diff --git a/.gitignore b/.gitignore index 2f1f485..18d395e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ vars/all.yml .ssh -inventory +inventory \ No newline at end of file diff --git a/ansible.sh b/ansible.sh index 1748640..0c02f1b 100755 --- a/ansible.sh +++ b/ansible.sh @@ -16,15 +16,11 @@ if [ -f inventory ]; then [[ $res =~ [Yy] ]] || new_ip_addr=false fi -echo $new_ip_addr - -if [ $new_ip_addr ]; then +if $new_ip_addr; then read -p "Target ip address: " ip_addr echo "[all]" > inventory echo $ip_addr >> inventory fi -exit 1 - echo "Running playbook, this may take 5 to 10 minutes..." ansible-playbook main.yml -k diff --git a/group_vars/all/00-defaults.yml b/group_vars/all/00-defaults.yml index 8e36cdc..29b3eaf 100644 --- a/group_vars/all/00-defaults.yml +++ b/group_vars/all/00-defaults.yml @@ -1,33 +1,78 @@ --- -disksetup_strategy: efi_gpt_btrfs -# partitioning_priv_device_node: /dev/sda +# --- General disk options --- +# Abbreviations: +# * e - EFI +# * g - gpt +# * b - btrfs +# * l - LUKS +# +# Available formats: +# * egb +# * egbl +# +disk_format: egbl -# grub_theme_name: xenlism +disk_device: /dev/sda -# configure_root_password: password +root_mount: /mnt -user_name: -user_password: +# --- Options for egbl disk format --- +# Mapper name of the luks container: +disk_egbl_luks_name: "" -hostname: -timezone: +# Password used to encrypt the luks container: +disk_egbl_luks_password: "" -# no other options atm +# --- Grub theme --- +# Available themes: +# * xenilism +# +grub_theme: xenilism + +# --- Account options --- +root_user_password: archbtw + +user_name: arch +user_password: archbtw + +# --- Machine settings --- +hostname: archlinux +timezone: Europe/Stockholm + +# --- Display/windowing --- +# Available display servers: +# * x11 +# +display_server: x11 + +# Available display managers: +# * lightdm +# display_manager: lightdm -# no other options atm +# Available window managers: +# * i3 +# window_manager: i3 -feat_bluetooth: true +# --- Togglable features --- +feat_bluetooth: false +feat_u2f: false -mullvad_account: "" +# --- VPN --- +# Mullvad VPN account number: +mullvad_account: "" -# generate with pamu2fcfg +# --- u2f pam --- +# u2f key for the user defined above, can be generated with: +# $ pamu2fcfg user_u2f_key: "" +# Modules where u2f will be an alternative to other auth u2f_optional: - sudo +# Modules where u2f will be a required addition to other auth u2f_required: - su - - login + - system-login diff --git a/main.yml b/main.yml index 8157f6a..20658c9 100644 --- a/main.yml +++ b/main.yml @@ -7,12 +7,12 @@ - name: Check if live iso. command: arch-chroot failed_when: false - register: _check_arch_chroot + register: result changed_when: false - name: Set arch chroot fact. set_fact: - is_live_iso: "{{ _check_arch_chroot.rc == 1 }}" + is_live_iso: "{{ result.rc == 1 }}" - name: Include tasks. include_role: @@ -20,7 +20,7 @@ with_items: - passwordless_connection - prep - - disksetup + - disk - configure when: is_live_iso @@ -43,17 +43,17 @@ - display_manager - window_manager - common_software - - audio - name: bluetooth when: feat_bluetooth + - audio - mullvad - docker - yubikey - - u2f + - name: u2f + when: feat_u2f - cleanup tasks: - name: Reboot system. - reboot: - reboot_timeout: 5 - failed_when: false + command: reboot + changed_when: true diff --git a/roles/base_packages/defaults/main.yml b/roles/base_packages/defaults/main.yml deleted file mode 100644 index 22f99d6..0000000 --- a/roles/base_packages/defaults/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -base_packages_list: - # Arch base packages - - base - - base-devel - # Linux kernel - - linux - - linux-firmware - # Additional packages that are needed for further ansible functionality - - sudo - - networkmanager - - openssh - - python diff --git a/roles/base_packages/tasks/main.yml b/roles/base_packages/tasks/main.yml index 9d89b68..516b786 100644 --- a/roles/base_packages/tasks/main.yml +++ b/roles/base_packages/tasks/main.yml @@ -3,5 +3,16 @@ include_role: name: pacstrap vars: - packages: "{{ base_packages_list }}" - chroot: "{{ partitioning_root_mount_point }}" + packages: + # arch base packages + - base + - base-devel + # linux kernel + - linux + - linux-firmware + # additional packages that are needed for further ansible functionality + - sudo + - networkmanager + - openssh + - python + chroot: "{{ root_mount }}" diff --git a/roles/configure/defaults/main.yml b/roles/configure/defaults/main.yml deleted file mode 100644 index 0132308..0000000 --- a/roles/configure/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -configure_root_password: password diff --git a/roles/configure/tasks/main.yml b/roles/configure/tasks/main.yml index 967671a..e07c37b 100644 --- a/roles/configure/tasks/main.yml +++ b/roles/configure/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Enable services on installed system. - command: arch-chroot {{ partitioning_root_mount_point }} + command: arch-chroot {{ root_mount }} systemctl enable {{ item }} with_items: - sshd @@ -27,7 +27,7 @@ - name: Create static ip config. template: src: files/static.nmconnection - dest: "{{ partitioning_root_mount_point }}/etc/NetworkManager/system-connections/static.nmconnection" + dest: "{{ root_mount }}/etc/NetworkManager/system-connections/static.nmconnection" owner: root group: root mode: 0600 @@ -35,7 +35,7 @@ - name: Make sure root's .ssh directory exists. file: state: directory - path: "{{ partitioning_root_mount_point }}/root/.ssh" + path: "{{ root_mount }}/root/.ssh" owner: root group: root mode: 0700 @@ -44,10 +44,10 @@ authorized_key: state: present user: root - path: "{{ partitioning_root_mount_point }}/root/.ssh/authorized_keys" + path: "{{ root_mount }}/root/.ssh/authorized_keys" key: "{{ tmp_pub_key }}" manage_dir: true - name: Update root password. - command: arch-chroot {{ partitioning_root_mount_point }} sh -c "echo root:{{ configure_root_password }} | chpasswd" + command: arch-chroot {{ root_mount }} sh -c "echo root:{{ root_user_password }} | chpasswd" changed_when: true diff --git a/roles/disksetup/efi_gpt_btrfs/bootloader/files/grub b/roles/disk/egb/bootloader/files/grub similarity index 100% rename from roles/disksetup/efi_gpt_btrfs/bootloader/files/grub rename to roles/disk/egb/bootloader/files/grub diff --git a/roles/disk/egb/bootloader/tasks/main.yml b/roles/disk/egb/bootloader/tasks/main.yml new file mode 100644 index 0000000..3f7cead --- /dev/null +++ b/roles/disk/egb/bootloader/tasks/main.yml @@ -0,0 +1,23 @@ +--- +- name: Install required packages. + command: arch-chroot {{ root_mount }} pacman -Sy grub efibootmgr os-prober --noconfirm + changed_when: true + +- name: Copy grub default config. + template: + src: files/grub + dest: "{{ root_mount }}/etc/default/grub" + owner: root + group: root + mode: 0644 + +- name: Install grub. + command: + cmd: arch-chroot {{ root_mount }} grub-install --efi-directory=/boot/efi --bootloader-id=grub + creates: "{{ root_mount }}/boot/efi/EFI/grub" + +- name: Install theme. + include_role: + name: grub-theme + vars: + chroot: "{{ root_mount }}" diff --git a/roles/disk/egb/partitioning/defaults/main.yml b/roles/disk/egb/partitioning/defaults/main.yml new file mode 100644 index 0000000..1306f69 --- /dev/null +++ b/roles/disk/egb/partitioning/defaults/main.yml @@ -0,0 +1,22 @@ +--- +# The size of the ESP partition to be created +disk_egb_esp_size: "{{ 512 * 1024 * 1024 }}" + +# btrfs subvolumes are laid out in a flat fashion: +# +# toplevel (default subvolume, not mounted) +# +-- @ (to be mounted at /) +# +-- @home (to be mmounted at /home) +# +-- ... +# +disk_egb_btrfs_subvolumes: "{{ disk_egb_core_btrfs_subvolumes + disk_egb_priv_extra_btrfs_subvolumes }}" + +# These subvolumes should always be present. DO NOT OVERRIDE. +disk_egb_core_btrfs_subvolumes: + - name: "@" + mountpoint: / + - name: "@home" + mountpoint: /home + +# Add extra subvolumes here, beginning with an @. +disk_egb_extra_btrfs_subvolumes: [] diff --git a/roles/disk/egb/partitioning/tasks/format-disk.yml b/roles/disk/egb/partitioning/tasks/format-disk.yml new file mode 100644 index 0000000..c8a412c --- /dev/null +++ b/roles/disk/egb/partitioning/tasks/format-disk.yml @@ -0,0 +1,33 @@ +--- +- name: Create EFI system partition + parted: + device: "{{ disk_device }}" + state: present + label: gpt + number: 1 + name: ESP + part_start: "{{ 1024 * 1024 }}B" + part_end: "{{ disk_egb_esp_size | int + 1024 * 1024 - 1 }}B" + flags: + - esp + +- name: Create root partition + parted: + device: "{{ disk_device }}" + state: present + label: gpt + number: 2 + name: root + part_start: "{{ disk_egb_esp_size | int + 1024 * 1024 }}B" + +- name: Enumerate created partitions. + shell: | + set -e -o pipefail + lsblk -n -o PATH {{ disk_device }} | tail -n +2 + register: result + changed_when: false + +- name: Assign partitions to variables. + set_fact: + disk_egb_esp_device_node: "{{ result.stdout_lines[0] }}" + disk_egb_root_device_node: "{{ result.stdout_lines[1] }}" diff --git a/roles/disk/egb/partitioning/tasks/format-parts.yml b/roles/disk/egb/partitioning/tasks/format-parts.yml new file mode 100644 index 0000000..416ca07 --- /dev/null +++ b/roles/disk/egb/partitioning/tasks/format-parts.yml @@ -0,0 +1,33 @@ +--- +- name: Format the boot partition with vfat. + filesystem: + device: "{{ disk_egb_esp_device_node }}" + state: present + type: vfat + +- name: Format the root partition with btrfs. + filesystem: + device: "{{ disk_egb_root_device_node }}" + state: present + type: btrfs + +- name: Mount the default subvolume. + mount: + state: mounted + src: "{{ disk_egb_root_device_node }}" + path: "{{ root_mount }}" + fstype: btrfs + opts: defaults,noatime,compress=zstd + +- name: Create subvolumes. + command: + cmd: btrfs subvolume create {{ (root_mount + "/" + subvolume.name) }} + creates: '{{ (root_mount + "/" + subvolume.name) }}' + with_items: "{{ disk_egb_btrfs_subvolumes }}" + loop_control: + loop_var: subvolume + +- name: Unmount the default