From 08ebf9611339aea9f1a707b1d3ab533eb4c176a9 Mon Sep 17 00:00:00 2001 From: transcaffeine Date: Wed, 11 Nov 2020 21:16:59 +0100 Subject: [PATCH] arch: implement LVM-on-LUKS, begin filesystems --- README.md | 4 +- bootstrap.yml | 10 +++++ local.yml | 18 ++++----- roles/arch/README.md | 4 +- roles/arch/defaults/main.yml | 19 +++++++++- roles/arch/tasks/filesystems.yml | 63 +++++++++++++++++++++++++++++++- roles/arch/tasks/main.yml | 8 ++-- 7 files changed, 109 insertions(+), 17 deletions(-) create mode 100644 bootstrap.yml diff --git a/README.md b/README.md index 2f24a25..43c33bd 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -= .dotfiles - Bootstrap me! +# .dotfiles - Bootstrap me! -== Requirements +## Requirements Clone this repository with `git clone --recursive https://git.finallycoffee.eu/transcaffeine/dotfiles.git` into `~/git/dotfiles`. diff --git a/bootstrap.yml b/bootstrap.yml new file mode 100644 index 0000000..f54972d --- /dev/null +++ b/bootstrap.yml @@ -0,0 +1,10 @@ +--- + +- name: Bootstrap arch linux install + hosts: all + roles: + - name: arch + become: yes + vars: + arch_device: /dev/sdg + diff --git a/local.yml b/local.yml index bb64759..aeb212a 100644 --- a/local.yml +++ b/local.yml @@ -2,30 +2,30 @@ all: hosts: - xenon: - ansible_host: xenon.int.finallycoffee.eu + local: + ansible_host: localhost ansible_connection: local vars: ansible_user: transcaffeine - ansible_become_user: transcaffeine - ansible_become: true + ansible_become_user: root + ansible_become_method: sudo gnupg: hosts: - xenon: + local: redshift: hosts: - xenon: + local: tmux: hosts: - xenon: + local: vim: hosts: - xenon: + local: git: hosts: - xenon: + local: diff --git a/roles/arch/README.md b/roles/arch/README.md index ea5e019..5abd40f 100644 --- a/roles/arch/README.md +++ b/roles/arch/README.md @@ -4,9 +4,11 @@ Bootstraps an arch linux install to a given device. The whole block device is wi ## Requirements: -`pacman -Syu parted cryptsetup wipefs lsblk blkid` +`pacman -Syu parted cryptsetup wipefs lsblk blkid mkfs.[fat|ext4|...]` Collections: - `community.general` - `community.crypto` +- `community.posix` + diff --git a/roles/arch/defaults/main.yml b/roles/arch/defaults/main.yml index f03b129..bfafad5 100644 --- a/roles/arch/defaults/main.yml +++ b/roles/arch/defaults/main.yml @@ -6,8 +6,25 @@ arch_hostname: cookie arch_part_label_base: "{{ arch_hostname }}" arch_part_efi_size: "512MiB" arch_part_root_size: "95%" -arch_lvm_name: "{{ arch_part_label_base }}" arch_luks_device: "{{ arch_device }}2" arch_luks_passphrase: "super_secure!" arch_luks_container_name: "{{ arch_hostname }}" + +arch_lvm_name: "{{ arch_part_label_base }}" +arch_lvm_volumes: + - name: "swap" + size: "16G" + fstype: swap + - name: "home" + size: "40G" + fstype: ext4 + mountpoint: "/home" + - name: "cache" + size: "20G" + fstype: ext4 + mountpoint: "/var/cache" + - name: "root" + size: "+90%FREE" + fstype: ext4 + mountpoint: "/" diff --git a/roles/arch/tasks/filesystems.yml b/roles/arch/tasks/filesystems.yml index 40cd161..ad4f17d 100644 --- a/roles/arch/tasks/filesystems.yml +++ b/roles/arch/tasks/filesystems.yml @@ -18,16 +18,21 @@ community.general.parted: device: "{{ arch_device }}" state: present + part_start: "0%" part_end: "{{ arch_part_efi_size }}" number: 1 + label: gpt name: "{{ arch_part_label_base }}-efi" + fs_type: fat32 - name: Create partition for luks community.general.parted: device: "{{ arch_device }}" state: present + part_start: "{{ arch_part_efi_size }}" part_end: "{{ arch_part_root_size }}" number: 2 + label: gpt name: "{{ arch_part_label_base }}-main" - name: Create luks device on main partition @@ -39,8 +44,64 @@ - name: Open luks device community.crypto.luks_device: device: "{{ arch_luks_device }}" - passphrase: "{{ arch_luks_passphrase ]]" + passphrase: "{{ arch_luks_passphrase }}" state: "opened" name: "{{ arch_luks_container_name }}" +- name: Wipe volume group if it existed + community.general.lvg: + vg: "{{ arch_lvm_name }}" + force: yes + state: absent +- name: Create volume group + community.general.lvg: + vg: "{{ arch_lvm_name }}" + pvs: "/dev/mapper/{{ arch_luks_container_name }}" + pvresize: yes + +- name: Create logical volume for swap and root filesystem + community.general.lvol: + vg: "{{ arch_lvm_name }}" + lv: "{{ item.name }}" + size: "{{ item.size }}" + loop: "{{ arch_lvm_volumes }}" + +- name: Create filesystem on efi system partition + community.general.filesystem: + dev: "{{ arch_device }}1" + force: yes + fstype: vfat + opts: -F32 + +- name: Create filesystems on the volumes + community.general.filesystem: + dev: "/dev/mapper/{{ arch_lvm_name }}-{{ item.name }}" + fstype: "{{ item.fstype }}" + loop: "{{ arch_lvm_volumes }}" + +- name: Create mountpoint + file: + path: "/mnt-{{ arch_luks_container_name }}" + state: directory + +- name: Mount root partition + command: + cmd: "mount /dev/mapper/{{ arch_lvm_name }}-{{ item.name }} /mnt-{{ arch_luks_container_name }}" + loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'equalto', '/') }}" + +- name: Create mountpoints in root partition + file: + path: "/mnt-{{ arch_luks_container_name }}{{ item.mountpoint }}" + state: directory + recurse: yes + loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'ne', '/') + [ { \"mountpoint\": \"/boot\" } ] }}" + +- name: Mount efi system partition + command: + cmd: "mount {{ arch_device }}1 /mnt-{{ arch_luks_container_name }}/boot" + +- name: Mount additional partitions + command: + cmd: "mount /dev/mapper/{{ arch_lvm_name }}-{{ item.name }} /mnt-{{ arch_luks_container_name }}{{ item.mountpoint }}" + loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'ne', '/') | list }}" diff --git a/roles/arch/tasks/main.yml b/roles/arch/tasks/main.yml index 478b70c..8e5a7eb 100644 --- a/roles/arch/tasks/main.yml +++ b/roles/arch/tasks/main.yml @@ -1,8 +1,10 @@ --- -- name: Format disks +- name: Format disks and setup LVM on LUKS import_tasks: filesystems.yml -- name: pacstrap +#- name: Bootstrap all packages and configure system +# import_tasks: packages.yml -- name: Bootloader +#- name: Configure systemd boot with EFI and LUKS +# import_tasks: bootloader.yml