AniNIX/Wiki#21 -- effecting renames for policy

roles/ShadowArch/files/motd/Geth0

@@ -0,0 +1,6 @@
+################################################################################
+#                                 AniNIX/Node0                                 #
+#                                                                              #
+#   This is the network virtualization platform. VMs can be found with this:   #
+# cd /usr/lib/systemd/system; ls -1 *vm.service | xargs -n 1 systemctl status  #
+################################################################################

roles/ShadowArch/files/motd/Geth1

@@ -0,0 +1,6 @@
+################################################################################
+#                                 AniNIX/Node0                                 #
+#                                                                              #
+#   This is the network virtualization platform. VMs can be found with this:   #
+# cd /usr/lib/systemd/system; ls -1 *vm.service | xargs -n 1 systemctl status  #
+################################################################################

roles/ShadowArch/files/motd/Geth2

@@ -0,0 +1,6 @@
+################################################################################
+#                                 AniNIX/Node0                                 #
+#                                                                              #
+#   This is the network virtualization platform. VMs can be found with this:   #
+# cd /usr/lib/systemd/system; ls -1 *vm.service | xargs -n 1 systemctl status  #
+################################################################################

roles/ShadowArch/files/motd/Geth3

@@ -0,0 +1,6 @@
+################################################################################
+#                                 AniNIX/Node0                                 #
+#                                                                              #
+#   This is the network virtualization platform. VMs can be found with this:   #
+# cd /usr/lib/systemd/system; ls -1 *vm.service | xargs -n 1 systemctl status  #
+################################################################################

roles/ShadowArch/files/motd/Geth4

@@ -0,0 +1,6 @@
+################################################################################
+#                                 AniNIX/Node0                                 #
+#                                                                              #
+#   This is the network virtualization platform. VMs can be found with this:   #
+# cd /usr/lib/systemd/system; ls -1 *vm.service | xargs -n 1 systemctl status  #
+################################################################################

roles/ShadowArch/files/motd/Maker

@@ -0,0 +1,5 @@
+################################################################################
+#                                AniNIX/Nazara                                 #
+#                                                                              #
+# This is the network DNS/DHCP service, using Raspberry Pi pihole, and bastion #
+################################################################################

roles/ShadowArch/files/motd/Vergil1

@@ -1,3 +1 @@
-
 # AniNIX/Geth Hardware Platform (Raspbian Rpi 1 B+) #
-

roles/ShadowArch/files/motd/Vergil2

@@ -1,3 +1 @@
-
 # AniNIX/Geth Hardware Platform (Raspbian Rpi 1 B+) #
-

roles/ShadowArch/files/motd/Vergil3

@@ -1,3 +1 @@
-
 # AniNIX/Geth Hardware Platform (Raspberry Pi 3 Model B Plus Rev 1.3) #
-

roles/ShadowArch/tasks/archlinux-network.yml

@@ -16,21 +16,21 @@
 
   - name: Tap ArchLinux network config
     become: yes
-      #when: tap is defined and not static is defined
+    when: tap is defined
     template:
         src: netctl-tap.j2
         dest: "/etc/netctl/{{ ipinterface }}"
 
   - name: Bridge ArchLinux network config
     become: yes
-      #when: tap is defined and not static is defined
+    when: tap is defined
     template:
         src: netctl-bond.j2
         dest: "/etc/netctl/br0"
 
   - name: Tunnel ArchLinux network config
     become: yes
-      #when: tap is defined and not static is defined
+    when: tap is defined
     copy:
         src: netctl-tun
         dest: "/etc/netctl/tun0"

roles/ShadowArch/tasks/authentication.yml

@@ -0,0 +1,57 @@
+---
+  - name: Test root password
+    ignore_errors: yes
+    register: root_password_test
+    vars:
+      ansible_become_user: "{{ item }}"
+      ansible_become_method: su
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    command: id
+    loop:
+      - root
+      - "{{ ansible_user_id }}"
+
+  - name: Define passwords
+    ignore_errors: yes
+    vars:
+      ansible_become_user: "root"
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    when: root_password_test.rc is not defined or root_password_test.rc != 0
+    command:
+      cmd: /bin/bash -l -c "echo '{{item}}:{{ passwords[inventory_hostname] }}' | chpasswd {{ item }}"
+    loop:
+      - root
+      - "{{ ansible_user_id }}"
+
+  - name: Ensure deploy user has sudo permissions.
+    vars:
+      ansible_become_method: su
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    copy:
+      dest: /etc/sudoers.d/basics
+      content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"
+
+  - name: Ensure we include /etc/sudoers.d (Current)
+    vars:
+      ansible_become_method: su
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    when: ansible_architecture != "armv6l"
+    lineinfile:
+      path: /etc/sudoers
+      regexp: "includedir /etc/sudoers.d"
+      line: "@includedir /etc/sudoers.d"
+
+  - name: Ensure we include /etc/sudoers.d (Legacy)
+    vars:
+      ansible_become_method: su
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    when: ansible_architecture == "armv6l"
+    lineinfile:
+      path: /etc/sudoers
+      regexp: "includedir /etc/sudoers.d"
+      line: "#includedir /etc/sudoers.d"

