parent
5afb1444e1
commit
fd025bd81c
@ -1 +1,2 @@ |
||||
vars/all.yml |
||||
.ssh |
||||
|
@ -1 +1,23 @@ |
||||
# archlinux-ansible |
||||
|
||||
## Usage |
||||
|
||||
Boot the live iso and set a root password, something simple is fine as it's |
||||
changed to key based auth anyway. Find the ip address (e.g. by `ip a`) and |
||||
add to `inventory/hosts.yml` under the `arch_live` group. |
||||
|
||||
Enter the `ansible` directory. Before running any playbook, generate a new SSH |
||||
key-pair: |
||||
|
||||
```bash |
||||
$ ssh-keygen -t ed25519 -f .ssh/id_ed25519 -N "" |
||||
``` |
||||
|
||||
Now run the `install` playbook: |
||||
|
||||
```bash |
||||
$ ansible-playbook install.yml -k |
||||
``` |
||||
|
||||
When the `install` playbook finishes, wait for the restart. Then find the new |
||||
ip address and put in the inventory file under the `arch` group |
||||
|
@ -0,0 +1,7 @@ |
||||
--- |
||||
extends: default |
||||
|
||||
rules: |
||||
line-length: |
||||
max: 120 |
||||
level: warning |
@ -0,0 +1,4 @@ |
||||
[defaults] |
||||
inventory = inventory |
||||
private_key_file = .ssh/id_ed25519 |
||||
library = library |
@ -0,0 +1,5 @@ |
||||
--- |
||||
- name: Configure system. |
||||
hosts: arch |
||||
|
||||
roles: |
@ -0,0 +1,9 @@ |
||||
--- |
||||
- name: Install system. |
||||
hosts: arch_live |
||||
|
||||
roles: |
||||
- passwordless_connection |
||||
- prep |
||||
- disksetup |
||||
- configure |
@ -0,0 +1,10 @@ |
||||
--- |
||||
arch_live: |
||||
hosts: |
||||
192.168.2.230: |
||||
ansible_user: root |
||||
|
||||
arch: |
||||
hosts: |
||||
192.168.2.235: |
||||
ansible_user: rsrp |
@ -0,0 +1,126 @@ |
||||
from ansible.module_utils.basic import AnsibleModule |
||||
import os |
||||
import re |
||||
|
||||
|
||||
def parse_mkinitcpio_line(type: str, line: str) -> list[str]: |
||||
regex = "^" + type + r"=\((.*)\)$" |
||||
result = re.search(regex, line) |
||||
if result is None: |
||||
return None |
||||
|
||||
return list(filter(lambda v: v != "", result.group(1).split(" "))) |
||||
|
||||
|
||||
def build_mkinitcpio_line(type: str, values: list[str]) -> str: |
||||
return type + "=(" + " ".join(values) + ")" |
||||
|
||||
|
||||
def update_mkinitcpio_line(type: str, desired_state: str, values: list[str], line) -> tuple[str, bool]: |
||||
current_values = parse_mkinitcpio_line(type, line) |
||||
changed = False |
||||
if current_values is not None: |
||||
if desired_state == "present": |
||||
for value in values: |
||||
if value not in current_values: |
||||
current_values.append(value) |
||||
changed = True |
||||
elif desired_state == "absent": |
||||
for value in values: |
||||
if value in current_values: |
||||
current_values.remove(value) |
||||
changed = True |
||||
else: |
||||
raise ValueError("Invalid state: %" % desired_state) |
||||
|
||||
return build_mkinitcpio_line(type, current_values), changed |
||||
else: |
||||
return None, False |
||||
|
||||
|
||||
def run_module(): |
||||
# define available arguments/parameters a user can pass to the module |
||||
module_args = dict( |
||||
state=dict(default='present', choices=['present', 'absent']), |
||||
binaries=dict(type='list'), |
||||
files=dict(type='list'), |
||||
hooks=dict(type='list'), |
||||
path=dict(type='str', default='/etc/mkinitcpio.conf') |
||||
) |
||||
|
||||
# seed the result dict in the object |
||||
# we primarily care about changed and state |
||||
# changed is if this module effectively modified the target |
||||
# state will include any data that you want your module to pass back |
||||
# for consumption, for example, in a subsequent task |
||||
result = dict( |
||||
changed=False, |
||||
) |
||||