subvolume. + mount: + state: unmounted + path: "{{ root_mount }}" diff --git a/roles/disksetup/efi_gpt_btrfs/partitioning/tasks/main.yml b/roles/disk/egb/partitioning/tasks/main.yml similarity index 87% rename from roles/disksetup/efi_gpt_btrfs/partitioning/tasks/main.yml rename to roles/disk/egb/partitioning/tasks/main.yml index 46954e9..ad47a67 100644 --- a/roles/disksetup/efi_gpt_btrfs/partitioning/tasks/main.yml +++ b/roles/disk/egb/partitioning/tasks/main.yml @@ -5,7 +5,7 @@ when: not efi_mode - name: Make sure root mount point is unmounted. - command: umount -R {{ partitioning_root_mount_point }} + command: umount -R {{ root_mount }} changed_when: true register: result failed_when: result.rc != 0 and "not mounted" not in result.stderr diff --git a/roles/disksetup/efi_gpt_btrfs/partitioning/tasks/mount.yml b/roles/disk/egb/partitioning/tasks/mount.yml similarity index 59% rename from roles/disksetup/efi_gpt_btrfs/partitioning/tasks/mount.yml rename to roles/disk/egb/partitioning/tasks/mount.yml index f13ea0b..662f989 100644 --- a/roles/disksetup/efi_gpt_btrfs/partitioning/tasks/mount.yml +++ b/roles/disk/egb/partitioning/tasks/mount.yml @@ -1,13 +1,13 @@ --- - name: Mount btrfs subvolumes. include_tasks: mount_btrfs-subvolume.yml - with_items: "{{ partitioning_priv_btrfs_subvolumes }}" + with_items: "{{ disk_egb_btrfs_subvolumes }}" loop_control: loop_var: subvolume - name: Make EFI mount point. file: - path: "{{ partitioning_root_mount_point }}/boot/efi" + path: "{{ root_mount }}/boot/efi" state: directory recurse: true owner: root @@ -17,6 +17,6 @@ - name: Mount EFI boot partition. mount: state: mounted - src: "{{ partitioning_priv_esp_device_node }}" - path: "{{ partitioning_root_mount_point }}/boot/efi" + src: "{{ disk_egb_esp_device_node }}" + path: "{{ root_mount }}/boot/efi" fstype: vfat diff --git a/roles/disksetup/efi_gpt_btrfs/partitioning/tasks/mount_btrfs-subvolume.yml b/roles/disk/egb/partitioning/tasks/mount_btrfs-subvolume.yml similarity index 58% rename from roles/disksetup/efi_gpt_btrfs/partitioning/tasks/mount_btrfs-subvolume.yml rename to roles/disk/egb/partitioning/tasks/mount_btrfs-subvolume.yml index 9531b30..08ce457 100644 --- a/roles/disksetup/efi_gpt_btrfs/partitioning/tasks/mount_btrfs-subvolume.yml +++ b/roles/disk/egb/partitioning/tasks/mount_btrfs-subvolume.yml @@ -2,7 +2,7 @@ - name: Make btrfs subvolume mount point. file: state: directory - path: "{{ (partitioning_root_mount_point + subvolume.mountpoint) | quote }}" + path: "{{ root_mount + subvolume.mountpoint }}" owner: root group: root mode: 0755 @@ -12,6 +12,6 @@ mount -t btrfs -o defaults,noatime,compress=zstd,subvol={{ subvolume.name }} - {{ partitioning_priv_root_device_node }} - {{ (partitioning_root_mount_point + subvolume.mountpoint) | quote }} + {{ disk_egb_root_device_node }} + {{ root_mount + subvolume.mountpoint }} changed_when: true diff --git a/roles/disksetup/efi_gpt_btrfs/postpartitioning/tasks/main.yml b/roles/disk/egb/postpartitioning/tasks/main.yml similarity index 58% rename from roles/disksetup/efi_gpt_btrfs/postpartitioning/tasks/main.yml rename to roles/disk/egb/postpartitioning/tasks/main.yml index 39f6b34..f2c7c4e 100644 --- a/roles/disksetup/efi_gpt_btrfs/postpartitioning/tasks/main.yml +++ b/roles/disk/egb/postpartitioning/tasks/main.yml @@ -3,28 +3,28 @@ include_role: name: genfstab vars: - chroot: "{{ partitioning_root_mount_point }}" + chroot: "{{ root_mount }}" - name: Check if btrfs-progs is installed. - command: arch-chroot {{ partitioning_root_mount_point }} + command: arch-chroot {{ root_mount }} pacman -Qk btrfs-progs - register: _btrfs_progs_installed + register: result failed_when: false changed_when: false - name: Install btrfs-progs. - command: arch-chroot {{ partitioning_root_mount_point }} + command: arch-chroot {{ root_mount }} pacman -Sy btrfs-progs --noconfirm - when: _btrfs_progs_installed.rc != 0 + when: result.rc != 0 - name: Configure mkinitcpio. mkinitcpio: state: present - path: "{{ partitioning_root_mount_point }}/etc/mkinitcpio.conf" + path: "{{ root_mount }}/etc/mkinitcpio.conf" binaries: /usr/bin/btrfs hooks: - btrfs - name: Run mkinitcpio. - command: arch-chroot {{ partitioning_root_mount_point }} mkinitcpio -P + command: arch-chroot {{ root_mount }} mkinitcpio -P changed_when: true diff --git a/roles/disksetup/efi_gpt_luks_btrfs/bootloader/files/grub b/roles/disk/egbl/bootloader/files/grub similarity index 76% rename from roles/disksetup/efi_gpt_luks_btrfs/bootloader/files/grub rename to roles/disk/egbl/bootloader/files/grub index 154e4ba..224ace2 100644 --- a/roles/disksetup/efi_gpt_luks_btrfs/bootloader/files/grub +++ b/roles/disk/egbl/bootloader/files/grub @@ -1,6 +1,6 @@ GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="Arch" -GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID={{ bootloader_priv_luks_device_node_uuid }}:{{ partitioning_priv_luks_name }}" +GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID={{ bootloader_priv_luks_device_node_uuid }}:{{ disk_egbl_luks_name }}" GRUB_CMDLINE_LINUX="" GRUB_PRELOAD_MODULES="btrfs part_gpt" GRUB_ENABLE_CRYPTODISK=y diff --git a/roles/disk/egbl/bootloader/tasks/main.yml b/roles/disk/egbl/bootloader/tasks/main.yml new file mode 100644 index 0000000..462e1c0 --- /dev/null +++ b/roles/disk/egbl/bootloader/tasks/main.yml @@ -0,0 +1,34 @@ +--- +- name: Install required packages. + command: arch-chroot {{ root_mount }} pacman -Sy grub efibootmgr os-prober --noconfirm + changed_when: true + +- name: Get luks device node uuid. + shell: | + set -e -o pipefail + blkid {{ disk_egbl_luks_device_node }} -o value | head -1 + register: result + changed_when: false + +- name: Assign device node id to variable. + set_fact: + bootloader_priv_luks_device_node_uuid: "{{ result.stdout }}" + +- name: Copy grub default config. + template: + src: files/grub + dest: "{{ root_mount }}/etc/default/grub" + owner: root + group: root + mode: 0644 + +- name: Install grub. + command: + cmd: arch-chroot {{ root_mount }} grub-install --efi-directory=/boot/efi --bootloader-id=grub + creates: "{{ root_mount }}/boot/efi/EFI/grub" + +- name: Install theme. + include_role: + name: grub-theme + vars: + chroot: "{{ root_mount }}" diff --git a/roles/disk/egbl/partitioning/defaults/main.yml b/roles/disk/egbl/partitioning/defaults/main.yml new file mode 100644 index 0000000..de7fdbb --- /dev/null +++ b/roles/disk/egbl/partitioning/defaults/main.yml @@ -0,0 +1,22 @@ +--- +# The size of the ESP partition to be created +disk_egbl_esp_size: "{{ 512 * 1024 * 1024 }}" + +# btrfs subvolumes are laid out in a flat fashion: +# +# toplevel (default subvolume, not mounted) +# +-- @ (to be mounted at /) +# +-- @home (to be mmounted at /home) +# +-- ... +# +disk_egbl_btrfs_subvolumes: "{{ disk_egbl_core_btrfs_subvolumes + disk_egbl_extra_btrfs_subvolumes }}" + +# These subvolumes should always be present. DO NOT OVERRIDE. +disk_egbl_core_btrfs_subvolumes: + - name: "@" + mountpoint: / + - name: "@home" + mountpoint: /home + +# Add extra subvolumes here, beginning with an @. +disk_egbl_extra_btrfs_subvolumes: [] diff --git a/roles/disk/egbl/partitioning/tasks/format-disk.yml b/roles/disk/egbl/partitioning/tasks/format-disk.yml new file mode 100644 index 0000000..e127488 --- /dev/null +++ b/roles/disk/egbl/partitioning/tasks/format-disk.yml @@ -0,0 +1,33 @@ +--- +- name: Create EFI system partition + parted: + device: "{{ disk_device }}" + state: present + label: gpt + number: 1 + name: ESP + part_start: "{{ 1024 * 1024 }}B" + part_end: "{{ disk_egbl_esp_size | int + 1024 * 1024 - 1 }}B" + flags: + - esp + +- name: Create LUKS partition + parted: + device: "{{ disk_device }}" + state: present + label: gpt + number: 2 + name: LUKS + part_start: "{{ disk_egbl_esp_size | int + 1024 * 1024 }}B" + +- name: Enumerate created partitions. + shell: | + set -e -o pipefail + lsblk -n -o PATH {{ disk_device }} | tail -n +2 + register: result + changed_when: false + +- name: Assign partitions to variables. + set_fact: + disk_egbl_esp_device_node: "{{ result.stdout_lines[0] }}" + disk_egbl_luks_device_node: "{{ result.stdout_lines[1] }}" diff --git a/roles/disk/egbl/partitioning/tasks/format-parts.yml b/roles/disk/egbl/partitioning/tasks/format-parts.yml new file mode 100644 index 0000000..5706410 --- /dev/null +++ b/roles/disk/egbl/partitioning/tasks/format-parts.yml @@ -0,0 +1,31 @@ +--- +- name: Format the boot partition with vfat. + filesystem: + device: "{{ disk_egbl_esp_device_node }}" + state: present + type: vfat + +- name: Format the luks container with btrfs. + filesystem: + device: /dev/mapper/{{ disk_egbl_luks_name }} + state: present + type: btrfs + +- name: Mount the default subvolume. + mount: + state: mounted + src: /dev/mapper/{{ disk_egbl_luks_name }} + path: "{{ root_mount }}" + fstype: btrfs + opts: defaults,noatime,compress=zstd + +- name: Create subvolumes. + command: + cmd: btrfs subvolume create {{ root_mount + "/" + item.name }} + creates: '{{ root_mount + "/" + item.name }}' + with_items: "{{ disk_egbl_btrfs_subvolumes }}" + +- name: Unmount the default subvolume. + mount: + state: unmounted + path: "{{ root_mount }}" diff --git a/roles/disk/egbl/partitioning/tasks/luks.yml b/roles/disk/egbl/partitioning/tasks/luks.yml new file mode 100644 index 0000000..0be922c --- /dev/null +++ b/roles/disk/egbl/partitioning/tasks/luks.yml @@ -0,0 +1,10 @@ +--- +- name: Create luks container and open it. + luks_device: + device: "{{ disk_egbl_luks_device_node }}" + state: opened + name: "{{ disk_egbl_luks_name }}" + type: luks1 + cipher: aes-xts-plain64 + hash: sha256 + passphrase: "{{ disk_egbl_luks_password }}" diff --git a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/main.yml b/roles/disk/egbl/partitioning/tasks/main.yml similarity index 87% rename from roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/main.yml rename to roles/disk/egbl/partitioning/tasks/main.yml index b91f53a..a2f3763 100644 --- a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/main.yml +++ b/roles/disk/egbl/partitioning/tasks/main.yml @@ -5,7 +5,7 @@ when: not efi_mode - name: Make sure root mount point is unmounted. - command: umount -R {{ partitioning_root_mount_point }} + command: umount -R {{ root_mount }} changed_when: true register: result failed_when: result.rc != 0 and "not mounted" not in result.stderr diff --git a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/mount.yml b/roles/disk/egbl/partitioning/tasks/mount.yml similarity index 59% rename from roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/mount.yml rename to roles/disk/egbl/partitioning/tasks/mount.yml index f13ea0b..0f81778 100644 --- a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/mount.yml +++ b/roles/disk/egbl/partitioning/tasks/mount.yml @@ -1,13 +1,13 @@ --- - name: Mount btrfs subvolumes. include_tasks: mount_btrfs-subvolume.yml - with_items: "{{ partitioning_priv_btrfs_subvolumes }}" + with_items: "{{ disk_egbl_btrfs_subvolumes }}" loop_control: loop_var: subvolume - name: Make EFI mount point. file: - path: "{{ partitioning_root_mount_point }}/boot/efi" + path: "{{ root_mount }}/boot/efi" state: directory recurse: true owner: root @@ -17,6 +17,6 @@ - name: Mount EFI boot partition. mount: state: mounted - src: "{{ partitioning_priv_esp_device_node }}" - path: "{{ partitioning_root_mount_point }}/boot/efi" + src: "{{ disk_egbl_esp_device_node }}" + path: "{{ root_mount }}/boot/efi" fstype: vfat diff --git a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/mount_btrfs-subvolume.yml b/roles/disk/egbl/partitioning/tasks/mount_btrfs-subvolume.yml similarity index 57% rename from roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/mount_btrfs-subvolume.yml rename to roles/disk/egbl/partitioning/tasks/mount_btrfs-subvolume.yml index b167ef4..5626016 100644 --- a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/mount_btrfs-subvolume.yml +++ b/roles/disk/egbl/partitioning/tasks/mount_btrfs-subvolume.yml @@ -2,7 +2,7 @@ - name: Make btrfs subvolume mount point. file: state: directory - path: "{{ (partitioning_root_mount_point + subvolume.mountpoint) | quote }}" + path: "{{ root_mount + subvolume.mountpoint }}" owner: root group: root mode: 0755 @@ -12,6 +12,6 @@ mount -t btrfs -o defaults,noatime,compress=zstd,subvol={{ subvolume.name }} - /dev/mapper/{{ partitioning_priv_luks_name }} - {{ (partitioning_root_mount_point + subvolume.mountpoint) | quote }} + /dev/mapper/{{ disk_egbl_luks_name }} + {{ root_mount + subvolume.mountpoint }} changed_when: true diff --git a/roles/disk/egbl/postpartitioning/tasks/main.yml b/roles/disk/egbl/postpartitioning/tasks/main.yml new file mode 100644 index 0000000..d5d2a98 --- /dev/null +++ b/roles/disk/egbl/postpartitioning/tasks/main.yml @@ -0,0 +1,47 @@ +--- +- name: Generate fstab. + include_role: + name: genfstab + vars: + chroot: "{{ root_mount }}" + +- name: Check if btrfs-progs is installed. + command: arch-chroot {{ root_mount }} + pacman -Qk btrfs-progs + register: result + failed_when: false + changed_when: false + +- name: Install btrfs-progs. + command: arch-chroot {{ root_mount }} + pacman -Sy btrfs-progs --noconfirm + when: result.rc != 0 + +- name: Create crypto keyfile. + shell: + # yamllint disable rule:line-length + cmd: | + set -e -o pipefail + dd bs=512 count=8 if=/dev/urandom of={{ root_mount }}/crypto_keyfile.bin + echo {{ disk_egbl_luks_password }} | cryptsetup luksAddKey {{ disk_egbl_luks_device_node }} {{ root_mount }}/crypto_keyfile.bin + # yamllint enable rule:line-length + creates: "{{ root_mount }}/crypto_keyfile.bin" + +- name: Set proper permissions on crypto keyfile. + file: + path: "{{ root_mount }}/crypto_keyfile.bin" + mode: 0000 + +- name: Configure mkinitcpio. + mkinitcpio: + state: present + path: "{{ root_mount }}/etc/mkinitcpio.conf" + binaries: /usr/bin/btrfs + files: /crypto_keyfile.bin + hooks: + - encrypt + - btrfs + +- name: Run mkinitcpio. + command: arch-chroot {{ root_mount }} mkinitcpio -P + changed_when: true diff --git a/roles/disk/tasks/main.yml b/roles/disk/tasks/main.yml new file mode 100644 index 0000000..343bac7 --- /dev/null +++ b/roles/disk/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: Include partitioning role for {{ disk_format }} disk format. + include_role: + name: "disk/{{ disk_format }}/partitioning" + public: true +- name: Bootstrap system with base packages. + import_role: + name: base_packages +- name: Include postpartitioning role for {{ disk_format }} disk format. + include_role: + name: "disk/{{ disk_format }}/postpartitioning" + public: true +- name: Include bootloader role for {{ disk_format }} disk format. + include_role: + name: "disk/{{ disk_format }}/bootloader" + public: true diff --git a/roles/disksetup/defaults/main.yml b/roles/disksetup/defaults/main.yml deleted file mode 100644 index dfa8a8e..0000000 --- a/roles/disksetup/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -disksetup_strategy: efi_gpt_luks_btrfs diff --git a/roles/disksetup/efi_gpt_btrfs/bootloader/tasks/main.yml