From 00cafde18d15dc33ff8889063e17125844d9b394 Mon Sep 17 00:00:00 2001
From: Amin Vakil <info@aminvakil.com>
Date: Sat, 9 Oct 2021 12:49:01 +0330
Subject: [PATCH] install_arch: init pacman keyring on first boot

Creates a systemd service which executes these commands on first boot:

pacman-key --init

pacman-key --populate archlinux

Also it makes sure /etc/pacman.d/gnupg is not absent.

At last it removes /etc/machine-id to make sure systemd launches first
boot services.
---
 roles/install_arch/files/pacman-init.service | 13 +++++++++++++
 roles/install_arch/tasks/main.yml            | 11 ++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 roles/install_arch/files/pacman-init.service

diff --git a/roles/install_arch/files/pacman-init.service b/roles/install_arch/files/pacman-init.service
new file mode 100644
index 000000000..e064df407
--- /dev/null
+++ b/roles/install_arch/files/pacman-init.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Initializes Pacman keyring
+Before=sshd.service
+ConditionFirstBoot=yes
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/pacman-key --init
+ExecStart=/usr/bin/pacman-key --populate archlinux
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/install_arch/tasks/main.yml b/roles/install_arch/tasks/main.yml
index e18abe617..7ac0656ab 100644
--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@@ -150,8 +150,17 @@
   register: chroot_grub_mkconfig
   changed_when: "chroot_grub_mkconfig.rc == 0"
 
+- name: setup pacman-init.service on first boot
+  copy: src=pacman-init.service dest=/mnt/etc/systemd/system/ owner=root group=root mode=0644
+
+- name: remove generated keyring in the installation process
+  file: path=/mnt/etc/pacman.d/gnupg state=absent
+
+- name: make sure /etc/machine-id is absent
+  file: path=/mnt/etc/machine-id state=absent
+
 - name: enable services inside chroot
-  command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved fstrim.timer
+  command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved fstrim.timer pacman-init
   register: chroot_systemd_services
   changed_when: "chroot_systemd_services.rc == 0"
 
-- 
GitLab