Make lmn-client a separate repository.
Remove all playbooks and roles not used for the lmn-client playbook.
They are almost all maintained within the debian-lan-ansible project
at:
https://salsa.debian.org/andi/debian-lan-ansible/
This commit is contained in:
Andreas B. Mundt
parent
fe7ec2f2e9
commit
e7aa91e7f8
209 changed files with 0 additions and 5758 deletions
123
README
123
README
|
|
@ -1,123 +0,0 @@
|
|||
|
||||
Run Debian in your Local Area Network
|
||||
=======================================
|
||||
|
||||
The goal of the "Debian Local Area Network"-project is to make setting
|
||||
up Debian in a local area network as easy as possible. This repository
|
||||
offers ansible playbooks and instructions for the following machines:
|
||||
|
||||
• installbox: orchestration of automatic installs in the LAN
|
||||
- set up as gateway to some external network (WAN)
|
||||
- provides TFTP installations on the LAN interface
|
||||
- automatic installs: preseeding and ansible playbooks
|
||||
- package cache
|
||||
|
||||
• kerberox: serving a minimalistic kerberized LAN
|
||||
- automatic TFTP installation of clients
|
||||
- centralized home directories on kerberized NFS
|
||||
- simple script to manage users and machines
|
||||
|
||||
• kerberox-client: the client for the kerberized LAN
|
||||
|
||||
• sambox and -client: comparable to the kerberox setup, but
|
||||
home directories are shared via sshfs or the smb protocol.
|
||||
|
||||
• cloudbox: nextcloud server in the basement
|
||||
- setup of a home cloud server
|
||||
- dynamic DNS name
|
||||
- nextcloud
|
||||
- backup with borg
|
||||
- …
|
||||
|
||||
• kiosk: school's computer, hackerspace, …
|
||||
- auto login user
|
||||
- reasonable defaults
|
||||
- temporary home directory on tmpfs, reset at boot
|
||||
|
||||
• edubox: deploy a set of containers for training/teaching
|
||||
|
||||
Contributions like patches, suggestions, pull requests and/or further
|
||||
profiles are highly appreciated!
|
||||
|
||||
----------------------------
|
||||
|
||||
Instructions
|
||||
==============
|
||||
|
||||
Installbox
|
||||
~~~~~~~~~~
|
||||
• standard Debian installation:
|
||||
- user 'ansible' in sudo group
|
||||
- WAN interface configured and connected
|
||||
- LAN interface not configured/managed
|
||||
|
||||
• optional: customize installbox.yml
|
||||
|
||||
• run ansible:
|
||||
ssh-copy-id ansible@1.2.3.4
|
||||
ansible-playbook installbox.yml -v --become --ask-become-pass -u ansible -i 1.2.3.4,
|
||||
|
||||
• the installbox can be used to install all other profiles
|
||||
|
||||
Kerberox, Sambox
|
||||
~~~~~~~~~~~~~~~~
|
||||
• standard Debian installation:
|
||||
- user 'ansible' in sudo group
|
||||
- WAN interface configured and connected
|
||||
- LAN interface not configured/managed
|
||||
|
||||
• optional: customize kerberox.yml
|
||||
|
||||
• run ansible:
|
||||
ssh-copy-id ansible@1.2.3.4
|
||||
ansible-playbook kerberox.yml -v --become --ask-become-pass -u ansible -i 1.2.3.4,
|
||||
|
||||
Kerberox and installbox provide a local ansible configuration space
|
||||
which can be used to install clients and/or to check/modify the local
|
||||
installation. To do the latter, cd into 'debian-lan' and run:
|
||||
|
||||
'ansible-playbook --ask-become-pass -v -i localhost, -c local kerberox.yml'
|
||||
|
||||
The kerberox-clients are automatically installed using the included TFTP netboot
|
||||
installer within the LAN.
|
||||
|
||||
Cloudbox
|
||||
~~~~~~~~
|
||||
• Debian installation:
|
||||
- user 'ansible' in sudo group
|
||||
|
||||
• check/customize cloudbox.yml
|
||||
|
||||
• download latest nextcloud-*.*.*.tar.bz2 archive and place it as nextcloud.tar.bz2
|
||||
in your debian-lan-ansible directory
|
||||
|
||||
• run ansible:
|
||||
ssh-copy-id ansible@1.2.3.4
|
||||
ansible-playbook cloudbox.yml -v --become --ask-become-pass -u ansible -i 1.2.3.4,
|
||||
|
||||
• use 'nc-admin' with password in '/root/nc-admin.pwd' to log into nextcloud.
|
||||
|
||||
Kiosk
|
||||
~~~~~
|
||||
• Debian installation:
|
||||
- user 'ansible' in sudo group
|
||||
|
||||
• customize kiosk.yml:
|
||||
- WiFi parameters
|
||||
- package selection: extra_pkgs and extra_pkgs_bpo for backports
|
||||
- desktop environment
|
||||
|
||||
• run ansible:
|
||||
ssh-copy-id ansible@1.2.3.4
|
||||
ansible-playbook kiosk.yml -v --become --ask-become-pass -u ansible -i 1.2.3.4,
|
||||
|
||||
Edubox
|
||||
~~~~~~
|
||||
• Debian installation:
|
||||
- user 'ansible' in sudo group
|
||||
|
||||
• customize edubox.yml
|
||||
|
||||
• run ansible:
|
||||
ssh-copy-id ansible@1.2.3.4
|
||||
ansible-playbook edubox.yml -v --become --ask-become-pass -u ansible -i 1.2.3.4,
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
## After installation of the clients, prepare and copy all machine
|
||||
## credentials to the machines in the following way:
|
||||
|
||||
## Log into the Kerberos KDC (kerberox).
|
||||
|
||||
## Find the kadmin password to be used soon:
|
||||
sudo cat /root/kadmin.pwd
|
||||
|
||||
## Then:
|
||||
cd /home/ansible/debian-lan/
|
||||
ansible-playbook --ask-become-pass kerberox-client.yml \
|
||||
--ssh-common-args='-o StrictHostKeyChecking=no'
|
||||
|
||||
## Enter the 'BECOME' password and the kadmin password obtained above.
|
||||
54
cloudbox.yml
54
cloudbox.yml
|
|
@ -1,54 +0,0 @@
|
|||
---
|
||||
# This playbook deploys the cloudbox on a minimal installation.
|
||||
|
||||
- name: apply configuration to the cloudbox
|
||||
# hosts: cloudboxes ## 'all' is needed to make ansible-pull work
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: true
|
||||
vars:
|
||||
if_lan: "enp1s0"
|
||||
ipaddr: "192.168.2.50/24"
|
||||
gateway: "192.168.2.1"
|
||||
dns: "192.168.2.1"
|
||||
ddns_domain: "something.ddnss.de"
|
||||
ddns_updkey: "138638.some.key.here.635620"
|
||||
## 'nc_download' and 'nc_checksum' are only
|
||||
## used for ansible-pull during installation:
|
||||
nc_download: "https://download.nextcloud.com/server/releases/latest.tar.bz2"
|
||||
nc_checksum: "sha256:d32a8f6c4722a45cb67de7018163cfafcfa22a871fbac0f623c3875fa4304e5a"
|
||||
nc_apps:
|
||||
- calendar
|
||||
- notes
|
||||
backup_opts: "--exclude-caches -e '*/updater-*/' -e '*/preview/*' -e '*/files_trashbin/*'"
|
||||
backup_dirs:
|
||||
- "/etc"
|
||||
- "{{ nc_dir }}"
|
||||
- "{{ data_dir }}"
|
||||
ansible_python_interpreter: "/usr/bin/python3"
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
# - ddnsupdate
|
||||
# - lowpower
|
||||
- nextcloud
|
||||
- nextcloudupgrade
|
||||
- kerberize
|
||||
# - backup
|
||||
|
||||
## Hosts in the the 'only_nextcloud'-group are only upgraded:
|
||||
|
||||
- name: upgrade nextcloud only
|
||||
hosts: only_nextcloud
|
||||
remote_user: ansible
|
||||
become: true
|
||||
vars:
|
||||
nc_dir: "/var/www/nextcloud"
|
||||
nc_apps:
|
||||
- calendar
|
||||
- notes
|
||||
ansible_python_interpreter: "/usr/bin/python3"
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- nextcloudupgrade
|
||||
68
edubox.yml
68
edubox.yml
|
|
@ -1,68 +0,0 @@
|
|||
---
|
||||
## This playbook deploys a series of minimal systemd-nspawn containers
|
||||
## for educational use on a host, for example to learn ansible!
|
||||
## All containers use an apt cache on the host system and forward port
|
||||
## 22 (ssh), 80 (http) and 443 (https) to ports >= 10000, 10100 and 10200
|
||||
## respectively. A user 'ansi' in the 'sudo' group is prepared,
|
||||
## either with empty password or an initial password to be set below.
|
||||
##
|
||||
## Modifications of the initial containers are kept in an overlay
|
||||
## directory next to the container images in '/var/lib/machines/'.
|
||||
## This allows to visit and compare the work of students on the host.
|
||||
## To manage the containers after installation, run the playbook with
|
||||
## one of the the following tags:
|
||||
##
|
||||
## --tags=start start all containers
|
||||
## --tags=stop stop all containers
|
||||
## --tags=restart stop, then start all containers
|
||||
## --tags=reset reset all containers to the initial image
|
||||
## --tags=purge purge all containers
|
||||
## --tags=setup purge all containers and setup again
|
||||
##
|
||||
|
||||
- name: apply configuration to the edubox
|
||||
hosts: all # eduboxes
|
||||
remote_user: ansible
|
||||
become: true
|
||||
vars:
|
||||
contname: cont
|
||||
## User name for the user in the container:
|
||||
contuser: ansi
|
||||
## Password for the user 'ansible' in the container,
|
||||
## leave empty to log in without password:
|
||||
contpwd: ""
|
||||
## Adjust the number of containers here:
|
||||
containers: "{{ range(0, 49 + 1) | list }}"
|
||||
## Additional packages to be installed in the container:
|
||||
cont_packages_extra:
|
||||
- bind9-dnsutils
|
||||
- file
|
||||
- locales
|
||||
- xz-utils
|
||||
- lsof
|
||||
- wget
|
||||
- bind9-host
|
||||
- libc-l10n
|
||||
- traceroute
|
||||
- bzip2
|
||||
- netcat-traditional
|
||||
- telnet
|
||||
|
||||
pre_tasks:
|
||||
- name: install apt-cacher-ng
|
||||
apt:
|
||||
name:
|
||||
- apt-cacher-ng
|
||||
- auto-apt-proxy
|
||||
state: latest # noqa package-latest
|
||||
|
||||
- name: enable and start systemd-networkd on the host
|
||||
systemd:
|
||||
name: systemd-networkd
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- educontainer
|
||||
- networkdresolved
|
||||
|
|
@ -1,58 +0,0 @@
|
|||
## This playbook deploys a FvS desktop machine.
|
||||
---
|
||||
- name: apply configuration to the machines
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: yes
|
||||
vars:
|
||||
extra_pkgs:
|
||||
- webext-privacy-badger
|
||||
- webext-ublock-origin
|
||||
- vim
|
||||
- emacs
|
||||
- elpa-magit
|
||||
- elpa-color-theme-modern
|
||||
- vlc
|
||||
- gimp
|
||||
- inkscape
|
||||
- bluefish
|
||||
- git
|
||||
- gitk
|
||||
- gitg
|
||||
- mc
|
||||
- tmux
|
||||
- wireshark
|
||||
- nmap
|
||||
- netcat-openbsd
|
||||
- net-tools
|
||||
- ghex
|
||||
- thonny
|
||||
- spyder
|
||||
- mu-editor
|
||||
- dia
|
||||
- vym
|
||||
- tree
|
||||
- console-setup
|
||||
- virt-manager
|
||||
- libreoffice-l10n-de
|
||||
extra_pkgs_bpo: [ libreoffice ] # [ linux-image-amd64 ] # [ libreoffice ]
|
||||
ansible_python_interpreter: "/usr/bin/python3"
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- fvs-sssd
|
||||
- fvs-mount
|
||||
- fvs-client
|
||||
## Choose either gnome or KDE:
|
||||
- gnome
|
||||
#- kde
|
||||
|
||||
tasks:
|
||||
- name: Add local user 'virti' in the 'libvirt' group
|
||||
ansible.builtin.user:
|
||||
name: virti
|
||||
password: $y$j9T$DuSvAO63v5LvoJmJ1rB0B0$D4tovIz79AdLHs5I6tYa7rxr3SWknQeUFvGaaKvUpo3
|
||||
comment: Libvirt VM User,,,
|
||||
shell: /bin/bash
|
||||
groups: libvirt
|
||||
append: yes
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
## This playbook deploys a FvS home server machine.
|
||||
---
|
||||
- name: apply configuration to the home server
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: yes
|
||||
vars:
|
||||
extra_pkgs:
|
||||
- vim
|
||||
extra_pkgs_bpo: [ ] # [ libreoffice ]
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- fvs-sssd
|
||||
|
||||
tasks:
|
||||
- name: enable pam_mkhomedir.so
|
||||
lineinfile:
|
||||
dest: /etc/pam.d/common-session
|
||||
line: "session optional pam_mkhomedir.so umask=0027"
|
||||
insertbefore: "session optional pam_mount.so"
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
## This playbook deploys a FvS homex server machine.
|
||||
---
|
||||
- name: apply configuration to the homex server
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: yes
|
||||
vars:
|
||||
extra_pkgs:
|
||||
- vim
|
||||
- systemd-journal-remote
|
||||
- python3-ldap
|
||||
extra_pkgs_bpo: [ ]
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- fvs-sssd
|
||||
- exam_homes
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
## This playbook deploys a FvS VM server machine.
|
||||
---
|
||||
- name: apply configuration to the VM server
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: yes
|
||||
vars:
|
||||
extra_pkgs:
|
||||
- vim
|
||||
- libvirt-daemon-system
|
||||
extra_pkgs_bpo: [ ] # [ libreoffice ]
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- fvs-sssd
|
||||
|
||||
tasks:
|
||||
- name: enable pam_mkhomedir.so
|
||||
lineinfile:
|
||||
dest: /etc/pam.d/common-session
|
||||
line: "session optional pam_mkhomedir.so umask=0027"
|
||||
insertbefore: "session optional pam_mount.so"
|
||||
|
||||
- name: allow all users to use VMs
|
||||
lineinfile:
|
||||
dest: /etc/libvirt/libvirtd.conf
|
||||
line: 'auth_unix_rw = "none"'
|
||||
insertafter: '#auth_unix_rw = "polkit"'
|
||||
|
||||
- name: shared directory for ISO installer images
|
||||
file:
|
||||
path: /home/ISOsVM
|
||||
state: directory
|
||||
mode: '1777'
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
## This playbook deploys a FvS web server machine.
|
||||
---
|
||||
- name: apply configuration to the web server
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: yes
|
||||
vars:
|
||||
extra_pkgs:
|
||||
- vim
|
||||
- apache2
|
||||
- python3-flask
|
||||
|
||||
extra_pkgs_bpo: [ ] # [ libreoffice ]
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- fvs-sssd
|
||||
|
||||
tasks:
|
||||
- name: enable pam_mkhomedir.so
|
||||
lineinfile:
|
||||
dest: /etc/pam.d/common-session
|
||||
line: "session optional pam_mkhomedir.so umask=0026"
|
||||
insertbefore: "session optional pam_mount.so"
|
||||
|
||||
- name: enable apache mod userdir
|
||||
apache2_module:
|
||||
state: present
|
||||
name: userdir
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
allow_download: true
|
||||
backup_dirs_extra:
|
||||
- /home
|
||||
backup_opts_extra: ""
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow_download: true
|
||||
|
|
@ -1,46 +0,0 @@
|
|||
---
|
||||
## This playbook deploys the installbox. Add 'hostname=XXX' and
|
||||
## 'domain=YYY' to the installer boot parameters to set hostname and
|
||||
## domain.
|
||||
|
||||
- name: apply configuration to the installbox
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: true
|
||||
|
||||
vars:
|
||||
## This interface provides the default route:
|
||||
if_wan: "{{ ansible_default_ipv4.interface }}"
|
||||
|
||||
## Use the first remaining interface for the LAN:
|
||||
if_lan: "{{ ansible_interfaces | difference([if_wan, 'lo']) | first }}"
|
||||
|
||||
## LAN IP address range:
|
||||
ipaddr_lan: 192.168.0.10/24
|
||||
dhcp_start: 192.168.0.50
|
||||
dhcp_stop: 192.168.0.150
|
||||
in_inventory: 192.168.0.[50:150]
|
||||
|
||||
di_dist: "{{ ansible_distribution_release }}"
|
||||
di_version: "{{ ansible_distribution_major_version }}"
|
||||
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
|
||||
|
||||
ansible_user: ansible
|
||||
repo_dir: "/home/{{ ansible_user }}/debian-lan"
|
||||
ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module
|
||||
|
||||
|
||||
pre_tasks:
|
||||
- name: validate if interfaces are available
|
||||
fail:
|
||||
msg: "Interfaces {{ ansible_interfaces }} found. WAN: '{{ if_wan }}', LAN: '{{ if_lan }}'. Two NICs needed."
|
||||
when: (if_lan not in ansible_interfaces) or (if_wan not in ansible_interfaces) or (if_lan == if_wan)
|
||||
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- firewalld2if
|
||||
- dnsmasq
|
||||
- netbootinstaller
|
||||
- aptcacher
|
||||
- prepare4clients
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
---
|
||||
## This playbook deploys the installbox6. Add 'hostname=XXX' and
|
||||
## 'domain=YYY' to the installer boot parameters to set hostname and
|
||||
## domain.
|
||||
|
||||
## FIXME: works only on bookworm (kea-dhcp6, atftpd)
|
||||
|
||||
- name: apply configuration to the installbox6
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: true
|
||||
|
||||
vars:
|
||||
## This interface provides the default route:
|
||||
if_lan: "{{ ansible_default_ipv4.interface }}"
|
||||
prefix: '2001:db8:b001::/64'
|
||||
|
||||
## Find the IPv6 address: FIXME: not needed anymore?
|
||||
ipv6_lan: "{{ prefix | ipaddr('address') | slaac(ansible_default_ipv4.macaddress) }}"
|
||||
|
||||
di_dist: "{{ ansible_distribution_release }}"
|
||||
di_version: 11 # "{{ ansible_distribution_major_version }}"
|
||||
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
|
||||
|
||||
extra_pkgs: [binutils] # FIXME: missing dependency in di-netboot-assistant
|
||||
|
||||
ansible_user: ansible
|
||||
repo_dir: "/home/{{ ansible_user }}/debian-lan"
|
||||
ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- dhcp6radvdatftpd
|
||||
- netbootinstaller
|
||||
- aptcacher
|
||||
- prepare4clients
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
---
|
||||
# This playbook deploys a client for the kerberox LAN.
|
||||
|
||||
- name: apply configuration to the machines
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: true
|
||||
vars:
|
||||
extra_pkgs:
|
||||
- webext-privacy-badger
|
||||
- webext-ublock-origin
|
||||
- krb5-auth-dialog
|
||||
extra_pkgs_bpo: [] # [ libreoffice ]
|
||||
ansible_python_interpreter: "/usr/bin/python3"
|
||||
|
||||
vars_prompt:
|
||||
- name: "kadmin_pwd"
|
||||
prompt: "Provide kadmin password to fetch kerberos keytab.\nLeave empty if done already"
|
||||
private: true
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- lanclient
|
||||
- kerberize
|
||||
## Choose either gnome or KDE:
|
||||
# - gnome
|
||||
# - kde
|
||||
62
kerberox.yml
62
kerberox.yml
|
|
@ -1,62 +0,0 @@
|
|||
---
|
||||
## This playbook deploys the kerberox server. Add 'hostname=XXX' and
|
||||
## 'domain=YYY' to the installer boot parameters to set hostname and domain.
|
||||
|
||||
- name: apply configuration to the kerberox server
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: true
|
||||
|
||||
vars:
|
||||
## This interface provides the default route:
|
||||
if_wan: "{{ ansible_default_ipv4.interface }}"
|
||||
|
||||
## Use the first remaining interface for the LAN:
|
||||
if_lan: "{{ ansible_interfaces | difference([if_wan, 'lo']) | first }}"
|
||||
|
||||
## LAN IP address range:
|
||||
ipaddr_lan: 192.168.0.10/24
|
||||
ipaddr_lan_threeoct: "{{ ipaddr_lan.split('.')[0:3] | join('.') }}"
|
||||
ipaddr_lan_ptr: "{{ (ipaddr_lan | ipaddr('revdns')).split('.')[1:] | join('.') }}"
|
||||
ipaddr_lan_ptr_threeoct: "{{ ipaddr_lan_ptr.split('.')[0:3] | join('.') }}"
|
||||
dhcp_start: 192.168.0.50
|
||||
dhcp_stop: 192.168.0.150
|
||||
in_inventory: 192.168.0.[50:150]
|
||||
|
||||
di_dist: "{{ ansible_distribution_release }}"
|
||||
di_version: "{{ ansible_distribution_major_version }}"
|
||||
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
|
||||
|
||||
ansible_user: ansible
|
||||
repo_dir: "/home/{{ ansible_user }}/debian-lan"
|
||||
ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module
|
||||
|
||||
|
||||
vars_prompt:
|
||||
- name: "foo_pwd"
|
||||
prompt:
|
||||
In case you would like to prepare a test user 'foo' and have
|
||||
not done so yet, provide foo's password here. Leave empty to
|
||||
just continue
|
||||
private: true
|
||||
|
||||
|
||||
pre_tasks:
|
||||
- name: validate if interfaces are available
|
||||
fail:
|
||||
msg: "Interfaces {{ ansible_interfaces }} found. WAN: '{{ if_wan }}', LAN: '{{ if_lan }}'. Two NICs needed."
|
||||
when: (if_lan not in ansible_interfaces) or (if_wan not in ansible_interfaces) or (if_lan == if_wan)
|
||||
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- firewalld2if
|
||||
- dnsmasq
|
||||
- netbootinstaller
|
||||
- aptcacher
|
||||
- role: krb5kdcldap
|
||||
when: not run_in_installer|default(false)|bool
|
||||
- role: nfsserver
|
||||
when: not run_in_installer|default(false)|bool
|
||||
- prepare4clients
|
||||
- kerberize
|
||||
22
kiosk.yml
22
kiosk.yml
|
|
@ -1,22 +0,0 @@
|
|||
---
|
||||
# This playbook deploys a kiosk-computer
|
||||
|
||||
- name: apply configuration to the machines
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: true
|
||||
vars:
|
||||
auto_user: debi
|
||||
wifi_ssid: "YOUR SSID HERE"
|
||||
wifi_passwd: "YOUR WIFI-PW HERE"
|
||||
extra_pkgs:
|
||||
- webext-privacy-badger
|
||||
- webext-ublock-origin
|
||||
extra_pkgs_bpo: [] # [ libreoffice ]
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
## Choose either gnome or KDE:
|
||||
- gnome
|
||||
# - kde
|
||||
- kiosk
|
||||
89
livebox.yml
89
livebox.yml
|
|
@ -1,89 +0,0 @@
|
|||
## This playbook deploys the LiveBox.
|
||||
##
|
||||
## The LiveBox provides Debian Live and Installer images on top
|
||||
## of an already existing network with minimal modifications to
|
||||
## existing infrastructure. It does not provide DHCP; the idea
|
||||
## is to chainload the LiveBox' menu (iPXE or Grub) from PXE
|
||||
## infrastructure already in place.
|
||||
##
|
||||
## To chainload the LiveBox in iPXE use:
|
||||
## > item livebox Chainload Menu from LiveBox
|
||||
## > …
|
||||
## > :livebox chain tftp://livebox.lan/d-i/n-a/menu.ipxe
|
||||
##
|
||||
## To chainload the LiveBox in Grub use:
|
||||
## > menuentry 'Chainload Menu from LiveBox' {
|
||||
## > configfile (tftp,livebox.lan)/d-i/n-a/grub/grub.cfg
|
||||
## > }
|
||||
##
|
||||
---
|
||||
- name: apply configuration to the livebox
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: true
|
||||
|
||||
vars:
|
||||
extra_pkgs:
|
||||
- lighttpd
|
||||
- nfs-kernel-server
|
||||
extra_pkgs_bpo:
|
||||
- atftpd
|
||||
- di-netboot-assistant
|
||||
- apt-cacher-ng
|
||||
|
||||
live_desktop:
|
||||
- gnome
|
||||
- kde
|
||||
- standard
|
||||
|
||||
live_url: 'https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/current-live/amd64/iso-hybrid/'
|
||||
|
||||
# The edulive role generates customized Debian-Live images.
|
||||
# Make sure you have sufficient disk space available (~30GiB?).
|
||||
build_images:
|
||||
- gnome-edu
|
||||
|
||||
di_dist: "{{ ansible_distribution_release }}"
|
||||
di_version: "{{ ansible_distribution_major_version }}"
|
||||
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
|
||||
boot_params:
|
||||
- boot=live
|
||||
- netboot=nfs
|
||||
- components
|
||||
- locales=de_DE.UTF-8
|
||||
- keyboard-layouts=de
|
||||
- quiet
|
||||
- splash
|
||||
# - noroot
|
||||
|
||||
ansible_python_interpreter: "/usr/bin/python3"
|
||||
|
||||
pre_tasks:
|
||||
- name: preseed atftpd
|
||||
debconf:
|
||||
name: atftpd
|
||||
question: atftpd/basedir
|
||||
value: /var/lib/tftpboot
|
||||
vtype: string
|
||||
|
||||
- name: find available iso images
|
||||
uri:
|
||||
url: "{{ live_url }}"
|
||||
return_content: true
|
||||
register: idx
|
||||
|
||||
- name: find and set ISO image version
|
||||
set_fact:
|
||||
version: "{{ idx.content | regex_findall('debian-live-(\\d+\\.\\d+\\.\\d+)-amd64-', '\\1') | first }}"
|
||||
|
||||
- name: define ISO image map
|
||||
set_fact:
|
||||
live_iso: "{{ live_iso | default({}) | combine({ item: 'debian-live-' + version + '-amd64-' + item + '+nonfree.iso' }) }}"
|
||||
loop: "{{ live_desktop }}"
|
||||
|
||||
roles:
|
||||
- up2date_debian
|
||||
- netbootinstaller
|
||||
- aptcacher
|
||||
- debianlive
|
||||
- edulive
|
||||
|
|
@ -1,72 +0,0 @@
|
|||
## This playbook deploys a KDE teacher's laptop machine for LinuxMuster.
|
||||
---
|
||||
- name: apply configuration to the machines
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: yes
|
||||
pre_tasks:
|
||||
- name: Preseed unattended-upgrades
|
||||
debconf:
|
||||
name: unattended-upgrades
|
||||
question: unattended-upgrades/enable_auto_updates
|
||||
value: True
|
||||
vtype: boolean
|
||||
|
||||
vars:
|
||||
domain: "{{ ansible_domain }}"
|
||||
kerberize_uris: steinbeis.schule
|
||||
apt_conf: Acquire::http::Proxy "http://aptcache.pn.steinbeis.schule:3142/";
|
||||
ntp_serv: server.pn.steinbeis.schule
|
||||
proxy: http://firewall.pn.steinbeis.schule:3128
|
||||
no_proxy: firewall.pn.steinbeis.schule,server.pn.steinbeis.schule,idam.steinbeis.schule,dw.steinbeis.schule,.pn.steinbeis.schule,.steinbeis.schule
|
||||
|
||||
## PAM mount nextcloud, remove or leave empty to skip:
|
||||
web_dav: https://nc.steinbeis.schule/remote.php/dav/files/%(USER)
|
||||
|
||||
## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
|
||||
mirror_msfonts: http://livebox.pn.steinbeis.schule/mscorefonts/
|
||||
|
||||
rsyncsecret: Muster!
|
||||
keys2deploy:
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOY0hChWaCDtuiuQcM0v4/u1499esjTtnMjl4uYlnS0 andi@netboot'
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN5ylqP936MPjGNxzrzV5jMwIfMhKJdOGuVh3xGQKTM andi@yogi'
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxgeu7Rpb/1++531+MopqP9haUkyh1XXpv5kmbgSjx6'
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbdOT+WSDmsBcaVFfzPRcmvOfd3CqO/FBOH44UVm7c7 raphael@uranus'
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGICjy88HnMg5oaz4BJ20hgzqFWSem+HHD2PQ+As42pA raphael@pluto'
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm9lu9dDo5TG99QWTkl2G5G+ZbYikLlRNOXfs/bRTHy sascha@america'
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMR4TP7jE+wS7zcH0iUBmlxCbvy9saYeEjonX/0yYfEJ daniel@NB-20-DW'
|
||||
|
||||
## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
|
||||
grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB'
|
||||
nfs4: false
|
||||
extra_pkgs:
|
||||
- vim
|
||||
- mc
|
||||
- tmux
|
||||
- krb5-user
|
||||
- unattended-upgrades
|
||||
- debconf-utils
|
||||
extra_pkgs_bpo: [] # [ linux-image-amd64 ]
|
||||
|
||||
roles:
|
||||
- lmn_network
|
||||
- up2date_debian
|
||||
- lmn_sssd
|
||||
- lmn_kde
|
||||
- lmn_fvs ## school specific customization
|
||||
# - lmn_vm
|
||||
- kerberize
|
||||
# - lmn_security
|
||||
|
||||
tasks:
|
||||
- name: enable pam_mkhomedir.so
|
||||
lineinfile:
|
||||
dest: /etc/pam.d/common-session
|
||||
line: "session optional pam_mkhomedir.so umask=0022"
|
||||
insertbefore: "# end of pam-auth-update config"
|
||||
- name: Fix unattended-upgrades
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/apt/apt.conf.d/20auto-upgrades
|
||||
content: |
|
||||
APT::Periodic::Update-Package-Lists "1";
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
# This playbook does almost nothing. Useful for testing only preseeding.
|
||||
|
||||
- name: apply a minimal configuration with kerberos LAN integration
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: true
|
||||
roles:
|
||||
- up2date_debian
|
||||
- lan-client
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
# This playbook does almost nothing. Useful for testing only preseeding.
|
||||
|
||||
- name: apply a minimal configuration to the machine
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: true
|
||||
roles:
|
||||
- up2date_debian
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- name: start apt-cacher-ng
|
||||
service: name=apt-cacher-ng state=started enabled=yes
|
||||
listen: "start apt-cacher-ng"
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
- name: install apt-cacher-ng package
|
||||
apt:
|
||||
name:
|
||||
- apt-cacher-ng
|
||||
- auto-apt-proxy
|
||||
state: latest # noqa package-latest
|
||||
|
||||
- name: check if preseeded installer is available
|
||||
stat: path={{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg
|
||||
register: preseedcfg
|
||||
|
||||
- name: enable apt-cacher-ng for install-clients
|
||||
replace:
|
||||
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
|
||||
regexp: '^d-i mirror/http/proxy string$'
|
||||
replace: 'd-i mirror/http/proxy string http://{{ ansible_hostname }}:3142/'
|
||||
when: preseedcfg.stat.exists
|
||||
|
||||
- name: test if firewalld is available
|
||||
stat: path=/usr/sbin/firewalld
|
||||
register: firewalld
|
||||
|
||||
- name: allow apt-cacher-ng service in firewalld
|
||||
firewalld:
|
||||
zone: internal
|
||||
port: 3142/tcp
|
||||
permanent: true
|
||||
immediate: true
|
||||
state: enabled
|
||||
when: not run_in_installer|default(false)|bool and firewalld.stat.exists
|
||||
|
||||
- name: allow apt-cacher-ng service in firewalld, offline
|
||||
command: "firewall-offline-cmd --zone=internal --add-port=3142/tcp"
|
||||
when: run_in_installer|default(false)|bool and firewalld.stat.exists
|
||||
|
||||
- name: flush handler to make apt-cacher available
|
||||
meta: flush_handlers
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
borg_pwd: "{{ lookup('password', '/tmp/borg.pwd chars=ascii_letters,digits length=32') }}"
|
||||
borg_pwd_file: "/root/borg.pwd"
|
||||
borg_key_backup: "/root/borg-key.backup"
|
||||
|
||||
## alternative: "ssh://user@host:port/path/to/repo"
|
||||
backup_repo: "/var/backups/mnt/backup/borg"
|
||||
|
||||
backup_dirs_extra: ""
|
||||
|
||||
backup_opts: "--exclude-caches"
|
||||
backup_opts_extra: ""
|
||||
|
||||
www_root: "/var/www"
|
||||
nc_dir: "{{ www_root }}/nextcloud"
|
||||
data_dir: "/var/nc-data"
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[Unit]
|
||||
Description=Run backup script
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/local/bin/backup
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
[Unit]
|
||||
Description=Run backup script daily
|
||||
|
||||
[Timer]
|
||||
OnCalendar=*-*-* 4:00:00
|
||||
Persistent=true
|
||||
AccuracySec=15min
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
- name: enable backup.service and .timer
|
||||
systemd:
|
||||
name: backup.timer
|
||||
state: started
|
||||
enabled: true
|
||||
listen: "enable backup.timer"
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
- name: install borg
|
||||
apt:
|
||||
name: borgbackup
|
||||
state: latest # noqa package-latest
|
||||
|
||||
- name: check if borg password is available
|
||||
stat: path="{{ borg_pwd_file }}"
|
||||
register: borg
|
||||
|
||||
- name: dump borg password
|
||||
shell: echo -n "{{ borg_pwd }}" > "{{ borg_pwd_file }}" ; chmod 0600 "{{ borg_pwd_file }}"
|
||||
no_log: true
|
||||
when: not borg.stat.exists
|
||||
|
||||
- name: provide backup script
|
||||
template:
|
||||
src: "backup"
|
||||
dest: "/usr/local/bin/backup"
|
||||
mode: "0750"
|
||||
|
||||
- name: provide backup.service and .timer
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "/etc/systemd/system/{{ item }}"
|
||||
mode: 0644
|
||||
with_items:
|
||||
- backup.service
|
||||
- backup.timer
|
||||
notify: "enable backup.timer"
|
||||
|
||||
- name: run first backup
|
||||
command: /usr/local/bin/backup
|
||||
when: not borg.stat.exists
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -eu
|
||||
|
||||
BACKUP=({{ backup_dirs|join(' ') }} {{ backup_dirs_extra|join(' ') }})
|
||||
OPTIONS=({{ backup_opts }} {{ backup_opts_extra }})
|
||||
|
||||
export BORG_REPO="{{ backup_repo }}"
|
||||
export BORG_PASSCOMMAND="cat {{ borg_pwd_file }}"
|
||||
KEY_BACKUP="{{ borg_key_backup }}"
|
||||
|
||||
MOUNTED=""
|
||||
|
||||
MNT="$(echo "$BORG_REPO" | sed "s|\(^.*/mnt\).*|\1|")"
|
||||
if grep -q "$MNT" /etc/fstab ; then
|
||||
[ -d "$BORG_REPO" ] || mount -v "$MNT" && MOUNTED="TRUE"
|
||||
fi
|
||||
|
||||
if [ ! -e "$KEY_BACKUP" ] ; then
|
||||
[[ "$BORG_REPO" =~ @ ]] || mkdir -vp --mode=0750 "$BORG_REPO"
|
||||
borg init --encryption=repokey
|
||||
borg key export "$BORG_REPO" "$KEY_BACKUP"
|
||||
fi
|
||||
|
||||
if [ -e "{{ nc_dir }}/config/config.php" ] ; then
|
||||
NCDB="{{ data_dir }}/nextcloud-database.dump"
|
||||
sudo -u www-data /usr/bin/php {{ nc_dir }}/occ maintenance:mode --on
|
||||
PW="$(grep dbpassword {{ nc_dir }}/config/config.php | \
|
||||
sed -e "s/\W*'dbpassword' => '//" -e "s/',$//")"
|
||||
|
||||
echo -n "Dumping data base into '$NCDB' … "
|
||||
mysqldump --single-transaction -h localhost -u nextcloud -p"$PW" nextcloud > "$NCDB"
|
||||
chmod 600 "$NCDB"
|
||||
echo "done."
|
||||
fi
|
||||
|
||||
echo "Backup ${BACKUP[@]} to $BORG_REPO."
|
||||
borg create -v --show-rc "${OPTIONS[@]}" ::'{hostname}-{now}' "${BACKUP[@]}"
|
||||
|
||||
borg prune -v --list --prefix='{hostname}-' --show-rc \
|
||||
--keep-daily 14 \
|
||||
--keep-weekly 8 \
|
||||
--keep-monthly 6 \
|
||||
--keep-yearly 10
|
||||
|
||||
if [ -e "{{ nc_dir }}/config/config.php" ] ; then
|
||||
sudo -u www-data /usr/bin/php {{ nc_dir }}/occ maintenance:mode --off
|
||||
fi
|
||||
|
||||
if [ "$MOUNTED" = "TRUE" ] ; then
|
||||
umount -v "$MNT"
|
||||
fi
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -eu
|
||||
|
||||
. /etc/ddns-update/ddns-update.conf
|
||||
|
||||
DDHOST="https://www.ddnss.de/upd.php"
|
||||
|
||||
if ! DNSRESULT="$(host $DDNSNAME)" ; then
|
||||
echo "Could not resolve IP address for '$DDNSNAME', no update."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
DNSIP4="$(echo "$DNSRESULT" | grep -m 1 -oE '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$' || true )"
|
||||
DNSIP6="$(echo "$DNSRESULT" | grep -m 1 -oE '[0-9a-f]{1,4}:.+:[0-9a-f]{1,4}' || true )"
|
||||
|
||||
REALIP4="$(wget -q -O - https://ip4.ddnss.de/meineip.php | \
|
||||
grep -m 1 -oE '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' || true )"
|
||||
REALIP6="$(wget -q -O - https://ip6.ddnss.de/meineip.php | \
|
||||
grep -m 1 -oE '[0-9a-f]{1,4}:.+:[0-9a-f]{1,4}' || true )"
|
||||
|
||||
if [ -z "$REALIP4" -a -z "$REALIP6" ] ; then
|
||||
echo "Could not detect real IP addresses, exiting."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Current DNS: IPv4=$DNSIP4, IPv6=$DNSIP6."
|
||||
echo "Detected: IPv4=$REALIP4, IPv6=$REALIP6."
|
||||
|
||||
if [ "$REALIP4" == "$DNSIP4" -a "$REALIP6" == "$DNSIP6" ] ; then
|
||||
echo "IP address unchanged, no update."
|
||||
else
|
||||
echo "IP address changed: $DNSIP4 → ${REALIP4}, $DNSIP6 → ${REALIP6}, updating ddns."
|
||||
wget -q -O - $DDHOST'?key='$KEYAUTH'&host='$DDNSNAME'&ip='$REALIP4'&ip6='$REALIP6 \
|
||||
| grep -oE "Updated .+ hostname." || echo "Update not confirmed, it might have failed."
|
||||
fi
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[Unit]
|
||||
Description=Update ddns
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/ddns-update
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
[Unit]
|
||||
Description=Update ddns IP-address
|
||||
|
||||
[Timer]
|
||||
OnBootSec=0
|
||||
OnUnitActiveSec=20min
|
||||
AccuracySec=3min
|
||||
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
- name: enable ddns-update timer
|
||||
systemd:
|
||||
name: ddns-update.timer
|
||||
state: restarted
|
||||
daemon_reload: true
|
||||
enabled: true
|
||||
listen: "enable ddns-update timer"
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
- name: make sure /etc/ddns-update/ exists
|
||||
file: path=/etc/ddns-update/ state=directory recurse=yes
|
||||
|
||||
- name: install ddns-update config
|
||||
template:
|
||||
src: ddns-update.conf.j2
|
||||
dest: /etc/ddns-update/ddns-update.conf
|
||||
mode: 0644
|
||||
|
||||
- name: install ddns-update script
|
||||
copy:
|
||||
src: ddns-update
|
||||
dest: /usr/local/bin/ddns-update
|
||||
mode: 0755
|
||||
|
||||
- name: install ddns-update.service
|
||||
copy:
|
||||
src: ddns-update.service
|
||||
dest: /etc/systemd/system/ddns-update.service
|
||||
mode: 0644
|
||||
|
||||
- name: install ddns-update.timer
|
||||
copy:
|
||||
src: ddns-update.timer
|
||||
dest: /etc/systemd/system/ddns-update.timer
|
||||
mode: 0644
|
||||
notify: enable ddns-update timer
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
DDNSNAME="{{ ddns_domain }}"
|
||||
KEYAUTH="{{ ddns_updkey }}"
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
- name: rebuild di-netboot assistant menu
|
||||
command:
|
||||
cmd: di-netboot-assistant rebuild-menu
|
||||
listen: rebuild di-netboot menu
|
||||
|
||||
- name: export nfs
|
||||
command:
|
||||
cmd: exportfs -ra
|
||||
listen: export nfs
|
||||
|
|
@ -1,128 +0,0 @@
|
|||
---
|
||||
- name: download debian-live images
|
||||
get_url:
|
||||
url: "{{ live_url }}{{ item.value }}"
|
||||
dest: "/var/cache/di-netboot-assistant/{{ item.value }}"
|
||||
checksum: "sha256:{{ live_url }}/SHA256SUMS"
|
||||
register: new_iso
|
||||
loop:
|
||||
"{{ live_iso | dict2items }}"
|
||||
|
||||
- name: umount old iso images
|
||||
mount:
|
||||
path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}"
|
||||
state: unmounted
|
||||
loop:
|
||||
"{{ live_iso | dict2items }}"
|
||||
when: new_iso.changed
|
||||
|
||||
- name: prepare live image directory
|
||||
file:
|
||||
path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
loop:
|
||||
"{{ live_iso | dict2items }}"
|
||||
|
||||
- name: make sure loop module is loaded
|
||||
modprobe:
|
||||
name: loop
|
||||
state: present
|
||||
|
||||
- name: loop mount iso images
|
||||
mount:
|
||||
path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}"
|
||||
src: "/var/cache/di-netboot-assistant/{{ item.value }}"
|
||||
fstype: iso9660
|
||||
opts: loop,ro,nofail
|
||||
state: mounted
|
||||
loop:
|
||||
"{{ live_iso | dict2items }}"
|
||||
notify: rebuild di-netboot menu
|
||||
|
||||
- name: prepare http downloads
|
||||
file:
|
||||
src: "/var/lib/tftpboot/d-i/"
|
||||
dest: "/var/www/html/d-i"
|
||||
state: link
|
||||
|
||||
- name: export live image squashfs
|
||||
lineinfile:
|
||||
path: /etc/exports
|
||||
line: "/var/lib/tftpboot/d-i/n-live/ *(ro,crossmnt,no_subtree_check)"
|
||||
notify: export nfs
|
||||
|
||||
- name: configure ipxe boot menu address and headline
|
||||
replace:
|
||||
path: /etc/di-netboot-assistant/ipxemenu.HEAD
|
||||
regexp: "{{ item.reg }}"
|
||||
replace: "{{ item.rep }}"
|
||||
loop:
|
||||
- reg: '^set 210:string .+$'
|
||||
rep: 'set 210:string http://{{ ansible_default_ipv4.address }}/'
|
||||
- reg: '^#(item --gap -- -- Customized Boot Entries.*)$'
|
||||
rep: '\1'
|
||||
notify: rebuild di-netboot menu
|
||||
|
||||
- name: configure grub boot menu addresses
|
||||
lineinfile:
|
||||
path: /etc/di-netboot-assistant/grub.cfg.HEAD
|
||||
line: "{{ item.line }}"
|
||||
regexp: "{{ item.reg }}"
|
||||
loop:
|
||||
- line: "set root=(http,{{ ansible_default_ipv4.address }})"
|
||||
reg: "^set root="
|
||||
- line: "set pxe_default_server={{ ansible_default_ipv4.address }}"
|
||||
reg: "^set pxe_default_server="
|
||||
notify: rebuild di-netboot menu
|
||||
|
||||
- name: prepare debian live nfs boot entry title
|
||||
lineinfile:
|
||||
path: /etc/di-netboot-assistant/ipxemenu.HEAD
|
||||
insertafter: '-- Customized Boot Entries --'
|
||||
line: "item {{ item.key }} Debian GNU/Linux {{ item.key }} NFS"
|
||||
loop:
|
||||
"{{ live_iso | dict2items }}"
|
||||
notify: rebuild di-netboot menu
|
||||
|
||||
- name: find kernel version
|
||||
shell:
|
||||
cmd: >-
|
||||
basename /var/lib/tftpboot/d-i/n-live/{{ item.key }}/live/vmlinuz*
|
||||
| sed "s/vmlinuz-//"
|
||||
register: images
|
||||
changed_when: false
|
||||
loop:
|
||||
"{{ live_iso | dict2items }}"
|
||||
|
||||
- name: prepare debian live boot loader ipxe
|
||||
blockinfile:
|
||||
path: /etc/di-netboot-assistant/ipxemenu.HEAD
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.item.key }}"
|
||||
block: |
|
||||
:{{ item.item.key }}
|
||||
echo Booting Debian GNU/Linux {{ item.item.key }} NFS
|
||||
kernel ${210:string}d-i/n-live/{{ item.item.key }}/live/vmlinuz-{{ item.stdout }} \
|
||||
initrd=initrd.img-{{ item.stdout }} {{ boot_params|join(' ') }} \
|
||||
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.item.key }}/
|
||||
initrd ${210:string}d-i/n-live/{{ item.item.key }}/live/initrd.img-{{ item.stdout }}
|
||||
boot
|
||||
loop:
|
||||
"{{ images.results }}"
|
||||
notify: rebuild di-netboot menu
|
||||
|
||||
- name: prepare debian live boot loader grub
|
||||
blockinfile:
|
||||
path: /etc/di-netboot-assistant/grub.cfg.HEAD
|
||||
insertbefore: "^menuentry 'Boot from local disk..'"
