From 2ccdc4546d38ed0e9d6784668168c4d566311f6f Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 28 Apr 2024 18:46:49 +0200 Subject: move raspios and openwrt folders to installer/ --- .../deploy/action_plugins/openwrt_sysupgrade.py | 57 +++++++++++ roles/installer/openwrt/deploy/tasks/main.yml | 5 + roles/installer/openwrt/image/README.md | 8 ++ roles/installer/openwrt/image/defaults/main.yml | 19 ++++ roles/installer/openwrt/image/tasks/fetch.yml | 57 +++++++++++ roles/installer/openwrt/image/tasks/main.yml | 65 ++++++++++++ roles/installer/openwrt/image/tasks/prepare.yml | 110 +++++++++++++++++++++ roles/installer/openwrt/image/templates/group.j2 | 21 ++++ roles/installer/openwrt/image/templates/passwd.j2 | 9 ++ roles/installer/openwrt/image/templates/uci.j2 | 15 +++ roles/installer/raspios/image/defaults/main.yml | 17 ++++ .../installer/raspios/image/filter_plugins/main.py | 51 ++++++++++ roles/installer/raspios/image/tasks/fetch.yml | 60 +++++++++++ roles/installer/raspios/image/tasks/main.yml | 103 +++++++++++++++++++ .../raspios/image/templates/firstrun.sh.j2 | 103 +++++++++++++++++++ roles/installer/raspios/image/vars/main.yml | 4 + .../deploy/action_plugins/openwrt_sysupgrade.py | 57 ----------- roles/openwrt/deploy/tasks/main.yml | 5 - roles/openwrt/image/README.md | 8 -- roles/openwrt/image/defaults/main.yml | 19 ---- roles/openwrt/image/tasks/fetch.yml | 57 ----------- roles/openwrt/image/tasks/main.yml | 65 ------------ roles/openwrt/image/tasks/prepare.yml | 110 --------------------- roles/openwrt/image/templates/group.j2 | 21 ---- roles/openwrt/image/templates/passwd.j2 | 9 -- roles/openwrt/image/templates/uci.j2 | 15 --- roles/raspios/image/defaults/main.yml | 17 ---- roles/raspios/image/filter_plugins/main.py | 51 ---------- roles/raspios/image/tasks/fetch.yml | 60 ----------- roles/raspios/image/tasks/main.yml | 103 ------------------- roles/raspios/image/templates/firstrun.sh.j2 | 103 ------------------- roles/raspios/image/vars/main.yml | 4 - roles/slim/hetzner/tasks/main.yml | 13 --- roles/slim/scaleway/tasks/main.yml | 13 --- 34 files changed, 704 insertions(+), 730 deletions(-) create mode 100644 roles/installer/openwrt/deploy/action_plugins/openwrt_sysupgrade.py create mode 100644 roles/installer/openwrt/deploy/tasks/main.yml create mode 100644 roles/installer/openwrt/image/README.md create mode 100644 roles/installer/openwrt/image/defaults/main.yml create mode 100644 roles/installer/openwrt/image/tasks/fetch.yml create mode 100644 roles/installer/openwrt/image/tasks/main.yml create mode 100644 roles/installer/openwrt/image/tasks/prepare.yml create mode 100644 roles/installer/openwrt/image/templates/group.j2 create mode 100644 roles/installer/openwrt/image/templates/passwd.j2 create mode 100644 roles/installer/openwrt/image/templates/uci.j2 create mode 100644 roles/installer/raspios/image/defaults/main.yml create mode 100644 roles/installer/raspios/image/filter_plugins/main.py create mode 100644 roles/installer/raspios/image/tasks/fetch.yml create mode 100644 roles/installer/raspios/image/tasks/main.yml create mode 100644 roles/installer/raspios/image/templates/firstrun.sh.j2 create mode 100644 roles/installer/raspios/image/vars/main.yml delete mode 100644 roles/openwrt/deploy/action_plugins/openwrt_sysupgrade.py delete mode 100644 roles/openwrt/deploy/tasks/main.yml delete mode 100644 roles/openwrt/image/README.md delete mode 100644 roles/openwrt/image/defaults/main.yml delete mode 100644 roles/openwrt/image/tasks/fetch.yml delete mode 100644 roles/openwrt/image/tasks/main.yml delete mode 100644 roles/openwrt/image/tasks/prepare.yml delete mode 100644 roles/openwrt/image/templates/group.j2 delete mode 100644 roles/openwrt/image/templates/passwd.j2 delete mode 100644 roles/openwrt/image/templates/uci.j2 delete mode 100644 roles/raspios/image/defaults/main.yml delete mode 100644 roles/raspios/image/filter_plugins/main.py delete mode 100644 roles/raspios/image/tasks/fetch.yml delete mode 100644 roles/raspios/image/tasks/main.yml delete mode 100644 roles/raspios/image/templates/firstrun.sh.j2 delete mode 100644 roles/raspios/image/vars/main.yml delete mode 100644 roles/slim/hetzner/tasks/main.yml delete mode 100644 roles/slim/scaleway/tasks/main.yml (limited to 'roles') diff --git a/roles/installer/openwrt/deploy/action_plugins/openwrt_sysupgrade.py b/roles/installer/openwrt/deploy/action_plugins/openwrt_sysupgrade.py new file mode 100644 index 00000000..16772937 --- /dev/null +++ b/roles/installer/openwrt/deploy/action_plugins/openwrt_sysupgrade.py @@ -0,0 +1,57 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import os + +from ansible.errors import AnsibleError, AnsibleAction, AnsibleActionFail, AnsibleActionSkip, AnsibleConnectionFailure +from ansible.module_utils._text import to_native +from ansible.plugins.action import ActionBase + + +class ActionModule(ActionBase): + TRANSFERS_FILES = True + + def run(self, tmp=None, task_vars=None): + if task_vars is None: + task_vars = dict() + + if self._task.environment and any(self._task.environment): + self._display.warning('openwrt_sysupgrade module does not support the environment keyword') + + result = super(ActionModule, self).run(tmp, task_vars) + del tmp # tmp no longer has any effect + self._cleanup_remote_tmp = False + + try: + if self._play_context.check_mode: + raise AnsibleActionSkip('Check mode is not supported for this task.') + + result['changed'] = True + + try: + image = to_native(self._task.args.get('image', ''), errors='surrogate_or_strict') + image = self._loader.get_real_file(self._find_needle('files', image), decrypt=False) + except AnsibleError as e: + raise AnsibleActionFail(to_native(e)) + + tmp_img = self._connection._shell.join_path(self._connection._shell.tmpdir, os.path.basename(image)) + self._transfer_file(image, tmp_img) + self._fixup_perms2((self._connection._shell.tmpdir, tmp_img), execute=False) + + args = to_native(self._task.args.get('args', ''), errors='surrogate_or_strict') + + script_cmd = ' '.join(['sysupgrade', args, tmp_img]) + script_cmd = self._connection._shell.wrap_for_exec(script_cmd) + + try: + result.update(self._low_level_execute_command(cmd=script_cmd)) + except AnsibleConnectionFailure as e: + result['rc'] = 0 + + if 'rc' in result and result['rc'] != 0: + raise AnsibleActionFail('non-zero return code') + + except AnsibleAction as e: + result.update(e.result) + + return result diff --git a/roles/installer/openwrt/deploy/tasks/main.yml b/roles/installer/openwrt/deploy/tasks/main.yml new file mode 100644 index 00000000..06fb28ad --- /dev/null +++ b/roles/installer/openwrt/deploy/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- name: copy image and run sysupgrade + openwrt_sysupgrade: + image: "{{ output_images | first }}" + args: -n diff --git a/roles/installer/openwrt/image/README.md b/roles/installer/openwrt/image/README.md new file mode 100644 index 00000000..95d9d106 --- /dev/null +++ b/roles/installer/openwrt/image/README.md @@ -0,0 +1,8 @@ +# Build OpenWRT images with Ansible + +TODO: add possibility to disable root logins using /etc/shadow + this will also take care of the annoying + "There is no root password defined ..." + message when you log in. + +## Configuration diff --git