ansible/roles/pi-standard-setup/tasks/main.yml

---
- name: Do apt update/upgrade
  apt: upgrade=yes update_cache=yes cache_valid_time=7200
- name: Detect Raspi Model
  slurp: src=/sys/firmware/devicetree/base/model
  register: raspberry_model
- name: Show Raspi Model
  debug: msg={{ raspberry_model.content | b64decode }}
- name: Add authorized SSH key to root account
  authorized_key:
    user: root
    key: "{{ lookup('file', 'sshkey.pub') }}"
    state: present
- name: Activate root login with key
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^#?PermitRootLogin"
    line: "PermitRootLogin prohibit-password"
  notify: restart sshd
- name: Deactive SSH accepting locale vars (leads to warnings)
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^#?AcceptEnv LANG LC_*"
    line: "#AcceptEnv LANG LC_*"
  notify: restart sshd
- name: Get hostname
  command: "raspi-config nonint get_hostname"
  register: pi_hostname
  changed_when: False
- name: Change hostname  {{ new_hostname }}
  command: "raspi-config nonint do_hostname {{ new_hostname }}"
  when: new_hostname | bool and pi_hostname.stdout != new_hostname
  register: set_hostname
  notify: reboot
- name: Get hostname
  command: "raspi-config nonint get_hostname"
  register: pi_hostname
  changed_when: False
- name: set boot mode to CLI
  command: "raspi-config nonint do_boot_behaviour B1"
#I2 Change Timezone
- name: Change timezone
  command: "raspi-config nonint do_change_timezone {{ timezone }}"
- name: Change locale
  command: "raspi-config nonint do_change_locale en_US.UTF-8"
- name: Change password of default pi account
  user:
    name: pi
    update_password: always
    password: "{{ lookup('keepass', 'default_rpi_password') | password_hash('sha512')  }}"
- name: Install Packages (vim, git, basic python stuff)
  apt:
    name:
      - vim
      - git
      - python3
      - python3-pip
      - python3-wheel
    cache_valid_time: 7200
    state: present
- name: Copy vim config
  copy: src=vimrc dest=/root/.vimrc
- name: Copy git config
  copy: src=gitconfig dest=/root/.gitconfig
# Wifi
- name: Get WiFi country
  command: "raspi-config nonint get_wifi_country"
  register: wifi_country
  changed_when: False
  ignore_errors: yes #to avoid error when WiFi is not present
- name: Change WiFi country
  command: "raspi-config nonint do_wifi_country {{ wifi_country }}"
  when: configure_wifi
- name: Set WiFi credentials
  command: "raspi-config nonint do_wifi_ssid_passphrase {{ wifi_ssid }} {{ lookup('keepass', 'bauer_wifi') }}"
  when: configure_wifi
- name: Install watchdog
  apt: name=watchdog cache_valid_time=7200 state=present
  when: not wifi_ssid is defined 
- name: Configure watchdog
  blockinfile:
    path: /etc/watchdog.conf
    block: |
      interface = wlan0
      retry-timeout = 90
      ping = {{router_ip}}
      interval = 15
  when: configure_wifi
- name: Start watchdog
  systemd: name=watchdog state=restarted enabled=yes daemon_reload=yes  
  when: configure_wifi
# Message of the day
- name: Set Message of the day
  copy: src=motd/{{ pi_hostname.stdout }} dest=/etc/motd
# LED off script
- name: Copy led off script
  copy: src=raspi-leds-off.sh dest=/usr/sbin/raspi-leds-off.sh mode="u+rwx"
- name: Copy led off service
  copy: src=raspi-leds-off.service dest=/lib/systemd/system/
- name: Activate led off servic
  systemd: name=raspi-leds-off state=restarted enabled=yes daemon_reload=yes
Added sysdweb 2020-05-02 11:21:52 +02:00			`---`
			`- name: Do apt update/upgrade`
			`apt: upgrade=yes update_cache=yes cache_valid_time=7200`
			`- name: Detect Raspi Model`
			`slurp: src=/sys/firmware/devicetree/base/model`
			`register: raspberry_model`
			`- name: Show Raspi Model`
			`debug: msg={{ raspberry_model.content \| b64decode }}`
