Add base-setup playbook

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2024-08-28 15:21:25 +02:00 · 2024-08-28 15:21:25 +02:00 · 1d097a5af3
commit 1d097a5af3
parent e707726f12
10 changed files with 139 additions and 23 deletions
--- a/14
+++ b/14
@ -0,0 +1,14 @@
 default:
 apply-playbook:
 	ansible-playbook \
 		--diff \
 		--inventory base/usr/share/luzifer/base-setup/inventory \
 		base/usr/share/luzifer/base-setup/playbook.yaml
 test-playbook:
 	ansible-playbook \
 		--check \
 		--diff \
 		--inventory base/usr/share/luzifer/base-setup/inventory \
 		base/usr/share/luzifer/base-setup/playbook.yaml
--- a/9
+++ b/9
@ -7,7 +7,7 @@ pkgname=(
  luzifer-gui
  luzifer-lenovo-gui
 )
-pkgver=0.9.7
+pkgver=0.10.0
 pkgrel=1
 pkgdesc='System configuration for @luzifer systems'
 arch=(any)
@ -47,6 +47,7 @@ package_luzifer-base() {
  # Add system utils
  depends+=(
    ansible-core
    bc
    curl
    ddrescue
@ -70,6 +71,12 @@ package_luzifer-base() {
    wget
  )
  # Add security utils
  depends+=(
    apparmor
    audit
  )
  # Add custom sytem utils
  depends+=(
    arch-update
--- a/base/usr/share/luzifer/base-setup/files/locale.gen
+++ b/base/usr/share/luzifer/base-setup/files/locale.gen
@ -0,0 +1,25 @@
 # Configuration file for locale-gen
 #
 # lists of locales that are to be generated by the locale-gen command.
 #
 # Each line is of the form:
 #
 #     <locale> <charset>
 #
 #  where <locale> is one of the locales given in /usr/share/i18n/locales
 #  and <charset> is one of the character sets listed in /usr/share/i18n/charmaps
 #
 #  Examples:
 #  en_US ISO-8859-1
 #  en_US.UTF-8 UTF-8
 #  de_DE ISO-8859-1
 #  de_DE@euro ISO-8859-15
 #
 #  The locale-gen command will generate all the locales,
 #  placing them in /usr/lib/locale.
 #
 #  A list of supported locales is included in this file.
 #  Uncomment the ones you need.
 en_US.UTF-8 UTF-8
 en_US ISO-8859-1
--- a/base/usr/share/luzifer/base-setup/files/timesyncd.conf
+++ b/base/usr/share/luzifer/base-setup/files/timesyncd.conf
@ -0,0 +1,14 @@
 # Ansible-Managed by base-setup
 # Entries in this file show the compile time defaults.
 # You can change settings by editing this file.
 # Defaults can be restored by simply deleting this file.
 #
 # See timesyncd.conf(5) for details.
 [Time]
 NTP=ptbtime1.ptb.de ptbtime2.ptb.de ptbtime3.ptb.de ntp1.lrz.de ntp3.lrz.de ntps1-0.cs.tu-berlin.de ntps1-1.cs.tu-berlin.de
 #FallbackNTP=0.arch.pool.ntp.org 1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org
 #RootDistanceMaxSec=5
 #PollIntervalMinSec=32
 #PollIntervalMaxSec=2048
--- a/base/usr/share/luzifer/base-setup/inventory
+++ b/base/usr/share/luzifer/base-setup/inventory
@ -0,0 +1,2 @@
 [localhost]
 localhost01   ansible_connection=local
--- a/base/usr/share/luzifer/base-setup/playbook.yaml
+++ b/base/usr/share/luzifer/base-setup/playbook.yaml
@ -0,0 +1,9 @@
 ---
 - hosts: all
  tasks:
    - include_tasks: tasks/systemtime.yaml
    - include_tasks: tasks/locale.yaml
    - include_tasks: tasks/security.yaml
 ...
--- a/base/usr/share/luzifer/base-setup/tasks/locale.yaml
+++ b/base/usr/share/luzifer/base-setup/tasks/locale.yaml
@ -0,0 +1,24 @@
 ---
 - name: Configure locale.gen
  copy:
    src: files/locale.gen
    dest: /etc/locale.gen
    owner: root
    mode: '0644'
  register: etc_locale_gen
 - name: Generate locales
  command:
    cmd: locale-gen
  when: etc_locale_gen.changed
 - name: Configure system locale
  copy:
    content: |
      LANG=en_US.UTF-8
    dest: /etc/locale.conf
    owner: root
    mode: '0644'
 ...
--- a/base/usr/share/luzifer/base-setup/tasks/security.yaml
+++ b/base/usr/share/luzifer/base-setup/tasks/security.yaml
@ -0,0 +1,9 @@
 ---
 - name: Enable auditd
  systemd:
    enabled: true
    name: auditd.service
    state: started
 ...
--- a/base/usr/share/luzifer/base-setup/tasks/systemtime.yaml
+++ b/base/usr/share/luzifer/base-setup/tasks/systemtime.yaml
@ -0,0 +1,26 @@
 ---
 - name: Configure system timezone
  file:
    src: /usr/share/zoneinfo/Europe/Berlin
    dest: /etc/localtime
    force: true
    state: link
 - name: Configure systemd-timesyncd
  copy:
    src: files/timesyncd.conf
    dest: /etc/systemd/timesyncd.conf
    owner: root
    mode: '0644'
  register: etc_systemd_timesyncd_conf
 - name: Restart systemd-timesyncd
  systemd:
    daemon_reload: true
    enabled: true
    name: systemd-timesyncd.service
    state: restarted
  when: etc_systemd_timesyncd_conf.changed
 ...
--- a/luzifer-base.install
+++ b/luzifer-base.install
@ -1,28 +1,14 @@
 post_install() {
-	post_upgrade
+  post_upgrade
 }
 post_upgrade() {
-	# Set NTP servers
+  # Enable auditd & AppArmor
-	local ntp_servers=(
+  systemctl enable auditd.service
 		ptbtime1.ptb.de
 		ptbtime2.ptb.de
 		ptbtime3.ptb.de
 		ntp1.lrz.de
 		ntp3.lrz.de
 		ntps1-0.cs.tu-berlin.de
 		ntps1-1.cs.tu-berlin.de
 	)
 	sed -i -E "s/^#?NTP=.*$/NTP=$(echo ${ntp_servers[@]})/" /etc/systemd/timesyncd.conf
-	# Enable timesync
+  # Apply base-setup playbook
-	systemctl enable --now systemd-timesyncd
+  ansible-playbook \
-
+    --diff \
-	# Set local time
+    --inventory usr/share/luzifer/base-setup/inventory \
-	ln -sf /usr/share/zoneinfo/Europe/Berlin "/etc/localtime"
+    usr/share/luzifer/base-setup/playbook.yaml
 	# Enable en_US locale
 	echo "LANG=en_US.UTF-8" >/etc/locale.conf
 	sed 's/#en_US/en_US/' -i /etc/locale.gen
 	locale-gen
 }
		`@ -0,0 +1,2 @@`
							`[localhost]`
							`localhost01 ansible_connection=local`