aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server/templates
diff options
context:
space:
mode:
authorEmil Renner Berthing <esmil@labitat.dk>2017-11-19 03:15:26 +0100
committerEmil Renner Berthing <esmil@labitat.dk>2017-11-19 12:46:35 +0100
commit3387c2fdcbe74be6767c5abce5beb9e7df2d3f5b (patch)
tree6263912c4754a73d13670605d9168267fa19d007 /roles/space_server/templates
parent3b795796bd03488a385f3ad42b10b8c0d61282c1 (diff)
downloadlabitat-ansible-3387c2fdcbe74be6767c5abce5beb9e7df2d3f5b.tar.gz
labitat-ansible-3387c2fdcbe74be6767c5abce5beb9e7df2d3f5b.tar.xz
labitat-ansible-3387c2fdcbe74be6767c5abce5beb9e7df2d3f5b.zip
space_server: generate DNS, mDNS and dhcp entries
..from the same variables
Diffstat (limited to 'roles/space_server/templates')
-rw-r--r--roles/space_server/templates/avahi/hosts.j214
-rw-r--r--roles/space_server/templates/dhcpd/dhcpd.conf.j2203
-rw-r--r--roles/space_server/templates/unbound/unbound.conf.j2126
3 files changed, 343 insertions, 0 deletions
diff --git a/roles/space_server/templates/avahi/hosts.j2 b/roles/space_server/templates/avahi/hosts.j2
new file mode 100644
index 0000000..f87ad4b
--- /dev/null
+++ b/roles/space_server/templates/avahi/hosts.j2
@@ -0,0 +1,14 @@
+{% for host in local_hosts %}
+{% if 'mdns' not in host or host.mdns %}
+{% for ip in host.ips | ipv4 %}
+{% if loop.index <= 1 %}
+{{ ip }} {{ host.name }}.local
+{% endif %}
+{% endfor %}
+{% for ip in host.ips | ipv6 %}
+{% if loop.index <= 1 %}
+{{ ip }} {{ host.name }}.local
+{% endif %}
+{% endfor %}
+{% endif %}
+{% endfor %}
diff --git a/roles/space_server/templates/dhcpd/dhcpd.conf.j2 b/roles/space_server/templates/dhcpd/dhcpd.conf.j2
new file mode 100644
index 0000000..1b832e1
--- /dev/null
+++ b/roles/space_server/templates/dhcpd/dhcpd.conf.j2
@@ -0,0 +1,203 @@
+#
+# DHCP Server Configuration file.
+# see /usr/share/doc/dhcp/dhcpd.conf.example
+# see dhcpd.conf(5) man page
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+#option domain-name "labitat.dk";
+default-lease-time 3600;
+max-lease-time 7200;
+min-lease-time 600;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility daemon;
+
+
+# Admin net
+subnet 10.42.0.0 netmask 255.255.255.0 {
+ range 10.42.0.50 10.42.0.69;
+ range 10.42.0.71 10.42.0.250;
+ option routers 10.42.0.1;
+ option domain-name-servers 185.38.175.0;
+ #option ntp-servers 90.185.0.18;
+{% for host in local_hosts %}
+{% if host.ips | ipaddr('10.42.0.0/24') %}
+{% if 'mac' in host %}
+
+{% if 'description' in host %}
+ # {{ host.description }}
+{% endif %}
+ host {{ host.name }} {
+ hardware ethernet {{ host.mac }};
+ fixed-address {{ host.ips | ipaddr('10.42.0.0/24') | first }};
+{% if 'filename' in host %}
+ filename "{{ host.filename }}";
+{% endif %}
+ }
+{% else %}
+
+{% if 'description' in host %}
+ # {{ host.description }}
+{% endif %}
+ #host {{ host.name }} {
+ # fixed-address {{ host.ips | ipaddr('10.42.0.0/24') | first }};
+ #}
+{% endif %}
+{% endif %}
+{% endfor %}
+
+ host spacewand {
+ hardware ethernet 00:1f:7b:b4:0e:00;
+ fixed-address 10.42.0.70;
+ }
+}
+
+
+# Wired net
+subnet 10.42.1.0 netmask 255.255.255.0 {
+ range dynamic-bootp 10.42.1.50 10.42.1.250;
+ option routers 10.42.1.1;
+ option domain-name-servers 185.38.175.0;
+ #option ntp-servers 90.185.0.18;
+ next-server 10.42.1.1;
+ filename "pxelinux.0";
+{% for host in local_hosts %}
+{% if host.ips | ipaddr('10.42.1.0/24') %}
+{% if 'mac' in host %}
+
+{% if 'description' in host %}
+ # {{ host.description }}
+{% endif %}
+ host {{ host.name }} {
+ hardware ethernet {{ host.mac }};