			`- name: Add authorized SSH key to root account`
			`authorized_key:`
			`user: root`
			`key: "{{ lookup('file', 'sshkey.pub') }}"`
			`state: present`
			`- name: Activate root login with key`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: "^#?PermitRootLogin"`
			`line: "PermitRootLogin prohibit-password"`
			`notify: restart sshd`
			`- name: Deactive SSH accepting locale vars (leads to warnings)`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: "^#?AcceptEnv LANG LC_*"`
			`line: "#AcceptEnv LANG LC_*"`
			`notify: restart sshd`
			`- name: Get hostname`
			`command: "raspi-config nonint get_hostname"`
			`register: pi_hostname`
			`changed_when: False`
Working sound setup for raspis 2020-05-10 15:25:38 +02:00			`- name: Change hostname {{ new_hostname }}`
Added sysdweb 2020-05-02 11:21:52 +02:00			`command: "raspi-config nonint do_hostname {{ new_hostname }}"`
			`when: new_hostname \| bool and pi_hostname.stdout != new_hostname`
			`register: set_hostname`
			`notify: reboot`
			`- name: Get hostname`
			`command: "raspi-config nonint get_hostname"`
			`register: pi_hostname`
			`changed_when: False`
			`- name: set boot mode to CLI`
			`command: "raspi-config nonint do_boot_behaviour B1"`
			`#I2 Change Timezone`
			`- name: Change timezone`
			`command: "raspi-config nonint do_change_timezone {{ timezone }}"`
			`- name: Change locale`
			`command: "raspi-config nonint do_change_locale en_US.UTF-8"`
			`- name: Change password of default pi account`
			`user:`
			`name: pi`
			`update_password: always`
			`password: "{{ lookup('keepass', 'default_rpi_password') \| password_hash('sha512') }}"`
			`- name: Install Packages (vim, git, basic python stuff)`
			`apt:`
			`name:`
			`- vim`
			`- git`
			`- python3`
			`- python3-pip`
			`- python3-wheel`
			`cache_valid_time: 7200`
			`state: present`
			`- name: Copy vim config`
			`copy: src=vimrc dest=/root/.vimrc`
			`- name: Copy git config`
			`copy: src=gitconfig dest=/root/.gitconfig`
			`# Wifi`
			`- name: Get WiFi country`
			`command: "raspi-config nonint get_wifi_country"`
			`register: wifi_country`
			`changed_when: False`
			`ignore_errors: yes #to avoid error when WiFi is not present`
			`- name: Change WiFi country`
			`command: "raspi-config nonint do_wifi_country {{ wifi_country }}"`
added ir server, squeeze server, ... 2020-05-16 18:35:44 +02:00			`when: configure_wifi`
Added sysdweb 2020-05-02 11:21:52 +02:00			`- name: Set WiFi credentials`
added ir server, squeeze server, ... 2020-05-16 18:35:44 +02:00			`command: "raspi-config nonint do_wifi_ssid_passphrase {{ wifi_ssid }} {{ lookup('keepass', 'bauer_wifi') }}"`
			`when: configure_wifi`
			`- name: Install watchdog`
			`apt: name=watchdog cache_valid_time=7200 state=present`
			`when: not wifi_ssid is defined`
			`- name: Configure watchdog`
			`blockinfile:`
			`path: /etc/watchdog.conf`
			`block: \|`
			`interface = wlan0`
			`retry-timeout = 90`
			`ping = {{router_ip}}`
			`interval = 15`
			`when: configure_wifi`
			`- name: Start watchdog`
			`systemd: name=watchdog state=restarted enabled=yes daemon_reload=yes`
			`when: configure_wifi`
Added sysdweb 2020-05-02 11:21:52 +02:00			`# Message of the day`
			`- name: Set Message of the day`
			`copy: src=motd/{{ pi_hostname.stdout }} dest=/etc/motd`
			`# LED off script`
			`- name: Copy led off script`
Working sound setup for raspis 2020-05-10 15:25:38 +02:00			`copy: src=raspi-leds-off.sh dest=/usr/sbin/raspi-leds-off.sh mode="u+rwx"`
Added sysdweb 2020-05-02 11:21:52 +02:00			`- name: Copy led off service`
			`copy: src=raspi-leds-off.service dest=/lib/systemd/system/`
			`- name: Activate led off servic`
			`systemd: name=raspi-leds-off state=restarted enabled=yes daemon_reload=yes`