102 lines
3.3 KiB
YAML
102 lines
3.3 KiB
YAML
---
|
|
- name: Do apt update/upgrade
|
|
apt: upgrade=yes update_cache=yes cache_valid_time=7200
|
|
- name: Detect Raspi Model
|
|
slurp: src=/sys/firmware/devicetree/base/model
|
|
register: raspberry_model
|
|
- name: Show Raspi Model
|
|
debug: msg={{ raspberry_model.content | b64decode }}
|
|
- name: Add authorized SSH key to root account
|
|
authorized_key:
|
|
user: root
|
|
key: "{{ lookup('file', 'sshkey.pub') }}"
|
|
state: present
|
|
- name: Activate root login with key
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: "^#?PermitRootLogin"
|
|
line: "PermitRootLogin prohibit-password"
|
|
notify: restart sshd
|
|
- name: Deactive SSH accepting locale vars (leads to warnings)
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: "^#?AcceptEnv LANG LC_*"
|
|
line: "#AcceptEnv LANG LC_*"
|
|
notify: restart sshd
|
|
- name: Get hostname
|
|
command: "raspi-config nonint get_hostname"
|
|
register: pi_hostname
|
|
changed_when: False
|
|
- name: Change hostname {{ new_hostname }}
|
|
command: "raspi-config nonint do_hostname {{ new_hostname }}"
|
|
when: new_hostname | bool and pi_hostname.stdout != new_hostname
|
|
register: set_hostname
|
|
notify: reboot
|
|
- name: Get hostname
|
|
command: "raspi-config nonint get_hostname"
|
|
register: pi_hostname
|
|
changed_when: False
|
|
- name: set boot mode to CLI
|
|
command: "raspi-config nonint do_boot_behaviour B1"
|
|
#I2 Change Timezone
|
|
- name: Change timezone
|
|
command: "raspi-config nonint do_change_timezone {{ timezone }}"
|
|
- name: Change locale
|
|
command: "raspi-config nonint do_change_locale en_US.UTF-8"
|
|
- name: Change password of default pi account
|
|
user:
|
|
name: pi
|
|
update_password: always
|
|
password: "{{ lookup('keepass', 'default_rpi_password') | password_hash('sha512') }}"
|
|
- name: Install Packages (vim, git, basic python stuff)
|
|
apt:
|
|
name:
|
|
- vim
|
|
- git
|
|
- python3
|
|
- python3-pip
|
|
- python3-wheel
|
|
cache_valid_time: 7200
|
|
state: present
|
|
- name: Copy vim config
|
|
copy: src=vimrc dest=/root/.vimrc
|
|
- name: Copy git config
|
|
copy: src=gitconfig dest=/root/.gitconfig
|
|
# Wifi
|
|
- name: Get WiFi country
|
|
command: "raspi-config nonint get_wifi_country"
|
|
register: wifi_country
|
|
changed_when: False
|
|
ignore_errors: yes #to avoid error when WiFi is not present
|
|
- name: Change WiFi country
|
|
command: "raspi-config nonint do_wifi_country {{ wifi_country }}"
|
|
when: configure_wifi
|
|
- name: Set WiFi credentials
|
|
command: "raspi-config nonint do_wifi_ssid_passphrase {{ wifi_ssid }} {{ lookup('keepass', 'bauer_wifi') }}"
|
|
when: configure_wifi
|
|
- name: Install watchdog
|
|
apt: name=watchdog cache_valid_time=7200 state=present
|
|
when: not wifi_ssid is defined
|
|
- name: Configure watchdog
|
|
blockinfile:
|
|
path: /etc/watchdog.conf
|
|
block: |
|
|
interface = wlan0
|
|
retry-timeout = 90
|
|
ping = {{router_ip}}
|
|
interval = 15
|
|
when: configure_wifi
|
|
- name: Start watchdog
|
|
systemd: name=watchdog state=restarted enabled=yes daemon_reload=yes
|
|
when: configure_wifi
|
|
# Message of the day
|
|
- name: Set Message of the day
|
|
copy: src=motd/{{ pi_hostname.stdout }} dest=/etc/motd
|
|
# LED off script
|
|
- name: Copy led off script
|
|
copy: src=raspi-leds-off.sh dest=/usr/sbin/raspi-leds-off.sh mode="u+rwx"
|
|
- name: Copy led off service
|
|
copy: src=raspi-leds-off.service dest=/lib/systemd/system/
|
|
- name: Activate led off servic
|
|
systemd: name=raspi-leds-off state=restarted enabled=yes daemon_reload=yes
|