+ fixed-address {{ host.ips | ipaddr('10.42.1.0/24') | first }};
+{% if 'filename' in host %}
+ filename "{{ host.filename }}";
+{% endif %}
+ }
+{% else %}
+
+{% if 'description' in host %}
+ # {{ host.description }}
+{% endif %}
+ #host {{ host.name }} {
+ # fixed-address {{ host.ips | ipaddr('10.42.1.0/24') | first }};
+ #}
+{% endif %}
+{% endif %}
+{% endfor %}
+}
+
+
+# Private wifi
+subnet 10.42.2.0 netmask 255.255.255.0 {
+ range 10.42.2.50 10.42.2.250;
+ option routers 10.42.2.1;
+ option domain-name-servers 185.38.175.0;
+ #option ntp-servers 90.185.0.18;
+ next-server 10.42.2.1;
+ filename "pxelinux.0";
+{% for host in local_hosts %}
+{% if host.ips | ipaddr('10.42.2.0/24') %}
+{% if 'mac' in host %}
+
+{% if 'description' in host %}
+ # {{ host.description }}
+{% endif %}
+ host {{ host.name }} {
+ hardware ethernet {{ host.mac }};
+ fixed-address {{ host.ips | ipaddr('10.42.2.0/24') | first }};
+{% if 'filename' in host %}
+ filename "{{ host.filename }}";
+{% endif %}
+ }
+{% else %}
+
+{% if 'description' in host %}
+ # {{ host.description }}
+{% endif %}
+ #host {{ host.name }} {
+ # fixed-address {{ host.ips | ipaddr('10.42.2.0/24') | first }};
+ #}
+{% endif %}
+{% endif %}
+{% endfor %}
+}
+
+# Free wifi
+subnet 10.42.3.0 netmask 255.255.255.0 {
+ range 10.42.3.50 10.42.3.250;
+ option routers 10.42.3.1;
+ option domain-name-servers 185.38.175.0;
+ #option ntp-servers 90.185.0.18;
+{% for host in local_hosts %}
+{% if host.ips | ipaddr('10.42.3.0/24') %}
+{% if 'mac' in host %}
+
+{% if 'description' in host %}
+ # {{ host.description }}
+{% endif %}
+ host {{ host.name }} {
+ hardware ethernet {{ host.mac }};
+ fixed-address {{ host.ips | ipaddr('10.42.3.0/24') | first }};
+{% if 'filename' in host %}
+ filename "{{ host.filename }}";
+{% endif %}
+ }
+{% else %}
+
+{% if 'description' in host %}
+ # {{ host.description }}
+{% endif %}
+ #host {{ host.name }} {
+ # fixed-address {{ host.ips | ipaddr('10.42.3.0/24') | first }};
+ #}
+{% endif %}
+{% endif %}
+{% endfor %}
+}
+
+# Password protected wifi
+subnet 10.42.4.0 netmask 255.255.255.0 {
+ range 10.42.4.50 10.42.4.250;
+ option routers 10.42.4.1;
+ option domain-name-servers 185.38.175.0;
+ #option ntp-servers 90.185.0.18;
+{% for host in local_hosts %}
+{% if host.ips | ipaddr('10.42.4.0/24') %}
+{% if 'mac' in host %}
+
+{% if 'description' in host %}
+ # {{ host.description }}
+{% endif %}
+ host {{ host.name }} {
+ hardware ethernet {{ host.mac }};
+ fixed-address {{ host.ips | ipaddr('10.42.4.0/24') | first }};
+{% if 'filename' in host %}
+ filename "{{ host.filename }}";
+{% endif %}
+ }
+{% else %}
+
+{% if 'description' in host %}
+ # {{ host.description }}
+{% endif %}
+ #host {{ host.name }} {
+ # fixed-address {{ host.ips | ipaddr('10.42.4.0/24') | first }};
+ #}
+{% endif %}
+{% endif %}
+{% endfor %}
+}
diff --git a/roles/space_server/templates/unbound/unbound.conf.j2 b/roles/space_server/templates/unbound/unbound.conf.j2
new file mode 100644
index 0000000..d2d3aed
--- /dev/null
+++ b/roles/space_server/templates/unbound/unbound.conf.j2
@@ -0,0 +1,126 @@
+server:
+ pidfile: "/run/unbound/unbound.pid"
+ verbosity: 1
+ statistics-interval: 0
+ statistics-cumulative: no
+ extended-statistics: yes
+ num-threads: 1
+
+ define-tag: "local"
+
+ interface: 127.0.0.1
+ interface: ::1
+ interface: 185.38.175.0
+ interface: 2a01:4260:1ab::
+
+ outgoing-interface: 185.38.175.0
+ outgoing-interface: 2a01:4260:1ab::
+ outgoing-port-permit: 32768-60999
+ outgoing-port-avoid: 0-32767
+
+ so-reuseport: yes
+ ip-transparent: yes
+ max-udp-size: 3072
+
