netz39-infra-ansible/platon.yml

---
- hosts: platon.n39.eu
  become: true
  vars:
    ansible_python_interpreter: /usr/bin/python3
    door_open_command: '/home/pi/sesame-open.sh'
    ble_keykeeper_dir: '/home/pi/netz39_ble_keykeeper'
  roles:
    - role: ble-keykeeper-role

  tasks:
    - name: Install packages needed for the system
      # This is a list of all packages,
      # unless they are installed by a specific role
      ansible.builtin.apt:
        state: present
        name:
          # Should come from ble-keeper-role
          # see https://github.com/netz39/ble-keykeeper-role/issues/4
          - python3-pip


    - name: Set MAC address for proper DHCP recognition
      # Uses mac variable from inventory
      ansible.builtin.template:
        src: templates/network-interfaces-dhcp-mac.j2
        dest: /etc/network/interfaces.d/platon-mac
        owner: root
        group: root
        mode: '0644'


    ### Sesam for SSH access
    #
    # Make sure to provide the .ssh/authorized_keys from backup, if needed

    - name: Ensure sesam user is there
      ansible.builtin.user:
        name: sesam
        shell: /home/sesam/door-open.sh
        groups: i2c
        append: yes

    - name: Copy door-open.ssh for sesam
      ansible.builtin.copy:
        src: files/platon/sesam-door-open.sh
        dest: /home/sesam/door-open.sh


    ### Gatekeeper user (pi for now)
    #
    # All the gatekeeping / door control stuff is here!

    - name: Ensure gatekeeper user is there
      ansible.builtin.user:
        name: "{{ gatekeeper_user }}"
        groups: dialout,audio,plugdev,input,netdev,i2c,gpio
        append: yes