commit 7bd5974ac47377260c014bda44e9fbefa1a4fecb Author: William Valentin Date: Fri Oct 24 11:45:10 2025 -0700 Add initial Ansible configuration and package management setup - Create .gitignore to exclude .vscode directory - Add ansible.cfg for Ansible configuration - Define inventory for new machine - Create playbook.yml for orchestrating tasks - Set up common role with default variables, handlers, and tasks - Implement package management tasks for installing packages from various sources - Include appimage and flatpak package lists diff --git a/ansible/.gitignore b/ansible/.gitignore new file mode 100644 index 0000000..1d74e21 --- /dev/null +++ b/ansible/.gitignore @@ -0,0 +1 @@ +.vscode/ diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 0000000..f432434 --- /dev/null +++ b/ansible/README.md @@ -0,0 +1,138 @@ +# Ansible Playbooks for Machine Setup + +This repository contains Ansible playbooks and roles for setting up a new machine, including common configurations, package installations, and user management. + +## Table of Contents + +- [Requirements](#requirements) +- [Inventory](#inventory) +- [Playbooks](#playbooks) +- [Roles](#roles) + - [Common Role](#common-role) + - [Packages Role](#packages-role) +- [Usage Examples](#usage-examples) +- [Sensitive Data](#sensitive-data) + +## Requirements + +To run these Ansible playbooks, you need: + +* **Ansible:** Version 2.10 or higher is recommended. +* **Python:** Python 3 on both the control machine and target hosts. +* **SSH Access:** Password-less SSH access (or password-based with `--ask-pass`) to your target machines. + +## Inventory + +The `inventory` file defines the hosts and groups that Ansible will manage. A typical `inventory` file might look like this: + +```ini +[new_machine] +192.168.153.117 ansible_user=your_ssh_user ansible_ssh_pass=your_ssh_password + +[all:vars] +ansible_python_interpreter=/usr/bin/python3 +``` + +**Note:** Replace `192.168.153.117` with your target machine's IP address or hostname, `your_ssh_user` with your SSH username, and `your_ssh_password` with the SSH password if not using SSH keys. + +## Playbooks + +### `playbook.yml` + +This is the main playbook that orchestrates the setup of a new machine by applying the `common` and `packages` roles. + +To run the playbook: + +```bash +ansible-playbook -i inventory playbook.yml --ask-become-pass +``` + +To perform a dry-run (check what changes would be made without applying them): + +```bash +ansible-playbook -i inventory playbook.yml --check +``` + +## Roles + +### Common Role + +The `common` role (`roles/common/`) sets up basic system configurations, including: + +* Setting the hostname. +* Configuring network interfaces (WiFi and Ethernet). +* Managing user accounts (e.g., `will` and root password). +* Configuring SSH daemon settings. + +**Variables:** + +Default variables for this role are defined in `roles/common/defaults/main.yml`. You can override these variables in your inventory, group_vars, or by passing them via the command line. + +**Tags:** + +Tasks in the `common` role are tagged for selective execution: + +* `hostname`: For tasks related to hostname configuration. +* `network`: For tasks related to network configuration (includes `wifi` and `ethernet`). +* `wifi`: Specifically for WiFi configuration. +* `ethernet`: Specifically for Ethernet configuration. +* `users`: For tasks related to user and password management. +* `sshd`: For tasks related to SSH daemon configuration. + +Example: To only run network-related tasks: + +```bash +ansible-playbook -i inventory playbook.yml --tags "network" --ask-become-pass +``` + +### Packages Role + +The `packages` role (`roles/packages/`) handles the installation of various software packages: + +* Ensuring `yay` (AUR helper for Arch Linux) is installed. +* Installing packages from `pkglist.txt` (using `pacman`). +* Installing AUR packages from `aur_pkglist.txt` (using `yay`). +* Installing Flatpak packages from `flatpak_pkglist.txt`. +* Downloading AppImages from `appimage_pkglist.txt`. + +**Variables:** + +Default variables for this role, primarily file paths for package lists, are defined in `roles/packages/defaults/main.yml`. + +**Tags:** + +Tasks in the `packages` role are tagged for selective execution: + +* `yay`: For tasks related to `yay` installation. +* `pacman`: For tasks installing packages via `pacman`. +* `aur`: For tasks installing packages via `yay` (AUR). +* `flatpak`: For tasks installing Flatpak packages. +* `appimage`: For tasks downloading AppImages. + +Example: To only install Flatpak packages: + +```bash +ansible-playbook -i inventory playbook.yml --tags "flatpak" --ask-become-pass +``` + +## Sensitive Data + +This project contains sensitive information such as passwords. It is highly recommended to use **Ansible Vault** to encrypt sensitive variables and files. For example, you can encrypt `roles/common/defaults/main.yml` or specific variables within it. + +To encrypt a file: + +```bash +ansible-vault encrypt roles/common/defaults/main.yml +``` + +To view or edit an encrypted file: + +```bash +ansible-vault edit roles/common/defaults/main.yml +``` + +When running playbooks with encrypted files, you will need to provide the vault password: + +```bash +ansible-playbook -i inventory playbook.yml --ask-vault-pass --ask-become-pass +``` diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..f8fc6cd --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +inventory = inventory diff --git a/ansible/inventory b/ansible/inventory new file mode 100644 index 0000000..2cf439f --- /dev/null +++ b/ansible/inventory @@ -0,0 +1,2 @@ +[new_machine] +192.168.153.117 ansible_user=will diff --git a/ansible/playbook.yml b/ansible/playbook.yml new file mode 100644 index 0000000..af04f4b --- /dev/null +++ b/ansible/playbook.yml @@ -0,0 +1,15 @@ +--- +- hosts: new_machine + become: yes + vars: + # Define playbook-level variables here + ansible_user: ansible_user + + pre_tasks: + - name: Display a message before roles run + debug: + msg: "Starting playbook for {{ ansible_user }} on {{ inventory_hostname }}" + + roles: + - common + - packages diff --git a/ansible/roles/common/defaults/main.yml b/ansible/roles/common/defaults/main.yml new file mode 100644 index 0000000..6dd1f32 --- /dev/null +++ b/ansible/roles/common/defaults/main.yml @@ -0,0 +1,26 @@ +--- +# Default variables for the 'common' role + +# Hostname +common_hostname: "willlaptop" + +# WiFi Configuration +common_wifi_ssid: "Skips new wifi" +common_wifi_password: "04251992#04291962#" +common_wifi_connection_name: "theden" + +# Ethernet Configuration +common_ethernet_ifname: "eth0" +common_ethernet_con_name: "Ethernet" +common_ethernet_ipv4_address: "192.168.153.117/24" +common_ethernet_ipv4_gateway: "192.168.153.1" +common_ethernet_ipv4_dns: "8.8.8.8,1.1.1.1" + +# User Configuration +common_user_name: "will" +common_user_password: "$6$SQB4NRF/A4OI6oSq$Oe9DwyIpNo9CUobOU67kJri4OA91/o3bUWV3SFZmOWamxidShZjLDCG29hFw3f5Ta0uPfjKtQMVdY0ToPM0e71" # This should ideally be hashed or managed by vault + +# SSHD Configuration +common_sshd_permit_root_login: "yes" +common_sshd_password_authentication: "yes" +common_sshd_permit_empty_passwords: "no" diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml new file mode 100644 index 0000000..65634b2 --- /dev/null +++ b/ansible/roles/common/handlers/main.yml @@ -0,0 +1,7 @@ +--- +# Handlers for the 'common' role + +- name: Restart sshd + ansible.builtin.service: + name: sshd + state: restarted diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml new file mode 100644 index 0000000..076e6c8 --- /dev/null +++ b/ansible/roles/common/tasks/main.yml @@ -0,0 +1,72 @@ +--- +# Add common tasks here + +- name: Set hostname to '{{ common_hostname }}' + ansible.builtin.hostname: + name: "{{ common_hostname }}" + tags: [ 'common', 'hostname' ] + +- name: Configure WiFi connection '{{ common_wifi_connection_name }}' + become: true + ansible.builtin.command: + cmd: > + nmcli dev wifi connect "{{ common_wifi_ssid }}" + password "{{ common_wifi_password }}" + name "{{ common_wifi_connection_name }}" + args: + creates: "/etc/NetworkManager/system-connections/{{ common_wifi_connection_name }}.nmconnection" + ignore_errors: true + tags: [ 'common', 'network', 'wifi' ] + +- name: Configure ethernet connection '{{ common_ethernet_con_name }}' with static IP, gateway, and DNS + become: true + ansible.builtin.command: + cmd: > + nmcli con add type ethernet ifname {{ common_ethernet_ifname }} con-name "{{ common_ethernet_con_name }}" ipv4.method manual ipv4.addresses {{ common_ethernet_ipv4_address }} ipv4.gateway {{ common_ethernet_ipv4_gateway }} ipv4.dns "{{ common_ethernet_ipv4_dns }}" + args: + creates: "/etc/NetworkManager/system-connections/{{ common_ethernet_con_name }}.nmconnection" + ignore_errors: true + tags: [ 'common', 'network', 'ethernet' ] +- name: Ensure user '{{ common_user_name }}' exists with specified password + ansible.builtin.user: + name: "{{ common_user_name }}" + password: "{{ common_user_password }}" + shell: /bin/bash + state: present + create_home: yes + tags: [ 'common', 'users' ] +- name: Ensure root password matches user '{{ common_user_name }}' + ansible.builtin.user: + name: root + password: "{{ common_user_password }}" + tags: [ 'common', 'users' ] +- name: Configure sshd_config to allow root login with password + become: true + ansible.builtin.lineinfile: + path: /etc/ssh/sshd_config + regexp: "^PermitRootLogin" + line: "PermitRootLogin {{ common_sshd_permit_root_login }}" + state: present + create: yes + notify: Restart sshd + tags: [ 'common', 'sshd' ] +- name: Ensure PasswordAuthentication is set to {{ common_sshd_password_authentication }} in sshd_config + become: true + ansible.builtin.lineinfile: + path: /etc/ssh/sshd_config + regexp: "^PasswordAuthentication" + line: "PasswordAuthentication {{ common_sshd_password_authentication }}" + state: present + create: yes + notify: Restart sshd + tags: [ 'common', 'sshd' ] +- name: Ensure PermitEmptyPasswords is set to {{ common_sshd_permit_empty_passwords }} in sshd_config + become: true + ansible.builtin.lineinfile: + path: /etc/ssh/sshd_config + regexp: "^PermitEmptyPasswords" + line: "PermitEmptyPasswords {{ common_sshd_permit_empty_passwords }}" + state: present + create: yes + notify: Restart sshd + tags: [ 'common', 'sshd' ] diff --git a/ansible/roles/packages/defaults/main.yml b/ansible/roles/packages/defaults/main.yml new file mode 100644 index 0000000..b8cad38 --- /dev/null +++ b/ansible/roles/packages/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# Default variables for the 'packages' role + +packages_pkglist_file: "roles/packages/files/pkglist.txt" +packages_aur_pkglist_file: "roles/packages/files/aur_pkglist.txt" +packages_flatpak_pkglist_file: "roles/packages/files/flatpak_pkglist.txt" +packages_appimage_pkglist_file: "roles/packages/files/appimage_pkglist.txt" diff --git a/ansible/roles/packages/files/appimage_pkglist.txt b/ansible/roles/packages/files/appimage_pkglist.txt new file mode 100644 index 0000000..159e40e --- /dev/null +++ b/ansible/roles/packages/files/appimage_pkglist.txt @@ -0,0 +1 @@ +/home/will/Applications/Cursor-1.4.5-x86_64_9841ba6b5561254992d0620e86f167a3.AppImage diff --git a/ansible/roles/packages/files/aur_pkglist.txt b/ansible/roles/packages/files/aur_pkglist.txt new file mode 100644 index 0000000..ab4da11 --- /dev/null +++ b/ansible/roles/packages/files/aur_pkglist.txt @@ -0,0 +1,19 @@ +1password +appimagelauncher +dracula-alacritty-git +dracula-gtk-theme +dracula-icons-theme +grub-customizer +gtk +k0s-bin +k0sctl-bin +kubecolor +llama-swap +nautilus-bluetooth +newelle +orchis-theme-git +pamac-all +upass +upscayl-bin +vim-dracula +yay-debug diff --git a/ansible/roles/packages/files/flatpak_pkglist.txt b/ansible/roles/packages/files/flatpak_pkglist.txt new file mode 100644 index 0000000..d412c2d --- /dev/null +++ b/ansible/roles/packages/files/flatpak_pkglist.txt @@ -0,0 +1,50 @@ +app.devsuite.Ptyxis +app.fotema.Fotema +app.freelens.Freelens +app.ytmdesktop.ytmdesktop +com.belmoussaoui.Authenticator +com.belmoussaoui.Decoder +com.belmoussaoui.Obfuscate +com.boxy_svg.BoxySVG +com.discordapp.Discord +com.github.geigi.cozy +com.github.huluti.Curtail +com.github.jeromerobert.pdfarranger +com.github.johnfactotum.Foliate +com.github.tenderowl.frog +com.jeffser.Alpaca +com.logseq.Logseq +com.mattjakeman.ExtensionManager +com.ml4w.dotfilesinstaller +com.pojtinger.felicitas.Sessions +com.rafaelmardojai.Blanket +com.toolstack.Folio +de.haeckerfelix.Fragments +de.haeckerfelix.Shortwave +dev.bragefuglseth.Fretboard +es.danirod.Cartero +io.appflowy.AppFlowy +io.github.Ethanscharlie.albumripper +io.github.JakubMelka.Pdf4qt +io.github.chidiwilliams.Buzz +io.github.dvlv.boxbuddyrs +io.github.flattool.Ignition +io.github.prateekmedia.appimagepool +io.gitlab.adhami3310.Impression +io.gitlab.gregorni.Letterpress +io.gitlab.liferooter.TextPieces +io.gitlab.news_flash.NewsFlash +io.missioncenter.MissionCenter +io.podman_desktop.PodmanDesktop +md.obsidian.Obsidian +net.nokyan.Resources +org.freedesktop.Bustle +org.gnome.DejaDup +org.gnome.NetworkDisplays +org.gnome.Solanum +org.gnome.World.Iotas +org.localsend.localsend_app +org.nickvision.tubeconverter +org.raspberrypi.rpi-imager +page.kramo.Cartridges +se.sjoerd.Graphs diff --git a/ansible/roles/packages/files/pkglist.txt b/ansible/roles/packages/files/pkglist.txt new file mode 100644 index 0000000..02a9313 --- /dev/null +++ b/ansible/roles/packages/files/pkglist.txt @@ -0,0 +1,264 @@ +7zip +adw-gtk-theme +aic94xx-firmware +alacritty +ansible +argocd +ast-firmware +authenticator +baobab +base +base-devel +bind +bluez-utils +bridge-utils +broadcom-wl-dkms +btop +btrbk +btrfs-assistant +btrfs-progs +bun-bin +cargo-zigbuild +chaotic-keyring +chaotic-mirrorlist +chezmoi +chromium +clang +cmake +compsize +cronie +cuda +decibels +distrobox +dnsmasq +docker +docker-buildx +docker-compose +dosfstools +dracula-grub-theme-git +efibootmgr +epiphany +evince +exfatprogs +fastfetch +firefox +fish +foremost +fuse2 +fzf +gdm +gemini-cli +gftp +ghostty +gimp +git +git-lfs +gitg +github-cli +glances +gnome-backgrounds +gnome-boxes +gnome-browser-connector +gnome-builder +gnome-calculator +gnome-calendar +gnome-characters +gnome-clocks +gnome-color-manager +gnome-connections +gnome-console +gnome-contacts +gnome-control-center +gnome-disk-utility +gnome-font-viewer +gnome-keyring +gnome-keysign +gnome-logs +gnome-maps +gnome-menus +gnome-music +gnome-remote-desktop +gnome-session +gnome-settings-daemon +gnome-shell +gnome-shell-extension-caffeine +gnome-shell-extension-desktop-icons-ng +gnome-shell-extensions +gnome-software +gnome-system-monitor +gnome-text-editor +gnome-themes-extra +gnome-tour +gnome-tweaks +gnome-user-docs +gnome-user-share +gnome-weather +go +go-tools +google-chrome +gparted +grilo-plugins +grub +grub-btrfs +gtk-engine-murrine +gvfs +gvfs-afc +gvfs-dnssd +gvfs-goa +gvfs-google +gvfs-gphoto2 +gvfs-mtp +gvfs-nfs +gvfs-onedrive +gvfs-smb +gvfs-wsdd +helm +htop +inetutils +inkscape +inotify-tools +intel-media-driver +intel-ucode +iwd +jq +k9s +krew +kvantum-theme-orchis-git +less +libreoffice-still +libva-intel-driver +linux +linux-firmware +linux-firmware-qlogic +linux-headers +linux-zen +linux-zen-headers +loupe +malcontent +mesa-demos +mesa-utils +mplayer +nano +nautilus +netctl +network-manager-applet +networkmanager +nfs-utils +npm +open-iscsi +opencl-mesa +optipng +orca +perl-image-exiftool +pnpm +podman +prettier +python-pip +python-standard-aifc +python-standard-cgi +python-standard-chunk +python-uv +qpdf +rclone +rdfind +restic +rustup +rygel +s3fs-fuse +seahorse +simple-scan +smartmontools +snapshot +spotify +starship +sushi +tailscale +tecla +tela-circle-icon-theme-all +testdisk +thunderbird +timeshift +timeshift-autosnap +tk +tmux +torbrowser-launcher +totem +typescript +upd72020x-fw +vi +vim +vimix-cursors +virt-manager +virtualbox +visual-studio-code-bin +vlc +vulkan-headers +vulkan-intel +vulkan-nouveau +vulkan-radeon +vulkan-swrast +wd719x-firmware +wget +wireless_tools +wl-clipboard +xclip +xdg-desktop-portal-gnome +xdg-user-dirs-gtk +xdg-utils +xf86-video-amdgpu +xf86-video-ati +xf86-video-nouveau +xf86-video-vesa +xorg-bdftopcf +xorg-docs +xorg-font-util +xorg-fonts-100dpi +xorg-fonts-75dpi +xorg-iceauth +xorg-mkfontscale +xorg-server +xorg-server-devel +xorg-server-xephyr +xorg-server-xnest +xorg-server-xvfb +xorg-sessreg +xorg-smproxy +xorg-x11perf +xorg-xbacklight +xorg-xcmsdb +xorg-xcursorgen +xorg-xdpyinfo +xorg-xdriinfo +xorg-xev +xorg-xgamma +xorg-xhost +xorg-xinit +xorg-xinput +xorg-xkbevd +xorg-xkbutils +xorg-xkill +xorg-xlsatoms +xorg-xlsclients +xorg-xpr +xorg-xrandr +xorg-xrefresh +xorg-xsetroot +xorg-xvinfo +xorg-xwd +xorg-xwininfo +xorg-xwud +yay +yelp +yq +yubikey-personalization-gui +zed +zen-browser-bin +zenity +zig +zip +zoom +zsh +zsh-autosuggestions +zsh-completions +zsh-history-substring-search +zsh-syntax-highlighting diff --git a/ansible/roles/packages/tasks/main.yml b/ansible/roles/packages/tasks/main.yml new file mode 100644 index 0000000..1d06224 --- /dev/null +++ b/ansible/roles/packages/tasks/main.yml @@ -0,0 +1,74 @@ +--- +- name: Ensure yay is installed + block: + - name: Check if yay is already installed + command: which yay + register: yay_check + ignore_errors: yes + tags: [ 'packages', 'yay' ] + + - name: Install dependencies for building yay + pacman: + name: + - git + - base-devel + state: present + when: yay_check.rc != 0 + tags: [ 'packages', 'yay' ] + + - name: Clone yay repository + git: + repo: https://aur.archlinux.org/yay.git + dest: /tmp/yay + clone: yes + update: no + when: yay_check.rc != 0 + tags: [ 'packages', 'yay' ] + + - name: Build and install yay + command: makepkg -si --noconfirm + args: + chdir: /tmp/yay + when: yay_check.rc != 0 + tags: [ 'packages', 'yay' ] + + - name: Remove yay build directory + file: + path: /tmp/yay + state: absent + when: yay_check.rc != 0 + tags: [ 'packages', 'yay' ] +- name: Install packages from {{ packages_pkglist_file }} + community.general.pacman: + name: "{{ item }}" + state: present + with_lines: + - cat "{{ packages_pkglist_file }}" + tags: [ 'packages', 'pacman' ] +- name: Install AUR packages from {{ packages_aur_pkglist_file }} + command: "yay -S --noconfirm {{ item }}" + with_lines: + - cat "{{ packages_aur_pkglist_file }}" + tags: [ 'packages', 'aur' ] +- name: Install Flatpak packages from {{ packages_flatpak_pkglist_file }} + community.general.flatpak: + name: "{{ item }}" + state: present + with_lines: + - cat "{{ packages_flatpak_pkglist_file }}" + tags: [ 'packages', 'flatpak' ] +- name: Ensure ~/Applications directory exists + ansible.builtin.file: + path: "{{ lookup('env', 'HOME') }}/Applications" + state: directory + mode: "0755" + tags: [ 'packages', 'appimage' ] +- name: Download AppImages from URLs in {{ packages_appimage_pkglist_file }} to ~/Applications + ansible.builtin.get_url: + url: "{{ item }}" + dest: "{{ lookup('env', 'HOME') }}/Applications/{{ item | basename }}" + mode: "0755" + with_lines: + - cat "{{ packages_appimage_pkglist_file }}" + when: item != "" + tags: [ 'packages', 'appimage' ]