diff options
| -rwxr-xr-x | roles/space_server/bootstrap.sh | 2 | ||||
| -rw-r--r-- | roles/space_server/defaults/main.yml | 71 | ||||
| -rw-r--r-- | roles/space_server/files/dhcpd/dhcpd.conf | 160 | ||||
| -rw-r--r-- | roles/space_server/tasks/avahi.yml | 7 | ||||
| -rw-r--r-- | roles/space_server/tasks/dhcpd.yml | 4 | ||||
| -rw-r--r-- | roles/space_server/tasks/unbound.yml | 4 | ||||
| -rw-r--r-- | roles/space_server/templates/avahi/hosts.j2 | 14 | ||||
| -rw-r--r-- | roles/space_server/templates/dhcpd/dhcpd.conf.j2 | 203 | ||||
| -rw-r--r-- | roles/space_server/templates/unbound/unbound.conf.j2 (renamed from roles/space_server/files/unbound/unbound.conf) | 44 |
9 files changed, 314 insertions, 195 deletions
diff --git a/roles/space_server/bootstrap.sh b/roles/space_server/bootstrap.sh index c358db5..8fbc399 100755 --- a/roles/space_server/bootstrap.sh +++ b/roles/space_server/bootstrap.sh @@ -55,7 +55,7 @@ dnf \ --disablerepo='*' \ --enablerepo=fedora \ --enablerepo=updates \ - install dnf python2-dnf ansible + install dnf python2-dnf python-netaddr ansible systemd-nspawn -D "$dest" -M space -E ANSIBLE_FORCE_COLOR=1 \ --bind /boot --bind /home -- \ diff --git a/roles/space_server/defaults/main.yml b/roles/space_server/defaults/main.yml index eb582df..6d6f12d 100644 --- a/roles/space_server/defaults/main.yml +++ b/roles/space_server/defaults/main.yml @@ -14,6 +14,7 @@ packages: - python2-dnf - 'dnf-command(leaves)' - ansible + - python-netaddr - vim-enhanced - git - diffutils @@ -28,5 +29,75 @@ boot: root: device: 'LABEL=BTRFS' options: 'noatime,ssd,compress=lzo' +local_hosts: + - name: ap + mac: 00:0f:23:94:43:0b + mdns: false + ips: + - 10.42.0.2 + - name: doorputer + mac: 00:b3:f6:00:36:be + mdns: false + ips: + - 10.42.0.3 + - name: foodputer + mac: 00:d0:59:37:5e:37 + mdns: false + ips: + - 10.42.0.4 + - name: ap1 + mdns: false + ips: + - 10.42.0.5 + - name: ap2 + mdns: false + ips: + - 10.42.0.6 + - 10.42.0.7 + - name: switch + mac: 00:1b:11:6f:42:f8 + mdns: false + ips: + - 10.42.0.9 + - name: lathe + mdns: false + ips: + - 10.42.0.12 + - name: anna + mac: 00:e0:c5:6e:d6:8d + ips: + - 10.42.1.9 + - name: printbrother + mac: 00:80:77:06:9f:26 + ips: + - 10.42.1.32 + - name: infotron + description: Infoscreen Raspberry Pi + mac: b8:27:eb:2c:5d:3a + ips: + - 10.42.1.34 + - name: spacemon + mac: b8:27:eb:24:f8:50 + ips: + - 10.42.1.35 + - name: jumbotron + description: Jumbotron Raspberry Pi + mac: b8:27:eb:d3:c1:62 + mdns: false + ips: + - 10.42.1.36 + - name: hplaserjet + mac: 94:57:a5:ce:e2:6c + mdns: false + ips: + - 10.42.1.37 + - 2a01:4260:1ab:b:9657:a5ff:fece:e26c + - name: labisound + mac: 00:16:e6:f7:43:b0 + ips: + - 10.42.1.40 + - name: sound + ips: + - 10.42.1.80 # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/files/dhcpd/dhcpd.conf b/roles/space_server/files/dhcpd/dhcpd.conf deleted file mode 100644 index f55aeae..0000000 --- a/roles/space_server/files/dhcpd/dhcpd.conf +++ /dev/null @@ -1,160 +0,0 @@ -# -# DHCP Server Configuration file. -# see /usr/share/doc/dhcp/dhcpd.conf.example -# see dhcpd.conf(5) man page -# - -# The ddns-updates-style parameter controls whether or not the server will -# attempt to do a DNS update when a lease is confirmed. We default to the -# behavior of the version 2 packages ('none', since DHCP v2 didn't -# have support for DDNS.) -ddns-update-style none; - -# option definitions common to all supported networks... -#option domain-name "labitat.dk"; -default-lease-time 3600; -max-lease-time 7200; -min-lease-time 600; - -# If this DHCP server is the official DHCP server for the local -# network, the authoritative directive should be uncommented. -authoritative; - -# Use this to send dhcp log messages to a different log file (you also -# have to hack syslog.conf to complete the redirection). -log-facility daemon; - - -# Admin net -subnet 10.42.0.0 netmask 255.255.255.0 { - range 10.42.0.50 10.42.0.69; - range 10.42.0.71 10.42.0.250; - option routers 10.42.0.1; - option domain-name-servers 185.38.175.0; - #option ntp-servers 90.185.0.18; - - host ap { - hardware ethernet 00:0f:23:94:43:0b; - fixed-address 10.42.0.2; - } - - host doorputer { - hardware ethernet 00:b3:f6:00:36:be; - fixed-address 10.42.0.3; - } - - host foodputer { - hardware ethernet 00:d0:59:37:5e:37; - fixed-address 10.42.0.4; - } - - # 10.42.0.5: new ap1 - # 10.42.0.6: new ap2 - - host switch { - hardware ethernet 00:1b:11:6f:42:f8; - fixed-address 10.42.0.9; - } - - host spacewand { - hardware ethernet 00:1f:7b:b4:0e:00; - fixed-address 10.42.0.70; - } -} - - -# Wired net -subnet 10.42.1.0 netmask 255.255.255.0 { - range dynamic-bootp 10.42.1.50 10.42.1.250; - option routers 10.42.1.1; - option domain-name-servers 185.38.175.0; - #option ntp-servers 90.185.0.18; - next-server 10.42.1.1; - filename "pxelinux.0"; - - host anna { - hardware ethernet 00:e0:c5:6e:d6:8d; - fixed-address 10.42.1.9; - } - - # Arduino Ethernet Bootloader test - host flummer { - hardware ethernet 90:A2:DA:00:61:EE; - fixed-address 10.42.1.31; - filename "esmil/test.bin"; - } - - host arduino { - hardware ethernet 00:08:DC:00:00:4F; - fixed-address 10.42.1.31; - filename "esmil/setmac.bin"; - } - - host printbrother { - hardware ethernet 00:80:77:06:9f:26; - fixed-address 10.42.1.32; - } - - # Infoscreen Raspberry Pi - host infotron { - hardware ethernet b8:27:eb:2c:5d:3a; - fixed-address 10.42.1.34; - } - host spacemon { - hardware ethernet b8:27:eb:24:f8:50; - fixed-address 10.42.1.35; - } - host jumbotron { - hardware ethernet b8:27:eb:d3:c1:62; - fixed-address 10.42.1.36; - } - host hplaserjet { - hardware ethernet 94:57:a5:ce:e2:6c; - fixed-address 10.42.1.37; - } - - # fake IP til "hemmeligt projekt" - host tlet { - hardware ethernet 00:00:00:00:00:00; - fixed-address 10.42.1.42; - } - - host labisound { - hardware ethernet 00:16:e6:f7:43:b0; - fixed-address 10.42.1.40; - } - - #test riiiis april2014 - host riiiisarduinoserverrebootertest { - fixed-address 10.42.1.49; - } - -} - - -# Private wifi -subnet 10.42.2.0 netmask 255.255.255.0 { - range 10.42.2.50 10.42.2.250; - option routers 10.42.2.1; - option domain-name-servers 185.38.175.0; - #option ntp-servers 90.185.0.18; - next-server 10.42.2.1; - filename "pxelinux.0"; -} - -# Free wifi -subnet 10.42.3.0 netmask 255.255.255.0 { - range 10.42.3.50 10.42.3.250; - option routers 10.42.3.1; - option