ctrl group: Add provisioning of the control nodes

README.md

 # Environmental Cheminformatics Platform: Plan B
 
 This repository contains a collection of ansible scripts which can be
-used to provision an Ubuntu/Debian based virtual machine in a public
-cloud. The scripts have been written for a specific Digital Ocean
-_droplet_, but can easily be adapted for something else. Indeed,
-they are now adapted to automate configuration of ECI workstations.
+used to provision an apt based GNU/Linux distribution. Currently used
+to provision ECI workstations and virtual machines.
 
 
-## Access
+## Accessing Resources
 
-The desktop environment on the compute node *alien-one* is accessible
-through VNC protocol. Any VNC viewer can be used. If in doubt, try the
-cross-platform TigerVNC viewer [available from here for
+When the desktop environment is present on a node (this is the case
+for members of the *stations* group of computers), VNC protocol can be
+used to access it. Due to particular security setup, only the TigerVNC
+viewer can be used to connect to the stations. [available from here
+for
 Windows](https://bintray.com/tigervnc/stable/download_file?file_path=vncviewer-1.11.0.exe),
-or as a package from your GNU/Linux distribution. 
-For Mac users, 
-[here is the Java version of the viewer](https://bintray.com/tigervnc/stable/download_file?file_path=VncViewer-1.11.0.jar).
-If you are on Big Sur [try this direct download](http://tigervnc.bphinz.com/nightly/osx/TigerVNC-1.11.80.dmg). 
-If you are on Catalina [try this direct download](https://bintray.com/tigervnc/beta/download_file?file_path=TigerVNC-1.10.90.dmg).
-If you are on El Capitan [try this direct download](https://bintray.com/tigervnc/stable/download_file?file_path=TigerVNC-1.8.0.dmg)
+or as a package from your GNU/Linux distribution.  For Mac users,
+[here is the Java version of the
+viewer](https://bintray.com/tigervnc/stable/download_file?file_path=VncViewer-1.11.0.jar).
+If you are on Big Sur [try this direct
+download](http://tigervnc.bphinz.com/nightly/osx/TigerVNC-1.11.80.dmg).
+If you are on Catalina [try this direct
+download](https://bintray.com/tigervnc/beta/download_file?file_path=TigerVNC-1.10.90.dmg).
+If you are on El Capitan [try this direct
+download](https://bintray.com/tigervnc/stable/download_file?file_path=TigerVNC-1.8.0.dmg)
 
 
 
@@ -109,3 +112,9 @@ of Emacs workflow:
    want to delve deeper [note that ECI's Emacs is heavily customised,
    so it might not behave as you'd expect].
 
+## Ansible System
+
+Host file lists ECI computational inventory. There are two types of
+items, *stations* -- the compute platforms intended to be used by all
+ECI members and *ctrl* -- the control nodes intended to provision
+*stations* without too much involvement by human beings.

ctrl.yml

+# Standard play for the control nodes. Requires install-bare-guix.yml
+# to have been executed before.
+
+- hosts: ctrl
+  become: True
+  become_method: sudo
+  remote_user: adamsmith
+  vars_files:
+    - vars/users.yml
+    - vars/passwords.yml
+  pre_tasks:
+    - name: Update repositories
+      apt: update_cache=yes
+      changed_when: False
+  tasks:
+    - include: tasks/users.yml
+      tags: users
+    - name: Copy profiles.
+      tags: profile
+      copy:
+        src: files/home/user/.profile
+        dest: "/home/{{ item.login }}/.profile"
+      become_user: "{{ item.login }}"
+      loop: "{{ users }}"
+      
+    - include: tasks/apt-ctrl.yml
+      tags: apt
+
+      # Set lightdm as login manager and make it listen to incoming
+      # connections.
+    - include: tasks/guix-ctrl.yml
+      tags: guix

files/etc/guix_manifest_ctrl.scm

+(use-modules (guix packages)
+	     (guix profiles)
+	     (gnu packages)
+	     (srfi srfi-1))
+
+
+
+(specifications->manifest       
+ '( ;; Utilities
+   "recutils"
+   "curl"
+   "git"
+   "git:send-email"
+   "bash"
+   "guile"
+   "nano"
+   "nss-certs"
+   "glibc-locales"
+   "gcc-toolchain"
+   "gfortran-toolchain"
+   "python"
+   "perl"
+   "htop"
+   "ansible"
+   "pigz"
+
+
+   ;; Autotools
+   "autoconf"
+   "automake"
+   "autobuild"
+   "m4"
+
+   ;; Perl
+   "perl-yaml-libyaml"
+
+   ;; Guile
+   "guile-readline"))

files/home/user/.local/bin/ansible-on-guix

+#!/bin/sh
+
+# Clear environment, source the profile containing the new shinyscreen
+# and run it.
+
+env -i HOME="$HOME"\
+       USER="$USER"\
+       DISPLAY=":50"\
+       TERM="$TERM"\
+       PATH=/usr/local/sbin/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin\
+    bash -c "source  '$HOME'/.man-guix-prof/etc/profile
+             '$HOME'/.man-guix-prof/bin/ansible"

files/home/user/.local/bin/ansible-playbook-on-guix

+#!/bin/sh
+
+# Clear environment, source the profile containing the new shinyscreen
+# and run it.
+
+env -i HOME="$HOME"\
+       USER="$USER"\
+       DISPLAY=":50"\
+       TERM="$TERM"\
+       PATH=/usr/local/sbin/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin\
+    bash -c "source  '$HOME'/.man-guix-prof/etc/profile
+             '$HOME'/.man-guix-prof/bin/ansible-playbook"

files/home/user/.local/bin/ansible-vault-on-guix

+#!/bin/sh
+
+# Clear environment, source the profile containing the new shinyscreen
+# and run it.
+
+env -i HOME="$HOME"\
+       USER="$USER"\
+       DISPLAY=":50"\
+       TERM="$TERM"\
+       PATH=/usr/local/sbin/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin\
+    bash -c "source  '$HOME'/.man-guix-prof/etc/profile
+             '$HOME'/.man-guix-prof/bin/ansible-playbook"

tasks/apt-ctrl.yml

+- name: Install debian packages.
+  apt:
+    name: [ 'openssh-server',
+            'nscd',
+            'autocutsel',
+            'curl',
+            'wget',
+            'gzip',
+            'atop',
+            'git',
+            'ufw',
+            's3fs' ]
+  tags: apt
+
+- name: Remove unnecessary pkgs.
+  apt:
+    name: [ 'gdm3',
+            'xfce4',
+            'tigervnc-standalone-server',
+            'xfce4',
+            'lightdm',]
+    state: absent
+
+
+  
+

tasks/guix-ctrl.yml

+- name: Create .config/guix.
+  file:
+    path: "/home/{{ item['login'] }}/.config/guix"
+    state: directory
+    recurse: yes
+    force: no
+  become_user: "{{ item['login'] }}"
+  loop: "{{ users }}"
+  ignore_errors: yes
+    
+
+- name: Copy channels.
+  copy:
+    src: files/home/user/.config/guix/channels.scm
+    dest: "/home/{{ item.login }}/.config/guix/channels.scm"
+  become_user: "{{ item.login }}"
+  loop: "{{ users }}"
+
+
+- name: Copy nonfree channels.
+  copy:
+    src: files/home/user/.config/guix/channels-nonfree.scm
+    dest: "/home/{{ item.login }}/.config/guix/channels-nonfree.scm"
+  become_user: "{{ item.login }}"
+  loop: "{{ users }}"
+    
+- name: Guix pull everywhere.
+  command:
+    cmd: /usr/bin/bash -l -c 'guix pull -c6'
+  become_user: "{{ item.login }}"
+  loop: "{{ users }}"
+  tags: guix-pull
+
+
+
+- name: Run guix pull as root.
+  tags: guix-pull
+  command:
+    cmd: guix pull
+
+- name: Copy package manifest.
+  copy:
+    src: files/etc/guix_manifest_ctrl.scm
+    dest: /etc/guix_manifest_ctrl.scm
+  tags: guix-inst-pkg
+
+- name: Install packages into the managed guix profile.
+  command:
+    cmd: /usr/bin/bash -l -c 'guix package -c8 -m /etc/guix_manifest_ctrl.scm --fallback -p ~/.man-guix-prof'
+  tags: guix-inst-pkg
+  become_user: "{{ item.login }}"
+  retries: 20
+  delay: 5
+  register: result
+  until: result.rc == 0
+  loop: "{{ users }}"
+
+- name: Install guix managed programs.
+  tags: guix-copy-bin
+  copy:
+    src: files/home/user/.local/bin/
+    dest: "/home/{{ item.login }}/.local/bin"
+    mode: '0744'
+    owner: "{{ item.login }}"
+    group: "{{ item.login }}"
+  loop: "{{ users }}"