added misc rpi stuffs

playbooks/rpi-basics.yaml

@@ -1,23 +1,30 @@
 ---
 - name: Ensures basic scripts & configs set up for Raspberry Pis
   hosts: raspberries
+  vars:
+    password_excluded_hosts:
+      - pikvm
   tasks:
-    - name: Include the rpi_scripts role
+    - name: Set root passwords
-      include_role:
+      ansible.builtin.include_role:
+        name: random_root_password
+      when: ansible_hostname not in password_excluded_hosts
+    - name: Ensure rpi scripts are present
+      ansible.builtin.include_role:
         name: rpi_scripts
     - name: Include the rpi_watchdog role
-      include_role:
+      ansible.builtin.include_role:
         name: rpi_watchdog
-    - name: Include configure_vim role
+    - name: Ensure vim config is present for pi
-      include_role:
+      ansible.builtin.include_role:
         name: configure_vim
     - name: Include profile aliases
-      include_role:
+      ansible.builtin.include_role:
         name: profile_aliases
     - name: Include basic package list
-      include_role:
+      ansible.builtin.include_role:
         name: basic_setup
     - name: Configure pibox extras
-      include_role:
+      ansible.builtin.include_role:
         name: pibox_basics
       when: ansible_hostname == 'piparcel'

roles/basic_setup/tasks/main.yaml

@@ -0,0 +1,22 @@
+---
+- name: Performing APT cache update
+  ansible.builtin.apt:
+    upgrade: no
+    update_cache: yes
+    cache_valid_time: 86400
+  become: true
+  become_method: sudo
+
+- name: Install basic packages
+  ansible.builtin.package:
+    name:
+      - apt-transport-https
+      - mlocate
+      - wget
+      - curl
+      - net-tools
+      - git
+      - software-properties-common
+    state: latest
+  become: true
+  become_method: sudo

roles/profile_aliases/tasks/main.yaml

@@ -0,0 +1,12 @@
+---
+- name: Ensure colored ip alias is set
+  ansible.builtin.lineinfile:
+    path: ~/.profile
+    line: "alias ip=\"ip -c\""
+    state: present
+- name: Ensure dfh alias is set
+  ansible.builtin.lineinfile:
+    path: ~/.profile
+    line: "alias dfh=\"df -h | grep -v tmpfs\""
+    state: present
+

roles/random_root_password/files/root-password-print.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+# For printing the passwords to save to a password manager
+
+password_dir=~/ansible/secrets/passwords/
+
+for dir in $(ls $password_dir); do
+ printf "%-17s :  %20s\n" "$dir" "$(cat $password_dir/$dir/root_password)"
+done

roles/random_root_password/tasks/main.yaml

@@ -0,0 +1,12 @@
+---
+- name: Generate & set random password for root
+  ansible.builtin.user:
+    name: root
+    create_home: false
+    # The rounds & salt MUST be set in the password_hash function if you don't want the task
+    # to return 'changed' every time the playbook runs, updating the /etc/passwd file each time. Fun!
+    # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/password_hash_filter.html
+    password: "{{ lookup('ansible.builtin.password', password_dir + '/' + ansible_hostname + '/root_password', length=20) | password_hash('sha512', rounds=16384, salt=8008135) }}"
+    update_password: always
+  become: true
+  become_method: sudo

roles/random_root_password/vars/main.yaml

@@ -0,0 +1,2 @@
+---
+password_dir: ~/ansible/secrets/passwords/