Add system configuration tasks

3 years ago · f8ed675315
parent 7a6f674714
commit f8ed675315
22 changed files with 377 additions and 1 deletions
--- a/ansible/configure.yml
+++ b/ansible/configure.yml
@ -3,3 +3,20 @@
  hosts: all

  roles:
+    - kewlfft.aur
+    - hostname
+    - localtime
+    - locale
+    - create_user
+    - paru
+    - display_server
+    - display_manager
+    - window_manager
+    - common_software
+    - audio
+    - name: bluetooth
+      when: feat_bluetooth
+    - mullvad
+    - docker
+    - yubikey
+    - u2f
--- a/ansible/group_vars/all/00-defaults.yml
+++ b/ansible/group_vars/all/00-defaults.yml
@ -4,3 +4,29 @@ disksetup_strategy: efi_gpt_btrfs
 # grub_theme_name: xenlism

 # configure_root_password: password
+
+user_name: <user_name>
+user_password: <user_password>
+
+hostname: <hostname>
+timezone: <timezone>
+
+# no other options atm
+display_manager: lightdm
+
+# no other options atm
+window_manager: i3
+
+feat_bluetooth: true
+
+mullvad_account: "<mullvad_account>"
+
+# generate with pamu2fcfg
+user_u2f_key: ""
+
+u2f_optional:
+  - sudo
+
+u2f_required:
+  - su
+  - login
--- a/ansible/install.yml
+++ b/ansible/install.yml
@ -7,3 +7,7 @@
    - prep
    - disksetup
    - configure
+
+  tasks:
+    - name: Reboot system
+      reboot:
--- a/ansible/inventory/hosts.yml
+++ b/ansible/inventory/hosts.yml
@ -1,5 +1,5 @@
 ---
 all:
  hosts:
-    192.168.2.227:
+    <ip_addr>:
      ansible_user: root
--- a/ansible/roles/audio/tasks/main.yml
+++ b/ansible/roles/audio/tasks/main.yml
@ -0,0 +1,18 @@
+- name: Install pulse audio packages.
+  become: true
+  become_user: "{{ user_name }}"
+  aur:
+    name:
+      - pulseaudio
+      - pulseaudio-alsa
+      - ncpamixer
+      - pamixer
+    state: present
+
+- name: Install pulse audio bluetooth package.
+  become: true
+  become_user: "{{ user_name }}"
+  aur:
+    name: pulseaudio-bluetooth
+    state: present
+  when: feat_bluetooth
--- a/ansible/roles/bluetooth/tasks/main.yml
+++ b/ansible/roles/bluetooth/tasks/main.yml
@ -0,0 +1,14 @@
+- name: Install bluetooth packages.
+  become: true
+  become_user: "{{ user_name }}"
+  aur:
+    name:
+      - bluez
+      - bluez-utils
+    state: present
+
+- name: Enable bluetooth service.
+  systemd:
+    name: bluetooth
+    enabled: true
+    state: started
--- a/ansible/roles/common_software/tasks/main.yml
+++ b/ansible/roles/common_software/tasks/main.yml
@ -0,0 +1,47 @@
+---
+- name: Install common software.
+  become: true
+  become_user: "{{ user_name }}"
+  aur:
+    name:
+      - git
+      - vim
+      - firefox
+      - fish
+      - code
+      - libreoffice
+      - spotify
+      - slack-desktop
+      - discord
+      # rust
+      - rustup
+      # nodejs
+      - nodejs
+      - yarn
+      # fonts
+      # ttf-font-awesome
+      # nerd-fonts-source-code-pro
+      # java
+      - jdk8-openjdk
+      - jdk-openjdk
+      # awesome rust tools
+      - alacritty
+      - bandwhich
+      - bat
+      - bottom
+      - git-delta
+      - dust
+      - exa
+      - fd
+      - procs
+      - ripgrep
+      - sd
+      - starship
+      - tealdeer
+      - tokei
+      - zoxide
+      # misc
+      - ncdu
+      - flameshot
+      - kakoune
+    state: present
--- a/ansible/roles/create_user/tasks/main.yml
+++ b/ansible/roles/create_user/tasks/main.yml
@ -0,0 +1,22 @@
+- name: Allow wheel to sudo without password.
