# Ansible Playbooks for Machine Setup This repository contains Ansible playbooks and roles for setting up a new machine, including common configurations, package installations, and user management. ## Table of Contents - [Requirements](#requirements) - [Inventory](#inventory) - [Playbooks](#playbooks) - [Roles](#roles) - [Common Role](#common-role) - [Packages Role](#packages-role) - [Usage Examples](#usage-examples) - [Sensitive Data](#sensitive-data) ## Requirements To run these Ansible playbooks, you need: * **Ansible:** Version 2.10 or higher is recommended. * **Python:** Python 3 on both the control machine and target hosts. * **SSH Access:** Password-less SSH access (or password-based with `--ask-pass`) to your target machines. ## Inventory The `inventory` file defines the hosts and groups that Ansible will manage. A typical `inventory` file might look like this: ```ini [new_machine] 192.168.153.117 ansible_user=your_ssh_user ansible_ssh_pass=your_ssh_password [all:vars] ansible_python_interpreter=/usr/bin/python3 ``` **Note:** Replace `192.168.153.117` with your target machine's IP address or hostname, `your_ssh_user` with your SSH username, and `your_ssh_password` with the SSH password if not using SSH keys. ## Playbooks ### `playbook.yml` This is the main playbook that orchestrates the setup of a new machine by applying the `common` and `packages` roles. To run the playbook: ```bash ansible-playbook -i inventory playbook.yml --ask-become-pass ``` To perform a dry-run (check what changes would be made without applying them): ```bash ansible-playbook -i inventory playbook.yml --check ``` ## Roles ### Common Role The `common` role (`roles/common/`) sets up basic system configurations, including: * Setting the hostname. * Configuring network interfaces (WiFi and Ethernet). * Managing user accounts (e.g., `will` and root password). * Configuring SSH daemon settings. **Variables:** Default variables for this role are defined in `roles/common/defaults/main.yml`. You can override these variables in your inventory, group_vars, or by passing them via the command line. **Tags:** Tasks in the `common` role are tagged for selective execution: * `hostname`: For tasks related to hostname configuration. * `network`: For tasks related to network configuration (includes `wifi` and `ethernet`). * `wifi`: Specifically for WiFi configuration. * `ethernet`: Specifically for Ethernet configuration. * `users`: For tasks related to user and password management. * `sshd`: For tasks related to SSH daemon configuration. Example: To only run network-related tasks: ```bash ansible-playbook -i inventory playbook.yml --tags "network" --ask-become-pass ``` ### Packages Role The `packages` role (`roles/packages/`) handles the installation of various software packages: * Ensuring `yay` (AUR helper for Arch Linux) is installed. * Installing packages from `pkglist.txt` (using `pacman`). * Installing AUR packages from `aur_pkglist.txt` (using `yay`). * Installing Flatpak packages from `flatpak_pkglist.txt`. * Downloading AppImages from `appimage_pkglist.txt`. **Variables:** Default variables for this role, primarily file paths for package lists, are defined in `roles/packages/defaults/main.yml`. **Tags:** Tasks in the `packages` role are tagged for selective execution: * `yay`: For tasks related to `yay` installation. * `pacman`: For tasks installing packages via `pacman`. * `aur`: For tasks installing packages via `yay` (AUR). * `flatpak`: For tasks installing Flatpak packages. * `appimage`: For tasks downloading AppImages. Example: To only install Flatpak packages: ```bash ansible-playbook -i inventory playbook.yml --tags "flatpak" --ask-become-pass ``` ## Sensitive Data This project contains sensitive information such as passwords. It is highly recommended to use **Ansible Vault** to encrypt sensitive variables and files. For example, you can encrypt `roles/common/defaults/main.yml` or specific variables within it. To encrypt a file: ```bash ansible-vault encrypt roles/common/defaults/main.yml ``` To view or edit an encrypted file: ```bash ansible-vault edit roles/common/defaults/main.yml ``` When running playbooks with encrypted files, you will need to provide the vault password: ```bash ansible-playbook -i inventory playbook.yml --ask-vault-pass --ask-become-pass ```