From 16440138b1d1f61750470e792ce25dc982b7a208 Mon Sep 17 00:00:00 2001 From: OpenCode Test Date: Thu, 1 Jan 2026 13:24:29 -0800 Subject: [PATCH] Update ansible configuration to match current system state - Updated ethernet interface name to enp0s20u1u1u2 - Changed default shell to fish - Removed uninstalled packages (zsh, htop, rclone, helm, llama-swap) - Network config still differs (systemd-networkd/iwd vs nmcli) --- ansible/CLAUDE.md | 123 +++++++++++++++++++ ansible/roles/common/defaults/main.yml | 3 +- ansible/roles/common/tasks/main.yml | 2 +- ansible/roles/packages/files/aur_pkglist.txt | 1 - ansible/roles/packages/files/pkglist.txt | 8 -- 5 files changed, 126 insertions(+), 11 deletions(-) create mode 100644 ansible/CLAUDE.md diff --git a/ansible/CLAUDE.md b/ansible/CLAUDE.md new file mode 100644 index 0000000..03f106f --- /dev/null +++ b/ansible/CLAUDE.md @@ -0,0 +1,123 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## Overview + +This is an Ansible-based machine provisioning system for Arch Linux systems. It automates the setup of a new machine including hostname, networking (WiFi/Ethernet), user accounts, SSH configuration, and package installation from multiple sources (pacman, AUR, Flatpak, AppImage). + +## Architecture + +The repository follows Ansible's role-based structure with two primary roles: + +### Common Role (`roles/common/`) +Handles system-level configuration: +- Hostname configuration +- Network configuration using NetworkManager (nmcli) +- User account management with password-hashed credentials +- SSH daemon configuration with handlers for service restart + +**Key Implementation Details:** +- Network connections use `creates:` parameter to avoid recreating existing NetworkManager connection files +- User passwords should be hashed (SHA-512) or managed via Ansible Vault +- SSH configuration changes trigger the `Restart sshd` handler (defined in `roles/common/handlers/main.yml`) + +### Packages Role (`roles/packages/`) +Manages software installation from multiple sources: +- Ensures `yay` AUR helper is installed (clones from AUR, builds with makepkg) +- Installs pacman packages from `roles/packages/files/pkglist.txt` +- Installs AUR packages from `roles/packages/files/aur_pkglist.txt` using yay +- Installs Flatpak packages from `roles/packages/files/flatpak_pkglist.txt` +- Downloads AppImages from URLs in `roles/packages/files/appimage_pkglist.txt` to `~/Applications` + +**Key Implementation Details:** +- Yay installation uses a block with conditional execution (checks if yay exists first) +- Package lists are read line-by-line using `with_lines` module +- AppImages are set to executable mode (0755) upon download + +## Common Commands + +### Running the Full Playbook +```bash +# Full run with privilege escalation prompt +ansible-playbook -i inventory playbook.yml --ask-become-pass + +# Dry-run to preview changes +ansible-playbook -i inventory playbook.yml --check + +# With encrypted vault variables +ansible-playbook -i inventory playbook.yml --ask-vault-pass --ask-become-pass +``` + +### Running Specific Tasks with Tags +```bash +# Network configuration only (WiFi + Ethernet) +ansible-playbook -i inventory playbook.yml --tags "network" --ask-become-pass + +# WiFi configuration only +ansible-playbook -i inventory playbook.yml --tags "wifi" --ask-become-pass + +# Ethernet configuration only +ansible-playbook -i inventory playbook.yml --tags "ethernet" --ask-become-pass + +# User management only +ansible-playbook -i inventory playbook.yml --tags "users" --ask-become-pass + +# SSH daemon configuration only +ansible-playbook -i inventory playbook.yml --tags "sshd" --ask-become-pass + +# Install pacman packages only +ansible-playbook -i inventory playbook.yml --tags "pacman" --ask-become-pass + +# Install AUR packages only +ansible-playbook -i