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.item.key }}"
|
||||
block: |
|
||||
menuentry 'Debian GNU/Linux Live {{ item.item.key }} NFS' {
|
||||
linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.item.key }}/live/vmlinuz-{{ item.stdout }} \
|
||||
{{ boot_params|join(' ') }} \
|
||||
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.item.key }}/
|
||||
initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.item.key }}/live/initrd.img-{{ item.stdout }}
|
||||
}
|
||||
loop:
|
||||
"{{ images.results }}"
|
||||
notify: rebuild di-netboot menu
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
---
|
||||
- name: restart radvd
|
||||
systemd:
|
||||
name: radvd.service
|
||||
state: restarted
|
||||
enabled: true
|
||||
listen: restart radvd
|
||||
|
||||
- name: restart kea-dhcp6-server
|
||||
systemd:
|
||||
name: kea-dhcp6-server.service
|
||||
state: restarted
|
||||
enabled: true
|
||||
listen: restart kea-dhcp6-server
|
||||
|
||||
- name: restart network interfaces
|
||||
systemd:
|
||||
name: networking
|
||||
state: restarted
|
||||
listen: reconfigure network
|
||||
|
|
@ -1,39 +0,0 @@
|
|||
## DHCPv6, RAs and TFTP
|
||||
---
|
||||
- name: preseed aftpd
|
||||
debconf:
|
||||
name: atftpd
|
||||
question: atftpd/basedir
|
||||
value: /var/lib/tftpboot
|
||||
vtype: string
|
||||
|
||||
- name: install di-netboot-assistant and installer package
|
||||
apt:
|
||||
name:
|
||||
- kea-dhcp6-server
|
||||
- radvd
|
||||
- atftpd
|
||||
state: latest # noqa package-latest
|
||||
|
||||
- name: configure radvd
|
||||
template:
|
||||
src: radvd.conf.j2
|
||||
dest: /etc/radvd.conf
|
||||
mode: 0644
|
||||
notify: restart radvd
|
||||
|
||||
- name: configure kea-dhcp-server
|
||||
template:
|
||||
src: kea-dhcp6.conf.j2
|
||||
dest: /etc/kea/kea-dhcp6.conf
|
||||
mode: 0644
|
||||
notify: restart kea-dhcp6-server
|
||||
|
||||
- name: set IPv6 address on interface
|
||||
blockinfile:
|
||||
path: /etc/network/interfaces
|
||||
block: |
|
||||
allow-hotplug {{ if_lan }}
|
||||
iface {{ if_lan }} inet6 static
|
||||
address 2001:db8:b001::1/64
|
||||
notify: reconfigure network
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
{
|
||||
"Dhcp6": {
|
||||
"interfaces-config": {
|
||||
"interfaces": [ "{{ if_lan }}" ]
|
||||
},
|
||||
"option-data": [
|
||||
{
|
||||
"name": "bootfile-url",
|
||||
"data": "tftp://[2001:db8:b001::1]/d-i/n-a/grubx64.efi"
|
||||
}
|
||||
],
|
||||
"subnet6": [
|
||||
{
|
||||
"subnet": "2001:db8:b001::/64",
|
||||
"pools": [ { "pool": "2001:db8:b001::2 - 2001:db8:b001::ffff" } ],
|
||||
"interface": "enp1s0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
interface {{ if_lan }}
|
||||
{
|
||||
AdvSendAdvert on;
|
||||
AdvManagedFlag on;
|
||||
AdvOtherConfigFlag on;
|
||||
|
||||
prefix {{ prefix }}
|
||||
{
|
||||
};
|
||||
};
|
||||
|
|
@ -1 +0,0 @@
|
|||
name_servers: ns1.{{ ansible_domain }}
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
- name: restart isc-dhcp-server
|
||||
systemd: name=isc-dhcp-server state=restarted enabled=yes
|
||||
listen: restart isc-dhcp-server
|
||||
|
||||
- name: restart bind
|
||||
systemd: name=bind9 state=restarted enabled=yes
|
||||
listen: restart bind
|
||||
|
||||
- name: restart tftpd-hpa
|
||||
systemd: name=tftpd-hpa state=restarted enabled=yes
|
||||
listen: restart tftpd-hpa
|
||||
|
||||
- name: restart dhcp-client
|
||||
systemd: name=ifup@{{ if_wan }} state=restarted enabled=yes
|
||||
listen: restart dhcp-client
|
||||
|
|
@ -1,100 +0,0 @@
|
|||
---
|
||||
- name: preseed tftpd-hpa
|
||||
debconf:
|
||||
name: tftpd-hpa
|
||||
question: tftpd-hpa/directory
|
||||
value: /var/lib/tftpboot
|
||||
vtype: string
|
||||
|
||||
- name: install tftpd, dhcpd and named packages
|
||||
apt:
|
||||
name:
|
||||
- isc-dhcp-server
|
||||
- tftpd-hpa
|
||||
- bind9
|
||||
state: latest # noqa package-latest
|
||||
|
||||
## FIXME: preseeding seems to be ignored
|
||||
- name: configure TFTP root directory
|
||||
replace:
|
||||
path: /etc/default/tftpd-hpa
|
||||
regexp: '^TFTP_DIRECTORY=".*"$'
|
||||
replace: 'TFTP_DIRECTORY="/var/lib/tftpboot"'
|
||||
notify: restart tftpd-hpa
|
||||
|
||||
- name: serve dhcp on LAN interface
|
||||
replace:
|
||||
path: /etc/default/isc-dhcp-server
|
||||
regexp: '^INTERFACESv4=".*"$'
|
||||
replace: 'INTERFACESv4="{{ if_lan }}"'
|
||||
notify: restart isc-dhcp-server
|
||||
|
||||
- name: deploy config files for isc-dhcp-server
|
||||
template:
|
||||
src: dhcpd.conf.j2
|
||||
dest: /etc/dhcp/dhcpd.conf
|
||||
mode: 0644
|
||||
backup: true
|
||||
notify: restart isc-dhcp-server
|
||||
|
||||
- name: deploy config files for bind9
|
||||
template:
|
||||
src: "{{ item.src }}.j2"
|
||||
dest: "/etc/bind/{{ item.dest }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- src: db.RR
|
||||
dest: "db.{{ ansible_domain }}"
|
||||
- src: db.RRinv
|
||||
dest: "db.{{ ipaddr_lan_threeoct }}"
|
||||
- src: localzones
|
||||
dest: localzones
|
||||
notify: restart bind
|
||||
|
||||
- name: link zone files to writeable directory for DDNS
|
||||
file:
|
||||
src: "/etc/bind/{{ item }}"
|
||||
dest: "/var/lib/bind/{{ item }}"
|
||||
state: link
|
||||
loop:
|
||||
- "db.{{ ansible_domain }}"
|
||||
- "db.{{ ipaddr_lan_threeoct }}"
|
||||
notify: restart bind
|
||||
|
||||
- name: enable local bind config
|
||||
lineinfile:
|
||||
path: /etc/bind/named.conf.local
|
||||
line: 'include "/etc/bind/localzones";'
|
||||
notify: restart bind
|
||||
|
||||
- name: adapt resolv.conf
|
||||
template:
|
||||
src: resolv.conf.j2
|
||||
dest: /etc/resolv.conf
|
||||
mode: 0644
|
||||
notify: restart isc-dhcp-server
|
||||
|
||||
## stop dhclient from overwriting /etc/resolv.conf:
|
||||
- name: supersede dhcp client data
|
||||
blockinfile:
|
||||
dest: /etc/dhcp/dhclient.conf
|
||||
block: |
|
||||
supersede domain-search "{{ ansible_domain }}";
|
||||
supersede domain-name-servers 127.0.0.1;
|
||||
insertbefore: "#send dhcp-client-identifier.*"
|
||||
notify: restart dhcp-client
|
||||
|
||||
- name: generate rndc key
|
||||
command:
|
||||
cmd: rndc-confgen -a
|
||||
creates: /etc/bind/rndc.key
|
||||
|
||||
- name: copy rndc key
|
||||
copy:
|
||||
src: /etc/bind/rndc.key
|
||||
dest: /etc/dhcp/
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0640
|
||||
remote_src: true
|
||||
notify: restart isc-dhcp-server
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
$TTL 500
|
||||
@ IN SOA {{ ansible_fqdn }}. root.{{ ansible_domain }}. (
|
||||
1 ; Serial
|
||||
3600 ; Refresh
|
||||
1800 ; Retry
|
||||
720000 ; Expire
|
||||
6400 ) ; Negative Cache TTL
|
||||
;
|
||||
@ NS {{ ansible_fqdn }}.
|
||||
MX 10 {{ ansible_fqdn }}.
|
||||
{{ ansible_hostname }} A {{ ipaddr_lan | ipaddr("address") }}
|
||||
_ldap._tcp SRV 100 0 389 {{ ansible_fqdn }}.
|
||||
ns1 CNAME {{ ansible_fqdn }}.
|
||||
ns2 CNAME {{ ansible_fqdn }}.
|
||||
aptcache CNAME {{ ansible_fqdn }}.
|
||||
homes CNAME {{ ansible_fqdn }}.
|
||||
ldap CNAME {{ ansible_fqdn }}.
