1
0
mirror of https://git.libreschool.org/paspo/brasatore.git synced 2024-12-21 21:23:44 +00:00

playbook ansible WIP

This commit is contained in:
Paolo Asperti 2023-10-26 21:15:51 +02:00
parent f4bf1813f6
commit a2083f79d1
Signed by: paspo
GPG Key ID: 06D46905D19D5182
17 changed files with 255 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
hosts.ini

6
ansible.cfg Normal file
View File

@ -0,0 +1,6 @@
[defaults]
retry_files_enabled = False
host_key_checking=False
inventory=hosts.ini
roles_path=roles
pipelining=True

15
hosts.ini.example Normal file
View File

@ -0,0 +1,15 @@
[all:vars]
ansible_connection=ssh
ansible_user=root
hostname=brasatore
lan_iface=eth0
wan_iface=wlan0
dhcp_start=172.16.77.50
dhcp_end=172.16.77.150
lan_ip=172.16.77.1
lan_subnet=255.255.255.0
ssh_key=https://github.com/paspo.keys
[default]
192.168.1.22 hostname=brasatore-test LAN_IFACE=ens224 WAN_IFACE=ens192

4
playbook.yml Normal file
View File

@ -0,0 +1,4 @@
---
- hosts: all
roles:
- pxeserver

View File

@ -0,0 +1,26 @@
---
- name: reboot
reboot:
become: true
- name: nginx_restart
service:
name: nginx
state: restarted
become: true
- name: dnsmasq_restart
service:
name: dnsmasq
state: restarted
become: true
- name: nfs_reload_exports
shell: exportfs -r
become: true
- name: nfs_restart
service:
name: nfs-kernel-server
state: restarted
become: true

View File

@ -0,0 +1,83 @@
---
- name: Set up multiple authorized keys
authorized_key:
user: root
state: present
key: "{{ ssh_key }}"
- name: Set hostname
template:
src: etc_hostname
dest: /etc/hostname
owner: root
group: root
mode: "0644"
become: true
- name: Set hostname (hosts file)
template:
src: etc_hosts
dest: /etc/hosts
owner: root
group: root
mode: "0644"
become: true
notify: reboot
- name: Updating package cache
apt:
update_cache: yes
cache_valid_time: 3600
become: true
ignore_errors: true
- name: Installing common packages
apt:
name:
[
"htop",
"screen",
"ntpdate",
"unattended-upgrades",
"dnsmasq",
"nginx",
"iptables",
"ipxe",
"syslinux-common",
"unzip",
"nfs-kernel-server",
"iptables-persistent"
]
state: latest
become: true
ignore_errors: true
- name: Upgrade all packages to the latest version
apt:
name: "*"
state: latest
become: true
ignore_errors: true
- name: Configure NTP
ini_file:
path: /etc/systemd/timesyncd.conf
section: Time
option: NTP
value: pool.ntp.org
become: true
- name: sets the timezone
timezone:
name: "Europe/Rome"
become: true
- name: Create storage directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: "0755"
with_items:
- /srv/pxe/iso
- /srv/pxe/mount
- /srv/tftp

View File

@ -0,0 +1,30 @@
---
- name: DNSMASQ dhcp
template:
src: dnsmasq/dhcp
dest: /etc/dnsmasq.d/dhcp
owner: root
group: root
mode: "0644"
become: true
notify: dnsmasq_restart
- name: DNSMASQ tftp
template:
src: dnsmasq/tftp
dest: /etc/dnsmasq.d/tftp
owner: root
group: root
mode: "0644"
become: true
notify: dnsmasq_restart
- name: DNSMASQ dns
template:
src: dnsmasq/dns
dest: /etc/dnsmasq.d/dns
owner: root
group: root
mode: "0644"
become: true
notify: dnsmasq_restart

View File

@ -0,0 +1,6 @@
---
- include: common.yml
- include: nginx.yml
- include: dns.yml
- include: nfs.yml

View File

@ -0,0 +1,31 @@
---
- name: NFS rpcmountd options
lineinfile:
path: /etc/default/nfs-kernel-server
regexp: '^RPCMOUNTDOPTS='
line: 'RPCMOUNTDOPTS="--manage-gids --port 4047"'
become: true
notify: nfs_restart
- name: NFS services ports
lineinfile:
path: /etc/services
line: "{{ item }}"
with_items:
- mountd 4047/tcp
- mountd 4047/udp
- lockd 4048/tcp
- lockd 4048/udp
become: true
notify: nfs_restart
- name: NFS exports
template:
src: nfs_exports
dest: /etc/exports
owner: root
group: root
mode: "0644"
become: true
notify: nfs_reload_exports

View File

@ -0,0 +1,23 @@
---
- name: NGINX site config
template:
src: nginx.conf
dest: /etc/nginx/sites-available/pxe
owner: root
group: root
mode: "0644"
become: true
notify: nginx_restart
- name: NGINX remove default config
ansible.builtin.file:
path: /etc/nginx/sites-enabled/default
state: absent
notify: nginx_restart
- name: NGINX enable site
ansible.builtin.file:
src: /etc/nginx/sites-available/pxe
dest: /etc/nginx/sites-enabled/pxe
state: link
notify: nginx_restart

View File

@ -0,0 +1,5 @@
dhcp-range={{ dhcp_start }},{{ dhcp_end }},4h
dhcp-option=option:router,{{ lan_ip }}
dhcp-option=option:dns-server,{{ lan_ip }}
dhcp-authoritative
log-dhcp

View File

@ -0,0 +1,6 @@
bogus-priv
no-resolv
server=9.9.9.9
server=1.1.1.2
expand-hosts
log-queries

View File

@ -0,0 +1,3 @@
enable-tftp
tftp-root=/srv/tftp
tftp-no-fail

View File

@ -0,0 +1 @@
{{ hostname }}

View File

@ -0,0 +1,6 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 {{ hostname }}

View File

@ -0,0 +1 @@
/srv/pxe {{ lan_ip }}/{{ lan_subnet }}(ro,async,no_root_squash,no_subtree_check,crossmnt)

View File

@ -0,0 +1,8 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
root /srv/pxe;
location / {
autoindex on;
}
}