PHiAX/Raspberry-Pi-IaC
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add external disk to pi

Browse source
This commit is contained in:
Thomas Kleinendorst 2024-12-29 12:22:16 +01:00
parent 10c5b7836a
commit 193580f215
4 changed files with 23 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -62,6 +62,11 @@ When logged in the user will be prompted with the **zsh** configured with **[Oh
It can be handy to reinstall the Pi. First shutdown the pi by running `sudo shutdown` from SSH. Next take out the memory card and follow all steps in [Raspberry Pi preperation](#raspberry-pi-preperation). It can be handy to reinstall the Pi. First shutdown the pi by running `sudo shutdown` from SSH. Next take out the memory card and follow all steps in [Raspberry Pi preperation](#raspberry-pi-preperation).
For the next step remove the current *known_hosts* entry with: `ssh-keygen -R '192.168.50.27'` for all PCs that had SSH access to the Pi. For the next step remove the current *known_hosts* entry with: `ssh-keygen -R '192.168.50.27'` for all PCs that had SSH access to the Pi.
### The external Kingston drive
An external 1 TiB drive is installed. The drive isn't directly managed by Ansible although some files/folders might be written to from it.
Use [this guide](https://raspberrytips.com/format-mount-usb-drive/) for setting up the proper filesystem.
Notice that mounting the volume automatically via **/etc/fstab** is done automatically by Ansible.
### Debugging users other than the main user ### Debugging users other than the main user
The **user** role included in this repository makes it possible to create new users which will also have a fully configured The **user** role included in this repository makes it possible to create new users which will also have a fully configured
ZSH environment. They can't be accessed via SSH because no SSH keys are added for them and password logins are disabled. ZSH environment. They can't be accessed via SSH because no SSH keys are added for them and password logins are disabled.

1
playbook.yml
View file

@ -9,6 +9,7 @@
roles: roles:
# These roles are disabled after they have being applied once for performance reasons, it should be safe to enable them again. # These roles are disabled after they have being applied once for performance reasons, it should be safe to enable them again.
# Notice that this role changes some settings on reruns (on the "Change various sysctl-settings" task), doesn't seem problematic though. # Notice that this role changes some settings on reruns (on the "Change various sysctl-settings" task), doesn't seem problematic though.
- role: fstab
- role: devsec.hardening.ssh_hardening - role: devsec.hardening.ssh_hardening
become: true become: true
- role: geerlingguy.docker - role: geerlingguy.docker

15
roles/fstab/tasks/main.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Mount the external disk automatically
become: true
ansible.posix.mount:
path: /bulk
src: "PARTUUID={{ disk_part_uuid }}"
fstype: ext4
opts: defaults
state: mounted
- name: Grant permissions to created /bulk volume
become: true
ansible.builtin.file:
path: /bulk
state: directory
mode: '0777'

2
roles/fstab/vars/main/defaults.yml Normal file
View file

@ -0,0 +1,2 @@
---
disk_part_uuid: '46c2e279-f56d-a64b-816e-24faf8b214c6'