hannes/dotfiles
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: hannes:b5da26cb91a80cb1a9f1f0c17c4c95ca632e91f5
Branches Tags
hannes:master hannes:test2
..
compare: hannes:a268f37854537c7d5c050c36fd57c1b2717f614a
Branches Tags
hannes:master hannes:test2

66 Commits
b5da26cb91 ... a268f37854

Author SHA1 Message Date
Hannes Körber
a268f37854 Install drone CLI 2024-04-27 14:03:19 +02:00
Hannes Körber
6cd47dabc1 Do not start yubikey touch detector without gpg 2024-04-26 16:42:34 +02:00
Hannes Körber
213cd9b6a1 Remove bluetooth 2024-04-26 15:18:37 +02:00
Hannes Körber
28b3e95b2c Remove firefox config entries that change all the time anyway 2024-04-26 15:16:54 +02:00
Hannes Körber
43b9dd3b08 Try to make systemd unit handling idempotent 2024-04-26 15:15:14 +02:00
Hannes Körber
49a7762e6c Add test script using QEMU 2024-04-26 12:08:29 +02:00
Hannes Körber
147866ca69 Update firefox role 2024-04-26 12:08:29 +02:00
Hannes Körber
87e8771d36 Increase wttr.in query interval 2024-04-26 12:08:29 +02:00
Hannes Körber
66b77f6cd1 Uninstall unneeded packages 2024-04-26 12:08:29 +02:00
Hannes Körber
ea804c530d Streamling tagging & formatting 2024-04-26 12:08:29 +02:00
Hannes Körber
eecd828d60 Build vim-plug from aur 2024-04-26 12:06:04 +02:00
Hannes Körber
1da6bf597d Try to get rid of every preinstall gpg-agent user unit 2024-04-26 12:06:04 +02:00
Hannes Körber
d5c539eae1 Install archlinux packaging tools 2024-04-26 12:06:04 +02:00
Hannes Körber
e64893cac9 i3status: Fix error during battery charging 2024-04-26 12:06:04 +02:00
Hannes Körber
6ab8560b4e i3: Output tray on each screen 2024-04-26 12:06:04 +02:00
Hannes Körber
3220bc41e8 neptune: Update workspace & screen setup 2024-04-26 12:06:04 +02:00
Hannes Körber
27b46020e3 Fix gpg-agent service 2024-04-26 12:06:04 +02:00
Hannes Körber
aba24190db Install shfmt 2024-04-25 13:00:49 +02:00
Hannes Körber
a3e64c6145 Remove archlinux-java-run pkgbuild 2024-04-25 13:00:49 +02:00
Hannes Körber
64e1e6d5d0 Pass env variables explicitly to systemd 2024-04-25 13:00:49 +02:00
Hannes Körber
a6d672c353 Make FEATURE_DIR a non-global 2024-04-25 13:00:49 +02:00
Hannes Körber
6fc3c2aedb Remove unnecessary env variables 2024-04-25 08:08:51 +02:00
Hannes Körber
8c55badccb Retry initial password prompt 2024-04-25 08:08:51 +02:00
Hannes Körber
555d2bf7f2 Install mold 2024-04-25 08:08:51 +02:00
Hannes Körber
f28922c9e8 Install more packages 2024-04-24 12:40:35 +02:00
Hannes Körber
58772148b3 Skip skeleton on user creation 2024-04-24 12:40:35 +02:00
Hannes Körber
69b390bc40 Update ares install script 2024-04-24 12:40:35 +02:00
Hannes Körber
c107056db8 bash: Remove unnecessary xtrace 2024-04-24 12:40:35 +02:00
Hannes Körber
620249c9dc aur: Skip compression 2024-04-24 12:40:35 +02:00
Hannes Körber
914dd2cb4b aur: Fix allowed exit codes 2024-04-24 12:40:35 +02:00
Hannes Körber
f70309fedd Make curl options for gpg stricter 2024-04-24 12:40:35 +02:00
Hannes Körber
d8c6fd6699 aur: Switch to prebuilt portfolio binaries 2024-04-24 12:40:35 +02:00
Hannes Körber
f21b69da62 aur: Build each package with its own GNUPGHOME 2024-04-22 15:17:21 +02:00
Hannes Körber
e99b513e3b Skip explicit unmounts 2024-04-22 15:17:18 +02:00
Hannes Körber
b57217f934 Simplify handling of permissions of dotfiles directory 2024-04-22 15:17:01 +02:00
Hannes Körber
42cf7807ab Shorted install script 2024-04-22 15:17:01 +02:00
Hannes Körber
944ba883d7 Do not install git or python on install 
They will be installed by ansible, and are not required for the
ansible run.
 2024-04-22 15:17:01 +02:00
Hannes Körber
3521508ff4 install: Remove submodule update 
It has do be done properly during checkout, we assume they are
already there.
 2024-04-22 15:17:01 +02:00
Hannes Körber
200e5645cd Remove wrong comment in neptune script 2024-04-22 15:17:01 +02:00
Hannes Körber
2d755648b8 Remove ares-specific boostrap script 2024-04-22 15:17:01 +02:00
Hannes Körber
bf8acd7f71 Install kernel headers 2024-04-22 14:47:15 +02:00
Hannes Körber
864885d47d Streaming install scripts 2024-04-22 14:27:52 +02:00
Hannes Körber
cc447fb2c8 zsh: Set password on first login 2024-04-22 14:27:52 +02:00
Hannes Körber
00d68fdcb8 install.sh: Fix weird naming 2024-04-22 14:17:29 +02:00
Hannes Körber
cf98ddc251 aur: Make building finally work 2024-04-22 14:17:29 +02:00
Hannes Körber
24b55cf890 aur: Install dependencies before the packages themselves 2024-04-22 14:17:29 +02:00
Hannes Körber
686bbd0e34 Add nextcloud workaround 2024-04-22 14:17:29 +02:00
Hannes Körber
4afcff4bb1 Add script to check for AUR updates 2024-04-22 14:17:29 +02:00
Hannes Körber
d15b2b08da Add generic boostrap script 2024-04-22 14:17:29 +02:00
Hannes Körber
cfbb5df774 Add install script for neptune 2024-04-22 14:17:29 +02:00
Hannes Körber
94d4fcb178 Fix install script 2024-04-22 14:16:32 +02:00
Hannes Körber
aa498a4d92 Add qr generator script 2024-04-20 17:35:43 +02:00
Hannes Körber
15a5bb3696 Add a bunch of useful software 2024-04-20 12:54:00 +02:00
Hannes Körber
99c69b80d0 Configure git-delta 2024-04-20 12:53:42 +02:00
Hannes Körber
af36980a81 Make user unit handling work 2024-04-20 12:10:24 +02:00
Hannes Körber
9b1fad9530 Remove per-user sudo config 2024-04-20 12:10:24 +02:00
Hannes Körber
cbded3e6c6 Remove unnecessary sudo in aur builder 2024-04-20 12:10:24 +02:00
Hannes Körber
3cd47bdf02 Install packages earlier in playbook 2024-04-20 12:10:24 +02:00
Hannes Körber
a3c7939ff0 bootstrap: Install git if not present 2024-04-20 12:10:24 +02:00
Hannes Körber
3ed374e539 aur: Build intelephense 2024-04-20 12:10:24 +02:00
Hannes Körber
5f8348d0e2 Install cloudformation linter 2024-04-20 12:07:32 +02:00
Hannes Körber
1d72427091 Install more qemu goodies 2024-04-20 12:07:24 +02:00
Hannes Körber
ec7c47073b Add doas as sudo alternative 
Cannot get rid of sudo (yet?), as base-devel depends on it
 2024-04-20 12:07:04 +02:00
Hannes Körber
421d877143 Use KP_Enter to toggle mute 2024-04-20 11:39:55 +02:00
Hannes Körber
a6c61cb1c8 Do not fail laptop-lid service if already set correctly 2024-04-20 11:39:41 +02:00
Hannes Körber
6811e62c97 rg: Ignore .git file 2024-04-16 11:56:05 +02:00
29 changed files with 1453 additions and 943 deletions
Expand all files Collapse all files

