improve playbook

atao · Feb 1, 2024 · fc55685 · fc55685
1 parent a730563
commit fc55685
Show file tree

Hide file tree

Showing 16 changed files with 116 additions and 111 deletions.
diff --git a/README.md b/README.md
@@ -14,7 +14,7 @@ Before run command you must setup your Pi with [Raspberry Pi Imager](https://www
 Next run command :
 
 ```
- curl -s https://raw.githubusercontent.com/atao/raspberrypi-setup/main/install.sh | bash -s -- all
+curl -s https://raw.githubusercontent.com/atao/raspberrypi-setup/main/install.sh | bash -s -- all
 ```
 ## Ansible
 
@@ -23,27 +23,33 @@ To setup run the following command :
 ```
 git clone https://github.com/atao/raspberrypi-setup.git
 cd raspberrypi-setup
-ansible-playbook playbook.yml -i hosts --ask-become-pass --tags all
+ansible-playbook playbook.yml -i hosts --tags all --ask-become-pass
 ```
 
 ## Roles
 
 You can choose what you want to install with tags :
 
-- **setup** install standard packages
+- **standard** install [standard packages](roles/standard/vars/main.yml)
 - **jackit** install [jackit](https://github.com/insecurityofthings/jackit) for exploit code for Mousejack
-- **multitor** install a proxy with multiple TOR instances with load-balancing ([trimstray/multitor](https://github.com/trimstray/multitor)) -- [Know issues](https://github.com/atao/raspberrypi-setup/blob/main/roles/multitor/README.md)
+- **multitor** install a proxy with multiple TOR instances with load-balancing ([trimstray/multitor](https://github.com/trimstray/multitor)) -- [Known issues](https://github.com/atao/raspberrypi-setup/blob/main/roles/multitor/README.md)
 - **rfid** install RFID tools ([libnfc](https://github.com/nfc-tools/libnfc), [mfoc](https://github.com/nfc-tools/mfoc), [mfcuk](https://github.com/nfc-tools/mfcuk)) and keys from [MifareClassicTool](https://github.com/ikarus23/MifareClassicTool/tree/master/Mifare%20Classic%20Tool/app/src/main/assets/key-files)
 - **wifi** install Wifi and GPS tools for wardriving
-- **display** configure my display with [LCD-show](https://github.com/goodtft/LCD-show)
 - **docker** install Docker
-- **container** some containers ([portainer/portainer-ce](https://hub.docker.com/r/portainer/portainer-ce), [jlesage/jdownloader-2](https://github.com/jlesage/docker-jdownloader-2))
+- **web** install nginx and certbot
+- **display** configure my display with [LCD-show](https://github.com/goodtft/LCD-show)
 
 _You will need to modify [this file](roles/display/tasks/main.yml) to configure the correct display._
 
-For Examples you can install only :
+Containers :
+- **jd2** docker container for JDownloader 2 [jlesage/jdownloader-2](https://github.com/jlesage/docker-jdownloader-2)
+- **portainer** Portainer CE - a lightweight service delivery platform for containerized applications [portainer/portainer-ce](https://hub.docker.com/r/portainer/portainer-ce)
+
+
+## Examples
+Install only standard, multitor, rfid, docker, web :
 ```
- curl -s https://raw.githubusercontent.com/atao/raspberrypi-setup/main/install.sh | bash -s -- setup,multitor,rfid,docker
+curl -s https://raw.githubusercontent.com/atao/raspberrypi-setup/main/install.sh | bash -s -- standard,multitor,rfid,docker,web
 ```
 
