commit 3e792a82413c1bf5743aa0aae65fc5ce0f55d6e1
Author: Brian C. Lane <bcl@brianlane.com>
Date: Sat, 29 Jan 2022 14:35:07 -0800
Ansible playbooks for Alpine Xfce Laptop setup
Diffstat:
7 files changed, 465 insertions(+), 0 deletions(-)
diff --git a/ansible.cfg b/ansible.cfg
@@ -0,0 +1,6 @@
+[defaults]
+inventory=./hosts
+verbose=true
+retry_files_enabled = False
+nocows=1
+remote_user=root
diff --git a/applications.yml b/applications.yml
@@ -0,0 +1,16 @@
+---
+- hosts: laptop
+ tasks:
+ - name: Install applications
+ apk:
+ name:
+ - atop
+ - vim
+ - git
+ - firefox
+ - shadow
+ - shadow-doc
+ - vlc
+ - vlc-doc
+ state: latest
+ update_cache: true
diff --git a/configs/etc/acpi-handler.sh b/configs/etc/acpi-handler.sh
@@ -0,0 +1,52 @@
+#!/bin/sh
+# vim: set ts=4:
+#
+# This is the default ACPI handler script that is configured in
+# /etc/acpi/events/anything to be called for every ACPI event.
+# You can edit it and add your own actions; treat it as a configuration file.
+#
+PATH="/usr/share/acpid:$PATH"
+alias log='logger -t acpid'
+
+# <dev-class>:<dev-name>:<notif-value>:<sup-value>
+case "$1:$2:$3:$4" in
+
+button/power:PWRF:*)
+ log 'Power button pressed'
+ # Shutdown the system unless it has a lid (notebook).
+ [ -e /proc/acpi/button/lid/LID ] || poweroff
+;;
+button/sleep:SLPB:*)
+ log 'Sleep button pressed'
+ # Suspend to RAM.
+ zzz
+;;
+button/lid:*:close:*)
+ log 'Lid closed'
+ # Suspend to RAM if AC adapter is not connected.
+ power-supply-ac || zzz
+;;
+ac_adapter:*:*:*0)
+ log 'AC adapter unplugged'
+ # Suspend to RAM if notebook's lid is closed.
+ lid-closed && zzz
+;;
+button/volumeup:VOLUP:*)
+ log 'Increase volume 5%'
+ /usr/bin/amixer sset 'Master',0 '5%+'
+;;
+button/volumedown:VOLDN:*)
+ log 'Decrease volume 5%'
+ /usr/bin/amixer sset 'Master',0 '5%-'
+;;
+button/mute:MUTE:*)
+ log 'Toggle audio mute'
+ /usr/bin/amixer sset 'Master',0 toggle
+;;
+button/f20:F20:*)
+ log 'Toggle microphone mute'
+ /usr/bin/amixer sset 'Capture',0 toggle
+;;
+esac
+
+exit 0
diff --git a/configs/etc/doas.conf b/configs/etc/doas.conf
@@ -0,0 +1,4 @@
+# This file is actually located at /etc/doas.d/doas.conf, and reflects
+# the system doas configuration. It may have been migrated from its
+# previous location, /etc/doas.conf, automatically.
+permit persist :wheel
diff --git a/configs/etc/pipewire.conf b/configs/etc/pipewire.conf
@@ -0,0 +1,248 @@
+# Daemon config file for PipeWire version "0.3.40" #
+#
+# Copy and edit this file in /etc/pipewire for system-wide changes
+# or in ~/.config/pipewire for local changes.
+
+context.properties = {
+ ## Configure properties in the system.
+ #library.name.system = support/libspa-support
+ #context.data-loop.library.name.system = support/libspa-support
+ #support.dbus = true
+ #link.max-buffers = 64
+ link.max-buffers = 16 # version < 3 clients can't handle more
+ #mem.warn-mlock = false
+ #mem.allow-mlock = true
+ #mem.mlock-all = false
+ #clock.power-of-two-quantum = true
+ #log.level = 2
+ #cpu.zero.denormals = true
+
+ core.daemon = true # listening for socket connections
+ core.name = pipewire-0 # core name and socket name
+
+ ## Properties for the DSP configuration.
