raspi-system.yaml

- hosts: all
  remote_user: pi
  become: yes

  tasks:
  - name: ensure system packages are up to date
    apt:
      upgrade: yes

  - name: add nodejs repositories
    shell: curl -sL https://deb.nodesource.com/setup_8.x | bash -

  - name: ensure additional packages are installed
    apt:
      name: ['git', 'redis-server', 'libudev-dev', 'python-serial', 'nodejs', 'bluetooth', 'bluez', 'libbluetooth-dev', 'libcap2-bin', 'python-pip', 'python3-pip', 'liblapack3', 'libblas3', 'libcblas3', 'libgfortran3', 'libatlas3-base', 'libatlas-base-dev', 'libjpeg9-dev', 'libopenjp2-7', 'libtiff5']
      state: present

  - name: grant nodejs capabilities to read raw bluetooth packets
    shell: setcap cap_net_raw+eip $(eval readlink -f `which node`)

  - name: install pm2 task manager
    npm:
      name: pm2
      global: yes

  - name: add komakallio user
    user:
      name: komakallio
      password: $1$3r4kH3UL$EiLUmUGGHhmBhrh/ak36A/
      shell: /bin/bash

  - name: set up ssh key for komakallio
    authorized_key:
      user: komakallio
      key: '{{ item }}'
    with_items:
    - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAoptZvq6orEADznM8CRhGLm5XinbIBNzQUoxxfQ8c+cR4bZvx9t79oirRM07LQATj7r9ybh1CYzqS7xAeaUHd4IMQwM9Df+6VUcPJ7SPOcvSKrwYtUgFQyGSCZmU6t217J0qYOUHV8FJ8GOI4r30K+wp2g5HGlK2VwRENCachNs4aMHXIwb33PakHuYlNAYrZSy9IQycBRnFo3jF6V/yYDe1J7L7UFxlwMbPtuZlRDKMkRP7/zFERIKxjsghR/GpYvE8xclGgUcPWd21oAoyoTsbtMid4wGcf1QjROoWUEtB5ycnVCTp4jzpQ0gKfq1B6hrmCUyXbWd5M+CEYybUd1w== Amb/JS rsa-key-20030108 (issuer Amb/JKn)'
    - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiv7guFT7bjj2QtVmYhlSWuCYwVJJnylsV55JDIpPnHsSlN2otXhumWGmE+IdhbY8MgD5Bu0dfpMa2pXbEwqyyThhjQNP5qT2hzYIfOa595oJR4SvkgM5f7bcMYKMpLRLnFMDlNBCUh/L54Oj/gnfml7v4G8M4xoX6ZeN4MKD/ZtzC7VFb3Kjotc0SmB2KsoHzQ6nAWy1+2sa3gFGXq/KLeYo6ULmX4LGQArLGtiRMi9NlvvZWQ7j1nTkjW614liWVpBe12A/5fIGkItRFZwdmsGnrVMWUxYG60vwbs6Er49NkQ4FIygNMKzUrsGBQTXs6kdZ5YHX+CLxULuUOkC47 vehnae@komakone'
    - 'ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGfqWtMl4IFDaf7i7uyZMzrUW1LHGtp2rPHCXpnQyzRaEONz+DpqsWbxUPRw+1kptTnlG74die2TD2MK/h/pY4FEQG4ZxeZISoF/QvHG9UkvrO+Jctstan7xhe9JIeK5Mi9oPuzyX+MTuhcMHgg4l1jfVAZJxObcNBdHDGprESvdUI5eA== naavis@komakone'

  - name: disable swap
    shell: swapoff --all

  - name: remove swap file package
    apt:
      name: dphys-swapfile
      state: absent

  - name: remove swap file
    file:
      path: /var/swap
      state: absent

  - name: root mount options
    mount:
      path: /
      fstype: ext4
      src: PARTUUID=61de83c9-02
      opts: defaults,noatime,commit=300
      state: mounted
      passno: 1

  - name: tmpfs mount for /var/tmp
    mount:
      path: /var/tmp
      fstype: tmpfs
      src: tmpfs
      opts: nodev,nosuid,size=50M,mode=0777
      state: mounted

  - name: tmpfs mount for /var/log
    mount:
      path: /var/log
      fstype: tmpfs
      src: tmpfs
      opts: nodev,nosuid,noexec,noatime,size=50M,mode=1777
      state: mounted

  - name: tmpfs mount for /var/log/redis
    mount:
      path: /var/log/redis
      fstype: tmpfs
      src: tmpfs
      opts: nodev,nosuid,noexec,noatime,size=50M,uid=redis,gid=redis
      state: mounted

  - name: tmpfs mount for /var/log/pm2
    mount:
      path: /var/log/pm2
      fstype: tmpfs
      src: tmpfs
      opts: nodev,nosuid,noexec,noatime,size=50M,uid=komakallio,gid=komakallio
      state: mounted

  - name: disable redis periodic save
    lineinfile:
      path: /etc/redis/redis.conf
      regexp: ^save
      state: absent
    register: redis

  - name: configure redis for appendonly
    lineinfile:
      path: /etc/redis/redis.conf
      line: appendonly yes
      regexp: ^appendonly
    register: redis

  - name: restart redis
    service:
      name: redis-server
      state: restarted
    when: redis.changed

  - name: start redis
    service:
      name: redis-server
      state: started

  - name: allow vcgencmd to be used by non-root users
    file:
      path: /opt/vc/bin/vcgencmd
      mode: 2755