4 files changed, 361 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d93c466
--- /dev/null
+++ b/README.md
@@ -0,0 +1,100 @@
+# ansible-desktop
+Ansible playbook to install a copy of my desktop setup
+## Features
+Simple one-command deployment of a fully functional desktop
+- Custom builds of:
+        - dwm
+        - dmenu
+        - st
+        - slock
+        - tabbed
+- Configuration for a variety of programs including:
+        - abook
+        - calcurse
+        - cava
+        - cmus
+        - dunst
+        - firejail
+        - fontconfig
+        - gtk2 & gtk3
+        - htop
+        - khard
+        - mutt/neomutt
+        - newsboat
+        - picom
+        - ranger
+        - sxhkd
+        - ufw
+        - vim
+        - zathura 
+        - zsh
+- Custom shell scripts for:
+        - dwm status bar
+        - document compilation
+        - encrypted usb management
+        - getting passwords from `pass` via dmenu
+        - mounting and unmounting removable drives
+        - screenshots
+        - volume control
+        and more
+## Distros
+This playbook has been specifically designed to run on Debian systems.  The current Debian stable version is considered to be the supported distro.
+The playbook should work for other distros; most seamlessly on Debian-derivatives.  
+However, updates to package names may be necessary when not running against Debian stable.
+## Usage
+### Prerequisite non-root user
+The playbook assumes you have a non-root user that was created during the installation.
+The playbook will add this user to the sudo group and deploy the dotfiles in their home directory.  
+If you do not have a non-root user please create one prior to running the playbook.
+### Clone the repository
+```
+git clone https://git.chudnick.com/ansible-desktop
+```
+### Modify the inventory
+Modify the inventory.yml for your deployment.
+At a minimum, change `desktop.local` to the name of your desktop to configure.  This could also `localhost` if you are running the playbook on the machine to be configured.
+### Modify vars.yml
+Modify group\_vars/all/vars.yml for your deployment.
+Below is a list of the variables and there function:
+    - amdcpu - installs amd cpu microcode
+    - amdgpu - installs amd gpu firmware
+    - intelcpu - install intel cpu firmware
+    - nvidiagpu - installs nvidia gpu firmware and drivers
+    - amd_microcode_package - package that install amd cpu microcode
+    - intel_microcode_package - package that install intel cpu microcode
+    - amdgpu_firwamre_package - package that installs amdgpu firmware
+    - nvidia_firmware_package - package that installs nvidia firmware
+    - user - the username of your non-root user on the desktop
+    - build_packages - packages needed to build suckless programs
+    - packages - list of packages to install
+Make sure to modify the hardware variables for your machine.
+Set user to the non-root user you created during installation.
+### Run the playbook
+From the repo root directory run:
+```
+ansible-playbook run.yml -i inventory.yml
+```
+### Login to the desktop
+When the playbook finishes you can login to your desktop. If you were already logged in you will need to logout and back in to load the changes.
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
new file mode 100644
index 0000000..3c952f9
--- /dev/null
+++ b/group_vars/all/vars.yml
@@ -0,0 +1,88 @@
+amdcpu: yes
+amdgpu: yes
+intelcpu: no
+nvidiagpu: no
+amd_microcode_package: amd64-microcode
+intel_microcode_package: intel-microcode
+amdgpu_firware_package: firmware-amdgpu
+nvidia_firmware_package: firmware-misc-nonfree
+user: user
+# Don't change these unless you know what you are doing
+build_packages:
+  - build-essential
+  - libx11-dev 
+  - libx11-xcb-dev
+  - libxcb-res0-dev
+  - libxft-dev
+  - libxinerama-dev
+  - libxrender-dev 
+  - libx11-dev 
+  - libx11-xcb-dev
+  - libxcb-res0-dev
+  - libxft-dev
+  - libxinerama-dev
+  - libxrender-dev 
+  - fontconfig
+  - libharfbuzz-dev
+packages:
+  - acl
+  - apt-file
+  - arc-theme
+  - bc
+  - calcurse
+  - cava
+  - cmus
+  - cryptsetup
+  - curl
+  - diffutils
+  - dunst
+  - feh
+  - ffmpeg
+  - findutils
+  - firefox-esr
+  - firejail
+  - fonts-inconsolata
+  - fonts-liberation
+  - fonts-noto-color-emoji
+  - fzf
+  - gcc
+  - gdb
+  - git
+  - gpg
+  - groff
+  - htop
+  - imagemagick
+  - keepassxc
+  - lm-sensors
+  - locate
+  - maim
+  - make
+  - mpv
+  - neofetch
+  - neomutt
+  - network-manager
+  - newsboat
+  - pass-extension-otp
+  - pass
+  - picom
+  - pulseaudio
+  - ranger
+  - rsync
+  - sshfs
+  - suckless-tools
+  - sudo
+  - sxhkd
+  - sysstat
+  - ufw
+  - unclutter-xfixes
+  - vim
+  - xclip
+  - xorg
+  - zathura
+  - zsh-syntax-highlighting
+  - zsh
diff --git a/inventory.yml b/inventory.yml
new file mode 100644
index 0000000..564430d
--- /dev/null
+++ b/inventory.yml
@@ -0,0 +1,3 @@
+all:
+  hosts:
+    desktop.local:
diff --git a/run.yml b/run.yml
new file mode 100644
index 0000000..e543701
--- /dev/null
+++ b/run.yml
@@ -0,0 +1,170 @@
+- name: deployment
+  hosts: all
+  become: yes
+  tasks:
+    - name: use https repos
+      when: ansible_facts['os_family'] == 'Debian'
+      replace:
+        path: /etc/apt/sources.list
+        regexp: "http://"
+        replace: "https://"
+    - name: temporarily enable non-free suites
+      when: ansible_facts['os_family'] == 'Debian'
+      replace:
+        path: /etc/apt/sources.list
+        regexp: "main"
+        replace: "main contrib non-free non-free-firmware"
+    - name: update and upgrade
+      when: ansible_facts['os_family'] == 'Debian'
+      apt:
+        name: "*"
+        state: latest
+        update_cache: yes
+      register: apt_upgrade
+      retries: 100
+      until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
+    - name: install amdgpu firmware
+      when: "{{ amdgpu }}|bool"
+      package:
+        name: "{{ amdgpu_firmware_package }}"
+        state: latest
+    - name: install nvidia gpu firmware
+      when: "{{ nvidiagpu }}|bool"
+      package:
+        name: "{{ nvidia_firmware_package }}"
+        state: latest
+    - name: install amd cpu microcode
+      when: "{{ amdcpu }}|bool"
+      package:
+        name: "{{ amd_microcode_package }}"
+        state: latest
+    - name: install intel cpu microcode
+      when: "{{ intelcpu }}|bool"
+      package:
+        name: "{{ intel_microcode_package }}"
+        state: latest
+    - name: remove non-free suites
+      when: ansible_facts['os_family'] == 'Debian'
+      replace:
+        path: /etc/apt/sources.list
+        regexp: "main contrib non-free non-free-firmware"
+        replace: "main"
+    - name: update and upgrade
+      when: ansible_facts['os_family'] == 'Debian'
+      apt:
+        name: "*"
+        state: latest
+        update_cache: yes
+      register: apt_upgrade
+      retries: 100
+      until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
+    - name: install packages
+      package:
+        name: "{{ packages }}"
+        state: latest
+    - name: enable ufw
+      ufw:
+        state: enabled
+    - name: default deny incoming
