From e37f9fa03ddb02f0b06136c4adced33d9facbc2e Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andi@debian.org>
Date: Mon, 4 Jun 2018 18:00:25 +0300
Subject: [PATCH] Update/fix 'installbox' configuration.

---
 installbox.yml                                | 16 +++++++---
 roles/dhcp-dns-dnsmasq/tasks/main.yml         |  2 +-
 roles/preseed-installer/tasks/main.yml        | 32 +++++++++++++------
 .../tftp-netboot-installer/handlers/main.yml  |  5 ++-
 roles/tftp-netboot-installer/tasks/main.yml   | 17 ++++++++--
 .../dnsmasq-tftp-netboot-installer.j2         |  4 +--
 roles/two-interface-shorewall/tasks/main.yml  |  6 ----
 7 files changed, 55 insertions(+), 27 deletions(-)

diff --git a/installbox.yml b/installbox.yml
index 7f4e9cc..46f4466 100644
--- a/installbox.yml
+++ b/installbox.yml
@@ -2,18 +2,24 @@
 # This playbook deploys the installbox on a minimal installation.
 
 - name: apply configuration to the installbox
-  hosts: installboxes
+  hosts: all
   remote_user: ansible
   become: yes
   vars:
-    hostname: installbox
-    di_dist: "stretch"
-    if_lan: "ens8"
+    if_lan: ""           #  ← interface name here, like:  ens3 or enp2s0"
     if_wan: "{{ ansible_default_ipv4.interface }}"
+    hostname: "{{ ansible_hostname }}"
     ipaddr_lan: 192.168.0.10
     dhcp_range: 192.168.0.50,192.168.0.150,2h
     tftp_root: "/var/lib/tftpboot"
-    deb_mirror: "ftp-stud.hs-esslingen.de"
+    deb_mirror: "ftp.debian.org"
+    di_dist: "stretch"
+
+  pre_tasks:
+    - name: validate if interface is available
+      fail:
+        msg: "Interface {{ if_lan }} does not exist or is already used."
+      when: if_lan not in ansible_interfaces or if_lan == if_wan
 
   roles:
     - up2date-debian
diff --git a/roles/dhcp-dns-dnsmasq/tasks/main.yml b/roles/dhcp-dns-dnsmasq/tasks/main.yml
index 840a4d7..c254a79 100644
--- a/roles/dhcp-dns-dnsmasq/tasks/main.yml
+++ b/roles/dhcp-dns-dnsmasq/tasks/main.yml
@@ -1,4 +1,4 @@
-- name: install dns-firewall packages
+- name: install dnsmasq package
   apt:
     name: dnsmasq
     state: latest
diff --git a/roles/preseed-installer/tasks/main.yml b/roles/preseed-installer/tasks/main.yml
index 326b857..3403f1a 100644
--- a/roles/preseed-installer/tasks/main.yml
+++ b/roles/preseed-installer/tasks/main.yml
@@ -4,24 +4,36 @@
     state: directory
 
 - name: provide preseed file
-  template:
-    src: preseed.cfg
+  copy:
+    src: /usr/share/doc/di-netboot-assistant/examples/preseed.cfg
     dest: "{{ tftp_root }}/d-i/{{ di_dist }}"
+    force: no
 
-- name: make installbox resolvable in /etc/hosts from LAN
+- name: make the hostname resolvable from the LAN
   replace:
     dest: /etc/hosts
-    regexp: '(127.0.1.1\s+)installbox'
-    replace: '\1localhost\n{{ ipaddr_lan }}	installbox'
+    regexp: '(127.0.1.1\s+){{ hostname }}'
+    replace: '\1localhost\n{{ ipaddr_lan }}	{{ hostname }}'
 
