Skip to content

bbosley/ansible-arch

 
 

Repository files navigation

Ansible Arch

Logo

Learning ansible?

Overview

The objective is to have an easy way to have fresh arch instalation setup the way one desires. Reliably and with the least amount of effort. For this Ansible is used.

Ansible is an automation platform.
It executes tasks from playbooks on machines listed in inventory. Open source, developed by Red Hat. Written and dependent on python. Uses YAML configuration files. Agent-less, controled machines need just ssh+python (linux) or winrm+powershell (windows).
Praised for simplicity.

For now this repo aims at just server deployment of arch. Terminal stuff, no xorg.

How to execute

install arch linux, log in to a non root account that can sudo

  • install ansible and git
    sudo pacman -S ansible git
  • clone this repo
    git clone https://github.com/DoTheEvo/ansible-arch.git
  • enter the directory
    cd ansible-arch
  • run the playbooks you want
    • ansible-playbook -u $USER -K playbook_core.yml
    • ansible-playbook -u $USER -K playbook_zsh.yml
    • ansible-playbook -u $USER -K playbook_docker.yml

yes, you write $USER there, which puts in the user you are logged in
the -K is short for --ask-become-pass which will prompt for password

Removal
After running playbooks it be good to remove ansible package and bunch of its dependancies. Saves ~400MB and noise during updating.

  • sudo pacman -Rns ansible

Playbooks

executing_playbook.webm

useful terminal progams, settings, maintance services

  • arch update/upgrade, equivalent of pacman -Syu
  • install:
    nano, micro, man-db, git, curl, wget, rsync, nnn, fd, fzf, bat, tree, unarchiver, duf, ncdu, htop, iotop, glances, nmap, gnu-netcat, tcpdump, net-tools, iproute2, bind, nload, sysfsutils, lsof, borg, fuse, python-llfuse, python-pip, python-setuptools, python-pexpect, sqlite
  • install yay to have access to AUR
    set - remove make dependencies, always clean builds, cleanup after
  • in pacman.conf enable color and enable parallel downloads
  • in makepkg.conf disable compression and enable parallel compilation
  • noatime set in fstab to avoid unnecessary writes of relatime
  • increase allowed failed login attempts to 10 before lock out
  • enable members of wheel group to sudo
  • services to install and enable
    • ssh - remote access
    • nnn - get plugins, no sudo needed
    • plocate - file search locate
    • cronie - cron time scheduler
    • archlinux-keyring - weekly update
    • fstrim - weekly ssd trim
    • trash-cli - delete to trash
    • paccache - weekly clearing of pacman cache
    • reflector - weekly update of mirrorlist - !!change the country codes!!
    • logrotate - if need to prevent logs from growing
  • install neofetch
  • check if in virtual machine and if vmware, hyperv, or virtualbox then install and enable supporting services
  • install micro text editor, copy config, keybinds, syntax highlight set micro as the default editor in .bashrc

steeef-theme

  • install zsh shell
  • copy bash history in to .zhistory
  • change the default shell from bash to zsh for the user
  • install zimfw using its own script
  • change the theme to steeef
  • copy .myownrc with various predefined stuff
  • source .myownrc in .zshrc
  • install docker, docker-compose, ctop
  • enable and start docker service
  • add the current user to the docker group to avoid need for sudo
  • set default max logs size to 250MB and set logs rotation

Local deployment

This is for a local deployment. Meaning the machine is changing itself, as oppose to more typical ansible use, where you run playbooks on one machine to change 143 virtual machines somewhere on the cloud.

To go from local to remote, edit inventory, replace local entries with IPs of machines you want to change.

Useful

links

bunch of linux commands

  • journalctl -p 3 -xb
  • journalctl -b -r
  • systemctl --failed
  • systemctl list-units --type=service --state=active
  • systemctl list-units --type=timer --state=active
  • systemctl list-timers
  • journalctl -r -u borg.timer
  • systemctl list-units --type=mount
  • systemctl list-units --type=automount
  • findmnt
  • cat /proc/cmdline
  • lsmod
  • lspci -k
  • rsync -ah --info=progress2 ./minecraft /mnt/bigdisk/backup
  • sudo dd bs=4M if=arch.iso of=/dev/sdX status=progress oflag=direct
  • sudo nethogs - realtime traffic per process
  • sudo ss -tulpn - shows what uses which port
  • host 10.0.19.2 - hostname lookup
  • curl ipinfo.io - get current public IP
  • sudo nc -vv -l -p 8789 - netcat starts tiny server listening at port 8789,
    do port forwarding on router/firewall, then test on https://www.grc.com/x/portprobe=8789
  • sudo nc -vv -u -l -p 8789 netcat server now in udp mode
    can be tested with another netcat instance running nc -u <ip> 8789
    writing something and pressing enter shows the text on the server
  • sudo tcpdump -n udp port 21116 - see udp traffic on a port
  • pacman -F <path to a file> - which package owns that file
  • grep -i upgraded /var/log/pacman.log | tac | less - last upgraded packages

Encountered issues

  • In vmware issue with an error in journal - piix4_smbus SMBus Host Controller not enabled
    solution - in /etc/modprobe.d/blacklist.conf add blacklist i2c_piix4, reboot
    check - sudo journalctl -p 3 -xb and lsmod | grep i2c
  • Weekly hang-up because swap was off. Archlinux VM docker host experienced huge spike of constant disk use which was cause by the lack of SWAP. After adding 6GB swap file it was rock solid.
  • If running arch without update for a long time - sudo pacman -Sy archlinux-keyring before updating everything else with pacman -Syu.
    Enabling archlinux-keyring-wkd-sync.timer will update the package weekly. It's part of the core playbook.
  • To update zim zsh framework- zimfw upgrade and zimfw update.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published