Ansible playbook to configure my laptop

This playbook is my laptop's configuration for both private and work, running Debian or Ubuntu distributions. You should install the base OS with a SSH server and run the playbook from another host initialy which will create the user. After the 1st run, you can run the script from the user home.

Run the installation


Test on vagrant box


Get current host facts

ansible localhost -m ansible.builtin.setup


To customize the LUKFS and LVM setup, the disk should be laid out using a live CD before performing the installation. After booting on the live CD:

  1. Partition the disk for:
    • EFI volume (~500MB)
    • /boot (~700MB)
    • a single partition with the rest to crypt
  2. Create the LUKS container: cryptsetup luksFormat /dev/nvmen0p3 (see to change defaults)
  3. Open the container: cryptsetup luksOpen /dev/nvmen0p3 cryptlvm
  4. Create a physical volume on top of the opnened LUKFS container: pvcreate /dev/mapper/cryptlvm
  5. Create a volume group: vgcreate vglaptop /dev/mapper/cryptlvm
  6. Create the logical volumes for /root, /home...:
    • lvcreate -L 70G vglaptop -n root
    • lvcreate -L 8G vglaptop -n swap
    • lvcreate -l 100%FREE vglaptop -n home
  7. Format the filesystems:
    • mkfs.ext4 /dev/vglaptop/root
    • mkfs.ext4 /dev/vglaptop/home
    • mkswap /dev/vglaptop/swap
  8. Install the system on the corresponding mount points
  9. Perform those operations to configure the LUKS opening from the live CD:
    • mount /dev/vglaptop/root /mnt
    • mount /dev/vglaptop/home /mnt/home
    • mount /dev/nvmen0p2 /mnt/boot
    • mount --bind /dev /mnt/dev
    • mount --bind /run/lvm /mnt/run/lvm
    • mount /dev/nvmen0p1 /mnt/boot/efi (EFI partition)
    • chroot /mnt
  10. From inside the chroot partition:
    • mount -t proc proc /proc
    • mount -t sysfs sys /sys
    • mount -t devpts devpts /dev/pts
  11. Setup crypttab (grep uuid from blkid | grep LUKS): echo "cryptlvm `blkid| grep LUK | awk -F '"' '{printf "UUID=" $2}'`none luks" > /etc/crypttab
  12. Rebuild boot files:
    • update-initramfs -c -k all
    • update-grub or grub-mkconfig -o /boot/grub/grub.cfg

In case there's some info on Archlinux - LVM on LUKS.

VPN connection


Currently holding the network-manager package as the openconnect plugin seems to fail to correctly setup the configuration: sudo apt-mark hold network-manager=1.46.0-2.


To create the set of keys:

wg genkey | tee vpn-client-private.key | wg pubkey > vpn-client-public.key

To import connection in the NetworkManager:

nmcli connection import type wireguard file <file.conf>

AWS IP ranges in routes

To add the AWS network ranges to go through the VPN, download the latest file at Insert them in the VPN entry with:

# IPv4
curl --silent \
  | jq -r '.prefixes | .[].ip_prefix' \
  | tr '\n' ',' \
  | sed 's/,$//' \
  | xargs nmcli connection modify <vpn-name> ipv4.routes

# IPv6
curl --silent \
  | jq -r '.ipv6_prefixes | .[].ipv6_prefix' \
  | tr '\n' ',' \
  | sed 's/,$//' \
  | xargs nmcli connection modify <vpn-name> ipv6.routes



The default desktop is i3, but if it seems too raw, there's an alternative easier to use:

Bluetooth pairing

To pair with a device:

pair A8:5B:78:A0:37:48
<confirm the code>
trust A8:5B:78:A0:37:48

To pair with the MX Ergo, don't open the BT manager but do everything from the command line.


To clear an entry from the ZSH history: sed -i '/myword/d' $HISTFILE.