From d3ed6ff83913dd7757f21a70915acd75f1df6140 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Thu, 21 Mar 2019 11:10:05 +0100
Subject: o Adding LXC on conflatorio.

---
 ansible/conflatorio.yml                            | 12 ++++++
 .../etc/wireguard/public-wg-edipost.key            |  1 +
 ansible/group_vars/all/wireguard_wg-edipost.yml    |  7 +++
 ansible/group_vars/conflatorio-lxc.yml             |  1 +
 ansible/inventory                                  | 20 +++++++++
 ansible/roles/lxc-machine/tasks/main.yml           | 50 ++++++----------------
 ansible/wireguard.yml                              |  8 ++++
 7 files changed, 63 insertions(+), 36 deletions(-)
 create mode 100644 ansible/conflatorio.yml
 create mode 100644 ansible/files/conflatorio/etc/wireguard/public-wg-edipost.key
 create mode 100644 ansible/group_vars/all/wireguard_wg-edipost.yml
 create mode 100644 ansible/group_vars/conflatorio-lxc.yml

(limited to 'ansible')

diff --git a/ansible/conflatorio.yml b/ansible/conflatorio.yml
new file mode 100644
index 0000000..9d3a832
--- /dev/null
+++ b/ansible/conflatorio.yml
@@ -0,0 +1,12 @@
+- hosts:
+    - conflatorio-lxc
+  roles:
+    - lusers
+    - superusers
+    - lxc-machine
+    - role: packages
+      become: yes
+      tags: packages
+    - role: trygvis-base
+      become: yes
+      tags: trygvis-base
diff --git a/ansible/files/conflatorio/etc/wireguard/public-wg-edipost.key b/ansible/files/conflatorio/etc/wireguard/public-wg-edipost.key
new file mode 100644
index 0000000..dd3609c
--- /dev/null
+++ b/ansible/files/conflatorio/etc/wireguard/public-wg-edipost.key
@@ -0,0 +1 @@
+JwZ1bmkuCvZfzzVzWqpEt5+NRAQ/B3ciURg2Gg5jdVw=
diff --git a/ansible/group_vars/all/wireguard_wg-edipost.yml b/ansible/group_vars/all/wireguard_wg-edipost.yml
new file mode 100644
index 0000000..449f031
--- /dev/null
+++ b/ansible/group_vars/all/wireguard_wg-edipost.yml
@@ -0,0 +1,7 @@
+wireguard-wg-edipost:
+  if: wg-edipost
+  ipv4_prefix: 24
+  hosts:
+    conflatorio:
+      state: present
+      ipv4: 192.168.100.2
diff --git a/ansible/group_vars/conflatorio-lxc.yml b/ansible/group_vars/conflatorio-lxc.yml
new file mode 100644
index 0000000..02f7f9f
--- /dev/null
+++ b/ansible/group_vars/conflatorio-lxc.yml
@@ -0,0 +1 @@
+packages__version: stretch
diff --git a/ansible/inventory b/ansible/inventory
index f9bf9a2..1824e7f 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -22,6 +22,17 @@ all:
       ansible_host: 192.168.10.201
     unifi:
       ansible_host: 192.168.10.202
+    conflatorio-test1:
+      ansible_host: "fd56:1ae9:097d:3ddd:6c53:1011:3bad:9498"
+    conflatorio-test2:
+      ansible_host: "fd56:1ae9:097d:3ddd:4c96:be16:9e04:c110"
+    conflatorio-test3:
+      ansible_host: "fd56:1ae9:097d:3ddd:02df:da1d:ccb7:97b9"
+    conflatorio-test4:
+      ansible_host: "fd56:1ae9:097d:3ddd:ecd7:7f0a:79cd:343c"
+    conflatorio-test5:
+      ansible_host: "fd56:1ae9:097d:3ddd:5375:e67b:7878:310d"
+
   children:
     workstation:
       children:
@@ -49,11 +60,20 @@ all:
         malabaricus:
         nextcloud:
         numquam:
+      children:
+        conflatorio-lxc:
     lxc-hosts:
       hosts:
         arius:
         birgitte:
         conflatorio:
+    conflatorio-lxc:
+      hosts:
+        conflatorio-test1:
+        conflatorio-test2:
+        conflatorio-test3:
+        conflatorio-test4:
+        conflatorio-test5:
     linode-dns-update:
       hosts:
         akysis:
diff --git a/ansible/roles/lxc-machine/tasks/main.yml b/ansible/roles/lxc-machine/tasks/main.yml
index 591b317..f6e927c 100644
--- a/ansible/roles/lxc-machine/tasks/main.yml
+++ b/ansible/roles/lxc-machine/tasks/main.yml
@@ -1,39 +1,23 @@
-- tags: enable-ipv6
-  file:
-    path: "/etc/sysctl.d/{{ item }}"
-    state: absent
-  notify: restart sysctl
-  with_items:
-    - 99-ipv6.conf
-    - 99-enable-ipv6.conf
-    - 99-disable-ipv6.conf
-
-- name: /etc/hosts
-  copy:
-    dest: /etc/hosts
-    content: |
-      127.0.0.1 localhost
-      127.0.1.1 {{ ansible_ssh_extra_args }}.trygvis.io {{ ansible_ssh_extra_args }}
-
-      # The following lines are desirable for IPv6 capable hosts
-      ::1     localhost ip6-localhost ip6-loopback
-      ff02::1 ip6-allnodes
-      ff02::2 ip6-allrouters
-
 - name: Remove default network setup packages
   apt:
-    name: "{{ item }}"
+    name: "{{ items }}"
     state: absent
     purge: true
-  with_items:
-    - ifupdown
-    - net-tools
-    - iproute2
-    - isc-dhcp-client
+  vars:
+    items:
+      - ifupdown
+      - net-tools
+      - isc-dhcp-client
+
+- name: Remove default network setup packages
+  apt:
+    name: "{{ items }}"
+    install_recommends: no
+  vars:
+    items:
+      - iproute2
 
 - name: system setup
-  tags:
-    - packages
   block:
     - name: misc packages
       apt:
@@ -41,9 +25,3 @@
         install_recommends: no
       with_items:
         - systemd-cron
-        - ca-certificates
-        - unzip
-        - sudo
-        - vim
-        - less
-        - ack
diff --git a/ansible/wireguard.yml b/ansible/wireguard.yml
index f22445d..1377834 100644
--- a/ansible/wireguard.yml
+++ b/ansible/wireguard.yml
@@ -29,5 +29,13 @@
   roles:
     - role: wireguard
       wireguard__name: wireguard-wg-hesland
+      wireguard__state: absent
+
+- hosts:
+    - wireguard_edipost
+  tags: wg-edipost
+  roles:
+    - role: wireguard
+      wireguard__name: wireguard-wg-edipost
   vars:
     wg_net: "{{ hostvars[ansible_hostname][wireguard__name] }}"
-- 
cgit v1.2.3