+ access-control-tag: 127.0.0.1/32 "local"
+ access-control-tag: ::1/128 "local"
+
+ access-control: 185.38.175.0/24 allow
+ access-control: 10.42.0.0/16 allow
+ access-control-tag: 10.42.0.0/24 "local"
+ access-control-tag: 10.42.1.0/24 "local"
+ access-control-tag: 10.42.2.0/24 "local"
+ # not free wifi 10.42.3.0/24
+ access-control-tag: 10.42.4.0/24 "local"
+ access-control-tag: 10.42.5.0/24 "local"
+ access-control: 2a01:4260:1ab::/48 allow
+ access-control-tag: 2a01:4260:1ab:a::/64 "local"
+ access-control-tag: 2a01:4260:1ab:b::/64 "local"
+ access-control-tag: 2a01:4260:1ab:c::/64 "local"
+ # not free wifi 2a01:4260:1ab:d::/64
+ access-control-tag: 2a01:4260:1ab:e::/64 "local"
+ access-control-tag: 2a01:4260:1ab:f::/64 "local"
+
+ chroot: ""
+ username: "unbound"
+ directory: "/etc/unbound"
+
+ use-syslog: yes
+ log-time-ascii: yes
+
+ harden-glue: yes
+ harden-dnssec-stripped: yes
+ harden-below-nxdomain: yes
+ harden-referral-path: yes
+ qname-minimisation: yes
+
+ prefetch: yes
+ prefetch-key: yes
+ rrset-roundrobin: yes
+ minimal-responses: yes
+
+ module-config: "validator iterator"
+
+ trust-anchor-signaling: yes
+
+ trusted-keys-file: /etc/unbound/keys.d/*.key
+ auto-trust-anchor-file: "/var/lib/unbound/root.key"
+
+ val-clean-additional: yes
+ val-permissive-mode: no
+ serve-expired: yes
+ val-log-level: 1
+
+ local-zone: a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
+ local-data: "a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
+ local-data: "a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
+
+ local-zone: b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
+ local-data: "b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
+ local-data: "b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
+
+ local-zone: c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
+ local-data: "c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
+ local-data: "c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
+
+ local-zone: d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
+ local-data: "d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
+ local-data: "d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
+
+ local-zone: e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
+ local-data: "e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
+ local-data: "e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
+
+ local-zone: f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
+ local-data: "f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
+ local-data: "f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
+
+ local-zone: s. static
+ local-zone-tag: s. "local"
+ local-data: "s. IN SOA space.labitat.dk. esmil.labitat.dk. 20171119 3600 1200 604800 10800"
+ local-data: "s. IN NS space.labitat.dk."
+ local-data: "s. IN A 10.42.1.1"
+ local-data: "s. IN AAAA 2a01:4260:1ab::"
+ local-data: "labitrack.s. IN A 185.38.175.70"
+ local-data: "labitrack.s. IN AAAA 2a01:4260:1ab::cafe"
+ local-data: "track.s. IN A 185.38.175.70"
+ local-data: "track.s. IN AAAA 2a01:4260:1ab::cafe"
+{% for host in local_hosts %}
+{% for ip in host.ips | ipv4 %}
+{% if loop.index <= 1 %}
+ local-data: "{{ host.name }}.s. IN A {{ ip }}"
+ local-data-ptr: "{{ ip }} {{ host.name }}.s."
+{% endif %}
+{% endfor %}
+{% for ip in host.ips | ipv6 %}
+{% if loop.index <= 1 %}
+ local-data: "{{ host.name }}.s. IN AAAA {{ ip }}"
+ local-data-ptr: "{{ ip }} {{ host.name }}.s."
+{% endif %}
+{% endfor %}
+{% endfor %}
+
+remote-control:
+ control-enable: yes
+ control-use-cert: no
+ control-interface: "/run/unbound/control"