#################################################
# DO Community Playbooks: Docker
#################################################
---
- hosts: all
become: true
vars_files:
- vars/pies.yml
tasks:
- name: Check if LCD Rotated
shell: grep -c "lcd_rotate=2" /boot/config.txt || true
register: lcd_rotate_test
- name: rotate the lcd
lineinfile:
dest: /boot/config.txt
line: lcd_rotate=2
when: lcd_rotate_test.stdout == "0"
- name: Update the hostname file
replace:
path: /etc/hostname
regexp: '(\s*)raspberrypi(\s+.*)?$'
replace: "\\1{{ hostname }}\\2"
backup: yes
- name: Update the hosts file
replace:
path: /etc/hosts
regexp: '(\s+)raspberrypi(\s+.*)?$'
replace: "\\1{{ hostname }}\\2"
backup: yes
- name: Ensure SSH Directory exists
file:
path: /home/pi/.ssh
state: directory
group: pi
owner: pi
mode: 0700
- name: Ensure authorized_keys file exists
copy:
content: ""
dest: /home/pi/.ssh/authorized_keys
force: no
group: pi
owner: pi
mode: 0644
- name: Check Peitho public key
shell: "grep -c \"{{ peitho_key }}\" /home/pi/.ssh/authorized_keys || true"
register: peithokey_test
- name: Add Peitho public key
lineinfile:
dest: /home/pi/.ssh/authorized_keys
line: "{{ peitho_key }}"
when: peithokey_test.stdout == "0"
- name: Check Knox public key
shell: "grep -c \"{{ knox_key }}\" /home/pi/.ssh/authorized_keys || true"
register: knoxkey_test
- name: Add Knox public key
lineinfile:
dest: /home/pi/.ssh/authorized_keys
line: "{{ knox_key }}"
when: knoxkey_test.stdout == "0"
- name: Check Buttercup public key
shell: "grep -c \"{{ buttercup_key }}\" /home/pi/.ssh/authorized_keys || true"
register: buttercupkey_test
- name: Add Buttercup public key
lineinfile:
dest: /home/pi/.ssh/authorized_keys
line: "{{ buttercup_key }}"
when: buttercupkey_test.stdout == "0"
- name: Update the sshd config file to disable password logins
replace:
path: /etc/ssh/sshd_config
regexp: '(\s+)#PasswordAuthentication yes(\s+.*)?$'
replace: "\\1PasswordAuthentication no\\2"
backup: yes
- name: Check if .ssh config file exists
stat:
path: /home/pi/.ssh/config
register: config_status
- name: No need to upload the .ssh config
when: config_status.stat.exists == true
debug:
msg: No need to upload the .ssh config as it already exists.
- name: Upload the .ssh config file
when: config_status.stat.exists == false
template:
src: "files/config"
dest: "/home/pi/.ssh/config"
group: pi
owner: pi
mode: 0644
- name: Check if rsa key exists
stat:
path: /home/pi/.ssh/id_rsa
register: key_status
- name: No need to generate new rsa key
when: key_status.stat.exists == true
debug:
msg: No need to generate new rsa key as it already exists.
- name: Generate new rsa key
when: key_status.stat.exists == false
become: yes
become_user: pi
shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "pi@{{ hostname }} $(date '+%Y.%m.%d')" -N ""
- name: Install Docker
shell: curl -sSL https://get.docker.com | sh
- name: Install matchbox-keyboard
package:
name: matchbox-keyboard
state: latest
- name: Install python3-docker
package:
name: python3-docker
state: latest
- name: adding user pi to group docker
user:
name: pi
groups: docker
append: yes
- name: adding user pi to group lp (line printers)
user:
name: pi
groups: lp
append: yes
- name: install knox-redis-tunnel systemd unit file
template:
src: "files/knox-redis-tunnel.service"
dest: "/etc/systemd/system/knox-redis-tunnel.service"
- name: enable service knox-redis-tunnel and ensure it is not masked
systemd:
name: knox-redis-tunnel
enabled: yes
masked: no
- name: Make sure knox-redis-tunnel service is running
systemd:
state: started
name: knox-redis-tunnel
- name: install gotthard systemd unit file
template:
src: "files/gotthard.service"
dest: "/etc/systemd/system/gotthard.service"
- name: enable service gotthard and ensure it is not masked
systemd:
name: gotthard
enabled: yes
masked: no
- name: Make sure gotthard service is running
systemd:
state: started
name: gotthard