domain-name-servers 185.38.175.0; - #option ntp-servers 90.185.0.18; - -} - -# Password protected wifi -subnet 10.42.4.0 netmask 255.255.255.0 { - range 10.42.4.50 10.42.4.250; - option routers 10.42.4.1; - option domain-name-servers 185.38.175.0; - #option ntp-servers 90.185.0.18; -} diff --git a/roles/space_server/tasks/avahi.yml b/roles/space_server/tasks/avahi.yml index ebf21ef..db8a5ee 100644 --- a/roles/space_server/tasks/avahi.yml +++ b/roles/space_server/tasks/avahi.yml @@ -80,6 +80,13 @@ notify: - restart avahi-daemon +- name: Configure hosts + template: + src: avahi/hosts.j2 + dest: '/etc/avahi/hosts' + notify: + - restart avahi-daemon + - name: Enable avahi-daemon service systemd: name: avahi-daemon.service diff --git a/roles/space_server/tasks/dhcpd.yml b/roles/space_server/tasks/dhcpd.yml index c72fa75..a15ce49 100644 --- a/roles/space_server/tasks/dhcpd.yml +++ b/roles/space_server/tasks/dhcpd.yml @@ -9,8 +9,8 @@ - packages - name: Configure dhcpd - copy: - src: dhcpd/dhcpd.conf + template: + src: dhcpd/dhcpd.conf.j2 dest: '/etc/dhcp/dhcpd.conf' notify: - restart dhcpd diff --git a/roles/space_server/tasks/unbound.yml b/roles/space_server/tasks/unbound.yml index 42db916..a9c4610 100644 --- a/roles/space_server/tasks/unbound.yml +++ b/roles/space_server/tasks/unbound.yml @@ -9,8 +9,8 @@ - packages - name: Configure unbound - copy: - src: unbound/unbound.conf + template: + src: unbound/unbound.conf.j2 dest: '/etc/unbound/unbound.conf' notify: - restart unbound diff --git a/roles/space_server/templates/avahi/hosts.j2 b/roles/space_server/templates/avahi/hosts.j2 new file mode 100644 index 0000000..f87ad4b --- /dev/null +++ b/roles/space_server/templates/avahi/hosts.j2 @@ -0,0 +1,14 @@ +{% for host in local_hosts %} +{% if 'mdns' not in host or host.mdns %} +{% for ip in host.ips | ipv4 %} +{% if loop.index <= 1 %} +{{ ip }} {{ host.name }}.local +{% endif %} +{% endfor %} +{% for ip in host.ips | ipv6 %} +{% if loop.index <= 1 %} +{{ ip }} {{ host.name }}.local +{% endif %} +{% endfor %} +{% endif %} +{% endfor %} diff --git a/roles/space_server/templates/dhcpd/dhcpd.conf.j2 b/roles/space_server/templates/dhcpd/dhcpd.conf.j2 new file mode 100644 index 0000000..1b832e1 --- /dev/null +++ b/roles/space_server/templates/dhcpd/dhcpd.conf.j2 @@ -0,0 +1,203 @@ +# +# DHCP Server Configuration file. +# see /usr/share/doc/dhcp/dhcpd.conf.example +# see dhcpd.conf(5) man page +# + +# The ddns-updates-style parameter controls whether or not the server will +# attempt to do a DNS update when a lease is confirmed. We default to the +# behavior of the version 2 packages ('none', since DHCP v2 didn't +# have support for DDNS.) +ddns-update-style none; + +# option definitions common to all supported networks... +#option domain-name "labitat.dk"; +default-lease-time 3600; +max-lease-time 7200; +min-lease-time 600; + +# If this DHCP server is the official DHCP server for the local +# network, the authoritative directive should be uncommented. +authoritative; + +# Use this to send dhcp log messages to a different log file (you also +# have to hack syslog.conf to complete the redirection). +log-facility daemon; + + +# Admin net +subnet 10.42.0.0 