|
||||
# the AnsibleModule object will be our abstraction working with Ansible |
||||
# this includes instantiation, a couple of common attr would be the |
||||
# args/params passed to the execution, as well as if the module |
||||
# supports check mode |
||||
module = AnsibleModule( |
||||
argument_spec=module_args, |
||||
supports_check_mode=True |
||||
) |
||||
|
||||
# if the user is working with this module in only check mode we do not |
||||
# want to make any changes to the environment, just return the current |
||||
# state with no modifications |
||||
if module.check_mode: |
||||
module.exit_json(**result) |
||||
|
||||
path = module.params['path'] |
||||
if not os.path.isfile(path): |
||||
module.fail_json(msg="The path is invalid: %s does not exist" % path) |
||||
|
||||
state = module.params['state'] |
||||
binaries = module.params['binaries'] |
||||
files = module.params['files'] |
||||
hooks = module.params['hooks'] |
||||
|
||||
file = open(path, "r") |
||||
lines = file.readlines() |
||||
for index, line in enumerate(lines): |
||||
if binaries is not None: |
||||
updated_line, updated = update_mkinitcpio_line( |
||||
"BINARIES", state, binaries, line) |
||||
if updated: |
||||
result['changed'] = True |
||||
if updated_line is not None: |
||||
lines[index] = updated_line |
||||
|
||||
if binaries is not None: |
||||
updated_line, updated = update_mkinitcpio_line( |
||||
"FILES", state, files, line) |
||||
if updated: |
||||
result['changed'] = True |
||||
if updated_line is not None: |
||||
lines[index] = updated_line |
||||
|
||||
if binaries is not None: |
||||
updated_line, updated = update_mkinitcpio_line( |
||||
"HOOKS", state, hooks, line) |
||||
if updated: |
||||
result['changed'] = True |
||||
if updated_line is not None: |
||||
lines[index] = updated_line |
||||
|
||||
file = open(path, "w") |
||||
file.write("".join(lines)) |
||||
|
||||
# manipulate or modify the state as needed (this is going to be the |
||||
# part where your module will do what it needs to do) |
||||
# in the event of a successful module execution, you will want to |
||||
# simple AnsibleModule.exit_json(), passing the key/value results |
||||
module.exit_json(**result) |
||||
|
||||
|
||||
def main(): |
||||
run_module() |
||||
|
||||
|
||||
if __name__ == '__main__': |
||||
main() |
@ -0,0 +1,13 @@ |
||||
--- |
||||
base_packages_list: |
||||
# Arch base packages |
||||
- base |
||||
- base-devel |
||||
# Linux kernel |
||||
- linux |
||||
- linux-firmware |
||||
# Additional packages that are needed for further ansible functionality |
||||
- sudo |
||||
- networkmanager |
||||
- openssh |
||||
- python |
@ -0,0 +1,7 @@ |
||||
--- |
||||
- name: Pacstrap with base packages. |
||||
include_role: |
||||
name: pacstrap |
||||
vars: |
||||
packages: "{{ base_packages_list }}" |
||||
chroot: "{{ partitioning_root_mount_point }}" |
@ -0,0 +1,2 @@ |
||||
--- |
||||
configure_root_password: password |
@ -0,0 +1,29 @@ |
||||
--- |
||||
- name: Enable services on installed system. |
||||
command: arch-chroot {{ partitioning_root_mount_point }} |
||||
systemctl enable {{ item }} |
||||
with_items: |
||||
- sshd |
||||
- NetworkManager |
||||
- fstrim.timer |
||||
changed_when: true |
||||
|
||||
- name: Make sure root's .ssh directory exists. |
||||
file: |
||||
state: directory |
||||
path: "{{ partitioning_root_mount_point }}/root/.ssh" |
||||
owner: root |
||||
group: root |
||||
mode: 0700 |
||||
|
||||
- name: Make sure temporary key is in root's authorized_keys |
||||
authorized_key: |
||||
state: present |
||||
user: root |
||||
path: "{{ partitioning_root_mount_point }}/root/.ssh/authorized_keys" |
