You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
207 lines
6.1 KiB
YAML
207 lines
6.1 KiB
YAML
---
|
|
|
|
- name: read /etc/motd
|
|
command: cat /etc/motd
|
|
register: motd_contents
|
|
|
|
- name: check whether we're running in the Hetzner rescue system
|
|
fail: msg="Not running in Hetzner rescue system!"
|
|
when: "'Hetzner Rescue' not in motd_contents.stdout"
|
|
|
|
- name: partition and format the disks
|
|
command: mkfs.btrfs -f -L rootfs -d raid1 /dev/sda /dev/sdb
|
|
when: filesystem == "btrfs"
|
|
|
|
- name: create BIOS boot partitions
|
|
command: sgdisk -n 1:0:10M /dev/{{ item }}
|
|
when: filesystem == "ext4"
|
|
with_items:
|
|
- sda
|
|
- sdb
|
|
|
|
- name: create RAID partitions
|
|
command: sgdisk -n 2:0:0 /dev/{{ item }}
|
|
when: filesystem == "ext4"
|
|
with_items:
|
|
- sda
|
|
- sdb
|
|
|
|
- name: set BIOS boot partition types
|
|
command: sgdisk -t 1:ef02 /dev/{{ item }}
|
|
when: filesystem == "ext4"
|
|
with_items:
|
|
- sda
|
|
- sdb
|
|
|
|
- name: set RAID partition types
|
|
command: sgdisk -t 2:fd00
|
|
when: filesystem == "ext4"
|
|
with_items:
|
|
- sda
|
|
- sdb
|
|
|
|
- name: create MDADM array
|
|
command: mdadm --create --level=1 --raid-devices=2 --run /dev/md0 /dev/sda2 /dev/sdb2
|
|
when: filesystem == "ext4"
|
|
|
|
- name: format the MDADM array
|
|
filesystem: dev=/dev/md0 fstype=ext4
|
|
when: filesystem == "ext4"
|
|
|
|
- name: mount the filesystem (btrfs)
|
|
mount: name=/mnt src='LABEL=rootfs' fstype=btrfs state=mounted
|
|
when: filesystem == "btrfs"
|
|
|
|
- name: mount the filesystem (ext4)
|
|
mount: name=/mnt src=/dev/md0 fstype=ext4 state=mounted
|
|
when: filesystem == "ext4"
|
|
|
|
- name: touch LOCK file on mountpoint
|
|
file: path=/mnt/LOCK state=touch
|
|
|
|
- name: download bootstrap image
|
|
unarchive:
|
|
src: https://mirrors.kernel.org/archlinux/iso/latest/archlinux-bootstrap-2018.05.01-x86_64.tar.gz
|
|
dest: /tmp/
|
|
copy: no
|
|
creates: /tmp/root.x86_64
|
|
|
|
- name: copy resolv.conf to bootstrap chroot
|
|
copy: remote_src=True src=/etc/resolv.conf dest=/tmp/root.x86_64/etc/resolv.conf
|
|
|
|
- name: mount /proc to bootstrap chroot
|
|
command: mount --rbind /proc /tmp/root.x86_64/proc creates=/tmp/root.x86_64/proc/uptime
|
|
|
|
- name: mount /sys to bootstrap chroot
|
|
command: mount --rbind /sys /tmp/root.x86_64/sys creates=/tmp/root.x86_64/sys/dev
|
|
|
|
- name: mount /dev to bootstrap chroot
|
|
command: mount --rbind /dev /tmp/root.x86_64/dev creates=/tmp/root.x86_64/dev/zero
|
|
|
|
- name: mount /mnt to bootstrap chroot
|
|
command: mount --rbind /mnt /tmp/root.x86_64/mnt creates=/tmp/root.x86_64/mnt/LOCK
|
|
|
|
- name: configure pacman mirror
|
|
template: src=mirrorlist.j2 dest=/tmp/root.x86_64/etc/pacman.d/mirrorlist owner=root group=root mode=0644
|
|
|
|
- name: initialize pacman keyring inside bootstrap chroot
|
|
command: chroot /tmp/root.x86_64 pacman-key --init
|
|
|
|
- name: populate pacman keyring inside bootstrap chroot
|
|
command: chroot /tmp/root.x86_64 pacman-key --populate archlinux
|
|
|
|
- name: install arch base from bootstrap chroot
|
|
command: chroot /tmp/root.x86_64 pacstrap /mnt base base-devel btrfs-progs grub openssh python2 creates=/tmp/root.x86_64/mnt/bin
|
|
|
|
- name: mount /proc to new chroot
|
|
command: mount --rbind /proc /mnt/proc creates=/mnt/proc/uptime
|
|
|
