From 1a8502002ab1c422e766c2073f47c2118b48cc28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Geoffrey=20=E2=80=9CFrogeye=E2=80=9D=20Preud=27homme?= Date: Wed, 16 Jun 2021 22:57:18 +0200 Subject: [PATCH] Replaced install-arch with something Ansible! --- config/automatrop/group_vars/all | 6 + .../host_vars/curacao.geoffrey.frogeye.fr | 2 + .../host_vars/pindakaas.geoffrey.frogeye.fr | 1 + config/automatrop/playbooks/default.yml | 4 + .../automatrop/roles/dotfiles/tasks/main.yml | 6 +- .../automatrop/roles/software/tasks/main.yml | 1 + .../snippets/pm_desktop_environment.j2 | 5 +- .../snippets/pm_dotfiles_dependencies.j2 | 1 + .../templates/snippets/pm_local_monitoring.j2 | 3 + .../automatrop/roles/system/files/chrony.conf | 7 + .../roles/system/files/dhcpcd.exit-hook | 5 + .../roles/system/files/getty.service | 2 + .../roles/system/files/wpa_supplicant.service | 3 + .../system/files/xorg/intel_backlight.conf | 5 + .../roles/system/files/xorg/joystick.conf | 8 + .../roles/system/files/xorg/keyboard.conf | 7 + .../roles/system/files/xorg/touchpad.conf | 6 + .../roles/system/handlers/main.yaml | 28 ++ config/automatrop/roles/system/tasks/main.yml | 336 ++++++++++++++++++ .../system/templates/wpa_supplicant.conf.j2 | 90 +++++ config/scripts/install-arch | 2 + 21 files changed, 524 insertions(+), 4 deletions(-) create mode 100644 config/automatrop/roles/system/files/chrony.conf create mode 100644 config/automatrop/roles/system/files/dhcpcd.exit-hook create mode 100644 config/automatrop/roles/system/files/getty.service create mode 100644 config/automatrop/roles/system/files/wpa_supplicant.service create mode 100644 config/automatrop/roles/system/files/xorg/intel_backlight.conf create mode 100644 config/automatrop/roles/system/files/xorg/joystick.conf create mode 100644 config/automatrop/roles/system/files/xorg/keyboard.conf create mode 100644 config/automatrop/roles/system/files/xorg/touchpad.conf create mode 100644 config/automatrop/roles/system/handlers/main.yaml create mode 100644 config/automatrop/roles/system/tasks/main.yml create mode 100644 config/automatrop/roles/system/templates/wpa_supplicant.conf.j2 diff --git a/config/automatrop/group_vars/all b/config/automatrop/group_vars/all index 001e199..0c3a94e 100644 --- a/config/automatrop/group_vars/all +++ b/config/automatrop/group_vars/all @@ -15,3 +15,9 @@ software_full: no # Which additional software to install software_snippets: [] +# If the computer has a battery and we want to use it +has_battery: no + +# Activate numlock by default +auto_numlock: no + diff --git a/config/automatrop/host_vars/curacao.geoffrey.frogeye.fr b/config/automatrop/host_vars/curacao.geoffrey.frogeye.fr index 4108bd9..98d2ba6 100644 --- a/config/automatrop/host_vars/curacao.geoffrey.frogeye.fr +++ b/config/automatrop/host_vars/curacao.geoffrey.frogeye.fr @@ -7,3 +7,5 @@ dev_stuffs: - ansible - docker software_full: yes +has_battery: yes +auto_numlock: yes diff --git a/config/automatrop/host_vars/pindakaas.geoffrey.frogeye.fr b/config/automatrop/host_vars/pindakaas.geoffrey.frogeye.fr index 957619b..a5a06d1 100644 --- a/config/automatrop/host_vars/pindakaas.geoffrey.frogeye.fr +++ b/config/automatrop/host_vars/pindakaas.geoffrey.frogeye.fr @@ -4,3 +4,4 @@ dev_stuffs: - shell - network - ansible +has_battery: yes diff --git a/config/automatrop/playbooks/default.yml b/config/automatrop/playbooks/default.yml index 56c5051..44ce7c9 100644 --- a/config/automatrop/playbooks/default.yml +++ b/config/automatrop/playbooks/default.yml @@ -3,8 +3,12 @@ roles: - role: access tags: access + when: root_access - role: software tags: software + - role: system + tags: system + when: root_access - role: dotfiles tags: dotfiles - role: mnussbaum.base16-builder-ansible # Required for color diff --git a/config/automatrop/roles/dotfiles/tasks/main.yml b/config/automatrop/roles/dotfiles/tasks/main.yml index db9e374..d35a2a2 100644 --- a/config/automatrop/roles/dotfiles/tasks/main.yml +++ b/config/automatrop/roles/dotfiles/tasks/main.yml @@ -4,6 +4,6 @@ dest: "{{ ansible_user_dir }}/.dotfiles" notify: install dotfiles -# - name: Install python dependencies for scripts -# pip: -# requirements: "{{ ansible_user_dir }}/.dotfiles/config/scripts/requirements.txt" +- name: Install python dependencies for scripts + pip: + requirements: "{{ ansible_user_dir }}/.dotfiles/config/scripts/requirements.txt" diff --git a/config/automatrop/roles/software/tasks/main.yml b/config/automatrop/roles/software/tasks/main.yml index b07648d..77243a9 100644 --- a/config/automatrop/roles/software/tasks/main.yml +++ b/config/automatrop/roles/software/tasks/main.yml @@ -115,5 +115,6 @@ # be removed by dependency check. # Current packages will be kept by the meta package use: yay + notify: "software changed" tags: softwarelist when: arch_based and root_access diff --git a/config/automatrop/roles/software/templates/snippets/pm_desktop_environment.j2 b/config/automatrop/roles/software/templates/snippets/pm_desktop_environment.j2 index b7e1ed5..75dd9ea 100644 --- a/config/automatrop/roles/software/templates/snippets/pm_desktop_environment.j2 +++ b/config/automatrop/roles/software/templates/snippets/pm_desktop_environment.j2 @@ -1,7 +1,9 @@ +{# Essential #} firefox +qutebrowser +{# Sound #} pulseaudio pacmixer -zbar {% if arch_based %} ttf-dejavu ttf-twemoji @@ -13,6 +15,7 @@ thunar gedit feh zathura +zbar {% if arch_based %} zathura-pdf-mupdf {% elif debian_based %} diff --git a/config/automatrop/roles/software/templates/snippets/pm_dotfiles_dependencies.j2 b/config/automatrop/roles/software/templates/snippets/pm_dotfiles_dependencies.j2 index 8aec48b..87d4545 100644 --- a/config/automatrop/roles/software/templates/snippets/pm_dotfiles_dependencies.j2 +++ b/config/automatrop/roles/software/templates/snippets/pm_dotfiles_dependencies.j2 @@ -19,4 +19,5 @@ ansible unzip unrar p7zip +{{ python_prefix }}-pystache {# EOF #} diff --git a/config/automatrop/roles/software/templates/snippets/pm_local_monitoring.j2 b/config/automatrop/roles/software/templates/snippets/pm_local_monitoring.j2 index b5a4dcc..236557e 100644 --- a/config/automatrop/roles/software/templates/snippets/pm_local_monitoring.j2 +++ b/config/automatrop/roles/software/templates/snippets/pm_local_monitoring.j2 @@ -19,3 +19,6 @@ speedtest-cli {% if arch_based %} pacman-contrib {% endif %} +{% if has_battery %} +powertop +{% endif %} diff --git a/config/automatrop/roles/system/files/chrony.conf b/config/automatrop/roles/system/files/chrony.conf new file mode 100644 index 0000000..ed8df86 --- /dev/null +++ b/config/automatrop/roles/system/files/chrony.conf @@ -0,0 +1,7 @@ +server 0.europe.pool.ntp.org offline +server 1.europe.pool.ntp.org offline +server 2.europe.pool.ntp.org offline +server 3.europe.pool.ntp.org offline +driftfile /etc/chrony.drift +rtconutc +rtcsync diff --git a/config/automatrop/roles/system/files/dhcpcd.exit-hook b/config/automatrop/roles/system/files/dhcpcd.exit-hook new file mode 100644 index 0000000..7f08fd8 --- /dev/null +++ b/config/automatrop/roles/system/files/dhcpcd.exit-hook @@ -0,0 +1,5 @@ +if $if_up; then + chronyc online +elif $if_down; then + chronyc offline +fi diff --git a/config/automatrop/roles/system/files/getty.service b/config/automatrop/roles/system/files/getty.service new file mode 100644 index 0000000..1d6b77a --- /dev/null +++ b/config/automatrop/roles/system/files/getty.service @@ -0,0 +1,2 @@ +[Service] +ExecStartPre=/bin/sh -c 'setleds +num < /dev/%I' diff --git a/config/automatrop/roles/system/files/wpa_supplicant.service b/config/automatrop/roles/system/files/wpa_supplicant.service new file mode 100644 index 0000000..a839d44 --- /dev/null +++ b/config/automatrop/roles/system/files/wpa_supplicant.service @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/usr/bin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -i%I diff --git a/config/automatrop/roles/system/files/xorg/intel_backlight.conf b/config/automatrop/roles/system/files/xorg/intel_backlight.conf new file mode 100644 index 0000000..fa7796b --- /dev/null +++ b/config/automatrop/roles/system/files/xorg/intel_backlight.conf @@ -0,0 +1,5 @@ +Section "Device" + Identifier "Intel Graphics" + Driver "intel" + Option "Backlight" "intel_backlight" +EndSection diff --git a/config/automatrop/roles/system/files/xorg/joystick.conf b/config/automatrop/roles/system/files/xorg/joystick.conf new file mode 100644 index 0000000..1765eb8 --- /dev/null +++ b/config/automatrop/roles/system/files/xorg/joystick.conf @@ -0,0 +1,8 @@ +Section "InputClass" + Identifier "joystick catchall" + MatchIsJoystick "on" + MatchDevicePath "/dev/input/event*" + Driver "joystick" + Option "StartKeysEnabled" "False" #Disable mouse + Option "StartMouseEnabled" "False" #support +EndSection diff --git a/config/automatrop/roles/system/files/xorg/keyboard.conf b/config/automatrop/roles/system/files/xorg/keyboard.conf new file mode 100644 index 0000000..8248b12 --- /dev/null +++ b/config/automatrop/roles/system/files/xorg/keyboard.conf @@ -0,0 +1,7 @@ +Section "InputClass" + Identifier "system-keyboard" + MatchIsKeyboard "on" + Option "XkbLayout" "us_qwerty-fr" + #Option "XkbModel" "pc105+inet" + Option "XkbOptions" "terminate:ctrl_alt_bksp" +EndSection diff --git a/config/automatrop/roles/system/files/xorg/touchpad.conf b/config/automatrop/roles/system/files/xorg/touchpad.conf new file mode 100644 index 0000000..4bd1a17 --- /dev/null +++ b/config/automatrop/roles/system/files/xorg/touchpad.conf @@ -0,0 +1,6 @@ +Section "InputClass" + Identifier "touchpad" + Driver "libinput" + MatchIsTouchpad "on" + Option "Tapping" "on" +EndSection diff --git a/config/automatrop/roles/system/handlers/main.yaml b/config/automatrop/roles/system/handlers/main.yaml new file mode 100644 index 0000000..74212c8 --- /dev/null +++ b/config/automatrop/roles/system/handlers/main.yaml @@ -0,0 +1,28 @@ +- name: Create a etckeeper commit + command: "etckeeper commit 'automatrop {{ ansible_date_time.iso8601 }}'" + listen: "etc changed" + become: yes + +- name: Restart chrony + systemd: + name: chronyd + state: restarted + listen: chrony reconfigured + become: yes + +- name: Reload systemd daemon + systemd: + daemon_reload: yes + listen: systemd changed + become: yes + +- name: Restart wpa_supplicant + systemd: + name: "wpa_supplicant@{{ item }}" + state: restarted + become: yes + loop: "{{ ansible_interfaces }}" + when: "item.startswith('wl')" + listen: wpa_supplicant changed +# Could probably use something better like +# listing /sys/class/ieee80211/*/device/net/ diff --git a/config/automatrop/roles/system/tasks/main.yml