18
.gitmodules vendored
View File

@@ -1,15 +1,15 @@
[submodule "contrib/vim-plug"]
path = contrib/vim-plug
url = https://github.com/junegunn/vim-plug
[submodule "ansible_roles/firefox"]
path = ansible_roles/firefox
url = https://github.com/staticdev/ansible-role-firefox
[submodule "pkgbuilds/spotify"]
path = pkgbuilds/spotify
url = https://aur.archlinux.org/spotify.git
[submodule "pkgbuilds/archlinux-java-run"]
path = pkgbuilds/archlinux-java-run
url = https://aur.archlinux.org/archlinux-java-run.git
[submodule "pkgbuilds/portfolio"]
path = pkgbuilds/portfolio
url = https://aur.archlinux.org/portfolio.git
[submodule "pkgbuilds/nodejs-intelephense"]
path = pkgbuilds/nodejs-intelephense
url = https://aur.archlinux.org/nodejs-intelephense.git
[submodule "pkgbuilds/portfolio-performance-bin"]
path = pkgbuilds/portfolio-performance-bin
url = https://aur.archlinux.org/portfolio-performance-bin.git
[submodule "pkgbuilds/vim-plug"]
path = pkgbuilds/vim-plug
url = https://aur.archlinux.org/vim-plug.git

18
_machines/neptune.yml
View File

@@ -59,12 +59,12 @@ users:
- personal_projects
screen:
1: DP-3
2: DP-3
3: DP-4
4: DP-4
5: DP-4
6: DP-4
1: DP-4-1-6
2: DP-4-1-6
3: DP-4-1-6
4: DP-4-1-6
5: DP-4-1-6
6: DP-4-1-6
7: eDP-1
8: eDP-1
9: eDP-1
@@ -72,9 +72,9 @@ screen:
workspace:
1: ""
2: ""
3: " local"
4: " remote"
2: ""
3: ""
4: ""
7: ""
8: ""
9: ""

2
ansible_roles/firefox

Submodule ansible_roles/firefox updated: fe50549acc...2151dce632

1
autostart/autostart.target.j2
View File

@@ -2,7 +2,6 @@
BindsTo=windowmanager.target
After=windowmanager.target
Wants=blueman.service
Wants=dpms.service
Wants=dunst.service
{% for profile, config in (user.firefox_profiles|default({})).items() %}

8
autostart/services/blueman.service
View File

@@ -1,8 +0,0 @@
[Unit]
BindsTo=autostart.target
After=windowmanager.target
[Service]
ExecStart=/usr/bin/env blueman-applet
PassEnvironment=DISPLAY
Restart=always

2
autostart/services/gpg-agent.service
View File

@@ -5,7 +5,7 @@ ConditionPathExists=%t/features/gpg_agent
[Service]
Type=forking
ExecStart=/usr/bin/env gpg-agent --no-detach --daemon
ExecStart=/usr/bin/env gpg-agent --daemon
PassEnvironment=DISPLAY GNUPGHOME
Restart=always

2
autostart/services/laptop-lid.service
View File

@@ -5,6 +5,6 @@ ConditionPathExists=%t/features/machine_is_laptop
[Service]
Type=oneshot
ExecStart=/usr/bin/env bash -c 'grep "^${ACPI_LID_NAME}.*enabled" /proc/acpi/wakeup && echo " ${ACPI_LID_NAME}" | sudo tee /proc/acpi/wakeup'
ExecStart=/usr/bin/env bash -c 'grep "^${ACPI_LID_NAME}.*enabled" /proc/acpi/wakeup && echo " ${ACPI_LID_NAME}" | sudo tee /proc/acpi/wakeup || true'
RemainAfterExit=true
PassEnvironment=DISPLAY

1
autostart/services/yubikey-touch-detector.service
View File

@@ -3,6 +3,7 @@ BindsTo=autostart.target
PartOf=gpg-agent.service
After=windowmanager.target
After=gpg-agent.service
ConditionPathExists=%t/features/gpg_agent
[Service]
ExecStart=/usr/bin/env yubikey-touch-detector -libnotify

3
bin/qr Executable file
View File

@@ -0,0 +1,3 @@
#!/usr/bin/env bash
qrencode "$*" -o - | imv -

3
check-aur-updates.sh Executable file
View File

@@ -0,0 +1,3 @@
#!/usr/bin/env bash
git submodule update --remote pkgbuilds/*

1
contrib/vim-plug

Submodule contrib/vim-plug deleted from c3b6b7c297

12
git/gitconfig.j2
View File

@@ -71,6 +71,9 @@
fileMode = true
whitespace = "blank-at-eol,space-before-tab,blank-at-eof"
abbrev = 8
pager = delta
[interactive]
diffFilter = delta --color-only
[color]
ui = true
[column]
@@ -78,7 +81,7 @@
[push]
default = simple
[merge]
tool = vimdiff
conflictstyle = diff3
[gc]
auto = 0
[advice]
@@ -105,7 +108,6 @@
autoStash = true
[diff]
submodule = log
mnemonicPrefix = true
renameLimit = 1199
[branch]
autoSetupMerge = true
@@ -124,3 +126,9 @@
directory = /var/lib/dotfiles
[includeIf "gitdir:/var/lib/dotfiles"]
path = /var/lib/dotfiles/gitcfg
[delta]
navigate = true # use n and N to move between diff sections
# delta detects terminal colors automatically; set one of these to disable auto-detection
# dark = true
# light = true

2
i3/config.j2
View File

@@ -329,6 +329,7 @@ bindsym XF86MonBrightnessDown exec --no-startup-id xbacklight -dec 8 ; exec --no
bindsym $mod+m exec --no-startup-id pactl set-source-mute '@DEFAULT_SOURCE@' toggle
bindsym $mod+space exec --no-startup-id pactl set-source-mute '@DEFAULT_SOURCE@' toggle
bindsym KP_Enter exec --no-startup-id pactl set-source-mute '@DEFAULT_SOURCE@' toggle
##############################################################################
### BARS #######################################################################
@@ -338,7 +339,6 @@ bar {
mode dock
position bottom
tray_output primary
tray_padding 2
strip_workspace_numbers no

3
i3/i3status-rust/config.toml.j2
View File

@@ -68,6 +68,7 @@ interval = 1
block = "battery"
interval = 10
format = " $icon $percentage $time "
charging_format = " $icon $percentage "
missing_format = ""
[[block]]
@@ -101,7 +102,7 @@ command = "ping -n -q -w 2 -c 1 8.8.8.8 >/dev/null 2>/dev/null && printf '{\"tex
[[block]]
block = "custom"
command = "curl -s 'https://wttr.in/Stockholm?m&T&format=%c%t' | sed 's/ / /g'"
interval = 1800
interval = 3600
[[block]]
block = "time"

