An ansible playbook to help install desktops and laptops.
After booting from the Arch installation media, you will need to do the following in preparation for ansible
:
- Set the root password using
passwd
. Set the password toroot
. Don't worry, this is temporary. - Restart the ssh service.
$ systemctl restart sshd
- If installing through wireless, run
iwctl
to set up wifi. You can useip link
to determine your wireless device.
$ iwctl station $DEVICE connect $SSID
๐๏ธ NOTE: The wireless device in the boot media may be different than after your installation.
- Ensure your net interfaces and install drives/partitions are properly set in your host's inventory file. You can find this through
ip link
andlsblk
. - Make sure your network is connected (e.g.
ping google.com
)
At this point we are able to login remotely as root, so run the initialization playbook.
$ ansible-playbook ansible/playbooks/arch-initial-install.yml --limit $DEVICE_NAME
Remove your USB boot drive during this process, as it is no longer needed. Upon completion, the workstation will reboot.
If there is an issue and you need to re-run this, the first thing it will do is wipe the install device, so it always begins from complete scratch.
After the initial arch installation, you should have a system with the absolute basics, such as:
- Console login account with non-root username and password
- Your AGE personal secret key tucked into the
~/.age
directory - The basic libraries needed to run the remaining ansible provisioning
The drive is encrypted with LUKS, so you will be prompted for your passphrase (set in the secrets YAML file) upon boot.
The idempotent provisioning from here on out will take place directly on your workstation.
Go to your source directory on that machine, run the direnv
commands shown below to access the .envrc
variables, and run the provisioning playbook.
$ cd ~/Source/github/$GITHUB_USERNAME/ansible-provision-workstation
$ direnv allow .
$ ansible-playbook ansible/playbooks/site.yml --limit $DEVICE_NAME
๐๏ธ NOTE: Unlike the initial arch install above, this playbook is idempotent and can be safely executed over and over.
Although the provisioning requires sudo
into root
, all routines are ran locally, so there is no need to expose a SSH server on your workstation.