From 2356a1c0b62f78e15c9ea9eede9944c26cc668e8 Mon Sep 17 00:00:00 2001 From: Carlos Sousa Date: Fri, 2 Aug 2024 15:24:10 +0200 Subject: [PATCH] update workstation, add personalstation (#6) * update become handling, add workstation / playstation roles * add default cfg, rename to personalstation, * cleanup default packages, clean settings * update readme --------- Co-authored-by: Carlos Sousa --- .../target_system_personalstation.sh | 6 ++ ansible/README.md | 89 +++++++++++++------ ansible/ansible.cfg | 4 + ansible/group_vars/all.yml.sample | 1 + ansible/group_vars/htpc.yml.sample | 6 -- ansible/group_vars/personalstation.yml.sample | 10 +++ ansible/group_vars/workstation.yml.sample | 25 ++---- ansible/playbook.yml | 56 +++++++++--- ansible/roles/common/tasks/main.yml | 23 +++-- .../tasks/software/packages_cleanup.yml | 0 ansible/roles/personalstation/main.yml | 3 + .../personalstation/tasks/packages_apt.yml | 6 ++ .../tasks/packages_flatpak.yml | 8 ++ ansible/roles/workstation/tasks/main.yml | 10 ++- .../tasks/software/brave_browser.yml | 18 ++++ .../workstation/tasks/software/flatpak.yml | 4 +- .../workstation/tasks/software/packages.yml | 2 +- 17 files changed, 193 insertions(+), 78 deletions(-) create mode 100755 ansible/10_scripts/target_system_personalstation.sh create mode 100644 ansible/ansible.cfg create mode 100644 ansible/group_vars/personalstation.yml.sample delete mode 100644 ansible/roles/common/tasks/software/packages_cleanup.yml create mode 100644 ansible/roles/personalstation/main.yml create mode 100644 ansible/roles/personalstation/tasks/packages_apt.yml create mode 100644 ansible/roles/personalstation/tasks/packages_flatpak.yml create mode 100644 ansible/roles/workstation/tasks/software/brave_browser.yml diff --git a/ansible/10_scripts/target_system_personalstation.sh b/ansible/10_scripts/target_system_personalstation.sh new file mode 100755 index 00000000..b948bd22 --- /dev/null +++ b/ansible/10_scripts/target_system_personalstation.sh @@ -0,0 +1,6 @@ +#!/bin/bash +# Asks you for the user password +#ansible-playbook -i ../inventory ../playbook.yml -e "target_system=personalstation" --ask-become-pass + +# Runs from the encrypted variables +ansible-playbook -i ../inventory ../playbook.yml -e "target_system=personalstation" --vault-password-file ../encrypted_vars/vault_password.txt \ No newline at end of file diff --git a/ansible/README.md b/ansible/README.md index cc974f8c..bc4ed171 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -1,51 +1,90 @@ # Usage - make a copy of the `all.yml.sample` into `all.yml` (and any other role you might want) - - a quick starting point is by looking for `REPLACE_THIS_` - adapt as needed + - a quick starting point is by looking for `REPLACE_THIS_` and which packages you (don't) want - run the playbook + - check `10_scripts` for a bootstrap script on using them + +*** # ToDo Tip: Search for `[:TODO:]` or `[:FIX:]` for quicker tasks -## Alpha -1. Configure HTPC: Kodi -2. Configure HTPC: RetroArch +- Add "vps" role to ansible playbooks -## MVP Stage -1. Add External Software to "personal" playbook (vscodium, brave) -2. Change Power Settings (increase time until Power Saver) -3. ~~Fix gnome tweak not being applied to the user correctly~~ +*** + +# Files and Directories +**10_scripts/** : bash scripts to help bootstrap or helping reminding how to run the playbooks + +**group_vars/**: This directory is variables that will be applied on every system are present + +**roles/** : where the roles are defined. Each system has the "common" role and then one or more extra roles applied to it + +**ansible.cfg**: Configuration settings for Ansible goes here. + +**inventory**: This is the inventory file. + +**playbook**: The main playbook to be used when running it against a system + + +*** # Adapting the Playbook for yourself ## Select Specific Roles -- htpc - - used for HTPC setup +- htpc : used for HTPC setups, has autologin, remote control support, etc +- personalstation : steam, music, photo editing, etc +- workstation : development work, including VMs via KVM / QEMU, docker, vscodium, etc +- ~~vps : not yet implemented~~ +- make your own :) -- workstation - -- vps -### Variables used -[:TODO:] Document Variables Used (roles: common, htpc, workstation) +## Variables used for roles -- apt_cache_valid_time +### all +| Variable | Description | Default | +| -------------------------------- | --------------------------------------------------------------------- | ------- | +| apt_cache_valid_time | Sets how long is the cache valid for the apt updates | 3600 | +| update_packages | Sets if the packages should be checked for new versions | true | +| upgrade_packages | Sets if the packages should be upgraded if a new version is available | true | +| install_security_updates | Sets if security updates should be installed | true | +| common_users | | | +| flatpak_common_remotes | Array describing which flatpak remote url should be configured | | +| software_packages_common_present | Sets which apt packages should be present / installed on the system | | +| software_pip_common_present | Sets which pip packages should be present / installed on the system | | -- update_packages +### htpc +| Variable | Description | Default | +| ------------------------------ | ------------------------------------------------------------------------------------------------- | --------- | +| software_packages_htpc_present | Which apt packages should be present | | +| flatpak_packages_htpc_present | Which flatpaks should be present on the system | | +| htpc_main_user | the main user for the HTPC sytem. Auto login, auto start and other settings will be applied to it | htpc_user | +| htpc_main_user_password | the main user password for the system | | +| htpc_shared_directories | which directories should be created (and shared) for the htpc system users | | +| htpc_groups_present | which groups should be present | htpc | +| htpc_users_present | which users should be present in each group | | -- upgrade_packages -- install_security_updates +### workstation +| Variable | Description | Default | +| ------------------------------------- | --------------------------------------------------------------------------------------------- | ------- | +| software_packages_workstation_present | which packages should be present on the system | | +| flatpak_packages_workstation_present | which flatpaks should be present on the system | | +| install_XXXXX | If the package should be installed. Used in software that comes from third party repositories | | -- flatpak_packages_workstation_present -- software_packages_common_present +### personalstation +| Variable | Description | Default | +| Variable | Description | Default | +| ------------------------------------- | ---------------------------------------------- | ------- | +| software_packages_personalstation_present | which packages should be present on the system | | +| flapatk_packages_personalstation_present | which flatpaks should be present on the system | | -- software_packages_htpc_present - -- software_packages_workstation_present ## Used Tags -[:TODO:] Expand and Document Tags \ No newline at end of file +[:TODO:] Expand and Document Tags + + diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 00000000..47d16e02 --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +inventory = inventory +log_path = /var/log/ansible.log +retry_files_enabled = False \ No newline at end of file diff --git a/ansible/group_vars/all.yml.sample b/ansible/group_vars/all.yml.sample index 02d4af10..59101809 100644 --- a/ansible/group_vars/all.yml.sample +++ b/ansible/group_vars/all.yml.sample @@ -36,6 +36,7 @@ software_packages_common_present: - vim - vlc - wget + - zsh software_pip_common_present: diff --git a/ansible/group_vars/htpc.yml.sample b/ansible/group_vars/htpc.yml.sample index 7eee9d4f..ecb779fd 100644 --- a/ansible/group_vars/htpc.yml.sample +++ b/ansible/group_vars/htpc.yml.sample @@ -1,8 +1,3 @@ -# Server system variables -update_packages: true -upgrade_packages: true -install_security_updates: true - software_packages_htpc_present: - btop @@ -15,7 +10,6 @@ flatpak_packages_htpc_present: htpc_main_user: htpc_user htpc_main_user_password: htpc -htpc_shared_directory_group: htpc htpc_shared_directories: - /home/shared/media diff --git