diff --git a/README.md b/README.md index 2bc9d4d..3226a5c 100644 --- a/README.md +++ b/README.md @@ -2,166 +2,28 @@ Cookbook for setting up a Linux development box. -Right now this assumes an arch linux system but my tastes change frequently. +This branch is for Fedora Workstation (version 32 at the time of this writing). # Prerequisites -Arch should be installed, and basics like disk encryption, boot loaders, network configs should be done. A +Fedora should be installed with the normal install process, and basics like disk encryption, boot loaders, network configs should be done. A non-privileged user should be created with sudo privileges, and the running of the Ansible playbooks should be done by -that user. - -Some reminders about the setup process: - -- Start with the [ install guide ](https://wiki.archlinux.org/index.php/Installation_guide) which covers things in some - detail -- If this is a HiDPI system the console fonts are painfully small. Run this command to temporarily fix: - `setfont latarcyrheb-sun32 -m 8859-2` -- Setting up wifi is not straightfoward: - - `iw dev` to see the list of wireless devices. This obviously assumes the LiveCD kernel includes support for your - card. - - `ip link set (interface) up` to bring the wireless interface online - - `iw dev (interface) scan | less` to scan for APs where `(interface)` is the device name from the previous step - - `wpa_supplicant -B -i interface -c <(wpa_passphrase MYSSID passphrase)` to connect to a WPA-secured AP. Note the - shell trickery used here, so weird characters in `passphrase` will need to be quoted or use herestrings. There's a - [wiki page about WPA](https://wiki.archlinux.org/index.php/WPA_supplicant#Connecting_with_wpa_passphrase) with more - details. - - Get a DHCP lease with `dhcpcd (interface)`. Note that is D-H-C-P-C-D, I always mess it up and type D-H-C-P-D which - won't work. - - Sync the system clock with `timedatectl set-ntp true` -- Pro-tip: You can use `Alt-RightArrow` to switch to another virtual TTY and use `elinks` to view this guide in a - text-based web browser for easy reference as you switch back and forth between it and the install console. Use `g` to - go to a URL and vi navigation keys to move around. -- Disk partitioning is tricky because we will use LUKS to encrypt the disk and LVM on top - - Use `gdisk` for partioning the GPT disk we always use. Use `lsblk` to see the block devices available. Create one - 250MB EFI partition (type is `ef00`) and one with the rest of the space for our data (type is `8309` - Linux LUKS) - - In case you forget the approach we use is - [LVM on LUKS](https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS) for the root - partition. - - Read that page for more details and the latest thinking, but in summary: - - `cryptsetup luksFormat --type luks2 /dev/(block device)` - - `cryptsetup open /dev(blockdev) cryptolvm` this will open the encrypted block dev and make the decrypted block dev - available at `/dev/mapper/cryptolvm` - - `pvcreate /dev/mapper/cryptolvm` initializes an LVM physical volume on top of the encrypted LUKS volume - - `vgcreate MyVol /dev/mapper/cryptolvm` creates a volume group called `MyVol` (can be called anything but we use - `MyVol`) - - `lvcreate -l 100%FREE MyVol -n root` creates a logical volume `MyVol-root` using all free space on the volume - group `MyVol`. Read the guide for options if you want to create multiple logical volumes. I find it's hard to - predict in advance what the right size for the various volumes should be. - - NOTE: I don't create a swap partition. Later on we'll create a swap file on the root partition which works fine - and is more flexible. - - `mkfs.ext4 /dev/mapper/MyVol-root` to format the root partition EXT4. `btrfs` as the root volume isn't ready for - prime time. - - `mount /dev/mapper/MyVol-root /mnt` to mount. If you made other partitions mount them under `mnt` as appropriate. - - If there isn't already a UEFI boot partition created and initialized you need to do that also. Read the guide. If - it doesn't already exist, make sure you format it as FAT32: - - `mkfs.fat -F32 /dev/(whatever)` - - Once it already exists: - - `mkdir /mnt/boot` && `mount /dev/(EFI partition) /mnt/boot` - - `fallocate -l 32G /mnt/swapfile` to allocate a swapfile on the root filesystem - - `chmod 600 /mnt/swapfile` for security - - `mkswap /mnt/swapfile` to initialize - - `swapon /mnt/swapfile` to actiate -- Once the disks are configured it's time to install packages - - I don't usually bother editing the `/etc/pacman.d/mirrorlist` file it defaults to use all the mirrors in the world. - Maybe tweak it if you're in a place with weak internet - - `pacstrap /mnt base` to install the base packages over the network. I don't like to install other packages here, - because there's an Ansible playbook for that which also tweaks the `mirrorlist` - - `genfstab -U /mnt >> /mnt/etc/fstab` to generate an `/etc/fstab` file to preserve the current mount config. Double - check that the path to the swap file doesn't have a `/mnt` prefix; I've seen that happen once -- `arch-chroot /mnt` to chroot into the new system and begin setting it up - - - `pacman -Sy vim` to get an editor installed right away - - Set the time zone with `ln -sf /usr/share/zoneinfo/Region/City /etc/localtime`. Eastern is usually `US/NewYork` or - some such. - - Set the system clock to UTC. This is a Linux convention not Windows so be careful if you dual boot. - `hwclock --systohc` - - Ensure the system clock is synchronized with `timedatectl set-ntp true` - - Edit `/etc/locale.gen` and uncomment the locales to use. I only ever use `en_US.UTF-8` but maybe `es_ES.UTF-8` and - `ru-RU.UTF-8` might come in handy. - - Run `locale-gen` to generate those locales - - Edit `/etc/locale.conf` to set `LANG=en_US.UTF-8` to make sure US English is the default locale. - - I never have to edit the keyboard layout since US English is the default, but that's in `/etc/vconsole.conf` - - Choose a hostname and put it in `/etc/hostname` - - Populate `/etc/hosts` accordingly with that new hostname: - - 127.0.0.1 localhost - ::1 localhost - 127.0.0.1 myhostname.localdomain myhostname - - - You'll need the wireless utilities you used in the LiveCD when you reboot in order to get the new system on the - network. `pacman -S iw wpa_supplicant networkmanager dialog` at the least. I don't have to manually install firmware - but that will depend upon the system. - - `pacman -S intel-ucode` to install the latest Intel microcode updates - - I also install `zsh` here with `pacman -S zsh` because I like my non-privileged user to run ZSH - - Now it's time to configure the boot loader. I use `systemd-boot`: - - - Assuming not dual-booting windows: - - `bootctl --path=/boot install` installs the boot loader into the UEFI system partition - - edit `/boot/loader/loader.conf` to adjust the default entry to boot and the timeout. Normally the default entry is - `arch` - - Created or edit `/boot/loader/entries/arch.conf` to configure how arch is booted. In particular some changes are - needed to support the encrypted filesystem. There's a sample at `/usr/share/systemd/bootctl/arch.conf` to use as a - starting point: - - Here's an example config: - - title Arch Linux Encrypted LVM - linux /vmlinuz-linux - initrd /intel-ucode.img - initrd /initramfs-linux.img - options cryptdevice=UUID=device-UUID:cryptolvm root=/dev/mapper/MyVol-root quiet rw - - Note the `device-UUID` is the UUID of the encrypted physical block device. The command to get this is - `blkid -s UUID -o value /dev/(partition)`. A fun trick in `vi` when editing this file if you want to insert this - UUID is to put the cursor where you want the ID inserted and run an Ex command `:r ! blkid -S ....` filling out the - entire `blkid` command listed earlier. Note also the `/intel-ucode.img` use this only on Intel systems and only if - the `intel_ucode` package is installed. - - - For the XPS 13 add some options to configure the Intel graphics: - `i915 enable_guc_loading=-1 enable_guc_submission=-1` - - As of kernel 4.19 on XPS 9370 the `s2idle` sleep mode is used instead of `deep` which is much more power - efficient. Add the kernel option `mem_sleep_default=deep` if `/sys/power/mem_sleep` indicates that `s2idle` is the - default. - - NB: Based on [this patch](https://patchwork.freedesktop.org/patch/191386/) it appears use of `enable_rc6` is - unwise so it's removed from the options listed abjove - - - Add `keyboard`, `encrypt`, and `lvm2` HOOKS to `/etc/mkinitcpio.conf`. Be advised order is important. NOTE: - technically Ansible will do this for you as part of the setup process, but you need to do `encrypt` and `lvm2` here - in order for the system to be able to boot, so you may as well do `keyboard` as well while you're in here, and if - you're on an XPS system see the line below for some additional modules you should add at the same time. - - For XPS systems: Add `nvme i915 intel_agp` MODULES to `/etc/mkinitcpio.conf`. NOTE: technically Ansible will do this - for you as part of the setup process - - Regenerate the `initramfs` with `mkinitcpio -p linux` - - `passwd` to set a root