a/roles/installer/openwrt/image/defaults/main.yml b/roles/installer/openwrt/image/defaults/main.yml new file mode 100644 index 00000000..9f867053 --- /dev/null +++ b/roles/installer/openwrt/image/defaults/main.yml @@ -0,0 +1,19 @@ +--- +openwrt_variant: openwrt +openwrt_release: "{{ install_codename }}" +openwrt_download_dir: "{{ global_cache_dir }}/openwrt" +openwrt_tarball_basename: "{{ openwrt_variant }}-imagebuilder-{{ openwrt_release }}-{{ openwrt_arch }}-{{ openwrt_target }}.Linux-x86_64" +openwrt_tarball_name: "{{ openwrt_tarball_basename }}.tar.xz" +openwrt_target: generic + +openwrt_output_dir: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/openwrt" +openwrt_output_image_name_base: "{{ openwrt_variant }}-{{ openwrt_release }}-{{ openwrt_arch }}{% if openwrt_target != 'generic' %}-{{ openwrt_target }}{% endif %}" +openwrt_output_image_suffixes: + - squashfs-sysupgrade.bin + - squashfs-factory.bin + +openwrt_packages_remove: [] +openwrt_packages_add: [] +openwrt_packages_extra: [] + +openwrt_keep_temporary_build_dir: false diff --git a/roles/installer/openwrt/image/tasks/fetch.yml b/roles/installer/openwrt/image/tasks/fetch.yml new file mode 100644 index 00000000..1dc5728d --- /dev/null +++ b/roles/installer/openwrt/image/tasks/fetch.yml @@ -0,0 +1,57 @@ +--- +- name: Create download directory + file: + dest: "{{ openwrt_download_dir }}" + state: directory + +- name: download the openwrt image builder + block: + - name: Generate OpenWrt download URLs + set_fact: + openwrt_url: + https://downloads.openwrt.org/releases/{{ openwrt_release }}/targets/{{ openwrt_arch | mandatory }}/{{ openwrt_target }} + + - name: Download sha256sums + get_url: + url: "{{ openwrt_url }}/sha256sums" + dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" + + - name: Download sha256sums.asc + get_url: + url: "{{ openwrt_url }}/sha256sums.asc" + dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" + + - name: Check OpenPGP signature + command: >- + gpgv --keyring "{{ global_files_dir }}/common/keyrings/openwrt-{{ [0, 1] | map('extract', (openwrt_release | split('.'))) | join('.') }}.gpg" + "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" + changed_when: False + register: openwrt_image_gpg_result + + - debug: + var: openwrt_image_gpg_result.stderr_lines + + - name: Extract SHA256 hash of the imagebuilder archive + command: grep '{{ openwrt_tarball_name }}' "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" + changed_when: False + register: sha256 + + - name: Download imagebuilder + get_url: + url: "{{ openwrt_url }}/{{ openwrt_tarball_name }}" + dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" + checksum: sha256:{{ sha256.stdout.split(' ') | first }} + + rescue: + - name: Delete downloaded artifacts + loop: + - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" + - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" + - "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" + file: + path: "{{ item }}" + state: absent + + - name: the download has failed... + fail: + msg: Something borked diff --git a/roles/installer/openwrt/image/tasks/main.yml b/roles/installer/openwrt/image/tasks/main.yml new file mode 100644 index 00000000..5bf07d04 --- /dev/null +++ b/roles/installer/openwrt/image/tasks/main.yml @@ -0,0 +1,65 @@ +--- +- name: fetch imagebuilder + when: openwrt_imgbuilder_tarball is not defined + run_once: true + import_tasks: fetch.yml + +- name: build the image + block: + - import_tasks: prepare.yml + + - name: Create the output directory for built images + file: + path: "{{ openwrt_output_dir }}" + state: directory + + - name: generate list of packages to add or remove + set_fact: + openwrt_packages: >- + {{ openwrt_packages_remove | map('regex_replace', '^', '-') | join(' ') }} + {{ openwrt_packages_add | join(' ') }} + {{ openwrt_packages_extra | join(' ') }} + + - name: Build the OpenWrt image + command: >- + make -C {{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }} image + {% if openwrt_profile is defined %}PROFILE="{{ openwrt_profile }}" {% endif %} + FILES="{{ openwrt_imgbuilder_files }}" + PACKAGES="{{ openwrt_packages }}" + {% if openwrt_extra_name is defined %} EXTRA_IMAGE_NAME="{{ openwrt_extra_name }}" {% endif %} + {% if openwrt_rootfs_partsize is defined %} ROOTFS_PARTSIZE="{{ openwrt_rootfs_partsize }}" {% endif %} + register: openwrt_build + + - name: Copy newly built OpenWrt image + loop: "{{ openwrt_output_image_suffixes }}" + copy: + src: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/bin/targets/{{ openwrt_arch }}/{{ openwrt_target }}/{{ openwrt_output_image_name_base }}-{{ item }}" + dest: "{{ openwrt_output_dir }}" + + - name: set output image names + set_fact: + output_images: "{{ [(openwrt_output_dir, openwrt_output_image_name_base) | path_join | realpath] | product(openwrt_output_image_suffixes) | map('join', '-') }}" + + always: + - name: save stdout build-log to output directory + when: openwrt_build is defined + copy: + content: "{{ openwrt_build.stdout }}\n" + dest: "{{ openwrt_output_dir }}/build-stdout.log" + + - name: save stderr build-log to output directory + when: openwrt_build is defined + copy: + content: "{{ openwrt_build.stderr }}\n" + dest: "{{ openwrt_output_dir }}/build-stderr.log" + + - name: delete the temporary build directory + when: not openwrt_keep_temporary_build_dir + file: + path: "{{ openwrt_imgbuilder_dir }}" + state: absent + + - name: print temporary build directory information + when: openwrt_keep_temporary_build_dir + debug: + msg: "The temporary build directory has not been deleted, the path to the directory is: {{ openwrt_imgbuilder_dir }}" diff --git a/roles/installer/openwrt/image/tasks/prepare.yml b/roles/installer/openwrt/image/tasks/prepare.yml new file mode 100644 index 00000000..f685540c --- /dev/null +++ b/roles/installer/openwrt/image/tasks/prepare.yml @@ -0,0 +1,110 @@ +--- +- name: Create temporary build directory + tempfile: + state: directory + register: tmpdir + +- name: set variables needed to build images + set_fact: + openwrt_imgbuilder_dir: "{{ tmpdir.path }}" + openwrt_imgbuilder_files: "{{ tmpdir.path }}/files" + +- name: Create the directories for mixins + loop: "{{ mixin_directories | flatten }}" + vars: + mixin_directories: + - "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}" + - "{{ openwrt_imgbuilder_files }}/etc/config" + - "{{ openwrt_mixin | map('dirname') | map('regex_replace', '^', openwrt_imgbuilder_files) | unique | list }}" + file: + path: "{{ item }}" + state: directory + mode: '0755' + + +- name: Copy mixins in place [1/3] + loop: "{{ openwrt_mixin | dict2items | selectattr('value.link', 'defined') | list }}" + loop_control: + label: "{{ item.key }}" + file: + dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" + src: "{{ item.value.link }}" + force: yes + follow: no + state: link + +- name: Copy mixins in place [2/3] + loop: "{{ openwrt_mixin | dict2items | selectattr('value.file', 'defined') | list }}" + loop_control: + label: "{{ item.key }}" + copy: + src: "{{ item.value.file }}" + dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" + mode: "{{ item.value.mode | default('0644') }}" + +- name: Copy mixins in place [3/3] + loop: "{{ openwrt_mixin | dict2items | selectattr('value.content', 