--- - include: loadconfig.yml # Gather facts specific to the Raspberry Pi platform - include: raspi-facts.yml - include: linux-facts.yml - name: set hostname shell: "raspi-config nonint do_hostname {{ myconfig.hostname }}" when: raspi_hostname != myconfig.hostname - name: update /etc/hosts with new hostname lineinfile: dest=/etc/hosts regexp="^{{ ansible_default_ipv4.address }}" line="{{ ansible_default_ipv4.address }}{{'\t'}}{{ myconfig.hostname }}.{{ myconfig.domain }}{{'\t'}}{{ myconfig.hostname }}" state=present - name: get rid of default 127.0.1.1 binding lineinfile: dest=/etc/hosts regexp="^127.0.1.1" state=absent # Set timezone - name: set timezone command: "timedatectl set-timezone {{ myconfig.timezone }}" when: linux_tz != myconfig.timezone # Set locale - name: set locale command: "raspi-config nonint do_change_locale {{ myconfig.locale }}" when: "'locale' in myconfig and linux_locale != myconfig.locale" # Set X keyboard layout - name: set X11 keyboard layout command: "raspi-config nonint do_configure_keyboard {{ myconfig.xkblayout }}" when: "'xkblayout' in myconfig and myconfig.xkblayout != linux_xkblayout" # Set wifi country - name: set wifi country command: "raspiconfig nonint do_wifi_country {{ myconfig.wifi_country }}" when: "'wifi_country' in myconfig and myconfig.wifi_country != raspi_wifi_country" # Enable sshd - name: disable ssh login for user pi lineinfile: dest=/etc/ssh/sshd_config line="DenyUsers pi" state=present tags: - raspi - name: enable SSH via raspi-config shell: "raspi-config nonint do_ssh 0" when: not raspi_ssh_enabled tags: - raspi # Other tasks - include: sshd.yml - include: software.yml - include: users.yml - include: raspi-config.yml - include: darshan-dev.yml when: "'darshan_dev' in myconfig and myconfig.darshan_dev" # Install motd # May be easier to pull from /sys/firmware/devicetree/base/model - name: load Raspberry Pi hardware history include_vars: file: vars/raspi-models.yml tags: - motd - name: install motd template: src: etc/motd dest: /etc/motd owner: root group: root mode: "0644" tags: - motd # Configure firewall - name: allow SSH through UFW ufw: rule: allow port: ssh proto: tcp log: yes tags: - ufw - name: allow mDNS through UFW ufw: rule: allow to_ip: 224.0.0.251 proto: igmp log: no tags: - ufw - name: drop multicast without logging ufw: rule: deny to_ip: 224.0.0.1 log: no tags: - ufw - name: set default incoming UFW policy to deny ufw: direction: incoming policy: deny tags: - ufw - name: set default outgoing UFW policy to allow ufw: direction: outgoing policy: allow tags: - ufw - name: enable UFW ufw: state: "enabled" logging: "on" tags: - ufw