server/Workstation
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
afd070b46470c4b2eab04707225347d9fd4a7cf1
Workstation/playbooks/manjaro.yaml
ducoterra afd070b464 Install Yay package manager 
Install yay package manager for AUR packages.
2022-01-30 14:50:50 -05:00

405 lines
10 KiB
YAML
Raw Blame History

- name: Setup Workstation
hosts: localhost
vars:
executable_temp_dir: /tmp
awscli_install_dir: /opt/aws-cli/
vault_version: 1.9.3
swap_file_path: /swap/swapfile
swap_file_size_mb: 4096
tasks:
# SSH
- name: Ensure openssh installed
community.general.pacman:
name: openssh
state: present
become: yes
- name: Curl SSH trusted CA
get_url:
url: https://vault.ducoterra.net/v1/ssh-client-signer/public_key
dest: /etc/ssh/trusted-user-ca-keys.pem
mode: '0660'
become: yes
- name: Create sshd_config file
copy:
dest: "/etc/ssh/sshd_config"
content: |
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
KbdInteractiveAuthentication no
UsePAM yes
PrintMotd no # pam does that
Subsystem sftp /usr/lib/ssh/sftp-server
TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
become: yes
- name: Ensure ssh service started
ansible.builtin.systemd:
name: sshd
state: restarted
daemon_reload: yes
enabled: yes
become: yes
# UFW
- name: Ensure UFW installed
community.general.pacman:
name: ufw
state: present
become: yes
- name: Enable UFW
community.general.ufw:
state: enabled
become: yes
- name: Allow SSH
community.general.ufw:
rule: allow
name: ssh
become: yes
# System Tools
- name: Ensure grub installed
community.general.pacman:
name: grub
state: present
become: yes
- name: Ensure bluez installed
community.general.pacman:
name:
- bluez
- bluez-utils
state: present
become: yes
- name: Ensure bluetooth service started
ansible.builtin.systemd:
name: bluetooth
state: started
enabled: yes
become: yes
- name: Ensure glances installed
community.general.pacman:
name: glances
state: present
become: yes
- name: Ensure htop installed
community.general.pacman:
name: htop
state: present
become: yes
- name: Ensure curl and wget
community.general.pacman:
name:
- curl
- wget
state: present
become: yes
- name: Ensure dconf-editor
community.general.pacman:
name: dconf-editor
state: present
become: yes
- name: Ensure yay installed
community.general.pacman:
name: yay
state: present
become: yes
# Install DNET CA
- name: Download DNET CA
get_url:
url: https://vault.ducoterra.net/v1/dnet/ca
dest: /etc/ca-certificates/trust-source/anchors/dnet_ca.crt
mode: '0660'
become: yes
- name: Update trust store
command: trust extract-compat
become: yes
# dconf settings
- name: Turn off palm rejection
command: dconf write /org/gnome/desktop/peripherals/touchpad/disable-while-typing false
- name: Set flat mouse acceleration profile
command: dconf write /org/gnome/desktop/peripherals/mouse/accel-profile "'flat'"
- name: Center new windows
command: dconf write /org/gnome/mutter/center-new-windows true
# Daily Driver Tools
- name: Ensure vim installed
community.general.pacman:
name: vim
state: present
become: yes
- name: Ensure unzip installed
community.general.pacman:
name: unzip
state: present
become: yes
- name: Ensure chromium installed
community.general.pacman:
name: chromium
state: present
become: yes
- name: Ensure steam installed
community.general.pacman:
name: steam-manjaro
state: present
become: yes
- name: Ensure discord installed
community.general.pacman:
name: discord
state: present
become: yes
- name: Ensure geary installed
community.general.pacman:
name: geary
state: present
become: yes
# Developer Tools
- name: Ensure wine installed
community.general.pacman:
name:
- wine
- winetricks
- wine-mono
- wine_gecko
state: present
become: yes
- name: Ensure wireguard installed
community.general.pacman:
name: wireguard-tools
state: present
become: yes
- name: Ensure ping installed
community.general.pacman:
name: iputils
state: present
become: yes
- name: Ensure nslookup installed
community.general.pacman:
name: dnsutils
state: present
become: yes
- name: Ensure remmina (RDP) installed
community.general.pacman:
name:
- remmina
- freerdp
state: present
become: yes
- name: Ensure docker installed
community.general.pacman:
name:
- docker
- docker-compose
state: present
become: yes
- name: Ensure ducoterra in the "docker" group
ansible.builtin.user:
name: ducoterra
groups: docker
append: yes
become: yes
- name: Ensure kubectl installed
community.general.pacman:
name: kubectl
state: present
become: yes
- name: Ensure python and pip instaled
community.general.pacman:
name:
- python
- python-pip
state: present
become: yes
- name: Install ansible
pip:
name: ansible
extra_args: --user
- name: Install qmk
pip:
name: qmk
extra_args: --user
- name: Run qmk setup
ansible.builtin.command: qmk setup -y
- name: Copy qmk udev rules
ansible.builtin.copy:
src: ~/qmk_firmware/util/udev/50-qmk.rules
dest: /etc/udev/rules.d/50-qmk.rules
owner: ducoterra
group: root
mode: '0755'
become: yes
# AWS CLI
- name: Download awscli v2 installer - latest version
unarchive:
src: https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip
dest: '{{ executable_temp_dir }}'
remote_src: true
creates: '{{ executable_temp_dir }}/aws'
mode: 0755
when: awscli_version is not defined
tags: ["awscli", "awscliv2"]
- name: Download awscli v2 installer - specific version {{ awscli_version }}
unarchive:
src: 'https://awscli.amazonaws.com/awscli-exe-linux-x86_64-{{ awscli_version }}.zip'
dest: "{{ executable_temp_dir }}"
remote_src: true
creates: '{{ executable_temp_dir }}/aws'
mode: 0755
when: awscli_version is defined
tags: ["awscli", "awscliv2"]
- name: Run the installer for awscli v2
command:
args:
cmd: '{{ executable_temp_dir }}/aws/install -i {{ awscli_install_dir }} -b /usr/local/bin'
creates: /usr/local/bin/aws
become: yes
tags: ["awscli", "awscliv2"]
# Vault CLI
- name: Download vault binary
unarchive:
src: https://releases.hashicorp.com/vault/{{vault_version}}/vault_{{vault_version}}_linux_amd64.zip
dest: '{{ executable_temp_dir }}'
remote_src: true
creates: '{{ executable_temp_dir }}/vault'
mode: 0755
- name: Move vault binary to /usr/local/bin
ansible.builtin.copy:
src: '{{ executable_temp_dir }}/vault'
dest: /usr/local/bin/vault
owner: root
group: root
mode: '0755'
become: yes
# Snap Installs
- name: Ensure snap installed
community.general.pacman:
name: snapd
state: present
become: yes
- name: Ensure snapd service running
ansible.builtin.systemd:
name: snapd.socket
state: started
enabled: yes
become: yes
- name: Link /var/lib/snapd/snap /snap
ansible.builtin.file:
src: /var/lib/snapd/snap
dest: /snap
owner: root
group: root
state: link
become: yes
- name: Install snap-store
community.general.snap:
name: snap-store
state: present
become: yes
- name: Install vscode
community.general.snap:
name: code
state: present
classic: yes
become: yes
- name: Install spotify
community.general.snap:
name: spotify
state: present
become: yes
# Create swap
- name: Turn off swap
command: "swapoff --all"
become: yes
- name: Remove old swap file
file:
state: absent
path: "{{ swap_file_path }}"
- name: Create swap file
command: truncate -s 0 "{{ swap_file_path }}"
creates="{{ swap_file_path }}"
become: yes
- name: Set swap compression
command: chattr +C "{{ swap_file_path }}"
become: yes
- name: Allocate swap space
command: fallocate -l "{{ swap_file_size_mb }}M" "{{ swap_file_path }}"
become: yes
- name: Change swap file permissions
file: path="{{ swap_file_path }}"
owner=root
group=root
mode=0600
become: yes
- name: "Check swap file type"
command: file {{ swap_file_path }}
register: swapfile
become: yes
- name: Make swap file
command: "mkswap {{ swap_file_path }}"
become: yes
- name: Write swap entry in fstab
mount: name=none
src={{ swap_file_path }}
fstype=swap
opts=sw
passno=0
dump=0
state=present
become: yes
- name: Mount swap
command: "swapon {{ swap_file_path }}"
become: yes
- name: Set swappiness
command: sysctl -w vm.swappiness=1
become: yes
- name: Make swappiness permanent
copy:
dest: "/etc/sysctl.d/99-swappiness.conf"
content: |
vm.swappiness=1
become: yes
# Minecraft
- name: Clone minecraft-launcher repo
ansible.builtin.git:
repo: 'https://aur.archlinux.org/minecraft-launcher.git'
dest: '{{ executable_temp_dir }}/minecraft-launcher'
- name: Install minecraft-launcher with makepkg
command: makepkg -si --noconfirm
args:
chdir: '{{ executable_temp_dir }}/minecraft-launcher'
# Citrix ICA Client (Citrix Receiver)
- name: Clone citrix-receiver repo
ansible.builtin.git:
repo: 'https://aur.archlinux.org/icaclient.git'
dest: '{{ executable_temp_dir }}/citrix-receiver'
- name: Install citrix-receiver with makepkg
command: makepkg -si --noconfirm
args:
chdir: '{{ executable_temp_dir }}/citrix-receiver'
- name: Create INI client dir for citrix receiver
file:
state: directory
path: '~/.ICAClient/cache'
- name: Copy INI Files to ICAClient so citrix receiver works
ansible.builtin.copy:
src: '/opt/Citrix/ICAClient/config/{{ item }}.ini'
dest: '~/.ICAClient/{{ item }}.ini'
loop:
- All_Regions
- Trusted_Region
- Unknown_Region
- canonicalization
- regions
# Reboot
- name: Unconditionally reboot the machine with all defaults
reboot:
become: yes
Reference in New Issue View Git Blame Copy Permalink