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
$TTL 500
|
||||
@ IN SOA {{ ansible_fqdn }}. root.{{ ansible_domain }}. (
|
||||
1 ; Serial
|
||||
3600 ; Refresh
|
||||
1800 ; Retry
|
||||
720000 ; Expire
|
||||
6400 ) ; Negative Cache TTL
|
||||
;
|
||||
@ NS {{ ansible_fqdn }}.
|
||||
MX 10 {{ ansible_fqdn }}.
|
||||
{{ ipaddr_lan | ipaddr("address") | regex_replace("^.*\.(.+$)", "\\1") }} PTR {{ ansible_fqdn }}.
|
||||
|
|
@ -1,139 +0,0 @@
|
|||
# dhcpd.conf
|
||||
#
|
||||
# Sample configuration file for ISC dhcpd
|
||||
#
|
||||
|
||||
# option definitions common to all supported networks...
|
||||
option domain-name "{{ ansible_domain }}";
|
||||
option domain-name-servers {{ name_servers }};
|
||||
|
||||
default-lease-time 600;
|
||||
max-lease-time 7200;
|
||||
|
||||
# The ddns-updates-style parameter controls whether or not the server will
|
||||
# attempt to do a DNS update when a lease is confirmed. We default to the
|
||||
# behavior of the version 2 packages ('none', since DHCP v2 didn't
|
||||
# have support for DDNS.)
|
||||
#ddns-update-style none;
|
||||
|
||||
use-host-decl-names on;
|
||||
ddns-update-style standard;
|
||||
|
||||
include "/etc/dhcp/rndc.key";
|
||||
|
||||
zone {{ ansible_domain }}. {
|
||||
primary 127.0.0.1;
|
||||
key rndc-key;
|
||||
}
|
||||
|
||||
zone {{ ipaddr_lan_ptr }} {
|
||||
primary 127.0.0.1;
|
||||
key rndc-key;
|
||||
}
|
||||
|
||||
|
||||
# If this DHCP server is the official DHCP server for the local
|
||||
# network, the authoritative directive should be uncommented.
|
||||
authoritative;
|
||||
|
||||
# Use this to send dhcp log messages to a different log file (you also
|
||||
# have to hack syslog.conf to complete the redirection).
|
||||
#log-facility local7;
|
||||
|
||||
## The tftpd server IP address, for all clients.
|
||||
next-server {{ ipaddr_lan | ipaddr("address") }};
|
||||
|
||||
option arch code 93 = unsigned integer 16;
|
||||
if option arch = 00:07 {
|
||||
filename "d-i/n-a/bootnetx64.efi";
|
||||
} else {
|
||||
filename "d-i/n-a/pxelinux.0";
|
||||
}
|
||||
|
||||
subnet {{ ipaddr_lan | ipaddr("network") }} netmask {{ ipaddr_lan | ipaddr("netmask") }} {
|
||||
option routers {{ ipaddr_lan | ipaddr("address") }};
|
||||
range {{ dhcp_start }} {{ dhcp_stop }};
|
||||
}
|
||||
|
||||
|
||||
# No service will be given on this subnet, but declaring it helps the
|
||||
# DHCP server to understand the network topology.
|
||||
|
||||
#subnet 10.152.187.0 netmask 255.255.255.0 {
|
||||
#}
|
||||
|
||||
# This is a very basic subnet declaration.
|
||||
|
||||
#subnet 10.254.239.0 netmask 255.255.255.224 {
|
||||
# range 10.254.239.10 10.254.239.20;
|
||||
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
|
||||
#}
|
||||
|
||||
# This declaration allows BOOTP clients to get dynamic addresses,
|
||||
# which we don't really recommend.
|
||||
|
||||
#subnet 10.254.239.32 netmask 255.255.255.224 {
|
||||
# range dynamic-bootp 10.254.239.40 10.254.239.60;
|
||||
# option broadcast-address 10.254.239.31;
|
||||
# option routers rtr-239-32-1.example.org;
|
||||
#}
|
||||
|
||||
# A slightly different configuration for an internal subnet.
|
||||
#subnet 10.5.5.0 netmask 255.255.255.224 {
|
||||
# range 10.5.5.26 10.5.5.30;
|
||||
# option domain-name-servers ns1.internal.example.org;
|
||||
# option domain-name "internal.example.org";
|
||||
# option routers 10.5.5.1;
|
||||
# option broadcast-address 10.5.5.31;
|
||||
# default-lease-time 600;
|
||||
# max-lease-time 7200;
|
||||
#}
|
||||
|
||||
# Hosts which require special configuration options can be listed in
|
||||
# host statements. If no address is specified, the address will be
|
||||
# allocated dynamically (if possible), but the host-specific information
|
||||
# will still come from the host declaration.
|
||||
|
||||
#host passacaglia {
|
||||
# hardware ethernet 0:0:c0:5d:bd:95;
|
||||
# filename "vmunix.passacaglia";
|
||||
# server-name "toccata.example.com";
|
||||
#}
|
||||
|
||||
# Fixed IP addresses can also be specified for hosts. These addresses
|
||||
# should not also be listed as being available for dynamic assignment.
|
||||
# Hosts for which fixed IP addresses have been specified can boot using
|
||||
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
|
||||
# be booted with DHCP, unless there is an address range on the subnet
|
||||
# to which a BOOTP client is connected which has the dynamic-bootp flag
|
||||
# set.
|
||||
#host fantasia {
|
||||
# hardware ethernet 08:00:07:26:c0:a5;
|
||||
# fixed-address fantasia.example.com;
|
||||
#}
|
||||
|
||||
# You can declare a class of clients and then do address allocation
|
||||
# based on that. The example below shows a case where all clients
|
||||
# in a certain class get addresses on the 10.17.224/24 subnet, and all
|
||||
# other clients get addresses on the 10.0.29/24 subnet.
|
||||
|
||||
#class "foo" {
|
||||
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
|
||||
#}
|
||||
|
||||
#shared-network 224-29 {
|
||||
# subnet 10.17.224.0 netmask 255.255.255.0 {
|
||||
# option routers rtr-224.example.org;
|
||||
# }
|
||||
# subnet 10.0.29.0 netmask 255.255.255.0 {
|
||||
# option routers rtr-29.example.org;
|
||||
# }
|
||||
# pool {
|
||||
# allow members of "foo";
|
||||
# range 10.17.224.10 10.17.224.250;
|
||||
# }
|
||||
# pool {
|
||||
# deny members of "foo";
|
||||
# range 10.0.29.10 10.0.29.230;
|
||||
# }
|
||||
#}
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
include "/etc/bind/rndc.key";
|
||||
|
||||
zone "{{ ipaddr_lan_ptr[:-1] }}" {
|
||||
type master;
|
||||
notify no;
|
||||
file "/etc/bind/db.{{ ipaddr_lan_threeoct }}";
|
||||
journal "/var/lib/bind/db.{{ ipaddr_lan_threeoct }}.jnl";
|
||||
allow-update { key rndc-key; };
|
||||
};
|
||||
|
||||
zone "{{ ansible_domain }}" {
|
||||
type master;
|
||||
notify no;
|
||||
file "/etc/bind/db.{{ ansible_domain }}";
|
||||
journal "/var/lib/bind/db.{{ ansible_domain }}.jnl";
|
||||
allow-update { key rndc-key; };
|
||||
};
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
search {{ ansible_domain }}.
|
||||
nameserver 127.0.0.1
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- name: restart dnsmasq
|
||||
service: name=dnsmasq state=restarted enabled=yes
|
||||
listen: "restart dnsmasq"
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
- name: check if dnsmasq is already there
|
||||
stat: path=/etc/dnsmasq.d/dnsmasq-dhcp
|
||||
register: dnsmasq
|
||||
|
||||
- name: install dnsmasq package
|
||||
apt:
|
||||
name:
|
||||
- dnsmasq
|
||||
- resolvconf
|
||||
state: latest # noqa package-latest
|
||||
|
||||
- name: configure dnsmasq dhcp
|
||||
template:
|
||||
src: dnsmasq-dhcp.j2
|
||||
dest: /etc/dnsmasq.d/dnsmasq-dhcp
|
||||
mode: 0644
|
||||
notify: "restart dnsmasq"
|
||||
|
||||
- name: configure dnsmasq tftp
|
||||
template:
|
||||
src: dnsmasq-tftp-netboot-installer.j2
|
||||
dest: /etc/dnsmasq.d/tftp-netboot-installer
|
||||
mode: 0644
|
||||
notify: "restart dnsmasq"
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
interface={{ if_lan }}
|
||||
dhcp-range={{ dhcp_start }},{{ dhcp_stop }},2h
|
||||
# dhcp-generate-names ## better use grub to generate names
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
enable-tftp
|
||||
tftp-root={{ tftp_root }}
|
||||
dhcp-boot=d-i/n-a/pxelinux.0
|
||||
dhcp-match=set:efi-x86_64,option:client-arch,7
|
||||
dhcp-boot=tag:efi-x86_64,d-i/n-a/bootnetx64.efi
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
## generate most of this list with 'tasksel --task-packages standard'
|
||||
cont_packages:
|
||||
- systemd-container
|
||||
- openssh-server
|
||||
- sudo
|
||||
- python3
|
||||
- auto-apt-proxy
|
||||
- bash-completion
|
||||
- ca-certificates
|
||||
- man-db
|
||||
- manpages
|
||||
|
||||
cont_packages_extra: []
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
- name: enable and restart containers
|
||||
systemd:
|
||||
name: systemd-nspawn@{{ contname }}{{ "%02d" | format(item|int) }}.service
|
||||
state: restarted
|
||||
enabled: true
|
||||
loop: "{{ containers }}"
