From e2e0c329756f9eb2e5443e1ca1f0b567d6fef67d Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 2 Nov 2019 21:32:44 +0200 Subject: [PATCH 01/58] Start to adapt `headless-base` role to Fedora --- README.md | 11 ++++-- .../tasks/configure-blackarch.yml | 35 ------------------ .../tasks/configure-bluetooth.yml | 7 ---- .../tasks/configure-consolefonts.yml | 19 ---------- .../headless-base/tasks/configure-docker.yml | 17 +-------- .../tasks/configure-lm-sensors.yml | 6 ---- .../headless-base/tasks/configure-pacman.yml | 35 ------------------ .../headless-base/tasks/configure-snapd.yml | 15 -------- .../tasks/create-aur-builder-user.yml | 10 ------ .../headless-base/tasks/install-yaourt.yml | 10 ------ .../roles/headless-base/tasks/install-yay.yml | 20 ----------- playbooks/roles/headless-base/tasks/main.yml | 26 ++------------ playbooks/roles/headless-base/vars/main.yml | 36 +++++-------------- 13 files changed, 19 insertions(+), 228 deletions(-) delete mode 100644 playbooks/roles/headless-base/tasks/configure-blackarch.yml delete mode 100644 playbooks/roles/headless-base/tasks/configure-bluetooth.yml delete mode 100644 playbooks/roles/headless-base/tasks/configure-consolefonts.yml delete mode 100644 playbooks/roles/headless-base/tasks/configure-lm-sensors.yml delete mode 100644 playbooks/roles/headless-base/tasks/configure-pacman.yml delete mode 100644 playbooks/roles/headless-base/tasks/configure-snapd.yml delete mode 100644 playbooks/roles/headless-base/tasks/create-aur-builder-user.yml delete mode 100644 playbooks/roles/headless-base/tasks/install-yaourt.yml delete mode 100644 playbooks/roles/headless-base/tasks/install-yay.yml diff --git a/README.md b/README.md index 2bc9d4d..3da03c5 100644 --- a/README.md +++ b/README.md @@ -2,13 +2,18 @@ Cookbook for setting up a Linux development box. -Right now this assumes an arch linux system but my tastes change frequently. +This branch is for Fedora Workstation (version 31 at the time of this writing). # Prerequisites -Arch should be installed, and basics like disk encryption, boot loaders, network configs should be done. A +Fedora should be installed with the normal install process, and basics like disk encryption, boot loaders, network configs should be done. A non-privileged user should be created with sudo privileges, and the running of the Ansible playbooks should be done by -that user. +that user. The initial setup flow that creates the first user automatically enables sudo so this should be easy. + +After initial setup you're in GNOME. Open a terminal and: + + sudo dnf upgrade + sudo dnf install ansible Some reminders about the setup process: diff --git a/playbooks/roles/headless-base/tasks/configure-blackarch.yml b/playbooks/roles/headless-base/tasks/configure-blackarch.yml deleted file mode 100644 index 8edba90..0000000 --- a/playbooks/roles/headless-base/tasks/configure-blackarch.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Configure the blackarch repo for pentesting tools -- name: Check if there is already a blackarch repo - command: grep -q "\[blackarch\]" /etc/pacman.conf - register: has_blackarch - ignore_errors: true - -- name: Clear the packman gpg config and let the bootstrap script recreate it - file: - path: /etc/pacman.d/gnupg - state: absent - when: has_blackarch is failed - -- name: Download blackarch setup script - get_url: - url: https://blackarch.org/strap.sh - checksum: sha1:6f152b79419491db92c1fdde3fad2d445f09aae3 - dest: /tmp/strap.sh - mode: u+rx - when: has_blackarch is failed - -- name: Modify blackarch setup script so it reads from stdin instead of a TTY - replace: - path: /tmp/strap.sh - regexp: '\< \/dev\/tty' - replace: '' - when: has_blackarch is failed - - # Note the ugly hack, feeding input to the script. First newline is to accept default mirror, second - # is to answer 'n' to the prompt to perform a system update -- name: Run blackarch script - command: printf "\nn\n" | /tmp/strap.sh - when: has_blackarch is failed - - diff --git a/playbooks/roles/headless-base/tasks/configure-bluetooth.yml b/playbooks/roles/headless-base/tasks/configure-bluetooth.yml deleted file mode 100644 index 2276da1..0000000 --- a/playbooks/roles/headless-base/tasks/configure-bluetooth.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Assuming the bluetooth packages are already installed -- name: Configuring bluetooth service - systemd: - name: bluetooth.service - state: started - enabled: yes diff --git a/playbooks/roles/headless-base/tasks/configure-consolefonts.yml b/playbooks/roles/headless-base/tasks/configure-consolefonts.yml deleted file mode 100644 index 089f3b8..0000000 --- a/playbooks/roles/headless-base/tasks/configure-consolefonts.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Set up the virtual console font to be a bit more civilized -- name: Set vconsole.conf - copy: - src: files/vconsole.conf - dest: /etc/vconsole.conf - -- name: Add console fonts to initramfs - lineinfile: - dest: /etc/mkinitcpio.conf - line: 'HOOKS=\1 consolefont \2' - regexp: '^HOOKS=(.*keymap)(?: consolefont)? (.*)$' - backrefs: yes - state: present - register: hook_added - -- name: Rebuild initramfs - shell: "mkinitcpio -p linux" - when: "hook_added is changed" diff --git a/playbooks/roles/headless-base/tasks/configure-docker.yml b/playbooks/roles/headless-base/tasks/configure-docker.yml index 560dd4c..5f6d340 100644 --- a/playbooks/roles/headless-base/tasks/configure-docker.yml +++ b/playbooks/roles/headless-base/tasks/configure-docker.yml @@ -11,7 +11,7 @@ user: name: "{{ lookup('env', 'USER') }}" groups: - - docker + - docker append: yes when: lookup('env', 'USER') != 'root' @@ -20,18 +20,3 @@ - name: install ansible's docker dependency pip: name: docker-py - -- name: pull some often-used docker images in advance - docker_image: - name: "{{ item }}" - with_items: - - archlinux/base - - ubuntu - - debian - - alpine - - nginx - - redis - - postgres - - openjdk - - ruby - - python diff --git a/playbooks/roles/headless-base/tasks/configure-lm-sensors.yml b/playbooks/roles/headless-base/tasks/configure-lm-sensors.yml deleted file mode 100644 index f2a45f8..0000000 --- a/playbooks/roles/headless-base/tasks/configure-lm-sensors.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: detect available sensors and configure the service automatically - command: sensors-detect --auto - args: - creates: /etc/conf.d/lm_sensors - diff --git a/playbooks/roles/headless-base/tasks/configure-pacman.yml b/playbooks/roles/headless-base/tasks/configure-pacman.yml deleted file mode 100644 index 2ba9e4d..0000000 --- a/playbooks/roles/headless-base/tasks/configure-pacman.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Download an up-to-date pacman mirror list for Ukraine -# add multilib and infinality (fonts) repositories -- name: "download pacman mirror list" - get_url: - url: "https://www.archlinux.org/mirrorlist/?country=DE&country=PL&country=UA&protocol=https&ip_version=4&use_mirror_status=on" - dest: "/etc/pacman.d/mirrorlist" - force: true - -- name: "uncomment `#Server` in pacman mirror list" - replace: - dest: "/etc/pacman.d/mirrorlist" - regexp: '^#Server' - replace: 'Server' - -- name: "add multilib" - blockinfile: - dest: "/etc/pacman.conf" - state: "present" - insertafter: EOF - block: | - [multilib] - Include = /etc/pacman.d/mirrorlist - register: multilib_added - -#- name: add infinality repository keys - #shell: | - #pacman-key -r 962DDE58 - #pacman-key --lsign-key 962DDE58 - #when: infinality_added.changed - -- name: "sync the package repositories" - pacman: - update_cache: yes - when: multilib_added.changed diff --git a/playbooks/roles/headless-base/tasks/configure-snapd.yml b/playbooks/roles/headless-base/tasks/configure-snapd.yml deleted file mode 100644 index f30777e..0000000 --- a/playbooks/roles/headless-base/tasks/configure-snapd.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: start snapd service - systemd: - state: started - enabled: True - name: "{{ item }}" - with_items: - - snapd.service - -- name: create symlink to /snap to support classic confinement - file: - src: /var/lib/snapd/snap - dest: /snap - state: link - diff --git a/playbooks/roles/headless-base/tasks/create-aur-builder-user.yml b/playbooks/roles/headless-base/tasks/create-aur-builder-user.yml deleted file mode 100644 index adc8a4b..0000000 --- a/playbooks/roles/headless-base/tasks/create-aur-builder-user.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# Make a user specifically for installing AUR packages -- name: "Create AUR builder user {{ aur_builder_user }}" - user: "name={{ aur_builder_user }} group=wheel" -- name: Configure AUR builder user sudo access - template: - dest: /etc/sudoers.d/aur-builder-allow-to-sudo-pacman - src: aur-builder-sudoer - validate: /usr/sbin/visudo -cf %s - diff --git a/playbooks/roles/headless-base/tasks/install-yaourt.yml b/playbooks/roles/headless-base/tasks/install-yaourt.yml deleted file mode 100644 index a1b0a7d..0000000 --- a/playbooks/roles/headless-base/tasks/install-yaourt.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaourt is a pacman front-end https://wiki.archlinux.org/index.php/Yaourt -# NOTE: this front-end is no longer maintained and we need to migrate away from it. -# Should use 'yay' now. Expect this task to be removed soon - -# the 'aur' module has a simple internal implementation for building AUR packages -# such as 'yaourt' to bootstrap -- aur: name=yaourt use=makepkg skip_installed=true - become: yes - become_user: "{{ aur_builder_user }}" diff --git a/playbooks/roles/headless-base/tasks/install-yay.yml b/playbooks/roles/headless-base/tasks/install-yay.yml deleted file mode 100644 index d9371ac..0000000 --- a/playbooks/roles/headless-base/tasks/install-yay.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yay is a pacman front-end: https://github.com/Jguer/yay -# the 'aur' module doesn't work right unless the base-devel package is installed -- name: Ensure base-devel is installed - pacman: - name: base-devel - state: present - -# Even base-devel isn't enough; also need package-query from AUR -- name: Ensure package-query is installed - aur: name=package-query use=makepkg skip_installed=true - become: yes - become_user: "{{ aur_builder_user }}" - -# the 'aur' module has a simple internal implementation for building AUR packages -# such as 'yaourt' to bootstrap -- aur: name=yay use=makepkg skip_installed=true - become: yes - become_user: "{{ aur_builder_user }}" - diff --git a/playbooks/roles/headless-base/tasks/main.yml b/playbooks/roles/headless-base/tasks/main.yml index 434771d..f962fa2 100644 --- a/playbooks/roles/headless-base/tasks/main.yml +++ b/playbooks/roles/headless-base/tasks/main.yml @@ -1,20 +1,8 @@ --- -- import_tasks: create-aur-builder-user.yml -- import_tasks: configure-pacman.yml -- import_tasks: install-yay.yml # yay is the replacement for yaourt -- import_tasks: install-yaourt.yml # yaourt is not maintained anymore we should transition away then remove this -- name: install some base packages that have PGP signature verification that needs to be skipped - shell: yay --mflags --skippgpcheck --nopgpfetch -S --needed --noconfirm "{{ item }}" - become: yes - become_user: "{{ aur_builder_user }}" - with_items: - - "{{ packages_with_annoying_pgp_problem }}" - - name: install base system packages that don't require X - aur: + dnf: name: "{{ item }}" - use: yay - skip_installed: yes + state: present become: yes become_user: "{{ aur_builder_user }}" with_items: @@ -23,24 +11,14 @@ - "{{ dev_packages }}" - "{{ pentest_packages }}" -- name: enable members of wheel to reboot without a password - copy: - src: files/wheel-sudo-shutdown - dest: /etc/sudoers.d/wheel-sudo-shutdown - validate: /usr/sbin/visudo -cf %s - - name: enable and start the smartcard service to support yubikeys systemd: name: pcscd.service enabled: yes state: started -- import_tasks: configure-lm-sensors.yml - import_tasks: configure-tlp.yml -- import_tasks: configure-bluetooth.yml - import_tasks: configure-docker.yml -- import_tasks: configure-snapd.yml -- import_tasks: configure-consolefonts.yml - import_tasks: configure-ufw-firewall.yml diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index 122ff16..f9977d1 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -1,10 +1,6 @@ --- # vars file for roles/headless-base -packages_with_annoying_pgp_problem: - - ncurses5-compat-libs - utility_packages: - - btrfs-progs - dosfstools - gnupg - the_silver_searcher @@ -13,23 +9,18 @@ utility_packages: - fd # like ripgrep but only for listing files not searching their contents - tmux - tmuxp - - mosh-git # until this PR in master gets released must use the master branch: https://github.com/mobile-shell/mosh/pull/939 + - mosh # until this PR in master gets released must use the master branch: https://github.com/mobile-shell/mosh/pull/939 - [ zsh, zsh-syntax-highlighting, antigen-git ] - bash-completion - - networkmanager - wget - curl - p7zip - unzip - unrar - - pass - - bluez - - bluez-utils - pulseaudio - pulseaudio-bluetooth - pamixer - elinks - - libnotify - [ gtop, htop, nmon ] - snapd - openssh @@ -41,32 +32,22 @@ utility_packages: - ldns # provides the dig successor drill - bind-tools # provides dig and nslookup - gnome-keyring # despite the name, not a GUI app; ensures the keyring is available even headless - - [ bcc, bcc-tools, python-bcc, python2-bcc ] #BCC eBPF profiling tools + - [ bcc, bcc-tools, python-bcc ] #BCC eBPF profiling tools dev_packages: - neovim - - python-neovim - - python2-neovim + - python3-neovim - ranger - - base-devel + - "@Development tools" - git - git-lfs - - python - - python-pip - - python-setuptools - - python2 - - python2-pip - - python2-setuptools - - jdk8-openjdk - - jdk9 - - flatbuffers - - go - - mono + - python3 + - python3-pip + - python3-setuptools # dependencies for youcompleteme viM plugin - - [ boost, boost-libs, clang, mono, ncurses5-compat-libs, nodejs, rust, cargo, cmake, make, go, npm ] + - [ boost, boost-libs, clang, mono, ncurses5-compat-libs, nodejs, cmake, make, go, npm ] - docker - swig - - intel-opencl-runtime - exa #ls-like tool but better - bat #syntax and git-aware cat replacement - gdb @@ -77,7 +58,6 @@ pentest_packages: - nmap console_font_packages: - - terminus-font - adobe-source-code-pro-fonts - adobe-source-sans-pro-fonts - system-san-francisco-font-git From b883dde7a9669a9e516a0c4d1aaf04e54cad3f90 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 6 Nov 2019 16:12:08 +0200 Subject: [PATCH 02/58] Updated GUI and userland install scripts to work with Fedora and Wayland --- README.md | 4 + playbooks/desktop-devbox.yml | 1 - playbooks/devuser.yml | 1 + playbooks/roles/desktop/tasks/main.yml | 15 --- playbooks/roles/desktop/vars/main.yml | 2 - .../gui-base/files/xorg-power-config.conf | 10 -- .../gui-base/tasks/configure-fontconfig.yml | 11 --- .../gui-base/tasks/configure-vboxusers.yml | 10 -- playbooks/roles/gui-base/tasks/main.yml | 52 ++++++---- playbooks/roles/gui-base/vars/main.yml | 99 ++++++++----------- playbooks/roles/gui-user-packages/README.md | 38 +++++++ .../roles/gui-user-packages/defaults/main.yml | 2 + .../roles/gui-user-packages/handlers/main.yml | 2 + .../roles/gui-user-packages/meta/main.yml | 53 ++++++++++ .../roles/gui-user-packages/tasks/main.yml | 24 +++++ .../roles/gui-user-packages/tests/inventory | 2 + .../roles/gui-user-packages/tests/test.yml | 5 + .../roles/gui-user-packages/vars/main.yml | 2 + .../headless-base/tasks/configure-docker.yml | 8 -- .../headless-base/tasks/configure-tlp.yml | 18 ---- playbooks/roles/headless-base/tasks/main.yml | 6 +- playbooks/roles/headless-base/vars/main.yml | 29 +++--- playbooks/roles/user-base/tasks/main.yml | 4 +- playbooks/roles/user-intellij/vars/main.yml | 2 +- playbooks/roles/user-packages/tasks/main.yml | 21 +++- playbooks/roles/user-packages/vars/main.yml | 12 +-- 26 files changed, 243 insertions(+), 190 deletions(-) delete mode 100644 playbooks/roles/gui-base/files/xorg-power-config.conf delete mode 100644 playbooks/roles/gui-base/tasks/configure-vboxusers.yml create mode 100644 playbooks/roles/gui-user-packages/README.md create mode 100644 playbooks/roles/gui-user-packages/defaults/main.yml create mode 100644 playbooks/roles/gui-user-packages/handlers/main.yml create mode 100644 playbooks/roles/gui-user-packages/meta/main.yml create mode 100644 playbooks/roles/gui-user-packages/tasks/main.yml create mode 100644 playbooks/roles/gui-user-packages/tests/inventory create mode 100644 playbooks/roles/gui-user-packages/tests/test.yml create mode 100644 playbooks/roles/gui-user-packages/vars/main.yml delete mode 100644 playbooks/roles/headless-base/tasks/configure-tlp.yml diff --git a/README.md b/README.md index 3da03c5..c01d125 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,10 @@ After initial setup you're in GNOME. Open a terminal and: sudo dnf upgrade sudo dnf install ansible +As the non-priviledged user, make sure zsh is installed and the default shell: + + sudo dnf install zsh util-linux-user + chsh -s /usr/bin/zsh Some reminders about the setup process: - Start with the [ install guide ](https://wiki.archlinux.org/index.php/Installation_guide) which covers things in some diff --git a/playbooks/desktop-devbox.yml b/playbooks/desktop-devbox.yml index c1aade8..f42ff3a 100644 --- a/playbooks/desktop-devbox.yml +++ b/playbooks/desktop-devbox.yml @@ -7,4 +7,3 @@ - gui-base - hidpi - desktop - # - vmware - I'm experimenting with life without vmware diff --git a/playbooks/devuser.yml b/playbooks/devuser.yml index e3790c3..017aa24 100644 --- a/playbooks/devuser.yml +++ b/playbooks/devuser.yml @@ -8,3 +8,4 @@ - dotfiles - user-packages - user-intellij + - gui-user-packages diff --git a/playbooks/roles/desktop/tasks/main.yml b/playbooks/roles/desktop/tasks/main.yml index 3dc9e99..6229538 100644 --- a/playbooks/roles/desktop/tasks/main.yml +++ b/playbooks/roles/desktop/tasks/main.yml @@ -1,17 +1,2 @@ --- # tasks file for roles/desktop -- name: install desktop-specific packages - aur: - name: "{{ item }}" - use: yay - skip_installed: yes - become: yes - become_user: "{{ aur_builder_user }}" - with_items: - - "{{ desktop_packages }}" - -- name: Enable Corsair Keyboard service - systemd: - name: ckb-next-daemon - enabled: yes - state: started diff --git a/playbooks/roles/desktop/vars/main.yml b/playbooks/roles/desktop/vars/main.yml index 2ef7614..34c9426 100644 --- a/playbooks/roles/desktop/vars/main.yml +++ b/playbooks/roles/desktop/vars/main.yml @@ -1,5 +1,3 @@ --- # vars file for roles/desktop -desktop_packages: - - ckb-next # corsair LED keyboard manager diff --git a/playbooks/roles/gui-base/files/xorg-power-config.conf b/playbooks/roles/gui-base/files/xorg-power-config.conf deleted file mode 100644 index a98ec34..0000000 --- a/playbooks/roles/gui-base/files/xorg-power-config.conf +++ /dev/null @@ -1,10 +0,0 @@ -# Set the DPMS power saving times in minutes -# There's no clear distinction visually between these modes so -# just force immediately going to off after a period of inactivity -Section "ServerLayout" - Identifier "ServerLayout0" - Option "StandbyTime" "10" - Option "SuspendTime" "10" - Option "OffTime" "10" -EndSection - diff --git a/playbooks/roles/gui-base/tasks/configure-fontconfig.yml b/playbooks/roles/gui-base/tasks/configure-fontconfig.yml index ba3c9ea..fd96613 100644 --- a/playbooks/roles/gui-base/tasks/configure-fontconfig.yml +++ b/playbooks/roles/gui-base/tasks/configure-fontconfig.yml @@ -1,16 +1,5 @@ --- # Tweak the fontconfig settings so they're at least somewhat pretty -- name: Enable lcdfilter - file: - src: /etc/fonts/conf.avail/11-lcdfilter-default.conf - dest: /etc/fonts/conf.d/11-lcdfilter-default.conf - state: link - -- name: Enable subpixel rendering - file: - src: /etc/fonts/conf.avail/10-sub-pixel-rgb.conf - dest: /etc/fonts/conf.d/10-sub-pixel-rgb.conf - state: link - name: Set sensble local fontconfig settings copy: src: fontconfig-local.conf diff --git a/playbooks/roles/gui-base/tasks/configure-vboxusers.yml b/playbooks/roles/gui-base/tasks/configure-vboxusers.yml deleted file mode 100644 index c76254f..0000000 --- a/playbooks/roles/gui-base/tasks/configure-vboxusers.