193 lines
5.1 KiB
YAML
193 lines
5.1 KiB
YAML
---
|
|
###
|
|
# This role installs the basic package and host setup for AniNIX operations.
|
|
|
|
# This is an AniNIX convention to allow password management by Ansible.
|
|
- name: Base packages
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
package:
|
|
name:
|
|
- bash
|
|
- sudo
|
|
- git
|
|
- tmux
|
|
- vim
|
|
- sysstat
|
|
- iotop
|
|
- lsof
|
|
- rsync
|
|
- xfsprogs
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Ensure deploy user has sudo permissions.
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
copy:
|
|
dest: /etc/sudoers.d/basics
|
|
content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"
|
|
|
|
- name: Ensure we include /etc/sudoers.d (Current)
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
when: ansible_architecture != "armv6l"
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
regexp: "includedir /etc/sudoers.d"
|
|
line: "@includedir /etc/sudoers.d"
|
|
|
|
- name: Ensure we include /etc/sudoers.d (Legacy)
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
when: ansible_architecture == "armv6l"
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
regexp: "includedir /etc/sudoers.d"
|
|
line: "#includedir /etc/sudoers.d"
|
|
|
|
- name: Test root password
|
|
ignore_errors: yes
|
|
register: root_password_test
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
command: id
|
|
|
|
- name: Define passwords
|
|
vars:
|
|
ansible_become_user: "root"
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
when: root_password_test.rc is not defined or root_password_test.rc != 0
|
|
command:
|
|
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ passwords[inventory_hostname] }}' '{{ passwords[inventory_hostname] }}' | passwd {{ item }}"
|
|
loop:
|
|
- root
|
|
- "{{ ansible_user_id }}"
|
|
|
|
- name: Set up pacman.conf
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
copy:
|
|
src: pacman.conf
|
|
dest: /etc/pacman.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: ansible_os_family == "Archlinux"
|
|
|
|
- name: Generate mirrorlist
|
|
delegate_to: localhost
|
|
run_once: yes
|
|
command: "bash ../bin/generate-mirrorlist"
|
|
|
|
- name: Copy mirrorlist
|
|
become: yes
|
|
when: ansible_os_family == "Archlinux"
|
|
copy:
|
|
src: mirrorlist
|
|
dest: /etc/pacman.d/mirrorlist.shadowarch
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Set up apt sources.list
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
copy:
|
|
content: |
|
|
deb http://archive.raspberrypi.org/debian/ bullseye main
|
|
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
|
|
#deb-src http://archive.raspberrypi.org/debian/ bullseye main
|
|
dest: /etc/apt/sources.list.d/raspi.list
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Install ShadowArch (ArchLinux)
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
pacman:
|
|
name: ShadowArch
|
|
state: present
|
|
update_cache: yes
|
|
when: ansible_os_family == "Archlinux"
|
|
|
|
- name: Set up AniNIX-specific repository location (Other)
|
|
when: ansible_os_family != "Archlinux"
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
file:
|
|
path: /opt/aninix
|
|
state: directory
|
|
|
|
- name: Download ShadowArch (Other)
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
ignore_errors: yes
|
|
git:
|
|
repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
|
|
dest: '/opt/aninix/ShadowArch'
|
|
update: yes
|
|
when: ansible_os_family != "Archlinux"
|
|
|
|
- name: Install ShadowArch (Other)
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
command:
|
|
chdir: '/opt/aninix/ShadowArch'
|
|
cmd: '/bin/bash -c "make install; /usr/local/sbin/shadowarch-sync"'
|
|
when: ansible_os_family != "Archlinux"
|
|
|
|
- name: Set up hostname
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
hostname:
|
|
name: "{{ inventory_hostname }}.{{ replica_domain }}"
|
|
|
|
- name: Set Bash MOTD
|
|
become: yes
|
|
copy:
|
|
src: "motd/{{ inventory_hostname }}"
|
|
dest: /etc/bash.motd
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Nullify overall MOTD
|
|
become: yes
|
|
copy:
|
|
src: /dev/null
|
|
dest: /etc/motd
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- include: archlinux-network.yml
|
|
when: ansible_os_family == "Archlinux"
|
|
|
|
- include: raspbian-network.yml
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- include: dns.yml
|
|
|
|
- include: ntp.yml
|