mbess/monakhos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity

feat: copy static configs from dotsfiles repo

Browse source
This commit is contained in:
Matthieu Bessat 2025-10-01 10:17:47 +02:00 committed by Matthieu Bessat
parent 79b7ff8241
commit c4112b56bb
10 changed files with 454 additions and 218 deletions
Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -116,3 +116,10 @@ You need to keep updated the known hosts in your profiles to not have this info
## triage
The master ssh key is used by the controller to authenticate to the ssh server of the target device.
## architecture
- Monakhos base
- Monakhos profile perso/pro
- Dots base
- Dots desktop

5
TODO.md
View file

@ -22,3 +22,8 @@
- [x] packages: add `texlive-langfrench`, `texlive-binextra`
- Find a replacement software for mepo
- Mepo is hard to install because it depend on zig, zig build breaks often
- Either fix the AUR package (byinstallBT
- Possible issues:
- dependency on aur.archlinux.org, can give 503 sometimes

380
ansible/_saved_workstation.yaml Normal file
View file

@ -0,0 +1,380 @@
- hosts: workstation
gather_facts: True
vars:
home: /home/{{ user }}
systemd_services:
system: []
user:
- name: "hourly_remainder"
enabled: true
timer: true
- name: "cliphist"
enabled: true
- name: "kanshi"
enabled: true
- name: "gammastep"
enabled: true
- name: "swaybg"
enabled: true
config_files:
- dir: fish
name: config.fish
- dir: tmux
name: tmux.conf
- dir: alacritty
name: alacritty.toml
- dir: wofi
name: style.css
- dir: kanshi
name: config
- dir: sway
name: config
- dir: helix
name: config.toml
- dir: i3status-rust
name: config.toml
- dir: git
name: config
- dir: nvim
name: init.lua
- dir: nvim
name: lua # lua dir
# for desktop notifications
- dir: dunst
name: dunstrc
tasks:
- name: Init arch
block:
- file:
path: /home/mbess/.monakhos
state: touch
- copy:
content: "{\"monakhos\": {\"date\": \"{{ ansible_date_time.iso8601 }}\", \"device_name\":\"{{ device_name }}\", \"enabled_profiles\":{{ enabled_profiles | to_json }} }}\n"
dest: "{{ home }}/.monakhos"
- name: Change hostname
become: true
hostname:
name: "{{ device_name }}"
- name: Update pacman repo
become: true
community.general.pacman:
update_cache: true
upgrade: true
- name: Install some basic packages
become: true
community.general.pacman:
name:
- archlinux-keyring
- git
- openssh
- name: "Configure to auto load some kernel modules at boot"
become: true
copy:
content: "# managed by monakhos\ni2c-dev\n"
dest: "/etc/modules-load.d/auto.conf"
- name: Setup SSH client
include_role:
name: ssh
- name: Init pacman keyring
become: true
# complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date)
block:
- stat:
path: "{{ home }}/.cache/monakhos/pacman_key_state"
register: pacman_key_state_stat
- when: pacman_key_state_stat.stat.exists
slurp:
src: "{{ home }}/.cache/monakhos/pacman_key_state"
register: pacman_key_state
- when: pacman_key_state.content is defined
name: "pacman key state debug 1"
debug:
msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}"
- when: not pacman_key_state_stat.stat.exists
block:
- shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux"
- shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state"
# AUR SETUP
- name: Create the aur_builder user
become: yes
ansible.builtin.user:
name: aur_builder
create_home: yes
group: wheel
- name: Allow the `aur_builder` user to run `sudo pacman` without a password
become: yes
ansible.builtin.lineinfile:
path: /etc/sudoers.d/11-install-aur_builder
line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
create: yes
mode: 0644
validate: 'visudo -cf %s'
- name: Install yay
include_role:
name: aur
vars:
packages:
- yay-bin
- name: Stub
file:
path: "{{ home }}/.stub"
state: touch
# INSTALL essentials packages from YAML
- name: Install essentials non-AUR packages
become: true
community.general.pacman:
name: "{{ lookup('pipe', ('cat packages/essentials/arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install essentials AUR packages
include_role:
name: aur
vars:
packages: "{{ lookup('pipe', ('cat packages/essentials/arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install sway
include_role:
name: sway
# Install essentials tools with UV
- name: Install essentials global tools (Python packages)
include_role:
name: uv_tools
with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"
# DOTS
- name: Clone dots file
git:
key_file: "{{ home }}/.ssh/{{ device_name }}_perso_generic_ed25519"
repo: "git@forge.lefuturiste.fr:mbess/dots.git"
dest: "{{ home }}/.dots"
- name: Setup DNS and unbound
include_role:
name: dns
- name: Symbolic link to user .profile
file:
src: "{{ home }}/.profile"
dest: "{{ home }}/.dots/config/.profile"
state: link
force: true
- name: Setup config directories
file:
path: "{{ home }}/.config/{{ item.dir }}"
state: directory
recurse: true
loop: "{{ config_files }}"
- name: Setup symbolic links to config files
file:
src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}"
dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}"
state: link
force: true
loop: "{{ config_files }}"
- name: Set default shell
become: true
user:
name: "{{ user }}"
shell: /usr/bin/fish
- name: Add user to useful group (docker)
become: true
user:
name: "{{ user }}"
groups: ["docker"]
- name: Create machine.fish
template:
src: fish/machine.fish
dest: "{{ home }}/.config/fish/machine.fish"
- name: Setup xremap
include_role:
name: xremap
# SYSTEMD user services
- name: Setup systemd user services folder
file:
path: "{{ home }}/.config/systemd/user"
state: directory
recurse: true
- name: Setup user units
loop: "{{ systemd_services.user }}"
when: "item.from is not defined"
template:
src: "systemd/user/{{ item.name }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
vars:
service_params: "{{ item.params }}"
- name: Setup user unit with from
loop: "{{ systemd_services.user }}"
when: "item.from is defined"
template:
src: "systemd/user/{{ item.from }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
vars:
service_params: "{{ item.params }}"
- name: Setup user timers
loop: "{{ systemd_services.user }}"
when: "item.timer is defined and item.timer"
template:
src: "systemd/user/{{ item.name }}.timer"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer"
- name: Enable some systemd user services
when: "item.enabled is defined and item.enabled"
loop: "{{ systemd_services.user }}"
systemd_service:
daemon_reload: true
scope: user
name: "{{ item.name }}"
state: started
enabled: true
- name: Enable some systemd user timers
when: "item.timer is defined and item.timer"
loop: "{{ systemd_services.user }}"
systemd_service:
scope: user
name: "{{ item.name }}.timer"
state: started
enabled: true
# OTHERS
- name: Setup triage folder
file:
path: "{{ home }}/triage"
state: directory
recurse: true
- name: Setup quick notes folder
file:
path: "{{ home }}/quick/notes"
state: directory
recurse: true
- name: Setup quick docs folder
file:
path: "{{ home }}/quick/docs"
state: directory
recurse: true
- name: Setup quick screenshot folder
file:
path: "{{ home }}/quick/screenshots"
state: directory
recurse: true
- name: Setup long-term local secrets
file:
path: "{{ home }}/.local/secrets"
state: directory
recurse: true
- name: Setup directory to contains local root CA
file:
path: "{{ home }}/.local/secrets/root_ca"
state: directory
recurse: true
- name: Setup temporary secrets folder
file:
path: "{{ home }}/.cache/secrets"
state: directory
recurse: true
- name: Setup vaults dir gpg home
file:
path: "{{ home }}/.vaults/gpg-homes"
state: directory
recurse: true
- name: Setup vaults dir store unixpass
file:
path: "{{ home }}/.vaults/pass"
state: directory
recurse: true
- name: Setup workspace folder
file:
path: "{{ home }}/workspace"
state: directory
recurse: true
- name: Enable bluetooth service
become: true
ansible.builtin.systemd_service:
name: bluetooth
state: started
enabled: true
- name: Setup wofi link
become: true
file:
src: "/usr/bin/wofi"
dest: "/usr/bin/rofi"
state: link
- name: Setup apps dir
file:
path: "{{ home }}/.apps"
state: directory
recurse: true
- name: Setup default browser link
file:
src: /usr/bin/librewolf
dest: "{{ home }}/.apps/browser"
state: link
force: true
- name: Set default browser
include_role:
name: xdg_browser
vars:
default_browser: librewolf
- name: Patch desktop entries for wayland
include_role:
name: wayland_fixer
# Initialize Workspaces
- name: Clone general programming snippets
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/snippets.git"
dest: /home/mbess/workspace/snippets
- name: Clone monakhos
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/monakhos.git"
dest: /home/mbess/workspace/monakhos
# INSTALL extra packages from YAML
- name: Install extra non-AUR packages
become: true
community.general.pacman:
name: "{{ lookup('pipe', ('cat packages/extra/arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install extra AUR packages
include_role:
name: aur
vars:
packages: "{{ lookup('pipe', ('cat packages/extra/arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install extra global tools (Python packages)
include_role:
name: uv_tools
with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"

7
ansible/packages/essentials/arch_packages.yaml
View file

@ -433,6 +433,8 @@ common:
- aur/ungoogled-chromium-bin
terminal_emulator:
- alacritty
- name: lsix
description: Command to show image in the terminal
mail:
- thunderbird
communication:
@ -471,8 +473,7 @@ common:
3d: {}
bureautique:
- libreoffice-still
geo:
- aur/mepo
geo: {}
vcs:
git: {}
db:
@ -483,7 +484,7 @@ common:
- aur/remmina-plugin-rdesktop
_:
- name: aur/screen-message
description: Utility to write in big on the screen
description: Utility to write big text on the screen
inspection:
- wireshark-qt
editor:

13
ansible/roles/dotsfiles/tasks/copy_config_file.yaml Normal file
View file

@ -0,0 +1,13 @@
- name: Debug configuration file infos
ansible.builtin.debug:
var: "config"
- name: Create directory
ansible.builtin.file:
path: "{{ (home + '/' + config['dest']) | dirname }}"
state: directory
recurse: true
- name: Copy files
ansible.builtin.copy:
src: "{{ dotsfiles_repo_path.stdout }}/confs/src/{{ config['src'] }}"
force: true
dest: "{{ home }}/{{ config['dest'] }}"

6
ansible/roles/dotsfiles/tasks/install_configs.yaml Normal file
View file

@ -0,0 +1,6 @@
- name: Copy single file
ansible.builtin.include_tasks:
file: copy_config_file.yaml
loop_control:
loop_var: config
with_items: "{{ config_map.static_files_copy }}"

21
ansible/roles/dotsfiles/tasks/main.yaml Normal file
View file

@ -0,0 +1,21 @@
- name: Setup repo directory
file:
path: "{{ home }}/.dotsfiles"
state: directory
recurse: false
- name: echo dotsfiles path
command: "echo {{ home }}/.dotsfiles/{{ dotsfiles_repo_name }}"
register: dotsfiles_repo_path
- name: Clone dotsfiles repo
ansible.builtin.git:
repo: "{{ dotsfiles_repo_url }}"
dest: "{{ dotsfiles_repo_path.stdout }}"
- name: Read config map
ansible.builtin.slurp:
src: "{{ dotsfiles_repo_path.stdout }}/confs/config_map.yaml"
register: dotsfiles_map_yaml
- name: Install configs from config map
ansible.builtin.include_tasks:
file: install_configs.yaml
vars:
config_map: "{{ (dotsfiles_map_yaml.content | b64decode | from_yaml).config_map }}"

6
ansible/run_ansible_playbook.sh
View file

@ -13,7 +13,11 @@ export ANSIBLE_LOG_PATH=ansible_run.log
rm $base/vm_files
ln -s $workdir $base/vm_files
ansible-playbook $base/workstation.yaml \
export ANSIBLE_PLAYBOOK="${ANSIBLE_PLAYBOOK:-workstation.yaml}"
playbookPath="$base/$ANSIBLE_PLAYBOOK"
ansible-playbook $playbookPath \
-vvvvv \
--ask-become-pass \
-i "inventory.yaml" \

13
ansible/setup_dotsfiles.yaml Normal file
View file

@ -0,0 +1,13 @@
- hosts: workstation
gather_facts: False
vars:
home: /home/{{ user }}
tasks:
- name: Setup dotsfile (copy)
include_role:
name: dotsfiles
vars:
dotsfiles_repo_name: "{{ item.name }}"
dotsfiles_repo_url: "{{ item.repo_url }}"
with_items: "{{ dotsfiles_repos }}"

214
ansible/workstation.yaml
View file

@ -2,46 +2,6 @@
gather_facts: True
vars:
home: /home/{{ user }}
systemd_services:
system: []
user:
- name: "hourly_remainder"
enabled: true
timer: true
- name: "cliphist"
enabled: true
- name: "kanshi"
enabled: true
- name: "gammastep"
enabled: true
- name: "swaybg"
enabled: true
config_files:
- dir: fish
name: config.fish
- dir: tmux
name: tmux.conf
- dir: alacritty
name: alacritty.toml
- dir: wofi
name: style.css
- dir: kanshi
name: config
- dir: sway
name: config
- dir: helix
name: config.toml
- dir: i3status-rust
name: config.toml
- dir: git
name: config
- dir: nvim
name: init.lua
- dir: nvim
name: lua # lua dir
# for desktop notifications
- dir: dunst
name: dunstrc
tasks:
- name: Init arch
block:
@ -154,39 +114,6 @@
name: uv_tools
with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"
# DOTS
- name: Clone dots file
git:
key_file: "{{ home }}/.ssh/{{ device_name }}_perso_generic_ed25519"
repo: "git@forge.lefuturiste.fr:mbess/dots.git"
dest: "{{ home }}/.dots"
- name: Setup DNS and unbound
include_role:
name: dns
- name: Symbolic link to user .profile
file:
src: "{{ home }}/.profile"
dest: "{{ home }}/.dots/config/.profile"
state: link
force: true
- name: Setup config directories
file:
path: "{{ home }}/.config/{{ item.dir }}"
state: directory
recurse: true
loop: "{{ config_files }}"
- name: Setup symbolic links to config files
file:
src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}"
dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}"
state: link
force: true
loop: "{{ config_files }}"
- name: Set default shell
become: true
user:
@ -199,132 +126,6 @@
name: "{{ user }}"
groups: ["docker"]
- name: Create machine.fish
template:
src: fish/machine.fish
dest: "{{ home }}/.config/fish/machine.fish"
- name: Setup xremap
include_role:
name: xremap
# SYSTEMD user services
- name: Setup systemd user services folder
file:
path: "{{ home }}/.config/systemd/user"
state: directory
recurse: true
- name: Setup user units
loop: "{{ systemd_services.user }}"
when: "item.from is not defined"
template:
src: "systemd/user/{{ item.name }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
vars:
service_params: "{{ item.params }}"
- name: Setup user unit with from
loop: "{{ systemd_services.user }}"
when: "item.from is defined"
template:
src: "systemd/user/{{ item.from }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
vars:
service_params: "{{ item.params }}"
- name: Setup user timers
loop: "{{ systemd_services.user }}"
when: "item.timer is defined and item.timer"
template:
src: "systemd/user/{{ item.name }}.timer"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer"
- name: Enable some systemd user services
when: "item.enabled is defined and item.enabled"
loop: "{{ systemd_services.user }}"
systemd_service:
daemon_reload: true
scope: user
name: "{{ item.name }}"
state: started
enabled: true
- name: Enable some systemd user timers
when: "item.timer is defined and item.timer"
loop: "{{ systemd_services.user }}"
systemd_service:
scope: user
name: "{{ item.name }}.timer"
state: started
enabled: true
# OTHERS
- name: Setup triage folder
file:
path: "{{ home }}/triage"
state: directory
recurse: true
- name: Setup quick notes folder
file:
path: "{{ home }}/quick/notes"
state: directory
recurse: true
- name: Setup quick docs folder
file:
path: "{{ home }}/quick/docs"
state: directory
recurse: true
- name: Setup quick screenshot folder
file:
path: "{{ home }}/quick/screenshots"
state: directory
recurse: true
- name: Setup long-term local secrets
file:
path: "{{ home }}/.local/secrets"
state: directory
recurse: true
- name: Setup directory to contains local root CA
file:
path: "{{ home }}/.local/secrets/root_ca"
state: directory
recurse: true
- name: Setup temporary secrets folder
file:
path: "{{ home }}/.cache/secrets"
state: directory
recurse: true
- name: Setup vaults dir gpg home
file:
path: "{{ home }}/.vaults/gpg-homes"
state: directory
recurse: true
- name: Setup vaults dir store unixpass
file:
path: "{{ home }}/.vaults/pass"
state: directory
recurse: true
- name: Setup workspace folder
file:
path: "{{ home }}/workspace"
state: directory
recurse: true
- name: Enable bluetooth service
become: true
ansible.builtin.systemd_service:
name: bluetooth
state: started
enabled: true
- name: Setup wofi link
become: true
file:
src: "/usr/bin/wofi"
dest: "/usr/bin/rofi"
state: link
- name: Setup apps dir
file:
path: "{{ home }}/.apps"
@ -344,20 +145,6 @@
vars:
default_browser: librewolf
- name: Patch desktop entries for wayland
include_role:
name: wayland_fixer
# Initialize Workspaces
- name: Clone general programming snippets
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/snippets.git"
dest: /home/mbess/workspace/snippets
- name: Clone monakhos
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/monakhos.git"
dest: /home/mbess/workspace/monakhos
# INSTALL extra packages from YAML
- name: Install extra non-AUR packages
become: true
@ -377,4 +164,3 @@
name: uv_tools
with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"