🧡 A script to deploy a workstation.

• It could be run on a freshly installed Linux or MacOS.
• It installs and configures software, credentials, and backups.
• It is idempotent, it could be run multiple times to produce up-to date configuration.

I have made some effort to ensure that this script does not contain personal identifiable information. All such information is stored in the pass database, which is imported from external media when deploying a workstation.

There is a library, 💜 Rùnag, that allows the code here to be declarative and concise.

bash <(wget -qO- https://raw.githubusercontent.com/runag/runag/main/deploy.sh) add runag/workstation-runagfile run

# create offline install
mkdir runag-offline-install && cd runag-offline-install
runag offline_install::create_or_update

# perform offline install from the runag-offline-install directory
bash deploy-offline.sh

On host machine

This step will copy your ~/.password-store and ~/.gnupg keys to ~/.runag/.virt-deploy-keys directory, and after consecutive steps your keys will be accessible from the guest machine. Please make sure you understand implications of that.

mkdir ~/.runag/.virt-deploy-keys
runag workstation::linux::deploy_virt_keys

In virt-manager

1. Enable shared memory

2. Create Filesystem

Driver: virtiofs
Source path: ~/.runag # replace ~ with absolute path!
Target path: runag

On guest machine

sudo mount -m -t virtiofs runag ~/.runag
~/.runag/bin/runag

Modify /etc/fstab if you want to keep .runag mount after reboot

# /etc/fstab

# replace ~ with absolute path!
runag  ~/.runag  virtiofs  defaults  0  0

bash <(curl -Ssf https://raw.githubusercontent.com/runag/runag/main/deploy.sh) add runag/workstation-runagfile

backup
├── passwords
│   └── workstation
├── remotes
│   └── sftp
│       └── backup-server
│           ├── config
│           ├── config.linux
│           ├── id_ed25519
│           ├── id_ed25519.pub
│           └── known_hosts
└── repositories
    └── workstation

identity/my
├── git
│   ├── signing-key
│   ├── user-email
│   └── user-name
├── github
│   ├── personal-access-token
│   └── username
├── npm
│   └── access-token
├── rubygems
│   └── credentials
├── ssh
│   ├── config
│   ├── id_ed25519
│   └── id_ed25519.pub
├── sublime-merge
│   └── license
├── sublime-text
│   └── license
├── tailscale
│   └── authkey
└── wifi
    └── home
        ├── password
        └── ssid

# Fill this
ssh_keyfile="id_ed25519"
ssh_comment=""
ssh_passphrase=""
pass_path="identity/my/ssh"

ssh-keygen -t ed25519 -C "${ssh_comment}" -f "${ssh_keyfile}" -N "${ssh_passphrase}"

{ echo "${ssh_passphrase}"; cat "${ssh_keyfile}"; } | pass insert --multiline "${pass_path}/${ssh_keyfile}"
pass insert --multiline "${pass_path}/${ssh_keyfile}.pub" <"${ssh_keyfile}.pub"

You may wish to change some paths:

1. This README file, runag/workstation-runagfile and maybe runag/runag if you forked it as well.

Apache License, Version 2.0.

Please check CONTRIBUTING file for details.