Kapisi/roles/ShadowArch/tasks/raspbian-network.yml

48 lines
1.1 KiB
YAML

---
- name: Rasbian network packages
become: yes
package:
name:
- netbase
state: present
- name: Rasbian network config
become: yes
when: not static
copy:
src: raspbian-interfaces
dest: "/etc/network/interfaces"
owner: root
group: root
mode: 0644
- name: Rasbian network config (static)
become: yes
when: static
template:
src: raspbian-static.j2
dest: "/etc/network/interfaces"
owner: root
group: root
mode: 0644
- name: Raspbian wireless
become: yes
command:
cmd: /bin/bash -c "wpa_passphrase {{ wireless_ssid }} '{{ secrets['Shadownet']['ssid_passphrase'] }}' > /etc/wpa_supplicant.conf"
creates: '/etc/wpa_supplicant.conf'
- name: Raspbian wireless hardening
become: yes
file:
path: '/etc/wpa_supplicant.conf'
state: file
owner: root
group: root
mode: 0600
- name: Ensure keys
become: yes
command: /bin/bash -c 'chmod go-rwx /etc/ssh/*key'