initial commitHEADmaster

4 files changed, 361 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d93c466
--- /dev/null
+++ b/README.md
@@ -0,0 +1,100 @@
+# ansible-desktop
+Ansible playbook to install a copy of my desktop setup
+
+## Features
+Simple one-command deployment of a fully functional desktop
+
+- Custom builds of:
+
+        - dwm
+        - dmenu
+        - st
+        - slock
+        - tabbed
+
+- Configuration for a variety of programs including:
+
+        - abook
+        - calcurse
+        - cava
+        - cmus
+        - dunst
+        - firejail
+        - fontconfig
+        - gtk2 & gtk3
+        - htop
+        - khard
+        - mutt/neomutt
+        - newsboat
+        - picom
+        - ranger
+        - sxhkd
+        - ufw
+        - vim
+        - zathura 
+        - zsh
+
+- Custom shell scripts for:
+
+        - dwm status bar
+        - document compilation
+        - encrypted usb management
+        - getting passwords from `pass` via dmenu
+        - mounting and unmounting removable drives
+        - screenshots
+        - volume control
+        and more
+
+## Distros
+
+This playbook has been specifically designed to run on Debian systems.  The current Debian stable version is considered to be the supported distro.
+
+The playbook should work for other distros; most seamlessly on Debian-derivatives.  
+However, updates to package names may be necessary when not running against Debian stable.
+
+## Usage
+
+### Prerequisite non-root user
+The playbook assumes you have a non-root user that was created during the installation.
+
+The playbook will add this user to the sudo group and deploy the dotfiles in their home directory.  
+
+If you do not have a non-root user please create one prior to running the playbook.
+
+### Clone the repository
+```
+git clone https://git.chudnick.com/ansible-desktop
+```
+
+### Modify the inventory
+Modify the inventory.yml for your deployment.
+At a minimum, change `desktop.local` to the name of your desktop to configure.  This could also `localhost` if you are running the playbook on the machine to be configured.
+
+### Modify vars.yml
+Modify group\_vars/all/vars.yml for your deployment.
+Below is a list of the variables and there function:
+
+    - amdcpu - installs amd cpu microcode
+    - amdgpu - installs amd gpu firmware
+    - intelcpu - install intel cpu firmware
+    - nvidiagpu - installs nvidia gpu firmware and drivers
+    - amd_microcode_package - package that install amd cpu microcode
+    - intel_microcode_package - package that install intel cpu microcode
+    - amdgpu_firwamre_package - package that installs amdgpu firmware
+    - nvidia_firmware_package - package that installs nvidia firmware
+    - user - the username of your non-root user on the desktop
+    - build_packages - packages needed to build suckless programs
+    - packages - list of packages to install
+
+
+Make sure to modify the hardware variables for your machine.
+Set user to the non-root user you created during installation.
+
+### Run the playbook
+From the repo root directory run:
+```
+ansible-playbook run.yml -i inventory.yml
+```
+
+### Login to the desktop
+When the playbook finishes you can login to your desktop. If you were already logged in you will need to logout and back in to load the changes.
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
new file mode 100644
index 0000000..3c952f9
--- /dev/null
+++ b/group_vars/all/vars.yml
@@ -0,0 +1,88 @@
+amdcpu: yes
+amdgpu: yes
+intelcpu: no
+nvidiagpu: no
+
+amd_microcode_package: amd64-microcode
+intel_microcode_package: intel-microcode
+amdgpu_firware_package: firmware-amdgpu
+nvidia_firmware_package: firmware-misc-nonfree
+
+user: user
+
+# Don't change these unless you know what you are doing
+build_packages:
+  - build-essential
+  - libx11-dev 
+  - libx11-xcb-dev
+  - libxcb-res0-dev
+  - libxft-dev
+  - libxinerama-dev
+  - libxrender-dev 
+  - libx11-dev 
+  - libx11-xcb-dev
+  - libxcb-res0-dev
+  - libxft-dev
+  - libxinerama-dev
+  - libxrender-dev 
+  - fontconfig
+  - libharfbuzz-dev
+
+
+packages:
+  - acl
+  - apt-file
+  - arc-theme
+  - bc
+  - calcurse
+  - cava
+  - cmus
+  - cryptsetup
+  - curl
+  - diffutils
+  - dunst
+  - feh
+  - ffmpeg
+  - findutils
+  - firefox-esr
+  - firejail
+  - fonts-inconsolata
+  - fonts-liberation
+  - fonts-noto-color-emoji
+  - fzf
+  - gcc
+  - gdb
+  - git
+  - gpg
+  - groff
+  - htop
+  - imagemagick
+  - keepassxc
+  - lm-sensors
+  - locate
+  - maim
+  - make
+  - mpv
+  - neofetch
+  - neomutt
+  - network-manager
+  - newsboat
+  - pass-extension-otp
