alpine-laptop

Ansible playbooks for Alpine + Xfce laptop setup
git clone https://www.brianlane.com/git/alpine-laptop
Log | Files | Refs

commit 3e792a82413c1bf5743aa0aae65fc5ce0f55d6e1
Author: Brian C. Lane <bcl@brianlane.com>
Date:   Sat, 29 Jan 2022 14:35:07 -0800

Ansible playbooks for Alpine Xfce Laptop setup

Diffstat:
Aansible.cfg | 6++++++
Aapplications.yml | 16++++++++++++++++
Aconfigs/etc/acpi-handler.sh | 52++++++++++++++++++++++++++++++++++++++++++++++++++++
Aconfigs/etc/doas.conf | 4++++
Aconfigs/etc/pipewire.conf | 248+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ahosts | 2++
Asystem-setup.yml | 137+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
7 files changed, 465 insertions(+), 0 deletions(-)

diff --git a/ansible.cfg b/ansible.cfg @@ -0,0 +1,6 @@ +[defaults] +inventory=./hosts +verbose=true +retry_files_enabled = False +nocows=1 +remote_user=root diff --git a/applications.yml b/applications.yml @@ -0,0 +1,16 @@ +--- +- hosts: laptop + tasks: + - name: Install applications + apk: + name: + - atop + - vim + - git + - firefox + - shadow + - shadow-doc + - vlc + - vlc-doc + state: latest + update_cache: true diff --git a/configs/etc/acpi-handler.sh b/configs/etc/acpi-handler.sh @@ -0,0 +1,52 @@ +#!/bin/sh +# vim: set ts=4: +# +# This is the default ACPI handler script that is configured in +# /etc/acpi/events/anything to be called for every ACPI event. +# You can edit it and add your own actions; treat it as a configuration file. +# +PATH="/usr/share/acpid:$PATH" +alias log='logger -t acpid' + +# <dev-class>:<dev-name>:<notif-value>:<sup-value> +case "$1:$2:$3:$4" in + +button/power:PWRF:*) + log 'Power button pressed' + # Shutdown the system unless it has a lid (notebook). + [ -e /proc/acpi/button/lid/LID ] || poweroff +;; +button/sleep:SLPB:*) + log 'Sleep button pressed' + # Suspend to RAM. + zzz +;; +button/lid:*:close:*) + log 'Lid closed' + # Suspend to RAM if AC adapter is not connected. + power-supply-ac || zzz +;; +ac_adapter:*:*:*0) + log 'AC adapter unplugged' + # Suspend to RAM if notebook's lid is closed. + lid-closed && zzz +;; +button/volumeup:VOLUP:*) + log 'Increase volume 5%' + /usr/bin/amixer sset 'Master',0 '5%+' +;; +button/volumedown:VOLDN:*) + log 'Decrease volume 5%' + /usr/bin/amixer sset 'Master',0 '5%-' +;; +button/mute:MUTE:*) + log 'Toggle audio mute' + /usr/bin/amixer sset 'Master',0 toggle +;; +button/f20:F20:*) + log 'Toggle microphone mute' + /usr/bin/amixer sset 'Capture',0 toggle +;; +esac + +exit 0 diff --git a/configs/etc/doas.conf b/configs/etc/doas.conf @@ -0,0 +1,4 @@ +# This file is actually located at /etc/doas.d/doas.conf, and reflects +# the system doas configuration. It may have been migrated from its +# previous location, /etc/doas.conf, automatically. +permit persist :wheel diff --git a/configs/etc/pipewire.conf b/configs/etc/pipewire.conf @@ -0,0 +1,248 @@ +# Daemon config file for PipeWire version "0.3.40" # +# +# Copy and edit this file in /etc/pipewire for system-wide changes +# or in ~/.config/pipewire for local changes. + +context.properties = { + ## Configure properties in the system. + #library.name.system = support/libspa-support + #context.data-loop.library.name.system = support/libspa-support + #support.dbus = true + #link.max-buffers = 64 + link.max-buffers = 16 # version < 3 clients can't handle more + #mem.warn-mlock = false + #mem.allow-mlock = true + #mem.mlock-all = false + #clock.power-of-two-quantum = true + #log.level = 2 + #cpu.zero.denormals = true + + core.daemon = true # listening for socket connections + core.name = pipewire-0 # core name and socket name + + ## Properties for the DSP configuration. + #default.clock.rate = 48000 + #default.clock.allowed-rates = [ 48000 ] + #default.clock.quantum = 1024 + #default.clock.min-quantum = 32 + #default.clock.max-quantum = 8192 + #default.video.width = 640 + #default.video.height = 480 + #default.video.rate.num = 25 + #default.video.rate.denom = 1 + # + # These overrides are only applied when running in a vm. + vm.overrides = { + default.clock.min-quantum = 1024 + } +} + +context.spa-libs = { + #<factory-name regex> = <library-name> + # + # Used to find spa factory names. It maps an spa factory name + # regular expression to a library name that should contain + # that factory. + # + audio.convert.* = audioconvert/libspa-audioconvert + api.alsa.* = alsa/libspa-alsa + api.v4l2.* = v4l2/libspa-v4l2 + api.libcamera.