||||
key: "{{ tmp_pub_key }}" |
||||
manage_dir: true |
||||
|
||||
- name: Update root password. |
||||
command: arch-chroot {{ partitioning_root_mount_point }} sh -c "echo root:{{ configure_root_password }} | chpasswd" |
||||
changed_when: true |
@ -0,0 +1,2 @@ |
||||
--- |
||||
disksetup_strategy: efi_gpt_luks_btrfs |
@ -1,14 +1,11 @@ |
||||
#GRUB_DEFAULT=saved |
||||
GRUB_TIMEOUT=5 |
||||
GRUB_DISTRIBUTOR="Arch" |
||||
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID={{ luks_partition_uuid }}:{{ luks_name }}" |
||||
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID={{ bootloader_priv_luks_device_node_uuid }}:{{ partitioning_priv_luks_name }}" |
||||
GRUB_CMDLINE_LINUX="" |
||||
GRUB_PRELOAD_MODULES="btrfs part_gpt" |
||||
GRUB_ENABLE_CRYPTODISK=y |
||||
#GRUB_SAVEDEFAULT=true |
||||
GRUB_TIMEOUT_STYLE=menu |
||||
GRUB_TERMINAL_INPUT=console |
||||
GRUB_GFXMODE=auto |
||||
GRUB_GFXPAYLOAD_LINUX=keep |
||||
GRUB_DISABLE_RECOVERY=true |
||||
GRUB_THEME="/usr/share/grub/themes/Xenlism-Arch/theme.txt" |
@ -0,0 +1,34 @@ |
||||
--- |
||||
- name: Install required packages. |
||||
command: arch-chroot {{ partitioning_root_mount_point }} pacman -Sy grub efibootmgr os-prober --noconfirm |
||||
changed_when: true |
||||
|
||||
- name: Get luks device node uuid. |
||||
shell: | |
||||
set -e -o pipefail |
||||
blkid {{ partitioning_priv_luks_device_node }} -o value | head -1 |
||||
register: _device_node_uuid |
||||
changed_when: false |
||||
|
||||
- name: Assign device node id to variable. |
||||
set_fact: |
||||
bootloader_priv_luks_device_node_uuid: "{{ _device_node_uuid.stdout }}" |
||||
|
||||
- name: Copy grub default config. |
||||
template: |
||||
src: files/grub |
||||
dest: "{{ partitioning_root_mount_point }}/etc/default/grub" |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
|
||||
- name: Install grub. |
||||
command: |
||||
cmd: arch-chroot {{ partitioning_root_mount_point }} grub-install --efi-directory=/boot/efi --bootloader-id=grub |
||||
creates: "{{ partitioning_root_mount_point }}/boot/efi/EFI/grub" |
||||
|
||||
- name: Install theme. |
||||
include_role: |
||||
name: grub-theme |
||||
vars: |
||||
chroot: "{{ partitioning_root_mount_point }}" |
@ -0,0 +1,38 @@ |
||||
--- |
||||
##### Public variables used by the rest of the playbook ##### |
||||
partitioning_root_mount_point: "/mnt" |
||||
|
||||
##### Private variables used only by the partitioning roles ##### |
||||
|
||||
# Two partitions will be created on this device node |
||||
# * xxx1 will be used by /boot/efi |
||||
# * xxx2 will be a luks container, with btrfs inside |
||||
partitioning_priv_device_node: "/dev/sda" |
||||
|
||||
# The size of the ESP partition to be created |
||||
partitioning_priv_esp_size: "{{ 512 * 1024 * 1024 }}" |
||||
|
||||
# btrfs subvolumes are laid out in a flat fashion: |
||||
# |
||||
# toplevel (default subvolume, not mounted) |
||||
# +-- @ (to be mounted at /) |
||||
# +-- @home (to be mmounted at /home) |
||||
# +-- ... |
||||
# |
||||
partitioning_priv_btrfs_subvolumes: "{{ partitioning_priv_core_btrfs_subvolumes + partitioning_priv_extra_btrfs_subvolumes }}" |
||||
|
||||
# These subvolumes should always be present. DO NOT OVERRIDE. |
||||
partitioning_priv_core_btrfs_subvolumes: |
||||
- name: "@" |
||||
mountpoint: / |
||||
|
||||
# Other subvolumes can be added here, beginning with an @. |
||||
partitioning_priv_extra_btrfs_subvolumes: |
||||
- name: "@home" |
||||
mountpoint: /home |
||||
|
||||
# The mapper name of the luks container |
||||
partitioning_priv_luks_name: cryptoroot |
||||
|
||||
# The password used to encrypt the luks container |
||||
