ansible-server-infrastruktur/roles/install_arch/tasks/main.yml

---

- name: read /etc/motd
  command: cat /etc/motd
  register: motd_contents

- name: check whether we're running in the Hetzner rescue system
  fail: msg="Not running in Hetzner rescue system!"
  when: "'Hetzner Rescue' not in motd_contents.stdout"

- name: partition and format the disks
  command: mkfs.btrfs -f -L rootfs -d raid1 /dev/sda /dev/sdb
  when: filesystem == "btrfs"

- name: create BIOS boot partitions
  command: sgdisk -n 1:0:10M /dev/{{ item }}
  when: filesystem == "ext4"
  with_items:
    - sda
    - sdb

- name: create RAID partitions
  command: sgdisk -n 2:0:0 /dev/{{ item }}
  when: filesystem == "ext4"
  with_items:
    - sda
    - sdb

- name: set BIOS boot partition types
  command: sgdisk -t 1:ef02 /dev/{{ item }}
  when: filesystem == "ext4"
  with_items:
    - sda
    - sdb

- name: set RAID partition types
  command: sgdisk -t 2:fd00
  when: filesystem == "ext4"
  with_items:
    - sda
    - sdb

- name: create MDADM array
  command: mdadm --create --level=1 --raid-devices=2 --run /dev/md0 /dev/sda2 /dev/sdb2
  when: filesystem == "ext4"

- name: format the MDADM array
  filesystem: dev=/dev/md0 fstype=ext4
  when: filesystem == "ext4"

- name: mount the filesystem (btrfs)
  mount: name=/mnt src='LABEL=rootfs' fstype=btrfs state=mounted
  when: filesystem == "btrfs"

- name: mount the filesystem (ext4)
  mount: name=/mnt src=/dev/md0 fstype=ext4 state=mounted
  when: filesystem == "ext4"

- name: touch LOCK file on mountpoint
  file: path=/mnt/LOCK state=touch

- name: download bootstrap image
  unarchive:
    src: https://mirrors.kernel.org/archlinux/iso/latest/archlinux-bootstrap-2018.05.01-x86_64.tar.gz
    dest: /tmp/
    copy: no
    creates: /tmp/root.x86_64

- name: copy resolv.conf to bootstrap chroot
  copy: remote_src=True src=/etc/resolv.conf dest=/tmp/root.x86_64/etc/resolv.conf

- name: mount /proc to bootstrap chroot
  command: mount --rbind /proc /tmp/root.x86_64/proc creates=/tmp/root.x86_64/proc/uptime

- name: mount /sys to bootstrap chroot
  command: mount --rbind /sys /tmp/root.x86_64/sys creates=/tmp/root.x86_64/sys/dev

- name: mount /dev to bootstrap chroot
  command: mount --rbind /dev /tmp/root.x86_64/dev creates=/tmp/root.x86_64/dev/zero

- name: mount /mnt to bootstrap chroot
  command: mount --rbind /mnt /tmp/root.x86_64/mnt creates=/tmp/root.x86_64/mnt/LOCK

- name: configure pacman mirror
  template: src=mirrorlist.j2 dest=/tmp/root.x86_64/etc/pacman.d/mirrorlist owner=root group=root mode=0644

- name: initialize pacman keyring inside bootstrap chroot
  command: chroot /tmp/root.x86_64 pacman-key --init

- name: populate pacman keyring inside bootstrap chroot
  command: chroot /tmp/root.x86_64 pacman-key --populate archlinux

- name: install arch base from bootstrap chroot
  command: chroot /tmp/root.x86_64 pacstrap /mnt base base-devel btrfs-progs grub openssh python2 creates=/tmp/root.x86_64/mnt/bin

- name: mount /proc to new chroot
  command: mount --rbind /proc /mnt/proc creates=/mnt/proc/uptime

- name: mount /sys to new chroot
  command: mount --rbind /sys /mnt/sys creates=/mnt/sys/dev

