################################################# # DO Community Playbooks: Docker ################################################# --- - hosts: all become: true vars_files: - vars/pies.yml tasks: - name: Check if LCD Rotated shell: grep -c "lcd_rotate=2" /boot/config.txt || true register: lcd_rotate_test - name: rotate the lcd lineinfile: dest: /boot/config.txt line: lcd_rotate=2 when: lcd_rotate_test.stdout == "0" - name: Update the hostname file replace: path: /etc/hostname regexp: '(\s*)raspberrypi(\s+.*)?$' replace: "\\1{{ hostname }}\\2" backup: yes - name: Update the hosts file replace: path: /etc/hosts regexp: '(\s+)raspberrypi(\s+.*)?$' replace: "\\1{{ hostname }}\\2" backup: yes - name: Ensure SSH Directory exists file: path: /home/pi/.ssh state: directory group: pi owner: pi mode: 0700 - name: Ensure authorized_keys file exists copy: content: "" dest: /home/pi/.ssh/authorized_keys force: no group: pi owner: pi mode: 0644 - name: Check Terminus public key shell: "grep -c \"{{ terminus_key }}\" /home/pi/.ssh/authorized_keys || true" register: terminuskey_test - name: Add Terminus public key lineinfile: dest: /home/pi/.ssh/authorized_keys line: "{{ terminus_key }}" when: terminuskey_test.stdout == "0" - name: Check rohan public key shell: "grep -c \"{{ rohan_key }}\" /home/pi/.ssh/authorized_keys || true" register: rohankey_test - name: Add Rohan public key lineinfile: dest: /home/pi/.ssh/authorized_keys line: "{{ rohan_key }}" when: rohankey_test.stdout == "0" - name: Check Buttercup public key shell: "grep -c \"{{ buttercup_key }}\" /home/pi/.ssh/authorized_keys || true" register: buttercupkey_test - name: Add Buttercup public key lineinfile: dest: /home/pi/.ssh/authorized_keys line: "{{ buttercup_key }}" when: buttercupkey_test.stdout == "0" - name: Update the sshd config file to disable password logins replace: path: /etc/ssh/sshd_config regexp: '(\s+)#PasswordAuthentication yes(\s+.*)?$' replace: "\\1PasswordAuthentication no\\2" backup: yes - name: Check if .ssh config file exists stat: path: /home/pi/.ssh/config register: config_status - name: No need to upload the .ssh config when: config_status.stat.exists == true debug: msg: No need to upload the .ssh config as it already exists. - name: Upload the .ssh config file when: config_status.stat.exists == false template: src: "files/config" dest: "/home/pi/.ssh/config" group: pi owner: pi mode: 0644 - name: Check if ed25519 key exists stat: path: /home/pi/.ssh/id_ed25519 register: key_status - name: No need to generate new rsa key when: key_status.stat.exists == true debug: msg: No need to generate new rsa key as it already exists. - name: Generate new id_ed25519 key when: key_status.stat.exists == false become: yes become_user: pi shell: ssh-keygen -t id_ed25519 -q -f /home/pi/.ssh/id_ed25519 -C "pi@{{ hostname }} $(date '+%Y.%m.%d')" -N "" - name: Install Docker shell: curl -sSL https://get.docker.com | sh - name: Install matchbox-keyboard package: name: matchbox-keyboard state: latest - name: Install python3-docker package: name: python3-docker state: latest - name: adding user pi to group docker user: name: pi groups: docker append: yes - name: adding user pi to group lp (line printers) user: name: pi groups: lp append: yes - name: install rohan-redis-tunnel systemd unit file template: src: "files/rohan-redis-tunnel.service" dest: "/etc/systemd/system/rohan-redis-tunnel.service" - name: enable service rohan-redis-tunnel and ensure it is not masked systemd: name: rohan-redis-tunnel enabled: yes masked: no - name: Make sure rohan-redis-tunnel service is running systemd: state: started name: rohan-redis-tunnel - name: install leardal systemd unit file template: src: "files/leardal.service" dest: "/etc/systemd/system/leardal.service" - name: enable service leardal and ensure it is not masked systemd: name: leardal enabled: yes masked: no - name: Make sure leardal service is running systemd: state: started name: leardal