transcaffeine/dotfiles
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Compare commits

base: transcaffeine:cb157a1bd4fdfd74d8725d6abf46c4ca0e6217fd
Branches Tags
transcaffeine:main
transcaffeine:develop
transcaffeine:master
...
compare: transcaffeine:08ebf9611339aea9f1a707b1d3ab533eb4c176a9
Branches Tags
transcaffeine:main
transcaffeine:develop
transcaffeine:master

12 Commits
cb157a1bd4 ... 08ebf96113

Author SHA1 Message Date
transcaffeine
08ebf96113
arch: implement LVM-on-LUKS, begin filesystems 2021-06-07 13:04:29 +02:00
transcaffeine
66a0a9774f
arch: begin bootstrapping role 2021-06-07 13:04:28 +02:00
transcaffeine
6da033757e
doc: hint at usage and requirements 2021-06-07 13:04:27 +02:00
transcaffeine
25e9adf1a0
pass: configure passwordstore with remote 2021-06-07 13:04:26 +02:00
transcaffeine
2afa4283c1
bash: install autocompletion package 2021-06-07 13:04:25 +02:00
transcaffeine
378cce9bc9
gnupg: ensure ssh uses gnupg-agent 
Loads the gnupg_agent-skript in the ~/.bashrc, which exports
the needed variables (SSH_AUTH_SOCK, SSH_AGENT_PID, GPG_AGENT_INFO).

Also downloads the pubkey of the user and sets ownertrust on the key.

Fixes #3
 2021-06-07 13:04:25 +02:00
Johanna Dorothea Reichmann
f35f4188db
i3: template config for xfce4+i3 2021-06-07 13:04:24 +02:00
transcaffeine
85fc766925
git: update config and add defaults for merging and rebasing 2021-06-07 13:04:07 +02:00
Johanna Dorothea Reichmann
6351a7e5e3
git: update local config 2020-08-16 16:40:26 +02:00
Johanna Dorothea Reichmann
5add164eac
git: update displayed name and email for commits 2020-07-22 16:27:36 +02:00
jdreichmann
6a56cfed2e
Merge branch 'develop' 2020-07-05 11:50:00 +02:00
jreichmann
476ea6a83f
Merge branch 'develop' 
This merges a working ansible role for redshift & gnupg back into master
 2019-05-18 21:46:07 +02:00
18 changed files with 322 additions and 60 deletions
Show Stats Expand all files Collapse all files

9
README.md Normal file
View File

@ -0,0 +1,9 @@
# .dotfiles - Bootstrap me!
## Requirements
Clone this repository with `git clone --recursive https://git.finallycoffee.eu/transcaffeine/dotfiles.git` into `~/git/dotfiles`.
Have your pubkey in a git-repo at `https://git.finallycoffee.eu/$USER/about` at the top-level as `pubkey.asc`, then run `ansible-playbook -i local.yml bootstrap.yml`.
Reboot and then run `ansible-playbook -i local.yml all.yml`.

10
bootstrap.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Bootstrap arch linux install
hosts: all
roles:
- name: arch
become: yes
vars:
arch_device: /dev/sdg

62
group_vars/git.yml
View File

@ -1,30 +1,34 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
61636132613664626434323334356466303734666664616338633036343865313331623734306331 64363730336134663064313633316132396335613761386239613966313864656565376230323338
3533333362613430633461333832363163323766323265370a643039643361666132386166396334 3863396633383931393031643837323037356332326664630a393662323135643562643230363437
33643330396433626238363738356438653534666465663462636635353434333862373933666334 31343065363266353662643365303663633131393037353130316638623035356138383164346166
6134376464623233310a663833646336643665626335386335623337623538383765633337313065 6234323936383061340a366634373336333363656463656433333139333362393530363131623535
32626132346632336237353931666166343639353339303935343732393337333032643638626539 32396534633831343632323263336565353836343035396138353132356464383763396535393337
35623239653438666665366539346136346235663537663961366662323333613631613066393365 64353137653266653262643164613534333865666336663561376462346663663934376466343261
37636265373832303862326163656639663762653061636261303836613638306133383132306236 64656535343937643031616663666566626265313661623034386163336232336538663365626566
33353731363230633536353030626236366465613062616434656431333961323634313163356266 32346463363333616261643364363263363163316431623364383333353364363836613062373537
30363062376532323864643737316335366231633433663536383032636335326338663137366131 64636337343466643333666465643162323266353663366662313639623638393961333230373838
61396161336365633861646266336663363863383231616364326233623435356339333237653430 63363633383134623931373062396665353161636435343463646536663962333232656264306331
61313563373939363437313466356133376632643431316461376265373833313537633832656337 37323564306135363064363663656239313165326331303865643338333463303935356436626262
34356536373533303862373262386661643938366363363062373766373664653461383039666136 38353738366632663839626166303964396535333639646162666435363630633132646531313930
65323038346632373230626664316638663636626338373166343433386635613066636637613465 36343439373230616433623539393938326562343465633763363865323262323366316135393339
37633034626236353130636533316339653162303938316637666461363739653736323830316561 62616132333063643433353039353765663736633334613138363936306336303962643339313163
35393865346436623861653036616263343731626633353336303637643035663362653465656134 35646562663861613966346437666534313839373436376666313433353338653333643263373331
38653262373864306462643937636539373665626139623138336334343130636262353162633338 32306136333564343831343439346466626135313835346433666337653435313833383033633665
33636636333064633431613863363530613165323064383132623935666338303464373466313964 64613430383666653036393938643734613330623066333866643965343863636166363063306534
63316630323336643936356362643331383733626161633264346265326533653163303561333130 39343163366161373862383466313830646336333731333438663465336339313865306438353262
36343834616432353937623161373531383234626634303335393665623335306462393762376235 37363538383132373933313566366265616538356636633636343633343830363739383237316632
38306666656266363664636431613339303365623832343137666232323964333531653933383266 33616636666464366462613866383837323736353931623463323565356431346166393066326263
32663135633664383866313339666461303034303539613532306362353336346163306662396561 31623561323538373437366164376464663639633932383035346165353462303264373433393231
33343361313834643033323065376466346236396364386436343034393431353930353537353139 62353866616532313236363337306466626536306666333232613065373066663762663739633831
34356363313730303032336566303433323730623638623264383833363566356266313265343538 39316635663761663934323733656666396661653462383665336631373537356533383332323533
35633861383637383331326634363966393638333235373034353161633665343330383165316632 38633465326566663331383564643066366235613337356531396530323937323138313966393635
39613032356638383062373731633834643864663433323832396430646362626563373831643531 62353365383839383762303034633562353130353434656232636539313165346134373231316333
64323165326262343935646466366136343531656661626434613563646430343261306461303437 62656534386439623435353264313134623035303366313763316164656336346436353130363834
38303863303230613065643431663432653734616239626337303363643263316236383364383739 36306662633139663538383238646561346166353737636163323965663030373232613564393335
63393539346137393237613430396438373933656130376136613563613134386265663565626337 39353632333139336132636536326538353033373736643132346635613666346635616637386539
66353235383937646661643734323533643731313764373435383833393532363362 38643031626439373830316230643331303037313363633661333539383166356137333665623336
64376334353837353262373461663666646630323366356538313138363038626635353231626164
64346437383261643638306566356262383534646163343164333838373738303535623535323666
35623861663933613366306131656231353833643234373933316262633338666236386662636135
3563

8
i3.yml Normal file
View File

@ -0,0 +1,8 @@
---
- name: Template i3 config
hosts: all
become: true
roles:
- i3