56
install.sh
View File

@@ -9,27 +9,6 @@ set -o errexit
set -o nounset
DOTDIR="/var/lib/dotfiles"
_SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
[[ -e './.git' ]] && git submodule update --init
if [[ "$(readlink "${_SCRIPT_DIR}")" != "${DOTDIR}" ]] && [[ "${_SCRIPT_DIR}" != "${DOTDIR}" ]] ; then
if [[ -e "${DOTDIR}" ]] ; then
2>&1 printf "${DOTDIR} already exists. This seems unsafe.\n"
exit 1
fi
printf "Moving directory to $DOTDIR ...\n"
sudo=""
if (( $(id -u ) != 0 )) ; then
sudo=sudo
fi
$sudo mv --no-target-directory "${_SCRIPT_DIR}" "${DOTDIR}"
printf "Done\n"
else
printf "Already working in ${DOTDIR}, nothing to do\n"
fi
cd "${DOTDIR}"
os_release_file=/etc/os-release
if [[ ! -e "${os_release_file}" ]] ; then
@@ -37,10 +16,10 @@ if [[ ! -e "${os_release_file}" ]] ; then
exit 1
fi
source /etc/os-release
source "${os_release_file}"
sudowrap() {
if (( $(id -u ) != 0 )) ; then
if (( $(id -u) != 0 )) ; then
sudo "${@}"
else
"${@}"
@@ -48,31 +27,22 @@ sudowrap() {
}
cache_updated=0
_install() {
_package="$1" ; shift
install() {
local package="$1" ; shift
if [[ $NAME == "Arch Linux" ]] ; then
sudowrap pacman -S --noconfirm "${_package}"
if (( ! cache_updated )) ; then
sudowrap pacman -Sy
cache_updated=1
fi
sudowrap pacman -S --needed --noconfirm "${package}"
else
2>&1 printf "Unsupported distro $NAME, exiting"
exit 1
fi
}
command -v make >/dev/null || install "make"
command -v ansible >/dev/null || install "ansible"
if ! command -v python3 >/dev/null ; then
printf 'Python3 not installed, installing ...\n'
_install "python3"
printf 'Done\n'
fi
if ! command -v make >/dev/null ; then
printf 'Make not installed, installing ...\n'
_install "make"
printf 'Done\n'
fi
if [[ $NAME == "Arch Linux" ]] ; then
_install "ansible"
fi
cd "$DOTDIR" && make
cd "${DOTDIR}" && make

28
install_scripts/ares.sh
View File

@@ -1,14 +1,10 @@
#!/usr/bin/env bash
# Parameters:
#
# $1: Device
set -o xtrace
set -o nounset
set -o errexit
DEVICE="${1:?}"
DEVICE="/dev/sda"
if [[ ! -b "${DEVICE}" ]] ; then
printf '%s does not look like a device' "${DEVICE}"
@@ -106,6 +102,28 @@ grub-mkconfig -o /boot/grub/grub.cfg
systemctl enable NetworkManager
passwd
# enable root autologin on first boot
mkdir /etc/systemd/system/getty@tty1.service.d/
cat << EOF > /etc/systemd/system/getty@tty1.service.d/autologin.conf
[Service]
ExecStart=
ExecStart=-/sbin/agetty -o '-p -f -- \\u' --noclear --autologin root %I $TERM
EOF
# ExecStartPost=/bin/rm /etc/systemd/system/getty@tty1.service.d/autologin.conf
# ExecStartPost=/bin/rmdir /etc/systemd/system/getty@tty1.service.d/
# Run
cat << 'EOF' > /root/.bash_profile
if [[ "\$(tty)" == "/dev/tty1" ]] ; then
rm -rf /etc/systemd/system/getty@tty1.service.d/
if /var/lib/dotfiles/install.sh ; then
rm -f /root/.bash_profile
reboot
fi
fi
EOF
CHROOTSCRIPT
chmod +x /mnt/chroot-script.sh

15
install_scripts/ares-bootstrap.sh → install_scripts/bootstrap.sh
View File

@@ -3,22 +3,17 @@
set -o nounset
set -o errexit
host="${1}" ; shift
pacman -Sy --noconfirm git # yes its a partial upgrade, but thats just the live cd
cd /root
git clone --recursive https://code.hkoerber.de/hannes/dotfiles.git
./dotfiles/install_scripts/ares.sh /dev/sda
./dotfiles/install_scripts/${host}.sh
mv /root/dotfiles /mnt/root/dotfiles
cat << EOF > /mnt/root/.bash_profile
if /root/dotfiles/install.sh ; then
rm -f /root/.bash_profile
reboot
fi
EOF
umount -R /mnt
mv /root/dotfiles /mnt/var/lib/dotfiles
read -p "> Ready for reboot. Press enter for shutdown, then remove the installation media and boot again "
poweroff

131
install_scripts/neptune.sh Executable file
View File

@@ -0,0 +1,131 @@
#!/usr/bin/env bash
set -o xtrace
set -o nounset
set -o errexit
DEVICE="/dev/nvme0n1"
if [[ ! -b "${DEVICE}" ]] ; then
printf '%s does not look like a device' "${DEVICE}"
exit 1
fi
if [[ ! -d /sys/firmware/efi/efivars ]] ; then
printf 'efivars does not exist, looks like the system is not booted in EFI mode'
exit 1
fi
loadkeys de-latin1
timedatectl set-ntp true
sed -e 's/\s*\([^#]*\).*/\1/' << EOF | sfdisk ${DEVICE}
label: gpt
device: ${DEVICE}
${DEVICE}p1 : name=uefi , size=512M , type=uefi
${DEVICE}p2 : name=boot , size=512M , type=linux
${DEVICE}p3 : name=cryptpart , type=linux
EOF
# might take a bit for the new partion table to be updated in-kernel
sleep 1
cryptsetup --batch-mode luksFormat --iter-time 1000 ${DEVICE}p3
cryptsetup --batch-mode open ${DEVICE}p3 cryptpart
pvcreate /dev/mapper/cryptpart
vgcreate vgbase /dev/mapper/cryptpart
lvcreate -L 32G vgbase -n swap
lvcreate -l 100%FREE vgbase -n root
yes | mkfs.fat -F32 ${DEVICE}p1
yes | mkfs.ext4 ${DEVICE}p2
yes | mkfs.ext4 /dev/vgbase/swap
yes | mkfs.ext4 /dev/vgbase/root
mount /dev/vgbase/root /mnt
mkdir /mnt/efi
mount ${DEVICE}p1 /mnt/efi
mkdir /mnt/boot
mount ${DEVICE}p2 /mnt/boot
mkswap /dev/vgbase/swap
swapon /dev/vgbase/swap
pacstrap /mnt base linux-zen linux-firmware networkmanager intel-ucode lvm2 grub efibootmgr
genfstab -U /mnt >> /mnt/etc/fstab
cat << CHROOTSCRIPT > /mnt/chroot-script.sh
set -o xtrace
set -o errexit
set -o nounset
ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
hwclock --systohc
sed -i 's/^#de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen
sed -i 's/^#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
locale-gen
printf 'LANG=en_US.UTF-8\n' > /etc/locale.conf
printf 'KEYMAP=de-latin1\nFONT=lat2-16\n' > /etc/vconsole.conf
printf 'neptune\n' > /etc/hostname
cat <<EOF > /etc/hosts
127.0.0.1 localhost
::1 localhost
127.0.1.1 neptune
EOF
sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
mkinitcpio -P
grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB
sed -i "s/^GRUB_CMDLINE_LINUX=.*$/GRUB_CMDLINE_LINUX=\"cryptdevice=UUID=\$(blkid -s UUID -o value ${DEVICE}p3):cryptpart root=UUID=\$(blkid -s UUID -o value /dev/vgbase/root)\"/" /etc/default/grub
sed -i "s/^GRUB_CMDLINE_LINUX_DEFAULT=.*$/GRUB_CMDLINE_LINUX_DEFAULT=\"resume=UUID=\$(blkid -s UUID -o value /dev/vgbase/swap)\"/" /etc/default/grub
sed -i 's/^GRUB_DISABLE_RECOVERY=.*$/GRUB_DISABLE_RECOVERY=/' /etc/default/grub
grub-mkconfig -o /boot/grub/grub.cfg
systemctl enable NetworkManager
passwd
# enable root autologin on first boot
mkdir /etc/systemd/system/getty@tty1.service.d/
cat << EOF > /etc/systemd/system/getty@tty1.service.d/autologin.conf
[Service]
ExecStart=
ExecStart=-/sbin/agetty -o '-p -f -- \\u' --noclear --autologin root %I $TERM
EOF
# ExecStartPost=/bin/rm /etc/systemd/system/getty@tty1.service.d/autologin.conf
# ExecStartPost=/bin/rmdir /etc/systemd/system/getty@tty1.service.d/
# Run
cat << 'EOF' > /root/.bash_profile
if [[ "\$(tty)" == "/dev/tty1" ]] ; then
rm -rf /etc/systemd/system/getty@tty1.service.d/
if /var/lib/dotfiles/install.sh ; then
rm -f /root/.bash_profile
reboot
fi
fi
EOF
CHROOTSCRIPT
chmod +x /mnt/chroot-script.sh
arch-chroot /mnt /chroot-script.sh
rm -f /mnt/chroot-script.sh

