
||||||
|
mount: |
||||||
|
state: unmounted |
||||||
|
path: "{{ item }}" |
||||||
|
with_items: |
||||||
|
- /mnt/boot/efi |
||||||
|
- /mnt/home |
||||||
|
- /mnt |
@ -0,0 +1,14 @@ |
|||||||
|
#GRUB_DEFAULT=saved |
||||||
|
GRUB_TIMEOUT=5 |
||||||
|
GRUB_DISTRIBUTOR="Arch" |
||||||
|
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID={{ luks_partition_uuid }}:{{ luks_name }}" |
||||||
|
GRUB_CMDLINE_LINUX="" |
||||||
|
GRUB_PRELOAD_MODULES="btrfs part_gpt" |
||||||
|
GRUB_ENABLE_CRYPTODISK=y |
||||||
|
#GRUB_SAVEDEFAULT=true |
||||||
|
GRUB_TIMEOUT_STYLE=menu |
||||||
|
GRUB_TERMINAL_INPUT=console |
||||||
|
GRUB_GFXMODE=auto |
||||||
|
GRUB_GFXPAYLOAD_LINUX=keep |
||||||
|
GRUB_DISABLE_RECOVERY=true |
||||||
|
GRUB_THEME="/usr/share/grub/themes/Xenlism-Arch/theme.txt" |
@ -0,0 +1,3 @@ |
|||||||
|
--- |
||||||
|
- name: grub mkconfig |
||||||
|
command: arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg |
@ -0,0 +1,16 @@ |
|||||||
|
--- |
||||||
|
- name: Clone theme repository. |
||||||
|
git: |
||||||
|
repo: https://github.com/xenlism/Grub-themes |
||||||
|
dest: /tmp/Grub-themes |
||||||
|
clone: true |
||||||
|
version: main |
||||||
|
|
||||||
|
- name: Copy theme to grub. |
||||||
|
copy: |
||||||
|
src: /tmp/Grub-themes/xenlism-grub-arch-1080p/Xenlism-Arch |
||||||
|
remote_src: true |
||||||
|
dest: /mnt/usr/share/grub/themes |
||||||
|
owner: root |
||||||
|
group: root |
||||||
|
mode: 0755 |
@ -0,0 +1,26 @@ |
|||||||
|
- name: Install packages. |
||||||
|
command: arch-chroot /mnt pacman -Sy grub efibootmgr os-prober --noconfirm |
||||||
|
|
||||||
|
- include_tasks: grub-theme.yml |
||||||
|
|
||||||
|
- name: Get luks partition id. |
||||||
|
shell: blkid /dev/{{ disk }}2 -o value | head -1 |
||||||
|
register: luks_partition_uuid |
||||||
|
|
||||||
|
- name: Get nested value. |
||||||
|
set_fact: |
||||||
|
luks_partition_uuid: "{{ luks_partition_uuid.stdout }}" |
||||||
|
|
||||||
|
- name: Copy grub default config. |
||||||
|
template: |
||||||
|
src: files/grub |
||||||
|
dest: /mnt/etc/default/grub |
||||||
|
owner: root |
||||||
|
group: root |
||||||
|
mode: 0644 |
||||||
|
notify: grub mkconfig |
||||||
|
|
||||||
|
- name: Install grub. |
||||||
|
command: |
||||||
|
cmd: arch-chroot /mnt grub-install --efi-directory=/boot/efi --bootloader-id=grub |
||||||
|
creates: /mnt/boot/efi/EFI/grub |
@ -0,0 +1,4 @@ |
|||||||
|
MODULES=() |
||||||
|
BINARIES=(/usr/bin/btrfs) |
||||||
|
FILES=(/crypto_keyfile.bin) |
||||||
|
HOOKS=(base udev autodetect modconf block filesystems keyboard fsck encrypt btrfs) |
@ -0,0 +1,3 @@ |
|||||||
|
--- |
||||||
|
- name: run mkinitcpio |
||||||
|
command: arch-chroot /mnt mkinitcpio -P |
@ -0,0 +1,8 @@ |
|||||||
|
- name: Copy mkinitcpi config. |
||||||
|
copy: |
||||||
|
src: files/mkinitcpio.conf |
||||||
|
dest: /mnt/etc/mkinitcpio.conf |
||||||
|
owner: root |
||||||
|
group: root |
||||||
|
mode: 0644 |
||||||
|
notify: run mkinitcpio |
@ -0,0 +1,25 @@ |
|||||||
|
--- |
||||||
|
- name: Check if EFI directory exists. |
||||||
|
stat: |
||||||
|
path: /sys/firmware/efi |
||||||
|
register: efi_directory_exists |
||||||
|
|
||||||
|
- name: Fail if not in EFI or UEFI. |
||||||
|
fail: |
||||||
|
msg: This playbook only support EFI/UEFI! |
||||||
|
when: not efi_directory_exists.stat.exists |
||||||
|
|
||||||
|
- name: Check internet connectivity. |
||||||
|
uri: |
||||||
|
url: https://archlinux.org |
||||||
|
status_code: "200" |
||||||
|
timeout: 30 |
||||||
|
|
||||||
|
- name: Sync time. |
||||||
|
command: timedatectl set-ntp true |
||||||
|
|
||||||
|
- name: Install packages. |
||||||
|
pacman: |
||||||
|
name: git |
||||||
|
update_cache: true |
||||||
|
state: present |
@ -0,0 +1,2 @@ |
|||||||
|
- name: Set root password. |
||||||
|
shell: arch-chroot /mnt sh -c "echo root:{{ root_password }} | chpasswd" |
@ -0,0 +1,6 @@ |
|||||||
|
disk: sda |
||||||
|
luks_name: cryptroot |
||||||
|
luks_password: password123 |
||||||
|
timezone: Europe/Stockholm |
||||||
|
hostname: arch123 |
||||||
|
root_password: password123 |
@ -0,0 +1,6 @@ |
|||||||
|
disk: sda |
||||||
|
luks_name: cryptroot |
||||||
|
luks_password: password123 |
||||||
|
timezone: Europe/Stockholm |
||||||
|
hostname: arch123 |
||||||
|
root_password: password123 |
Loading…
Reference in new issue