Updating Ubiqtorate

roles/basics/README.md

@@ -0,0 +1,7 @@
+This role is defined to handle basic system setup tasks. 
+
+# Scope
+* Setting the hostname
+* Installing [/AniNIX/ShadowArch] customizations
+* Managing passwords
+* Setting initial sudo permissions.

roles/basics/files/pacman.conf

@@ -0,0 +1,109 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
+#HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+CleanMethod = KeepCurrent
+#UseDelta    = 0.7
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+# IgnorePkg = postgresql postgresql-libs
+# IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+Color
+ILoveCandy
+#TotalDownload
+CheckSpace
+#VerbosePkgLists
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+#[community-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# If you want to run 32 bit applications on your x86_64 system,
+# enable the multilib repositories as required here.
+
+#[multilib-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[multilib]
+Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs
+ 
+[AniNIX]
+SigLevel = Required DatabaseOptional
+Server = https://maat.aninix.net/
+
+[aur]
+SigLevel = Required DatabaseOptional
+Server = https://maat.aninix.net/aur/

roles/basics/tasks/main.yml

@@ -0,0 +1,120 @@
+--- 
+###
+# This role installs the basic package and host setup for AniNIX operations.
+#
+#
+#
+ - name: Set up AniNIX-specific repository
+   become: yes
+   file:
+     path: /opt/aninix
+     state: directory
+
+ - name: Verify GPG keys
+   ignore_errors: yes
+   become: yes
+   command: 
+     cmd: gpg --homedir /etc/pacman.d/gnupg --list-key 1CC1E3F4ED06F296
+   register: gpg_verify
+   when: ansible_os_family == "Archlinux"
+
+ - name: Install GPG keys
+   become: yes
+   command:
+     cmd: /bin/bash -l -c 'pacman-key --recv-key 1CC1E3F4ED06F296; pacman-key --finger 1CC1E3F4ED06F296; pacman-key --lsign-key 1CC1E3F4ED06F296;'
+   when: ansible_os_family == "Archlinux" and gpg_verify.rc != 0
+
+ - name: Set up pacman.conf
+   become: yes
+   blockinfile:
+     path: /etc/pacman.conf
+     insertafter: EOF
+     marker: "# {mark} Ubiqtorate Managed Block"
+     block: |
+       [AniNIX]
+       SigLevel = Required DatabaseOptional
+       Server = https://maat.aninix.net/
+       
+       [aur]
+       SigLevel = Required DatabaseOptional
+       Server = https://maat.aninix.net/aur/
+   when: ansible_os_family == "Archlinux"
+
+ - name: Install ShadowArch (ArchLinux)
+   become: yes
+   pacman:
+     name: ShadowArch
+     state: present
+     update_cache: yes
+   when: ansible_os_family == "Archlinux"
+
+ - name: Download ShadowArch (Other)
+   become: yes
+   git:
+     repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
+     dest: '/opt/aninix/ShadowArch'
+     update: yes
+   when: ansible_os_family != "Archlinux"
+
+ - name: Install ShadowArch (Other)
+   become: yes
+   command: 
+     chdir: '/opt/aninix/ShadowArch'
+     cmd: 'make install' 
+   when: ansible_os_family != "Archlinux"
+
+ - name: Base packages
+   become: yes
+   package:
+     name:
+       - bash
+       - sudo
+
+ - name: Set up hostname
+   become: yes
+   hostname: 
+     name: "{{ inventory_hostname }}.{{ replica_domain }}"
+
+ - name: Set up /etc/hosts
+   become: yes
+   lineinfile:
+     dest: /etc/hosts
+     regexp: '^127.0.0.1[ \t]+localhost'
+     line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
+     state: present
+
+ - name: Identify depriv user
+   command:
+     cmd: "bash -c 'getent passwd 1001 | cut -f 1 -d :'"
+   register: depriv_user
+
+   # This is an AniNIX convention to allow password management by Ansible.
+ - name: Ensure 1001 has sudo permissions.
+   become: yes
+   copy:
+     dest: /etc/sudoers.d/1001  
+     content: "{{ depriv_user.stdout }} ALL=(ALL) NOPASSWD: ALL\n"
+
+ - name: Test root password
+   ignore_errors: yes
+   register: root_password_test
+   become: yes
+   command: id
+   vars:
+     ansible_become_method: su
+     ansible_become_user: root
+     ansible_become_password: "{{ lookup('vars',inventory_hostname+'_password') }}"
+       
+ - name: Define root password
+   become: yes
+   when: root_password_test.rc is not defined or root_password_test.rc != 0
+   command:
+     cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd"
+
+ 
+ - name: Define depriv password
+   become: yes
+   when: root_password_test.rc is not defined or root_password_test.rc != 0
+   command:
+     cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd {{ depriv_user.stdout }}"
+