Add a role for Raspbian (#54)
* Rename debian-setup role to point to vanilla Debian * Add a specific setup role for Raspbian This role will fail for now, Raspbian is not supported by this role as it is. * Add a switch for Raspbian * Add Raspbian role for installing WireGuard * Raspbian: Handle reboot with molly-guard and older Ansible versions
This commit is contained in:
parent
9f76b8baf5
commit
2ef11ac648
93
tasks/setup-debian-raspbian.yml
Normal file
93
tasks/setup-debian-raspbian.yml
Normal file
|
@ -0,0 +1,93 @@
|
|||
---
|
||||
|
||||
- name: (Raspbian) Install GPG - required to add wireguard key
|
||||
apt:
|
||||
name: gnupg
|
||||
state: present
|
||||
|
||||
- name: (Raspbian) Add Debian repository key
|
||||
apt_key:
|
||||
keyserver: "keyserver.ubuntu.com"
|
||||
id: "04EE7237B7D453EC"
|
||||
state: present
|
||||
when: ansible_lsb.id == "Raspbian"
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Add Debian Unstable repository for WireGuard
|
||||
apt_repository:
|
||||
repo: "deb http://deb.debian.org/debian unstable main"
|
||||
state: present
|
||||
update_cache: yes
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Install latest kernel
|
||||
apt:
|
||||
name:
|
||||
- "raspberrypi-kernel"
|
||||
state: latest
|
||||
register: kernel_update
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8)
|
||||
reboot:
|
||||
search_paths: ['/lib/molly-guard', '/usr/sbin']
|
||||
when:
|
||||
- ansible_version.full is version('2.8.0', '>=')
|
||||
- kernel_update is changed
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8)
|
||||
stat:
|
||||
path: /lib/molly-guard/
|
||||
register: molly_guard
|
||||
|
||||
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard)
|
||||
reboot:
|
||||
when:
|
||||
- ansible_version.full is version('2.8.0', '<')
|
||||
- kernel_update is changed
|
||||
- not molly_guard.stat.exists
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard)
|
||||
command: /lib/molly-guard/shutdown -r now
|
||||
async: 1
|
||||
poll: 0
|
||||
ignore_unreachable: yes
|
||||
when:
|
||||
- ansible_version.full is version('2.8.0', '<')
|
||||
- kernel_update is changed
|
||||
- molly_guard.stat.exists
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard)
|
||||
wait_for_connection:
|
||||
when:
|
||||
- ansible_version.full is version('2.8.0', '<')
|
||||
- kernel_update is changed
|
||||
- molly_guard.stat.exists
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS
|
||||
apt:
|
||||
name:
|
||||
- "raspberrypi-kernel-headers"
|
||||
state: latest
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Raspbian) Install wireguard packages
|
||||
apt:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
- "wireguard-tools"
|
||||
state: present
|
||||
tags:
|
||||
- wg-install
|
34
tasks/setup-debian-vanilla.yml
Normal file
34
tasks/setup-debian-vanilla.yml
Normal file
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
- name: (Debian) Install GPG - required to add wireguard key
|
||||
apt:
|
||||
name: gnupg
|
||||
state: present
|
||||
|
||||
- name: (Debian) Add WireGuard repository on buster or earlier
|
||||
apt_repository:
|
||||
repo: "deb http://deb.debian.org/debian buster-backports main"
|
||||
state: present
|
||||
update_cache: yes
|
||||
when: ansible_distribution_version | int <= 10
|
||||
tags:
|
||||
- wg-install
|
||||
|
||||
- name: (Debian) Get architecture
|
||||
command: "dpkg --print-architecture"
|
||||
register: dpkg_arch
|
||||
changed_when: False
|
||||
|
||||
- name: (Debian) Install kernel headers to compile Wireguard with DKMS
|
||||
apt:
|
||||
name:
|
||||
- "linux-headers-{{ dpkg_arch.stdout }}"
|
||||
state: present
|
||||
|
||||
- name: (Debian) Install wireguard packages
|
||||
apt:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
- "wireguard-tools"
|
||||
state: present
|
||||
tags:
|
||||
- wg-install
|
|
@ -1,34 +1,8 @@
|
|||
---
|
||||
- name: (Debian) Install GPG - required to add wireguard key
|
||||
apt:
|
||||
name: gnupg
|
||||
state: present
|
||||
|
||||
- name: (Debian) Add WireGuard repository on buster or earlier
|
||||
apt_repository:
|
||||
repo: "deb http://deb.debian.org/debian buster-backports main"
|
||||
state: present
|
||||
update_cache: yes
|
||||
when: ansible_distribution_version | int <= 10
|
||||
tags:
|
||||
- wg-install
|
||||
- include_tasks: "setup-debian-raspbian.yml"
|
||||
when: ansible_lsb.id == "Raspbian"
|
||||
register: raspbian_setup
|
||||
|
||||
- name: (Debian) Get architecture
|
||||
command: "dpkg --print-architecture"
|
||||
register: dpkg_arch
|
||||
changed_when: False
|
||||
|
||||
- name: (Debian) Install kernel headers to compile Wireguard with DKMS
|
||||
apt:
|
||||
name:
|
||||
- "linux-headers-{{ dpkg_arch.stdout }}"
|
||||
state: present
|
||||
|
||||
- name: (Debian) Install wireguard packages
|
||||
apt:
|
||||
name:
|
||||
- "wireguard-dkms"
|
||||
- "wireguard-tools"
|
||||
state: present
|
||||
tags:
|
||||
- wg-install
|
||||
- include_tasks: "setup-debian-vanilla.yml"
|
||||
when: raspbian_setup is skipped
|
||||
|
|
Reference in a new issue