password - - Create an unprivileged user that can use `sudo` with `useradd -m -G wheel -s /bin/zsh sumd00d` - - Set a password for that user with `passwd sumd00d` - - Install the sudo package with `pacman -S sudo` - - Run `visudo` and uncomment the line that allows all `sudo` commands for members of `wheel` - - I like to `su sumd00d` at this point to log into the unprivileged user shell to make sure it works. Sometimes I - forget something (often `zsh`). - - Exit the chroot with `exit` and then `reboot` to boot into the live system. - -## Suspend/Hibernate for laptops - -On laptops some additional configuration is needed to support hibernating to disk. - -The [Arch wiki](https://wiki.archlinux.org/index.php/Power_management/Suspend_and_hibernate) as usual is the definitive -source of information. Some summary items based on my prefered config: - -- I use a swap file not a swap partition, therefore the instructions for a swap file apply -- When using a swap file, the `resume` kernel parameter specifies the /device/ where the swap file is located, /not/ the - swap file itself. -- You need to specify the physical offset on the device where the swap file lives. `filefrag -v /swapfile` will show - this. You want the physical offset of the first extent. -- Use the following kernel parameters: - - `resume=/dev/mapper/MyVol-root` - - `resume_offset=swapfileoffset` where /swapfileoffset/ is the starting offset of the swapfile on the device -- Update `/etc/mkinitcpio.conf` to add a `resume` hook. _IMPORTANT_: Put the `resume` hook /after/ `lvm2` +that user. The initial setup flow that creates the first user automatically enables sudo so this should be easy. -# Initial setup +After initial setup you're in GNOME. Open a terminal and: + + sudo dnf upgrade + sudo dnf install git git-lfs ansible + +As the non-priviledged user, make sure zsh is installed and the default shell: + + sudo dnf install zsh util-linux-user + chsh -s /usr/bin/zsh -If this is a fresh system also make sure you have the minimal dependencies that are required to run ansible: +# Initial setup - $ sudo pacman -S git git-lfs ansible python +If this is a fresh system also make sure you have the minimal dependencies that are required to run ansible. See the +PrePrerequisites section. To start with, clone this repo somewhere. _IMPORTANT_: make sure you remember to run the `git submodule` and `git lfs` steps also or the playbook won't work! @@ -185,12 +47,12 @@ run from the `playbooks/` directory. There are a few versions of the setup script: -* `devbox.yml` is the base version and I never use this one directly -* `xps-devbox.yml` sets up an XPS 13/15 HiDPI laptop system -* `desktop-devbox.yml` sets up a desktop system assumed to have a HiDPI monitor and not use battery power -* `headless-devbox.yml` sets up a headless system like a server or cloud instance, without X or any power management +- `devbox.yml` is the base version and I never use this one directly +- `xps-devbox.yml` sets up an XPS 13/15 HiDPI laptop system +- `desktop-devbox.yml` sets up a desktop system assumed to have a HiDPI monitor and not use battery power +- `headless-devbox.yml` sets up a headless system like a server or cloud instance, without X or any power management -As per Ansible convention, all of these are located in the `playbooks/` directory. +As per Ansible convention, all of these are located in the `playbooks/` directory. _NB_: In this repo there is a `playbooks` directory containing the playbooks. You must `cd` into this directory before running `ansible-playbook`, because the `ansible.cfg` file must be in the current directory and must be relative to the @@ -207,7 +69,8 @@ host, run it (as a non-privileged user with sudo permissions) as: $ ansible-playbook -c local --inventory localhost, --ask-become-pass xps-devbox.yml After running this the first time, reboot the system. It should come up with GDM and prompt you to log in. `i3` will be -an option, and `sway` also. For now I'm sticking to Xorg so the Wayland-based configs are not tested as of now. +an option, and `sway` also. As of this writing `i3` is what I'm using every day. See below for issues with +Sway/Wayland. ## Setting up a remote system @@ -215,10 +78,13 @@ If you're setting up a remote system over SSH, there are some changes to the com $ ansible-playbook --inventory , --user headless-devbox.yml +If the user is not `root`, you'll probably need `--ask-become-pass` to make sure Ansible has the password for when it +needs to `sudo`. + NOTE: Just because you're doing a remote setup doesn't mean you can ignore the pre-reqs that normally apply to a local install. Make sure you have at least these: - $ sudo pacman -S python sudo + $ sudo dnf install python sudo If you're doing the user-specific setup also, you'll probably want to configure SSH certificate auth for that user. If you're still using the Yubikey-based auth approach, you'll need to do this: @@ -239,10 +105,6 @@ install time, and configures that user's home directory the way I like. That run As with the system setup, there are a few versions of the `devuser` script with the same prefixes we use for the system version. -Most of those install IntelliJ. If you haven't done an install lately, edit the -`playbooks/roles/user-intellij/vars/main.yml` file and make sure the most recent version is downloaded. If you want to -upgrade IntelliJ later, you can also update var and re-run the `devuser.yml` playbook. - # Manual Setup Steps Unfortunately there are some steps that it't not practical or possible to automate, or that I haven't figured out yet. @@ -252,8 +114,9 @@ They are recoreded here so I don't forget to do them: automatically install `tpm`, the tmux plugin manager. However it's not obvious how to make it install the missing plugins automatically. To do that, start a `tmux` session and press `Ctrl-A` and then `I`. That will force tpm to install the missing plugins. -- By the same token you'll need to start `nvim` once to initialize all of the plugins. Make sure you do this with a - working internet connection. +- By the same token you'll need to start `nvim` once to initialize all of the plugins. Make sure you do this with a + working internet connection. + - Also run `:CocInstall` to make sure all CoC plugins are installed - You need to manually pull the bitmaps from the dotfiles repo. `homeshick cd dotfiles && git lfs pull` should do the trick - Firefox and Chrome configs are not easily automated. Log into them using the respective login accounts and they will @@ -261,44 +124,22 @@ They are recoreded here so I don't forget to do them: - Firefox won't work right with the GTK theme we use. To to `about:config` and create a new setting `widget.content.gtk-theme-override` and set it to `Arc-Darker`. This theme complements `Arc-Dark` nicely and renders the UI elements with a legible color combo - - In `about:config` enable `security.webauth.u2f` + - In `about:config` enable `security.webauth.u2f` (this appears to be the default in the most recent Firefox) - Ensure Firefox is the default browser and prompts when it's not, and ensure the opposite with Chrome - - Configure Firefox's default search engine to be DDG, not Google. Yes, that should be synchronized along with the - rest of the settings. There's a [bug report](https://bugzilla.mozilla.org/show_bug.cgi?id=444284) to this effect - which is now 11 years old. Mozilla is funded in large part by having Google search as the default search engine, - make of that what you will... -- The `devuser.yml` playbook will download and "install" IntelliJ but it still needs some manual configuration: - - Obviously you have to connect the JetBrains account to establish license entitlement to use Ultimate - - I have a github repo with IntelliJ settings, so first thing configure IntelliJ to use that repo. The repo URL is - `https://github.com/anelson/intellij-settings.git` - - Install the IdeaVim plugin. The config file is part of the `dotfiles` repo, you'll find it on your system at - `~/.ideavimrc`. Point the IdeaVim plugin there and restart. - - Install the Scala and Ruby plugins - - Configure the fonts. The HiDPI screen might need bigger fonts, or JetBrains may have fixed HiDPI support as of the - version you're running, you just don't know until you try. -- There is an AUR package for CrossOver, the commercial version of Wine that can be used to make Office work, however - it's not consistently updated. Instead it's better to install it manually using the latest binary installer from - the Crossover site. My login for Crossover is in 1p. Of course one must also install Office itself. To do that go - to https://office.com, log in, and go to My Account and Subscriptions. They won't even offer you download links - unless your User Agent is a Windows browser, so use User Agent Switcher to fake that out and snag the quick - installer. + - Configure Firefox's default search engine to be DDG, not Google. Yes, that should be synchronized along with the + rest of the settings. There's a [bug report](https://bugzilla.mozilla.org/show_bug.cgi?id=444284) to this effect + which is now 11 years old. Mozilla is funded in large part by having Google search as the default search engine, + make of that what you will... - Dropbox is installed by Ansible but it must be configured manually. Run `dropbox` to start the GUI. The Arch Wiki [Dropbox](https://wiki.archlinux.org/index.php/Dropbox) page has more details -- VMWare Workstation is installed automatically but the Windows VM to use for work email and such is not. You'll have to - build that manually. I know it sucks. A few reminders: - - Install Office 2016 - - Install [ShutUp 10](https://www.oo-software.com/en/shutup10) - Create a symlink from `~/Dropbox/Documents/vimwiki` to `~/vimwiki` so the VimWiki data is always synchornized with Dropbox -- Installing the VirtualBox extensions is possible with an AUR package, but it breaks often and since this can be - downloaded and upgraded from within VirtualBox, I have opted to use that flow. So you need to install the extensions - from withint he VirtualBox GUI after the initial setup -- I use Chromium (not Chrome) to connect to the web interface for Todoist and Evernote. For each of those I use the 'Add - to desktop' feature to make a desktop link and a separate browser state for each of those. It's not the same as native - but it's the best that's available. Each time you do this the window classes will be different, so the `i3/config` - file will need to be updated accoringly. Chromium generates some dynamic and strange window class so it is not - predicable. -- If this is a new system, follow my guide in the `vimwiki` for setting up Yubikeys for SSH and GPG auth. +- If this is a new system, follow my guide in the `vimwiki` for setting up Yubikeys for SSH and GPG auth. +- VS Code settings are stored in different places depending upon the platform. They are not well suited to using `homeshick`. So instead + I use the built-in settings sync feature, using my Github login. So when setting up a new devbox, install VS Code and enable settings sync + to get the latest settings. As of this writing, the most important one is a `keybindings.json` setting that ensures that Alt-c works in + VS Code terminals to actually sent Alt-c and thus invoke fzf directory autocomplete. + ======= # Updating the firmware with `fwupdmgr` (applies to XPS systems specifically) @@ -320,8 +161,8 @@ filesystem unencrypted. I use FDE so they're still encrypted before they hit the running under my account can read them. That's not ideal. Long story short I tried to find a good solution here that works for headless and headed systems and it seems -impossible. So instead I use Git certificate auth from a Yubikey. There's a page in the `vimwiki` about how to set -this up. The dotfiles are already configured for it. +impossible. So instead I use Git certificate auth from a Yubikey. There's a page in the `vimwiki` about how to set +this up. The dotfiles are already configured for it. # Notes @@ -329,3 +170,119 @@ In general, you should _never_ use `pip` or `gem` to install system packages. In home directory is fine, but if you ever find yourself typing `sudo pip...` or `sudo gem...`, slap yourself on the wrist and see if there's an Arch official or AUR package for what you're trying to install. In almost all cases, you don't mean to install systemwide but for a specific user account or perhaps even a specific project. Always prefer that. + +## Sway and Wayland + +In this most recent update, as part of the move from Arch to Fedora, I spent a lot of time setting up a Sway config that +mirrored the capabilities I have in i3. In the end I went back to running i3. The following issues still need to be +addressed: + +- sway uses the i3 config format, but almost none of the tools used with i3 work under wayland. In particular, tray + support in Waybar is glitchy and unusable. The notification daemon `mako` isn't even packaged yet, and must be + built from source. +- Wayland has a protocol for screen sharing, and the WebRTC implementation in the latest Firefox supports it. However + Zoom does not. Maybe if I made this transition before the entire world went on lockdown and life moved to Zoom, + I would not have considered this a deal-breaker, but now I use Zoom screenshare at least once per day. Workarounds + like using the Zoom web interface are blocked by other bugs in either Firefox or Sway (people seem to disagree about + who is at fault), or setting up a virtual webcam that is actually the contents of one's screen are complex, brittle, + and generally unacceptable when a perfectly reliable alternative exists. +- No wifi network picker equivalent to `nm-applet`. +- Firefox HiDPI is broken. Firefox on Wayland appears to have absolutely no HiDPI awareness at all, in spite of + multiple breathless announcements declaring improved HiDPI support. Maybe I'm doing something wrong or missing + something obvious, but I had to configure Firefox to zoom 200%, but all of the UI chrome was still tiny and + uncomfortable to read. Chromium, Slack, Skype, all were fine. + +Fedora has made GNOME on Wayland the default DM, and that particular combination, I must admit, is great. Rock solid, +Firefox is very fast and no tearing at all, even Zoom screenshare works. But that's GNOME. If GNOME was what I wanted +for a WM, I never would have bothered with all of these contortions with i3 in the first place. + +It's a pity. I feel like we're almost there, and the performance benefits of Firefox on Wayland are fantastic. + +# macOS + +macOS is much less amenable to automated setup. For now I'll just record the manual steps I use on a new mac setup. +Maybe over time I'll automate them more: + +- Install Dropbox + +* Install 1Password (there is a 1P 7 on the App Store but it's old; download it from 1password.com instead) +* Install Homebrew from https://brew.sh + - Don't forget to enable it in the terminal with `eval "$(/opt/homebrew/bin/brew shellenv)"` + +- Ensure the tmux-256color terminal type is recognized: + - `brew install ncurses && /opt/homebrew/opt/ncurses/bin/infocmp tmux-256color > ~/tmux-256color.info && tic -xe tmux-256color ~/tmux-256color.info` + - Note the `/opt/homebrew` path assumes this command is running on an Apple Silicon mac. Adjust the path if this is an Intel mac. + - NOTE 2: According to macOS 14 Sonoma finally ships with a newer ncurses that has tmux-256color built in. + I've not verified this yet, but this step might not be needed anymore. If you think it isn't, make sure that underlines, undercurls, and colored underlines work in neovim. +- `brew install python` and `brew install ansible` +- Make sure the necessary community collection is installed: `ansible-galaxy collection install community.general` +- `cd` into `playbooks` and run `ansible-galaxy install -r requirements.yml` +- Go to System Settings > Privacy & Security > App Management and make sure that the terminal you're running (which is presumably Terminal since the other terminals aren't installed yet) has App Management permissions. +- Deploy the `headless-mac.yml` playbook + - `ansible-playbook -c local --inventory localhost, headless-mac.yml` +- Download "Sauce Code Pro" nerd fonts + - `brew install font-sauce-code-pro-nerd-font` +- Go to System Settings > Privacy & Security > App Management and add or enable Wezterm and Ghostty so that they can install Homebrew Casks + +* New SSH key management: + - Now using 1Password for key management. I have this in the dotfiles that is conditional on the file `~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock` existing. + I've done two separate fresh Mac installs with 1P and both times that path was the same, but the "2BUA..." seems like it might be a random string that changes, so double-check + each time you set up a new Mac. You have to go into the Developer section of 1P settings, enable the SSH agent, and then it'll show you the "Host \*" entry that it + wants you to put in your `~/.ssh/config` file. Don't do that, but do check that the `IdentityAgent` path is specifies matches what's already in the SSH config file. + +- Go into the Keyboard settings, click Keyboard Shortcuts, then click Modifier Keys, and remap Caps Lock to Escape + + - NOTE: This needs to be done separately for each keyboard, so when using the Logitech wireless kbd and the Kinesis + this must be done separately for each one. + - NOTE 2: It's possible on the Kinesis to remap CapsLock to Esc in hardware, but I haven't done that recently. + Keeping this here since it's necessary to do for any newly connected computer anyway. + +- Whilst in Keyboard settings, add Russian and Ukrainian keyboard layouts. + +- Finder settings: + - Under View, activate Show Path Bar +- Install the following manually: + - Alfred (There is an old App Store version but download the latest from alfredapp.com) + - Find the "Control Center" settings and set "Spotlight" to "Don't show in menu bar" + - Go to Keyboard settings, Keyboard Shortcuts, Spotlight, and disable both shortcuts there (because they conflict with Alfred shortcuts) + - The Alfred settings are synced using Dropbox in the `~/Dropbox/OSX/` directory. In the Advanced settings, under "Syncing" click "Set preferences folder" and point it to `~/Dropbox/OSX`. + Obviously