18
local.yml
View File

@ -2,30 +2,30 @@
all: all:
hosts: hosts:
xenon: local:
ansible_host: xenon.int.finallycoffee.eu ansible_host: localhost
ansible_connection: local ansible_connection: local
vars: vars:
ansible_user: transcaffeine ansible_user: transcaffeine
ansible_become_user: transcaffeine ansible_become_user: root
ansible_become: true ansible_become_method: sudo
gnupg: gnupg:
hosts: hosts:
xenon: local:
redshift: redshift:
hosts: hosts:
xenon: local:
tmux: tmux:
hosts: hosts:
xenon: local:
vim: vim:
hosts: hosts:
xenon: local:
git: git:
hosts: hosts:
xenon: local:

14
roles/arch/README.md Normal file
View File

@ -0,0 +1,14 @@
# ArchLinux role
Bootstraps an arch linux install to a given device. The whole block device is wiped in the process!
## Requirements:
`pacman -Syu parted cryptsetup wipefs lsblk blkid mkfs.[fat|ext4|...]`
Collections:
- `community.general`
- `community.crypto`
- `community.posix`

30
roles/arch/defaults/main.yml Normal file
View File

@ -0,0 +1,30 @@
---
arch_device: ~
arch_hostname: cookie
arch_part_label_base: "{{ arch_hostname }}"
arch_part_efi_size: "512MiB"
arch_part_root_size: "95%"
arch_luks_device: "{{ arch_device }}2"
arch_luks_passphrase: "super_secure!"
arch_luks_container_name: "{{ arch_hostname }}"
arch_lvm_name: "{{ arch_part_label_base }}"
arch_lvm_volumes:
- name: "swap"
size: "16G"
fstype: swap
- name: "home"
size: "40G"
fstype: ext4
mountpoint: "/home"
- name: "cache"
size: "20G"
fstype: ext4
mountpoint: "/var/cache"
- name: "root"
size: "+90%FREE"
fstype: ext4
mountpoint: "/"

107
roles/arch/tasks/filesystems.yml Normal file
View File

@ -0,0 +1,107 @@
---
- name: Warn user that the blockdevice will be wiped
debug:
msg: "Warning! Continueing will wipe {{ arch_device }}!"
- name: Give user the ability to abort
pause:
prompt: "You can safely abort now if you want, or continue and wipe {{ arch_device }}"
- name: Create empty GPT
community.general.parted:
device: "{{ arch_device }}"
label: gpt
name: "{{ arch_part_label_base }}"
- name: Create EFI system partition
community.general.parted:
device: "{{ arch_device }}"
state: present
part_start: "0%"
part_end: "{{ arch_part_efi_size }}"
number: 1
label: gpt
name: "{{ arch_part_label_base }}-efi"
fs_type: fat32
- name: Create partition for luks
community.general.parted:
device: "{{ arch_device }}"
state: present
part_start: "{{ arch_part_efi_size }}"
part_end: "{{ arch_part_root_size }}"
number: 2
label: gpt
name: "{{ arch_part_label_base }}-main"
- name: Create luks device on main partition
community.crypto.luks_device:
device: "{{ arch_luks_device }}"
passphrase: "{{ arch_luks_passphrase }}"
state: present
- name: Open luks device
community.crypto.luks_device:
device: "{{ arch_luks_device }}"
passphrase: "{{ arch_luks_passphrase }}"
state: "opened"
name: "{{ arch_luks_container_name }}"
- name: Wipe volume group if it existed
community.general.lvg:
vg: "{{ arch_lvm_name }}"
force: yes
state: absent
- name: Create volume group
community.general.lvg:
vg: "{{ arch_lvm_name }}"
pvs: "/dev/mapper/{{ arch_luks_container_name }}"
pvresize: yes
- name: Create logical volume for swap and root filesystem
community.general.lvol:
vg: "{{ arch_lvm_name }}"
lv: "{{ item.name }}"
size: "{{ item.size }}"
loop: "{{ arch_lvm_volumes }}"
- name: Create filesystem on efi system partition
community.general.filesystem:
dev: "{{ arch_device }}1"
force: yes
fstype: vfat
opts: -F32
- name: Create filesystems on the volumes
community.general.filesystem:
dev: "/dev/mapper/{{ arch_lvm_name }}-{{ item.name }}"
fstype: "{{ item.fstype }}"
loop: "{{ arch_lvm_volumes }}"
- name: Create mountpoint
file:
path: "/mnt-{{ arch_luks_container_name }}"
state: directory
- name: Mount root partition
command:
cmd: "mount /dev/mapper/{{ arch_lvm_name }}-{{ item.name }} /mnt-{{ arch_luks_container_name }}"
loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'equalto', '/') }}"
- name: Create mountpoints in root partition
file:
path: "/mnt-{{ arch_luks_container_name }}{{ item.mountpoint }}"
state: directory
recurse: yes
loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'ne', '/') + [ { \"mountpoint\": \"/boot\" } ] }}"
- name: Mount efi system partition
command:
cmd: "mount {{ arch_device }}1 /mnt-{{ arch_luks_container_name }}/boot"
- name: Mount additional partitions
command:
cmd: "mount /dev/mapper/{{ arch_lvm_name }}-{{ item.name }} /mnt-{{ arch_luks_container_name }}{{ item.mountpoint }}"
loop: "{{ arch_lvm_volumes | selectattr('mountpoint', 'defined') | selectattr('mountpoint', 'ne', '/') | list }}"

