Compare commits
3 Commits
45a03fc465
...
55a8a664b8
Author | SHA1 | Date |
---|---|---|
Rasmus Rosengren | 55a8a664b8 | 3 years ago |
Rasmus Rosengren | 8fe0751156 | 3 years ago |
Rasmus Rosengren | a3885fe5ce | 3 years ago |
@ -1,2 +1,3 @@ |
||||
vars/all.yml |
||||
.ssh |
||||
inventory |
@ -0,0 +1,26 @@ |
||||
#!/usr/bin/env bash |
||||
set -e |
||||
|
||||
if [ ! -f .ssh/id_ed25519.pub ]; then |
||||
echo "Generating new ssh key pair..." |
||||
ssh-keygen -t ed25519 -f .ssh/id_ed25519 -N "" |
||||
fi |
||||
|
||||
echo "Installing dependencies..." |
||||
ansible-galaxy install -r requirements.yml |
||||
|
||||
new_ip_addr=true |
||||
if [ -f inventory ]; then |
||||
current_ip_addr=$(cat inventory | awk 'NR==2') |
||||
read -p "Target ip is $current_ip_addr, do you want to change it? (y/N): " res |
||||
[[ $res =~ [Yy] ]] || new_ip_addr=false |
||||
fi |
||||
|
||||
if $new_ip_addr; then |
||||
read -p "Target ip address: " ip_addr |
||||
echo "[all]" > inventory |
||||
echo $ip_addr >> inventory |
||||
fi |
||||
|
||||
echo "Running playbook, this may take 5 to 10 minutes..." |
||||
ansible-playbook main.yml -k |
@ -1,33 +1,78 @@ |
||||
--- |
||||
disksetup_strategy: efi_gpt_btrfs |
||||
# partitioning_priv_device_node: /dev/sda |
||||
# --- General disk options --- |
||||
# Abbreviations: |
||||
# * e - EFI |
||||
# * g - gpt |
||||
# * b - btrfs |
||||
# * l - LUKS |
||||
# |
||||
# Available formats: |
||||
# * egb |
||||
# * egbl |
||||
# |
||||
disk_format: egbl |
||||
|
||||
# grub_theme_name: xenlism |
||||
disk_device: /dev/sda |
||||
|
||||
# configure_root_password: password |
||||
root_mount: /mnt |
||||
|
||||
user_name: <user_name> |
||||
user_password: <user_password> |
||||
# --- Options for egbl disk format --- |
||||
# Mapper name of the luks container: |
||||
disk_egbl_luks_name: "" |
||||
|
||||
hostname: <hostname> |
||||
timezone: <timezone> |
||||
# Password used to encrypt the luks container: |
||||
disk_egbl_luks_password: "" |
||||
|
||||
# no other options atm |
||||
# --- Grub theme --- |
||||
# Available themes: |
||||
# * xenilism |
||||
# |
||||
grub_theme: xenilism |
||||
|
||||
# --- Account options --- |
||||
root_user_password: archbtw |
||||
|
||||
user_name: arch |
||||
user_password: archbtw |
||||
|
||||
# --- Machine settings --- |
||||
hostname: archlinux |
||||
timezone: Europe/Stockholm |
||||
|
||||
# --- Display/windowing --- |
||||
# Available display servers: |
||||
# * x11 |
||||
# |
||||
display_server: x11 |
||||
|
||||
# Available display managers: |
||||
# * lightdm |
||||
# |
||||
display_manager: lightdm |
||||
|
||||
# no other options atm |
||||
# Available window managers: |
||||
# * i3 |
||||
# |
||||
window_manager: i3 |
||||
|
||||
feat_bluetooth: true |
||||
# --- Togglable features --- |
||||
feat_bluetooth: false |
||||
feat_u2f: false |
||||
|
||||
mullvad_account: "<mullvad_account>" |
||||
# --- VPN --- |
||||
# Mullvad VPN account number: |
||||
mullvad_account: "" |
||||
|
||||
# generate with pamu2fcfg |
||||
# --- u2f pam --- |
||||
# u2f key for the user defined above, can be generated with: |
||||
# $ pamu2fcfg |
||||
user_u2f_key: "" |
||||
|
||||
# Modules where u2f will be an alternative to other auth |
||||
u2f_optional: |
||||
- sudo |
||||
|
||||
# Modules where u2f will be a required addition to other auth |
||||
