--- # Gather facts specific to the Raspberry Pi platform - include: raspi-facts.yml - include: linux-facts.yml # Basic hostname setup - name: Get MAC address debug: msg: "{{ hostvars[inventory_hostname].ansible_eth0.macaddress }}" tags: - raspi - sw - name: store MAC address set_fact: my_macaddr: "{{ hostvars[inventory_hostname].ansible_eth0.macaddress }}" tags: - raspi - sw - name: store system configuration set_fact: myconfig: "{{ macaddrs[my_macaddr] }}" tags: - raspi - sw - name: set hostname shell: "raspi-config nonint do_hostname {{ myconfig.hostname }}" when: raspi_hostname != myconfig.hostname - name: update /etc/hosts with new hostname lineinfile: dest=/etc/hosts regexp="^{{ ansible_default_ipv4.address }}" line="{{ ansible_default_ipv4.address }}{{'\t'}}{{ myconfig.hostname }}.{{ myconfig.domain }}{{'\t'}}{{ myconfig.hostname }}" state=present - name: get rid of default 127.0.1.1 binding lineinfile: dest=/etc/hosts regexp="^127.0.1.1" state=absent # Set timezone - name: set timezone command: "timedatectl set-timezone {{ myconfig.timezone }}" when: linux_tz != myconfig.timezone # Set locale - name: set locale command: "raspi-config nonint do_change_locale {{ myconfig.locale }}" when: "'locale' in myconfig and linux_locale != myconfig.locale" # Set X keyboard layout - name: set X11 keyboard layout command: "raspi-config nonint do_configure_keyboard {{ myconfig.xkblayout }}" when: "'xkblayout' in myconfig and myconfig.xkblayout != linux_xkblayout" # Set wifi country - name: set wifi country command: "raspiconfig nonint do_wifi_country {{ myconfig.wifi_country }}" when: "'wifi_country' in myconfig and myconfig.wifi_country != raspi_wifi_country" # Enable sshd - name: disable ssh login for user pi lineinfile: dest=/etc/ssh/sshd_config line="DenyUsers pi" state=present tags: - raspi - name: enable SSH via raspi-config shell: "raspi-config nonint do_ssh 0" when: not raspi_ssh_enabled tags: - raspi # Other tasks - include: software.yml - include: users.yml - include: raspi-config.yml - include: darshan-dev.yml when: "'darshan_dev' in myconfig and myconfig.darshan_dev" # Configure firewall - name: allow SSH through UFW ufw: rule: allow port: ssh proto: tcp log: yes tags: - ufw - name: allow mDNS through UFW ufw: rule: allow to_ip: 224.0.0.251 proto: igmp log: no tags: - ufw - name: drop multicast without logging ufw: rule: deny to_ip: 224.0.0.1 log: no tags: - ufw - name: set default incoming UFW policy to deny ufw: direction: incoming policy: deny tags: - ufw - name: set default outgoing UFW policy to allow ufw: direction: outgoing policy: allow tags: - ufw - name: enable UFW ufw: state: enabled logging: yes tags: - ufw