+  copy:
+    dest: /etc/sudoers.d/00-tmp-sudo-full-access
+    content: "%wheel ALL=(ALL) NOPASSWD: ALL"
+    owner: root
+    group: root
+    mode: 0440
+
+- name: Create user {{ user_name }}.
+  user:
+    name: "{{ user_name }}"
+    state: present
+    create_home: true
+    groups: wheel
+    append: true
+    shell: /bin/bash
+
+- name: Update user {{ user_name }}'s password.
+  shell: |
+    set -e -o pipefail
+    echo {{ user_name }}:{{ user_password }} | chpasswd
+  changed_when: true
--- a/ansible/roles/display_manager/lightdm/tasks/main.yml
+++ b/ansible/roles/display_manager/lightdm/tasks/main.yml
@ -0,0 +1,12 @@
+- name: Install lightdm.
+  pacman:
+    name:
+      - lightdm
+      - lightdm-gtk-greeter
+    state: present
+
+- name: Enable lightdm
+  systemd:
+    name: lightdm
+    enabled: true
+    state: started
--- a/ansible/roles/display_manager/tasks/main.yml
+++ b/ansible/roles/display_manager/tasks/main.yml
@ -0,0 +1,4 @@
+- name: Include display manager strategy.
+  include_role:
+    name: "display_manager/{{ display_manager }}"
+    public: true
--- a/ansible/roles/display_server/tasks/main.yml
+++ b/ansible/roles/display_server/tasks/main.yml
@ -0,0 +1,4 @@
+- name: Include display server xorg.
+  include_role:
+    name: "display_server/xorg"
+    public: true
--- a/ansible/roles/display_server/xorg/tasks/main.yml
+++ b/ansible/roles/display_server/xorg/tasks/main.yml
@ -0,0 +1,6 @@
+- name: Install packages.
+  aur:
+    name:
+      - xorg-server
+      - xorg-xinit
+    state: present
--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@ -0,0 +1,20 @@
+- name: Install docker.
+  become: true
+  become_user: "{{ user_name }}"
+  aur:
+    name:
+      - docker
+      - docker-compose
+    state: present
+
+- name: Enable docker.
+  systemd:
+    name: docker
+    enabled: true
+    state: started
+
+- name: Add user {{ user_name }} to docker group.
+  user:
+    name: "{{ user_name }}"
+    groups: docker
+    append: true
--- a/ansible/roles/hostname/tasks/main.yml
+++ b/ansible/roles/hostname/tasks/main.yml
@ -0,0 +1,18 @@
+- name: Update /etc/hostname.
+  copy:
+    dest: /etc/hostname
+    content: "{{ hostname }}"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Update /etc/hosts.
+  copy:
+    dest: /etc/hosts
+    content: |
+      127.0.0.1    localhost
+      ::1          localhost
+      127.0.1.1    {{ hostname }}
+    owner: root
+    group: root
+    mode: 0644
--- a/ansible/roles/locale/tasks/main.yml
+++ b/ansible/roles/locale/tasks/main.yml
@ -0,0 +1,27 @@
+---
+- name: Update locale selection.
+  lineinfile:
+    path: /etc/locale.gen
+    line: "{{ item }}"
+  with_items:
+    - en_US.UTF-8 UTF-8
+
+- name: Generate locales.
+  command: locale-gen
+  changed_when: true
+
+- name: Update locale config.
+  copy:
+    dest: /etc/locale.conf
+    content: LANG=en_US.UTF-8
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Update keyboard layout config.
+  copy:
+    dest: /etc/vconsole.conf
+    content: KEYMAP=us
+    owner: root
+    group: root
+    mode: 0644
--- a/ansible/roles/localtime/tasks/main.yml
+++ b/ansible/roles/localtime/tasks/main.yml
@ -0,0 +1,13 @@
+---
+- name: Symlink timezone to /etc/localtime.
+  file:
+    src: /usr/share/zoneinfo/{{ timezone }}
+    path: /etc/localtime
+    state: link
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Sync hardware clock.
