From 6ad48057e631e3fae1cacb13b912305064ef007d Mon Sep 17 00:00:00 2001 From: Erin Moon Date: Sat, 15 Jun 2019 23:57:59 -0500 Subject: [PATCH] bootstrap --- README.md | 11 ++++++++++- bootstrap.retry | 1 + bootstrap.yml | 23 +++++++++++++++++++++++ inventory | 1 + provision.yml | 4 ++++ roles/rpi-base/defaults/main.yml | 6 ++++++ roles/rpi-base/handlers/main.yml | 3 +++ roles/rpi-base/tasks/access.yml | 5 +++++ roles/rpi-base/tasks/hostname.yml | 10 ++++++++++ roles/rpi-base/tasks/locale.yml | 13 +++++++++++++ roles/rpi-base/tasks/main.yml | 15 +++++++++++++++ roles/rpi-base/tasks/user.yml | 13 +++++++++++++ roles/rpi-base/templates/etc/default/locale.j2 | 1 + roles/unifi/defaults/default.yml | 1 + roles/unifi/tasks/main.yml | 7 +++++++ vars/secrets.yml | 6 ++++++ 16 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 bootstrap.retry create mode 100644 bootstrap.yml create mode 100644 inventory create mode 100644 provision.yml create mode 100644 roles/rpi-base/defaults/main.yml create mode 100644 roles/rpi-base/handlers/main.yml create mode 100644 roles/rpi-base/tasks/access.yml create mode 100644 roles/rpi-base/tasks/hostname.yml create mode 100644 roles/rpi-base/tasks/locale.yml create mode 100644 roles/rpi-base/tasks/main.yml create mode 100644 roles/rpi-base/tasks/user.yml create mode 100644 roles/rpi-base/templates/etc/default/locale.j2 create mode 100644 roles/unifi/defaults/default.yml create mode 100644 roles/unifi/tasks/main.yml create mode 100644 vars/secrets.yml diff --git a/README.md b/README.md index eb74c8f..5f2c217 100644 --- a/README.md +++ b/README.md @@ -1 +1,10 @@ -# coming to a low-power ARM board far away from you, any day now \ No newline at end of file +# coming to a low-power ARM board far away from you, any day now + + +## deps +ansible, `sshpass` + +```sh +λ ~/git/comfy.lab/inf-aux +» ansible-playbook bootstrap.yml --extra-vars "unprepped=raspberrypi.lab.uncomfortably.online provision_hostname=aux" -i inventory +``` \ No newline at end of file diff --git a/bootstrap.retry b/bootstrap.retry new file mode 100644 index 0000000..83215b3 --- /dev/null +++ b/bootstrap.retry @@ -0,0 +1 @@ +aux.local diff --git a/bootstrap.yml b/bootstrap.yml new file mode 100644 index 0000000..0f0b16f --- /dev/null +++ b/bootstrap.yml @@ -0,0 +1,23 @@ +- hosts: localhost + connection: local + tasks: + - add_host: + name: "{{ unprepped }}" + groups: unprepped + ansible_user: pi + ansible_password: raspberry + changed_when: false + + +- hosts: unprepped + vars_prompt: + - name: provision_hostname + prompt: hostname to provision with? + private: no + tasks: + - include_role: + name: rpi-base + vars: + new_hostname: "{{provision_hostname}}" + ssh_keys: + - "{{ lookup('file', 'keys/id_rsa.pub') }}" diff --git a/inventory b/inventory new file mode 100644 index 0000000..097d6f8 --- /dev/null +++ b/inventory @@ -0,0 +1 @@ +aux.lab.uncomfortably.online ansible_user=pi \ No newline at end of file diff --git a/provision.yml b/provision.yml new file mode 100644 index 0000000..6bbd87c --- /dev/null +++ b/provision.yml @@ -0,0 +1,4 @@ +- hosts: aux.lab.uncomfortably.online + tasks: + - include_role: + name: unifi \ No newline at end of file diff --git a/roles/rpi-base/defaults/main.yml b/roles/rpi-base/defaults/main.yml new file mode 100644 index 0000000..ce50bea --- /dev/null +++ b/roles/rpi-base/defaults/main.yml @@ -0,0 +1,6 @@ +#### locale #### +default_locale: 'en-US.UTF-8' +locales: + - 'en-US.UTF-8' + +tz: America/Chicago diff --git a/roles/rpi-base/handlers/main.yml b/roles/rpi-base/handlers/main.yml new file mode 100644 index 0000000..16fe890 --- /dev/null +++ b/roles/rpi-base/handlers/main.yml @@ -0,0 +1,3 @@ +- name: locale-gen + shell: locale-gen + become: yes \ No newline at end of file diff --git a/roles/rpi-base/tasks/access.yml b/roles/rpi-base/tasks/access.yml new file mode 100644 index 0000000..fb34188 --- /dev/null +++ b/roles/rpi-base/tasks/access.yml @@ -0,0 +1,5 @@ +- name: ACCESS | enable & start sshd + service: + name: ssh + state: started + enabled: yes \ No newline at end of file diff --git a/roles/rpi-base/tasks/hostname.yml b/roles/rpi-base/tasks/hostname.yml new file mode 100644 index 0000000..4ab7c65 --- /dev/null +++ b/roles/rpi-base/tasks/hostname.yml @@ -0,0 +1,10 @@ +- name: HOSTNAME | set hostname + hostname: + name: '{{ new_hostname }}' + +- name: HOSTNAME | replace hostname in /etc/hosts + replace: + path: /etc/hosts + regexp: '(127.0.1.1\s+).+(\s+.*)$' + replace: '\1{{new_hostname}}\2' + diff --git a/roles/rpi-base/tasks/locale.yml b/roles/rpi-base/tasks/locale.yml new file mode 100644 index 0000000..b39683f --- /dev/null +++ b/roles/rpi-base/tasks/locale.yml @@ -0,0 +1,13 @@ +- name: LOCALE | build locales + lineinfile: + path: /etc/locale.gen + regexp: '#\s*{{item}}' + line: '{{item}}' + state: present + with_items: "{{locales}}" + notify: locale-gen + +- name: LOCALE | set default locale + template: + src: etc/default/locale.j2 + dest: /etc/default/locale \ No newline at end of file diff --git a/roles/rpi-base/tasks/main.yml b/roles/rpi-base/tasks/main.yml new file mode 100644 index 0000000..17d559d --- /dev/null +++ b/roles/rpi-base/tasks/main.yml @@ -0,0 +1,15 @@ +- name: "############## IMPORT TASKS: hostname ##############" + import_tasks: hostname.yml + become: yes + +- name: "############## IMPORT TASKS: locale ##############" + import_tasks: locale.yml + become: yes + +- name: "############## IMPORT TASKS: access ##############" + import_tasks: access.yml + become: yes + +- name: "############## IMPORT TASKS: user ##############" + import_tasks: user.yml + become: yes diff --git a/roles/rpi-base/tasks/user.yml b/roles/rpi-base/tasks/user.yml new file mode 100644 index 0000000..c0ece72 --- /dev/null +++ b/roles/rpi-base/tasks/user.yml @@ -0,0 +1,13 @@ +# - name: USER | change password +# user: +# name: pi +# password: "{{ lookup('passwordstore', 'infra/machine/pi@' + ansible_hostname + ' create=true length=20') +# | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}" + +- name: USER | add authorized SSH key(s) + authorized_key: + user: pi + state: present + key: "{{ lookup('file', item) }}" + with_fileglob: + - "keys/*.pub" \ No newline at end of file diff --git a/roles/rpi-base/templates/etc/default/locale.j2 b/roles/rpi-base/templates/etc/default/locale.j2 new file mode 100644 index 0000000..8724774 --- /dev/null +++ b/roles/rpi-base/templates/etc/default/locale.j2 @@ -0,0 +1 @@ +LOCALE="{{default_locale}}" \ No newline at end of file diff --git a/roles/unifi/defaults/default.yml b/roles/unifi/defaults/default.yml new file mode 100644 index 0000000..48dd338 --- /dev/null +++ b/roles/unifi/defaults/default.yml @@ -0,0 +1 @@ +unifi_channel=stable diff --git a/roles/unifi/tasks/main.yml b/roles/unifi/tasks/main.yml new file mode 100644 index 0000000..6a50648 --- /dev/null +++ b/roles/unifi/tasks/main.yml @@ -0,0 +1,7 @@ +- apt_repository: + repo: "deb http://www.ubnt.com/downloads/unifi/debian {{unifi_channel}} ubiquiti" + state: present + +- apt_key: + url: https://dl.ubnt.com/unifi/unifi-repo.gpg + state: present \ No newline at end of file diff --git a/vars/secrets.yml b/vars/secrets.yml new file mode 100644 index 0000000..c8c7b7e --- /dev/null +++ b/vars/secrets.yml @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +36373864353634383162353562633637656532336132313664303736356664333166316363636132 +3735623235646562373830336265646334316237383539630a373037653463393138663865616364 +64666636336131626337646462636363613036366265646163373231633332663764633864653137 +6537663231356235630a306461396237376466633039323434343366633139356264323862323938 +65643437613533333366313831646231623335643832663836313164663032663432