Skip to content

romanblanco/ansible-archlinux

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

252 Commits
ansible
ansible
 
 
doc
doc
 
 
vagrant
vagrant
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
README.md
README.md
 
 

Repository files navigation

Automated ArchLinux

This ansible playbook automates my personal Arch Linux installation. The goal is a fully encrypted and secure desktop system. All dotfiles are kept in an independent repository. They are managed using rcm and will only get installed if the dotfiles variable is defined.

System overview

  • Full disk encryption (including /boot if Grub/EFI is used)
  • LVM on LUKS partitioning scheme
  • Plymouth support for a nice boot screen

Special configuration

  • Customized i3 window manager with i3status-rs bar
  • z-shell with automatic oh-my-zsh integration
  • rxvt-unicode and kitty true color terminals
  • tmux with vim bindings

Additional security features

  • Sensitive and internet facing applications are sandboxed using firejail
  • Restrictive and comprahensive iptables rules
  • Use of linux-hardened
  • Automatic mac address spoofer for wireless network devices
  • No bullshit installed

Install base system

You can eighter install your own minimal system or you follow the instructions provided in the two installation guides.

  • INSTALL_LEGACY to setup an encrypted base system with LVM, syslinux in legacy boot mode.
  • INSTALL_EFI to setup a fully encrypted base system with LVM, encrypted /boot partition and EFI support.

The Ansible playbook does not depend on any specific installation method. However the Legacy install is slightly easier and more "user friendly".

How to run the ansible playbooks

First install ansible

$ sudo pacman -S ansible

then download the playbook and make sure you adjust the values of the global config in group_vars/all to match your system stats. Then run it.

$ git clone --recurse-submodules -j8 https://github.com/id101010/ansible-archlinux.git 
$ cd ansible-archlinux/ansible
$ ansible-playbook -i inventory/localhost playbook.yml [--tags $LIMIT_TO_TAG]

Lean back and watch the installation.

Testing (local vagrant machine)

Assuming you've already installed vagrant you can set up a vritual machine with just these steps

$ git clone --recurse-submodules -j8 https://github.com/id101010/ansible-archlinux.git 
$ cd ansible-archlinux/vagrant
$ vagrant up --provision

Now reboot the machine and start a graphical session using virtualbox. The default credentials are user:vagrant pw:vagrant. Alternativly you can log into your machine using the command vagrant ssh.

Hint: To reload the configuration into the vagrant box you can eighter reload (issues a graceful shutdown) the machine using vagrant reload or you can update and apply the configuration changes using vagrant rsync && vagrant provision. This way you don't need to wait for the machine to boot when testing changes.

About

Automated arch linux desktop environment

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Languages

  • Ruby 68.9%
  • Shell 31.1%