|
|
||
|---|---|---|
| group_vars | ||
| roles | ||
| .gitignore | ||
| ansible.cfg | ||
| hosts | ||
| LICENSE | ||
| README.md | ||
| setup.yml | ||
| Vagrantfile | ||
System configurations
This is an Ansible playbook to deploy system configurations for desktop usage.
🧰 Usage
-
Have a fresh installation of Alpine (after running
setup-alpineand reboot) -
Install
ansibleandgit -
Clone this repository
-
Create an encrypted file to store your user password:
mkdir -p host_vars/YOUR_HOSTNAME touch host_vars/YOUR_HOSTNAME/secrets.yml ansible-vault encrypt host_vars/YOUR_HOSTNAME/secrets.yml ansible-vault edit host_vars/YOUR_HOSTNAME/secrets.ymlThe file should look like this:
vault_password: <strong_&_secure_password> -
Run the playbook:
ansible-playbook setup.yml -
Reboot and login as the newly created normal user
-
Proceed with dotfiles-ansible playbook
✔️ Testing
- You need to have Vagrant installed, with vagrant-libvirt plugin.
- Run the playbook inside the VM:
# Start the VM and ssh into it
vagrant up
# ssh into the VM (requires OpenSSH)
# Alternatively run 'vagrant ssh-config' to get the machine IP address
# and manually ssh into it, e.g. 'dbclient -y vagrant@<ip_address>'
vagrant ssh
# Run the playbook as root
cd /vagrant
sudo ansible-playbook -v setup.yml
🖊️ Notes
-
This playbook assumes that the person running it is me 😃. It might do specific tasks that you don't like. Use with your own risks.
-
The playbook is intended to be run as root. It is separated from dotfiles-ansible, which should only be run as a normal user.
✅ TODO
- ZFS on root
- EFI secure boot
- libudev-zero
- ACPI events
- Better way to handle libvirt's firewall rules (currently hardcoded)
- /etc/security/access.conf (maybe)
- snapper/btrbk (rootfs=btrfs)
📄 License
MIT