This playbook is my laptop's configuration for both private and work, running
Debian or Ubuntu distributions. It is based on:
- i3
- fish shell
- development for:
- Python
- Golang
- Rust
- Terraform, Consul, Nomad, Vault
Command shortcuts are available with a Taskfile, see task to list them all.
Its goal is to keep all my configurations and system state under this playbook in order to restore a working laptop within less than 1 hour.
See status of todos in the issues.
You should install the base OS with a SSH server and run the playbook from
another host initially which will create the user. After the 1st run, you can
run the update.sh script from the user home.
task localtask vagranttask factsTo customize the LUKFS and LVM setup, the disk should be laid out using a live CD before performing the installation. After booting on the live CD:
- Partition the disk for:
- EFI volume (~500MB) + bootable flag. If there is an existing partition, it must be first deleted to avoid an error message.
- /boot (~700MB) using ext2 (no need for journaled FS) without the bootable flag
- a single partition with the rest to crypt
- Create the LUKS container:
cryptsetup luksFormat /dev/nvmen0p3(see to change defaults) - Open the container:
cryptsetup luksOpen /dev/nvmen0p3 cryptlvm - Create a physical volume on top of the opened LUKFS container:
pvcreate /dev/mapper/cryptlvm - Create a volume group:
vgcreate vglaptop /dev/mapper/cryptlvm - Create the logical volumes for
/root,/home...:lvcreate -L 70G vglaptop -n rootlvcreate -L 16G vglaptop -n swap(A little extra than the physical memory)lvcreate -l 100%FREE vglaptop -n home
- Format the filesystems:
mkfs.ext4 /dev/vglaptop/rootmkfs.ext4 /dev/vglaptop/homemkswap /dev/vglaptop/swap
- Install the system on the corresponding mount points
- Perform those operations to configure the LUKS opening from the live CD:
mount /dev/vglaptop/root /mntmount /dev/vglaptop/home /mnt/homemount /dev/nvmen0p2 /mnt/bootmount --bind /dev /mnt/devmount --bind /run/lvm /mnt/run/lvmmount /dev/nvmen0p1 /mnt/boot/efi(EFI partition)chroot /mnt
- From inside the chroot partition:
mount -t proc proc /procmount -t sysfs sys /sysmount -t devpts devpts /dev/pts
- Setup crypttab (grep uuid from
blkid | grep LUKS):echo "cryptlvm `blkid| grep LUK | awk -F '"' '{printf "UUID=" $2}'`none luks" > /etc/crypttab - Rebuild boot files:
update-initramfs -c -k allupdate-gruborgrub-mkconfig -o /boot/grub/grub.cfg
In case there's some info on Archlinux - LVM on LUKS.
To create the set of keys:
wg genkey | tee vpn-client-private.key | wg pubkey > vpn-client-public.keyTo import connection in the NetworkManager:
nmcli connection import type wireguard file <file.conf>To add the AWS network ranges to go through the VPN, download the latest file at https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html. Insert them in the VPN entry with:
# IPv4
curl --silent https://ip-ranges.amazonaws.com/ip-ranges.json \
| jq -r '.prefixes | .[].ip_prefix' \
| tr '\n' ',' \
| sed 's/,$//' \
| xargs nmcli connection modify <vpn-name> ipv4.routes
# IPv6
curl --silent https://ip-ranges.amazonaws.com/ip-ranges.json \
| jq -r '.ipv6_prefixes | .[].ipv6_prefix' \
| tr '\n' ',' \
| sed 's/,$//' \
| xargs nmcli connection modify <vpn-name> ipv6.routesThe default desktop is i3, but if it seems too raw, there's an alternative easier to use: https://regolith-linux.org/.
To pair with a device:
bluetoothctl
devices
pair A8:5B:78:A0:37:48
<confirm the code>
trust A8:5B:78:A0:37:48To pair with the MX Ergo, don't open the BT manager but do everything from the command line.
- For Debian codename changes, run once
sudo apt-get update --allow-releaseinfo-changeto accept the change to the next version.