b/config/automatrop/roles/system/tasks/main.yml new file mode 100644 index 0000000..7ac33ca --- /dev/null +++ b/config/automatrop/roles/system/tasks/main.yml @@ -0,0 +1,336 @@ +# TODO For other distributions + +- name: Set variables + set_fact: + arch_based: "{{ ansible_distribution == 'Archlinux' }}" + # arch: "{{ ansible_lsb.id == 'Arch' }}" + # manjaro: "{{ ansible_lsb.id == 'Manjaro' or ansible_lsb.id == 'Manjaro-ARM' }}" + # termux: "{{ ansible_distribution == 'OtherLinux' and ansible_python.executable == '/data/data/com.termux/files/usr/bin/python' }}" + # debian_based: "{{ ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' }}" + # debian: "{{ ansible_distribution == 'Debian' }}" + # ubuntu: "{{ ansible_distribution == 'Ubuntu' }}" + +# Etckeeper + +- name: Install etckeeper (Arch based) + pacman: + name: etckeeper + state: present + become: yes + when: arch_based + +- name: Check if etckeeper is initialized + stat: + path: /etc/.git + register: etckeeper + become: yes + +- name: Initialize etckeeper + command: "etckeeper init" + become: yes + when: not etckeeper.stat.exists + changed_when: yes + +- name: Configure git user.name for etckeeper + git_config: + scope: local + repo: /etc + name: "{{ item.name }}" + value: "{{ item.value }}" + loop: + - name: "user.name" + value: "etckeeper on {{ inventory_hostname_short }}" + - name: "user.email" + value: "etckeeper@{{ inventory_hostname }}" + become: yes + +# Arch configuration + +- name: Install ccache + pacman: + name: ccache + state: present + become: yes + when: arch_based + +- name: Enable makepkg ccache + replace: + path: /etc/makepkg.conf + regexp: '^BUILDENV=(.+)!ccache(.+)$' + replace: 'BUILDENV=\1ccache\2' + become: yes + when: arch_based + +- name: Set makepkg MAKEFLAGS + replace: + path: /etc/makepkg.conf + regexp: '^#? *MAKEFLAGS=(.+)-j[0-9]+(.+)$' + replace: "MAKEFLAGS=\\1-j{{ j }}\\2" + become: yes + vars: + j: "{{ [ansible_processor_nproc - 1, 1] | max | int }}" + when: arch_based + +- name: Enable makepkg color + replace: + path: /etc/makepkg.conf + regexp: '^BUILDENV=(.+)!color(.+)$' + replace: 'BUILDENV=\1color\2' + become: yes + when: arch_based + +- name: Enable pacman colors + lineinfile: + path: /etc/pacman.conf + regexp: "^#?Color" + line: "Color" + become: yes + when: arch_based + +- name: Enable pacman pacman + lineinfile: + path: /etc/pacman.conf + regexp: "^#?ILoveCandy" + line: "ILoveCandy" + insertafter: "^#?Color" + become: yes + when: arch_based + +# Manjaro configuration + +- name: Remove Manjaro's pamac + pacman: + name: pamac + state: absent + become: yes + when: arch_based and False # I'm trying to remember why I usually delete this thing + +# Xorg configuration + +- name: Check if there is nvidia-xrun is installed + stat: + path: /etc/X11/nvidia-xorg.conf + register: nvidia_xrun + when: display_manager == 'x11' + +- name: Add nvidia-xrun xorg config directory + set_fact: + xorg_common_config_dirs: "{{ xorg_default_config_dirs + xorg_nvidia_config_dirs }}" + vars: + xorg_default_config_dirs: + - /etc/X11/xorg.conf.d + xorg_nvidia_config_dirs: "{{ ['/etc/X11/nvidia-xorg.conf.d'] if nvidia_xrun.stat.exists else [] }}" + when: display_manager == 'x11' + +- name: Configure Xorg keyboard layout + copy: + src: xorg/keyboard.conf + dest: "{{ item }}/00-keyboard.conf" + become: yes + when: display_manager == 'x11' + notify: etc changed + loop: "{{ xorg_common_config_dirs }}" + +- name: Check if there is Intel backlight + stat: + path: /sys/class/backlight/intel_backlight + register: intel_backlight + when: display_manager == 'x11' + +- name: Install Intel video drivers (Arch based) + pacman: + name: xf86-video-intel + # state: "{{ intel_backlight.stat.exists }}" + state: present + become: yes + when: display_manager == 'x11' and intel_backlight.stat.exists and arch_based + +- name: Configure Xorg Intel backlight + copy: + src: xorg/intel_backlight.conf + dest: "{{ item }}/20-intel_backlight.conf" + become: yes + when: display_manager == 'x11' and intel_backlight.stat.exists + notify: etc changed + loop: "{{ xorg_common_config_dirs }}" + +- name: Configure Xorg touchpad behaviour + copy: + src: xorg/touchpad.conf + dest: "{{ item }}/30-touchpad.conf" + become: yes + when: display_manager == 'x11' + notify: etc changed + loop: "{{ xorg_common_config_dirs }}" + +- name: Configure Xorg joystick behaviour + copy: + src: xorg/joystick.conf + dest: "{{ item }}/50-joystick.conf" + become: yes + when: display_manager == 'x11' + notify: etc changed + loop: "{{ xorg_common_config_dirs }}" + +# Numlock on boot + +- name: set numlock on boot + copy: + src: getty.service + dest: /etc/systemd/system/getty@.service.d/override.conf + become: yes + notify: + - etc changed + - systemd changed + when: auto_numlock + +- name: Unset numlock on boot + file: + path: /etc/systemd/system/getty@.service.d/override.conf + state: absent + become: yes + notify: + - etc changed + - systemd changed + when: not auto_numlock + +# TLP configuration + +- name: Install TLP (Arch based) + pacman: + name: tlp + state: present + when: arch_based + become: yes + +- name: Start/enable TLP + systemd: + name: tlp + state: started + enabled: yes + become: yes + notify: etc changed + +# Network configuration + +- name: Uninstall networkmanager + pacman: + name: networkmanager + state: absent + when: arch_based + become: yes + +- name: Install dhcpcd (Arch based) + pacman: + name: dhcpcd + state: present + when: arch_based + become: yes + +- name: Start/enable dhcpcd + systemd: + name: dhcpcd + state: started + enabled: yes + become: yes + notify: etc changed + +- name: Install wpa_supplicant (Arch based) + pacman: + name: wpa_supplicant + state: present + when: arch_based + become: yes + +- name: Configure wpa_supplicant + template: + src: wpa_supplicant.conf.j2 + dest: /etc/wpa_supplicant/wpa_supplicant.conf + notify: + - etc changed + - wpa_supplicant changed + become: yes + tags: + - wificonf + +- name: Prepare directory for wpa_supplicant service override + file: + path: /etc/systemd/system/wpa_supplicant@.service.d + state: directory + mode: "u=rwx,g=rx,o=rx" + become: yes + +- name: Make wpa_supplicant use a common configuration file + copy: + src: wpa_supplicant.service + dest: /etc/systemd/system/wpa_supplicant@.service.d/override.conf + register: wpa_supplicant_systemd + become: yes + notify: + - etc changed + +- name: Start/enable wpa_supplicant + systemd: + name: "wpa_supplicant@{{ item }}" + state: started + enabled: yes + # Can't wait for handlers reload systemd daemon, + # but flushing is a bit much, so: + daemon_reload: "{{ wpa_supplicant_systemd.changed }}" + become: yes + notify: etc changed + loop: "{{ ansible_interfaces }}" + when: "item.startswith('wl')" +# Could probably use something better like +# listing /sys/class/ieee80211/*/device/net/ + + +# Time synchronisation + +- name: Mask systemd-timesyncd + systemd: + name: systemd-timesyncd + state: stopped + enabled: no + masked: yes + become: yes + notify: etc changed + when: arch_based + +- name: Install chrony + pacman: + name: chrony + state: present + when: arch_based + become: yes + +- name: Configure chrony + copy: + src: chrony.conf + dest: /etc/chrony.conf + become: yes + notify: + - etc changed + - "chrony reconfigured" + +- name: Enable chronyd + systemd: + name: chronyd + enabled: yes + become: yes + notify: + - etc changed + - "chrony reconfigured" + +- name: Configure dhcpcd chrony hook + copy: + src: dhcpcd.exit-hook + dest: /etc/dhcpcd.exit-hook + become: yes + notify: etc changed + +# TODO Hibernation, if that's relevant +# $ sudo blkid | grep 'TYPE="swap"' +# $ sudoedit /etc/default/grub +# Add resume=UUID= to GRUB_CMDLINE_LINUX_DEFAULT +# $ sudo grub-mkconfig -o /boot/grub/grub.cfg diff --git a/config/automatrop/roles/system/templates/wpa_supplicant.conf.j2 b/config/automatrop/roles/system/templates/wpa_supplicant.conf.j2 new file mode 100644 index 0000000..1ba78c3 --- /dev/null +++ b/config/automatrop/roles/system/templates/wpa_supplicant.conf.j2 @@ -0,0 +1,90 @@ +# Giving configuration update rights to wpa_cli +ctrl_interface=/run/wpa_supplicant +ctrl_interface_group=wheel +update_config=1 + +# AP scanning +ap_scan=1 + +# ISO/IEC alpha2 country code in which the device is operating +country=NL + +{% set password_store_path = lookup('env', 'PASSWORD_STORE_DIR') or ansible_user_dir + '/.password-store/' %} +{% set wifi_pass_paths = query('fileglob', password_store_path + 'wifi/*.gpg') %} +{% set names = wifi_pass_paths | map('regex_replace', '^.+/wifi/(.+).gpg$', '\\1') | sort%} +{% for name in names %} +{# +community.general.passwordstore doesn't support path with spaces in it, +so we're using a `ssid` attribute, which default to the names for SSIDs without space. +#} +{% set suffixes = lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=suffixes') or [''] %} +{% set ssid = lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=ssid') or name %} +{% set type = lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=type') or 'wpa' %} +{% set pass = lookup('community.general.passwordstore', 'wifi/' + name) %} +# {{ name }} +{% for suffix in suffixes %} +network={ + ssid="{{ ssid }}{{ suffix }}" +{% if type == 'wpa' %} + psk="{{ pass }}" +{% elif type == 'wep' %} + key_mgmt=NONE + wep_key0={{ pass }} +{% elif type == 'open' %} + key_mgmt=NONE +{% else %} + # Error, unknown type: {{ type }} +{% endif %} +} +{% endfor %} + +{% endfor %} +{# REFERENCES + +# WPA +network={ + ssid="WPA_SSID" + psk="XXXXXXXXXXXXXXXXXXXXXXXXXX" +} + +# WEP +network={ + ssid="WEP_SSID" + key_mgmt=NONE + wep_key0=FFFFFFFFFFFFFFFFFFFFFFFFFF +} + +# Open +network={ + ssid="OPEN_SSID" + key_mgmt=NONE +} + +# eduroam password +network={ + ssid="eduroam" + key_mgmt=WPA-EAP + eap=PEAP + identity="id@univ.tld" + password="hunter2" +} + +# eduroam certificate +network={ + ssid="eduroam" + key_mgmt=WPA-EAP + # pairwise=CCMP + pairwise=CCMP TKIP + group=CCMP TKIP + eap=TLS + ca_cert="/path/to/ca.pem" + identity="id@univ.tld" + domain_suffix_match="wifi.univ.tld" + client_cert="/path/to/cert.pem" + private_key="/path/to/key.pem" + private_key_passwd="hunter2" + phase2="auth=" + #anonymous_identity="" +} + +#} diff --git a/config/scripts/install-arch b/config/scripts/install-arch index 9bb9641..12ca5b1 100755 --- a/config/scripts/install-arch +++ b/config/scripts/install-arch @@ -1,5 +1,7 @@ #!/usr/bin/env bash +# DEPRECATED + # Git for /etc sudo pacman -S etckeeper --needed (cd /etc/; sudo git config user.name "etckeeper on $(cat /etc/hostname)"; sudo git config user.email "etckeeper@$(cat /etc/hostname)")