This Ansible Role is used for setting up a working ArchLinux Workstation with encrypted BTRFS and subvolumes.
- Ansible >= 2.7
- A machine to setup
- ArchLinux Install USB
There are several variables pre-defined inside default and vars. Feel free to customize them for your purposes.
Variables that are needed:
This variables are important and should be stored inside a Ansible Vault file (see Setup for further information).
---
# Example data
vault_luks_pass: 'myDriveToEncrypt!'
vault_users:
arch:
password: 'someGreatPassword!'- Write the latest ArchLinux ISO on a USB drive
- Insert the USB drive into your machine that you want to setup
- Boot from USB
- Ensure that Ansible is able to connect to your machine (SSH Authorized Keys)
- Prepare your inventory
# For example
inventory/
provision/
group_vars/
arch/
- Edit variables for your needs
- Create Ansible Vault file (like in the example above inside the
group_varswith namevault) with required secrets for LUKS and your users you want to create on your new machine
# Create and edit new vault file
ansible-vault create /inventory/provision/group_vars/arch/vault
# Edit vault file
ansible-vault edit /inventory/provision/group_vars/arch/vault- Test connection
ansible <inventory_host> -m ping- Store vault password into a file so that Ansible is able to decrypt your previous defined secrets
- Run the playbook
ansible-playbook play.yml --vault-password-file /path/to/vault/password/fileIncluding an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: myworkstation
roles:
- archlinux-ansible
BSD 3 Clause
An optional section for the role authors to include contact information, or a website (HTML is not allowed).