group_vars | ||
requirements | ||
roles | ||
.gitignore | ||
ansible.cfg | ||
hosts | ||
LICENSE | ||
README.md | ||
setup.yml | ||
Vagrantfile |
System configurations
This is an Ansible playbook to deploy my system configurations for desktop usage.
🧰 Usage
-
Have a fresh installation of Alpine (after running
setup-alpine
and reboot) -
Install
ansible-core
andgit
-
Install
community.general.apk
module:ansible-galaxy collection install -r requirements/collections.yml
(or installansible
instead ofansible-core
in the previous step) -
Clone this repository
-
Create an encrypted file to store your user password:
mkdir -p host_vars/YOUR_HOSTNAME touch host_vars/YOUR_HOSTNAME/secrets.yml ansible-vault encrypt host_vars/YOUR_HOSTNAME/secrets.yml ansible-vault edit host_vars/YOUR_HOSTNAME/secrets.yml
The file should look like this:
vault_password: <strong_&_secure_password>
-
Run the playbook:
ansible-playbook setup.yml
-
Reboot and login as the newly created normal user
-
Proceed with dotfiles-ansible playbook
✔️ Testing
- You need to have Vagrant installed, with vagrant-libvirt plugin.
- Run the playbook inside the VM:
# Start the VM
vagrant up
# ssh into the VM (OpenSSH is required)
# Alternatively run 'vagrant ssh-config' to get the machine's IP address
# and manually ssh into it, e.g. 'dbclient -y vagrant@<ip_address>'
vagrant ssh
# Run the playbook as root
cd /vagrant
sudo ansible-playbook -v setup.yml
🖊️ Notes
-
This playbook assumes that the person running it is me 😃. It might do specific tasks that you don't like. Use with your own risks.
-
The playbook is intended to be run as root. It is separated from dotfiles-ansible, which should only be run as a normal user.
✅ TODO
- ZFS on root
- EFI secure boot
- libudev-zero
- ACPI events
- Better way to handle libvirt's firewall rules (currently hardcoded)
- /etc/security/access.conf (maybe)
- snapper/btrbk (rootfs=btrfs)
📄 License
MIT