mirror of
https://github.com/iiab/iiab.git
synced 2025-02-13 11:42:08 +00:00
146 lines
4.1 KiB
YAML
146 lines
4.1 KiB
YAML
# Preparations (Hardware Level)
|
|
|
|
- name: ...IS BEGINNING ============================================
|
|
command: echo
|
|
|
|
- name: Install uuid-runtime package (debuntu)
|
|
package:
|
|
name:
|
|
- uuid-runtime
|
|
- sudo
|
|
state: present
|
|
when: is_debuntu | bool
|
|
|
|
- name: Does /etc/iiab/uuid file exist?
|
|
stat:
|
|
path: /etc/iiab/uuid
|
|
register: uuid_file
|
|
|
|
- name: If no uuid exists, create one
|
|
shell: uuidgen
|
|
register: uuid_response
|
|
when: not uuid_file.stat.exists
|
|
|
|
- name: Put uuid in place at /etc/iiab/uuid
|
|
shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
|
|
when: not uuid_file.stat.exists
|
|
|
|
- name: Grab the uuid from /etc/iiab/uuid, into register stored_uuid
|
|
command: cat /etc/iiab/uuid
|
|
register: stored_uuid
|
|
|
|
- name: Place the uuid from register into variable/fact "uuid"
|
|
set_fact:
|
|
uuid: "{{ stored_uuid.stdout_lines[0] }}"
|
|
|
|
#- name: Does directory /ro exist? (indicating OS is Ubermix)
|
|
# stat:
|
|
# path: /ro
|
|
# register: ro_dir
|
|
|
|
#- debug:
|
|
# var: ro_dir
|
|
|
|
- name: Does 'ubermix' exist in /etc/lsb-release?
|
|
shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors?
|
|
register: grep_ubermix
|
|
failed_when: False # Universal way to hide alarmist red errors!
|
|
#ignore_errors: True
|
|
#check_mode: no
|
|
|
|
#- debug:
|
|
# var: grep_ubermix
|
|
|
|
- name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix
|
|
copy:
|
|
src: roles/1-prep/files/iiab.conf
|
|
dest: /etc/tmpfiles.d/
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
force: yes
|
|
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist
|
|
#when: ro_dir.stat.exists
|
|
|
|
- name: SSHD
|
|
include_role:
|
|
name: sshd
|
|
# has no "when: XXXXX_install" flag
|
|
tags: base, sshd
|
|
|
|
- name: IIAB-ADMIN
|
|
include_role:
|
|
name: iiab-admin
|
|
# has no "when: XXXXX_install" flag
|
|
tags: base, iiab-admin
|
|
|
|
- name: OPENVPN
|
|
include_role:
|
|
name: openvpn
|
|
when: openvpn_install | bool
|
|
tags: openvpn
|
|
|
|
# for rpi, without rtc, we need time as soon as possible
|
|
- name: Install chrony (an NTP package) especially for RPi's lacking RTC
|
|
package:
|
|
name: chrony
|
|
state: present
|
|
tags:
|
|
- download
|
|
|
|
#TODO: Use regexp filter instead of hard-code ip
|
|
- name: Install /etc/chrony.conf from template
|
|
template:
|
|
src: chrony.conf.j2
|
|
dest: /etc/chrony.conf
|
|
backup: no
|
|
|
|
# Debian 10 "Buster" is apparently enabling AppArmor in 2019:
|
|
# https://wiki.debian.org/AppArmor/Progress
|
|
# https://wiki.debian.org/AppArmor/HowToUse
|
|
# https://packages.debian.org/buster/apparmor
|
|
# Curiously this has NOT stopped IIAB 7.0/master from working on Debian 10
|
|
# pre-releases, during @floydianslips' March 2019 testing anyway! SEE #1387
|
|
- name: Disable AppArmor -- override OS default (ubuntu)
|
|
service:
|
|
name: apparmor
|
|
enabled: False
|
|
state: stopped
|
|
when: is_ubuntu | bool
|
|
ignore_errors: True
|
|
|
|
- name: Disable SELinux on next boot (OS's other than debuntu)
|
|
selinux:
|
|
state: disabled
|
|
register: selinux_disabled
|
|
when: not is_debuntu
|
|
|
|
- name: Disable SELinux for this session (OS's other than debuntu, if needed)
|
|
command: setenforce Permissive
|
|
when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
|
|
|
|
## DISCOVER PLATFORMS ######
|
|
# Put conditional actions for hardware platforms here
|
|
- include_tasks: raspberry_pi.yml
|
|
when: first_run and rpi_model != "none"
|
|
|
|
- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
|
|
shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
|
|
register: usb_NUC6
|
|
ignore_errors: True
|
|
|
|
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages
|
|
get_url:
|
|
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"
|
|
dest: /lib/firmware
|
|
timeout: "{{ download_timeout }}"
|
|
when: internet_available and usb_NUC6.stdout|int > 0
|
|
|
|
# this script can be sourced to get IIAB location
|
|
- name: Recording STAGE 1 HAS COMPLETED ============================
|
|
template:
|
|
src: roles/1-prep/templates/iiab.env.j2
|
|
dest: "{{ iiab_env_file }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|