u2f_required: |
||||
- su |
||||
- login |
||||
- system-login |
||||
|
@ -1,5 +0,0 @@ |
||||
--- |
||||
all: |
||||
hosts: |
||||
<ip_addr>: |
||||
ansible_user: root |
@ -1,13 +0,0 @@ |
||||
--- |
||||
base_packages_list: |
||||
# Arch base packages |
||||
- base |
||||
- base-devel |
||||
# Linux kernel |
||||
- linux |
||||
- linux-firmware |
||||
# Additional packages that are needed for further ansible functionality |
||||
- sudo |
||||
- networkmanager |
||||
- openssh |
||||
- python |
@ -1,2 +0,0 @@ |
||||
--- |
||||
configure_root_password: password |
@ -0,0 +1,23 @@ |
||||
--- |
||||
- name: Install required packages. |
||||
command: arch-chroot {{ root_mount }} pacman -Sy grub efibootmgr os-prober --noconfirm |
||||
changed_when: true |
||||
|
||||
- name: Copy grub default config. |
||||
template: |
||||
src: files/grub |
||||
dest: "{{ root_mount }}/etc/default/grub" |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
|
||||
- name: Install grub. |
||||
command: |
||||
cmd: arch-chroot {{ root_mount }} grub-install --efi-directory=/boot/efi --bootloader-id=grub |
||||
creates: "{{ root_mount }}/boot/efi/EFI/grub" |
||||
|
||||
- name: Install theme. |
||||
include_role: |
||||
name: grub-theme |
||||
vars: |
||||
chroot: "{{ root_mount }}" |
@ -0,0 +1,22 @@ |
||||
--- |
||||
# The size of the ESP partition to be created |
||||
disk_egb_esp_size: "{{ 512 * 1024 * 1024 }}" |
||||
|
||||
# btrfs subvolumes are laid out in a flat fashion: |
||||
# |
||||
# toplevel (default subvolume, not mounted) |
||||
# +-- @ (to be mounted at /) |
||||
# +-- @home (to be mmounted at /home) |
||||
# +-- ... |
||||
# |
||||
disk_egb_btrfs_subvolumes: "{{ disk_egb_core_btrfs_subvolumes + disk_egb_priv_extra_btrfs_subvolumes }}" |
||||
|
||||
# These subvolumes should always be present. DO NOT OVERRIDE. |
||||
disk_egb_core_btrfs_subvolumes: |
||||
- name: "@" |
||||
mountpoint: / |
||||
- name: "@home" |
||||
mountpoint: /home |
||||
|
||||
# Add extra subvolumes here, beginning with an @. |
||||
disk_egb_extra_btrfs_subvolumes: [] |
@ -0,0 +1,33 @@ |
||||
--- |
||||
- name: Create EFI system partition |
||||
parted: |
||||
device: "{{ disk_device }}" |
||||
state: present |
||||
label: gpt |
||||
number: 1 |
||||
name: ESP |
||||
part_start: "{{ 1024 * 1024 }}B" |
||||
part_end: "{{ disk_egb_esp_size | int + 1024 * 1024 - 1 }}B" |
||||
flags: |
||||
- esp |
||||
|
||||
- name: Create root partition |
||||
parted: |
||||
device: "{{ disk_device }}" |
||||
state: present |
||||
label: gpt |
||||
number: 2 |
||||
name: root |
||||
part_start: "{{ disk_egb_esp_size | int + 1024 * 1024 }}B" |
||||
|
||||
- name: Enumerate created partitions. |
||||
shell: | |
||||
set -e -o pipefail |
||||
lsblk -n -o PATH {{ disk_device }} | tail -n +2 |
||||
register: result |
||||
changed_when: false |
||||
|
||||
- name: Assign partitions to variables. |
||||
set_fact: |
||||
disk_egb_esp_device_node: "{{ result.stdout_lines[0] }}" |
||||
disk_egb_root_device_node: "{{ result.stdout_lines[1] }}" |
@ -0,0 +1,33 @@ |
||||
--- |
||||
- name: Format the boot partition with vfat. |
||||
filesystem: |
||||
device: "{{ disk_egb_esp_device_node }}" |
||||
state: present |
||||
type: vfat |
||||
|
||||
- name: Format the root partition with btrfs. |
||||
filesystem: |
