doorputer: add role to set up doorputer rpi

10 files changed, 198 insertions, 0 deletions

diff --git a/doorputer.yml b/doorputer.yml
new file mode 100644
index 0000000..b444e30
--- /dev/null
+++ b/doorputer.yml
@@ -0,0 +1,15 @@
+---
+- hosts: doorputer.s
+  pre_tasks:
+  - name: Detect chroot
+    set_fact:
+      chroot: "{{ ansible_connection == 'chroot' or 'container' in ansible_env }}"
+    tags: always
+  - name: Load secrets
+    include_vars: 'secrets.yml'
+    ignore_errors: yes
+    tags: always
+  roles:
+  - doorputer
+
+# vim: set ts=2 sw=2 et:
diff --git a/inventory b/inventory
index 445f1ce..e5b8fd3 100644
--- a/inventory
+++ b/inventory
@@ -1,2 +1,5 @@
 space.labitat.dk
+
+[rpis]
 jumbotron.s
+doorputer.s
diff --git a/roles/doorputer/files/eth0.network b/roles/doorputer/files/eth0.network
new file mode 100644
index 0000000..601e041
--- /dev/null
+++ b/roles/doorputer/files/eth0.network
@@ -0,0 +1,7 @@
+[Match]
+Name=eth0
+
+[Network]
+DHCP=yes
+IPv6AcceptRA=yes
+LLMNR=yes
diff --git a/roles/doorputer/files/lockserver.service b/roles/doorputer/files/lockserver.service
new file mode 100644
index 0000000..a09666d
--- /dev/null
+++ b/roles/doorputer/files/lockserver.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Lockserver
+
+[Service]
+Type=simple
+User=doorman
+WorkingDirectory=/home/doorman
+ExecStartPre=/home/doorman/lockserver/init.sh
+ExecStart=/home/doorman/lockserver/lockd.py
+StandardOutput=syslog
+StandardError=inherit
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/doorputer/files/motd b/roles/doorputer/files/motd
new file mode 100644
index 0000000..5c83520
--- /dev/null
+++ b/roles/doorputer/files/motd
@@ -0,0 +1,13 @@
+
+     _                              _
+    | |                            | |
+  __| | ___   ___  _ __ _ __  _   _| |_ ___ _ __
+ / _` |/ _ \ / _ \| '__| '_ \| | | | __/ _ \ '__|
+| (_| | (_) | (_) | |  | |_) | |_| | ||  __/ |
+ \__,_|\___/ \___/|_|  | .__/ \__,_|\__\___|_|
+                       | |
+                       |_|
+
+Open da door:
+$ sudo -i
+# echo O > /dev/ttyUSB0
diff --git a/roles/doorputer/meta/main.yml b/roles/doorputer/meta/main.yml
new file mode 100644
index 0000000..731a8f2
--- /dev/null
+++ b/roles/doorputer/meta/main.yml
@@ -0,0 +1,6 @@
+---
+dependencies:
+- role: raspbian
+- role: users
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/doorputer/tasks/bluetooth.yml b/roles/doorputer/tasks/bluetooth.yml
new file mode 100644
index 0000000..ef64f35
--- /dev/null
+++ b/roles/doorputer/tasks/bluetooth.yml
@@ -0,0 +1,16 @@
+---
+- name: Disable hciuart service
+  systemd:
+    name: hciuart.service
+    enabled: no
+    masked: no
+    state: stopped
+
+- name: Disable bluetooth service
+  systemd:
+    name: bluetooth.service
+    enabled: no
+    masked: no
+    state: stopped
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/doorputer/tasks/lockserver.yml b/roles/doorputer/tasks/lockserver.yml
new file mode 100644
index 0000000..57b9e2b
--- /dev/null
+++ b/roles/doorputer/tasks/lockserver.yml
@@ -0,0 +1,69 @@
+---
+- name: Create doorman user
+  user:
+    comment: 'Doorman Doris'
+    name: doorman
+    shell: '/bin/bash'
+    uid: 3000
+    group: users
+    groups:
+    - dialout
+    - gpio
+
+- name: Check out lockserver repo
+  git:
+    dest: '~doorman/lockserver'
+    repo: 'https://github.com/labitat/lockserver.git'
+    accept_hostkey: yes
+    clone: yes
+    update: yes
+    remote: origin
+
+- name: Make sure doorman owns git repo
+  file:
+    dest: '~doorman/lockserver'
+    owner: doorman
+    group: users
+    recurse: yes
+
+- name: Initialize database
+  command:
+    argv:
+    - '/usr/bin/sqlite3'
+    - 'users.db'
+    - '.read lockserver/structure.sql'
+  become_user: doorman
+  args:
+    chdir: '/home/doorman'
+    creates: '/home/doorman/users.db'
+
+- name: Create pasword file
+  copy:
+    dest: '~doorman/lockserver.password'
+    content: "{{ doorputer_webpassword }}\n"
+    owner: doorman
+    group: users
+    mode: 0600
+  when: doorputer_webpassword is defined
+
+- name: Install lockserver service
+  copy:
+    dest: '/etc/systemd/system/lockserver.service'
+    src: lockserver.service
+    owner: root
+    group: root
+    mode: 0644
+  register: lockserver_service
+
+- name: Reload systemd
+  command: systemctl daemon-reload
+  when: lockserver_service is changed
+
+- name: Enable lockserver service
+  systemd:
+    name: lockserver.service
+    enabled: yes
+    masked: no
+    state: started
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/doorputer/tasks/main.yml b/roles/doorputer/tasks/main.yml
new file mode 100644
index 0000000..62a693a
--- /dev/null
+++ b/roles/doorputer/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Install network configuration
+  copy:
+    dest: '/etc/systemd/network/10-eth0.network'
+    src: eth0.network
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+  - networkd-config
+
+- name: Set message of the day
+  copy:
+    dest: '/etc/motd'
+    src: motd
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+  - motd
+
+- import_tasks: bluetooth.yml
+  tags: bluetooth
+- import_tasks: lockserver.yml
+  tags: lockserver
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/doorputer/vars/main.yml b/roles/doorputer/vars/main.yml
new file mode 100644
index 0000000..f07df60
--- /dev/null
+++ b/roles/doorputer/vars/main.yml
@@ -0,0 +1,27 @@
+---
+hostname: 'doorputer'
+
+users:
+  'esmil': sudo
+  'ast': sudo
+  'flummer': sudo
+  'riiiis': sudo
+  'knielsen': sudo
+  'signout': sudo
+
+apt_sources:
+  raspbian:
+    components:
+    - main
+    - contrib
+    - non-free
+    - rpi
+
+apt_packages:
+  'git': present # to check out lockserver repo
+
+  # lockserver dependencies
+  'python3-serial': present
+  'sqlite3': present
+
+# vim: set ts=2 sw=2 et: