aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/fedora/tasks/dnf.yml11
-rwxr-xr-xroles/space_server/bootstrap.sh31
-rwxr-xr-xroles/space_server/files/kernel/90-loaderentry.install10
-rwxr-xr-xroles/space_server/files/kernel/95-syslinux-menu.install10
-rw-r--r--roles/space_server/tasks/avahi.yml7
-rw-r--r--roles/space_server/tasks/bird.yml7
-rw-r--r--roles/space_server/tasks/kernel.yml8
-rw-r--r--roles/space_server/tasks/nftables.yml17
-rw-r--r--roles/space_server/tasks/radius.yml9
-rw-r--r--roles/space_server/tasks/sshd.yml4
-rw-r--r--roles/space_server/tasks/unbound.yml6
-rw-r--r--roles/space_server/templates/cmdline.j22
-rw-r--r--roles/space_server/vars/main.yml8
13 files changed, 79 insertions, 51 deletions
diff --git a/roles/fedora/tasks/dnf.yml b/roles/fedora/tasks/dnf.yml
index cc28e97..6b3ad74 100644
--- a/roles/fedora/tasks/dnf.yml
+++ b/roles/fedora/tasks/dnf.yml
@@ -12,26 +12,23 @@
- name: Remove packages
dnf:
- name: '{{ item }}'
+ name: "{{ dnf_packages|dictsort(true)|selectattr(1,'equalto','absent')|map(attribute=0)|list }}"
state: absent
- with_items: "{{ dnf_packages|dictsort(true)|selectattr(1,'equalto','absent')|map(attribute=0)|list }}"
-
tags:
- packages
-- name: Update all packages
+- name: Upgrade all packages
dnf:
name: '*'
state: latest
tags:
- - update
+ - upgrade
- packages
- name: Install packages
dnf:
- name: '{{ item }}'
+ name: "{{ dnf_packages|dictsort(true)|selectattr(1,'equalto','present')|map(attribute=0)|list }}"
state: present
- with_items: "{{ dnf_packages|dictsort(true)|selectattr(1,'equalto','present')|map(attribute=0)|list }}"
tags:
- packages
diff --git a/roles/space_server/bootstrap.sh b/roles/space_server/bootstrap.sh
index f80a454..98a62e5 100755
--- a/roles/space_server/bootstrap.sh
+++ b/roles/space_server/bootstrap.sh
@@ -23,8 +23,9 @@
#
# Install syslinux:
# mount -o noatime,fmask=0133,dmask=0022,utf8 /dev/sda1 /boot
+# mkdir /boot/syslinux
# syslinux -d syslinux -i /dev/sda1
-# cp /usr/share/syslinux/{ldlinux,libutil,menu}.c32 /boot/syslinux/
+# cp /usr/share/syslinux/{libutil,menu}.c32 /boot/syslinux/
# dd bs=440 count=1 if=/usr/share/syslinux/gptmbr.bin of=/dev/sda
#
# Mount root filesystem:
@@ -39,7 +40,7 @@
set -e
set -x
-release=27
+release=29
secrets='/etc/ansible/secrets.yml'
dest="/mnt/fedora$release"
if [[ -e "$dest" ]]; then
@@ -57,15 +58,31 @@ dnf \
--disablerepo='*' \
--enablerepo=fedora \
--enablerepo=updates \
- install dnf git python2-dnf python-netaddr ansible
+ install glibc-langpack-en dnf git ansible python3-netaddr python-unversioned-command
if [[ -f "$secrets" ]]; then
install -m660 "$secrets" "$dest$secrets"
fi
-systemd-nspawn -D "$dest" -M space -E ANSIBLE_FORCE_COLOR=1 \
- --bind /boot --bind /home -- \
- ansible-pull -i space, -c local \
- -U 'https://github.com/labitat/labitat-ansible.git' space.yml
+for i in /var/lib/machines /var/lib/portables; do
+ if [[ -d "$dest$i" ]]; then
+ btrfs subvolume delete "$dest$i"
+ fi
+ echo "Creating $i"
+ install -o root -g root -m755 -d "$dest$i"
+done
+
+exec systemd-nspawn \
+ -D "$dest" \
+ -M space \
+ -E ANSIBLE_FORCE_COLOR=1 \
+ --bind /boot \
+ --bind /home \
+ -- \
+ ansible-pull \
+ -i space.labitat.dk, \
+ -c local \
+ -U 'https://github.com/labitat/labitat-ansible.git' \
+ space.yml
# vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/files/kernel/90-loaderentry.install b/roles/space_server/files/kernel/90-loaderentry.install
index df0526e..40d325a 100755
--- a/roles/space_server/files/kernel/90-loaderentry.install
+++ b/roles/space_server/files/kernel/90-loaderentry.install
@@ -7,14 +7,16 @@ KERNEL_VERSION="$2"
BOOT_DIR_ABS="$3"
KERNEL_IMAGE="$4"
-if [[ -f /etc/machine-id ]]; then
- read MACHINE_ID < /etc/machine-id
+if ! [[ $KERNEL_INSTALL_MACHINE_ID ]]; then
+ exit 0
fi
-if ! [[ $MACHINE_ID ]]; then
- exit 1
+if ! [[ -d "$BOOT_DIR_ABS" ]]; then
+ exit 0
fi
+MACHINE_ID=$KERNEL_INSTALL_MACHINE_ID
+
BOOT_DIR="/$MACHINE_ID/$KERNEL_VERSION"
BOOT_ROOT=${BOOT_DIR_ABS%$BOOT_DIR}
LOADER_ENTRY="$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf"
diff --git a/roles/space_server/files/kernel/95-syslinux-menu.install b/roles/space_server/files/kernel/95-syslinux-menu.install
index 183da9e..2dd2772 100755
--- a/roles/space_server/files/kernel/95-syslinux-menu.install
+++ b/roles/space_server/files/kernel/95-syslinux-menu.install
@@ -7,14 +7,16 @@ KERNEL_VERSION="$2"
BOOT_DIR_ABS="$3"
KERNEL_IMAGE="$4"
-if [[ -f /etc/machine-id ]]; then
- read MACHINE_ID < /etc/machine-id
+if ! [[ $KERNEL_INSTALL_MACHINE_ID ]]; then
+ exit 0
fi
-if ! [[ $MACHINE_ID ]]; then
- exit 1
+if ! [[ -d "$BOOT_DIR_ABS" ]]; then
+ exit 0
fi
+MACHINE_ID=$KERNEL_INSTALL_MACHINE_ID
+
BOOT_DIR="/$MACHINE_ID/$KERNEL_VERSION"
BOOT_ROOT=${BOOT_DIR_ABS%$BOOT_DIR}
MENU="$BOOT_ROOT/loader/${MACHINE_ID}.cfg"
diff --git a/roles/space_server/tasks/avahi.yml b/roles/space_server/tasks/avahi.yml
index 1161863..f4decb8 100644
--- a/roles/space_server/tasks/avahi.yml
+++ b/roles/space_server/tasks/avahi.yml
@@ -1,11 +1,10 @@
---
- name: Install avahi, tools and nss-mdns
dnf:
- name: '{{ item }}'
+ name:
+ - avahi-tools # pulls in avahi package
+ - nss-mdns
state: present
- with_items:
- - avahi-tools # pulls in avahi package
- - nss-mdns
tags:
- packages
diff --git a/roles/space_server/tasks/bird.yml b/roles/space_server/tasks/bird.yml
index cdf402b..aeaa7bd 100644
--- a/roles/space_server/tasks/bird.yml
+++ b/roles/space_server/tasks/bird.yml
@@ -1,11 +1,10 @@
---
- name: Install bird and bird6 packages
dnf:
- name: '{{ item }}'
+ name:
+ - bird
+ - bird6
state: present
- with_items:
- - bird
- - bird6
tags:
- packages
diff --git a/roles/space_server/tasks/kernel.yml b/roles/space_server/tasks/kernel.yml
index b87bccc..d22fa86 100644
--- a/roles/space_server/tasks/kernel.yml
+++ b/roles/space_server/tasks/kernel.yml
@@ -10,11 +10,15 @@
- '/etc/kernel'
- '/etc/kernel/install.d'
-- name: Mask grubby
+- name: Mask grub and grubby
file:
- path: '/etc/kernel/install.d/20-grubby.install'
+ path: '/etc/kernel/install.d/{{ item }}'
src: '/dev/null'
state: link
+ force: yes
+ with_items:
+ - 20-grub.install
+ - 20-grubby.install
- name: Create syslinux loader entry and menu
copy:
diff --git a/roles/space_server/tasks/nftables.yml b/roles/space_server/tasks/nftables.yml
index 1f56a93..a589980 100644
--- a/roles/space_server/tasks/nftables.yml
+++ b/roles/space_server/tasks/nftables.yml
@@ -14,14 +14,6 @@
tags:
- packages
-- name: Symlink to /etc/nftables.conf
- file:
- path: '/etc/sysconfig/nftables.conf'
- src: '../nftables.conf'
- state: link
- force: yes
