From f8ed675315de2db1354ace402235c13d57d94057 Mon Sep 17 00:00:00 2001 From: Rasmus Rosengren Date: Tue, 24 Aug 2021 18:22:57 +0200 Subject: [PATCH] Add system configuration tasks --- ansible/configure.yml | 17 +++++++ ansible/group_vars/all/00-defaults.yml | 26 ++++++++++ ansible/install.yml | 4 ++ ansible/inventory/hosts.yml | 2 +- ansible/roles/audio/tasks/main.yml | 18 +++++++ ansible/roles/bluetooth/tasks/main.yml | 14 ++++++ ansible/roles/common_software/tasks/main.yml | 47 +++++++++++++++++++ ansible/roles/create_user/tasks/main.yml | 22 +++++++++ .../display_manager/lightdm/tasks/main.yml | 12 +++++ ansible/roles/display_manager/tasks/main.yml | 4 ++ ansible/roles/display_server/tasks/main.yml | 4 ++ .../roles/display_server/xorg/tasks/main.yml | 6 +++ ansible/roles/docker/tasks/main.yml | 20 ++++++++ ansible/roles/hostname/tasks/main.yml | 18 +++++++ ansible/roles/locale/tasks/main.yml | 27 +++++++++++ ansible/roles/localtime/tasks/main.yml | 13 +++++ ansible/roles/mullvad/tasks/main.yml | 39 +++++++++++++++ ansible/roles/paru/tasks/main.yml | 19 ++++++++ ansible/roles/u2f/tasks/main.yml | 40 ++++++++++++++++ .../roles/window_manager/i3/tasks/main.yml | 7 +++ ansible/roles/window_manager/tasks/main.yml | 4 ++ ansible/roles/yubikey/tasks/main.yml | 15 ++++++ 22 files changed, 377 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/audio/tasks/main.yml create mode 100644 ansible/roles/bluetooth/tasks/main.yml create mode 100644 ansible/roles/common_software/tasks/main.yml create mode 100644 ansible/roles/create_user/tasks/main.yml create mode 100644 ansible/roles/display_manager/lightdm/tasks/main.yml create mode 100644 ansible/roles/display_manager/tasks/main.yml create mode 100644 ansible/roles/display_server/tasks/main.yml create mode 100644 ansible/roles/display_server/xorg/tasks/main.yml create mode 100644 ansible/roles/docker/tasks/main.yml create mode 100644 ansible/roles/hostname/tasks/main.yml create mode 100644 ansible/roles/locale/tasks/main.yml create mode 100644 ansible/roles/localtime/tasks/main.yml create mode 100644 ansible/roles/mullvad/tasks/main.yml create mode 100644 ansible/roles/paru/tasks/main.yml create mode 100644 ansible/roles/u2f/tasks/main.yml create mode 100644 ansible/roles/window_manager/i3/tasks/main.yml create mode 100644 ansible/roles/window_manager/tasks/main.yml create mode 100644 ansible/roles/yubikey/tasks/main.yml diff --git a/ansible/configure.yml b/ansible/configure.yml index 6aee4ab..767a249 100644 --- a/ansible/configure.yml +++ b/ansible/configure.yml @@ -3,3 +3,20 @@ hosts: all roles: + - kewlfft.aur + - hostname + - localtime + - locale + - create_user + - paru + - display_server + - display_manager + - window_manager + - common_software + - audio + - name: bluetooth + when: feat_bluetooth + - mullvad + - docker + - yubikey + - u2f diff --git a/ansible/group_vars/all/00-defaults.yml b/ansible/group_vars/all/00-defaults.yml index 0cd582f..49d3854 100644 --- a/ansible/group_vars/all/00-defaults.yml +++ b/ansible/group_vars/all/00-defaults.yml @@ -4,3 +4,29 @@ disksetup_strategy: efi_gpt_btrfs # grub_theme_name: xenlism # configure_root_password: password + +user_name: +user_password: + +hostname: +timezone: + +# no other options atm +display_manager: lightdm + +# no other options atm +window_manager: i3 + +feat_bluetooth: true + +mullvad_account: "" + +# generate with pamu2fcfg +user_u2f_key: "" + +u2f_optional: + - sudo + +u2f_required: + - su + - login diff --git a/ansible/install.yml b/ansible/install.yml index 4ef99ca..d4da75f 100644 --- a/ansible/install.yml +++ b/ansible/install.yml @@ -7,3 +7,7 @@ - prep - disksetup - configure + + tasks: + - name: Reboot system + reboot: diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml index 02019db..8bb98f3 100644 --- a/ansible/inventory/hosts.yml +++ b/ansible/inventory/hosts.yml @@ -1,5 +1,5 @@ --- all: hosts: - 192.168.2.227: + : ansible_user: root diff --git a/ansible/roles/audio/tasks/main.yml b/ansible/roles/audio/tasks/main.yml new file mode 100644 index 0000000..9a7b9a9 --- /dev/null +++ b/ansible/roles/audio/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Install pulse audio packages. + become: true + become_user: "{{ user_name }}" + aur: + name: + - pulseaudio + - pulseaudio-alsa + - ncpamixer + - pamixer + state: present + +- name: Install pulse audio bluetooth package. + become: true + become_user: "{{ user_name }}" + aur: + name: pulseaudio-bluetooth + state: present + when: feat_bluetooth diff --git a/ansible/roles/bluetooth/tasks/main.yml b/ansible/roles/bluetooth/tasks/main.yml new file mode 100644 index 0000000..ab10dbe --- /dev/null +++ b/ansible/roles/bluetooth/tasks/main.yml @@ -0,0 +1,14 @@ +- name: Install bluetooth packages. + become: true + become_user: "{{ user_name }}" + aur: + name: + - bluez + - bluez-utils + state: present + +- name: Enable bluetooth service. + systemd: + name: bluetooth + enabled: true + state: started diff --git a/ansible/roles/common_software/tasks/main.yml b/ansible/roles/common_software/tasks/main.yml new file mode 100644 index 0000000..9c84497 --- /dev/null +++ b/ansible/roles/common_software/tasks/main.yml @@ -0,0 +1,47 @@ +--- +- name: Install common software. + become: true + become_user: "{{ user_name }}" + aur: + name: + - git + - vim + - firefox + - fish + - code + - libreoffice + - spotify + - slack-desktop + - discord + # rust + - rustup + # nodejs + - nodejs + - yarn + # fonts + # ttf-font-awesome + # nerd-fonts-source-code-pro + # java + - jdk8-openjdk + - jdk-openjdk + # awesome rust tools + - alacritty + - bandwhich + - bat + - bottom + - git-delta + - dust + - exa + - fd + - procs + - ripgrep + - sd + - starship + - tealdeer + - tokei + - zoxide + # misc + - ncdu + - flameshot + - kakoune + state: present diff --git a/ansible/roles/create_user/tasks/main.yml b/ansible/roles/create_user/tasks/main.yml new file mode 100644 index 0000000..d660da4 --- /dev/null +++ b/ansible/roles/create_user/tasks/main.yml @@ -0,0 +1,22 @@ +- name: Allow wheel to sudo without password. + copy: + dest: /etc/sudoers.d/00-tmp-sudo-full-access + content: "%wheel ALL=(ALL) NOPASSWD: ALL" + owner: root + group: root + mode: 0440 + +- name: Create user {{ user_name }}. + user: + name: "{{ user_name }}" + state: present + create_home: true + groups: wheel + append: true + shell: /bin/bash + +- name: Update user {{ user_name }}'s password. + shell: | + set -e -o pipefail + echo {{ user_name }}:{{ user_password }} | chpasswd + changed_when: true diff --git a/ansible/roles/display_manager/lightdm/tasks/main.yml b/ansible/roles/display_manager/lightdm/tasks/main.yml new file mode 100644 index 0000000..822f53b --- /dev/null +++ b/ansible/roles/display_manager/lightdm/tasks/main.yml @@ -0,0 +1,12 @@ +- name: Install lightdm. + pacman: + name: + - lightdm + - lightdm-gtk-greeter + state: present + +- name: Enable lightdm + systemd: + name: lightdm + enabled: true + state: started diff --git a/ansible/roles/display_manager/tasks/main.yml b/ansible/roles/display_manager/tasks/main.yml