||||
device: "{{ disk_egb_root_device_node }}" |
||||
state: present |
||||
type: btrfs |
||||
|
||||
- name: Mount the default subvolume. |
||||
mount: |
||||
state: mounted |
||||
src: "{{ disk_egb_root_device_node }}" |
||||
path: "{{ root_mount }}" |
||||
fstype: btrfs |
||||
opts: defaults,noatime,compress=zstd |
||||
|
||||
- name: Create subvolumes. |
||||
command: |
||||
cmd: btrfs subvolume create {{ (root_mount + "/" + subvolume.name) }} |
||||
creates: '{{ (root_mount + "/" + subvolume.name) }}' |
||||
with_items: "{{ disk_egb_btrfs_subvolumes }}" |
||||
loop_control: |
||||
loop_var: subvolume |
||||
|
||||
- name: Unmount the default subvolume. |
||||
mount: |
||||
state: unmounted |
||||
path: "{{ root_mount }}" |
@ -1,6 +1,6 @@ |
||||
GRUB_TIMEOUT=5 |
||||
GRUB_DISTRIBUTOR="Arch" |
||||
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID={{ bootloader_priv_luks_device_node_uuid }}:{{ partitioning_priv_luks_name }}" |
||||
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID={{ bootloader_priv_luks_device_node_uuid }}:{{ disk_egbl_luks_name }}" |
||||
GRUB_CMDLINE_LINUX="" |
||||
GRUB_PRELOAD_MODULES="btrfs part_gpt" |
||||
GRUB_ENABLE_CRYPTODISK=y |
@ -0,0 +1,34 @@ |
||||
--- |
||||
- name: Install required packages. |
||||
command: arch-chroot {{ root_mount }} pacman -Sy grub efibootmgr os-prober --noconfirm |
||||
changed_when: true |
||||
|
||||
- name: Get luks device node uuid. |
||||
shell: | |
||||
set -e -o pipefail |
||||
blkid {{ disk_egbl_luks_device_node }} -o value | head -1 |
||||
register: result |
||||
changed_when: false |
||||
|
||||
- name: Assign device node id to variable. |
||||
set_fact: |
||||
bootloader_priv_luks_device_node_uuid: "{{ result.stdout }}" |
||||
|
||||
- name: Copy grub default config. |
||||
template: |
||||
src: files/grub |
||||
dest: "{{ root_mount }}/etc/default/grub" |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
|
||||
- name: Install grub. |
||||
command: |
||||
cmd: arch-chroot {{ root_mount }} grub-install --efi-directory=/boot/efi --bootloader-id=grub |
||||
creates: "{{ root_mount }}/boot/efi/EFI/grub" |
||||
|
||||
- name: Install theme. |
||||
include_role: |
||||
name: grub-theme |
||||
vars: |
||||
chroot: "{{ root_mount }}" |
@ -0,0 +1,22 @@ |
||||
--- |
||||
# The size of the ESP partition to be created |
||||
disk_egbl_esp_size: "{{ 512 * 1024 * 1024 }}" |
||||
|
||||
# btrfs subvolumes are laid out in a flat fashion: |
||||
# |
||||
# toplevel (default subvolume, not mounted) |
||||
# +-- @ (to be mounted at /) |
||||
# +-- @home (to be mmounted at /home) |
||||
# +-- ... |
||||
# |
||||
disk_egbl_btrfs_subvolumes: "{{ disk_egbl_core_btrfs_subvolumes + disk_egbl_extra_btrfs_subvolumes }}" |
||||
|
||||
# These subvolumes should always be present. DO NOT OVERRIDE. |
||||
disk_egbl_core_btrfs_subvolumes: |
||||
- name: "@" |
||||
mountpoint: / |
||||
- name: "@home" |
||||
mountpoint: /home |
||||
|
||||
# Add extra subvolumes here, beginning with an @. |
||||
disk_egbl_extra_btrfs_subvolumes: [] |
@ -0,0 +1,33 @@ |
||||
--- |
||||
- name: Create EFI system partition |
||||
parted: |
||||
device: "{{ disk_device }}" |
||||
state: present |
||||
label: gpt |
||||
number: 1 |
||||
name: ESP |
||||
part_start: "{{ 1024 * 1024 }}B" |
||||
part_end: "{{ disk_egbl_esp_size | int + 1024 * 1024 - 1 }}B" |
||||
flags: |
||||
- esp |
||||
|
||||
- name: Create LUKS partition |
||||
parted: |
||||
device: "{{ disk_device }}" |
||||
state: present |
||||
label: gpt |
||||
number: 2 |
||||
name: LUKS |
||||
part_start: "{{ disk_egbl_esp_size | int + 1024 * 1024 }}B" |
||||
|
||||
- name: Enumerate created partitions. |
||||
shell: | |
||||
set -e -o pipefail |
||||
lsblk -n -o PATH {{ disk_device }} | tail -n +2 |
||||
register: result |
||||
changed_when: false |
||||
|
||||
- name: Assign partitions to variables. |
||||
set_fact: |
||||
disk_egbl_esp_device_node: "{{ result.stdout_lines[0] }}" |
||||
disk_egbl_luks_device_node: "{{ result.stdout_lines[1] }}" |
@ -0,0 +1,31 @@ |
||||
--- |
||||
- name: Format the boot partition with vfat. |
||||
filesystem: |
||||
device: "{{ disk_egbl_esp_device_node }}" |
||||
state: present |
||||
type: vfat |
||||
|
||||
- name: Format the luks container with btrfs. |
||||
filesystem: |
||||
device: /dev/mapper/{{ disk_egbl_luks_name }} |
||||
state: present |
||||
type: btrfs |
||||
|
||||
- name: Mount the default subvolume. |
||||
mount: |
||||
state: mounted |
||||
src: /dev/mapper/{{ disk_egbl_luks_name }} |
||||
path: "{{ root_mount }}" |
||||
fstype: btrfs |
||||
opts: defaults,noatime,compress=zstd |
||||
|
||||
- name: Create subvolumes. |
||||
command: |
||||
cmd: btrfs subvolume create {{ root_mount + "/" + item.name }} |
||||
creates: '{{ root_mount + "/" + item.name }}' |
||||
with_items: "{{ disk_egbl_btrfs_subvolumes }}" |
||||
|
||||
- name: Unmount the default subvolume. |
||||
mount: |
||||
state: unmounted |
||||
path: "{{ root_mount }}" |
@ -0,0 +1,10 @@ |
||||
--- |
||||
- name: Create luks container and open it. |
||||
luks_device: |
||||
device: "{{ disk_egbl_luks_device_node }}" |
||||
state: opened |
||||
name: "{{ disk_egbl_luks_name }}" |
||||
type: luks1 |
||||
cipher: aes-xts-plain64 |
||||
hash: sha256 |
||||
passphrase: "{{ disk_egbl_luks_password }}" |
@ -0,0 +1,47 @@ |
||||
--- |
||||
- name: Generate fstab. |
||||
include_role: |
||||
name: genfstab |
||||
vars: |
||||
chroot: "{{ root_mount }}" |
||||
|
||||
- name: Check if btrfs-progs is installed. |
||||
command: arch-chroot {{ root_mount }} |
||||
pacman -Qk btrfs-progs |
||||
register: result |
||||
failed_when: false |
||||
changed_when: false |
||||
|
||||
- name: Install btrfs-progs. |
||||
command: arch-chroot {{ root_mount }} |
||||
pacman -Sy btrfs-progs --noconfirm |
||||
when: result.rc != 0 |
||||
|
||||
- name: Create crypto keyfile. |
||||
shell: |
||||
# yamllint disable rule:line-length |
||||
cmd: | |
||||
set -e -o pipefail |
||||
dd bs=512 count=8 if=/dev/urandom of={{ root_mount }}/crypto_keyfile.bin |
||||
echo {{ disk_egbl_luks_password }} | cryptsetup luksAddKey {{ disk_egbl_luks_device_node }} {{ root_mount }}/crypto_keyfile.bin |
||||
# yamllint enable rule:line-length |
||||
creates: "{{ root_mount }}/crypto_keyfile.bin" |
||||
|
||||
- name: Set proper permissions on crypto keyfile. |
||||
file: |
||||
path: "{{ root_mount }}/crypto_keyfile.bin" |
||||
mode: 0000 |
||||
|
||||
- name: Configure mkinitcpio. |
||||
mkinitcpio: |
||||
state: present |
||||
path: "{{ root_mount }}/etc/mkinitcpio.conf" |
||||
binaries: /usr/bin/btrfs |
||||
files: /crypto_keyfile.bin |
||||
hooks: |
||||
- encrypt |
||||
- btrfs |
||||
|
||||
- name: Run mkinitcpio. |
||||
command: arch-chroot {{ root_mount }} mkinitcpio -P |
||||
changed_when: true |
@ -0,0 +1,16 @@ |
||||
--- |
||||
- name: Include partitioning role for {{ disk_format }} disk format. |
||||
include_role: |
||||
name: "disk/{{ disk_format }}/partitioning" |
||||
public: true |
||||
- name: Bootstrap system with base packages. |
||||
import_role: |
||||
name: base_packages |
||||
- name: Include postpartitioning role for {{ disk_format }} disk format. |
||||
include_role: |
||||
name: "disk/{{ disk_format }}/postpartitioning" |
||||
public: true |
||||
- name: Include bootloader role for {{ disk_format }} disk format. |
||||
include_role: |
||||
name: "disk/{{ disk_format }}/bootloader" |
||||
public: true |
@ -1,2 +0,0 @@ |
||||
--- |
||||
disksetup_strategy: efi_gpt_luks_btrfs |
@ -1,23 +0,0 @@ |
||||
--- |
||||
- name: Install required packages. |
||||
command: arch-chroot {{ partitioning_root_mount_point }} pacman -Sy grub efibootmgr os-prober --noconfirm |
||||
changed_when: true |
||||
|
||||
- name: Copy grub default config. |
||||
template: |
||||
src: files/grub |
||||
dest: "{{ partitioning_root_mount_point }}/etc/default/grub" |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
|
||||
- name: Install grub. |
||||
command: |
||||
cmd: arch-chroot {{ partitioning_root_mount_point }} grub-install --efi-directory=/boot/efi --bootloader-id=grub |
||||
creates: "{{ partitioning_root_mount_point }}/boot/efi/EFI/grub" |
||||
|
||||
- name: Install theme. |
||||
include_role: |
||||
name: grub-theme |
||||
vars: |
||||
chroot: "{{ partitioning_root_mount_point }}" |
@ -1,33 +0,0 @@ |
||||
--- |
||||
##### Public variables used by the rest of the playbook ##### |
||||
partitioning_root_mount_point: "/mnt" |
||||
|
||||
##### Private variables used only by the partitioning roles ##### |
||||
|
||||
# Two partitions will be created on this device node |
||||
# * xxx1 will be used by /boot/efi |
||||
# * xxx2 will be the root partition |
||||
partitioning_priv_device_node: "/dev/sda" |
||||
|
||||
# The size of the ESP partition to be created |
||||
partitioning_priv_esp_size: "{{ 512 * 1024 * 1024 }}" |
||||
|
||||
# btrfs subvolumes are laid out in a flat fashion: |
||||
# |
||||
# toplevel (default subvolume, not mounted) |
||||
# +-- @ (to be mounted at /) |
||||
# +-- @home (to be mmounted at /home) |
||||
# +-- ... |
||||
# |
||||
# yamllint disable-line rule:line-length |
||||
partitioning_priv_btrfs_subvolumes: "{{ partitioning_priv_core_btrfs_subvolumes + partitioning_priv_extra_btrfs_subvolumes }}" |
||||
|
||||
# These subvolumes should always be present. DO NOT OVERRIDE. |
||||
partitioning_priv_core_btrfs_subvolumes: |
||||
- name: "@" |
||||
mountpoint: / |
||||
|
||||
# Other subvolumes can be added here, beginning with an @. |
||||
partitioning_priv_extra_btrfs_subvolumes: |
||||
- name: "@home" |
||||
mountpoint: /home |
@ -1,33 +0,0 @@ |
||||
--- |
||||
- name: Create EFI system partition |
||||
parted: |
||||
device: "{{ partitioning_priv_device_node }}" |
||||
state: present |
||||
label: gpt |
||||
number: 1 |
||||
name: ESP |
||||
part_start: "{{ 1024 * 1024 }}B" |
||||
part_end: "{{ partitioning_priv_esp_size | int + 1024 * 1024 - 1 }}B" |
||||
flags: |
||||
- esp |
||||
|
||||
- name: Create root partition |