+      ufw:
+        default: deny
+        direction: incoming
+    - name: default allow outgoing
+      ufw:
+        default: allow
+        direction: outgoing
+    - name: reload ufw
+      ufw:
+        state: reloaded
+    - name: add user to sudo group and change shell
+      user:
+        name: "{{ username }}"
+        shell: /usr/bin/zsh
+        groups: sudo
+        append: yes
+    - name: clone dotfiles repo
+      git:
+        repo: https://git.chudnick.com/dwm
+        dest: /tmp/dotfiles
+    - name: copy dotfiles into home directory
+      become_user: "{{ username }}"
+      command:
+        cmd: "rsync --exclude .git/ --exclude LICENSE -av /tmp/dotfiles/ /home/{{ username }}"
+    # ------
+    - name: install packages for building suckless tools
+      package:
+        name: "{{ build_packages }}"
+        state: latest
+    - name: clone dwm repo
+      git:
+        repo: https://git.chudnick.com/dwm
+        dest: /tmp/dwm
+    - name: build dwm
+      make:
+        chdir: /tmp/dwm
+        target: clean install
+    - name: clone dmenu repo
+      git:
+        repo: https://git.chudnick.com/dmenu
+        dest: /tmp/dmenu
+    - name: build dmenu
+      make:
+        chdir: /tmp/dmenu
+        target: clean install
+    - name: clone st repo
+      git:
+        repo: https://git.chudnick.com/st
+        dest: /tmp/st
+          
+    - name: build st
+      make:
+        chdir: /tmp/st
+        target: clean install
+    - name: clone slock repo
+      git:
+        repo: https://git.chudnick.com/slock
+        dest: /tmp/slock
+    - name: build slock
+      make:
+        chdir: /tmp/slock
+        target: clean install
+    - name: clone tabbed repo
+      git:
+        repo: https://git.chudnick.com/tabbed
+        dest: /tmp/tabbed
+    - name: build tabbed
+      make:
+        chdir: /tmp/tabbed
+        target: clean install

diff --git a/README.md b/README.md new file mode 100644 index 0000000..d93c466 --- /dev/null +++ b/README.md
@@ -0,0 +1,100 @@
	1	# ansible-desktop
	2	Ansible playbook to install a copy of my desktop setup
	3
	4	## Features
	5	Simple one-command deployment of a fully functional desktop
	6
	7	- Custom builds of:
	8
	9	- dwm
	10	- dmenu
	11	- st
	12	- slock
	13	- tabbed
	14
	15	- Configuration for a variety of programs including:
	16
	17	- abook
	18	- calcurse
	19	- cava
	20	- cmus
	21	- dunst
	22	- firejail
	23	- fontconfig
	24	- gtk2 & gtk3
	25	- htop
	26	- khard
	27	- mutt/neomutt
	28	- newsboat
	29	- picom
	30	- ranger
	31	- sxhkd
	32	- ufw
	33	- vim
	34	- zathura
	35	- zsh
	36
	37	- Custom shell scripts for:
	38
	39	- dwm status bar
	40	- document compilation
	41	- encrypted usb management
	42	- getting passwords from `pass` via dmenu
	43	- mounting and unmounting removable drives
	44	- screenshots
	45	- volume control
	46	and more
	47
	48	## Distros
	49
	50	This playbook has been specifically designed to run on Debian systems. The current Debian stable version is considered to be the supported distro.
	51
	52	The playbook should work for other distros; most seamlessly on Debian-derivatives.
	53	However, updates to package names may be necessary when not running against Debian stable.
	54
	55	## Usage
	56
	57	### Prerequisite non-root user
	58	The playbook assumes you have a non-root user that was created during the installation.
	59
	60	The playbook will add this user to the sudo group and deploy the dotfiles in their home directory.
	61
	62	If you do not have a non-root user please create one prior to running the playbook.
	63
	64	### Clone the repository
	65	```
	66	git clone https://git.chudnick.com/ansible-desktop
	67	```
	68
	69	### Modify the inventory
	70	Modify the inventory.yml for your deployment.
	71	At a minimum, change `desktop.local` to the name of your desktop to configure. This could also `localhost` if you are running the playbook on the machine to be configured.
