aboutsummaryrefslogtreecommitdiff
path: root/ansible/plays
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/plays')
-rw-r--r--ansible/plays/danneri.yml27
-rw-r--r--ansible/plays/host-hash.yml10
-rw-r--r--ansible/plays/host-lhn2pi.yml6
-rw-r--r--ansible/plays/host-unifi.yml18
-rw-r--r--ansible/plays/ipam-generate-dns.yml32
-rw-r--r--ansible/plays/ipam-generate-tf.yml53
-rw-r--r--ansible/plays/roa-server.yml25
-rw-r--r--ansible/plays/templates/danneri/systemd-networkd/enp1s0.network8
-rw-r--r--ansible/plays/templates/lhn2pi/systemd/network/10-eth0.network11
-rw-r--r--ansible/plays/templates/roa-server/docker-compose.yml14
-rw-r--r--ansible/plays/templates/unifi/systemd-networkd/enp1s0.network8
11 files changed, 212 insertions, 0 deletions
diff --git a/ansible/plays/danneri.yml b/ansible/plays/danneri.yml
new file mode 100644
index 0000000..6b4265a
--- /dev/null
+++ b/ansible/plays/danneri.yml
@@ -0,0 +1,27 @@
+- hosts:
+ - danneri
+ tasks:
+ - import_role:
+ name: systemd-networkd
+
+ - meta: flush_handlers
+
+ - become: yes
+ apt:
+ name:
+ - etckeeper
+ - import_role:
+ name: timezone
+
+ - become: yes
+ tags: k3s
+ copy:
+ dest: /etc/rancher/k3s/config.yaml
+ content: |
+ tls-san:
+ - "danneri.dn42.trygvis.io"
+ - "{{ ipam6.networks.lhn2_dn42.hosts.danneri }}"
+ - "2a06:2240:f00d:b500:9422:d355:95b7:f170"
+ cluster-cidr: "{{ ipam6.networks.danneri_cluster.range }}"
+ service-cidr: "{{ ipam6.networks.danneri_service.range }}"
+
diff --git a/ansible/plays/host-hash.yml b/ansible/plays/host-hash.yml
new file mode 100644
index 0000000..62b781f
--- /dev/null
+++ b/ansible/plays/host-hash.yml
@@ -0,0 +1,10 @@
+- hosts: hash
+ tasks:
+ - become: yes
+ copy:
+ dest: /etc/docker/daemon.json
+ content: |
+ {
+ "ipv6": true,
+ "fixed-cidr-v6": "{{ ipam6.networks.hash_docker_dn42.range }}"
+ }
diff --git a/ansible/plays/host-lhn2pi.yml b/ansible/plays/host-lhn2pi.yml
new file mode 100644
index 0000000..551c3dd
--- /dev/null
+++ b/ansible/plays/host-lhn2pi.yml
@@ -0,0 +1,6 @@
+- hosts:
+ - lhn2pi
+ roles:
+ - systemd-networkd
+ - prometheus-bird-exporter
+ - prometheus-node-exporter
diff --git a/ansible/plays/host-unifi.yml b/ansible/plays/host-unifi.yml
new file mode 100644
index 0000000..41fb292
--- /dev/null
+++ b/ansible/plays/host-unifi.yml
@@ -0,0 +1,18 @@
+- hosts:
+ - unifi
+ tasks:
+ - become: yes
+ apt:
+ name:
+ - etckeeper
+
+ - import_role:
+ name: timezone
+
+ - import_role:
+ name: systemd-networkd
+
+ - become: yes
+ apt:
+ name:
+ - docker.io
diff --git a/ansible/plays/ipam-generate-dns.yml b/ansible/plays/ipam-generate-dns.yml
new file mode 100644
index 0000000..d29b3e8
--- /dev/null
+++ b/ansible/plays/ipam-generate-dns.yml
@@ -0,0 +1,32 @@
+- hosts: localhost
+ gather_facts: no
+ connection: local
+ tasks:
+ - set_fact:
+ content: |
+ {% set hosts = [] %}
+ {% for nw_name, network in ipam6.networks.items() %}
+ {% for host, address in (network.hosts|default({})).items() %}
+ {{- hosts.append({'name': host, 'address': address}) -}}
+ {% endfor %}
+ {% endfor %}
+ # Generated from ansible data
+ {% for h in hosts|sort(attribute='name') %}
+
+ resource "linode_domain_record" "dn42-{{ h.name }}" {
+ domain_id = linode_domain.root.id
+ name = "{{ h.name }}.dn42"
+ record_type = "AAAA"
+ target = "{{ h.address|ansible.utils.ipv6('address') }}"
+ }
+ {% endfor %}
+ - debug:
+ msg: "{{ content }}"
+ when: false
+ - name: Generating ../../terraform/dns/dn42.tf
+ register: tf
+ copy:
+ dest: ../../terraform/dns/dn42.tf
+ content: "{{ content }}"
+ - shell: terraform fmt ../../terraform/ipam6/ipam6.tf
+ when: "tf.changed"
diff --git a/ansible/plays/ipam-generate-tf.yml b/ansible/plays/ipam-generate-tf.yml
new file mode 100644
index 0000000..209b8ab
--- /dev/null
+++ b/ansible/plays/ipam-generate-tf.yml
@@ -0,0 +1,53 @@
+- hosts: localhost
+ gather_facts: no
+ connection: local
+ collections:
+ - ansible.utils
+ tasks:
+ - name: Generate terraform/ipam6/ipam6.tf
+ register: tf
+ copy:
+ dest: ../../terraform/ipam6/ipam6.tf
+ content: |
+ output "networks" {
+ value = {
+ {% for name, network in ipam6.networks.items() %}
+ {% if not (network.range | ansible.utils.ipv6) %}
+ Invalid network: {{ network.range }}
+ {% endif %}
+ {{ name }} = {
+ {% if network.description|default("") %}
+ description = "{{ network.description }}"
+ {% endif %}
+ range = "{{ network.range }}"
+ address = "{{ network.range|ansible.utils.ipaddr("network") }}"
+ prefix = "{{ network.range|ansible.utils.ipaddr("prefix") }}"
+ {% set hosts = network.hosts|default({}) %}
+ hosts = {
+ {% for name, addr in hosts.items() %}
+ {{ name }} = {
+ address: "{{ addr|ansible.utils.ipaddr("address") }}"
+ prefix: "{{ addr|ansible.utils.ipaddr("prefix") }}"
+ }
+ {% endfor %}
+ }
+ }
+ {% endfor %}
+ }
+ }
+
+ output "hosts" {
+ value = {
+ {% for name, network in ipam6.networks.items() %}
+ {% set hosts = network.hosts|default({}) %}
+ {% for name, addr in hosts.items() %}
+ {{ name }} = {
+ address: "{{ addr|ansible.utils.ipaddr("address") }}"
+ prefix: "{{ addr|ansible.utils.ipaddr("prefix") }}"
+ }
+ {% endfor %}
+ {% endfor %}
+ }
+ }
+ - shell: terraform fmt ../../terraform/ipam6/ipam6.tf
+ when: "tf.changed"
diff --git a/ansible/plays/roa-server.yml b/ansible/plays/roa-server.yml
new file mode 100644
index 0000000..c662640
--- /dev/null
+++ b/ansible/plays/roa-server.yml
@@ -0,0 +1,25 @@
+- hosts:
+ - hash
+ tasks:
+ - name: mkdir /etc/docker-service/roa-server
+ become: true
+ file:
+ path: /etc/docker-service/roa-server
+ state: directory
+ mode: 0700
+ - name: Install /etc/docker-service/roa-server/private.pem
+ become: true
+ copy:
+ dest: /etc/docker-service/roa-server/private.pem
+ content: "{{ roa_server.private }}"
+ owner: root
+ group: root
+ mode: 0444
+
+ - import_role:
+ name: docker-service
+ vars:
+ service: roa-server
+ template: templates/roa-server/docker-compose.yml
+# systemd_enabled: no
+# systemd_state: stopped
diff --git a/ansible/plays/templates/danneri/systemd-networkd/enp1s0.network b/ansible/plays/templates/danneri/systemd-networkd/enp1s0.network
new file mode 100644
index 0000000..b38116c
--- /dev/null
+++ b/ansible/plays/templates/danneri/systemd-networkd/enp1s0.network
@@ -0,0 +1,8 @@
+[Match]
+Name=enp1s0
+
+[Network]
+DHCP=ipv4
+
+[IPv6AcceptRA]
+Token=static:{{ ipam6.networks.lhn2_dn42.hosts.danneri }}
diff --git a/ansible/plays/templates/lhn2pi/systemd/network/10-eth0.network b/ansible/plays/templates/lhn2pi/systemd/network/10-eth0.network
new file mode 100644
index 0000000..853556d
--- /dev/null
+++ b/ansible/plays/templates/lhn2pi/systemd/network/10-eth0.network
@@ -0,0 +1,11 @@
+[Match]
+Name=eth0
+
+[Network]
+DHCP=ipv4
+Address={{ ipam6.networks.lhn2_dn42.hosts.lhn2pi }}
+# IPv6Forwarding=yes # needs newer systemd
+
+# Disables the automatic activation of DHCPv6 from RA packets
+[IPv6AcceptRA]
+DHCPv6Client=no
diff --git a/ansible/plays/templates/roa-server/docker-compose.yml b/ansible/plays/templates/roa-server/docker-compose.yml
new file mode 100644
index 0000000..c11933c
--- /dev/null
+++ b/ansible/plays/templates/roa-server/docker-compose.yml
@@ -0,0 +1,14 @@
+version: "3"
+services:
+ stayrtr:
+ image: rpki/stayrtr:latest # no tagged images are available :(
+ volumes:
+ - /etc/docker-service/roa-server/id_ecdsa:/id_ecdsa:ro
+ ports:
+ - 8022:8022
+ command:
+ - -bind=
+ - -ssh.bind=:8022
+ - -ssh.key=/id_ecdsa
+ - -checktime=false
+ - -cache=https://dn42.burble.com/roa/dn42_roa_46.json
diff --git a/ansible/plays/templates/unifi/systemd-networkd/enp1s0.network b/ansible/plays/templates/unifi/systemd-networkd/enp1s0.network
new file mode 100644
index 0000000..251bf45
--- /dev/null
+++ b/ansible/plays/templates/unifi/systemd-networkd/enp1s0.network
@@ -0,0 +1,8 @@
+[Match]
+Name=enp1s0
+
+[Network]
+DHCP=ipv4
+
+[IPv6AcceptRA]
+Token=static:{{ ipam6.networks.lhn2_dn42.hosts.unifi }}
generated by cgit v1.2.3 (git 2.46.0) at 2024-11-08 16:29:15 +0000