Loading roles/prereq/tasks/main.yml +32 −1 Original line number Diff line number Diff line Loading @@ -32,6 +32,37 @@ reload: true when: ansible_facts['all_ipv6_addresses'] | length > 0 - name: Handle modern nftables/iptables-nft stack (Arch Linux ARM 6.18+) when: - ansible_facts['distribution'] == 'Archlinux' - ansible_facts['kernel'] is version('6.18', '>=') block: - name: Check if legacy iptables is installed ansible.builtin.package_facts: manager: auto - name: Ensure legacy iptables is removed to avoid conflicts community.general.pacman: name: iptables state: absent force: true when: - "'iptables' in ansible_facts.packages" - "'iptables-nft' not in ansible_facts.packages" - name: Install iptables-nft and nftables community.general.pacman: name: - iptables-nft - nftables state: present - name: Ensure nftables is enabled and started ansible.builtin.systemd: name: nftables state: started enabled: true - name: Populate service facts ansible.builtin.service_facts: Loading Loading @@ -222,7 +253,7 @@ - name: Add /usr/local/bin to sudo secure_path ansible.builtin.lineinfile: line: 'Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin' regexp: "Defaults(\\s)*secure_path(\\s)*=" regexp: 'Defaults(\s)*secure_path(\s)*=' state: present insertafter: EOF path: /etc/sudoers Loading roles/raspberrypi/tasks/prereq/Archlinux.yml +29 −2 Original line number Diff line number Diff line --- - name: Enable cgroup via boot commandline if not already enabled - name: Check for boot configuration files ansible.builtin.stat: path: "{{ item }}" loop: - /boot/boot.txt - /boot/cmdline.txt register: boot_files - name: Set boot_file fact ansible.builtin.set_fact: rpi_boot_file: "{{ (boot_files.results | selectattr('stat.exists') | map(attribute='item') | list | first) | default('') }}" - name: Enable cgroup via boot commandline (boot.txt) ansible.builtin.replace: path: /boot/boot.txt regexp: '^(setenv bootargs console=ttyS1,115200 console=tty0 root=PARTUUID=\${uuid} rw rootwait smsc95xx.macaddr="\${usbethaddr}"(?!.*\b{{ cgroup_item }}\b).*)$' replace: '\1 {{ cgroup_item }}' loop: with_items: - "cgroup_enable=cpuset" - "cgroup_memory=1" - "cgroup_enable=memory" loop_control: loop_var: cgroup_item when: rpi_boot_file == '/boot/boot.txt' notify: Regenerate bootloader image - name: Enable cgroup via boot commandline (cmdline.txt) ansible.builtin.replace: path: /boot/cmdline.txt regexp: '^([\w](?!.*\b{{ cgroup_item }}\b).*)$' replace: '\1 {{ cgroup_item }}' with_items: - "cgroup_enable=cpuset" - "cgroup_memory=1" - "cgroup_enable=memory" loop_control: loop_var: cgroup_item when: rpi_boot_file == '/boot/cmdline.txt' notify: Reboot Pi Loading
roles/prereq/tasks/main.yml +32 −1 Original line number Diff line number Diff line Loading @@ -32,6 +32,37 @@ reload: true when: ansible_facts['all_ipv6_addresses'] | length > 0 - name: Handle modern nftables/iptables-nft stack (Arch Linux ARM 6.18+) when: - ansible_facts['distribution'] == 'Archlinux' - ansible_facts['kernel'] is version('6.18', '>=') block: - name: Check if legacy iptables is installed ansible.builtin.package_facts: manager: auto - name: Ensure legacy iptables is removed to avoid conflicts community.general.pacman: name: iptables state: absent force: true when: - "'iptables' in ansible_facts.packages" - "'iptables-nft' not in ansible_facts.packages" - name: Install iptables-nft and nftables community.general.pacman: name: - iptables-nft - nftables state: present - name: Ensure nftables is enabled and started ansible.builtin.systemd: name: nftables state: started enabled: true - name: Populate service facts ansible.builtin.service_facts: Loading Loading @@ -222,7 +253,7 @@ - name: Add /usr/local/bin to sudo secure_path ansible.builtin.lineinfile: line: 'Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin' regexp: "Defaults(\\s)*secure_path(\\s)*=" regexp: 'Defaults(\s)*secure_path(\s)*=' state: present insertafter: EOF path: /etc/sudoers Loading
roles/raspberrypi/tasks/prereq/Archlinux.yml +29 −2 Original line number Diff line number Diff line --- - name: Enable cgroup via boot commandline if not already enabled - name: Check for boot configuration files ansible.builtin.stat: path: "{{ item }}" loop: - /boot/boot.txt - /boot/cmdline.txt register: boot_files - name: Set boot_file fact ansible.builtin.set_fact: rpi_boot_file: "{{ (boot_files.results | selectattr('stat.exists') | map(attribute='item') | list | first) | default('') }}" - name: Enable cgroup via boot commandline (boot.txt) ansible.builtin.replace: path: /boot/boot.txt regexp: '^(setenv bootargs console=ttyS1,115200 console=tty0 root=PARTUUID=\${uuid} rw rootwait smsc95xx.macaddr="\${usbethaddr}"(?!.*\b{{ cgroup_item }}\b).*)$' replace: '\1 {{ cgroup_item }}' loop: with_items: - "cgroup_enable=cpuset" - "cgroup_memory=1" - "cgroup_enable=memory" loop_control: loop_var: cgroup_item when: rpi_boot_file == '/boot/boot.txt' notify: Regenerate bootloader image - name: Enable cgroup via boot commandline (cmdline.txt) ansible.builtin.replace: path: /boot/cmdline.txt regexp: '^([\w](?!.*\b{{ cgroup_item }}\b).*)$' replace: '\1 {{ cgroup_item }}' with_items: - "cgroup_enable=cpuset" - "cgroup_memory=1" - "cgroup_enable=memory" loop_control: loop_var: cgroup_item when: rpi_boot_file == '/boot/cmdline.txt' notify: Reboot Pi
Gilles Habran <gilleshabran@protonmail.com>Gilles Habran <gilleshabran@protonmail.com>