nix: Common bases

This commit is contained in:
Geoffrey Frogeye 2023-10-22 18:40:02 +02:00
parent 5123cb93a9
commit 0aed911875
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
7 changed files with 76 additions and 280 deletions

View file

@ -1,22 +0,0 @@
- name: Set variables
set_fact:
manjaro: "{{ ansible_lsb.id == 'Manjaro' or ansible_lsb.id == 'Manjaro-ARM' }}"
- name: Enable passwordless sudo access to wheel group (Others)
lineinfile:
path: /etc/sudoers
line: "%wheel ALL=(ALL) NOPASSWD: ALL"
regexp: "^#? *%wheel ALL=\\(ALL\\) NOPASSWD: ALL$"
become: yes
when: not manjaro
- name: Enable passwordless sudo access to wheel group (Manjaro)
copy:
content: "%wheel ALL=(ALL) NOPASSWD: ALL"
dest: /etc/sudoers.d/11-wheel-nopasswd
mode: "u=rwx,g=rx,o="
when: manjaro
become: yes
# /etc/sudoers.d/10-installer is the same thing,
# but **with** a password, and it's overwritten
# with each upgrade of manjaro-system, hence this.

View file

@ -1,200 +1,4 @@
# TODO Install python if not done
# Or maybe not, it requires a lot of automation for something that can be done
# very quickly manually and is usually already installed
- name: Install python-apt dependency for Termux
block:
# TODO Check if the correct version
- name: Check for DistUtilsExtra (Termux)
command: python -c 'import DistUtilsExtra'
changed_when: False
rescue:
- name: Create temporarty folder for DistUtilsExtra (Termux)
tempfile:
state: directory
suffix: python-distutils-extra
# path: /data/data/com.termux/files/usr/tmp/
register: pde_tempdir
- name: Download DistUtilsExtra (Termux)
get_url:
url: "https://launchpad.net/python-distutils-extra/trunk/{{ version }}/+download/python-distutils-extra-{{ version }}.tar.gz"
dest: "{{ pde_tempdir.path }}/python-distutils-extra.tar.gz"
- name: Extract DistUtilsExtra (Termux)
unarchive:
src: "{{ pde_tempdir.path }}/python-distutils-extra.tar.gz"
remote_src: yes
dest: "{{ pde_tempdir.path }}"
- name: Install DistUtilsExtra (Termux)
command:
cmd: python3 setup.py install
chdir: "{{ pde_tempdir.path }}/python-distutils-extra-{{ version }}"
when: termux
vars:
version: 2.39
- name: Install python-apt (Termux)
pip:
name: python-apt
when: termux
# Collecting python-apt
# Using cached python-apt-0.7.8.tar.bz2 (49 kB)
# ERROR: Command errored out with exit status 1:
# command: /data/data/com.termux/files/usr/bin/python3 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/data/data/com.termux/files/usr/tmp/pip-install-dsga__i7/python-apt/setup.py'"'"'; __file__='"'"'/data/data/com.termux/files/usr/tmp/pip-install-dsga__i7/python-apt/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /data/data/com.termux/files/usr/tmp/pip-pip-egg-info-ptpprl0m
# cwd: /data/data/com.termux/files/usr/tmp/pip-install-dsga__i7/python-apt/
# Complete output (5 lines):
# Traceback (most recent call last):
# File "<string>", line 1, in <module>
# File "/data/data/com.termux/files/usr/tmp/pip-install-dsga__i7/python-apt/setup.py", line 11, in <module>
# string.split(parse_makefile("python/makefile")["APT_PKG_SRC"]))
# AttributeError: module 'string' has no attribute 'split'
# ----------------------------------------
# ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
# WARNING: You are using pip version 20.2.3; however, version 20.3.3 is available.
# You should consider upgrading via the '/data/data/com.termux/files/usr/bin/python3 -m pip install --upgrade pip' command.
# Arch configuration
# TODO Patch sudo-fake so it allows using -u so `become` works
- name: Enable multilib repo