	72
	73	### Modify vars.yml
	74	Modify group\_vars/all/vars.yml for your deployment.
	75	Below is a list of the variables and there function:
	76
	77	- amdcpu - installs amd cpu microcode
	78	- amdgpu - installs amd gpu firmware
	79	- intelcpu - install intel cpu firmware
	80	- nvidiagpu - installs nvidia gpu firmware and drivers
	81	- amd_microcode_package - package that install amd cpu microcode
	82	- intel_microcode_package - package that install intel cpu microcode
	83	- amdgpu_firwamre_package - package that installs amdgpu firmware
	84	- nvidia_firmware_package - package that installs nvidia firmware
	85	- user - the username of your non-root user on the desktop
	86	- build_packages - packages needed to build suckless programs
	87	- packages - list of packages to install
	88
	89
	90	Make sure to modify the hardware variables for your machine.
	91	Set user to the non-root user you created during installation.
	92
	93	### Run the playbook
	94	From the repo root directory run:
	95	```
	96	ansible-playbook run.yml -i inventory.yml
	97	```
	98
	99	### Login to the desktop
	100	When the playbook finishes you can login to your desktop. If you were already logged in you will need to logout and back in to load the changes.


diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml new file mode 100644 index 0000000..3c952f9 --- /dev/null +++ b/group_vars/all/vars.yml
@@ -0,0 +1,88 @@
	1	amdcpu: yes
	2	amdgpu: yes
	3	intelcpu: no
	4	nvidiagpu: no
	5
	6	amd_microcode_package: amd64-microcode
	7	intel_microcode_package: intel-microcode
	8	amdgpu_firware_package: firmware-amdgpu
	9	nvidia_firmware_package: firmware-misc-nonfree
	10
	11	user: user
	12
	13	# Don't change these unless you know what you are doing
	14	build_packages:
	15	- build-essential
	16	- libx11-dev
	17	- libx11-xcb-dev
	18	- libxcb-res0-dev
	19	- libxft-dev
	20	- libxinerama-dev
	21	- libxrender-dev
	22	- libx11-dev
	23	- libx11-xcb-dev
	24	- libxcb-res0-dev
	25	- libxft-dev
	26	- libxinerama-dev
	27	- libxrender-dev
	28	- fontconfig
	29	- libharfbuzz-dev
	30
	31
	32	packages:
	33	- acl
	34	- apt-file
	35	- arc-theme
	36	- bc
	37	- calcurse
	38	- cava
	39	- cmus
	40	- cryptsetup
	41	- curl
	42	- diffutils
	43	- dunst
	44	- feh
	45	- ffmpeg
	46	- findutils
	47	- firefox-esr
	48	- firejail
	49	- fonts-inconsolata
	50	- fonts-liberation
	51	- fonts-noto-color-emoji
	52	- fzf
	53	- gcc
	54	- gdb
	55	- git
	56	- gpg
	57	- groff
	58	- htop
	59	- imagemagick
	60	- keepassxc
	61	- lm-sensors
	62	- locate
	63	- maim
	64	- make
	65	- mpv
	66	- neofetch
	67	- neomutt
	68	- network-manager
	69	- newsboat
	70	- pass-extension-otp
	71	- pass
	72	- picom
	73	- pulseaudio
	74	- ranger
	75	- rsync
	76	- sshfs
	77	- suckless-tools
	78	- sudo
	79	- sxhkd
	80	- sysstat
	81	- ufw
	82	- unclutter-xfixes
	83	- vim
	84	- xclip
	85	- xorg
	86	- zathura
	87	- zsh-syntax-highlighting
	88	- zsh


diff --git a/inventory.yml b/inventory.yml new file mode 100644 index 0000000..564430d --- /dev/null +++ b/inventory.yml
@@ -0,0 +1,3 @@
	1	all:
	2	hosts:
	3	desktop.local:


diff --git a/run.yml b/run.yml new file mode 100644 index 0000000..e543701 --- /dev/null +++ b/run.yml
@@ -0,0 +1,170 @@
	1	- name: deployment
	2	hosts: all
	3	become: yes
	4
	5	tasks:
	6	- name: use https repos
	7	when: ansible_facts['os_family'] == 'Debian'
	8	replace:
	9	path: /etc/apt/sources.list
	10	regexp: "http://"
	11	replace: "https://"
	12
	13	- name: temporarily enable non-free suites
