added install_arch role

author: Niklas Yann Wettengel <niyawe@niyawe.de> 2017-03-12 21:45:08 +0100
committer: Niklas Yann Wettengel <niyawe@niyawe.de> 2017-03-12 21:45:08 +0100
commit: a917b1e1137c1ad149cefcc73325e8901857d489 (patch)
tree: 1e19a0d7fb42d5331007402a9a4329cd680c7cca
parent: 840b169cd59bac476e99b3f4310752904c79e3bf (diff)
9 files changed, 179 insertions, 0 deletions
diff --git a/bootstrap_arch.yml b/bootstrap_arch.yml
index 28e93eb..5b8f7c1 100644
--- a/bootstrap_arch.yml
+++ b/bootstrap_arch.yml
@@ -7,3 +7,9 @@
       ansible_python_interpreter: /usr/bin/python
   roles:
       - role: boot-rescue
+
+- name: install archlinux
+  hosts: new_fastds
+  user: root
+  roles:
+      - role: install_arch
diff --git a/new_inventory.ini.sample b/new_inventory.ini.sample
index 0e1e3ea..5bda407 100644
--- a/new_inventory.ini.sample
+++ b/new_inventory.ini.sample
@@ -5,3 +5,4 @@
 hetzner_webservice_username=<hetzner_webservice_username>
 hetzner_webservice_password=<hetzner_webservice_password>
 rescue_authorized_key=<fingerprint of ssh key to use in rescue mode>
+authorized_keys='["<key1>", "<key2>"]'
diff --git a/roles/install_arch/files/locale.conf b/roles/install_arch/files/locale.conf
new file mode 100644
index 0000000..82044dc
--- /dev/null
+++ b/roles/install_arch/files/locale.conf
@@ -0,0 +1,3 @@
+LANG=de_DE.UTF-8
+LC_COLLATE=C
+LANGUAGE=de_DE
diff --git a/roles/install_arch/files/mirrorlist b/roles/install_arch/files/mirrorlist
new file mode 100644
index 0000000..78d3883
--- /dev/null
+++ b/roles/install_arch/files/mirrorlist
@@ -0,0 +1 @@
+Server = http://mirrors.niyawe.de/archlinux/$repo/os/$arch
diff --git a/roles/install_arch/files/resolv.conf b/roles/install_arch/files/resolv.conf
new file mode 100644
index 0000000..aebd887
--- /dev/null
+++ b/roles/install_arch/files/resolv.conf
@@ -0,0 +1,6 @@
+nameserver 213.133.98.98
+nameserver 213.133.100.100
+nameserver 213.133.99.99
+nameserver 2a01:4f8:0:a0a1::add:1010
+nameserver 2a01:4f8:0:a102::add:9999
+nameserver 2a01:4f8:0:a111::add:9898
diff --git a/roles/install_arch/files/sshd_config b/roles/install_arch/files/sshd_config
new file mode 100644
index 0000000..b007873
--- /dev/null
+++ b/roles/install_arch/files/sshd_config
@@ -0,0 +1,11 @@
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+AuthorizedKeysFile      .ssh/authorized_keys
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+UsePAM no
+PrintMotd no
+Subsystem       sftp    /usr/lib/ssh/sftp-server
+KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
diff --git a/roles/install_arch/files/vconsole.conf b/roles/install_arch/files/vconsole.conf
new file mode 100644
index 0000000..c1e444e
--- /dev/null
+++ b/roles/install_arch/files/vconsole.conf
@@ -0,0 +1 @@
+KEYMAP=de-latin1
diff --git a/roles/install_arch/tasks/main.yml b/roles/install_arch/tasks/main.yml
new file mode 100644
index 0000000..2590b56
--- /dev/null
+++ b/roles/install_arch/tasks/main.yml
@@ -0,0 +1,140 @@
+---
+- name: format disk
+  filesystem:
+      fstype: btrfs
+      dev: /dev/sda
+      force: yes
+
+- name: mount disk
+  mount:
+      path: /mnt
+      src: /dev/sda
+      state: mounted
+      fstype: btrfs
+
+- name: modify pacman mirrorlist
+  copy:
+      src: mirrorlist
+      dest: /etc/pacman.d/mirrorlist
+
+- name: remove archlinux-keyring conflicting files (1/3)
+  file:
+      dest: /usr/share/pacman/keyrings/archlinux-revoked
+      state: absent
+- name: remove archlinux-keyring conflicting files (2/3)
+  file:
+      dest: /usr/share/pacman/keyrings/archlinux-trusted
+      state: absent
+- name: remove archlinux-keyring conflicting files (3/3)
+  file:
+      dest: /usr/share/pacman/keyrings/archlinux.gpg
+      state: absent
+
+- name: update archlinux-keyring
+  pacman:
+      name: archlinux-keyring
+      force: yes
+      state: present
+      update_cache: yes
+
+- name: pacstrap
+  command: /usr/bin/pacstrap /mnt base base-devel openssh python grub
+
+- name: genfstab
+  shell: /usr/bin/genfstab -U -p /mnt > /mnt/etc/fstab
+
+- name: set hostname
+  shell: /bin/echo {{ arch_hostname }} > /mnt/etc/hostname
+
+- name: Locale conf
+  copy:
+      src: locale.conf
+      dest: /mnt/etc/locale.conf
+
+- name: vconsole
+  copy:
+      src: vconsole.conf
+      dest: /mnt/etc/vconsole.conf
+
+- name: localtime
+  file:
+      src: /usr/share/zoneinfo/Europe/Berlin
+      dest: /mnt/etc/localtime
+      state: link
+
+- name: resolv.conf
+  copy:
+      src: resolv.conf
+      dest: /mnt/etc/resolv.conf
+
+- name: locale.gen
+  replace:
+      dest: /mnt/etc/locale.gen
+      regexp: "^#de_DE.UTF-8.*$"
+      replace: "de_DE.UTF-8 UTF-8"
+ 
+- name: locale-gen
+  command: /usr/bin/arch-chroot /mnt locale-gen
+
+- name: "grub: generate config"
+  command: /usr/bin/arch-chroot /mnt /usr/bin/grub-mkconfig -o /boot/grub/grub.cfg
+
+- name: "grub: install grub"
+  command: /usr/bin/arch-chroot /mnt /usr/bin/grub-install /dev/sda
+
+- name: sshd config
+  copy:
+      src: sshd_config
+      dest: /mnt/etc/ssh/sshd_config
+
+- name: add authorized_keys
+  authorized_key:
+      key: '{{ item }}'
+      path: /mnt/root/.ssh/authorized_keys
+      user: root
+  with_items: authorized_keys
+
+- name: enable sshd
+  command: /usr/bin/arch-chroot /mnt /usr/bin/systemctl enable sshd.service
+
+- name: create network config
+  template:
+      dest: /mnt/etc/netctl/ens3
+      src: ens3.j2
+
+- name: enable network config
+  command: /usr/bin/arch-chroot /mnt /usr/bin/netctl enable ens3
+
+- name: unmount
+  mount:
+      path: /mnt
+      state: unmounted
+
+- name: reboot
+  shell: sleep 5 && reboot &
+  args:
+      executable: /bin/bash
+  async: 10
+  poll: 0
+  
+- name: waiting for server to go down
+  local_action: 
+      module: wait_for
+      host: "{{ inventory_hostname }}"
+      port: 22
+      delay: 1
+      timeout: 60
+      state: stopped
+
+- name: waiting for server to come back
+  local_action: 
+    module: wait_for 
+      host={{ inventory_hostname }} 
+      port=22 
+      delay=1 
+      timeout=60
+
+- name: remove server from local known_hosts file
+  local_action: shell ssh-keygen -R {{ inventory_hostname }}
+  ignore_errors: true
+
diff --git a/roles/install_arch/templates/ens3.j2 b/roles/install_arch/templates/ens3.j2
new file mode 100644
index 0000000..314bd00
--- /dev/null
+++ b/roles/install_arch/templates/ens3.j2
@@ -0,0 +1,10 @@
+Connection=ethernet
+Interface=ens3
+IP=static
+Address=({{ ansible_default_ipv4['address'] }}/24)
+{# TODO: fix /24 #}
+Gateway={{ ansible_default_ipv4['gateway'] }}
+IP6=static
+Address6=({{ ansible_default_ipv6['address'] }}/{{ ansible_default_ipv6['prefix'] }})
+Gateway6={{ ansible_default_ipv6['gateway'] }}
+
author	Niklas Yann Wettengel <niyawe@niyawe.de>	2017-03-12 21:45:08 +0100
committer	Niklas Yann Wettengel <niyawe@niyawe.de>	2017-03-12 21:45:08 +0100
commit	a917b1e1137c1ad149cefcc73325e8901857d489 (patch)
tree	1e19a0d7fb42d5331007402a9a4329cd680c7cca
parent	840b169cd59bac476e99b3f4310752904c79e3bf (diff)