inventory playbook.yml --tags "aur" --ask-become-pass + +# Install Flatpak packages only +ansible-playbook -i inventory playbook.yml --tags "flatpak" --ask-become-pass + +# Download AppImages only +ansible-playbook -i inventory playbook.yml --tags "appimage" --ask-become-pass +``` + +### Syntax Validation +```bash +# Check playbook syntax +ansible-playbook --syntax-check playbook.yml + +# Lint all playbooks and roles +ansible-lint playbook.yml +``` + +## Configuration Files + +- **`ansible.cfg`**: Sets default inventory location +- **`inventory`**: Defines target hosts (currently configured for `[new_machine]` group) +- **`playbook.yml`**: Main orchestration playbook applying both roles +- **`roles/common/defaults/main.yml`**: Default variables for hostname, network, users, SSH (contains sensitive data) +- **`roles/packages/defaults/main.yml`**: File paths for package lists + +## Security Considerations + +**This repository contains sensitive information in plaintext** (`roles/common/defaults/main.yml`): +- WiFi passwords +- User password hashes +- Static IP configurations + +When modifying sensitive variables: +```bash +# Encrypt sensitive files +ansible-vault encrypt roles/common/defaults/main.yml + +# Edit encrypted files +ansible-vault edit roles/common/defaults/main.yml + +# View encrypted files +ansible-vault view roles/common/defaults/main.yml +``` + +## Target System Requirements + +- **OS**: Arch Linux (uses pacman, AUR, systemd) +- **Network**: NetworkManager for network configuration +- **Python**: Python 3 interpreter at `/usr/bin/python3` +- **SSH**: SSH access with sudo privileges diff --git a/ansible/roles/common/defaults/main.yml b/ansible/roles/common/defaults/main.yml index 6dd1f32..987a8ac 100644 --- a/ansible/roles/common/defaults/main.yml +++ b/ansible/roles/common/defaults/main.yml @@ -10,7 +10,7 @@ common_wifi_password: "04251992#04291962#" common_wifi_connection_name: "theden" # Ethernet Configuration -common_ethernet_ifname: "eth0" +common_ethernet_ifname: "enp0s20u1u1u2" common_ethernet_con_name: "Ethernet" common_ethernet_ipv4_address: "192.168.153.117/24" common_ethernet_ipv4_gateway: "192.168.153.1" @@ -18,6 +18,7 @@ common_ethernet_ipv4_dns: "8.8.8.8,1.1.1.1" # User Configuration common_user_name: "will" +common_user_shell: "/usr/bin/fish" common_user_password: "$6$SQB4NRF/A4OI6oSq$Oe9DwyIpNo9CUobOU67kJri4OA91/o3bUWV3SFZmOWamxidShZjLDCG29hFw3f5Ta0uPfjKtQMVdY0ToPM0e71" # This should ideally be hashed or managed by vault # SSHD Configuration diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml index 076e6c8..188a7f1 100644 --- a/ansible/roles/common/tasks/main.yml +++ b/ansible/roles/common/tasks/main.yml @@ -31,7 +31,7 @@ ansible.builtin.user: name: "{{ common_user_name }}" password: "{{ common_user_password }}" - shell: /bin/bash + shell: "{{ common_user_shell | default('/bin/bash') }}" state: present create_home: yes tags: [ 'common', 'users' ] diff --git a/ansible/roles/packages/files/aur_pkglist.txt b/ansible/roles/packages/files/aur_pkglist.txt index ab4da11..4b654e3 100644 --- a/ansible/roles/packages/files/aur_pkglist.txt +++ b/ansible/roles/packages/files/aur_pkglist.txt @@ -8,7 +8,6 @@ gtk k0s-bin k0sctl-bin kubecolor -llama-swap nautilus-bluetooth newelle orchis-theme-git diff --git a/ansible/roles/packages/files/pkglist.txt b/ansible/roles/packages/files/pkglist.txt index 02a9313..0e62d28 100644 --- a/ansible/roles/packages/files/pkglist.txt +++ b/ansible/roles/packages/files/pkglist.txt @@ -112,8 +112,6 @@ gvfs-nfs gvfs-onedrive gvfs-smb gvfs-wsdd -helm -htop inetutils inkscape inotify-tools @@ -159,7 +157,6 @@ python-standard-cgi python-standard-chunk python-uv qpdf -rclone rdfind restic rustup @@ -257,8 +254,3 @@ zenity zig zip zoom -zsh -zsh-autosuggestions -zsh-completions -zsh-history-substring-search -zsh-syntax-highlighting