All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
For versions that have a major of 0, a convention is followed so that
the minor number is incremented when backward-incompatible changes are
made, while the third number is incremented for backward compatible
changes. For example, versions 0.2.x
are not compatible with 0.1.x
.
- The CI system has been switched from CircleCI to GitHub Actions. The CI container and workflows have thus been updated.
- Update the boot command typed into UEFI VMs to start the system. The old command no longer boots the system, instead it remains stuck in edit mode,
- Fix spots in the docs missed during the update for v0.3.0.
- Make the Vagrantfile work under Windows by not calling
grep
or other tools. To detect if VirtualBox needs additional tweaks depending on the help output, matching is now done in Ruby. OnlyVBoxManage
needs to be in the path (under Windows you may need to add it manually). - Explicitly set the Ansible configuration file in the Vagrantfile. This is a workaround for when the playbook is made available in the guest in a world-writeable folder: Ansible refuses to load configs from such dirs.
- Create a
packer-wrapper.ps1
script that works under Windows. It replacespacker-wrapper.sh
on that OS.
- When booting from the Arch Linux install media, wait for the system to settle before starting provisioning.
- For VirtualBox, detect if the installed version requires
--nat-localhostreachableN
in order to allow thw guest to access services on the host via NAT interfaces. In that case, add this option to the VM configuration. - Ansible will now default to the latest version available, rather than sticking to version 7. Blocking bugs in Ansible have been fixed, so we can now go back to the latest version.
-
Due to Arch Linux shifting from SHA512 to YESCRYPT for password hashing, tasks which tried to increase the hashing rounds when generating password are now broken. User-provided values (such as the default of 500000 rounds) are not applicable to YESCRYPT, and the current default load factor is probably sensible enough. Since YESCRYPT is deemed superior, I see no reason to keep SHA512-related stuff in the playbook.
For this reasons:
users_hash_rounds
andusers_override_passwd_hash_systemwide
have been removed. New passwords are generated using YESCRYPT with default parameters as defined by Arch itself.- The
sha512_hash
custom filter is no longer available, andpasslib
is no longer installed. - New users are created with a password of
*
, then updated viachpasswd
.
This is a breaking change, as it is no longer possible to rely on
passlib
and removed variables. -
To make the Packer template more flexible, some settings are now taken from environment variables. A wrapper script
packer-wrapper.sh
is used to populate those variables before calling Packer. The wrapper shall be used in place of plain Packer and passes all command-line arguments down to Packer. Using the template directly without going through the wrapper is now unsupported. That is, if you used to run:packer build [options] packer-template.json
you must now use:
./packer-wrapper.sh build [options] packer-template.json
- Deprecated leftovers related to
mplugd
have been removed. This is a breaking change, since configurations still referring to these variables will stop working.
- Deprecated leftovers related to
- Add a CircleCI-based container definition for testing the playbook. the container
comes with VirtualBox, QEmu, libvirt, Packer and Vagrant and can work in rootless
mode. It has only been tested with
podman
. - Add an environment variable (
ARCH_ANSIBLE_HEADLESS
) to control if VMs should suppress their GUIs during provisioning or not. Defaults to false (GUIs will be shown by default, with the exception of libvirt). This is mainly used to suppress GUIs when running under CI. - Add an environment variable (
ARCH_ANSIBLE_CPUS
) to control the number of CPUs used by VMs. Defaults to whatever applied before (1 for Packer,nproc/2
for Vagrant). This is mainly used to adapt CPU usage to the CI runner.
- The deprecated
crypt
Python module has been replaced bypasslib
. - Manually install
ansible
viapip
in a virtual environment, and select a version that comes withansible-core
v2.14. v2.15 has introduced a breaking change, for which I have opened an issue. Until I understand how to proceed (either the change is reverted or I need to update the playbook) I'll stick toansible-core
v2.14, which meansansible
v7 branch. For Vagrant provisioning, the RAM size has been increased from 1024MiB to 1536MiB, to accomodate the virtual environemnt under/tmp
and simplify clean-up.
- When provisioning Vagrant boxes, do not wait for
reflector
anymore. - When using btrfs partitioning flows, enable
grub-btrfsd.service
instead of the old path unit. - Fix the Packer boot command for the UEFI VM, since the boot script on the install media has changed.
- Do not copy non-existent SSH host keys from the installation media. Use a wildcard-based approach instead.