- name: mount /dev to new chroot
  command: mount --rbind /dev /mnt/dev creates=/mnt/dev/zero

- name: generate mdadm.conf
  shell: mdadm --detail --scan >> /mnt/etc/mdadm.conf
  when: filesystem == "ext4"

- name: setup locale.gen
  lineinfile:
    path: /mnt/etc/locale.gen
    line: "de_DE.UTF-8 UTF-8 \nen_US.UTF-8 UTF-8"

- name: run locale-gen inside chroot
  command: chroot /mnt locale-gen

- name: run systemd-firstboot
  command: chroot /mnt systemd-firstboot --locale=de_DE.UTF-8 --timezone=UTC --hostname={{ hostname }}

- name: add mdadm_udev to mkinitcpio.conf
  lineinfile:
    dest: /mnt/etc/mkinitcpio.conf
    backrefs: yes
    regexp: '^(.*)block filesystems(.*)$'
    line: '\1block mdadm_udev filesystems\2'
  when: filesystem == "ext4"

- name: run mkinitcpio
  command: chroot /mnt mkinitcpio -p linux

- name: configure network
  template: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode=0644
  with_items:
    - { src: 'eth0.j2' , dest: '/mnt/etc/netctl/eth0' }
    - { src: '99-hetzner.conf.j2' , dest: '/mnt/etc/sysctl.d/99-hetzner.conf' }
    - { src: '80-net-setup-link.rules.j2', dest: '/mnt/etc/udev/rules.d/80-net-setup-link.rules' }

- name: disable systemd-networkd
  command: chroot /mnt systemctl disable systemd-networkd.service

- name: enable netctl
  command: chroot /mnt netctl enable eth0

- name: install grub
  command: chroot /mnt grub-install --recheck {{ item }}
  with_items:
    - /dev/sda
    - /dev/sdb

- name: configure grub
  command: chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg

- name: configure nss
  lineinfile:
    dest: /mnt/etc/nsswitch.conf
    regexp: '^hosts:'
    line: 'hosts: files mymachines resolve myhostname'

- name: enable services inside chroot
  command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved

- set_fact: pubkey_list="{{ lookup('file', '../pubkeys/' + item) }}"
  register: pubkeys
  with_items: "{{ root_ssh_keys }}"

- set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}

- name: add authorized key for root
  authorized_key: user=root key="{{ pubkey_string }}" path=/tmp/root.x86_64/mnt/root/.ssh/authorized_keys exclusive=yes

- name: configure sshd
  template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644

- name: create symlink to resolv.conf
  file: src=/run/systemd/resolve/resolv.conf dest=/mnt/etc/resolv.conf state=link force=yes

- name: remove LOCK file on mountpoint
  file: path=/mnt/LOCK state=absent

- name: reboot into new system
  shell: sleep 5 && reboot &
  args:
    executable: /bin/bash
  async: 10
  poll: 0

- name: waiting for server to go down
  local_action:
    module: wait_for
    host: "{{ inventory_hostname }}"
    port: 22
    delay: 1
    timeout: 60
    state: stopped

- name: remove server from local known_hosts file
  local_action: shell ssh-keygen -R {{ inventory_hostname }}
  ignore_errors: true

- name: waiting for server to come back
  local_action:
    module: wait_for
    host: "{{ inventory_hostname }}"
    port: 22
    delay: 1
    timeout: 60
initial commit 7 years ago			`---`

			`- name: read /etc/motd`
			`command: cat /etc/motd`
			`register: motd_contents`

			`- name: check whether we're running in the Hetzner rescue system`
			`fail: msg="Not running in Hetzner rescue system!"`
			`when: "'Hetzner Rescue' not in motd_contents.stdout"`

			`- name: partition and format the disks`
			`command: mkfs.btrfs -f -L rootfs -d raid1 /dev/sda /dev/sdb`
			`when: filesystem == "btrfs"`