-- name: add auto boot entry to di-netboot-assistant
+- name: add auto pxe boot entry to di-netboot-assistant
   blockinfile:
     dest: /etc/di-netboot-assistant/pxelinux.HEAD
     insertbefore: EOF
     block: |
-      LABEL quick
-      MENU LABEL Debian Installer ({{ di_dist }} ; amd64 + Preseed)
-      kernel ::/di-netboot-pkg/images/9/amd64/text/debian-installer/amd64/linux
-      append initrd=::/di-netboot-pkg/images/9/amd64/text/debian-installer/amd64/initrd.gz auto=true priority=critical url=tftp://installbox
       TIMEOUT 100
+      LABEL autoinstall
+         MENU LABEL Debian {{ di_dist }} (amd64) + preseed
+         kernel ::/d-i/n-pkg/images/9/amd64/text/debian-installer/amd64/linux
+         append initrd=::/d-i/n-pkg/images/9/amd64/text/debian-installer/amd64/initrd.gz --- auto=true priority=critical url=tftp://{{ hostname }}
+  notify: "rebuild di-netboot-assistant menu"
+
+- name: add auto efi boot entry to di-netboot-assistant
+  blockinfile:
+    dest: /etc/di-netboot-assistant/grub.cfg.HEAD
+    insertbefore: EOF
+    block: |
+      menuentry 'Debian stable (amd64) + preseed' {
+         linux   /d-i/n-pkg/images/9/amd64/text/debian-installer/amd64/linux --- auto=true priority=critical url=tftp://{{ hostname }}
+         initrd  /d-i/n-pkg/images/9/amd64/text/debian-installer/amd64/initrd.gz
+      }
   notify: "rebuild di-netboot-assistant menu"
diff --git a/roles/tftp-netboot-installer/handlers/main.yml b/roles/tftp-netboot-installer/handlers/main.yml
index 9aee0b2..4cc836c 100644
--- a/roles/tftp-netboot-installer/handlers/main.yml
+++ b/roles/tftp-netboot-installer/handlers/main.yml
@@ -1,3 +1,6 @@
 - name: rebuild di-netboot-assistant menu
-  command: di-netboot-assistant rebuild-menu
+  command: "{{ item }}"
+  with_items:
+    - di-netboot-assistant rebuild-menu
+    - di-netboot-assistant rebuild-grub
   listen: rebuild di-netboot-assistant menu
diff --git a/roles/tftp-netboot-installer/tasks/main.yml b/roles/tftp-netboot-installer/tasks/main.yml
index cb71006..aac8c29 100644
--- a/roles/tftp-netboot-installer/tasks/main.yml
+++ b/roles/tftp-netboot-installer/tasks/main.yml
@@ -1,12 +1,23 @@
-- name: install tftp-netboot-installer packages
+- name: add stretch-backports
+  apt_repository:
+    repo: deb http://deb.debian.org/debian/ stretch-backports main
+    state: present
+
+- name: install di-netboot-assistant from backports
   apt:
     name:
       - di-netboot-assistant
+    default_release: stretch-backports
+    update_cache: yes
+
+- name: add installer package
+  apt:
+    name:
       - debian-installer-9-netboot-amd64
 
 - name: bind mount images
   mount:
-    name: "{{ tftp_root }}/di-netboot-pkg/"
+    path: "{{ tftp_root }}/d-i/n-pkg/"
     src: /usr/lib/debian-installer/
     fstype: none
     opts: bind
@@ -14,6 +25,8 @@
     state: present
   register: fstab
 
+- file: path="{{ tftp_root }}/d-i/n-pkg/" state=directory recurse=yes
+
 - name: Reload fstab
   command: mount -a
   when: fstab.changed
diff --git a/roles/tftp-netboot-installer/templates/dnsmasq-tftp-netboot-installer.j2 b/roles/tftp-netboot-installer/templates/dnsmasq-tftp-netboot-installer.j2
index 3e627d8..2289ac9 100644
--- a/roles/tftp-netboot-installer/templates/dnsmasq-tftp-netboot-installer.j2
+++ b/roles/tftp-netboot-installer/templates/dnsmasq-tftp-netboot-installer.j2
@@ -1,5 +1,5 @@
 enable-tftp
 tftp-root={{ tftp_root }}
-dhcp-boot=debian-installer/pxelinux.0
+dhcp-boot=d-i/n-a/pxelinux.0
 dhcp-match=set:efi-x86_64,option:client-arch,7
-dhcp-boot=tag:efi-x86_64,debian-installer/bootnetx64.efi
+dhcp-boot=tag:efi-x86_64,d-i/n-a/bootnetx64.efi
diff --git a/roles/two-interface-shorewall/tasks/main.yml b/roles/two-interface-shorewall/tasks/main.yml
index e2a273e..30db436 100644
--- a/roles/two-interface-shorewall/tasks/main.yml
+++ b/roles/two-interface-shorewall/tasks/main.yml
@@ -2,12 +2,6 @@
   template:
     src: interfaces-static.j2
     dest: /etc/network/interfaces.d/static
-
-- name: make if_wan auto start
-  lineinfile:
-    dest: /etc/network/interfaces
-    line: "auto {{ if_wan }}"
-    insertbefore: "iface\\s+{{ if_wan }}\\s+inet\\s+dhcp"
   notify: restart networking
 
 - name: install shorewall packages