101
packages.yml
View File

@@ -1,5 +1,9 @@
packages:
list:
kernel:
archlinux:
- linux-zen-headers
- linux-zen-docs
build-essentials:
archlinux:
- gcc
@@ -7,6 +11,9 @@ packages:
- cmake
- maven
- base-devel
posix:
archlinux:
- posix
make:
archlinux: ["make"]
gdb:
@@ -15,6 +22,8 @@ packages:
archlinux: ["strace"]
sudo:
archlinux: ["sudo"]
doas:
archlinux: ["opendoas"]
apt:
archlinux: [""]
xorg:
@@ -53,7 +62,7 @@ packages:
archlinux: ["noto-fonts-emoji"]
git:
# tk required for gitk
archlinux: ["git", "tk"]
archlinux: ["git", "tk", "git-delta"]
htop:
archlinux: ["htop"]
feh:
@@ -97,7 +106,7 @@ packages:
pandoc:
archlinux: ["pandoc", "texlive-core", "texlive-fontsextra", "texlive-latexextra"]
libvirt:
archlinux: ["virt-manager", "libvirt", "dnsmasq", "ebtables", "dmidecode", "virt-install", "virt-viewer"]
archlinux: ["virt-manager", "libvirt", "dnsmasq", "ebtables", "dmidecode", "virt-install", "virt-viewer", "libguestfs", "edk2-ovmf"]
firefox:
archlinux: ["firefox"]
ranger:
@@ -131,8 +140,6 @@ packages:
archlinux: ["wireshark-cli", "wireshark-qt"]
nmap:
archlinux: ["nmap"]
openvpn:
archlinux: ["openvpn"]
curl:
archlinux: ["curl"]
wget:
@@ -180,8 +187,6 @@ packages:
archlinux: ["cowsay"]
ruby:
archlinux: ["ruby"]
lxc:
archlinux: ["lxc"]
acpi:
archlinux: ["acpi", "acpid"]
nodejs:
@@ -192,10 +197,6 @@ packages:
archlinux: ["dunst"]
cloc:
archlinux: ["cloc"]
bluetooth:
archlinux: ["bluez", "bluez-tools", "blueman"]
autorandr:
archlinux: ["autorandr"]
bwm-ng:
archlinux: ["bwm-ng"]
virtualbox:
@@ -212,8 +213,14 @@ packages:
archlinux: ["rclone"]
dnf:
archlinux: ["dnf"]
rustup:
archlinux: ["rustup"]
rust:
archlinux:
- rustup
- cargo-edit
- cargo-msrv
- cargo-watch
- cargo-release
- cargo-sort
musescore:
archlinux: ["musescore"]
sipcalc:
@@ -256,6 +263,8 @@ packages:
archlinux: ["xf86-input-synaptics"]
ncdu:
archlinux: ["ncdu"]
dust:
archlinux: ["dust"]
font-utils:
archlinux: ["woff2"]
jq:
@@ -306,6 +315,8 @@ packages:
archlinux:
- bash
- bash-language-server
- shellcheck
- shfmt
packer:
archlinux: ["packer"]
c:
@@ -328,6 +339,7 @@ packages:
json:
archlinux:
- vscode-json-languageserver
- gron
markdown:
archlinux:
- marksman
@@ -351,6 +363,63 @@ packages:
telnet:
archlinux:
- inetutils
cloudformation-tools:
archlinux:
- python-cfn-lint
johntheripper:
archlinux:
- john
age:
archlinux:
- age
httpie:
archlinux:
- httpie
yt-dlp:
archlinux:
- yt-dlp
ytfzf:
archlinux:
- ytfzf
- ueberzug
ffmpeg:
archlinux:
- ffmpeg
zeal:
archlinux:
- zeal
kcharselect:
archlinux:
- kcharselect
bottom:
archlinux:
- bottom
# for iotop
sysstat:
archlinux:
- sysstat
qrencode:
archlinux:
- qrencode
iotop:
archlinux:
- iotop
w3m:
archlinux:
- w3m
ruff:
archlinux:
- ruff
mold:
archlinux:
- mold
arch-packaging:
archlinux:
- namcap
- devtools
dron:
archlinux:
- drone-cli
remove:
mousepad:
@@ -361,3 +430,11 @@ packages:
archlinux: ["rust"]
screen:
archlinux: ["screen"]
lxc:
archlinux: ["lxc"]
autorandr:
archlinux: ["autorandr"]
openvpn:
archlinux: ["openvpn"]
bluetooth:
archlinux: ["bluez", "bluez-tools", "blueman"]

1
pkgbuilds/archlinux-java-run

Submodule pkgbuilds/archlinux-java-run deleted from a84f4067c5

1
pkgbuilds/nodejs-intelephense Submodule

Submodule pkgbuilds/nodejs-intelephense added at 3a5ed60794

1
pkgbuilds/portfolio

Submodule pkgbuilds/portfolio deleted from 81c063c618

1
pkgbuilds/portfolio-performance-bin Submodule

Submodule pkgbuilds/portfolio-performance-bin added at 035cfcc72e

1
pkgbuilds/vim-plug Submodule

Submodule pkgbuilds/vim-plug added at 8989fa106c

578
playbook.yml
View File

@@ -36,7 +36,10 @@
archlinux:
- python-jmespath
- block:
- name: pacman
tags:
- pacman
block:
- name: enable multilib repository
blockinfile:
path: /etc/pacman.conf
@@ -103,11 +106,11 @@
state: started
daemon_reload: true
become: true
tags: [pacman_cache_cleanup]
when: distro == 'archlinux'
- block:
- name: dotfiles directory
tags:
- dotfiles-directory
block:
- name: create dotfiles group
group:
name: dotfiles
@@ -138,256 +141,20 @@
- name: fix permissions for dotfiles directory
shell: |
cd /var/lib/dotfiles
if [[ -e .git ]] ; then
# There is no sane way to specify the global .gitconfig to use, so we
# actually have to override HOME so git looks into ~/.gitconfig
export HOME="$(mktemp -d)"
set -o pipefail
set -o errexit
git config --global --add safe.directory /var/lib/dotfiles
git ls-tree -z --name-only HEAD | xargs --null chown --changes --recursive dotfiles:dotfiles
git ls-tree -z --name-only HEAD | xargs --null chmod --changes --recursive g+wX
else
chown --changes --recursive dotfiles:dotfiles .
chmod --changes --recursive g+wX .
fi
chmod --changes --recursive g+rwX .
args:
executable: /bin/bash
chdir: /var/lib/dotfiles
register: dotfiles_permission_change
become: true
become_user: root
changed_when: dotfiles_permission_change.stdout_lines|length > 0
tags: [dotfiles-directory]
- block:
- name: create build user on arch
user:
name: makepkg
home: /var/lib/makepkg
create_home: true
shell: /bin/bash
system: true
become: true
- set_fact:
aur_packages:
- name: portfolio
dependencies:
- name: archlinux-java-run
- name: spotify
preexec: |
#!/usr/bin/env bash
curl -sS https://download.spotify.com/debian/pubkey_6224F9941A8AA6D1.gpg | gpg --import -
- set_fact:
aur_packages: "{{ aur_packages + aur_packages|map(attribute='dependencies', default=[]) | flatten }}"
- name: install dependencies
shell: |
aur_packages=({{ aur_packages | map(attribute='name') | join(' ') }})
source pkgbuilds/{{ item.name }}/PKGBUILD
installed=0
dependencies=(${depends[@]} ${makedepends[@]})
for dep in "${dependencies[@]}" ; do
aur=0
for aur_pkg in "${aur_packages[@]}" ; do
if [[ "${aur_pkg}" == "${dep}" ]] ; then
aur=1
break
fi
done
if (( aur )) ; then
continue
fi
if ! pacman -Qq "${dep}" >/dev/null 2>&1 ; then
installed=1
sudo pacman -S --noconfirm --needed "${dep}"
fi
done
if (( installed )) ; then
exit 1
else
exit 0
fi
args:
executable: /bin/bash
register: install_deps
failed_when: install_deps.rc > 1
changed_when: install_deps.rc == 1
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: check preexec script
stat:
path: /var/lib/makepkg/{{ item.name }}/preexec
become_user: makepkg
become: true
when: item.preexec is defined
loop: "{{ aur_packages }}"
register: preexec_before
loop_control:
label: "{{ item.name }}"
- name: create build root directory
file:
path: "/var/lib/makepkg/{{ item.name }}/"
state: directory
mode: '0700'
owner: makepkg
group: makepkg
become_user: makepkg
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: install preexec script
copy:
dest: /var/lib/makepkg/{{ item.name }}/preexec
owner: makepkg
group: makepkg
mode: "0700"
content: "{{ item.preexec }}"
become_user: makepkg
become: true
when: item.preexec is defined
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: check preexec script
stat:
path: /var/lib/makepkg/{{ item.name }}/preexec
become_user: makepkg
become: true
when: item.preexec is defined
loop: "{{ aur_packages }}"
register: preexec_after
loop_control:
label: "{{ item.name }}"
- name: run preexec script
command: "{{ item.1.stat.path }}"
become_user: makepkg
become: true
when:
- not item[0].stat.exists
- item[0].stat.checksum|default('') != item[1].stat.checksum
loop: "{{ preexec_before.results| reject('skipped')|zip(preexec_after.results| reject('skipped')) }}"
loop_control:
label: "{{ item.1.stat.path }}"
- name: build AUR packages
shell:
cmd: |
export PKGEXT='.pkg.tar.zst'
export BUILDDIR=/var/lib/makepkg/{{ item.name }}/build/
export SRCDEST=/var/lib/makepkg/{{ item.name }}/src/
export PKGDEST=/var/lib/makepkg/{{ item.name }}/
source ./PKGBUILD
for arch in "${arch[@]}" ; do
if [[ "${arch}" == "any" ]] ; then
arch="any"
break
fi
if [[ "${arch}" == "x86_64" ]] ; then
arch="x86_64"
fi
done
if [[ ! "${arch}" ]] ; then
printf 'unsupported arch' >&2
exit 1
fi
if [[ "${epoch}" ]] ; then
version="${epoch}:${pkgver}-${pkgrel}"
else
version="${pkgver}-${pkgrel}"
fi
filename="${PKGDEST%/}/${pkgname}-${version}-${arch}${PKGEXT}"
needs_build=0
if [[ ! -e "${filename}" ]] ; then
needs_build=1
makepkg \
--clean \
--nodeps \
--nosign || exit 2
fi
printf '%s\n' "${filename}"
if (( needs_build )) ; then
exit 1
else
exit 0
fi
args:
executable: /bin/bash
chdir: "pkgbuilds/{{ item.name }}"
register: aur_build
failed_when: aur_build.rc > 1
changed_when: aur_build.rc == 1
become_user: makepkg
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: clean up build leftovers
file:
path: /var/lib/makepkg/{{ item[0].name }}/{{ item[1] }}/
state: absent
become_user: makepkg
become: true
with_nested:
- "{{ aur_packages }}"
-
- build
- src
loop_control:
label: "{{ item[0].name }}/{{ item[1] }}"
- name: install AUR packages
shell:
cmd: |
set -x
filename="{{ item }}"
name=$(pacman -Qi --file "${filename}" | grep '^Name' | awk '{print $3}')
version=$(pacman -Qi --file "${filename}" | grep '^Version' | awk '{print $3}')
if [[ "$(pacman -Q "${name}")" == "${name} ${version}" ]] ; then
exit 0
else
pacman --upgrade --needed --noconfirm "$filename"
exit 1
fi
args:
executable: /bin/bash
become: true
register: aur_install
changed_when: aur_install.rc == 1
failed_when: aur_install.rc > 1
loop: "{{ aur_build.results|map(attribute='stdout') }}"
tags: ["aur"]
when: distro == 'archlinux'
- block:
- name: packages
tags:
- packages
block:
- name: load package list
include_vars:
file: packages.yml
@@ -396,7 +163,6 @@
shell: pacman -Q iptables && yes | pacman -S iptables-nft
changed_when: false
become: true
when: distro == 'archlinux'
- set_fact:
defined_packages: "{{ packages|json_query('keys(list)') }}"
@@ -441,9 +207,281 @@
when: machine.packages is defined
become: true
tags: [packages]
- name: aur
tags:
- aur
block:
- name: create build user on arch
user:
name: makepkg
home: /var/lib/makepkg
create_home: true
shell: /bin/bash
system: true
become: true
- set_fact:
aur_packages:
- name: portfolio-performance-bin
preexec: |
#!/usr/bin/env bash
source ./env