+ #default.clock.rate = 48000
+ #default.clock.allowed-rates = [ 48000 ]
+ #default.clock.quantum = 1024
+ #default.clock.min-quantum = 32
+ #default.clock.max-quantum = 8192
+ #default.video.width = 640
+ #default.video.height = 480
+ #default.video.rate.num = 25
+ #default.video.rate.denom = 1
+ #
+ # These overrides are only applied when running in a vm.
+ vm.overrides = {
+ default.clock.min-quantum = 1024
+ }
+}
+
+context.spa-libs = {
+ #<factory-name regex> = <library-name>
+ #
+ # Used to find spa factory names. It maps an spa factory name
+ # regular expression to a library name that should contain
+ # that factory.
+ #
+ audio.convert.* = audioconvert/libspa-audioconvert
+ api.alsa.* = alsa/libspa-alsa
+ api.v4l2.* = v4l2/libspa-v4l2
+ api.libcamera.* = libcamera/libspa-libcamera
+ api.bluez5.* = bluez5/libspa-bluez5
+ api.vulkan.* = vulkan/libspa-vulkan
+ api.jack.* = jack/libspa-jack
+ support.* = support/libspa-support
+ #videotestsrc = videotestsrc/libspa-videotestsrc
+ #audiotestsrc = audiotestsrc/libspa-audiotestsrc
+}
+
+context.modules = [
+ #{ name = <module-name>
+ # [ args = { <key> = <value> ... } ]
+ # [ flags = [ [ ifexists ] [ nofail ] ]
+ #}
+ #
+ # Loads a module with the given parameters.
+ # If ifexists is given, the module is ignored when it is not found.
+ # If nofail is given, module initialization failures are ignored.
+ #
+
+ # Uses RTKit to boost the data thread priority.
+ { name = libpipewire-module-rtkit
+ args = {
+ #nice.level = -11
+ #rt.prio = 88
+ #rt.time.soft = 2000000
+ #rt.time.hard = 2000000
+ }
+ flags = [ ifexists nofail ]
+ }
+
+ # Set thread priorities without using RTKit.
+ #{ name = libpipewire-module-rt
+ # args = {
+ # nice.level = -11
+ # rt.prio = 88
+ # rt.time.soft = 2000000
+ # rt.time.hard = 2000000
+ # }
+ # flags = [ ifexists nofail ]
+ #}
+
+ # The native communication protocol.
+ { name = libpipewire-module-protocol-native }
+
+ # The profile module. Allows application to access profiler
+ # and performance data. It provides an interface that is used
+ # by pw-top and pw-profiler.
+ { name = libpipewire-module-profiler }
+
+ # Allows applications to create metadata objects. It creates
+ # a factory for Metadata objects.
+ { name = libpipewire-module-metadata }
+
+ # Creates a factory for making devices that run in the
+ # context of the PipeWire server.
+ { name = libpipewire-module-spa-device-factory }
+
+ # Creates a factory for making nodes that run in the
+ # context of the PipeWire server.
+ { name = libpipewire-module-spa-node-factory }
+
+ # Allows creating nodes that run in the context of the
+ # client. Is used by all clients that want to provide
+ # data to PipeWire.
+ { name = libpipewire-module-client-node }
+
+ # Allows creating devices that run in the context of the
+ # client. Is used by the session manager.
+ { name = libpipewire-module-client-device }
+
+ # The portal module monitors the PID of the portal process
+ # and tags connections with the same PID as portal
+ # connections.
+ { name = libpipewire-module-portal
+ flags = [ ifexists nofail ]
+ }
+
+ # The access module can perform access checks and block
+ # new clients.
+ { name = libpipewire-module-access
+ args = {
+ # access.allowed to list an array of paths of allowed
+ # apps.
+ #access.allowed = [
+ # /usr/bin/pipewire-media-session
+ #]
+
+ # An array of rejected paths.
+ #access.rejected = [ ]
+
+ # An array of paths with restricted access.
+ #access.restricted = [ ]
+
+ # Anything not in the above lists gets assigned the
+ # access.force permission.
+ #access.force = flatpak
+ }
+ }
+
+ # Makes a factory for wrapping nodes in an adapter with a
+ # converter and resampler.
+ { name = libpipewire-module-adapter }
+
+ # Makes a factory for creating links between ports.
+ { name = libpipewire-module-link-factory }
+
+ # Provides factories to make session manager objects.
+ { name = libpipewire-module-session-manager }
+]
+
+context.objects = [
+ #{ factory = <factory-name>
+ # [ args = { <key> = <value> ... } ]
+ # [ flags = [ [ nofail ] ]
+ #}
+ #
+ # Creates an object from a PipeWire factory with the given parameters.
+ # If nofail is given, errors are ignored (and no object is created).
+ #
+ #{ factory = spa-node-factory args = { factory.name = videotestsrc node.name = videotestsrc Spa:Pod:Object:Param:Props:patternType = 1 } }
+ #{ factory = spa-device-factory args = { factory.name = api.jack.device foo=bar } flags = [ nofail ] }
+ #{ factory = spa-device-factory args = { factory.name = api.alsa.enum.udev } }
+ #{ factory = spa-node-factory args = { factory.name = api.alsa.seq.bridge node.name = Internal-MIDI-Bridge } }
+ #{ factory = adapter args = { factory.name = audiotestsrc node.name = my-test } }
+ #{ factory = spa-node-factory args = { factory.name = api.vulkan.compute.source node.name = my-compute-source } }
+
+ # A default dummy driver. This handles nodes marked with the "node.always-driver"
+ # property when no other driver is currently active. JACK clients need this.
+ { factory = spa-node-factory
+ args = {
+ factory.name = support.node.driver
+ node.name = Dummy-Driver
+ node.group = pipewire.dummy
+ priority.driver = 20000
+ }
+ }
+ { factory = spa-node-factory
+ args = {
+ factory.name = support.node.driver
+ node.name = Freewheel-Driver
+ priority.driver = 19000
+ node.group = pipewire.freewheel
+ node.freewheel = true
+ }
+ }
+ # This creates a new Source node. It will have input ports
+ # that you can link, to provide audio for this source.
+ #{ factory = adapter
+ # args = {
+ # factory.name = support.null-audio-sink
+ # node.name = "my-mic"
+ # node.description = "Microphone"
+ # media.class = "Audio/Source/Virtual"
+ # audio.position = "FL,FR"
+ # }
+ #}
+
+ # This creates a single PCM source device for the given
+ # alsa device path hw:0. You can change source to sink
+ # to make a sink in the same way.
+ #{ factory = adapter
+ # args = {
+ # factory.name = api.alsa.pcm.source
+ # node.name = "alsa-source"
+ # node.description = "PCM Source"
+ # media.class = "Audio/Source"
+ # api.alsa.path = "hw:0"
+ # api.alsa.period-size = 1024
+ # api.alsa.headroom = 0
+ # api.alsa.disable-mmap = false
+ # api.alsa.disable-batch = false
+ # audio.format = "S16LE"
+ # audio.rate = 48000
+ # audio.channels = 2
+ # audio.position = "FL,FR"
+ # }
+ #}
+]
+
+context.exec = [
+ #{ path = <program-name> [ args = "<arguments>" ] }
+ #
+ # Execute the given program with arguments.
+ #
+ # You can optionally start the session manager here,
+ # but it is better to start it as a systemd service.
+ # Run the session manager with -h for options.
+ #
+ #{ path = "/usr/bin/pipewire-media-session" args = "" }
+ #
+ # You can optionally start the pulseaudio-server here as well
+ # but it is better to start it as a systemd service.
+ # It can be interesting to start another daemon here that listens
+ # on another address with the -a option (eg. -a tcp:4713).
