AniNIX/Kapisi
AniNIX/Kapisi
3
0
Fork 0
Code Issues 25 Pull Requests Projects 1 Releases Wiki Activity
68ef34c3c6
Kapisi/roles/basics/tasks/main.yml
DarkFeather ffbd7b7bd8
Adding better syslog
2020-10-18 23:49:25 -05:00

121 lines
3.3 KiB
YAML
Raw Blame History

---
###
# This role installs the basic package and host setup for AniNIX operations.
#
#
#
- name: Set up AniNIX-specific repository
become: yes
file:
path: /opt/aninix
state: directory
- name: Verify GPG keys
ignore_errors: yes
become: yes
command:
cmd: gpg --homedir /etc/pacman.d/gnupg --list-key 1CC1E3F4ED06F296
register: gpg_verify
when: ansible_os_family == "Archlinux"
- name: Install GPG keys
become: yes
command:
cmd: /bin/bash -l -c 'pacman-key --recv-key 1CC1E3F4ED06F296; pacman-key --finger 1CC1E3F4ED06F296; pacman-key --lsign-key 1CC1E3F4ED06F296;'
when: ansible_os_family == "Archlinux" and gpg_verify.rc != 0
- name: Set up pacman.conf
become: yes
blockinfile:
path: /etc/pacman.conf
insertafter: EOF
marker: "# {mark} Ubiqtorate Managed Block"
block: |
[AniNIX]
SigLevel = Required DatabaseOptional
Server = https://maat.aninix.net/
[aur]
SigLevel = Required DatabaseOptional
Server = https://maat.aninix.net/aur/
when: ansible_os_family == "Archlinux"
- name: Install ShadowArch (ArchLinux)
become: yes
pacman:
name: ShadowArch
state: present
update_cache: yes
when: ansible_os_family == "Archlinux"
- name: Download ShadowArch (Other)
become: yes
git:
repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
dest: '/opt/aninix/ShadowArch'
update: yes
when: ansible_os_family != "Archlinux"
- name: Install ShadowArch (Other)
become: yes
command:
chdir: '/opt/aninix/ShadowArch'
cmd: 'make install'
when: ansible_os_family != "Archlinux"
- name: Base packages
become: yes
package:
name:
- bash
- sudo
- name: Set up hostname
become: yes
hostname:
name: "{{ inventory_hostname }}.{{ replica_domain }}"
- name: Set up /etc/hosts
become: yes
lineinfile:
dest: /etc/hosts
regexp: '^127.0.0.1[ \t]+localhost'
line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
state: present
# This is an AniNIX convention to allow password management by Ansible.
- name: Ensure SSH user has sudo permissions.
become: yes
copy:
dest: /etc/sudoers.d/basics
content: "{{ lookup('env','USER') }} ALL=(ALL) NOPASSWD: ALL\n"
# Remove unneeded file
- file:
path: /etc/sudoers.d/1001
state: absent
become: yes
- name: Test root password
ignore_errors: yes
register: root_password_test
become: yes
command: id
vars:
ansible_become_method: su
ansible_become_user: root
ansible_become_password: "{{ lookup('vars',inventory_hostname+'_password') }}"
- name: Define root password
become: yes
when: root_password_test.rc is not defined or root_password_test.rc != 0
command:
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd"
- name: Define depriv password
become: yes
when: root_password_test.rc is not defined or root_password_test.rc != 0
command:
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd {{ depriv_user.stdout }}"
Reference in New Issue View Git Blame Copy Permalink