Add base-setup playbook
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
e707726f12
commit
1d097a5af3
10 changed files with 139 additions and 23 deletions
14
Makefile
Normal file
14
Makefile
Normal file
|
@ -0,0 +1,14 @@
|
|||
default:
|
||||
|
||||
apply-playbook:
|
||||
ansible-playbook \
|
||||
--diff \
|
||||
--inventory base/usr/share/luzifer/base-setup/inventory \
|
||||
base/usr/share/luzifer/base-setup/playbook.yaml
|
||||
|
||||
test-playbook:
|
||||
ansible-playbook \
|
||||
--check \
|
||||
--diff \
|
||||
--inventory base/usr/share/luzifer/base-setup/inventory \
|
||||
base/usr/share/luzifer/base-setup/playbook.yaml
|
9
PKGBUILD
9
PKGBUILD
|
@ -7,7 +7,7 @@ pkgname=(
|
|||
luzifer-gui
|
||||
luzifer-lenovo-gui
|
||||
)
|
||||
pkgver=0.9.7
|
||||
pkgver=0.10.0
|
||||
pkgrel=1
|
||||
pkgdesc='System configuration for @luzifer systems'
|
||||
arch=(any)
|
||||
|
@ -47,6 +47,7 @@ package_luzifer-base() {
|
|||
|
||||
# Add system utils
|
||||
depends+=(
|
||||
ansible-core
|
||||
bc
|
||||
curl
|
||||
ddrescue
|
||||
|
@ -70,6 +71,12 @@ package_luzifer-base() {
|
|||
wget
|
||||
)
|
||||
|
||||
# Add security utils
|
||||
depends+=(
|
||||
apparmor
|
||||
audit
|
||||
)
|
||||
|
||||
# Add custom sytem utils
|
||||
depends+=(
|
||||
arch-update
|
||||
|
|
25
base/usr/share/luzifer/base-setup/files/locale.gen
Normal file
25
base/usr/share/luzifer/base-setup/files/locale.gen
Normal file
|
@ -0,0 +1,25 @@
|
|||
# Configuration file for locale-gen
|
||||
#
|
||||
# lists of locales that are to be generated by the locale-gen command.
|
||||
#
|
||||
# Each line is of the form:
|
||||
#
|
||||
# <locale> <charset>
|
||||
#
|
||||
# where <locale> is one of the locales given in /usr/share/i18n/locales
|
||||
# and <charset> is one of the character sets listed in /usr/share/i18n/charmaps
|
||||
#
|
||||
# Examples:
|
||||
# en_US ISO-8859-1
|
||||
# en_US.UTF-8 UTF-8
|
||||
# de_DE ISO-8859-1
|
||||
# de_DE@euro ISO-8859-15
|
||||
#
|
||||
# The locale-gen command will generate all the locales,
|
||||
# placing them in /usr/lib/locale.
|
||||
#
|
||||
# A list of supported locales is included in this file.
|
||||
# Uncomment the ones you need.
|
||||
|
||||
en_US.UTF-8 UTF-8
|
||||
en_US ISO-8859-1
|
14
base/usr/share/luzifer/base-setup/files/timesyncd.conf
Normal file
14
base/usr/share/luzifer/base-setup/files/timesyncd.conf
Normal file
|
@ -0,0 +1,14 @@
|
|||
# Ansible-Managed by base-setup
|
||||
|
||||
# Entries in this file show the compile time defaults.
|
||||
# You can change settings by editing this file.
|
||||
# Defaults can be restored by simply deleting this file.
|
||||
#
|
||||
# See timesyncd.conf(5) for details.
|
||||
|
||||
[Time]
|
||||
NTP=ptbtime1.ptb.de ptbtime2.ptb.de ptbtime3.ptb.de ntp1.lrz.de ntp3.lrz.de ntps1-0.cs.tu-berlin.de ntps1-1.cs.tu-berlin.de
|
||||
#FallbackNTP=0.arch.pool.ntp.org 1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org
|
||||
#RootDistanceMaxSec=5
|
||||
#PollIntervalMinSec=32
|
||||
#PollIntervalMaxSec=2048
|
2
base/usr/share/luzifer/base-setup/inventory
Normal file
2
base/usr/share/luzifer/base-setup/inventory
Normal file
|
@ -0,0 +1,2 @@
|
|||
[localhost]
|
||||
localhost01 ansible_connection=local
|
9
base/usr/share/luzifer/base-setup/playbook.yaml
Normal file
9
base/usr/share/luzifer/base-setup/playbook.yaml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
|
||||
- hosts: all
|
||||
tasks:
|
||||
- include_tasks: tasks/systemtime.yaml
|
||||
- include_tasks: tasks/locale.yaml
|
||||
- include_tasks: tasks/security.yaml
|
||||
|
||||
...
