Ansible project to configure my dev environment(s)
Use setup.sh
to install dependencies and run playbook main.yml
./setup.sh -pa
I use ansible vault to encrypt sensitive data, so I can still share my project. The password file is defined in ansible.cfg
, so that no vault parameter has to be specified when running the playbook. Required parameters have to be encrypted accordingly, eg.g the variable backup_encryption_key
:
ansible-vault encrypt_string 'SupersecretPa$$phrase' --name 'backup_encryption_key'
Beside of external roles, I have some roles defined as part of this project, which are:
- core - does basic stuff
- shell - mainly installs zsh and sets it as default shell
- resources - Symlinks the resource files and folders (incl. dot-files)
- packages - installs additional packages for my Arch Linux (incl. packages in AUR)
- git - for projects in Github/Gitlab not having packages, this role clones them to a specific folder
For personal backup I use borg and the playbook backup.yml cares about the intial setup using encryption=repokey
:
repokey
andkeyfile
useAES-CTR-256
for encryption andHMAC-SHA256
for authentication in an encrypt-then-MAC (EtM) construction.
Backup is configure by setting the variables local_backup
and remote_backup
to true
in the [host_vars](.(host_vars/). This allows a per-host config of a backup. So my main computer will to a local and remote backup, where some additional computer may not need to be backed-up.
One could also manually setup the backup as follows
ansible-playbook backup.yml --ask-become-pass --limit $(hostname)
borg list ssh://$username:$server:$port/$targetdir