that folder needs to have been selected for sync when you set up Dropbox. While you're at it, make sure the `Alrefed.alfredpreferences` file in that directory is set for "Keep available offline". + - If for some reason the sync doesn't work right, set the Alfred hotkey to Command-Space. + - Vivaldi (See note about 1Password below) + - Brave (See note about 1Password below) + - MS 365 Suite (App Store) + - Parallels + - [Rectangle](https://rectangleapp.com) for convenient shortcuts to resize windows. It's not i3, not by a long shot, but it sucks less than having nothing at all. + - Set the shortcut `Cmd-Opt-Ctrl-Enter` to Maximize + - Claude + - Perplexity + - ChatGPT + - Cursor + - DeepL + - DBeaver + - VS Code + - XCode (App Store) + - Plex and Plex Media Server + - Spotify + - FileZilla + - Zoom + - Slack (App Store) + - Telegram (App Store) + - Viber + - NextDNS (App Store) + - Enable it, which will require permission to install a VPN profile. + - By default it doesn't use a paid account or features; in preferences set "Custom Configuration" and set the configuration ID to the endpoint ID from 1p. Also enable "Send Device Name". + - TunnelBear + - Try once to connect to the VPN, that will make sure the login is stored and that the VPN permission is granted. + - TailScale (App Store) + - AWS CLI + - Steam +- Configure 1Password to trust Vivaldi and Brave + - By default, 1P trusts Chrome, Edge, Safari, maybe Firefox. It won't let the 1P extension in Brave or Vivaldi talk + to the 1P desktop app, which results in a shit experience. Open the 1P desktop app, go to Settings, Browsers, there's + an UI option to add a trusted browser. Navigate to the Vivaldi and Brave executables. You can verify this works by + opening 1P extension in the browser and going to settings; the option to integrate w/ the desktop version should be + enabled and the status light should go from amber to green confirming it works. +- Configure the default search engine in Vivaldi, Brave, and Safari to be Kagi. +- Setup `aws-sso` to automate SSO auth +- Perform the manual steps which apply to Mac, a subset of those listed in [Manual Setup Steps](#manual-setup-steps) diff --git a/playbooks/desktop-devbox.yml b/playbooks/desktop-devbox.yml index c1aade8..f42ff3a 100644 --- a/playbooks/desktop-devbox.yml +++ b/playbooks/desktop-devbox.yml @@ -7,4 +7,3 @@ - gui-base - hidpi - desktop - # - vmware - I'm experimenting with life without vmware diff --git a/playbooks/devuser.yml b/playbooks/devuser.yml index e3790c3..25fd29f 100644 --- a/playbooks/devuser.yml +++ b/playbooks/devuser.yml @@ -7,4 +7,4 @@ - user-base - dotfiles - user-packages - - user-intellij + - gui-user-packages diff --git a/playbooks/headless-mac.yml b/playbooks/headless-mac.yml new file mode 100644 index 0000000..7e70c66 --- /dev/null +++ b/playbooks/headless-mac.yml @@ -0,0 +1,74 @@ +# This sets up a headless mac dev environment +--- +- hosts: all + become: false + + roles: + - user-base + - dotfiles + + tasks: + - name: Install Homebrew packages + community.general.homebrew: + name: "{{ item }}" + with_items: + - tmux + - tmuxp + - wget + - fzf + - neovim + - git + - git-lfs + - gh + - go + - python + - htop + - btop + - cmake + - nodejs + - font-jetbrains-mono-nerd-font + - font-sauce-code-pro-nerd-font + - tree + - orbstack + - p7zip + - ranger + - qemu + - terraform + - uv + - jq + - yq + - zstd + - zola + - pkgconf + - openjdk + - imagemagick + - llvm + - gcc + - ffmpeg + - yt-dlp + - ddrescue + - exiftool + - oxipng + + - name: Install Homebrew casks + community.general.homebrew_cask: + name: "{{ item }}" + with_items: + - wezterm + - ghostty + + - name: Install Rust tools for the current user + shell: | + source "{{ ansible_env.HOME }}/.cargo/env" + cargo install --force {{ item.name }} + args: + creates: "{{ ansible_env.HOME }}/.cargo/bin/{{ item.executable }}" + with_items: + - { name: bat, executable: bat } + - { name: eza, executable: eza } + - { name: fd-find, executable: fd } + - { name: ripgrep, executable: rg } + - { name: tealdeer, executable: tldr } + - { name: git-delta, executable: delta } + - { name: starship, executable: starship } + - { name: yazi-cli, executable: yazi } diff --git a/playbooks/requirements.yml b/playbooks/requirements.yml index 0f7a9eb..12746cf 100644 --- a/playbooks/requirements.yml +++ b/playbooks/requirements.yml @@ -1,7 +1,7 @@ # Dependencies on external roles -# +# # To install these locally run: # # $ ansible-galaxy install -r requirements.yml # -- src: rvm.ruby +- src: geerlingguy.docker diff --git a/playbooks/roles/desktop/tasks/main.yml b/playbooks/roles/desktop/tasks/main.yml index 3dc9e99..6229538 100644 --- a/playbooks/roles/desktop/tasks/main.yml +++ b/playbooks/roles/desktop/tasks/main.yml @@ -1,17 +1,2 @@ --- # tasks file for roles/desktop -- name: install desktop-specific packages - aur: - name: "{{ item }}" - use: yay - skip_installed: yes - become: yes - become_user: "{{ aur_builder_user }}" - with_items: - - "{{ desktop_packages }}" - -- name: Enable Corsair Keyboard service - systemd: - name: ckb-next-daemon - enabled: yes - state: started diff --git a/playbooks/roles/desktop/vars/main.yml b/playbooks/roles/desktop/vars/main.yml index 2ef7614..34c9426 100644 --- a/playbooks/roles/desktop/vars/main.yml +++ b/playbooks/roles/desktop/vars/main.yml @@ -1,5 +1,3 @@ --- # vars file for roles/desktop -desktop_packages: - - ckb-next # corsair LED keyboard manager diff --git a/playbooks/roles/gui-base/files/xorg-power-config.conf b/playbooks/roles/gui-base/files/xorg-power-config.conf deleted file mode 100644 index a98ec34..0000000 --- a/playbooks/roles/gui-base/files/xorg-power-config.conf +++ /dev/null @@ -1,10 +0,0 @@ -# Set the DPMS power saving times in minutes -# There's no clear distinction visually between these modes so -# just force immediately going to off after a period of inactivity -Section "ServerLayout" - Identifier "ServerLayout0" - Option "StandbyTime" "10" - Option "SuspendTime" "10" - Option "OffTime" "10" -EndSection - diff --git a/playbooks/roles/gui-base/tasks/configure-fontconfig.yml b/playbooks/roles/gui-base/tasks/configure-fontconfig.yml index ba3c9ea..fd96613 100644 --- a/playbooks/roles/gui-base/tasks/configure-fontconfig.yml +++ b/playbooks/roles/gui-base/tasks/configure-fontconfig.yml @@ -1,16 +1,5 @@ --- # Tweak the fontconfig settings so they're at least somewhat pretty -- name: Enable lcdfilter - file: - src: /etc/fonts/conf.avail/11-lcdfilter-default.conf - dest: /etc/fonts/conf.d/11-lcdfilter-default.conf - state: link - -- name: Enable subpixel rendering - file: - src: /etc/fonts/conf.avail/10-sub-pixel-rgb.conf - dest: /etc/fonts/conf.d/10-sub-pixel-rgb.conf - state: link - name: Set sensble local fontconfig settings copy: src: fontconfig-local.conf diff --git a/playbooks/roles/gui-base/tasks/configure-vboxusers.yml b/playbooks/roles/gui-base/tasks/configure-vboxusers.yml deleted file mode 100644 index c76254f..0000000 --- a/playbooks/roles/gui-base/tasks/configure-vboxusers.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# Make sure the user running ansible (which we assume is the user who will be configured) -# is able to access USB devices -- name: add the current user to the vboxusers group - user: - name: "{{ lookup('env', 'USER') }}" - groups: - - vboxusers - append: yes - when: lookup('env', 'USER') != 'root' diff --git a/playbooks/roles/gui-base/tasks/main.yml b/playbooks/roles/gui-base/tasks/main.yml index 788aa7f..4c9c13c 100644 --- a/playbooks/roles/gui-base/tasks/main.yml +++ b/playbooks/roles/gui-base/tasks/main.yml @@ -1,13 +1,113 @@ --- # tasks file for roles/gui-base +- name: Ensure dnf plugins are present + dnf: + name: dnf-plugins-core + state: present + +- name: install alacritty + dnf: + name: alacritty + state: present + +- name: Enable vivaldi repo + command: + cmd: dnf config-manager --add-repo https://repo.vivaldi.com/archive/vivaldi-fedora.repo + args: + creates: /etc/yum.repos.d/vivaldi.repo + +- name: install Vivaldi from a custom repo + dnf: + name: vivaldi-stable + enablerepo: vivaldi + state: present + +- name: Enable Brave repo + yum_repository: + name: brave + description: Brave browser repo + baseurl: https://brave-browser-rpm-release.s3.brave.com/x86_64/ + skip_if_unavailable: yes + gpgkey: https://brave-browser-rpm-release.s3.brave.com/brave-core.asc + repo_gpgcheck: no + enabled: yes + +- name: install Brave from a custom repo + dnf: + name: brave-browser + enablerepo: brave + state: present + +- name: Enable VS Code repo + yum_repository: + name: code + description: Visual Studio Code repo + baseurl: https://packages.microsoft.com/yumrepos/vscode + skip_if_unavailable: yes + gpgkey: https://packages.microsoft.com/keys/microsoft.asc + repo_gpgcheck: no + enabled: yes + +- name: install VS Code from custom repo + dnf: + name: code + enablerepo: code + state: present + +- name: Enable 1Password repo + yum_repository: + name: 1password + description: 1Password Stable Channel + baseurl: https://downloads.1password.com/linux/rpm/stable/$basearch + skip_if_unavailable: yes + gpgkey: https://downloads.1password.com/linux/keys/1password.asc + repo_gpgcheck: no + enabled: yes + +- name: install 1Password from repo + dnf: + name: 1password + enablerepo: 1password + state: present + +- name: Ensure Vivaldi is trusted by 1P so the extension will work there. + ansible.builtin.lineinfile: + path: /etc/1password/custom_allowed_browsers + line: "{{ item }}" + state: present + create: yes + owner: root + group: root + mode: '0644' + loop: + # I'm not sure which of these lines actually makes Vivaldi work. I have both on my system where I did + # this manually. The docs are ambiguous. Anyway this definitely works. + - vivaldi-bin + - /opt/vivaldi/vivaldi-bin + +#- name: Enable waybar Copr repo +# # Info came from this: https://copr.fedorainfracloud.org/coprs/alebastr/waybar/repo/fedora-32/alebastr-waybar-fedora-32.repo +# yum_repository: +# name: waybar +# description: Copr repo for waybar owned by alebastr +# baseurl: https://download.copr.fedorainfracloud.org/results/alebastr/waybar/fedora-$releasever-$basearch/ +# skip_if_unavailable: yes +# gpgkey: https://download.copr.fedorainfracloud.org/results/alebastr/waybar/pubkey.gpg +# repo_gpgcheck: no +# enabled: yes +# +#- name: install waybar from a custom repo +# dnf: +# name: waybar +# enablerepo: waybar +# state: present + - name: install base system packages that require X or Wayland - aur: - name: "{{ item }}" - use: yay - skip_installed: yes + dnf: + name: "{{ lookup('flattened', item) }}" + state: present become: yes - become_user: "{{ aur_builder_user }}" - with_items: + loop: - "{{ xorg_packages }}" - "{{ wayland_packages }}" - "{{ gui_packages }}" @@ -16,19 +116,49 @@ - import_tasks: configure-gdm.yml - import_tasks: configure-wine.yml -- import_tasks: configure-vboxusers.yml -- import_tasks: configure-fontconfig.yml - -- name: Configure xorg power management for the screen - copy: - src: files/xorg-power-config.conf - dest: /etc/X11/xorg.conf.d/10-monitor.conf - -- name: install snap packages - command: snap install {{ item }} --classic - register: snap_output - changed_when: - - "'is already installed' not in snap_output.stderr" - with_items: - - "{{ snapd_packages }}" +#Disabling this; I hope Fedora has a sensible default already. If not, then revisit +#- import_tasks: configure-fontconfig.yml + +- name: Enable the default flathub flatpak repo + flatpak_remote: + name: flathub + state: present + flatpakrepo_url: https://dl.flathub.org/repo/flathub.flatpakrepo + method: system + +- name: install flatpak packages + flatpak: + name: "{{ item }}" + loop: "{{ flatpak_packages }}" + +- name: Install dropbox RPM + dnf: + name: "{{ dropbox_rpm_url }}" + state: present + use_backend: dnf5 + disable_gpg_check: yes + +- name: Install zoom RPM + dnf: + name: "{{ zoom_rpm_url }}" + state: present + disable_gpg_check: yes + +- name: Ensure dconf directory exists for machine-wide Gnome settings + ansible.builtin.file: + path: /etc/dconf/db/local.d + state: directory + mode: '0755' + +- name: Set Caps Lock to act as Escape in Gnome + ansible.builtin.copy: + dest: /etc/dconf/db/local.d/00-keyboard-remap + content: | + [org/gnome/desktop/input-sources] + xkb-options=['caps:escape'] + mode: '0644' +- name: Compile Gnome dconf settings + ansible.builtin.shell: dconf update + args: + executable: /bin/bash diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index 3f402dd..f5ecfa7 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -1,35 +1,41 @@ --- # vars file for roles/gui-base +dropbox_rpm_url: https://www.dropbox.com/download?dl=packages/fedora/nautilus-dropbox-2024.01.22-1.fc39.x86_64.rpm +zoom_rpm_url: https://zoom.us/client/latest/zoom_x86_64.rpm + xorg_packages: - - xorg - - xorg-xrdb - - compton - - xf86-video-intel - - i3-gaps + - i3 + - xbacklight - i3status - - i3blocks - - i3lock-fancy-git # variant that does blurring and font customization + - i3lock - xclip - xsel - feh - - imagemagick # used by feh to support SVG - arandr - - scrot - - unclutter-xfixes-git wayland_packages: - - wayland - - xorg-server-xwayland + # wayland and the wayland x server are installed as part of the base Fedora Workstation install + #- wayland + #- xorg-server-xwayland - sway + - swayidle + - swaylock + - wofi + - light + - scdoc # Not actually required for wayland but required for building `mako` gui_packages: - gdm - [ gnome-keyring, libsecret, seahorse ] # things like skype require this or they won't remember credentials - - firefox - - google-chrome - - chromium + # Firefox's management has made clear they are traitors to the cause of Internet freedom upon which Mozilla was founded. Disappointing + # but not surprising. Vivaldi is taking the place of Firefox in my devbox config, but it is installed from a custom repo not here + # - firefox + # Fedora doesn't package Chrome because it's proprietary. Google offers an RPM download but it's manual; not clear how to automate + #- google-chrome + # + # Moving away from Chromium since it doesn't sync at all. Now using Brave in place of Chromium + # - chromium - terminator - - alacritty - w3m - dmenu - rofi @@ -37,70 +43,69 @@ gui_packages: - playerctl - pavucontrol - network-manager-applet - - networkmanager-dmenu-git - - blueberry - qemu - - virt-manager - - [ virtualbox-host-dkms, virtualbox, virtualbox-guest-iso ] - gnome-boxes - dunst - xss-lock + - [ redshift, redshift-gtk ] - lxappearance - - [ redshift, gtk3, python-gobject, python-xdg ] # for some reason these dependencies are optional but they're required - - [ polybar, siji-git, ttf-unifont, libmpdclient, alsa-lib, i3ipc-glib-git, jsoncpp ] # polybar has several important but optional dependencies + - [ polybar, libmpdclient, alsa-lib, jsoncpp ] # polybar has several important but optional dependencies + - pipewire + # waybar doesn't have a package yet but it does have a lot of dependencies + - [ + meson, + ninja-build, + jsoncpp-devel, + libinput-devel, + libwayland-client, + wayland-devel, + wayland-protocols-devel, + gtkmm30-devel, + libdbusmenu-gtk3-devel, + libsigc++, + fmt-devel, + wlroots, + libdbusmenu-gtk3, + libmpdclient, + spdlog-devel, + libnl3, + libnl3-devel, + libudev-devel, + libmpd-devel, + libappindicator-devel, + libappindicator-gtk3-devel + ] - tk # for i8kutils - glxinfo - - [ dropbox, dropbox-cli ] - nautilus - rdesktop - [ freerdp, remmina ] - - mailspring - - gufw - - evince - - [ cups, system-config-printer, foomatic-db-engine, foomatic-db-ppds, foomatic-db-nonfree-ppds ] + - [ cups, system-config-printer, foomatic, foomatic-db, foomatic-db-ppds, foomatic-db-filesystem ] + - gnome-shell-extension-appindicator + - libatomic # This seems to be a dependency of dropbox theme_packages: - - arc-gtk-theme - - adapta-gtk-theme + - arc-theme - gnome-icon-theme - - gnome-icon-theme-extras - moka-icon-theme - - arc-icon-theme wine_packages: - wine - - wine_gecko - wine-mono - - lib32-mesa - - mesa - - lib32-libpulse - - libpulse - - lib32-openal - openal - - lib32-libxml2 - libxml2 - - lib32-mpg123 - mpg123 - - lib32-lcms2 - lcms2 - - lib32-giflib - giflib - - lib32-libpng - libpng - - lib32-gnutls - gnutls - - lib32-libcups - - libcups + - cups-libs - winetricks - - lib32-libxrandr - - lib32-libxinerama - - lib32-libxcomposite - samba - - sane # office 2016 needs this - - pygtk #technically this is a CrossOver dependency + - sane-backends # office 2016 needs this + - pygtk2 #technically this is a CrossOver dependency -snapd_packages: - - skype - - spotify - - slack - - anbox-installer +flatpak_packages: + - com.skype.Client + - com.slack.Slack + - com.spotify.Client diff --git a/playbooks/roles/gui-user-packages/README.md b/playbooks/roles/gui-user-packages/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/playbooks/roles/gui-user-packages/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/playbooks/roles/gui-user-packages/defaults/main.yml b/playbooks/roles/gui-user-packages/defaults/main.yml new file mode 100644 index 0000000..a43ec33 --- /dev/null +++ b/playbooks/roles/gui-user-packages/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for roles/gui-user-packages \ No newline at end of file diff --git a/playbooks/roles/gui-user-packages/handlers/main.yml b/playbooks/roles/gui-user-packages/handlers/main.yml new file mode 100644 index 0000000..bff590c --- /dev/null +++ b/playbooks/roles/gui-user-packages/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for roles/gui-user-packages \ No newline at end of file diff --git a/playbooks/roles/gui-user-packages/meta/main.yml b/playbooks/roles/gui-user-packages/meta/main.yml new file mode 100644 index 0000000..3a212a9 --- /dev/null +++ b/playbooks/roles/gui-user-packages/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + \ No newline at end of file diff --git a/playbooks/roles/gui-user-packages/tasks/main.yml b/playbooks/roles/gui-user-packages/tasks/main.yml new file mode 100644 index 0000000..d6d6ba6 --- /dev/null +++ b/playbooks/roles/gui-user-packages/tasks/main.yml @@ -0,0 +1,3 @@ +--- +# todo: install mako and makoctl by building from source +# i want to wait a while and see if this is something that's worthwhile before I do the work of automating in ansible diff --git a/playbooks/roles/gui-user-packages/tests/inventory b/playbooks/roles/gui-user-packages/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/playbooks/roles/gui-user-packages/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/playbooks/roles/gui-user-packages/tests/test.yml b/playbooks/roles/gui-user-packages/tests/test.yml new file mode 100644 index 0000000..ee845d2 --- /dev/null +++ b/playbooks/roles/gui-user-packages/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - roles/gui-user-packages \ No newline at end of file diff --git a/playbooks/roles/gui-user-packages/vars/main.yml b/playbooks/roles/gui-user-packages/vars/main.yml new file mode 100644 index 0000000..543fbe8 --- /dev/null +++ b/playbooks/roles/gui-user-packages/vars/main.yml @@ -0,0 +1,8 @@ +--- +# vars file for roles/gui-user-packages +mako_version: 1.4.1 +mako_source_tarball_url: "https://github.com/emersion/mako/releases/download/v{{ mako_version }}/mako-{{ mako_version }}.tar.gz" +mako_binaries: + - mako + - makoctl + diff --git a/playbooks/roles/headless-base/tasks/configure-blackarch.yml b/playbooks/roles/headless-base/tasks/configure-blackarch.yml deleted file mode 100644 index 8edba90..0000000 --- a/playbooks/roles/headless-base/tasks/configure-blackarch.