b/roles/disksetup/efi_gpt_btrfs/bootloader/tasks/main.yml deleted file mode 100644 index cc2ced8..0000000 --- a/roles/disksetup/efi_gpt_btrfs/bootloader/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install required packages. - command: arch-chroot {{ partitioning_root_mount_point }} pacman -Sy grub efibootmgr os-prober --noconfirm - changed_when: true - -- name: Copy grub default config. - template: - src: files/grub - dest: "{{ partitioning_root_mount_point }}/etc/default/grub" - owner: root - group: root - mode: 0644 - -- name: Install grub. - command: - cmd: arch-chroot {{ partitioning_root_mount_point }} grub-install --efi-directory=/boot/efi --bootloader-id=grub - creates: "{{ partitioning_root_mount_point }}/boot/efi/EFI/grub" - -- name: Install theme. - include_role: - name: grub-theme - vars: - chroot: "{{ partitioning_root_mount_point }}" diff --git a/roles/disksetup/efi_gpt_btrfs/partitioning/defaults/main.yml b/roles/disksetup/efi_gpt_btrfs/partitioning/defaults/main.yml deleted file mode 100644 index 5ddf0d1..0000000 --- a/roles/disksetup/efi_gpt_btrfs/partitioning/defaults/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -##### Public variables used by the rest of the playbook ##### -partitioning_root_mount_point: "/mnt" - -##### Private variables used only by the partitioning roles ##### - -# Two partitions will be created on this device node -# * xxx1 will be used by /boot/efi -# * xxx2 will be the root partition -partitioning_priv_device_node: "/dev/sda" - -# The size of the ESP partition to be created -partitioning_priv_esp_size: "{{ 512 * 1024 * 1024 }}" - -# btrfs subvolumes are laid out in a flat fashion: -# -# toplevel (default subvolume, not mounted) -# +-- @ (to be mounted at /) -# +-- @home (to be mmounted at /home) -# +-- ... -# -# yamllint disable-line rule:line-length -partitioning_priv_btrfs_subvolumes: "{{ partitioning_priv_core_btrfs_subvolumes + partitioning_priv_extra_btrfs_subvolumes }}" - -# These subvolumes should always be present. DO NOT OVERRIDE. -partitioning_priv_core_btrfs_subvolumes: - - name: "@" - mountpoint: / - -# Other subvolumes can be added here, beginning with an @. -partitioning_priv_extra_btrfs_subvolumes: - - name: "@home" - mountpoint: /home diff --git a/roles/disksetup/efi_gpt_btrfs/partitioning/tasks/format-disk.yml b/roles/disksetup/efi_gpt_btrfs/partitioning/tasks/format-disk.yml deleted file mode 100644 index 834dc9f..0000000 --- a/roles/disksetup/efi_gpt_btrfs/partitioning/tasks/format-disk.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: Create EFI system partition - parted: - device: "{{ partitioning_priv_device_node }}" - state: present - label: gpt - number: 1 - name: ESP - part_start: "{{ 1024 * 1024 }}B" - part_end: "{{ partitioning_priv_esp_size | int + 1024 * 1024 - 1 }}B" - flags: - - esp - -- name: Create root partition - parted: - device: "{{ partitioning_priv_device_node }}" - state: present - label: gpt - number: 2 - name: root - part_start: "{{ partitioning_priv_esp_size | int + 1024 * 1024 }}B" - -- name: Enumerate created partitions. - shell: | - set -e -o pipefail - lsblk -n -o PATH {{ partitioning_priv_device_node | quote }} | tail -n +2 - register: _partitions - changed_when: false - -- name: Assign partitions to variables. - set_fact: - partitioning_priv_esp_device_node: "{{ _partitions.stdout_lines[0] }}" - partitioning_priv_root_device_node: "{{ _partitions.stdout_lines[1] }}" diff --git a/roles/disksetup/efi_gpt_btrfs/partitioning/tasks/format-parts.yml b/roles/disksetup/efi_gpt_btrfs/partitioning/tasks/format-parts.yml deleted file mode 100644 index 0d37305..0000000 --- a/roles/disksetup/efi_gpt_btrfs/partitioning/tasks/format-parts.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: Format the boot partition with vfat. - filesystem: - device: "{{ partitioning_priv_esp_device_node }}" - state: present - type: vfat - -- name: Format the root partition with btrfs. - filesystem: - device: "{{ partitioning_priv_root_device_node }}" - state: present - type: btrfs - -- name: Mount the default subvolume. - mount: - state: mounted - src: "{{ partitioning_priv_root_device_node }}" - path: "{{ partitioning_root_mount_point }}" - fstype: btrfs - opts: defaults,noatime,compress=zstd - -- name: Create subvolumes. - command: - cmd: btrfs subvolume create {{ (partitioning_root_mount_point + "/" + item.name) }} - creates: '{{ (partitioning_root_mount_point + "/" + item.name) }}' - with_items: "{{ partitioning_priv_btrfs_subvolumes }}" - -- name: Unmount the default subvolume. - mount: - state: unmounted - path: "{{ partitioning_root_mount_point }}" diff --git a/roles/disksetup/efi_gpt_luks_btrfs/bootloader/tasks/main.yml b/roles/disksetup/efi_gpt_luks_btrfs/bootloader/tasks/main.yml deleted file mode 100644 index 22e2c41..0000000 --- a/roles/disksetup/efi_gpt_luks_btrfs/bootloader/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Install required packages. - command: arch-chroot {{ partitioning_root_mount_point }} pacman -Sy grub efibootmgr os-prober --noconfirm - changed_when: true - -- name: Get luks device node uuid. - shell: | - set -e -o pipefail - blkid {{ partitioning_priv_luks_device_node }} -o value | head -1 - register: _device_node_uuid - changed_when: false - -- name: Assign device node id to variable. - set_fact: - bootloader_priv_luks_device_node_uuid: "{{ _device_node_uuid.stdout }}" - -- name: Copy grub default config. - template: - src: files/grub - dest: "{{ partitioning_root_mount_point }}/etc/default/grub" - owner: root - group: root - mode: 0644 - -- name: Install grub. - command: - cmd: arch-chroot {{ partitioning_root_mount_point }} grub-install --efi-directory=/boot/efi --bootloader-id=grub - creates: "{{ partitioning_root_mount_point }}/boot/efi/EFI/grub" - -- name: Install theme. - include_role: - name: grub-theme - vars: - chroot: "{{ partitioning_root_mount_point }}" diff --git a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/defaults/main.yml b/roles/disksetup/efi_gpt_luks_btrfs/partitioning/defaults/main.yml deleted file mode 100644 index 39accb7..0000000 --- a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/defaults/main.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -##### Public variables used by the rest of the playbook ##### -partitioning_root_mount_point: "/mnt" - -##### Private variables used only by the partitioning roles ##### - -# Two partitions will be created on this device node -# * xxx1 will be used by /boot/efi -# * xxx2 will be a luks container, with btrfs inside -partitioning_priv_device_node: "/dev/sda" - -# The size of the ESP partition to be created -partitioning_priv_esp_size: "{{ 512 * 1024 * 1024 }}" - -# btrfs subvolumes are laid out in a flat fashion: -# -# toplevel (default subvolume, not mounted) -# +-- @ (to be mounted at /) -# +-- @home (to be mmounted at /home) -# +-- ... -# -# yamllint disable-line rule:line-length -partitioning_priv_btrfs_subvolumes: "{{ partitioning_priv_core_btrfs_subvolumes + partitioning_priv_extra_btrfs_subvolumes }}" - -# These subvolumes should always be present. DO NOT OVERRIDE. -partitioning_priv_core_btrfs_subvolumes: - - name: "@" - mountpoint: / - -# Other subvolumes can be added here, beginning with an @. -partitioning_priv_extra_btrfs_subvolumes: - - name: "@home" - mountpoint: /home - -# The mapper name of the luks container -partitioning_priv_luks_name: cryptoroot - -# The password used to encrypt the luks container -partitioning_priv_luks_password: password diff --git a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/format-disk.yml b/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/format-disk.yml deleted file mode 100644 index 9895de7..0000000 --- a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/format-disk.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: Create EFI system partition - parted: - device: "{{ partitioning_priv_device_node }}" - state: present - label: gpt - number: 1 - name: ESP - part_start: "{{ 1024 * 1024 }}B" - part_end: "{{ partitioning_priv_esp_size | int + 1024 * 1024 - 1 }}B" - flags: - - esp - -- name: Create LUKS partition - parted: - device: "{{ partitioning_priv_device_node }}" - state: present - label: gpt - number: 2 - name: LUKS - part_start: "{{ partitioning_priv_esp_size | int + 1024 * 1024 }}B" - -- name: Enumerate created partitions. - shell: | - set -e -o pipefail - lsblk -n -o PATH {{ partitioning_priv_device_node | quote }} | tail -n +2 - register: _partitions - changed_when: false - -- name: Assign partitions to variables. - set_fact: - partitioning_priv_esp_device_node: "{{ _partitions.stdout_lines[0] }}" - partitioning_priv_luks_device_node: "{{ _partitions.stdout_lines[1] }}" diff --git a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/format-parts.yml b/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/format-parts.yml deleted file mode 100644 index 00308c2..0000000 --- a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/format-parts.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: Format the boot partition with vfat. - filesystem: - device: "{{ partitioning_priv_esp_device_node }}" - state: present - type: vfat - -- name: Format the luks container with btrfs. - filesystem: - device: /dev/mapper/{{ partitioning_priv_luks_name }} - state: present - type: btrfs - -- name: Mount the default subvolume. - mount: - state: mounted - src: /dev/mapper/{{ partitioning_priv_luks_name }} - path: "{{ partitioning_root_mount_point }}" - fstype: btrfs - opts: defaults,noatime,compress=zstd - -- name: Create subvolumes. - command: - cmd: btrfs subvolume create {{ (partitioning_root_mount_point + "/" + item.name) | quote }} - creates: '{{ (partitioning_root_mount_point + "/" + item.name) | quote }}' - with_items: "{{ partitioning_priv_btrfs_subvolumes }}" - -- name: Unmount the default subvolume. - mount: - state: unmounted - path: "{{ partitioning_root_mount_point }}" diff --git a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/luks.yml b/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/luks.yml deleted file mode 100644 index 65fdb37..0000000 --- a/roles/disksetup/efi_gpt_luks_btrfs/partitioning/tasks/luks.