10
roles/arch/tasks/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Format disks and setup LVM on LUKS
import_tasks: filesystems.yml
#- name: Bootstrap all packages and configure system
# import_tasks: packages.yml
#- name: Configure systemd boot with EFI and LUKS
# import_tasks: bootloader.yml

9
roles/bash/tasks/main.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Install additional packages
package:
name: "{{ item }}"
state: present
loop:
- bash
- bash-completion

8
roles/git/defaults/main.yml
View File

@ -4,7 +4,13 @@ git_user: your-username
git_email: your-email@example.com git_email: your-email@example.com
git_signkey: git_signkey:
git_signingkey: git_signingkey:
git_do_sign: false git_do_sign: false
git_merge_autostash: true
git_rebase_autostash: true
git_pull_rebase: true
git_pull_ff_only: true
git_default_branch: main
git_user_home: "/home/{{ git_system_user }}" git_user_home: "/home/{{ git_system_user }}"
git_system_user: "{{ git_user }}" git_system_user: "{{ git_user }}"
@ -15,3 +21,5 @@ git_gpg_program: ~
git_aliases: [] git_aliases: []
git_credentials: [] git_credentials: []
git_config_preferred_editor: vim

41
roles/git/templates/gitconfig.j2
View File

@ -1,30 +1,45 @@
# This is Git's per-user configuration file. # This is Git's per-user configuration file,
[user] # this file is managed by ansible.
# Please adapt and uncomment the following lines:
name = {{ git_user }}
email = {{ git_email }}
{% if git_do_sign %}
signkey = {{ git_signkey }}
signingkey = {{ git_signingkey }}
{% endif %}
{% if git_do_sign %} {% if git_do_sign %}
[gpg] [gpg]
program = {{ git_gpg_program }} program = {{ git_gpg_program }}
{% endif %} {% endif %}
[commit]
[user]
name = "{{ git_author }}"
email = {{ git_email }}
{% if git_do_sign %}
signingkey = {{ git_signingkey }}
{% endif %}
[commit]
{% if git_do_sign %} {% if git_do_sign %}
gpgsign = true gpgsign = true
{% endif %} {% endif %}
[alias] [alias]
{% for alias in git_aliases %} {% for alias in git_aliases %}
{{ alias.name }} = {{ alias.cmd }} {{ alias.name }} = {{ alias.cmd }}
{% endfor %} {% endfor %}
[pull]
rebase = {{ git_pull_rebase|bool|lower }}
{% if git_pull_ff_only|bool %}
ff = only
{% endif %}
[rebase]
autostash = {{ git_rebase_autostash|bool|lower }}
[merge]
autostash = {{ git_merge_autostash|bool|lower }}
[init]
defaultBranch = {{ git_default_branch }}
[core]
editor = {{ git_config_preferred_editor }}
{% for cred in git_credentials %} {% for cred in git_credentials %}
[credential "{{ cred.remote_url }}"] [credential "{{ cred.remote_url }}"]
username = {{ cred.username }} username = {{ cred.username }}