a/ansible/group_vars/personalstation.yml.sample b/ansible/group_vars/personalstation.yml.sample new file mode 100644 index 00000000..6288f3c6 --- /dev/null +++ b/ansible/group_vars/personalstation.yml.sample @@ -0,0 +1,10 @@ +software_packages_personalstation_present: + - steam + - rclone + - rclone-browser + - clementine + + +flatpak_packages_personalstation_present: + - name: org.darktable.Darktable + remote: flathub \ No newline at end of file diff --git a/ansible/group_vars/workstation.yml.sample b/ansible/group_vars/workstation.yml.sample index 06a6e67f..b7b3e28b 100644 --- a/ansible/group_vars/workstation.yml.sample +++ b/ansible/group_vars/workstation.yml.sample @@ -1,33 +1,22 @@ -# Personal system variables -update_packages: true -upgrade_packages: true -install_security_updates: true - - -run_workstation_tasks: true - software_packages_workstation_present: - bridge-utils - - clementine - docker - docker-compose - keepassxc - nmap - qemu-kvm - - rclone - - rclone-browser - - steam - ubuntu-restricted-extras - virt-manager - - zsh - - - flatpak_packages_workstation_present: + - name: com.vscodium.codium + remote: flathub - name: com.jgraph.drawio.desktop remote: flathub - name: org.gimp.GIMP remote: flathub - - name: org.gimp.GIMP.Plugin.GMic - remote: flathub \ No newline at end of file + - name: org.gimp.GIMP.Plugin.GMic/x86_64/2-40 + remote: flathub + +# external repository software +install_brave: true diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 39af920f..93cec9f1 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -1,16 +1,48 @@ --- -- hosts: local - become: yes - vars: - ansible_become_username: "{{ become_username }}" - ansible_become_pass: "{{ become_password }}" +- hosts: all + become: true vars_files: - - group_vars/{{ target_system }}.yml - - encrypted_vars/encrypted_vars.yml + - group_vars/{{ target_system }}.yml - roles: - - common - - { role: htpc, when target_system == 'htpc'} - - \ No newline at end of file + pre_tasks: + - name: pre-task | check if encrypted_vars.yml is present + stat: + path: encrypted_vars/encrypted_vars.yml + register: encrypted_vars_file + + - name: pre-task | include encrypted_vars.yml if it exists + include_vars: + file: encrypted_vars/encrypted_vars.yml + when: encrypted_vars_file.stat.exists + + - name: pre-task | set become variables if encrypted_vars.yml exists + set_fact: + ansible_become_username: "{{ become_username }}" + ansible_become_pass: "{{ become_password }}" + when: encrypted_vars_file.stat.exists + + + +- hosts: all + become: true + + tasks: + - name: run common role + include_role: + name: common + + - name: include htpc role + include_role: + name: htpc + when: target_system == 'htpc' + + - name: include workstation role + include_role: + name: workstation + when: target_system == 'workstation' + + - name: include personalstation role + include_role: + name: personalstation + when: target_system == 'personalstation' diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml index ecd002c5..9046d44d 100644 --- a/ansible/roles/common/tasks/main.yml +++ b/ansible/roles/common/tasks/main.yml @@ -1,17 +1,16 @@ -- block: - # common dependencies and updates - - import_tasks: software/flatpak_setup.yml - - import_tasks: software/packages_update.yml +# common dependencies and updates +- include_tasks: software/flatpak_setup.yml +- include_tasks: software/packages_update.yml - # Common package installation - - import_tasks: software/packages_apt.yml - - import_tasks: software/packages_pip.yml +# Common package installation +- include_tasks: software/packages_apt.yml +- include_tasks: software/packages_pip.yml - # Common system setup tasks - - import_tasks: system_setup/security_updates.yml - - import_tasks: system_setup/gsettings.yml +# Common system setup tasks +- include_tasks: system_setup/security_updates.yml +- include_tasks: system_setup/gsettings.yml - # Common apt cleanup tasks - - import_tasks: system_setup/apt_cleanup.yml +# Common apt cleanup tasks +- include_tasks: system_setup/apt_cleanup.yml diff --git a/ansible/roles/common/tasks/software/packages_cleanup.yml b/ansible/roles/common/tasks/software/packages_cleanup.yml