 ## Debug
@@ -61,4 +67,4 @@ sudo apt install curl
 ```
 --
 
-Inspired from [nico2che / mac-setup](https://github.com/nico2che/mac-setup)
+Inspired from [geerlingguy / mac-dev-playbook](https://github.com/geerlingguy/mac-dev-playbook) and [nico2che / mac-setup](https://github.com/nico2che/mac-setup)
diff --git a/ansible.cfg.sample → ansible.cfg b/ansible.cfg.sample → ansible.cfg
@@ -2,8 +2,6 @@
 
 [defaults]
 
-remote_user = pi
-
 # path to install and search for roles in :
 roles_path  = ./ansible_galaxy_roles
 

diff --git a/playbook.yml b/playbook.yml
@@ -1,11 +1,11 @@
 - name: RaspberryPi-Setup
   hosts: RaspberryPi
-  gather_facts: false
+  gather_facts: true
   become: true
-  become_user: root
+  become_user: atao
   roles:
     - role: standard
-      tags: ['setup']
+      tags: ['standard']
     - role: docker
       tags: ['docker']
     - role: multitor
@@ -19,4 +19,5 @@
     - role: display
       tags: ['display', 'never']
     - role: container
-      tags: ['docker', 'container']
+    - role: web
+      tags: ['web']
diff --git a/roles/container/tasks/main.yml b/roles/container/tasks/main.yml
@@ -1,10 +1,12 @@
 - name: Container portainer/portainer-ce:latest
+  become: true
+  become_user: root
   block:
-   - name: Create a volume
+   - name: Create a volume portainer_data
      become: true
      community.docker.docker_volume:
       name: portainer_data
-   - name: Create container
+   - name: Create container portainer-ce
      community.docker.docker_container:
       name: portainer
       image: portainer/portainer-ce
@@ -19,8 +21,11 @@
       volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - portainer_data:/data
+  tags: portainer
 
 - name: Container jlesage/jdownloader-2
+  become: true
+  become_user: root
   community.docker.docker_container:
    name: jdownloader-2
    image: jlesage/jdownloader-2
@@ -32,7 +37,8 @@
    ports:
     - "5800:5800"
    volumes:
-    - /home/{{ lookup('env', 'USER') }}/jdownloader:/config
+    - "{{ ansible_facts['env']['HOME'] }}/jdownloader:/config"
     - /mnt:/output
    env:
     "JDOWNLOADER_HEADLESS": "1"
+  tags: jd2
diff --git a/roles/display/tasks/main.yml b/roles/display/tasks/main.yml
@@ -1,15 +1,13 @@
 - name: Git clone LCD-show
-  become: true
-  become_user: root
   ansible.builtin.git:
     repo: https://github.com/goodtft/LCD-show.git
-    dest: /home/{{ lookup('env', 'USER') }}/LCD-show
+    dest: "{{{ ansible_facts['env']['HOME'] }}}/LCD-show"
     clone: true
 - name: Change rights on LCD-show
   ansible.builtin.command: chmod -R 755 LCD-show
   args:
-    chdir: /home/{{ lookup('env', 'USER') }}/
+    chdir: "{{ ansible_facts['env']['HOME'] }}"
 - name: Run script to configure screen
   ansible.builtin.command: sudo ./LCD7B-show
   args:
-    chdir: /home/{{ lookup('env', 'USER') }}/LCD-show
+    chdir: "{{ ansible_facts['env']['HOME'] }}/LCD-show"
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
@@ -3,33 +3,38 @@
     name: "{{ old_packages }}"
     state: absent
 
-- name: Install the Docker packages
+- name: Install Docker packages
   become: true
+  become_user: root
   ansible.builtin.apt:
     name: "{{ apt_packages }}"
     update_cache: true
 
-- name: Add folder keyrings
-  ansible.builtin.command: sudo install -m 0755 -d /etc/apt/keyrings
+- name: check install script exists
+  ansible.builtin.stat:
+    path: get-docker.sh
+  register: stat_result
 
-- name: Add gpg key for Docker repository
-  ansible.builtin.command: >-
-    curl -fsSL https://download.docker.com/linux/debian/gpg |
-    sudo gpg --batch --yes --dearmor -o /etc/apt/keyrings/docker.gpg
+- name: Download docker install script
+  ansible.builtin.get_url:
+        url: https://get.docker.com
+        dest: get-docker.sh
+  when: stat_result.stat.exists
 
-- name: Set rights key file
-  ansible.builtin.command: sudo chmod a+r /etc/apt/keyrings/docker.gpg
+- name: Run install script
+  ansible.builtin.command:
+    argv:
+      - sh
+      - get-docker.sh
+  when: stat_result.stat.exists
 
-- name: Add Docker repository
-  ansible.builtin.command: >-
-    echo "deb [arch="$(dpkg --print-architecture)"
-    signed-by=/etc/apt/keyrings/docker.gpg]
-    https://download.docker.com/linux/debian
-    "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" |
-    sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+- name: Verify docker installation
+  command: docker -v
+  register: docker_version
+- debug:
+    var: docker_version.stdout_lines
 
-- name: Install the Docker packages
-  become: true
-  ansible.builtin.apt:
-    name: "{{ docker_packages }}"
-    update_cache: true
+- name: Remove script
+  file:
+    path: get-docker.sh
+    state: absent
diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml
@@ -3,13 +3,6 @@ apt_packages:
   - curl
   - gnupg
 
-docker_packages:
-  - docker-ce
-  - docker-ce-cli
-  - containerd.io
-  - docker-buildx-plugin
-  - docker-compose-plugin
-
 old_packages:
   - docker.io
   - docker-doc

diff --git a/roles/jackit/tasks/main.yml b/roles/jackit/tasks/main.yml
@@ -1,21 +1,16 @@
 - name: Git clone jackit
-  become: true
-  become_user: root
   ansible.builtin.git:
     repo: https://github.com/insecurityofthings/jackit.git
-    dest: /home/{{ lookup('env', 'USER') }}/jackit
+    dest: "{{ ansible_facts['env']['HOME'] }}/jackit"
     clone: true
 
 - name: Install requirements
   become: true
   become_user: root
   ansible.builtin.pip:
-    requirements: /home/{{ lookup('env', 'USER') }}/jackit/requirements.txt
-    executable: pip3
+    requirements: "{{ ansible_facts['env']['HOME'] }}/jackit/requirements.txt"
 
 - name: Install jackit
-  become: true
-  become_user: root
   ansible.builtin.command: python3 setup.py install
   args:
-    chdir: /home/{{ lookup('env', 'USER') }}/jackit/
+    chdir: "{{ ansible_facts['env']['HOME'] }}/jackit"
diff --git a/roles/multitor/tasks/main.yml b/roles/multitor/tasks/main.yml
@@ -1,68 +1,56 @@
 ---
 - name: Installation requirements
   become: true
+  become_user: root
   ansible.builtin.apt:
     name: "{{ apt_packages }}"
     update_cache: true
 
 - name: Git clone Polipo
   ansible.builtin.git:
     repo: https://github.com/jech/polipo.git
-    dest: "{{ repo_polipo }}"
+    dest: "{{ ansible_facts['env']['HOME'] }}/polipo"
     clone: true
 
 - name: Build Polipo
   ansible.builtin.command: make
   args:
-    chdir: "{{ repo_polipo }}"
-
-- name: Add Polipo to PATH
-  ansible.builtin.copy:
-    src: "{{ repo_polipo }}/polipo"
-    dest: /usr/bin/polipo
-    mode: '755'
-    force: true
-    remote_src: true
+    chdir: "{{ ansible_facts['env']['HOME'] }}/polipo"
 
 - name: Remove Polipo Git folder
   file:
-    path: "{{ repo_polipo }}"
+    path: "{{ ansible_facts['env']['HOME'] }}/polipo"
     state: absent
 
 - name: Install hpts from npm
-  become: true
   community.general.npm:
     name: http-proxy-to-socks
     global: true
 
 - name: Git clone multitor
-  become: true
   ansible.builtin.git:
     repo: https://github.com/trimstray/multitor.git
-    dest: "/home/{{ lookup('env', 'USER') }}/multitor"
+    dest: "{{ ansible_facts['env']['HOME'] }}/multitor"
     clone: true
 
 - name: Setup multitor
-  become: true
   ansible.builtin.command: >-
-    /home/{{ lookup('env', 'USER') }}/multitor/setup.sh install
+    {{ ansible_facts['env']['HOME'] }}/multitor/setup.sh install
 
 - name: Send file - check_multitor.py
-  become: true
   ansible.builtin.copy:
     src: scripts/check_multitor.py
-    dest: /home/{{ lookup('env', 'USER') }}/check_multitor.py
+    dest: "{{ ansible_facts['env']['HOME'] }}/check_multitor.py"
     mode: '755'
     force: true
-    owner: "{{ lookup('env', 'USER') }}"
-    group: "{{ lookup('env', 'USER') }}"
+    owner: "{{ ansible_facts['env']['LOGNAME'] }}"
+    group: "{{ ansible_facts['env']['LOGNAME'] }}"
 
 - name: Send file - run_multitor.sh
-  become: true
   ansible.builtin.copy:
     src: scripts/run_multitor.sh
-    dest: /home/{{ lookup('env', 'USER') }}/run_multitor.sh
+    dest: "{{ ansible_facts['env']['HOME'] }}/run_multitor.sh"
     mode: '755'
     force: true
-    owner: "{{ lookup('env', 'USER') }}"
-    group: "{{ lookup('env', 'USER') }}"
+    owner: "{{ ansible_facts['env']['LOGNAME'] }}"
+    group: "{{ ansible_facts['env']['LOGNAME'] }}"
diff --git a/roles/multitor/vars/main.yml b/roles/multitor/vars/main.yml
@@ -5,6 +5,4 @@ apt_packages:
   - tor
   - privoxy
   - haproxy
-  - netcat
-
-repo_polipo: "$PWD/polipo"
+  - netcat-openbsd
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,6 +5,4 @@ apt_packages: @@
       - tor
       - privoxy
       - haproxy
-      - netcat
-    repo_polipo: "$PWD/polipo"
+      - netcat-openbsd