Kapisi/roles/ShadowArch/tasks/raspbian-network.yml

---

  - name: Rasbian network packages
    become: yes
    package:
        name:
          - netbase
        state: present

  - name: Rasbian network config
    become: yes
    when: not static
    copy:
        src: raspbian-interfaces
        dest: "/etc/network/interfaces"
        owner: root
        group: root
        mode: 0644

  - name: Rasbian network config (static)
    become: yes
    when: static
    template:
        src: raspbian-static.j2
        dest: "/etc/network/interfaces"
        owner: root
        group: root
        mode: 0644

  - name: Raspbian wireless
    become: yes
    command:
        cmd: /bin/bash -c "wpa_passphrase {{ wireless_ssid }} '{{ secrets['Shadownet']['ssid_passphrase'] }}' > /etc/wpa_supplicant.conf"
        creates: '/etc/wpa_supplicant.conf'

  - name: Raspbian wireless hardening
    become: yes
    file:
        path: '/etc/wpa_supplicant.conf'
        state: file
        owner: root
        group: root
        mode: 0600

  - name: Ensure keys
    become: yes
    command: /bin/bash -c 'chmod go-rwx /etc/ssh/*key'