deleted file mode 100644 index e69de29b..00000000 diff --git a/ansible/roles/personalstation/main.yml b/ansible/roles/personalstation/main.yml new file mode 100644 index 00000000..7b6e2f7d --- /dev/null +++ b/ansible/roles/personalstation/main.yml @@ -0,0 +1,3 @@ +# Install workstation specific software +- include_tasks: software/packages_flatpak.yml +- include_tasks: software/packages_apt.yml \ No newline at end of file diff --git a/ansible/roles/personalstation/tasks/packages_apt.yml b/ansible/roles/personalstation/tasks/packages_apt.yml new file mode 100644 index 00000000..b1bc5cf6 --- /dev/null +++ b/ansible/roles/personalstation/tasks/packages_apt.yml @@ -0,0 +1,6 @@ +- name: personalstation setup | install software packages + apt: + name: "{{ software_packages_personalstation_present }}" + state: present + when: software_packages_personalstation_present is defined + tags: personalstation, software \ No newline at end of file diff --git a/ansible/roles/personalstation/tasks/packages_flatpak.yml b/ansible/roles/personalstation/tasks/packages_flatpak.yml new file mode 100644 index 00000000..46baa16d --- /dev/null +++ b/ansible/roles/personalstation/tasks/packages_flatpak.yml @@ -0,0 +1,8 @@ +- name: personalstation setup | Install Flatpak Apps + flatpak: + name: "{{ item.name }}" + remote: "{{ item.remote }}" + state: present + loop: "{{ flatpak_packages_personalstation_present }}" + when: flatpak_packages_personalstation_present is defined + tags: common, software \ No newline at end of file diff --git a/ansible/roles/workstation/tasks/main.yml b/ansible/roles/workstation/tasks/main.yml index 2bd442a2..ac4c18d0 100644 --- a/ansible/roles/workstation/tasks/main.yml +++ b/ansible/roles/workstation/tasks/main.yml @@ -1,3 +1,9 @@ +# Install external repositories software +- include_tasks: software/brave_browser.yml + when: + - install_brave is defined + - install_brave == true + # Install workstation specific software -- import_tasks: software/flatpak.yml -- import_tasks: software/packages.yml \ No newline at end of file +- include_tasks: software/flatpak.yml +- include_tasks: software/packages.yml \ No newline at end of file diff --git a/ansible/roles/workstation/tasks/software/brave_browser.yml b/ansible/roles/workstation/tasks/software/brave_browser.yml new file mode 100644 index 00000000..db892c47 --- /dev/null +++ b/ansible/roles/workstation/tasks/software/brave_browser.yml @@ -0,0 +1,18 @@ +- name: workstation setup | download Brave Browser GPG Key + get_url: + url: https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg + dest: /usr/share/keyrings/brave-browser-archive-keyring.gpg + mode: '0644' + +- name: workstation setup | add Brave repository + ansible.builtin.shell: | + echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" | tee /etc/apt/sources.list.d/brave-browser-release.list + +- name: workstation setup | update apt cache due to Brave + apt: + update_cache: yes + +- name: workstation setup | install Brave Browser + apt: + name: brave-browser + state: present \ No newline at end of file diff --git a/ansible/roles/workstation/tasks/software/flatpak.yml b/ansible/roles/workstation/tasks/software/flatpak.yml index 8431b8b7..2b18dff9 100644 --- a/ansible/roles/workstation/tasks/software/flatpak.yml +++ b/ansible/roles/workstation/tasks/software/flatpak.yml @@ -1,8 +1,8 @@ -- name: Install Flatpak Apps +- name: workstation setup | Install Flatpak Apps flatpak: name: "{{ item.name }}" remote: "{{ item.remote }}" state: present loop: "{{ flatpak_packages_workstation_present }}" - when: item.name is defined + when: flatpak_packages_workstation_present is defined tags: common, software \ No newline at end of file diff --git a/ansible/roles/workstation/tasks/software/packages.yml b/ansible/roles/workstation/tasks/software/packages.yml index c342ed99..69661437 100644 --- a/ansible/roles/workstation/tasks/software/packages.yml +++ b/ansible/roles/workstation/tasks/software/packages.yml @@ -1,4 +1,4 @@ -- name: Install desired Workstation software packages +- name: workstation setup | install software packages apt: name: "{{ software_packages_workstation_present }}" state: present