diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..788482a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +hosts.ini diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..5eda7e1 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,6 @@ +[defaults] +retry_files_enabled = False +host_key_checking=False +inventory=hosts.ini +roles_path=roles +pipelining=True diff --git a/hosts.ini.example b/hosts.ini.example new file mode 100644 index 0000000..ddca05a --- /dev/null +++ b/hosts.ini.example @@ -0,0 +1,15 @@ +[all:vars] +ansible_connection=ssh +ansible_user=root +hostname=brasatore +lan_iface=eth0 +wan_iface=wlan0 +dhcp_start=172.16.77.50 +dhcp_end=172.16.77.150 +lan_ip=172.16.77.1 +lan_subnet=255.255.255.0 +ssh_key=https://github.com/paspo.keys + + +[default] +192.168.1.22 hostname=brasatore-test LAN_IFACE=ens224 WAN_IFACE=ens192 diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..e864e1b --- /dev/null +++ b/playbook.yml @@ -0,0 +1,4 @@ +--- +- hosts: all + roles: + - pxeserver diff --git a/roles/pxeserver/handlers/main.yaml b/roles/pxeserver/handlers/main.yaml new file mode 100644 index 0000000..e579d3b --- /dev/null +++ b/roles/pxeserver/handlers/main.yaml @@ -0,0 +1,26 @@ +--- +- name: reboot + reboot: + become: true + +- name: nginx_restart + service: + name: nginx + state: restarted + become: true + +- name: dnsmasq_restart + service: + name: dnsmasq + state: restarted + become: true + +- name: nfs_reload_exports + shell: exportfs -r + become: true + +- name: nfs_restart + service: + name: nfs-kernel-server + state: restarted + become: true diff --git a/roles/pxeserver/tasks/common.yml b/roles/pxeserver/tasks/common.yml new file mode 100644 index 0000000..a23b41a --- /dev/null +++ b/roles/pxeserver/tasks/common.yml @@ -0,0 +1,83 @@ +--- +- name: Set up multiple authorized keys + authorized_key: + user: root + state: present + key: "{{ ssh_key }}" + +- name: Set hostname + template: + src: etc_hostname + dest: /etc/hostname + owner: root + group: root + mode: "0644" + become: true + +- name: Set hostname (hosts file) + template: + src: etc_hosts + dest: /etc/hosts + owner: root + group: root + mode: "0644" + become: true + notify: reboot + +- name: Updating package cache + apt: + update_cache: yes + cache_valid_time: 3600 + become: true + ignore_errors: true + +- name: Installing common packages + apt: + name: + [ + "htop", + "screen", + "ntpdate", + "unattended-upgrades", + "dnsmasq", + "nginx", + "iptables", + "ipxe", + "syslinux-common", + "unzip", + "nfs-kernel-server", + "iptables-persistent" + ] + state: latest + become: true + ignore_errors: true + +- name: Upgrade all packages to the latest version + apt: + name: "*" + state: latest + become: true + ignore_errors: true + +- name: Configure NTP + ini_file: + path: /etc/systemd/timesyncd.conf + section: Time + option: NTP + value: pool.ntp.org + become: true + +- name: sets the timezone + timezone: + name: "Europe/Rome" + become: true + +- name: Create storage directories + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: "0755" + with_items: + - /srv/pxe/iso + - /srv/pxe/mount + - /srv/tftp diff --git a/roles/pxeserver/tasks/dns.yml b/roles/pxeserver/tasks/dns.yml new file mode 100644 index 0000000..5ea07a5 --- /dev/null +++ b/roles/pxeserver/tasks/dns.yml @@ -0,0 +1,30 @@ +--- +- name: DNSMASQ dhcp + template: + src: dnsmasq/dhcp + dest: /etc/dnsmasq.d/dhcp + owner: root + group: root + mode: "0644" + become: true + notify: dnsmasq_restart + +- name: DNSMASQ tftp + template: + src: dnsmasq/tftp + dest: /etc/dnsmasq.d/tftp + owner: root + group: root + mode: "0644" + become: true + notify: dnsmasq_restart + +- name: DNSMASQ dns + template: + src: dnsmasq/dns + dest: /etc/dnsmasq.d/dns + owner: root + group: root + mode: "0644" + become: true + notify: dnsmasq_restart diff --git a/roles/pxeserver/tasks/main.yml b/roles/pxeserver/tasks/main.yml new file mode 100644 index 0000000..d5a0290 --- /dev/null +++ b/roles/pxeserver/tasks/main.yml @@ -0,0 +1,6 @@ +--- + +- include: common.yml +- include: nginx.yml +- include: dns.yml +- include: nfs.yml diff --git a/roles/pxeserver/tasks/nfs.yml b/roles/pxeserver/tasks/nfs.yml new file mode 100644 index 0000000..1a77bf9 --- /dev/null +++ b/roles/pxeserver/tasks/nfs.yml @@ -0,0 +1,31 @@ +--- + +- name: NFS rpcmountd options + lineinfile: + path: /etc/default/nfs-kernel-server + regexp: '^RPCMOUNTDOPTS=' + line: 'RPCMOUNTDOPTS="--manage-gids --port 4047"' + become: true + notify: nfs_restart + +- name: NFS services ports + lineinfile: + path: /etc/services + line: "{{ item }}" + with_items: + - mountd 4047/tcp + - mountd 4047/udp + - lockd 4048/tcp + - lockd 4048/udp + become: true + notify: nfs_restart + +- name: NFS exports + template: + src: nfs_exports + dest: /etc/exports + owner: root + group: root + mode: "0644" + become: true + notify: nfs_reload_exports diff --git a/roles/pxeserver/tasks/nginx.yml b/roles/pxeserver/tasks/nginx.yml new file mode 100644 index 0000000..4e2574b --- /dev/null +++ b/roles/pxeserver/tasks/nginx.yml @@ -0,0 +1,23 @@ +--- +- name: NGINX site config + template: + src: nginx.conf + dest: /etc/nginx/sites-available/pxe + owner: root + group: root + mode: "0644" + become: true + notify: nginx_restart + +- name: NGINX remove default config + ansible.builtin.file: + path: /etc/nginx/sites-enabled/default + state: absent + notify: nginx_restart + +- name: NGINX enable site + ansible.builtin.file: + src: /etc/nginx/sites-available/pxe + dest: /etc/nginx/sites-enabled/pxe + state: link + notify: nginx_restart diff --git a/roles/pxeserver/templates/dnsmasq/dhcp b/roles/pxeserver/templates/dnsmasq/dhcp new file mode 100644 index 0000000..901bb5a --- /dev/null +++ b/roles/pxeserver/templates/dnsmasq/dhcp @@ -0,0 +1,5 @@ +dhcp-range={{ dhcp_start }},{{ dhcp_end }},4h +dhcp-option=option:router,{{ lan_ip }} +dhcp-option=option:dns-server,{{ lan_ip }} +dhcp-authoritative +log-dhcp \ No newline at end of file diff --git a/roles/pxeserver/templates/dnsmasq/dns b/roles/pxeserver/templates/dnsmasq/dns new file mode 100644 index 0000000..8788a01 --- /dev/null +++ b/roles/pxeserver/templates/dnsmasq/dns @@ -0,0 +1,6 @@ +bogus-priv +no-resolv +server=9.9.9.9 +server=1.1.1.2 +expand-hosts +log-queries \ No newline at end of file diff --git a/roles/pxeserver/templates/dnsmasq/tftp b/roles/pxeserver/templates/dnsmasq/tftp new file mode 100644 index 0000000..133a3e0 --- /dev/null +++ b/roles/pxeserver/templates/dnsmasq/tftp @@ -0,0 +1,3 @@ +enable-tftp +tftp-root=/srv/tftp +tftp-no-fail \ No newline at end of file diff --git a/roles/pxeserver/templates/etc_hostname b/roles/pxeserver/templates/etc_hostname new file mode 100644 index 0000000..56baac7 --- /dev/null +++ b/roles/pxeserver/templates/etc_hostname @@ -0,0 +1 @@ +{{ hostname }} diff --git a/roles/pxeserver/templates/etc_hosts b/roles/pxeserver/templates/etc_hosts new file mode 100644 index 0000000..50dff47 --- /dev/null +++ b/roles/pxeserver/templates/etc_hosts @@ -0,0 +1,6 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + +127.0.1.1 {{ hostname }} diff --git a/roles/pxeserver/templates/nfs_exports b/roles/pxeserver/templates/nfs_exports new file mode 100644 index 0000000..da4b426 --- /dev/null +++ b/roles/pxeserver/templates/nfs_exports @@ -0,0 +1 @@ +/srv/pxe {{ lan_ip }}/{{ lan_subnet }}(ro,async,no_root_squash,no_subtree_check,crossmnt) diff --git a/roles/pxeserver/templates/nginx.conf b/roles/pxeserver/templates/nginx.conf new file mode 100644 index 0000000..e049703 --- /dev/null +++ b/roles/pxeserver/templates/nginx.conf @@ -0,0 +1,8 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + root /srv/pxe; + location / { + autoindex on; + } +} \ No newline at end of file