-
Notifications
You must be signed in to change notification settings - Fork 5
/
configure-root.yml
122 lines (108 loc) · 2.99 KB
/
configure-root.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
---
- name: create a .ssh directory
become: yes
file:
name: "{{ location }}/root/.ssh"
mode: '0700'
state: directory
when: pubkey is defined
- name: create a file
become: yes
file:
path: "{{ location }}/root/.ssh/authorized_keys"
mode: '0600'
state: touch
when: pubkey is defined
- name: Set appropriate permissions on the authorized_keys file
become: yes
lineinfile:
path: "{{ location }}/root/.ssh/authorized_keys"
line: "{{ pubkey }}"
state: present
when: pubkey is defined
- name: Set root password
become: yes
lineinfile:
path: "{{ location }}/etc/shadow"
state: present
line: 'root:{{ rootpasswordhash }}::0:99999:7:::'
regexp: '^root:'
when: rootpasswordhash is defined
- name: Set hostname
become: yes
copy:
dest: "{{ location }}/etc/hostname"
content: |
{{ pi_hostname }}
when: pi_hostname is defined
- name: Permit root login via ssh
become: yes
lineinfile:
path: "{{ location }}/etc/ssh/sshd_config"
state: present
line: "PermitRootLogin yes"
regexp: '^PermitRootLogin'
- name: Remove boot and boot/efi lines in fstab
become: yes
lineinfile:
path: "{{ location }}/etc/fstab"
state: absent
regexp: '^.* /boot.*'
- name: Add boot to fstab
become: yes
lineinfile:
path: "{{ location }}/etc/fstab"
state: present
line: "/dev/mmcblk0p1 /boot vfat defaults,noatime 0 0"
regexp: '^.* / .*'
- name: Replace root line in fstab
become: yes
lineinfile:
path: "{{ location }}/etc/fstab"
state: present
line: "/dev/mmcblk0p2 / ext4 defaults,noatime 0 0"
regexp: '^.* / .*'
- name: Copy over raspbian kernel modules
become: yes
command: "cp -uvrfp {{ raspbian_location }}/lib/modules {{ location }}/usr/lib"
- name: Copy over firmware
become: yes
command: "cp -uvrfp {{ raspbian_location }}/lib/firmware {{ location }}/lib"
- name: Copy over raspbian modprobe.d blacklist
become: yes
command: 'cp -uvrfp {{ raspbian_location }}/etc/modprobe.d/. {{ location }}/etc/modprobe.d/'
- name: "Deploy the {{ network.device }} network static interface configuration"
become: yes
template:
src: templates/ifcfg.j2
dest: "{{ location }}/etc/sysconfig/network-scripts/ifcfg-{{ network.device }}"
when: network.bootproto != "dhcp"
- name: "Deploy the {{ network.device }} network dynamic interface configuration"
become: yes
template:
src: templates/ifcfg-dhcp.j2
dest: "{{ location }}/etc/sysconfig/network-scripts/ifcfg-{{ network.device }}"
when: network.bootproto == "dhcp"
- name: Disable the initial-setup and other unneeded services
become: yes
file:
path: "{{ location }}/etc/systemd/system/multi-user.target.wants/{{ item }}.service"
state: absent
loop:
- initial-setup
- abrtd
- abrt-journal-core
- abrt-oops
- abrt-vmcore
- abrt-xorg
- cups
- nfs-client
- vboxservice
- vmtoolsd
- ModemManager
- rngd
- avahi-daemon
- auditd
- smartd
- libvirtd
- remote-fs