partitioning_priv_luks_password: password |
@ -0,0 +1,33 @@ |
||||
--- |
||||
- name: Create EFI system partition |
||||
parted: |
||||
device: "{{ partitioning_priv_device_node }}" |
||||
state: present |
||||
label: gpt |
||||
number: 1 |
||||
name: ESP |
||||
part_start: "{{ 1024 * 1024 }}B" |
||||
part_end: "{{ partitioning_priv_esp_size | int + 1024 * 1024 - 1 }}B" |
||||
flags: |
||||
- esp |
||||
|
||||
- name: Create LUKS partition |
||||
parted: |
||||
device: "{{ partitioning_priv_device_node }}" |
||||
state: present |
||||
label: gpt |
||||
number: 2 |
||||
name: LUKS |
||||
part_start: "{{ partitioning_priv_esp_size | int + 1024 * 1024 }}B" |
||||
|
||||
- name: Enumerate created partitions. |
||||
shell: | |
||||
set -e -o pipefail |
||||
lsblk -n -o PATH {{ partitioning_priv_device_node | quote }} | tail -n +2 |
||||
register: _partitions |
||||
changed_when: false |
||||
|
||||
- name: Assign partitions to variables. |
||||
set_fact: |
||||
partitioning_priv_esp_device_node: "{{ _partitions.stdout_lines[0] }}" |
||||
partitioning_priv_luks_device_node: "{{ _partitions.stdout_lines[1] }}" |
@ -0,0 +1,31 @@ |
||||
--- |
||||
- name: Format the boot partition with vfat. |
||||
filesystem: |
||||
device: "{{ partitioning_priv_esp_device_node }}" |
||||
state: present |
||||
type: vfat |
||||
|
||||
- name: Format the luks container with btrfs. |
||||
filesystem: |
||||
device: /dev/mapper/{{ partitioning_priv_luks_name }} |
||||
state: present |
||||
type: btrfs |
||||
|
||||
- name: Mount the default subvolume. |
||||
mount: |
||||
state: mounted |
||||
src: /dev/mapper/{{ partitioning_priv_luks_name }} |
||||
path: "{{ partitioning_root_mount_point }}" |
||||
fstype: btrfs |
||||
opts: defaults,noatime,compress=zstd |
||||
|
||||
- name: Create subvolumes. |
||||
command: |
||||
cmd: btrfs subvolume create {{ (partitioning_root_mount_point + "/" + item.name) | quote }} |
||||
creates: '{{ (partitioning_root_mount_point + "/" + item.name) | quote }}' |
||||
with_items: "{{ partitioning_priv_btrfs_subvolumes }}" |
||||
|
||||
- name: Unmount the default subvolume. |
||||
mount: |
||||
state: unmounted |
||||
path: "{{ partitioning_root_mount_point }}" |
@ -0,0 +1,10 @@ |
||||
--- |
||||
- name: Create luks container and open it. |
||||
luks_device: |
||||
device: "{{ partitioning_priv_luks_device_node }}" |
||||
state: opened |
||||
name: "{{ partitioning_priv_luks_name }}" |
||||
type: luks1 |
||||
cipher: aes-xts-plain64 |
||||
hash: sha256 |
||||
passphrase: "{{ partitioning_priv_luks_password }}" |
@ -0,0 +1,18 @@ |
||||
--- |
||||
- name: Fail if not using EFI. |
||||
fail: |
||||
msg: Must boot using EFI for this disksetup strategy. |
||||
when: not efi_mode |
||||
|
||||
- name: Make sure root mount point is unmounted. |
||||
command: umount -R {{ partitioning_root_mount_point }} |
||||
changed_when: true |
||||
register: result |
||||
failed_when: result.rc != 0 and "not mounted" not in result.stderr |
||||
|
||||
- include_tasks: "{{ item }}" |
||||
with_items: |
||||
- format-disk.yml |
||||
- luks.yml |
||||
- format-parts.yml |
||||
- mount.yml |
@ -0,0 +1,22 @@ |
||||
--- |
||||
- name: Mount btrfs subvolumes. |
||||
include_tasks: mount_btrfs-subvolume.yml |
||||
with_items: "{{ partitioning_priv_btrfs_subvolumes }}" |
||||
loop_control: |
||||
loop_var: subvolume |
||||
|
||||
- name: Make EFI mount point. |
||||
file: |
||||
path: "{{ partitioning_root_mount_point }}/boot/efi" |
||||
state: directory |
||||
recurse: true |
||||
owner: root |
||||
group: root |
||||
mode: 0700 |
||||
|
||||
- name: Mount EFI boot partition. |
||||
mount: |
||||
state: mounted |
||||
