arch: implement LVM-on-LUKS, begin filesystems

2020-11-11 21:16:59 +01:00 · 2020-11-11 21:16:59 +01:00 · 08ebf96113
commit 08ebf96113
parent 66a0a9774f
7 changed files with 109 additions and 17 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
-= .dotfiles - Bootstrap me!
+# .dotfiles - Bootstrap me!

-== Requirements
+## Requirements

 Clone this repository with `git clone --recursive https://git.finallycoffee.eu/transcaffeine/dotfiles.git` into `~/git/dotfiles`.

--- a/bootstrap.yml
+++ b/bootstrap.yml
@ -0,0 +1,10 @@
+---
+
+- name: Bootstrap arch linux install
+  hosts: all
+  roles:
+    - name: arch
+      become: yes
+  vars:
+    arch_device: /dev/sdg
+  
--- a/local.yml
+++ b/local.yml
@ -2,30 +2,30 @@

 all:
  hosts:
-    xenon:
-      ansible_host: xenon.int.finallycoffee.eu
+    local:
+      ansible_host: localhost
      ansible_connection: local
  vars:
    ansible_user: transcaffeine
-    ansible_become_user: transcaffeine
-    ansible_become: true
+    ansible_become_user: root
+    ansible_become_method: sudo

 gnupg:
  hosts:
-    xenon:
+    local:

 redshift:
  hosts:
-    xenon:
+    local:

 tmux:
  hosts:
-    xenon:
+    local:

 vim:
  hosts:
-    xenon:
+    local:

 git:
  hosts:
-    xenon:
+    local:
--- a/roles/arch/README.md
+++ b/roles/arch/README.md
@ -4,9 +4,11 @@ Bootstraps an arch linux install to a given device. The whole block device is wi

 ## Requirements:

-`pacman -Syu parted cryptsetup wipefs lsblk blkid`
+`pacman -Syu parted cryptsetup wipefs lsblk blkid mkfs.[fat|ext4|...]`

 Collections:

 - `community.general`
 - `community.crypto`
+- `community.posix`
+
--- a/roles/arch/defaults/main.yml
+++ b/roles/arch/defaults/main.yml
@ -6,8 +6,25 @@ arch_hostname: cookie
 arch_part_label_base: "{{ arch_hostname }}"
 arch_part_efi_size: "512MiB"
 arch_part_root_size: "95%"
-arch_lvm_name: "{{ arch_part_label_base }}"

 arch_luks_device: "{{ arch_device }}2"
 arch_luks_passphrase: "super_secure!"
 arch_luks_container_name: "{{ arch_hostname }}"
+
+arch_lvm_name: "{{ arch_part_label_base }}"
+arch_lvm_volumes:
+  - name: "swap"
+    size: "16G"
+    fstype: swap
+  - name: "home"
+    size: "40G"
+    fstype: ext4
+    mountpoint: "/home"
+  - name: "cache"
+    size: "20G"
+    fstype: ext4
+    mountpoint: "/var/cache"
+  - name: "root"
+    size: "+90%FREE"
+    fstype: ext4
+    mountpoint: "/"
--- a/roles/arch/tasks/filesystems.yml
+++ b/roles/arch/tasks/filesystems.yml
@ -18,16 +18,21 @@
  community.general.parted:
    device: "{{ arch_device }}"
    state: present
+    part_start: "0%"
    part_end: "{{ arch_part_efi_size }}"
    number: 1
+    label: gpt
    name: "{{ arch_part_label_base }}-efi"
+    fs_type: fat32

 - name: Create partition for luks
  community.general.parted:
    device: "{{ arch_device }}"
    state: present
+    part_start: "{{ arch_part_efi_size }}"
    part_end: "{{ arch_part_root_size }}"
    number: 2
+    label: gpt
    name: "{{ arch_part_label_base }}-main"

 - name: Create luks device on main partition
@ -39,8 +44,64 @@
 - name: Open luks device
  community.crypto.luks_device:
    device: "{{ arch_luks_device }}"
-    passphrase: "{{ arch_luks_passphrase ]]"
+    passphrase: "{{ arch_luks_passphrase }}"
    state: "opened"
    name: "{{ arch_luks_container_name }}"

+- name: Wipe volume group if it existed
+  community.general.lvg:
+    vg: "{{ arch_lvm_name }}"
+    force: yes
+    state: absent

+- name: Create volume group
+  community.general.lvg:
+    vg: "{{ arch_lvm_name }}"
+    pvs: "/dev/mapper/{{ arch_luks_container_name }}"
+    pvresize: yes
+
+- name: Create logical volume for swap and root filesystem
+  community.general.lvol:
+    vg: "{{ arch_lvm_name }}"
+    lv: "{{ item.name }}"
+    size: "{{ item.size }}"
+  loop: "{{ arch_lvm_volumes }}"
+
+- name: Create filesystem on efi system partition
+  community.general.filesystem:
+    dev: "{{ arch_device }}1"
+    force: yes
+    fstype: vfat
+    opts: -F32
+
+- name: Create filesystems on the volumes
+  community.general.filesystem:
+    dev: "/dev/mapper/{{ arch_lvm_name }}-{{ item.name }}"
+    fstype: "{{ item.fstype }}"
+  loop: "{{ arch_lvm_volumes }}"
+
+- name: Create mountpoint
+  file:
+    path: "/mnt-{{ arch_luks_container_name }}"
+    state: directory
+
+- name: Mount root partition
+  command:
+    cmd: "mount /dev/mapper/{{ arch_lvm_name }}-{{ item.name }} /mnt-{{ arch_luks_container_name }}"
+  loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'equalto', '/') }}"
+
+- name: Create mountpoints in root partition
+  file:
+    path: "/mnt-{{ arch_luks_container_name }}{{ item.mountpoint }}"
+    state: directory
+    recurse: yes
+  loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'ne', '/') + [ { \"mountpoint\": \"/boot\" } ] }}"
+
+- name: Mount efi system partition
+  command:
+    cmd: "mount {{ arch_device }}1 /mnt-{{ arch_luks_container_name }}/boot"
+
+- name: Mount additional partitions
+  command:
+    cmd: "mount /dev/mapper/{{ arch_lvm_name }}-{{ item.name }} /mnt-{{ arch_luks_container_name }}{{ item.mountpoint }}"
+  loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'ne', '/') | list }}"
--- a/roles/arch/tasks/main.yml
+++ b/roles/arch/tasks/main.yml
@ -1,8 +1,10 @@
 ---

- name: Format disks
+- name: Format disks and setup LVM on LUKS
  import_tasks: filesystems.yml

- name: pacstrap
+#- name: Bootstrap all packages and configure system
+#  import_tasks: packages.yml

- name: Bootloader
+#- name: Configure systemd boot with EFI and LUKS
+#  import_tasks: bootloader.yml