	14	when: ansible_facts['os_family'] == 'Debian'
	15	replace:
	16	path: /etc/apt/sources.list
	17	regexp: "main"
	18	replace: "main contrib non-free non-free-firmware"
	19
	20	- name: update and upgrade
	21	when: ansible_facts['os_family'] == 'Debian'
	22	apt:
	23	name: "*"
	24	state: latest
	25	update_cache: yes
	26	register: apt_upgrade
	27	retries: 100
	28	until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
	29
	30	- name: install amdgpu firmware
	31	when: "{{ amdgpu }}\|bool"
	32	package:
	33	name: "{{ amdgpu_firmware_package }}"
	34	state: latest
	35
	36	- name: install nvidia gpu firmware
	37	when: "{{ nvidiagpu }}\|bool"
	38	package:
	39	name: "{{ nvidia_firmware_package }}"
	40	state: latest
	41
	42	- name: install amd cpu microcode
	43	when: "{{ amdcpu }}\|bool"
	44	package:
	45	name: "{{ amd_microcode_package }}"
	46	state: latest
	47
	48	- name: install intel cpu microcode
	49	when: "{{ intelcpu }}\|bool"
	50	package:
	51	name: "{{ intel_microcode_package }}"
	52	state: latest
	53
	54	- name: remove non-free suites
	55	when: ansible_facts['os_family'] == 'Debian'
	56	replace:
	57	path: /etc/apt/sources.list
	58	regexp: "main contrib non-free non-free-firmware"
	59	replace: "main"
	60
	61	- name: update and upgrade
	62	when: ansible_facts['os_family'] == 'Debian'
	63	apt:
	64	name: "*"
	65	state: latest
	66	update_cache: yes
	67	register: apt_upgrade
	68	retries: 100
	69	until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
	70
	71	- name: install packages
	72	package:
	73	name: "{{ packages }}"
	74	state: latest
	75
	76	- name: enable ufw
	77	ufw:
	78	state: enabled
	79
	80	- name: default deny incoming
	81	ufw:
	82	default: deny
	83	direction: incoming
	84
	85	- name: default allow outgoing
	86	ufw:
	87	default: allow
	88	direction: outgoing
	89
	90	- name: reload ufw
	91	ufw:
	92	state: reloaded
	93
	94	- name: add user to sudo group and change shell
	95	user:
	96	name: "{{ username }}"
	97	shell: /usr/bin/zsh
	98	groups: sudo
	99	append: yes
	100
	101	- name: clone dotfiles repo
	102	git:
	103	repo: https://git.chudnick.com/dwm
	104	dest: /tmp/dotfiles
	105
	106	- name: copy dotfiles into home directory
	107	become_user: "{{ username }}"
	108	command:
	109	cmd: "rsync --exclude .git/ --exclude LICENSE -av /tmp/dotfiles/ /home/{{ username }}"
	110
	111	# ------
	112
	113	- name: install packages for building suckless tools
	114	package:
	115	name: "{{ build_packages }}"
	116	state: latest
	117
	118	- name: clone dwm repo
	119	git:
	120	repo: https://git.chudnick.com/dwm
	121	dest: /tmp/dwm
	122
	123	- name: build dwm
	124	make:
	125	chdir: /tmp/dwm
	126	target: clean install
	127
	128
	129	- name: clone dmenu repo
	130	git:
	131	repo: https://git.chudnick.com/dmenu
	132	dest: /tmp/dmenu
	133
	134	- name: build dmenu
	135	make:
	136	chdir: /tmp/dmenu
	137	target: clean install
	138
	139
	140	- name: clone st repo
	141	git:
	142	repo: https://git.chudnick.com/st
	143	dest: /tmp/st
	144
	145	- name: build st
	146	make:
	147	chdir: /tmp/st
	148	target: clean install
	149
	150
	151	- name: clone slock repo
	152	git:
	153	repo: https://git.chudnick.com/slock
	154	dest: /tmp/slock
	155
	156	- name: build slock
	157	make:
	158	chdir: /tmp/slock
	159	target: clean install
	160
	161
	162	- name: clone tabbed repo
	163	git:
	164	repo: https://git.chudnick.com/tabbed
	165	dest: /tmp/tabbed
	166
	167	- name: build tabbed
	168	make:
	169	chdir: /tmp/tabbed
	170	target: clean install