src: "{{ partitioning_priv_esp_device_node }}" |
||||
path: "{{ partitioning_root_mount_point }}/boot/efi" |
||||
fstype: vfat |
@ -0,0 +1,17 @@ |
||||
--- |
||||
- name: Make btrfs subvolume mount point. |
||||
file: |
||||
state: directory |
||||
path: "{{ (partitioning_root_mount_point + subvolume.mountpoint) | quote }}" |
||||
owner: root |
||||
group: root |
||||
mode: 0755 |
||||
|
||||
- name: Mount btrfs subvolume. |
||||
command: > |
||||
mount |
||||
-t btrfs |
||||
-o defaults,noatime,compress=zstd,subvol={{ subvolume.name }} |
||||
/dev/mapper/{{ partitioning_priv_luks_name }} |
||||
{{ (partitioning_root_mount_point + subvolume.mountpoint) | quote }} |
||||
changed_when: true |
@ -0,0 +1,47 @@ |
||||
--- |
||||
- name: Generate fstab. |
||||
include_role: |
||||
name: genfstab |
||||
vars: |
||||
chroot: "{{ partitioning_root_mount_point }}" |
||||
|
||||
- name: Check if btrfs-progs is installed. |
||||
command: arch-chroot {{ partitioning_root_mount_point }} |
||||
pacman -Qk btrfs-progs |
||||
register: _btrfs_progs_installed |
||||
failed_when: false |
||||
changed_when: false |
||||
|
||||
- name: Install btrfs-progs. |
||||
command: arch-chroot {{ partitioning_root_mount_point }} |
||||
pacman -Sy btrfs-progs --noconfirm |
||||
when: _btrfs_progs_installed.rc != 0 |
||||
|
||||
- name: Create crypto keyfile. |
||||
shell: |
||||
cmd: | |
||||
set -e -o pipefail |
||||
dd bs=512 count=8 if=/dev/urandom of={{ partitioning_root_mount_point }}/crypto_keyfile.bin |
||||
echo {{ partitioning_priv_luks_password }} \ |
||||
| cryptsetup luksAddKey {{ partitioning_priv_luks_device_node }} \ |
||||
{{ partitioning_root_mount_point }}/crypto_keyfile.bin |
||||
creates: "{{ partitioning_root_mount_point }}/crypto_keyfile.bin" |
||||
|
||||
- name: Set proper permissions on crypto keyfile. |
||||
file: |
||||
path: "{{ partitioning_root_mount_point }}/crypto_keyfile.bin" |
||||
mode: 0000 |
||||
|
||||
- name: Configure mkinitcpio. |
||||
mkinitcpio: |
||||
state: present |
||||
path: "{{ partitioning_root_mount_point }}/etc/mkinitcpio.conf" |
||||
binaries: /usr/bin/btrfs |
||||
files: /crypto_keyfile.bin |
||||
hooks: |
||||
- encrypt |
||||
- btrfs |
||||
|
||||
- name: Run mkinitcpio. |
||||
command: arch-chroot {{ partitioning_root_mount_point }} mkinitcpio -P |
||||
changed_when: true |
@ -0,0 +1,16 @@ |
||||
--- |
||||
- name: Include partitioning role for selected partitioning strategy. |
||||
include_role: |
||||
name: "disksetup/{{ disksetup_strategy }}/partitioning" |
||||
public: true |
||||
- name: Bootstrap system with base packages. |
||||
import_role: |
||||
name: base_packages |
||||
- name: Include postpartitioning role for selected partitioning strategy. |
||||
include_role: |
||||
name: "disksetup/{{ disksetup_strategy }}/postpartitioning" |
||||
public: true |
||||
- name: Include bootloader role for selected partitioning strategy. |
||||
include_role: |
||||
name: "disksetup/{{ disksetup_strategy }}/bootloader" |
||||
public: true |
@ -0,0 +1,13 @@ |
||||
--- |
||||
- name: Generate fstab. |
||||
command: genfstab -U {{ chroot | quote }} |
||||
register: _fstab |
||||
changed_when: false |
||||
|
||||
- name: Save fstab. |
||||
copy: |
||||
dest: "{{ chroot | quote }}/etc/fstab" |
||||
content: "{{ _fstab.stdout }}" |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
@ -0,0 +1,4 @@ |
||||
--- |
||||
- name: Create grub configuration. |
||||
command: arch-chroot {{ chroot }} grub-mkconfig -o /boot/grub/grub.cfg |
||||
changed_when: true |
@ -0,0 +1,2 @@ |
||||
--- |
||||
grub_theme_name: xenlism |
@ -0,0 +1,9 @@ |
||||
--- |
||||
- name: Add xenlism theme. |
||||
include_role: |
