189 lines
5.3 KiB
YAML
189 lines
5.3 KiB
YAML
---
|
|
###
|
|
# This role installs the basic package and host setup for AniNIX operations.
|
|
|
|
# This is an AniNIX convention to allow password management by Ansible.
|
|
|
|
- name: Test root password
|
|
ignore_errors: yes
|
|
register: root_password_test
|
|
vars:
|
|
ansible_become_user: "{{ item }}"
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
command: id
|
|
loop:
|
|
- root
|
|
- "{{ ansible_user_id }}"
|
|
|
|
- name: Define passwords
|
|
ignore_errors: yes
|
|
vars:
|
|
ansible_become_user: "root"
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
when: root_password_test.rc is not defined or root_password_test.rc != 0
|
|
command:
|
|
cmd: /bin/bash -l -c "echo '{{item}}:{{ passwords[inventory_hostname] }}' | chpasswd {{ item }}"
|
|
loop:
|
|
- root
|
|
- "{{ ansible_user_id }}"
|
|
|
|
- name: Ensure deploy user has sudo permissions.
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
copy:
|
|
dest: /etc/sudoers.d/basics
|
|
content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"
|
|
|
|
- name: Ensure we include /etc/sudoers.d (Current)
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
when: ansible_architecture != "armv6l"
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
regexp: "includedir /etc/sudoers.d"
|
|
line: "@includedir /etc/sudoers.d"
|
|
|
|
- name: Ensure we include /etc/sudoers.d (Legacy)
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
when: ansible_architecture == "armv6l"
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
regexp: "includedir /etc/sudoers.d"
|
|
line: "#includedir /etc/sudoers.d"
|
|
|
|
- name: Set up pacman.conf
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
ignorepkg: "{{ holdpackages | default('') }}"
|
|
become: yes
|
|
template:
|
|
src: pacman.conf.j2
|
|
dest: /etc/pacman.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: ansible_os_family == "Archlinux"
|
|
|
|
- name: Set mirror
|
|
become: yes
|
|
when: ansible_os_family == "Archlinux"
|
|
copy:
|
|
content: |
|
|
Server = {{ mirroruri }}
|
|
dest: /etc/pacman.d/mirrorlist.shadowarch
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Import AniNIX GPG key
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
command: /bin/bash -c 'if [ ! -f /usr/share/pacman/keyrings/aninix.gpg ]; then mkdir /tmp/aninix; curl -s https://aninix.net/AniNIX/ShadowArch/raw/branch/main/EtcFiles/aninix.gpg > /tmp/aninix/pubring.gpg; pacman-key --import /tmp/aninix; pacman-key --lsign 904DE6275579CB589D85720C1CC1E3F4ED06F296; fi'
|
|
when: ansible_os_family == "Archlinux"
|
|
|
|
- name: Set up apt sources.list
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
copy:
|
|
content: |
|
|
deb http://archive.raspberrypi.org/debian/ bullseye main
|
|
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
|
|
#deb-src http://archive.raspberrypi.org/debian/ bullseye main
|
|
dest: /etc/apt/sources.list.d/raspi.list
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Base packages
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
package:
|
|
name:
|
|
- bash
|
|
- sudo
|
|
- git
|
|
- tmux
|
|
- vim
|
|
- sysstat
|
|
- iotop
|
|
- lsof
|
|
- rsync
|
|
- xfsprogs
|
|
- man-db
|
|
- man-pages
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Install ShadowArch (ArchLinux)
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
pacman:
|
|
name: ShadowArch
|
|
state: present
|
|
update_cache: yes
|
|
when: ansible_os_family == "Archlinux"
|
|
|
|
- name: Set up AniNIX-specific repository location (Other)
|
|
when: ansible_os_family != "Archlinux"
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
file:
|
|
path: /opt/aninix
|
|
state: directory
|
|
|
|
- name: Download ShadowArch (Other)
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
ignore_errors: yes
|
|
git:
|
|
repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
|
|
dest: '/opt/aninix/ShadowArch'
|
|
update: yes
|
|
when: ansible_os_family != "Archlinux"
|
|
|
|
- name: Install ShadowArch (Other)
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
command:
|
|
chdir: '/opt/aninix/ShadowArch'
|
|
cmd: '/bin/bash -c "make install"'
|
|
when: ansible_os_family != "Archlinux"
|
|
|
|
- name: Set up hostname
|
|
vars:
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
hostname:
|
|
name: "{{ inventory_hostname }}.{{ replica_domain }}"
|
|
|
|
- include: archlinux-network.yml
|
|
when: ansible_os_family == "Archlinux"
|
|
|
|
- include: raspbian-network.yml
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- include: dns.yml
|
|
|
|
- include: ntp.yml
|
|
|
|
- include: bash.yml
|