Skip to content

craigfurman/ansible-home

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ansible-home

Friendship ended with Ansible - now Nix is my best friend.

The roles and configuration files for my laptop in here are no longer used. That functionality is mostly ported over to https://github.com/craigfurman/nix-workstations.

The server roles in here are still used.

Usage

ansible-playbook -i inventory/lakitu --vault-password-file <vault-password-file> lakitu.yml

Replace inventory and playbook as appropriate.

Append -K when running tasks that require root.

Upgrading laptops

  1. brew_upgrade
  2. Run ansible as normal.

Upgrading morty

  1. As root: pacman -Syu --noconfirm && pacman -Sc --noconfirm
  2. Run ansible against morty over ssh.

First run

Secrets are encrypted with ansible-vault, and are kept in a private repository. Clone the secrets repository into the checkout of this repository.

macOS

  1. Install Homebrew
    1. This should install xcode command line tools automatically. If not, run xcode-select --install.
  2. brew install ansible
  3. Run ansible as normal.

Manual setup

Ironically for an automation repo, I currently configure a few things on my mac(s) via the GUI. I figure that if these settings move / change their options / and removed, it'll be easier to learn that through the GUI.

A lot of this is automatable (https://mths.be/macos / https://github.com/mathiasbynens/dotfiles/blob/master/.macos), and I might crib from that in the future.

Unless otherwise spelt out, start in "System Preferences":

  1. Install any hardware-specific drivers
    1. https://logitech.com/options
  2. Install mac app store apps
    1. On personal laptop: bitwarden, authy (ipad version)
  3. General
    1. About: change computer name
    2. Sharing: change hostname
  4. Appearance: auto
  5. Desktop & Dock
    1. automatically hide the dock
    2. Click wallpaper to reveal desktop - "only in stage manager"
  6. Users and Groups
    1. Login items: add flycut.
  7. Privacy & Security
    1. General: require password immediately after sleep begins.
    2. Filevault: yes
    3. Accessibility: allow flycut to control the computer.
  8. Sound
    1. Disable startup sound
  9. Control centre
    1. Sound -> Always show in menu bar
  10. Keyboard
    1. Key repeat fastest, delay until repeat shortest.
    2. Turn off keyboard backlight after 5s
    3. Keyboard shortcuts -> Modifier keys -> Remap caps lock to escape.
    4. Extra maps for PC keyboard. Set to ISO, swap option and command
    5. Use standard function keys on external keyboards (keyboard shortcuts -> function keys)
    6. Shortcuts -> Input sources -> disable ^-space for "previous input source" - it's my tmux prefix.
    7. Input sources -> Edit -> Disable smart quotes
      1. Also disable insert full stop after double space.
  11. Trackpad
    1. Allow tap to click
    2. Scroll and zoom: untick natural scroll
  12. Displays
    1. On the pro 16", default scaling seems sensible: looks like 1792x1120, on the 3072x1920 screen.
    2. Enable night shift
  13. Battery
    1. Power adapter: prevent computer from sleeping automatically
  14. Spotlight
    1. Privacy: exclude ~/workspace to avoid mds_stores doing work every time I compile things.
  15. TouchID for sudo (personal laptop only)
    1. Add auth sufficient pam_tid.so to 2nd line of /etc/pam.d/sudo
    2. Set up https://github.com/fabianishere/pam_reattach
    3. This appears to be reset by certain OS updates, so I don't actually tend to have this enabled.