From edbe2bfb1b4845f853a1634565fbf264d1591628 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Sat, 9 Mar 2019 16:55:02 +0100
Subject: lxc-host: o Correcting ordering of networkd files. packages: o Better
 split of package names. unifi: o importing role from Bitraf. o Configring lxc
 host on birgitte.

---
 ansible/all.yml                                    |  8 ++
 .../birgitte/etc/systemd/network/51-eth0.network   |  5 ++
 ansible/group_vars/all/dovedot-secret.yml          | 94 +++++++++++-----------
 ansible/group_vars/all/host_database.yml           | 26 +++---
 ansible/group_vars/all/packages.yml                | 23 +++---
 ansible/group_vars/workstation/packages.yml        |  1 +
 ansible/host_vars/birgitte/lxc.yml                 |  4 +-
 ansible/host_vars/birgitte/systemd-networkd.yml    |  2 +
 ansible/inventory                                  | 11 ++-
 ansible/roles/borg-client/tasks/borg-client.yml    |  4 +-
 ansible/roles/lxc-host/defaults/main.yml           |  1 +
 ansible/roles/lxc-host/tasks/networkd.yml          | 65 +++++++++------
 ansible/roles/lxc-host/tasks/per-host.yml          |  5 +-
 ansible/roles/systemd-networkd/handlers/main.yml   |  4 +
 ansible/roles/systemd-networkd/tasks/main.yml      |  9 +++
 ansible/roles/unifi/handlers/main.yml              |  3 +
 ansible/roles/unifi/tasks/main.yml                 | 23 ++++++
 ansible/unifi.yml                                  |  6 ++
 18 files changed, 196 insertions(+), 98 deletions(-)
 create mode 100644 ansible/files/birgitte/etc/systemd/network/51-eth0.network
 create mode 100644 ansible/group_vars/workstation/packages.yml
 create mode 100644 ansible/host_vars/birgitte/systemd-networkd.yml
 create mode 100644 ansible/roles/systemd-networkd/handlers/main.yml
 create mode 100644 ansible/roles/systemd-networkd/tasks/main.yml
 create mode 100644 ansible/roles/unifi/handlers/main.yml
 create mode 100644 ansible/roles/unifi/tasks/main.yml
 create mode 100644 ansible/unifi.yml

(limited to 'ansible')

diff --git a/ansible/all.yml b/ansible/all.yml
index 285777d..fdb8116 100644
--- a/ansible/all.yml
+++ b/ansible/all.yml
@@ -41,6 +41,14 @@
   roles:
     - linode-dns-update
 
+- hosts:
+    - birgitte
+  roles:
+    - role: systemd-networkd
+      tags: systemd-networkd
+      become: yes
+
 - import_playbook: nftables.yml
 - import_playbook: lxc-host.yml
 - import_playbook: wireguard.yml
+- import_playbook: unifi.yml
diff --git a/ansible/files/birgitte/etc/systemd/network/51-eth0.network b/ansible/files/birgitte/etc/systemd/network/51-eth0.network
new file mode 100644
index 0000000..82831c5
--- /dev/null
+++ b/ansible/files/birgitte/etc/systemd/network/51-eth0.network
@@ -0,0 +1,5 @@
+[Match]
+Name=eth0
+
+[Network]
+Bridge=lxc0-br
diff --git a/ansible/group_vars/all/dovedot-secret.yml b/ansible/group_vars/all/dovedot-secret.yml
index a292db2..cfc7d67 100644
--- a/ansible/group_vars/all/dovedot-secret.yml
+++ b/ansible/group_vars/all/dovedot-secret.yml
@@ -1,46 +1,50 @@
 $ANSIBLE_VAULT;1.1;AES256
-61366462663635313965363536313765323563373632623265373963396365313734663530313662
-3263323361626164343537393965313730626233623938380a656431393865653930646264353030
-35626530363765613639666531303664663962343139363339323264393737346236373331343539
-3236313561636437350a333330383766653866333636616434396565383637346435363263383465
-63346262343037333539623665303830343636636663613861356662623030613231303630313536
-36656266366239383961616462623661616164653664356634376661316261333835386466623165
-63326135356266616263313834366464343136376635373530633062353632363836386336393765
-38663662653731363463616163333238303565633136313665343965366630386433633330663431
-30303530636138636631623063663565376531653863326132376537366337336631346139613633
-32646230633738303536333939653838613038396666643937376632366165363666643333646162
-32306338393838633366396437326233316439316434333132303361306232313264333464623934
-34353863363335393961383538663936373338366661326332336164363461633232366536633037
-31383164323136393061376262343531313236373562313363626432653063643862643636623737
-39663064386538353234303832316565636532393864323430313164343435363835623264613736
-38383663626233656436346566383561656531353136346365623633636131333336393531306233
-63323062356332613465326365383032633265356164336138366163323739623764623736383131
-34373337666534363361376233613635623637353530663036383933336631643931333561636363
-32323461646163353731383631656431653362326266396434643235356464613361313165323032
-61396161353565336330353731336532616139306338393930343263393063306338366135323130
-62626564356436653538623666656562353132393237373665306134363834316661303862636232
-33663031306133663664626266343263326265663764356364643864323136636436333137316437
-37383935613238326264383935313837636237313566313465383533623339336463396637323035
-35653136343839303532313061323736386166353034376364656661613632393132363733626464
-62373533636137643234613332383339393364393436343331313131313331363837666561316463
-64626239646335336562323639626438643463646365643261663561643532306161393636633963
-62373463393337316533363731353934303931636535333461613965663030386532636262333863
-35653739393934313238623938633662303465636338316431306533636461356638613237373736
-62306462616161373465643131343466306236666139313430663239653130346563663464353037
-31663636306239343437333930633966396134643137336264376164666631393061613136323462
-39313531353063346564626232373066333632656235646530346536383332386132316230346262
-36656465613133343534653131323964363934343065656263376139656339383661393734393866
-38343763353931363635666633633463313736323837356337626161396465633834313366616634
-36623965323135346537343230353266383234316364656135383330613931653834623561353031
-65623639326361316336396133393363383531366533336135323930333930643435613137383163
-66393361663966646439366565373633323261313635633535633933323431666638383163633439
-33656533346264653138346165323636353439383233323033316435303432353234353233303737
-32636162633232613163663133343031336138616638343338396664346230643437376239303532
-61343634343563306132353062663938616562386666353136333332366165363966633134303130
-62396132393636303934373639393131316634643735653664653263633938313832336635353239
-31613262373130633061333034343138376332613437316335373132663235353931376137636237
-37616531306666313830646634383830663531333536366237313063616132313736346534383864
-39613032336465313465326635656530643334303464663565613738656338646263366231396135
-66663930633663643766653063366134363038303465306234353536326262666133623066623338
-62633038343631343862386263313138663764666539613236333532663862303463623439396565
-3138
+64316434326234323763336434613235336131316361366636623836343836633966643634386166
+3637633830663333633863313633346538663435633038310a393866336431653132386531633332
+36303131643661666461663166356666363737613763356431303238613134363432626262366163
+3030386666383232620a346263356161303938386136313964336262663530323139633133373366
