From f20f3aba24500b11328e75c7ac278e44ed266167 Mon Sep 17 00:00:00 2001 From: Thomas Kleinendorst Date: Tue, 9 Apr 2024 20:17:25 +0200 Subject: [PATCH] Add scripting for installing and configuring zsh --- playbook.yml | 67 ++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 63 insertions(+), 4 deletions(-) diff --git a/playbook.yml b/playbook.yml index c8ab685..fbdec94 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,12 +1,16 @@ --- +# Notice that "# noqa: package-latest" is included in this file. This disabled a specific check for the Ansible linter, +# see: https://ansible.readthedocs.io/projects/lint/usage/#muting-warnings-to-avoid-false-positives. +# For a purely reproducible build this would be a good suggestion but I'm willing to take the risk with the Pi. - name: Install raspberry pi - become: true hosts: raspberry_pis # roles: # These roles are disabled after they have being applied once for performance reasons, it should be safe to enable them again. # Notice that this role changes some settings on reruns (on the "Change various sysctl-settings" task), doesn't seem problematic though. - # - devsec.hardening.os_hardening - # - devsec.hardening.ssh_hardening + # - role: devsec.hardening.os_hardening + # become: true + # - role: devsec.hardening.ssh_hardening + # become: true vars: # devsec.hardening.os_hardening vars: os_auth_pw_max_age: 99999 # Effectively disables the setting as mentioned in the docs. @@ -18,8 +22,63 @@ ssh_client_port: 22 # Default, but duplicated here for documentation purpose. Not changed because its only accessible via LAN. ssh_client_password_login: false # Default, but duplicated here for documentation purpose. tasks: - # Disable warning on updating latest packages, it should be safe enough for this system. - name: Update all packages to their latest version # noqa: package-latest + become: true ansible.builtin.apt: name: "*" state: latest + # The ZSH installation instructions are sourced from this blog: + # https://harshithashok.com/tools/oh-my-zsh-with-starship/ + - name: Install zsh # noqa: package-latest + become: true + ansible.builtin.apt: + pkg: + - git + - zsh + state: latest + - name: Install Oh My ZSH # noqa: command-instead-of-module ignore error since we're removing the script after install. + ansible.builtin.shell: | + wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh + chmod u+x install.sh + ./install.sh --unattended + rm install.sh + args: + executable: /bin/bash + creates: ~/.oh-my-zsh + - name: Install Starship # noqa: command-instead-of-module ignore error since we're removing the script after install. + become: true + ansible.builtin.shell: | + wget https://starship.rs/install.sh + chmod u+x install.sh + ./install.sh --yes + rm install.sh + args: + executable: /bin/bash + creates: /usr/local/bin/starship + - name: Install zsh-autosuggestions # noqa: command-instead-of-module ignore error since we're removing the script after install. + ansible.builtin.command: + cmd: git clone https://github.com/zsh-users/zsh-autosuggestions ~/.oh-my-zsh/custom/plugins/zsh-autosuggestions + creates: ~/.oh-my-zsh/custom/plugins/zsh-autosuggestions + - name: Clear "ZSH_THEME" in ~/.zshrc + ansible.builtin.lineinfile: + path: ~/.zshrc + regexp: '^ZSH_THEME="[^"]+"$' + line: ZSH_THEME="" + - name: Add the zsh-autosuggestions plugin in ~/.zshrc + ansible.builtin.lineinfile: + path: ~/.zshrc + regexp: '^plugins=\((.*)(?