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Configure the blackarch repo for pentesting tools -- name: Check if there is already a blackarch repo - command: grep -q "\[blackarch\]" /etc/pacman.conf - register: has_blackarch - ignore_errors: true - -- name: Clear the packman gpg config and let the bootstrap script recreate it - file: - path: /etc/pacman.d/gnupg - state: absent - when: has_blackarch is failed - -- name: Download blackarch setup script - get_url: - url: https://blackarch.org/strap.sh - checksum: sha1:6f152b79419491db92c1fdde3fad2d445f09aae3 - dest: /tmp/strap.sh - mode: u+rx - when: has_blackarch is failed - -- name: Modify blackarch setup script so it reads from stdin instead of a TTY - replace: - path: /tmp/strap.sh - regexp: '\< \/dev\/tty' - replace: '' - when: has_blackarch is failed - - # Note the ugly hack, feeding input to the script. First newline is to accept default mirror, second - # is to answer 'n' to the prompt to perform a system update -- name: Run blackarch script - command: printf "\nn\n" | /tmp/strap.sh - when: has_blackarch is failed - - diff --git a/playbooks/roles/headless-base/tasks/configure-bluetooth.yml b/playbooks/roles/headless-base/tasks/configure-bluetooth.yml deleted file mode 100644 index 2276da1..0000000 --- a/playbooks/roles/headless-base/tasks/configure-bluetooth.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Assuming the bluetooth packages are already installed -- name: Configuring bluetooth service - systemd: - name: bluetooth.service - state: started - enabled: yes diff --git a/playbooks/roles/headless-base/tasks/configure-consolefonts.yml b/playbooks/roles/headless-base/tasks/configure-consolefonts.yml deleted file mode 100644 index 089f3b8..0000000 --- a/playbooks/roles/headless-base/tasks/configure-consolefonts.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Set up the virtual console font to be a bit more civilized -- name: Set vconsole.conf - copy: - src: files/vconsole.conf - dest: /etc/vconsole.conf - -- name: Add console fonts to initramfs - lineinfile: - dest: /etc/mkinitcpio.conf - line: 'HOOKS=\1 consolefont \2' - regexp: '^HOOKS=(.*keymap)(?: consolefont)? (.*)$' - backrefs: yes - state: present - register: hook_added - -- name: Rebuild initramfs - shell: "mkinitcpio -p linux" - when: "hook_added is changed" diff --git a/playbooks/roles/headless-base/tasks/configure-docker.yml b/playbooks/roles/headless-base/tasks/configure-docker.yml index 560dd4c..dc807d9 100644 --- a/playbooks/roles/headless-base/tasks/configure-docker.yml +++ b/playbooks/roles/headless-base/tasks/configure-docker.yml @@ -1,17 +1,13 @@ --- -- name: start docker service - systemd: - state: started - enabled: True - name: "{{ item }}" - with_items: - - docker.service +- name: install docker + include_role: + name: geerlingguy.docker - name: add the current user to the docker group user: name: "{{ lookup('env', 'USER') }}" groups: - - docker + - docker append: yes when: lookup('env', 'USER') != 'root' @@ -20,18 +16,3 @@ - name: install ansible's docker dependency pip: name: docker-py - -- name: pull some often-used docker images in advance - docker_image: - name: "{{ item }}" - with_items: - - archlinux/base - - ubuntu - - debian - - alpine - - nginx - - redis - - postgres - - openjdk - - ruby - - python diff --git a/playbooks/roles/headless-base/tasks/configure-lm-sensors.yml b/playbooks/roles/headless-base/tasks/configure-lm-sensors.yml deleted file mode 100644 index f2a45f8..0000000 --- a/playbooks/roles/headless-base/tasks/configure-lm-sensors.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: detect available sensors and configure the service automatically - command: sensors-detect --auto - args: - creates: /etc/conf.d/lm_sensors - diff --git a/playbooks/roles/headless-base/tasks/configure-pacman.yml b/playbooks/roles/headless-base/tasks/configure-pacman.yml deleted file mode 100644 index 2ba9e4d..0000000 --- a/playbooks/roles/headless-base/tasks/configure-pacman.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Download an up-to-date pacman mirror list for Ukraine -# add multilib and infinality (fonts) repositories -- name: "download pacman mirror list" - get_url: - url: "https://www.archlinux.org/mirrorlist/?country=DE&country=PL&country=UA&protocol=https&ip_version=4&use_mirror_status=on" - dest: "/etc/pacman.d/mirrorlist" - force: true - -- name: "uncomment `#Server` in pacman mirror list" - replace: - dest: "/etc/pacman.d/mirrorlist" - regexp: '^#Server' - replace: 'Server' - -- name: "add multilib" - blockinfile: - dest: "/etc/pacman.conf" - state: "present" - insertafter: EOF - block: | - [multilib] - Include = /etc/pacman.d/mirrorlist - register: multilib_added - -#- name: add infinality repository keys - #shell: | - #pacman-key -r 962DDE58 - #pacman-key --lsign-key 962DDE58 - #when: infinality_added.changed - -- name: "sync the package repositories" - pacman: - update_cache: yes - when: multilib_added.changed diff --git a/playbooks/roles/headless-base/tasks/configure-snapd.yml b/playbooks/roles/headless-base/tasks/configure-snapd.yml deleted file mode 100644 index f30777e..0000000 --- a/playbooks/roles/headless-base/tasks/configure-snapd.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: start snapd service - systemd: - state: started - enabled: True - name: "{{ item }}" - with_items: - - snapd.service - -- name: create symlink to /snap to support classic confinement - file: - src: /var/lib/snapd/snap - dest: /snap - state: link - diff --git a/playbooks/roles/headless-base/tasks/configure-tlp.yml b/playbooks/roles/headless-base/tasks/configure-tlp.yml deleted file mode 100644 index 318e6eb..0000000 --- a/playbooks/roles/headless-base/tasks/configure-tlp.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: start tlp and thermald services - systemd: - state: started - enabled: True - name: "{{ item }}" - with_items: - - tlp.service - - tlp-sleep.service - - thermald.service - -- name: mask rfkill - systemd: - masked: yes - name: "{{ item }}" - with_items: - - systemd-rfkill.service - - systemd-rfkill.socket diff --git a/playbooks/roles/headless-base/tasks/configure-ufw-firewall.yml b/playbooks/roles/headless-base/tasks/configure-ufw-firewall.yml index 600ec64..64e16fe 100644 --- a/playbooks/roles/headless-base/tasks/configure-ufw-firewall.yml +++ b/playbooks/roles/headless-base/tasks/configure-ufw-firewall.yml @@ -1,14 +1,19 @@ --- # Configure a simple firewall that blocks everything except SSH -- name: enable UFW service - systemd: - name: ufw.service - enabled: yes - state: started +- name: Install `ufw` package + package: + name: ufw + state: present -- name: Allow incoming SSH traffic with rate limiting - shell: "ufw limit ssh/tcp" +- name: Enable ufw with a default `deny` rule + ufw: + state: enabled + policy: deny + logging: on -- name: Enable UFW service - shell: "ufw enable" +- name: Enable SSH but with rate limiting + ufw: + rule: limit + port: ssh + proto: tcp diff --git a/playbooks/roles/headless-base/tasks/create-aur-builder-user.yml b/playbooks/roles/headless-base/tasks/create-aur-builder-user.yml deleted file mode 100644 index adc8a4b..0000000 --- a/playbooks/roles/headless-base/tasks/create-aur-builder-user.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# Make a user specifically for installing AUR packages -- name: "Create AUR builder user {{ aur_builder_user }}" - user: "name={{ aur_builder_user }} group=wheel" -- name: Configure AUR builder user sudo access - template: - dest: /etc/sudoers.d/aur-builder-allow-to-sudo-pacman - src: aur-builder-sudoer - validate: /usr/sbin/visudo -cf %s - diff --git a/playbooks/roles/headless-base/tasks/install-yaourt.yml b/playbooks/roles/headless-base/tasks/install-yaourt.yml deleted file mode 100644 index a1b0a7d..0000000 --- a/playbooks/roles/headless-base/tasks/install-yaourt.