roles/ShadowArch/tasks/main.yml

@@ -4,169 +4,7 @@
 
   # This is an AniNIX convention to allow password management by Ansible.
 
-  - name: Test root password
-    ignore_errors: yes
-    register: root_password_test
-    vars:
-      ansible_become_user: "{{ item }}"
-      ansible_become_method: su
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-    become: yes
-    command: id
-    loop:
-      - root
-      - "{{ ansible_user_id }}"
-
-  - name: Define passwords
-    ignore_errors: yes
-    vars:
-      ansible_become_user: "root"
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-    become: yes
-    when: root_password_test.rc is not defined or root_password_test.rc != 0
-    command:
-      cmd: /bin/bash -l -c "echo '{{item}}:{{ passwords[inventory_hostname] }}' | chpasswd {{ item }}"
-    loop:
-      - root
-      - "{{ ansible_user_id }}"
-
-  - name: Ensure deploy user has sudo permissions.
-    vars:
-      ansible_become_method: su
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-    become: yes
-    copy:
-      dest: /etc/sudoers.d/basics
-      content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"
-
-  - name: Ensure we include /etc/sudoers.d (Current)
-    vars:
-      ansible_become_method: su
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-    become: yes
-    when: ansible_architecture != "armv6l"
-    lineinfile:
-      path: /etc/sudoers
-      regexp: "includedir /etc/sudoers.d"
-      line: "@includedir /etc/sudoers.d"
-
-  - name: Ensure we include /etc/sudoers.d (Legacy)
-    vars:
-      ansible_become_method: su
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-    become: yes
-    when: ansible_architecture == "armv6l"
-    lineinfile:
-      path: /etc/sudoers
-      regexp: "includedir /etc/sudoers.d"
-      line: "#includedir /etc/sudoers.d"
-
-  - name: Set up pacman.conf
-    vars:
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-      ignorepkg: "{{ holdpackages | default('') }}"
-    become: yes
-    template:
-      src: pacman.conf.j2
-      dest: /etc/pacman.conf
-      owner: root
-      group: root
-      mode: 0644
-    when: ansible_os_family == "Archlinux"
-
-  - name: Set mirror
-    become: yes
-    when: ansible_os_family == "Archlinux"
-    copy:
-      content: |
-        Server = {{ mirroruri }}
-      dest: /etc/pacman.d/mirrorlist.shadowarch
-      owner: root
-      group: root
-      mode: 0644
-
-  - name: Import AniNIX GPG key
-    vars:
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-    become: yes
-    command: /bin/bash -c 'if [ ! -f /usr/share/pacman/keyrings/aninix.gpg ]; then mkdir /tmp/aninix; curl -s https://aninix.net/AniNIX/ShadowArch/raw/branch/main/EtcFiles/aninix.gpg > /tmp/aninix/pubring.gpg; pacman-key --import /tmp/aninix; pacman-key --lsign 904DE6275579CB589D85720C1CC1E3F4ED06F296; fi'
-    when: ansible_os_family == "Archlinux"
-
-  - name: Set up apt sources.list
-    vars:
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-    become: yes
-    copy:
-      content: |
-        deb http://archive.raspberrypi.org/debian/ bullseye main
-        # Uncomment line below then 'apt-get update' to enable 'apt-get source'
-        #deb-src http://archive.raspberrypi.org/debian/ bullseye main
-      dest: /etc/apt/sources.list.d/raspi.list
-      owner: root
-      group: root
-      mode: 0644
-    when: ansible_os_family == "Debian"
-
-  - name: Base packages
-    vars:
-      ansible_become_method: su
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-    become: yes
-    package:
-      name:
-        - bash
-        - sudo
-        - git
-        - tmux
-        - vim
-        - sysstat
-        - iotop
-        - lsof
-        - rsync
-        - xfsprogs
-        - man-db
-        - man-pages
-      state: present
-      update_cache: yes
-
-  - name: Install ShadowArch (ArchLinux)
-    vars:
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-    become: yes
-    pacman:
-      name: ShadowArch
-      state: present
-      update_cache: yes
-    when: ansible_os_family == "Archlinux"
-
-  - name: Set up AniNIX-specific repository location (Other)
-    when: ansible_os_family != "Archlinux"
-    vars:
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-    become: yes
-    file:
-      path: /opt/aninix
-      state: directory
-
-  - name: Download ShadowArch (Other)
-    vars:
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-    become: yes
-    ignore_errors: yes
-    git:
-      repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
-      dest: '/opt/aninix/ShadowArch'
-      update: yes
-    when: ansible_os_family != "Archlinux"
-
-  - name: Install ShadowArch (Other)
-    vars:
-      ansible_become_password: "{{ passwords[inventory_hostname] }}"
-    become: yes
-    command:
-      chdir: '/opt/aninix/ShadowArch'
-      cmd: '/bin/bash -c "make install"'
-    when: ansible_os_family != "Archlinux"
+  - include_tasks: authentication.yml
 
