Automating provisioning Arch continued - Ansible

This is part 2 of a 4 part series describing how I provision my systems. Links to each part are below:

• part 1 - The base OS install
• part 2 - Software install and system configuration with Ansible
• part 3 - User level and python environment config with dotfiles and mkrc
• part 4 - The tldr that wraps up how to do the whole thing from start to finish]

Introduction

My previous post described how to automate a base installation of Arch. This follow up post will give an overview of the next step of configuration.

After getting a base system setup there is still a ton of administrative tasks to do, like creating a user account and installing software. I accomplished this using Ansible. As with the previous post, I borrowed heavily from Brennan Fee for the configuration. My copy is here. This post won’t be as in depth as the previous one, as the ansible syntax is a lot more directly readable, so in most cases it should be enough to look at the code and maybe consult the ansible docs to figure out what’s going on. The sections below will outline a few of the parts that were a little tricky.

Hashed passwords

Ansible lets you create a user and include the hash of their password, which means you can have the data available publicly without a security concern. In order to generate a hash of a password refer to this section of the ansible FAQ

git clone

I had a tricky time with this task. I wanted to clone some repositories I controlled using ssh and save them in my home directory. After a lot of googling I determined that trying to become my user and do the clone directly wouldn’t work because ansible wouldn’t know which key to use (I have a separate key for GitHub than for my local network). This task splits it up by cloning into the ansible user directory and then using the copy task to move them over to my home directory and set the correct permissions. A little hacky, but it worked.

dconf

You can use ansible to configure your GNOME desktop with the dconf module. The trickiest part of that is figuring out what key you have to change. This blog has the solution I used.

• dconf dump / > before.txt
• make changes in settings or tweak tool
• dconf dump / > after.txt
• diff before.txt after.txt
• Figure out what changed and create a dconf task for it.

Other resources

Beyond the links previously mentioned I want to highlight a tutorial series from Jeff Geerling which was excellent and informative. He also wrote a book on ansible that I haven’t read yet but imagine is quite good, given the quality of his video guide, and the fact that I found posts from him a few times when I was googling how to do something.

Conclusion

Ansible is a pretty rad way to reproducibly get your desktop environment set up just the way you like it. It’s a bit overkill given what it’s actually designed for, but it’s a handy skill to learn and it saves rebuilding your environment from scratch.