Hoang Nguyen
4dcca81110
Don't use noefi kernel parameter here as we want to switch on the fly |
||
|---|---|---|
| filter_plugins | ||
| group_vars | ||
| requirements | ||
| roles | ||
| .gitignore | ||
| LICENSE | ||
| README.md | ||
| Vagrantfile | ||
| ansible.cfg | ||
| hosts | ||
| setup.yml | ||
README.md
Sysconfig
This is an Ansible playbook to deploy my system configurations for desktop usage.
🧰 Usage
-
Have a fresh installation of Alpine (after running
setup-alpineand reboot) -
Install
ansible-coreandgit -
Install needed external modules (e.g.
apk,pamd,mount):ansible-galaxy collection install -r requirements/collections.yml -
Clone this repository
-
Create an encrypted file to store your user password:
mkdir -p host_vars/YOUR_HOSTNAME touch host_vars/YOUR_HOSTNAME/secrets.yml ansible-vault encrypt host_vars/YOUR_HOSTNAME/secrets.yml ansible-vault edit host_vars/YOUR_HOSTNAME/secrets.ymlThe file should look like this:
vault_password: <strong_&_secure_password> -
Run the playbook:
ansible-playbook setup.yml -
Reboot and login as the newly created normal user
-
Proceed with dotfiles-ansible playbook
✔️ Testing
- You need to have Vagrant installed, with vagrant-libvirt plugin.
- Run the playbook inside the VM:
# Start the VM
vagrant up
# ssh into the VM (OpenSSH is required)
# Alternatively run 'vagrant ssh-config' to get the machine's IP address
# and manually ssh into it, e.g. 'dbclient -y vagrant@<ip_address>'
vagrant ssh
# Run the playbook as root
$ cd /vagrant
$ sudo ansible-playbook -v setup.yml
🖊️ Notes
-
This playbook assumes that the person running it is me 😃. It might do specific tasks that you don't like. Use with your own risks.
-
The playbook is intended to be run as root. It is separated from dotfiles-ansible, which should only be run as a normal user.
✅ TODO
- ZFS on root
- EFI secure boot
- /etc/security/access.conf (maybe?)
- snapper / btrbk (rootfs=btrfs)
- auditd
📄 License
MIT