121 lines
3.3 KiB
YAML
121 lines
3.3 KiB
YAML
---
|
|
###
|
|
# This role installs the basic package and host setup for AniNIX operations.
|
|
#
|
|
#
|
|
#
|
|
- name: Set up AniNIX-specific repository
|
|
become: yes
|
|
file:
|
|
path: /opt/aninix
|
|
state: directory
|
|
|
|
- name: Verify GPG keys
|
|
ignore_errors: yes
|
|
become: yes
|
|
command:
|
|
cmd: gpg --homedir /etc/pacman.d/gnupg --list-key 1CC1E3F4ED06F296
|
|
register: gpg_verify
|
|
when: ansible_os_family == "Archlinux"
|
|
|
|
- name: Install GPG keys
|
|
become: yes
|
|
command:
|
|
cmd: /bin/bash -l -c 'pacman-key --recv-key 1CC1E3F4ED06F296; pacman-key --finger 1CC1E3F4ED06F296; pacman-key --lsign-key 1CC1E3F4ED06F296;'
|
|
when: ansible_os_family == "Archlinux" and gpg_verify.rc != 0
|
|
|
|
- name: Set up pacman.conf
|
|
become: yes
|
|
blockinfile:
|
|
path: /etc/pacman.conf
|
|
insertafter: EOF
|
|
marker: "# {mark} Ubiqtorate Managed Block"
|
|
block: |
|
|
[AniNIX]
|
|
SigLevel = Required DatabaseOptional
|
|
Server = https://maat.aninix.net/
|
|
|
|
[aur]
|
|
SigLevel = Required DatabaseOptional
|
|
Server = https://maat.aninix.net/aur/
|
|
when: ansible_os_family == "Archlinux"
|
|
|
|
- name: Install ShadowArch (ArchLinux)
|
|
become: yes
|
|
pacman:
|
|
name: ShadowArch
|
|
state: present
|
|
update_cache: yes
|
|
when: ansible_os_family == "Archlinux"
|
|
|
|
- name: Download ShadowArch (Other)
|
|
become: yes
|
|
git:
|
|
repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
|
|
dest: '/opt/aninix/ShadowArch'
|
|
update: yes
|
|
when: ansible_os_family != "Archlinux"
|
|
|
|
- name: Install ShadowArch (Other)
|
|
become: yes
|
|
command:
|
|
chdir: '/opt/aninix/ShadowArch'
|
|
cmd: 'make install'
|
|
when: ansible_os_family != "Archlinux"
|
|
|
|
- name: Base packages
|
|
become: yes
|
|
package:
|
|
name:
|
|
- bash
|
|
- sudo
|
|
|
|
- name: Set up hostname
|
|
become: yes
|
|
hostname:
|
|
name: "{{ inventory_hostname }}.{{ replica_domain }}"
|
|
|
|
- name: Set up /etc/hosts
|
|
become: yes
|
|
lineinfile:
|
|
dest: /etc/hosts
|
|
regexp: '^127.0.0.1[ \t]+localhost'
|
|
line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
|
|
state: present
|
|
|
|
- name: Identify depriv user
|
|
command:
|
|
cmd: "bash -c 'getent passwd 1001 | cut -f 1 -d :'"
|
|
register: depriv_user
|
|
|
|
# This is an AniNIX convention to allow password management by Ansible.
|
|
- name: Ensure 1001 has sudo permissions.
|
|
become: yes
|
|
copy:
|
|
dest: /etc/sudoers.d/1001
|
|
content: "{{ depriv_user.stdout }} ALL=(ALL) NOPASSWD: ALL\n"
|
|
|
|
- name: Test root password
|
|
ignore_errors: yes
|
|
register: root_password_test
|
|
become: yes
|
|
command: id
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_user: root
|
|
ansible_become_password: "{{ lookup('vars',inventory_hostname+'_password') }}"
|
|
|
|
- name: Define root password
|
|
become: yes
|
|
when: root_password_test.rc is not defined or root_password_test.rc != 0
|
|
command:
|
|
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd"
|
|
|
|
|
|
- name: Define depriv password
|
|
become: yes
|
|
when: root_password_test.rc is not defined or root_password_test.rc != 0
|
|
command:
|
|
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd {{ depriv_user.stdout }}"
|
|
|