Catching up with current successes

roles/ShadowArch/tasks/main.yml

@@ -0,0 +1,190 @@
+---
+ ###
+ # This role installs the basic package and host setup for AniNIX operations.
+
+  # This is an AniNIX convention to allow password management by Ansible.
+  - name: Base packages
+    vars:
+      ansible_become_method: su
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    package:
+      name:
+        - bash
+        - sudo
+        - git
+        - tmux
+        - vim
+        - sysstat
+        - iotop
+        - lsof
+        - rsync
+      state: present
+      update_cache: yes
+
+  - name: Ensure deploy user has sudo permissions.
+    vars:
+      ansible_become_method: su
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    copy:
+      dest: /etc/sudoers.d/basics
+      content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"
+
+  - name: Ensure we include /etc/sudoers.d (Current)
+    vars:
+      ansible_become_method: su
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    when: ansible_architecture != "armv6l"
+    lineinfile:
+      path: /etc/sudoers
+      regexp: "includedir /etc/sudoers.d"
+      line: "@includedir /etc/sudoers.d"
+
+  - name: Ensure we include /etc/sudoers.d (Legacy)
+    vars:
+      ansible_become_method: su
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    when: ansible_architecture == "armv6l"
+    lineinfile:
+      path: /etc/sudoers
+      regexp: "includedir /etc/sudoers.d"
+      line: "#includedir /etc/sudoers.d"
+
+  - name: Test root password
+    ignore_errors: yes
+    register: root_password_test
+    vars:
+      ansible_become_method: su
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    command: id
+
+  - name: Define passwords
+    vars:
+      ansible_become_user: "root"
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    when: root_password_test.rc is not defined or root_password_test.rc != 0
+    command:
+      cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ passwords[inventory_hostname] }}' '{{ passwords[inventory_hostname] }}' | passwd {{ item }}"
+    loop:
+      - root
+      - "{{ ansible_user_id }}"
+
+  - name: Set up pacman.conf
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    copy:
+      src: pacman.conf
+      dest: /etc/pacman.conf
+      owner: root
+      group: root
+      mode: 0644
+    when: ansible_os_family == "Archlinux"
+
+  - name: Generate mirrorlist
+    delegate_to: localhost
+    run_once: yes
+    command: "bash ../bin/generate-mirrorlist"
+
+  - name: Copy mirrorlist
+    become: yes
+    when: ansible_os_family == "Archlinux"
+    copy:
+      src: mirrorlist
+      dest: /etc/pacman.d/mirrorlist.shadowarch
+      owner: root
+      group: root
+      mode: 0644
+
+  - name: Set up apt sources.list
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    copy:
+      content: |
+        deb http://raspbian.raspberrypi.org/raspbian/ bullseye main contrib non-free rpi
+        # deb-src http://archive.raspbian.org/raspbian/ stretch main contrib non-free rpi
+      dest: /etc/apt/sources.list
+      owner: root
+      group: root
+      mode: 0644
+    when: ansible_os_family == "Debian"
+
+  - name: Install ShadowArch (ArchLinux)
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    pacman:
+      name: ShadowArch
+      state: present
+      update_cache: yes
+    when: ansible_os_family == "Archlinux"
+
+  - name: Set up AniNIX-specific repository location (Other)
+    when: ansible_os_family != "Archlinux"
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    file:
+      path: /opt/aninix
+      state: directory
+
+  - name: Download ShadowArch (Other)
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    ignore_errors: yes
+    git:
+      repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
+      dest: '/opt/aninix/ShadowArch'
+      update: yes
+    when: ansible_os_family != "Archlinux"
+
+  - name: Install ShadowArch (Other)
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    command:
+      chdir: '/opt/aninix/ShadowArch'
+      cmd: '/bin/bash -c "make install; /usr/local/sbin/shadowarch-sync"'
+    when: ansible_os_family != "Archlinux"
+
+  - name: Set up hostname
+    vars:
+      ansible_become_password: "{{ passwords[inventory_hostname] }}"
+    become: yes
+    hostname:
+      name: "{{ inventory_hostname }}.{{ replica_domain }}"
+
+  - name: Set Bash MOTD
+    become: yes
+    copy:
+      src: "motd/{{ inventory_hostname }}"
+      dest: /etc/bash.motd
+      owner: root
+      group: root
+      mode: 0644
+
+  - name: Nullify overall MOTD
+    become: yes
+    copy:
+      src: /dev/null
+      dest: /etc/motd
+      owner: root
+      group: root
+      mode: 0644
+
+  - include: archlinux-network.yml
+    when: ansible_os_family == "Archlinux"
+
+  - include: raspbian-network.yml
+    when: ansible_os_family == "Debian"
+
+  - include: dns.yml
+
+  - include: ntp.yml