new file mode 100644 index 0000000..abc6de0 --- /dev/null +++ b/ansible/roles/display_manager/tasks/main.yml @@ -0,0 +1,4 @@ +- name: Include display manager strategy. + include_role: + name: "display_manager/{{ display_manager }}" + public: true diff --git a/ansible/roles/display_server/tasks/main.yml b/ansible/roles/display_server/tasks/main.yml new file mode 100644 index 0000000..a39233d --- /dev/null +++ b/ansible/roles/display_server/tasks/main.yml @@ -0,0 +1,4 @@ +- name: Include display server xorg. + include_role: + name: "display_server/xorg" + public: true diff --git a/ansible/roles/display_server/xorg/tasks/main.yml b/ansible/roles/display_server/xorg/tasks/main.yml new file mode 100644 index 0000000..b70debb --- /dev/null +++ b/ansible/roles/display_server/xorg/tasks/main.yml @@ -0,0 +1,6 @@ +- name: Install packages. + aur: + name: + - xorg-server + - xorg-xinit + state: present diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml new file mode 100644 index 0000000..4bc4b5a --- /dev/null +++ b/ansible/roles/docker/tasks/main.yml @@ -0,0 +1,20 @@ +- name: Install docker. + become: true + become_user: "{{ user_name }}" + aur: + name: + - docker + - docker-compose + state: present + +- name: Enable docker. + systemd: + name: docker + enabled: true + state: started + +- name: Add user {{ user_name }} to docker group. + user: + name: "{{ user_name }}" + groups: docker + append: true diff --git a/ansible/roles/hostname/tasks/main.yml b/ansible/roles/hostname/tasks/main.yml new file mode 100644 index 0000000..db7332a --- /dev/null +++ b/ansible/roles/hostname/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Update /etc/hostname. + copy: + dest: /etc/hostname + content: "{{ hostname }}" + owner: root + group: root + mode: 0644 + +- name: Update /etc/hosts. + copy: + dest: /etc/hosts + content: | + 127.0.0.1 localhost + ::1 localhost + 127.0.1.1 {{ hostname }} + owner: root + group: root + mode: 0644 diff --git a/ansible/roles/locale/tasks/main.yml b/ansible/roles/locale/tasks/main.yml new file mode 100644 index 0000000..17ebf7b --- /dev/null +++ b/ansible/roles/locale/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Update locale selection. + lineinfile: + path: /etc/locale.gen + line: "{{ item }}" + with_items: + - en_US.UTF-8 UTF-8 + +- name: Generate locales. + command: locale-gen + changed_when: true + +- name: Update locale config. + copy: + dest: /etc/locale.conf + content: LANG=en_US.UTF-8 + owner: root + group: root + mode: 0644 + +- name: Update keyboard layout config. + copy: + dest: /etc/vconsole.conf + content: KEYMAP=us + owner: root + group: root + mode: 0644 diff --git a/ansible/roles/localtime/tasks/main.yml b/ansible/roles/localtime/tasks/main.yml new file mode 100644 index 0000000..b224f95 --- /dev/null +++ b/ansible/roles/localtime/tasks/main.yml @@ -0,0 +1,13 @@ +--- +- name: Symlink timezone to /etc/localtime. + file: + src: /usr/share/zoneinfo/{{ timezone }} + path: /etc/localtime + state: link + owner: root + group: root + mode: 0644 + +- name: Sync hardware clock. + command: hwclock --systohc + changed_when: true diff --git a/ansible/roles/mullvad/tasks/main.yml b/ansible/roles/mullvad/tasks/main.yml new file mode 100644 index 0000000..5a0a301 --- /dev/null +++ b/ansible/roles/mullvad/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: Install mullvad. + become: true + become_user: "{{ user_name }}" + aur: + name: mullvad-vpn-bin + state: present + +- name: Mullvad login. + command: mullvad account set {{ mullvad_account }} + changed_when: true + +- name: Enable local networking. + command: mullvad lan set allow + changed_when: true + +- name: Enable on startup. + command: mullvad auto-connect set on + changed_when: true + +- name: Always require mullvad. + command: mullvad always-require-vpn set on + changed_when: true + +- name: Set dns settings. + command: mullvad dns set default --block-ads --block-trackers + changed_when: true + +- name: Enable ipv6 + command: mullvad tunnel ipv6 set on + changed_when: true + +- name: Set tunnel location. + command: mullvad relay set location se got + changed_when: true + +- name: Connect. + command: mullvad connect + changed_when: true diff --git a/ansible/roles/paru/tasks/main.yml b/ansible/roles/paru/tasks/main.yml new file mode 100644 index 0000000..989da7b --- /dev/null +++ b/ansible/roles/paru/tasks/main.yml @@ -0,0 +1,19 @@ +- name: Install rust. + pacman: + name: rustup + state: present + update_cache: true + +- name: Install latest stable rust toolchain. + become: true + become_user: "{{ user_name }}" + command: rustup install stable + changed_when: '"unchanged" not in ret.stdout' + register: ret + +- name: Install paru. + become: true + become_user: "{{ user_name }}" + aur: + name: paru + state: present diff --git a/ansible/roles/u2f/tasks/main.yml b/ansible/roles/u2f/tasks/main.yml new file mode 100644 index 0000000..3ac79bf --- /dev/null +++ b/ansible/roles/u2f/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: Install packages. + become: true + become_user: "{{ user_name }}" + aur: + name: + - pam-u2f + state: present + +- name: Make sure Yubico directory exists. + file: + path: /home/{{ user_name }}/.config/Yubico + state: directory + owner: "{{ user_name }}" + group: "{{ user_name }}" + mode: 0644 + +- name: Add user {{ user_name }}'s u2f key. + copy: + dest: /home/{{ user_name }}/.config/Yubico/u2f_keys + content: "{{ user_u2f_key }}" + owner: "{{ user_name }}" + group: "{{ user_name }}" + mode: 0644 + +- name: Optional u2f authentication. + lineinfile: + state: present + path: /etc/pam.d/{{ item }} + line: auth sufficient pam_u2f.so nodetect cue + insertbefore: ^auth + with_items: "{{ u2f_optional }}" + +- name: Required u2f authentication. + lineinfile: + state: present + path: /etc/pam.d/{{ item }} + line: auth required pam_u2f.so nodetect cue + insertafter: ^auth + with_items: "{{ u2f_required }}" diff --git a/ansible/roles/window_manager/i3/tasks/main.yml b/ansible/roles/window_manager/i3/tasks/main.yml new file mode 100644 index 0000000..6861c29 --- /dev/null +++ b/ansible/roles/window_manager/i3/tasks/main.yml @@ -0,0 +1,7 @@ +- name: Install i3. + pacman: + name: + - i3-wm + - i3status-rust + - rofi + state: present diff --git a/ansible/roles/window_manager/tasks/main.yml b/ansible/roles/window_manager/tasks/main.yml new file mode 100644 index 0000000..dc698cb --- /dev/null +++ b/ansible/roles/window_manager/tasks/main.yml @@ -0,0 +1,4 @@ +- name: Include window manager strategy. + include_role: + name: "window_manager/{{ window_manager }}" + public: true diff --git a/ansible/roles/yubikey/tasks/main.yml b/ansible/roles/yubikey/tasks/main.yml new file mode 100644 index 0000000..03dfda9 --- /dev/null +++ b/ansible/roles/yubikey/tasks/main.yml @@ -0,0 +1,15 @@ +- name: Install packages. + become: true + become_user: "{{ user_name }}" + aur: + name: + - yubioath-desktop + - libfido2 + - ccid + state: present + +- name: Enable smart card service. + systemd: + name: pcscd + enabled: true + state: started