+ #
+ { path = "/usr/bin/pipewire" args = "-c pipewire-pulse.conf" }
+ { path = "/usr/bin/wireplumber" args = "" }
+]
diff --git a/hosts b/hosts
@@ -0,0 +1,2 @@
+[laptop]
+192.168.101.xxx
diff --git a/system-setup.yml b/system-setup.yml
@@ -0,0 +1,137 @@
+---
+- hosts: laptop
+ gather_facts: false
+ tasks:
+ - name: Install python3
+ raw: apk update && apk add python3
+
+- hosts: laptop
+ gather_facts: true
+ tasks:
+ - name: Switch sshd to only allow ssh key access to root
+ lineinfile:
+ dest: /etc/ssh/sshd_config
+ regexp: "^PermitRootLogin"
+ line: "PermitRootLogin prohibit-password"
+ notify:
+ - restart sshd
+
+ - name: Enable community repo
+ lineinfile:
+ dest: /etc/apk/repositories
+ regexp: "^# (http.*/alpine/.*/community)"
+ line: '\1'
+ backrefs: true
+ firstmatch: true
+
+ - name: Setup Xorg
+ raw: setup-xorg-base xf86-video-intel
+
+ - name: Setup system apps
+ apk:
+ name:
+ - apk-tools-doc
+ - acpid
+ - acpid-doc
+ - acpi-utils
+ - acpi-utils
+ - alsa-utils
+ - alsa-utils-doc
+ - chrony
+ - chrony-openrc
+ - ca-certificates
+ - doas
+ - doas-doc
+ - dbus
+ - dbus-openrc
+ - dbus-x11
+ - elogind
+ - polkit-elogind
+ - man-db
+ - util-linux
+ - util-linux-doc
+ - pciutils
+ - pciutils-doc
+ - usbutils
+ - usbutils-doc
+ - coreutils
+ - coreutils-doc
+ - binutils
+ - binutils-doc
+ - findutils
+ - findutils-doc
+ - grep
+ - grep-doc
+ - iproute2
+ - iproute2-doc
+ - udisks2
+ - udisks2-doc
+ - xfce4
+ - xfce4-terminal
+ - xfce4-screensaver
+ - lightdm-gtk-greeter
+ - pipewire
+ - pipewire-doc
+ - pipewire-tools
+ - wireplumber
+ - udev
+ - wireless-tools-doc
+ - wpa_supplicant-doc
+ wpa_gui
+ - xauth
+ - xauth-doc
+ - xhost
+ - xhost-doc
+ - xmodmap
+ - xmodmap-doc
+ state: present
+ update_cache: true
+
+ - name: Install pipewire config file
+ copy:
+ src: ./configs/etc/pipewire.conf
+ dest: /etc/pipewire/
+
+ - name: Install acpid handler
+ copy:
+ src: ./configs/etc/acpi-handler.sh
+ dest: /etc/acpi/handler.sh
+
+ - name: Enable doas for wheel group
+ copy:
+ src: ./configs/etc/doas.conf
+ dest: /etc/doas.d/
+
+ - name: Setup wpa_supplicant
+ file:
+ path: /etc/wpa_supplicant/wpa_supplicant.conf
+ owner: root
+ group: root
+ mode: '0600'
+
+ - name: Setup for wpa_cli and wpa_gui use
+ lineinfile:
+ dest: /etc/wpa_supplicant/wpa_supplicant.conf
+ regexp: "{{ item.regexp }}"
+ line: "{{ item.line }}"
+ with_items:
+ - { regexp: '^update_config', line: 'update_config=1' }
+ - { regexp: '^ctrl_interface', line: 'ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev' }
+
+ - name: Enable services service
+ service:
+ name: "{{ item }}"
+ state: started
+ enabled: yes
+ with_items:
+ - dbus
+ - lightdm
+ - acpid
+ - udev
+
+ handlers:
+ - name: restart sshd
+ service:
+ name: sshd
+ state: restarted
+ enabled: yes