+65373231613863663833373733666466373866346132643334376239303134656230656461663033
+65346530376434373439386539333239333261613038623231356563353130333430613431396237
+35303634346330343533383530303831396662653438333965383433323565363938323533373833
+63343432323833373533653838363661643063333862323463333066616362303764306632613866
+31656262323464663761626664343937346338306138396637653066313532633136373066616535
+62633063633465373331633134393562393464656231343966653036303033373636393361396566
+38636263663063366131393836336632363134666338303233356131373965633637343265623238
+34613361313233623636626637633131653033646139346632653965663830326431303630626334
+34303134363261353831383530366637653563383966336333643331353766666332633762373733
+32616461393036313062323732333030646636343230373662383837626635323266353638643365
+62336236656438303839343538356462626135396232363836623531383866326234303238333636
+65656337366165353933626334626135613530366336363763323034643037616530626162373337
+39376134323732613061616166333832386432646232643536666438393065316662396566343062
+31343462353035666534353731353138663362363530636362393137363831623761623338343838
+66623334336436613035393762386536333131373935383931616637663330363038303364373166
+30633362303865396439323966333538653262633639336562633137393433393339323865616163
+64313139316238353535346133333265663536353766643038633335346632396435663239663639
+31333163616131366537336537623864323564333932386635366333336433626335656530616131
+32643264313832303734656336656365356133383836653437363964663032303861373264313430
+63333934323661323933393834623962336236323634396263386133666530363137636564396631
+31343666376565383366363161613838306664383765333563366465336563623837643837316335
+65633866626265353430383131353634323463343166386637323665326661666335663031633766
+34353264373735306631633338383734663866353962643130643735386536633962623930393739
+37316138396131656664626563373366356636366134336535343734356236633534316137633131
+30396337356466383034646564313431386438653165653230356337323039616630353262313939
+34396237393835663835303436386235663465626237666466376563613639636361393632386231
+64363134363866363964393330306330656537393839656163373164633031653537303030363364
+32396530326161396461613437333334643365626334343331356635373236653262303436303461
+31313431373432306364313335636535376132636633333334396135313136643035313831303931
+62666330373165326165346234393130383437646666363334316435383864366534356339383638
+64323338303763393536376636303930663232373331613962346135346437313862366437613836
+36623734386161656535646334653539346365633265383939643462653035646435333737326665
+37313465343663666165326639323835666461643565393030373261663530356162316231386332
+34613561396436626664336664363066663665316434323339393865626563653538336363336634
+64646237396566373238333663366535353730346338343562316330346134376234616334636435
+62653134333735656339623361626335613534336465356430306330353839303136623632643866
+30333631393765613836313737663535393131366534373532616164363665623335343561313935
+38333937663336643464396432646635323834616230653861383864643231346462366531356633
+33626565666463623466363861666632386166613332633761613930353933376261646233353639
+35333734303237353131653063643835633733623833383939623134323464653334636438646439
+64343261386330653538623635353163663762316436336239373038626230316466616364666565
+36663963626138633832623738616332333737623063316663313964376638333663643538323131
+35663231333263326538376136656266666535633566643063616139383138323864303163663164
+34336534646265313061663534373563383835373032393635383136373239643936326331363263
+3362
diff --git a/ansible/group_vars/all/host_database.yml b/ansible/group_vars/all/host_database.yml
index c7bce07..654ef18 100644
--- a/ansible/group_vars/all/host_database.yml
+++ b/ansible/group_vars/all/host_database.yml
@@ -14,16 +14,10 @@ ipv6_networks:
 host_database:
   birgitte:
     interfaces:
-      wlx00e01d0808b2:
-        role: wan
-        ipv4:
-          address: 192.168.10.3
-          netmask: 24
-          gateway: 192.168.10.1
-      int0:
+      lxc0-int:
         role: lan
         ipv4:
-          address: 192.168.90.100
+          address: 192.168.10.3
           netmask: 24
         ipv6:
           address: cafe::1
@@ -32,13 +26,21 @@ host_database:
   # Birgitte
   nextcloud:
     interfaces:
-      eth0:
-        role: lan
+      veth0:
         hwaddr: 0e:18:a7:03:50:54
         ipv4:
-          address: 192.168.90.101
+          address: 192.168.10.201
           netmask: 24
-          gateway: 192.168.90.100
+          gateway: 192.168.10.1
+
+  unifi:
+    interfaces:
+      veth0:
+        hwaddr: cc:b8:a7:d0:72:50
+        ipv4:
+          address: 192.168.10.202
+          netmask: 24
+          gateway: 192.168.10.1
 
   conflatorio:
     interfaces:
diff --git a/ansible/group_vars/all/packages.yml b/ansible/group_vars/all/packages.yml
index a418203..15bc8f9 100644
--- a/ansible/group_vars/all/packages.yml
+++ b/ansible/group_vars/all/packages.yml
@@ -1,12 +1,13 @@
-packages_packages: "{{ packages__unix }} + {{ packages__misc }} + {{ packages__dev }} + {{ packages__electronics }} + []"
+packages_packages: "{{ packages__unix_server }} + []"
 
-packages__unix:
-  - ack
+packages_physical_machine:
+  - firmware-linux
+
+packages__unix_server:
   - ca-certificates
   - curl
   - dnsutils
   - dos2unix
-  - firmware-linux
   - gawk
   - graphviz
   - htop
@@ -27,19 +28,24 @@ packages__unix:
   - strace
   - sudo
   - sysstat
-  - task-norwegian
   - tcpdump
   - tmux
   - tree
   - tshark
-  - ttf-mscorefonts-installer
   - unzip
   - vim
   - vim-editorconfig
   - vim-nox
   - vim-pathogen
-  - virtualenv
   - whois
+  - zip
+  - apt-transport-https
+
+packages__unix_workstation:
+  - ack
+  - task-norwegian
+  - ttf-mscorefonts-installer
+  - virtualenv
   - wine
   - wireshark-gtk
 
@@ -61,9 +67,6 @@ packages__dev:
   - valgrind
   - devscripts
 
-packages__misc:
-  - zip
-
 packages__electronics:
   - arduino
   - arduino-mk
diff --git a/ansible/group_vars/workstation/packages.yml b/ansible/group_vars/workstation/packages.yml
new file mode 100644
index 0000000..d6c1d8b
--- /dev/null
+++ b/ansible/group_vars/workstation/packages.yml
@@ -0,0 +1 @@
+packages_packages: "{{ packages__unix_server }} + {{ packages__unix_workstation }} + {{ packages__misc }} + {{ packages__dev }} + {{ packages__electronics }} + []"
diff --git a/ansible/host_vars/birgitte/lxc.yml b/ansible/host_vars/birgitte/lxc.yml
index a57d6e6..0b313c3 100644
--- a/ansible/host_vars/birgitte/lxc.yml
+++ b/ansible/host_vars/birgitte/lxc.yml
@@ -1,5 +1,5 @@
 lxc_host__containers:
   nextcloud:
     state: started
-
-lxc_host__internal_if: int0
+  unifi:
+    state: started
diff --git a/ansible/host_vars/birgitte/systemd-networkd.yml b/ansible/host_vars/birgitte/systemd-networkd.yml
new file mode 100644
index 0000000..f405675
--- /dev/null
+++ b/ansible/host_vars/birgitte/systemd-networkd.yml
@@ -0,0 +1,2 @@
+systemd_networkd__files:
+ - "birgitte/etc/systemd/network/51-eth0.network"
diff --git a/ansible/inventory b/ansible/inventory
index e22f279..f9bf9a2 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -16,11 +16,17 @@ all:
       ansible_host: malabaricus.trygvis.io
     conflatorio:
       ansible_host: conflatorio.trygvis.io
-    nextcloud:
-      ansible_host: 192.168.90.101
     akili:
       ansible_host: akili.local
+    nextcloud:
+      ansible_host: 192.168.10.201
+    unifi:
+      ansible_host: 192.168.10.202
   children:
+    workstation:
+      children:
+        desktops:
+        laptops:
     desktops:
       hosts:
         birgitte:
@@ -60,6 +66,7 @@ all:
     debian_stretch:
       hosts:
         malabaricus:
+        unifi:
       vars:
         packages__version: stretch
 
diff --git a/ansible/roles/borg-client/tasks/borg-client.yml b/ansible/roles/borg-client/tasks/borg-client.yml
index 4ddad49..92aba57 100644
--- a/ansible/roles/borg-client/tasks/borg-client.yml
+++ b/ansible/roles/borg-client/tasks/borg-client.yml
@@ -78,8 +78,8 @@
     content: |
       [Unit]
       Description=Create backup
-      After=network-online.target
-      Wants=network-online.target
+      # After=network-online.target
+      # Wants=network-online.target
 
