fpiesche.raspi_setup
ansible-role-raspi-setup
This is an Ansible role that helps set up Raspberry Pi devices. It's designed for devices that don’t have a monitor or keyboard (headless machines).
When used on a new installation of Raspberry Pi OS where only SSH is enabled (you can enable this by adding an empty file named ssh to the boot partition on the SD card before starting it for the first time), this role can do the following:
- Set the
hostnamebased on what you provide in the Ansible inventory or through a variable calledlocal_hostname. - Adjust various settings in the
config.txtfile of different Raspberry Pis using a variable calledconfig_settings. - Add authorized SSH keys for the
piuser so you can log in without a password, using a variable calledauthorized_keys. - Change the default password for the
piuser through a variable calledpi_password.
If you want to skip any of these tasks, just leave the relevant variable empty.
It's a good idea to combine this setup with the dev-sec.ssh-hardening role to secure SSH access by disabling password login and making other security upgrades.
You can also use the geerlingguy.swap role to create a swap file if necessary.
Example playbook
Main playbook playbook.yml
- hosts: raspis
roles:
# This role will automatically configure passwordless SSH and customize any config.txt settings.
- role: fpiesche.raspi_setup
vars:
# Default values for all Pis, but they can be changed for individual hosts.
authorized_keys: ["{{ lookup('file', lookup('env', 'HOME') + '/.ssh/id_rsa.pub') }}",
"/home/otheruser/.ssh/id_rsa.pub",
"ssh-rsa ..."]
# The `pi_password` variable must have a hashed password.
pi_password: "{{ raspberry | password_hash('sha512') }}"
# RECOMMENDED: This role secures SSH access and makes other security enhancements.
# https://github.com/dev-sec/ansible-ssh-hardening
- role: dev-sec.ssh-hardening
become: yes
# OPTIONAL: Set up a swap file with the `swap_megabytes` variable.
# https://github.com/geerlingguy/ansible-role-swap
- role: geerlingguy.swap
become: yes
Inventory hosts.yml
Here’s a snippet of the hosts.yml I use for my Docker cluster with different versions of Raspberry Pi:
---
all:
children:
raspis:
vars:
ansible_python_interpreter: /usr/bin/python3
ansible_user: pi
ansible_password: raspberry
hosts:
pi-1-a.local:
# Set a different password for the `pi` user on this Pi
pi_password: "{{ pi1-password | password_hash('sha512') }}"
# Settings in the config_settings will be applied to this Pi's config.txt and the system will reboot.
config_settings:
- name: "gpu_mem"
value: 16
# Overclocking settings for Raspberry Pi 1
- name: "arm_freq"
value: 1000
- name: "sdram_freq"
value: 500
- name: "core_freq"
value: 500
- name: "over_voltage"
value: 6
- name: "temp_limit"
value: 75
# This is used to set up a 1GB swap file.
swap_file_size_mb: 1024
pi-2.local:
pi_password: "{{ pi2-password | password_hash('sha512') }}"
local_hostname: that-other-one
config_settings:
- name: "gpu_mem"
value: 16
# Overclocking settings for Raspberry Pi 2
- name: "arm_freq"
value: 1000
- name: "core_freq"
value: 500
- name: "sdram_freq"
value: 400
- name: "over_voltage"
value: 0
- name: "over_voltage_sdram_p"
value: 0
- name: "over_voltage_sdram_i"
value: 0
- name: "over_voltage_sdram_c"
value: 0
- name: "temp_limit"
value: 75
swap_file_size_mb: 1024
Perform basic setup for headless use on newly deployed Raspberry Pi OS installations
ansible-galaxy install fpiesche.raspi_setup