arch: implement LVM-on-LUKS, begin filesystems

README.md

@@ -1,6 +1,6 @@
-= .dotfiles - Bootstrap me!
+# .dotfiles - Bootstrap me!
 
-== Requirements
+## Requirements
 
 Clone this repository with `git clone --recursive https://git.finallycoffee.eu/transcaffeine/dotfiles.git` into `~/git/dotfiles`.
 

bootstrap.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Bootstrap arch linux install
+  hosts: all
+  roles:
+    - name: arch
+      become: yes
+  vars:
+    arch_device: /dev/sdg
+  

local.yml

@@ -2,30 +2,30 @@
 
 all:
   hosts:
-    xenon:
+    local:
-      ansible_host: xenon.int.finallycoffee.eu
+      ansible_host: localhost
       ansible_connection: local
   vars:
     ansible_user: transcaffeine
-    ansible_become_user: transcaffeine
+    ansible_become_user: root
-    ansible_become: true
+    ansible_become_method: sudo
 
 gnupg:
   hosts:
-    xenon:
+    local:
 
 redshift:
   hosts:
-    xenon:
+    local:
 
 tmux:
   hosts:
-    xenon:
+    local:
 
 vim:
   hosts:
-    xenon:
+    local:
 
 git:
   hosts:
-    xenon:
+    local:

roles/arch/README.md

@@ -4,9 +4,11 @@ Bootstraps an arch linux install to a given device. The whole block device is wi
 
 ## Requirements:
 
-`pacman -Syu parted cryptsetup wipefs lsblk blkid`
+`pacman -Syu parted cryptsetup wipefs lsblk blkid mkfs.[fat|ext4|...]`
 
 Collections:
 
 - `community.general`
 - `community.crypto`
+- `community.posix`
+

roles/arch/defaults/main.yml

@@ -6,8 +6,25 @@ arch_hostname: cookie
 arch_part_label_base: "{{ arch_hostname }}"
 arch_part_efi_size: "512MiB"
 arch_part_root_size: "95%"
-arch_lvm_name: "{{ arch_part_label_base }}"
 
 arch_luks_device: "{{ arch_device }}2"
 arch_luks_passphrase: "super_secure!"
 arch_luks_container_name: "{{ arch_hostname }}"
+
+arch_lvm_name: "{{ arch_part_label_base }}"
+arch_lvm_volumes:
+  - name: "swap"
+    size: "16G"
+    fstype: swap
+  - name: "home"
+    size: "40G"
+    fstype: ext4
+    mountpoint: "/home"
+  - name: "cache"
+    size: "20G"
+    fstype: ext4
+    mountpoint: "/var/cache"
+  - name: "root"
+    size: "+90%FREE"
+    fstype: ext4
+    mountpoint: "/"

roles/arch/tasks/filesystems.yml

@@ -18,16 +18,21 @@
   community.general.parted:
     device: "{{ arch_device }}"
     state: present
+    part_start: "0%"
     part_end: "{{ arch_part_efi_size }}"
     number: 1
+    label: gpt
     name: "{{ arch_part_label_base }}-efi"
+    fs_type: fat32
 
 - name: Create partition for luks
   community.general.parted:
     device: "{{ arch_device }}"
     state: present
+    part_start: "{{ arch_part_efi_size }}"
     part_end: "{{ arch_part_root_size }}"
     number: 2
+    label: gpt
     name: "{{ arch_part_label_base }}-main"
 
 - name: Create luks device on main partition
@@ -39,8 +44,64 @@
 - name: Open luks device
   community.crypto.luks_device:
     device: "{{ arch_luks_device }}"
-    passphrase: "{{ arch_luks_passphrase ]]"
+    passphrase: "{{ arch_luks_passphrase }}"
     state: "opened"
     name: "{{ arch_luks_container_name }}"
 
+- name: Wipe volume group if it existed
+  community.general.lvg:
+    vg: "{{ arch_lvm_name }}"
+    force: yes
+    state: absent
 
+- name: Create volume group
+  community.general.lvg:
+    vg: "{{ arch_lvm_name }}"
+    pvs: "/dev/mapper/{{ arch_luks_container_name }}"
+    pvresize: yes
+
+- name: Create logical volume for swap and root filesystem
+  community.general.lvol:
+    vg: "{{ arch_lvm_name }}"
+    lv: "{{ item.name }}"
+    size: "{{ item.size }}"
+  loop: "{{ arch_lvm_volumes }}"
+
+- name: Create filesystem on efi system partition
+  community.general.filesystem:
+    dev: "{{ arch_device }}1"
+    force: yes
+    fstype: vfat
+    opts: -F32
+
+- name: Create filesystems on the volumes
+  community.general.filesystem:
+    dev: "/dev/mapper/{{ arch_lvm_name }}-{{ item.name }}"
+    fstype: "{{ item.fstype }}"
+  loop: "{{ arch_lvm_volumes }}"
+
+- name: Create mountpoint
+  file:
+    path: "/mnt-{{ arch_luks_container_name }}"
+    state: directory
+
+- name: Mount root partition
+  command:
+    cmd: "mount /dev/mapper/{{ arch_lvm_name }}-{{ item.name }} /mnt-{{ arch_luks_container_name }}"
+  loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'equalto', '/') }}"
+
+- name: Create mountpoints in root partition
+  file:
+    path: "/mnt-{{ arch_luks_container_name }}{{ item.mountpoint }}"
+    state: directory
+    recurse: yes
+  loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'ne', '/') + [ { \"mountpoint\": \"/boot\" } ] }}"
+
+- name: Mount efi system partition
+  command:
+    cmd: "mount {{ arch_device }}1 /mnt-{{ arch_luks_container_name }}/boot"
+
+- name: Mount additional partitions
+  command:
+    cmd: "mount /dev/mapper/{{ arch_lvm_name }}-{{ item.name }} /mnt-{{ arch_luks_container_name }}{{ item.mountpoint }}"
+  loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'ne', '/') | list }}"

roles/arch/tasks/main.yml

@@ -1,8 +1,10 @@
 ---
 
-- name: Format disks
+- name: Format disks and setup LVM on LUKS
   import_tasks: filesystems.yml
 
-- name: pacstrap
+#- name: Bootstrap all packages and configure system
+#  import_tasks: packages.yml
 
-- name: Bootloader
+#- name: Configure systemd boot with EFI and LUKS
+#  import_tasks: bootloader.yml