|
- name: mount /sys to new chroot
|
|
command: mount --rbind /sys /mnt/sys creates=/mnt/sys/dev
|
|
|
|
- name: mount /dev to new chroot
|
|
command: mount --rbind /dev /mnt/dev creates=/mnt/dev/zero
|
|
|
|
- name: generate mdadm.conf
|
|
shell: mdadm --detail --scan >> /mnt/etc/mdadm.conf
|
|
when: filesystem == "ext4"
|
|
|
|
- name: setup locale.gen
|
|
lineinfile:
|
|
path: /mnt/etc/locale.gen
|
|
line: "de_DE.UTF-8 UTF-8 \nen_US.UTF-8 UTF-8"
|
|
|
|
- name: run locale-gen inside chroot
|
|
command: chroot /mnt locale-gen
|
|
|
|
- name: run systemd-firstboot
|
|
command: chroot /mnt systemd-firstboot --locale=de_DE.UTF-8 --timezone=UTC --hostname={{ hostname }}
|
|
|
|
- name: add mdadm_udev to mkinitcpio.conf
|
|
lineinfile:
|
|
dest: /mnt/etc/mkinitcpio.conf
|
|
backrefs: yes
|
|
regexp: '^(.*)block filesystems(.*)$'
|
|
line: '\1block mdadm_udev filesystems\2'
|
|
when: filesystem == "ext4"
|
|
|
|
- name: run mkinitcpio
|
|
command: chroot /mnt mkinitcpio -p linux
|
|
|
|
- name: configure network
|
|
template: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode=0644
|
|
with_items:
|
|
- { src: 'eth0.j2' , dest: '/mnt/etc/netctl/eth0' }
|
|
- { src: '99-hetzner.conf.j2' , dest: '/mnt/etc/sysctl.d/99-hetzner.conf' }
|
|
- { src: '80-net-setup-link.rules.j2', dest: '/mnt/etc/udev/rules.d/80-net-setup-link.rules' }
|
|
|
|
- name: disable systemd-networkd
|
|
command: chroot /mnt systemctl disable systemd-networkd.service
|
|
|
|
- name: enable netctl
|
|
command: chroot /mnt netctl enable eth0
|
|
|
|
- name: install grub
|
|
command: chroot /mnt grub-install --recheck {{ item }}
|
|
with_items:
|
|
- /dev/sda
|
|
- /dev/sdb
|
|
|
|
- name: configure grub
|
|
command: chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
|
|
|
|
- name: configure nss
|
|
lineinfile:
|
|
dest: /mnt/etc/nsswitch.conf
|
|
regexp: '^hosts:'
|
|
line: 'hosts: files mymachines resolve myhostname'
|
|
|
|
- name: enable services inside chroot
|
|
command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved
|
|
|
|
- set_fact: pubkey_list="{{ lookup('file', '../pubkeys/' + item) }}"
|
|
register: pubkeys
|
|
with_items: "{{ root_ssh_keys }}"
|
|
|
|
- set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
|
|
|
|
- name: add authorized key for root
|
|
authorized_key: user=root key="{{ pubkey_string }}" path=/tmp/root.x86_64/mnt/root/.ssh/authorized_keys exclusive=yes
|
|
|
|
- name: configure sshd
|
|
template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644
|
|
|
|
- name: create symlink to resolv.conf
|
|
file: src=/run/systemd/resolve/resolv.conf dest=/mnt/etc/resolv.conf state=link force=yes
|
|
|
|
- name: remove LOCK file on mountpoint
|
|
file: path=/mnt/LOCK state=absent
|
|
|
|
- name: reboot into new system
|
|
shell: sleep 5 && reboot &
|
|
args:
|
|
executable: /bin/bash
|
|
async: 10
|
|
poll: 0
|
|
|
|
- name: waiting for server to go down
|
|
local_action:
|
|
module: wait_for
|
|
host: "{{ inventory_hostname }}"
|
|
port: 22
|
|
delay: 1
|
|
timeout: 60
|
|
state: stopped
|
|
|
|
- name: remove server from local known_hosts file
|
|
local_action: shell ssh-keygen -R {{ inventory_hostname }}
|
|
ignore_errors: true
|
|
|
|
- name: waiting for server to come back
|
|
local_action:
|
|
module: wait_for
|
|
host: "{{ inventory_hostname }}"
|
|
port: 22
|
|
delay: 1
|
|
timeout: 60
|