From 18629c52f8d3d411cc52208e74bfbfc5862996d4 Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Thu, 4 Oct 2018 18:45:52 +0200 Subject: doorputer: add role to set up doorputer rpi --- doorputer.yml | 15 +++++++ inventory | 3 ++ roles/doorputer/files/eth0.network | 7 ++++ roles/doorputer/files/lockserver.service | 15 +++++++ roles/doorputer/files/motd | 13 ++++++ roles/doorputer/meta/main.yml | 6 +++ roles/doorputer/tasks/bluetooth.yml | 16 ++++++++ roles/doorputer/tasks/lockserver.yml | 69 ++++++++++++++++++++++++++++++++ roles/doorputer/tasks/main.yml | 27 +++++++++++++ roles/doorputer/vars/main.yml | 27 +++++++++++++ 10 files changed, 198 insertions(+) create mode 100644 doorputer.yml create mode 100644 roles/doorputer/files/eth0.network create mode 100644 roles/doorputer/files/lockserver.service create mode 100644 roles/doorputer/files/motd create mode 100644 roles/doorputer/meta/main.yml create mode 100644 roles/doorputer/tasks/bluetooth.yml create mode 100644 roles/doorputer/tasks/lockserver.yml create mode 100644 roles/doorputer/tasks/main.yml create mode 100644 roles/doorputer/vars/main.yml diff --git a/doorputer.yml b/doorputer.yml new file mode 100644 index 0000000..b444e30 --- /dev/null +++ b/doorputer.yml @@ -0,0 +1,15 @@ +--- +- hosts: doorputer.s + pre_tasks: + - name: Detect chroot + set_fact: + chroot: "{{ ansible_connection == 'chroot' or 'container' in ansible_env }}" + tags: always + - name: Load secrets + include_vars: 'secrets.yml' + ignore_errors: yes + tags: always + roles: + - doorputer + +# vim: set ts=2 sw=2 et: diff --git a/inventory b/inventory index 445f1ce..e5b8fd3 100644 --- a/inventory +++ b/inventory @@ -1,2 +1,5 @@ space.labitat.dk + +[rpis] jumbotron.s +doorputer.s diff --git a/roles/doorputer/files/eth0.network b/roles/doorputer/files/eth0.network new file mode 100644 index 0000000..601e041 --- /dev/null +++ b/roles/doorputer/files/eth0.network @@ -0,0 +1,7 @@ +[Match] +Name=eth0 + +[Network] +DHCP=yes +IPv6AcceptRA=yes +LLMNR=yes diff --git a/roles/doorputer/files/lockserver.service b/roles/doorputer/files/lockserver.service new file mode 100644 index 0000000..a09666d --- /dev/null +++ b/roles/doorputer/files/lockserver.service @@ -0,0 +1,15 @@ +[Unit] +Description=Lockserver + +[Service] +Type=simple +User=doorman +WorkingDirectory=/home/doorman +ExecStartPre=/home/doorman/lockserver/init.sh +ExecStart=/home/doorman/lockserver/lockd.py +StandardOutput=syslog +StandardError=inherit +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/roles/doorputer/files/motd b/roles/doorputer/files/motd new file mode 100644 index 0000000..5c83520 --- /dev/null +++ b/roles/doorputer/files/motd @@ -0,0 +1,13 @@ + + _ _ + | | | | + __| | ___ ___ _ __ _ __ _ _| |_ ___ _ __ + / _` |/ _ \ / _ \| '__| '_ \| | | | __/ _ \ '__| +| (_| | (_) | (_) | | | |_) | |_| | || __/ | + \__,_|\___/ \___/|_| | .