||||
name: grub-theme/xenlism |
||||
when: grub_theme_name == "xenlism" |
||||
|
||||
- name: Update grub config. |
||||
include_role: |
||||
name: grub-mkconfig |
@ -0,0 +1,29 @@ |
||||
--- |
||||
- name: Make sure git is installed |
||||
pacman: |
||||
name: git |
||||
state: present |
||||
update_cache: true |
||||
|
||||
- name: Clone theme repository. |
||||
git: |
||||
repo: https://github.com/xenlism/Grub-themes |
||||
dest: /tmp/Grub-themes |
||||
clone: true |
||||
version: main |
||||
|
||||
- name: Copy theme to grub. |
||||
copy: |
||||
src: "/tmp/Grub-themes/xenlism-grub-arch-1080p/Xenlism-Arch" |
||||
remote_src: true |
||||
dest: "{{ chroot }}/usr/share/grub/themes" |
||||
owner: root |
||||
group: root |
||||
mode: 0755 |
||||
|
||||
- name: Enable theme. |
||||
lineinfile: |
||||
path: "{{ chroot }}/etc/default/grub" |
||||
state: present |
||||
regexp: ^GRUB_THEME= |
||||
line: GRUB_THEME="/usr/share/grub/themes/Xenlism-Arch/theme.txt" |
@ -0,0 +1,8 @@ |
||||
--- |
||||
- name: Run pacstrap. |
||||
command: > |
||||
pacstrap {{ chroot | quote }} --needed |
||||
{% for pkg in packages %} |
||||
{{ pkg }} |
||||
{% endfor %} |
||||
changed_when: true |
@ -0,0 +1,18 @@ |
||||
--- |
||||
- name: Read temporary public key. |
||||
set_fact: |
||||
tmp_pub_key: "{{ lookup('file', '.ssh/id_ed25519.pub') }}" |
||||
|
||||
- name: Make sure tmp key is in authorized_keys. |
||||
authorized_key: |
||||
state: present |
||||
user: root |
||||
key: "{{ tmp_pub_key }}" |
||||
manage_dir: true |
||||
|
||||
- name: Disable password access. |
||||
shell: | |
||||
set -e |
||||
passwd -d root |
||||
passwd -l root |
||||
changed_when: true |
@ -0,0 +1,19 @@ |
||||
--- |
||||
- name: Check if EFI directory exists. |
||||
stat: |
||||
path: /sys/firmware/efi |
||||
register: private_efi_directory_exists |
||||
|
||||
- name: Set efi_mode fact. |
||||
set_fact: |
||||
efi_mode: "{{ private_efi_directory_exists.stat.exists }}" |
||||
|
||||
- name: Check internet connectivity. |
||||
uri: |
||||
url: https://archlinux.org |
||||
status_code: "200" |
||||
timeout: 30 |
||||
|
||||
- name: Sync time. |
||||
command: timedatectl set-ntp true |
||||
changed_when: true |
@ -1,2 +0,0 @@ |
||||
[defaults] |
||||
roles_path = ./roles |
@ -1,4 +0,0 @@ |
||||
all: |
||||
hosts: |
||||
192.168.2.232: |
||||
ansible_user: root |
@ -1,14 +0,0 @@ |
||||
--- |
||||
- name: Install Arch linux. |
||||
hosts: all |
||||
vars_files: |
||||
- vars/all.yml |
||||
|
||||
roles: |
||||
- prep |
||||
- disk |
||||
- base-system |
||||
- users |
||||
- crypto-keyfile |
||||
- grub |
||||
- initcpio |
@ -1,54 +0,0 @@ |
||||
- name: Run pacstrap. |
||||
command: > |
||||
pacstrap /mnt |
||||
base base-devel linux linux-firmware |
||||
efibootmgr grub openssh networkmanager btrfs-progs python |
||||
vim git zsh |
||||
|
||||
- name: Generate fstab. |
||||
shell: genfstab -U /mnt >> /mnt/etc/fstab |
||||
|
||||
- name: Set localtime. |
||||
command: arch-chroot /mnt ln -sf /usr/share/zoneinfo/{{ timezone }} /etc/localtime |
||||
|
||||
- name: Sync time to hardware. |
||||
command: arch-chroot /mnt hwclock --systohc |
||||
|
||||
- name: Select locales. |
||||
lineinfile: |
||||
path: /mnt/etc/locale.gen |
||||
regexp: '^#en_US\.UTF-8 UTF-8' |
||||
line: en_US.UTF-8 UTF-8 |
||||
|
||||
- name: Generate locales. |
||||
command: arch-chroot /mnt locale-gen |
||||
|
||||
- name: Save locale to /etc/locale.conf. |
||||
copy: |
||||
dest: /mnt/etc/locale.conf |
||||
content: "LANG=en_US.UTF-8" |
||||
|
||||
- name: Save keyboard layout to /etc/vconsole.conf. |
||||
copy: |
||||
dest: /mnt/etc/vconsole.conf |
||||
content: "KEYMAP=us" |
