bootstrap

README.md

@@ -1 +1,10 @@
-# coming to a low-power ARM board far away from you, any day now
+# coming to a low-power ARM board far away from you, any day now
+
+
+## deps
+ansible, `sshpass`
+
+```sh
+λ ~/git/comfy.lab/inf-aux  
+» ansible-playbook bootstrap.yml --extra-vars "unprepped=raspberrypi.lab.uncomfortably.online provision_hostname=aux" -i inventory
+```

bootstrap.retry

@@ -0,0 +1 @@
+aux.local

bootstrap.yml

@@ -0,0 +1,23 @@
+- hosts: localhost
+  connection: local
+  tasks:
+  - add_host:
+      name: "{{ unprepped }}"
+      groups: unprepped
+      ansible_user: pi
+      ansible_password: raspberry
+    changed_when: false
+
+
+- hosts: unprepped
+  vars_prompt:
+    - name: provision_hostname
+      prompt: hostname to provision with?
+      private: no
+  tasks:
+    - include_role:
+        name: rpi-base
+      vars:
+        new_hostname: "{{provision_hostname}}"
+        ssh_keys:
+          - "{{ lookup('file', 'keys/id_rsa.pub') }}"

inventory

@@ -0,0 +1 @@
+aux.lab.uncomfortably.online ansible_user=pi

provision.yml

@@ -0,0 +1,4 @@
+- hosts: aux.lab.uncomfortably.online
+  tasks:
+    - include_role:
+        name: unifi

roles/rpi-base/defaults/main.yml

@@ -0,0 +1,6 @@
+#### locale ####
+default_locale: 'en-US.UTF-8'
+locales:
+  - 'en-US.UTF-8'
+
+tz: America/Chicago

roles/rpi-base/handlers/main.yml

@@ -0,0 +1,3 @@
+- name: locale-gen
+  shell: locale-gen
+  become: yes

roles/rpi-base/tasks/access.yml

@@ -0,0 +1,5 @@
+- name: ACCESS | enable & start sshd
+  service:
+    name: ssh
+    state: started
+    enabled: yes

roles/rpi-base/tasks/hostname.yml

@@ -0,0 +1,10 @@
+- name: HOSTNAME | set hostname
+  hostname:
+    name: '{{ new_hostname }}'
+
+- name: HOSTNAME | replace hostname in /etc/hosts
+  replace:
+    path: /etc/hosts
+    regexp: '(127.0.1.1\s+).+(\s+.*)$'
+    replace: '\1{{new_hostname}}\2'
+

roles/rpi-base/tasks/locale.yml

@@ -0,0 +1,13 @@
+- name: LOCALE | build locales
+  lineinfile:
+    path: /etc/locale.gen
+    regexp: '#\s*{{item}}'
+    line: '{{item}}'
+    state: present
+  with_items: "{{locales}}"
+  notify: locale-gen
+
+- name: LOCALE | set default locale
+  template:
+    src: etc/default/locale.j2
+    dest: /etc/default/locale

roles/rpi-base/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: "############## IMPORT TASKS: hostname   ##############"
+  import_tasks: hostname.yml
+  become: yes
+
+- name: "############## IMPORT TASKS: locale     ##############"
+  import_tasks: locale.yml
+  become: yes
+
+- name: "############## IMPORT TASKS: access     ##############"
+  import_tasks: access.yml
+  become: yes
+
+- name: "############## IMPORT TASKS: user       ##############"
+  import_tasks: user.yml
+  become: yes

roles/rpi-base/tasks/user.yml

@@ -0,0 +1,13 @@
+# - name: USER | change password
+#   user:
+#     name: pi
+#     password: "{{ lookup('passwordstore', 'infra/machine/pi@' + ansible_hostname + ' create=true length=20')
+#                     | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}"
+
+- name: USER | add authorized SSH key(s)
+  authorized_key:
+    user: pi
+    state: present
+    key: "{{ lookup('file', item) }}"
+  with_fileglob:
+    - "keys/*.pub"

roles/rpi-base/templates/etc/default/locale.j2

@@ -0,0 +1 @@
+LOCALE="{{default_locale}}"

roles/unifi/defaults/default.yml

@@ -0,0 +1 @@
+unifi_channel=stable

roles/unifi/tasks/main.yml

@@ -0,0 +1,7 @@
+- apt_repository:
+    repo: "deb http://www.ubnt.com/downloads/unifi/debian {{unifi_channel}} ubiquiti"
+    state: present
+
+- apt_key:
+    url: https://dl.ubnt.com/unifi/unifi-repo.gpg
+    state: present

vars/secrets.yml

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+36373864353634383162353562633637656532336132313664303736356664333166316363636132
+3735623235646562373830336265646334316237383539630a373037653463393138663865616364
+64666636336131626337646462636363613036366265646163373231633332663764633864653137
+6537663231356235630a306461396237376466633039323434343366633139356264323862323938
+65643437613533333366313831646231623335643832663836313164663032663432