From 12a9ad442c4273ce37479559ad7447853e475804 Mon Sep 17 00:00:00 2001 From: Anthony Perkins Date: Tue, 7 Apr 2020 15:20:27 +0100 Subject: [PATCH] Add roles for Arch Linux --- admin-cli.yml | 3 ++ admin-gui.yml | 3 ++ roles/arch/files/70-solokeys-access.rules | 19 ++++++++++++ roles/arch/tasks/main.yml | 7 +++++ roles/arch/tasks/modules.yml | 13 ++++++++ roles/arch/tasks/packages-cli.yml | 37 +++++++++++++++++++++++ roles/arch/tasks/packages-gui.yml | 23 ++++++++++++++ roles/arch/tasks/solokeys.yml | 15 +++++++++ roles/arch/tasks/ssh.yml | 20 ++++++++++++ 9 files changed, 140 insertions(+) create mode 100644 roles/arch/files/70-solokeys-access.rules create mode 100644 roles/arch/tasks/main.yml create mode 100644 roles/arch/tasks/modules.yml create mode 100644 roles/arch/tasks/packages-cli.yml create mode 100644 roles/arch/tasks/packages-gui.yml create mode 100644 roles/arch/tasks/solokeys.yml create mode 100644 roles/arch/tasks/ssh.yml diff --git a/admin-cli.yml b/admin-cli.yml index 6081e99..6e7e8c5 100755 --- a/admin-cli.yml +++ b/admin-cli.yml @@ -5,6 +5,9 @@ vars: gui: false tasks: + - include_role: + name: arch + when: ansible_distribution == 'Archlinux' - include_role: name: debian when: ansible_distribution == 'Debian' diff --git a/admin-gui.yml b/admin-gui.yml index feb214c..77002a7 100755 --- a/admin-gui.yml +++ b/admin-gui.yml @@ -5,6 +5,9 @@ vars: gui: true tasks: + - include_role: + name: arch + when: ansible_distribution == 'Archlinux' - include_role: name: debian when: ansible_distribution == 'Debian' diff --git a/roles/arch/files/70-solokeys-access.rules b/roles/arch/files/70-solokeys-access.rules new file mode 100644 index 0000000..0243401 --- /dev/null +++ b/roles/arch/files/70-solokeys-access.rules @@ -0,0 +1,19 @@ +# Notify ModemManager this device should be ignored +ACTION!="add|change|move", GOTO="mm_usb_device_blacklist_end" +SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_end" +ENV{DEVTYPE}!="usb_device", GOTO="mm_usb_device_blacklist_end" + +ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ENV{ID_MM_DEVICE_IGNORE}="1" + +LABEL="mm_usb_device_blacklist_end" + + +# Solo bootloader + firmware access +SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess" +SUBSYSTEM=="tty", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess" + +# ST DFU access +SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess" + +# U2F Zero +SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess" diff --git a/roles/arch/tasks/main.yml b/roles/arch/tasks/main.yml new file mode 100644 index 0000000..7a4d7a9 --- /dev/null +++ b/roles/arch/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- include: packages-cli.yml +- include: packages-gui.yml + when: gui == true +- include: modules.yml +- include: ssh.yml +- include: solokeys.yml diff --git a/roles/arch/tasks/modules.yml b/roles/arch/tasks/modules.yml new file mode 100644 index 0000000..c3e93e4 --- /dev/null +++ b/roles/arch/tasks/modules.yml @@ -0,0 +1,13 @@ +--- +- name: Blacklist pcspkr module + become: true + lineinfile: + path: /etc/modprobe.d/blacklist.conf + line: blacklist pcspkr + create: yes +- name: Blacklist dvb_usb_rtl28xxu module + become: true + lineinfile: + path: /etc/modprobe.d/blacklist.conf + line: blacklist dvb_usb_rtl28xxu + create: yes diff --git a/roles/arch/tasks/packages-cli.yml b/roles/arch/tasks/packages-cli.yml new file mode 100644 index 0000000..2cabcc0 --- /dev/null +++ b/roles/arch/tasks/packages-cli.yml @@ -0,0 +1,37 @@ +--- +- name: Upgrade all packages + become: true + pacman: + upgrade: yes +- name: Install CLI packages + become: true + pacman: + name: '{{ packages }}' + state: present + update_cache: yes + vars: + packages: + - ansible + - arch-wiki-docs + - asciidoctor + - bc + - bind-tools + - clang + - git + - gnupg + - lldb + - mc + - nmap + - openssh + - python + - python-psutil + - sudo + - tlp + - tmux + - zsh +- name: Enable TLP + become: true + systemd: + name: tlp.service + enabled: true + state: started diff --git a/roles/arch/tasks/packages-gui.yml b/roles/arch/tasks/packages-gui.yml new file mode 100644 index 0000000..b57fd0a --- /dev/null +++ b/roles/arch/tasks/packages-gui.yml @@ -0,0 +1,23 @@ +--- +- name: Upgrade all packages + become: true + pacman: + upgrade: yes +- name: Install GUI packages + become: true + dnf: + name: '{{ packages }}' + state: present + update_cache: yes + vars: + packages: + - emacs + - evolution + - evolution-ews + - galculator + - gvim + - libgnome-keyring + - nextcloud-client + - remmina + - rxvt-unicode + - xterm diff --git a/roles/arch/tasks/solokeys.yml b/roles/arch/tasks/solokeys.yml new file mode 100644 index 0000000..fbe5b52 --- /dev/null +++ b/roles/arch/tasks/solokeys.yml @@ -0,0 +1,15 @@ +--- +- name: install solokeys udev rule + become: true + copy: + src: 70-solokeys-access.rules + dest: /etc/udev/rules.d/70-solokeys-access.rules + register: solokeys_copy +- name: reload udevadm rules + become: true + command: udevadm control --reload-rules + when: solokeys_copy.changed +- name: trigger udevadm + become: true + command: udevadm trigger + when: solokeys_copy.changed diff --git a/roles/arch/tasks/ssh.yml b/roles/arch/tasks/ssh.yml new file mode 100644 index 0000000..46919f1 --- /dev/null +++ b/roles/arch/tasks/ssh.yml @@ -0,0 +1,20 @@ +--- +- name: Disable SSH passwords + become: true + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#?\w*PasswordAuthentication (yes|no)' + line: 'PasswordAuthentication no' + register: changed_ssh_config +- name: Enable SSH + become: true + systemd: + name: sshd.service + enabled: yes + state: started +- name: Restart SSH + become: true + systemd: + name: sshd.service + state: restarted + when: changed_ssh_config.changed == true