||||
parted: |
||||
device: "{{ partitioning_priv_device_node }}" |
||||
state: present |
||||
label: gpt |
||||
number: 2 |
||||
name: root |
||||
part_start: "{{ partitioning_priv_esp_size | int + 1024 * 1024 }}B" |
||||
|
||||
- name: Enumerate created partitions. |
||||
shell: | |
||||
set -e -o pipefail |
||||
lsblk -n -o PATH {{ partitioning_priv_device_node | quote }} | tail -n +2 |
||||
register: _partitions |
||||
changed_when: false |
||||
|
||||
- name: Assign partitions to variables. |
||||
set_fact: |
||||
partitioning_priv_esp_device_node: "{{ _partitions.stdout_lines[0] }}" |
||||
partitioning_priv_root_device_node: "{{ _partitions.stdout_lines[1] }}" |
@ -1,31 +0,0 @@ |
||||
--- |
||||
- name: Format the boot partition with vfat. |
||||
filesystem: |
||||
device: "{{ partitioning_priv_esp_device_node }}" |
||||
state: present |
||||
type: vfat |
||||
|
||||
- name: Format the root partition with btrfs. |
||||
filesystem: |
||||
device: "{{ partitioning_priv_root_device_node }}" |
||||
state: present |
||||
type: btrfs |
||||
|
||||
- name: Mount the default subvolume. |
||||
mount: |
||||
state: mounted |
||||
src: "{{ partitioning_priv_root_device_node }}" |
||||
path: "{{ partitioning_root_mount_point }}" |
||||
fstype: btrfs |
||||
opts: defaults,noatime,compress=zstd |
||||
|
||||
- name: Create subvolumes. |
||||
command: |
||||
cmd: btrfs subvolume create {{ (partitioning_root_mount_point + "/" + item.name) }} |
||||
creates: '{{ (partitioning_root_mount_point + "/" + item.name) }}' |
||||
with_items: "{{ partitioning_priv_btrfs_subvolumes }}" |
||||
|
||||
- name: Unmount the default subvolume. |
||||
mount: |
||||
state: unmounted |
||||
path: "{{ partitioning_root_mount_point }}" |
@ -1,34 +0,0 @@ |
||||
--- |
||||
- name: Install required packages. |
||||
command: arch-chroot {{ partitioning_root_mount_point }} pacman -Sy grub efibootmgr os-prober --noconfirm |
||||
changed_when: true |
||||
|
||||
- name: Get luks device node uuid. |
||||
shell: | |
||||
set -e -o pipefail |
||||
blkid {{ partitioning_priv_luks_device_node }} -o value | head -1 |
||||
register: _device_node_uuid |
||||
changed_when: false |
||||
|
||||
- name: Assign device node id to variable. |
||||
set_fact: |
||||
bootloader_priv_luks_device_node_uuid: "{{ _device_node_uuid.stdout }}" |
||||
|
||||
- name: Copy grub default config. |
||||
template: |
||||
src: files/grub |
||||
dest: "{{ partitioning_root_mount_point }}/etc/default/grub" |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
|
||||
- name: Install grub. |
||||
command: |
||||
cmd: arch-chroot {{ partitioning_root_mount_point }} grub-install --efi-directory=/boot/efi --bootloader-id=grub |
||||
creates: "{{ partitioning_root_mount_point }}/boot/efi/EFI/grub" |
||||
|
||||
- name: Install theme. |
||||
include_role: |
||||
name: grub-theme |
||||
vars: |
||||
chroot: "{{ partitioning_root_mount_point }}" |
@ -1,39 +0,0 @@ |
||||
--- |
||||
##### Public variables used by the rest of the playbook ##### |
||||
partitioning_root_mount_point: "/mnt" |
||||
|
||||
##### Private variables used only by the partitioning roles ##### |
||||
|
||||
# Two partitions will be created on this device node |
||||
# * xxx1 will be used by /boot/efi |
||||
# * xxx2 will be a luks container, with btrfs inside |
||||
