The objective is to have an easy way to have fresh arch instalation setup the way one desires. Reliably and with the least amount of effort. For this Ansible is used.
Ansible is an automation platform.
It executes tasks from playbooks
on machines listed in inventory
.
Open source, developed by Red Hat.
Written and dependent on python. Uses YAML configuration files.
Agent-less, controled machines need just ssh+python (linux) or
winrm+powershell (windows).
Praised for simplicity.
For now this repo aims at just server deployment of arch. Terminal stuff, no xorg.
install arch linux, log in to a non root account that can sudo
- install ansible and git
sudo pacman -S ansible git
- clone this repo
git clone https://github.com/DoTheEvo/ansible-arch.git
- enter the directory
cd ansible-arch
- run the playbooks you want
ansible-playbook -u $USER -K playbook_core.yml
ansible-playbook -u $USER -K playbook_zsh.yml
ansible-playbook -u $USER -K playbook_docker.yml
yes, you write $USER
there, which puts in the user you are logged in
the -K
is short for --ask-become-pass
which will prompt for password
Removal
After running playbooks it be good to remove ansible package
and bunch of its dependancies. Saves ~400MB and noise during updating.
sudo pacman -Rns ansible
executing_playbook.webm
useful terminal progams, settings, maintance services
- arch update/upgrade, equivalent of
pacman -Syu
- install:
nano, micro, man-db, git, curl, wget, rsync, nnn, fd, fzf, bat, tree, unarchiver, duf, ncdu, htop, iotop, glances, nmap, gnu-netcat, tcpdump, net-tools, iproute2, bind, nload, sysfsutils, lsof, borg, fuse, python-llfuse, python-pip, python-setuptools, python-pexpect, sqlite - install yay to have access to AUR
set - remove make dependencies, always clean builds, cleanup after - in pacman.conf enable color and enable parallel downloads
- in makepkg.conf disable compression and enable parallel compilation
noatime
set in fstab to avoid unnecessary writes ofrelatime
- increase allowed failed login attempts to 10 before lock out
- enable members of wheel group to sudo
- services to install and enable
- ssh - remote access
- nnn - get plugins, no sudo needed
- plocate - file search locate
- cronie - cron time scheduler
- archlinux-keyring - weekly update
- fstrim - weekly ssd trim
- trash-cli - delete to trash
- paccache - weekly clearing of pacman cache
- reflector - weekly update of mirrorlist - !!change the country codes!!
- logrotate - if need to prevent logs from growing
- install neofetch
- check if in virtual machine and if vmware, hyperv, or virtualbox then install and enable supporting services
- install micro text editor, copy config, keybinds, syntax highlight
set micro as the default editor in
.bashrc
- install zsh shell
- copy bash history in to .zhistory
- change the default shell from bash to zsh for the user
- install zimfw using its own script
- change the theme to
steeef
- copy .myownrc with various predefined stuff
- source
.myownrc
in.zshrc
- install docker, docker-compose, ctop
- enable and start docker service
- add the current user to the docker group to avoid need for sudo
- set default max logs size to 250MB and set logs rotation
This is for a local deployment. Meaning the machine is changing itself, as oppose to more typical ansible use, where you run playbooks on one machine to change 143 virtual machines somewhere on the cloud.
To go from local to remote, edit inventory, replace local entries with IPs of machines you want to change.
links
bunch of linux commands
journalctl -p 3 -xb
journalctl -b -r
systemctl --failed
systemctl list-units --type=service --state=active
systemctl list-units --type=timer --state=active
systemctl list-timers
journalctl -r -u borg.timer
systemctl list-units --type=mount
systemctl list-units --type=automount
findmnt
cat /proc/cmdline
lsmod
lspci -k
rsync -ah --info=progress2 ./minecraft /mnt/bigdisk/backup
sudo dd bs=4M if=arch.iso of=/dev/sdX status=progress oflag=direct
sudo nethogs
- realtime traffic per processsudo ss -tulpn
- shows what uses which porthost 10.0.19.2
- hostname lookupcurl ipinfo.io
- get current public IPsudo nc -vv -l -p 8789
- netcat starts tiny server listening at port 8789,
do port forwarding on router/firewall, then test on https://www.grc.com/x/portprobe=8789sudo nc -vv -u -l -p 8789
netcat server now in udp mode
can be tested with another netcat instance runningnc -u <ip> 8789
writing something and pressing enter shows the text on the serversudo tcpdump -n udp port 21116
- see udp traffic on a portpacman -F <path to a file>
- which package owns that filegrep -i upgraded /var/log/pacman.log | tac | less
- last upgraded packages
- In vmware issue with an error in journal - piix4_smbus SMBus
Host Controller not enabled
solution - in/etc/modprobe.d/blacklist.conf
addblacklist i2c_piix4
, reboot
check -sudo journalctl -p 3 -xb
andlsmod | grep i2c
- Weekly hang-up because swap was off. Archlinux VM docker host experienced huge spike of constant disk use which was cause by the lack of SWAP. After adding 6GB swap file it was rock solid.
- If running arch without update for a long time -
sudo pacman -Sy archlinux-keyring
before updating everything else withpacman -Syu
.
Enablingarchlinux-keyring-wkd-sync.timer
will update the package weekly. It's part of the core playbook. - To update zim zsh framework-
zimfw upgrade
andzimfw update
.