-numerous changes to work with Raspbian 10

-redo of some roles, particularly GUI
-modifications to support working from a "Raspbian Lite" install

ansible.cfg

@@ -68,7 +68,7 @@
 #roles_path    = /etc/ansible/roles
 
 # uncomment this to disable SSH key host checking
-#host_key_checking = False
+host_key_checking = False
 
 # change the default callback, you can only have one 'stdout' type  enabled at a time.
 #stdout_callback = skippy
@@ -108,7 +108,7 @@
 
 # logging is off by default unless this path is defined
 # if so defined, consider logrotate
-log_path = /var/log/ansible.log
+log_path = ~/ansible.log
 
 # default module name for /usr/bin/ansible
 #module_name = command

clean_hosts.yaml

@@ -0,0 +1,8 @@
+---
+- name: clean hosts file
+  become: true
+  blockinfile:
+          path: /etc/hosts
+          marker: "# {mark} ANSIBLE MANAGED BLOCK"
+          content: ""
+  tags: clean_hosts

deploy_authorized_keys.yml

@@ -0,0 +1,15 @@
+---
+- hosts: all
+  tasks:
+  - name: make direcotry
+    file:
+      path: "/home/pi/.ssh"
+      state: directory
+  - name: create empty file
+    file:
+      path: "/home/pi/.ssh/authorized_keys"
+      state: touch
+  - name: put pubkey
+    lineinfile:
+      path: "/home/pi/.ssh/authorized_keys"
+      line: "{{ pubkey }}"

hosts

@@ -1,108 +1,42 @@
-sdwcltm2	ansible_host=192.168.50.2	site_clli=CRHMNJAW
+ned-host1 ansible_host=192.168.88.248
-sdwcltm3	ansible_host=192.168.201.55	site_clli=MTLRNJIK
+ned-host2 ansible_host=192.168.88.217
-sdwcltm5	ansible_host=192.168.35.1	site_clli=PHLJPAMT
+ned-host3 ansible_host=192.168.88.230
-sdwsrvm		ansible_host=192.168.60.2	site_clli=WLGRPABW
+
-sdwcltm8 	ansible_host=192.168.150.2	site_clli=FTCLCORN
+[ansible-hosts]
-ubuntu-server-2	ansible_host=192.168.198.2	site_clli=CMCYCOJL
+ned-host1
-sdwcltm7	ansible_host=192.168.199.2	site_clli=SRSPNYGN
-sdwsrvl		ansible_host=192.168.90.2	site_clli=LSBGFL59
-sdwcltm4	ansible_host=192.168.100.2	site_clli=PROVUTZZ
-sdwcltm6	ansible_host=192.168.200.34	site_clli=PHLJPAMT
-ubuntu-server-1	ansible_host=192.168.201.2	site_clli=MTLRNJIK
-sdwcltm9	ansible_host=192.168.200.163 	site_clli=NRCRGAQN
-#192.168.201.3
-ipsectest1	ansible_host=192.168.201.90
 
 [pi]
-sdwcltm2
+ned-host1
-sdwcltm3
+ned-host2
-sdwcltm5
+ned-host3
-sdwsrvm
-sdwcltm8
-sdwcltm6
-sdwcltm7
-sdwsrvl
-sdwcltm4
-#192.168.201.3
 
 [samba-server]
-ipsectest1
+ned-host1
 
 [smbclient]
-sdwcltm2
+ned-host2
-sdwcltm3
+ned-host3
-ubuntu-server-1
-sdwcltm5
-sdwsrvm
-sdwcltm8
-sdwcltm6
-sdwcltm7
-sdwsrvl
-sdwcltm4
-sdwcltm9
 
 [public]
-ubuntu-server-1
 
 [snmpd]
-#192.168.201.3
-sdwcltm2
-sdwcltm3
-sdwcltm6
-sdwcltm8
 
 [netflows]
-sdwcltm2
-sdwcltm3
-sdwcltm5
-sdwcltm6
-sdwcltm7
-sdwcltm4
-sdwcltm8
-sdwcltm9
-sdwsrvm
-sdwsrvl
-ubuntu-server-1
-ubuntu-server-2
 
 [facebook]
-sdwcltm5
+ned-host1
-sdwsrvm
-sdwcltm4
 
 [salesforce]
-sdwcltm3
+ned-host2
-sdwcltm6
-sdwcltm7
-sdwsrvl
-sdwcltm8
 
 [youtube]
-sdwcltm2
+ned-host3
-sdwcltm3
 
 [ftpclient]
-sdwcltm2
-sdwcltm3
-sdwcltm4
-sdwcltm5
-sdwcltm6
-sdwcltm7
-sdwcltm8
-sdwsrvm
-ubuntu-server-1
 
 [sipclient]
-sdwcltm2
+ned-host2
-sdwcltm3
+ned-host3
-sdwcltm4
-sdwcltm5
-sdwcltm6
-sdwcltm7
-sdwcltm8
-sdwcltm9
-sdwsrvl
-sdwsrvm
 
 [sipserver]
-ubuntu-server-2
+ned-host1

main.yaml

@@ -16,15 +16,13 @@
           - smbclient
 - hosts: pi
   roles:
-          - snmpd
-          - wifi
           - vnc
           - domainname
           - pi
-  vars_prompt:
+#  vars_prompt:
-    - name: rocommunity
+#    - name: rocommunity
-      prompt: "Enter SNMP RO community name"
+#      prompt: "Enter SNMP RO community name"
-      default: "public"
+#      default: "public"
 - hosts: youtube
   roles:
           - youtube

password.yaml

@@ -0,0 +1,10 @@
+---
+- hosts: all
+  tasks:
+    - name: pi
+      become: yes
+      user:
+        name: pi
+        state: present
+        update_password: always
+        password: "$6$Vmob4l5KBg11gcNV$fY.hrffHEc9gpcFhVdEmW7tepxJURBmkgQhC7kC25VsxcfHAtlqEP6Cvm6nK4jtqndkaQ/I29h/MkKk8KsdSV1"

reboot.yaml

@@ -0,0 +1,6 @@
+---
+- hosts: all,!ansible-hosts
+  tasks:
+          - name: reboot
+            become: yes
+            reboot:

requirements.yml

@@ -0,0 +1,2 @@
+- name: mikolak-net.raspi_config
+

roles/common/tasks/main.yaml

@@ -23,17 +23,10 @@
           content: "{{ lookup('template', '{{ role_path }}/templates/hosts.j2') }}"
           state: present
   tags: update_hosts
-- name: clean hosts file
-  become: true
-  blockinfile:
-          path: /etc/hosts
-          marker: "# {mark} ANSIBLE MANAGED BLOCK"
-          content: ""
-  tags: clean_hosts
 - name: install programs and libraries
   become: true
   apt:
-          name: [ 'expect', 'ftp', 'cadaver', 'iperf', 'iperf3', 'libpcap0.8', 'libsctp1', 'libsctp-dev', 'libncurses-dev', 'libssl-dev', 'libpcap-dev', 'vim', 'mc', 'smbclient', 'ncurses-dev', 'build-essential', 'openvpn'  ]
+          name: [ 'expect', 'ftp', 'cadaver', 'iperf', 'iperf3', 'libpcap0.8', 'libsctp1', 'libsctp-dev', 'libncurses-dev', 'libssl-dev', 'libpcap-dev', 'vim', 'mc', 'smbclient', 'ncurses-dev', 'build-essential', 'openvpn', 'lightdm', 'lxde', 'realvnc-vnc-server', 'aptitude', 'chromium-browser', 'raspberrypi-ui-mods' ]
           update_cache: true
           state: present
   tags: install_packages
@@ -65,4 +58,22 @@
           state: restarted
   tags: enable_openvpn
   when: openvpn_enabled
+- lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: 'visudo -cf %s'
+  become: true
+  tags: pi_sudo
+- name: Ensure the locale exists
+  locale_gen:
+          name: en_US.UTF-8
+          state: present
+  become: yes
+- name: set as default locale
+  command: raspi-config nonint do_change_locale en_US.UTF-8
+  become: yes
+- name: set keyboard to us
+  command: raspi-config nonint do_configure_keyboard us
 

roles/pi/tasks/main.yaml

@@ -14,4 +14,14 @@
   become: true
   command: '/etc/init.d/dphys-swapfile restart'
   tags: set_swapfile
+- lineinfile:
+    path: /boot/config.txt
+    state: present
+    backrefs: yes
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    - { regexp: '#framebuffer_width=1280', line: 'framebuffer_width=1280' }
+    - { regexp: '#framebuffer_height=720', line: 'framebuffer_height=1024' }
+  become: true
 

roles/samba-server/defaults/main.yml

@@ -3,7 +3,7 @@ ubuntu_samba_packages:
   - samba
   - samba-common
   - python-glade2
-  - system-config-samba
+    #  - system-config-samba
 workgroup: DEMO
 public_share_name: share
 public_share_path: /media/share

roles/samba-server/handlers/main.yml

@@ -1,8 +1,9 @@
 ---
 - name: Restart Samba
-  service:
+  systemd:
     name: smbd.service
     state: restarted
+    enabled: yes
 - name: Generate Samba Files
   become: yes
   shell: /home/pi/scripts/genfiles.sh

roles/samba-server/tasks/main.yml

@@ -11,8 +11,7 @@
     src: etc_samba_smb.conf.j2
     dest: /etc/samba/smb.conf
     backup: yes
-  notify:
+    #  notify: Restart Samba
-    - Restart Samba
 
 - name: Create Samba users restricted group
   group:
@@ -70,5 +69,4 @@
           group: pi
           mode: a+x
   tags: samba_genfiles
-  notify:
+  notify: Generate Samba Files
-          - Generate Samba Files

roles/smbclient/files/smb-session.sh

@@ -13,6 +13,6 @@ if pgrep -f test_file >/dev/null
 then
         exit 0
 else
-	smbclient //192.168.198.2/share -c "get $file" -A ~/.credentials
+	smbclient //192.168.88.230/share -c "get $file" -A ~/.credentials
 fi
 

roles/vnc/tasks/main.yaml

@@ -15,3 +15,9 @@
           owner: root
           group: root
   tags: vnc_config
+- name: set lxde in .xsession
+  lineinfile:
+    path: /home/pi/.xsession
+    line: lxsession -s Lubuntu -e LXDE
+    create: yes
+

temp.yaml

@@ -0,0 +1,4 @@
+---
+- hosts: pi
+  roles:
+          - pi