- Fix a harmless error message in Packer boot commands if
/root/.ssh
already exists.
- Packer now provides a
virtualbox-uefi
builder, that can be used together with thegpt_singlepart
partitioning flow to quickly create a 64-bit UEFI machine.
- Packer now uses SHA256 digests, rather than MD5s, to validate ISO images.
- Fix installation failure caused by a
pacman
package replacement prompt getting aN
answer due to--noconfirm
. It has been solved by simply postponing the installation ofxscreensaver
afterxfce4
.
- Replace Python's
random
module withsecrets
when generating password salts. This should produce a better random byte array using the most secure entropy source available on the system.
-
The ability to automatically install
mplugd
to handle guest screen autoresize in response to host window resize has been removed.mplugd
is a Python 2 application, and due to the removal of some of its dependencies, it can no longer be installed from the mainstream repos. Despite this, guest autoresizing keeps working using a different approach, depending on the hypervisor:- for VirtualBox, switching the VGA adapter from
VBoxVGA
toVMSVGA
, which is also the recommened value for Linux, causes it to work automatically as long as the guest additions are installed; - for QEMU/KVM, the job of
mplugd
has been moved to a script usingxev
andxrandr
, which is launched alongside the GUI using a desktop entry.
To summarize:
mplugd
will no longer be available in new installations;- VirtualBox machines will now use the
VMSVGA
adapter, in place ofVBoxVGA
; - guest screen autoresizing will still work.
Unless you used
mplugd
for anything else other than resizing the screen, or depended on theVBoxVGA
adapter in some way, you should notice no issues with this new arrangment. Otherwise, you now where the issue tracker is! - for VirtualBox, switching the VGA adapter from
- Some dots in regular expessions were not escaped, matching any characters rather than just dots.
- Ensure that updates to
archlinux-keyring
are applied first than any other update, in case new keys have been added. - Don't start the qemu guest agent during the installation, just enable it. This solves a provisioning issue with packer and qemu that caused the VM to fail, because the agent could not find the communication port to talk to the host.
- A new
kvantum
role is available to install and configure the Kvantum QT theme engine, in an attempt to select a QT theme that blends well with the GTK theme used by XFCE. Users of the stock XFCE DE should not call this role directly: instead, they should setxfce_user_customizations_kvantum_theme
to the name of the Kvantum theme they want to use, such asKvGnomeDark
. - The
users
role have been improved to use more secure password hashing by default: it still uses SHA512 hashing as before, but now it is possible to set the number of rounds, instead of relying on the system default of 5000. The playbook's own default is 500000, which is still acceptable on modern or semi-modern hardware. Also, the salt is generated randomly to be as long as possible given the limits of SHA512 hashing. All of this uses a new password generation filter instead of Ansible'spassword_hash
, built on top ofrandom
andcrypt
. users
can now also update relevant system files so that the selected number of rounds is also applied to passwords generated viapasswd
.
- Packer now downloads an ISO image which does not contain the release date in the name. This solves the issue of failed Packer runs during the first days of the month if new monthly images haven't been published yet. It will just use the ISO from the previous month unless the new one appears.
- When cleaning
yay
caches, ensure that the passwordless sudo user is employed rather than root.
- Ansible
password_hash
filter no longer accepts integers as salt values.
private_role_vars
is now enabled in the configuration file.
- Fixed
pacman
/yay
cache cleaning in roleclean
. - Hardened uses of the
shell
andcommand
modules by quoting all Jinja replacements.
- Added a new partitioning flow:
bios_gpt_btrfs
for btrfs-on-root.
- The playbook can now provision QEMU/KVM guests.
- Arch-Packer now supports the
qemu
builder. - Arch-Vagrant now supports the
libvirt
provider.
- Common values have been moved to variables within the
Vagrantfile
and the Packer template.
- Remove saythanks.io badge.
- Update themes to track the Korla icon theme rename to Kora.
- The Equilux theme has been integrated. It uses the Korla icon theme.
- The Dracula themes for GTK and icons have been integrated.
- The font
noto-fonts-emoji
is now installed by default, providing support for Unicode emojis.
- The docs have been ported to GitHub pages using Jekyll. The README is now a much shorter "Getting started" introduction.
- Packer was unable to provision VM's because there was not enough space on archiso's rootfs to install Ansible. The Packer VM now uses 2GiB of memory and 1GiB of COW space to accomodate the tools.
- Add
mode
to allcopy
andtemplate
tasks.
- Add some badges to the README, including a link to saythanks.io.
root
account information have been split fromusers_info
into its own objectusers_root_info
.global_admins
has been deprecated. Now the list of users (for which personalizations are applied, such as setting the DE theme) is computed from the content ofusers_info
: any key maps to a user. In order to make iterating over users easier, theusers
role provides ausers_names
list to module who depend on it.global_passwordless_sudo_user
has been deprecated. Roles depending on this information should depend on thepasswordless_sudo_user
role and get it frompasswordless_sudo_user_name
.- The
bootstrap
play have been revamped to support pluggable partitioning flows. - Replaced most tags with variables that disable roles.
hostname
role variableroot
renamed tochroot
.- Documentation improvements.
- Default roles and collections path have been restricted to paths within the playbook itself.
- Default theme changed to darkblue.
These changes are not backward-compatible, as they break existing host variable customizations or tag usage.
- Partitioning can be customized via partitioning flows,
- Built-in single-partition MBR, GPT and LVM.
- Write your own.
- Additional, third-party roles can be imported into the main configuration play to extend the installed system in flexible ways. It also works with roles and collections from Galaxy.
- Heavily improved
syslinux
role which can dinamically detect installed kernels and initramfs images, and generate appropriate bootloader entries. It will also discover device nodes to pass to the kernel as root or where to install things by looking at what is mounted at/
and/boot
. - The wireless regulatory domain will be configured at install time.
- Replace deprecated Packer keyword
iso_checksum_url
withiso_checksum
.
- When installing under VirtualBox, it is possible to install and configure
mplugd
to handle screen resizing in place ofVBoxClient
. This is mainly intended to provide automatic screen resizing when using theVBoxVGA
adapter instead of the recommendedVMSVGA
.
linux-headers
no longer installed as part of VirtualBox guest support.
- Multi-theme support. Different XFCE4 themes can be installed side by side.
Other than the original Numix theme, a variant based on Numix-DarkBlue and the
Korla icon theme, called
darkblue
, has been added. Thexfce_user_customizations
defaults
file has been extended to allow specifying which themes are to be installed and which one is to be used as the default for created users. - Bluetooth support. It is installed by default on bare metal installations and skipped in VM's. It can be enabled or disabled explicitly.
- Any modifications to the mirrorlist applied by adding or removing custom repos or mirrors will force a database sync.
- When provisioning Vagrant images, the preparation script will wait for reflector to update the mirrorlist.
- Fixed a bug in the
user_home
filter, which returned an exception rather than throwing it. - Minor typos.
- Explicitly install packages that were included in the
base
group but have been left out from the dependencies of thebase
package.
- Packer template now uses generic URL's to reference the Arch Linux ISO and the checksum file. This eliminates the need for monthly updates to the template.
- References to home directories use the output of the
user
Ansible module rather than hardcoding the path to/home/$USER
. - Ansible is now installed explicitly in VM's provisioned with Arch-Vagrant,
rather than via the auto-install feature of the
ansible_local
provisioner, which is broken in Vagrant 2.2.5.
- Add missing
xorg
dependency to rolexscreensaver
. - Add missing dependency from
bootloader
tobase_packages
. - Install the bootloader using the executable from the target chroot, not the one from the installation media.
- VM's created via Packer will set the RTC to UTC time.
- Users can be created with additional groups.
- Users may be restricted from calling sudo.
- Add xscreensaver in place of xfce4-screensaver. It is configured with a timeout of 5 minutes for bare metal installations, while VM installations have no screensaver/screen lock by default, assuming that the host will do that. This can be overridden.
- Add pkgproxy integration giude
- Add bare metal install guide
- Arch-Packer now uses Arch Linux ISO 2019-09-01.
- The Numix theme is now installed from
numix-gtk-theme-git
rather than the now unavailablenumix-gtk-theme
. - Fix typos in the READMEs.
- Remove non-existant font package
ttf-freefont
.
- Arch-Packer now uses Arch Linux ISO 2019-08-01.
- Various typos in the READMEs.
memdisk
is copied alongside all other Syslinux modules.- Comments from
pacman.conf
that were wrongly stripped off during the provisioning are now kept.
- Initial release of the playbook.
- Initial release of the Arch-Vagrant side project.
- Initial release of the Arch-Packer side project.