netmask 255.255.255.0 { + range 10.42.0.50 10.42.0.69; + range 10.42.0.71 10.42.0.250; + option routers 10.42.0.1; + option domain-name-servers 185.38.175.0; + #option ntp-servers 90.185.0.18; +{% for host in local_hosts %} +{% if host.ips | ipaddr('10.42.0.0/24') %} +{% if 'mac' in host %} + +{% if 'description' in host %} + # {{ host.description }} +{% endif %} + host {{ host.name }} { + hardware ethernet {{ host.mac }}; + fixed-address {{ host.ips | ipaddr('10.42.0.0/24') | first }}; +{% if 'filename' in host %} + filename "{{ host.filename }}"; +{% endif %} + } +{% else %} + +{% if 'description' in host %} + # {{ host.description }} +{% endif %} + #host {{ host.name }} { + # fixed-address {{ host.ips | ipaddr('10.42.0.0/24') | first }}; + #} +{% endif %} +{% endif %} +{% endfor %} + + host spacewand { + hardware ethernet 00:1f:7b:b4:0e:00; + fixed-address 10.42.0.70; + } +} + + +# Wired net +subnet 10.42.1.0 netmask 255.255.255.0 { + range dynamic-bootp 10.42.1.50 10.42.1.250; + option routers 10.42.1.1; + option domain-name-servers 185.38.175.0; + #option ntp-servers 90.185.0.18; + next-server 10.42.1.1; + filename "pxelinux.0"; +{% for host in local_hosts %} +{% if host.ips | ipaddr('10.42.1.0/24') %} +{% if 'mac' in host %} + +{% if 'description' in host %} + # {{ host.description }} +{% endif %} + host {{ host.name }} { + hardware ethernet {{ host.mac }}; + fixed-address {{ host.ips | ipaddr('10.42.1.0/24') | first }}; +{% if 'filename' in host %} + filename "{{ host.filename }}"; +{% endif %} + } +{% else %} + +{% if 'description' in host %} + # {{ host.description }} +{% endif %} + #host {{ host.name }} { + # fixed-address {{ host.ips | ipaddr('10.42.1.0/24') | first }}; + #} +{% endif %} +{% endif %} +{% endfor %} +} + + +# Private wifi +subnet 10.42.2.0 netmask 255.255.255.0 { + range 10.42.2.50 10.42.2.250; + option routers 10.42.2.1; + option domain-name-servers 185.38.175.0; + #option ntp-servers 90.185.0.18; + next-server 10.42.2.1; + filename "pxelinux.0"; +{% for host in local_hosts %} +{% if host.ips | ipaddr('10.42.2.0/24') %} +{% if 'mac' in host %} + +{% if 'description' in host %} + # {{ host.description }} +{% endif %} + host {{ host.name }} { + hardware ethernet {{ host.mac }}; + fixed-address {{ host.ips | ipaddr('10.42.2.0/24') | first }}; +{% if 'filename' in host %} + filename "{{ host.filename }}"; +{% endif %} + } +{% else %} + +{% if 'description' in host %} + # {{ host.description }} +{% endif %} + #host {{ host.name }} { + # fixed-address {{ host.ips | ipaddr('10.42.2.0/24') | first }}; + #} +{% endif %} +{% endif %} +{% endfor %} +} + +# Free wifi +subnet 10.42.3.0 netmask 255.255.255.0 { + range 10.42.3.50 10.42.3.250; + option routers 10.42.3.1; + option domain-name-servers 185.38.175.0; + #option ntp-servers 90.185.0.18; +{% for host in local_hosts %} +{% if host.ips | ipaddr('10.42.3.0/24') %} +{% if 'mac' in host %} + +{% if 'description' in host %} + # {{ host.description }} +{% endif %} + host {{ host.name }} { + hardware ethernet {{ host.mac }}; + fixed-address {{ host.ips | ipaddr('10.42.3.0/24') | first }}; +{% if 'filename' in host %} + filename "{{ host.filename }}"; +{% endif %} + } +{% else %} + +{% if 'description' in host %} + # {{ host.description }} +{% endif %} + #host {{ host.name }} { + # fixed-address {{ host.ips | ipaddr('10.42.3.0/24') | first }}; + #} +{% endif %} +{% endif %} +{% endfor %} +} + +# Password protected wifi +subnet 10.42.4.0 netmask 255.255.255.0 { + range 10.42.4.50 10.42.4.250; + option routers 10.42.4.1; + option domain-name-servers 185.38.175.0; + #option ntp-servers 90.185.0.18; +{% for host in local_hosts %} +{% if host.ips | ipaddr('10.42.4.0/24') %} +{% if 'mac' in host %} + +{% if 'description' in host %} + # {{ host.description }} +{% endif %} + host {{ host.name }} { + hardware ethernet {{ host.mac }}; + fixed-address {{ host.ips | ipaddr('10.42.4.0/24') | first }}; +{% if 'filename' in host %} + filename "{{ host.filename }}"; +{% endif %} + } +{% else %} + +{% if 'description' in host %} + # {{ host.description }} +{% endif %} + #host {{ host.name }} { + # fixed-address {{ host.ips | ipaddr('10.42.4.0/24') | first }}; + #} +{% endif %} +{% endif %} +{% endfor %} +} diff --git a/roles/space_server/files/unbound/unbound.conf b/roles/space_server/templates/unbound/unbound.conf.j2 index 1679aea..d2d3aed 100644 --- a/roles/space_server/files/unbound/unbound.conf +++ b/roles/space_server/templates/unbound/unbound.conf.j2 @@ -105,36 +105,20 @@ server: local-data: "labitrack.s. IN AAAA 2a01:4260:1ab::cafe" local-data: "track.s. IN A 185.38.175.70" local-data: "track.s. IN AAAA 2a01:4260:1ab::cafe" - local-data: "ap.s. IN A 10.42.0.2" - local-data-ptr: "10.42.0.2 ap.s." - local-data: "doorputer.s. IN A 10.42.0.3" - local-data-ptr: "10.42.0.3 doorputer.s." - local-data: "foodputer.s. IN A 10.42.0.4" - local-data-ptr: "10.42.0.4 foodputer.s." - local-data: "ap1.s. IN A 10.42.0.5" - local-data-ptr: "10.42.0.5 ap1.s." - local-data: "ap2.s. IN A 10.42.0.6" - local-data-ptr: "10.42.0.6 ap2.s." - local-data: "switch.s. IN A 10.42.0.9" - local-data-ptr: "10.42.0.9 switch.s." - local-data: "lathe.s. IN A 10.42.0.12" - local-data-ptr: "10.42.0.12 lathe.s." - local-data: "anna.s. IN A 10.42.1.9" - local-data-ptr: "10.42.1.9 anna.s." - local-data: "printbrother.s. IN A 10.42.1.32" - local-data-ptr: "10.42.1.32 printbrother.s." - local-data: "infotron.s. IN A 10.42.1.34" - local-data-ptr: "10.42.1.34 infotron.s." - local-data: "spacemon.s. IN A 10.42.1.35" - local-data-ptr: "10.42.1.35 spacemon.s." - local-data: "jumbotron.s. IN A 10.42.1.36" - local-data-ptr: "10.42.1.36 jumbotron.s." - local-data: "hplaserjet.s. IN A 10.42.1.37" - local-data-ptr: "10.42.1.37 hplaserjet.s." - local-data: "labisound.s. IN A 10.42.1.40" - local-data-ptr: "10.42.1.40 labisound.s." - local-data: "sound.s. IN A 10.42.1.80" - local-data-ptr: "10.42.1.80 sound.s." +{% for host in local_hosts %} +{% for ip in host.ips | ipv4 %} +{% if loop.index <= 1 %} + local-data: "{{ host.name }}.s. IN A {{ ip }}" + local-data-ptr: "{{ ip }} {{ host.name }}.s." +{% endif %} +{% endfor %} +{% for ip in host.ips | ipv6 %} +{% if loop.index <= 1 %} + local-data: "{{ host.name }}.s. IN AAAA {{ ip }}" + local-data-ptr: "{{ ip }} {{ host.name }}.s." +{% endif %} +{% endfor %} +{% endfor %} remote-control: control-enable: yes |