evgnomon / blueprint Goto Github PK

View Code? Open in Web Editor NEW

0.0 1.0 0.0 499 KB

Print your workstation wherever you are. The same thing, the same way, every time.

License: Other

Jinja 14.07% Shell 44.89% Vim Script 21.46% Dockerfile 4.57% Python 15.01%

blueprint's Introduction

HGL/Blueprint

Print your workstation wherever you. The same thing, the same way, every time.

Supports Linux, macOS and Windows native and WSL2 and Docker container.

Getting Started

sudo ls # to let ansible become root when needed
# In Debian/Ubuntu add your the user to sudo group:
usermod -aG sudo
./bootstrap-Linux.sh
# Checkout your `.blueprint` settings.
git clone [email protected]:YOURUSER/.blueprint.git ~/.blueprint
ansible-playbook -i inventory --ask-become-pass main.yaml

Caution: Don't run ansible process in root! And don't forget to close your session if sudo is not needed anymore.

Coc Plugins

Run this after installation in vim to setup vim plugins:

:PlugInstall
:CocInstall coc-rust-analyzer coc-prettier coc-tsserver coc-go coc-pyright coc-snippets coc-go

MacOS

Install XCode 15 or higher from App Store. Then open XCode and install macOS SDK.

Docker has to be manually copied from attached disk image. This is to keep Alacritty unauthorized to access user Applications.

License

HGL, verified:

shasum -a 512 -c SHA512SUMS

Security Key

Share the YubiKey with WSL2 for Windows: https://learn.microsoft.com/en-us/windows/wsl/connect-usb

Use YubiKey for password less sudo:

mkdir -p ~/.config/Yubico
pamu2fcfg > ~/.config/Yubico/u2f_keys
pamu2fcfg -n >> ~/.config/Yubico/u2f_keys # with the spare key
sudo mv ~/.config/Yubico/u2f_keys /etc/Yubico/u2f_keys
sudo chown root:root -R /etc/Yubico/u2f_keys

Add a new key using:

pamu2fcfg -n | sudo tee -a /etc/Yubico/u2f_keys

Git signing

Add pubkeys to allowed_signers for git verification:

echo "$(git config --get user.email) namespaces=\"git\" $(cat ~/.ssh/vortex.pub)" >> ~/.ssh/allowed_signers

Windows

Run ansible in WSL2 for to run ansible on Windows native host:

export WIN_USER=YOUR_WINDOWS_USER
ansible-playbook -i inventory -e ansible_become_user=$WIN_USER -e ansible_user=$WIN_USER -e ansible_python_interpreter="C:\Users\$WIN_USER\.pyenv\pyenv-win\versions\3
.12.0\python.exe" main-Windows.yml

Secret Rotation

To rotate secrets, use ansible-vault:

ANSIBLE_VAULT_PASSWORD_FILE=<(vault -d vault) ansible-playbook -i inventory rotate.yaml

# or in Fish:
ANSIBLE_VAULT_PASSWORD_FILE=(vault -d vault | psub) ansible-playbook -i inventory rotate.yaml

blueprint's People

Contributors

Watchers

blueprint's Issues

Spotify

sudo apt install curl libcanberra-gtk-module software-properties-common apt-transport-https

fix permission issues for .gpg directory

WARNING: unsafe permissions on homedir '/home/evgnomon/.gnupg

Add current user to docker group

Add Zellij.

Zellij is useful to watch files in a separate Alacrity terminal.

Fix Azure functions tools on Windows and macOS

Add required packages to Debian/Ubuntu to install Yubi key replacing sudo

OpenTofu fails

Remove go dependency and instead install binary
https://github.com/opentofu/opentofu/releases/tag/v1.7.1

Add pip upgrade to list of packages being upgraded

macports install stucks forever

Fix global links for npm packages

For example serve is installed using npm but it is not available in path.

Configure ssh private key file name

Remove user from docker group.

Just to feel be a bit (or a lot) more secure.

sudo gpasswd -d $USER docker

Compile openssh and fido2 from source in macOS

Refactor common Go packages in Windows and Other OS families

Add git fly to gitconfigs

fly = ! "git add -p && git commit --amend --no-edit && git push shuttle HEAD:refs/for/master"

install Hugo

We need a tool to convert a bunch of markdowns to a website. I use Hugo to handle this for now.

move check_email.sh to standard tools.

We need a tool to convert yaml to json for further processing.

No need to create bundle unless in Windows

Uninstall Windows web experience

winget uninstall --id 9MSSGKG348SP

Remove Ansible Icon and download instead

Support `BLUE_CODE` to brand my personal lab

Install open tofu from Go source

Fix security policy for scripts in Windows

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

Fix Yubi Key on Windows and macOS

Being able to sign commits.
Encrypt secrets.
Use machine password less.
SSH login using non resident keys.

Add macports upgrade outdated by default.

Add a way to install npm packages globally

Disable fn keys for Apple keyboards.

Add a systemd service /etc/systemd/system/set-fnmode.service

[Unit]
Description=Set FN Mode for HID Apple

[Service]
Type=oneshot
ExecStart=/bin/bash -c "echo -n 0x02 > /sys/module/hid_apple/parameters/fnmode"
User=root

[Install]
WantedBy=multi-user.target

And then:

sudo systemctl daemon-reload
sudo systemctl enable set-fnmode.service
sudo systemctl start set-fnmode.service

Install Docker engine in macOSX

As containers are going to be used in Zygote a lot, we need to make sure the container engine is for us not we for the container engine. So we add support for Docker engine in macOSX and Ubuntu/Debian.

Hugo installation

Fix hugo installation from source in Debian
CGO_ENABLED=1 go install -tags extended github.com/gohugoio/hugo@latest

rust tool chain on macOS

also default cargo file