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# Make sure the user running ansible (which we assume is the user who will be configured) -# is able to access USB devices -- name: add the current user to the vboxusers group - user: - name: "{{ lookup('env', 'USER') }}" - groups: - - vboxusers - append: yes - when: lookup('env', 'USER') != 'root' diff --git a/playbooks/roles/gui-base/tasks/main.yml b/playbooks/roles/gui-base/tasks/main.yml index 788aa7f..d6000c1 100644 --- a/playbooks/roles/gui-base/tasks/main.yml +++ b/playbooks/roles/gui-base/tasks/main.yml @@ -1,14 +1,27 @@ --- # tasks file for roles/gui-base +- name: Enable alacritty Copr repo + # Info came from this: https://copr.fedorainfracloud.org/coprs/pschyska/alacritty/repo/fedora-31/pschyska-alacritty-fedora-31.repo + yum_repository: + name: alacritty + description: Copr repo for alacritty owned by pschyska + baseurl: https://copr-be.cloud.fedoraproject.org/results/pschyska/alacritty/fedora-$releasever-$basearch/ + skip_if_unavailable: yes + gpgkey: https://copr-be.cloud.fedoraproject.org/results/pschyska/alacritty/pubkey.gpg + repo_gpgcheck: no + enabled: yes + +- name: install alacritty from a custom repo + dnf: + name: alacritty + enablerepo: alacritty + state: present - name: install base system packages that require X or Wayland - aur: - name: "{{ item }}" - use: yay - skip_installed: yes + dnf: + name: "{{ lookup('flattened', item) }}" + state: present become: yes - become_user: "{{ aur_builder_user }}" - with_items: - - "{{ xorg_packages }}" + loop: - "{{ wayland_packages }}" - "{{ gui_packages }}" - "{{ theme_packages }}" @@ -16,19 +29,18 @@ - import_tasks: configure-gdm.yml - import_tasks: configure-wine.yml -- import_tasks: configure-vboxusers.yml -- import_tasks: configure-fontconfig.yml +#Disabling this; I hope Fedora has a sensible default already. If not, then revisit +#- import_tasks: configure-fontconfig.yml -- name: Configure xorg power management for the screen - copy: - src: files/xorg-power-config.conf - dest: /etc/X11/xorg.conf.d/10-monitor.conf +- name: Enable the default flathub flatpak repo + flatpak_remote: + name: flathub + state: present + flatpakrepo_url: https://dl.flathub.org/repo/flathub.flatpakrepo + method: system -- name: install snap packages - command: snap install {{ item }} --classic - register: snap_output - changed_when: - - "'is already installed' not in snap_output.stderr" - with_items: - - "{{ snapd_packages }}" +- name: install flatpak packages + flatpak: + name: "{{ item }}" + loop: "{{ flatpak_packages }}" diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index 3f402dd..1631de7 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -1,35 +1,19 @@ --- # vars file for roles/gui-base -xorg_packages: - - xorg - - xorg-xrdb - - compton - - xf86-video-intel - - i3-gaps - - i3status - - i3blocks - - i3lock-fancy-git # variant that does blurring and font customization - - xclip - - xsel - - feh - - imagemagick # used by feh to support SVG - - arandr - - scrot - - unclutter-xfixes-git - wayland_packages: - - wayland - - xorg-server-xwayland + # wayland and the wayland x server are installed as part of the base Fedora Workstation install + #- wayland + #- xorg-server-xwayland - sway gui_packages: - gdm - [ gnome-keyring, libsecret, seahorse ] # things like skype require this or they won't remember credentials - firefox - - google-chrome + # Fedora doesn't package Chrome because it's proprietary. Google offers an RPM download but it's manual; not clear how to automate + #- google-chrome - chromium - terminator - - alacritty - w3m - dmenu - rofi @@ -37,70 +21,69 @@ gui_packages: - playerctl - pavucontrol - network-manager-applet - - networkmanager-dmenu-git + #- networkmanager-dmenu-git - blueberry - qemu - - virt-manager - - [ virtualbox-host-dkms, virtualbox, virtualbox-guest-iso ] - gnome-boxes - dunst - xss-lock - - lxappearance - - [ redshift, gtk3, python-gobject, python-xdg ] # for some reason these dependencies are optional but they're required - - [ polybar, siji-git, ttf-unifont, libmpdclient, alsa-lib, i3ipc-glib-git, jsoncpp ] # polybar has several important but optional dependencies + - [ redshift, redshift-gtk ] + # waybar doesn't have a package yet but it does have a lot of dependencies + - [ + meson, + ninja-build, + jsoncpp-devel, + libinput-devel, + libwayland-client, + wayland-devel, + wayland-protocols-devel, + gtkmm30-devel, + libdbusmenu-gtk3-devel, + libsigc++, + fmt-devel, + wlroots, + libdbusmenu-gtk3, + libmpdclient, + spdlog-devel, + libnl3, + libnl3-devel, + pulseaudio-libs-devel, + libudev-devel, + libmpd-devel + ] - tk # for i8kutils - glxinfo - - [ dropbox, dropbox-cli ] + #- [ dropbox, dropbox-cli ] - nautilus - rdesktop - [ freerdp, remmina ] - - mailspring - - gufw - - evince - - [ cups, system-config-printer, foomatic-db-engine, foomatic-db-ppds, foomatic-db-nonfree-ppds ] + - [ cups, system-config-printer, foomatic, foomatic-db, foomatic-db-ppds, foomatic-db-filesystem ] theme_packages: - - arc-gtk-theme + - arc-theme - adapta-gtk-theme - gnome-icon-theme - gnome-icon-theme-extras - moka-icon-theme - - arc-icon-theme + #- arc-icon-theme wine_packages: - wine - - wine_gecko - wine-mono - - lib32-mesa - - mesa - - lib32-libpulse - - libpulse - - lib32-openal - openal - - lib32-libxml2 - libxml2 - - lib32-mpg123 - mpg123 - - lib32-lcms2 - lcms2 - - lib32-giflib - giflib - - lib32-libpng - libpng - - lib32-gnutls - gnutls - - lib32-libcups - - libcups + - cups-libs - winetricks - - lib32-libxrandr - - lib32-libxinerama - - lib32-libxcomposite - samba - - sane # office 2016 needs this - - pygtk #technically this is a CrossOver dependency + - sane-backends # office 2016 needs this + - pygtk2 #technically this is a CrossOver dependency -snapd_packages: - - skype - - spotify - - slack - - anbox-installer +flatpak_packages: + - com.skype.Client + - com.slack.Slack + - com.spotify.Client diff --git a/playbooks/roles/gui-user-packages/README.md b/playbooks/roles/gui-user-packages/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/playbooks/roles/gui-user-packages/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/playbooks/roles/gui-user-packages/defaults/main.yml b/playbooks/roles/gui-user-packages/defaults/main.yml new file mode 100644 index 0000000..a43ec33 --- /dev/null +++ b/playbooks/roles/gui-user-packages/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for roles/gui-user-packages \ No newline at end of file diff --git a/playbooks/roles/gui-user-packages/handlers/main.yml b/playbooks/roles/gui-user-packages/handlers/main.yml new file mode 100644 index 0000000..bff590c --- /dev/null +++ b/playbooks/roles/gui-user-packages/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for roles/gui-user-packages \ No newline at end of file diff --git a/playbooks/roles/gui-user-packages/meta/main.yml b/playbooks/roles/gui-user-packages/meta/main.yml new file mode 100644 index 0000000..3a212a9 --- /dev/null +++ b/playbooks/roles/gui-user-packages/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + \ No newline at end of file diff --git a/playbooks/roles/gui-user-packages/tasks/main.yml b/playbooks/roles/gui-user-packages/tasks/main.yml new file mode 100644 index 0000000..f49f4db --- /dev/null +++ b/playbooks/roles/gui-user-packages/tasks/main.yml @@ -0,0 +1,24 @@ +--- +# tasks file for roles/gui-user-packages +- name: Create directory for Waybar source code + file: + path: "{{ ansible_env.HOME }}/source/waybar" + state: directory + +- name: Check out waybar code + git: + repo: https://github.com/Alexays/Waybar.git + dest: "{{ ansible_env.HOME }}/source/waybar" + update: yes + register: git_checkout + +- name: Build and install + shell: | + meson --prefix {{ ansible_env.HOME }}/.local build + ninja -C build + ninja -C build install + args: + chdir: "{{ ansible_env.HOME }}/source/waybar" + when: git_checkout.changed + + diff --git a/playbooks/roles/gui-user-packages/tests/inventory b/playbooks/roles/gui-user-packages/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/playbooks/roles/gui-user-packages/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/playbooks/roles/gui-user-packages/tests/test.yml b/playbooks/roles/gui-user-packages/tests/test.yml new file mode 100644 index 0000000..ee845d2 --- /dev/null +++ b/playbooks/roles/gui-user-packages/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - roles/gui-user-packages \ No newline at end of file diff --git a/playbooks/roles/gui-user-packages/vars/main.yml b/playbooks/roles/gui-user-packages/vars/main.yml new file mode 100644 index 0000000..6b0fff8 --- /dev/null +++ b/playbooks/roles/gui-user-packages/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for roles/gui-user-packages \ No newline at end of file diff --git a/playbooks/roles/headless-base/tasks/configure-docker.yml b/playbooks/roles/headless-base/tasks/configure-docker.yml index 5f6d340..aa7132b 100644 --- a/playbooks/roles/headless-base/tasks/configure-docker.yml +++ b/playbooks/roles/headless-base/tasks/configure-docker.yml @@ -1,12 +1,4 @@ --- -- name: start docker service - systemd: - state: started - enabled: True - name: "{{ item }}" - with_items: - - docker.service - - name: add the current user to the docker group user: name: "{{ lookup('env', 'USER') }}" diff --git a/playbooks/roles/headless-base/tasks/configure-tlp.yml b/playbooks/roles/headless-base/tasks/configure-tlp.yml deleted file mode 100644 index 318e6eb..0000000 --- a/playbooks/roles/headless-base/tasks/configure-tlp.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: start tlp and thermald services - systemd: - state: started - enabled: True - name: "{{ item }}" - with_items: - - tlp.service - - tlp-sleep.service - - thermald.service - -- name: mask rfkill - systemd: - masked: yes - name: "{{ item }}" - with_items: - - systemd-rfkill.service - - systemd-rfkill.socket diff --git a/playbooks/roles/headless-base/tasks/main.yml b/playbooks/roles/headless-base/tasks/main.yml index f962fa2..6f12fb9 100644 --- a/playbooks/roles/headless-base/tasks/main.yml +++ b/playbooks/roles/headless-base/tasks/main.yml @@ -1,11 +1,10 @@ --- - name: install base system packages that don't require X dnf: - name: "{{ item }}" + name: "{{ lookup('flattened', item) }}" state: present become: yes - become_user: "{{ aur_builder_user }}" - with_items: + loop: - "{{ utility_packages }}" - "{{ console_font_packages }}" - "{{ dev_packages }}" @@ -17,7 +16,6 @@ enabled: yes state: started -- import_tasks: configure-tlp.yml - import_tasks: configure-docker.yml - import_tasks: configure-ufw-firewall.yml diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index f9977d1..7bd81e5 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -4,35 +4,30 @@ utility_packages: - dosfstools - gnupg - the_silver_searcher - - ripgrep # supposedly even faster than ag - fzf # file finder - - fd # like ripgrep but only for listing files not searching their contents - tmux - - tmuxp - mosh # until this PR in master gets released must use the master branch: https://github.com/mobile-shell/mosh/pull/939 - - [ zsh, zsh-syntax-highlighting, antigen-git ] + # install antigen with a script in the user account - [ zsh, zsh-syntax-highlighting, antigen-git ] + - [ zsh, zsh-syntax-highlighting ] - bash-completion - wget - curl - p7zip - unzip - - unrar - pulseaudio - - pulseaudio-bluetooth - - pamixer - elinks - - [ gtop, htop, nmon ] - - snapd + - [ htop, nmon ] + - flatpak - openssh - ufw - - [ libu2f-host, yubikey-personalization, libusb, pcsclite, acsccid, ccid ] # related to working with yubikeys + - [ libu2f-host, yubikey-personalization-gui, yubikey-manager, ykpers, ykpers-devel, yubioath-desktop, ykclient-devel, libusb, pcsc-lite, pcsc-lite-devel, ccid ] # related to working with yubikeys - jq - fio - bc - ldns # provides the dig successor drill - - bind-tools # provides dig and nslookup + - bind-utils # provides dig and nslookup - gnome-keyring # despite the name, not a GUI app; ensures the keyring is available even headless - - [ bcc, bcc-tools, python-bcc ] #BCC eBPF profiling tools + - [ bcc, bcc-tools ] #BCC eBPF profiling tools dev_packages: - neovim @@ -45,7 +40,7 @@ dev_packages: - python3-pip - python3-setuptools # dependencies for youcompleteme viM plugin - - [ boost, boost-libs, clang, mono, ncurses5-compat-libs, nodejs, cmake, make, go, npm ] + - [ boost, clang, nodejs, cmake, make, go, npm ] - docker - swig - exa #ls-like tool but better @@ -54,15 +49,13 @@ dev_packages: pentest_packages: - aircrack-ng - - wireshark-qt + - [wireshark, wireshark-devel] - nmap console_font_packages: - adobe-source-code-pro-fonts - adobe-source-sans-pro-fonts - - system-san-francisco-font-git - - ttf-font-awesome-4 + - fontawesome-fonts - powerline-fonts - - noto-fonts - - nerd-fonts-complete # installs a wide range of patched fonts + # - # move to user install nerd-fonts-complete # installs a wide range of patched fonts diff --git a/playbooks/roles/user-base/tasks/main.yml b/playbooks/roles/user-base/tasks/main.yml index f3b8351..6d88693 100644 --- a/playbooks/roles/user-base/tasks/main.yml +++ b/playbooks/roles/user-base/tasks/main.yml @@ -11,9 +11,7 @@ curl https://sh.rustup.rs -sSf | sh -s -- --no-modify-path --default-toolchain stable -y source "{{ lookup('env', 'HOME') }}/.cargo/env" # install various rust components that are useful - rustup install nightly rustup component add rust-src rls rust-analysis - # this last step might fail if rls is broken in nightly - rustup component add --toolchain nightly rust-src rls rust-analysis + rustup install nightly args: creates: "{{ lookup('env', 'HOME') }}/cargo/env" diff --git a/playbooks/roles/user-intellij/vars/main.yml b/playbooks/roles/user-intellij/vars/main.yml index 22485ce..e85df7d 100644 --- a/playbooks/roles/user-intellij/vars/main.yml +++ b/playbooks/roles/user-intellij/vars/main.yml @@ -20,7 +20,7 @@ local_directory: "{{ '~/.local' | expanduser }}" # * The contents are in fact a gzip'd tarball # * The root directory inside the archive is some not useful path like ideaIU-178.2323 # and thus is stripped when the archive is extracted -idea_download_url: https://download.jetbrains.com/idea/ideaIU-2018.3.tar.gz +idea_download_url: https://download.jetbrains.com/idea/ideaIU-2019.2.4.tar.gz idea_download_path: "{{ local_directory }}/share" idea_tarball_filename: "{{ idea_download_url | basename }}" idea_tarball_path: "{{ idea_download_path }}/{{ idea_tarball_filename }}" diff --git a/playbooks/roles/user-packages/tasks/main.yml b/playbooks/roles/user-packages/tasks/main.yml index b8144fb..5e0149d 100644 --- a/playbooks/roles/user-packages/tasks/main.yml +++ b/playbooks/roles/user-packages/tasks/main.yml @@ -8,15 +8,26 @@ - name: Installing user-level pip packages for Python 3 pip: - executable: pip + executable: pip3 extra_args: --user name: "{{ pip3_packages }}" - name: Install Rust tools for the current user shell: | - cargo install {{ item.name }} \ - {{ '--git ' + item.git_url if item.git_url is defined else ''}} \ - {{ '--branch ' + item.branch if item.branch is defined else ''}} + source "{{ lookup('env', 'HOME') }}/.cargo/env" + cargo install --force {{ item.name }} args: - creates: "{{ ansible_env.HOME }}/.cargo/bin/{{ item.name }}" + creates: "{{ ansible_env.HOME }}/.cargo/bin/{{ item.executable }}" with_items: "{{ rust_packages }}" + +- name: Check out NerdFonts repo + git: + repo: 'https://github.com/ryanoasis/nerd-fonts.git' + dest: "{{ ansible_env.HOME }}/.nerdfonts" + version: "v2.0.0" + register: nerdfonts_checkout + +- name: Install NerdFonts + shell: | + {{ ansible_env.HOME }}/.nerdfonts/install.sh + when: "nerdfonts_checkout.changed" diff --git a/playbooks/roles/user-packages/vars/main.yml b/playbooks/roles/user-packages/vars/main.yml index 31b3107..d59a794 100644 --- a/playbooks/roles/user-packages/vars/main.yml +++ b/playbooks/roles/user-packages/vars/main.yml @@ -8,6 +8,8 @@ pip2_packages: pip3_packages: - awscli - yubikey-manager + - neovim + - tmuxp # neovim is built with Python 2.7, but it seems the ensime vim plugin # uses the 'pip' command to test for packages, so to avoid an annoying @@ -18,9 +20,7 @@ pip3_packages: - neovim # also for ensime vim rust_packages: - - { name: bat } - - # Install a branch of exa that includes devicons support. This is a shitty hack, hopefully - # the exa maintainer will accept this PR soon: - # https://github.com/ogham/exa/pull/368 - - { name: exa, git_url: 'https://github.com/asoderman/exa.git', branch: glyphs} + - { name: bat, executable: bat } + - { name: exa, executable: exa } + - { name: fd-find, executable: fd } + - { name: ripgrep, executable: rg } From cb67091467dc910e3b01abf06af2433bc3bd35d8 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Mon, 11 Nov 2019 16:20:57 +0200 Subject: [PATCH 03/58] Add Dropbox RPM install to `gui-base` --- playbooks/roles/gui-base/tasks/main.yml | 4 ++++ playbooks/roles/gui-base/vars/main.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/playbooks/roles/gui-base/tasks/main.yml b/playbooks/roles/gui-base/tasks/main.yml index d6000c1..8e3b8b9 100644 --- a/playbooks/roles/gui-base/tasks/main.yml +++ b/playbooks/roles/gui-base/tasks/main.yml @@ -44,3 +44,7 @@ name: "{{ item }}" loop: "{{ flatpak_packages }}" +- name: Install dropbox RPM + dnf: + name: "{{ dropbox_rpm_url }}" + state: present diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index 1631de7..5913380 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -1,5 +1,6 @@ --- # vars file for roles/gui-base +dropbox_rpm_url: https://www.dropbox.com/download?dl=packages/fedora/nautilus-dropbox-2019.02.14-1.fedora.x86_64.rpm wayland_packages: # wayland and the wayland x server are installed as part of the base Fedora Workstation install #- wayland @@ -53,7 +54,6 @@ gui_packages: ] - tk # for i8kutils - glxinfo - #- [ dropbox, dropbox-cli ] - nautilus - rdesktop - [ freerdp, remmina ] From 5114bfecd130fbd5a42dacb40eac51c8cd16df8a Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Mon, 11 Nov 2019 17:08:08 +0200 Subject: [PATCH 04/58] Add GNOME extension "AppIndicator" --- playbooks/roles/gui-base/vars/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index 5913380..9cb0cd9 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -58,6 +58,7 @@ gui_packages: - rdesktop - [ freerdp, remmina ] - [ cups, system-config-printer, foomatic, foomatic-db, foomatic-db-ppds, foomatic-db-filesystem ] + - gnome-shell-extension-appindicator theme_packages: - arc-theme From 0aa4bdc55dbb8ff4afb1a5eac1f3af203e743bcb Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 14 Mar 2020 14:26:27 +0200 Subject: [PATCH 05/58] Continue to migrate to Fedora packages and commands --- playbooks/roles/gui-base/vars/main.yml | 1 + playbooks/roles/laptop-base/tasks/main.yml | 8 +-- playbooks/roles/laptop-base/vars/main.yml | 9 --- playbooks/roles/xps/tasks/main.yml | 76 +--------------------- 4 files changed, 7 insertions(+), 87 deletions(-) diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index 9cb0cd9..f3e004d 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -59,6 +59,7 @@ gui_packages: - [ freerdp, remmina ] - [ cups, system-config-printer, foomatic, foomatic-db, foomatic-db-ppds, foomatic-db-filesystem ] - gnome-shell-extension-appindicator + - libatomic # This seems to be a dependency of dropbox theme_packages: - arc-theme diff --git a/playbooks/roles/laptop-base/tasks/main.yml b/playbooks/roles/laptop-base/tasks/main.yml index c0a677e..8fc7c82 100644 --- a/playbooks/roles/laptop-base/tasks/main.yml +++ b/playbooks/roles/laptop-base/tasks/main.yml @@ -1,12 +1,10 @@ --- # tasks file for roles/laptop-base - name: install laptop-specific packages - aur: - name: "{{ item }}" - use: yay - skip_installed: yes + dnf: + name: "{{ lookup('flattened', item) }}" + state: present become: yes - become_user: "{{ aur_builder_user }}" with_items: - "{{ laptop_packages }}" diff --git a/playbooks/roles/laptop-base/vars/main.yml b/playbooks/roles/laptop-base/vars/main.yml index 8770ff2..d7b6b25 100644 --- a/playbooks/roles/laptop-base/vars/main.yml +++ b/playbooks/roles/laptop-base/vars/main.yml @@ -1,16 +1,7 @@ --- # packages that apply specifically to laptops laptop_packages: - - wpa_supplicant - - acpi - - powertop - - ethtool #for disable WoL - - smartmontools - - x86_energy_perf_policy # tlp uses this - tlp - - systemd-boot-pacman-hook # make sure the systemd-boot binaries on /boot are in sync with the latest systemd - lm_sensors - - cpupower # monitor and tweak CPU speed settings - thermald # monitor CPU temperature - - mons # shell script for dealing with multiple monitors diff --git a/playbooks/roles/xps/tasks/main.yml b/playbooks/roles/xps/tasks/main.yml index 6d3d348..0863836 100644 --- a/playbooks/roles/xps/tasks/main.yml +++ b/playbooks/roles/xps/tasks/main.yml @@ -1,81 +1,11 @@ --- # tasks file for roles/xps -- name: Add intel graphics modules to initramfs - lineinfile: - dest: /etc/mkinitcpio.conf - line: 'MODULES=(nvme i915 intel_agp \1' - regexp: '^MODULES=\((?:nvme i915 intel_agp)? (.*)$' - backrefs: yes - state: present - notify: Rebuild initramfs - -# The 'keyboard' hook needs to come before the 'autodetect' hook -# otherwise external keyboards and the thunderbolt dock may not -# work when entering the boot password -# -# This according to the arch wiki -- name: Ensure keyboard hook is not subject to autodetect - lineinfile: - # if the regex doesn't match, then nothing is changed. so write a regex - # that will match only if 'keyboard' is after 'autodetect' because it should be before - dest: /etc/mkinitcpio.conf - line: 'HOOKS=\1keyboard autodetect \2\3' - regexp: '^HOOKS=(.*)autodetect (.*)keyboard (.*)$' - backrefs: yes - state: present - notify: Rebuild initramfs - -# Dell makes firmware updates available via the fwupd tool -# so it's handy to have that installed -- aur: name=fwupd skip_installed=yes - -# Perform one-time copy of fwupdate stuff into ESP -# See details at https://wiki.archlinux.org/index.php/Fwupd#Setup_for_UEFI_BIOS_upgrade -# Sadly as of this writing ansible copy of remote-to-remote doesn't support recursion -# Seems like a painfully glaring ommission to me -- name: copy fwupdate firmware files to ESP - command: cp --recursive --update /usr/lib/fwupd/efi/fwupdx64.efi /boot/EFI - -- name: configure fwupd so it will work properly when the ESP is mounted somewhere it doesn't expect - lineinfile: - dest: /etc/fwupd/uefi.conf - regexp: '#OverrideESPMountPoint=' - line: 'OverrideESPMountPoint=/boot' - -# Configure systemd to use hybrid-sleep -- file: path=/etc/systemd/logind.conf.d state=directory - -- name: Configure sleep and hibernation - copy: - src: files/handle-power-events.conf - dest: /etc/systemd/logind.conf.d/handle-power-events.conf - -- name: Configure libinput to use sane defaults for the touch pad - copy: - src: files/xorg-touchpad.conf - dest: /etc/X11/xorg.conf.d/30-touchpad.conf - - name: Install XPS packages - aur: - name: "{{ item }}" - use: yay - skip_installed: yes + dnf: + name: "{{ lookup('flattened', item) }}" + state: present become: yes - become_user: "{{ aur_builder_user }}" with_items: - - "i7z" # i7 CPU counters (probably not that useful after all) - "i8kutils" # fan speed control - libva-intel-driver # video playback acceleration for Intel integrated GPUs - # as of this writing, the new 9370 and 9560 aren't explicitly supported - # tell this module to ignore that - # - # This and other tidbits of insight into fan control on XPS systems, including - # using i8utils to take over control of the fans from the BIOS, - # see https://daenney.github.io/2017/11/11/arch-linux-xps-13-9360.html -- name: Fix the modprobe.d config - lineinfile: - path: /etc/modprobe.d/dell-smm-hwmon.conf - regexp: ^options dell-smm-hwmon - line: options dell-smm-hwmon restricted=0 ignore_dmi=1 - From 0ef38a9a452e9d6ff150723f670afa15d26cd91e Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 14 Mar 2020 19:24:22 +0100 Subject: [PATCH 06/58] Update README and remove some Arch-specific stuff --- README.md | 153 ++---------------------------------------------------- 1 file changed, 3 insertions(+), 150 deletions(-) diff --git a/README.md b/README.md index c01d125..05fb95b 100644 --- a/README.md +++ b/README.md @@ -13,164 +13,17 @@ that user. The initial setup flow that creates the first user automatically ena After initial setup you're in GNOME. Open a terminal and: sudo dnf upgrade - sudo dnf install ansible + sudo dnf install git git-lfs ansible As the non-priviledged user, make sure zsh is installed and the default shell: sudo dnf install zsh util-linux-user chsh -s /usr/bin/zsh -Some reminders about the setup process: - -- Start with the [ install guide ](https://wiki.archlinux.org/index.php/Installation_guide) which covers things in some - detail -- If this is a HiDPI system the console fonts are painfully small. Run this command to temporarily fix: - `setfont latarcyrheb-sun32 -m 8859-2` -- Setting up wifi is not straightfoward: - - `iw dev` to see the list of wireless devices. This obviously assumes the LiveCD kernel includes support for your - card. - - `ip link set (interface) up` to bring the wireless interface online - - `iw dev (interface) scan | less` to scan for APs where `(interface)` is the device name from the previous step - - `wpa_supplicant -B -i interface -c <(wpa_passphrase MYSSID passphrase)` to connect to a WPA-secured AP. Note the - shell trickery used here, so weird characters in `passphrase` will need to be quoted or use herestrings. There's a - [wiki page about WPA](https://wiki.archlinux.org/index.php/WPA_supplicant#Connecting_with_wpa_passphrase) with more - details. - - Get a DHCP lease with `dhcpcd (interface)`. Note that is D-H-C-P-C-D, I always mess it up and type D-H-C-P-D which - won't work. - - Sync the system clock with `timedatectl set-ntp true` -- Pro-tip: You can use `Alt-RightArrow` to switch to another virtual TTY and use `elinks` to view this guide in a - text-based web browser for easy reference as you switch back and forth between it and the install console. Use `g` to - go to a URL and vi navigation keys to move around. -- Disk partitioning is tricky because we will use LUKS to encrypt the disk and LVM on top - - Use `gdisk` for partioning the GPT disk we always use. Use `lsblk` to see the block devices available. Create one - 250MB EFI partition (type is `ef00`) and one with the rest of the space for our data (type is `8309` - Linux LUKS) - - In case you forget the approach we use is - [LVM on LUKS](https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS) for the root - partition. - - Read that page for more details and the latest thinking, but in summary: - - `cryptsetup luksFormat --type luks2 /dev/(block device)` - - `cryptsetup open /dev(blockdev) cryptolvm` this will open the encrypted block dev and make the decrypted block dev - available at `/dev/mapper/cryptolvm` - - `pvcreate /dev/mapper/cryptolvm` initializes an LVM physical volume on top of the encrypted LUKS volume - - `vgcreate MyVol /dev/mapper/cryptolvm` creates a volume group called `MyVol` (can be called anything but we use - `MyVol`) - - `lvcreate -l 100%FREE MyVol -n root` creates a logical volume `MyVol-root` using all free space on the volume - group `MyVol`. Read the guide for options if you want to create multiple logical volumes. I find it's hard to - predict in advance what the right size for the various volumes should be. - - NOTE: I don't create a swap partition. Later on we'll create a swap file on the root partition which works fine - and is more flexible. - - `mkfs.ext4 /dev/mapper/MyVol-root` to format the root partition EXT4. `btrfs` as the root volume isn't ready for - prime time. - - `mount /dev/mapper/MyVol-root /mnt` to mount. If you made other partitions mount them under `mnt` as appropriate. - - If there isn't already a UEFI boot partition created and initialized you need to do that also. Read the guide. If - it doesn't already exist, make sure you format it as FAT32: - - `mkfs.fat -F32 /dev/(whatever)` - - Once it already exists: - - `mkdir /mnt/boot` && `mount /dev/(EFI partition) /mnt/boot` - - `fallocate -l 32G /mnt/swapfile` to allocate a swapfile on the root filesystem - - `chmod 600 /mnt/swapfile` for security - - `mkswap /mnt/swapfile` to initialize - - `swapon /mnt/swapfile` to actiate -- Once the disks are configured it's time to install packages - - I don't usually bother editing the `/etc/pacman.d/mirrorlist` file it defaults to use all the mirrors in the world. - Maybe tweak it if you're in a place with weak internet - - `pacstrap /mnt base` to install the base packages over the network. I don't like to install other packages here, - because there's an Ansible playbook for that which also tweaks the `mirrorlist` - - `genfstab -U /mnt >> /mnt/etc/fstab` to generate an `/etc/fstab` file to preserve the current mount config. Double - check that the path to the swap file doesn't have a `/mnt` prefix; I've seen that happen once -- `arch-chroot /mnt` to chroot into the new system and begin setting it up - - - `pacman -Sy vim` to get an editor installed right away - - Set the time zone with `ln -sf /usr/share/zoneinfo/Region/City /etc/localtime`. Eastern is usually `US/NewYork` or - some such. - - Set the system clock to UTC. This is a Linux convention not Windows so be careful if you dual boot. - `hwclock --systohc` - - Ensure the system clock is synchronized with `timedatectl set-ntp true` - - Edit `/etc/locale.gen` and uncomment the locales to use. I only ever use `en_US.UTF-8` but maybe `es_ES.UTF-8` and - `ru-RU.UTF-8` might come in handy. - - Run `locale-gen` to generate those locales - - Edit `/etc/locale.conf` to set `LANG=en_US.UTF-8` to make sure US English is the default locale. - - I never have to edit the keyboard layout since US English is the default, but that's in `/etc/vconsole.conf` - - Choose a hostname and put it in `/etc/hostname` - - Populate `/etc/hosts` accordingly with that new hostname: - - 127.0.0.1 localhost - ::1 localhost - 127.0.0.1 myhostname.localdomain myhostname - - - You'll need the wireless utilities you used in the LiveCD when you reboot in order to get the new system on the - network. `pacman -S iw wpa_supplicant networkmanager dialog` at the least. I don't have to manually install firmware - but that will depend upon the system. - - `pacman -S intel-ucode` to install the latest Intel microcode updates - - I also install `zsh` here with `pacman -S zsh` because I like my non-privileged user to run ZSH - - Now it's time to configure the boot loader. I use `systemd-boot`: - - - Assuming not dual-booting windows: - - `bootctl --path=/boot install` installs the boot loader into the UEFI system partition - - edit `/boot/loader/loader.conf` to adjust the default entry to boot and the timeout. Normally the default entry is - `arch` - - Created or edit `/boot/loader/entries/arch.conf` to configure how arch is booted. In particular some changes are - needed to support the encrypted filesystem. There's a sample at `/usr/share/systemd/bootctl/arch.conf` to use as a - starting point: - - Here's an example config: - - title Arch Linux Encrypted LVM - linux /vmlinuz-linux - initrd /intel-ucode.img - initrd /initramfs-linux.img - options cryptdevice=UUID=device-UUID:cryptolvm root=/dev/mapper/MyVol-root quiet rw - - Note the `device-UUID` is the UUID of the encrypted physical block device. The command to get this is - `blkid -s UUID -o value /dev/(partition)`. A fun trick in `vi` when editing this file if you want to insert this - UUID is to put the cursor where you want the ID inserted and run an Ex command `:r ! blkid -S ....` filling out the - entire `blkid` command listed earlier. Note also the `/intel-ucode.img` use this only on Intel systems and only if - the `intel_ucode` package is installed. - - - For the XPS 13 add some options to configure the Intel graphics: - `i915 enable_guc_loading=-1 enable_guc_submission=-1` - - As of kernel 4.19 on XPS 9370 the `s2idle` sleep mode is used instead of `deep` which is much more power - efficient. Add the kernel option `mem_sleep_default=deep` if `/sys/power/mem_sleep` indicates that `s2idle` is the - default. - - NB: Based on [this patch](https://patchwork.freedesktop.org/patch/191386/) it appears use of `enable_rc6` is - unwise so it's removed from the options listed abjove - - - Add `keyboard`, `encrypt`, and `lvm2` HOOKS to `/etc/mkinitcpio.conf`. Be advised order is important. NOTE: - technically Ansible will do this for you as part of the setup process, but you need to do `encrypt` and `lvm2` here - in order for the system to be able to boot, so you may as well do `keyboard` as well while you're in here, and if - you're on an XPS system see the line below for some additional modules you should add at the same time. - - For XPS systems: Add `nvme i915 intel_agp` MODULES to `/etc/mkinitcpio.conf`. NOTE: technically Ansible will do this - for you as part of the setup process - - Regenerate the `initramfs` with `mkinitcpio -p linux` - - `passwd` to set a root password - - Create an unprivileged user that can use `sudo` with `useradd -m -G wheel -s /bin/zsh sumd00d` - - Set a password for that user with `passwd sumd00d` - - Install the sudo package with `pacman -S sudo` - - Run `visudo` and uncomment the line that allows all `sudo` commands for members of `wheel` - - I like to `su sumd00d` at this point to log into the unprivileged user shell to make sure it works. Sometimes I - forget something (often `zsh`). - - Exit the chroot with `exit` and then `reboot` to boot into the live system. - -## Suspend/Hibernate for laptops - -On laptops some additional configuration is needed to support hibernating to disk. - -The [Arch wiki](https://wiki.archlinux.org/index.php/Power_management/Suspend_and_hibernate) as usual is the definitive -source of information. Some summary items based on my prefered config: - -- I use a swap file not a swap partition, therefore the instructions for a swap file apply -- When using a swap file, the `resume` kernel parameter specifies the /device/ where the swap file is located, /not/ the - swap file itself. -- You need to specify the physical offset on the device where the swap file lives. `filefrag -v /swapfile` will show - this. You want the physical offset of the first extent. -- Use the following kernel parameters: - - `resume=/dev/mapper/MyVol-root` - - `resume_offset=swapfileoffset` where /swapfileoffset/ is the starting offset of the swapfile on the device -- Update `/etc/mkinitcpio.conf` to add a `resume` hook. _IMPORTANT_: Put the `resume` hook /after/ `lvm2` # Initial setup -If this is a fresh system also make sure you have the minimal dependencies that are required to run ansible: - - $ sudo pacman -S git git-lfs ansible python +If this is a fresh system also make sure you have the minimal dependencies that are required to run ansible. See the +PrePrerequisites section. To start with, clone this repo somewhere. _IMPORTANT_: make sure you remember to run the `git submodule` and `git lfs` steps also or the playbook won't work! From 8f0da043ebb2adad40aa9146a059bc4300c496fd Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 14 Mar 2020 19:24:33 +0100 Subject: [PATCH 07/58] Configure UFW with the `ufw` module instead of the CLI --- .../tasks/configure-ufw-firewall.yml | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/playbooks/roles/headless-base/tasks/configure-ufw-firewall.yml b/playbooks/roles/headless-base/tasks/configure-ufw-firewall.yml index 600ec64..64e16fe 100644 --- a/playbooks/roles/headless-base/tasks/configure-ufw-firewall.yml +++ b/playbooks/roles/headless-base/tasks/configure-ufw-firewall.yml @@ -1,14 +1,19 @@ --- # Configure a simple firewall that blocks everything except SSH -- name: enable UFW service - systemd: - name: ufw.service - enabled: yes - state: started +- name: Install `ufw` package + package: + name: ufw + state: present -- name: Allow incoming SSH traffic with rate limiting - shell: "ufw limit ssh/tcp" +- name: Enable ufw with a default `deny` rule + ufw: + state: enabled + policy: deny + logging: on -- name: Enable UFW service - shell: "ufw enable" +- name: Enable SSH but with rate limiting + ufw: + rule: limit + port: ssh + proto: tcp From 7e0d05fbcf8f026241570b0b7b21548fa252554a Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 14 Mar 2020 19:24:44 +0100 Subject: [PATCH 08/58] Remove ruby installation role because I don't use Ruby anymore --- playbooks/roles/user-packages/meta/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/playbooks/roles/user-packages/meta/main.yml b/playbooks/roles/user-packages/meta/main.yml index 675428c..72e83ff 100644 --- a/playbooks/roles/user-packages/meta/main.yml +++ b/playbooks/roles/user-packages/meta/main.yml @@ -53,4 +53,3 @@ galaxy_info: # Maximum 20 tags per role. dependencies: - - { role: rvm.ruby, rvm1_rubies: ['ruby-2.5.3'], rvm1_user: "{{ ansible_user_id }}", rvm1_install_flags: '--user-install' } From d6c5eeb0d06fa59425f1eb9f098b596735e8c694 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 14 Mar 2020 19:47:00 +0100 Subject: [PATCH 09/58] Add some missing packages required by rust and tmux --- playbooks/roles/headless-base/vars/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index 7bd81e5..1eab1e3 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -46,6 +46,10 @@ dev_packages: - exa #ls-like tool but better - bat #syntax and git-aware cat replacement - gdb + - libudev-devel + - llvm-devel + - libevent-devel + - openssl-devel pentest_packages: - aircrack-ng From a12c4b75c58a83d88ea14d60c9682c42a7c6c190 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 15 Mar 2020 09:13:58 +0100 Subject: [PATCH 10/58] Fix docker install on Fedora The stock `docker` package on Fedora 31 won't work because it doesn't have support for the cgroups v2 API. Instead the Docker repo should be used to get the latest and greatest. --- playbooks/requirements.yml | 4 ++-- playbooks/roles/headless-base/tasks/configure-docker.yml | 4 ++++ playbooks/roles/headless-base/vars/main.yml | 1 - 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/playbooks/requirements.yml b/playbooks/requirements.yml index 0f7a9eb..12746cf 100644 --- a/playbooks/requirements.yml +++ b/playbooks/requirements.yml @@ -1,7 +1,7 @@ # Dependencies on external roles -# +# # To install these locally run: # # $ ansible-galaxy install -r requirements.yml # -- src: rvm.ruby +- src: geerlingguy.docker diff --git a/playbooks/roles/headless-base/tasks/configure-docker.yml b/playbooks/roles/headless-base/tasks/configure-docker.yml index aa7132b..dc807d9 100644 --- a/playbooks/roles/headless-base/tasks/configure-docker.yml +++ b/playbooks/roles/headless-base/tasks/configure-docker.yml @@ -1,4 +1,8 @@ --- +- name: install docker + include_role: + name: geerlingguy.docker + - name: add the current user to the docker group user: name: "{{ lookup('env', 'USER') }}" diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index 1eab1e3..1db3231 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -41,7 +41,6 @@ dev_packages: - python3-setuptools # dependencies for youcompleteme viM plugin - [ boost, clang, nodejs, cmake, make, go, npm ] - - docker - swig - exa #ls-like tool but better - bat #syntax and git-aware cat replacement From afc249c73b1775d3a986a61c702f1c08496dd811 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 15 Mar 2020 11:56:55 +0100 Subject: [PATCH 11/58] Add logic to download the latest terraform There's no Fedora install package unfortunately, so this has to be done manually --- playbooks/roles/user-packages/tasks/main.yml | 9 +++++++++ playbooks/roles/user-packages/vars/main.yml | 2 ++ 2 files changed, 11 insertions(+) diff --git a/playbooks/roles/user-packages/tasks/main.yml b/playbooks/roles/user-packages/tasks/main.yml index 5e0149d..7c98eba 100644 --- a/playbooks/roles/user-packages/tasks/main.yml +++ b/playbooks/roles/user-packages/tasks/main.yml @@ -31,3 +31,12 @@ shell: | {{ ansible_env.HOME }}/.nerdfonts/install.sh when: "nerdfonts_checkout.changed" + +- name: Install terraform + shell: | + cd /tmp + curl --silent https://releases.hashicorp.com/terraform/0.12.23/terraform_{{ terraform_version }}_linux_amd64.zip -o terraform.zip + unzip terraform.zip + cp terraform {{ ansible_env.HOME}}/.local/bin + args: + creates: "{{ansible_env.HOME}}/.local/bin/terraform" diff --git a/playbooks/roles/user-packages/vars/main.yml b/playbooks/roles/user-packages/vars/main.yml index d59a794..32953fa 100644 --- a/playbooks/roles/user-packages/vars/main.yml +++ b/playbooks/roles/user-packages/vars/main.yml @@ -24,3 +24,5 @@ rust_packages: - { name: exa, executable: exa } - { name: fd-find, executable: fd } - { name: ripgrep, executable: rg } + +terraform_version: 0.12.23 From 6f11ffeb92592a967d7ca5e9593184f35d527276 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 29 Apr 2020 09:54:29 +0300 Subject: [PATCH 12/58] Don't install docker starting with Fedora 32 --- playbooks/roles/headless-base/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/playbooks/roles/headless-base/tasks/main.yml b/playbooks/roles/headless-base/tasks/main.yml index 6f12fb9..2e4305d 100644 --- a/playbooks/roles/headless-base/tasks/main.yml +++ b/playbooks/roles/headless-base/tasks/main.yml @@ -16,7 +16,12 @@ enabled: yes state: started +# As of 2020-04-29 (1 day after the Fedora 32 release), the docker repos don't have packages for fedora 32. +# In any case, I want to start using `podman` instead since it sucks less and is better integrated into the Fedora +# ecosystem. - import_tasks: configure-docker.yml + when: ansible_distribution == "Fedora" and ansible_distribution_release|int >= 32 + - import_tasks: configure-ufw-firewall.yml From 8b2efe70e3e7511402a616ff9ca1bc54a97bf2aa Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 29 Apr 2020 09:54:43 +0300 Subject: [PATCH 13/58] Don't install gnome-icon-theme-extras (no longer in Fedora 32) --- playbooks/roles/gui-base/vars/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index f3e004d..a49df84 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -65,9 +65,7 @@ theme_packages: - arc-theme - adapta-gtk-theme - gnome-icon-theme - - gnome-icon-theme-extras - moka-icon-theme - #- arc-icon-theme wine_packages: - wine From 098c8357f6a9a92a19f15fa1f82e684794e4e318 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 29 Apr 2020 13:00:42 +0300 Subject: [PATCH 14/58] Add Zoom to GUI base install --- playbooks/roles/gui-base/tasks/main.yml | 5 +++++ playbooks/roles/gui-base/vars/main.yml | 2 ++ 2 files changed, 7 insertions(+) diff --git a/playbooks/roles/gui-base/tasks/main.yml b/playbooks/roles/gui-base/tasks/main.yml index 8e3b8b9..1b7d665 100644 --- a/playbooks/roles/gui-base/tasks/main.yml +++ b/playbooks/roles/gui-base/tasks/main.yml @@ -48,3 +48,8 @@ dnf: name: "{{ dropbox_rpm_url }}" state: present + +- name: Install zoom RPM + dnf: + name: "{{ zoom_rpm_url }}" + state: present diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index a49df84..7c593d8 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -1,6 +1,8 @@ --- # vars file for roles/gui-base dropbox_rpm_url: https://www.dropbox.com/download?dl=packages/fedora/nautilus-dropbox-2019.02.14-1.fedora.x86_64.rpm +zoom_rpm_url: https://zoom.us/client/latest/zoom_x86_64.rpm + wayland_packages: # wayland and the wayland x server are installed as part of the base Fedora Workstation install #- wayland From b86578e846a19d05ffdb1dcb432d1b044ef04aec Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 29 Apr 2020 13:00:53 +0300 Subject: [PATCH 15/58] Remove pip2-related install steps --- playbooks/roles/user-packages/tasks/main.yml | 12 +++--------- playbooks/roles/user-packages/vars/main.yml | 7 +------ 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/playbooks/roles/user-packages/tasks/main.yml b/playbooks/roles/user-packages/tasks/main.yml index 5e0149d..09ddba0 100644 --- a/playbooks/roles/user-packages/tasks/main.yml +++ b/playbooks/roles/user-packages/tasks/main.yml @@ -1,16 +1,10 @@ --- # tasks file for roles/user-packages -- name: Installing user-level pip packages for Python 2 +- name: Installing user-level pip packages for Python pip: - executable: pip2 + executable: pip extra_args: --user - name: "{{ pip2_packages }}" - -- name: Installing user-level pip packages for Python 3 - pip: - executable: pip3 - extra_args: --user - name: "{{ pip3_packages }}" + name: "{{ pip_packages }}" - name: Install Rust tools for the current user shell: | diff --git a/playbooks/roles/user-packages/vars/main.yml b/playbooks/roles/user-packages/vars/main.yml index d59a794..24206f4 100644 --- a/playbooks/roles/user-packages/vars/main.yml +++ b/playbooks/roles/user-packages/vars/main.yml @@ -1,11 +1,6 @@ --- # vars file for roles/user-packages -pip2_packages: - - sexpdata # for ensime vim - - websocket-client # also for ensime vim - - neovim # also for ensime vim - -pip3_packages: +pip_packages: - awscli - yubikey-manager - neovim From 9cf49e7ef2e31a93568889427e7f8026f86a2464 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 29 Apr 2020 15:05:11 +0300 Subject: [PATCH 16/58] Change waybar install from source build to COPR package --- .../roles/gui-user-packages/tasks/main.yml | 37 ++++++++----------- 1 file changed, 15 insertions(+), 22 deletions(-) diff --git a/playbooks/roles/gui-user-packages/tasks/main.yml b/playbooks/roles/gui-user-packages/tasks/main.yml index f49f4db..5940de8 100644 --- a/playbooks/roles/gui-user-packages/tasks/main.yml +++ b/playbooks/roles/gui-user-packages/tasks/main.yml @@ -1,24 +1,17 @@ --- -# tasks file for roles/gui-user-packages -- name: Create directory for Waybar source code - file: - path: "{{ ansible_env.HOME }}/source/waybar" - state: directory - -- name: Check out waybar code - git: - repo: https://github.com/Alexays/Waybar.git - dest: "{{ ansible_env.HOME }}/source/waybar" - update: yes - register: git_checkout - -- name: Build and install - shell: | - meson --prefix {{ ansible_env.HOME }}/.local build - ninja -C build - ninja -C build install - args: - chdir: "{{ ansible_env.HOME }}/source/waybar" - when: git_checkout.changed - +- name: Enable waybar Copr repo + # Info came from this: https://copr.fedorainfracloud.org/coprs/alebastr/waybar/repo/fedora-32/alebastr-waybar-fedora-32.repo + yum_repository: + name: waybar + description: Copr repo for waybar owned by alebastr + baseurl: https://download.copr.fedorainfracloud.org/results/alebastr/waybar/fedora-$releasever-$basearch/ + skip_if_unavailable: yes + gpgkey: https://download.copr.fedorainfracloud.org/results/alebastr/waybar/pubkey.gpg + repo_gpgcheck: no + enabled: yes +- name: install waybar from a custom repo + dnf: + name: waybar + enablerepo: waybar + state: present From 80c9fcaccd165347b65c6115a7eb5854cc10e272 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 29 Apr 2020 15:07:03 +0300 Subject: [PATCH 17/58] Move waybar from gui-user to gui-base --- playbooks/roles/gui-base/tasks/main.yml | 18 ++++++++++++++++++ .../roles/gui-user-packages/tasks/main.yml | 17 +---------------- 2 files changed, 19 insertions(+), 16 deletions(-) diff --git a/playbooks/roles/gui-base/tasks/main.yml b/playbooks/roles/gui-base/tasks/main.yml index 1b7d665..edc0e4b 100644 --- a/playbooks/roles/gui-base/tasks/main.yml +++ b/playbooks/roles/gui-base/tasks/main.yml @@ -16,6 +16,24 @@ name: alacritty enablerepo: alacritty state: present + +- name: Enable waybar Copr repo + # Info came from this: https://copr.fedorainfracloud.org/coprs/alebastr/waybar/repo/fedora-32/alebastr-waybar-fedora-32.repo + yum_repository: + name: waybar + description: Copr repo for waybar owned by alebastr + baseurl: https://download.copr.fedorainfracloud.org/results/alebastr/waybar/fedora-$releasever-$basearch/ + skip_if_unavailable: yes + gpgkey: https://download.copr.fedorainfracloud.org/results/alebastr/waybar/pubkey.gpg + repo_gpgcheck: no + enabled: yes + +- name: install waybar from a custom repo + dnf: + name: waybar + enablerepo: waybar + state: present + - name: install base system packages that require X or Wayland dnf: name: "{{ lookup('flattened', item) }}" diff --git a/playbooks/roles/gui-user-packages/tasks/main.yml b/playbooks/roles/gui-user-packages/tasks/main.yml index 5940de8..665e0d2 100644 --- a/playbooks/roles/gui-user-packages/tasks/main.yml +++ b/playbooks/roles/gui-user-packages/tasks/main.yml @@ -1,17 +1,2 @@ --- -- name: Enable waybar Copr repo - # Info came from this: https://copr.fedorainfracloud.org/coprs/alebastr/waybar/repo/fedora-32/alebastr-waybar-fedora-32.repo - yum_repository: - name: waybar - description: Copr repo for waybar owned by alebastr - baseurl: https://download.copr.fedorainfracloud.org/results/alebastr/waybar/fedora-$releasever-$basearch/ - skip_if_unavailable: yes - gpgkey: https://download.copr.fedorainfracloud.org/results/alebastr/waybar/pubkey.gpg - repo_gpgcheck: no - enabled: yes - -- name: install waybar from a custom repo - dnf: - name: waybar - enablerepo: waybar - state: present +# As of now, nothing to do here From 8c0b188ebba8a2a43ca79efdf57565337bc87a27 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 29 Apr 2020 19:45:46 +0300 Subject: [PATCH 18/58] Add additional sway dependenies to the installed packages --- playbooks/roles/gui-base/vars/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index 7c593d8..f18b858 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -8,6 +8,10 @@ wayland_packages: #- wayland #- xorg-server-xwayland - sway + - swayidle + - swaylock + - wofi + - light gui_packages: - gdm From 5d6c3e3eff69543d27840425fb52855bc217fa60 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 29 Apr 2020 19:46:46 +0300 Subject: [PATCH 19/58] Add comment about using `ask-become-pass` --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 05fb95b..b7a1ad5 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,9 @@ If you're setting up a remote system over SSH, there are some changes to the com $ ansible-playbook --inventory , --user headless-devbox.yml +If the user is not `root`, you'll probably need `--ask-become-pass` to make sure Ansible has the password for when it +needs to `sudo`. + NOTE: Just because you're doing a remote setup doesn't mean you can ignore the pre-reqs that normally apply to a local install. Make sure you have at least these: From ba0ddee430d5295a94c47b6f23a2c439c50b5a4e Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 29 Apr 2020 19:52:12 +0300 Subject: [PATCH 20/58] Update README for Fedora 32 --- README.md | 35 ++--------------------------------- 1 file changed, 2 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index b7a1ad5..9d20a6b 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Cookbook for setting up a Linux development box. -This branch is for Fedora Workstation (version 31 at the time of this writing). +This branch is for Fedora Workstation (version 32 at the time of this writing). # Prerequisites @@ -83,7 +83,7 @@ needs to `sudo`. NOTE: Just because you're doing a remote setup doesn't mean you can ignore the pre-reqs that normally apply to a local install. Make sure you have at least these: - $ sudo pacman -S python sudo + $ sudo dnf install python sudo If you're doing the user-specific setup also, you'll probably want to configure SSH certificate auth for that user. If you're still using the Yubikey-based auth approach, you'll need to do this: @@ -104,10 +104,6 @@ install time, and configures that user's home directory the way I like. That run As with the system setup, there are a few versions of the `devuser` script with the same prefixes we use for the system version. -Most of those install IntelliJ. If you haven't done an install lately, edit the -`playbooks/roles/user-intellij/vars/main.yml` file and make sure the most recent version is downloaded. If you want to -upgrade IntelliJ later, you can also update var and re-run the `devuser.yml` playbook. - # Manual Setup Steps Unfortunately there are some steps that it't not practical or possible to automate, or that I haven't figured out yet. @@ -132,37 +128,10 @@ They are recoreded here so I don't forget to do them: rest of the settings. There's a [bug report](https://bugzilla.mozilla.org/show_bug.cgi?id=444284) to this effect which is now 11 years old. Mozilla is funded in large part by having Google search as the default search engine, make of that what you will... -- The `devuser.yml` playbook will download and "install" IntelliJ but it still needs some manual configuration: - - Obviously you have to connect the JetBrains account to establish license entitlement to use Ultimate - - I have a github repo with IntelliJ settings, so first thing configure IntelliJ to use that repo. The repo URL is - `https://github.com/anelson/intellij-settings.git` - - Install the IdeaVim plugin. The config file is part of the `dotfiles` repo, you'll find it on your system at - `~/.ideavimrc`. Point the IdeaVim plugin there and restart. - - Install the Scala and Ruby plugins - - Configure the fonts. The HiDPI screen might need bigger fonts, or JetBrains may have fixed HiDPI support as of the - version you're running, you just don't know until you try. -- There is an AUR package for CrossOver, the commercial version of Wine that can be used to make Office work, however - it's not consistently updated. Instead it's better to install it manually using the latest binary installer from - the Crossover site. My login for Crossover is in 1p. Of course one must also install Office itself. To do that go - to https://office.com, log in, and go to My Account and Subscriptions. They won't even offer you download links - unless your User Agent is a Windows browser, so use User Agent Switcher to fake that out and snag the quick - installer. - Dropbox is installed by Ansible but it must be configured manually. Run `dropbox` to start the GUI. The Arch Wiki [Dropbox](https://wiki.archlinux.org/index.php/Dropbox) page has more details -- VMWare Workstation is installed automatically but the Windows VM to use for work email and such is not. You'll have to - build that manually. I know it sucks. A few reminders: - - Install Office 2016 - - Install [ShutUp 10](https://www.oo-software.com/en/shutup10) - Create a symlink from `~/Dropbox/Documents/vimwiki` to `~/vimwiki` so the VimWiki data is always synchornized with Dropbox -- Installing the VirtualBox extensions is possible with an AUR package, but it breaks often and since this can be - downloaded and upgraded from within VirtualBox, I have opted to use that flow. So you need to install the extensions - from withint he VirtualBox GUI after the initial setup -- I use Chromium (not Chrome) to connect to the web interface for Todoist and Evernote. For each of those I use the 'Add - to desktop' feature to make a desktop link and a separate browser state for each of those. It's not the same as native - but it's the best that's available. Each time you do this the window classes will be different, so the `i3/config` - file will need to be updated accoringly. Chromium generates some dynamic and strange window class so it is not - predicable. - If this is a new system, follow my guide in the `vimwiki` for setting up Yubikeys for SSH and GPG auth. # Updating the firmware with `fwupdmgr` (applies to XPS systems specifically) From e43bfb1ebbb194970f90a46332022c3e61fb0371 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 9 May 2020 15:18:05 +0300 Subject: [PATCH 21/58] Put a placeholder for a future automation of a mako install --- playbooks/roles/gui-base/vars/main.yml | 1 + playbooks/roles/gui-user-packages/tasks/main.yml | 3 ++- playbooks/roles/gui-user-packages/vars/main.yml | 8 +++++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index f18b858..9a0c2e9 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -12,6 +12,7 @@ wayland_packages: - swaylock - wofi - light + - scdoc # Not actually required for wayland but required for building `mako` gui_packages: - gdm diff --git a/playbooks/roles/gui-user-packages/tasks/main.yml b/playbooks/roles/gui-user-packages/tasks/main.yml index 665e0d2..d6d6ba6 100644 --- a/playbooks/roles/gui-user-packages/tasks/main.yml +++ b/playbooks/roles/gui-user-packages/tasks/main.yml @@ -1,2 +1,3 @@ --- -# As of now, nothing to do here +# todo: install mako and makoctl by building from source +# i want to wait a while and see if this is something that's worthwhile before I do the work of automating in ansible diff --git a/playbooks/roles/gui-user-packages/vars/main.yml b/playbooks/roles/gui-user-packages/vars/main.yml index 6b0fff8..543fbe8 100644 --- a/playbooks/roles/gui-user-packages/vars/main.yml +++ b/playbooks/roles/gui-user-packages/vars/main.yml @@ -1,2 +1,8 @@ --- -# vars file for roles/gui-user-packages \ No newline at end of file +# vars file for roles/gui-user-packages +mako_version: 1.4.1 +mako_source_tarball_url: "https://github.com/emersion/mako/releases/download/v{{ mako_version }}/mako-{{ mako_version }}.tar.gz" +mako_binaries: + - mako + - makoctl + From 5cd734cf49132aed9a8ac39cc0b2d721187feb41 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 9 May 2020 15:44:05 +0300 Subject: [PATCH 22/58] Add some libappindicator packages used by waybar tray support --- playbooks/roles/gui-base/vars/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index 9a0c2e9..059eec7 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -58,7 +58,9 @@ gui_packages: pulseaudio-libs-devel, libudev-devel, libmpd-devel - ] + libappindicator-devel, + libappindicator-gtk3-devel + ] - tk # for i8kutils - glxinfo - nautilus From 60b255c945fba1cc5b5e54c0ba698ce681c1b6bc Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 9 May 2020 15:59:52 +0300 Subject: [PATCH 23/58] Add back in many xorg packages since sway/wayland still isn't ready for prime time --- playbooks/roles/gui-base/tasks/main.yml | 1 + playbooks/roles/gui-base/vars/main.yml | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/gui-base/tasks/main.yml b/playbooks/roles/gui-base/tasks/main.yml index edc0e4b..d923bc5 100644 --- a/playbooks/roles/gui-base/tasks/main.yml +++ b/playbooks/roles/gui-base/tasks/main.yml @@ -40,6 +40,7 @@ state: present become: yes loop: + - "{{ xorg_packages }}" - "{{ wayland_packages }}" - "{{ gui_packages }}" - "{{ theme_packages }}" diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index 059eec7..bbf0dbe 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -3,6 +3,17 @@ dropbox_rpm_url: https://www.dropbox.com/download?dl=packages/fedora/nautilus-dropbox-2019.02.14-1.fedora.x86_64.rpm zoom_rpm_url: https://zoom.us/client/latest/zoom_x86_64.rpm +xorg_packages: + - compton + - i3 + - xbacklight + - i3status + - i3lock + - xclip + - xsel + - feh + - arandr + wayland_packages: # wayland and the wayland x server are installed as part of the base Fedora Workstation install #- wayland @@ -29,13 +40,14 @@ gui_packages: - playerctl - pavucontrol - network-manager-applet - #- networkmanager-dmenu-git - blueberry - qemu - gnome-boxes - dunst - xss-lock - [ redshift, redshift-gtk ] + - lxappearance + - [ polybar, libmpdclient, alsa-lib, jsoncpp ] # polybar has several important but optional dependencies # waybar doesn't have a package yet but it does have a lot of dependencies - [ meson, @@ -57,7 +69,7 @@ gui_packages: libnl3-devel, pulseaudio-libs-devel, libudev-devel, - libmpd-devel + libmpd-devel, libappindicator-devel, libappindicator-gtk3-devel ] From d63749fec077e9f320aec2906c2d087ff69e190b Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 10 May 2020 12:58:30 +0300 Subject: [PATCH 24/58] Update README with latest experiences --- README.md | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9d20a6b..ebe73ba 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,8 @@ host, run it (as a non-privileged user with sudo permissions) as: $ ansible-playbook -c local --inventory localhost, --ask-become-pass xps-devbox.yml After running this the first time, reboot the system. It should come up with GDM and prompt you to log in. `i3` will be -an option, and `sway` also. For now I'm sticking to Xorg so the Wayland-based configs are not tested as of now. +an option, and `sway` also. As of this writing `i3` is what I'm using every day. See below for issues with +Sway/Wayland. ## Setting up a remote system @@ -122,7 +123,7 @@ They are recoreded here so I don't forget to do them: - Firefox won't work right with the GTK theme we use. To to `about:config` and create a new setting `widget.content.gtk-theme-override` and set it to `Arc-Darker`. This theme complements `Arc-Dark` nicely and renders the UI elements with a legible color combo - - In `about:config` enable `security.webauth.u2f` + - In `about:config` enable `security.webauth.u2f` (this appears to be the default in the most recent Firefox) - Ensure Firefox is the default browser and prompts when it's not, and ensure the opposite with Chrome - Configure Firefox's default search engine to be DDG, not Google. Yes, that should be synchronized along with the rest of the settings. There's a [bug report](https://bugzilla.mozilla.org/show_bug.cgi?id=444284) to this effect @@ -163,3 +164,30 @@ In general, you should _never_ use `pip` or `gem` to install system packages. In home directory is fine, but if you ever find yourself typing `sudo pip...` or `sudo gem...