The objective is to have an easy way to have fresh arch instalation setup the way one desires. Reliably and with the least amount of effort. For this Ansible is used.
Ansible is an automation platform.
It executes tasks from playbooks
on machines listed in inventory
.
Open source, developed by Red Hat.
Written and dependent on python. Uses YAML configuration files.
Agent-less, controled machines need just ssh+python (linux) or
winrm+powershell (windows).
Praised for simplicity.
For now this repo aims at just server deployment of arch. Terminal stuff, no xorg.
install arch linux, log in to a non root account that can sudo
- install ansible and git
sudo pacman -S ansible git
- clone this repo
git clone https://github.com/DoTheEvo/ansible-arch.git
- enter the directory
cd ansible-arch
- run the playbooks you want
ansible-playbook -u $USER -K playbook_core.yml
ansible-playbook -u $USER -K playbook_zsh.yml
ansible-playbook -u $USER -K playbook_docker.yml
yes, you write $USER
there, which puts in the user you are logged in
the -K
is short for --ask-become-pass
which will prompt for password
executing_playbook.webm
useful terminal progams, settings, maintance services
- arch update/upgrade, equivalent of
pacman -Syu
- install:
nano, micro, git, curl, wget, rsync, nnn, bat, tree, unarchiver, duf, ncdu, htop, iotop, glances, nmap, gnu-netcat, iproute2, bind, nload, sysfsutils, borg, fuse, python-llfuse, python-pip, python-setuptools, python-pexpect - install yay to have access to AUR
- in pacman.conf enable color and enable parallel downloads
- in makepkg.conf disable compression and enable parallel compilation
noatime
set in fstab to avoid unnecessary writes ofrelatime
- increased allowed failed login attemps to 10 before lock out
- enable members of wheel group to sudo
- no sudo password needed for nnn editor
- services installed and enabled
- ssh - remote access
- plocate - file search locate
- cronie - cron time scheduler
- fstrim - weekly ssd trim
- trash-cli - delete to trash
- paccache - weekly clearing of pacman cache
- reflector - weekly update of mirrorlist - !!change the country codes!!
- install neofetch
- check if in virtual machine and if vmware, hyperv, or virtualbox then install and enable supporting services
- install micro text editor, copy config, keybinds, syntax highlight
set micro as the default editor in
.bashrc
- install zsh shell
- copy bash history in to .zhistory
- change the default shell from bash to zsh for the user
- install zimfw using its own script
- change the theme to
steeef
- copy .myownrc with various predefined stuff
- source
.myownrc
in.zshrc
- install docker, docker-compose, ctop
- enable and start docker service
- add the current user to the docker group to avoid need for sudo
This is for a local deployment. Meaning the machine is changing itself, as oppose to more typical ansible use, where you run playbooks on one machine to change 143 virtual machines somewhere on the cloud.
To go from local to remote, edit inventory, replace local entries with IPs of machines you want to change.
bunch of commands
sudo journalctl -p 3 -xb
sudo journalctl -b -r
sudo systemctl --failed
sudo systemctl list-units --type=service --state=active
sudo systemctl list-units --type=timer --state=active
cat /proc/cmdline
lsmod
lspci -k
rsync -ah --info=progress2
sudo dd bs=4M if=arch.iso of=/dev/sdX status=progress oflag=direct
ss -tulpn
- shows what uses which portsudo nc -vv -l -p 8789
- netcat starts tiny server listening at port 8789,
do port forwarding on router/firewall, then test on https://www.grc.com/x/portprobe=8789sudo nc -vv -u -l -p 8789
netcat server now in udp mode
can be tested with another netcat instance runningnc <ip> 8789
writing something and pressing enter shows the text on the server
encountered issues
- in vmware issue with an error in journal - piix4_smbus SMBus
Host Controller not enabled
solution - in/etc/modprobe.d/blacklist.conf
addblacklist i2c_piix4
, reboot
check -sudo journalctl -p 3 -xb
andlsmod | grep i2c