commit
5afb1444e1
@ -0,0 +1 @@ |
||||
vars/all.yml |
@ -0,0 +1,2 @@ |
||||
[defaults] |
||||
roles_path = ./roles |
@ -0,0 +1,4 @@ |
||||
all: |
||||
hosts: |
||||
192.168.2.232: |
||||
ansible_user: root |
@ -0,0 +1,14 @@ |
||||
--- |
||||
- name: Install Arch linux. |
||||
hosts: all |
||||
vars_files: |
||||
- vars/all.yml |
||||
|
||||
roles: |
||||
- prep |
||||
- disk |
||||
- base-system |
||||
- users |
||||
- crypto-keyfile |
||||
- grub |
||||
- initcpio |
@ -0,0 +1,54 @@ |
||||
- name: Run pacstrap. |
||||
command: > |
||||
pacstrap /mnt |
||||
base base-devel linux linux-firmware |
||||
efibootmgr grub openssh networkmanager btrfs-progs python |
||||
vim git zsh |
||||
|
||||
- name: Generate fstab. |
||||
shell: genfstab -U /mnt >> /mnt/etc/fstab |
||||
|
||||
- name: Set localtime. |
||||
command: arch-chroot /mnt ln -sf /usr/share/zoneinfo/{{ timezone }} /etc/localtime |
||||
|
||||
- name: Sync time to hardware. |
||||
command: arch-chroot /mnt hwclock --systohc |
||||
|
||||
- name: Select locales. |
||||
lineinfile: |
||||
path: /mnt/etc/locale.gen |
||||
regexp: '^#en_US\.UTF-8 UTF-8' |
||||
line: en_US.UTF-8 UTF-8 |
||||
|
||||
- name: Generate locales. |
||||
command: arch-chroot /mnt locale-gen |
||||
|
||||
- name: Save locale to /etc/locale.conf. |
||||
copy: |
||||
dest: /mnt/etc/locale.conf |
||||
content: "LANG=en_US.UTF-8" |
||||
|
||||
- name: Save keyboard layout to /etc/vconsole.conf. |
||||
copy: |
||||
dest: /mnt/etc/vconsole.conf |
||||
content: "KEYMAP=us" |
||||
|
||||
- name: Set hostname. |
||||
copy: |
||||
dest: /mnt/etc/hostname |
||||
content: "{{ hostname }}" |
||||
|
||||
- name: Configure /etc/hosts. |
||||
copy: |
||||
dest: /mnt/etc/hosts |
||||
content: | |
||||
127.0.0.1 localhost |
||||
::1 localhost |
||||
127.0.0.1 {{ hostname }}.localdomain {{ hostname }} |
||||
|
||||
- name: Enable important services. |
||||
command: "arch-chroot /mnt systemctl enable {{ item }}" |
||||
with_items: |
||||
- sshd.service |
||||
- NetworkManager.service |
||||
- fstrim.timer |
@ -0,0 +1,17 @@ |
||||
--- |
||||
- name: Create crypto keyfile. |
||||
shell: |
||||
cmd: | |
||||
dd bs=512 count=8 if=/dev/urandom of=/mnt/crypto_keyfile.bin |
||||
echo {{ luks_password }} | cryptsetup luksAddKey /dev/{{ disk }}2 /mnt/crypto_keyfile.bin |
||||
creates: /mnt/crypto_keyfile.bin |
||||
|
||||
- name: Set proper permission on crypto keyfile. |
||||
file: |
||||
path: /mnt/crypto_keyfile.bin |
||||
mode: 0000 |
||||
|
||||
- name: Set proper permissions on boot folder. |
||||
file: |
||||
path: /mnt/boot |
||||
mode: g-rwx,o-rwx |
@ -0,0 +1,6 @@ |
||||
- name: Create ESP filesystem. |
||||
filesystem: |
||||
device: /dev/{{ disk }}1 |
||||
state: present |
||||
type: vfat |
||||
opts: -F32 |
@ -0,0 +1,28 @@ |
||||
- name: Create btrfs in LUKS container. |
||||
filesystem: |
||||
device: /dev/mapper/cryptroot |
||||
state: present |
||||
type: btrfs |
||||
|
||||
- name: Mount new filesystem to /mnt. |
||||
mount: |
||||
state: mounted |
||||
src: /dev/mapper/cryptroot |
||||
path: /mnt |
||||
fstype: btrfs |
||||
opts: defaults,noatime,compress=zstd |
||||
|
||||
- name: Create Btrfs @ subvolume. |
||||
command: |
||||
cmd: btrfs subvolume create /mnt/@ |
||||
creates: /mnt/@ |
||||
|
||||
- name: Create Btrfs @/root subvolume. |
||||
command: |
||||
cmd: btrfs subvolume create /mnt/@/root |
||||
creates: /mnt/@/root |
||||
|
||||
- name: Create Btrfs @/home subvolume. |
||||
command: |
||||
cmd: btrfs subvolume create /mnt/@/home |
||||
creates: /mnt/@/home |
@ -0,0 +1,14 @@ |
||||
- name: Make sure LUKS container is closed. |
||||
luks_device: |
||||
device: /dev/{{ disk }}2 |
||||
state: closed |
||||
|
||||
- name: Make sure LUKS container exists and is open. |
||||
luks_device: |
||||
device: /dev/{{ disk }}2 |
||||
state: opened |
||||
name: "{{ luks_name }}" |
||||
type: luks1 |
||||
cipher: aes-xts-plain64 |
||||
hash: sha256 |
||||
passphrase: "{{ luks_password }}" |
@ -0,0 +1,22 @@ |
||||
- name: Create EFI system partition |
||||
parted: |
||||
device: /dev/{{ disk }} |
||||
state: present |
||||
label: gpt |
||||
name: ESP |
||||
number: 1 |
||||
part_start: 1MiB |
||||
part_end: 512MiB |
||||
flags: [esp] |
||||
fs_type: fat32 |
||||
|
||||
- name: Create LUKS partition |
||||
parted: |
||||
device: /dev/{{ disk }} |
||||
state: present |
||||
label: gpt |
||||
name: LUKS |
||||
number: 2 |
||||
part_start: 512MiB |
||||
part_end: 100% |
||||
fs_type: ext4 |
@ -0,0 +1,8 @@ |
||||
--- |
||||
- include_tasks: format-disk.yml |
||||
- include_tasks: unmount.yml |
||||
- include_tasks: create-luks-container.yml |
||||
- include_tasks: create-boot-fs.yml |
||||
- include_tasks: create-btrfs.yml |
||||
- include_tasks: unmount.yml |
||||
- include_tasks: mount.yml |
@ -0,0 +1,27 @@ |
||||
- name: Mount @/root to /mnt. |
||||
mount: |
||||
state: mounted |
||||
src: /dev/mapper/{{ luks_name }} |
||||
path: /mnt |
||||
fstype: btrfs |
||||
opts: defaults,noatime,compress=zstd,subvol=@/root |
||||
|
||||
- name: Mount @/home to /mnt/home. |
||||
mount: |
||||
state: mounted |
||||
src: /dev/mapper/{{ luks_name }} |
||||
path: /mnt/home |
||||
fstype: btrfs |
||||
opts: defaults,noatime,compress=zstd,subvol=@/home |
||||
|
||||
- name: Make sure /mnt/boot/efi exists. |
||||
file: |
||||
path: /mnt/boot/efi |
||||
state: directory |
||||
|
||||
- name: Mount boot partition to /mnt/boot/efi. |
||||
mount: |
||||
state: mounted |
||||
src: /dev/{{ disk }}1 |
||||
path: /mnt/boot/efi |
||||
fstype: vfat |
@ -0,0 +1,8 @@ |
||||
- name: Make sure everything is unmounted. |
||||
mount: |
||||
state: unmounted |
||||
path: "{{ item }}" |
||||
with_items: |
||||
- /mnt/boot/efi |
||||
- /mnt/home |
||||
- /mnt |
@ -0,0 +1,14 @@ |
||||
#GRUB_DEFAULT=saved |
||||
GRUB_TIMEOUT=5 |
||||
GRUB_DISTRIBUTOR="Arch" |
||||
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID={{ luks_partition_uuid }}:{{ luks_name }}" |
||||
GRUB_CMDLINE_LINUX="" |
||||
GRUB_PRELOAD_MODULES="btrfs part_gpt" |
||||
GRUB_ENABLE_CRYPTODISK=y |
||||
#GRUB_SAVEDEFAULT=true |
||||
GRUB_TIMEOUT_STYLE=menu |
||||
GRUB_TERMINAL_INPUT=console |
||||
GRUB_GFXMODE=auto |
||||
GRUB_GFXPAYLOAD_LINUX=keep |
||||
GRUB_DISABLE_RECOVERY=true |
||||
