~xenrox/ansible: roles/install_archlinux/tasks/main.yml

---
- name: Create boot partition
  ansible.builtin.command: "sgdisk -g --clear -n 1:0:+550M {{ item }} -c 1:boot -t 1:ef02"
  with_items:
    - /dev/nvme0n1
    - /dev/nvme1n1
  register: sgdisk
  changed_when: "sgdisk.rc == 0"

- name: Create root partition
  ansible.builtin.command: "sgdisk -n 2:0:0 {{ item }} -c 2:root"
  with_items:
    - /dev/nvme0n1
    - /dev/nvme1n1
  register: sgdisk
  changed_when: "sgdisk.rc == 0"

- name: Format disks # noqa no-changed-when
  ansible.builtin.command: "mkfs.btrfs -f -L root -d raid1 -m raid1 -O no-holes /dev/nvme0n1p2 /dev/nvme1n1p2"

- name: Mount root
  ansible.posix.mount:
    src: /dev/nvme0n1p2
    path: /mnt
    state: mounted
    fstype: btrfs
    opts: compress-force=zstd,space_cache=v2

- name: Create LOCK
  ansible.builtin.file:
    path: /mnt/LOCK
    state: touch
    owner: root
    group: root
    mode: 0644

- name: Download bootstrap image
  ansible.builtin.get_url:
    # TODO: Put version in variable
    url: https://ftp.gwdg.de/pub/linux/archlinux/iso/2021.06.01/archlinux-bootstrap-2021.06.01-x86_64.tar.gz
    dest: /tmp/
    owner: root
    group: root
    mode: 0644

- name: Extract bootstap image
  ansible.builtin.unarchive:
    src: /tmp/archlinux-bootstrap-2021.06.01-x86_64.tar.gz
    dest: /tmp/
    remote_src: true

- name: Copy resolv.conf from rescue to bootstrap
  ansible.builtin.copy:
    src: /etc/resolv.conf
    dest: /tmp/root.x86_64/etc/resolv.conf
    owner: root
    group: root
    mode: 0644
    remote_src: true

- name: Mount /proc to bootstrap
  ansible.builtin.command: # noqa 303
    cmd: mount --rbind /proc /tmp/root.x86_64/proc
    creates: /tmp/root.x86_64/proc/uptime

- name: Mount /sys to bootstrap
  ansible.builtin.command: # noqa 303
    cmd: mount --rbind /sys /tmp/root.x86_64/sys
    creates: /tmp/root.x86_64/sys/dev

- name: Mount /dev to bootstrap
  ansible.builtin.command: # noqa 303
    cmd: mount --rbind /dev /tmp/root.x86_64/dev
    creates: /tmp/root.x86_64/dev/zero

- name: Mount /mnt to bootstrap
  ansible.builtin.command: # noqa 303
    cmd: mount --rbind /mnt /tmp/root.x86_64/mnt
    creates: /tmp/root.x86_64/mnt/LOCK

- name: Copy simple mirrorlist
  ansible.builtin.copy:
    src: mirrorlist
    dest: /tmp/root.x86_64/etc/pacman.d/mirrorlist
    owner: root
    group: root
    mode: 0644

- name: Initialize pacman keyring
  ansible.builtin.command: chroot /tmp/root.x86_64 pacman-key --init
  register: chroot_pacman_key_init
  changed_when: "chroot_pacman_key_init.rc == 0"

- name: Populate pacman keyring
  ansible.builtin.command: chroot /tmp/root.x86_64 pacman-key --populate archlinux
  register: chroot_pacman_key_populate
  changed_when: "chroot_pacman_key_populate.rc == 0"

- name: Set ucode to Intel
  ansible.builtin.set_fact: ucode="intel-ucode"
  when: "'GenuineIntel' in ansible_facts['processor']"

- name: Set ucode to AMD
  ansible.builtin.set_fact: ucode="amd-ucode"
  when: "'AuthenticAMD' in ansible_facts['processor']"

- name: Install Arch Linux base
  ansible.builtin.command:
    cmd: chroot /tmp/root.x86_64 pacstrap /mnt base linux btrfs-progs openssh {{ ucode }} grub python
    creates: /tmp/root.x86_64/mnt/bin

- name: Mount /proc to new chroot
  ansible.builtin.command: # noqa 303
    cmd: mount --rbind /proc /mnt/proc
    creates: /mnt/proc/uptime

- name: Mount /sys to new chroot
  ansible.builtin.command: # noqa 303
    cmd: mount --rbind /sys /mnt/sys
    creates: /mnt/sys/dev

- name: Mount /dev to new chroot
  ansible.builtin.command: # noqa 303
    cmd: mount --rbind /dev /mnt/dev
    creates: /mnt/dev/zero

- name: Configure locale
  ansible.builtin.lineinfile:
    dest: /mnt/etc/locale.gen
    line: "en_US.UTF-8 UTF-8"
    owner: root
    group: root
    mode: 0644

- name: Generate locale
  ansible.builtin.command: chroot /mnt locale-gen
  register: chroot_locale_gen
  changed_when: "chroot_locale_gen.rc == 0"

- name: Run systemd-firstboot
  ansible.builtin.command: chroot /mnt systemd-firstboot --locale=en_US.UTF-8 --timezone=UTC --hostname={{ inventory_hostname }}
  register: chroot_systemd_firstboot
  changed_when: "chroot_systemd_firstboot.rc == 0"

- name: Run mkinitcpio
  ansible.builtin.command: chroot /mnt mkinitcpio -p linux
  register: chroot_mkinitcpio
  changed_when: "chroot_mkinitcpio.rc == 0"

- name: Configure network
  ansible.builtin.template:
    src: 10-wired.network.j2
    dest: /mnt/etc/systemd/network/10-wired.network
    owner: root
    group: root
    mode: 0644

- name: Set grub mount options
  ansible.builtin.lineinfile:
    path: /mnt/etc/default/grub
    owner: root
    group: root
    mode: 0644
    regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
    line: 'GRUB_CMDLINE_LINUX_DEFAULT="rootflags=compress-force=zstd"'

- name: Install grub
  ansible.builtin.command: chroot /mnt grub-install --recheck {{ item }}
  with_items:
    - /dev/nvme0n1
    - /dev/nvme1n1
  register: chroot_grub_install
  changed_when: "chroot_grub_install.rc == 0"

- name: Configure grub
  ansible.builtin.command: chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
  register: chroot_grub_mkconfig
  changed_when: "chroot_grub_mkconfig.rc == 0"

- name: Enable services
  ansible.builtin.command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved fstrim.timer
  register: chroot_systemd_services
  changed_when: "chroot_systemd_services.rc == 0"

- name: Symlink resolv.conf
  ansible.builtin.file:
    src: /run/systemd/resolve/stub-resolv.conf
    dest: /mnt/etc/resolv.conf
    state: link
    force: true
    owner: root
    group: root
    mode: 0644

- name: Create root ssh folder
  ansible.builtin.file:
    path: /mnt/root/.ssh
    state: directory
    owner: root
    group: root
    mode: 0700

- name: Copy public key for root
  ansible.builtin.copy:
    src: /root/.ssh/authorized_keys
    dest: /mnt/root/.ssh/authorized_keys
    owner: root
    group: root
    mode: 0600
    remote_src: true

- name: Remove LOCK
  ansible.builtin.file:
    path: /mnt/LOCK
    state: absent