playbook ansible WIP

.gitignore

@@ -0,0 +1 @@
+hosts.ini

ansible.cfg

@@ -0,0 +1,6 @@
+[defaults]
+retry_files_enabled = False
+host_key_checking=False
+inventory=hosts.ini
+roles_path=roles
+pipelining=True

hosts.ini.example

@@ -0,0 +1,15 @@
+[all:vars]
+ansible_connection=ssh
+ansible_user=root
+hostname=brasatore
+lan_iface=eth0
+wan_iface=wlan0
+dhcp_start=172.16.77.50
+dhcp_end=172.16.77.150
+lan_ip=172.16.77.1
+lan_subnet=255.255.255.0
+ssh_key=https://github.com/paspo.keys
+
+
+[default]
+192.168.1.22          hostname=brasatore-test LAN_IFACE=ens224 WAN_IFACE=ens192

playbook.yml

@@ -0,0 +1,4 @@
+---
+- hosts: all
+  roles:
+    - pxeserver

roles/pxeserver/handlers/main.yaml

@@ -0,0 +1,26 @@
+---
+- name: reboot
+  reboot:
+  become: true
+
+- name: nginx_restart
+  service:
+    name: nginx
+    state: restarted
+  become: true
+
+- name: dnsmasq_restart
+  service:
+    name: dnsmasq
+    state: restarted
+  become: true
+
+- name: nfs_reload_exports
+  shell: exportfs -r
+  become: true
+
+- name: nfs_restart
+  service:
+    name: nfs-kernel-server
+    state: restarted
+  become: true

roles/pxeserver/tasks/common.yml

@@ -0,0 +1,83 @@
+---
+- name: Set up multiple authorized keys
+  authorized_key:
+    user: root
+    state: present
+    key: "{{ ssh_key }}"
+
+- name: Set hostname
+  template:
+    src: etc_hostname
+    dest: /etc/hostname
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+
+- name: Set hostname (hosts file)
+  template:
+    src: etc_hosts
+    dest: /etc/hosts
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: reboot
+
+- name: Updating package cache
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+  become: true
+  ignore_errors: true
+
+- name: Installing common packages
+  apt:
+    name:
+      [
+        "htop",
+        "screen",
+        "ntpdate",
+        "unattended-upgrades",
+        "dnsmasq",
+        "nginx",
+        "iptables",
+        "ipxe",
+        "syslinux-common",
+        "unzip",
+        "nfs-kernel-server",
+        "iptables-persistent"
+      ]
+    state: latest
+  become: true
+  ignore_errors: true
+
+- name: Upgrade all packages to the latest version
+  apt:
+    name: "*"
+    state: latest
+  become: true
+  ignore_errors: true
+
+- name: Configure NTP
+  ini_file:
+    path: /etc/systemd/timesyncd.conf
+    section: Time
+    option: NTP
+    value: pool.ntp.org
+  become: true
+
+- name: sets the timezone
+  timezone:
+    name: "Europe/Rome"
+  become: true
+
+- name: Create storage directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: "0755"
+  with_items:
+    - /srv/pxe/iso
+    - /srv/pxe/mount
+    - /srv/tftp

roles/pxeserver/tasks/dns.yml

@@ -0,0 +1,30 @@
+---
+- name: DNSMASQ dhcp
+  template:
+    src: dnsmasq/dhcp
+    dest: /etc/dnsmasq.d/dhcp
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: dnsmasq_restart
+
+- name: DNSMASQ tftp
+  template:
+    src: dnsmasq/tftp
+    dest: /etc/dnsmasq.d/tftp
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: dnsmasq_restart
+
+- name: DNSMASQ dns
+  template:
+    src: dnsmasq/dns
+    dest: /etc/dnsmasq.d/dns
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: dnsmasq_restart

roles/pxeserver/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+
+- include: common.yml  
+- include: nginx.yml  
+- include: dns.yml
+- include: nfs.yml

roles/pxeserver/tasks/nfs.yml

@@ -0,0 +1,31 @@
+---
+
+- name: NFS rpcmountd options
+  lineinfile:
+    path: /etc/default/nfs-kernel-server
+    regexp: '^RPCMOUNTDOPTS='
+    line: 'RPCMOUNTDOPTS="--manage-gids --port 4047"'
+  become: true
+  notify: nfs_restart
+
+- name: NFS services ports
+  lineinfile:
+    path: /etc/services
+    line: "{{ item }}"
+  with_items:
+    - mountd 4047/tcp
+    - mountd 4047/udp
+    - lockd 4048/tcp
+    - lockd 4048/udp
+  become: true
+  notify: nfs_restart
+
+- name: NFS exports
+  template:
+    src: nfs_exports
+    dest: /etc/exports
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: nfs_reload_exports

roles/pxeserver/tasks/nginx.yml

@@ -0,0 +1,23 @@
+---
+- name: NGINX site config
+  template:
+    src: nginx.conf
+    dest: /etc/nginx/sites-available/pxe
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: nginx_restart
+
+- name: NGINX remove default config
+  ansible.builtin.file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+  notify: nginx_restart
+
+- name: NGINX enable site
+  ansible.builtin.file:
+    src: /etc/nginx/sites-available/pxe
+    dest: /etc/nginx/sites-enabled/pxe
+    state: link
+  notify: nginx_restart

roles/pxeserver/templates/dnsmasq/dhcp

@@ -0,0 +1,5 @@
+dhcp-range={{ dhcp_start }},{{ dhcp_end }},4h
+dhcp-option=option:router,{{ lan_ip }}
+dhcp-option=option:dns-server,{{ lan_ip }}
+dhcp-authoritative
+log-dhcp

roles/pxeserver/templates/dnsmasq/dns

@@ -0,0 +1,6 @@
+bogus-priv
+no-resolv
+server=9.9.9.9
+server=1.1.1.2
+expand-hosts
+log-queries

roles/pxeserver/templates/dnsmasq/tftp

@@ -0,0 +1,3 @@
+enable-tftp
+tftp-root=/srv/tftp
+tftp-no-fail

roles/pxeserver/templates/etc_hostname

@@ -0,0 +1 @@
+{{ hostname }}

roles/pxeserver/templates/etc_hosts

@@ -0,0 +1,6 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+
+127.0.1.1		{{ hostname }}

roles/pxeserver/templates/nfs_exports

@@ -0,0 +1 @@
+/srv/pxe {{ lan_ip }}/{{ lan_subnet }}(ro,async,no_root_squash,no_subtree_check,crossmnt)

roles/pxeserver/templates/nginx.conf

@@ -0,0 +1,8 @@
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+	root /srv/pxe;
+	location / {
+		autoindex on;
+	}
+}