`, slap yourself on the wrist and see if there's an Arch official or AUR package for what you're trying to install. In almost all cases, you don't mean to install systemwide but for a specific user account or perhaps even a specific project. Always prefer that. + +## Sway and Wayland + +In this most recent update, as part of the move from Arch to Fedora, I spent a lot of time setting up a Sway config that +mirrored the capabilities I have in i3. In the end I went back to running i3. The following issues still need to be +addressed: + +* sway uses the i3 config format, but almost none of the tools used with i3 work under wayland. In particular, tray + support in Waybar is glitchy and unusable. The notification daemon `mako` isn't even packaged yet, and must be + built from source. +* Wayland has a protocol for screen sharing, and the WebRTC implementation in the latest Firefox supports it. However + Zoom does not. Maybe if I made this transition before the entire world went on lockdown and life moved to Zoom, + I would not have considered this a deal-breaker, but now I use Zoom screenshare at least once per day. Workarounds + like using the Zoom web interface are blocked by other bugs in either Firefox or Sway (people seem to disagree about + who is at fault), or setting up a virtual webcam that is actually the contents of one's screen are complex, brittle, + and generally unacceptable when a perfectly reliable alternative exists. +* No wifi network picker equivalent to `nm-applet`. +* Firefox HiDPI is broken. Firefox on Wayland appears to have absolutely no HiDPI awareness at all, in spite of + multiple breathless announcements declaring improved HiDPI support. Maybe I'm doing something wrong or missing + something obvious, but I had to configure Firefox to zoom 200%, but all of the UI chrome was still tiny and + uncomfortable to read. Chromium, Slack, Skype, all were fine. + +Fedora has made GNOME on Wayland the default DM, and that particular combination, I must admit, is great. Rock solid, +Firefox is very fast and no tearing at all, even Zoom screenshare works. But that's GNOME. If GNOME was what I wanted +for a WM, I never would have bothered with all of these contortions with i3 in the first place. + +It's a pity. I feel like we're almost there, and the performance benefits of Firefox on Wayland are fantastic. From 88d569bd7acc05f9cab3ac162491a69c5f6402a8 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Thu, 1 Oct 2020 07:48:31 +0200 Subject: [PATCH 25/58] Add `git-delta` to headless base --- playbooks/roles/headless-base/vars/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index 1db3231..5796678 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -36,6 +36,7 @@ dev_packages: - "@Development tools" - git - git-lfs + - git-delta - python3 - python3-pip - python3-setuptools From db3178eda8f229b1b07ee3c1e85393d3b1ab6737 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Tue, 17 Nov 2020 17:30:40 +0200 Subject: [PATCH 26/58] Fix how the HOME dir on the remote system is obtained This worked fine before only because coincidentally I was running ansible locally with the same username and how directory as the remote user. --- playbooks/roles/user-base/tasks/main.yml | 4 ++-- playbooks/roles/user-packages/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/playbooks/roles/user-base/tasks/main.yml b/playbooks/roles/user-base/tasks/main.yml index 6d88693..eb9220b 100644 --- a/playbooks/roles/user-base/tasks/main.yml +++ b/playbooks/roles/user-base/tasks/main.yml @@ -9,9 +9,9 @@ - name: Ensure rust programming language tools are installed shell: | curl https://sh.rustup.rs -sSf | sh -s -- --no-modify-path --default-toolchain stable -y - source "{{ lookup('env', 'HOME') }}/.cargo/env" + source "{{ ansible_env.HOME }}/.cargo/env" # install various rust components that are useful rustup component add rust-src rls rust-analysis rustup install nightly args: - creates: "{{ lookup('env', 'HOME') }}/cargo/env" + creates: "{{ ansible_env.HOME }}/cargo/env" diff --git a/playbooks/roles/user-packages/tasks/main.yml b/playbooks/roles/user-packages/tasks/main.yml index 12bb1e6..d7d0e78 100644 --- a/playbooks/roles/user-packages/tasks/main.yml +++ b/playbooks/roles/user-packages/tasks/main.yml @@ -8,7 +8,7 @@ - name: Install Rust tools for the current user shell: | - source "{{ lookup('env', 'HOME') }}/.cargo/env" + source "{{ ansible_env.HOME }}/.cargo/env" cargo install --force {{ item.name }} args: creates: "{{ ansible_env.HOME }}/.cargo/bin/{{ item.executable }}" From 5d88d7f84a03baacefaaa8e96dd12f18d2378a09 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 18 Apr 2021 18:32:25 +0200 Subject: [PATCH 27/58] Remove explicit terraform download and clean up user package install --- playbooks/roles/user-base/tasks/main.yml | 6 +++--- playbooks/roles/user-packages/tasks/main.yml | 11 +---------- playbooks/roles/user-packages/vars/main.yml | 4 ++-- 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/playbooks/roles/user-base/tasks/main.yml b/playbooks/roles/user-base/tasks/main.yml index 6d88693..bab5733 100644 --- a/playbooks/roles/user-base/tasks/main.yml +++ b/playbooks/roles/user-base/tasks/main.yml @@ -9,9 +9,9 @@ - name: Ensure rust programming language tools are installed shell: | curl https://sh.rustup.rs -sSf | sh -s -- --no-modify-path --default-toolchain stable -y - source "{{ lookup('env', 'HOME') }}/.cargo/env" + source "{{ ansible_env.HOME }}/.cargo/env" # install various rust components that are useful - rustup component add rust-src rls rust-analysis + rustup component add rust-src rustup install nightly args: - creates: "{{ lookup('env', 'HOME') }}/cargo/env" + creates: "{{ ansible_env.HOME }}/cargo/env" diff --git a/playbooks/roles/user-packages/tasks/main.yml b/playbooks/roles/user-packages/tasks/main.yml index 12bb1e6..1488a98 100644 --- a/playbooks/roles/user-packages/tasks/main.yml +++ b/playbooks/roles/user-packages/tasks/main.yml @@ -8,7 +8,7 @@ - name: Install Rust tools for the current user shell: | - source "{{ lookup('env', 'HOME') }}/.cargo/env" + source "{{ ansible_env.HOME }}/.cargo/env" cargo install --force {{ item.name }} args: creates: "{{ ansible_env.HOME }}/.cargo/bin/{{ item.executable }}" @@ -25,12 +25,3 @@ shell: | {{ ansible_env.HOME }}/.nerdfonts/install.sh when: "nerdfonts_checkout.changed" - -- name: Install terraform - shell: | - cd /tmp - curl --silent https://releases.hashicorp.com/terraform/0.12.23/terraform_{{ terraform_version }}_linux_amd64.zip -o terraform.zip - unzip terraform.zip - cp terraform {{ ansible_env.HOME}}/.local/bin - args: - creates: "{{ansible_env.HOME}}/.local/bin/terraform" diff --git a/playbooks/roles/user-packages/vars/main.yml b/playbooks/roles/user-packages/vars/main.yml index 78c652e..c346e2b 100644 --- a/playbooks/roles/user-packages/vars/main.yml +++ b/playbooks/roles/user-packages/vars/main.yml @@ -19,5 +19,5 @@ rust_packages: - { name: exa, executable: exa } - { name: fd-find, executable: fd } - { name: ripgrep, executable: rg } - -terraform_version: 0.12.23 + - { name: tealdeer, executable: tldr } + - { name: git-delta, executable: delta } From 75afdded2b88942e25ca4a26480e5ea7d49abfc9 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 1 May 2021 21:48:59 +0300 Subject: [PATCH 28/58] Add `starship` to standard Rust tools install --- playbooks/roles/user-packages/vars/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/roles/user-packages/vars/main.yml b/playbooks/roles/user-packages/vars/main.yml index c346e2b..454a300 100644 --- a/playbooks/roles/user-packages/vars/main.yml +++ b/playbooks/roles/user-packages/vars/main.yml @@ -21,3 +21,4 @@ rust_packages: - { name: ripgrep, executable: rg } - { name: tealdeer, executable: tldr } - { name: git-delta, executable: delta } + - { name: starship, executable: starship } From 4f608c29e22ab0943386a876b683e625575dae86 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 1 May 2021 21:49:14 +0300 Subject: [PATCH 29/58] Add very primitive mac playbook --- README.md | 14 ++++++++++++++ playbooks/headless-mac.yml | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 playbooks/headless-mac.yml diff --git a/README.md b/README.md index ebe73ba..9ad7b8c 100644 --- a/README.md +++ b/README.md @@ -191,3 +191,17 @@ Firefox is very fast and no tearing at all, even Zoom screenshare works. But th for a WM, I never would have bothered with all of these contortions with i3 in the first place. It's a pity. I feel like we're almost there, and the performance benefits of Firefox on Wayland are fantastic. + +# macOS + +macOS is much less amenable to automated setup. For now I'll just record the manual steps I use on a new mac setup. +Maybe over time I'll automate them more: + +* Install Homebrew from https://brew.sh + * Don't forget to enable it in the terminal +* Ensure the tmux-256color terminal type is recognized: + * `brew install ncurses && /opt/homebrew/opt/ncurses/bin/infocmp tmux-256color > ~/tmux-256color.info && tic -xe tmux-256color tmux-256color.info` + * Note the `/opt/homebrew` path assumes this command is running on an Apple Silicon mac. Adjust the path if this is an Intel mac. +* `brew install python` and `pip3 install ansible` +* Make sure the necessary community collection is installed: `ansible-galaxy collection install community.general` +* Deploy the `headless-mac.yml` playbook diff --git a/playbooks/headless-mac.yml b/playbooks/headless-mac.yml new file mode 100644 index 0000000..2d638e8 --- /dev/null +++ b/playbooks/headless-mac.yml @@ -0,0 +1,35 @@ +# This sets up a headless mac dev environment +--- +- hosts: all + become: false + + roles: + - user-base + - dotfiles + + tasks: + - name: Install Rust tools for the current user + shell: | + source "{{ ansible_env.HOME }}/.cargo/env" + cargo install --force {{ item.name }} + args: + creates: "{{ ansible_env.HOME }}/.cargo/bin/{{ item.executable }}" + with_items: + - { name: bat, executable: bat } + - { name: exa, executable: exa } + - { name: fd-find, executable: fd } + - { name: ripgrep, executable: rg } + - { name: tealdeer, executable: tldr } + - { name: git-delta, executable: delta } + - { name: starship, executable: starship } + + - name: Install Homebrew packages + community.general.homebrew: + name: "{{ item }}" + with_items: + - tmux + - wget + - fzf + - neovim + - git-lfs + - htop From e9415d62671fded85199d6dd99ca79c8f92e8de3 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 26 May 2021 16:59:02 +0300 Subject: [PATCH 30/58] Remove some pulseaudio stuff and replace with pipewire (Fedora 34) --- playbooks/roles/gui-base/vars/main.yml | 2 +- playbooks/roles/headless-base/vars/main.yml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index bbf0dbe..ddc8a48 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -48,6 +48,7 @@ gui_packages: - [ redshift, redshift-gtk ] - lxappearance - [ polybar, libmpdclient, alsa-lib, jsoncpp ] # polybar has several important but optional dependencies + - [ pipewire-libpulse, pipewire-libjack, pipewire-alsa ] # use pipewire for pulseaudio, JACK, and ALSA APIs # waybar doesn't have a package yet but it does have a lot of dependencies - [ meson, @@ -67,7 +68,6 @@ gui_packages: spdlog-devel, libnl3, libnl3-devel, - pulseaudio-libs-devel, libudev-devel, libmpd-devel, libappindicator-devel, diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index 5796678..c7aaa5d 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -14,7 +14,6 @@ utility_packages: - curl - p7zip - unzip - - pulseaudio - elinks - [ htop, nmon ] - flatpak From 96926a28e749ecb78176f77ca2adde6e70f00131 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 26 May 2021 17:03:46 +0300 Subject: [PATCH 31/58] Remove now unmaintained Adapta GTK theme --- playbooks/roles/gui-base/vars/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index ddc8a48..58e76e6 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -84,7 +84,6 @@ gui_packages: theme_packages: - arc-theme - - adapta-gtk-theme - gnome-icon-theme - moka-icon-theme From df001ecab3aa96294678a1293e661b7ecebb1934 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 26 May 2021 17:06:27 +0300 Subject: [PATCH 32/58] Replace multiple `pipewire-*` packages with `pipewire` --- playbooks/roles/gui-base/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index 58e76e6..b2f1c5f 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -48,7 +48,7 @@ gui_packages: - [ redshift, redshift-gtk ] - lxappearance - [ polybar, libmpdclient, alsa-lib, jsoncpp ] # polybar has several important but optional dependencies - - [ pipewire-libpulse, pipewire-libjack, pipewire-alsa ] # use pipewire for pulseaudio, JACK, and ALSA APIs + - pipewire # waybar doesn't have a package yet but it does have a lot of dependencies - [ meson, From 8d470556c8d75da6af5c396779d563c895982325 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 26 May 2021 17:12:40 +0300 Subject: [PATCH 33/58] Update Dropbox package URL --- playbooks/roles/gui-base/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index b2f1c5f..32bde3a 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -1,6 +1,6 @@ --- # vars file for roles/gui-base -dropbox_rpm_url: https://www.dropbox.com/download?dl=packages/fedora/nautilus-dropbox-2019.02.14-1.fedora.x86_64.rpm +dropbox_rpm_url: https://www.dropbox.com/download?dl=packages/fedora/nautilus-dropbox-2020.03.04-1.fedora.x86_64.rpm zoom_rpm_url: https://zoom.us/client/latest/zoom_x86_64.rpm xorg_packages: From f1206f10ecc2ba85bb9d32b68388aeacae61b0e9 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 26 May 2021 17:16:29 +0300 Subject: [PATCH 34/58] Disable GPG sig check on Dropbox and Zoom RPMs --- playbooks/roles/gui-base/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/playbooks/roles/gui-base/tasks/main.yml b/playbooks/roles/gui-base/tasks/main.yml index d923bc5..c70dd55 100644 --- a/playbooks/roles/gui-base/tasks/main.yml +++ b/playbooks/roles/gui-base/tasks/main.yml @@ -67,8 +67,10 @@ dnf: name: "{{ dropbox_rpm_url }}" state: present + disable_gpg_check: yes - name: Install zoom RPM dnf: name: "{{ zoom_rpm_url }}" state: present + disable_gpg_check: yes From 948b987a0eb5cbd538f550630c69fbcd61cb3f08 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 26 May 2021 18:58:56 +0300 Subject: [PATCH 35/58] Remove deprecated XPS-specific packages --- playbooks/roles/xps/tasks/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/playbooks/roles/xps/tasks/main.yml b/playbooks/roles/xps/tasks/main.yml index 0863836..06660dd 100644 --- a/playbooks/roles/xps/tasks/main.yml +++ b/playbooks/roles/xps/tasks/main.yml @@ -5,7 +5,5 @@ name: "{{ lookup('flattened', item) }}" state: present become: yes - with_items: - - "i8kutils" # fan speed control - - libva-intel-driver # video playback acceleration for Intel integrated GPUs + with_items: [] # TODO: if there are any XPS-specific packages anymore, add them here From 0673316f4cfd5c81add04d36ec0bdc0d94579249 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 26 Jun 2021 14:52:37 -0400 Subject: [PATCH 36/58] Remove IntelliJ, add Vivaldi and 1Password --- playbooks/devuser.yml | 1 - playbooks/roles/gui-base/tasks/main.yml | 63 ++++++++++++++++++--- playbooks/roles/headless-base/vars/main.yml | 2 - playbooks/roles/user-packages/vars/main.yml | 8 --- 4 files changed, 54 insertions(+), 20 deletions(-) diff --git a/playbooks/devuser.yml b/playbooks/devuser.yml index 017aa24..25fd29f 100644 --- a/playbooks/devuser.yml +++ b/playbooks/devuser.yml @@ -7,5 +7,4 @@ - user-base - dotfiles - user-packages - - user-intellij - gui-user-packages diff --git a/playbooks/roles/gui-base/tasks/main.yml b/playbooks/roles/gui-base/tasks/main.yml index c70dd55..1d257ed 100644 --- a/playbooks/roles/gui-base/tasks/main.yml +++ b/playbooks/roles/gui-base/tasks/main.yml @@ -17,23 +17,68 @@ enablerepo: alacritty state: present -- name: Enable waybar Copr repo - # Info came from this: https://copr.fedorainfracloud.org/coprs/alebastr/waybar/repo/fedora-32/alebastr-waybar-fedora-32.repo +- name: Enable vivaldi repo + command: + cmd: dnf config-manager --add-repo https://repo.vivaldi.com/archive/vivaldi-fedora.repo + warn: false + args: + creates: /etc/yum.repos.d/vivaldi-fedora.repo + +- name: install Vivaldi from a custom repo + dnf: + name: vivaldi-stable + enablerepo: vivaldi + state: present + +- name: Enable VS Code repo yum_repository: - name: waybar - description: Copr repo for waybar owned by alebastr - baseurl: https://download.copr.fedorainfracloud.org/results/alebastr/waybar/fedora-$releasever-$basearch/ + name: code + description: Visual Studio Code repo + baseurl: https://packages.microsoft.com/yumrepos/vscode skip_if_unavailable: yes - gpgkey: https://download.copr.fedorainfracloud.org/results/alebastr/waybar/pubkey.gpg + gpgkey: https://packages.microsoft.com/keys/microsoft.asc repo_gpgcheck: no enabled: yes -- name: install waybar from a custom repo +- name: install VS Code from custom repo dnf: - name: waybar - enablerepo: waybar + name: code + enablerepo: code state: present +- name: Enable 1Password repo + yum_repository: + name: 1password + description: 1Password Stable Channel + baseurl: https://downloads.1password.com/linux/rpm/stable/$basearch + skip_if_unavailable: yes + gpgkey: https://downloads.1password.com/linux/keys/1password.asc + repo_gpgcheck: no + enabled: yes + +- name: install 1Password from repo + dnf: + name: 1password + enablerepo: 1password + state: present + +#- name: Enable waybar Copr repo +# # Info came from this: https://copr.fedorainfracloud.org/coprs/alebastr/waybar/repo/fedora-32/alebastr-waybar-fedora-32.repo +# yum_repository: +# name: waybar +# description: Copr repo for waybar owned by alebastr +# baseurl: https://download.copr.fedorainfracloud.org/results/alebastr/waybar/fedora-$releasever-$basearch/ +# skip_if_unavailable: yes +# gpgkey: https://download.copr.fedorainfracloud.org/results/alebastr/waybar/pubkey.gpg +# repo_gpgcheck: no +# enabled: yes +# +#- name: install waybar from a custom repo +# dnf: +# name: waybar +# enablerepo: waybar +# state: present + - name: install base system packages that require X or Wayland dnf: name: "{{ lookup('flattened', item) }}" diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index c7aaa5d..75f71b4 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -42,8 +42,6 @@ dev_packages: # dependencies for youcompleteme viM plugin - [ boost, clang, nodejs, cmake, make, go, npm ] - swig - - exa #ls-like tool but better - - bat #syntax and git-aware cat replacement - gdb - libudev-devel - llvm-devel diff --git a/playbooks/roles/user-packages/vars/main.yml b/playbooks/roles/user-packages/vars/main.yml index 454a300..da747e7 100644 --- a/playbooks/roles/user-packages/vars/main.yml +++ b/playbooks/roles/user-packages/vars/main.yml @@ -3,15 +3,7 @@ pip_packages: - awscli - yubikey-manager - - neovim - tmuxp - - # neovim is built with Python 2.7, but it seems the ensime vim plugin - # uses the 'pip' command to test for packages, so to avoid an annoying - # error message (and in anticipation of someday neovim using python 3) - # install the packages in Python 3.x also - - sexpdata # for ensime vim - - websocket-client # also for ensime vim - neovim # also for ensime vim rust_packages: From ed9f54fe375b76528934cb182852b3d4df9b3671 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 26 Jun 2021 15:22:18 -0400 Subject: [PATCH 37/58] Remove Firefox and Chromium, add Brave --- playbooks/roles/gui-base/tasks/main.yml | 21 +++++++++++++++++++++ playbooks/roles/gui-base/vars/main.yml | 8 ++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/gui-base/tasks/main.yml b/playbooks/roles/gui-base/tasks/main.yml index 1d257ed..18b7713 100644 --- a/playbooks/roles/gui-base/tasks/main.yml +++ b/playbooks/roles/gui-base/tasks/main.yml @@ -1,5 +1,10 @@ --- # tasks file for roles/gui-base +- name: Ensure dnf plugins are present + dnf: + name: dnf-plugins-core + state: present + - name: Enable alacritty Copr repo # Info came from this: https://copr.fedorainfracloud.org/coprs/pschyska/alacritty/repo/fedora-31/pschyska-alacritty-fedora-31.repo yum_repository: @@ -30,6 +35,22 @@ enablerepo: vivaldi state: present +- name: Enable Brave repo + yum_repository: + name: brave + description: Brave browser repo + baseurl: https://brave-browser-rpm-release.s3.brave.com/x86_64/ + skip_if_unavailable: yes + gpgkey: https://brave-browser-rpm-release.s3.brave.com/brave-core.asc + repo_gpgcheck: no + enabled: yes + +- name: install Brave from a custom repo + dnf: + name: brave-browser + enablerepo: brave + state: present + - name: Enable VS Code repo yum_repository: name: code diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index 32bde3a..4193ba2 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -28,10 +28,14 @@ wayland_packages: gui_packages: - gdm - [ gnome-keyring, libsecret, seahorse ] # things like skype require this or they won't remember credentials - - firefox + # Firefox's management has made clear they are traitors to the cause of Internet freedom upon which Mozilla was founded. Disappointing + # but not surprising. Vivaldi is taking the place of Firefox in my devbox config, but it is installed from a custom repo not here + # - firefox # Fedora doesn't package Chrome because it's proprietary. Google offers an RPM download but it's manual; not clear how to automate #- google-chrome - - chromium + # + # Moving away from Chromium since it doesn't sync at all. Now using Brave in place of Chromium + # - chromium - terminator - w3m - dmenu From a44a508e8ed0046743abf4340921a5cfb4113f79 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 13 Jul 2022 16:01:23 +0400 Subject: [PATCH 38/58] Add README note about Caps Lock remap on Mac --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9ad7b8c..78b83fb 100644 --- a/README.md +++ b/README.md @@ -205,3 +205,4 @@ Maybe over time I'll automate them more: * `brew install python` and `pip3 install ansible` * Make sure the necessary community collection is installed: `ansible-galaxy collection install community.general` * Deploy the `headless-mac.yml` playbook +* Go into the Keyboard settings, click Modifier Keys, and remap Caps Lock to Escape From dc19626d961b0354b044ea1b69cbc48e0555d053 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 18 Dec 2022 12:54:04 +0400 Subject: [PATCH 39/58] Add note about Rectangle on mac --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 78b83fb..91ac093 100644 --- a/README.md +++ b/README.md @@ -206,3 +206,5 @@ Maybe over time I'll automate them more: * Make sure the necessary community collection is installed: `ansible-galaxy collection install community.general` * Deploy the `headless-mac.yml` playbook * Go into the Keyboard settings, click Modifier Keys, and remap Caps Lock to Escape +* Install [Rectangle](https://rectangleapp.com) for convenient shortcuts to resize windows. It's not i3, not by a long shot, but it sucks less than having nothing at all. + From d2a04aac0ddf1221470593752d126c554727ae6e Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 8 Jan 2023 10:37:22 -0700 Subject: [PATCH 40/58] Add another note about keyboard settings on Mac --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 91ac093..2cb12bf 100644 --- a/README.md +++ b/README.md @@ -206,5 +206,7 @@ Maybe over time I'll automate them more: * Make sure the necessary community collection is installed: `ansible-galaxy collection install community.general` * Deploy the `headless-mac.yml` playbook * Go into the Keyboard settings, click Modifier Keys, and remap Caps Lock to Escape + * NOTE: This needs to be done separately for each keyboard, so when using the Logitech wireless kbd and the Kinesis + this must be done separately for each one. * Install [Rectangle](https://rectangleapp.com) for convenient shortcuts to resize windows. It's not i3, not by a long shot, but it sucks less than having nothing at all. From 0f7236483d4f0733dc83b505393257bcd9d19d7d Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 8 Jan 2023 10:40:52 -0700 Subject: [PATCH 41/58] Add note about Finder config