+  command: hwclock --systohc
+  changed_when: true
--- a/ansible/roles/mullvad/tasks/main.yml
+++ b/ansible/roles/mullvad/tasks/main.yml
@ -0,0 +1,39 @@
+---
+- name: Install mullvad.
+  become: true
+  become_user: "{{ user_name }}"
+  aur:
+    name: mullvad-vpn-bin
+    state: present
+
+- name: Mullvad login.
+  command: mullvad account set {{ mullvad_account }}
+  changed_when: true
+
+- name: Enable local networking.
+  command: mullvad lan set allow
+  changed_when: true
+
+- name: Enable on startup.
+  command: mullvad auto-connect set on
+  changed_when: true
+
+- name: Always require mullvad.
+  command: mullvad always-require-vpn set on
+  changed_when: true
+
+- name: Set dns settings.
+  command: mullvad dns set default --block-ads --block-trackers
+  changed_when: true
+
+- name: Enable ipv6
+  command: mullvad tunnel ipv6 set on
+  changed_when: true
+
+- name: Set tunnel location.
+  command: mullvad relay set location se got
+  changed_when: true
+
+- name: Connect.
+  command: mullvad connect
+  changed_when: true
--- a/ansible/roles/paru/tasks/main.yml
+++ b/ansible/roles/paru/tasks/main.yml
@ -0,0 +1,19 @@
+- name: Install rust.
+  pacman:
+    name: rustup
+    state: present
+    update_cache: true
+
+- name: Install latest stable rust toolchain.
+  become: true
+  become_user: "{{ user_name }}"
+  command: rustup install stable
+  changed_when: '"unchanged" not in ret.stdout'
+  register: ret
+
+- name: Install paru.
+  become: true
+  become_user: "{{ user_name }}"
+  aur:
+    name: paru
+    state: present
--- a/ansible/roles/u2f/tasks/main.yml
+++ b/ansible/roles/u2f/tasks/main.yml
@ -0,0 +1,40 @@
+---
+- name: Install packages.
+  become: true
+  become_user: "{{ user_name }}"
+  aur:
+    name:
+      - pam-u2f
+    state: present
+
+- name: Make sure Yubico directory exists.
+  file:
+    path: /home/{{ user_name }}/.config/Yubico
+    state: directory
+    owner: "{{ user_name }}"
+    group: "{{ user_name }}"
+    mode: 0644
+
+- name: Add user {{ user_name }}'s u2f key.
+  copy:
+    dest: /home/{{ user_name }}/.config/Yubico/u2f_keys
+    content: "{{ user_u2f_key }}"
+    owner: "{{ user_name }}"
+    group: "{{ user_name }}"
+    mode: 0644
+
+- name: Optional u2f authentication.
+  lineinfile:
+    state: present
+    path: /etc/pam.d/{{ item }}
+    line: auth sufficient pam_u2f.so nodetect cue
+    insertbefore: ^auth
+  with_items: "{{ u2f_optional }}"
+
+- name: Required u2f authentication.
+  lineinfile:
+    state: present
+    path: /etc/pam.d/{{ item }}
+    line: auth required pam_u2f.so nodetect cue
+    insertafter: ^auth
+  with_items: "{{ u2f_required }}"
--- a/ansible/roles/window_manager/i3/tasks/main.yml
+++ b/ansible/roles/window_manager/i3/tasks/main.yml
@ -0,0 +1,7 @@
+- name: Install i3.
+  pacman:
+    name:
+      - i3-wm
+      - i3status-rust
+      - rofi
+    state: present
--- a/ansible/roles/window_manager/tasks/main.yml
+++ b/ansible/roles/window_manager/tasks/main.yml
@ -0,0 +1,4 @@
+- name: Include window manager strategy.
+  include_role:
+    name: "window_manager/{{ window_manager }}"
+    public: true
--- a/ansible/roles/yubikey/tasks/main.yml
+++ b/ansible/roles/yubikey/tasks/main.yml
@ -0,0 +1,15 @@
+- name: Install packages.
+  become: true
+  become_user: "{{ user_name }}"
+  aur:
+    name:
+      - yubioath-desktop
+      - libfido2
+      - ccid
+    state: present
+
+- name: Enable smart card service.
+  systemd:
+    name: pcscd
+    enabled: true
+    state: started