1
roles/gnupg/defaults/main.yml
View File

@ -7,3 +7,4 @@ gpg_keygrips: []
gpg_folder: "~/.gnupg" gpg_folder: "~/.gnupg"
gpg_user: "{{ ansible_user }}"

22
roles/gnupg/tasks/main.yml
View File

@ -38,8 +38,26 @@
dest: "{{ gpg_folder }}/gnupg_agent" dest: "{{ gpg_folder }}/gnupg_agent"
mode: 0700 mode: 0700
- name: Ensure gnupg_agent skript is included in .bashrc so SSH uses gpg-agent
blockinfile:
path: "~/.bashrc"
insertafter: "\[\[ \$- != \*i\* \]\] && return"
line: |
# load script telling SSH to use the gpg agent
source "{{ gpg_folder }}"/gnupg_agent
state: present
- name: Download own pubkey
get_url:
url: "https://git.finallycoffee.eu/{{ gpg_user }}/about/raw/branch/master/pubkey.asc"
dest: "~/{{ gpg_user }}.pub"
- name: Import own pubkey and set owner-trust
command:
cmd: |
gpg2 --no-tty --command-fd 0 --import ~/{{ gpg_user }}.pub << EOF
trust
5
quit
EOF

1
roles/gnupg/templates/gpg.conf.j2
View File

@ -8,5 +8,4 @@ allow-freeform-uid
with-fingerprint with-fingerprint
keyid-format 0xlong keyid-format 0xlong
keyserver hkps://hkps.pool.sks-keyservers.net keyserver hkps://hkps.pool.sks-keyservers.net
#keyserver-options ca-cert-file=/home/electron/.gnupg/sks-keyservers_ca.pem
keyserver-options no-honor-keyserver-url keyserver-options no-honor-keyserver-url

5
roles/i3/tasks/main.yml
View File

@ -4,6 +4,7 @@
package: package:
name: i3 name: i3
state: present state: present
ignore_errors: yes
- name: Ensure folder for configuration exists - name: Ensure folder for configuration exists
file: file:
@ -16,7 +17,3 @@
src: config.j2 src: config.j2
dest: ~/.config/i3/config dest: ~/.config/i3/config
- name: Create autostart entry
template:
src: ""
dest: ~/.config/autostart/i3.desktop

2
roles/i3/templates/config.j2
View File

@ -32,7 +32,7 @@ bindsym $mod+Shift+q kill
bindsym $mod+d exec xfce4-popup-whiskermenu bindsym $mod+d exec xfce4-popup-whiskermenu
# Lock the screen # Lock the screen
bindsym $mod+l exec i3lock bindsym $mod+l exec xflock4
# There also is the (new) i3-dmenu-desktop which only displays applications # There also is the (new) i3-dmenu-desktop which only displays applications
# shipping a .desktop file. It is a wrapper around dmenu, so you need that # shipping a .desktop file. It is a wrapper around dmenu, so you need that

23
roles/passwordstore/tasks/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: Install package
package:
name: pass
state: present
- name: Initialise password store
command:
cmd: "pass init {{ passwordstore_id }}"
- name: Set password store git upstream
command:
cmd: "pass git remote set origin ssh://git@git.finallycoffee.eu:8022/{{ ansible_user }}/password-store.git"
- name: Fetch upstream password store
command:
cmd: "pass git fetch --all"
- name: Set master to upstream master
command:
cmd: "pass git checkout -B master origin/master"