iiab/roles/1-prep/tasks/main.yml

# Preparations (Hardware Level)

- name: ...IS BEGINNING ============================================
  command: echo

- name: Install uuid-runtime package (debuntu)
  package:
    name: 
      - uuid-runtime
      - sudo
    state: present
  when: is_debuntu

- name: Does /etc/iiab/uuid file exist?
  stat:
    path: /etc/iiab/uuid
  register: uuid_file

- name: If no uuid exists, create one
  shell: uuidgen
  register: uuid_response
  when: not uuid_file.stat.exists

- name: Put uuid in place at /etc/iiab/uuid
  shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
  when: not uuid_file.stat.exists

- name: Grab the uuid from /etc/iiab/uuid, into register stored_uuid
  command: cat /etc/iiab/uuid
  register: stored_uuid

- name: Place the uuid from register into variable/fact "uuid"
  set_fact:
    uuid: "{{ stored_uuid.stdout_lines[0] }}"

#- name: Does directory /ro exist? (indicating OS is Ubermix)
#  stat:
#    path: /ro
#  register: ro_dir

#- debug:
#    var: ro_dir

- name: Does 'ubermix' exist in /etc/lsb-release?
  shell: grep -i ubermix /etc/lsb-release    # Pipe to cat to avoid red errors?
  register: grep_ubermix
  failed_when: false    # Universal way to hide alarmist red errors!
  #ignore_errors: true
  #check_mode: no

#- debug:
#    var: grep_ubermix

- name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix
  copy:
    src: roles/1-prep/files/iiab.conf
    dest: /etc/tmpfiles.d/
    owner: root
    group: root
    mode: 0644
    force: yes
  when: grep_ubermix.rc == 0    # 1 if absent in file, 2 if file doesn't exist
  #when: ro_dir.stat.exists

- name: SSHD
  include_role:
    name: sshd
  # has no "when: XXXXX_install" flag
  tags: base, sshd

- name: IIAB-ADMIN
  include_role:
    name: iiab-admin
  # has no "when: XXXXX_install" flag
  tags: base, iiab-admin

- name: OPENVPN
  include_role:
    name: openvpn
  when: openvpn_install
  tags: openvpn

# for rpi, without rtc, we need time as soon as possible
- name: Install chrony (an NTP package) especially for RPi's lacking RTC
  package:
    name: chrony
    state: present
  tags:
    - download

#TODO: Use regexp filter instead of hard-code ip
- name: Install /etc/chrony.conf from template
  template:
    src: chrony.conf.j2
    dest: /etc/chrony.conf
    backup: no

- name: Disable AppArmor -- override OS default (ubuntu)
  service:
    name: apparmor
    enabled: False
    state: stopped
  when: is_ubuntu
  ignore_errors: true

- name: Disable SELinux on next boot (OS's other than debuntu)
  selinux:
    state: disabled
  register: selinux_disabled
  when: not is_debuntu

- name: Disable SELinux for this session (OS's other than debuntu, if needed)
  command: setenforce Permissive
  when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed

##  DISCOVER PLATFORMS ######
# Put conditional actions for hardware platforms here
- include_tasks: raspberry_pi.yml
  when: first_run and rpi_model != "none"

- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
  shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
  register: usb_NUC6
  ignore_errors: true

- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6    # iiab_download_url is http://download.iiab.io/packages
  get_url:
    url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"
    dest: /lib/firmware
    timeout: "{{ download_timeout }}"
  when: internet_available and usb_NUC6.stdout|int > 0

# this script can be sourced to get IIAB location
- name: Recording STAGE 1 HAS COMPLETED ============================
  template:
    src: roles/1-prep/templates/iiab.env.j2
    dest: "{{ iiab_env_file }}"
    owner: root
    group: root
    mode: 0644