   - name: Set up hostname
     vars:
@@ -175,14 +13,18 @@
     hostname:
       name: "{{ inventory_hostname }}.{{ replica_domain }}"
 
-  - include: archlinux-network.yml
+  - include_tasks: archlinux-network.yml
     when: ansible_os_family == "Archlinux"
 
-  - include: raspbian-network.yml
+  - include_tasks: raspbian-network.yml
     when: ansible_os_family == "Debian"
 
-  - include: dns.yml
+  - include_tasks: dns.yml
 
-  - include: ntp.yml
+  - include_tasks: ntp.yml
 
-  - include: bash.yml
+  - include_tasks: repositories.yml
+
+  - include_tasks: bash.yml
+
+  - include_tasks: shadowarch.yml

roles/ShadowArch/tasks/repositories.yml

@@ -0,0 +1,67 @@
+---
+  - name: Set up pacman.conf
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+      ignorepkg: "{{ holdpackages | default('') }}"
+    become: yes
+    template:
+      src: pacman.conf.j2
+      dest: /etc/pacman.conf
+      owner: root
+      group: root
+      mode: 0644
+    when: ansible_os_family == "Archlinux"
+
+  - name: Set mirror
+    become: yes
+    when: ansible_os_family == "Archlinux"
+    copy:
+      content: |
+        Server = {{ mirroruri }}
+      dest: /etc/pacman.d/mirrorlist.shadowarch
+      owner: root
+      group: root
+      mode: 0644
+
+  - name: Import AniNIX GPG key
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    command: /bin/bash -c 'if [ ! -f /usr/share/pacman/keyrings/aninix.gpg ]; then mkdir /tmp/aninix; curl -s https://aninix.net/AniNIX/ShadowArch/raw/branch/main/EtcFiles/aninix.gpg > /tmp/aninix/pubring.gpg; pacman-key --import /tmp/aninix; pacman-key --lsign 904DE6275579CB589D85720C1CC1E3F4ED06F296; fi'
+    when: ansible_os_family == "Archlinux"
+
+  - name: Set up apt sources.list
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    copy:
+      content: |
+        deb http://archive.raspberrypi.org/debian/ bullseye main
+        # Uncomment line below then 'apt-get update' to enable 'apt-get source'
+        #deb-src http://archive.raspberrypi.org/debian/ bullseye main
+      dest: /etc/apt/sources.list.d/raspi.list
+      owner: root
+      group: root
+      mode: 0644
+    when: ansible_os_family == "Debian"
+
+  - name: Base packages
+    vars:
+      ansible_become_method: su
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    package:
+      name:
+        - bash
+        - sudo
+        - git
+        - tmux
+        - vim
+        - sysstat
+        - iotop
+        - lsof
+        - rsync
+        - xfsprogs
+        - man
+      state: present
+      update_cache: yes

roles/ShadowArch/tasks/shadowarch.yml

@@ -0,0 +1,39 @@
+---
+  - name: Install ShadowArch (ArchLinux)
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    pacman:
+      name: ShadowArch
+      state: present
+      update_cache: yes
+    when: ansible_os_family == "Archlinux"
+
+  - name: Set up AniNIX-specific repository location (Other)
+    when: ansible_os_family != "Archlinux"
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    file:
+      path: /opt/aninix
+      state: directory
+
+  - name: Download ShadowArch (Other)
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    ignore_errors: yes
+    git:
+      repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
+      dest: '/opt/aninix/ShadowArch'
+      update: yes
+    when: ansible_os_family != "Archlinux"
+
+  - name: Install ShadowArch (Other)
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    command:
+      chdir: '/opt/aninix/ShadowArch'
+      cmd: '/bin/bash -c "make install"'
+    when: ansible_os_family != "Archlinux"

roles/ShadowArch/templates/netctl-bond.j2

@@ -2,4 +2,7 @@ Description="Bridge connection"
 Interface=br0
 Connection=bridge
 BindsToInterfaces=({{ ipinterface }} tun0)
-IP=dhcp
+IP=static
+Address=('{{ ip }}/24')
+Gateway='{{ router }}'
+DNS=('{{ dns }}')

roles/ShadowArch/templates/pacman.conf.j2

@@ -102,8 +102,8 @@ Include = /etc/pacman.d/mirrorlist.shadowarch
 
 [AniNIX]
 SigLevel = Required DatabaseOptional
-Server = https://maat.aninix.net/
+Server = http://maat.msn0.aninix.net/
 
 [aur]
 SigLevel = Required DatabaseOptional
-Server = https://maat.aninix.net/aur/
+Server = http://maat.msn0.aninix.net/aur/

roles/ShadowArch/templates/raspbian-static.j2

@@ -10,7 +10,7 @@ auto lo
 iface lo inet loopback
 
 iface {{ ipinterface }} inet static
-     address {{ ansible_host }}/{{ netmask }}
+     address {{ ip }}/{{ netmask }}
      gateway {{ router }}
 
 auto wlan0