GRUB_THEME="/usr/share/grub/themes/Xenlism-Arch/theme.txt" |
@ -0,0 +1,3 @@ |
||||
--- |
||||
- name: grub mkconfig |
||||
command: arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg |
@ -0,0 +1,16 @@ |
||||
--- |
||||
- name: Clone theme repository. |
||||
git: |
||||
repo: https://github.com/xenlism/Grub-themes |
||||
dest: /tmp/Grub-themes |
||||
clone: true |
||||
version: main |
||||
|
||||
- name: Copy theme to grub. |
||||
copy: |
||||
src: /tmp/Grub-themes/xenlism-grub-arch-1080p/Xenlism-Arch |
||||
remote_src: true |
||||
dest: /mnt/usr/share/grub/themes |
||||
owner: root |
||||
group: root |
||||
mode: 0755 |
@ -0,0 +1,26 @@ |
||||
- name: Install packages. |
||||
command: arch-chroot /mnt pacman -Sy grub efibootmgr os-prober --noconfirm |
||||
|
||||
- include_tasks: grub-theme.yml |
||||
|
||||
- name: Get luks partition id. |
||||
shell: blkid /dev/{{ disk }}2 -o value | head -1 |
||||
register: luks_partition_uuid |
||||
|
||||
- name: Get nested value. |
||||
set_fact: |
||||
luks_partition_uuid: "{{ luks_partition_uuid.stdout }}" |
||||
|
||||
- name: Copy grub default config. |
||||
template: |
||||
src: files/grub |
||||
dest: /mnt/etc/default/grub |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
notify: grub mkconfig |
||||
|
||||
- name: Install grub. |
||||
command: |
||||
cmd: arch-chroot /mnt grub-install --efi-directory=/boot/efi --bootloader-id=grub |
||||
creates: /mnt/boot/efi/EFI/grub |
@ -0,0 +1,4 @@ |
||||
MODULES=() |
||||
BINARIES=(/usr/bin/btrfs) |
||||
FILES=(/crypto_keyfile.bin) |
||||
HOOKS=(base udev autodetect modconf block filesystems keyboard fsck encrypt btrfs) |
@ -0,0 +1,3 @@ |
||||
--- |
||||
- name: run mkinitcpio |
||||
command: arch-chroot /mnt mkinitcpio -P |
@ -0,0 +1,8 @@ |
||||
- name: Copy mkinitcpi config. |
||||
copy: |
||||
src: files/mkinitcpio.conf |
||||
dest: /mnt/etc/mkinitcpio.conf |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
notify: run mkinitcpio |
@ -0,0 +1,25 @@ |
||||
--- |
||||
- name: Check if EFI directory exists. |
||||
stat: |
||||
path: /sys/firmware/efi |
||||
register: efi_directory_exists |
||||
|
||||
- name: Fail if not in EFI or UEFI. |
||||
fail: |
||||
msg: This playbook only support EFI/UEFI! |
||||
when: not efi_directory_exists.stat.exists |
||||
|
||||
- name: Check internet connectivity. |
||||
uri: |
||||
url: https://archlinux.org |
||||
status_code: "200" |
||||
timeout: 30 |
||||
|
||||
- name: Sync time. |
||||
command: timedatectl set-ntp true |
||||
|
||||
- name: Install packages. |
||||
pacman: |
||||
name: git |
||||
update_cache: true |
||||
state: present |
@ -0,0 +1,2 @@ |
||||
- name: Set root password. |
||||
shell: arch-chroot /mnt sh -c "echo root:{{ root_password }} | chpasswd" |
@ -0,0 +1,6 @@ |
||||
disk: sda |
||||
luks_name: cryptroot |
||||
luks_password: password123 |
||||
timezone: Europe/Stockholm |
||||
hostname: arch123 |
||||
root_password: password123 |
@ -0,0 +1,6 @@ |
||||
disk: sda |
||||
luks_name: cryptroot |
||||
luks_password: password123 |
||||
timezone: Europe/Stockholm |
||||
hostname: arch123 |
||||
root_password: password123 |
Loading…
Reference in new issue