o Importing bitraf-base, packages and postfix-satellite from Bitraf.

o Configuring nextcloud.

1 files changed, 105 insertions, 38 deletions

diff --git a/ansible/roles/lxc-host/tasks/per-host.yml b/ansible/roles/lxc-host/tasks/per-host.yml
index d38267e..817497b 100644
--- a/ansible/roles/lxc-host/tasks/per-host.yml
+++ b/ansible/roles/lxc-host/tasks/per-host.yml
@@ -1,48 +1,115 @@
 - debug:
     msg: "LXC HOST: {{ i.key }}"
+  tags: lxc-host
 
-- name: lxc.network.type = veth
-  register: type
-  lineinfile:
-    path: "/var/lib/lxc/{{ i.key }}/config"
-    regexp: "lxc.network.type *="
-    line: "lxc.network.type = veth"
-- name: lxc.network.link = br0
-  register: link
-  lineinfile:
-    path: "/var/lib/lxc/{{ i.key }}/config"
-    regexp: "lxc.network.link *="
-    line: "lxc.network.link = br0"
-- name: Set IPv4 address {{ i.key }}
-  register: ipv4
-  lineinfile:
-    path: "/var/lib/lxc/{{ i.key }}/config"
-    regexp: "lxc.network.ipv4 *="
-    line: "lxc.network.ipv4 = {{ i.value.ipv4.address }}/{{ i.value.ipv4.netmask }}"
-- name: Set IPv4 gateway
-  register: ipv4_gateway
+- name: Create container
+  tags: lxc-host
+  become: yes
+  lxc_container:
+    name: "{{ i.key }}"
+    state: "{{ i.value.state }}"
+    template: debian
+    template_options: -r stretch --packages git,etckeeper,python,sudo
+    backing_store: "{{ lxc_host__backing_store }}"
+    zfs_root: "{{ lxc_host__zfs_root|default('') }}"
+  register: lxc
+
+- name: Connection info
+  tags: lxc-host
+  become: yes
+  when: lxc.changed
+  debug:
+    msg: "Container created! All keys for superusers are installed for
+      root user, so remember to add 'ansible_user=root' when running the
+      play for the host the first time."
+
+- name: Create /root/.ssh
+  tags: lxc-host
+  become: yes
+  when: lxc.changed
+  file:
+    path: "/var/lib/lxc/{{ i.key }}/rootfs/root/.ssh"
+    state: directory
+    mode: 0600
+    owner: root
+    group: root
+
+- name: Fill authorized_keys
+  tags: lxc-host
+  become: yes
+  when: lxc.changed
+  copy:
+    dest: "/var/lib/lxc/{{ i.key }}/rootfs/root/.ssh/authorized_keys"
+    content: |
+      {% for user in superusers %}
+      {% if users[user].authorized_keys is not none %}
+      {{ users[user].authorized_keys }}
+      {% endif %}
+      {% endfor %}
+
+- name: config-lxc-host
+  tags: lxc-host
+  become: yes
+  register: config_lxc_host
+  copy:
+    dest: "/var/lib/lxc/{{ i.key }}/config-lxc-host"
+    content: |
+      lxc.network.type = veth
+      lxc.network.link = br0
+      lxc.network.flags = up
+      lxc.network.hwaddr = {{ lan.hwaddr }}
+      {% if lan.ipv4 is defined %}
+      lxc.network.ipv4 = {{ lan.ipv4.address }}/{{ lan.ipv4.netmask }}
+      lxc.network.ipv4.gateway = {{ lan.ipv4.gateway }}
+      {% endif %}
+      # 0 = trace, 1 = debug, 2 = info, 3 = notice, 4 = warn, 5 = error, 6 = critical, 7 = alert, and 8 = fatal.
+      lxc.loglevel = 1
+      lxc.logfile = /var/lib/lxc/{{ i.key }}/{{ i.key }}.log
+
+- name: "include file: config-lxc-host"
+  tags: lxc-host
+  become: yes
+  register: include_lxc_host
   lineinfile:
     path: "/var/lib/lxc/{{ i.key }}/config"
-    regexp: "lxc.network.ipv4.gateway *="
-    line: "lxc.network.ipv4.gateway = {{ i.value.ipv4.gateway }}"
-    insertafter: "lxc.network.ipv4 *="
-- name: Set logfile
-  register: logfile
+    regexp: "^lxc.include *=.*/config-lxc-host$"
+    line: "lxc.include = /var/lib/lxc/{{ i.key }}/config-lxc-host"
+
+- name: "include file: config.d"
+  tags: lxc-host
+  become: yes
+  register: include_config_d
   lineinfile:
     path: "/var/lib/lxc/{{ i.key }}/config"
-    regexp: "lxc.logfile *="
-    line: "lxc.logfile = /var/lib/lxc/{{ i.key }}/{{ i.key }}.log"
-
-#- name: state?
-#  debug:
-#    msg: "state={{ i.value.state }}"
-#- name: do restart?
-#  debug:
-#    msg: "DO RESTART: {{ i.key }}"
-#  when: i.value.state == 'started'
-
-- name: restart lxc container {{ i.key }}
-  when: i.value.state == 'started' and (type.changed or link.changed or ipv4.changed or logfile.changed)
+    regexp: "^lxc.include *=.*/conf.d/$"
+    line: "lxc.include = /var/lib/lxc/{{ i.key }}/conf.d/"
+
+- name: "mkdir conf.d"
+  tags: lxc-host
+  become: yes
+  file:
+    path: "/var/lib/lxc/{{ i.key }}/conf.d"
+    state: "directory"
+
+- name: "fill conf.d"
+  tags: lxc-host
+  become: yes
+  register: fill_config_d
+  with_fileglob: "lxc-host/{{ i.key }}/*"
+  loop_control:
+    loop_var: file
+  copy:
+    dest: "/var/lib/lxc/{{ i.key }}/conf.d"
+    src: "{{ file }}"
+
+- name: "restart lxc container {{ i.key }}"
+  tags: lxc-host
+  become: yes
+  when: i.value.state == 'started' and (
+            lxc.changed or
+            config_lxc_host.changed or
+            include_config_d.changed or
+            fill_config_d.changed)
   lxc_container:
     name: "{{ i.key }}"
     state: restarted