Add 'cloudbox' configuration.

2018-05-31 18:32:53 +03:00 · 2018-05-31 18:32:53 +03:00 · b1af7d31ec
commit b1af7d31ec
parent d203da49c2
16 changed files with 200 additions and 0 deletions
--- a/cloudbox.yml
+++ b/cloudbox.yml
@ -0,0 +1,35 @@
 ---
 # This playbook deploys the cloudbox on a minimal installation.
 - name: apply configuration to the cloudbox
  hosts: cloudboxes
  remote_user: ansible
  become: yes
  vars:
    if_lan: "enp1s0"
    ipaddr: "192.168.2.50/24"
    gateway: "192.168.2.1"
    DNS: "192.168.2.1"
    #ddns_domain: "something.ddnss.de"
    ddns_domain: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          30653335326332666539326461623064383432653133383832313065386231663366383862393961
          3339356432643139653939323832633839626631396431340a623438333335333765383035666133
          34313631663938386432326665313331383865616361633465336333613534626262633864613133
          3934376631343736380a353337303937656638633035666331646563326562363130633534376335
          6636
    #ddns_updkey: "138638.some.key.here.635620"
    ddns_updkey: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          35333062366532643235343839313962393038313631663239336138393566643433326535313132
          3761303730653339616333623534343131333838303036310a343634623739623663623566336233
          37666466356363646464323335643261346563643564333631626432323963396136643039336531
          3662653436373564310a663061613032343332373031613831343365643039313034353636613938
          31663437393564656334663336633234666237386662323661623266396166616235306531333861
          3831656434613434333337376262396631363336643766323932
  roles:
    - up2date-debian
    - systemd-networkd
    - web-server
    - ddns-update
    - low-power
--- a/roles/ddns-update/files/ddns-update
+++ b/roles/ddns-update/files/ddns-update
@ -0,0 +1,30 @@
 #!/bin/bash
 set -eu
 . /etc/ddns-update/ddns-update.conf
 DDHOST="https://www.ddnss.de/upd.php"
 if ! DNSRESULT="$(host $DDNSNAME)" ; then
    echo "Could not resolve IP address for '$DDNSNAME', no update."
    exit 0
 fi
 DNSIP4="$(echo \\"$DNSRESULT\\" | grep -m 1 -oE '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$' || true )"
 DNSIP6="$(echo \\"$DNSRESULT\\" | grep -m 1 -oE '[0-9a-f]{1,4}:.+:[0-9a-f]{1,4}' || true )"
 REALIP4="$(wget -q -O - https://ip4.ddnss.de/meineip.php | \
               grep -m 1 -oE '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' || true )"
 REALIP6="$(wget -q -O - https://ip6.ddnss.de/meineip.php | \
                grep -m 1 -oE '[0-9a-f]{1,4}:.+:[0-9a-f]{1,4}' || true )"
 echo "Current DNS: IPv4=$DNSIP4, IPv6=$DNSIP6."
 echo "Detected:    IPv4=$REALIP4, IPv6=$REALIP6."
 if [ "$REALIP4" == "$DNSIP4" -a "$REALIP6" == "$DNSIP6" ] ; then
    echo "IP address unchanged, no update."
 else
    echo "IP address changed: $DNSIP4 → ${REALIP4}, $DNSIP6 → ${REALIP6}, updating ddns."
    wget -q -O - $DDHOST'?key='$KEYAUTH'&host='$DDNSNAME'&ip='$REALIP4'&ip6='$REALIP6 \
        | grep -oE "Updated .+ hostname." || echo "Update not confirmed, it might have failed."
 fi
--- a/roles/ddns-update/files/ddns-update.service
+++ b/roles/ddns-update/files/ddns-update.service
@ -0,0 +1,6 @@
 [Unit]
 Description=Update ddns
 [Service]
 Type=oneshot
 ExecStart=/usr/local/bin/ddns-update
--- a/roles/ddns-update/files/ddns-update.timer
+++ b/roles/ddns-update/files/ddns-update.timer
@ -0,0 +1,11 @@
 [Unit]
 Description=Update ddns IP-address
 [Timer]
 OnBootSec=0
 OnUnitActiveSec=15min
 AccuracySec=3min
 [Install]
 WantedBy=timers.target
--- a/roles/ddns-update/handlers/main.yml
+++ b/roles/ddns-update/handlers/main.yml
@ -0,0 +1,7 @@
 - name: enable ddns-update timer
  systemd:
    name: ddns-update.timer
    state: restarted
    daemon_reload: yes
    enabled: yes
  listen: "enable ddns-update timer"
--- a/roles/ddns-update/tasks/main.yml
+++ b/roles/ddns-update/tasks/main.yml
@ -0,0 +1,24 @@
 - name: make sure /etc/ddns-update/ exists
  file: path=/etc/ddns-update/ state=directory recurse=yes
 - name: install ddns-update config
  template:
    src: ddns-update.conf.j2
    dest: /etc/ddns-update/ddns-update.conf
 - name: install ddns-update script
  copy:
    src: ddns-update
    dest: /usr/local/bin/ddns-update
    mode: 0755
 - name: install ddns-update.service
  copy:
    src: ddns-update.service
    dest: /etc/systemd/system/ddns-update.service
 - name: install ddns-update.timer
  copy:
    src: ddns-update.timer
    dest: /etc/systemd/system/ddns-update.timer
  notify: enable ddns-update timer
--- a/roles/ddns-update/templates/ddns-update.conf.j2
+++ b/roles/ddns-update/templates/ddns-update.conf.j2
@ -0,0 +1,2 @@
 DDNSNAME="{{ ddns_domain }}"
 KEYAUTH="{{ ddns_updkey }}"
--- a/roles/low-power/files/powertop.service
+++ b/roles/low-power/files/powertop.service
@ -0,0 +1,6 @@
 [Unit]
 Description=Run powertop --auto-tune
 [Service]
 Type=oneshot
 ExecStart=/usr/sbin/powertop --auto-tune
--- a/roles/low-power/files/powertop.timer
+++ b/roles/low-power/files/powertop.timer
@ -0,0 +1,9 @@
 [Unit]
 Description=Run powertop --auto-tune after boot
 [Timer]
 OnBootSec=1min
 AccuracySec=1min
 [Install]
 WantedBy=timers.target
--- a/roles/low-power/handlers/main.yml
+++ b/roles/low-power/handlers/main.yml
@ -0,0 +1,5 @@
 - name: enable powertop timer
  systemd:
    name: powertop.timer
    enabled: yes
  listen: "enable powertop timer"
--- a/roles/low-power/tasks/main.yml
+++ b/roles/low-power/tasks/main.yml
@ -0,0 +1,15 @@
 - name: install some packages
  apt: name={{ item }} state=latest
  with_items:
    - powertop
 - name: install powertop.service
  copy:
    src: powertop.service
    dest: /etc/systemd/system/powertop.service
 - name: install powertop.timer
  copy:
    src: powertop.timer
    dest: /etc/systemd/system/powertop.timer
  notify: enable powertop timer
--- a/roles/systemd-networkd/files/10-dhcp.network
+++ b/roles/systemd-networkd/files/10-dhcp.network
@ -0,0 +1,5 @@
 [Match]
 Name=en*
 [Network]
 DHCP=yes
--- a/roles/systemd-networkd/handlers/main.yml
+++ b/roles/systemd-networkd/handlers/main.yml
@ -0,0 +1,13 @@
 - name: enable systemd-networkd
  systemd:
    name: systemd-networkd
    enabled: yes
    daemon_reload: yes
  listen: "enable systemd-networkd"
 - name: enable systemd-resolved
  systemd:
    name: systemd-resolved
    enabled: yes
    daemon_reload: yes
  listen: "enable systemd-resolved"
--- a/roles/systemd-networkd/tasks/main.yml
+++ b/roles/systemd-networkd/tasks/main.yml
@ -0,0 +1,19 @@
 - name: install dynamic configuration for networkd
  copy:
    src: 10-dhcp.network
    dest: /etc/systemd/network/10-dhcp.network
  notify: "enable systemd-networkd"
 #- name: install static configuration for networkd
 #  template:
 #    src: 20-static.network.j2
 #    dest: /etc/systemd/network/20-static.network
 #  notify: "enable systemd-networkd"
 - name: prepare systemd-resolved
  file:
    src: /run/systemd/resolve/resolv.conf
    dest: /etc/resolv.conf
    state: link
    force: yes
  notify: "enable systemd-resolved"
--- a/roles/systemd-networkd/templates/20-static.network.j2
+++ b/roles/systemd-networkd/templates/20-static.network.j2
@ -0,0 +1,7 @@
 [Match]
 Name={{ if_lan }}
 [Network]
 Address={{ ipaddr }}
 Gateway={{ gateway }}
 DNS={{ DNS }}
--- a/roles/web-server/tasks/main.yml
+++ b/roles/web-server/tasks/main.yml
@ -0,0 +1,6 @@
 - name: install some packages
  apt: name={{ item }} state=latest
  with_items:
    - unattended-upgrades
    - screen
    - python-certbot-apache
		`@ -0,0 +1,2 @@`
							`DDNSNAME="{{ ddns_domain }}"`
							`KEYAUTH="{{ ddns_updkey }}"`