* = libcamera/libspa-libcamera + api.bluez5.* = bluez5/libspa-bluez5 + api.vulkan.* = vulkan/libspa-vulkan + api.jack.* = jack/libspa-jack + support.* = support/libspa-support + #videotestsrc = videotestsrc/libspa-videotestsrc + #audiotestsrc = audiotestsrc/libspa-audiotestsrc +} + +context.modules = [ + #{ name = <module-name> + # [ args = { <key> = <value> ... } ] + # [ flags = [ [ ifexists ] [ nofail ] ] + #} + # + # Loads a module with the given parameters. + # If ifexists is given, the module is ignored when it is not found. + # If nofail is given, module initialization failures are ignored. + # + + # Uses RTKit to boost the data thread priority. + { name = libpipewire-module-rtkit + args = { + #nice.level = -11 + #rt.prio = 88 + #rt.time.soft = 2000000 + #rt.time.hard = 2000000 + } + flags = [ ifexists nofail ] + } + + # Set thread priorities without using RTKit. + #{ name = libpipewire-module-rt + # args = { + # nice.level = -11 + # rt.prio = 88 + # rt.time.soft = 2000000 + # rt.time.hard = 2000000 + # } + # flags = [ ifexists nofail ] + #} + + # The native communication protocol. + { name = libpipewire-module-protocol-native } + + # The profile module. Allows application to access profiler + # and performance data. It provides an interface that is used + # by pw-top and pw-profiler. + { name = libpipewire-module-profiler } + + # Allows applications to create metadata objects. It creates + # a factory for Metadata objects. + { name = libpipewire-module-metadata } + + # Creates a factory for making devices that run in the + # context of the PipeWire server. + { name = libpipewire-module-spa-device-factory } + + # Creates a factory for making nodes that run in the + # context of the PipeWire server. + { name = libpipewire-module-spa-node-factory } + + # Allows creating nodes that run in the context of the + # client. Is used by all clients that want to provide + # data to PipeWire. + { name = libpipewire-module-client-node } + + # Allows creating devices that run in the context of the + # client. Is used by the session manager. + { name = libpipewire-module-client-device } + + # The portal module monitors the PID of the portal process + # and tags connections with the same PID as portal + # connections. + { name = libpipewire-module-portal + flags = [ ifexists nofail ] + } + + # The access module can perform access checks and block + # new clients. + { name = libpipewire-module-access + args = { + # access.allowed to list an array of paths of allowed + # apps. + #access.allowed = [ + # /usr/bin/pipewire-media-session + #] + + # An array of rejected paths. + #access.rejected = [ ] + + # An array of paths with restricted access. + #access.restricted = [ ] + + # Anything not in the above lists gets assigned the + # access.force permission. + #access.force = flatpak + } + } + + # Makes a factory for wrapping nodes in an adapter with a + # converter and resampler. + { name = libpipewire-module-adapter } + + # Makes a factory for creating links between ports. + { name = libpipewire-module-link-factory } + + # Provides factories to make session manager objects. + { name = libpipewire-module-session-manager } +] + +context.objects = [ + #{ factory = <factory-name> + # [ args = { <key> = <value> ... } ] + # [ flags = [ [ nofail ] ] + #} + # + # Creates an object from a PipeWire factory with the given parameters. + # If nofail is given, errors are ignored (and no object is created). + # + #{ factory = spa-node-factory args = { factory.name = videotestsrc node.name = videotestsrc Spa:Pod:Object:Param:Props:patternType = 1 } } + #{ factory = spa-device-factory args = { factory.name = api.jack.device foo=bar } flags = [ nofail ] } + #{ factory = spa-device-factory args = { factory.name = api.alsa.enum.udev } } + #{ factory = spa-node-factory args = { factory.name = api.alsa.seq.bridge node.name = Internal-MIDI-Bridge } } + #{ factory = adapter args = { factory.name = audiotestsrc node.name = my-test } } + #{ factory = spa-node-factory args = { factory.name = api.vulkan.compute.source node.name = my-compute-source } } + + # A default dummy driver. This handles nodes marked with the "node.always-driver" + # property when no other driver is currently active. JACK clients need this. + { factory = spa-node-factory + args = { + factory.name = support.node.driver + node.name = Dummy-Driver + node.group = pipewire.dummy + priority.driver = 20000 + } + } + { factory = spa-node-factory + args = { + factory.name = support.node.driver + node.name = Freewheel-Driver + priority.driver = 19000 + node.group = pipewire.freewheel + node.freewheel = true + } + } + # This creates a new Source node. It will have input ports + # that you can link, to provide audio for this source. + #{ factory = adapter + # args = { + # factory.name = support.null-audio-sink + # node.name = "my-mic" + # node.description = "Microphone" + # media.class = "Audio/Source/Virtual" + # audio.position = "FL,FR" + # } + #} + + # This creates a single PCM source device for the given + # alsa device path hw:0. You can change source to sink + # to make a sink in the same way. + #{ factory = adapter + # args = { + # factory.name = api.alsa.pcm.source + # node.name = "alsa-source" + # node.description = "PCM Source" + # media.class = "Audio/Source" + # api.alsa.path = "hw:0" + # api.alsa.period-size = 1024 + # api.alsa.headroom = 0 + # api.alsa.disable-mmap = false + # api.alsa.disable-batch = false + # audio.format = "S16LE" + # audio.rate = 48000 + # audio.channels = 2 + # audio.position = "FL,FR" + # } + #} +] + +context.exec = [ + #{ path = <program-name> [ args = "<arguments>" ] } + # + # Execute the given program with arguments. + # + # You can optionally start the session manager here, + # but it is better to start it as a systemd service. + # Run the session manager with -h for options. + # + #{ path = "/usr/bin/pipewire-media-session" args = "" } + # + # You can optionally start the pulseaudio-server here as well + # but it is better to start it as a systemd service. + # It can be interesting to start another daemon here that listens + # on another address with the -a option (eg. -a tcp:4713). + # + { path = "/usr/bin/pipewire" args = "-c pipewire-pulse.conf" } + { path = "/usr/bin/wireplumber" args = "" } +] diff --git a/hosts b/hosts @@ -0,0 +1,2 @@ +[laptop] +192.168.101.xxx diff --git a/system-setup.yml b/system-setup.yml @@ -0,0 +1,137 @@ +--- +- hosts: laptop + gather_facts: false + tasks: + - name: Install python3 + raw: apk update && apk add python3 + +- hosts: laptop + gather_facts: true + tasks: + - name: Switch sshd to only allow ssh key access to root + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^PermitRootLogin" + line: "PermitRootLogin prohibit-password" + notify: + - restart sshd + + - name: Enable community repo + lineinfile: + dest: /etc/apk/repositories + regexp: "^# (http.*/alpine/.*/community)" + line: '\1' + backrefs: true + firstmatch: true + + - name: Setup Xorg + raw: setup-xorg-base xf86-video-intel + + - name: Setup system apps + apk: + name: + - apk-tools-doc + - acpid + - acpid-doc + - acpi-utils + - acpi-utils + - alsa-utils + - alsa-utils-doc + - chrony + - chrony-openrc + - ca-certificates + - doas + - doas-doc + - dbus + - dbus-openrc + - dbus-x11 + - elogind + - polkit-elogind + - man-db + - util-linux + - util-linux-doc + - pciutils + - pciutils-doc + - usbutils + - usbutils-doc + - coreutils + - coreutils-doc + - binutils + - binutils-doc + - findutils + - findutils-doc + - grep + - grep-doc + - iproute2 + - iproute2-doc + - udisks2 + - udisks2-doc + - xfce4 + - xfce4-terminal + - xfce4-screensaver + - lightdm-gtk-greeter + - pipewire + - pipewire-doc + - pipewire-tools + - wireplumber + - udev + - wireless-tools-doc + - wpa_supplicant-doc + wpa_gui + - xauth + - xauth-doc + - xhost + - xhost-doc + - xmodmap + - xmodmap-doc + state: present + update_cache: true + + - name: Install pipewire config file + copy: + src: ./configs/etc/pipewire.conf + dest: /etc/pipewire/ + + - name: Install acpid handler + copy: + src: ./configs/etc/acpi-handler.sh + dest: /etc/acpi/handler.sh + + - name: Enable doas for wheel group + copy: + src: ./configs/etc/doas.conf + dest: /etc/doas.d/ + + - name: Setup wpa_supplicant + file: + path: /etc/wpa_supplicant/wpa_supplicant.conf + owner: root + group: root + mode: '0600' + + - name: Setup for wpa_cli and wpa_gui use + lineinfile: + dest: /etc/wpa_supplicant/wpa_supplicant.conf + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^update_config', line: 'update_config=1' } + - { regexp: '^ctrl_interface', line: 'ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev' } + + - name: Enable services service + service: + name: "{{ item }}" + state: started + enabled: yes + with_items: + - dbus + - lightdm + - acpid + - udev + + handlers: + - name: restart sshd + service: + name: sshd + state: restarted + enabled: yes