This commit is contained in:
Matthieu Bessat 2024-05-26 22:17:13 +02:00
parent e61fe7e3f7
commit a0ea7b0a3f
18 changed files with 366 additions and 30 deletions

180
README.md Normal file
View file

@ -0,0 +1,180 @@
# MonakhOS: My general workstation environment
Code name given on 2024-05-16 : "MonakhOS"
Architecture:
- Sway
- A single `venv` in dots containing all utilities and libs
## Ansible
https://github.com/id101010/ansible-archlinux
## Getting started with a VM (qemu)
Cd in `sandbox_vms/vm1`
Create the QCow base image.
../../ansible/run_ansible_playbook.sh base.img
Run the image, use remmina to install with archinstall.
With Archinstall add:
- desktop profile
- sway
- ly greeter
- networkmanager
Create snapshot to be able to quickly restart the ansible script with a clean image
qemu-img create -f qcow2 -b base.img -F qcow2 after_arch_install.img
qemu-img create -f qcow2 -b after_arch_install.img -F qcow2 after_ssh_init.img
qemu-img create -f qcow2 -b after_ssh_init.img -F qcow2 ready_for_ansible.img
## Steps to install
- find a new name for the device eg. blackjack
- connect to wifi
- enable ssh server to access it from the exterior
- generate ssh key
- add sshkey to forge.lefuturiste.fr
### Generate a unprotected default ssh key
```
ssh-keygen -t ed25519 -C "mbess@blackjack"
```
no passphrase
> ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length and the -b flag will be ignored.
### Configure ~/.ssh/config
```
# set as default
IdentityFile ~/.ssh/unprotected_ed25519
Host *
ServerAliveInterval 40
Host forge.lefuturiste.fr
user git
IdentitiesOnly yes
IdentityFile ~/.ssh/unprotected_ed25519
Host aur.archlinux.org
IdentityFile ~/.ssh/id_aur
User aur
```
### Clone dots
```
cd ~
git clone git@forge.lefuturiste.fr:mbess/dots .dots
```
```
cd ~/.dots
python3 -m venv venv
pip install -r requirements.txt
# create symbolic link to access dots
ln -s ~/.dots ~/dots
```
### install yay
```
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si
```
### configure Zsh
https://wiki.archlinux.org/title/Zsh
### configure xremap
sudo systemctl daemon-reload
sudo systemctl enable --now xremap
### Import and configure GPG keys
### Configure unix password manager
using `extra/gopass`
### Setup symbolic links to configs files
run the script `setup_dot.sh`
## Shell
### Fish
#### install fisher
https://github.com/jorgebucaran/fisher
use `fisher package`
#### fzf fish
https://github.com/PatrickF1/fzf.fish
require fd and bat
#### lfcd
https://github.com/gokcehan/lf/blob/master/etc/lfcd.fish
### Zsh
https://yewtu.be/watch?v=ud7YxC33Z3w
https://github.com/jeffreytse/zsh-vi-mode
How to handle different profiles
## Pacman packages
defined in dots file
arch_packages.yaml
## Sway
### swayidle
https://stackoverflow.com/questions/68694093/how-to-prevent-swayidle-from-execution-while-watching-a-film
## Greeter
Ly is a TUI greeter, it will show a terminal based login prompt
https://github.com/fairyglade/ly
## ansible
### auto run archinstall with ansible
- question: how to overwrite the drive config and set it to auto ?
https://archinstall.archlinux.page/
## Pistes
https://github.com/kewlfft/ansible-aur

View file

@ -1,3 +1,8 @@
https://runebook.dev/fr/docs/ansible/collections/community/general/pacman_module https://runebook.dev/fr/docs/ansible/collections/community/general/pacman_module
https://docs.ansible.com/ansible/2.8/modules/pacman_module.html https://docs.ansible.com/ansible/2.8/modules/pacman_module.html
https://docs.ansible.com/ansible/latest/collections/community/general/pacman_module.html https://docs.ansible.com/ansible/latest/collections/community/general/pacman_module.html
## External modules
https://github.com/kewlfft/ansible-aur/tree/master

View file

@ -14,3 +14,4 @@ fact_caching_uri = ./.fact_cache.json
[ssh_connection] [ssh_connection]
# when developing on local machine # when developing on local machine
pipelining = True pipelining = True

View file

@ -1 +1 @@
["util-linux", "less", "git", "moreutils", "tmux", "openssh", "base-devel", "moreutils", "fzf", "lf", "ripgrep", "fd", "bat", "pv", "at", "jo", "jq", "fx", "yq", "xsv", "unzip", "unoconv", "pandoc", "libqalculate", "wget", "nmap", "wireguard-tools", "tcpdump", "socat", "rsync", "rclone", "lsof", "w3m", "acpi", "smartmontools", "lshw", "ffmpeg", "imagemagick", "mpv", "yt-dlp", "tesseract", "tesseract-data-fra", "tesseract-data-eng", "gopass", "vim", "helix", "gcc", "make", "jwt-cli", "fish", "dash", "pavucontrol", "wev", "wtype", "wl-clipboard", "wofi", "sway", "swaylock", "swayidle", "cliphist", "firefox-developer-edition", "torbrowser-launcher", "alacritty", "thunderbird", "zathura", "krita", "inkscape", "libreoffice-still", "ttf-font-awesome", "ttf-fira-code"] ["util-linux", "less", "git", "moreutils", "tmux", "openssh", "base-devel", "moreutils", "fzf", "lf", "ripgrep", "fd", "bat", "pv", "at", "jo", "jq", "fx", "yq", "xsv", "unzip", "unoconv", "pandoc", "libqalculate", "wget", "nmap", "wireguard-tools", "tcpdump", "socat", "rsync", "rclone", "lsof", "w3m", "acpi", "smartmontools", "lshw", "dmidecode", "ffmpeg", "imagemagick", "mpv", "yt-dlp", "tesseract", "tesseract-data-fra", "tesseract-data-eng", "gopass", "vim", "helix", "gcc", "make", "cmake", "libxkbcommon", "jwt-cli", "fish", "zoxide", "dash", "pavucontrol", "wev", "wtype", "wl-clipboard", "wofi", "sway", "swaylock", "swayidle", "cliphist", "firefox-developer-edition", "torbrowser-launcher", "alacritty", "thunderbird", "zathura", "krita", "inkscape", "libreoffice-still", "ttf-font-awesome", "ttf-fira-code"]

View file

@ -54,6 +54,8 @@ categories:
- acpi - acpi
- smartmontools # monitor drive (SSD) health - smartmontools # monitor drive (SSD) health
- lshw - lshw
- dmidecode # to list memory slots
- usbutils
multimedia: multimedia:
- ffmpeg - ffmpeg
@ -74,6 +76,9 @@ categories:
c: c:
- gcc - gcc
- make - make
- cmake
- libxkbcommon
http_utils: http_utils:
- jwt-cli - jwt-cli
@ -81,6 +86,7 @@ categories:
shell: shell:
- fish - fish
- aur/fish-fzf - aur/fish-fzf
- zoxide
- name: dash - name: dash
desc: Simple POSIX compliant shell desc: Simple POSIX compliant shell
@ -109,6 +115,7 @@ categories:
browser: browser:
- firefox-developer-edition - firefox-developer-edition
- torbrowser-launcher - torbrowser-launcher
- aur/brave-bin
terminal_emulator: terminal_emulator:
- alacritty - alacritty
mail: mail:

2
ansible/requirements.yml Normal file
View file

@ -0,0 +1,2 @@
collections:
- name: kewlfft.aur

View file

View file

@ -5,14 +5,22 @@ base="$(realpath $(dirname "$0"))"
export ANSIBLE_CACHE_PLUGIN=jsonfile export ANSIBLE_CACHE_PLUGIN=jsonfile
export ANSIBLE_CONFIG=$base/ansible.cfg export ANSIBLE_CONFIG=$base/ansible.cfg
#export ANSIBLE_DEBUG=1
export ANSIBLE_LOG_PATH=ansible_run.log
cd $base cd $base
python3 parse_arch_packages.py > arch_packages.json python3 parse_arch_packages.py > arch_packages.json
cd $workdir cd $workdir
rm $base/vm_files
ln -s $workdir $base/vm_files
ansible-playbook $base/workstation.yaml \ ansible-playbook $base/workstation.yaml \
--ask-become-pass \ -v \
-u "mbess" \ -u "mbess" \
-i "$base/inventory.yaml" \ -i "$base/inventory.yaml" \
--ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -i ./sshkey" \ --ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -i ./master_sshkey" \
--extra-vars "@$base/vars.yaml" --extra-vars "@$workdir/vars.yaml" \
--extra-vars "ansible_sudo_pass=root" \
--start-at-task "Create the aur_builder user"

View file

@ -0,0 +1,18 @@
#!/usr/bin/sh
workdir="$(pwd)"
base="$(realpath $(dirname "$0"))"
export ANSIBLE_CACHE_PLUGIN=jsonfile
export ANSIBLE_CONFIG=$base/ansible.cfg
cd $base
python3 parse_arch_packages.py > arch_packages.json
cd $workdir
ansible-playbook $base/workstation_initial_install.yaml \
--ask-become-pass \
-u "mbess" \
-i "$base/inventory.yaml" \
--ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -i ./master_sshkey" \
--extra-vars "@$base/vars.yaml"

View file

@ -0,0 +1,4 @@
Host forge.lefuturiste.fr
user git
IdentitiesOnly yes
IdentityFile ~/.ssh/{{ device_name }}_generic_key_ed25519

View file

@ -1,4 +1,2 @@
user: mbess user: mbess
foo: barladladsl
device_name: grayblower device_name: grayblower

1
ansible/vm_files Symbolic link
View file

@ -0,0 +1 @@
/home/mbess/workspace/monakhos/sandbox_vms/vm1

View file

@ -1,13 +1,28 @@
- hosts: workstation - hosts: workstation
gather_facts: False gather_facts: True
vars: vars:
home: /home/{{ user }}
config_files: config_files:
- dir: fish
name: config.fish
- dir: tmux - dir: tmux
name: tmux.conf name: tmux.conf
- dir: alacritty - dir: alacritty
name: alacritty.toml name: alacritty.toml
- dir: wofi - dir: wofi
name: style.css name: style.css
- dir: sway
name: config
- dir: helix
name: config.toml
- dir: i3status-rust
name: config.toml
- dir: git
name: config
- dir: nvim
name: init.lua
- dir: nvim
name: lua # lua dir
tasks: tasks:
- name: Init arch - name: Init arch
block: block:
@ -15,51 +30,131 @@
path: /home/mbess/.workstation_setup_state path: /home/mbess/.workstation_setup_state
state: touch state: touch
- copy: content="2024-05-20T11:28:07.552Z c385e8f1-9f34-47d3-9155-0cc1f04c4550" dest=/home/mbess/.workstation_setup_state - copy: content="2024-05-20T11:28:07.552Z c385e8f1-9f34-47d3-9155-0cc1f04c4550" dest=/home/mbess/.workstation_setup_state
- name: Install some packages
- name: Update pacman repo
become: true
community.general.pacman:
update_cache: true
upgrade: true
- name: Install some basic packages
become: true become: true
community.general.pacman: community.general.pacman:
name: name:
- jq - archlinux-keyring
- fx
- jo - name: Init pacman keyring
- yq become: true
# complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date)
block:
- stat:
path: "{{ home }}/.cache/monakhos/pacman_key_state"
register: pacman_key_state_stat
- when: pacman_key_state_stat.stat.exists
slurp:
src: "{{ home }}/.cache/monakhos/pacman_key_state"
register: pacman_key_state
- when: pacman_key_state.content is defined
name: "pacman key state debug 1"
debug:
msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}"
- when: not pacman_key_state_stat.stat.exists
block:
- shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux"
- shell: "mkdir -p ~/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state"
- name: Install some basic packages
become: true
community.general.pacman:
name:
- cliphist
- name: Install packages from YAML files (excluding AUR) - name: Install packages from YAML files (excluding AUR)
become: true become: true
community.general.pacman: community.general.pacman:
name: "{{ lookup('file', 'arch_packages.json') | from_json }}" # the python script will return a list of packages name: "{{ lookup('file', 'arch_packages.json') | from_json }}" # the python script will return a list of packages
# TODO: put pre-generated sshkeys
# - name: Install yay, an AUR helper # - name: Install yay, an AUR helper
#
- name: Copy pre-generated ssh keys
block:
- copy:
src: ./vm_files/remote_key
dest: "{{ home }}/.ssh/{{ device_name }}_generic_key_ed25519"
mode: u=rw,g=,o=
- copy:
src: ./vm_files/remote_key.pub
dest: "{{ home }}/.ssh/{{ device_name }}_generic_key_ed25519.pub"
mode: u=rw,g=,o=
- name: Config git
template:
src: ssh_config
dest: "{{ home }}/.ssh/config"
owner: "{{ user }}"
mode: u=rw,g=,o=
- name: Clone dots file
git:
repo: "git@forge.lefuturiste.fr:mbess/dots.git"
dest: "{{ home }}/.dots"
- name: Clone books sources
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
dest: /home/mbess/workspace/books_sources
- name: Setup config directories - name: Setup config directories
file: file:
path: "/home/mbess/.config/{{ item.dir }}" path: "{{ home }}/.config/{{ item.dir }}"
state: directory state: directory
recurse: true recurse: true
loop: "{{ config_files }}" loop: "{{ config_files }}"
- name: Setup symbolic links to config files - name: Setup symbolic links to config files
file: file:
src: "/home/mbess/.dots/config/{{ item.dir }}/{{ item.name }}" src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}"
dest: "/home/mbess/.config/{{ item.dir }}/{{ item.name }}" dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}"
state: link state: link
loop: "{{ config_files }}" loop: "{{ config_files }}"
- name: Setup main popequer notebook - name: Setup main popequer notebook
include_role: include_role:
name: popequer_notebook name: popequer_notebook
- name: Setup quick notes folder - name: Setup quick notes folder
file: file:
path: "/home/mbess/.hidden/quick_notes/" path: "{{ home }}/.hidden/quick_notes/"
state: directory state: directory
recurse: true recurse: true
- name: Setup temporary secrets folder (cookies jar) - name: Setup temporary secrets folder (cookies jar)
file: file:
path: "/home/mbess/.cache/secrets/" path: "{{ home }}/.cache/secrets/"
state: directory state: directory
recurse: true recurse: true
- name: Create the aur_builder user
become: yes
ansible.builtin.user:
name: aur_builder
create_home: yes
group: wheel
- name: Allow the `aur_builder` user to run `sudo pacman` without a password
become: yes
ansible.builtin.lineinfile:
path: /etc/sudoers.d/11-install-aur_builder
line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
create: yes
mode: 0644
validate: 'visudo -cf %s'
- name: Install yay using makepkg
kewlfft.aur.aur:
name: yay
use: makepkg
state: present
become: yes
become_user: aur_builder
# - name: Clone books sources
# ansible.builtin.git:
# repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
# dest: /home/mbess/workspace/books_sources

View file

@ -0,0 +1,10 @@
- hosts: workstation
gather_facts: False
vars: {}
tasks:
- name: Copy arch install config files
copy:
src: /users/rolando/myfile
dest: /users/rolando/myfile

11
vm_tools/install_vm.sh Executable file
View file

@ -0,0 +1,11 @@
#!/usr/bin/sh
export OS_IMAGE_PATH="/mnt/extramedia3/mbess/os_images/arch/2024-05-01/archlinux-2024.05.01-x86_64.iso"
export RUN_VM_EXTRA_ARGS="-cdrom $OS_IMAGE_PATH"
base="$(realpath $(dirname "$0"))"
echo "Installing OS"
$base/run_vm.sh main.qcow

View file

@ -1,15 +1,9 @@
#!/usr/bin/sh #!/usr/bin/sh
# -cdrom /mnt/extramedia3/mbess/os_images/arch/2024-05-01/archlinux-2024.05.01-x86_64.iso \
#
#-hdb secondary.qcow \
#
# -spice unix=on,addr=/tmp/vm_monakhos.spice.socket,disable-ticketing=on \
echo "Launching vm" echo "Launching vm"
qemu-system-x86_64 \ qemu-system-x86_64 \
-hda main.qcow \ -hda $1 \
-boot order=d \ -boot order=d \
-m 2G \ -m 2G \
-accel kvm \ -accel kvm \
@ -21,4 +15,6 @@ qemu-system-x86_64 \
-spice addr=127.0.0.1,port=4354,disable-ticketing=on \ -spice addr=127.0.0.1,port=4354,disable-ticketing=on \
-net user,hostfwd=tcp::2222-:22 \ -net user,hostfwd=tcp::2222-:22 \
-net nic \ -net nic \
-D ./log.txt \
$RUN_VM_EXTRA_ARGS