curl -sSf --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/E46E6F8FF02E4C83569084589239277F560C95AC | gpg --import -
- name: nodejs-intelephense
- name: spotify
preexec: |
#!/usr/bin/env bash
source ./env
curl -sSf --proto '=https' https://download.spotify.com/debian/pubkey_6224F9941A8AA6D1.gpg | gpg --import -
- name: vim-plug
- set_fact:
aur_packages: "{{ aur_packages|map(attribute='dependencies', default=[]) | flatten + aur_packages }}"
- name: install dependencies
shell: |
aur_packages=({{ aur_packages | map(attribute='name') | join(' ') }})
source pkgbuilds/{{ item.name }}/PKGBUILD
installed=0
dependencies=(${depends[@]} ${makedepends[@]})
for dep in "${dependencies[@]}" ; do
aur=0
for aur_pkg in "${aur_packages[@]}" ; do
if [[ "${aur_pkg}" == "${dep}" ]] ; then
aur=1
break
fi
done
if (( aur )) ; then
continue
fi
if ! pacman -Qq "${dep}" >/dev/null 2>&1 ; then
installed=1
pacman -S --noconfirm --needed "${dep}"
fi
done
if (( installed )) ; then
exit 123
else
exit 0
fi
args:
executable: /bin/bash
register: install_deps
failed_when: install_deps.rc not in (0, 123)
changed_when: install_deps.rc == 123
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: create build root directory
file:
path: "/var/lib/makepkg/{{ item.name }}/"
state: directory
mode: '0700'
owner: makepkg
group: makepkg
become_user: makepkg
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: create build gpg directory
file:
path: "/var/lib/makepkg/{{ item.name }}/gnupg"
state: directory
mode: '0700'
owner: makepkg
group: makepkg
become_user: makepkg
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: create env file
copy:
dest: /var/lib/makepkg/{{ item.name }}/env
owner: makepkg
group: makepkg
mode: "0600"
content: |
export GNUPGHOME="/var/lib/makepkg/{{ item.name }}/gnupg"
become_user: makepkg
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: check preexec script
stat:
path: /var/lib/makepkg/{{ item.name }}/preexec
become_user: makepkg
become: true
when: item.preexec is defined
loop: "{{ aur_packages }}"
register: preexec_before
loop_control:
label: "{{ item.name }}"
- name: install preexec script
copy:
dest: /var/lib/makepkg/{{ item.name }}/preexec
owner: makepkg
group: makepkg
mode: "0700"
content: "{{ item.preexec }}"
become_user: makepkg
become: true
when: item.preexec is defined
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: check preexec script
stat:
path: /var/lib/makepkg/{{ item.name }}/preexec
become_user: makepkg
become: true
when: item.preexec is defined
loop: "{{ aur_packages }}"
register: preexec_after
loop_control:
label: "{{ item.name }}"
- name: run preexec script
command:
cmd: "{{ item.1.stat.path }}"
chdir: "{{ item.1.stat.path | dirname }}"
become_user: makepkg
become: true
when:
- not item[0].stat.exists
- item[0].stat.checksum|default('') != item[1].stat.checksum
loop: "{{ preexec_before.results| reject('skipped')|zip(preexec_after.results| reject('skipped')) }}"
loop_control:
label: "{{ item.1.stat.path }}"
- name: create build script
copy:
owner: makepkg
group: makepkg
mode: "0700"
dest: /var/lib/makepkg/{{ item.name }}/build.sh
content: |
#!/usr/bin/env bash
source /var/lib/makepkg/{{ item.name }}/env
export PKGEXT='.pkg.tar'
export BUILDDIR=/var/lib/makepkg/{{ item.name }}/build/
export SRCDEST=/var/lib/makepkg/{{ item.name }}/src/
export PKGDEST=/var/lib/makepkg/{{ item.name }}/
cd /var/lib/dotfiles/pkgbuilds/{{ item.name }}/
source ./PKGBUILD
for arch in "${arch[@]}" ; do
if [[ "${arch}" == "any" ]] ; then
arch="any"
break
fi
if [[ "${arch}" == "x86_64" ]] ; then
arch="x86_64"
fi
done
if [[ ! "${arch}" ]] ; then
printf 'unsupported arch' >&2
exit 1
fi
if [[ "${epoch}" ]] ; then
version="${epoch}:${pkgver}-${pkgrel}"
else
version="${pkgver}-${pkgrel}"
fi
filename="${PKGDEST%/}/${pkgname}-${version}-${arch}${PKGEXT}"
needed_build=0
if [[ ! -e "${filename}" ]] ; then
needed_build=1
makepkg \
--clean \
--nosign || exit 1
fi
printf '%s' "${filename}" > /var/lib/makepkg/{{ item.name }}/pkgname
become: true
become_user: makepkg
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: create install script
copy:
owner: root
group: root
mode: "0700"
dest: /var/lib/makepkg/{{ item.name }}/install.sh
content: |
#!/usr/bin/env bash
sudo -u makepkg -g makepkg /var/lib/makepkg/{{ item.name }}/build.sh || exit 1
filename="$(</var/lib/makepkg/{{ item.name }}/pkgname)"
name=$(pacman -Qi --file "${filename}" | grep '^Name' | awk '{print $3}')
version=$(pacman -Qi --file "${filename}" | grep '^Version' | awk '{print $3}')
if [[ "$(pacman -Q "${name}")" == "${name} ${version}" ]] ; then
exit 0
else
pacman --upgrade --needed --noconfirm "$filename" || exit 1
exit 123
fi
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: build and install aur package
command: /var/lib/makepkg/{{ item.name }}/install.sh
register: aur_install
changed_when: aur_install.rc == 123
failed_when: aur_install.rc not in (0, 123)
become: true
loop: "{{ aur_packages }}"
loop_control:
label: "{{ item.name }}"
- name: clean up build leftovers
file:
path: /var/lib/makepkg/{{ item[0].name }}/{{ item[1] }}/
state: absent
become_user: makepkg
become: true
with_nested:
- "{{ aur_packages }}"
-
- build
- src
loop_control:
label: "{{ item[0].name }}/{{ item[1] }}"
- block:
- name: configure timesyncd on arch
copy:
owner: root
@@ -462,7 +500,7 @@
state: present
become: true
- name: use lz4 for mkinitcpio compression
- name: use vz4 for mkinitcpio compression
lineinfile:
path: /etc/mkinitcpio.conf
regexp: '^#?COMPRESSION=.*$'
@@ -470,12 +508,14 @@
become: true
notify:
- rebuild initrd
when: distro == 'archlinux'
- name: services
tags:
- services
block:
- set_fact:
disable_services:
- sshd
when: distro == 'archlinux'
- sshd.service
- name: disable services
service:
@@ -555,6 +595,16 @@
%sudonopw ALL=(ALL) NOPASSWD: ALL
become: true
- name: configure passwordless doas
copy:
owner: root
group: root
mode: "0400"
dest: /etc/doas.conf
content: |
permit nopass nolog setenv {PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin} :sudonopw
become: true
- block:
- name: install AMDGPU packages
package:
@@ -587,7 +637,6 @@
become: true
when:
- distro == 'archlinux'
- machine.gpu is defined and machine.gpu == 'amd'
- set_fact:
@@ -595,11 +644,30 @@
tags:
- always
# See https://bbs.archlinux.org/viewtopic.php?id=259764
- block:
- name: configure pacman to skip installing nextcloud dbus file
blockinfile:
path: /etc/pacman.conf
insertafter: '^#NoExtract'
block: |
NoExtract = usr/share/dbus-1/services/com.nextcloudgmbh.Nextcloud.service
marker: "# {mark} ANSIBLE MANAGED noextract nextcloud"
become: true
- name: remove nextcloud dbus file
file:
path: /usr/share/dbus-1/services/com.nextcloudgmbh.Nextcloud.service
state: absent
become: true
- include_tasks: user.yml
args:
apply:
become: true
become_user: "{{ user.name }}"
tags:
- user
with_items: "{{ users }}"
no_log: True # less spam
loop_control:

