From 014a1123d2fcd0d99a42c559d2acb6c7daad53d3 Mon Sep 17 00:00:00 2001 From: ducoterra Date: Fri, 28 Jan 2022 20:45:56 -0500 Subject: [PATCH] Add manjaro playbook Add basic manjaro playbook that installs software, sets up swap, and sets some basic configuration. --- README.md | 6 + playbooks/manjaro.yaml | 296 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 302 insertions(+) create mode 100644 playbooks/manjaro.yaml diff --git a/README.md b/README.md index 5d40fdc..e4e0436 100644 --- a/README.md +++ b/README.md @@ -18,3 +18,9 @@ Run an ad-hoc command ```bash ansible pi -i hosts --become-method=sudo --ask-become-pass --become -a "apt update" ``` + +Run a playbook + +```bash +ansible-playbook -i hosts --ask-become-pass playbooks/pi.yaml +``` diff --git a/playbooks/manjaro.yaml b/playbooks/manjaro.yaml new file mode 100644 index 0000000..09bdc7a --- /dev/null +++ b/playbooks/manjaro.yaml @@ -0,0 +1,296 @@ +- name: Setup Workstation + hosts: localhost + vars: + executable_temp_dir: /tmp + awscli_install_dir: /opt/aws-cli/ + vault_version: 1.9.3 + swap_file_path: /swap/swapfile + swap_file_size_mb: 4096 + + tasks: + # System Tools + - name: Ensure grub installed + community.general.pacman: + name: grub + state: present + become: yes + - name: Ensure bluez installed + community.general.pacman: + name: + - bluez + - bluez-utils + state: present + become: yes + - name: Ensure bluetooth service started + ansible.builtin.systemd: + name: bluetooth + state: started + enabled: yes + become: yes + - name: Ensure glances installed + community.general.pacman: + name: glances + state: present + become: yes + - name: Ensure htop installed + community.general.pacman: + name: htop + state: present + become: yes + - name: Ensure curl and wget + community.general.pacman: + name: + - curl + - wget + state: present + become: yes + + # Install DNET CA + - name: Download DNET CA + get_url: + url: https://vault.ducoterra.net/v1/dnet/ca + dest: /etc/ca-certificates/trust-source/anchors/dnet_ca.crt + mode: '0660' + become: yes + - name: Update trust store + command: trust extract-compat + become: yes + + # Palm Rejection + - name: Turn off palm rejection + command: dconf write /org/gnome/desktop/peripherals/touchpad/disable-while-typing false + become: yes + - name: Reload dconf + command: dconf update + become: yes + + # Daily Driver Tools + - name: Ensure vim installed + community.general.pacman: + name: vim + state: present + become: yes + - name: Ensure unzip installed + community.general.pacman: + name: unzip + state: present + become: yes + - name: Ensure chromium installed + community.general.pacman: + name: chromium + state: present + become: yes + - name: Ensure steam installed + community.general.pacman: + name: steam-manjaro + state: present + become: yes + - name: Ensure discord installed + community.general.pacman: + name: discord + state: present + become: yes + - name: Ensure geary installed + community.general.pacman: + name: geary + state: present + become: yes + + # Developer Tools + - name: Ensure wireguard installed + community.general.pacman: + name: wireguard-tools + state: present + become: yes + - name: Ensure ping installed + community.general.pacman: + name: iputils + state: present + become: yes + - name: Ensure docker installed + community.general.pacman: + name: + - docker + - docker-compose + state: present + become: yes + - name: Ensure ducoterra in the "docker" group + ansible.builtin.user: + name: ducoterra + groups: docker + append: yes + become: yes + - name: Ensure kubectl installed + community.general.pacman: + name: kubectl + state: present + become: yes + - name: Ensure python and pip instaled + community.general.pacman: + name: + - python + - python-pip + state: present + become: yes + - name: Install ansible + pip: + name: ansible + extra_args: --user + - name: Install ansible + pip: + name: qmk + extra_args: --user + - name: Run qmk setup + ansible.builtin.command: qmk setup -y + - name: Copy qmk udev rules + ansible.builtin.copy: + src: ~/qmk_firmware/util/udev/50-qmk.rules + dest: /etc/udev/rules.d/50-qmk.rules + owner: ducoterra + group: root + mode: '0755' + become: yes + + # AWS CLI + - name: Download awscli v2 installer - latest version + unarchive: + src: https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip + dest: '{{ executable_temp_dir }}' + remote_src: true + creates: '{{ executable_temp_dir }}/aws' + mode: 0755 + when: awscli_version is not defined + tags: ["awscli", "awscliv2"] + - name: Download awscli v2 installer - specific version {{ awscli_version }} + unarchive: + src: 'https://awscli.amazonaws.com/awscli-exe-linux-x86_64-{{ awscli_version }}.zip' + dest: "{{ executable_temp_dir }}" + remote_src: true + creates: '{{ executable_temp_dir }}/aws' + mode: 0755 + when: awscli_version is defined + tags: ["awscli", "awscliv2"] + - name: Run the installer for awscli v2 + command: + args: + cmd: '{{ executable_temp_dir }}/aws/install -i {{ awscli_install_dir }} -b /usr/local/bin' + creates: /usr/local/bin/aws + become: yes + tags: ["awscli", "awscliv2"] + + # Vault CLI + - name: Download vault binary + unarchive: + src: https://releases.hashicorp.com/vault/{{vault_version}}/vault_{{vault_version}}_linux_amd64.zip + dest: '{{ executable_temp_dir }}' + remote_src: true + creates: '{{ executable_temp_dir }}/vault' + mode: 0755 + - name: Move vault binary to /usr/local/bin + ansible.builtin.copy: + src: '{{ executable_temp_dir }}/vault' + dest: /usr/local/bin/vault + owner: root + group: root + mode: '0755' + become: yes + + # Snap Installs + - name: Ensure snap installed + community.general.pacman: + name: snapd + state: present + become: yes + - name: Ensure snapd service running + ansible.builtin.systemd: + name: snapd.socket + state: started + enabled: yes + become: yes + - name: Link /var/lib/snapd/snap /snap + ansible.builtin.file: + src: /var/lib/snapd/snap + dest: /snap + owner: root + group: root + state: link + become: yes + - name: Install snap-store + community.general.snap: + name: snap-store + state: present + become: yes + - name: Install vscode + community.general.snap: + name: code + state: present + classic: yes + become: yes + - name: Install spotify + community.general.snap: + name: spotify + state: present + become: yes + + # Create swap + - name: Turn off swap + command: "swapoff --all" + become: yes + - name: Remove old swap file + file: + state: absent + path: "{{ swap_file_path }}" + - name: Create swap file + command: truncate -s 0 "{{ swap_file_path }}" + creates="{{ swap_file_path }}" + become: yes + - name: Set swap compression + command: chattr +C "{{ swap_file_path }}" + become: yes + - name: Allocate swap space + command: fallocate -l "{{ swap_file_size_mb }}M" "{{ swap_file_path }}" + become: yes + - name: Change swap file permissions + file: path="{{ swap_file_path }}" + owner=root + group=root + mode=0600 + become: yes + - name: "Check swap file type" + command: file {{ swap_file_path }} + register: swapfile + become: yes + - name: Make swap file + command: "mkswap {{ swap_file_path }}" + become: yes + - name: Write swap entry in fstab + mount: name=none + src={{ swap_file_path }} + fstype=swap + opts=sw + passno=0 + dump=0 + state=present + become: yes + - name: Mount swap + command: "swapon {{ swap_file_path }}" + become: yes + - name: Set swappiness + command: sysctl -w vm.swappiness=1 + become: yes + - name: Make swappiness permanent + copy: + dest: "/etc/sysctl.d/99-swappiness.conf" + content: | + vm.swappiness=1 + become: yes + + # Minecraft + - name: Clone minecraft-launcher repo + ansible.builtin.git: + repo: 'https://aur.archlinux.org/minecraft-launcher.git' + dest: '{{ executable_temp_dir }}/minecraft-launcher' + - name: Install minecraft-launcher with makepkg + command: makepkg -si --noconfirm + args: + chdir: '{{ executable_temp_dir }}/minecraft-launcher'