- notify:
- - reload nftables
- name: Configure nftables
copy:
dest: '/etc/nftables.conf'
@@ -32,6 +24,15 @@
notify:
- reload nftables
+- name: Symlink to /etc/nftables.conf
+ file:
+ path: '/etc/sysconfig/nftables.conf'
+ src: '../nftables.conf'
+ state: link
+ force: yes
+ notify:
+ - reload nftables
+
- name: Enable nftables service
systemd:
name: nftables.service
diff --git a/roles/space_server/tasks/radius.yml b/roles/space_server/tasks/radius.yml
index 972cc40..d66d8f6 100644
--- a/roles/space_server/tasks/radius.yml
+++ b/roles/space_server/tasks/radius.yml
@@ -1,12 +1,11 @@
---
- name: Install freeradius-python, curl and diffutils package
dnf:
- name: '{{ item }}'
+ name:
+ - freeradius-python
+ - curl
+ - diffutils
state: present
- with_items:
- - freeradius-python
- - curl
- - diffutils
tags:
- packages
diff --git a/roles/space_server/tasks/sshd.yml b/roles/space_server/tasks/sshd.yml
index 63f3367..176ee5a 100644
--- a/roles/space_server/tasks/sshd.yml
+++ b/roles/space_server/tasks/sshd.yml
@@ -36,9 +36,11 @@
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
with_items:
+ - regexp: '^[# ]*PermitRootLogin'
+ line: 'PermitRootLogin no'
- regexp: '^PasswordAuthentication'
line: 'PasswordAuthentication no'
- - regexp: '^#*GSSAPIAuthentication'
+ - regexp: '^[# ]*GSSAPIAuthentication'
line: 'GSSAPIAuthentication no'
notify:
- restart sshd
diff --git a/roles/space_server/tasks/unbound.yml b/roles/space_server/tasks/unbound.yml
index 81199b9..a3726a0 100644
--- a/roles/space_server/tasks/unbound.yml
+++ b/roles/space_server/tasks/unbound.yml
@@ -1,7 +1,9 @@
---
- name: Install unbound package
dnf:
- name: unbound
+ name:
+ - policycoreutils # needed for unbound-keygen.service
+ - unbound
state: present
tags:
- packages
@@ -37,4 +39,4 @@
group: root
mode: 0644
-# vim: set ts=2 sw=2 et ft=yaml:
+# vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/templates/cmdline.j2 b/roles/space_server/templates/cmdline.j2
index d3bd2e7..4e523b6 100644
--- a/roles/space_server/templates/cmdline.j2
+++ b/roles/space_server/templates/cmdline.j2
@@ -5,4 +5,4 @@
{% else %}
{% set subvol = '/%s%s' % (ansible_distribution.lower(), ansible_distribution_version) %}
{% endif %}
-console=ttyS0,115200n8 ro root={{ root.device }} rootfstype=btrfs ro rootflags={{ root.options|regex_replace('noatime,','') }},subvol={{ subvol }} rootwait audit=0
+console=ttyS0,115200n8 ro root={{ root.device }} rootfstype=btrfs ro rootflags={{ root.options|regex_replace('noatime,','') }},subvol={{ subvol }} rootwait audit=0 systemd.unified_cgroup_hierarchy=1
diff --git a/roles/space_server/vars/main.yml b/roles/space_server/vars/main.yml
index 94dec47..0778f2e 100644
--- a/roles/space_server/vars/main.yml
+++ b/roles/space_server/vars/main.yml
@@ -13,14 +13,18 @@ dnf_conf:
'main.deltarpm': 'False'
dnf_packages:
+ 'glibc-langpack-da': present
+ 'glibc-langpack-en': present
'initscripts': present
+ 'hostname': present
+ 'iproute': present
'dosfstools': present
'btrfs-progs': present
'dnf': present
- 'python2-dnf': present
'dnf-command(leaves)': present
+ 'python-unversioned-command': present
'ansible': present
- 'python-netaddr': present
+ 'python3-netaddr': present # for dhcpd template
'vim-enhanced': present
'git': present
'diffutils': present