180 lines
5.0 KiB
YAML
Executable File
180 lines
5.0 KiB
YAML
Executable File
#################################################
|
|
# DO Community Playbooks: Docker
|
|
#################################################
|
|
---
|
|
- hosts: all
|
|
become: true
|
|
vars_files:
|
|
- vars/pies.yml
|
|
|
|
tasks:
|
|
# - name: Check if LCD Rotated
|
|
# shell: grep -c "lcd_rotate=2" /boot/config.txt || true
|
|
# register: lcd_rotate_test
|
|
|
|
# - name: rotate the lcd
|
|
# lineinfile:
|
|
# dest: /boot/config.txt
|
|
# line: lcd_rotate=2
|
|
# when: lcd_rotate_test.stdout == "0"
|
|
|
|
- name: Update the hostname file
|
|
replace:
|
|
path: /etc/hostname
|
|
regexp: '(\s*)raspberrypi(\s+.*)?$'
|
|
replace: "\\1{{ hostname }}\\2"
|
|
backup: yes
|
|
|
|
- name: Update the hosts file
|
|
replace:
|
|
path: /etc/hosts
|
|
regexp: '(\s+)raspberrypi(\s+.*)?$'
|
|
replace: "\\1{{ hostname }}\\2"
|
|
backup: yes
|
|
|
|
- name: Ensure SSH Directory exists
|
|
file:
|
|
path: "/home/{{ user }}/.ssh"
|
|
state: directory
|
|
group: "{{ user }}"
|
|
owner: "{{ user }}"
|
|
mode: 0700
|
|
|
|
- name: Ensure authorized_keys file exists
|
|
copy:
|
|
content: ""
|
|
dest: "/home/{{ user }}/.ssh/authorized_keys"
|
|
force: no
|
|
group: "{{ user }}"
|
|
owner: "{{ user }}"
|
|
mode: 0644
|
|
|
|
- name: Check Terminus public key
|
|
shell: "grep -c \"{{ terminus_key }}\" /home/{{ user }}/.ssh/authorized_keys || true"
|
|
register: terminuskey_test
|
|
|
|
- name: Add Terminus public key
|
|
lineinfile:
|
|
dest: "/home/{{ user }}/.ssh/authorized_keys"
|
|
line: "{{ terminus_key }}"
|
|
when: terminuskey_test.stdout == "0"
|
|
|
|
- name: Check rohan public key
|
|
shell: "grep -c \"{{ rohan_key }}\" /home/{{ user }}/.ssh/authorized_keys || true"
|
|
register: rohankey_test
|
|
|
|
- name: Add Rohan public key
|
|
lineinfile:
|
|
dest: "/home/{{ user }}/.ssh/authorized_keys"
|
|
line: "{{ rohan_key }}"
|
|
when: rohankey_test.stdout == "0"
|
|
|
|
- name: Check Anjin public key
|
|
shell: "grep -c \"{{ anjin_key }}\" /home/{{ user }}/.ssh/authorized_keys || true"
|
|
register: anjin_key_test
|
|
|
|
- name: Add Anjin public key
|
|
lineinfile:
|
|
dest: "/home/{{ user }}/.ssh/authorized_keys"
|
|
line: "{{ anjin_key }}"
|
|
when: anjin_key_test.stdout == "0"
|
|
|
|
- name: Update the sshd config file to disable password logins
|
|
replace:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '(\s+)#PasswordAuthentication yes(\s+.*)?$'
|
|
replace: "\\1PasswordAuthentication no\\2"
|
|
backup: yes
|
|
|
|
- name: Check if .ssh config file exists
|
|
stat:
|
|
path: "/home/{{ user }}/.ssh/config"
|
|
register: config_status
|
|
|
|
- name: No need to upload the .ssh config
|
|
when: config_status.stat.exists == true
|
|
debug:
|
|
msg: No need to upload the .ssh config as it already exists.
|
|
|
|
- name: Upload the .ssh config file
|
|
when: config_status.stat.exists == false
|
|
template:
|
|
src: "files/config"
|
|
dest: "/home/{{ user }}/.ssh/config"
|
|
group: "{{ user }}"
|
|
owner: "{{ user }}"
|
|
mode: 0644
|
|
|
|
- name: Check if ed25519 key exists
|
|
stat:
|
|
path: "/home/{{ user }}/.ssh/id_ed25519"
|
|
register: key_status
|
|
|
|
- name: No need to generate new ed25519 key
|
|
when: key_status.stat.exists == true
|
|
debug:
|
|
msg: No need to generate new ed25519 key as it already exists.
|
|
|
|
- name: Generate new id_ed25519 key
|
|
when: key_status.stat.exists == false
|
|
become: yes
|
|
become_user: "{{ user }}"
|
|
shell: ssh-keygen -t ed25519 -q -f "/home/{{ user }}/.ssh/id_ed25519" -C "{{ user }}@{{ hostname }} $(date '+%Y.%m.%d')" -N ""
|
|
|
|
- name: Install Docker
|
|
shell: curl -sSL https://get.docker.com | sh
|
|
|
|
- name: Install matchbox-keyboard
|
|
package:
|
|
name: matchbox-keyboard
|
|
state: latest
|
|
|
|
- name: Install python3-docker
|
|
package:
|
|
name: python3-docker
|
|
state: latest
|
|
|
|
- name: adding user to group docker
|
|
user:
|
|
name: "{{ user }}"
|
|
groups: docker
|
|
append: yes
|
|
|
|
- name: adding user to group lp (line printers)
|
|
user:
|
|
name: "{{ user }}"
|
|
groups: lp
|
|
append: yes
|
|
|
|
- name: install rohan-redis-tunnel systemd unit file
|
|
template:
|
|
src: "files/rohan-redis-tunnel.service"
|
|
dest: "/etc/systemd/system/rohan-redis-tunnel.service"
|
|
|
|
- name: enable service rohan-redis-tunnel and ensure it is not masked
|
|
systemd:
|
|
name: rohan-redis-tunnel
|
|
enabled: yes
|
|
masked: no
|
|
|
|
- name: Make sure rohan-redis-tunnel service is running
|
|
systemd:
|
|
state: started
|
|
name: rohan-redis-tunnel
|
|
|
|
- name: install leardal systemd unit file
|
|
template:
|
|
src: "files/leardal.service"
|
|
dest: "/etc/systemd/system/leardal.service"
|
|
|
|
- name: enable service leardal and ensure it is not masked
|
|
systemd:
|
|
name: leardal
|
|
enabled: yes
|
|
masked: no
|
|
|
|
- name: Make sure leardal service is running
|
|
systemd:
|
|
state: started
|
|
name: leardal
|