on Mac --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2cb12bf..f116e7d 100644 --- a/README.md +++ b/README.md @@ -209,4 +209,5 @@ Maybe over time I'll automate them more: * NOTE: This needs to be done separately for each keyboard, so when using the Logitech wireless kbd and the Kinesis this must be done separately for each one. * Install [Rectangle](https://rectangleapp.com) for convenient shortcuts to resize windows. It's not i3, not by a long shot, but it sucks less than having nothing at all. - +* Finder settings: + * Under View, activate Show Path Bar From ebae39dc67180d07e3338926980609f728f1b3ad Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 22 Jan 2023 15:47:00 +0000 Subject: [PATCH 42/58] Update Mac manual install instructions --- README.md | 25 +++++++++++++++++++++++-- playbooks/headless-mac.yml | 23 +++++++++++++---------- 2 files changed, 36 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index f116e7d..d7ffd40 100644 --- a/README.md +++ b/README.md @@ -116,6 +116,7 @@ They are recoreded here so I don't forget to do them: install the missing plugins. - By the same token you'll need to start `nvim` once to initialize all of the plugins. Make sure you do this with a working internet connection. + - Also run `:CocInstall` to make sure all CoC plugins are installed - You need to manually pull the bitmaps from the dotfiles repo. `homeshick cd dotfiles && git lfs pull` should do the trick - Firefox and Chrome configs are not easily automated. Log into them using the respective login accounts and they will @@ -198,16 +199,36 @@ macOS is much less amenable to automated setup. For now I'll just record the ma Maybe over time I'll automate them more: * Install Homebrew from https://brew.sh - * Don't forget to enable it in the terminal + * Don't forget to enable it in the terminal with `eval "$(/opt/homebrew/bin/brew shellenv)"` * Ensure the tmux-256color terminal type is recognized: * `brew install ncurses && /opt/homebrew/opt/ncurses/bin/infocmp tmux-256color > ~/tmux-256color.info && tic -xe tmux-256color tmux-256color.info` * Note the `/opt/homebrew` path assumes this command is running on an Apple Silicon mac. Adjust the path if this is an Intel mac. -* `brew install python` and `pip3 install ansible` +* `brew install python` and `brew install ansible` * Make sure the necessary community collection is installed: `ansible-galaxy collection install community.general` +# `cd` into `playbooks` and run `ansible-galaxy install -r requirements.yml` * Deploy the `headless-mac.yml` playbook + * `ansible-playbook -c local --inventory localhost, headless-mac.yml` +* Download "Sauce Code Pro" nerd fonts + * `brew tap homebrew/cask-fonts && brew install --cask font-sauce-code-pro-nerd-font` +* Install Dropbox +* Wait approximately 100 years for shitty dropbox to sync up +* Make `~/Dropbox/Documents/gpg` available offline +* Add the SSH private key to the Apple Keychain: + * `ssh-add --apple-use-keychain ~/Dropbox/Documents/gpg/id_rsa` * Go into the Keyboard settings, click Modifier Keys, and remap Caps Lock to Escape * NOTE: This needs to be done separately for each keyboard, so when using the Logitech wireless kbd and the Kinesis this must be done separately for each one. * Install [Rectangle](https://rectangleapp.com) for convenient shortcuts to resize windows. It's not i3, not by a long shot, but it sucks less than having nothing at all. * Finder settings: * Under View, activate Show Path Bar +* If using Sidecar to use the iPad as an extended display, make sure the iPad is trusted so that Sidecar will work over a cable. It own't be obvious at first that you didn't do this, but Sidecar over wifi is glitchy as fuck and will often hang. + + To establish trust, connect the iPad via the cable, so it appears in Finder. Then do a backup of the iPad. At some point this will trigger a trust prompt on the iPad and/or the mac itself. Once that is done, Sidecar should work over the cable and suck a lot less! +* Install the following manually: + * Vivaldi + * Brave + * Dropbox + * MS 365 Suite + * Alacritty + * Parallels +* Perform the manual steps which apply to Mac, a subset of those listed in [Manual Setup Steps](#manual-setup-steps) diff --git a/playbooks/headless-mac.yml b/playbooks/headless-mac.yml index 2d638e8..02c9da3 100644 --- a/playbooks/headless-mac.yml +++ b/playbooks/headless-mac.yml @@ -8,6 +8,19 @@ - dotfiles tasks: + - name: Install Homebrew packages + community.general.homebrew: + name: "{{ item }}" + with_items: + - tmux + - wget + - fzf + - neovim + - git-lfs + - htop + - cmake + - nodejs + - name: Install Rust tools for the current user shell: | source "{{ ansible_env.HOME }}/.cargo/env" @@ -23,13 +36,3 @@ - { name: git-delta, executable: delta } - { name: starship, executable: starship } - - name: Install Homebrew packages - community.general.homebrew: - name: "{{ item }}" - with_items: - - tmux - - wget - - fzf - - neovim - - git-lfs - - htop From 34a22a1e83ffe73a910306705895ef224a40c273 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 16 Sep 2023 12:21:03 +0200 Subject: [PATCH 43/58] Switch from `exa` (now deprecated) to `eza` --- playbooks/roles/headless-base/vars/main.yml | 2 +- playbooks/roles/user-packages/vars/main.yml | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index 5796678..7469303 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -43,7 +43,7 @@ dev_packages: # dependencies for youcompleteme viM plugin - [ boost, clang, nodejs, cmake, make, go, npm ] - swig - - exa #ls-like tool but better + - eza #ls-like tool but better - bat #syntax and git-aware cat replacement - gdb - libudev-devel diff --git a/playbooks/roles/user-packages/vars/main.yml b/playbooks/roles/user-packages/vars/main.yml index c346e2b..3bc0940 100644 --- a/playbooks/roles/user-packages/vars/main.yml +++ b/playbooks/roles/user-packages/vars/main.yml @@ -15,8 +15,10 @@ pip_packages: - neovim # also for ensime vim rust_packages: - - { name: bat, executable: bat } - - { name: exa, executable: exa } + - { name: eza, executable: exa } + # bat is packaged with pretty much any Linux distro I run plus brew on mac. + # Given the choice, I prefer to use a maintained package since upgrades happen automatically + #- { name: bat, executable: bat } - { name: fd-find, executable: fd } - { name: ripgrep, executable: rg } - { name: tealdeer, executable: tldr } From 2fa4724a0e37fabf0fc1a2c425f258b3710779f1 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 17 Sep 2023 15:22:27 +0300 Subject: [PATCH 44/58] Update README with new 1P SSH agent config on Mac --- README.md | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d7ffd40..b871613 100644 --- a/README.md +++ b/README.md @@ -212,12 +212,28 @@ Maybe over time I'll automate them more: * `brew tap homebrew/cask-fonts && brew install --cask font-sauce-code-pro-nerd-font` * Install Dropbox * Wait approximately 100 years for shitty dropbox to sync up -* Make `~/Dropbox/Documents/gpg` available offline -* Add the SSH private key to the Apple Keychain: - * `ssh-add --apple-use-keychain ~/Dropbox/Documents/gpg/id_rsa` +* New SSH key management: + * Now using 1Password for key management. Unfortunately right now this is now something I can commit to `dotfiles` + because it requires hard-coding a mac-specific path into the SSH config. So when setting up a new mac this will need + to be done manually until I find a solution for having platform-specific SSH configs: + * ``` + Host * + # SHIT: this is macOS specific, because on Linux hosts I have SSH'd into them from a mac with this identity agent. + # How can this co-exist with Linux systems that share this same .ssh/config file? FML. + IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" + ``` + + The exact path to set to `IdentityAgent` might be different on different installs, I'm not sure. Anyway you can + find it in the "Developer" section of 1Password settings when checking the check box to enable the SSH agent. +* Old, shitty SSH key management which should no longer be needed: + * Make `~/Dropbox/Documents/gpg` available offline + * Add the SSH private key to the Apple Keychain: + * `ssh-add --apple-use-keychain ~/Dropbox/Documents/gpg/id_rsa` * Go into the Keyboard settings, click Modifier Keys, and remap Caps Lock to Escape * NOTE: This needs to be done separately for each keyboard, so when using the Logitech wireless kbd and the Kinesis this must be done separately for each one. + * NOTE 2: It's possible on the Kinesis to remap CapsLock to Esc in hardware, but I haven't done that recently. + Keeping this here since it's necessary to do for any newly connected computer anyway. * Install [Rectangle](https://rectangleapp.com) for convenient shortcuts to resize windows. It's not i3, not by a long shot, but it sucks less than having nothing at all. * Finder settings: * Under View, activate Show Path Bar From 5e47cac37e983d8ca768814a15dd672cb326b67b Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 13 Dec 2023 00:37:33 +0100 Subject: [PATCH 45/58] Minor fixes for Fedora 39 install --- playbooks/roles/headless-base/vars/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index 83999e2..ade5900 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -19,7 +19,7 @@ utility_packages: - flatpak - openssh - ufw - - [ libu2f-host, yubikey-personalization-gui, yubikey-manager, ykpers, ykpers-devel, yubioath-desktop, ykclient-devel, libusb, pcsc-lite, pcsc-lite-devel, ccid ] # related to working with yubikeys + - [ libu2f-host, yubikey-manager, ykpers, ykpers-devel, ykclient-devel, libusb, pcsc-lite, pcsc-lite-devel, ccid ] # related to working with yubikeys - jq - fio - bc @@ -40,7 +40,7 @@ dev_packages: - python3-pip - python3-setuptools # dependencies for youcompleteme viM plugin - - [ boost, clang, nodejs, cmake, make, go, npm ] + - [ boost, clang, mold, nodejs, cmake, make, go, npm ] - swig - eza #ls-like tool but better - bat #syntax and git-aware cat replacement From 9369a5121c17464123756ff8ee98536508a24b56 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 2 Mar 2024 00:48:21 +0200 Subject: [PATCH 46/58] Update for latest situation on Fedora 39 Alacritty now installs from one of the main repos. Add some additional Rust tools for embedded development Remove some X and Wayland packages that aren't in the Fedora 39 package repos anymore. --- playbooks/roles/gui-base/tasks/main.yml | 16 ++-------------- playbooks/roles/gui-base/vars/main.yml | 4 +--- playbooks/roles/user-packages/tasks/main.yml | 3 +++ playbooks/roles/user-packages/vars/main.yml | 6 ++++++ 4 files changed, 12 insertions(+), 17 deletions(-) diff --git a/playbooks/roles/gui-base/tasks/main.yml b/playbooks/roles/gui-base/tasks/main.yml index 18b7713..d291be8 100644 --- a/playbooks/roles/gui-base/tasks/main.yml +++ b/playbooks/roles/gui-base/tasks/main.yml @@ -5,27 +5,14 @@ name: dnf-plugins-core state: present -- name: Enable alacritty Copr repo - # Info came from this: https://copr.fedorainfracloud.org/coprs/pschyska/alacritty/repo/fedora-31/pschyska-alacritty-fedora-31.repo - yum_repository: - name: alacritty - description: Copr repo for alacritty owned by pschyska - baseurl: https://copr-be.cloud.fedoraproject.org/results/pschyska/alacritty/fedora-$releasever-$basearch/ - skip_if_unavailable: yes - gpgkey: https://copr-be.cloud.fedoraproject.org/results/pschyska/alacritty/pubkey.gpg - repo_gpgcheck: no - enabled: yes - -- name: install alacritty from a custom repo +- name: install alacritty dnf: name: alacritty - enablerepo: alacritty state: present - name: Enable vivaldi repo command: cmd: dnf config-manager --add-repo https://repo.vivaldi.com/archive/vivaldi-fedora.repo - warn: false args: creates: /etc/yum.repos.d/vivaldi-fedora.repo @@ -133,6 +120,7 @@ dnf: name: "{{ dropbox_rpm_url }}" state: present + use_backend: dnf5 disable_gpg_check: yes - name: Install zoom RPM diff --git a/playbooks/roles/gui-base/vars/main.yml b/playbooks/roles/gui-base/vars/main.yml index 4193ba2..f5ecfa7 100644 --- a/playbooks/roles/gui-base/vars/main.yml +++ b/playbooks/roles/gui-base/vars/main.yml @@ -1,10 +1,9 @@ --- # vars file for roles/gui-base -dropbox_rpm_url: https://www.dropbox.com/download?dl=packages/fedora/nautilus-dropbox-2020.03.04-1.fedora.x86_64.rpm +dropbox_rpm_url: https://www.dropbox.com/download?dl=packages/fedora/nautilus-dropbox-2024.01.22-1.fc39.x86_64.rpm zoom_rpm_url: https://zoom.us/client/latest/zoom_x86_64.rpm xorg_packages: - - compton - i3 - xbacklight - i3status @@ -44,7 +43,6 @@ gui_packages: - playerctl - pavucontrol - network-manager-applet - - blueberry - qemu - gnome-boxes - dunst diff --git a/playbooks/roles/user-packages/tasks/main.yml b/playbooks/roles/user-packages/tasks/main.yml index 1488a98..2bd829c 100644 --- a/playbooks/roles/user-packages/tasks/main.yml +++ b/playbooks/roles/user-packages/tasks/main.yml @@ -14,6 +14,9 @@ creates: "{{ ansible_env.HOME }}/.cargo/bin/{{ item.executable }}" with_items: "{{ rust_packages }}" +- name: Install target for ARM cores like the Pi Pico + shell: rustup target add thumbv6m-none-eabi + - name: Check out NerdFonts repo git: repo: 'https://github.com/ryanoasis/nerd-fonts.git' diff --git a/playbooks/roles/user-packages/vars/main.yml b/playbooks/roles/user-packages/vars/main.yml index 1e35c8a..5609b0b 100644 --- a/playbooks/roles/user-packages/vars/main.yml +++ b/playbooks/roles/user-packages/vars/main.yml @@ -16,3 +16,9 @@ rust_packages: - { name: tealdeer, executable: tldr } - { name: git-delta, executable: delta } - { name: starship, executable: starship } + + # Useful to creating UF2 images for the RP2040 USB Bootloader + - { name: elf2uf2-rs, executable: elf2uf2 } + +# Useful for flashing over the SWD pins using a supported JTAG probe + - { name: probe-rs, features: [cli], executable: probe-rs } From 8febf65332b210adcc347c079287645faaee078b Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 3 Mar 2024 14:32:58 +0200 Subject: [PATCH 47/58] Update README with instructions for Mac 1Password setup Update playbooks to configure 1P to trust Vivaldi automatically Install the system ruby-devel package since that seems to be sufficient now. Maybe the horror of RVM is obsoleted now... --- README.md | 10 ++++++++-- playbooks/roles/gui-base/tasks/main.yml | 17 ++++++++++++++++- playbooks/roles/headless-base/vars/main.yml | 1 + 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b871613..723ec53 100644 --- a/README.md +++ b/README.md @@ -241,10 +241,16 @@ Maybe over time I'll automate them more: To establish trust, connect the iPad via the cable, so it appears in Finder. Then do a backup of the iPad. At some point this will trigger a trust prompt on the iPad and/or the mac itself. Once that is done, Sidecar should work over the cable and suck a lot less! * Install the following manually: - * Vivaldi - * Brave + * Vivaldi (See note about 1Password below) + * Brave (See note about 1Password below) * Dropbox * MS 365 Suite * Alacritty * Parallels +* Configure 1Password to trust Vivaldi and Brave + * By default, 1P trusts Chrome, Edge, Safari, maybe Firefox. It won't let the 1P extension in Brave or Vivaldi talk + to the 1P desktop app, which results in a shit experience. Open the 1P desktop app, go to Settings, Browsers, there's + an UI option to add a trusted browser. Navigate to the Vivaldi and Brave executables. You can verify this works by + opening 1P extension in the browser and going to settings; the option to integrate w/ the desktop version should be + enabled and the status light should go from amber to green confirming it works. * Perform the manual steps which apply to Mac, a subset of those listed in [Manual Setup Steps](#manual-setup-steps) diff --git a/playbooks/roles/gui-base/tasks/main.yml b/playbooks/roles/gui-base/tasks/main.yml index d291be8..c20d643 100644 --- a/playbooks/roles/gui-base/tasks/main.yml +++ b/playbooks/roles/gui-base/tasks/main.yml @@ -14,7 +14,7 @@ command: cmd: dnf config-manager --add-repo https://repo.vivaldi.com/archive/vivaldi-fedora.repo args: - creates: /etc/yum.repos.d/vivaldi-fedora.repo + creates: /etc/yum.repos.d/vivaldi.repo - name: install Vivaldi from a custom repo dnf: @@ -70,6 +70,21 @@ enablerepo: 1password state: present +- name: Ensure Vivaldi is trusted by 1P so the extension will work there. + ansible.builtin.lineinfile: + path: /etc/1password/custom_allowed_browsers + line: "{{ item }}" + state: present + create: yes + owner: root + group: root + mode: '0644' + loop: + # I'm not sure which of these lines actually makes Vivaldi work. I have both on my system where I did + # this manually. The docs are ambiguous. Anyway this definitely works. + - vivaldi-bin + - /opt/vivaldi/vivaldi-bin + #- name: Enable waybar Copr repo # # Info came from this: https://copr.fedorainfracloud.org/coprs/alebastr/waybar/repo/fedora-32/alebastr-waybar-fedora-32.repo # yum_repository: diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index ade5900..c61254c 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -41,6 +41,7 @@ dev_packages: - python3-setuptools # dependencies for youcompleteme viM plugin - [ boost, clang, mold, nodejs, cmake, make, go, npm ] + - ruby-devel # Is the system Ruby package finally mature enough to not hassle w/ RVM? I hope so - swig - eza #ls-like tool but better - bat #syntax and git-aware cat replacement From a07a903a566497a99a424e64c6bb75e36408517a Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 3 Mar 2024 16:07:40 +0200 Subject: [PATCH 48/58] Add Gnome caps-lock-as-esc setting and add some configs for Pi Pico devlopment The Pico stuff is additional packages, and configuring minicom to have a more reasonable meta key that's easier to actuate under tmux --- playbooks/roles/gui-base/tasks/main.yml | 19 +++++++++++++++++++ playbooks/roles/headless-base/tasks/main.yml | 10 ++++++++++ playbooks/roles/headless-base/vars/main.yml | 2 ++ 3 files changed, 31 insertions(+) diff --git a/playbooks/roles/gui-base/tasks/main.yml b/playbooks/roles/gui-base/tasks/main.yml index c20d643..4c9c13c 100644 --- a/playbooks/roles/gui-base/tasks/main.yml +++ b/playbooks/roles/gui-base/tasks/main.yml @@ -143,3 +143,22 @@ name: "{{ zoom_rpm_url }}" state: present disable_gpg_check: yes + +- name: Ensure dconf directory exists for machine-wide Gnome settings + ansible.builtin.file: + path: /etc/dconf/db/local.d + state: directory + mode: '0755' + +- name: Set Caps Lock to act as Escape in Gnome + ansible.builtin.copy: + dest: /etc/dconf/db/local.d/00-keyboard-remap + content: | + [org/gnome/desktop/input-sources] + xkb-options=['caps:escape'] + mode: '0644' + +- name: Compile Gnome dconf settings + ansible.builtin.shell: dconf update + args: + executable: /bin/bash diff --git a/playbooks/roles/headless-base/tasks/main.yml b/playbooks/roles/headless-base/tasks/main.yml index 2e4305d..9c9942c 100644 --- a/playbooks/roles/headless-base/tasks/main.yml +++ b/playbooks/roles/headless-base/tasks/main.yml @@ -16,6 +16,16 @@ enabled: yes state: started +- name: configure minicom meta key to be usable inside tmux + ansible.builtin.lineinfile: + path: /etc/minirc.dfl + regexp: '^pu escape-key\s+' + # Minicom by default uses Ctrl-A which is extremely inconvenient with how I have my tmux config set up, where + # Ctrl-A is the meta key for tmux, and Ctrl-A a is mapped to the popup window switcher. I don't have an easy way + # to send Ctrl-A to the inner session + line: 'pu escape-key ^B' + state: present + # As of 2020-04-29 (1 day after the Fedora 32 release), the docker repos don't have packages for fedora 32. # In any case, I want to start using `podman` instead since it sucks less and is better integrated into the Fedora # ecosystem. diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index c61254c..6f6c742 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -42,6 +42,8 @@ dev_packages: # dependencies for youcompleteme viM plugin - [ boost, clang, mold, nodejs, cmake, make, go, npm ] - ruby-devel # Is the system Ruby package finally mature enough to not hassle w/ RVM? I hope so + # stuff for cross-compiling to the Pi Pico (and probably anything else RP2040 or similar) + - [arm-none-eabi-binutils-cs, arm-none-eabi-gcc-cs, arm-none-eabi-gcc-cs-c++, arm-none-eabi-newlib, minicom] - swig - eza #ls-like tool but better - bat #syntax and git-aware cat replacement From 40332f0016b11de3cd417370e6a6a617b689fd6e Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 3 Mar 2024 18:27:17 +0200 Subject: [PATCH 49/58] Add `openocd` package for embedded Pi Pico debugging --- playbooks/roles/headless-base/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index 6f6c742..30d72db 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -43,7 +43,7 @@ dev_packages: - [ boost, clang, mold, nodejs, cmake, make, go, npm ] - ruby-devel # Is the system Ruby package finally mature enough to not hassle w/ RVM? I hope so # stuff for cross-compiling to the Pi Pico (and probably anything else RP2040 or similar) - - [arm-none-eabi-binutils-cs, arm-none-eabi-gcc-cs, arm-none-eabi-gcc-cs-c++, arm-none-eabi-newlib, minicom] + - [arm-none-eabi-binutils-cs, arm-none-eabi-gcc-cs, arm-none-eabi-gcc-cs-c++, arm-none-eabi-newlib, minicom, openocd] - swig - eza #ls-like tool but better - bat #syntax and git-aware cat replacement From ff39887f7597a85f9cd0e8844e01524cdb4922e0 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sat, 15 Jun 2024 18:05:37 +0200 Subject: [PATCH 50/58] Replace `exa` with `eza` `eza` is a fork of `exa`. `exa` is no longer maintained --- playbooks/headless-mac.yml | 2 +- playbooks/roles/user-packages/vars/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/headless-mac.yml b/playbooks/headless-mac.yml index 02c9da3..8affa0e 100644 --- a/playbooks/headless-mac.yml +++ b/playbooks/headless-mac.yml @@ -29,7 +29,7 @@ creates: "{{ ansible_env.HOME }}/.cargo/bin/{{ item.executable }}" with_items: - { name: bat, executable: bat } - - { name: exa, executable: exa } + - { name: eza, executable: eza } - { name: fd-find, executable: fd } - { name: ripgrep, executable: rg } - { name: tealdeer, executable: tldr } diff --git a/playbooks/roles/user-packages/vars/main.yml b/playbooks/roles/user-packages/vars/main.yml index 5609b0b..50ea23e 100644 --- a/playbooks/roles/user-packages/vars/main.yml +++ b/playbooks/roles/user-packages/vars/main.yml @@ -7,7 +7,7 @@ pip_packages: - neovim # also for ensime vim rust_packages: - - { name: eza, executable: exa } + - { name: eza, executable: eza } # bat is packaged with pretty much any Linux distro I run plus brew on mac. # Given the choice, I prefer to use a maintained package since upgrades happen automatically #- { name: bat, executable: bat } From 155cc86b8123f2d28ed91ccd7b8dffa11fd91ced Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Thu, 24 Oct 2024 17:01:42 +0300 Subject: [PATCH 51/58] Add Jetbrains Mono nerdfont --- playbooks/headless-mac.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/headless-mac.yml b/playbooks/headless-mac.yml index 8affa0e..0b1e909 100644 --- a/playbooks/headless-mac.yml +++ b/playbooks/headless-mac.yml @@ -20,6 +20,7 @@ - htop - cmake - nodejs + - font-jetbrains-mono-nerd-font - name: Install Rust tools for the current user shell: | From 1553853a929741b9baca6bd2b2edb9a8bff74a98 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 1 Dec 2024 13:03:28 +0100 Subject: [PATCH 52/58] Update README with new manual setup steps related to VS Code --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 723ec53..5ec1687 100644 --- a/README.md +++ b/README.md @@ -135,6 +135,10 @@ They are recoreded here so I don't forget to do them: - Create a symlink from `~/Dropbox/Documents/vimwiki` to `~/vimwiki` so the VimWiki data is always synchornized with Dropbox - If this is a new system, follow my guide in the `vimwiki` for setting up Yubikeys for SSH and GPG auth. +- VS Code settings are stored in different places depending upon the platform. They are not well suited to using `homeshick`. So instead + I use the built-in settings sync feature, using my Github login. So when setting up a new devbox, install VS Code and enable settings sync + to get the latest settings. As of this writing, the most important one is a `keybindings.json` setting that ensures that Alt-c works in + VS Code terminals to actually sent Alt-c and thus invoke fzf directory autocomplete. # Updating the firmware with `fwupdmgr` (applies to XPS systems specifically) @@ -237,15 +241,12 @@ Maybe over time I'll automate them more: * Install [Rectangle](https://rectangleapp.com) for convenient shortcuts to resize windows. It's not i3, not by a long shot, but it sucks less than having nothing at all. * Finder settings: * Under View, activate Show Path Bar -* If using Sidecar to use the iPad as an extended display, make sure the iPad is trusted so that Sidecar will work over a cable. It own't be obvious at first that you didn't do this, but Sidecar over wifi is glitchy as fuck and will often hang. - - To establish trust, connect the iPad via the cable, so it appears in Finder. Then do a backup of the iPad. At some point this will trigger a trust prompt on the iPad and/or the mac itself. Once that is done, Sidecar should work over the cable and suck a lot less! * Install the following manually: * Vivaldi (See note about 1Password below) * Brave (See note about 1Password below) * Dropbox * MS 365 Suite - * Alacritty + * WezTerm * Parallels * Configure 1Password to trust Vivaldi and Brave * By default, 1P trusts Chrome, Edge, Safari, maybe Firefox. It won't let the 1P extension in Brave or Vivaldi talk From 2f623f0f942e5776da8e8bebd50993f769bb8c79 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 11 Dec 2024 19:45:12 +0100 Subject: [PATCH 53/58] Tidy up README, reformat, run some Markdown beautifier, add Wezterm and VS Code --- README.md | 183 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 96 insertions(+), 87 deletions(-) diff --git a/README.md b/README.md index 5ec1687..f431d57 100644 --- a/README.md +++ b/README.md @@ -8,9 +8,9 @@ This branch is for Fedora Workstation (version 32 at the time of this writing). Fedora should be installed with the normal install process, and basics like disk encryption, boot loaders, network configs should be done. A non-privileged user should be created with sudo privileges, and the running of the Ansible playbooks should be done by -that user. The initial setup flow that creates the first user automatically enables sudo so this should be easy. +that user. The initial setup flow that creates the first user automatically enables sudo so this should be easy. -After initial setup you're in GNOME. Open a terminal and: +After initial setup you're in GNOME. Open a terminal and: sudo dnf upgrade sudo dnf install git git-lfs ansible @@ -22,7 +22,7 @@ As the non-priviledged user, make sure zsh is installed and the default shell: # Initial setup -If this is a fresh system also make sure you have the minimal dependencies that are required to run ansible. See the +If this is a fresh system also make sure you have the minimal dependencies that are required to run ansible. See the PrePrerequisites section. To start with, clone this repo somewhere. _IMPORTANT_: make sure you remember to run the `git submodule` and `git lfs` @@ -47,12 +47,12 @@ run from the `playbooks/` directory. There are a few versions of the setup script: -* `devbox.yml` is the base version and I never use this one directly -* `xps-devbox.yml` sets up an XPS 13/15 HiDPI laptop system -* `desktop-devbox.yml` sets up a desktop system assumed to have a HiDPI monitor and not use battery power -* `headless-devbox.yml` sets up a headless system like a server or cloud instance, without X or any power management +- `devbox.yml` is the base version and I never use this one directly +- `xps-devbox.yml` sets up an XPS 13/15 HiDPI laptop system +- `desktop-devbox.yml` sets up a desktop system assumed to have a HiDPI monitor and not use battery power +- `headless-devbox.yml` sets up a headless system like a server or cloud instance, without X or any power management -As per Ansible convention, all of these are located in the `playbooks/` directory. +As per Ansible convention, all of these are located in the `playbooks/` directory. _NB_: In this repo there is a `playbooks` directory containing the playbooks. You must `cd` into this directory before running `ansible-playbook`, because the `ansible.cfg` file must be in the current directory and must be relative to the @@ -69,7 +69,7 @@ host, run it (as a non-privileged user with sudo permissions) as: $ ansible-playbook -c local --inventory localhost, --ask-become-pass xps-devbox.yml After running this the first time, reboot the system. It should come up with GDM and prompt you to log in. `i3` will be -an option, and `sway` also. As of this writing `i3` is what I'm using every day. See below for issues with +an option, and `sway` also. As of this writing `i3` is what I'm using every day. See below for issues with Sway/Wayland. ## Setting up a remote system @@ -114,9 +114,9 @@ They are recoreded here so I don't forget to do them: automatically install `tpm`, the tmux plugin manager. However it's not obvious how to make it install the missing plugins automatically. To do that, start a `tmux` session and press `Ctrl-A` and then `I`. That will force tpm to install the missing plugins. -- By the same token you'll need to start `nvim` once to initialize all of the plugins. Make sure you do this with a - working internet connection. - - Also run `:CocInstall` to make sure all CoC plugins are installed +- By the same token you'll need to start `nvim` once to initialize all of the plugins. Make sure you do this with a + working internet connection. + - Also run `:CocInstall` to make sure all CoC plugins are installed - You need to manually pull the bitmaps from the dotfiles repo. `homeshick cd dotfiles && git lfs pull` should do the trick - Firefox and Chrome configs are not easily automated. Log into them using the respective login accounts and they will @@ -126,19 +126,20 @@ They are recoreded here so I don't forget to do them: the UI elements with a legible color combo - In `about:config` enable `security.webauth.u2f` (this appears to be the default in the most recent Firefox) - Ensure Firefox is the default browser and prompts when it's not, and ensure the opposite with Chrome - - Configure Firefox's default search engine to be DDG, not Google. Yes, that should be synchronized along with the - rest of the settings. There's a [bug report](https://bugzilla.mozilla.org/show_bug.cgi?id=444284) to this effect - which is now 11 years old. Mozilla is funded in large part by having Google search as the default search engine, - make of that what you will... + - Configure Firefox's default search engine to be DDG, not Google. Yes, that should be synchronized along with the + rest of the settings. There's a [bug report](https://bugzilla.mozilla.org/show_bug.cgi?id=444284) to this effect + which is now 11 years old. Mozilla is funded in large part by having Google search as the default search engine, + make of that what you will... - Dropbox is installed by Ansible but it must be configured manually. Run `dropbox` to start the GUI. The Arch Wiki [Dropbox](https://wiki.archlinux.org/index.php/Dropbox) page has more details - Create a symlink from `~/Dropbox/Documents/vimwiki` to `~/vimwiki` so the VimWiki data is always synchornized with Dropbox -- If this is a new system, follow my guide in the `vimwiki` for setting up Yubikeys for SSH and GPG auth. -- VS Code settings are stored in different places depending upon the platform. They are not well suited to using `homeshick`. So instead - I use the built-in settings sync feature, using my Github login. So when setting up a new devbox, install VS Code and enable settings sync - to get the latest settings. As of this writing, the most important one is a `keybindings.json` setting that ensures that Alt-c works in +- If this is a new system, follow my guide in the `vimwiki` for setting up Yubikeys for SSH and GPG auth. +- VS Code settings are stored in different places depending upon the platform. They are not well suited to using `homeshick`. So instead + I use the built-in settings sync feature, using my Github login. So when setting up a new devbox, install VS Code and enable settings sync + to get the latest settings. As of this writing, the most important one is a `keybindings.json` setting that ensures that Alt-c works in VS Code terminals to actually sent Alt-c and thus invoke fzf directory autocomplete. + ======= # Updating the firmware with `fwupdmgr` (applies to XPS systems specifically) @@ -160,8 +161,8 @@ filesystem unencrypted. I use FDE so they're still encrypted before they hit the running under my account can read them. That's not ideal. Long story short I tried to find a good solution here that works for headless and headed systems and it seems -impossible. So instead I use Git certificate auth from a Yubikey. There's a page in the `vimwiki` about how to set -this up. The dotfiles are already configured for it. +impossible. So instead I use Git certificate auth from a Yubikey. There's a page in the `vimwiki` about how to set +this up. The dotfiles are already configured for it. # Notes @@ -170,88 +171,96 @@ home directory is fine, but if you ever find yourself typing `sudo pip...` or `s and see if there's an Arch official or AUR package for what you're trying to install. In almost all cases, you don't mean to install systemwide but for a specific user account or perhaps even a specific project. Always prefer that. -## Sway and Wayland +## Sway and Wayland In this most recent update, as part of the move from Arch to Fedora, I spent a lot of time setting up a Sway config that -mirrored the capabilities I have in i3. In the end I went back to running i3. The following issues still need to be +mirrored the capabilities I have in i3. In the end I went back to running i3. The following issues still need to be addressed: -* sway uses the i3 config format, but almost none of the tools used with i3 work under wayland. In particular, tray - support in Waybar is glitchy and unusable. The notification daemon `mako` isn't even packaged yet, and must be - built from source. -* Wayland has a protocol for screen sharing, and the WebRTC implementation in the latest Firefox supports it. However - Zoom does not. Maybe if I made this transition before the entire world went on lockdown and life moved to Zoom, - I would not have considered this a deal-breaker, but now I use Zoom screenshare at least once per day. Workarounds - like using the Zoom web interface are blocked by other bugs in either Firefox or Sway (people seem to disagree about - who is at fault), or setting up a virtual webcam that is actually the contents of one's screen are complex, brittle, - and generally unacceptable when a perfectly reliable alternative exists. -* No wifi network picker equivalent to `nm-applet`. -* Firefox HiDPI is broken. Firefox on Wayland appears to have absolutely no HiDPI awareness at all, in spite of - multiple breathless announcements declaring improved HiDPI support. Maybe I'm doing something wrong or missing - something obvious, but I had to configure Firefox to zoom 200%, but all of the UI chrome was still tiny and - uncomfortable to read. Chromium, Slack, Skype, all were fine. - -Fedora has made GNOME on Wayland the default DM, and that particular combination, I must admit, is great. Rock solid, -Firefox is very fast and no tearing at all, even Zoom screenshare works. But that's GNOME. If GNOME was what I wanted +- sway uses the i3 config format, but almost none of the tools used with i3 work under wayland. In particular, tray + support in Waybar is glitchy and unusable. The notification daemon `mako` isn't even packaged yet, and must be + built from source. +- Wayland has a protocol for screen sharing, and the WebRTC implementation in the latest Firefox supports it. However + Zoom does not. Maybe if I made this transition before the entire world went on lockdown and life moved to Zoom, + I would not have considered this a deal-breaker, but now I use Zoom screenshare at least once per day. Workarounds + like using the Zoom web interface are blocked by other bugs in either Firefox or Sway (people seem to disagree about + who is at fault), or setting up a virtual webcam that is actually the contents of one's screen are complex, brittle, + and generally unacceptable when a perfectly reliable alternative exists. +- No wifi network picker equivalent to `nm-applet`. +- Firefox HiDPI is broken. Firefox on Wayland appears to have absolutely no HiDPI awareness at all, in spite of + multiple breathless announcements declaring improved HiDPI support. Maybe I'm doing something wrong or missing + something obvious, but I had to configure Firefox to zoom 200%, but all of the UI chrome was still tiny and + uncomfortable to read. Chromium, Slack, Skype, all were fine. + +Fedora has made GNOME on Wayland the default DM, and that particular combination, I must admit, is great. Rock solid, +Firefox is very fast and no tearing at all, even Zoom screenshare works. But that's GNOME. If GNOME was what I wanted for a WM, I never would have bothered with all of these contortions with i3 in the first place. -It's a pity. I feel like we're almost there, and the performance benefits of Firefox on Wayland are fantastic. +It's a pity. I feel like we're almost there, and the performance benefits of Firefox on Wayland are fantastic. # macOS -macOS is much less amenable to automated setup. For now I'll just record the manual steps I use on a new mac setup. +macOS is much less amenable to automated setup. For now I'll just record the manual steps I use on a new mac setup. Maybe over time I'll automate them more: -* Install Homebrew from https://brew.sh - * Don't forget to enable it in the terminal with `eval "$(/opt/homebrew/bin/brew shellenv)"` -* Ensure the tmux-256color terminal type is recognized: - * `brew install ncurses && /opt/homebrew/opt/ncurses/bin/infocmp tmux-256color > ~/tmux-256color.info && tic -xe tmux-256color tmux-256color.info` - * Note the `/opt/homebrew` path assumes this command is running on an Apple Silicon mac. Adjust the path if this is an Intel mac. -* `brew install python` and `brew install ansible` -* Make sure the necessary community collection is installed: `ansible-galaxy collection install community.general` +- Install Homebrew from https://brew.sh + - Don't forget to enable it in the terminal with `eval "$(/opt/homebrew/bin/brew shellenv)"` +- Ensure the tmux-256color terminal type is recognized: + - `brew install ncurses && /opt/homebrew/opt/ncurses/bin/infocmp tmux-256color > ~/tmux-256color.info && tic -xe tmux-256color ~/tmux-256color.info` + - Note the `/opt/homebrew` path assumes this command is running on an Apple Silicon mac. Adjust the path if this is an Intel mac. + - NOTE 2: According to macOS 14 Sonoma finally ships with a newer ncurses that has tmux-256color built in. + I've not verified this yet, but this step might not be needed anymore. If you think it isn't, make sure that underlines, undercurls, and colored underlines work in neovim. +- `brew install python` and `brew install ansible` +- Make sure the necessary community collection is installed: `ansible-galaxy collection install community.general` + # `cd` into `playbooks` and run `ansible-galaxy install -r requirements.yml` -* Deploy the `headless-mac.yml` playbook - * `ansible-playbook -c local --inventory localhost, headless-mac.yml` -* Download "Sauce Code Pro" nerd fonts - * `brew tap homebrew/cask-fonts && brew install --cask font-sauce-code-pro-nerd-font` -* Install Dropbox -* Wait approximately 100 years for shitty dropbox to sync up -* New SSH key management: - * Now using 1Password for key management. Unfortunately right now this is now something I can commit to `dotfiles` - because it requires hard-coding a mac-specific path into the SSH config. So when setting up a new mac this will need - to be done manually until I find a solution for having platform-specific SSH configs: - * ``` + +- Deploy the `headless-mac.yml` playbook + - `ansible-playbook -c local --inventory localhost, headless-mac.yml` +- Download "Sauce Code Pro" nerd fonts + - `brew tap homebrew/cask-fonts && brew install --cask font-sauce-code-pro-nerd-font` +- Install Dropbox +- Wait approximately 100 years for shitty dropbox to sync up +- New SSH key management: + + - Now using 1Password for key management. Unfortunately right now this is now something I can commit to `dotfiles` + because it requires hard-coding a mac-specific path into the SSH config. So when setting up a new mac this will need + to be done manually until I find a solution for having platform-specific SSH configs: + - ``` Host * # SHIT: this is macOS specific, because on Linux hosts I have SSH'd into them from a mac with this identity agent. # How can this co-exist with Linux systems that share this same .ssh/config file? FML. IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" ``` - The exact path to set to `IdentityAgent` might be different on different installs, I'm not sure. Anyway you can + The exact path to set to `IdentityAgent` might be different on different installs, I'm not sure. Anyway you can find it in the "Developer" section of 1Password settings when checking the check box to enable the SSH agent. -* Old, shitty SSH key management which should no longer be needed: - * Make `~/Dropbox/Documents/gpg` available offline - * Add the SSH private key to the Apple Keychain: - * `ssh-add --apple-use-keychain ~/Dropbox/Documents/gpg/id_rsa` -* Go into the Keyboard settings, click Modifier Keys, and remap Caps Lock to Escape - * NOTE: This needs to be done separately for each keyboard, so when using the Logitech wireless kbd and the Kinesis + +- Old, shitty SSH key management which should no longer be needed: + - Make `~/Dropbox/Documents/gpg` available offline + - Add the SSH private key to the Apple Keychain: + - `ssh-add --apple-use-keychain ~/Dropbox/Documents/gpg/id_rsa` +- Go into the Keyboard settings, click Modifier Keys, and remap Caps Lock to Escape + + - NOTE: This needs to be done separately for