ansible/roles/pi-standard-setup/tasks/main.yml

87 lines
2.9 KiB
YAML

---
- name: Do apt update/upgrade
apt: upgrade=yes update_cache=yes cache_valid_time=7200
- name: Detect Raspi Model
slurp: src=/sys/firmware/devicetree/base/model
register: raspberry_model
- name: Show Raspi Model
debug: msg={{ raspberry_model.content | b64decode }}
- name: Add authorized SSH key to root account
authorized_key:
user: root
key: "{{ lookup('file', 'sshkey.pub') }}"
state: present
- name: Activate root login with key
lineinfile:
path: /etc/ssh/sshd_config
regexp: "^#?PermitRootLogin"
line: "PermitRootLogin prohibit-password"
notify: restart sshd
- name: Deactive SSH accepting locale vars (leads to warnings)
lineinfile:
path: /etc/ssh/sshd_config
regexp: "^#?AcceptEnv LANG LC_*"
line: "#AcceptEnv LANG LC_*"
notify: restart sshd
- name: Get hostname
command: "raspi-config nonint get_hostname"
register: pi_hostname
changed_when: False
- name: Change hostname to {{ new_hostname }}
command: "raspi-config nonint do_hostname {{ new_hostname }}"
when: new_hostname | bool and pi_hostname.stdout != new_hostname
register: set_hostname
notify: reboot
- name: Get hostname
command: "raspi-config nonint get_hostname"
when: set_hostname.changed
register: pi_hostname
changed_when: False
- name: set boot mode to CLI
command: "raspi-config nonint do_boot_behaviour B1"
#I2 Change Timezone
- name: Change timezone
command: "raspi-config nonint do_change_timezone {{ timezone }}"
- name: Change locale
command: "raspi-config nonint do_change_locale en_US.UTF-8"
- name: Change password of default pi account
user:
name: pi
update_password: always
password: "{{ lookup('keepass', 'default_rpi_password') | password_hash('sha512') }}"
- name: Install Packages (vim, git, basic python stuff)
apt:
name:
- vim
- git
- python3
- python3-pip
- python3-wheel
cache_valid_time: 7200
state: present
- name: Copy vim config
copy: src=vimrc dest=/root/.vimrc
- name: Copy git config
copy: src=gitconfig dest=/root/.gitconfig
# Wifi
- name: Get WiFi country
command: "raspi-config nonint get_wifi_country"
register: wifi_country
changed_when: False
ignore_errors: yes #to avoid error when WiFi is not present
- name: Change WiFi country
command: "raspi-config nonint do_wifi_country {{ wifi_country }}"
- name: Set WiFi credentials
command: "raspi-config nonint do_wifi_ssid_passphrase {{ wifi_ssid }} {{ lookup('keepass', wifi_pass_url) }}"
when: wifi_ssid | bool
# Message of the day
- name: Set Message of the day
copy: src=motd/{{ pi_hostname.stdout }} dest=/etc/motd
# LED off script
- name: Copy led off script
copy: src=configs/raspi-leds-off.sh dest=/usr/sbin/raspi-leds-off.sh mode="u+rwx"
- name: Copy led off service
copy: src=raspi-leds-off.service dest=/lib/systemd/system/
- name: Activate led off servic
systemd: name=raspi-leds-off state=restarted enabled=yes daemon_reload=yes