From 2ef11ac648fa401a29304ecb9bfd30580f6f7305 Mon Sep 17 00:00:00 2001 From: Stefan Haun Date: Thu, 4 Jun 2020 23:17:25 +0200 Subject: [PATCH] Add a role for Raspbian (#54) * Rename debian-setup role to point to vanilla Debian * Add a specific setup role for Raspbian This role will fail for now, Raspbian is not supported by this role as it is. * Add a switch for Raspbian * Add Raspbian role for installing WireGuard * Raspbian: Handle reboot with molly-guard and older Ansible versions --- tasks/setup-debian-raspbian.yml | 93 +++++++++++++++++++++++++++++++++ tasks/setup-debian-vanilla.yml | 34 ++++++++++++ tasks/setup-debian.yml | 36 ++----------- 3 files changed, 132 insertions(+), 31 deletions(-) create mode 100644 tasks/setup-debian-raspbian.yml create mode 100644 tasks/setup-debian-vanilla.yml diff --git a/tasks/setup-debian-raspbian.yml b/tasks/setup-debian-raspbian.yml new file mode 100644 index 0000000..8e7214b --- /dev/null +++ b/tasks/setup-debian-raspbian.yml @@ -0,0 +1,93 @@ +--- + +- name: (Raspbian) Install GPG - required to add wireguard key + apt: + name: gnupg + state: present + +- name: (Raspbian) Add Debian repository key + apt_key: + keyserver: "keyserver.ubuntu.com" + id: "04EE7237B7D453EC" + state: present + when: ansible_lsb.id == "Raspbian" + tags: + - wg-install + +- name: (Raspbian) Add Debian Unstable repository for WireGuard + apt_repository: + repo: "deb http://deb.debian.org/debian unstable main" + state: present + update_cache: yes + tags: + - wg-install + +- name: (Raspbian) Install latest kernel + apt: + name: + - "raspberrypi-kernel" + state: latest + register: kernel_update + tags: + - wg-install + +- name: (Raspbian) Reboot after kernel update (Ansible >= 2.8) + reboot: + search_paths: ['/lib/molly-guard', '/usr/sbin'] + when: + - ansible_version.full is version('2.8.0', '>=') + - kernel_update is changed + tags: + - wg-install + +- name: (Raspbian) Check if molly-guard is installed (Ansible < 2.8) + stat: + path: /lib/molly-guard/ + register: molly_guard + +- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, no molly-guard) + reboot: + when: + - ansible_version.full is version('2.8.0', '<') + - kernel_update is changed + - not molly_guard.stat.exists + tags: + - wg-install + +- name: (Raspbian) Reboot after kernel update (Ansible < 2.8, with molly-guard) + command: /lib/molly-guard/shutdown -r now + async: 1 + poll: 0 + ignore_unreachable: yes + when: + - ansible_version.full is version('2.8.0', '<') + - kernel_update is changed + - molly_guard.stat.exists + tags: + - wg-install + +- name: (Raspbian) Waiting for host to be available (Ansible < 2.8, with molly-guard) + wait_for_connection: + when: + - ansible_version.full is version('2.8.0', '<') + - kernel_update is changed + - molly_guard.stat.exists + tags: + - wg-install + +- name: (Raspbian) Install latest kernel headers to compile Wireguard with DKMS + apt: + name: + - "raspberrypi-kernel-headers" + state: latest + tags: + - wg-install + +- name: (Raspbian) Install wireguard packages + apt: + name: + - "wireguard-dkms" + - "wireguard-tools" + state: present + tags: + - wg-install diff --git a/tasks/setup-debian-vanilla.yml b/tasks/setup-debian-vanilla.yml new file mode 100644 index 0000000..d874d65 --- /dev/null +++ b/tasks/setup-debian-vanilla.yml @@ -0,0 +1,34 @@ +--- +- name: (Debian) Install GPG - required to add wireguard key + apt: + name: gnupg + state: present + +- name: (Debian) Add WireGuard repository on buster or earlier + apt_repository: + repo: "deb http://deb.debian.org/debian buster-backports main" + state: present + update_cache: yes + when: ansible_distribution_version | int <= 10 + tags: + - wg-install + +- name: (Debian) Get architecture + command: "dpkg --print-architecture" + register: dpkg_arch + changed_when: False + +- name: (Debian) Install kernel headers to compile Wireguard with DKMS + apt: + name: + - "linux-headers-{{ dpkg_arch.stdout }}" + state: present + +- name: (Debian) Install wireguard packages + apt: + name: + - "wireguard-dkms" + - "wireguard-tools" + state: present + tags: + - wg-install diff --git a/tasks/setup-debian.yml b/tasks/setup-debian.yml index d874d65..62515ad 100644 --- a/tasks/setup-debian.yml +++ b/tasks/setup-debian.yml @@ -1,34 +1,8 @@ --- -- name: (Debian) Install GPG - required to add wireguard key - apt: - name: gnupg - state: present -- name: (Debian) Add WireGuard repository on buster or earlier - apt_repository: - repo: "deb http://deb.debian.org/debian buster-backports main" - state: present - update_cache: yes - when: ansible_distribution_version | int <= 10 - tags: - - wg-install +- include_tasks: "setup-debian-raspbian.yml" + when: ansible_lsb.id == "Raspbian" + register: raspbian_setup -- name: (Debian) Get architecture - command: "dpkg --print-architecture" - register: dpkg_arch - changed_when: False - -- name: (Debian) Install kernel headers to compile Wireguard with DKMS - apt: - name: - - "linux-headers-{{ dpkg_arch.stdout }}" - state: present - -- name: (Debian) Install wireguard packages - apt: - name: - - "wireguard-dkms" - - "wireguard-tools" - state: present - tags: - - wg-install +- include_tasks: "setup-debian-vanilla.yml" + when: raspbian_setup is skipped