Base is rpi specific.

4 files changed, 79 insertions, 0 deletions

diff --git a/rpi-base/defaults/main.yaml b/rpi-base/defaults/main.yaml
new file mode 100644
index 0000000..b26755a
--- /dev/null
+++ b/rpi-base/defaults/main.yaml
@@ -0,0 +1,13 @@
+---
+
+rpi_base_enable_wifi: True
+rpi_base_timezone: "America/Chicago"
+rpi_base_apt_packages:
+  - "log2ram"
+  - "fail2ban"
+  - "unattended-upgrades"
+  - "emacs-nox"
+  - "htop"
+  - "jq"
+  - "tree"
+  - "iperf3"
diff --git a/rpi-base/files/jail.local b/rpi-base/files/jail.local
new file mode 100644
index 0000000..a5cabc4
--- /dev/null
+++ b/rpi-base/files/jail.local
@@ -0,0 +1,10 @@
+[ssh]
+
+enabled = true
+port = ssh
+filter = sshd
+logpath = /var/log/auth.log
+bantime = 900
+banaction = iptables-allports
+findtime = 900
+maxretry = 3
diff --git a/rpi-base/tasks/main.yml b/rpi-base/tasks/main.yml
new file mode 100644
index 0000000..85045a5
--- /dev/null
+++ b/rpi-base/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+
+- name: turn swap off
+  become: yes
+  command: "swapoff -a"
+  changed_when: false
+
+- name: remove swap apt package
+  become: yes
+  apt: state="absent" name="dphys-swapfile"
+
+- name: add log2ram apt key
+  become: yes
+  apt_key: url="https://azlux.fr/repo.gpg.key"
+
+- name: add log2ram apt repo
+  become: yes
+  apt_repository: repo="deb http://packages.azlux.fr/debian/ buster main"
+
+- name: set timezone
+  become: yes
+  timezone: name="{{rpi_base_timezone}}"
+
+- name: setup wifi
+  become: yes
+  template: src="wpa_supplicant.conf.j2" dest="/etc/wpa_supplicant/wpa_supplicant.conf" mode="0644"
+
+- name: update apt package cache
+  become: yes
+  apt: upgrade="dist" autoremove="yes" autoclean="yes" update_cache="yes" cache_valid_time="3600"
+
+- name: install extra apt packages
+  become: yes
+  apt: name="{{rpi_base_apt_packages}}" state="latest"
+
+- name: install fail2ban config
+  become: yes
+  copy: src="jail.local" dest="/etc/fail2ban/jail.local"
+
+- name: authorize admin ssh keys
+  become: yes
+  authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys"
diff --git a/rpi-base/templates/wpa_supplicant.conf.j2 b/rpi-base/templates/wpa_supplicant.conf.j2
new file mode 100644
index 0000000..c1312d0
--- /dev/null
+++ b/rpi-base/templates/wpa_supplicant.conf.j2
@@ -0,0 +1,14 @@
+# {{ansible_managed}}
+
+country=US
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
+update_config=1
+{% for network in wpa_networks %}
+
+network={
+    ssid="{{network.ssid}}"
+    psk="{{network.psk}}"
+    disabled={% if rpi_base_enable_wifi %}0{% else %}1{% endif %}
+
+}
+{% endfor %}