266
test.sh Executable file
View File

@@ -0,0 +1,266 @@
#!/usr/bin/env bash
set -o nounset
set -o errexit
set -o pipefail
tmpdir="$(mktemp -d --tmpdir=/var/tmp)"
trap cleanup EXIT
ISO_MIRROR="https://ftp.fau.de/archlinux/iso/latest/"
ISO_MIRROR="https://ftp.acc.umu.se/mirror/archlinux/iso/latest/"
iso_dir="${XDG_DATA_HOME}/arch-iso/"
iso_path="${iso_dir}/archlinux-x86_64.iso"
cleanup() {
rm -rf "${tmpdir}"
pids=()
jobs -p | while IFS="" read -r line; do pids+=("$line"); done
kill "${pids[@]}"
}
download_iso() {
mkdir -p "${iso_dir}"
(
cd "${iso_dir}"
wget \
--timestamping \
--no-hsts \
"${ISO_MIRROR}sha256sums.txt"
if [[ ! -e "${iso_path}" ]] || ! sha256sum --ignore-missing --check ./sha256sums.txt; then
wget \
--no-hsts \
--output-document "${iso_path}" \
"${ISO_MIRROR}archlinux-x86_64.iso"
fi
)
}
disk="${tmpdir}/disk.qcow2"
mon_sock="${tmpdir}/mon.sock"
sshopts=(
-o StrictHostKeyChecking=no
-o UserKnownHostsFile=/dev/null
-o PreferredAuthentications=publickey
-o ConnectTimeout=1s
-i "${tmpdir}/ssh.key"
-l root
-p 60022
127.0.0.1
)
wait_for_ssh() {
echo "waiting for ssh"
set +o errexit
maxtries=60
tries=0
while ! ssh -q "${sshopts[@]}" true; do
((tries++))
if ((tries > maxtries)); then
echo "ssh did not become available"
exit 3
fi
sleep 1
done
echo "ssh available"
set -o errexit
}
qemuopts=(
"-m" "size=8G"
"-drive" "file=${disk},format=qcow2,if=none,id=root"
"-accel" "kvm"
"-drive" "if=pflash,format=raw,readonly=true,file=/usr/share/ovmf/x64/OVMF_CODE.fd"
"-drive" "if=pflash,format=raw,file=${tmpdir}/efivars.fd"
"-machine" "q35,smm=on,acpi=on"
"-smp" "cpus=8,sockets=1,cores=8,threads=1"
"-cpu" "host"
"-netdev" "user,id=net0,hostfwd=tcp::60022-:22"
"-device" "virtio-net-pci,netdev=net0"
"-nodefaults"
"-vga" "virtio"
"-display" "spice-app"
)
send_mon() {
local socket="${1}"
patterns=(
-e 's/ /spc/'
-e 's/\./dot/'
-e 's/,/comma/' -e 's/-/slash/'
-e 's/\//shift-7/'
-e 's/\([A-Z]\)/shift-\L\1/'
-e 's/=/shift-0/'
-e 's/"/shift-2/'
-e "s/'/shift-0x2b/"
# ^ is a dead key, we would have to send a space to be precise. but it's
# going to work out as long as the following char does not combine
-e 's/\^/0x29/'
-e 's/#/0x2b/'
-e 's/\?/shift-0x0c/'
-e 's/\\/alt_r-0x0c/' # altgr is alt_r
-e 's/\*/shift-0x1b/'
-e 's/(/shift-0x09/'
-e 's/)/shift-0x0a/'
-e 's/^/sendkey /'
)
cat \
<(fold -w 1 |
sed "${patterns[@]}") \
<(echo "sendkey ret") |
nc -N -U "${socket}"
echo "sendkey ret" | nc -N -U "${socket}"
}
install_from_iso() {
local hostname="${1}"
shift
local hostqemuopts=("$@")
rm -rf "${tmpdir:?}"/*
ssh-keygen -f "${tmpdir}"/ssh.key -N '' -t ed25519 -C 'archiso-tmp'
cloud-localds "${tmpdir}/userdata.img" <(
cat <<EOF
#cloud-config
users:
- name: root
ssh_authorized_keys:
- $(cat "${tmpdir}"/ssh.key.pub)
EOF
)
cp /usr/share/ovmf/x64/OVMF_VARS.fd "${tmpdir}/efivars.fd"
mkisofs \
-uid 0 \
-gid 0 \
-J \
-R \
-T \
-V REPO \
-o "${tmpdir}/repo.iso" \
.
qemu-img create \
-f qcow2 \
"${disk}" \
1000G
opts=(
"-cdrom" "${iso_path}"
"-boot" "order=d"
"-drive" "file=${tmpdir}/repo.iso,format=raw,if=virtio,media=cdrom"
"-drive" "file=${tmpdir}/userdata.img,format=raw,if=virtio,media=cdrom"
"-fsdev" "local,id=pacman-cache,path=share,path=/var/cache/pacman/pkg/,readonly=on,security_model=none"
"-device" "virtio-9p-pci,fsdev=pacman-cache,mount_tag=pacman-cache"
)
qemu-system-x86_64 -name "${hostname}" "${qemuopts[@]}" "${hostqemuopts[@]}" "${opts[@]}" &
wait_for_ssh
# shellcheck disable=SC2087
ssh -tt "${sshopts[@]}" <<EOF || true
mkdir /var/cache/pacman-cache-host
mount -t 9p -o trans=virtio,version=9p2000.L,ro pacman-cache /var/cache/pacman-cache-host
# Uncomment CacheDir and prepend the host pacman cache as cachedir
# At worst, the cache directory will be ignored if it does not exist
# Pacman will always use the first directory with write access for downloads
sed -i 's/^#\?\(CacheDir.*\)/\1\nCacheDir = \/var\/cache\/pacman-cache-host\//' /etc/pacman.conf
mkdir /repo/
mount /dev/disk/by-label/REPO /repo/
printf 'lukspw\nlukspw\nrootpw\nrootpw\n' | \
/repo/install_scripts/"${hostname}".sh
mount /dev/mapper/vgbase-root /mnt
cat << SPECIALS > /tmp/specials.sh
if [[ "\\\$(tty)" == "/dev/tty1" ]] ; then
mkdir /var/cache/pacman-cache-host
mount -t 9p -o trans=virtio,version=9p2000.L,ro pacman-cache /var/cache/pacman-cache-host
# Uncomment CacheDir and prepend the host pacman cache as cachedir
# At worst, the cache directory will be ignored if it does not exist
# Pacman will always use the first directory with write access for downloads
sed -i 's/^#\?\(CacheDir.*\)/\1\nCacheDir = \/var\/cache\/pacman-cache-host\//' /etc/pacman.conf
fi
SPECIALS
mv /mnt/root/.bash_profile /tmp/rest.sh
cat /tmp/specials.sh /tmp/rest.sh > /mnt/root/.bash_profile
rsync -rl /repo/ /mnt/var/lib/dotfiles/
umount /mnt
poweroff
EOF
wait
}
configure_new_system() {
local hostname="${1}"
shift
local hostqemuopts=("${@}")
opts=(
"-fsdev" "local,id=pacman-cache,path=share,path=/var/cache/pacman/pkg/,readonly=on,security_model=none"
"-device" "virtio-9p-pci,fsdev=pacman-cache,mount_tag=pacman-cache"
"-monitor" "unix:${mon_sock},server=on,wait=off"
)
qemu-system-x86_64 -name "${hostname}" "${qemuopts[@]}" "${hostqemuopts[@]}" "${opts[@]}" &
# 5s for grub timeout, 5s for kernel boot
echo waiting for luks password prompt ...
sleep 10s
echo 'lukspw' | send_mon "${mon_sock}"
echo waiting for boot ...
sleep 10s
wait
}
machines=(ares neptune)
if (($# > 0)); then
machines=("${@}")
fi
download_iso
for hostname in "${machines[@]}"; do
case "${hostname}" in
ares)
hostqemuopts=("-device" "ide-hd,drive=root")
;;
neptune)
hostqemuopts=("-device" "nvme,serial=rootnvme,drive=root")
;;
*)
exit 1
;;
esac
[[ ! "${hostqemuopts[*]}" ]] && exit 1
install_from_iso "${hostname}" "${hostqemuopts[@]}"
configure_new_system "${hostname}" "${hostqemuopts[@]}"
done

92
user.yml
View File

@@ -8,7 +8,6 @@
- sudonopw
- games
- kvm
tags: [always]
- name: create user group
group:
@@ -25,15 +24,7 @@
create_home: true
groups: "{{ [user.name, 'dotfiles'] + user_groups }}"
shell: /usr/bin/zsh
become: true
become_user: root
- name: configure sudoers
lineinfile:
path: /etc/sudoers
line: "{{ user.name }} ALL=(ALL) NOPASSWD:ALL"
regexp: "^{{ user.name }}\\s+"
skeleton: /dev/null
become: true
become_user: root
@@ -48,29 +39,28 @@
- "/home/{{ user.name }}/.config/systemd/"
- "/home/{{ user.name }}/.config/systemd/user/"
- set_fact:
- name: disable undesired services
tags:
- undesired-services
block:
- set_fact:
undesired_user_services:
- gpg-agent.socket
- gpg-agent.sock.service
- gpg-agent-browser.socket
- gpg-agent-ssh.socket
- gpg-agent-extra.socket
- xdg-user-dirs-update.service
- gnome-keyring-daemon.service
- name: stop undesired service
systemd_service:
name: "{{ item }}"
scope: user
state: stopped
loop: "{{ undesired_user_services }}"
# No way to use the `systemd` module here, as it needs a logind
# session. So we have to handle the symlinks for masking ourselves.
- name: disable and mask systemd user units
file:
state: link
dest: "/home/{{ user.name }}/.config/systemd/user/{{ item }}"
src: "/dev/null"
# systemd needs a login session, machinectl handles that for us
- name: stop and mask undesired services
command:
cmd: machinectl --quiet --uid {{ user.name }} shell -- .host /usr/bin/env systemctl --user mask --now "{{ item }}"
become: true
become_user: root
register: undesired_service_cmd
changed_when: undesired_service_cmd.stderr != ""
loop: "{{ undesired_user_services }}"
- name: create directory for getty autologin
@@ -96,7 +86,10 @@
become: true
become_user: root
- block:
- name: configure dotfiles
tags:
- dotfiles
block:
- name: load dotfile list
include_vars:
file: dotfiles.yml
@@ -262,29 +255,11 @@
src: /var/lib/dotfiles/bin
owner: "{{ user.name }}"
group: "{{ user.name }}"
- name: vim
tags:
- dotfiles
- block:
- name: create intermediate directories for vim-plug
file:
path: "{{ item }}"
state: directory
with_items:
- ~/.local/
- ~/.local/share/
- ~/.local/share/nvim/
- ~/.local/share/nvim/site/
- ~/.local/share/nvim/site/autoload/
- name: install vim-plug
copy:
src: contrib/vim-plug/plug.vim
dest: ~/.local/share/nvim/site/autoload/plug.vim
owner: "{{ user.name }}"
group: "{{ user.name }}"
mode: "0644"
- vim
block:
- name: install vim plugins
command: nvim --headless +PlugInstall +qall
register: vim_plugin_install
@@ -295,13 +270,15 @@
register: vim_plugin_update
changed_when: vim_plugin_update.stderr != ""
tags: [vim-plugins]
- block:
- name: firefox
tags:
- firefox
block:
- name: create firefox directories
firefox_profile:
name: "{{ item.key }}"
loop: "{{ user.firefox_profiles | dict2items }}"
check_mode: false
register: firefox_profile_names
- set_fact:
@@ -311,7 +288,6 @@
toolkit.legacyUserProfileCustomizations.stylesheets: true
browser.contentblocking.category: "strict"
browser.newtabpage.enabled: false
browser.shell.checkDefaultBrowser: false
browser.startup.homepage: "about:blank"
privacy.trackingprotection.enabled: true
privacy.trackingprotection.socialtracking.enabled: true
@@ -320,7 +296,6 @@
# Restore last session on startup
# https://support.mozilla.org/de/questions/1235263
browser.startup.page: 3
browser.sessionstore.resume_from_crash: true
# "Play DRM-controlled content"
media.eme.enabled: true
@@ -387,10 +362,10 @@
with_items: "{{ firefox_profile_names.results }}"
loop_control:
label: "{{ item.profile_path }}"
tags:
- firefox
- name: handle autostart units
tags:
- autostart
block:
- name: create systemd user directory
file:
@@ -434,10 +409,10 @@
force: true
follow: false
- name: gpg
tags:
- autostart
- block:
- gpg
block:
- name: import gpg key
command: gpg --import ./gpgkeys/{{ user.gpg_key.email }}.gpg.asc
register: gpg_import_output
@@ -451,4 +426,3 @@
changed_when: gpg_trust_output.stderr_lines|length > 0
when: user.gpg_key is defined
tags: [gpg]

38
zsh/zprofile.j2
View File

@@ -1,5 +1,9 @@
source /etc/profile
if [[ "$(passwd --status $USER | awk '{print $2}')" =~ ^(NP|L)$ ]] ; then
while ! sudo passwd $USER ; do ; done
fi
_path=(
"$HOME/bin"
"$HOME/.cargo/bin"
@@ -17,16 +21,10 @@ export BROWSER="firefox"
export PAGER="less"
export LESS="FRX"
export WINEPATH="$HOME/games/wine"
export BINDIR="$HOME/bin"
export LANG=en_US.UTF-8
export LC_TIME=de_DE.UTF-8
export LC_COLLATE=C
export DOTFILES=~/dotfiles
export GOPATH=~/.go
export PATH=$PATH:$(go env GOPATH)/bin
@@ -52,23 +50,29 @@ umask 0022
export {{ k }}="{{ v }}"
{% endfor %}
export FEATURE_DIR="${XDG_RUNTIME_DIR}/features/"
rm -rf "${FEATURE_DIR}"/
mkdir -p "${FEATURE_DIR}"
feature_dir="${XDG_RUNTIME_DIR}/features/"
rm -rf "${feature_dir}"/
mkdir -p "${feature_dir}"
[[ $MACHINE_HAS_NEXTCLOUD == "true" ]] && touch "${FEATURE_DIR}"/nextcloud
[[ $MACHINE_HAS_KEEPASSX == "true" ]] && touch "${FEATURE_DIR}"/keepassx
[[ $MACHINE_HAS_STEAM == "true" ]] && touch "${FEATURE_DIR}"/steam
[[ $MACHINE_HAS_RESTIC_BACKUP == "true" ]] && touch "${FEATURE_DIR}"/restic_backup
[[ $MACHINE_HAS_NEXTCLOUD == "true" ]] && touch "${feature_dir}"/nextcloud
[[ $MACHINE_HAS_KEEPASSX == "true" ]] && touch "${feature_dir}"/keepassx
[[ $MACHINE_HAS_STEAM == "true" ]] && touch "${feature_dir}"/steam
[[ $MACHINE_HAS_RESTIC_BACKUP == "true" ]] && touch "${feature_dir}"/restic_backup
[[ $MACHINE_TYPE == "laptop" ]] && touch "${FEATURE_DIR}"/machine_is_laptop
[[ $MACHINE_TYPE == "laptop" ]] && touch "${feature_dir}"/machine_is_laptop
{% if user.gpg_agent %}
touch "${FEATURE_DIR}"/gpg_agent
touch "${feature_dir}"/gpg_agent
{% endif %}
# Make all environment variables also usable in the systemd user instancee
systemctl --user import-environment
# Make important environment variables also usable in the systemd user instance
systemd_envs=(
DISPLAY
GNUPGHOME
PATH
ACPI_LID_NAME
)
systemctl --user import-environment "${systemd_envs[@]}"
# exec startx breaks some logind fuckery, without exec it works
if [[ -z $DISPLAY ]] ; then

2
zsh/zshrc.j2
View File

@@ -100,7 +100,7 @@ alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
alias rg='rg --hidden --glob "!.git/**"'
alias rg='rg --hidden --glob "!.git/**" --glob "!.git"'
alias rm='rm -v'
alias cp='cp -vi'