Compare commits
18 Commits
e09a1210fa
...
7c6c8f8bff
| Author | SHA1 | Date | |
|---|---|---|---|
| 7c6c8f8bff | |||
| ead2b2fc41 | |||
| 933b232a18 | |||
| f5b31c948d | |||
| 6381872f80 | |||
| c343e3211e | |||
| 5d6ce575d4 | |||
| 10708409c2 | |||
| e6307e5881 | |||
| 3da38b1708 | |||
| c79811541b | |||
| 75d5875cac | |||
| 55d91079eb | |||
| ae8d83c52f | |||
| fc2e556a03 | |||
| 1a22209bc6 | |||
| c9a1f49f91 | |||
| aa6f2eee8c |
@@ -18,7 +18,7 @@ For easier installation, the install scripts are available via shortlinks. To
|
||||
(re)install a new machine from a Arch live environment:
|
||||
|
||||
```
|
||||
curl --proto '=https' -sSfL https://s.hkoerber.de/i/${hostname}.sh | bash
|
||||
curl --proto '=https' -O -sSfL https://s.hkoerber.de/i/bootstrap.sh && bash bootstrap.sh {host}
|
||||
```
|
||||
|
||||
## Manual Installation
|
||||
|
||||
@@ -2,6 +2,7 @@ font_size: 11
|
||||
|
||||
gpu: amd
|
||||
cpu: amd
|
||||
encrypted_root: true
|
||||
|
||||
users:
|
||||
- name: hannes
|
||||
|
||||
@@ -2,6 +2,7 @@ font_size: 11
|
||||
|
||||
gpu: intel
|
||||
cpu: intel
|
||||
encrypted_root: true
|
||||
|
||||
users:
|
||||
- name: hannes
|
||||
|
||||
@@ -1,13 +1,5 @@
|
||||
---
|
||||
- name: Enable sddm
|
||||
ansible.builtin.systemd:
|
||||
name: sddm.service
|
||||
enabled: true
|
||||
daemon_reload: true
|
||||
become: true
|
||||
|
||||
- name: Autoupdate
|
||||
tags: [test]
|
||||
block:
|
||||
- name: Deploy autoupdate script
|
||||
copy:
|
||||
@@ -35,7 +27,10 @@
|
||||
exit 0
|
||||
fi
|
||||
|
||||
pacman --sync --refresh --sysupgrade --noprogressbar --noconfirm
|
||||
# Make sure that keys are up to date, otherwise sig checks may fail
|
||||
pacman --sync --noprogressbar --noconfirm --refresh --needed archlinux-keyring
|
||||
|
||||
pacman --sync --noprogressbar --noconfirm --sysupgrade
|
||||
|
||||
- name: Install pacman autoupdate service
|
||||
ansible.builtin.copy:
|
||||
@@ -91,7 +86,6 @@
|
||||
- dotfiles
|
||||
- libvirt
|
||||
- wheel
|
||||
- vboxusers
|
||||
- wireshark
|
||||
- docker
|
||||
- sudonopw
|
||||
@@ -102,7 +96,16 @@
|
||||
skeleton: /dev/null
|
||||
become: true
|
||||
|
||||
- name: Create sddm config folder
|
||||
- name: Display Manager
|
||||
block:
|
||||
- name: Enable sddm
|
||||
ansible.builtin.systemd:
|
||||
name: sddm.service
|
||||
enabled: true
|
||||
daemon_reload: true
|
||||
become: true
|
||||
|
||||
- name: Create sddm config folder
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: /etc/sddm.conf.d/
|
||||
@@ -110,7 +113,7 @@
|
||||
group: root
|
||||
mode: "0755"
|
||||
|
||||
- name: Enable autologin
|
||||
- name: Enable autologin
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/sddm.conf.d/autologin.conf
|
||||
owner: root
|
||||
@@ -121,7 +124,7 @@
|
||||
User=herta
|
||||
Session=plasma
|
||||
|
||||
- name: Lock on startup
|
||||
- name: Lock on startup
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/xdg/kscreenlockerrc
|
||||
owner: root
|
||||
@@ -130,3 +133,130 @@
|
||||
content: |
|
||||
[Daemon]
|
||||
LockOnStart=true
|
||||
|
||||
- name: Backup
|
||||
block:
|
||||
- name: create restic config directory
|
||||
file:
|
||||
path: /etc/restic
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
become: true
|
||||
|
||||
- name: create restic exclude file
|
||||
copy:
|
||||
dest: /etc/restic/exclude.lst
|
||||
content: |
|
||||
/home/*/.cache/**
|
||||
/home/*/.mozilla/firefox/*/Cache/**
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
become: true
|
||||
|
||||
- name: create restic cache directory
|
||||
file:
|
||||
path: /var/cache/restic
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0700"
|
||||
become: true
|
||||
|
||||
- name: create restic wrapper script
|
||||
copy:
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0700"
|
||||
dest: /usr/local/bin/restic-cmd
|
||||
content: |
|
||||
#!/usr/bin/env bash
|
||||
source /etc/restic/env
|
||||
|
||||
set -o nounset
|
||||
set -o errexit
|
||||
set -o pipefail
|
||||
|
||||
export B2_ACCOUNT_ID
|
||||
export B2_ACCOUNT_KEY
|
||||
|
||||
export RESTIC_PASSWORD_FILE=/etc/restic/repopassword
|
||||
|
||||
restic \
|
||||
--cache-dir=/var/cache/restic/ \
|
||||
--repo="b2:${BUCKET_NAME}:backup" \
|
||||
--password-file=/etc/restic/repopassword \
|
||||
--verbose \
|
||||
"${@}"
|
||||
become: true
|
||||
|
||||
- name: add backup script
|
||||
copy:
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0700"
|
||||
dest: /usr/local/bin/restic-backup
|
||||
content: |
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -o nounset
|
||||
set -o errexit
|
||||
set -o pipefail
|
||||
|
||||
run() {
|
||||
name="${1}" ; shift
|
||||
printf '[%s] %s - start\n' "${name}" "$(date --utc --iso-8601=seconds)"
|
||||
"${@}"
|
||||
printf '[%s] %s - end\n' "${name}" "$(date --utc --iso-8601=seconds)"
|
||||
}
|
||||
|
||||
run backup restic-cmd \
|
||||
backup \
|
||||
--exclude-file /etc/restic/exclude.lst \
|
||||
/home/
|
||||
|
||||
run forget restic-cmd \
|
||||
forget \
|
||||
--prune
|
||||
--keep-daily 30 \
|
||||
--keep-monthly 12 \
|
||||
--keep-yearly 3
|
||||
become: true
|
||||
|
||||
|
||||
- name: Install restic backup service
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/systemd/system/restic-backup.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
content: |
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=systemd-inhibit /usr/local/bin/restic-backup
|
||||
become: true
|
||||
|
||||
- name: Install restic backup timer
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/systemd/system/restic-backup.timer
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
content: |
|
||||
[Timer]
|
||||
OnCalendar=daily
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
become: true
|
||||
|
||||
- name: Enable restic backup timer
|
||||
ansible.builtin.systemd:
|
||||
name: restic-backup.timer
|
||||
enabled: true
|
||||
state: started
|
||||
daemon_reload: true
|
||||
become: true
|
||||
|
||||
@@ -2,6 +2,7 @@ font_size: 11
|
||||
|
||||
gpu: intel
|
||||
cpu: intel
|
||||
encrypted_root: false
|
||||
|
||||
# make sure that display manager works
|
||||
system_default_target: "graphical.target"
|
||||
|
||||
@@ -2,6 +2,7 @@ font_size: 11
|
||||
|
||||
gpu: nvidia
|
||||
cpu: intel
|
||||
encrypted_root: true
|
||||
|
||||
users:
|
||||
- name: hannes-work
|
||||
|
||||
@@ -26,3 +26,9 @@ gpu:
|
||||
- lib32-vulkan-nouveau
|
||||
- vulkan-headers
|
||||
- vulkan-tools
|
||||
intel:
|
||||
- mesa
|
||||
- mesa-utils
|
||||
- lib32-mesa
|
||||
- vulkan-intel
|
||||
- lib32-vulkan-intel
|
||||
|
||||
@@ -25,7 +25,7 @@ sed -e 's/\s*\([^#]*\).*/\1/' << EOF | sfdisk ${DEVICE}
|
||||
device: ${DEVICE}
|
||||
|
||||
${DEVICE}1 : name=uefi , size=512M , type=uefi
|
||||
${DEVICE}2 : name=boot , size=512M , type=linux
|
||||
${DEVICE}2 : name=boot , size=1G , type=linux
|
||||
${DEVICE}3 : name=cryptpart , type=linux
|
||||
EOF
|
||||
|
||||
@@ -89,7 +89,7 @@ cat <<EOF > /etc/hosts
|
||||
127.0.1.1 ares
|
||||
EOF
|
||||
|
||||
sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
|
||||
sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
|
||||
|
||||
mkinitcpio -P
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ sed -e 's/\s*\([^#]*\).*/\1/' << EOF | sfdisk ${DEVICE}
|
||||
device: ${DEVICE}
|
||||
|
||||
${DEVICE}p1 : name=uefi , size=512M , type=uefi
|
||||
${DEVICE}p2 : name=boot , size=512M , type=linux
|
||||
${DEVICE}p2 : name=boot , size=1G , type=linux
|
||||
${DEVICE}p3 : name=cryptpart , type=linux
|
||||
EOF
|
||||
|
||||
@@ -89,7 +89,7 @@ cat <<EOF > /etc/hosts
|
||||
127.0.1.1 dionysus
|
||||
EOF
|
||||
|
||||
sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
|
||||
sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
|
||||
|
||||
mkinitcpio -P
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ sed -e 's/\s*\([^#]*\).*/\1/' << EOF | sfdisk ${DEVICE}
|
||||
device: ${DEVICE}
|
||||
|
||||
${DEVICE}p1 : name=uefi, size=512M , type=uefi
|
||||
${DEVICE}p2 : name=boot, size=512M , type=linux
|
||||
${DEVICE}p2 : name=boot, size=1G , type=linux
|
||||
${DEVICE}p3 : name=swap, size=16G , type=linux
|
||||
${DEVICE}p4 : name=root, size=60G , type=linux
|
||||
${DEVICE}p5 : name=home, type=linux
|
||||
@@ -83,7 +83,7 @@ cat <<EOF > /etc/hosts
|
||||
127.0.1.1 hera
|
||||
EOF
|
||||
|
||||
sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block filesystems resume fsck)/' /etc/mkinitcpio.conf
|
||||
sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block filesystems resume fsck)/' /etc/mkinitcpio.conf
|
||||
|
||||
mkinitcpio -P
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ sed -e 's/\s*\([^#]*\).*/\1/' << EOF | sfdisk ${DEVICE}
|
||||
device: ${DEVICE}
|
||||
|
||||
${DEVICE}p1 : name=uefi , size=512M , type=uefi
|
||||
${DEVICE}p2 : name=boot , size=512M , type=linux
|
||||
${DEVICE}p2 : name=boot , size=1G , type=linux
|
||||
${DEVICE}p3 : name=cryptpart , type=linux
|
||||
EOF
|
||||
|
||||
@@ -89,7 +89,7 @@ cat <<EOF > /etc/hosts
|
||||
127.0.1.1 neptune
|
||||
EOF
|
||||
|
||||
sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
|
||||
sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf
|
||||
|
||||
mkinitcpio -P
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
set -o nounset
|
||||
set -o errexit
|
||||
|
||||
sudo pacman -Syu
|
||||
sudo bash -c "pacman -Sy --needed archlinux-keyring && pacman -Syu"
|
||||
|
||||
./update-aur-pkgs.sh
|
||||
|
||||
|
||||
19
packages.yml
19
packages.yml
@@ -226,8 +226,6 @@ cloc:
|
||||
archlinux: ["cloc"]
|
||||
bwm-ng:
|
||||
archlinux: ["bwm-ng"]
|
||||
virtualbox:
|
||||
archlinux: ["virtualbox"]
|
||||
ssh:
|
||||
archlinux: ["openssh"]
|
||||
sshfs:
|
||||
@@ -573,3 +571,20 @@ podman:
|
||||
pulumi:
|
||||
archlinux:
|
||||
- pulumi
|
||||
reflector:
|
||||
archlinux:
|
||||
- reflector
|
||||
yazi:
|
||||
archlinux:
|
||||
- yazi
|
||||
- ffmpeg
|
||||
- 7zip
|
||||
- jq
|
||||
- poppler
|
||||
- fd
|
||||
- ripgrep
|
||||
- fzf
|
||||
- xsel
|
||||
- zoxide
|
||||
- resvg
|
||||
- imagemagick
|
||||
|
||||
Submodule pkgbuilds/claude-code updated: 99d01e8856...71aff8b2a6
Submodule pkgbuilds/spotify updated: 077f50ae05...1bd184d3a4
36
playbook.yml
36
playbook.yml
@@ -208,6 +208,14 @@
|
||||
changed_when: unconfigured_packages_cmd.rc == 123
|
||||
become: true
|
||||
|
||||
- name: Enable reflector timer
|
||||
ansible.builtin.systemd:
|
||||
name: reflector.timer
|
||||
enabled: true
|
||||
state: started
|
||||
daemon_reload: true
|
||||
become: true
|
||||
|
||||
- name: aur
|
||||
tags:
|
||||
- aur
|
||||
@@ -530,6 +538,25 @@
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: set mkinitcpio hooks
|
||||
set_fact:
|
||||
mkinitcpio_hooks: "base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems resume fsck"
|
||||
when: machine.encrypted_root|bool
|
||||
|
||||
- name: set mkinitcpio hooks
|
||||
set_fact:
|
||||
mkinitcpio_hooks: "base udev autodetect microcode modconf kms keyboard keymap consolefont block filesystems resume fsck"
|
||||
when: not machine.encrypted_root|bool
|
||||
|
||||
- name: configure mkinitcpio hooks
|
||||
lineinfile:
|
||||
path: /etc/mkinitcpio.conf
|
||||
regexp: "^#?HOOKS=.*$"
|
||||
line: 'HOOKS=({{ mkinitcpio_hooks }})'
|
||||
become: true
|
||||
notify:
|
||||
- rebuild initrd
|
||||
|
||||
- name: use vz4 for mkinitcpio compression
|
||||
lineinfile:
|
||||
path: /etc/mkinitcpio.conf
|
||||
@@ -761,6 +788,15 @@
|
||||
name: "{{ drivers.gpu.nvidia }}"
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: Intel configuration
|
||||
when: machine.gpu == 'intel'
|
||||
block:
|
||||
- name: install intel packages
|
||||
package:
|
||||
name: "{{ drivers.gpu.intel }}"
|
||||
state: present
|
||||
become: true
|
||||
when:
|
||||
- machine.gpu is defined
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ for pkg in pkgbuilds/* ; do
|
||||
printf "checking local package %s\n" "${pkg}"
|
||||
(
|
||||
builtin cd "${pkg}" || exit 1
|
||||
makepkg --nodeps --nobuild --noextract
|
||||
makepkg --nodeps --nobuild --noextract --cleanbuild
|
||||
)
|
||||
fi
|
||||
if git status --porcelain "${pkg}" | grep -q . ; then
|
||||
|
||||
4
user.yml
4
user.yml
@@ -6,7 +6,6 @@
|
||||
user_groups:
|
||||
- libvirt
|
||||
- wheel
|
||||
- vboxusers
|
||||
- wireshark
|
||||
- docker
|
||||
- sudonopw
|
||||
@@ -27,7 +26,8 @@
|
||||
state: present
|
||||
home: "/home/{{ user.name }}"
|
||||
create_home: true
|
||||
groups: "{{ [user.name, 'dotfiles'] + user_groups }}"
|
||||
group: "{{ user.name }}"
|
||||
groups: "{{ ['dotfiles'] + user_groups }}"
|
||||
shell: /usr/bin/zsh
|
||||
skeleton: /dev/null
|
||||
become: true
|
||||
|
||||
10
zsh/zshrc.j2
10
zsh/zshrc.j2
@@ -379,6 +379,16 @@ tmp() {
|
||||
fi
|
||||
}
|
||||
|
||||
# taken verbatim from https://yazi-rs.github.io/docs/quick-start, extended with "command" in
|
||||
# the last line to not use aliased `rm`
|
||||
function y() {
|
||||
local tmp="$(mktemp -t "yazi-cwd.XXXXXX")" cwd
|
||||
yazi "$@" --cwd-file="$tmp"
|
||||
IFS= read -r -d '' cwd < "$tmp"
|
||||
[ -n "$cwd" ] && [ "$cwd" != "$PWD" ] && builtin cd -- "$cwd"
|
||||
command rm -f -- "$tmp"
|
||||
}
|
||||
|
||||
setopt PROMPT_SUBST
|
||||
|
||||
autoload -Uz vcs_info
|
||||
|
||||
Reference in New Issue
Block a user