||||
|
||||
- name: Set hostname. |
||||
copy: |
||||
dest: /mnt/etc/hostname |
||||
content: "{{ hostname }}" |
||||
|
||||
- name: Configure /etc/hosts. |
||||
copy: |
||||
dest: /mnt/etc/hosts |
||||
content: | |
||||
127.0.0.1 localhost |
||||
::1 localhost |
||||
127.0.0.1 {{ hostname }}.localdomain {{ hostname }} |
||||
|
||||
- name: Enable important services. |
||||
command: "arch-chroot /mnt systemctl enable {{ item }}" |
||||
with_items: |
||||
- sshd.service |
||||
- NetworkManager.service |
||||
- fstrim.timer |
@ -1,17 +0,0 @@ |
||||
--- |
||||
- name: Create crypto keyfile. |
||||
shell: |
||||
cmd: | |
||||
dd bs=512 count=8 if=/dev/urandom of=/mnt/crypto_keyfile.bin |
||||
echo {{ luks_password }} | cryptsetup luksAddKey /dev/{{ disk }}2 /mnt/crypto_keyfile.bin |
||||
creates: /mnt/crypto_keyfile.bin |
||||
|
||||
- name: Set proper permission on crypto keyfile. |
||||
file: |
||||
path: /mnt/crypto_keyfile.bin |
||||
mode: 0000 |
||||
|
||||
- name: Set proper permissions on boot folder. |
||||
file: |
||||
path: /mnt/boot |
||||
mode: g-rwx,o-rwx |
@ -1,6 +0,0 @@ |
||||
- name: Create ESP filesystem. |
||||
filesystem: |
||||
device: /dev/{{ disk }}1 |
||||
state: present |
||||
type: vfat |
||||
opts: -F32 |
@ -1,28 +0,0 @@ |
||||
- name: Create btrfs in LUKS container. |
||||
filesystem: |
||||
device: /dev/mapper/cryptroot |
||||
state: present |
||||
type: btrfs |
||||
|
||||
- name: Mount new filesystem to /mnt. |
||||
mount: |
||||
state: mounted |
||||
src: /dev/mapper/cryptroot |
||||
path: /mnt |
||||
fstype: btrfs |
||||
opts: defaults,noatime,compress=zstd |
||||
|
||||
- name: Create Btrfs @ subvolume. |
||||
command: |
||||
cmd: btrfs subvolume create /mnt/@ |
||||
creates: /mnt/@ |
||||
|
||||
- name: Create Btrfs @/root subvolume. |
||||
command: |
||||
cmd: btrfs subvolume create /mnt/@/root |
||||
creates: /mnt/@/root |
||||
|
||||
- name: Create Btrfs @/home subvolume. |
||||
command: |
||||
cmd: btrfs subvolume create /mnt/@/home |
||||
creates: /mnt/@/home |
@ -1,14 +0,0 @@ |
||||
- name: Make sure LUKS container is closed. |
||||
luks_device: |
||||
device: /dev/{{ disk }}2 |
||||
state: closed |
||||
|
||||
- name: Make sure LUKS container exists and is open. |
||||
luks_device: |
||||
device: /dev/{{ disk }}2 |
||||
state: opened |
||||
name: "{{ luks_name }}" |
||||
type: luks1 |
||||
cipher: aes-xts-plain64 |
||||
hash: sha256 |
||||
passphrase: "{{ luks_password }}" |
@ -1,22 +0,0 @@ |
||||
- name: Create EFI system partition |
||||
parted: |
||||
device: /dev/{{ disk }} |
||||
state: present |
||||
label: gpt |
||||
name: ESP |
||||
number: 1 |
||||
part_start: 1MiB |
||||
part_end: 512MiB |
||||
flags: [esp] |
||||
fs_type: fat32 |
||||
|
||||
- name: Create LUKS partition |
||||
parted: |
||||
device: /dev/{{ disk }} |
||||
state: present |
||||
label: gpt |
||||
name: LUKS |
||||
number: 2 |
||||
part_start: 512MiB |
||||
part_end: 100% |
||||
fs_type: ext4 |
@ -1,8 +0,0 @@ |
||||
--- |
||||
- include_tasks: format-disk.yml |
||||
- include_tasks: unmount.yml |
||||
- include_tasks: create-luks-container.yml |
||||
- include_tasks: create-boot-fs.yml |
||||
- include_tasks: create-btrfs.yml |
||||
- include_tasks: unmount.yml |
||||
- include_tasks: mount.yml |
@ -1,27 +0,0 @@ |
||||
- name: Mount @/root to /mnt. |
||||
mount: |
||||
state: mounted |
||||
src: /dev/mapper/{{ luks_name }} |
||||
path: /mnt |
||||
fstype: btrfs |
||||
opts: defaults,noatime,compress=zstd,subvol=@/root |
||||
|
||||
- name: Mount @/home to /mnt/home. |
||||
mount: |
||||
state: mounted |
||||
src: /dev/mapper/{{ luks_name }} |
||||
path: /mnt/home |
||||
fstype: btrfs |