'defined') | list }}" + loop_control: + label: "{{ item.key }}" + copy: + content: "{{ item.value.content }}" + dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" + mode: "{{ item.value.mode | default('0644') }}" + +- name: Generate /etc/fstab + when: openwrt_mounts is defined + loop: "{{ openwrt_mounts }}" + loop_control: + label: "{{ item.path }}" + mount: + fstab: "{{ openwrt_imgbuilder_files }}/etc/fstab" + state: present + src: "{{ item.src | default(omit) }}" + path: "{{ item.path | default(omit) }}" + fstype: "{{ item.fstype | default(omit) }}" + opts: "{{ item.opts | default(omit) }}" + boot: "{{ item.boot | default(omit) }}" + dump: "{{ item.dump | default(omit) }}" + passno: "{{ item.passno | default(omit) }}" + + +- name: Create UCI configuration files + loop: "{{ openwrt_uci | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: uci.j2 + dest: "{{ openwrt_imgbuilder_files }}/etc/config/{{ item.key }}" + mode: 0644 + trim_blocks: yes +# force: no ## TODO: fail when overwriting a file + +- name: Create /etc/passwd + when: openwrt_users is defined + template: + src: passwd.j2 + dest: "{{ openwrt_imgbuilder_files }}/etc/passwd" + mode: 0644 + trim_blocks: yes + +- name: Create /etc/group + when: openwrt_groups is defined or openwrt_users is defined + template: + src: group.j2 + dest: "{{ openwrt_imgbuilder_files }}/etc/group" + mode: 0644 + trim_blocks: yes + +- name: extract image builder tarball + environment: ### TODO: remove once this lands in ansible: https://github.com/ansible/ansible/pull/76542 + LANGUAGE: en_US.utf8 + unarchive: + src: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" + remote_src: yes + dest: "{{ openwrt_imgbuilder_dir }}" + +- name: Symlink the cache repository + file: + state: link + src: "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}" + path: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/dl" diff --git a/roles/installer/openwrt/image/templates/group.j2 b/roles/installer/openwrt/image/templates/group.j2 new file mode 100644 index 00000000..cb433b88 --- /dev/null +++ b/roles/installer/openwrt/image/templates/group.j2 @@ -0,0 +1,21 @@ +{{ ansible_managed | comment }} +root:x:0: +daemon:x:1: +adm:x:4: +mail:x:8: +audio:x:29: +www-data:x:33: +ftp:x:55: +users:x:100: +network:x:101: +{% for name, opt in openwrt_users.items() %} +{% if 'group_id' not in opt %} +{{ name }}:x:{{ opt.id | default(loop.index + 110) }}: +{% endif %} +{% endfor %} +{% if openwrt_groups is defined %} +{% for name, opt in openwrt_groups.items() %} +{{ name }}:x:{{ opt.id | default(loop.index + 200) }}: +{% endfor %} +{% endif %} +nogroup:x:65534: diff --git a/roles/installer/openwrt/image/templates/passwd.j2 b/roles/installer/openwrt/image/templates/passwd.j2 new file mode 100644 index 00000000..9beaeb61 --- /dev/null +++ b/roles/installer/openwrt/image/templates/passwd.j2 @@ -0,0 +1,9 @@ +{{ ansible_managed | comment }} +root:x:0:0:root:/root:/bin/ash +daemon:*:1:1:daemon:/var:/bin/false +ftp:*:55:55:ftp:/home/ftp:/bin/false +network:*:101:101:network:/var:/bin/false +{% for name, opt in openwrt_users.items() %} +{{ name }}:*:{{ opt.id | default(loop.index + 110) }}:{{ opt.gid | default(loop.index + 110) }}:{{ name }}:{{ opt.home | default('/nonexistent') }}:{{ opt.shell | default('/bin/false') }} +{% endfor %} +nobody:*:65534:65534:nobody:/var:/bin/false diff --git a/roles/installer/openwrt/image/templates/uci.j2 b/roles/installer/openwrt/image/templates/uci.j2 new file mode 100644 index 00000000..3cc480b2 --- /dev/null +++ b/roles/installer/openwrt/image/templates/uci.j2 @@ -0,0 +1,15 @@ +{{ ansible_managed | comment }} + +{% for section in item.value %} +config {{ section.name }} +{% for option, value in section.options.items() %} +{% if value is iterable and value is not string %} +{% for v in value %} + list {{ option }} '{{ v }}' +{% endfor %} +{% else %} + option {{ option }} '{{ value }}' +{% endif %} +{% endfor %} + +{% endfor %} diff --git a/roles/installer/raspios/image/defaults/main.yml b/roles/installer/raspios/image/defaults/main.yml new file mode 100644 index 00000000..3f6ab3a3 --- /dev/null +++ b/roles/installer/raspios/image/defaults/main.yml @@ -0,0 +1,17 @@ +--- +raspios_variant: lite ## (lite|desktop|full) +raspios_codename: "{{ install_codename }}" +# raspios_arch: (arm64|armhf) +raspios_download_dir: "{{ global_cache_dir }}/raspios" + +raspios_output_dir: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/raspios" + +raspios_keep_boot_dir_mounted: no + +# raspios_boot_config: +# - regexp: '^#dtparam=i2c_vc' +# line: 'dtparam=i2c_vc=on' + +raspios_locale: en_US.UTF-8 +raspios_timezone: Europe/Vienna +raspios_keyboard_layout: de diff --git a/roles/installer/raspios/image/filter_plugins/main.py b/roles/installer/raspios/image/filter_plugins/main.py new file mode 100644 index 00000000..5ac2d5ab --- /dev/null +++ b/roles/installer/raspios/image/filter_plugins/main.py @@ -0,0 +1,51 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import os +from ansible import errors +from urllib.parse import urlparse, urlunparse + + +def _raspios_extract_latest_image_download_url_recursive(items, image_name_suffix): + for item in items: + if not item['name'].startswith('Raspberry Pi OS '): + continue + + if 'url' in item: + result = urlparse(item['url']) + if not os.path.basename(result.path).endswith(image_name_suffix): + continue + + return urlunparse(result) + if 'subitems' in item: + result = _raspios_extract_latest_image_download_url_recursive(item['subitems'], image_name_suffix) + if result: + return result + return None + + +def raspios_extract_latest_image_download_url(os_list, variant, codename, arch): + try: + image_name_suffix = 'raspios-%s-%s' % (codename, arch) + if variant != 'desktop': + image_name_suffix += '-%s' % variant + image_name_suffix += '.img.xz' + + result = _raspios_extract_latest_image_download_url_recursive(os_list, image_name_suffix) + if result: + return result + + except Exception as e: + raise errors.AnsibleFilterError("raspios_extract_latest_image_download_url: %s" % str(e)) + + raise errors.AnsibleFilterError("unable to find latest image url for: %s" % (base_url)) + + +class FilterModule(object): + + filter_map = { + 'raspios_extract_latest_image_download_url': raspios_extract_latest_image_download_url, + } + + def filters(self): + return self.filter_map diff --git a/roles/installer/raspios/image/tasks/fetch.yml b/roles/installer/raspios/image/tasks/fetch.yml new file mode 100644 index 00000000..bbde6bdf --- /dev/null +++ b/roles/installer/raspios/image/tasks/fetch.yml @@ -0,0 +1,60 @@ +--- +- name: Create download directory + file: + dest: "{{ raspios_download_dir }}" + state: directory + +- name: fetch imageutility os list from download server + check_mode: no + uri: + url: "{{ raspios_download_url }}/os_list_imagingutility_v4.json" + body_format: json + register: raspios_os_list_imagingutility + +- set_fact: + raspios_download_url_image: "{{ raspios_os_list_imagingutility.json.os_list | raspios_extract_latest_image_download_url(raspios_variant, raspios_codename, raspios_arch) }}" + +- name: download the raspios image + block: + - name: download sha256sum and signature + loop: + - sha256 + - sig + get_url: + url: "{{ raspios_download_url_image }}.