			`- name: create BIOS boot partitions`
			`command: sgdisk -n 1:0:10M /dev/{{ item }}`
			`when: filesystem == "ext4"`
			`with_items:`
			`- sda`
			`- sdb`

			`- name: create RAID partitions`
			`command: sgdisk -n 2:0:0 /dev/{{ item }}`
			`when: filesystem == "ext4"`
			`with_items:`
			`- sda`
			`- sdb`

			`- name: set BIOS boot partition types`
			`command: sgdisk -t 1:ef02 /dev/{{ item }}`
			`when: filesystem == "ext4"`
			`with_items:`
			`- sda`
			`- sdb`

			`- name: set RAID partition types`
			`command: sgdisk -t 2:fd00`
			`when: filesystem == "ext4"`
			`with_items:`
			`- sda`
			`- sdb`

			`- name: create MDADM array`
			`command: mdadm --create --level=1 --raid-devices=2 --run /dev/md0 /dev/sda2 /dev/sdb2`
			`when: filesystem == "ext4"`

			`- name: format the MDADM array`
			`filesystem: dev=/dev/md0 fstype=ext4`
			`when: filesystem == "ext4"`

			`- name: mount the filesystem (btrfs)`
			`mount: name=/mnt src='LABEL=rootfs' fstype=btrfs state=mounted`
			`when: filesystem == "btrfs"`

			`- name: mount the filesystem (ext4)`
			`mount: name=/mnt src=/dev/md0 fstype=ext4 state=mounted`
			`when: filesystem == "ext4"`

			`- name: touch LOCK file on mountpoint`
			`file: path=/mnt/LOCK state=touch`

			`- name: download bootstrap image`
			`unarchive:`
			`src: https://mirrors.kernel.org/archlinux/iso/latest/archlinux-bootstrap-2018.05.01-x86_64.tar.gz`
			`dest: /tmp/`
			`copy: no`
			`creates: /tmp/root.x86_64`

			`- name: copy resolv.conf to bootstrap chroot`
			`copy: remote_src=True src=/etc/resolv.conf dest=/tmp/root.x86_64/etc/resolv.conf`

			`- name: mount /proc to bootstrap chroot`
			`command: mount --rbind /proc /tmp/root.x86_64/proc creates=/tmp/root.x86_64/proc/uptime`

			`- name: mount /sys to bootstrap chroot`
			`command: mount --rbind /sys /tmp/root.x86_64/sys creates=/tmp/root.x86_64/sys/dev`

			`- name: mount /dev to bootstrap chroot`
			`command: mount --rbind /dev /tmp/root.x86_64/dev creates=/tmp/root.x86_64/dev/zero`

			`- name: mount /mnt to bootstrap chroot`
			`command: mount --rbind /mnt /tmp/root.x86_64/mnt creates=/tmp/root.x86_64/mnt/LOCK`

			`- name: configure pacman mirror`
			`template: src=mirrorlist.j2 dest=/tmp/root.x86_64/etc/pacman.d/mirrorlist owner=root group=root mode=0644`

			`- name: initialize pacman keyring inside bootstrap chroot`
			`command: chroot /tmp/root.x86_64 pacman-key --init`

			`- name: populate pacman keyring inside bootstrap chroot`
			`command: chroot /tmp/root.x86_64 pacman-key --populate archlinux`

			`- name: install arch base from bootstrap chroot`
			`command: chroot /tmp/root.x86_64 pacstrap /mnt base base-devel btrfs-progs grub openssh python2 creates=/tmp/root.x86_64/mnt/bin`

			`- name: mount /proc to new chroot`
			`command: mount --rbind /proc /mnt/proc creates=/mnt/proc/uptime`

			`- name: mount /sys to new chroot`
			`command: mount --rbind /sys /mnt/sys creates=/mnt/sys/dev`

			`- name: mount /dev to new chroot`
			`command: mount --rbind /dev /mnt/dev creates=/mnt/dev/zero`

			`- name: generate mdadm.conf`
			`shell: mdadm --detail --scan >> /mnt/etc/mdadm.conf`
			`when: filesystem == "ext4"`

			`- name: setup locale.gen`
			`lineinfile:`
			`path: /mnt/etc/locale.gen`
			`line: "de_DE.UTF-8 UTF-8 \nen_US.UTF-8 UTF-8"`

			`- name: run locale-gen inside chroot`
			`command: chroot /mnt locale-gen`

			`- name: run systemd-firstboot`
			`command: chroot /mnt systemd-firstboot --locale=de_DE.UTF-8 --timezone=UTC --hostname={{ hostname }}`

			`- name: add mdadm_udev to mkinitcpio.conf`
			`lineinfile:`
			`dest: /mnt/etc/mkinitcpio.conf`
			`backrefs: yes`
			`regexp: '^(.)block filesystems(.)$'`
			`line: '\1block mdadm_udev filesystems\2'`
			`when: filesystem == "ext4"`

			`- name: run mkinitcpio`
			`command: chroot /mnt mkinitcpio -p linux`

			`- name: configure network`
			`template: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode=0644`
			`with_items:`
			`- { src: 'eth0.j2' , dest: '/mnt/etc/netctl/eth0' }`
			`- { src: '99-hetzner.conf.j2' , dest: '/mnt/etc/sysctl.d/99-hetzner.conf' }`
			`- { src: '80-net-setup-link.rules.j2', dest: '/mnt/etc/udev/rules.d/80-net-setup-link.rules' }`

			`- name: disable systemd-networkd`
			`command: chroot /mnt systemctl disable systemd-networkd.service`

			`- name: enable netctl`
			`command: chroot /mnt netctl enable eth0`

			`- name: install grub`
			`command: chroot /mnt grub-install --recheck {{ item }}`
			`with_items:`
			`- /dev/sda`
			`- /dev/sdb`

			`- name: configure grub`
			`command: chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg`

			`- name: configure nss`
			`lineinfile:`
			`dest: /mnt/etc/nsswitch.conf`
			`regexp: '^hosts:'`
			`line: 'hosts: files mymachines resolve myhostname'`

			`- name: enable services inside chroot`
			`command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved`

			`- set_fact: pubkey_list="{{ lookup('file', '../pubkeys/' + item) }}"`
			`register: pubkeys`
			`with_items: "{{ root_ssh_keys }}"`

			`- set_fact: pubkey_string={{ pubkeys.results \| map(attribute='ansible_facts.pubkey_list') \| join('\n') }}`

			`- name: add authorized key for root`
			`authorized_key: user=root key="{{ pubkey_string }}" path=/tmp/root.x86_64/mnt/root/.ssh/authorized_keys exclusive=yes`

			`- name: configure sshd`
			`template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644`

			`- name: create symlink to resolv.conf`
			`file: src=/run/systemd/resolve/resolv.conf dest=/mnt/etc/resolv.conf state=link force=yes`

			`- name: remove LOCK file on mountpoint`
			`file: path=/mnt/LOCK state=absent`

			`- name: reboot into new system`
			`shell: sleep 5 && reboot &`
			`args:`
			`executable: /bin/bash`
			`async: 10`
			`poll: 0`

			`- name: waiting for server to go down`
			`local_action:`
			`module: wait_for`
			`host: "{{ inventory_hostname }}"`
			`port: 22`
			`delay: 1`
			`timeout: 60`
			`state: stopped`

			`- name: remove server from local known_hosts file`
			`local_action: shell ssh-keygen -R {{ inventory_hostname }}`
			`ignore_errors: true`

			`- name: waiting for server to come back`
			`local_action:`
			`module: wait_for`
			`host: "{{ inventory_hostname }}"`
			`port: 22`
			`delay: 1`
			`timeout: 60`