each keyboard, so when using the Logitech wireless kbd and the Kinesis this must be done separately for each one. - * NOTE 2: It's possible on the Kinesis to remap CapsLock to Esc in hardware, but I haven't done that recently. - Keeping this here since it's necessary to do for any newly connected computer anyway. -* Install [Rectangle](https://rectangleapp.com) for convenient shortcuts to resize windows. It's not i3, not by a long shot, but it sucks less than having nothing at all. -* Finder settings: - * Under View, activate Show Path Bar -* Install the following manually: - * Vivaldi (See note about 1Password below) - * Brave (See note about 1Password below) - * Dropbox - * MS 365 Suite - * WezTerm - * Parallels -* Configure 1Password to trust Vivaldi and Brave - * By default, 1P trusts Chrome, Edge, Safari, maybe Firefox. It won't let the 1P extension in Brave or Vivaldi talk - to the 1P desktop app, which results in a shit experience. Open the 1P desktop app, go to Settings, Browsers, there's - an UI option to add a trusted browser. Navigate to the Vivaldi and Brave executables. You can verify this works by - opening 1P extension in the browser and going to settings; the option to integrate w/ the desktop version should be - enabled and the status light should go from amber to green confirming it works. -* Perform the manual steps which apply to Mac, a subset of those listed in [Manual Setup Steps](#manual-setup-steps) + - NOTE 2: It's possible on the Kinesis to remap CapsLock to Esc in hardware, but I haven't done that recently. + Keeping this here since it's necessary to do for any newly connected computer anyway. + +- Install [Rectangle](https://rectangleapp.com) for convenient shortcuts to resize windows. It's not i3, not by a long shot, but it sucks less than having nothing at all. +- Finder settings: + - Under View, activate Show Path Bar +- Install the following manually: + - Vivaldi (See note about 1Password below) + - Brave (See note about 1Password below) + - Dropbox + - MS 365 Suite + - WezTerm + - Parallels +- Configure 1Password to trust Vivaldi and Brave + - By default, 1P trusts Chrome, Edge, Safari, maybe Firefox. It won't let the 1P extension in Brave or Vivaldi talk + to the 1P desktop app, which results in a shit experience. Open the 1P desktop app, go to Settings, Browsers, there's + an UI option to add a trusted browser. Navigate to the Vivaldi and Brave executables. You can verify this works by + opening 1P extension in the browser and going to settings; the option to integrate w/ the desktop version should be + enabled and the status light should go from amber to green confirming it works. +- Perform the manual steps which apply to Mac, a subset of those listed in [Manual Setup Steps](#manual-setup-steps) From 84b7d09e69a5e1d9e85cde649206d5f9af3d6be0 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 11 Dec 2024 19:46:08 +0100 Subject: [PATCH 54/58] Fix rustup install command in user-base role This failed on an Ubuntu 22.04 system, although it's always worked fine on Fedora. The user-specific playbook should work on other distros since sometimes I don't have a choice of distro and have a user account on some random box. --- playbooks/roles/user-base/tasks/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/playbooks/roles/user-base/tasks/main.yml b/playbooks/roles/user-base/tasks/main.yml index bab5733..2eb3057 100644 --- a/playbooks/roles/user-base/tasks/main.yml +++ b/playbooks/roles/user-base/tasks/main.yml @@ -2,16 +2,16 @@ # This seems not to work without a password so it'll have to be # a manual step for now #- name: Use zsh as the login shell - #user: - #name: "{{ lookup('env', 'USER') }}" - #shell: /bin/zsh +#user: +#name: "{{ lookup('env', 'USER') }}" +#shell: /bin/zsh - name: Ensure rust programming language tools are installed shell: | curl https://sh.rustup.rs -sSf | sh -s -- --no-modify-path --default-toolchain stable -y - source "{{ ansible_env.HOME }}/.cargo/env" + . "{{ ansible_env.HOME }}/.cargo/env" # install various rust components that are useful rustup component add rust-src rustup install nightly args: - creates: "{{ ansible_env.HOME }}/cargo/env" + creates: "{{ ansible_env.HOME }}/.cargo/env" From 5e3795c1276bcd36ae566beacede57ea13f0d5c6 Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 11 Dec 2024 19:47:08 +0100 Subject: [PATCH 55/58] Add some new packages - Wezterm on Mac - yazi-cli on Mac - Remove awscli from pip_packages and add boto3 (AWS CLI is no longer distributed via pip) - Reformat the YAML --- playbooks/headless-mac.yml | 12 +- playbooks/roles/headless-base/vars/main.yml | 132 +++++++++++--------- playbooks/roles/user-packages/vars/main.yml | 3 +- 3 files changed, 85 insertions(+), 62 deletions(-) diff --git a/playbooks/headless-mac.yml b/playbooks/headless-mac.yml index 0b1e909..17bcdc8 100644 --- a/playbooks/headless-mac.yml +++ b/playbooks/headless-mac.yml @@ -4,8 +4,8 @@ become: false roles: - - user-base - - dotfiles + - user-base + - dotfiles tasks: - name: Install Homebrew packages @@ -22,6 +22,12 @@ - nodejs - font-jetbrains-mono-nerd-font + - name: Install Homebrew casks + community.general.homebrew_cask: + name: "{{ item }}" + with_items: + - wezterm + - name: Install Rust tools for the current user shell: | source "{{ ansible_env.HOME }}/.cargo/env" @@ -36,4 +42,4 @@ - { name: tealdeer, executable: tldr } - { name: git-delta, executable: delta } - { name: starship, executable: starship } - + - { name: yazi-cli, executable: yazi } diff --git a/playbooks/roles/headless-base/vars/main.yml b/playbooks/roles/headless-base/vars/main.yml index 30d72db..5d7f39c 100644 --- a/playbooks/roles/headless-base/vars/main.yml +++ b/playbooks/roles/headless-base/vars/main.yml @@ -1,67 +1,83 @@ --- # vars file for roles/headless-base utility_packages: - - dosfstools - - gnupg - - the_silver_searcher - - fzf # file finder - - tmux - - mosh # until this PR in master gets released must use the master branch: https://github.com/mobile-shell/mosh/pull/939 - # install antigen with a script in the user account - [ zsh, zsh-syntax-highlighting, antigen-git ] - - [ zsh, zsh-syntax-highlighting ] - - bash-completion - - wget - - curl - - p7zip - - unzip - - elinks - - [ htop, nmon ] - - flatpak - - openssh - - ufw - - [ libu2f-host, yubikey-manager, ykpers, ykpers-devel, ykclient-devel, libusb, pcsc-lite, pcsc-lite-devel, ccid ] # related to working with yubikeys - - jq - - fio - - bc - - ldns # provides the dig successor drill - - bind-utils # provides dig and nslookup - - gnome-keyring # despite the name, not a GUI app; ensures the keyring is available even headless - - [ bcc, bcc-tools ] #BCC eBPF profiling tools + - dosfstools + - gnupg + - the_silver_searcher + - fzf # file finder + - tmux + - mosh # until this PR in master gets released must use the master branch: https://github.com/mobile-shell/mosh/pull/939 + # install antigen with a script in the user account - [ zsh, zsh-syntax-highlighting, antigen-git ] + - [zsh, zsh-syntax-highlighting] + - bash-completion + - wget + - curl + - p7zip + - unzip + - elinks + - [htop, nmon] + - flatpak + - openssh + - ufw + - [ + libu2f-host, + yubikey-manager, + ykpers, + ykpers-devel, + ykclient-devel, + libusb, + pcsc-lite, + pcsc-lite-devel, + ccid, + ] # related to working with yubikeys + - jq + - fio + - bc + - ldns # provides the dig successor drill + - bind-utils # provides dig and nslookup + - gnome-keyring # despite the name, not a GUI app; ensures the keyring is available even headless + - [bcc, bcc-tools] #BCC eBPF profiling tools dev_packages: - - neovim - - python3-neovim - - ranger - - "@Development tools" - - git - - git-lfs - - git-delta - - python3 - - python3-pip - - python3-setuptools - # dependencies for youcompleteme viM plugin - - [ boost, clang, mold, nodejs, cmake, make, go, npm ] - - ruby-devel # Is the system Ruby package finally mature enough to not hassle w/ RVM? I hope so - # stuff for cross-compiling to the Pi Pico (and probably anything else RP2040 or similar) - - [arm-none-eabi-binutils-cs, arm-none-eabi-gcc-cs, arm-none-eabi-gcc-cs-c++, arm-none-eabi-newlib, minicom, openocd] - - swig - - eza #ls-like tool but better - - bat #syntax and git-aware cat replacement - - gdb - - libudev-devel - - llvm-devel - - libevent-devel - - openssl-devel + - neovim + - python3-neovim + - ranger + - "@Development tools" + - git + - git-lfs + - git-delta + - python3 + - python3-pip + - python3-setuptools + # dependencies for youcompleteme viM plugin + - [boost, clang, mold, nodejs, cmake, make, go, npm] + - ruby-devel # Is the system Ruby package finally mature enough to not hassle w/ RVM? I hope so + # stuff for cross-compiling to the Pi Pico (and probably anything else RP2040 or similar) + - [ + arm-none-eabi-binutils-cs, + arm-none-eabi-gcc-cs, + arm-none-eabi-gcc-cs-c++, + arm-none-eabi-newlib, + minicom, + openocd, + ] + - swig + - eza #ls-like tool but better + - bat #syntax and git-aware cat replacement + - gdb + - libudev-devel + - llvm-devel + - libevent-devel + - openssl-devel pentest_packages: - - aircrack-ng - - [wireshark, wireshark-devel] - - nmap + - aircrack-ng + - [wireshark, wireshark-devel] + - nmap console_font_packages: - - adobe-source-code-pro-fonts - - adobe-source-sans-pro-fonts - - fontawesome-fonts - - powerline-fonts - # - # move to user install nerd-fonts-complete # installs a wide range of patched fonts - + - adobe-source-code-pro-fonts + - adobe-source-sans-pro-fonts + - fontawesome-fonts + - powerline-fonts + # - # move to user install nerd-fonts-complete # installs a wide range of patched fonts diff --git a/playbooks/roles/user-packages/vars/main.yml b/playbooks/roles/user-packages/vars/main.yml index 50ea23e..9f1bad1 100644 --- a/playbooks/roles/user-packages/vars/main.yml +++ b/playbooks/roles/user-packages/vars/main.yml @@ -1,10 +1,11 @@ --- # vars file for roles/user-packages pip_packages: - - awscli + - boto3 - yubikey-manager - tmuxp - neovim # also for ensime vim + - hererocks # lazy.vim needs this to be able to install lua rocks for lua plugins rust_packages: - { name: eza, executable: eza } From 9514483af9ae7586bb218151da989c81eebdceaf Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 11 Dec 2024 20:05:58 +0100 Subject: [PATCH 56/58] Update install info for `probe-rs` --- playbooks/roles/user-packages/vars/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/user-packages/vars/main.yml b/playbooks/roles/user-packages/vars/main.yml index 9f1bad1..94ecce0 100644 --- a/playbooks/roles/user-packages/vars/main.yml +++ b/playbooks/roles/user-packages/vars/main.yml @@ -21,5 +21,5 @@ rust_packages: # Useful to creating UF2 images for the RP2040 USB Bootloader - { name: elf2uf2-rs, executable: elf2uf2 } -# Useful for flashing over the SWD pins using a supported JTAG probe - - { name: probe-rs, features: [cli], executable: probe-rs } + # Useful for flashing over the SWD pins using a supported JTAG probe + - { name: probe-rs-tools, executable: probe-rs } From 341cb422a9e93b03f2428480277dfb5938cbfa3b Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Wed, 11 Dec 2024 20:08:29 +0100 Subject: [PATCH 57/58] Always use --locked when installing Rust tools --- playbooks/roles/user-packages/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/user-packages/tasks/main.yml b/playbooks/roles/user-packages/tasks/main.yml index 2bd829c..803c25d 100644 --- a/playbooks/roles/user-packages/tasks/main.yml +++ b/playbooks/roles/user-packages/tasks/main.yml @@ -9,7 +9,7 @@ - name: Install Rust tools for the current user shell: | source "{{ ansible_env.HOME }}/.cargo/env" - cargo install --force {{ item.name }} + cargo install --force {{ item.name }} --locked args: creates: "{{ ansible_env.HOME }}/.cargo/bin/{{ item.executable }}" with_items: "{{ rust_packages }}" @@ -19,7 +19,7 @@ - name: Check out NerdFonts repo git: - repo: 'https://github.com/ryanoasis/nerd-fonts.git' + repo: "https://github.com/ryanoasis/nerd-fonts.git" dest: "{{ ansible_env.HOME }}/.nerdfonts" version: "v2.0.0" register: nerdfonts_checkout From 92a6b6573e4c4b057ab93e644591adb65a8bc69c Mon Sep 17 00:00:00 2001 From: Adam Nelson Date: Sun, 9 Feb 2025 17:42:15 -0700 Subject: [PATCH 58/58] Substantially update README and Ansible for Mac installs. I am setting up a new MBP for the first time in three years. A lot has changed since then. I'm taking this opportunity to update the README to reflect the latest preferences and software I use. --- README.md | 84 ++++++++++++++++++++++++-------------- playbooks/headless-mac.yml | 29 +++++++++++++ 2 files changed, 82 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index f431d57..3226a5c 100644 --- a/README.md +++ b/README.md @@ -203,8 +203,12 @@ It's a pity. I feel like we're almost there, and the performance benefits of Fir macOS is much less amenable to automated setup. For now I'll just record the manual steps I use on a new mac setup. Maybe over time I'll automate them more: -- Install Homebrew from https://brew.sh +- Install Dropbox + +* Install 1Password (there is a 1P 7 on the App Store but it's old; download it from 1password.com instead) +* Install Homebrew from https://brew.sh - Don't forget to enable it in the terminal with `eval "$(/opt/homebrew/bin/brew shellenv)"` + - Ensure the tmux-256color terminal type is recognized: - `brew install ncurses && /opt/homebrew/opt/ncurses/bin/infocmp tmux-256color > ~/tmux-256color.info && tic -xe tmux-256color ~/tmux-256color.info` - Note the `/opt/homebrew` path assumes this command is running on an Apple Silicon mac. Adjust the path if this is an Intel mac. @@ -212,55 +216,73 @@ Maybe over time I'll automate them more: I've not verified this yet, but this step might not be needed anymore. If you think it isn't, make sure that underlines, undercurls, and colored underlines work in neovim. - `brew install python` and `brew install ansible` - Make sure the necessary community collection is installed: `ansible-galaxy collection install community.general` - -# `cd` into `playbooks` and run `ansible-galaxy install -r requirements.yml` - +- `cd` into `playbooks` and run `ansible-galaxy install -r requirements.yml` +- Go to System Settings > Privacy & Security > App Management and make sure that the terminal you're running (which is presumably Terminal since the other terminals aren't installed yet) has App Management permissions. - Deploy the `headless-mac.yml` playbook - `ansible-playbook -c local --inventory localhost, headless-mac.yml` - Download "Sauce Code Pro" nerd fonts - - `brew tap homebrew/cask-fonts && brew install --cask font-sauce-code-pro-nerd-font` -- Install Dropbox -- Wait approximately 100 years for shitty dropbox to sync up -- New SSH key management: - - - Now using 1Password for key management. Unfortunately right now this is now something I can commit to `dotfiles` - because it requires hard-coding a mac-specific path into the SSH config. So when setting up a new mac this will need - to be done manually until I find a solution for having platform-specific SSH configs: - - ``` - Host * - # SHIT: this is macOS specific, because on Linux hosts I have SSH'd into them from a mac with this identity agent. - # How can this co-exist with Linux systems that share this same .ssh/config file? FML. - IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" - ``` - - The exact path to set to `IdentityAgent` might be different on different installs, I'm not sure. Anyway you can - find it in the "Developer" section of 1Password settings when checking the check box to enable the SSH agent. - -- Old, shitty SSH key management which should no longer be needed: - - Make `~/Dropbox/Documents/gpg` available offline - - Add the SSH private key to the Apple Keychain: - - `ssh-add --apple-use-keychain ~/Dropbox/Documents/gpg/id_rsa` -- Go into the Keyboard settings, click Modifier Keys, and remap Caps Lock to Escape + - `brew install font-sauce-code-pro-nerd-font` +- Go to System Settings > Privacy & Security > App Management and add or enable Wezterm and Ghostty so that they can install Homebrew Casks + +* New SSH key management: + - Now using 1Password for key management. I have this in the dotfiles that is conditional on the file `~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock` existing. + I've done two separate fresh Mac installs with 1P and both times that path was the same, but the "2BUA..." seems like it might be a random string that changes, so double-check + each time you set up a new Mac. You have to go into the Developer section of 1P settings, enable the SSH agent, and then it'll show you the "Host \*" entry that it + wants you to put in your `~/.ssh/config` file. Don't do that, but do check that the `IdentityAgent` path is specifies matches what's already in the SSH config file. + +- Go into the Keyboard settings, click Keyboard Shortcuts, then click Modifier Keys, and remap Caps Lock to Escape - NOTE: This needs to be done separately for each keyboard, so when using the Logitech wireless kbd and the Kinesis this must be done separately for each one. - NOTE 2: It's possible on the Kinesis to remap CapsLock to Esc in hardware, but I haven't done that recently. Keeping this here since it's necessary to do for any newly connected computer anyway. -- Install [Rectangle](https://rectangleapp.com) for convenient shortcuts to resize windows. It's not i3, not by a long shot, but it sucks less than having nothing at all. +- Whilst in Keyboard settings, add Russian and Ukrainian keyboard layouts. + - Finder settings: - Under View, activate Show Path Bar - Install the following manually: + - Alfred (There is an old App Store version but download the latest from alfredapp.com) + - Find the "Control Center" settings and set "Spotlight" to "Don't show in menu bar" + - Go to Keyboard settings, Keyboard Shortcuts, Spotlight, and disable both shortcuts there (because they conflict with Alfred shortcuts) + - The Alfred settings are synced using Dropbox in the `~/Dropbox/OSX/` directory. In the Advanced settings, under "Syncing" click "Set preferences folder" and point it to `~/Dropbox/OSX`. + Obviously that folder needs to have been selected for sync when you set up Dropbox. While you're at it, make sure the `Alrefed.alfredpreferences` file in that directory is set for "Keep available offline". + - If for some reason the sync doesn't work right, set the Alfred hotkey to Command-Space. - Vivaldi (See note about 1Password below) - Brave (See note about 1Password below) - - Dropbox - - MS 365 Suite - - WezTerm + - MS 365 Suite (App Store) - Parallels + - [Rectangle](https://rectangleapp.com) for convenient shortcuts to resize windows. It's not i3, not by a long shot, but it sucks less than having nothing at all. + - Set the shortcut `Cmd-Opt-Ctrl-Enter` to Maximize + - Claude + - Perplexity + - ChatGPT + - Cursor + - DeepL + - DBeaver + - VS Code + - XCode (App Store) + - Plex and Plex Media Server + - Spotify + - FileZilla + - Zoom + - Slack (App Store) + - Telegram (App Store) + - Viber + - NextDNS (App Store) + - Enable it, which will require permission to install a VPN profile. + - By default it doesn't use a paid account or features; in preferences set "Custom Configuration" and set the configuration ID to the endpoint ID from 1p. Also enable "Send Device Name". + - TunnelBear + - Try once to connect to the VPN, that will make sure the login is stored and that the VPN permission is granted. + - TailScale (App Store) + - AWS CLI + - Steam - Configure 1Password to trust Vivaldi and Brave - By default, 1P trusts Chrome, Edge, Safari, maybe Firefox. It won't let the 1P extension in Brave or Vivaldi talk to the 1P desktop app, which results in a shit experience. Open the 1P desktop app, go to Settings, Browsers, there's an UI option to add a trusted browser. Navigate to the Vivaldi and Brave executables. You can verify this works by opening 1P extension in the browser and going to settings; the option to integrate w/ the desktop version should be enabled and the status light should go from amber to green confirming it works. +- Configure the default search engine in Vivaldi, Brave, and Safari to be Kagi. +- Setup `aws-sso` to automate SSO auth - Perform the manual steps which apply to Mac, a subset of those listed in [Manual Setup Steps](#manual-setup-steps) diff --git a/playbooks/headless-mac.yml b/playbooks/headless-mac.yml index 17bcdc8..7e70c66 100644 --- a/playbooks/headless-mac.yml +++ b/playbooks/headless-mac.yml @@ -13,20 +13,49 @@ name: "{{ item }}" with_items: - tmux + - tmuxp - wget - fzf - neovim + - git - git-lfs + - gh + - go + - python - htop + - btop - cmake - nodejs - font-jetbrains-mono-nerd-font + - font-sauce-code-pro-nerd-font + - tree + - orbstack + - p7zip + - ranger + - qemu + - terraform + - uv + - jq + - yq + - zstd + - zola + - pkgconf + - openjdk + - imagemagick + - llvm + - gcc + - ffmpeg + - yt-dlp + - ddrescue + - exiftool + - oxipng - name: Install Homebrew casks community.general.homebrew_cask: name: "{{ item }}" with_items: - wezterm + - ghostty - name: Install Rust tools for the current user shell: |