partitioning_priv_device_node: "/dev/sda" |
||||
|
||||
# The size of the ESP partition to be created |
||||
partitioning_priv_esp_size: "{{ 512 * 1024 * 1024 }}" |
||||
|
||||
# btrfs subvolumes are laid out in a flat fashion: |
||||
# |
||||
# toplevel (default subvolume, not mounted) |
||||
# +-- @ (to be mounted at /) |
||||
# +-- @home (to be mmounted at /home) |
||||
# +-- ... |
||||
# |
||||
# yamllint disable-line rule:line-length |
||||
partitioning_priv_btrfs_subvolumes: "{{ partitioning_priv_core_btrfs_subvolumes + partitioning_priv_extra_btrfs_subvolumes }}" |
||||
|
||||
# These subvolumes should always be present. DO NOT OVERRIDE. |
||||
partitioning_priv_core_btrfs_subvolumes: |
||||
- name: "@" |
||||
mountpoint: / |
||||
|
||||
# Other subvolumes can be added here, beginning with an @. |
||||
partitioning_priv_extra_btrfs_subvolumes: |
||||
- name: "@home" |
||||
mountpoint: /home |
||||
|
||||
# The mapper name of the luks container |
||||
partitioning_priv_luks_name: cryptoroot |
||||
|
||||
# The password used to encrypt the luks container |
||||
partitioning_priv_luks_password: password |
@ -1,33 +0,0 @@ |
||||
--- |
||||
- name: Create EFI system partition |
||||
parted: |
||||
device: "{{ partitioning_priv_device_node }}" |
||||
state: present |
||||
label: gpt |
||||
number: 1 |
||||
name: ESP |
||||
part_start: "{{ 1024 * 1024 }}B" |
||||
part_end: "{{ partitioning_priv_esp_size | int + 1024 * 1024 - 1 }}B" |
||||
flags: |
||||
- esp |
||||
|
||||
- name: Create LUKS partition |
||||
parted: |
||||
device: "{{ partitioning_priv_device_node }}" |
||||
state: present |
||||
label: gpt |
||||
number: 2 |
||||
name: LUKS |
||||
part_start: "{{ partitioning_priv_esp_size | int + 1024 * 1024 }}B" |
||||
|
||||
- name: Enumerate created partitions. |
||||
shell: | |
||||
set -e -o pipefail |
||||
lsblk -n -o PATH {{ partitioning_priv_device_node | quote }} | tail -n +2 |
||||
register: _partitions |
||||
changed_when: false |
||||
|
||||
- name: Assign partitions to variables. |
||||
set_fact: |
||||
partitioning_priv_esp_device_node: "{{ _partitions.stdout_lines[0] }}" |
||||
partitioning_priv_luks_device_node: "{{ _partitions.stdout_lines[1] }}" |
@ -1,31 +0,0 @@ |
||||
--- |
||||
- name: Format the boot partition with vfat. |
||||
filesystem: |
||||
device: "{{ partitioning_priv_esp_device_node }}" |
||||
state: present |
||||
type: vfat |
||||
|
||||
- name: Format the luks container with btrfs. |
||||
filesystem: |
||||
device: /dev/mapper/{{ partitioning_priv_luks_name }} |
||||
state: present |
||||
type: btrfs |
||||
|
||||
- name: Mount the default subvolume. |
||||
mount: |
||||
state: mounted |
||||
src: /dev/mapper/{{ partitioning_priv_luks_name }} |
||||
path: "{{ partitioning_root_mount_point }}" |
||||
fstype: btrfs |
||||
opts: defaults,noatime,compress=zstd |
||||
|
||||
- name: Create subvolumes. |
||||
command: |
||||
cmd: btrfs subvolume create {{ (partitioning_root_mount_point + "/" + item.name) | quote }} |
||||
creates: '{{ (partitioning_root_mount_point + "/" + item.name) | quote }}' |
||||
with_items: "{{ partitioning_priv_btrfs_subvolumes }}" |
||||
|
||||
- name: Unmount the default subvolume. |
||||
mount: |
||||
state: unmounted |
||||
path: "{{ partitioning_root_mount_point }}" |
@ -1,10 +0,0 @@ |
||||
--- |
||||
- name: Create luks container and open it. |
||||
luks_device: |
||||
device: "{{ partitioning_priv_luks_device_node }}" |
||||
state: opened |
||||
name: "{{ partitioning_priv_luks_name }}" |
||||
type: luks1 |
||||
cipher: aes-xts-plain64 |
||||
hash: sha256 |
||||
passphrase: "{{ partitioning_priv_luks_password }}" |
@ -1,47 +0,0 @@ |
||||
--- |
||||
- name: Generate fstab. |
||||
include_role: |
||||
name: genfstab |
||||
vars: |
||||
chroot: "{{ partitioning_root_mount_point }}" |
||||
|
||||
- name: Check if btrfs-progs is installed. |
||||
command: arch-chroot {{ partitioning_root_mount_point }} |
||||
pacman -Qk btrfs-progs |
||||
register: _btrfs_progs_installed |
||||
failed_when: false |
||||
changed_when: false |
||||
|
||||
- name: Install btrfs-progs. |
||||
command: arch-chroot {{ partitioning_root_mount_point }} |
||||
pacman -Sy btrfs-progs --noconfirm |
||||
when: _btrfs_progs_installed.rc != 0 |
||||
|
||||
- name: Create crypto keyfile. |
||||
shell: |
||||
cmd: | |
||||
set -e -o pipefail |
||||
dd bs=512 count=8 if=/dev/urandom of={{ partitioning_root_mount_point }}/crypto_keyfile.bin |
||||
echo {{ partitioning_priv_luks_password }} \ |
||||
| cryptsetup luksAddKey {{ partitioning_priv_luks_device_node }} \ |
||||
{{ partitioning_root_mount_point }}/crypto_keyfile.bin |
||||
creates: "{{ partitioning_root_mount_point }}/crypto_keyfile.bin" |
||||
|
||||
- name: Set proper permissions on crypto keyfile. |
||||
file: |
||||
path: "{{ partitioning_root_mount_point }}/crypto_keyfile.bin" |
||||
mode: 0000 |
||||
|
||||
- name: Configure mkinitcpio. |
||||
mkinitcpio: |
||||
state: present |
||||
path: "{{ partitioning_root_mount_point }}/etc/mkinitcpio.conf" |
||||
binaries: /usr/bin/btrfs |
||||
files: /crypto_keyfile.bin |
||||
hooks: |
||||
- encrypt |
||||
- btrfs |
||||
|
||||
- name: Run mkinitcpio. |
||||
command: arch-chroot {{ partitioning_root_mount_point }} mkinitcpio -P |
||||
changed_when: true |
@ -1,16 +0,0 @@ |
||||
--- |
||||
- name: Include partitioning role for selected partitioning strategy. |
||||
include_role: |
||||
name: "disksetup/{{ disksetup_strategy }}/partitioning" |
||||
public: true |
||||
- name: Bootstrap system with base packages. |
||||
import_role: |
||||
name: base_packages |
||||
- name: Include postpartitioning role for selected partitioning strategy. |
||||
include_role: |
||||
name: "disksetup/{{ disksetup_strategy }}/postpartitioning" |
||||
public: true |
||||
- name: Include bootloader role for selected partitioning strategy. |
||||
include_role: |
||||
name: "disksetup/{{ disksetup_strategy }}/bootloader" |
||||
public: true |
@ -1,5 +1,4 @@ |
||||
--- |
||||
- name: Include display server xorg. |
||||
- name: Include display server strategy. |
||||
include_role: |
||||
name: "display_server/xorg" |
||||
public: true |
||||
name: "display_server/{{ display_server }}" |
||||
|
@ -1,13 +1,13 @@ |
||||
--- |
||||
- name: Generate fstab. |
||||
command: genfstab -U {{ chroot | quote }} |
||||
register: _fstab |
||||
register: result |
||||
changed_when: false |
||||
|
||||
- name: Save fstab. |
||||
copy: |
||||
dest: "{{ chroot | quote }}/etc/fstab" |
||||
content: "{{ _fstab.stdout }}" |
||||
content: "{{ result.stdout }}" |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
|
Loading…
Reference in new issue