-
Notifications
You must be signed in to change notification settings - Fork 1
/
dev-setup.yml
376 lines (327 loc) · 8.39 KB
/
dev-setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
---
- hosts: dev
remote_user: root
vars:
user_name: musicallyut
git_user: Utkarsh Upadhyay
git_email: [email protected]
sshd: ssh
sshd_config: /etc/ssh/sshd_config
ssh_public_key_file: keys/id_ed25519.pub
handlers:
- name: restart sshd
service: name=sshd state=restarted
tasks:
- name: Install sudo
package:
name: sudo
state: present
tags:
- user, system
ignore_errors: true
- name: Install aptitude
become: true
become_method: sudo
package:
name: aptitude
state: present
tags:
- system
ignore_errors: true
- name: Update Ubuntu cache
become: true
become_method: sudo
apt:
update_cache: yes
tags:
- system
ignore_errors: true
# See: https://github.com/ansible/ansible/issues/74830
- name: Install acl
become: true
become_method: sudo
package:
name: acl
state: present
tags:
- user, system
ignore_errors: true
# User management
- name: Make sure we have a 'wheel' group
become: true
become_method: sudo
group:
name: wheel
state: present
tags:
- user
- name: Allow 'wheel' group to have passwordless sudo
become: true
become_method: sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
tags:
- user
- name: "Create/add {{ user_name }} to wheel group"
become: true
become_method: sudo
user:
name: "{{ user_name }}"
groups: wheel
shell: /bin/bash
append: yes
state: present
createhome: yes
tags:
- user
- name: "Set up authorized keys for the {{ user_name }} user"
become: true
become_method: sudo
authorized_key:
user: "{{ user_name }}"
key: "{{ item }}"
with_file:
- "{{ ssh_public_key_file }}"
tags:
- user
- name: Disable empty password login
become: true
become_method: sudo
lineinfile: dest={{ sshd_config }} regexp="^#?PermitEmptyPasswords" line="PermitEmptyPasswords no"
notify: restart sshd
tags:
- user
- name: Disable remote root login
become: true
become_method: sudo
lineinfile: dest={{ sshd_config }} regexp="^#?PermitRootLogin" line="PermitRootLogin no"
notify: restart sshd
tags:
- user
- name: Disable password login
become: true
become_method: sudo
lineinfile: dest={{ sshd_config }} regexp="^(#\s*)?PasswordAuthentication " line="PasswordAuthentication no"
notify: restart sshd
tags:
- user
# Install dev tools
- name: Install Ruby
become: true
become_method: sudo
package:
name: ruby
state: present
tags:
- dev
ignore_errors: true
- name: Install Python3
become: true
become_method: sudo
package:
name: python3
state: present
tags:
- dev
ignore_errors: true
- name: Install Python3-pip
become: true
become_method: sudo
package:
name: python3-pip
state: present
tags:
- dev
ignore_errors: true
- name: Install VIM
become: true
become_method: sudo
package:
name: vim
state: present
tags:
- dev
- name: Install git
become: true
become_method: sudo
package:
name: git
state: present
tags:
- dev
- name: Install tmux
become: true
become_method: sudo
package:
name: tmux
state: present
tags:
- dev
- name: Install htop
become: true
become_method: sudo
package:
name: htop
state: present
tags:
- dev
- name: Ensure local/z dir exists
become: true
become_user: "{{ user_name }}"
file:
path: "/home/{{ user_name }}/.local/z"
state: directory
tags:
- dev
- name: Install z.sh
become: true
become_user: "{{ user_name }}"
get_url:
url: https://raw.githubusercontent.com/rupa/z/master/z.sh
dest: "/home/{{ user_name }}/.local/z/z.sh"
tags:
- dev
- name: Install nvm.sh
become: true
become_user: "{{ user_name }}"
shell: >
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
args:
warn: false
creates: "/home/{{ user_name }}/.nvm/nvm.sh"
tags:
- dev
- name: Install Node 16
become: true
become_user: "{{ user_name }}"
become_method: sudo
shell: ". /home/{{ user_name }}/.nvm/nvm.sh && nvm install 16"
args:
creates: "/home/{{ user_name }}/.nvm/versions/node/v16*"
executable: bash
tags:
- dev
# Prepare VIM
- name: Install vim-plug
become: true
become_user: "{{ user_name }}"
shell: "curl -fLo /home/{{ user_name }}/.vim/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim"
args:
warn: false
creates: "/home/{{ user_name }}/.vim/autoload/plug.vim"
tags:
- dev
# Copy configuration files
- name: Copy vimrc
become: true
copy:
src: dotfiles/vimrc
dest: "/home/{{ user_name }}/.vimrc"
owner: "{{ user_name }}"
tags:
- dev
- name: Install vim plugins
become: true
become_user: "{{ user_name }}"
shell: "vim -E -s +PlugInstall +qall || true"
tags:
- dev
- name: Copy bashrc
become: true
copy:
src: dotfiles/bashrc
dest: "/home/{{ user_name }}/.bashrc"
owner: "{{ user_name }}"
tags:
- dev
- name: Copy tmux.conf
become: true
copy:
src: dotfiles/tmux.conf
dest: "/home/{{ user_name }}/.tmux.conf"
owner: "{{ user_name }}"
tags:
- dev
- name: Copy gitconfig
become: true
copy:
src: dotfiles/gitconfig
dest: "/home/{{ user_name }}/.gitconfig"
owner: "{{ user_name }}"
tags:
- dev
- name: Fix user's full name in gitconfig
become_user: "{{ user_name }}"
become: true
shell: "git config --global user.name '{{ git_user }}'"
tags:
- dev
- name: Fix user's email in gitconfig
become_user: "{{ user_name }}"
become: true
shell: "git config --global user.email '{{ git_email }}'"
tags:
- dev
- name: Copy gitignore
become: true
copy:
src: dotfiles/gitignore
dest: "/home/{{ user_name }}/.gitignore"
owner: "{{ user_name }}"
tags:
- dev
- name: Ensure ~/bin dir exists
become: true
become_user: "{{ user_name }}"
file:
path: "/home/{{ user_name }}/bin"
state: directory
tags:
- dev
- name: Copy conda.sh
become: true
copy:
src: dotfiles/conda.sh
dest: "/home/{{ user_name }}/bin/conda.sh"
owner: "{{ user_name }}"
tags:
- dev
# Install powerline fonts
- name: Fetch Powerline fonts
become: true
become_user: "{{ user_name }}"
git:
repo: https://github.com/powerline/fonts.git
dest: "/home/{{ user_name }}/powerline-fonts"
tags:
- dev
- name: Install fonts
become: true
become_user: "{{ user_name }}"
shell: ./install.sh
args:
chdir: "/home/{{ user_name }}/powerline-fonts"
creates: "/home/{{ user_name }}/.local/share/fonts/Anonymice Powerline.ttf"
tags:
- dev
# Install Miniconda.sh
- name: Download miniconda
become: true
become_user: "{{ user_name }}"
get_url:
url: https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
dest: "/home/{{ user_name }}/miniconda.sh"
tags:
- dev
- name: Install miniconda
become: true
become_user: "{{ user_name }}"
shell: "bash /home/{{ user_name }}/miniconda.sh -b -p /home/{{ user_name }}/miniconda3"
args:
creates: "/home/{{ user_name }}/miniconda3"
tags:
- dev