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaourt is a pacman front-end https://wiki.archlinux.org/index.php/Yaourt -# NOTE: this front-end is no longer maintained and we need to migrate away from it. -# Should use 'yay' now. Expect this task to be removed soon - -# the 'aur' module has a simple internal implementation for building AUR packages -# such as 'yaourt' to bootstrap -- aur: name=yaourt use=makepkg skip_installed=true - become: yes - become_user: "{{ aur_builder_user }}" diff --git a/playbooks/roles/headless-base/tasks/install-yay.yml b/playbooks/roles/headless-base/tasks/install-yay.yml deleted file mode 100644 index d9371ac..0000000 --- a/playbooks/roles/headless-base/tasks/install-yay.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yay is a pacman front-end: https://github.com/Jguer/yay -# the 'aur' module doesn't work right unless the base-devel package is installed -- name: Ensure base-devel is installed - pacman: - name: base-devel - state: present - -# Even base-devel isn't enough; also need package-query from AUR -- name: Ensure package-query is installed - aur: name=package-query use=makepkg skip_installed=true - become: yes - become_user: "{{ aur_builder_user }}" - -# the 'aur' module has a simple internal implementation for building AUR packages -# such as 'yaourt' to bootstrap -- aur: name=yay use=makepkg skip_installed=true - become: yes - become_user: "{{ aur_builder_user }}" - diff --git a/playbooks/roles/headless-base/tasks/main.yml b/playbooks/roles/headless-base/tasks/main.yml index 434771d..9c9942c 100644 --- a/playbooks/roles/headless-base/tasks/main.yml +++ b/playbooks/roles/headless-base/tasks/main.yml @@ -1,46 +1,37 @@ --- -- import_tasks: create-aur-builder-user.yml -- import_tasks: configure-pacman.yml -- import_tasks: install-yay.yml # yay is the replacement for yaourt -- import_tasks: install-yaourt.yml # yaourt is not maintained anymore we should transition away then remove this -- name: install some base packages that have PGP signature verification that needs to be skipped - shell: yay --mflags --skippgpcheck --nopgpfetch -S --needed --noconfirm "{{ item }}" - become: yes - become_user: "{{ aur_builder_user }}" - with_items: - - "{{ packages_with_annoying_pgp_problem }}" - - name: install base system packages that don't require X - aur: - name: "{{ item }}" - use: yay - skip_installed: yes + dnf: + name: "{{ lookup('flattened', item) }}" + state: present become: yes - become_user: "{{ aur_builder_user }}" - with_items: + loop: - "{{ utility_packages }}" - "{{ console_font_packages }}" - "{{ dev_packages }}" - "{{ pentest_packages }}" -- name: enable members of wheel to reboot without a password - copy: - src: files/wheel-sudo-shutdown - dest: /etc/sudoers.d/wheel-sudo-shutdown - validate: /usr/sbin/visudo -cf %s - - name: enable and start the smartcard service to support yubikeys systemd: name: pcscd.service enabled: yes state: started -- import_tasks: configure-lm-sensors.yml -- import_tasks: configure-tlp.yml -- import_tasks: configure-bluetooth.yml +- name: configure minicom meta key to be usable inside tmux + ansible.builtin.lineinfile: + path: /etc/minirc.dfl + regexp: '^pu escape-key\s+' + # Minicom by default uses Ctrl-A which is extremely inconvenient with how I have my tmux config set up, where + # Ctrl-A is the meta key for tmux, and Ctrl-A a is mapped to the popup window switcher. I don't have an easy way + # to send Ctrl-A to the inner session + line: 'pu escape-key ^B' + state: present + +# As of 2020-04-29 (1 day after the Fedora 32 release), the docker repos don't have packages for fedora 32. +# In any case, I want to start using `podman` instead since it sucks less and is better integrated into the Fedora +# ecosystem. - import_tasks: configure-docker.yml -- import_tasks: configure-snapd.yml -- import_tasks: configure-consolefonts.yml + when: ansible_distribution == "Fedora" and ansible_distribution_release|int >= 32 + - import_tasks: configure-ufw-firewall.yml diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index 122ff16..5d7f39c 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -1,88 +1,83 @@ --- # vars file for roles/headless-base -packages_with_annoying_pgp_problem: - - ncurses5-compat-libs - utility_packages: - - btrfs-progs - - dosfstools - - gnupg - - the_silver_searcher - - ripgrep # supposedly even faster than ag - - fzf # file finder - - fd # like ripgrep but only for listing files not searching their contents - - tmux - - tmuxp - - mosh-git # until this PR in master gets released must use the master branch: https://github.com/mobile-shell/mosh/pull/939 - - [ zsh, zsh-syntax-highlighting, antigen-git ] - - bash-completion - - networkmanager - - wget - - curl - - p7zip - - unzip - - unrar - - pass - - bluez - - bluez-utils - - pulseaudio - - pulseaudio-bluetooth - - pamixer - - elinks - - libnotify - - [ gtop, htop, nmon ] - - snapd - - openssh - - ufw - - [ libu2f-host, yubikey-personalization, libusb, pcsclite, acsccid, ccid ] # related to working with yubikeys - - jq - - fio - - bc - - ldns # provides the dig successor drill - - bind-tools # provides dig and nslookup - - gnome-keyring # despite the name, not a GUI app; ensures the keyring is available even headless - - [ bcc, bcc-tools, python-bcc, python2-bcc ] #BCC eBPF profiling tools + - dosfstools + - gnupg + - the_silver_searcher + - fzf # file finder + - tmux + - mosh # until this PR in master gets released must use the master branch: https://github.com/mobile-shell/mosh/pull/939 + # install antigen with a script in the user account - [ zsh, zsh-syntax-highlighting, antigen-git ] + - [zsh, zsh-syntax-highlighting] + - bash-completion + - wget + - curl + - p7zip + - unzip + - elinks + - [htop, nmon] + - flatpak + - openssh + - ufw + - [ + libu2f-host, + yubikey-manager, + ykpers, + ykpers-devel, + ykclient-devel, + libusb, + pcsc-lite, + pcsc-lite-devel, + ccid, + ] # related to working with yubikeys + - jq + - fio + - bc + - ldns # provides the dig successor drill + - bind-utils # provides dig and nslookup + - gnome-keyring # despite the name, not a GUI app; ensures the keyring is available even headless + - [bcc, bcc-tools] #BCC eBPF profiling tools dev_packages: - - neovim - - python-neovim - - python2-neovim - - ranger - - base-devel - - git - - git-lfs - - python - - python-pip - - python-setuptools - - python2 - - python2-pip - - python2-setuptools - - jdk8-openjdk - - jdk9 - - flatbuffers - - go - - mono - # dependencies for youcompleteme viM plugin - - [ boost, boost-libs, clang, mono, ncurses5-compat-libs, nodejs, rust, cargo, cmake, make, go, npm ] - - docker - - swig - - intel-opencl-runtime - - exa #ls-like tool but better - - bat #syntax and git-aware cat replacement - - gdb + - neovim + - python3-neovim + - ranger + - "@Development tools" + - git + - git-lfs + - git-delta + - python3 + - python3-pip + - python3-setuptools + # dependencies for youcompleteme viM plugin + - [boost, clang, mold, nodejs, cmake, make, go, npm] + - ruby-devel # Is the system Ruby package finally mature enough to not hassle w/ RVM? I hope so + # stuff for cross-compiling to the Pi Pico (and probably anything else RP2040 or similar) + - [ + arm-none-eabi-binutils-cs, + arm-none-eabi-gcc-cs, + arm-none-eabi-gcc-cs-c++, + arm-none-eabi-newlib, + minicom, + openocd, + ] + - swig + - eza #ls-like tool but better + - bat #syntax and git-aware cat replacement + - gdb + - libudev-devel + - llvm-devel + - libevent-devel + - openssl-devel pentest_packages: - - aircrack-ng - - wireshark-qt - - nmap + - aircrack-ng + - [wireshark, wireshark-devel] + - nmap console_font_packages: - - terminus-font - - adobe-source-code-pro-fonts - - adobe-source-sans-pro-fonts - - system-san-francisco-font-git - - ttf-font-awesome-4 - - powerline-fonts - - noto-fonts - - nerd-fonts-complete # installs a wide range of patched fonts - + - adobe-source-code-pro-fonts + - adobe-source-sans-pro-fonts + - fontawesome-fonts + - powerline-fonts + # - # move to user install nerd-fonts-complete # installs a wide range of patched fonts diff --git a/playbooks/roles/laptop-base/tasks/main.yml b/playbooks/roles/laptop-base/tasks/main.yml index c0a677e..8fc7c82 100644 --- a/playbooks/roles/laptop-base/tasks/main.yml +++ b/playbooks/roles/laptop-base/tasks/main.yml @@ -1,12 +1,10 @@ --- # tasks file for roles/laptop-base - name: install laptop-specific packages - aur: - name: "{{ item }}" - use: yay - skip_installed: yes + dnf: + name: "{{ lookup('flattened', item) }}" + state: present become: yes - become_user: "{{ aur_builder_user }}" with_items: - "{{ laptop_packages }}" diff --git a/playbooks/roles/laptop-base/vars/main.yml b/playbooks/roles/laptop-base/vars/main.yml index 8770ff2..d7b6b25 100644 --- a/playbooks/roles/laptop-base/vars/main.yml +++ b/playbooks/roles/laptop-base/vars/main.yml @@ -1,16 +1,7 @@ --- # packages that apply specifically to laptops laptop_packages: - - wpa_supplicant - - acpi - - powertop - - ethtool #for disable WoL - - smartmontools - - x86_energy_perf_policy # tlp uses this - tlp - - systemd-boot-pacman-hook # make sure the systemd-boot binaries on /boot are in sync with the latest systemd - lm_sensors - - cpupower # monitor and tweak CPU speed settings - thermald # monitor CPU temperature - - mons # shell script for dealing with multiple