feat: Add initial setup and check scripts

ikysil · Mar 9, 2023 · dcf982e · dcf982e
1 parent 2d961f3
commit dcf982e
Show file tree

Hide file tree

Showing 10 changed files with 175 additions and 0 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,11 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[{*.yml,*.yaml}]
+indent_size = 2
diff --git a/.gitignore b/.gitignore
diff --git a/README.md b/README.md
@@ -1,2 +1,23 @@
 # workstation
+
 Ansible scripts to configure desktop workstations.
+
+Features
+
+--------
+Browse through the [Roles](roles/) to see what features are implemented.
+
+Usage
+
+--------
+
+1) Boot a TUXEDO OS on the target system.
+2) Install the OS with relatively sane defaults. Reboot into local OS.
+3) Run the [setup script](https://github.com/ikysil/workstation/blob/main/scripts/setup-tuxedo.sh) to do some pre-flight tests and load the repository.
+4) Run a playbook!
+
+```bash
+ansible-playbook -K --ask-vault-pass playbooks/home.yml
+```
+
+5) Reboot
diff --git a/ansible.cfg b/ansible.cfg
@@ -0,0 +1,5 @@
+[defaults]
+inventory = inventory.yml
+roles_path = roles
+become_method = sudo
+retry_files_enabled = False
diff --git a/inventory.yml b/inventory.yml
@@ -0,0 +1 @@
+localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3
diff --git a/playbooks/home.yml b/playbooks/home.yml
diff --git a/scripts/preflight-checks.sh b/scripts/preflight-checks.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+
+source /lib/lsb/init-functions
+
+check_ssh() {
+    systemctl status sshd >/dev/null
+    rc=$?
+    if [ ${rc} != 0 ]; then
+        log_failure_msg "SSHD is not running."
+        return 1
+    else
+        log_success_msg "SSHD is running."
+    fi
+}
+
+check_sudoers() {
+    sudo cat /etc/sudoers | grep -i requiretty >/dev/null
+    rc=$?
+    if [ ${rc} != 1 ]; then
+        log_failure_msg "requiretty is specified in sudoers."
+        return 1
+    else
+        log_success_msg "Sudoers does not requiretty."
+    fi
+}
+
+check_updates() {
+    sudo apt-get -y update >/dev/null
+    rc=$?
+    if [ ${rc} != 0 ]; then
+        log_failure_msg "System has package updates available."
+        return 1
+    fi
+    log_success_msg "System has no updates available."
+}
+
+check_efi() {
+    sudo grub-probe -t device /boot/EFI >/dev/null 2>&1
+    rc=$?
+    if [ ${rc} != 0 ]; then
+        log_failure_msg "EFI bootloader not found."
+        return 1
+    fi
+    log_success_msg "EFI bootloader found."
+}
+
+check_kernel() {
+    latest_installed=$(for kimg in $(/bin/ls -t /boot/vmlinuz-*); do
+        echo $kimg
+        return
+    done)
+    latest_installed="${latest_installed/\/boot\/vmlinuz-/''}"
+
+    running=$(uname -r)
+
+    if [[ ${latest_installed} != ${running} ]]; then
+        log_failure_msg "Latest kernel is not running. Reboot and try again."
+        return 1
+    fi
+
+    log_success_msg "Latest installed kernel is running."
+}
+
+check_hostname() {
+    if [[ $(hostname) == *"localhost"* ]]; then
+        log_failure_msg "Hostname must not be localhost."
+        return 1
+    fi
+
+    log_success_msg "Hostname is set."
+}
+
+check_secureboot() {
+    if [[ "$(sudo mokutil --sb-state)" != *"disabled"* ]]; then
+        log_failure_msg "SecureBoot is enabled."
+        return 1
+    fi
+    log_success_msg "SecureBoot is disabled."
+}
+
+ret=0
+check_sudoers
+ret=$((ret + $?))
+check_updates
+ret=$((ret + $?))
+check_efi
+ret=$((ret + $?))
+check_kernel
+ret=$((ret + $?))
+check_hostname
+ret=$((ret + $?))
+check_secureboot
+ret=$((ret + $?))
+
+exit ${ret}
diff --git a/scripts/setup-tuxedo.sh b/scripts/setup-tuxedo.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Setup TUXEDO OS
+
+export DEBIAN_FRONTEND=noninteractive
+
+# Simple prereqs
+sudo apt-get -y update
+sudo apt-get -y upgrade
+sudo apt-get -y install git ansible
+
+# Purge crap that gets in our way
+sudo apt-get -y autoclean
+
+# Grab the repo
+REPO_DIR=/var/tmp/workstation
+
+if [ -d ${REPO_DIR} ]; then
+    cd ${REPO_DIR}
+    git pull
+else
+    git clone https://github.com/ikysil/workstation ${REPO_DIR}
+    cd ${REPO_DIR}
+fi
+
+bash scripts/preflight-checks.sh
+if [ $? != 0 ]; then
+    echo "ERROR: You have some issues to address before you can build your system."
+    echo "       See the results of the pre-flight tests above to help in"
+    echo "       determining what went wrong."
+    exit 1
+else
+    echo "SUCCESS: You're all set!"
+    echo ""
+    echo "The workstation repo is at ${REPO_DIR}. An example run would be:"
+    echo "  ansible-playbook -K --ask-vault-pass -l localhost playbooks/home.yml"
+    echo ""
+fi
diff --git a/vars/global.yml b/vars/global.yml
@@ -0,0 +1,4 @@
+---
+
+# System display
+display: ":0.0"
diff --git a/vars/home.yml b/vars/home.yml
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3