       [Service]
       Type=oneshot
diff --git a/ansible/roles/lxc-host/defaults/main.yml b/ansible/roles/lxc-host/defaults/main.yml
index cf747f3..46e58e2 100644
--- a/ansible/roles/lxc-host/defaults/main.yml
+++ b/ansible/roles/lxc-host/defaults/main.yml
@@ -1,3 +1,4 @@
+lxc_host__state: present
 lxc_host__backing_store: dir
 lxc_host__br_if: lxc0-br
 lxc_host__internal_if: lxc0-int
diff --git a/ansible/roles/lxc-host/tasks/networkd.yml b/ansible/roles/lxc-host/tasks/networkd.yml
index 526fc29..39d8a69 100644
--- a/ansible/roles/lxc-host/tasks/networkd.yml
+++ b/ansible/roles/lxc-host/tasks/networkd.yml
@@ -15,58 +15,75 @@
         name: systemd-networkd
         enabled: yes
         state: started
+      when: lxc_host__state == "present"
 
-    - name: "{{ file_prefix }}-1-{{ lxc_host__internal_if }}.netdev"
+    - loop:
+        - "{{ file_prefix }}-1-{{ br_if }}.netdev"
+        - "{{ file_prefix }}-2-{{ br_if }}.network"
+        - "{{ file_prefix }}-3-{{ lxc_host__internal_if }}.netdev"
+        - "{{ file_prefix }}-4-{{ lxc_host__internal_if }}.network"
+      when: lxc_host__state == "absent"
       notify: systemctl restart systemd-networkd
+      file:
+        path: "{{ item }}"
+        state: absent
+
+    - name: "{{ file_prefix }}-1-{{ br_if }}.netdev"
+      notify: systemctl restart systemd-networkd
+      when: lxc_host__state == "present"
       copy:
-        dest: "{{ file_prefix }}-1-{{ lxc_host__internal_if }}.netdev"
+        dest: "{{ file_prefix }}-1-{{ br_if }}.netdev"
         content: |
           [NetDev]
-          Name={{ lxc_host__internal_if }}
-          Kind=dummy
+          Name={{ br_if }}
+          Kind=bridge
 
-    - name: "{{ file_prefix }}-2-{{ lxc_host__internal_if }}.network"
+    - name: "{{ file_prefix }}-2-{{ br_if }}.network"
       notify: systemctl restart systemd-networkd
+      when: lxc_host__state == "present"
       copy:
-        dest: "{{ file_prefix }}-2-{{ lxc_host__internal_if }}.network"
+        dest: "{{ file_prefix }}-2-{{ br_if }}.network"
         content: |
           [Match]
-          Name={{ lxc_host__internal_if }}
+          Name={{ br_if }}
 
           [Network]
-          Bridge={{ br_if }}
+          {% if internal_if.ipv4 is defined %}
+          Address={{ internal_if.ipv4.address }}/{{ internal_if.ipv4.netmask }}
+          {% endif %}
+          {% if internal_if.ipv6 is defined %}
+          Address={{ internal_if.ipv6.address }}/{{ internal_if.ipv6.netmask }}
+          {% endif %}
 
-    - name: "{{ file_prefix }}-3-{{ br_if }}.netdev"
+    - name: "{{ file_prefix }}-3-{{ lxc_host__internal_if }}.netdev"
       notify: systemctl restart systemd-networkd
+      when: lxc_host__state == "present"
       copy:
-        dest: "{{ file_prefix }}-3-{{ br_if }}.netdev"
+        dest: "{{ file_prefix }}-3-{{ lxc_host__internal_if }}.netdev"
         content: |
           [NetDev]
-          Name={{ br_if }}
-          Kind=bridge
+          Name={{ lxc_host__internal_if }}
+          Kind=dummy
 
-    - name: "{{ file_prefix }}-4-{{ br_if }}.network"
+    - name: "{{ file_prefix }}-4-{{ lxc_host__internal_if }}.network"
       notify: systemctl restart systemd-networkd
+      when: lxc_host__state == "present"
       copy:
-        dest: "{{ file_prefix }}-4-{{ br_if }}.network"
+        dest: "{{ file_prefix }}-4-{{ lxc_host__internal_if }}.network"
         content: |
           [Match]
-          Name={{ br_if }}
+          Name={{ lxc_host__internal_if }}
 
           [Network]
-          {% if internal_if.ipv4 is defined %}
-          Address={{ internal_if.ipv4.address }}/{{ internal_if.ipv4.netmask }}
-          {% endif %}
-          {% if internal_if.ipv6 is defined %}
-          Address={{ internal_if.ipv6.address }}/{{ internal_if.ipv6.netmask }}
-          {% endif %}
+          Bridge={{ br_if }}
 
     - meta: flush_handlers
 
     - name: Configure sysctl, enable ipv4 and ipv6 forwarding for {{ br_if }}
-      sysctl:
-        name: "{{ item }}"
-        value: 1
       with_items:
         - net.ipv4.conf.{{ br_if }}.forwarding
         - net.ipv6.conf.{{ br_if }}.forwarding
+      sysctl:
+        name: "{{ item }}"
+        value: 1
+        state: "{{ lxc_host__state }}"
diff --git a/ansible/roles/lxc-host/tasks/per-host.yml b/ansible/roles/lxc-host/tasks/per-host.yml
index ca33685..0acd1b5 100644
--- a/ansible/roles/lxc-host/tasks/per-host.yml
+++ b/ansible/roles/lxc-host/tasks/per-host.yml
@@ -2,6 +2,9 @@
     msg: "LXC HOST: {{ name }}"
   tags: lxc-host
 
+- debug:
+    var: lan
+
 - when: new
   tags: lxc-host
   become: yes
@@ -59,10 +62,10 @@
           {% endif %}
           {% if lan.ipv6 is defined %}
           lxc.net.0.ipv6.address = {{ lan.ipv6.address }}/{{ lan.ipv6.netmask }}
-          {% endif %}
           {% if lan.ipv6.gateway is defined %}
           lxc.net.0.ipv6.gateway = {{ lan.ipv6.gateway }}
           {% endif %}
+          {% endif %}
 
           # 0 = trace, 1 = debug, 2 = info, 3 = notice, 4 = warn, 5 = error, 6 = critical, 7 = alert, and 8 = fatal.
           lxc.log.level = 1
diff --git a/ansible/roles/systemd-networkd/handlers/main.yml b/ansible/roles/systemd-networkd/handlers/main.yml
new file mode 100644
index 0000000..9656da4
--- /dev/null
+++ b/ansible/roles/systemd-networkd/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart
+  systemd:
+    name: systemd-networkd
+    state: restarted
diff --git a/ansible/roles/systemd-networkd/tasks/main.yml b/ansible/roles/systemd-networkd/tasks/main.yml
new file mode 100644
index 0000000..13c167b
--- /dev/null
+++ b/ansible/roles/systemd-networkd/tasks/main.yml
@@ -0,0 +1,9 @@
+- systemd:
+    name: systemd-networkd
+    state: started
+    enabled: yes
+- loop: "{{ systemd_networkd__files | default([]) }}"
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/systemd/network/{{ item | basename }}"
+  notify: restart
diff --git a/ansible/roles/unifi/handlers/main.yml b/ansible/roles/unifi/handlers/main.yml
new file mode 100644
index 0000000..ce78323
--- /dev/null
+++ b/ansible/roles/unifi/handlers/main.yml
@@ -0,0 +1,3 @@
+- name: update apt cache
+  apt:
+    update_cache: yes
diff --git a/ansible/roles/unifi/tasks/main.yml b/ansible/roles/unifi/tasks/main.yml
new file mode 100644
index 0000000..11c4c00
--- /dev/null
+++ b/ansible/roles/unifi/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: Ubiquiti APT key
+  notify: update apt cache
+  apt_key:
+    id: 06E85760C0A52C50
+    keyserver: keyserver.ubuntu.com
+
+- name: Ubiquiti APT repository
+  notify: update apt cache
+  copy:
+    dest: /etc/apt/sources.list.d/unifi.list
+    content: 'deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti'
+
+- meta: flush_handlers
+
+- name: packages
+  apt:
+    name: "{{ items }}"
+    install_recommends: no
+  vars:
+    items:
+      - openjdk-8-jre
+      - unifi
diff --git a/ansible/unifi.yml b/ansible/unifi.yml
new file mode 100644
index 0000000..d417a2a
--- /dev/null
+++ b/ansible/unifi.yml
@@ -0,0 +1,6 @@
+- hosts:
+    - unifi
+  roles:
+    - role: unifi
+      tags: unifi
+      become: yes
-- 
cgit v1.2.3