{"id":23266154,"url":"https://github.com/raphiz/my-arch-setup","last_synced_at":"2025-04-09T18:55:38.717Z","repository":{"id":49646473,"uuid":"163985895","full_name":"raphiz/my-arch-setup","owner":"raphiz","description":"Ansible based automation scripts for my Arch Linux machines","archived":false,"fork":false,"pushed_at":"2023-07-06T06:38:53.000Z","size":129,"stargazers_count":7,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-19T04:46:46.192Z","etag":null,"topics":["ansible-playbook","archlinux"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/raphiz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-03T14:51:02.000Z","updated_at":"2024-07-16T10:51:56.000Z","dependencies_parsed_at":"2024-12-19T16:03:56.969Z","dependency_job_id":null,"html_url":"https://github.com/raphiz/my-arch-setup","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raphiz%2Fmy-arch-setup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raphiz%2Fmy-arch-setup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raphiz%2Fmy-arch-setup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raphiz%2Fmy-arch-setup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/raphiz","download_url":"https://codeload.github.com/raphiz/my-arch-setup/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248094013,"owners_count":21046762,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible-playbook","archlinux"],"created_at":"2024-12-19T15:53:01.861Z","updated_at":"2025-04-09T18:55:38.687Z","avatar_url":"https://github.com/raphiz.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# My Arch Setup\n\nThis Repository contains Ansible based automation scripts for my Arch Linux machines.\n\nTo be able to run the Ansible playbook, an Arch Linux installation is required. Some parts of the playbook also assume a particular [BTRFS partition layout](#btrfs-subvolume-concept) that enables roll back to a previous system snapshot.\n\n## Attribution\n\nThe [base system installation](./INSTALL.md) is mostly derived from articles of the [ArchWiki](https://wiki.archlinux.org/).\n\nThe BTRFS subvolume concept is inspired by [John Ramsden's blog post](https://ramsdenj.com/2016/04/15/multi-boot-linux-with-one-boot-partition.html).\n\nMany Ansible roles are derived from [pigmonkey's spark playbook](https://github.com/pigmonkey/spark/).\n\n## License\n\nThe code in this repository is [MIT licensed](./LICENSE)\n\n## How to use\n\nThe installation is described in a [separate document](./INSTALL.md). Before you start though you should create a custom [hosts directory](#hosts-directory).\n\n## Hosts Directory\n\nAn entire system setup as this requires secret information, such as SSH-keys and passwords. Also, this setup is not limited to just one specific machine but can be used for multiple similar installations, for example, for work and private purposes. To achieve these properties a dedicated `hosts` directory exists, that can be managed separately and privately (to keep secrets private). It's recommended to keep the hosts directory under version control as well. The hosts directory is placed directly in the root of this repository and might look like this (containing two hosts):\n\n```\nhosts/\n    files/\n        host1/\n            ssh_keys/\n                id_rsa\n                id_rsa.pub\n                known_hosts\n        host2/\n            ssh_keys/\n                id_rsa\n                id_rsa.pub\n    inventory/\n        host_vars/\n            host1.yaml\n            host2.yaml\n        hosts\n```\n\nThe files `id_rsa`, `id_rsa.pub` and `known_hosts` are for illustration purposes only and can be replaced with any kind of key and configuration filed as placed in `.ssh`. I strongly recommended encrypting the SSH private keys. You might want to encrypt other files such as known_hosts as well using ansible vault.\n\nThe `inventory` directory contains the host-specific configurations. The `hosts` file might look as follows:\n\n```\n[local]\nhost1 ansible_connection=local\nhost2 ansible_connection=local\n```\n\nThe files `host1.yaml` and `host2.yaml` contain the host-specific configuration. They should be encrypted using ansible vault, as they contain the user password. Here is an example host configuration:\n\n```\nhostname: host1\n\nhardware:\n  disk_name: /dev/sda\n\nuser:\n  name: userX\n  uid: 1000\n  group: userX\n  password: top-secret\n  password_salt: XYZ123\n  mail: user@example.com\n\nfeatures:\n  - virtualbox\n\napps:\n  - youtube-dl\n```\n\nThe parameters of this configuration file are used in the roles defined in this repository, and you can find out more about them by browsing through this repo (I know, just a bad excuse because I'm too lazy to document it).\n\n## BTRFS Subvolume Concept\n\nThe primary motivation for this subvolume concept was to be able to roll back the system to a minimal base state, on which the main ansible setup can be executed without affecting user data. This saves time (no fresh arch installation required) and is good hygiene.\n\nThe concept used in the installation script assumes three versions of the file system root, all of which are just BTRFS subvolumes/snapshots. The **EDGE** subvolume is used on a daily basis as one uses any other operating system. It is upgraded frequently and changes continuously.\n\nBefore pacman changes anything, a hook makes a copy of the **EDGE** subvolume. If something breaks after a package upgrade and things \"just have to work\", one can quickly roll-back to this snapshot. These subvolumes are prefixed with **pacman-**, or example pacman-2021-02-09. \n\nAfter the base installation, the **MINIMAL** subvolume is created. One can always roll back to this state to cleanly rerun this Ansible setup from scratch.\n\nSome subdirectories, such as `/home`, are separate BTRFS-subvolumes and not affected by these rollback actions, as they are not part of the system configuration.\n\nNote that all subvolumes are **NOT** read-only (it's not possible to boot them otherwise) and are, therefore, not real snapshots. If you have an idea how to fix this, please open an issue or contact me!\n\n## Regular Ansible Restore\n\nThe system can be rolled back to the MINIMAL-Snapshot to get a fresh and clean setup as described in this playbook without having to do the whole Arch Linux base system installation.\n\n1. Boot into MINIMAL snapshot\n2. Update the snapshot by calling `pacman -Syu`\n3. Backup the current EDGE snapshot as STABLE `/config/scripts/backup_edge_as_stable.bash`\n4. Roll back the EDGE snapshot to MINIMAL `/config/scripts/reset_edge_to_minimal.bash`\n   - This might fail with an error \"Directory not empty\". This might be due to existing docker images/volumes. `docker system prune -a \u0026\u0026 docker volume prune` can be used to delete all containers, images and volumes.\n5. Reboot into EDGE\n6. Run Ansible `/config/run.bash`\n\nIn case a package update broke the system, you can roll back to the latest STABLE snapshot. The STABLE should still work as it is updated before every Pacman transaction.\n\n1. Boot into STABLE\n2. Run `/config/scripts/reset_edge_to_stable.bash`\n3. Boot into EDGE\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraphiz%2Fmy-arch-setup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fraphiz%2Fmy-arch-setup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraphiz%2Fmy-arch-setup/lists"}