folliehiyuki/sysconfig
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
This repository has been archived on 2024-02-16. You can view files and clone it, but cannot push or open issues or pull requests.
sysconfig/README.md
Hoang Nguyen 81c89d0ecb
usbguard: generate policy for connected devices 
Also nftables: don't start the service right away (the nftables module
might not be loaded immediately)
2022-03-22 00:23:24 +07:00

77 lines
2.1 KiB
Markdown
Raw Blame History

# Sysconfig
This is an Ansible playbook to deploy my system configurations for desktop usage.
## 🧰 Usage
- Have a fresh installation of Alpine (after running `setup-alpine` and reboot)
- Install `ansible-core` and `git`
- Install `apk` module (or install `ansible` instead of `ansible-core` in the previous step):
```bash
ansible-galaxy collection install -r requirements/collections.yml
```
- Clone this repository
- Create an encrypted file to store your user password:
```bash
mkdir -p host_vars/YOUR_HOSTNAME
touch host_vars/YOUR_HOSTNAME/secrets.yml
ansible-vault encrypt host_vars/YOUR_HOSTNAME/secrets.yml
ansible-vault edit host_vars/YOUR_HOSTNAME/secrets.yml
```
The file should look like this: `vault_password: <strong_&_secure_password>`
- Run the playbook:
```bash
ansible-playbook setup.yml
```
- Reboot and login as the newly created normal user
- Proceed with [dotfiles-ansible](https://git.disroot.org/FollieHiyuki/dotfiles-ansible) playbook
## ✔️ Testing
- You need to have [Vagrant](https://www.vagrantup.com/) installed, with [vagrant-libvirt](https://github.com/vagrant-libvirt/vagrant-libvirt) plugin.
- Run the playbook inside the VM:
```bash
# Start the VM
vagrant up
# ssh into the VM (OpenSSH is required)
# Alternatively run 'vagrant ssh-config' to get the machine's IP address
# and manually ssh into it, e.g. 'dbclient -y vagrant@<ip_address>'
vagrant ssh
# Run the playbook as root
$ cd /vagrant
$ sudo ansible-playbook -v setup.yml
```
## 🖊️ Notes
- This playbook assumes that the person running it is me 😃. It might do specific tasks that you don't like. Use with your own risks.
- The playbook is intended to be run as **root**. It is separated from [dotfiles-ansible](https://git.disroot.org/FollieHiyuki/dotfiles-ansible), which should only be run as a normal user.
## ✅ TODO
- [ ] ZFS on root
- [ ] EFI secure boot
- [ ] [libudev-zero](https://github.com/illiliti/libudev-zero/)
- [x] ACPI events
- [ ] Better way to handle libvirt's firewall rules (currently hardcoded)
- [ ] /etc/security/access.conf (maybe?)
- [ ] snapper / btrbk (rootfs=btrfs)
## 📄 License
MIT
Reference in a new issue View git blame Copy permalink