willlaptop/ansible

Ansible Playbooks for Machine Setup

This repository contains Ansible playbooks and roles for setting up a new machine, including common configurations, package installations, and user management.

Table of Contents

• Requirements
• Inventory
• Playbooks
• Roles
  • Common Role
  • Packages Role
• Usage Examples
• Sensitive Data

Requirements

To run these Ansible playbooks, you need:

• Ansible: Version 2.10 or higher is recommended.
• Python: Python 3 on both the control machine and target hosts.
• SSH Access: Password-less SSH access (or password-based with --ask-pass) to your target machines.

Inventory

The inventory file defines the hosts and groups that Ansible will manage. A typical inventory file might look like this:

[new_machine]
192.168.153.117 ansible_user=your_ssh_user ansible_ssh_pass=your_ssh_password

[all:vars]
ansible_python_interpreter=/usr/bin/python3

Note: Replace 192.168.153.117 with your target machine's IP address or hostname, your_ssh_user with your SSH username, and your_ssh_password with the SSH password if not using SSH keys.

Playbooks

playbook.yml

This is the main playbook that orchestrates the setup of a new machine by applying the common and packages roles.

To run the playbook:

ansible-playbook -i inventory playbook.yml --ask-become-pass

To perform a dry-run (check what changes would be made without applying them):

ansible-playbook -i inventory playbook.yml --check

Roles

Common Role

The common role (roles/common/) sets up basic system configurations, including:

• Setting the hostname.
• Configuring network interfaces (WiFi and Ethernet).
• Managing user accounts (e.g., will and root password).
• Configuring SSH daemon settings.

Variables:

Default variables for this role are defined in roles/common/defaults/main.yml. You can override these variables in your inventory, group_vars, or by passing them via the command line.

Tags:

Tasks in the common role are tagged for selective execution:

• hostname: For tasks related to hostname configuration.
• network: For tasks related to network configuration (includes wifi and ethernet).
• wifi: Specifically for WiFi configuration.
• ethernet: Specifically for Ethernet configuration.
• users: For tasks related to user and password management.
• sshd: For tasks related to SSH daemon configuration.

Example: To only run network-related tasks:

ansible-playbook -i inventory playbook.yml --tags "network" --ask-become-pass

Packages Role

The packages role (roles/packages/) handles the installation of various software packages:

• Ensuring yay (AUR helper for Arch Linux) is installed.
• Installing packages from pkglist.txt (using pacman).
• Installing AUR packages from aur_pkglist.txt (using yay).
• Installing Flatpak packages from flatpak_pkglist.txt.
• Downloading AppImages from appimage_pkglist.txt.

Variables:

Default variables for this role, primarily file paths for package lists, are defined in roles/packages/defaults/main.yml.

Tags:

Tasks in the packages role are tagged for selective execution:

• yay: For tasks related to yay installation.
• pacman: For tasks installing packages via pacman.
• aur: For tasks installing packages via yay (AUR).
• flatpak: For tasks installing Flatpak packages.
• appimage: For tasks downloading AppImages.

Example: To only install Flatpak packages:

ansible-playbook -i inventory playbook.yml --tags "flatpak" --ask-become-pass

Sensitive Data

This project contains sensitive information such as passwords. It is highly recommended to use Ansible Vault to encrypt sensitive variables and files. For example, you can encrypt roles/common/defaults/main.yml or specific variables within it.

To encrypt a file:

ansible-vault encrypt roles/common/defaults/main.yml

To view or edit an encrypted file:

ansible-vault edit roles/common/defaults/main.yml

When running playbooks with encrypted files, you will need to provide the vault password:

ansible-playbook -i inventory playbook.yml --ask-vault-pass --ask-become-pass