################################################# # DO Community Playbooks: Docker ################################################# --- - hosts: all become: true vars_files: - vars/pies.yml tasks: - name: Check if LCD Rotated shell: grep -c "lcd_rotate=2" /boot/config.txt || true register: lcd_rotate_test - name: rotate the lcd lineinfile: dest: /boot/config.txt line: lcd_rotate=2 when: lcd_rotate_test.stdout == "0" - name: Update the hostname file replace: path: /etc/hostname regexp: '(\s*)raspberrypi(\s+.*)?$' replace: "\\1{{ hostname }}\\2" backup: yes - name: Update the hosts file replace: path: /etc/hosts regexp: '(\s+)raspberrypi(\s+.*)?$' replace: "\\1{{ hostname }}\\2" backup: yes - name: Ensure SSH Directory exists file: path: /home/pi/.ssh state: directory group: pi owner: pi mode: 0700 - name: Ensure authorized_keys file exists copy: content: "" dest: /home/pi/.ssh/authorized_keys force: no group: pi owner: pi mode: 0644 - name: Check Peitho public key shell: "grep -c \"{{ peitho_key }}\" /home/pi/.ssh/authorized_keys || true" register: peithokey_test - name: Add Peitho public key lineinfile: dest: /home/pi/.ssh/authorized_keys line: "{{ peitho_key }}" when: peithokey_test.stdout == "0" - name: Check Beacon public key shell: "grep -c \"{{ beacon_key }}\" /home/pi/.ssh/authorized_keys || true" register: beaconkey_test - name: Add Knox public key lineinfile: dest: /home/pi/.ssh/authorized_keys line: "{{ beacon_key }}" when: beaconkey_test.stdout == "0" - name: Check Buttercup public key shell: "grep -c \"{{ buttercup_key }}\" /home/pi/.ssh/authorized_keys || true" register: buttercupkey_test - name: Add Buttercup public key lineinfile: dest: /home/pi/.ssh/authorized_keys line: "{{ buttercup_key }}" when: buttercupkey_test.stdout == "0" - name: Update the sshd config file to disable password logins replace: path: /etc/ssh/sshd_config regexp: '(\s+)#PasswordAuthentication yes(\s+.*)?$' replace: "\\1PasswordAuthentication no\\2" backup: yes - name: Check if .ssh config file exists stat: path: /home/pi/.ssh/config register: config_status - name: No need to upload the .ssh config when: config_status.stat.exists == true debug: msg: No need to upload the .ssh config as it already exists. - name: Upload the .ssh config file when: config_status.stat.exists == false template: src: "files/config" dest: "/home/pi/.ssh/config" group: pi owner: pi mode: 0644 - name: Check if rsa key exists stat: path: /home/pi/.ssh/id_rsa register: key_status - name: No need to generate new rsa key when: key_status.stat.exists == true debug: msg: No need to generate new rsa key as it already exists. - name: Generate new rsa key when: key_status.stat.exists == false become: yes become_user: pi shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "pi@{{ hostname }} $(date '+%Y.%m.%d')" -N "" - name: Install Docker shell: curl -sSL https://get.docker.com | sh - name: Install matchbox-keyboard package: name: matchbox-keyboard state: latest - name: Install python3-docker package: name: python3-docker state: latest - name: adding user pi to group docker user: name: pi groups: docker append: yes - name: adding user pi to group lp (line printers) user: name: pi groups: lp append: yes - name: install beacon-redis-tunnel systemd unit file template: src: "files/beacon-redis-tunnel.service" dest: "/etc/systemd/system/beacon-redis-tunnel.service" - name: enable service beacon-redis-tunnel and ensure it is not masked systemd: name: beacon-redis-tunnel enabled: yes masked: no - name: Make sure beacon-redis-tunnel service is running systemd: state: started name: beacon-redis-tunnel - name: install leardal systemd unit file template: src: "files/leardal.service" dest: "/etc/systemd/system/leardal.service" - name: enable service leardal and ensure it is not masked systemd: name: leardal enabled: yes masked: no - name: Make sure leardal service is running systemd: state: started name: leardal