Automation for configuring my machines with Ansible
Automated setup of my machines using Ansible. Currently supports OSX. Supported Platforms:
library
) forsecurity
CLI for OSX KeychainManual Steps
Machines can be configured one of two ways. script/rsync
can rsync
this repo to a remote machine over ssh. Then run script/configure
over SSH. This method is for provisoning a new machine from an old one
(say over SSH). Otherwise the repository can be cloned to the target
machine and run script/configure
. This will ask for the sudo
password upfront.
This repository automates the setup of a new machine with as little manual work as possible. At high level this means:
Here's the file layout:
├── README.md
├── configure-minikube.yml # Configure Minikube environments
├── configure-osx-dock.yml # Arrange OSX Dock
├── configure-osx-packages.yml # Install software for an OSX environment
├── configure-osx.yml # Include all playbooks for OSX
├── configure-saltside.yml # Setup Saltside (work) environment
├── configure-shell.yml # Setup my shell
├── configure-ssh.yml # Configure generic SSH settings
├── files
│ ├── env # Shell source file; intended by sourced in shell boot
│ └── saltside # Role specific files
│ └── env.sh
├── group_vars
│ └── all.yml
├── library
│ ├── mas_app.py # Ansible module for install Mac Store apps
│ ├── mas_login.py # Ansible mobule to manage Mac Store login
│ ├── osx_dock.py # Add/remove/order OSX Dock items
│ └── vagrant_plugin.py # Add/remove vagrant plugins
├── lookup_plugins
│ └── secret.py # Use secrets at provision time
└── script
├── configure # Main script
└── rsync # Util to rsync code to remote machine
Ansible playbooks do the bulk of the work. There are platform specific
playbooks (e.g. foo-osx
) and non-platform specific playbooks. There
is a main playbook per platform (configure-osx.yml
) that includes
all relevant playbooks. script/configure
runs the whole process. It
bootstraps the particular platform (installs ansible and supporting
libraries) then runs platform's playbook.
The setup does not rely on secrets in code, rather it uses a custom
lookup plugin to read secrets from a store. Generated shell files use
the comp-secret
command and subshells to export relevant environment
variables.
mas
fails when used overThis code is primarily designed for my structure but it's keep somewhat extensible to least support different platforms. You can fork this repo for your own setup. If you do, you'll want to customize:
script/bootstrap
to add support for your platform (based onuname -a
comp-secret
to read secrets for your shell.