|
||||
listen: enable and restart containers
|
||||
|
|
@ -1,70 +0,0 @@
|
|||
## Prepare minimal systemd-nspawn containers for educational use.
|
||||
##
|
||||
## Port mapping to the host:
|
||||
##
|
||||
## container 0: ssh → host port 10000, HTTP → 10100
|
||||
## container 1: ssh → host port 10001, HTTP → 10101
|
||||
## ... ... ...
|
||||
##
|
||||
## User '{{ contuser }}' in the sudo group. Password is '{{ contpwd }}'.
|
||||
##
|
||||
|
||||
- name: stop all containers
|
||||
systemd:
|
||||
name: systemd-nspawn@{{ contname }}{{ "%02d" | format(item|int) }}.service
|
||||
state: stopped
|
||||
loop: "{{ containers | reverse }}"
|
||||
tags:
|
||||
- never
|
||||
- stop
|
||||
- reset
|
||||
- purge
|
||||
- setup
|
||||
- restart
|
||||
|
||||
- name: purge all containers
|
||||
command:
|
||||
cmd: machinectl remove {{ contname }}{{ "%02d" | format(item|int) }}
|
||||
removes: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}
|
||||
loop: "{{ containers | reverse }}"
|
||||
tags:
|
||||
- never
|
||||
- purge
|
||||
- setup
|
||||
|
||||
- name: remove container overlay
|
||||
file:
|
||||
path: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}-delta
|
||||
state: absent
|
||||
loop: "{{ containers | reverse }}"
|
||||
tags:
|
||||
- never
|
||||
- reset
|
||||
- purge
|
||||
- setup
|
||||
|
||||
- name: start all containers
|
||||
systemd:
|
||||
name: systemd-nspawn@{{ contname }}{{ "%02d" | format(item|int) }}.service
|
||||
state: started
|
||||
loop: "{{ containers | reverse }}"
|
||||
tags:
|
||||
- never
|
||||
- start
|
||||
- reset
|
||||
- restart
|
||||
|
||||
###########
|
||||
|
||||
- name: check if container template exists
|
||||
ansible.builtin.stat:
|
||||
path: "/var/lib/machines/{{ contname }}00"
|
||||
register: cont
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: import setup.yml tasks
|
||||
import_tasks: setup.yml
|
||||
when: cont.stat.isdir is not defined
|
||||
tags:
|
||||
- always
|
||||
|
|
@ -1,181 +0,0 @@
|
|||
---
|
||||
|
||||
- name: install packages
|
||||
apt:
|
||||
name:
|
||||
- systemd-container
|
||||
- debootstrap
|
||||
- auto-apt-proxy
|
||||
state: latest # noqa package-latest
|
||||
|
||||
- name: prepare machine directory
|
||||
file:
|
||||
path: /var/lib/machines/
|
||||
state: directory
|
||||
mode: 0700
|
||||
|
||||
- name: debootstrap base system
|
||||
command:
|
||||
cmd: >
|
||||
auto-apt-proxy debootstrap
|
||||
--include={{ cont_packages | union(cont_packages_extra) | join(',') }}
|
||||
--components=main,contrib,non-free stable
|
||||
{{ contname }}00 http://deb.debian.org/debian
|
||||
args:
|
||||
chdir: /var/lib/machines/
|
||||
creates: /var/lib/machines/{{ contname }}00
|
||||
notify: enable and restart containers
|
||||
|
||||
- name: provide complete apt sources
|
||||
copy:
|
||||
src: /etc/apt/sources.list
|
||||
dest: /var/lib/machines/{{ contname }}00/etc/apt/sources.list
|
||||
mode: 0644
|
||||
remote_src: true
|
||||
|
||||
- name: configure locale
|
||||
lineinfile:
|
||||
path: /var/lib/machines/{{ contname }}00/etc/profile
|
||||
line: 'export LANG=C'
|
||||
|
||||
## Use 'chroot' here instead of 'systemd-nspawn -D …' to make it work
|
||||
## with ansible-pull in the preseed debian installer:
|
||||
- name: upgrade container
|
||||
command:
|
||||
cmd: "{{ item }}"
|
||||
args:
|
||||
chdir: /var/lib/machines/{{ contname }}00
|
||||
loop:
|
||||
- mount --bind /proc proc
|
||||
- mount --bind /sys sys
|
||||
- mount --bind /dev/pts dev/pts
|
||||
- chroot . sh -c '/usr/bin/apt-get update && DEBIAN_FRONTEND=noninteractive /usr/bin/apt-get full-upgrade --yes'
|
||||
- umount proc sys dev/pts
|
||||
register: cmd_result
|
||||
changed_when: cmd_result.stdout is not search('0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.')
|
||||
|
||||
- name: provide {{ contuser }} user account
|
||||
command:
|
||||
cmd: >
|
||||
chroot . sh -c '/usr/sbin/useradd -m -s /bin/bash
|
||||
-c "User {{ contuser }},,," -G sudo {{ contuser }}'
|
||||
args:
|
||||
chdir: /var/lib/machines/{{ contname }}00
|
||||
creates: /var/lib/machines/{{ contname }}00/home/{{ contuser }}
|
||||
register: user_account
|
||||
|
||||
- name: provide empty password for {{ contuser }} user
|
||||
command:
|
||||
cmd: chroot . sh -c "passwd -d {{ contuser }}"
|
||||
args:
|
||||
chdir: /var/lib/machines/{{ contname }}00
|
||||
when: user_account.changed | default(false) and contpwd | length == 0
|
||||
|
||||
- name: provide password for container {{ contuser }} user
|
||||
command:
|
||||
cmd: chroot . sh -c "echo {{ contuser }}:{{ contpwd }} | chpasswd"
|
||||
args:
|
||||
chdir: /var/lib/machines/{{ contname }}00
|
||||
when: user_account.changed | default(true) and contpwd | length > 0
|
||||
|
||||
- name: allow empty passwords in ssh
|
||||
lineinfile:
|
||||
path: /var/lib/machines/{{ contname }}00/etc/ssh/sshd_config
|
||||
insertafter: '#PermitEmptyPasswords no'
|
||||
line: 'PermitEmptyPasswords yes'
|
||||
when: user_account.changed | default(false) and contpwd | length == 0
|
||||
|
||||
- name: prepare directories
|
||||
file:
|
||||
path: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item }}
|
||||
state: directory
|
||||
mode: 0755
|
||||
loop:
|
||||
- multi-user.target.wants
|
||||
- sockets.target.wants
|
||||
- network-online.target.wants
|
||||
notify: enable and restart containers
|
||||
|
||||
- name: enable systemd-networkd service
|
||||
file:
|
||||
src: /lib/systemd/system/{{ item.src }}
|
||||
dest: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item.dest }}
|
||||
state: link
|
||||
follow: false
|
||||
force: true
|
||||
loop:
|
||||
- src: systemd-networkd.service
|
||||
dest: dbus-org.freedesktop.network1.service
|
||||
- src: systemd-networkd.service
|
||||
dest: multi-user.target.wants/systemd-networkd.service
|
||||
- src: systemd-networkd.socket
|
||||
dest: sockets.target.wants/systemd-networkd.socket
|
||||
- src: systemd-networkd-wait-online.service
|
||||
dest: network-online.target.wants/systemd-networkd-wait-online.service
|
||||
notify: enable and restart containers
|
||||
|
||||
- name: enable systemd-resolved in containers
|
||||
file:
|
||||
src: /lib/systemd/system/{{ item.src }}
|
||||
dest: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item.dest }}
|
||||
state: link
|
||||
follow: false
|
||||
force: true
|
||||
loop:
|
||||
- src: systemd-resolved.service
|
||||
dest: dbus-org.freedesktop.resolve1.service
|
||||
- src: systemd-resolved.service
|
||||
dest: multi-user.target.wants/systemd-resolved.service
|
||||
notify: enable and restart containers
|
||||
|
||||
########
|
||||
- name: prepare local sysctl config file
|
||||
copy:
|
||||
content: "# Avoid 'too many open files' error:"
|
||||
dest: /etc/sysctl.d/inotify.conf
|
||||
mode: 0644
|
||||
force: false
|
||||
|
||||
- name: fix too many open files error
|
||||
sysctl:
|
||||
name: fs.inotify.max_user_instances
|
||||
value: '1024'
|
||||
sysctl_file: /etc/sysctl.d/inotify.conf
|
||||
|
||||
- name: generate links to the initial container
|
||||
file:
|
||||
src: "{{ contname }}00"
|
||||
dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}
|
||||
state: link
|
||||
loop: "{{ containers[1:] }}"
|
||||
notify: enable and restart containers
|
||||
|
||||
- name: prepare nspawn config directory
|
||||
file:
|
||||
path: /etc/systemd/nspawn
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: provide container configuration
|
||||
template:
|
||||
src: contcfg.nspawn.j2
|
||||
dest: /etc/systemd/nspawn/{{ contname }}{{ "%02d" | format(item|int) }}.nspawn
|
||||
mode: 0644
|
||||
loop: "{{ containers }}"
|
||||
notify: enable and restart containers
|
||||
|
||||
- name: provide container hostname file
|
||||
template:
|
||||
src: hostname.j2
|
||||
dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hostname
|
||||
mode: 0644
|
||||
loop: "{{ containers }}"
|
||||
notify: enable and restart containers
|
||||
|
||||
- name: provide container hosts file
|
||||
template:
|
||||
src: hosts.j2
|
||||
dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hosts
|
||||
mode: 0644
|
||||
loop: "{{ containers }}"
|
||||
notify: enable and restart containers
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
[Exec]
|
||||
Capability=CAP_NET_ADMIN
|
||||
ResolvConf=copy-host
|
||||
|
||||
[Network]
|
||||
Port=10{{ "%03d" | format(item|int) }}:22
|
||||
Port=10{{ "%03d" | format(item|int + 100) }}:80
|
||||
Port=10{{ "%03d" | format(item|int + 200) }}:443
|
||||
|
||||
[Files]
|
||||
ReadOnly=yes
|
||||
Overlay=+/:/var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}-delta:/
|
||||
PrivateUsersChown=false
|
||||
BindReadOnly=/var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hostname:/etc/hostname
|
||||
BindReadOnly=/var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hosts:/etc/hosts
|
||||
|
|
@ -1 +0,0 @@
|
|||
{{ contname }}{{ "%02d" | format(item|int) }}
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
127.0.0.1 localhost {{ contname }}{{ "%02d" | format(item|int) }}
|
||||
::1 localhost {{ contname }}{{ "%02d" | format(item|int) }} ip6-localhost ip6-loopback
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -1 +0,0 @@
|
|||
build_dir: /opt/live-build/
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
This config space is based on:
|
||||
https://salsa.debian.org/live-team/live-images/-/tree/debian/images/gnome-desktop
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
lb build noauto "${@}" 2>&1 | tee build.log
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
lb clean noauto "${@}"
|
||||
|
||||
rm -f config/binary config/bootstrap config/chroot config/common config/source
|
||||
rm -f config/control
|
||||
|
||||
rm -f build.log
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
lb config noauto \
|
||||
--clean \
|
||||
--cache false \
|
||||
--net-tarball false \
|
||||
--ignore-system-defaults \
|
||||
--distribution bullseye \
|
||||
--binary-images netboot \
|
||||
--mode debian \
|
||||
--backports true \
|
||||
--linux-packages linux-image \
|
||||
--archive-areas "main contrib non-free" \
|
||||
--mirror-bootstrap http://localhost:3142/deb.debian.org/debian/ \
|
||||
--mirror-chroot-security http://localhost:3142/security.debian.org/debian-security/ \
|
||||
"${@}"
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
if [ -e /usr/sbin/plymouth-set-default-theme ] && [ -e /usr/share/plymouth/themes/lines ]
|
||||
then
|
||||
plymouth-set-default-theme lines
|
||||
fi
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/live/0010-disable-kexec-tools.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
echo 'pref("browser.startup.homepage", "https://www.startpage.com");' >> /etc/firefox-esr/firefox-esr.js
|
||||
echo 'pref("network.proxy.type", 4);' >> /etc/firefox-esr/firefox-esr.js
|
||||
|
||||
dconf update
|
||||
|
||||
#sed -i "s/^/#/" /etc/xdg/user-dirs.defaults
|
||||
|
||||
sed -i "s/^#WaylandEnable=false$/WaylandEnable=false/" /etc/gdm3/daemon.conf
|
||||
|
||||
## workaround https://bugzilla.gnome.org/show_bug.cgi?id=730587
|
||||
#dpkg-divert --divert /usr/bin/gnome-keyring-daemon.bak --rename /usr/bin/gnome-keyring-daemon
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
## allow everybody to run wireshark:
|
||||
chmod 0755 /usr/bin/dumpcap
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0020-create-mtab-symlink.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0030-enable-cryptsetup.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0040-create-locales-files.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0100-remove-adjtime-configuration.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0110-remove-backup-files.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0120-remove-dbus-machine-id.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0140-remove-log-files.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0150-remove-mdadm-configuration.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0170-remove-python-py.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0180-remove-systemd-machine-id.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0190-remove-temporary-files.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0400-update-apt-file-cache.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0410-update-apt-xapian-index.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0420-update-glx-alternative.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0430-update-mlocate-database.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0440-update-nvidia-alternative.hook.chroot
|
||||
|
|
@ -1 +0,0 @@
|
|||
/usr/share/live/build/hooks/normal/0500-reproducible-glibc.hook.chroot
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
[org/gnome/login-screen]
|
||||
disable-user-list=true
|
||||
logo='/usr/share/desktop-base/debian-logos/logo-text-64.png'
|
||||
|
||||
[org/gnome/settings-daemon/plugins/power]
|
||||
power-button-action='interactive'
|
||||
sleep-inactive-ac-timeout=600
|
||||
sleep-inactive-ac-type='interactive'
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
[org/gnome/shell]
|
||||
enabled-extensions=['apps-menu@gnome-shell-extensions.gcampax.github.com', 'window-list@gnome-shell-extensions.gcampax.github.com', 'places-menu@gnome-shell-extensions.gcampax.github.com', 'drive-menu@gnome-shell-extensions.gcampax.github.com', 'dash-to-dock@micxgx.gmail.com']
|
||||
|
||||
[org/gnome/desktop/input-sources]
|
||||
sources=[('xkb', 'de'), ('xkb', 'us')]
|
||||
|
||||
[org/gnome/desktop/wm/preferences]
|
||||
button-layout='appmenu:minimize,maximize,close'
|
||||
|
||||
[org/gnome/desktop/peripherals/touchpad]
|
||||
natural-scroll=false
|
||||
edge-scrolling-enabled=true
|
||||
tap-to-click=true
|
||||
|
||||
[org/gnome/nautilus/preferences]
|
||||
default-folder-viewer='list-view'
|
||||
|
||||
[org/gnome/nautilus/list-view]
|
||||
use-tree-view=true
|
||||
|
||||
[org/gnome/settings-daemon/plugins/power]
|
||||
power-button-action='interactive'
|
||||
sleep-inactive-battery-timeout=600
|
||||
sleep-inactive-battery-type='hibernate'
|
||||
sleep-inactive-ac-timeout=6000
|
||||
sleep-inactive-ac-type='nothing'
|
||||
|
||||
[org/gnome/desktop/screensaver]
|
||||
lock-enabled=false
|
||||
|
||||
[org/gnome/desktop/interface]
|
||||
clock-show-date=true
|
||||
clock-show-seconds=true
|
||||
clock-show-weekday=true
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
user-db:user
|
||||
system-db:gdm
|
||||
file-db:/usr/share/gdm/greeter.dconf-defaults
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
user-db:user
|
||||
system-db:local
|
||||
|
|
@ -1,151 +0,0 @@
|
|||
<!--
|
||||
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
|
||||
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
|
||||
virsh edit netboot
|
||||
or other application using the libvirt API.
|
||||
-->
|
||||
|
||||
<domain type='kvm'>
|
||||
<name>netboot</name>
|
||||
<uuid>60ea84db-de6c-493c-8e3f-8e9a99ee19c2</uuid>
|
||||
<metadata>
|
||||
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
|
||||
<libosinfo:os id="http://debian.org/debian/11"/>
|
||||
</libosinfo:libosinfo>
|
||||
</metadata>
|
||||
<memory unit='KiB'>2097152</memory>
|
||||
<currentMemory unit='KiB'>2097152</currentMemory>
|
||||
<vcpu placement='static'>2</vcpu>
|
||||
<os>
|
||||
<type arch='x86_64' machine='pc-q35-3.1'>hvm</type>
|
||||
<loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
|
||||
<nvram>/var/lib/libvirt/qemu/nvram/netboot_VARS.fd</nvram>
|
||||
<boot dev='network'/>
|
||||
</os>
|
||||
<features>
|
||||
<acpi/>
|
||||
<apic/>
|
||||
<vmport state='off'/>
|
||||
</features>
|
||||
<cpu mode='host-model' check='partial'>
|
||||
<model fallback='allow'/>
|
||||
</cpu>
|
||||
<clock offset='utc'>
|
||||
<timer name='rtc' tickpolicy='catchup'/>
|
||||
<timer name='pit' tickpolicy='delay'/>
|
||||
<timer name='hpet' present='no'/>
|
||||
</clock>
|
||||
<on_poweroff>destroy</on_poweroff>
|
||||
<on_reboot>restart</on_reboot>
|
||||
<on_crash>destroy</on_crash>
|
||||
<pm>
|
||||
<suspend-to-mem enabled='no'/>
|
||||
<suspend-to-disk enabled='no'/>
|
||||
</pm>
|
||||
<devices>
|
||||
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||
<controller type='usb' index='0' model='qemu-xhci' ports='15'>
|
||||
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
|
||||
</controller>
|
||||
<controller type='sata' index='0'>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
|
||||
</controller>
|
||||
<controller type='pci' index='0' model='pcie-root'/>
|
||||
<controller type='virtio-serial' index='0'>
|
||||
<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
|
||||
</controller>
|
||||
<controller type='pci' index='1' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='1' port='0x10'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
|
||||
</controller>
|
||||
<controller type='pci' index='2' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='2' port='0x11'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
|
||||
</controller>
|
||||
<controller type='pci' index='3' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='3' port='0x12'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
|
||||
</controller>
|
||||
<controller type='pci' index='4' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='4' port='0x13'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
|
||||
</controller>
|
||||
<controller type='pci' index='5' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='5' port='0x14'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
|
||||
</controller>
|
||||
<controller type='pci' index='6' model='pcie-root-port'>
|
||||
<model name='pcie-root-port'/>
|
||||
<target chassis='6' port='0x15'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
|
||||
</controller>
|
||||
<interface type='direct'>
|
||||
<mac address='52:54:00:VMMAC'/>
|
||||
<source dev='INTERFACE' mode='bridge'/>
|
||||
<model type='virtio'/>
|
||||
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
|
||||
</interface>
|
||||
<interface type='network'>
|
||||
<mac address='52:54:00:46:a6:25'/>
|
||||
<source network='default'/>
|
||||
<model type='virtio'/>
|
||||
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
|
||||
</interface>
|
||||
<interface type='network'>
|
||||
<mac address='52:54:00:5c:fc:08'/>
|
||||
<source network='intern'/>
|
||||
<model type='virtio'/>
|
||||
<address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
|
||||
</interface>
|
||||
<serial type='pty'>
|
||||
<target type='isa-serial' port='0'>
|
||||
<model name='isa-serial'/>
|
||||
</target>
|
||||
</serial>
|
||||
<console type='pty'>
|
||||
<target type='serial' port='0'/>
|
||||
</console>
|
||||
<channel type='unix'>
|
||||
<target type='virtio' name='org.qemu.guest_agent.0'/>
|
||||
<address type='virtio-serial' controller='0' bus='0' port='1'/>
|
||||
</channel>
|
||||
<channel type='spicevmc'>
|
||||
<target type='virtio' name='com.redhat.spice.0'/>
|
||||
<address type='virtio-serial' controller='0' bus='0' port='2'/>
|
||||
</channel>
|
||||
<input type='tablet' bus='usb'>
|
||||
<address type='usb' bus='0' port='1'/>
|
||||
</input>
|
||||
<input type='mouse' bus='ps2'/>
|
||||
<input type='keyboard' bus='ps2'/>
|
||||
<graphics type='spice' autoport='yes'>
|
||||
<listen type='address'/>
|
||||
<image compression='off'/>
|
||||
</graphics>
|
||||
<sound model='ich9'>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
|
||||
</sound>
|
||||
<video>
|
||||
<model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
|
||||
</video>
|
||||
<redirdev bus='usb' type='spicevmc'>
|
||||
<address type='usb' bus='0' port='2'/>
|
||||
</redirdev>
|
||||
<redirdev bus='usb' type='spicevmc'>
|
||||
<address type='usb' bus='0' port='3'/>
|
||||
</redirdev>
|
||||
<memballoon model='virtio'>
|
||||
<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
|
||||
</memballoon>
|
||||
<rng model='virtio'>
|
||||
<backend model='random'>/dev/urandom</backend>
|
||||
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
|
||||
</rng>
|
||||
</devices>
|
||||
</domain>
|
||||
|
|
@ -1 +0,0 @@
|
|||
../default.xml
|
||||
|
|
@ -1 +0,0 @@
|
|||
../intern.xml
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
<!--
|
||||
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
|
||||
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
|
||||
virsh net-edit intern
|
||||
or other application using the libvirt API.
|
||||
-->
|
||||
|
||||
<network>
|
||||
<name>intern</name>
|
||||
<uuid>399d67ae-263b-4aeb-995d-fe0a44f00132</uuid>
|
||||
<bridge name='virbr1' stp='on' delay='0'/>
|
||||
<mac address='52:54:00:93:e1:ee'/>
|
||||
<domain name='intern'/>
|
||||
</network>
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
# Uncomment the following to stop low-level messages on console
|
||||
kernel.printk = 3 4 1 3
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Reference in a new issue