+  - pass
+  - picom
+  - pulseaudio
+  - ranger
+  - rsync
+  - sshfs
+  - suckless-tools
+  - sudo
+  - sxhkd
+  - sysstat
+  - ufw
+  - unclutter-xfixes
+  - vim
+  - xclip
+  - xorg
+  - zathura
+  - zsh-syntax-highlighting
+  - zsh
diff --git a/inventory.yml b/inventory.yml
new file mode 100644
index 0000000..564430d
--- /dev/null
+++ b/inventory.yml
@@ -0,0 +1,3 @@
+all:
+  hosts:
+    desktop.local:
diff --git a/run.yml b/run.yml
new file mode 100644
index 0000000..e543701
--- /dev/null
+++ b/run.yml
@@ -0,0 +1,170 @@
+- name: deployment
+  hosts: all
+  become: yes
+
+  tasks:
+    - name: use https repos
+      when: ansible_facts['os_family'] == 'Debian'
+      replace:
+        path: /etc/apt/sources.list
+        regexp: "http://"
+        replace: "https://"
+
+    - name: temporarily enable non-free suites
+      when: ansible_facts['os_family'] == 'Debian'
+      replace:
+        path: /etc/apt/sources.list
+        regexp: "main"
+        replace: "main contrib non-free non-free-firmware"
+
+    - name: update and upgrade
+      when: ansible_facts['os_family'] == 'Debian'
+      apt:
+        name: "*"
+        state: latest
+        update_cache: yes
+      register: apt_upgrade
+      retries: 100
+      until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
+
+    - name: install amdgpu firmware
+      when: "{{ amdgpu }}|bool"
+      package:
+        name: "{{ amdgpu_firmware_package }}"
+        state: latest
+
+    - name: install nvidia gpu firmware
+      when: "{{ nvidiagpu }}|bool"
+      package:
+        name: "{{ nvidia_firmware_package }}"
+        state: latest
+
+    - name: install amd cpu microcode
+      when: "{{ amdcpu }}|bool"
+      package:
+        name: "{{ amd_microcode_package }}"
+        state: latest
+
+    - name: install intel cpu microcode
+      when: "{{ intelcpu }}|bool"
+      package:
+        name: "{{ intel_microcode_package }}"
+        state: latest
+
+    - name: remove non-free suites
+      when: ansible_facts['os_family'] == 'Debian'
+      replace:
+        path: /etc/apt/sources.list
+        regexp: "main contrib non-free non-free-firmware"
+        replace: "main"
+
+    - name: update and upgrade
+      when: ansible_facts['os_family'] == 'Debian'
+      apt:
+        name: "*"
+        state: latest
+        update_cache: yes
+      register: apt_upgrade
+      retries: 100
+      until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
+
+    - name: install packages
+      package:
+        name: "{{ packages }}"
+        state: latest
+
+    - name: enable ufw
+      ufw:
+        state: enabled
+
+    - name: default deny incoming
+      ufw:
+        default: deny
+        direction: incoming
+
+    - name: default allow outgoing
+      ufw:
+        default: allow
+        direction: outgoing
+
+    - name: reload ufw
+      ufw:
+        state: reloaded
+
+    - name: add user to sudo group and change shell
+      user:
+        name: "{{ username }}"
+        shell: /usr/bin/zsh
+        groups: sudo
+        append: yes
+
+    - name: clone dotfiles repo
+      git:
+        repo: https://git.chudnick.com/dwm
+        dest: /tmp/dotfiles
+
+    - name: copy dotfiles into home directory
+      become_user: "{{ username }}"
+      command:
+        cmd: "rsync --exclude .git/ --exclude LICENSE -av /tmp/dotfiles/ /home/{{ username }}"
+
+    # ------
+
+    - name: install packages for building suckless tools
+      package:
+        name: "{{ build_packages }}"
+        state: latest
+
+    - name: clone dwm repo
+      git:
+        repo: https://git.chudnick.com/dwm
+        dest: /tmp/dwm
+
+    - name: build dwm
+      make:
+        chdir: /tmp/dwm
+        target: clean install
+
+
+    - name: clone dmenu repo
+      git:
+        repo: https://git.chudnick.com/dmenu
+        dest: /tmp/dmenu
+
+    - name: build dmenu
+      make:
+        chdir: /tmp/dmenu
+        target: clean install
+
+
+    - name: clone st repo
+      git:
+        repo: https://git.chudnick.com/st
+        dest: /tmp/st
+          
+    - name: build st
+      make:
+        chdir: /tmp/st
+        target: clean install
+
+
+    - name: clone slock repo
+      git:
+        repo: https://git.chudnick.com/slock
+        dest: /tmp/slock
+
+    - name: build slock
+      make:
+        chdir: /tmp/slock
+        target: clean install
+
+
+    - name: clone tabbed repo
+      git:
+        repo: https://git.chudnick.com/tabbed
+        dest: /tmp/tabbed
+
+    - name: build tabbed
+      make:
+        chdir: /tmp/tabbed
+        target: clean install