Also nftables: don't start the service right away (the nftables module might not be loaded immediately)
77 lines
2.1 KiB
Markdown
77 lines
2.1 KiB
Markdown
# Sysconfig
|
|
|
|
This is an Ansible playbook to deploy my system configurations for desktop usage.
|
|
|
|
## 🧰 Usage
|
|
|
|
- Have a fresh installation of Alpine (after running `setup-alpine` and reboot)
|
|
|
|
- Install `ansible-core` and `git`
|
|
|
|
- Install `apk` module (or install `ansible` instead of `ansible-core` in the previous step):
|
|
|
|
```bash
|
|
ansible-galaxy collection install -r requirements/collections.yml
|
|
```
|
|
|
|
- Clone this repository
|
|
|
|
- Create an encrypted file to store your user password:
|
|
|
|
```bash
|
|
mkdir -p host_vars/YOUR_HOSTNAME
|
|
touch host_vars/YOUR_HOSTNAME/secrets.yml
|
|
ansible-vault encrypt host_vars/YOUR_HOSTNAME/secrets.yml
|
|
ansible-vault edit host_vars/YOUR_HOSTNAME/secrets.yml
|
|
```
|
|
The file should look like this: `vault_password: <strong_&_secure_password>`
|
|
|
|
- Run the playbook:
|
|
|
|
```bash
|
|
ansible-playbook setup.yml
|
|
```
|
|
|
|
- Reboot and login as the newly created normal user
|
|
|
|
- Proceed with [dotfiles-ansible](https://git.disroot.org/FollieHiyuki/dotfiles-ansible) playbook
|
|
|
|
## ✔️ Testing
|
|
|
|
- You need to have [Vagrant](https://www.vagrantup.com/) installed, with [vagrant-libvirt](https://github.com/vagrant-libvirt/vagrant-libvirt) plugin.
|
|
- Run the playbook inside the VM:
|
|
|
|
```bash
|
|
# Start the VM
|
|
vagrant up
|
|
|
|
# ssh into the VM (OpenSSH is required)
|
|
# Alternatively run 'vagrant ssh-config' to get the machine's IP address
|
|
# and manually ssh into it, e.g. 'dbclient -y vagrant@<ip_address>'
|
|
vagrant ssh
|
|
|
|
# Run the playbook as root
|
|
$ cd /vagrant
|
|
$ sudo ansible-playbook -v setup.yml
|
|
```
|
|
|
|
## 🖊️ Notes
|
|
|
|
- This playbook assumes that the person running it is me 😃. It might do specific tasks that you don't like. Use with your own risks.
|
|
|
|
- The playbook is intended to be run as **root**. It is separated from [dotfiles-ansible](https://git.disroot.org/FollieHiyuki/dotfiles-ansible), which should only be run as a normal user.
|
|
|
|
## ✅ TODO
|
|
|
|
- [ ] ZFS on root
|
|
- [ ] EFI secure boot
|
|
- [ ] [libudev-zero](https://github.com/illiliti/libudev-zero/)
|
|
- [x] ACPI events
|
|
- [ ] Better way to handle libvirt's firewall rules (currently hardcoded)
|
|
- [ ] /etc/security/access.conf (maybe?)
|
|
- [ ] snapper / btrbk (rootfs=btrfs)
|
|
|
|
## 📄 License
|
|
|
|
MIT
|