||||
opts: defaults,noatime,compress=zstd,subvol=@/home |
||||
|
||||
- name: Make sure /mnt/boot/efi exists. |
||||
file: |
||||
path: /mnt/boot/efi |
||||
state: directory |
||||
|
||||
- name: Mount boot partition to /mnt/boot/efi. |
||||
mount: |
||||
state: mounted |
||||
src: /dev/{{ disk }}1 |
||||
path: /mnt/boot/efi |
||||
fstype: vfat |
@ -1,8 +0,0 @@ |
||||
- name: Make sure everything is unmounted. |
||||
mount: |
||||
state: unmounted |
||||
path: "{{ item }}" |
||||
with_items: |
||||
- /mnt/boot/efi |
||||
- /mnt/home |
||||
- /mnt |
@ -1,3 +0,0 @@ |
||||
--- |
||||
- name: grub mkconfig |
||||
command: arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg |
@ -1,16 +0,0 @@ |
||||
--- |
||||
- name: Clone theme repository. |
||||
git: |
||||
repo: https://github.com/xenlism/Grub-themes |
||||
dest: /tmp/Grub-themes |
||||
clone: true |
||||
version: main |
||||
|
||||
- name: Copy theme to grub. |
||||
copy: |
||||
src: /tmp/Grub-themes/xenlism-grub-arch-1080p/Xenlism-Arch |
||||
remote_src: true |
||||
dest: /mnt/usr/share/grub/themes |
||||
owner: root |
||||
group: root |
||||
mode: 0755 |
@ -1,26 +0,0 @@ |
||||
- name: Install packages. |
||||
command: arch-chroot /mnt pacman -Sy grub efibootmgr os-prober --noconfirm |
||||
|
||||
- include_tasks: grub-theme.yml |
||||
|
||||
- name: Get luks partition id. |
||||
shell: blkid /dev/{{ disk }}2 -o value | head -1 |
||||
register: luks_partition_uuid |
||||
|
||||
- name: Get nested value. |
||||
set_fact: |
||||
luks_partition_uuid: "{{ luks_partition_uuid.stdout }}" |
||||
|
||||
- name: Copy grub default config. |
||||
template: |
||||
src: files/grub |
||||
dest: /mnt/etc/default/grub |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
notify: grub mkconfig |
||||
|
||||
- name: Install grub. |
||||
command: |
||||
cmd: arch-chroot /mnt grub-install --efi-directory=/boot/efi --bootloader-id=grub |
||||
creates: /mnt/boot/efi/EFI/grub |
@ -1,4 +0,0 @@ |
||||
MODULES=() |
||||
BINARIES=(/usr/bin/btrfs) |
||||
FILES=(/crypto_keyfile.bin) |
||||
HOOKS=(base udev autodetect modconf block filesystems keyboard fsck encrypt btrfs) |
@ -1,3 +0,0 @@ |
||||
--- |
||||
- name: run mkinitcpio |
||||
command: arch-chroot /mnt mkinitcpio -P |
@ -1,8 +0,0 @@ |
||||
- name: Copy mkinitcpi config. |
||||
copy: |
||||
src: files/mkinitcpio.conf |
||||
dest: /mnt/etc/mkinitcpio.conf |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
notify: run mkinitcpio |
@ -1,25 +0,0 @@ |
||||
--- |
||||
- name: Check if EFI directory exists. |
||||
stat: |
||||
path: /sys/firmware/efi |
||||
register: efi_directory_exists |
||||
|
||||
- name: Fail if not in EFI or UEFI. |
||||
fail: |
||||
msg: This playbook only support EFI/UEFI! |
||||
when: not efi_directory_exists.stat.exists |
||||
|
||||
- name: Check internet connectivity. |
||||
uri: |
||||
url: https://archlinux.org |
||||
status_code: "200" |
||||
timeout: 30 |
||||
|
||||
- name: Sync time. |
||||
command: timedatectl set-ntp true |
||||
|
||||
- name: Install packages. |
||||
pacman: |
||||
name: git |
||||
update_cache: true |
||||
state: present |
@ -1,2 +0,0 @@ |
||||
- name: Set root password. |
||||
shell: arch-chroot /mnt sh -c "echo root:{{ root_password }} | chpasswd" |
@ -1,6 +0,0 @@ |
||||
disk: sda |
||||
luks_name: cryptroot |
||||
luks_password: password123 |
||||
timezone: Europe/Stockholm |
||||
hostname: arch123 |
||||
root_password: password123 |
@ -1,6 +0,0 @@ |
||||
disk: sda |
||||
luks_name: cryptroot |
||||
luks_password: password123 |
||||
timezone: Europe/Stockholm |
||||
hostname: arch123 |
||||
root_password: password123 |
Loading…
Reference in new issue