Compare commits

...

2 commits

Author SHA1 Message Date
51d38248db add wireguard config 2023-01-09 19:43:01 +01:00
bb57006968 edit readme 2023-01-09 13:51:34 +01:00
7 changed files with 53 additions and 1 deletions

View file

@ -31,4 +31,7 @@ vscodium:
zsh:
ansible-playbook playbooks/zsh.yml -i inventory/hosts.yml -K
wireguard:
ansible-playbook playbooks/wireguard.yml -i inventory/hosts.yml -K --ask-vault-pass
.PHONY: run

View file

@ -1,5 +1,7 @@
# Personal Linux Setup
My current setup is [Regolith OS](https://regolith-desktop.com/) which is basically Ubuntu + i3.
## Before installing
- Put asymmetric key pair in ~/.ssh
@ -11,10 +13,11 @@
- Telegram (maybe only possible to download)
- Cool neovim setup
- thunderbird config
- some kind of tag setup with: bootstrap, update etc
- some kind of tag setup with: bootstrap, update, etc.
- i3 app shortcuts
- terminal font
- default git branch master
- Configuration for desktop at uni. It should be really similar, except syncthing should have a new keypair. Also some applications are not necessary, e.g. nicotine+ and virtualbox.
Would like Ansible Vault to check in keypair for syncthing.
However, then I would need a password to unlock the vault.
@ -24,3 +27,8 @@ Therefore, I could make this available using Secret Service and write a script t
However, keepass cannot run secret service as Ubuntu already runs one.
But if I disable that, my SSH agent does not work anymore.
As an intermediate solution, I can just put the password in keepass...
## Long-term TODO
- Move away from GNOME because it is quite slow and configuration is pretty bad. This would also mean moving away from Regolith unfortunately. I would probably move to KDE with i3. Maybe there is some distro that does this OOTB?
- Move away from systemd. Not sure how feasibly that is nowadays, but I just get annoyed by some systemd "features" such as resolved.

View file

@ -6,6 +6,7 @@
my_roles:
- zsh
- asdf
- wireguard
- neovim
- signal
- virtualbox

4
playbooks/wireguard.yml Normal file
View file

@ -0,0 +1,4 @@
- name: Install wireguard
hosts: self
roles:
- wireguard

View file

@ -0,0 +1,10 @@
- name: Install wireguard
become: true
apt:
name: wireguard
state: present
- name: Install home.conf
become: true
template:
src: "{{ role_path }}/templates/home.conf.j2"
dest: /etc/wireguard/home.conf

View file

@ -0,0 +1,10 @@
[Interface]
Privatekey={{ private_key }}
Address=192.168.40.3/24
DNS=192.168.10.1
[Peer]
Publickey=URG3OY/ow/vY+Ou2z/9V0xHmc6kQ0SmV24F5105b5yI=
PresharedKey={{ preshared_key }}
Endpoint=wg.geokunis2.nl:47239
AllowedIPs=0.0.0.0/0

View file

@ -0,0 +1,16 @@
private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
34373762323462386235343934613038633764663961633635343439373033656662313731313736
6166326637393162663035653830333832633034386335630a343438613561626162393336306438
33633937626535356337366234306366383864346332396539376162666431343636383739353831
3735373033346634650a343937653565353063326335373764616262663339363764316261626438
34373663643165303837613132313231396266636136303333363361613733343564393531366631
6238343964613130623764333165333961366538333433626137
preshared_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
62336462356637633962336335383565666562613961653664316330373163326437623535336463
3861346562346639353339386135633935626361633131360a386130333266393333656130656264
31666631623262336261356261353932633763303235316437373139336334343764643936646632
3366393362376334370a333835623033343030333937636539336362653838643937616164613139
33343565333733643738656631346433356164386561306537626336343332613961613430633238
3237333865633231646162303532303461656463343137393037