lineinfile:
path: /etc/pacman.conf
regexp: '^#?\s*\[multilib\]$'
line: '[multilib]'
become: yes
when: arch_based and ansible_architecture == "x86_64"
notify: udpate pacman cache
- name: Configure multilib repo
lineinfile:
path: /etc/pacman.conf
regexp: '^#?\s*Include\s*=\s*/etc/pacman.d/mirrorlist'
line: 'Include = /etc/pacman.d/mirrorlist'
insertafter: '^\[multilib\]$'
become: yes
when: arch_based and ansible_architecture == "x86_64"
notify: udpate pacman cache
- name: Update cache if needed
meta: flush_handlers
- name: Install ccache
pacman:
name: ccache
state: present
extra_args: "--asdeps"
become: yes
when: arch_based
- name: Enable makepkg color
replace:
path: /etc/makepkg.conf
regexp: '^BUILDENV=(.+)!color(.+)$'
replace: 'BUILDENV=\1color\2'
become: yes
when: arch_based
- name: Enable makepkg ccache
replace:
path: /etc/makepkg.conf
regexp: '^BUILDENV=(.+)!ccache(.+)$'
replace: 'BUILDENV=\1ccache\2'
become: yes
when: arch_based
- name: Remove -mtune from makepkg CFLAGS
replace:
path: /etc/makepkg.conf
regexp: '^#? *CFLAGS=(.+)-mtune=\S+\s(.*)$'
replace: "CFLAGS=\\1\\2"
become: yes
when: arch_based
- name: Change -march to native from makepkg CFLAGS
replace:
path: /etc/makepkg.conf
regexp: '^#? *CFLAGS=(.+)-march=\S+(\s)(.*)$'
replace: "CFLAGS=\\1-march=native\\2\\3"
become: yes
when: arch_based
- name: Set makepkg MAKEFLAGS
replace:
path: /etc/makepkg.conf
regexp: '^#? *MAKEFLAGS=(.+)-j[0-9]+(.+)$'
replace: "MAKEFLAGS=\\1-j{{ j }}\\2"
become: yes
vars:
j: "{{ [ansible_processor_nproc - 1, 1] | max | int }}"
when: arch_based
- name: Enable pacman ParallelDownloads
lineinfile:
path: /etc/pacman.conf
regexp: '^#?ParallelDownloads'
line: 'ParallelDownloads = 5'
insertafter: '^\[options\]$'
become: yes
when: arch_based
- name: Enable pacman colors
lineinfile:
path: /etc/pacman.conf
regexp: '^#?Color'
line: 'Color'
insertafter: '^\[options\]$'
become: yes
when: arch_based
- name: Enable pacman pac-man
lineinfile:
path: /etc/pacman.conf
regexp: '^#?ILoveCandy'
line: 'ILoveCandy'
insertafter: '^#?Color'
become: yes
when: arch_based
# Install alternative package managers
- name: List packages from base-devel
command: pacman -Sqg base-devel
register: base_devel_packages
changed_when: no
check_mode: no
- name: Install dependencies for AUR helpers
pacman:
name: "{{ (base_devel_packages.stdout | split('\n') | reject('eq', 'sudo')) + ['fakeroot'] }}"
become: yes
when: arch_based
# Do not install sudo because maybe sudo-fake is installed (otherwise it conflicts)
# It should already be installed already anyway
- name: Install AUR package manager (Arch)
aur:
name: yay-bin
when: arch
- name: Install AUR package manager (Manjaro)
pacman:
name: yay
become: yes
when: manjaro
# Not sure if regular Manjaro has yay in its community packages,
# but Manjaro-ARM sure does
- name: Create cache folder
file:
state: directory
mode: "u=rwx,g=rx,o=rx"
path: "{{ ansible_user_dir }}/.cache/automatrop"
- name: Generate list of packages for package manager
set_fact:
packages: "{{ query('template', 'package_manager.j2')[0].split('\n')[:-1]|sort|unique }}"

View file

@ -1,15 +1,5 @@
{# Macros #}
{% if debian_based %}
{% set python_prefix = 'python3' %}
{% set lib_suffix = '-common' %}
{% else %}
{% set python_prefix = 'python' %}
{% set lib_suffix = '' %}
{% endif %}
{# Include essential snippets #}
{% include 'snippets/pm_dotfiles_dependencies.j2' %}
{% include 'snippets/pm_shell.j2' %}
{% include 'snippets/pm_terminal_essentials.j2' %}
{% include 'snippets/pm_remote.j2' %}
{% include 'snippets/pm_disk_cleanup.j2' %}
{% include 'snippets/pm_local_monitoring.j2' %}

View file

@ -1,23 +0,0 @@
{#
Stuff that is required for scripts/programs of dotfiles to work properly
#}
coreutils
bash
grep
sed
tar
openssl
git
wget
curl
{% if not termux %}
{{ python_prefix }}-pip
{# Termux already has pip via Python #}
{% endif %}
ansible
{# Uncompressors #}
unzip
unrar
p7zip
{{ python_prefix }}-pystache
{# EOF #}

View file

@ -1,24 +0,0 @@
moreutils
man
visidata
{% if can_chown or not arch_based %}
insect
{% endif %}
translate-shell
gnupg
{# Editor #}
{% if termux %}
nvim
{% else %}
neovim
{% endif %}
{% if not termux %}
{{ python_prefix }}-neovim
{% endif %}
{# Downloaders #}
wget
{# Uncompressors #}
unzip
unrar
p7zip
{# EOF #}

View file

@ -1,4 +1,5 @@
#/usr/bin/env sh
export NIXPKGS_ALLOW_UNFREE=1
nix-build '<nixpkgs/nixos>' -A vm \
-I nixpkgs=channel:nixos-23.05 \
-I nixos-config=./configuration.nix

View file

@ -13,7 +13,7 @@
# Enable the X11 windowing system
services.xserver.enable = true;
# TODO qwerty-fr for X11
# FIXME qwerty-fr for X11
# Enable CUPS to print documents
services.printing.enable = true;
@ -22,19 +22,63 @@
sound.enable = true;
hardware.pulseaudio.enable = true;
# services.xserver.displayManager.gdm.enable = true;
services.xserver.displayManager.startx.enable = true;
services.xserver.windowManager.i3.enable = true;
# Enable passwordless sudo
security.sudo.extraRules = [
{ groups = ["wheel"]; commands = [ { command = "ALL"; options = ["NOPASSWD"]; } ]; }
];
# Users
users.users.geoffrey = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [
# dotfiles dependencies
coreutils
bash
gnugrep
gnused
gnutar
openssl
git
wget
curl
python3Packages.pip
ansible # TODO Reevaluate
# shell
zsh-completions
nix-zsh-completions
zsh-history-substring-search
antigen # TODO Reevaluate
powerline-go
# terminal essentials
moreutils
man
visidata
nodePackages.insect
translate-shell
unzip
unrar
p7zip
# remote
openssh
rsync
tigervnc # FIXME Only with display server
# DEBUG
firefox
tree
lolcat
];
initialPassword = "cartable";
initialPassword = "cartable"; # DEBUG
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPE41gxrO8oZ5n3saapSwZDViOQphm6RzqgsBUyA88pU geoffrey@frogeye.fr"
];
};
environment.systemPackages = with pkgs; [
@ -42,8 +86,34 @@
wget
];
# Enable the OpenSSH daemon
services.openssh.enable = true;
# Enable compilation cache
programs = {
ccache.enable = true;
# TODO Not enough, see https://nixos.wiki/wiki/CCache.
# Might want to see if it's worth using on NixOS
gnupg.agent.enable = true;
# TODO Below should be user config
zsh = {
enable = true;
autosuggestions.enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
};
neovim = {
enable = true;
defaultEditor = true;
vimAlias = true;
viAlias = true;
};
};
services = {
# Enable the OpenSSH daemon
openssh.enable = true;
getty.autologinUser = "geoffrey"; # DEBUG
};
# TEST
system.copySystemConfiguration = true;