ansible/pis/02-provision_new_pi.yml

# Run with
# ansible-playbook -i raspberrypi, 02-provision_new_pi.yml
# where "raspberrypi" is the hostname of the pi
---

- hosts: all
  gather_facts: false
  vars:
    timezone: "Europe/Berlin"
    wifi_country: "DE"
    wifi_ssid: "" # put SSID here to configure wifi
    wifi_pass_url: "bauer_wifi"  # has to be in keepass with url "wifi_pass_url"
    ansible_ssh_pass: raspberry
    ansible_become: yes
    ansible_become_password: raspberry
    new_hostname: "" # set this to change the hostname
  vars_prompt:
    - name: ansible_user
      prompt: "User to connect with, put in 'pi' here if you connect the first time, else leave empty"
      default: root
  tasks:
    - name: Do apt update/upgrade
      apt:
        upgrade: yes
        update_cache: yes
        cache_valid_time: 7200
    - name: Detect Raspi Model
      slurp: src=/sys/firmware/devicetree/base/model
      register: raspberry_model
    - name: Show Raspi Model
      debug: msg={{ raspberry_model.content | b64decode }}
    - name: Add authorized SSH key to root account
      authorized_key:
        user: root
        key: "{{ lookup('file', '../public_keys/martin_laptop.pub') }}"
        state: present
    - name: Activate root login with key
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: "^#?PermitRootLogin"
        line: "PermitRootLogin prohibit-password"
      notify: restart sshd
    - name: Deactive SSH accepting locale vars (leads to warnings)
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: "^#?AcceptEnv LANG LC_*"
        line: "#AcceptEnv LANG LC_*"
      notify: restart sshd
    - name: Get hostname
      command: "raspi-config nonint get_hostname"
      register: pi_hostname
      changed_when: False
    - name: Change hostname to {{ new_hostname }}
      command: "raspi-config nonint do_hostname {{ new_hostname }}"
      when: new_hostname | bool and pi_hostname.stdout != new_hostname
    - name: set boot mode to CLI
      command: "raspi-config nonint do_boot_behaviour B1"
    #I2 Change Timezone
    - name: Change timezone
      command: "raspi-config nonint do_change_timezone {{ timezone }}"
    - name: Change locale
      command: "raspi-config nonint do_change_locale en_US.UTF-8"
    - name: Change password of default pi account
      user:
        name: pi
        update_password: always
        password: "{{ lookup('keepass', 'default_rpi_password') | password_hash('sha512')  }}"
    - name: Install Packages (vim, git, basic python stuff)
      apt:
        name:
          - vim
          - git
          - python3
          - python3-pip
          - python3-wheel
        cache_valid_time: 7200
        state: present
    - name: Copy vim config
      copy: src=../configs/vimrc dest=/root/.vimrc
    - name: Copy git config
      copy: src=../configs/gitconfig dest=/root/.gitconfig
    # Wifi
    - name: Get WiFi country
      command: "raspi-config nonint get_wifi_country"
      register: wifi_country
      changed_when: False
      ignore_errors: yes #to avoid error when WiFi is not present
      when: wifi_ssid | bool
    - name: Change WiFi country
      command: "raspi-config nonint do_wifi_country {{ wifi_country }}"
      when: wifi_ssid | bool
    - name: Set WiFi credentials
      command: "raspi-config nonint do_wifi_ssid_passphrase {{ wifi_ssid }} {{ lookup('keepass', wifi_pass_url) }}"
      when: wifi_ssid | bool

  handlers:
    - name: restart sshd
      service:
        name: sshd
        state: restarted
Raspberry Pi setup as bluetooth speaker 2020-01-08 20:18:23 +01:00			`# Run with`
			`# ansible-playbook -i raspberrypi, 02-provision_new_pi.yml`
			`# where "raspberrypi" is the hostname of the pi`
			`---`

			`- hosts: all`
			`gather_facts: false`
			`vars:`
			`timezone: "Europe/Berlin"`
			`wifi_country: "DE"`
			`wifi_ssid: "" # put SSID here to configure wifi`
			`wifi_pass_url: "bauer_wifi" # has to be in keepass with url "wifi_pass_url"`
			`ansible_ssh_pass: raspberry`
			`ansible_become: yes`
			`ansible_become_password: raspberry`
			`new_hostname: "" # set this to change the hostname`
			`vars_prompt:`
			`- name: ansible_user`
			`prompt: "User to connect with, put in 'pi' here if you connect the first time, else leave empty"`
			`default: root`
			`tasks:`
			`- name: Do apt update/upgrade`
			`apt:`
			`upgrade: yes`
			`update_cache: yes`
			`cache_valid_time: 7200`
			`- name: Detect Raspi Model`
			`slurp: src=/sys/firmware/devicetree/base/model`
			`register: raspberry_model`
			`- name: Show Raspi Model`
			`debug: msg={{ raspberry_model.content \| b64decode }}`
			`- name: Add authorized SSH key to root account`
			`authorized_key:`
			`user: root`
			`key: "{{ lookup('file', '../public_keys/martin_laptop.pub') }}"`
			`state: present`
			`- name: Activate root login with key`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: "^#?PermitRootLogin"`
			`line: "PermitRootLogin prohibit-password"`
			`notify: restart sshd`
			`- name: Deactive SSH accepting locale vars (leads to warnings)`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: "^#?AcceptEnv LANG LC_*"`
			`line: "#AcceptEnv LANG LC_*"`
			`notify: restart sshd`
			`- name: Get hostname`
			`command: "raspi-config nonint get_hostname"`
			`register: pi_hostname`
			`changed_when: False`
			`- name: Change hostname to {{ new_hostname }}`
			`command: "raspi-config nonint do_hostname {{ new_hostname }}"`
			`when: new_hostname \| bool and pi_hostname.stdout != new_hostname`
			`- name: set boot mode to CLI`
			`command: "raspi-config nonint do_boot_behaviour B1"`
			`#I2 Change Timezone`
			`- name: Change timezone`
			`command: "raspi-config nonint do_change_timezone {{ timezone }}"`
			`- name: Change locale`
			`command: "raspi-config nonint do_change_locale en_US.UTF-8"`
			`- name: Change password of default pi account`
			`user:`
			`name: pi`
			`update_password: always`
			`password: "{{ lookup('keepass', 'default_rpi_password') \| password_hash('sha512') }}"`
			`- name: Install Packages (vim, git, basic python stuff)`
			`apt:`
			`name:`
			`- vim`
			`- git`
			`- python3`
			`- python3-pip`
			`- python3-wheel`
			`cache_valid_time: 7200`
			`state: present`
			`- name: Copy vim config`
			`copy: src=../configs/vimrc dest=/root/.vimrc`
			`- name: Copy git config`
			`copy: src=../configs/gitconfig dest=/root/.gitconfig`
			`# Wifi`
			`- name: Get WiFi country`
			`command: "raspi-config nonint get_wifi_country"`
			`register: wifi_country`
			`changed_when: False`
			`ignore_errors: yes #to avoid error when WiFi is not present`
			`when: wifi_ssid \| bool`
			`- name: Change WiFi country`
			`command: "raspi-config nonint do_wifi_country {{ wifi_country }}"`
			`when: wifi_ssid \| bool`
			`- name: Set WiFi credentials`
			`command: "raspi-config nonint do_wifi_ssid_passphrase {{ wifi_ssid }} {{ lookup('keepass', wifi_pass_url) }}"`
			`when: wifi_ssid \| bool`

			`handlers:`
			`- name: restart sshd`
			`service:`
			`name: sshd`
			`state: restarted`