{{ item }}" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.{{ item }}" + + - name: extract SHA256 hash of the image archive + command: grep '{{ raspios_download_image_base_name }}' "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.sha256" + changed_when: False + register: sha256 + + - name: download image + get_url: + url: "{{ raspios_download_url_image }}" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}" + checksum: sha256:{{ sha256.stdout.split(' ') | first }} + + - name: check OpenPGP signature + command: >- + gpgv --keyring "{{ global_files_dir }}/common/keyrings/raspberrypi-downloads.gpg" + "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.sig" "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}" + changed_when: False + register: raspios_image_gpg_result + + - debug: + var: raspios_image_gpg_result.stderr_lines + + rescue: + - name: delete downloaded artifacts + loop: + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}-sha256" + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.sig" + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}" + file: + path: "{{ item }}" + state: absent + + - name: the download has failed... + fail: + msg: Something borked diff --git a/roles/installer/raspios/image/tasks/main.yml b/roles/installer/raspios/image/tasks/main.yml new file mode 100644 index 00000000..b8296f9a --- /dev/null +++ b/roles/installer/raspios/image/tasks/main.yml @@ -0,0 +1,103 @@ +--- +- name: check if host is member of the raspios group + assert: + msg: "please add the host to the group 'raspios'" + that: + - "'raspios' in group_names" + +- name: fetch base image + run_once: true + import_tasks: fetch.yml + +- name: build the image + block: + - name: create the output directory for built images + file: + path: "{{ raspios_output_dir }}" + state: directory + + - name: extract image + decompress: + src: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}" + dest: "{{ raspios_output_dir }}" + force: yes + register: raspios_image_extract + + - set_fact: + raspios_output_image_base_name: "{{ raspios_image_extract.files | first | basename }}" + + - name: read partition layout from image + command: "sfdisk -q -r -J '{{ raspios_output_dir }}/{{ raspios_output_image_base_name }}'" + register: raspios_image_sfdisk + + - set_fact: + raspios_image_partitions: "{{ (raspios_image_sfdisk.stdout | from_json)['partitiontable']['partitions'] }}" + + - name: bind loop device for boot partition + command: "udisksctl loop-setup --no-user-interaction -o {{ raspios_image_partitions[0].start * 512 }} -s {{ raspios_image_partitions[0].size * 512 }} -f '{{ raspios_output_dir }}/{{ raspios_output_image_base_name }}'" + register: raspios_image_loop_setup + + - set_fact: + raspios_image_loop_device: "{{ raspios_image_loop_setup.stdout | regex_search('as (/dev/loop[0-9]+)\\.$', '\\1') | first }}" + + - name: mount boot partition + command: "udisksctl mount --no-user-interaction -b '{{ raspios_image_loop_device }}'" + register: raspios_image_mount + + - set_fact: + raspios_image_mount_point: "{{ raspios_image_mount.stdout | regex_search('at (/media/.+)\\.?$', '\\1') | first }}" + + - name: edit boot/config.txt + when: raspios_boot_config is defined + loop: "{{ raspios_boot_config }}" + loop_control: + label: "{{ item.line }}" + lineinfile: + path: "{{ raspios_image_mount_point }}/config.txt" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + + - name: Generate authorized_keys file + authorized_key: + user: root + manage_dir: no + path: "{{ raspios_image_mount_point }}/firstrun.authorized_keys" + key: "{{ ssh_keys_root | join('\n') }}" + + - name: install firstrun.sh script + template: + src: firstrun.sh.j2 + dest: "{{ raspios_image_mount_point }}/firstrun.sh" + mode: 0755 + + - name: edit boot/cmdline.txt + lineinfile: + path: "{{ raspios_image_mount_point }}/cmdline.txt" + regexp: '^(.*)( systemd.run=/boot/firstrun.sh systemd.run_success_action=reboot systemd.run_failure_action=none systemd.unit=kernel-command-line.target)?(.*?)$' + backrefs: yes + line: '\1 systemd.run=/boot/firstrun.sh systemd.run_success_action=reboot systemd.run_failure_action=none systemd.unit=kernel-command-line.target \3' + + always: + - name: unmount image + when: + - not raspios_keep_boot_dir_mounted + - raspios_image_mount_point is defined + - raspios_image_mount_point is mount + command: "udisksctl unmount --no-user-interaction -b '{{ raspios_image_loop_device }}'" + + - name: delete loop_device + when: + - not raspios_keep_boot_dir_mounted + - raspios_image_loop_device is defined + command: "udisksctl loop-delete --no-user-interaction -b '{{ raspios_image_loop_device }}'" + + - name: print temporary build directory information + when: + - raspios_keep_boot_dir_mounted + debug: + msg: "As per request the boot partition of the image is still mounted to: {{ raspios_image_mount_point }}" + +- name: set output image names + set_fact: + output_images: + - "{{ (raspios_output_dir, raspios_output_image_base_name) | path_join | realpath }}" diff --git a/roles/installer/raspios/image/templates/firstrun.sh.j2 b/roles/installer/raspios/image/templates/firstrun.sh.j2 new file mode 100644 index 00000000..bc35b764 --- /dev/null +++ b/roles/installer/raspios/image/templates/firstrun.sh.j2 @@ -0,0 +1,103 @@ +#!/bin/bash +set +e + +if [ -x /usr/lib/raspberrypi-sys-mods/get_fw_loc ]; then + FW_LOC=$(/usr/lib/raspberrypi-sys-mods/get_fw_loc) +else + FW_LOC=/boot +fi + +raspi-config nonint do_hostname "{{ host_name }}" +echo "{{ host_name }}" > /etc/hostname +raspi-config nonint do_change_locale "{{ raspios_locale }}" +raspi-config nonint do_change_timezone "{{ raspios_timezone }}" +raspi-config nonint do_configure_keyboard "{{ raspios_keyboard_layout }}" + +{# 0 -> predictable interface names, 1 -> legacy (eth0...) #} +raspi-config nonint do_net_names 1 + +{% if raspios_codename == 'bullseye' %} +{% if not (install_dhcp | default(false)) %} +cat <> /etc/dhcpcd.conf + +# +interface {{ network.primary.name }} +static ip_address={{ network.primary.address }} +static routers={{ network.primary.gateway }} +static domain_name_servers={{ network.nameservers | join(' ') }} +EOF +systemctl restart dhcpcd.service +{% endif %} +systemctl disable hciuart.service +{% if 'wifi' in network.primary %} +raspi-config nonint do_wifi_ssid_passphrase "{{ network.primary.wifi.ssid }}" "{{ network.primary.wifi.key }}" +raspi-config nonint do_wifi_country "AT" +{% else %} +systemctl disable wpa_supplicant.service +{% endif %} +{% else %} +cat <> /etc/network/interfaces + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +auto {{ network.primary.name }} +{% if (install_dhcp | default(false)) %} +iface {{ network.primary.name }} inet dhcp +{% else %} +iface {{ network.primary.name }} inet static + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf + address {{ network.primary.address | ansible.utils.ipaddr('address') }} + netmask {{ network.primary.address | ansible.utils.ipaddr('netmask') }} + gateway {{ network.primary.gateway }} +{% endif %} +{% if 'wifi' in network.primary %} + wpa-ssid {{ network.primary.wifi.ssid }} + wpa-psk {{ network.primary.wifi.key }} +{% endif %} +EOF +{% if not (install_dhcp | default(false)) %} +cat < /etc/resolv.conf +# Generated by ansible +search {{ network.domain }} +{% for nameserver in network.nameservers %} +nameserver {{ nameserver }} +{% endfor %} +EOF +{% endif %} +systemctl disable wpa_supplicant.service +rfkill unblock wlan +ifup {{ network.primary.name }} +{% endif %} + +{% if ansible_port != 22 %} +sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config +{% endif %} +install -m 0700 -d /root/.ssh +install -m 0644 "$FW_LOC/firstrun.authorized_keys" /root/.ssh/authorized_keys +{# 0 -> enable ssh, 1 -> disable ssh #} +raspi-config nonint do_ssh 0 + +export DEBIAN_FRONTEND=noninteractive +export SUDO_FORCE_REMOVE=yes +apt-get purge -q -y userconf-pi avahi-daemon triggerhappy dpkg-dev patch gdb make strace ssh-import-id network-manager udisks2 p7zip p7zip-full sudo dphys-swapfile +apt-get autoremove -q -y +dpkg -l | grep "^rc" | awk "{ print(\$2) }" | xargs -r dpkg -P + +sed 's#systemd.run=/boot/firstrun.sh systemd.run_success_action=reboot systemd.run_failure_action=none systemd.unit=kernel-command-line.target##' -i /boot/cmdline.txt +sed 's#\s*$##' -i /boot/cmdline.txt +rm "$FW_LOC/firstrun.authorized_keys" +rm "$FW_LOC/firstrun.sh" +rm -f /etc/sudoers.d/010_pi-nopasswd +rm -f /etc/apt/sources.list.d/vscode.list +rm -f /etc/apt/trusted.gpg.d/microsoft.gpg + +apt-get update -q +apt-get dist-upgrade -y -q + +{# B1 -> Console, B2 -> console autologin, B3 -> desktop, B4 -> desktop autologin #} +raspi-config nonint do_boot_behaviour B1 +systemctl --quiet enable getty@tty1 diff --git a/roles/installer/raspios/image/vars/main.yml b/roles/installer/raspios/image/vars/main.yml new file mode 100644 index 00000000..7c547ce2 --- /dev/null +++ b/roles/installer/raspios/image/vars/main.yml @@ -0,0 +1,4 @@ +--- +raspios_download_url: "https://downloads.raspberrypi.org" + +raspios_download_image_base_name: "{{ raspios_download_url_image | urlsplit('path') | basename }}" diff --git a/roles/openwrt/deploy/action_plugins/openwrt_sysupgrade.py b/roles/openwrt/deploy/action_plugins/openwrt_sysupgrade.py deleted file mode 100644 index 16772937..00000000 --- a/roles/openwrt/deploy/action_plugins/openwrt_sysupgrade.py +++ /dev/null @@ -1,57 +0,0 @@ -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os - -from ansible.errors import AnsibleError, AnsibleAction, AnsibleActionFail, AnsibleActionSkip, AnsibleConnectionFailure -from ansible.module_utils._text import to_native -from ansible.plugins.action import ActionBase - - -class ActionModule(ActionBase): - TRANSFERS_FILES = True - - def run(self, tmp=None, task_vars=None): - if task_vars is None: - task_vars = dict() - - if self._task.environment and any(self._task.environment): - self._display.warning('openwrt_sysupgrade module does not support the environment keyword') - - result = super(ActionModule, self).run(tmp, task_vars) - del tmp # tmp no longer has any effect - self._cleanup_remote_tmp = False - - try: - if self._play_context.check_mode: - raise AnsibleActionSkip('Check mode is not supported for this task.') - - result['changed'] = True - - try: - image = to_native(self._task.args.get('image', ''), errors='surrogate_or_strict') - image = self._loader.get_real_file(self._find_needle('files', image), decrypt=False) - except AnsibleError as e: - raise AnsibleActionFail(to_native(e)) - - tmp_img = self._connection._shell.join_path(self._connection._shell.tmpdir, os.path.basename(image)) - self._transfer_file(image, tmp_img) - self._fixup_perms2((self._connection._shell.tmpdir, tmp_img), execute=False) - - args = to_native(self._task.args.get('args', ''), errors='surrogate_or_strict') - - script_cmd = ' '.join(['sysupgrade', args, tmp_img]) - script_cmd = self._connection._shell.wrap_for_exec(script_cmd) - - try: - result.update(self._low_level_execute_command(cmd=script_cmd)) - except AnsibleConnectionFailure as e: - result['rc'] = 0 - - if 'rc' in result and result['rc'] != 0: - raise AnsibleActionFail('non-zero return code') - - except AnsibleAction as e: - result.update(e.result) - - return result diff --git a/roles/openwrt/deploy/tasks/main.yml b/roles/openwrt/deploy/tasks/main.yml deleted file mode 100644 index 06fb28ad..00000000 --- a/roles/openwrt/deploy/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: copy image and run sysupgrade - openwrt_sysupgrade: - image: "{{ output_images | first }}" - args: -n diff --git a/roles/openwrt/image/README.md b/roles/openwrt/image/README.md deleted file mode 100644 index 95d9d106..00000000 --- a/roles/openwrt/image/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# Build OpenWRT images with Ansible - -TODO: add possibility to disable root logins using /etc/shadow - this will also take care of the annoying - "There is no root password defined ..." - message when you log in. - -## Configuration diff --git a/roles/openwrt/image/defaults/main.yml b/roles/openwrt/image/defaults/main.yml deleted file mode 100644 index 9f867053..00000000 --- a/roles/openwrt/image/defaults/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -openwrt_variant: openwrt -openwrt_release: "{{ install_codename }}" -openwrt_download_dir: "{{ global_cache_dir }}/openwrt" -openwrt_tarball_basename: "{{ openwrt_variant }}-imagebuilder-{{ openwrt_release }}-{{ openwrt_arch }}-{{ openwrt_target }}.Linux-x86_64" -openwrt_tarball_name: "{{ openwrt_tarball_basename }}.tar.xz" -openwrt_target: generic - -openwrt_output_dir: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/openwrt" -openwrt_output_image_name_base: "{{ openwrt_variant }}-{{ openwrt_release }}-{{ openwrt_arch }}{% if openwrt_target != 'generic' %}-{{ openwrt_target }}{% endif %}" -openwrt_output_image_suffixes: - - squashfs-sysupgrade.bin - - squashfs-factory.bin - -openwrt_packages_remove: [] -openwrt_packages_add: [] -openwrt_packages_extra: [] - -openwrt_keep_temporary_build_dir: false diff --git a/roles/openwrt/image/tasks/fetch.yml b/roles/openwrt/image/tasks/fetch.yml deleted file mode 100644 index 1dc5728d..00000000 --- a/roles/openwrt/image/tasks/fetch.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -- name: Create download directory - file: - dest: "{{ openwrt_download_dir }}" - state: directory - -- name: download the openwrt image builder - block: - - name: Generate OpenWrt download URLs - set_fact: - openwrt_url: - https://downloads.openwrt.org/releases/{{ openwrt_release }}/targets/{{ openwrt_arch | mandatory }}/{{ openwrt_target }} - - - name: Download sha256sums - get_url: - url: "{{ openwrt_url }}/sha256sums" - dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" - - - name: Download sha256sums.asc - get_url: - url: "{{ openwrt_url }}/sha256sums.asc" - dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" - - - name: Check OpenPGP signature - command: >- - gpgv --keyring "{{ global_files_dir }}/common/keyrings/openwrt-{{ [0, 1] | map('extract', (openwrt_release | split('.'))) | join('.') }}.gpg" - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" - changed_when: False - register: openwrt_image_gpg_result - - - debug: - var: openwrt_image_gpg_result.stderr_lines - - - name: Extract SHA256 hash of the imagebuilder archive - command: grep '{{ openwrt_tarball_name }}' "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" - changed_when: False - register: sha256 - - - name: Download imagebuilder - get_url: - url: "{{ openwrt_url }}/{{ openwrt_tarball_name }}" - dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" - checksum: sha256:{{ sha256.stdout.split(' ') | first }} - - rescue: - - name: Delete downloaded artifacts - loop: - - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" - - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" - - "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" - file: - path: "{{ item }}" - state: absent - - - name: the download has failed... - fail: - msg: Something borked diff --git a/roles/openwrt/image/tasks/main.yml b/roles/openwrt/image/tasks/main.yml deleted file mode 100644 index 5bf07d04..00000000 --- a/roles/openwrt/image/tasks/main.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -- name: fetch imagebuilder - when: openwrt_imgbuilder_tarball is not defined - run_once: true - import_tasks: fetch.yml - -- name: build the image - block: - - import_tasks: prepare.yml - - - name: Create the output directory for built images - file: - path: "{{ openwrt_output_dir }}" - state: directory - - - name: generate list of packages to add or remove - set_fact: - openwrt_packages: >- - {{ openwrt_packages_remove | map('regex_replace', '^', '-') | join(' ') }} - {{ openwrt_packages_add | join(' ') }} - {{ openwrt_packages_extra | join(' ') }} - - - name: Build the OpenWrt image - command: >- - make -C {{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }} image - {% if openwrt_profile is defined %}PROFILE="{{ openwrt_profile }}" {% endif %} - FILES="{{ openwrt_imgbuilder_files }}" - PACKAGES="{{ openwrt_packages }}" - {% if openwrt_extra_name is defined %} EXTRA_IMAGE_NAME="{{ openwrt_extra_name }}" {% endif %} - {% if openwrt_rootfs_partsize is defined %} ROOTFS_PARTSIZE="{{ openwrt_rootfs_partsize }}" {% endif %} - register: openwrt_build - - - name: Copy newly built OpenWrt image - loop: "{{ openwrt_output_image_suffixes }}" - copy: - src: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/bin/targets/{{ openwrt_arch }}/{{ openwrt_target }}/{{ openwrt_output_image_name_base }}-{{ item }}" - dest: "{{ openwrt_output_dir }}" - - - name: set output image names - set_fact: - output_images: "{{ [(openwrt_output_dir, openwrt_output_image_name_base) | path_join | realpath] | product(openwrt_output_image_suffixes) | map('join', '-') }}" - - always: - - name: save stdout build-log to output directory - when: openwrt_build is defined - copy: - content: "{{ openwrt_build.stdout }}\n" - dest: "{{ openwrt_output_dir }}/build-stdout.log" - - - name: save stderr build-log to output directory - when: openwrt_build is defined - copy: - content: "{{ openwrt_build.stderr }}\n" - dest: "{{ openwrt_output_dir }}/build-stderr.log" - - - name: delete the temporary build directory - when: not openwrt_keep_temporary_build_dir - file: - path: "{{ openwrt_imgbuilder_dir }}" - state: absent - - - name: print temporary build directory information - when: openwrt_keep_temporary_build_dir - debug: - msg: "The temporary build directory has not been deleted, the path to the directory is: {{ openwrt_imgbuilder_dir }}" diff --git a/roles/openwrt/image/tasks/prepare.yml b/roles/openwrt/image/tasks/prepare.yml deleted file mode 100644 index f685540c..00000000 --- a/roles/openwrt/image/tasks/prepare.yml +++ /dev/null @@ -1,110 +0,0 @@ ---- -- name: Create temporary build directory - tempfile: - state: directory - register: tmpdir - -- name: set variables needed to build images - set_fact: - openwrt_imgbuilder_dir: "{{ tmpdir.path }}" - openwrt_imgbuilder_files: "{{ tmpdir.path }}/files" - -- name: Create the directories for mixins - loop: "{{ mixin_directories | flatten }}" - vars: - mixin_directories: - - "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}" - - "{{ openwrt_imgbuilder_files }}/etc/config" - - "{{ openwrt_mixin | map('dirname') | map('regex_replace', '^', openwrt_imgbuilder_files) | unique | list }}" - file: - path: "{{ item }}" - state: directory - mode: '0755' - - -- name: Copy mixins in place [1/3] - loop: "{{ openwrt_mixin | dict2items | selectattr('value.link', 'defined') | list }}" - loop_control: - label: "{{ item.key }}" - file: - dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" - src: "{{ item.value.link }}" - force: yes - follow: no - state: link - -- name: Copy mixins in place [2/3] - loop: "{{ openwrt_mixin | dict2items | selectattr('value.file', 'defined') | list }}" - loop_control: - label: "{{ item.key }}" - copy: - src: "{{ item.value.file }}" - dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" - mode: "{{ item.value.mode | default('0644') }}" - -- name: Copy mixins in place [3/3] - loop: "{{ openwrt_mixin | dict2items | selectattr('value.content', 'defined') | list }}" - loop_control: - label: "{{ item.key }}" - copy: - content: "{{ item.value.content }}" - dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" - mode: "{{ item.value.mode | default('0644') }}" - -- name: Generate /etc/fstab - when: openwrt_mounts is defined - loop: "{{ openwrt_mounts }}" - loop_control: - label: "{{ item.path }}" - mount: - fstab: "{{ openwrt_imgbuilder_files }}/etc/fstab" - state: present - src: "{{ item.src | default(omit) }}" - path: "{{ item.path | default(omit) }}" - fstype: "{{ item.fstype | default(omit) }}" - opts: "{{ item.opts | default(omit) }}" - boot: "{{ item.boot | default(omit) }}" - dump: "{{ item.dump | default(omit) }}" - passno: "{{ item.passno | default(omit) }}" - - -- name: Create UCI configuration files - loop: "{{ openwrt_uci | dict2items }}" - loop_control: - label: "{{ item.key }}" - template: - src: uci.j2 - dest: "{{ openwrt_imgbuilder_files }}/etc/config/{{ item.key }}" - mode: 0644 - trim_blocks: yes -# force: no ## TODO: fail when overwriting a file - -- name: Create /etc/passwd - when: openwrt_users is defined - template: - src: passwd.j2 - dest: "{{ openwrt_imgbuilder_files }}/etc/passwd" - mode: 0644 - trim_blocks: yes - -- name: Create /etc/group - when: openwrt_groups is defined or openwrt_users is defined - template: - src: group.j2 - dest: "{{ openwrt_imgbuilder_files }}/etc/group" - mode: 0644 - trim_blocks: yes - -- name: extract image builder tarball - environment: ### TODO: remove once this lands in ansible: https://github.com/ansible/ansible/pull/76542 - LANGUAGE: en_US.utf8 - unarchive: - src: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" - remote_src: yes - dest: "{{ openwrt_imgbuilder_dir }}" - -- name: Symlink the cache repository - file: - state: link - src: "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}" - path: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/dl" diff --git a/roles/openwrt/image/templates/group.j2 b/roles/openwrt/image/templates/group.j2 deleted file mode 100644 index cb433b88..00000000 --- a/roles/openwrt/image/templates/group.j2 +++ /dev/null @@ -1,21 +0,0 @@ -{{ ansible_managed | comment }} -root:x:0: -daemon:x:1: -adm:x:4: -mail:x:8: -audio:x:29: -www-data:x:33: -ftp:x:55: -users:x:100: -network:x:101: -{% for name, opt in openwrt_users.items() %} -{% if 'group_id' not in opt %} -{{ name }}:x:{{ opt.id | default(loop.index + 110) }}: -{% endif %} -{% endfor %} -{% if openwrt_groups is defined %} -{% for name, opt in openwrt_groups.items() %} -{{ name }}:x:{{ opt.id | default(loop.index + 