blob: 05f9639d8457712c7063d6a0e69a3d07ac97a3df (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
#!/bin/bash
set +e
if [ -x /usr/lib/raspberrypi-sys-mods/get_fw_loc ]; then
FW_LOC=$(/usr/lib/raspberrypi-sys-mods/get_fw_loc)
else
FW_LOC=/boot
fi
raspi-config nonint do_hostname "{{ host_name }}"
echo "{{ host_name }}" > /etc/hostname
raspi-config nonint do_change_locale "{{ raspios_locale }}"
raspi-config nonint do_change_timezone "{{ raspios_timezone }}"
raspi-config nonint do_configure_keyboard "{{ raspios_keyboard_layout }}"
{# 0 -> predictable interface names, 1 -> legacy (eth0...) #}
raspi-config nonint do_net_names 1
{% if raspios_codename == 'bullseye' %}
{% if not (install_dhcp | default(false)) %}
cat <<EOF >> /etc/dhcpcd.conf
#
interface {{ network.primary.name }}
static ip_address={{ network.primary.address }}
static routers={{ network.primary.gateway }}
static domain_name_servers={{ network.nameservers | join(' ') }}
EOF
systemctl restart dhcpcd.service
{% endif %}
systemctl disable hciuart.service
{% if 'wifi' in network.primary %}
raspi-config nonint do_wifi_ssid_passphrase "{{ network.primary.wifi.ssid }}" "{{ network.primary.wifi.key }}"
raspi-config nonint do_wifi_country "AT"
{% else %}
systemctl disable wpa_supplicant.service
{% endif %}
{% else %}
cat <<EOF >> /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto {{ network.primary.name }}
{% if (install_dhcp | default(false)) %}
iface {{ network.primary.name }} inet dhcp
{% else %}
iface {{ network.primary.name }} inet static
up echo 0 > /proc/sys/net/ipv6/conf/\$IFACE/accept_ra
up echo 0 > /proc/sys/net/ipv6/conf/\$IFACE/autoconf
address {{ network.primary.address | ansible.utils.ipaddr('address') }}
netmask {{ network.primary.address | ansible.utils.ipaddr('netmask') }}
{% if 'gateway' in network.primary %}
gateway {{ network.primary.gateway }}
{% endif %}
{% for address in network.primary.additional_addresses | default([]) %}
up /bin/ip addr add dev $IFACE {{ address }}/32
{% endfor %}
{% for route in network.primary.static_routes | default([]) %}
up /bin/ip route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{{ '' }}
{% endfor %}
{% for route in network.primary.static_routes | default([]) | reverse %}
down /bin/ip route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{{ '' }}
{% endfor %}
{% for address in network.primary.additional_addresses | default([]) | reverse %}
down /bin/ip addr del dev $IFACE {{ address }}/32
{% endfor %}
{% endif %}
{% if 'wifi' in network.primary %}
wpa-ssid {{ network.primary.wifi.ssid }}
wpa-psk {{ network.primary.wifi.key }}
{% endif %}
EOF
{% if not (install_dhcp | default(false)) %}
cat <<EOF > /etc/resolv.conf
# Generated by ansible
{% if 'domain' in network %}
search {{ network.domain }}
{% endif %}
{% for nameserver in (network.nameservers | default([])) %}
nameserver {{ nameserver }}
{% endfor %}
EOF
{% endif %}
systemctl disable wpa_supplicant.service
rfkill unblock wlan
ifup {{ network.primary.name }}
{% endif %}
{% for host in (network.static_hostnames | default([])) %}
echo "{{ host.address }} {{ host.names | join(' ') }}" >> /etc/hosts
{% endfor %}
{% if ansible_port != 22 %}
sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config
{% endif %}
install -m 0700 -d /root/.ssh
install -m 0644 "$FW_LOC/firstrun.authorized_keys" /root/.ssh/authorized_keys
{# 0 -> enable ssh, 1 -> disable ssh #}
raspi-config nonint do_ssh 0
export DEBIAN_FRONTEND=noninteractive
export SUDO_FORCE_REMOVE=yes
apt-get purge -q -y userconf-pi avahi-daemon triggerhappy dpkg-dev patch gdb make strace ssh-import-id network-manager udisks2 p7zip p7zip-full sudo dphys-swapfile
apt-get autoremove -q -y
dpkg -l | grep "^rc" | awk "{ print(\$2) }" | xargs -r dpkg -P
sed 's#systemd.run=/boot/firstrun.sh systemd.run_success_action=reboot systemd.run_failure_action=none systemd.unit=kernel-command-line.target##' -i /boot/cmdline.txt
sed 's#\s*$##' -i /boot/cmdline.txt
rm "$FW_LOC/firstrun.authorized_keys"
rm "$FW_LOC/firstrun.sh"
rm -f /etc/sudoers.d/010_pi-nopasswd
rm -f /etc/apt/sources.list.d/vscode.list
rm -f /etc/apt/trusted.gpg.d/microsoft.gpg
rm -f /etc/apt/sources.list.d/raspi.list
cat <<EOF > /etc/apt/sources.list
deb http://{{ apt_repo_providers[apt_repo_provider].debian.host }}{{ apt_repo_providers[apt_repo_provider].debian.path }} {{ install_codename }} main non-free-firmware
deb http://{{ apt_repo_providers[apt_repo_provider].debian.host }}{{ apt_repo_providers[apt_repo_provider].debian.path }} {{ install_codename }}-updates main non-free-firmware
deb http://{{ apt_repo_providers[apt_repo_provider].debian_security.host }}{{ apt_repo_providers[apt_repo_provider].debian_security.path }} {{ install_codename }}-security main non-free-firmware
deb http://{{ apt_repo_providers[apt_repo_provider].raspios.host }}{{ apt_repo_providers[apt_repo_provider].raspios.path }} {{ install_codename }} main
EOF
apt-get update -q
apt-get dist-upgrade -y -q
{# B1 -> Console, B2 -> console autologin, B3 -> desktop, B4 -> desktop autologin #}
raspi-config nonint do_boot_behaviour B1
systemctl --quiet enable getty@tty1
|
