You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
134 lines
2.9 KiB
134 lines
2.9 KiB
---
|
|
|
|
# Gather facts specific to the Raspberry Pi platform
|
|
- include: raspi-facts.yml
|
|
- include: linux-facts.yml
|
|
|
|
# Basic hostname setup
|
|
- name: Get MAC address
|
|
debug:
|
|
msg: "{{ hostvars[inventory_hostname].ansible_eth0.macaddress }}"
|
|
tags:
|
|
- raspi
|
|
- sw
|
|
|
|
- name: store MAC address
|
|
set_fact:
|
|
my_macaddr: "{{ hostvars[inventory_hostname].ansible_eth0.macaddress }}"
|
|
tags:
|
|
- raspi
|
|
- sw
|
|
|
|
- name: store system configuration
|
|
set_fact:
|
|
myconfig: "{{ macaddrs[my_macaddr] }}"
|
|
tags:
|
|
- raspi
|
|
- sw
|
|
|
|
- name: set hostname
|
|
shell: "raspi-config nonint do_hostname {{ myconfig.hostname }}"
|
|
when: raspi_hostname != myconfig.hostname
|
|
|
|
- name: update /etc/hosts with new hostname
|
|
lineinfile:
|
|
dest=/etc/hosts
|
|
regexp="^{{ ansible_default_ipv4.address }}"
|
|
line="{{ ansible_default_ipv4.address }}{{'\t'}}{{ myconfig.hostname }}.{{ myconfig.domain }}{{'\t'}}{{ myconfig.hostname }}"
|
|
state=present
|
|
|
|
- name: get rid of default 127.0.1.1 binding
|
|
lineinfile:
|
|
dest=/etc/hosts
|
|
regexp="^127.0.1.1"
|
|
state=absent
|
|
|
|
# Set timezone
|
|
- name: set timezone
|
|
command: "timedatectl set-timezone {{ myconfig.timezone }}"
|
|
when: linux_tz != myconfig.timezone
|
|
|
|
# Set locale
|
|
- name: set locale
|
|
command: "raspi-config nonint do_change_locale {{ myconfig.locale }}"
|
|
when: "'locale' in myconfig and linux_locale != myconfig.locale"
|
|
|
|
# Set X keyboard layout
|
|
- name: set X11 keyboard layout
|
|
command: "raspi-config nonint do_configure_keyboard {{ myconfig.xkblayout }}"
|
|
when: "'xkblayout' in myconfig and myconfig.xkblayout != linux_xkblayout"
|
|
|
|
# Set wifi country
|
|
- name: set wifi country
|
|
command: "raspiconfig nonint do_wifi_country {{ myconfig.wifi_country }}"
|
|
when: "'wifi_country' in myconfig and myconfig.wifi_country != raspi_wifi_country"
|
|
|
|
# Enable sshd
|
|
- name: disable ssh login for user pi
|
|
lineinfile:
|
|
dest=/etc/ssh/sshd_config
|
|
line="DenyUsers pi"
|
|
state=present
|
|
tags:
|
|
- raspi
|
|
|
|
- name: enable SSH via raspi-config
|
|
shell: "raspi-config nonint do_ssh 0"
|
|
when: not raspi_ssh_enabled
|
|
tags:
|
|
- raspi
|
|
|
|
# Other tasks
|
|
- include: software.yml
|
|
- include: users.yml
|
|
- include: raspi-config.yml
|
|
- include: darshan-dev.yml
|
|
when: "'darshan_dev' in myconfig and myconfig.darshan_dev"
|
|
|
|
# Configure firewall
|
|
- name: allow SSH through UFW
|
|
ufw:
|
|
rule: allow
|
|
port: ssh
|
|
proto: tcp
|
|
log: yes
|
|
tags:
|
|
- ufw
|
|
|
|
- name: allow mDNS through UFW
|
|
ufw:
|
|
rule: allow
|
|
to_ip: 224.0.0.251
|
|
proto: igmp
|
|
log: no
|
|
tags:
|
|
- ufw
|
|
|
|
- name: drop multicast without logging
|
|
ufw:
|
|
rule: deny
|
|
to_ip: 224.0.0.1
|
|
log: no
|
|
tags:
|
|
- ufw
|
|
|
|
- name: set default incoming UFW policy to deny
|
|
ufw:
|
|
direction: incoming
|
|
policy: deny
|
|
tags:
|
|
- ufw
|
|
|
|
- name: set default outgoing UFW policy to allow
|
|
ufw:
|
|
direction: outgoing
|
|
policy: allow
|
|
tags:
|
|
- ufw
|
|
|
|
- name: enable UFW
|
|
ufw:
|
|
state: enabled
|
|
logging: yes
|
|
tags:
|
|
- ufw
|
|
|