__/ \__,_|\__\___|_| + | | + |_| + +Open da door: +$ sudo -i +# echo O > /dev/ttyUSB0 diff --git a/roles/doorputer/meta/main.yml b/roles/doorputer/meta/main.yml new file mode 100644 index 0000000..731a8f2 --- /dev/null +++ b/roles/doorputer/meta/main.yml @@ -0,0 +1,6 @@ +--- +dependencies: +- role: raspbian +- role: users + +# vim: set ts=2 sw=2 et: diff --git a/roles/doorputer/tasks/bluetooth.yml b/roles/doorputer/tasks/bluetooth.yml new file mode 100644 index 0000000..ef64f35 --- /dev/null +++ b/roles/doorputer/tasks/bluetooth.yml @@ -0,0 +1,16 @@ +--- +- name: Disable hciuart service + systemd: + name: hciuart.service + enabled: no + masked: no + state: stopped + +- name: Disable bluetooth service + systemd: + name: bluetooth.service + enabled: no + masked: no + state: stopped + +# vim: set ts=2 sw=2 et: diff --git a/roles/doorputer/tasks/lockserver.yml b/roles/doorputer/tasks/lockserver.yml new file mode 100644 index 0000000..57b9e2b --- /dev/null +++ b/roles/doorputer/tasks/lockserver.yml @@ -0,0 +1,69 @@ +--- +- name: Create doorman user + user: + comment: 'Doorman Doris' + name: doorman + shell: '/bin/bash' + uid: 3000 + group: users + groups: + - dialout + - gpio + +- name: Check out lockserver repo + git: + dest: '~doorman/lockserver' + repo: 'https://github.com/labitat/lockserver.git' + accept_hostkey: yes + clone: yes + update: yes + remote: origin + +- name: Make sure doorman owns git repo + file: + dest: '~doorman/lockserver' + owner: doorman + group: users + recurse: yes + +- name: Initialize database + command: + argv: + - '/usr/bin/sqlite3' + - 'users.db' + - '.read lockserver/structure.sql' + become_user: doorman + args: + chdir: '/home/doorman' + creates: '/home/doorman/users.db' + +- name: Create pasword file + copy: + dest: '~doorman/lockserver.password' + content: "{{ doorputer_webpassword }}\n" + owner: doorman + group: users + mode: 0600 + when: doorputer_webpassword is defined + +- name: Install lockserver service + copy: + dest: '/etc/systemd/system/lockserver.service' + src: lockserver.service + owner: root + group: root + mode: 0644 + register: lockserver_service + +- name: Reload systemd + command: systemctl daemon-reload + when: lockserver_service is changed + +- name: Enable lockserver service + systemd: + name: lockserver.service + enabled: yes + masked: no + state: started + +# vim: set ts=2 sw=2 et: diff --git a/roles/doorputer/tasks/main.yml b/roles/doorputer/tasks/main.yml new file mode 100644 index 0000000..62a693a --- /dev/null +++ b/roles/doorputer/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Install network configuration + copy: + dest: '/etc/systemd/network/10-eth0.network' + src: eth0.network + owner: root + group: root + mode: 0644 + tags: + - networkd-config + +- name: Set message of the day + copy: + dest: '/etc/motd' + src: motd + owner: root + group: root + mode: 0644 + tags: + - motd + +- import_tasks: bluetooth.yml + tags: bluetooth +- import_tasks: lockserver.yml + tags: lockserver + +# vim: set ts=2 sw=2 et: diff --git a/roles/doorputer/vars/main.yml b/roles/doorputer/vars/main.yml new file mode 100644 index 0000000..f07df60 --- /dev/null +++ b/roles/doorputer/vars/main.yml @@ -0,0 +1,27 @@ +--- +hostname: 'doorputer' + +users: + 'esmil': sudo + 'ast': sudo + 'flummer': sudo + 'riiiis': sudo + 'knielsen': sudo + 'signout': sudo + +apt_sources: + raspbian: + components: + - main + - contrib + - non-free + - rpi + +apt_packages: + 'git': present # to check out lockserver repo + + # lockserver dependencies + 'python3-serial': present + 'sqlite3': present + +# vim: set ts=2 sw=2 et: -- cgit v1.2.1