monitors diff --git a/playbooks/roles/user-base/tasks/main.yml b/playbooks/roles/user-base/tasks/main.yml index f3b8351..2eb3057 100644 --- a/playbooks/roles/user-base/tasks/main.yml +++ b/playbooks/roles/user-base/tasks/main.yml @@ -2,18 +2,16 @@ # This seems not to work without a password so it'll have to be # a manual step for now #- name: Use zsh as the login shell - #user: - #name: "{{ lookup('env', 'USER') }}" - #shell: /bin/zsh +#user: +#name: "{{ lookup('env', 'USER') }}" +#shell: /bin/zsh - name: Ensure rust programming language tools are installed shell: | curl https://sh.rustup.rs -sSf | sh -s -- --no-modify-path --default-toolchain stable -y - source "{{ lookup('env', 'HOME') }}/.cargo/env" + . "{{ ansible_env.HOME }}/.cargo/env" # install various rust components that are useful + rustup component add rust-src rustup install nightly - rustup component add rust-src rls rust-analysis - # this last step might fail if rls is broken in nightly - rustup component add --toolchain nightly rust-src rls rust-analysis args: - creates: "{{ lookup('env', 'HOME') }}/cargo/env" + creates: "{{ ansible_env.HOME }}/.cargo/env" diff --git a/playbooks/roles/user-intellij/vars/main.yml b/playbooks/roles/user-intellij/vars/main.yml index 22485ce..e85df7d 100644 --- a/playbooks/roles/user-intellij/vars/main.yml +++ b/playbooks/roles/user-intellij/vars/main.yml @@ -20,7 +20,7 @@ local_directory: "{{ '~/.local' | expanduser }}" # * The contents are in fact a gzip'd tarball # * The root directory inside the archive is some not useful path like ideaIU-178.2323 # and thus is stripped when the archive is extracted -idea_download_url: https://download.jetbrains.com/idea/ideaIU-2018.3.tar.gz +idea_download_url: https://download.jetbrains.com/idea/ideaIU-2019.2.4.tar.gz idea_download_path: "{{ local_directory }}/share" idea_tarball_filename: "{{ idea_download_url | basename }}" idea_tarball_path: "{{ idea_download_path }}/{{ idea_tarball_filename }}" diff --git a/playbooks/roles/user-packages/meta/main.yml b/playbooks/roles/user-packages/meta/main.yml index 675428c..72e83ff 100644 --- a/playbooks/roles/user-packages/meta/main.yml +++ b/playbooks/roles/user-packages/meta/main.yml @@ -53,4 +53,3 @@ galaxy_info: # Maximum 20 tags per role. dependencies: - - { role: rvm.ruby, rvm1_rubies: ['ruby-2.5.3'], rvm1_user: "{{ ansible_user_id }}", rvm1_install_flags: '--user-install' } diff --git a/playbooks/roles/user-packages/tasks/main.yml b/playbooks/roles/user-packages/tasks/main.yml index b8144fb..803c25d 100644 --- a/playbooks/roles/user-packages/tasks/main.yml +++ b/playbooks/roles/user-packages/tasks/main.yml @@ -1,22 +1,30 @@ --- # tasks file for roles/user-packages -- name: Installing user-level pip packages for Python 2 - pip: - executable: pip2 - extra_args: --user - name: "{{ pip2_packages }}" - -- name: Installing user-level pip packages for Python 3 +- name: Installing user-level pip packages for Python pip: executable: pip extra_args: --user - name: "{{ pip3_packages }}" + name: "{{ pip_packages }}" - name: Install Rust tools for the current user shell: | - cargo install {{ item.name }} \ - {{ '--git ' + item.git_url if item.git_url is defined else ''}} \ - {{ '--branch ' + item.branch if item.branch is defined else ''}} + source "{{ ansible_env.HOME }}/.cargo/env" + cargo install --force {{ item.name }} --locked args: - creates: "{{ ansible_env.HOME }}/.cargo/bin/{{ item.name }}" + creates: "{{ ansible_env.HOME }}/.cargo/bin/{{ item.executable }}" with_items: "{{ rust_packages }}" + +- name: Install target for ARM cores like the Pi Pico + shell: rustup target add thumbv6m-none-eabi + +- name: Check out NerdFonts repo + git: + repo: "https://github.com/ryanoasis/nerd-fonts.git" + dest: "{{ ansible_env.HOME }}/.nerdfonts" + version: "v2.0.0" + register: nerdfonts_checkout + +- name: Install NerdFonts + shell: | + {{ ansible_env.HOME }}/.nerdfonts/install.sh + when: "nerdfonts_checkout.changed" diff --git a/playbooks/roles/user-packages/vars/main.yml b/playbooks/roles/user-packages/vars/main.yml index 31b3107..94ecce0 100644 --- a/playbooks/roles/user-packages/vars/main.yml +++ b/playbooks/roles/user-packages/vars/main.yml @@ -1,26 +1,25 @@ --- # vars file for roles/user-packages -pip2_packages: - - sexpdata # for ensime vim - - websocket-client # also for ensime vim - - neovim # also for ensime vim - -pip3_packages: - - awscli +pip_packages: + - boto3 - yubikey-manager - - # neovim is built with Python 2.7, but it seems the ensime vim plugin - # uses the 'pip' command to test for packages, so to avoid an annoying - # error message (and in anticipation of someday neovim using python 3) - # install the packages in Python 3.x also - - sexpdata # for ensime vim - - websocket-client # also for ensime vim + - tmuxp - neovim # also for ensime vim + - hererocks # lazy.vim needs this to be able to install lua rocks for lua plugins rust_packages: - - { name: bat } + - { name: eza, executable: eza } + # bat is packaged with pretty much any Linux distro I run plus brew on mac. + # Given the choice, I prefer to use a maintained package since upgrades happen automatically + #- { name: bat, executable: bat } + - { name: fd-find, executable: fd } + - { name: ripgrep, executable: rg } + - { name: tealdeer, executable: tldr } + - { name: git-delta, executable: delta } + - { name: starship, executable: starship } + + # Useful to creating UF2 images for the RP2040 USB Bootloader + - { name: elf2uf2-rs, executable: elf2uf2 } - # Install a branch of exa that includes devicons support. This is a shitty hack, hopefully - # the exa maintainer will accept this PR soon: - # https://github.com/ogham/exa/pull/368 - - { name: exa, git_url: 'https://github.com/asoderman/exa.git', branch: glyphs} + # Useful for flashing over the SWD pins using a supported JTAG probe + - { name: probe-rs-tools, executable: probe-rs } diff --git a/playbooks/roles/xps/tasks/main.yml b/playbooks/roles/xps/tasks/main.yml index 6d3d348..06660dd 100644 --- a/playbooks/roles/xps/tasks/main.yml +++ b/playbooks/roles/xps/tasks/main.yml @@ -1,81 +1,9 @@ --- # tasks file for roles/xps -- name: Add intel graphics modules to initramfs - lineinfile: - dest: /etc/mkinitcpio.conf - line: 'MODULES=(nvme i915 intel_agp \1' - regexp: '^MODULES=\((?:nvme i915 intel_agp)? (.*)$' - backrefs: yes - state: present - notify: Rebuild initramfs - -# The 'keyboard' hook needs to come before the 'autodetect' hook -# otherwise external keyboards and the thunderbolt dock may not -# work when entering the boot password -# -# This according to the arch wiki -- name: Ensure keyboard hook is not subject to autodetect - lineinfile: - # if the regex doesn't match, then nothing is changed. so write a regex - # that will match only if 'keyboard' is after 'autodetect' because it should be before - dest: /etc/mkinitcpio.conf - line: 'HOOKS=\1keyboard autodetect \2\3' - regexp: '^HOOKS=(.*)autodetect (.*)keyboard (.*)$' - backrefs: yes - state: present - notify: Rebuild initramfs - -# Dell makes firmware updates available via the fwupd tool -# so it's handy to have that installed -- aur: name=fwupd skip_installed=yes - -# Perform one-time copy of fwupdate stuff into ESP -# See details at https://wiki.archlinux.org/index.php/Fwupd#Setup_for_UEFI_BIOS_upgrade -# Sadly as of this writing ansible copy of remote-to-remote doesn't support recursion -# Seems like a painfully glaring ommission to me -- name: copy fwupdate firmware files to ESP - command: cp --recursive --update /usr/lib/fwupd/efi/fwupdx64.efi /boot/EFI - -- name: configure fwupd so it will work properly when the ESP is mounted somewhere it doesn't expect - lineinfile: - dest: /etc/fwupd/uefi.conf - regexp: '#OverrideESPMountPoint=' - line: 'OverrideESPMountPoint=/boot' - -# Configure systemd to use hybrid-sleep -- file: path=/etc/systemd/logind.conf.d state=directory - -- name: Configure sleep and hibernation - copy: - src: files/handle-power-events.conf - dest: /etc/systemd/logind.conf.d/handle-power-events.conf - -- name: Configure libinput to use sane defaults for the touch pad - copy: - src: files/xorg-touchpad.conf - dest: /etc/X11/xorg.conf.d/30-touchpad.conf - - name: Install XPS packages - aur: - name: "{{ item }}" - use: yay - skip_installed: yes + dnf: + name: "{{ lookup('flattened', item) }}" + state: present become: yes - become_user: "{{ aur_builder_user }}" - with_items: - - "i7z" # i7 CPU counters (probably not that useful after all) - - "i8kutils" # fan speed control - - libva-intel-driver # video playback acceleration for Intel integrated GPUs - - # as of this writing, the new 9370 and 9560 aren't explicitly supported - # tell this module to ignore that - # - # This and other tidbits of insight into fan control on XPS systems, including - # using i8utils to take over control of the fans from the BIOS, - # see https://daenney.github.io/2017/11/11/arch-linux-xps-13-9360.html -- name: Fix the modprobe.d config - lineinfile: - path: /etc/modprobe.d/dell-smm-hwmon.conf - regexp: ^options dell-smm-hwmon - line: options dell-smm-hwmon restricted=0 ignore_dmi=1 + with_items: [] # TODO: if there are any XPS-specific packages anymore, add them here