aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2019-03-09 16:55:02 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2019-03-09 16:55:02 +0100
commitedbe2bfb1b4845f853a1634565fbf264d1591628 (patch)
tree05b0451f42d2cb927719f52f93fac7358bd15d39
parentd4de905ae685c750fa7f0b8f65db579d4aeec193 (diff)
downloadinfra-edbe2bfb1b4845f853a1634565fbf264d1591628.tar.gz
infra-edbe2bfb1b4845f853a1634565fbf264d1591628.tar.bz2
infra-edbe2bfb1b4845f853a1634565fbf264d1591628.tar.xz
infra-edbe2bfb1b4845f853a1634565fbf264d1591628.zip
lxc-host:
o Correcting ordering of networkd files. packages: o Better split of package names. unifi: o importing role from Bitraf. o Configring lxc host on birgitte.
-rw-r--r--ansible/all.yml8
-rw-r--r--ansible/files/birgitte/etc/systemd/network/51-eth0.network5
-rw-r--r--ansible/group_vars/all/dovedot-secret.yml94
-rw-r--r--ansible/group_vars/all/host_database.yml26
-rw-r--r--ansible/group_vars/all/packages.yml23
-rw-r--r--ansible/group_vars/workstation/packages.yml1
-rw-r--r--ansible/host_vars/birgitte/lxc.yml4
-rw-r--r--ansible/host_vars/birgitte/systemd-networkd.yml2
-rw-r--r--ansible/inventory11
-rw-r--r--ansible/roles/borg-client/tasks/borg-client.yml4
-rw-r--r--ansible/roles/lxc-host/defaults/main.yml1
-rw-r--r--ansible/roles/lxc-host/tasks/networkd.yml65
-rw-r--r--ansible/roles/lxc-host/tasks/per-host.yml5
-rw-r--r--ansible/roles/systemd-networkd/handlers/main.yml4
-rw-r--r--ansible/roles/systemd-networkd/tasks/main.yml9
-rw-r--r--ansible/roles/unifi/handlers/main.yml3
-rw-r--r--ansible/roles/unifi/tasks/main.yml23
-rw-r--r--ansible/unifi.yml6
18 files changed, 196 insertions, 98 deletions
diff --git a/ansible/all.yml b/ansible/all.yml
index 285777d..fdb8116 100644
--- a/ansible/all.yml
+++ b/ansible/all.yml
@@ -41,6 +41,14 @@
roles:
- linode-dns-update
+- hosts:
+ - birgitte
+ roles:
+ - role: systemd-networkd
+ tags: systemd-networkd
+ become: yes
+
- import_playbook: nftables.yml
- import_playbook: lxc-host.yml
- import_playbook: wireguard.yml
+- import_playbook: unifi.yml
diff --git a/ansible/files/birgitte/etc/systemd/network/51-eth0.network b/ansible/files/birgitte/etc/systemd/network/51-eth0.network
new file mode 100644
index 0000000..82831c5
--- /dev/null
+++ b/ansible/files/birgitte/etc/systemd/network/51-eth0.network
@@ -0,0 +1,5 @@
+[Match]
+Name=eth0
+
+[Network]
+Bridge=lxc0-br
diff --git a/ansible/group_vars/all/dovedot-secret.yml b/ansible/group_vars/all/dovedot-secret.yml
index a292db2..cfc7d67 100644
--- a/ansible/group_vars/all/dovedot-secret.yml
+++ b/ansible/group_vars/all/dovedot-secret.yml
@@ -1,46 +1,50 @@
$ANSIBLE_VAULT;1.1;AES256
-61366462663635313965363536313765323563373632623265373963396365313734663530313662
-3263323361626164343537393965313730626233623938380a656431393865653930646264353030
-35626530363765613639666531303664663962343139363339323264393737346236373331343539
-3236313561636437350a333330383766653866333636616434396565383637346435363263383465
-63346262343037333539623665303830343636636663613861356662623030613231303630313536
-36656266366239383961616462623661616164653664356634376661316261333835386466623165
-63326135356266616263313834366464343136376635373530633062353632363836386336393765
-38663662653731363463616163333238303565633136313665343965366630386433633330663431
-30303530636138636631623063663565376531653863326132376537366337336631346139613633
-32646230633738303536333939653838613038396666643937376632366165363666643333646162
-32306338393838633366396437326233316439316434333132303361306232313264333464623934
-34353863363335393961383538663936373338366661326332336164363461633232366536633037
-31383164323136393061376262343531313236373562313363626432653063643862643636623737
-39663064386538353234303832316565636532393864323430313164343435363835623264613736
-38383663626233656436346566383561656531353136346365623633636131333336393531306233
-63323062356332613465326365383032633265356164336138366163323739623764623736383131
-34373337666534363361376233613635623637353530663036383933336631643931333561636363
-32323461646163353731383631656431653362326266396434643235356464613361313165323032
-61396161353565336330353731336532616139306338393930343263393063306338366135323130
-62626564356436653538623666656562353132393237373665306134363834316661303862636232
-33663031306133663664626266343263326265663764356364643864323136636436333137316437
-37383935613238326264383935313837636237313566313465383533623339336463396637323035
-35653136343839303532313061323736386166353034376364656661613632393132363733626464
-62373533636137643234613332383339393364393436343331313131313331363837666561316463
-64626239646335336562323639626438643463646365643261663561643532306161393636633963
-62373463393337316533363731353934303931636535333461613965663030386532636262333863
-35653739393934313238623938633662303465636338316431306533636461356638613237373736
-62306462616161373465643131343466306236666139313430663239653130346563663464353037
-31663636306239343437333930633966396134643137336264376164666631393061613136323462
-39313531353063346564626232373066333632656235646530346536383332386132316230346262
-36656465613133343534653131323964363934343065656263376139656339383661393734393866
-38343763353931363635666633633463313736323837356337626161396465633834313366616634
-36623965323135346537343230353266383234316364656135383330613931653834623561353031
-65623639326361316336396133393363383531366533336135323930333930643435613137383163
-66393361663966646439366565373633323261313635633535633933323431666638383163633439
-33656533346264653138346165323636353439383233323033316435303432353234353233303737
-32636162633232613163663133343031336138616638343338396664346230643437376239303532
-61343634343563306132353062663938616562386666353136333332366165363966633134303130
-62396132393636303934373639393131316634643735653664653263633938313832336635353239
-31613262373130633061333034343138376332613437316335373132663235353931376137636237
-37616531306666313830646634383830663531333536366237313063616132313736346534383864
-39613032336465313465326635656530643334303464663565613738656338646263366231396135
-66663930633663643766653063366134363038303465306234353536326262666133623066623338
-62633038343631343862386263313138663764666539613236333532663862303463623439396565
-3138
+64316434326234323763336434613235336131316361366636623836343836633966643634386166
+3637633830663333633863313633346538663435633038310a393866336431653132386531633332
+36303131643661666461663166356666363737613763356431303238613134363432626262366163
+3030386666383232620a346263356161303938386136313964336262663530323139633133373366
+65373231613863663833373733666466373866346132643334376239303134656230656461663033
+65346530376434373439386539333239333261613038623231356563353130333430613431396237
+35303634346330343533383530303831396662653438333965383433323565363938323533373833
+63343432323833373533653838363661643063333862323463333066616362303764306632613866
+31656262323464663761626664343937346338306138396637653066313532633136373066616535
+62633063633465373331633134393562393464656231343966653036303033373636393361396566
+38636263663063366131393836336632363134666338303233356131373965633637343265623238
+34613361313233623636626637633131653033646139346632653965663830326431303630626334
+34303134363261353831383530366637653563383966336333643331353766666332633762373733
+32616461393036313062323732333030646636343230373662383837626635323266353638643365
+62336236656438303839343538356462626135396232363836623531383866326234303238333636
+65656337366165353933626334626135613530366336363763323034643037616530626162373337
+39376134323732613061616166333832386432646232643536666438393065316662396566343062
+31343462353035666534353731353138663362363530636362393137363831623761623338343838
+66623334336436613035393762386536333131373935383931616637663330363038303364373166
+30633362303865396439323966333538653262633639336562633137393433393339323865616163
+64313139316238353535346133333265663536353766643038633335346632396435663239663639
+31333163616131366537336537623864323564333932386635366333336433626335656530616131
+32643264313832303734656336656365356133383836653437363964663032303861373264313430
+63333934323661323933393834623962336236323634396263386133666530363137636564396631
+31343666376565383366363161613838306664383765333563366465336563623837643837316335
+65633866626265353430383131353634323463343166386637323665326661666335663031633766
+34353264373735306631633338383734663866353962643130643735386536633962623930393739
+37316138396131656664626563373366356636366134336535343734356236633534316137633131
+30396337356466383034646564313431386438653165653230356337323039616630353262313939
+34396237393835663835303436386235663465626237666466376563613639636361393632386231
+64363134363866363964393330306330656537393839656163373164633031653537303030363364
+32396530326161396461613437333334643365626334343331356635373236653262303436303461
+31313431373432306364313335636535376132636633333334396135313136643035313831303931
+62666330373165326165346234393130383437646666363334316435383864366534356339383638
+64323338303763393536376636303930663232373331613962346135346437313862366437613836
+36623734386161656535646334653539346365633265383939643462653035646435333737326665
+37313465343663666165326639323835666461643565393030373261663530356162316231386332
+34613561396436626664336664363066663665316434323339393865626563653538336363336634
+64646237396566373238333663366535353730346338343562316330346134376234616334636435
+62653134333735656339623361626335613534336465356430306330353839303136623632643866
+30333631393765613836313737663535393131366534373532616164363665623335343561313935
+38333937663336643464396432646635323834616230653861383864643231346462366531356633
+33626565666463623466363861666632386166613332633761613930353933376261646233353639
+35333734303237353131653063643835633733623833383939623134323464653334636438646439
+64343261386330653538623635353163663762316436336239373038626230316466616364666565
+36663963626138633832623738616332333737623063316663313964376638333663643538323131
+35663231333263326538376136656266666535633566643063616139383138323864303163663164
+34336534646265313061663534373563383835373032393635383136373239643936326331363263
+3362
