raspios: further cleanup default install

4 files changed, 14 insertions, 12 deletions

diff --git a/roles/core/base/tasks/Debian.yml b/roles/core/base/tasks/Debian.yml
index cdcb529e..c526f3c2 100644
--- a/roles/core/base/tasks/Debian.yml
+++ b/roles/core/base/tasks/Debian.yml
@@ -48,9 +48,12 @@
       name: rng-tools5
       state: present
 
-  - name: make sure haveged is removed/purged
+  - name: make sure haveged and legacy rngd versions are removed/purged
     apt:
-      name: haveged
+      name:
+      - haveged
+      - rng-tools
+      - rng-tools-debian
       state: absent
       purge: yes
 
diff --git a/roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2 b/roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2
index 4d83c6b2..496363a9 100644
--- a/roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2
+++ b/roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2
@@ -217,7 +217,7 @@ autoinstall:
 {% endif %}
     - [ rm, -rf, /etc/cloud, /var/lib/cloud ]
     - [ apt-get, -y, -q, auto-remove ]
-    - [ bash, -c, 'dpkg -l | grep "^rc" | awk "{ print(\$2) }" | xargs dpkg -P' ]
+    - [ bash, -c, 'dpkg -l | grep "^rc" | awk "{ print(\$2) }" | xargs -r dpkg -P' ]
     - [ sed, '/^PasswordAuthentication /d', -i, '/etc/ssh/sshd_config' ]
 {% if ubuntu_autoinstall_virtual_machine %}
     - [ poweroff ]
@@ -256,7 +256,7 @@ autoinstall:
   - curtin in-target --target=/target -- env SUDO_FORCE_REMOVE=yes apt-get -y -q purge sudo
 {% endif %}
   - curtin in-target --target=/target -- apt-get -y -q autoremove
-  - curtin in-target --target=/target -- bash -c 'dpkg -l | grep "^rc" | awk "{ print(\$2) }" | xargs dpkg -P'
+  - curtin in-target --target=/target -- bash -c 'dpkg -l | grep "^rc" | awk "{ print(\$2) }" | xargs -r dpkg -P'
 {% if ubuntu_autoinstall_desktop is undefined %}
 {# purging the snapd package here would trigger a bug in den postrm script because some filesystems in /run/ can not be unmounted... #}
 {# to workadound this issue we only remove the package here and rely on cloud-init to fully purge it on first boot (see user-data: above) #}
diff --git a/roles/raspios/image/tasks/main.yml b/roles/raspios/image/tasks/main.yml
index 7baf2b35..95fd1407 100644
--- a/roles/raspios/image/tasks/main.yml
+++ b/roles/raspios/image/tasks/main.yml
@@ -61,12 +61,6 @@
       regexp: "{{ item.regexp }}"
       line: "{{ item.line }}"
 
-  - name: install firstrun.sh script
-    template:
-      src: firstrun.sh.j2
-      dest: "{{ raspios_image_mount_point }}/firstrun.sh"
-      mode: 0755
-
   - name: Generate authorized_keys file
     authorized_key:
       user: root
diff --git a/roles/raspios/image/templates/firstrun.sh.j2 b/roles/raspios/image/templates/firstrun.sh.j2
index 93aa3483..68b9ee1e 100644
--- a/roles/raspios/image/templates/firstrun.sh.j2
+++ b/roles/raspios/image/templates/firstrun.sh.j2
@@ -4,6 +4,7 @@ set +e
 {# https://loganmarchione.com/2021/07/raspi-configs-mostly-undocumented-non-interactive-mode/ #}
 
 raspi-config nonint do_hostname "{{ host_name }}"
+echo "{{ host_name }}" > /etc/hostname
 raspi-config nonint do_change_locale "{{ raspios_locale }}"
 raspi-config nonint do_change_timezone "{{ raspios_timezone }}"
 raspi-config nonint do_configure_keyboard "{{ raspios_keyboard_layout }}"
@@ -30,9 +31,13 @@ install -m 0644 /boot/firstrun.authorized_keys /root/.ssh/authorized_keys
 {# 0 -> enable ssh, 1 -> disable ssh #}
 raspi-config nonint do_ssh 0
 
-export DEBIAN_FRONTEND=noninteractive
-dpkg -P userconf-pi
 systemctl disable hciuart.service
+systemctl disable wpa_supplicant.service
+export DEBIAN_FRONTEND=noninteractive
+export SUDO_FORCE_REMOVE=yes
+apt-get purge -q -y userconf-pi avahi-daemon triggerhappy rsync dpkg-dev build-essential patch gdb make strace gpg ssh-import-id network-manager udisks2 p7zip p7zip-full sudo
+apt-get autoremove -q -y
+dpkg -l | grep "^rc" | awk "{ print(\$2) }" | xargs -r dpkg -P
 
 sed 's#systemd.run=/boot/firstrun.sh systemd.run_success_action=reboot systemd.unit=kernel-command-line.target##' -i /boot/cmdline.txt
 sed 's#\s*$##' -i /boot/cmdline.txt