1 files changed, 103 insertions, 0 deletions

diff --git a/roles/installer/raspios/image/templates/firstrun.sh.j2 b/roles/installer/raspios/image/templates/firstrun.sh.j2
new file mode 100644
index 00000000..bc35b764
--- /dev/null
+++ b/roles/installer/raspios/image/templates/firstrun.sh.j2
@@ -0,0 +1,103 @@
+#!/bin/bash
+set +e
+
+if [ -x /usr/lib/raspberrypi-sys-mods/get_fw_loc ]; then
+  FW_LOC=$(/usr/lib/raspberrypi-sys-mods/get_fw_loc)
+else
+  FW_LOC=/boot
+fi
+
+raspi-config nonint do_hostname "{{ host_name }}"
+echo "{{ host_name }}" > /etc/hostname
+raspi-config nonint do_change_locale "{{ raspios_locale }}"
+raspi-config nonint do_change_timezone "{{ raspios_timezone }}"
+raspi-config nonint do_configure_keyboard "{{ raspios_keyboard_layout }}"
+
+{# 0 -> predictable interface names, 1 -> legacy (eth0...) #}
+raspi-config nonint do_net_names 1
+
+{% if raspios_codename == 'bullseye' %}
+{%   if not (install_dhcp | default(false)) %}
+cat <<EOF >> /etc/dhcpcd.conf
+
+#
+interface {{ network.primary.name }}
+static ip_address={{ network.primary.address }}
+static routers={{ network.primary.gateway }}
+static domain_name_servers={{ network.nameservers | join(' ') }}
+EOF
+systemctl restart dhcpcd.service
+{%   endif %}
+systemctl disable hciuart.service
+{%   if 'wifi' in network.primary %}
+raspi-config nonint do_wifi_ssid_passphrase "{{ network.primary.wifi.ssid }}" "{{ network.primary.wifi.key }}"
+raspi-config nonint do_wifi_country "AT"
+{%   else %}
+systemctl disable wpa_supplicant.service
+{%   endif %}
+{% else %}
+cat <<EOF >> /etc/network/interfaces
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto {{ network.primary.name }}
+{%   if (install_dhcp | default(false)) %}
+iface {{ network.primary.name }} inet dhcp
+{%   else %}
+iface {{ network.primary.name }} inet static
+  up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
+  up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
+  address {{ network.primary.address | ansible.utils.ipaddr('address') }}
+  netmask {{ network.primary.address | ansible.utils.ipaddr('netmask') }}
+  gateway {{ network.primary.gateway }}
+{%   endif %}
+{%   if 'wifi' in network.primary %}
+  wpa-ssid {{ network.primary.wifi.ssid }}
+  wpa-psk {{ network.primary.wifi.key }}
+{%   endif %}
+EOF
+{%   if not (install_dhcp | default(false)) %}
+cat <<EOF > /etc/resolv.conf
+# Generated by ansible
+search {{ network.domain }}
+{%     for nameserver in network.nameservers %}
+nameserver {{ nameserver }}
+{%     endfor %}
+EOF
+{%   endif %}
+systemctl disable wpa_supplicant.service
+rfkill unblock wlan
+ifup {{ network.primary.name }}
+{% endif %}
+
+{% if ansible_port != 22 %}
+sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config
+{% endif %}
+install -m 0700 -d /root/.ssh
+install -m 0644 "$FW_LOC/firstrun.authorized_keys" /root/.ssh/authorized_keys
+{# 0 -> enable ssh, 1 -> disable ssh #}
+raspi-config nonint do_ssh 0
+
+export DEBIAN_FRONTEND=noninteractive
+export SUDO_FORCE_REMOVE=yes
+apt-get purge -q -y userconf-pi avahi-daemon triggerhappy dpkg-dev patch gdb make strace ssh-import-id network-manager udisks2 p7zip p7zip-full sudo dphys-swapfile
+apt-get autoremove -q -y
+dpkg -l | grep "^rc" | awk "{ print(\$2) }" | xargs -r dpkg -P
+
+sed 's#systemd.run=/boot/firstrun.sh systemd.run_success_action=reboot systemd.run_failure_action=none systemd.unit=kernel-command-line.target##' -i /boot/cmdline.txt
+sed 's#\s*$##' -i /boot/cmdline.txt
+rm "$FW_LOC/firstrun.authorized_keys"
+rm "$FW_LOC/firstrun.sh"
+rm -f /etc/sudoers.d/010_pi-nopasswd
+rm -f /etc/apt/sources.list.d/vscode.list
+rm -f /etc/apt/trusted.gpg.d/microsoft.gpg
+
+apt-get update -q
+apt-get dist-upgrade -y -q
+
+{# B1 -> Console, B2 -> console autologin, B3 -> desktop, B4 -> desktop autologin #}
+raspi-config nonint do_boot_behaviour B1
+systemctl --quiet enable getty@tty1