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Create luks container and open it. - luks_device: - device: "{{ partitioning_priv_luks_device_node }}" - state: opened - name: "{{ partitioning_priv_luks_name }}" - type: luks1 - cipher: aes-xts-plain64 - hash: sha256 - passphrase: "{{ partitioning_priv_luks_password }}" diff --git a/roles/disksetup/efi_gpt_luks_btrfs/postpartitioning/tasks/main.yml b/roles/disksetup/efi_gpt_luks_btrfs/postpartitioning/tasks/main.yml deleted file mode 100644 index 15ed464..0000000 --- a/roles/disksetup/efi_gpt_luks_btrfs/postpartitioning/tasks/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: Generate fstab. - include_role: - name: genfstab - vars: - chroot: "{{ partitioning_root_mount_point }}" - -- name: Check if btrfs-progs is installed. - command: arch-chroot {{ partitioning_root_mount_point }} - pacman -Qk btrfs-progs - register: _btrfs_progs_installed - failed_when: false - changed_when: false - -- name: Install btrfs-progs. - command: arch-chroot {{ partitioning_root_mount_point }} - pacman -Sy btrfs-progs --noconfirm - when: _btrfs_progs_installed.rc != 0 - -- name: Create crypto keyfile. - shell: - cmd: | - set -e -o pipefail - dd bs=512 count=8 if=/dev/urandom of={{ partitioning_root_mount_point }}/crypto_keyfile.bin - echo {{ partitioning_priv_luks_password }} \ - | cryptsetup luksAddKey {{ partitioning_priv_luks_device_node }} \ - {{ partitioning_root_mount_point }}/crypto_keyfile.bin - creates: "{{ partitioning_root_mount_point }}/crypto_keyfile.bin" - -- name: Set proper permissions on crypto keyfile. - file: - path: "{{ partitioning_root_mount_point }}/crypto_keyfile.bin" - mode: 0000 - -- name: Configure mkinitcpio. - mkinitcpio: - state: present - path: "{{ partitioning_root_mount_point }}/etc/mkinitcpio.conf" - binaries: /usr/bin/btrfs - files: /crypto_keyfile.bin - hooks: - - encrypt - - btrfs - -- name: Run mkinitcpio. - command: arch-chroot {{ partitioning_root_mount_point }} mkinitcpio -P - changed_when: true diff --git a/roles/disksetup/tasks/main.yml b/roles/disksetup/tasks/main.yml deleted file mode 100644 index 34016b6..0000000 --- a/roles/disksetup/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Include partitioning role for selected partitioning strategy. - include_role: - name: "disksetup/{{ disksetup_strategy }}/partitioning" - public: true -- name: Bootstrap system with base packages. - import_role: - name: base_packages -- name: Include postpartitioning role for selected partitioning strategy. - include_role: - name: "disksetup/{{ disksetup_strategy }}/postpartitioning" - public: true -- name: Include bootloader role for selected partitioning strategy. - include_role: - name: "disksetup/{{ disksetup_strategy }}/bootloader" - public: true diff --git a/roles/display_server/tasks/main.yml b/roles/display_server/tasks/main.yml index bdbdf4c..3a85f4b 100644 --- a/roles/display_server/tasks/main.yml +++ b/roles/display_server/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Include display server xorg. +- name: Include display server strategy. include_role: - name: "display_server/xorg" + name: "display_server/{{ display_server }}" public: true diff --git a/roles/display_server/xorg/tasks/main.yml b/roles/display_server/x11/tasks/main.yml similarity index 100% rename from roles/display_server/xorg/tasks/main.yml rename to roles/display_server/x11/tasks/main.yml diff --git a/roles/genfstab/tasks/main.yml b/roles/genfstab/tasks/main.yml index 7524c77..0cd7158 100644 --- a/roles/genfstab/tasks/main.yml +++ b/roles/genfstab/tasks/main.yml @@ -1,13 +1,13 @@ --- - name: Generate fstab. command: genfstab -U {{ chroot | quote }} - register: _fstab + register: result changed_when: false - name: Save fstab. copy: dest: "{{ chroot | quote }}/etc/fstab" - content: "{{ _fstab.stdout }}" + content: "{{ result.stdout }}" owner: root group: root mode: 0644 diff --git a/roles/paru/tasks/main.yml b/roles/paru/tasks/main.yml index c4fe21d..e01fb39 100644 --- a/roles/paru/tasks/main.yml +++ b/roles/paru/tasks/main.yml @@ -9,8 +9,8 @@ become: true become_user: "{{ user_name }}" command: rustup install stable - changed_when: '"unchanged" not in ret.stdout' - register: ret + changed_when: '"unchanged" not in result.stdout' + register: result - name: Install paru. become: true diff --git a/roles/prep/tasks/main.yml b/roles/prep/tasks/main.yml index 78125b8..7c9d88f 100644 --- a/roles/prep/tasks/main.yml +++ b/roles/prep/tasks/main.yml @@ -2,11 +2,11 @@ - name: Check if EFI directory exists. stat: path: /sys/firmware/efi - register: private_efi_directory_exists + register: result - name: Set efi_mode fact. set_fact: - efi_mode: "{{ private_efi_directory_exists.stat.exists }}" + efi_mode: "{{ result.stat.exists }}" - name: Check internet connectivity. uri: