mbess/monakhos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity

feat: copy static configs from dotsfiles repo

Browse source
This commit is contained in:
Matthieu Bessat 2025-10-01 10:17:47 +02:00 committed by Matthieu Bessat
parent 79b7ff8241
commit c4112b56bb
10 changed files with 454 additions and 218 deletions
Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -116,3 +116,10 @@ You need to keep updated the known hosts in your profiles to not have this info
## triage ## triage
The master ssh key is used by the controller to authenticate to the ssh server of the target device. The master ssh key is used by the controller to authenticate to the ssh server of the target device.
## architecture
- Monakhos base
- Monakhos profile perso/pro
- Dots base
- Dots desktop

5
TODO.md
View file

@ -22,3 +22,8 @@
- [x] packages: add `texlive-langfrench`, `texlive-binextra` - [x] packages: add `texlive-langfrench`, `texlive-binextra`
- Find a replacement software for mepo
- Mepo is hard to install because it depend on zig, zig build breaks often
- Either fix the AUR package (byinstallBT
- Possible issues:
- dependency on aur.archlinux.org, can give 503 sometimes

380
ansible/_saved_workstation.yaml Normal file
View file

@ -0,0 +1,380 @@
- hosts: workstation
gather_facts: True
vars:
home: /home/{{ user }}
systemd_services:
system: []
user:
- name: "hourly_remainder"
enabled: true
timer: true
- name: "cliphist"
enabled: true
- name: "kanshi"
enabled: true
- name: "gammastep"
enabled: true
- name: "swaybg"
enabled: true
config_files:
- dir: fish
name: config.fish
- dir: tmux
name: tmux.conf
- dir: alacritty
name: alacritty.toml
- dir: wofi
name: style.css
- dir: kanshi
name: config
- dir: sway
name: config
- dir: helix
name: config.toml
- dir: i3status-rust
name: config.toml
- dir: git
name: config
- dir: nvim
name: init.lua
- dir: nvim
name: lua # lua dir
# for desktop notifications
- dir: dunst
name: dunstrc
tasks:
- name: Init arch
block:
- file:
path: /home/mbess/.monakhos
state: touch
- copy:
content: "{\"monakhos\": {\"date\": \"{{ ansible_date_time.iso8601 }}\", \"device_name\":\"{{ device_name }}\", \"enabled_profiles\":{{ enabled_profiles | to_json }} }}\n"
dest: "{{ home }}/.monakhos"
- name: Change hostname
become: true
hostname:
name: "{{ device_name }}"
- name: Update pacman repo
become: true
community.general.pacman:
update_cache: true
upgrade: true
- name: Install some basic packages
become: true
community.general.pacman:
name:
- archlinux-keyring
- git
- openssh
- name: "Configure to auto load some kernel modules at boot"
become: true
copy:
content: "# managed by monakhos\ni2c-dev\n"
dest: "/etc/modules-load.d/auto.conf"
- name: Setup SSH client
include_role:
name: ssh
- name: Init pacman keyring
become: true
# complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date)
block:
- stat:
path: "{{ home }}/.cache/monakhos/pacman_key_state"
register: pacman_key_state_stat
- when: pacman_key_state_stat.stat.exists
slurp:
src: "{{ home }}/.cache/monakhos/pacman_key_state"
register: pacman_key_state
- when: pacman_key_state.content is defined
name: "pacman key state debug 1"
debug:
msg: "{{ pacman_key_state.content | b64decode | to_datetime('%Y-%m-%d') }}"
- when: not pacman_key_state_stat.stat.exists
block:
- shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux"
- shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state"
# AUR SETUP
- name: Create the aur_builder user
become: yes
ansible.builtin.user:
name: aur_builder
create_home: yes
group: wheel
- name: Allow the `aur_builder` user to run `sudo pacman` without a password
become: yes
ansible.builtin.lineinfile:
path: /etc/sudoers.d/11-install-aur_builder
line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
create: yes
mode: 0644
validate: 'visudo -cf %s'
- name: Install yay
include_role:
name: aur
vars:
packages:
- yay-bin
- name: Stub
file:
path: "{{ home }}/.stub"
state: touch
# INSTALL essentials packages from YAML
- name: Install essentials non-AUR packages
become: true
community.general.pacman:
name: "{{ lookup('pipe', ('cat packages/essentials/arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install essentials AUR packages
include_role:
name: aur
vars:
packages: "{{ lookup('pipe', ('cat packages/essentials/arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install sway
include_role:
name: sway
# Install essentials tools with UV
- name: Install essentials global tools (Python packages)
include_role:
name: uv_tools
with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"
# DOTS
- name: Clone dots file
git:
key_file: "{{ home }}/.ssh/{{ device_name }}_perso_generic_ed25519"
repo: "git@forge.lefuturiste.fr:mbess/dots.git"
dest: "{{ home }}/.dots"
- name: Setup DNS and unbound
include_role:
name: dns
- name: Symbolic link to user .profile
file:
src: "{{ home }}/.profile"
dest: "{{ home }}/.dots/config/.profile"
state: link
force: true
- name: Setup config directories
file:
path: "{{ home }}/.config/{{ item.dir }}"
state: directory
recurse: true
loop: "{{ config_files }}"
- name: Setup symbolic links to config files
file:
src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}"
dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}"
state: link
force: true
loop: "{{ config_files }}"
- name: Set default shell
become: true
user:
name: "{{ user }}"
shell: /usr/bin/fish
- name: Add user to useful group (docker)
become: true
user:
name: "{{ user }}"
groups: ["docker"]
- name: Create machine.fish
template:
src: fish/machine.fish
dest: "{{ home }}/.config/fish/machine.fish"
- name: Setup xremap
include_role:
name: xremap
# SYSTEMD user services
- name: Setup systemd user services folder
file:
path: "{{ home }}/.config/systemd/user"
state: directory
recurse: true
- name: Setup user units
loop: "{{ systemd_services.user }}"
when: "item.from is not defined"
template:
src: "systemd/user/{{ item.name }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
vars:
service_params: "{{ item.params }}"
- name: Setup user unit with from
loop: "{{ systemd_services.user }}"
when: "item.from is defined"
template:
src: "systemd/user/{{ item.from }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
vars:
service_params: "{{ item.params }}"
- name: Setup user timers
loop: "{{ systemd_services.user }}"
when: "item.timer is defined and item.timer"
template:
src: "systemd/user/{{ item.name }}.timer"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer"
- name: Enable some systemd user services
when: "item.enabled is defined and item.enabled"
loop: "{{ systemd_services.user }}"
systemd_service:
daemon_reload: true
scope: user
name: "{{ item.name }}"
state: started
enabled: true
- name: Enable some systemd user timers
when: "item.timer is defined and item.timer"
loop: "{{ systemd_services.user }}"
systemd_service:
scope: user
name: "{{ item.name }}.timer"
state: started
enabled: true
# OTHERS
- name: Setup triage folder
file:
path: "{{ home }}/triage"
state: directory
recurse: true
- name: Setup quick notes folder
file:
path: "{{ home }}/quick/notes"
state: directory
recurse: true
- name: Setup quick docs folder
file:
path: "{{ home }}/quick/docs"
state: directory
recurse: true
- name: Setup quick screenshot folder
file:
path: "{{ home }}/quick/screenshots"
state: directory
recurse: true
- name: Setup long-term local secrets
file:
path: "{{ home }}/.local/secrets"
state: directory
recurse: true
- name: Setup directory to contains local root CA
file:
path: "{{ home }}/.local/secrets/root_ca"
state: directory
recurse: true
- name: Setup temporary secrets folder
file:
path: "{{ home }}/.cache/secrets"
state: directory
recurse: true
- name: Setup vaults dir gpg home
file:
path: "{{ home }}/.vaults/gpg-homes"
state: directory
recurse: true
- name: Setup vaults dir store unixpass
file:
path: "{{ home }}/.vaults/pass"
state: directory
recurse: true
- name: Setup workspace folder
file:
path: "{{ home }}/workspace"
state: directory
recurse: true
- name: Enable bluetooth service
become: true
ansible.builtin.systemd_service:
name: bluetooth
state: started
enabled: true
- name: Setup wofi link
become: true
file:
src: "/usr/bin/wofi"
dest: "/usr/bin/rofi"
state: link
- name: Setup apps dir
file:
path: "{{ home }}/.apps"
state: directory
recurse: true
- name: Setup default browser link
file:
src: /usr/bin/librewolf
dest: "{{ home }}/.apps/browser"
state: link
force: true
- name: Set default browser
include_role:
name: xdg_browser
vars:
default_browser: librewolf
- name: Patch desktop entries for wayland
include_role:
name: wayland_fixer
# Initialize Workspaces
- name: Clone general programming snippets
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/snippets.git"
dest: /home/mbess/workspace/snippets
- name: Clone monakhos
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/monakhos.git"
dest: /home/mbess/workspace/monakhos
# INSTALL extra packages from YAML
- name: Install extra non-AUR packages
become: true
community.general.pacman:
name: "{{ lookup('pipe', ('cat packages/extra/arch_packages.yaml | python3 parse_arch_packages.py ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install extra AUR packages
include_role:
name: aur
vars:
packages: "{{ lookup('pipe', ('cat packages/extra/arch_packages.yaml | python3 parse_arch_packages.py --aur ' + item)) | from_json }}"
with_items: "{{ packages_categories }}"
- name: Install extra global tools (Python packages)
include_role:
name: uv_tools
with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"

7
ansible/packages/essentials/arch_packages.yaml
View file

@ -433,6 +433,8 @@ common:
- aur/ungoogled-chromium-bin - aur/ungoogled-chromium-bin
terminal_emulator: terminal_emulator:
- alacritty - alacritty
- name: lsix
description: Command to show image in the terminal
mail: mail:
- thunderbird - thunderbird
communication: communication:
@ -471,8 +473,7 @@ common:
3d: {} 3d: {}
bureautique: bureautique:
- libreoffice-still - libreoffice-still
geo: geo: {}
- aur/mepo
vcs: vcs:
git: {} git: {}
db: db:
@ -483,7 +484,7 @@ common:
- aur/remmina-plugin-rdesktop - aur/remmina-plugin-rdesktop
_: _:
- name: aur/screen-message - name: aur/screen-message
description: Utility to write in big on the screen description: Utility to write big text on the screen
inspection: inspection:
- wireshark-qt - wireshark-qt
editor: editor:

13
ansible/roles/dotsfiles/tasks/copy_config_file.yaml Normal file
View file

@ -0,0 +1,13 @@
- name: Debug configuration file infos
ansible.builtin.debug:
var: "config"
- name: Create directory
ansible.builtin.file:
path: "{{ (home + '/' + config['dest']) | dirname }}"
state: directory
recurse: true
- name: Copy files
ansible.builtin.copy:
src: "{{ dotsfiles_repo_path.stdout }}/confs/src/{{ config['src'] }}"
force: true
dest: "{{ home }}/{{ config['dest'] }}"

6
ansible/roles/dotsfiles/tasks/install_configs.yaml Normal file
View file

@ -0,0 +1,6 @@
- name: Copy single file
ansible.builtin.include_tasks:
file: copy_config_file.yaml
loop_control:
loop_var: config
with_items: "{{ config_map.static_files_copy }}"

21
ansible/roles/dotsfiles/tasks/main.yaml Normal file
View file

@ -0,0 +1,21 @@
- name: Setup repo directory
file:
path: "{{ home }}/.dotsfiles"
state: directory
recurse: false
- name: echo dotsfiles path
command: "echo {{ home }}/.dotsfiles/{{ dotsfiles_repo_name }}"
register: dotsfiles_repo_path
- name: Clone dotsfiles repo
ansible.builtin.git:
repo: "{{ dotsfiles_repo_url }}"
dest: "{{ dotsfiles_repo_path.stdout }}"
- name: Read config map
ansible.builtin.slurp:
src: "{{ dotsfiles_repo_path.stdout }}/confs/config_map.yaml"
register: dotsfiles_map_yaml
- name: Install configs from config map
ansible.builtin.include_tasks:
file: install_configs.yaml
vars:
config_map: "{{ (dotsfiles_map_yaml.content | b64decode | from_yaml).config_map }}"

6
ansible/run_ansible_playbook.sh
View file

@ -13,7 +13,11 @@ export ANSIBLE_LOG_PATH=ansible_run.log
rm $base/vm_files rm $base/vm_files
ln -s $workdir $base/vm_files ln -s $workdir $base/vm_files
ansible-playbook $base/workstation.yaml \ export ANSIBLE_PLAYBOOK="${ANSIBLE_PLAYBOOK:-workstation.yaml}"
playbookPath="$base/$ANSIBLE_PLAYBOOK"
ansible-playbook $playbookPath \
-vvvvv \ -vvvvv \
--ask-become-pass \ --ask-become-pass \
-i "inventory.yaml" \ -i "inventory.yaml" \

13
ansible/setup_dotsfiles.yaml Normal file
View file

@ -0,0 +1,13 @@
- hosts: workstation
gather_facts: False
vars:
home: /home/{{ user }}
tasks:
- name: Setup dotsfile (copy)
include_role:
name: dotsfiles
vars:
dotsfiles_repo_name: "{{ item.name }}"
dotsfiles_repo_url: "{{ item.repo_url }}"
with_items: "{{ dotsfiles_repos }}"

214
ansible/workstation.yaml
View file

@ -2,46 +2,6 @@
gather_facts: True gather_facts: True
vars: vars:
home: /home/{{ user }} home: /home/{{ user }}
systemd_services:
system: []
user:
- name: "hourly_remainder"
enabled: true
timer: true
- name: "cliphist"
enabled: true
- name: "kanshi"
enabled: true
- name: "gammastep"
enabled: true
- name: "swaybg"
enabled: true
config_files:
- dir: fish
name: config.fish
- dir: tmux
name: tmux.conf
- dir: alacritty
name: alacritty.toml
- dir: wofi
name: style.css
- dir: kanshi
name: config
- dir: sway
name: config
- dir: helix
name: config.toml
- dir: i3status-rust
name: config.toml
- dir: git
name: config
- dir: nvim
name: init.lua
- dir: nvim
name: lua # lua dir
# for desktop notifications
- dir: dunst
name: dunstrc
tasks: tasks:
- name: Init arch - name: Init arch
block: block:
@ -154,39 +114,6 @@
name: uv_tools name: uv_tools
with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}" with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"
# DOTS
- name: Clone dots file
git:
key_file: "{{ home }}/.ssh/{{ device_name }}_perso_generic_ed25519"
repo: "git@forge.lefuturiste.fr:mbess/dots.git"
dest: "{{ home }}/.dots"
- name: Setup DNS and unbound
include_role:
name: dns
- name: Symbolic link to user .profile
file:
src: "{{ home }}/.profile"
dest: "{{ home }}/.dots/config/.profile"
state: link
force: true
- name: Setup config directories
file:
path: "{{ home }}/.config/{{ item.dir }}"
state: directory
recurse: true
loop: "{{ config_files }}"
- name: Setup symbolic links to config files
file:
src: "{{ home }}/.dots/config/{{ item.dir }}/{{ item.name }}"
dest: "{{ home }}/.config/{{ item.dir }}/{{ item.name }}"
state: link
force: true
loop: "{{ config_files }}"
- name: Set default shell - name: Set default shell
become: true become: true
user: user:
@ -199,132 +126,6 @@
name: "{{ user }}" name: "{{ user }}"
groups: ["docker"] groups: ["docker"]
- name: Create machine.fish
template:
src: fish/machine.fish
dest: "{{ home }}/.config/fish/machine.fish"
- name: Setup xremap
include_role:
name: xremap
# SYSTEMD user services
- name: Setup systemd user services folder
file:
path: "{{ home }}/.config/systemd/user"
state: directory
recurse: true
- name: Setup user units
loop: "{{ systemd_services.user }}"
when: "item.from is not defined"
template:
src: "systemd/user/{{ item.name }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
vars:
service_params: "{{ item.params }}"
- name: Setup user unit with from
loop: "{{ systemd_services.user }}"
when: "item.from is defined"
template:
src: "systemd/user/{{ item.from }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
vars:
service_params: "{{ item.params }}"
- name: Setup user timers
loop: "{{ systemd_services.user }}"
when: "item.timer is defined and item.timer"
template:
src: "systemd/user/{{ item.name }}.timer"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer"
- name: Enable some systemd user services
when: "item.enabled is defined and item.enabled"
loop: "{{ systemd_services.user }}"
systemd_service:
daemon_reload: true
scope: user
name: "{{ item.name }}"
state: started
enabled: true
- name: Enable some systemd user timers
when: "item.timer is defined and item.timer"
loop: "{{ systemd_services.user }}"
systemd_service:
scope: user
name: "{{ item.name }}.timer"
state: started
enabled: true
# OTHERS
- name: Setup triage folder
file:
path: "{{ home }}/triage"
state: directory
recurse: true
- name: Setup quick notes folder
file:
path: "{{ home }}/quick/notes"
state: directory
recurse: true
- name: Setup quick docs folder
file:
path: "{{ home }}/quick/docs"
state: directory
recurse: true
- name: Setup quick screenshot folder
file:
path: "{{ home }}/quick/screenshots"
state: directory
recurse: true
- name: Setup long-term local secrets
file:
path: "{{ home }}/.local/secrets"
state: directory
recurse: true
- name: Setup directory to contains local root CA
file:
path: "{{ home }}/.local/secrets/root_ca"
state: directory
recurse: true
- name: Setup temporary secrets folder
file:
path: "{{ home }}/.cache/secrets"
state: directory
recurse: true
- name: Setup vaults dir gpg home
file:
path: "{{ home }}/.vaults/gpg-homes"
state: directory
recurse: true
- name: Setup vaults dir store unixpass
file:
path: "{{ home }}/.vaults/pass"
state: directory
recurse: true
- name: Setup workspace folder
file:
path: "{{ home }}/workspace"
state: directory
recurse: true
- name: Enable bluetooth service
become: true
ansible.builtin.systemd_service:
name: bluetooth
state: started
enabled: true
- name: Setup wofi link
become: true
file:
src: "/usr/bin/wofi"
dest: "/usr/bin/rofi"
state: link
- name: Setup apps dir - name: Setup apps dir
file: file:
path: "{{ home }}/.apps" path: "{{ home }}/.apps"
@ -344,20 +145,6 @@
vars: vars:
default_browser: librewolf default_browser: librewolf
- name: Patch desktop entries for wayland
include_role:
name: wayland_fixer
# Initialize Workspaces
- name: Clone general programming snippets
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/snippets.git"
dest: /home/mbess/workspace/snippets
- name: Clone monakhos
ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/monakhos.git"
dest: /home/mbess/workspace/monakhos
# INSTALL extra packages from YAML # INSTALL extra packages from YAML
- name: Install extra non-AUR packages - name: Install extra non-AUR packages
become: true become: true
@ -377,4 +164,3 @@
name: uv_tools name: uv_tools
with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}" with_items: "{{ lookup('pipe', 'cat packages/essentials/python_packages.yaml | python3 parse_arch_packages.py all') | from_json }}"