Updating Ubiqtorate

roles/basics/tasks/main.yml

@@ -0,0 +1,120 @@
+--- 
+###
+# This role installs the basic package and host setup for AniNIX operations.
+#
+#
+#
+ - name: Set up AniNIX-specific repository
+   become: yes
+   file:
+     path: /opt/aninix
+     state: directory
+
+ - name: Verify GPG keys
+   ignore_errors: yes
+   become: yes
+   command: 
+     cmd: gpg --homedir /etc/pacman.d/gnupg --list-key 1CC1E3F4ED06F296
+   register: gpg_verify
+   when: ansible_os_family == "Archlinux"
+
+ - name: Install GPG keys
+   become: yes
+   command:
+     cmd: /bin/bash -l -c 'pacman-key --recv-key 1CC1E3F4ED06F296; pacman-key --finger 1CC1E3F4ED06F296; pacman-key --lsign-key 1CC1E3F4ED06F296;'
+   when: ansible_os_family == "Archlinux" and gpg_verify.rc != 0
+
+ - name: Set up pacman.conf
+   become: yes
+   blockinfile:
+     path: /etc/pacman.conf
+     insertafter: EOF
+     marker: "# {mark} Ubiqtorate Managed Block"
+     block: |
+       [AniNIX]
+       SigLevel = Required DatabaseOptional
+       Server = https://maat.aninix.net/
+       
+       [aur]
+       SigLevel = Required DatabaseOptional
+       Server = https://maat.aninix.net/aur/
+   when: ansible_os_family == "Archlinux"
+
+ - name: Install ShadowArch (ArchLinux)
+   become: yes
+   pacman:
+     name: ShadowArch
+     state: present
+     update_cache: yes
+   when: ansible_os_family == "Archlinux"
+
+ - name: Download ShadowArch (Other)
+   become: yes
+   git:
+     repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
+     dest: '/opt/aninix/ShadowArch'
+     update: yes
+   when: ansible_os_family != "Archlinux"
+
+ - name: Install ShadowArch (Other)
+   become: yes
+   command: 
+     chdir: '/opt/aninix/ShadowArch'
+     cmd: 'make install' 
+   when: ansible_os_family != "Archlinux"
+
+ - name: Base packages
+   become: yes
+   package:
+     name:
+       - bash
+       - sudo
+
+ - name: Set up hostname
+   become: yes
+   hostname: 
+     name: "{{ inventory_hostname }}.{{ replica_domain }}"
+
+ - name: Set up /etc/hosts
+   become: yes
+   lineinfile:
+     dest: /etc/hosts
+     regexp: '^127.0.0.1[ \t]+localhost'
+     line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
+     state: present
+
+ - name: Identify depriv user
+   command:
+     cmd: "bash -c 'getent passwd 1001 | cut -f 1 -d :'"
+   register: depriv_user
+
+   # This is an AniNIX convention to allow password management by Ansible.
+ - name: Ensure 1001 has sudo permissions.
+   become: yes
+   copy:
+     dest: /etc/sudoers.d/1001  
+     content: "{{ depriv_user.stdout }} ALL=(ALL) NOPASSWD: ALL\n"
+
+ - name: Test root password
+   ignore_errors: yes
+   register: root_password_test
+   become: yes
+   command: id
+   vars:
+     ansible_become_method: su
+     ansible_become_user: root
+     ansible_become_password: "{{ lookup('vars',inventory_hostname+'_password') }}"
+       
+ - name: Define root password
+   become: yes
+   when: root_password_test.rc is not defined or root_password_test.rc != 0
+   command:
+     cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd"
+
+ 
+ - name: Define depriv password
+   become: yes
+   when: root_password_test.rc is not defined or root_password_test.rc != 0
+   command:
+     cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd {{ depriv_user.stdout }}"
+