mbess/monakhos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity

wip

Browse source
This commit is contained in:
Matthieu Bessat 2024-05-26 22:17:13 +02:00
parent e61fe7e3f7
commit a0ea7b0a3f
18 changed files with 366 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

180
README.md Normal file
View file

@ -0,0 +1,180 @@
# MonakhOS: My general workstation environment
Code name given on 2024-05-16 : "MonakhOS"
Architecture:
- Sway
- A single `venv` in dots containing all utilities and libs
## Ansible
https://github.com/id101010/ansible-archlinux
## Getting started with a VM (qemu)
Cd in `sandbox_vms/vm1`
Create the QCow base image.
../../ansible/run_ansible_playbook.sh base.img
Run the image, use remmina to install with archinstall.
With Archinstall add:
- desktop profile
- sway
- ly greeter
- networkmanager
Create snapshot to be able to quickly restart the ansible script with a clean image
qemu-img create -f qcow2 -b base.img -F qcow2 after_arch_install.img
qemu-img create -f qcow2 -b after_arch_install.img -F qcow2 after_ssh_init.img
qemu-img create -f qcow2 -b after_ssh_init.img -F qcow2 ready_for_ansible.img
## Steps to install
- find a new name for the device eg. blackjack
- connect to wifi
- enable ssh server to access it from the exterior
- generate ssh key
- add sshkey to forge.lefuturiste.fr
### Generate a unprotected default ssh key
```
ssh-keygen -t ed25519 -C "mbess@blackjack"
```
no passphrase
> ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length and the -b flag will be ignored.
### Configure ~/.ssh/config
```
# set as default
IdentityFile ~/.ssh/unprotected_ed25519
Host *
ServerAliveInterval 40
Host forge.lefuturiste.fr
user git
IdentitiesOnly yes
IdentityFile ~/.ssh/unprotected_ed25519
Host aur.archlinux.org
IdentityFile ~/.ssh/id_aur
User aur
```
### Clone dots
```
cd ~
git clone git@forge.lefuturiste.fr:mbess/dots .dots
```
```
cd ~/.dots
python3 -m venv venv
pip install -r requirements.txt
# create symbolic link to access dots
ln -s ~/.dots ~/dots
```
### install yay
```
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si
```
### configure Zsh
https://wiki.archlinux.org/title/Zsh
### configure xremap
sudo systemctl daemon-reload
sudo systemctl enable --now xremap
### Import and configure GPG keys
### Configure unix password manager
using `extra/gopass`
### Setup symbolic links to configs files
run the script `setup_dot.sh`
## Shell
### Fish
#### install fisher
https://github.com/jorgebucaran/fisher
use `fisher package`
#### fzf fish
https://github.com/PatrickF1/fzf.fish
require fd and bat
#### lfcd
https://github.com/gokcehan/lf/blob/master/etc/lfcd.fish
### Zsh
https://yewtu.be/watch?v=ud7YxC33Z3w
https://github.com/jeffreytse/zsh-vi-mode
How to handle different profiles
## Pacman packages
defined in dots file
arch_packages.yaml
## Sway
### swayidle
https://stackoverflow.com/questions/68694093/how-to-prevent-swayidle-from-execution-while-watching-a-film
## Greeter
Ly is a TUI greeter, it will show a terminal based login prompt
https://github.com/fairyglade/ly
## ansible
### auto run archinstall with ansible
- question: how to overwrite the drive config and set it to auto ?
https://archinstall.archlinux.page/
## Pistes
https://github.com/kewlfft/ansible-aur

5
ansible/README.md
View file

@ -1,3 +1,8 @@
https://runebook.dev/fr/docs/ansible/collections/community/general/pacman_module
https://docs.ansible.com/ansible/2.8/modules/pacman_module.html
https://docs.ansible.com/ansible/latest/collections/community/general/pacman_module.html
## External modules
https://github.com/kewlfft/ansible-aur/tree/master

1
ansible/ansible.cfg
View file

@ -14,3 +14,4 @@ fact_caching_uri = ./.fact_cache.json
[ssh_connection]
# when developing on local machine
pipelining = True

2
ansible/arch_packages.json
View file

@ -1 +1 @@
["util-linux", "less", "git", "moreutils", "tmux", "openssh", "base-devel", "moreutils", "fzf", "lf", "ripgrep", "fd", "bat", "pv", "at", "jo", "jq", "fx", "yq", "xsv", "unzip", "unoconv", "pandoc", "libqalculate", "wget", "nmap", "wireguard-tools", "tcpdump", "socat", "rsync", "rclone", "lsof", "w3m", "acpi", "smartmontools", "lshw", "ffmpeg", "imagemagick", "mpv", "yt-dlp", "tesseract", "tesseract-data-fra", "tesseract-data-eng", "gopass", "vim", "helix", "gcc", "make", "jwt-cli", "fish", "dash", "pavucontrol", "wev", "wtype", "wl-clipboard", "wofi", "sway", "swaylock", "swayidle", "cliphist", "firefox-developer-edition", "torbrowser-launcher", "alacritty", "thunderbird", "zathura", "krita", "inkscape", "libreoffice-still", "ttf-font-awesome", "ttf-fira-code"]
["util-linux", "less", "git", "moreutils", "tmux", "openssh", "base-devel", "moreutils", "fzf", "lf", "ripgrep", "fd", "bat", "pv", "at", "jo", "jq", "fx", "yq", "xsv", "unzip", "unoconv", "pandoc", "libqalculate", "wget", "nmap", "wireguard-tools", "tcpdump", "socat", "rsync", "rclone", "lsof", "w3m", "acpi", "smartmontools", "lshw", "dmidecode", "ffmpeg", "imagemagick", "mpv", "yt-dlp", "tesseract", "tesseract-data-fra", "tesseract-data-eng", "gopass", "vim", "helix", "gcc", "make", "cmake", "libxkbcommon", "jwt-cli", "fish", "zoxide", "dash", "pavucontrol", "wev", "wtype", "wl-clipboard", "wofi", "sway", "swaylock", "swayidle", "cliphist", "firefox-developer-edition", "torbrowser-launcher", "alacritty", "thunderbird", "zathura", "krita", "inkscape", "libreoffice-still", "ttf-font-awesome", "ttf-fira-code"]

7
ansible/arch_packages.yaml
View file

@ -54,6 +54,8 @@ categories:
- acpi
- smartmontools # monitor drive (SSD) health
- lshw
- dmidecode # to list memory slots
- usbutils
multimedia:
- ffmpeg
@ -74,6 +76,9 @@ categories:
c:
- gcc
- make
- cmake
- libxkbcommon
http_utils:
- jwt-cli
@ -81,6 +86,7 @@ categories:
shell:
- fish
- aur/fish-fzf
- zoxide
- name: dash
desc: Simple POSIX compliant shell
@ -109,6 +115,7 @@ categories:
browser:
- firefox-developer-edition
- torbrowser-launcher
- aur/brave-bin
terminal_emulator:
- alacritty
mail:

0
vm_tools/archinstall-configs/user_configuration.json → ansible/archinstall_configs/user_configuration.json
View file

0
vm_tools/archinstall-configs/user_credentials.json → ansible/archinstall_configs/user_credentials.json
View file

2
ansible/requirements.yml Normal file
View file

@ -0,0 +1,2 @@
collections:
- name: kewlfft.aur

0
ansible/roles/aur/tasks/main.yaml Normal file
View file

14
ansible/run_ansible_playbook.sh
View file

@ -5,14 +5,22 @@ base="$(realpath $(dirname "$0"))"
export ANSIBLE_CACHE_PLUGIN=jsonfile
export ANSIBLE_CONFIG=$base/ansible.cfg
#export ANSIBLE_DEBUG=1
export ANSIBLE_LOG_PATH=ansible_run.log
cd $base
python3 parse_arch_packages.py > arch_packages.json
cd $workdir
rm $base/vm_files
ln -s $workdir $base/vm_files
ansible-playbook $base/workstation.yaml \
--ask-become-pass \
-v \
-u "mbess" \
-i "$base/inventory.yaml" \
--ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -i ./sshkey" \
--extra-vars "@$base/vars.yaml"
--ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -i ./master_sshkey" \
--extra-vars "@$workdir/vars.yaml" \
--extra-vars "ansible_sudo_pass=root" \
--start-at-task "Create the aur_builder user"

18
ansible/run_ansible_playbook_initial_install.sh Executable file
View file

@ -0,0 +1,18 @@
#!/usr/bin/sh
workdir="$(pwd)"
base="$(realpath $(dirname "$0"))"
export ANSIBLE_CACHE_PLUGIN=jsonfile
export ANSIBLE_CONFIG=$base/ansible.cfg
cd $base
python3 parse_arch_packages.py > arch_packages.json
cd $workdir
ansible-playbook $base/workstation_initial_install.yaml \
--ask-become-pass \
-u "mbess" \
-i "$base/inventory.yaml" \
--ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -i ./master_sshkey" \
--extra-vars "@$base/vars.yaml"

4
ansible/templates/ssh_config Normal file
View file

@ -0,0 +1,4 @@
Host forge.lefuturiste.fr
user git
IdentitiesOnly yes
IdentityFile ~/.ssh/{{ device_name }}_generic_key_ed25519

2
ansible/vars.yaml
View file

@ -1,4 +1,2 @@
user: mbess
foo: barladladsl
device_name: grayblower

1
ansible/vm_files Symbolic link
View file

@ -0,0 +1 @@
/home/mbess/workspace/monakhos/sandbox_vms/vm1

129
ansible/workstation.yaml
View file

@ -1,13 +1,28 @@
- hosts: workstation
gather_facts: False
gather_facts: True
vars:
home: /home/{{ user }}
config_files:
- dir: fish
name: config.fish
- dir: tmux
name: tmux.conf
- dir: alacritty
name: alacritty.toml
- dir: wofi
name: style.css
- dir: sway
name: config
- dir: helix
name: config.toml
- dir: i3status-rust
name: config.toml
- dir: git
name: config
- dir: nvim
name: init.lua
- dir: nvim
name: lua # lua dir
tasks:
- name: Init arch
block:
@ -15,51 +30,131 @@
path: /home/mbess/.workstation_setup_state
state: touch
- copy: content="2024-05-20T11:28:07.552Z c385e8f1-9f34-47d3-9155-0cc1f04c4550" dest=/home/mbess/.workstation_setup_state
- name: Install some packages
- name: Update pacman repo
become: true
community.general.pacman:
update_cache: true
upgrade: true
- name: Install some basic packages
become: true
community.general.pacman:
name:
- jq
- fx
- jo
- yq
- archlinux-keyring
- name: Init pacman keyring
become: true
# complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date)
block:
- stat:
path: "{{ home }}/.cache/monakhos/pacman_key_state"
register: pacman_key_state_stat
- when: pacman_key_state_stat.stat.exists
slurp:
src: "{{ home }}/.cache/monakhos/pacman_key_state"
register: pacman_key_state
- when: pacman_key_state.content is defined
name: "pacman key state debug 1"
debug:
msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}"
- when: not pacman_key_state_stat.stat.exists
block:
- shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux"
- shell: "mkdir -p ~/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state"
- name: Install some basic packages
become: true
community.general.pacman:
name:
- cliphist
- name: Install packages from YAML files (excluding AUR)
become: true
community.general.pacman:
name: "{{ lookup('file', 'arch_packages.json') | from_json }}" # the python script will return a list of packages
# - name: Install yay, an AUR helper
# TODO: put pre-generated sshkeys
# - name: Install yay, an AUR helper
#
- name: Copy pre-generated ssh keys
block:
- copy:
src: ./vm_files/remote_key
dest: "{{ home }}/.ssh/{{ device_name }}_generic_key_ed25519"
mode: u=rw,g=,o=
- copy:
src: ./vm_files/remote_key.pub
dest: "{{ home }}/.ssh/{{ device_name }}_generic_key_ed25519.pub"
mode: u=rw,g=,o=
- name: Config git
template:
src: ssh_config
dest: "{{ home }}/.ssh/config"
owner: "{{ user }}"
mode: u=rw,g=,o=
- name: Clone dots file
git:
repo: "git@forge.lefuturiste.fr:mbess/dots.git"
dest: "{{ home }}/.dots"
- name: Clone books sources
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
dest: /home/mbess/workspace/books_sources
- name: Setup config directories
file:
path: "/home/mbess/.config/{{ item.dir }}"
path: "{{ home }}/.config/{{ item.dir }}"
state: directory
recurse: true
loop: "{{ config_files }}"
- name: Setup symbolic links to config files
file:
src: "/home/mbess/.dots/config/{{ item.dir }}/{{ item.name }}"
dest: "/home/mbess/.config/{{ item.dir }}/{{ item.name }}"
src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}"
dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}"
state: link
loop: "{{ config_files }}"
- name: Setup main popequer notebook
include_role:
name: popequer_notebook
- name: Setup quick notes folder
file:
path: "/home/mbess/.hidden/quick_notes/"
path: "{{ home }}/.hidden/quick_notes/"
state: directory
recurse: true
- name: Setup temporary secrets folder (cookies jar)
file:
path: "/home/mbess/.cache/secrets/"
path: "{{ home }}/.cache/secrets/"
state: directory
recurse: true
- name: Create the aur_builder user
become: yes
ansible.builtin.user:
name: aur_builder
create_home: yes
group: wheel
- name: Allow the `aur_builder` user to run `sudo pacman` without a password
become: yes
ansible.builtin.lineinfile:
path: /etc/sudoers.d/11-install-aur_builder
line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
create: yes
mode: 0644
validate: 'visudo -cf %s'
- name: Install yay using makepkg
kewlfft.aur.aur:
name: yay
use: makepkg
state: present
become: yes
become_user: aur_builder
# - name: Clone books sources
# ansible.builtin.git:
# repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
# dest: /home/mbess/workspace/books_sources

10
ansible/workstation_initial_install.yaml Normal file
View file

@ -0,0 +1,10 @@
- hosts: workstation
gather_facts: False
vars: {}
tasks:
- name: Copy arch install config files
copy:
src: /users/rolando/myfile
dest: /users/rolando/myfile

11
vm_tools/install_vm.sh Executable file
View file

@ -0,0 +1,11 @@
#!/usr/bin/sh
export OS_IMAGE_PATH="/mnt/extramedia3/mbess/os_images/arch/2024-05-01/archlinux-2024.05.01-x86_64.iso"
export RUN_VM_EXTRA_ARGS="-cdrom $OS_IMAGE_PATH"
base="$(realpath $(dirname "$0"))"
echo "Installing OS"
$base/run_vm.sh main.qcow

10
vm_tools/run_vm.sh
View file

@ -1,15 +1,9 @@
#!/usr/bin/sh
# -cdrom /mnt/extramedia3/mbess/os_images/arch/2024-05-01/archlinux-2024.05.01-x86_64.iso \
#
#-hdb secondary.qcow \
#
# -spice unix=on,addr=/tmp/vm_monakhos.spice.socket,disable-ticketing=on \
echo "Launching vm"
qemu-system-x86_64 \
-hda main.qcow \
-hda $1 \
-boot order=d \
-m 2G \
-accel kvm \
@ -21,4 +15,6 @@ qemu-system-x86_64 \
-spice addr=127.0.0.1,port=4354,disable-ticketing=on \
-net user,hostfwd=tcp::2222-:22 \
-net nic \
-D ./log.txt \
$RUN_VM_EXTRA_ARGS