mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Modularize 1-prep, Tweak 2-common
This commit is contained in:
root
parent
43720da0e8
commit
d328faf6e3
6 changed files with 85 additions and 90 deletions
17
roles/1-prep/tasks/hw_platforms.yml
Normal file
17
roles/1-prep/tasks/hw_platforms.yml
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
## DISCOVER PLATFORMS ######
|
||||
# Put conditional actions for hardware platforms here
|
||||
|
||||
- include_tasks: raspberry_pi.yml
|
||||
when: first_run and rpi_model != "none"
|
||||
|
||||
- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
|
||||
shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
|
||||
register: usb_NUC6
|
||||
ignore_errors: True
|
||||
|
||||
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages
|
||||
get_url:
|
||||
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"
|
||||
dest: /lib/firmware
|
||||
timeout: "{{ download_timeout }}"
|
||||
when: internet_available and usb_NUC6.stdout|int > 0
|
||||
|
|
@ -1,85 +1,31 @@
|
|||
# Preparations (Hardware Level)
|
||||
# Preparations (low-level, hardware, basic security)
|
||||
|
||||
- name: ...IS BEGINNING ============================================
|
||||
meta: noop
|
||||
|
||||
- name: dnsmasq (install now, configure LATER in 'network', after Stage 9)
|
||||
include_tasks: roles/network/tasks/dnsmasq.yml
|
||||
#when: dnsmasq_install # Flag might be used in future?
|
||||
|
||||
|
||||
- name: 'Install packages: sudo, uuid-runtime'
|
||||
package:
|
||||
name:
|
||||
- sudo
|
||||
- uuid-runtime
|
||||
state: present
|
||||
|
||||
- name: Does /etc/iiab/uuid exist?
|
||||
stat:
|
||||
path: /etc/iiab/uuid
|
||||
register: uuid_file
|
||||
|
||||
- name: If not, run 'uuidgen' to create a uuid, in register uuid_response
|
||||
command: uuidgen
|
||||
register: uuid_response
|
||||
when: not uuid_file.stat.exists
|
||||
|
||||
- name: Save it to /etc/iiab/uuid
|
||||
shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
|
||||
when: not uuid_file.stat.exists
|
||||
|
||||
- name: Load /etc/iiab/uuid, into register stored_uuid
|
||||
command: cat /etc/iiab/uuid
|
||||
register: stored_uuid
|
||||
|
||||
- name: Store it in Ansible variable 'uuid'
|
||||
set_fact:
|
||||
uuid: "{{ stored_uuid.stdout_lines[0] }}"
|
||||
|
||||
|
||||
- name: Does 'ubermix' exist in /etc/lsb-release?
|
||||
shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors?
|
||||
register: grep_ubermix
|
||||
failed_when: False # Universal way to hide alarmist red errors!
|
||||
#ignore_errors: True
|
||||
#check_mode: no
|
||||
|
||||
- name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix
|
||||
copy:
|
||||
src: roles/1-prep/files/iiab.conf
|
||||
dest: /etc/tmpfiles.d/
|
||||
# owner: root
|
||||
# group: root
|
||||
# mode: '0644'
|
||||
force: yes
|
||||
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist
|
||||
|
||||
# 2020-03-19: for KA Lite, but moved from roles/kalite/tasks/install.yml
|
||||
# This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-*
|
||||
# pkgs are not installed FWIW. But it's included to safeguard us across all
|
||||
# OS's, in case others OS's like Ubermix later appear. See #1382 for details.
|
||||
# Removing pkgs libgeos-3.6.2 & libgeos-c1v5 fixed the situation on Ubermix!
|
||||
- name: Remove libgeos-* pkgs, avoiding KA Lite Django failure on Ubermix
|
||||
shell: apt -y remove "libgeos-*"
|
||||
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist
|
||||
|
||||
|
||||
- name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml
|
||||
include_role:
|
||||
name: sshd
|
||||
when: sshd_install
|
||||
|
||||
- name: IIAB-ADMIN
|
||||
include_role:
|
||||
name: iiab-admin
|
||||
#when: iiab_admin_install # Flag might be created in future?
|
||||
|
||||
- name: OPENVPN
|
||||
include_role:
|
||||
name: openvpn
|
||||
when: openvpn_install
|
||||
|
||||
- name: IIAB-ADMIN -- includes roles/iiab-admin/tasks/access.yml
|
||||
include_role:
|
||||
name: iiab-admin
|
||||
#when: iiab_admin_install # Flag might be created in future?
|
||||
|
||||
- name: dnsmasq (install now, configure LATER in 'network', after Stage 9)
|
||||
include_tasks: roles/network/tasks/dnsmasq.yml
|
||||
#when: dnsmasq_install # Flag might be used in future?