|
24
base/usr/share/luzifer/base-setup/tasks/locale.yaml
Normal file
24
base/usr/share/luzifer/base-setup/tasks/locale.yaml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
|
||||
- name: Configure locale.gen
|
||||
copy:
|
||||
src: files/locale.gen
|
||||
dest: /etc/locale.gen
|
||||
owner: root
|
||||
mode: '0644'
|
||||
register: etc_locale_gen
|
||||
|
||||
- name: Generate locales
|
||||
command:
|
||||
cmd: locale-gen
|
||||
when: etc_locale_gen.changed
|
||||
|
||||
- name: Configure system locale
|
||||
copy:
|
||||
content: |
|
||||
LANG=en_US.UTF-8
|
||||
dest: /etc/locale.conf
|
||||
owner: root
|
||||
mode: '0644'
|
||||
|
||||
...
|
9
base/usr/share/luzifer/base-setup/tasks/security.yaml
Normal file
9
base/usr/share/luzifer/base-setup/tasks/security.yaml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
|
||||
- name: Enable auditd
|
||||
systemd:
|
||||
enabled: true
|
||||
name: auditd.service
|
||||
state: started
|
||||
|
||||
...
|
26
base/usr/share/luzifer/base-setup/tasks/systemtime.yaml
Normal file
26
base/usr/share/luzifer/base-setup/tasks/systemtime.yaml
Normal file
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
|
||||
- name: Configure system timezone
|
||||
file:
|
||||
src: /usr/share/zoneinfo/Europe/Berlin
|
||||
dest: /etc/localtime
|
||||
force: true
|
||||
state: link
|
||||
|
||||
- name: Configure systemd-timesyncd
|
||||
copy:
|
||||
src: files/timesyncd.conf
|
||||
dest: /etc/systemd/timesyncd.conf
|
||||
owner: root
|
||||
mode: '0644'
|
||||
register: etc_systemd_timesyncd_conf
|
||||
|
||||
- name: Restart systemd-timesyncd
|
||||
systemd:
|
||||
daemon_reload: true
|
||||
enabled: true
|
||||
name: systemd-timesyncd.service
|
||||
state: restarted
|
||||
when: etc_systemd_timesyncd_conf.changed
|
||||
|
||||
...
|
|
@ -3,26 +3,12 @@ post_install() {
|
|||
}
|
||||
|
||||
post_upgrade() {
|
||||
# Set NTP servers
|
||||
local ntp_servers=(
|
||||
ptbtime1.ptb.de
|
||||
ptbtime2.ptb.de
|
||||
ptbtime3.ptb.de
|
||||
ntp1.lrz.de
|
||||
ntp3.lrz.de
|
||||
ntps1-0.cs.tu-berlin.de
|
||||
ntps1-1.cs.tu-berlin.de
|
||||
)
|
||||
sed -i -E "s/^#?NTP=.*$/NTP=$(echo ${ntp_servers[@]})/" /etc/systemd/timesyncd.conf
|
||||
# Enable auditd & AppArmor
|
||||
systemctl enable auditd.service
|
||||
|
||||
# Enable timesync
|
||||
systemctl enable --now systemd-timesyncd
|
||||
|
||||
# Set local time
|
||||
ln -sf /usr/share/zoneinfo/Europe/Berlin "/etc/localtime"
|
||||
|
||||
# Enable en_US locale
|
||||
echo "LANG=en_US.UTF-8" >/etc/locale.conf
|
||||
sed 's/#en_US/en_US/' -i /etc/locale.gen
|
||||
locale-gen
|
||||
# Apply base-setup playbook
|
||||
ansible-playbook \
|
||||
--diff \
|
||||
--inventory usr/share/luzifer/base-setup/inventory \
|
||||
usr/share/luzifer/base-setup/playbook.yaml
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue