diff --git a/INSTALL.md b/INSTALL.md new file mode 100644 index 0000000..2623667 --- /dev/null +++ b/INSTALL.md @@ -0,0 +1,10 @@ +# Installation procedure + +- Choose hostname eg. lambdacov +- Create folder `target/lambdacov` +- Create master ssh key + - `ssh-keygen -t ed25519 -C "mbess@lambdacov" -f lambdacov_perso_generic_ed25519` +- Create host key eg. lambdacov_perso_generic_ed25519: +- Add public key `lambdacov_perso_generic_ed25519` key to forge.lefuturiste.fr +- Populate vars.yaml, choose the profile +- run ansible playbook diff --git a/TODO.md b/TODO.md index 09a72dc..b624492 100644 --- a/TODO.md +++ b/TODO.md @@ -7,6 +7,8 @@ - add cargo global packages, like `pads` -- packages - - add kanshi, dynamic wayland output manager - - add smbutils +- [ ] configure kanshi + +- [ ] battery notify https://github.com/cdown/battery-notify + +- configure password management diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 51168e1..fd11bb9 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,5 +1,4 @@ [defaults] -remote_user = root #nocows = True gathering = smart fact_caching = jsonfile diff --git a/ansible/arch_packages.yaml b/ansible/arch_packages.yaml index 9e572bd..a922309 100644 --- a/ansible/arch_packages.yaml +++ b/ansible/arch_packages.yaml @@ -1,8 +1,6 @@ categories: base: - util-linux - - man-pages - - man-db - less - git - tmux @@ -13,6 +11,8 @@ categories: desc: The best to connect to remote server! - name: python-pipx desc: To install python stuff + - name: pacman-contrib + desc: Include pactree libs: - protobuf @@ -35,6 +35,8 @@ categories: network: - sshfs - unbound + - networkmanager-openvpn + - openfortivpn keymap: - aur/xkb-qwerty-fr @@ -48,13 +50,20 @@ categories: _: - bat - plantuml - - tldr - desc: Env loader, export env variables from dotenv file in shell scripts name: aur/zenv + backup: + - borg + docs: + - man-pages + - man-db + - tldr + - zeal finder: - fzf - ripgrep - fd + - exa unix: - moreutils - rlwrap @@ -144,6 +153,8 @@ categories: # httrack https://www.kali.org/tools/httrack/ fs: - lsof + - name: ncdu + desc: Disk usage explorer tui: browser: - w3m @@ -177,8 +188,9 @@ categories: - qrencode - newsboat - security: + password: - gopass + - pass virtualization: - qemu-base @@ -199,6 +211,7 @@ categories: - aur/litecli editor: - vim + - neovim - helix c: - gcc @@ -243,8 +256,7 @@ categories: - zoxide - name: dash desc: Simple POSIX compliant shell - - - name: aur/shellcheck-bin + - name: shellcheck desc: Static analyzer for shell script audio: diff --git a/ansible/pip_packages.yaml b/ansible/pip_packages.yaml index c6f270e..8728709 100644 --- a/ansible/pip_packages.yaml +++ b/ansible/pip_packages.yaml @@ -6,3 +6,4 @@ base: - xkcd-pass - azlyrics2 - yewtube + - lesspass diff --git a/ansible/run_ansible_playbook.sh b/ansible/run_ansible_playbook.sh index eab9767..0c34def 100755 --- a/ansible/run_ansible_playbook.sh +++ b/ansible/run_ansible_playbook.sh @@ -1,5 +1,7 @@ #!/usr/bin/sh +set -x + workdir="$(pwd)" base="$(realpath $(dirname "$0"))" @@ -25,5 +27,5 @@ ansible-playbook $base/workstation.yaml \ -i "inventory.yaml" \ --ssh-extra-args "-o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 22 -i ./master_sshkey" \ --extra-vars "@$workdir/vars.yaml" \ - $@ + "$@" diff --git a/ansible/vm_files b/ansible/vm_files index 56c26cf..6ac37f8 120000 --- a/ansible/vm_files +++ b/ansible/vm_files @@ -1 +1 @@ -/mnt/extramedia3/mbess/workspace/monakhos/target/blackjack \ No newline at end of file +/mnt/extramedia3/mbess/workspace/monakhos/target/lambdacov \ No newline at end of file diff --git a/ansible/workstation.yaml b/ansible/workstation.yaml index 90accd2..8886381 100644 --- a/ansible/workstation.yaml +++ b/ansible/workstation.yaml @@ -11,22 +11,29 @@ params: ssh_uri: "mbess@srv06.mbess.net:/warmd/mbess" mount_path: "{{ home }}/.mnt/srv06/warmd/mbess" + profile: perso - from: "mount_sshfs" name: "mount_sshfs_srv06_warmd_etb" enabled: true params: ssh_uri: "mbess@srv06.mbess.net:/warmd/etoiledebethleem" mount_path: "{{ home }}/.mnt/srv06/warmd/etb" + profile: perso - name: "popequer_gitwatch@" + profile: all - name: "hourly_remainder" enabled: true timer: true + profile: all - name: "cliphist" enabled: true + profile: all - name: "gammastep" enabled: true + profile: all - name: "swaybg" enabled: true + profile: all config_files: - dir: fish name: config.fish @@ -36,6 +43,8 @@ name: alacritty.toml - dir: wofi name: style.css + - dir: kanshi + name: config - dir: sway name: config - dir: helix @@ -57,7 +66,25 @@ - file: path: /home/mbess/.workstation_setup_state state: touch - - copy: content="2024-05-20T11:28:07.552Z c385e8f1-9f34-47d3-9155-0cc1f04c4550" dest=/home/mbess/.workstation_setup_state + - copy: + content: "{\"monakhos\": {\"date\": \"{{ ansible_date_time.iso8601 }}\", \"name\":\"{{ device_name }}\", \"profile\":\"{{ profile }}\"}\n" + dest: "{{ home }}/.workstation_setup_state" + - become: yes + become_user: "{{ user }}" + file: + path: "{{ home }}/.monakhos_mbess" + state: touch + + - name: Change hostname + hostname: + name: "{{ device_name }}" + + - name: Setup ssh dir + file: + path: "{{ home }}/.ssh" + state: directory + recurse: true + owner: "{{ user }}" - name: Update pacman repo become: true @@ -128,6 +155,7 @@ # DOTS - name: Clone dots file git: + key_file: "{{ home }}/.ssh/{{ device_name }}_perso_generic_ed25519" repo: "git@forge.lefuturiste.fr:mbess/dots.git" dest: "{{ home }}/.dots" @@ -152,6 +180,7 @@ src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}" dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}" state: link + force: true loop: "{{ config_files }}" - name: Set default shell @@ -215,7 +244,7 @@ - name: Setup user units loop: "{{ systemd_services.user }}" - when: "item.from is not defined" + when: "item.from is not defined and (item.profile == 'all' or item.profile == profile)" template: src: "systemd/user/{{ item.name }}.service" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" @@ -263,6 +292,7 @@ path: "{{ home }}/.mnt/{{ item }}" state: directory recurse: true + when: "profile == 'perso'" loop: - srv06/warmd/mbess - srv06/coldd/mbess @@ -292,6 +322,16 @@ path: "{{ home }}/.cache/secrets/" state: directory recurse: true + - name: Setup vaults dir gpg home + file: + path: "{{ home }}/.vaults/gpg-homes" + state: directory + recurse: true + - name: Setup vaults dir store unixpass + file: + path: "{{ home }}/.vaults/pass" + state: directory + recurse: true - name: Setup main popequer notebook include_role: @@ -314,6 +354,7 @@ ansible.builtin.git: repo: "git@forge.lefuturiste.fr:mbess/books-sources.git" dest: /home/mbess/workspace/books_sources + when: "profile == 'perso'" - name: Clone snippets space ansible.builtin.git: repo: "git@forge.lefuturiste.fr:mbess/snippets.git" @@ -332,3 +373,7 @@ repo: "git@forge.lefuturiste.fr:mbess/monakhos.git" dest: /home/mbess/workspace/monakhos + - name: Setup OpenFortiVPN + when: 'profile == "pro"' + include_role: + name: openfortivpn diff --git a/ansible/archinstall_configs/user_configuration.json b/archinstall_configs/user_configuration.json similarity index 100% rename from ansible/archinstall_configs/user_configuration.json rename to archinstall_configs/user_configuration.json diff --git a/ansible/archinstall_configs/user_credentials.json b/archinstall_configs/user_credentials.json similarity index 100% rename from ansible/archinstall_configs/user_credentials.json rename to archinstall_configs/user_credentials.json