Kapisi/roles/ShadowArch/tasks/main.yml

193 lines
5.1 KiB
YAML

---
###
# This role installs the basic package and host setup for AniNIX operations.
# This is an AniNIX convention to allow password management by Ansible.
- name: Base packages
vars:
ansible_become_method: su
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
package:
name:
- bash
- sudo
- git
- tmux
- vim
- sysstat
- iotop
- lsof
- rsync
- xfsprogs
state: present
update_cache: yes
- name: Ensure deploy user has sudo permissions.
vars:
ansible_become_method: su
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
copy:
dest: /etc/sudoers.d/basics
content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"
- name: Ensure we include /etc/sudoers.d (Current)
vars:
ansible_become_method: su
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
when: ansible_architecture != "armv6l"
lineinfile:
path: /etc/sudoers
regexp: "includedir /etc/sudoers.d"
line: "@includedir /etc/sudoers.d"
- name: Ensure we include /etc/sudoers.d (Legacy)
vars:
ansible_become_method: su
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
when: ansible_architecture == "armv6l"
lineinfile:
path: /etc/sudoers
regexp: "includedir /etc/sudoers.d"
line: "#includedir /etc/sudoers.d"
- name: Test root password
ignore_errors: yes
register: root_password_test
vars:
ansible_become_method: su
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
command: id
- name: Define passwords
vars:
ansible_become_user: "root"
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
when: root_password_test.rc is not defined or root_password_test.rc != 0
command:
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ passwords[inventory_hostname] }}' '{{ passwords[inventory_hostname] }}' | passwd {{ item }}"
loop:
- root
- "{{ ansible_user_id }}"
- name: Set up pacman.conf
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
copy:
src: pacman.conf
dest: /etc/pacman.conf
owner: root
group: root
mode: 0644
when: ansible_os_family == "Archlinux"
- name: Generate mirrorlist
delegate_to: localhost
run_once: yes
command: "bash ../bin/generate-mirrorlist"
- name: Copy mirrorlist
become: yes
when: ansible_os_family == "Archlinux"
copy:
src: mirrorlist
dest: /etc/pacman.d/mirrorlist.shadowarch
owner: root
group: root
mode: 0644
- name: Set up apt sources.list
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
copy:
content: |
deb http://archive.raspberrypi.org/debian/ bullseye main
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
#deb-src http://archive.raspberrypi.org/debian/ bullseye main
dest: /etc/apt/sources.list.d/raspi.list
owner: root
group: root
mode: 0644
when: ansible_os_family == "Debian"
- name: Install ShadowArch (ArchLinux)
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
pacman:
name: ShadowArch
state: present
update_cache: yes
when: ansible_os_family == "Archlinux"
- name: Set up AniNIX-specific repository location (Other)
when: ansible_os_family != "Archlinux"
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
file:
path: /opt/aninix
state: directory
- name: Download ShadowArch (Other)
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
ignore_errors: yes
git:
repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
dest: '/opt/aninix/ShadowArch'
update: yes
when: ansible_os_family != "Archlinux"
- name: Install ShadowArch (Other)
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
command:
chdir: '/opt/aninix/ShadowArch'
cmd: '/bin/bash -c "make install; /usr/local/sbin/shadowarch-sync"'
when: ansible_os_family != "Archlinux"
- name: Set up hostname
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
hostname:
name: "{{ inventory_hostname }}.{{ replica_domain }}"
- name: Set Bash MOTD
become: yes
copy:
src: "motd/{{ inventory_hostname }}"
dest: /etc/bash.motd
owner: root
group: root
mode: 0644
- name: Nullify overall MOTD
become: yes
copy:
src: /dev/null
dest: /etc/motd
owner: root
group: root
mode: 0644
- include: archlinux-network.yml
when: ansible_os_family == "Archlinux"
- include: raspbian-network.yml
when: ansible_os_family == "Debian"
- include: dns.yml
- include: ntp.yml