diff --git a/ansible/group_vars/all/host_database.yml b/ansible/group_vars/all/host_database.yml
index c7bce07..654ef18 100644
--- a/ansible/group_vars/all/host_database.yml
+++ b/ansible/group_vars/all/host_database.yml
@@ -14,16 +14,10 @@ ipv6_networks:
host_database:
birgitte:
interfaces:
- wlx00e01d0808b2:
- role: wan
- ipv4:
- address: 192.168.10.3
- netmask: 24
- gateway: 192.168.10.1
- int0:
+ lxc0-int:
role: lan
ipv4:
- address: 192.168.90.100
+ address: 192.168.10.3
netmask: 24
ipv6:
address: cafe::1
@@ -32,13 +26,21 @@ host_database:
# Birgitte
nextcloud:
interfaces:
- eth0:
- role: lan
+ veth0:
hwaddr: 0e:18:a7:03:50:54
ipv4:
- address: 192.168.90.101
+ address: 192.168.10.201
netmask: 24
- gateway: 192.168.90.100
+ gateway: 192.168.10.1
+
+ unifi:
+ interfaces:
+ veth0:
+ hwaddr: cc:b8:a7:d0:72:50
+ ipv4:
+ address: 192.168.10.202
+ netmask: 24
+ gateway: 192.168.10.1
conflatorio:
interfaces:
diff --git a/ansible/group_vars/all/packages.yml b/ansible/group_vars/all/packages.yml
index a418203..15bc8f9 100644
--- a/ansible/group_vars/all/packages.yml
+++ b/ansible/group_vars/all/packages.yml
@@ -1,12 +1,13 @@
-packages_packages: "{{ packages__unix }} + {{ packages__misc }} + {{ packages__dev }} + {{ packages__electronics }} + []"
+packages_packages: "{{ packages__unix_server }} + []"
-packages__unix:
- - ack
+packages_physical_machine:
+ - firmware-linux
+
+packages__unix_server:
- ca-certificates
- curl
- dnsutils
- dos2unix
- - firmware-linux
- gawk
- graphviz
- htop
@@ -27,19 +28,24 @@ packages__unix:
- strace
- sudo
- sysstat
- - task-norwegian
- tcpdump
- tmux
- tree
- tshark
- - ttf-mscorefonts-installer
- unzip
- vim
- vim-editorconfig
- vim-nox
- vim-pathogen
- - virtualenv
- whois
+ - zip
+ - apt-transport-https
+
+packages__unix_workstation:
+ - ack
+ - task-norwegian
+ - ttf-mscorefonts-installer
+ - virtualenv
- wine
- wireshark-gtk
@@ -61,9 +67,6 @@ packages__dev:
- valgrind
- devscripts
-packages__misc:
- - zip
-
packages__electronics:
- arduino
- arduino-mk
diff --git a/ansible/group_vars/workstation/packages.yml b/ansible/group_vars/workstation/packages.yml
new file mode 100644
index 0000000..d6c1d8b
--- /dev/null
+++ b/ansible/group_vars/workstation/packages.yml
@@ -0,0 +1 @@
+packages_packages: "{{ packages__unix_server }} + {{ packages__unix_workstation }} + {{ packages__misc }} + {{ packages__dev }} + {{ packages__electronics }} + []"
diff --git a/ansible/host_vars/birgitte/lxc.yml b/ansible/host_vars/birgitte/lxc.yml
index a57d6e6..0b313c3 100644
--- a/ansible/host_vars/birgitte/lxc.yml
+++ b/ansible/host_vars/birgitte/lxc.yml
@@ -1,5 +1,5 @@
lxc_host__containers:
nextcloud:
state: started
-
-lxc_host__internal_if: int0
+ unifi:
+ state: started
diff --git a/ansible/host_vars/birgitte/systemd-networkd.yml b/ansible/host_vars/birgitte/systemd-networkd.yml
new file mode 100644
index 0000000..f405675
--- /dev/null
+++ b/ansible/host_vars/birgitte/systemd-networkd.yml
@@ -0,0 +1,2 @@
+systemd_networkd__files:
+ - "birgitte/etc/systemd/network/51-eth0.network"
diff --git a/ansible/inventory b/ansible/inventory
index e22f279..f9bf9a2 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -16,11 +16,17 @@ all:
ansible_host: malabaricus.trygvis.io
conflatorio:
ansible_host: conflatorio.trygvis.io
- nextcloud:
- ansible_host: 192.168.90.101
akili:
ansible_host: akili.local
+ nextcloud:
+ ansible_host: 192.168.10.201
+ unifi:
+ ansible_host: 192.168.10.202
children:
+ workstation:
+ children:
+ desktops:
+ laptops:
desktops:
hosts:
birgitte:
@@ -60,6 +66,7 @@ all:
debian_stretch:
hosts:
malabaricus:
+ unifi:
vars:
packages__version: stretch
diff --git a/ansible/roles/borg-client/tasks/borg-client.yml b/ansible/roles/borg-client/tasks/borg-client.yml
index 4ddad49..92aba57 100644
--- a/ansible/roles/borg-client/tasks/borg-client.yml
+++ b/ansible/roles/borg-client/tasks/borg-client.yml
@@ -78,8 +78,8 @@
content: |
[Unit]
Description=Create backup
- After=network-online.target
- Wants=network-online.target
+ # After=network-online.target
+ # Wants=network-online.target
[Service]
Type=oneshot
diff --git a/ansible/roles/lxc-host/defaults/main.yml b/ansible/roles/lxc-host/defaults/main.yml
index cf747f3..46e58e2 100644
--- a/ansible/roles/lxc-host/defaults/main.yml
+++ b/ansible/roles/lxc-host/defaults/main.yml
@@ -1,3 +1,4 @@
+lxc_host__state: present
lxc_host__backing_store: dir
lxc_host__br_if: lxc0-br
lxc_host__internal_if: lxc0-int
diff --git a/ansible/roles/lxc-host/tasks/networkd.yml b/ansible/roles/lxc-host/tasks/networkd.yml
index 526fc29..39d8a69 100644
--- a/ansible/roles/lxc-host/tasks/networkd.yml
+++ b/ansible/roles/lxc-host/tasks/networkd.yml
@@ -15,58 +15,75 @@
name: systemd-networkd
enabled: yes
state: started
+ when: lxc_host__state == "present"
- - name: "{{ file_prefix }}-1-{{ lxc_host__internal_if }}.netdev"
+ - loop:
+ - "{{ file_prefix }}-1-{{ br_if }}.netdev"
+ - "{{ file_prefix }}-2-{{ br_if }}.network"
+ - "{{ file_prefix }}-3-{{ lxc_host__internal_if }}.netdev"
+ - "{{ file_prefix }}-4-{{ lxc_host__internal_if }}.network"
+ when: lxc_host__state == "absent"
notify: systemctl restart systemd-networkd
+ file:
+ path: "{{ item }}"
+ state: absent
+
+ - name: "{{ file_prefix }}-1-{{ br_if }}.netdev"
+ notify: systemctl restart systemd-networkd
+ when: lxc_host__state == "present"
copy:
- dest: "{{ file_prefix }}-1-{{ lxc_host__internal_if }}.netdev"
+ dest: "{{ file_prefix }}-1-{{ br_if }}.netdev"
content: |
[NetDev]
- Name={{ lxc_host__internal_if }}
- Kind=dummy
+ Name={{ br_if }}
+ Kind=bridge
- - name: "{{ file_prefix }}-2-{{ lxc_host__internal_if }}.network"
+ - name: "{{ file_prefix }}-2-{{ br_if }}.network"
notify: systemctl restart systemd-networkd
+ when: lxc_host__state == "present"
copy:
- dest: "{{ file_prefix }}-2-{{ lxc_host__internal_if }}.network"
+ dest: "{{ file_prefix }}-2-{{ br_if }}.network"
content: |
[Match]
- Name={{ lxc_host__internal_if }}
+ Name={{ br_if }}
[Network]
- Bridge={{ br_if }}
+ {% if internal_if.ipv4 is defined %}
+ Address={{ internal_if.ipv4.address }}/{{ internal_if.ipv4.netmask }}
+ {% endif %}
+ {% if internal_if.ipv6 is defined %}
+ Address={{ internal_if.ipv6.address }}/{{ internal_if.ipv6.netmask }}
+ {% endif %}
- - name: "{{ file_prefix }}-3-{{ br_if }}.netdev"
+ - name: "{{ file_prefix }}-3-{{ lxc_host__internal_if }}.netdev"
notify: systemctl restart systemd-networkd
+ when: lxc_host__state == "present"
copy:
- dest: "{{ file_prefix }}-3-{{ br_if }}.netdev"
+ dest: "{{ file_prefix }}-3-{{ lxc_host__internal_if }}.netdev"
content: |
[NetDev]
- Name={{ br_if }}
- Kind=bridge
+ Name={{ lxc_host__internal_if }}
+ Kind=dummy
- - name: "{{ file_prefix }}-4-{{ br_if }}.network"
+ - name: "{{ file_prefix }}-4-{{ lxc_host__internal_if }}.network"
notify: systemctl restart systemd-networkd
+ when: lxc_host__state == "present"
copy:
- dest: "{{ file_prefix }}-4-{{ br_if }}.network"
+ dest: "{{ file_prefix }}-4-{{ lxc_host__internal_if }}.network"
content: |
[Match]
- Name={{ br_if }}
+ Name={{ lxc_host__internal_if }}
[Network]
- {% if internal_if.ipv4 is defined %}
- Address={{ internal_if.ipv4.address }}/{{ internal_if.ipv4.netmask }}
- {% endif %}
- {% if internal_if.ipv6 is defined %}
- Address={{ internal_if.ipv6.address }}/{{ internal_if.ipv6.netmask }}
- {% endif %}
+ Bridge={{ br_if }}
- meta: flush_handlers
- name: Configure sysctl, enable ipv4 and ipv6 forwarding for {{ br_if }}
- sysctl:
- name: "{{ item }}"
- value: 1
with_items:
- net.ipv4.conf.{{ br_if }}.forwarding
- net.ipv6.conf.{{ br_if }}.forwarding
+ sysctl:
+ name: "{{ item }}"
+ value: 1
+ state: "{{ lxc_host__state }}"
diff --git a/ansible/roles/lxc-host/tasks/per-host.yml b/ansible/roles/lxc-host/tasks/per-host.yml
index ca33685..0acd1b5 100644
--- a/ansible/roles/lxc-host/tasks/per-host.yml
+++ b/ansible/roles/lxc-host/tasks/per-host.yml
@@ -2,6 +2,9 @@
msg: "LXC HOST: {{ name }}"
tags: lxc-host
+- debug:
+ var: lan
+
- when: new
tags: lxc-host
become: yes
@@ -59,10 +62,10 @@
{% endif %}
{% if lan.ipv6 is defined %}
lxc.net.0.ipv6.address = {{ lan.ipv6.address }}/{{ lan.ipv6.netmask }}
- {% endif %}
{% if lan.ipv6.gateway is defined %}
lxc.net.0.ipv6.gateway = {{ lan.ipv6.gateway }}
{% endif %}
+ {% endif %}
# 0 = trace, 1 = debug, 2 = info, 3 = notice, 4 = warn, 5 = error, 6 = critical, 7 = alert, and 8 = fatal.
lxc.log.level = 1
diff --git a/ansible/roles/systemd-networkd/handlers/main.yml b/ansible/roles/systemd-networkd/handlers/main.yml
new file mode 100644
index 0000000..9656da4
--- /dev/null
+++ b/ansible/roles/systemd-networkd/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart
+ systemd:
+ name: systemd-networkd
+ state: restarted
diff --git a/ansible/roles/systemd-networkd/tasks/main.yml b/ansible/roles/systemd-networkd/tasks/main.yml
new file mode 100644
index 0000000..13c167b
--- /dev/null
+++ b/ansible/roles/systemd-networkd/tasks/main.yml
@@ -0,0 +1,9 @@
+- systemd:
+ name: systemd-networkd
+ state: started
+ enabled: yes
+- loop: "{{ systemd_networkd__files | default([]) }}"
+ copy:
+ src: "{{ item }}"
+ dest: "/etc/systemd/network/{{ item | basename }}"
+ notify: restart
diff --git a/ansible/roles/unifi/handlers/main.yml b/ansible/roles/unifi/handlers/main.yml
new file mode 100644
index 0000000..ce78323
--- /dev/null
+++ b/ansible/roles/unifi/handlers/main.yml
@@ -0,0 +1,3 @@
+- name: update apt cache
+ apt:
+ update_cache: yes
diff --git a/ansible/roles/unifi/tasks/main.yml b/ansible/roles/unifi/tasks/main.yml
new file mode 100644
index 0000000..11c4c00
--- /dev/null
+++ b/ansible/roles/unifi/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: Ubiquiti APT key
+ notify: update apt cache
+ apt_key:
+ id: 06E85760C0A52C50
+ keyserver: keyserver.ubuntu.com
+
+- name: Ubiquiti APT repository
+ notify: update apt cache
+ copy:
+ dest: /etc/apt/sources.list.d/unifi.list
+ content: 'deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti'
+
+- meta: flush_handlers
+
+- name: packages
+ apt:
+ name: "{{ items }}"
+ install_recommends: no
+ vars:
+ items:
+ - openjdk-8-jre
+ - unifi
diff --git a/ansible/unifi.yml b/ansible/unifi.yml
new file mode 100644
index 0000000..d417a2a
--- /dev/null
+++ b/ansible/unifi.yml
@@ -0,0 +1,6 @@
+- hosts:
+ - unifi
+ roles:
+ - role: unifi
+ tags: unifi
+ become: yes