From a0ea7b0a3f4f7a8408c1cb3c9813a2f337df6f60 Mon Sep 17 00:00:00 2001 From: Matthieu Bessat Date: Sun, 26 May 2024 22:17:13 +0200 Subject: [PATCH] wip --- README.md | 180 ++++++++++++++++++ ansible/README.md | 5 + ansible/ansible.cfg | 1 + ansible/arch_packages.json | 2 +- ansible/arch_packages.yaml | 7 + .../user_configuration.json | 0 .../user_credentials.json | 0 ansible/requirements.yml | 2 + ansible/roles/aur/tasks/main.yaml | 0 ansible/run_ansible_playbook.sh | 14 +- .../run_ansible_playbook_initial_install.sh | 18 ++ ansible/templates/ssh_config | 4 + ansible/vars.yaml | 2 - ansible/vm_files | 1 + ansible/workstation.yaml | 129 +++++++++++-- ansible/workstation_initial_install.yaml | 10 + vm_tools/install_vm.sh | 11 ++ vm_tools/run_vm.sh | 10 +- 18 files changed, 366 insertions(+), 30 deletions(-) create mode 100644 README.md rename {vm_tools/archinstall-configs => ansible/archinstall_configs}/user_configuration.json (100%) rename {vm_tools/archinstall-configs => ansible/archinstall_configs}/user_credentials.json (100%) create mode 100644 ansible/requirements.yml create mode 100644 ansible/roles/aur/tasks/main.yaml create mode 100755 ansible/run_ansible_playbook_initial_install.sh create mode 100644 ansible/templates/ssh_config create mode 120000 ansible/vm_files create mode 100644 ansible/workstation_initial_install.yaml create mode 100755 vm_tools/install_vm.sh diff --git a/README.md b/README.md new file mode 100644 index 0000000..f0fc374 --- /dev/null +++ b/README.md @@ -0,0 +1,180 @@ +# MonakhOS: My general workstation environment + +Code name given on 2024-05-16 : "MonakhOS" + +Architecture: +- Sway + +- A single `venv` in dots containing all utilities and libs + +## Ansible + +https://github.com/id101010/ansible-archlinux + +## Getting started with a VM (qemu) + +Cd in `sandbox_vms/vm1` + +Create the QCow base image. + + ../../ansible/run_ansible_playbook.sh base.img + +Run the image, use remmina to install with archinstall. + +With Archinstall add: +- desktop profile + - sway + - ly greeter +- networkmanager + +Create snapshot to be able to quickly restart the ansible script with a clean image + + qemu-img create -f qcow2 -b base.img -F qcow2 after_arch_install.img + + qemu-img create -f qcow2 -b after_arch_install.img -F qcow2 after_ssh_init.img + + qemu-img create -f qcow2 -b after_ssh_init.img -F qcow2 ready_for_ansible.img + + + +## Steps to install + +- find a new name for the device eg. blackjack +- connect to wifi +- enable ssh server to access it from the exterior +- generate ssh key +- add sshkey to forge.lefuturiste.fr + +### Generate a unprotected default ssh key + +``` +ssh-keygen -t ed25519 -C "mbess@blackjack" +``` + +no passphrase + +> ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length and the -b flag will be ignored. + +### Configure ~/.ssh/config + +``` +# set as default +IdentityFile ~/.ssh/unprotected_ed25519 + +Host * + ServerAliveInterval 40 + +Host forge.lefuturiste.fr + user git + IdentitiesOnly yes + IdentityFile ~/.ssh/unprotected_ed25519 + +Host aur.archlinux.org + IdentityFile ~/.ssh/id_aur + User aur +``` + +### Clone dots + +``` +cd ~ +git clone git@forge.lefuturiste.fr:mbess/dots .dots +``` + +``` +cd ~/.dots +python3 -m venv venv + +pip install -r requirements.txt + +# create symbolic link to access dots +ln -s ~/.dots ~/dots +``` + +### install yay + +``` +git clone https://aur.archlinux.org/yay.git +cd yay +makepkg -si +``` + +### configure Zsh + +https://wiki.archlinux.org/title/Zsh + + + +### configure xremap + + sudo systemctl daemon-reload + + sudo systemctl enable --now xremap + + +### Import and configure GPG keys + +### Configure unix password manager + +using `extra/gopass` + +### Setup symbolic links to configs files + +run the script `setup_dot.sh` + +## Shell + +### Fish + +#### install fisher + +https://github.com/jorgebucaran/fisher + +use `fisher package` + +#### fzf fish + +https://github.com/PatrickF1/fzf.fish + +require fd and bat + +#### lfcd +https://github.com/gokcehan/lf/blob/master/etc/lfcd.fish + +### Zsh + +https://yewtu.be/watch?v=ud7YxC33Z3w +https://github.com/jeffreytse/zsh-vi-mode + +How to handle different profiles + +## Pacman packages + +defined in dots file + +arch_packages.yaml + +## Sway + +### swayidle + +https://stackoverflow.com/questions/68694093/how-to-prevent-swayidle-from-execution-while-watching-a-film + +## Greeter + +Ly is a TUI greeter, it will show a terminal based login prompt + +https://github.com/fairyglade/ly + +## ansible + +### auto run archinstall with ansible + +- question: how to overwrite the drive config and set it to auto ? + +https://archinstall.archlinux.page/ + + +## Pistes + +https://github.com/kewlfft/ansible-aur diff --git a/ansible/README.md b/ansible/README.md index a3db1de..c0595b4 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -1,3 +1,8 @@ https://runebook.dev/fr/docs/ansible/collections/community/general/pacman_module https://docs.ansible.com/ansible/2.8/modules/pacman_module.html https://docs.ansible.com/ansible/latest/collections/community/general/pacman_module.html + +## External modules + +https://github.com/kewlfft/ansible-aur/tree/master + diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 151668d..51168e1 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -14,3 +14,4 @@ fact_caching_uri = ./.fact_cache.json [ssh_connection] # when developing on local machine pipelining = True + diff --git a/ansible/arch_packages.json b/ansible/arch_packages.json index 94eb4ba..0b4436d 100644 --- a/ansible/arch_packages.json +++ b/ansible/arch_packages.json @@ -1 +1 @@ -["util-linux", "less", "git", "moreutils", "tmux", "openssh", "base-devel", "moreutils", "fzf", "lf", "ripgrep", "fd", "bat", "pv", "at", "jo", "jq", "fx", "yq", "xsv", "unzip", "unoconv", "pandoc", "libqalculate", "wget", "nmap", "wireguard-tools", "tcpdump", "socat", "rsync", "rclone", "lsof", "w3m", "acpi", "smartmontools", "lshw", "ffmpeg", "imagemagick", "mpv", "yt-dlp", "tesseract", "tesseract-data-fra", "tesseract-data-eng", "gopass", "vim", "helix", "gcc", "make", "jwt-cli", "fish", "dash", "pavucontrol", "wev", "wtype", "wl-clipboard", "wofi", "sway", "swaylock", "swayidle", "cliphist", "firefox-developer-edition", "torbrowser-launcher", "alacritty", "thunderbird", "zathura", "krita", "inkscape", "libreoffice-still", "ttf-font-awesome", "ttf-fira-code"] +["util-linux", "less", "git", "moreutils", "tmux", "openssh", "base-devel", "moreutils", "fzf", "lf", "ripgrep", "fd", "bat", "pv", "at", "jo", "jq", "fx", "yq", "xsv", "unzip", "unoconv", "pandoc", "libqalculate", "wget", "nmap", "wireguard-tools", "tcpdump", "socat", "rsync", "rclone", "lsof", "w3m", "acpi", "smartmontools", "lshw", "dmidecode", "ffmpeg", "imagemagick", "mpv", "yt-dlp", "tesseract", "tesseract-data-fra", "tesseract-data-eng", "gopass", "vim", "helix", "gcc", "make", "cmake", "libxkbcommon", "jwt-cli", "fish", "zoxide", "dash", "pavucontrol", "wev", "wtype", "wl-clipboard", "wofi", "sway", "swaylock", "swayidle", "cliphist", "firefox-developer-edition", "torbrowser-launcher", "alacritty", "thunderbird", "zathura", "krita", "inkscape", "libreoffice-still", "ttf-font-awesome", "ttf-fira-code"] diff --git a/ansible/arch_packages.yaml b/ansible/arch_packages.yaml index 713bbb5..a4aebd2 100644 --- a/ansible/arch_packages.yaml +++ b/ansible/arch_packages.yaml @@ -54,6 +54,8 @@ categories: - acpi - smartmontools # monitor drive (SSD) health - lshw + - dmidecode # to list memory slots + - usbutils multimedia: - ffmpeg @@ -74,6 +76,9 @@ categories: c: - gcc - make + - cmake + - libxkbcommon + http_utils: - jwt-cli @@ -81,6 +86,7 @@ categories: shell: - fish - aur/fish-fzf + - zoxide - name: dash desc: Simple POSIX compliant shell @@ -109,6 +115,7 @@ categories: browser: - firefox-developer-edition - torbrowser-launcher + - aur/brave-bin terminal_emulator: - alacritty mail: diff --git a/vm_tools/archinstall-configs/user_configuration.json b/ansible/archinstall_configs/user_configuration.json similarity index 100% rename from vm_tools/archinstall-configs/user_configuration.json rename to ansible/archinstall_configs/user_configuration.json diff --git a/vm_tools/archinstall-configs/user_credentials.json b/ansible/archinstall_configs/user_credentials.json similarity index 100% rename from vm_tools/archinstall-configs/user_credentials.json rename to ansible/archinstall_configs/user_credentials.json diff --git a/ansible/requirements.yml b/ansible/requirements.yml new file mode 100644 index 0000000..052506b --- /dev/null +++ b/ansible/requirements.yml @@ -0,0 +1,2 @@ +collections: + - name: kewlfft.aur diff --git a/ansible/roles/aur/tasks/main.yaml b/ansible/roles/aur/tasks/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/run_ansible_playbook.sh b/ansible/run_ansible_playbook.sh index 4ef00be..1905ab1 100755 --- a/ansible/run_ansible_playbook.sh +++ b/ansible/run_ansible_playbook.sh @@ -5,14 +5,22 @@ base="$(realpath $(dirname "$0"))" export ANSIBLE_CACHE_PLUGIN=jsonfile export ANSIBLE_CONFIG=$base/ansible.cfg +#export ANSIBLE_DEBUG=1 +export ANSIBLE_LOG_PATH=ansible_run.log cd $base python3 parse_arch_packages.py > arch_packages.json cd $workdir +rm $base/vm_files +ln -s $workdir $base/vm_files + ansible-playbook $base/workstation.yaml \ - --ask-become-pass \ + -v \ -u "mbess" \ -i "$base/inventory.yaml" \ - --ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -i ./sshkey" \ - --extra-vars "@$base/vars.yaml" + --ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -i ./master_sshkey" \ + --extra-vars "@$workdir/vars.yaml" \ + --extra-vars "ansible_sudo_pass=root" \ + --start-at-task "Create the aur_builder user" + diff --git a/ansible/run_ansible_playbook_initial_install.sh b/ansible/run_ansible_playbook_initial_install.sh new file mode 100755 index 0000000..6b2bf8e --- /dev/null +++ b/ansible/run_ansible_playbook_initial_install.sh @@ -0,0 +1,18 @@ +#!/usr/bin/sh + +workdir="$(pwd)" +base="$(realpath $(dirname "$0"))" + +export ANSIBLE_CACHE_PLUGIN=jsonfile +export ANSIBLE_CONFIG=$base/ansible.cfg + +cd $base +python3 parse_arch_packages.py > arch_packages.json +cd $workdir + +ansible-playbook $base/workstation_initial_install.yaml \ + --ask-become-pass \ + -u "mbess" \ + -i "$base/inventory.yaml" \ + --ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -i ./master_sshkey" \ + --extra-vars "@$base/vars.yaml" diff --git a/ansible/templates/ssh_config b/ansible/templates/ssh_config new file mode 100644 index 0000000..11c8b17 --- /dev/null +++ b/ansible/templates/ssh_config @@ -0,0 +1,4 @@ +Host forge.lefuturiste.fr + user git + IdentitiesOnly yes + IdentityFile ~/.ssh/{{ device_name }}_generic_key_ed25519 diff --git a/ansible/vars.yaml b/ansible/vars.yaml index 1396519..6cbc968 100644 --- a/ansible/vars.yaml +++ b/ansible/vars.yaml @@ -1,4 +1,2 @@ user: mbess -foo: barladladsl device_name: grayblower - diff --git a/ansible/vm_files b/ansible/vm_files new file mode 120000 index 0000000..6215164 --- /dev/null +++ b/ansible/vm_files @@ -0,0 +1 @@ +/home/mbess/workspace/monakhos/sandbox_vms/vm1 \ No newline at end of file diff --git a/ansible/workstation.yaml b/ansible/workstation.yaml index 6b23e3e..1a785c9 100644 --- a/ansible/workstation.yaml +++ b/ansible/workstation.yaml @@ -1,13 +1,28 @@ - hosts: workstation - gather_facts: False + gather_facts: True vars: + home: /home/{{ user }} config_files: + - dir: fish + name: config.fish - dir: tmux name: tmux.conf - dir: alacritty name: alacritty.toml - dir: wofi name: style.css + - dir: sway + name: config + - dir: helix + name: config.toml + - dir: i3status-rust + name: config.toml + - dir: git + name: config + - dir: nvim + name: init.lua + - dir: nvim + name: lua # lua dir tasks: - name: Init arch block: @@ -15,51 +30,131 @@ path: /home/mbess/.workstation_setup_state state: touch - copy: content="2024-05-20T11:28:07.552Z c385e8f1-9f34-47d3-9155-0cc1f04c4550" dest=/home/mbess/.workstation_setup_state - - name: Install some packages + + - name: Update pacman repo + become: true + community.general.pacman: + update_cache: true + upgrade: true + + - name: Install some basic packages become: true community.general.pacman: name: - - jq - - fx - - jo - - yq + - archlinux-keyring + + - name: Init pacman keyring + become: true + # complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date) + block: + - stat: + path: "{{ home }}/.cache/monakhos/pacman_key_state" + register: pacman_key_state_stat + - when: pacman_key_state_stat.stat.exists + slurp: + src: "{{ home }}/.cache/monakhos/pacman_key_state" + register: pacman_key_state + - when: pacman_key_state.content is defined + name: "pacman key state debug 1" + debug: + msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}" + - when: not pacman_key_state_stat.stat.exists + block: + - shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux" + - shell: "mkdir -p ~/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state" + + - name: Install some basic packages + become: true + community.general.pacman: + name: + - cliphist - name: Install packages from YAML files (excluding AUR) become: true community.general.pacman: name: "{{ lookup('file', 'arch_packages.json') | from_json }}" # the python script will return a list of packages - # - name: Install yay, an AUR helper - + # TODO: put pre-generated sshkeys + + # - name: Install yay, an AUR helper + # + - name: Copy pre-generated ssh keys + block: + - copy: + src: ./vm_files/remote_key + dest: "{{ home }}/.ssh/{{ device_name }}_generic_key_ed25519" + mode: u=rw,g=,o= + - copy: + src: ./vm_files/remote_key.pub + dest: "{{ home }}/.ssh/{{ device_name }}_generic_key_ed25519.pub" + mode: u=rw,g=,o= + + - name: Config git + template: + src: ssh_config + dest: "{{ home }}/.ssh/config" + owner: "{{ user }}" + mode: u=rw,g=,o= + + - name: Clone dots file + git: + repo: "git@forge.lefuturiste.fr:mbess/dots.git" + dest: "{{ home }}/.dots" - - name: Clone books sources - ansible.builtin.git: - repo: "git@forge.lefuturiste.fr:mbess/books-sources.git" - dest: /home/mbess/workspace/books_sources - name: Setup config directories file: - path: "/home/mbess/.config/{{ item.dir }}" + path: "{{ home }}/.config/{{ item.dir }}" state: directory recurse: true loop: "{{ config_files }}" + - name: Setup symbolic links to config files file: - src: "/home/mbess/.dots/config/{{ item.dir }}/{{ item.name }}" - dest: "/home/mbess/.config/{{ item.dir }}/{{ item.name }}" + src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}" + dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}" state: link loop: "{{ config_files }}" + - name: Setup main popequer notebook include_role: name: popequer_notebook - name: Setup quick notes folder file: - path: "/home/mbess/.hidden/quick_notes/" + path: "{{ home }}/.hidden/quick_notes/" state: directory recurse: true - name: Setup temporary secrets folder (cookies jar) file: - path: "/home/mbess/.cache/secrets/" + path: "{{ home }}/.cache/secrets/" state: directory recurse: true + - name: Create the aur_builder user + become: yes + ansible.builtin.user: + name: aur_builder + create_home: yes + group: wheel + + - name: Allow the `aur_builder` user to run `sudo pacman` without a password + become: yes + ansible.builtin.lineinfile: + path: /etc/sudoers.d/11-install-aur_builder + line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman' + create: yes + mode: 0644 + validate: 'visudo -cf %s' + + - name: Install yay using makepkg + kewlfft.aur.aur: + name: yay + use: makepkg + state: present + become: yes + become_user: aur_builder + + # - name: Clone books sources + # ansible.builtin.git: + # repo: "git@forge.lefuturiste.fr:mbess/books-sources.git" + # dest: /home/mbess/workspace/books_sources diff --git a/ansible/workstation_initial_install.yaml b/ansible/workstation_initial_install.yaml new file mode 100644 index 0000000..d3be9ab --- /dev/null +++ b/ansible/workstation_initial_install.yaml @@ -0,0 +1,10 @@ +- hosts: workstation + gather_facts: False + vars: {} + tasks: + - name: Copy arch install config files + copy: + src: /users/rolando/myfile + dest: /users/rolando/myfile + + diff --git a/vm_tools/install_vm.sh b/vm_tools/install_vm.sh new file mode 100755 index 0000000..b802d1d --- /dev/null +++ b/vm_tools/install_vm.sh @@ -0,0 +1,11 @@ +#!/usr/bin/sh + +export OS_IMAGE_PATH="/mnt/extramedia3/mbess/os_images/arch/2024-05-01/archlinux-2024.05.01-x86_64.iso" +export RUN_VM_EXTRA_ARGS="-cdrom $OS_IMAGE_PATH" + +base="$(realpath $(dirname "$0"))" + +echo "Installing OS" + +$base/run_vm.sh main.qcow + diff --git a/vm_tools/run_vm.sh b/vm_tools/run_vm.sh index a8d0df0..2ade60d 100755 --- a/vm_tools/run_vm.sh +++ b/vm_tools/run_vm.sh @@ -1,15 +1,9 @@ #!/usr/bin/sh - # -cdrom /mnt/extramedia3/mbess/os_images/arch/2024-05-01/archlinux-2024.05.01-x86_64.iso \ - # - #-hdb secondary.qcow \ - # - # -spice unix=on,addr=/tmp/vm_monakhos.spice.socket,disable-ticketing=on \ - echo "Launching vm" qemu-system-x86_64 \ - -hda main.qcow \ + -hda $1 \ -boot order=d \ -m 2G \ -accel kvm \ @@ -21,4 +15,6 @@ qemu-system-x86_64 \ -spice addr=127.0.0.1,port=4354,disable-ticketing=on \ -net user,hostfwd=tcp::2222-:22 \ -net nic \ + -D ./log.txt \ + $RUN_VM_EXTRA_ARGS