1 files changed, 36 insertions, 0 deletions

diff --git a/roles/raspios/image/templates/firstrun.sh.j2 b/roles/raspios/image/templates/firstrun.sh.j2
new file mode 100644
index 00000000..c91c952f
--- /dev/null
+++ b/roles/raspios/image/templates/firstrun.sh.j2
@@ -0,0 +1,36 @@
+#!/bin/bash
+set +e
+
+{# https://loganmarchione.com/2021/07/raspi-configs-mostly-undocumented-non-interactive-mode/ #}
+
+raspi-config nonint do_hostname "{{ host_name }}"
+raspi-config nonint do_change_locale "{{ raspios_locale }}"
+raspi-config nonint do_change_timezone "{{ raspios_timezone }}"
+raspi-config nonint do_configure_keyboard "{{ raspios_keyboard_layout }}"
+
+{# 0 -> predictable interface names, 1 -> legacy (eth0...) #}
+raspi-config nonint do_net_names 0
+{% if not (install_dhcp | default(false)) %}
+cat <<EOF >> /etc/dhcpcd.conf
+
+#
+interface eth0
+static ip_address={{ network.primary.address }}
+static routers={{ network.primary.gateway }}
+static domain_name_servers={{ network.nameservers | join(' ') }}
+EOF
+{% endif %}
+
+{% if ansible_port != 22 %}
+sed -e 's/^#*Port .*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config
+{% endif %}
+install -m 0700 -d /root/.ssh
+install -m 0644 /boot/firstrun.authorized_keys /root/.ssh/authorized_keys
+{# 0 -> enable ssh, 1 -> disable ssh #}
+raspi-config nonint do_ssh 0
+
+DEBIAN_FRONTEND=noninteractive dpkg -P userconf-pi
+sed 's#systemd.run=/boot/firstrun.sh systemd.run_success_action=reboot systemd.unit=kernel-command-line.target##' -i /boot/cmdline.txt
+sed 's#\s*$##' -i /boot/cmdline.txt
+rm /boot/firstrun.authorized_keys
+rm /boot/firstrun.sh