|
||||
|
||||
- include_tasks: uuid.yml
|
||||
- include_tasks: ubermix.yml
|
||||
- include_tasks: hw_platforms.yml
|
||||
|
||||
|
||||
# Debian 10 "Buster" is apparently enabling AppArmor in 2019:
|
||||
# https://wiki.debian.org/AppArmor/Progress
|
||||
|
|
@ -109,25 +55,6 @@
|
|||
# when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
|
||||
|
||||
|
||||
## DISCOVER PLATFORMS ######
|
||||
# Put conditional actions for hardware platforms here
|
||||
|
||||
- include_tasks: raspberry_pi.yml
|
||||
when: first_run and rpi_model != "none"
|
||||
|
||||
- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
|
||||
shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
|
||||
register: usb_NUC6
|
||||
ignore_errors: True
|
||||
|
||||
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages
|
||||
get_url:
|
||||
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"
|
||||
dest: /lib/firmware
|
||||
timeout: "{{ download_timeout }}"
|
||||
when: internet_available and usb_NUC6.stdout|int > 0
|
||||
|
||||
|
||||
- name: Recording STAGE 1 HAS COMPLETED ============================
|
||||
template:
|
||||
src: roles/1-prep/templates/iiab.env.j2
|
||||
|
|
|
|||
25
roles/1-prep/tasks/ubermix.yml
Normal file
25
roles/1-prep/tasks/ubermix.yml
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
- name: Does 'ubermix' exist in /etc/lsb-release?
|
||||
shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors?
|
||||
register: grep_ubermix
|
||||
failed_when: False # Universal way to hide alarmist red errors!
|
||||
#ignore_errors: True
|
||||
#check_mode: no
|
||||
|
||||
- name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix (root:root, 0644 by default)
|
||||
copy:
|
||||
src: roles/1-prep/files/iiab.conf
|
||||
dest: /etc/tmpfiles.d/
|
||||
# owner: root
|
||||
# group: root
|
||||
# mode: 0644
|
||||
force: yes
|
||||
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist
|
||||
|
||||
# 2020-03-19: for KA Lite, but moved from roles/kalite/tasks/install.yml
|
||||
# This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-*
|
||||
# pkgs are not installed FWIW. But it's included to safeguard us across all
|
||||
# OS's, in case others OS's like Ubermix later appear. See #1382 for details.
|
||||
# Removing pkgs libgeos-3.6.2 & libgeos-c1v5 fixed the situation on Ubermix!
|
||||
- name: Remove libgeos-* pkgs, avoiding KA Lite Django failure on Ubermix
|
||||
shell: apt -y remove "libgeos-*"
|
||||
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist
|
||||
26
roles/1-prep/tasks/uuid.yml
Normal file
26
roles/1-prep/tasks/uuid.yml
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
- name: "Install packages: uuid-runtime"
|
||||
package:
|
||||
name: uuid-runtime
|
||||
state: present
|
||||
|
||||
- name: Does /etc/iiab/uuid exist?
|
||||
stat:
|
||||
path: /etc/iiab/uuid
|
||||
register: uuid_file
|
||||
|
||||
- name: If not, run 'uuidgen' to create a uuid, in register uuid_response
|
||||
command: uuidgen
|
||||
register: uuid_response
|
||||
when: not uuid_file.stat.exists
|
||||
|
||||
- name: Save it to /etc/iiab/uuid
|
||||
shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
|
||||
when: not uuid_file.stat.exists
|
||||
|
||||
- name: Load /etc/iiab/uuid, into register stored_uuid
|
||||
command: cat /etc/iiab/uuid
|
||||
register: stored_uuid
|
||||
|
||||
- name: Store it in Ansible variable 'uuid'
|
||||
set_fact:
|
||||
uuid: "{{ stored_uuid.stdout_lines[0] }}"
|
||||
|
|
@ -8,7 +8,7 @@
|
|||
|
||||
- include_tasks: packages.yml
|
||||
|
||||
- name: 'Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml'
|
||||
- name: "Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml"
|
||||
include_tasks: network.yml
|
||||
|
||||
- include_tasks: iiab-startup.yml
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
- name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml'
|
||||
meta: noop
|
||||
|
||||
- name: "Install 20 common packages: acpid, avahi-daemon, bzip2, curl, gawk, htop, i2c-tools, libnss-mdns, logrotate, mlocate, net-tools, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget, wpasupplicant"
|
||||
- name: "Install 21 common packages: acpid, avahi-daemon, bzip2, curl, gawk, htop, i2c-tools, libnss-mdns, logrotate, mlocate, net-tools, pandoc, pastebinit, rsync, sqlite3, sudo, tar, unzip, usbutils, wget, wpasupplicant"
|
||||
package:
|
||||
name:
|
||||
- acpid # Daemon for ACPI (power mgmt) events
|
||||
|
|
@ -33,7 +33,7 @@
|
|||
- rsync
|
||||
#- screen # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
|
||||
- sqlite3
|
||||
#- sudo # Installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml
|
||||
- sudo
|
||||
- tar
|
||||
- unzip
|
||||
#- usbmount # Moved to roles/usb_lib/tasks/install.yml
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue