rpi-base/tasks/main.yaml
author Luke Hoersten <luke@hoersten.org>
Sun, 21 Jul 2024 12:42:43 -0500
changeset 235 f88bb54f63bd
parent 234 f46b0f7e758c
permissions -rw-r--r--
Added scrypted role.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     1
---
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     2
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     3
- name: turn swap off
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     4
  become: yes
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     5
  command: "swapoff -a"
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     6
  changed_when: false
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     7
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     8
- name: remove swap apt package
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     9
  become: yes
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    10
  apt: state="absent" name="dphys-swapfile"
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    11
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    12
- name: add log2ram apt key
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    13
  become: yes
189
3bd85e235e76 Removed deprecated apt_key ansible module.
Luke Hoersten <luke@hoersten.org>
parents: 146
diff changeset
    14
  get_url:
3bd85e235e76 Removed deprecated apt_key ansible module.
Luke Hoersten <luke@hoersten.org>
parents: 146
diff changeset
    15
    url: "https://azlux.fr/repo.gpg.key"
197
1cc658995a70 Added key signing for apt repos.
Luke Hoersten <luke@hoersten.org>
parents: 189
diff changeset
    16
    dest: "/etc/apt/trusted.gpg.d/log2ram.asc"
189
3bd85e235e76 Removed deprecated apt_key ansible module.
Luke Hoersten <luke@hoersten.org>
parents: 146
diff changeset
    17
    mode: "0644"
0
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    18
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    19
- name: add log2ram apt repo
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    20
  become: yes
198
e1f873a07ea2 Added trusted keys and https
Luke Hoersten <luke@hoersten.org>
parents: 197
diff changeset
    21
  apt_repository: repo="deb [signed-by=/etc/apt/trusted.gpg.d/log2ram.asc] https://packages.azlux.fr/debian/ buster main"
0
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    22
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    23
- name: set timezone
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    24
  become: yes
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    25
  timezone: name="{{rpi_base_timezone}}"
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    26
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    27
- name: setup wifi
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    28
  become: yes
7
dc3fca0131a7 Updated some permissions on conf files
Luke Hoersten <luke@hoersten.org>
parents: 3
diff changeset
    29
  template: src="wpa_supplicant.conf.j2" dest="/etc/wpa_supplicant/wpa_supplicant.conf" mode="0600"
0
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    30
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    31
- name: update apt package cache
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    32
  become: yes
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    33
  apt: upgrade="dist" autoremove="yes" autoclean="yes" update_cache="yes" cache_valid_time="3600"
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    34
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    35
- name: install extra apt packages
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    36
  become: yes
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    37
  apt: name="{{rpi_base_apt_packages}}" state="latest"
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    38
126
1fe8b35714f6 Added auto upgrades to base.
Luke Hoersten <luke@hoersten.org>
parents: 34
diff changeset
    39
- name: configure auto upgrades
1fe8b35714f6 Added auto upgrades to base.
Luke Hoersten <luke@hoersten.org>
parents: 34
diff changeset
    40
  become: yes
1fe8b35714f6 Added auto upgrades to base.
Luke Hoersten <luke@hoersten.org>
parents: 34
diff changeset
    41
  copy: src="20auto-upgrades" dest="/etc/apt/apt.conf.d/20auto-upgrades"
1fe8b35714f6 Added auto upgrades to base.
Luke Hoersten <luke@hoersten.org>
parents: 34
diff changeset
    42
34
ecbdaed7f151 various updates
Luke Hoersten <luke@hoersten.org>
parents: 14
diff changeset
    43
- name: configure log2ram disk size
ecbdaed7f151 various updates
Luke Hoersten <luke@hoersten.org>
parents: 14
diff changeset
    44
  become: yes
ecbdaed7f151 various updates
Luke Hoersten <luke@hoersten.org>
parents: 14
diff changeset
    45
  lineinfile:
ecbdaed7f151 various updates
Luke Hoersten <luke@hoersten.org>
parents: 14
diff changeset
    46
    path: "/etc/log2ram.conf"
ecbdaed7f151 various updates
Luke Hoersten <luke@hoersten.org>
parents: 14
diff changeset
    47
    regexp: "^SIZE="
ecbdaed7f151 various updates
Luke Hoersten <luke@hoersten.org>
parents: 14
diff changeset
    48
    line: "SIZE={{rpi_base_log_size}}"
ecbdaed7f151 various updates
Luke Hoersten <luke@hoersten.org>
parents: 14
diff changeset
    49
  notify: restart log2ram service
ecbdaed7f151 various updates
Luke Hoersten <luke@hoersten.org>
parents: 14
diff changeset
    50
ecbdaed7f151 various updates
Luke Hoersten <luke@hoersten.org>
parents: 14
diff changeset
    51
- name: configure fail2ban
0
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    52
  become: yes
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    53
  copy: src="jail.local" dest="/etc/fail2ban/jail.local"
df042396074e Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    54
10
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    55
- name: add users
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    56
  become: yes
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    57
  user:
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    58
    name: "{{admin_user_name}}"
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    59
    password: "{{admin_user_password}}"
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    60
    groups: "sudo,users"
14
47937f95ac26 Standardize my shell.
Luke Hoersten <luke@hoersten.org>
parents: 13
diff changeset
    61
    shell: "/bin/bash"
10
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    62
    append: yes
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    63
13
c74df4bbd49d Fixed small log2ram size.
Luke Hoersten <luke@hoersten.org>
parents: 10
diff changeset
    64
- name: authorize ssh keys
10
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    65
  become: yes
225
6936497313ac Minor cleanup.
Luke Hoersten <luke@hoersten.org>
parents: 198
diff changeset
    66
  authorized_key: user="{{item}}" key="https://github.com/{{github_user}}.keys"
6936497313ac Minor cleanup.
Luke Hoersten <luke@hoersten.org>
parents: 198
diff changeset
    67
  loop:
6936497313ac Minor cleanup.
Luke Hoersten <luke@hoersten.org>
parents: 198
diff changeset
    68
    - "{{admin_user_name}}"
6936497313ac Minor cleanup.
Luke Hoersten <luke@hoersten.org>
parents: 198
diff changeset
    69
    - "{{ansible_user}}"
10
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    70
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    71
- name: nopasswd sudo for admin user
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    72
  become: yes
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    73
  template:
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    74
    src: "010_admin-nopasswd"
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    75
    dest: "/etc/sudoers.d/010_admin-nopasswd"
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    76
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    77
- name: disable ssh password login
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    78
  become: yes
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    79
  lineinfile:
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    80
    path: "/etc/ssh/sshd_config"
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    81
    regexp: "^PasswordAuthentication"
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    82
    insertafter: "^#PasswordAuthentication"
524cf40846b3 Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents: 7
diff changeset
    83
    line: "PasswordAuthentication no"
234
f46b0f7e758c Added task to ensure log2ram is running.
Luke Hoersten <luke@hoersten.org>
parents: 225
diff changeset
    84
f46b0f7e758c Added task to ensure log2ram is running.
Luke Hoersten <luke@hoersten.org>
parents: 225
diff changeset
    85
- name: ensure log2ram service is started
f46b0f7e758c Added task to ensure log2ram is running.
Luke Hoersten <luke@hoersten.org>
parents: 225
diff changeset
    86
  become: yes
f46b0f7e758c Added task to ensure log2ram is running.
Luke Hoersten <luke@hoersten.org>
parents: 225
diff changeset
    87
  systemd: name="log2ram.service" enabled="yes" state="started"