200) }}: -{% endfor %} -{% endif %} -nogroup:x:65534: diff --git a/roles/openwrt/image/templates/passwd.j2 b/roles/openwrt/image/templates/passwd.j2 deleted file mode 100644 index 9beaeb61..00000000 --- a/roles/openwrt/image/templates/passwd.j2 +++ /dev/null @@ -1,9 +0,0 @@ -{{ ansible_managed | comment }} -root:x:0:0:root:/root:/bin/ash -daemon:*:1:1:daemon:/var:/bin/false -ftp:*:55:55:ftp:/home/ftp:/bin/false -network:*:101:101:network:/var:/bin/false -{% for name, opt in openwrt_users.items() %} -{{ name }}:*:{{ opt.id | default(loop.index + 110) }}:{{ opt.gid | default(loop.index + 110) }}:{{ name }}:{{ opt.home | default('/nonexistent') }}:{{ opt.shell | default('/bin/false') }} -{% endfor %} -nobody:*:65534:65534:nobody:/var:/bin/false diff --git a/roles/openwrt/image/templates/uci.j2 b/roles/openwrt/image/templates/uci.j2 deleted file mode 100644 index 3cc480b2..00000000 --- a/roles/openwrt/image/templates/uci.j2 +++ /dev/null @@ -1,15 +0,0 @@ -{{ ansible_managed | comment }} - -{% for section in item.value %} -config {{ section.name }} -{% for option, value in section.options.items() %} -{% if value is iterable and value is not string %} -{% for v in value %} - list {{ option }} '{{ v }}' -{% endfor %} -{% else %} - option {{ option }} '{{ value }}' -{% endif %} -{% endfor %} - -{% endfor %} diff --git a/roles/raspios/image/defaults/main.yml b/roles/raspios/image/defaults/main.yml deleted file mode 100644 index 3f6ab3a3..00000000 --- a/roles/raspios/image/defaults/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -raspios_variant: lite ## (lite|desktop|full) -raspios_codename: "{{ install_codename }}" -# raspios_arch: (arm64|armhf) -raspios_download_dir: "{{ global_cache_dir }}/raspios" - -raspios_output_dir: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/raspios" - -raspios_keep_boot_dir_mounted: no - -# raspios_boot_config: -# - regexp: '^#dtparam=i2c_vc' -# line: 'dtparam=i2c_vc=on' - -raspios_locale: en_US.UTF-8 -raspios_timezone: Europe/Vienna -raspios_keyboard_layout: de diff --git a/roles/raspios/image/filter_plugins/main.py b/roles/raspios/image/filter_plugins/main.py deleted file mode 100644 index 5ac2d5ab..00000000 --- a/roles/raspios/image/filter_plugins/main.py +++ /dev/null @@ -1,51 +0,0 @@ -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -import os -from ansible import errors -from urllib.parse import urlparse, urlunparse - - -def _raspios_extract_latest_image_download_url_recursive(items, image_name_suffix): - for item in items: - if not item['name'].startswith('Raspberry Pi OS '): - continue - - if 'url' in item: - result = urlparse(item['url']) - if not os.path.basename(result.path).endswith(image_name_suffix): - continue - - return urlunparse(result) - if 'subitems' in item: - result = _raspios_extract_latest_image_download_url_recursive(item['subitems'], image_name_suffix) - if result: - return result - return None - - -def raspios_extract_latest_image_download_url(os_list, variant, codename, arch): - try: - image_name_suffix = 'raspios-%s-%s' % (codename, arch) - if variant != 'desktop': - image_name_suffix += '-%s' % variant - image_name_suffix += '.img.xz' - - result = _raspios_extract_latest_image_download_url_recursive(os_list, image_name_suffix) - if result: - return result - - except Exception as e: - raise errors.AnsibleFilterError("raspios_extract_latest_image_download_url: %s" % str(e)) - - raise errors.AnsibleFilterError("unable to find latest image url for: %s" % (base_url)) - - -class FilterModule(object): - - filter_map = { - 'raspios_extract_latest_image_download_url': raspios_extract_latest_image_download_url, - } - - def filters(self): - return self.filter_map diff --git a/roles/raspios/image/tasks/fetch.yml b/roles/raspios/image/tasks/fetch.yml deleted file mode 100644 index bbde6bdf..00000000 --- a/roles/raspios/image/tasks/fetch.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -- name: Create download directory - file: - dest: "{{ raspios_download_dir }}" - state: directory - -- name: fetch imageutility os list from download server - check_mode: no - uri: - url: "{{ raspios_download_url }}/os_list_imagingutility_v4.json" - body_format: json - register: raspios_os_list_imagingutility - -- set_fact: - raspios_download_url_image: "{{ raspios_os_list_imagingutility.json.os_list | raspios_extract_latest_image_download_url(raspios_variant, raspios_codename, raspios_arch) }}" - -- name: download the raspios image - block: - - name: download sha256sum and signature - loop: - - sha256 - - sig - get_url: - url: "{{ raspios_download_url_image }}.{{ item }}" - dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.{{ item }}" - - - name: extract SHA256 hash of the image archive - command: grep '{{ raspios_download_image_base_name }}' "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.sha256" - changed_when: False - register: sha256 - - - name: download image - get_url: - url: "{{ raspios_download_url_image }}" - dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}" - checksum: sha256:{{ sha256.stdout.split(' ') | first }} - - - name: check OpenPGP signature - command: >- - gpgv --keyring "{{ global_files_dir }}/common/keyrings/raspberrypi-downloads.gpg" - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.sig" "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}" - changed_when: False - register: raspios_image_gpg_result - - - debug: - var: raspios_image_gpg_result.stderr_lines - - rescue: - - name: delete downloaded artifacts - loop: - - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}-sha256" - - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.sig" - - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}" - file: - path: "{{ item }}" - state: absent - - - name: the download has failed... - fail: - msg: Something borked diff --git a/roles/raspios/image/tasks/main.yml b/roles/raspios/image/tasks/main.yml deleted file mode 100644 index b8296f9a..00000000 --- a/roles/raspios/image/tasks/main.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- -- name: check if host is member of the raspios group - assert: - msg: "please add the host to the group 'raspios'" - that: - - "'raspios' in group_names" - -- name: fetch base image - run_once: true - import_tasks: fetch.yml - -- name: build the image - block: - - name: create the output directory for built images - file: - path: "{{ raspios_output_dir }}" - state: directory - - - name: extract image - decompress: - src: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}" - dest: "{{ raspios_output_dir }}" - force: yes - register: raspios_image_extract - - - set_fact: - raspios_output_image_base_name: "{{ raspios_image_extract.files | first | basename }}" - - - name: read partition layout from image - command: "sfdisk -q -r -J '{{ raspios_output_dir }}/{{ raspios_output_image_base_name }}'" - register: raspios_image_sfdisk - - - set_fact: - raspios_image_partitions: "{{ (raspios_image_sfdisk.stdout | from_json)['partitiontable']['partitions'] }}" - - - name: bind loop device for boot partition - command: "udisksctl loop-setup --no-user-interaction -o {{ raspios_image_partitions[0].start * 512 }} -s {{ raspios_image_partitions[0].size * 512 }} -f '{{ raspios_output_dir }}/{{ raspios_output_image_base_name }}'" - register: raspios_image_loop_setup - - - set_fact: - raspios_image_loop_device: "{{ raspios_image_loop_setup.stdout | regex_search('as (/dev/loop[0-9]+)\\.$', '\\1') | first }}" - - - name: mount boot partition - command: "udisksctl mount --no-user-interaction -b '{{ raspios_image_loop_device }}'" - register: raspios_image_mount - - - set_fact: - raspios_image_mount_point: "{{ raspios_image_mount.stdout | regex_search('at (/media/.+)\\.?$', '\\1') | first }}" - - - name: edit boot/config.txt - when: raspios_boot_config is defined - loop: "{{ raspios_boot_config }}" - loop_control: - label: "{{ item.line }}" - lineinfile: - path: "{{ raspios_image_mount_point }}/config.txt" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - - - name: Generate authorized_keys file - authorized_key: - user: root - manage_dir: no - path: "{{ raspios_image_mount_point }}/firstrun.authorized_keys" - key: "{{ ssh_keys_root | join('\n') }}" - - - name: install firstrun.sh script - template: - src: firstrun.sh.j2 - dest: "{{ raspios_image_mount_point }}/firstrun.sh" - mode: 0755 - - - name: edit boot/cmdline.txt - lineinfile: - path: "{{ raspios_image_mount_point }}/cmdline.txt" - regexp: '^(.*)( systemd.run=/boot/firstrun.sh systemd.run_success_action=reboot systemd.run_failure_action=none systemd.unit=kernel-command-line.target)?(.*?)$' - backrefs: yes - line: '\1 systemd.run=/boot/firstrun.sh systemd.run_success_action=reboot systemd.run_failure_action=none systemd.unit=kernel-command-line.target \3' - - always: - - name: unmount image - when: - - not raspios_keep_boot_dir_mounted - - raspios_image_mount_point is defined - - raspios_image_mount_point is mount - command: "udisksctl unmount --no-user-interaction -b '{{ raspios_image_loop_device }}'" - - - name: delete loop_device - when: - - not raspios_keep_boot_dir_mounted - - raspios_image_loop_device is defined - command: "udisksctl loop-delete --no-user-interaction -b '{{ raspios_image_loop_device }}'" - - - name: print temporary build directory information - when: - - raspios_keep_boot_dir_mounted - debug: - msg: "As per request the boot partition of the image is still mounted to: {{ raspios_image_mount_point }}" - -- name: set output image names - set_fact: - output_images: - - "{{ (raspios_output_dir, raspios_output_image_base_name) | path_join | realpath }}" diff --git a/roles/raspios/image/templates/firstrun.sh.j2 b/roles/raspios/image/templates/firstrun.sh.j2 deleted file mode 100644 index bc35b764..00000000 --- a/roles/raspios/image/templates/firstrun.sh.j2 +++ /dev/null @@ -1,103 +0,0 @@ -#!/bin/bash -set +e - -if [ -x /usr/lib/raspberrypi-sys-mods/get_fw_loc ]; then - FW_LOC=$(/usr/lib/raspberrypi-sys-mods/get_fw_loc) -else - FW_LOC=/boot -fi - -raspi-config nonint do_hostname "{{ host_name }}" -echo "{{ host_name }}" > /etc/hostname -raspi-config nonint do_change_locale "{{ raspios_locale }}" -raspi-config nonint do_change_timezone "{{ raspios_timezone }}" -raspi-config nonint do_configure_keyboard "{{ raspios_keyboard_layout }}" - -{# 0 -> predictable interface names, 1 -> legacy (eth0...) #} -raspi-config nonint do_net_names 1 - -{% if raspios_codename == 'bullseye' %} -{% if not (install_dhcp | default(false)) %} -cat <> /etc/dhcpcd.conf - -# -interface {{ network.primary.name }} -static ip_address={{ network.primary.address }} -static routers={{ network.primary.gateway }} -static domain_name_servers={{ network.nameservers | join(' ') }} -EOF -systemctl restart dhcpcd.service -{% endif %} -systemctl disable hciuart.service -{% if 'wifi' in network.primary %} -raspi-config nonint do_wifi_ssid_passphrase "{{ network.primary.wifi.ssid }}" "{{ network.primary.wifi.key }}" -raspi-config nonint do_wifi_country "AT" -{% else %} -systemctl disable wpa_supplicant.service -{% endif %} -{% else %} -cat <> /etc/network/interfaces - -# The loopback network interface -auto lo -iface lo inet loopback - -# The primary network interface -auto {{ network.primary.name }} -{% if (install_dhcp | default(false)) %} -iface {{ network.primary.name }} inet dhcp -{% else %} -iface {{ network.primary.name }} inet static - up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - address {{ network.primary.address | ansible.utils.ipaddr('address') }} - netmask {{ network.primary.address | ansible.utils.ipaddr('netmask') }} - gateway {{ network.primary.gateway }} -{% endif %} -{% if 'wifi' in network.primary %} - wpa-ssid {{ network.primary.wifi.ssid }} - wpa-psk {{ network.primary.wifi.key }} -{% endif %} -EOF -{% if not (install_dhcp | default(false)) %} -cat < /etc/resolv.conf -# Generated by ansible -search {{ network.domain }} -{% for nameserver in network.nameservers %} -nameserver {{ nameserver }} -{% endfor %} -EOF -{% endif %} -systemctl disable wpa_supplicant.service -rfkill unblock wlan -ifup {{ network.primary.name }} -{% endif %} - -{% if ansible_port != 22 %} -sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config -{% endif %} -install -m 0700 -d /root/.ssh -install -m 0644 "$FW_LOC/firstrun.authorized_keys" /root/.ssh/authorized_keys -{# 0 -> enable ssh, 1 -> disable ssh #} -raspi-config nonint do_ssh 0 - -export DEBIAN_FRONTEND=noninteractive -export SUDO_FORCE_REMOVE=yes -apt-get purge -q -y userconf-pi avahi-daemon triggerhappy dpkg-dev patch gdb make strace ssh-import-id network-manager udisks2 p7zip p7zip-full sudo dphys-swapfile -apt-get autoremove -q -y -dpkg -l | grep "^rc" | awk "{ print(\$2) }" | xargs -r dpkg -P - -sed 's#systemd.run=/boot/firstrun.sh systemd.run_success_action=reboot systemd.run_failure_action=none systemd.unit=kernel-command-line.target##' -i /boot/cmdline.txt -sed 's#\s*$##' -i /boot/cmdline.txt -rm "$FW_LOC/firstrun.authorized_keys" -rm "$FW_LOC/firstrun.sh" -rm -f /etc/sudoers.d/010_pi-nopasswd -rm -f /etc/apt/sources.list.d/vscode.list -rm -f /etc/apt/trusted.gpg.d/microsoft.gpg - -apt-get update -q -apt-get dist-upgrade -y -q - -{# B1 -> Console, B2 -> console autologin, B3 -> desktop, B4 -> desktop autologin #} -raspi-config nonint do_boot_behaviour B1 -systemctl --quiet enable getty@tty1 diff --git a/roles/raspios/image/vars/main.yml b/roles/raspios/image/vars/main.yml deleted file mode 100644 index 7c547ce2..00000000 --- a/roles/raspios/image/vars/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -raspios_download_url: "https://downloads.raspberrypi.org" - -raspios_download_image_base_name: "{{ raspios_download_url_image | urlsplit('path') | basename }}" diff --git a/roles/slim/hetzner/tasks/main.yml b/roles/slim/hetzner/tasks/main.yml deleted file mode 100644 index a44ccdb5..00000000 --- a/roles/slim/hetzner/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: remove useless packages - apt: - name: - - exim4 - - exim4-daemon-light - state: absent - purge: yes - -- name: cleanup useless dependencies - apt: - autoremove: yes - purge: yes diff --git a/roles/slim/scaleway/tasks/main.yml b/roles/slim/scaleway/tasks/main.yml deleted file mode 100644 index a44ccdb5..00000000 --- a/roles/slim/scaleway/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: remove useless packages - apt: - name: - - exim4 - - exim4-daemon-light - state: absent - purge: yes - -- name: cleanup useless dependencies - apt: - autoremove: yes - purge: yes -- cgit v1.2.3