Compare commits
13 Commits
master
...
homeassist
Author | SHA1 | Date | |
---|---|---|---|
bd7d256004 | |||
6e55e4ff78 | |||
3e87601013 | |||
838d881480 | |||
6bfff16a4b | |||
552c9d71b3 | |||
3b8cc7d1ea | |||
b629b62974 | |||
389331e59a | |||
c7c56f212e | |||
a9c66ab0e3 | |||
42538dc019 | |||
79af417b4f |
1
.gitignore
vendored
1
.gitignore
vendored
@ -2,3 +2,4 @@
|
|||||||
site.retry
|
site.retry
|
||||||
ansible.log
|
ansible.log
|
||||||
*.swp
|
*.swp
|
||||||
|
*.pyc
|
||||||
|
@ -31,9 +31,9 @@ Currently the following hosts are installed:
|
|||||||
| knoedel.binary.kitchen | Debian 12 | SIP-DECT OMM |
|
| knoedel.binary.kitchen | Debian 12 | SIP-DECT OMM |
|
||||||
| bob.binary.kitchen | Debian 12 | Gitea Actions |
|
| bob.binary.kitchen | Debian 12 | Gitea Actions |
|
||||||
| lasagne.binary.kitchen | Debian 12 | Home Assistant * |
|
| lasagne.binary.kitchen | Debian 12 | Home Assistant * |
|
||||||
| tschunk.binary.kitchen | Debian 12 | Strichliste |
|
| tschunk.binary.kitchen | Debian 11 | Strichliste |
|
||||||
| bowle.binary.kitchen | Debian 12 | Files |
|
| bowle.binary.kitchen | Debian 12 | Files |
|
||||||
| lock-auweg.binary.kitchen | Debian 12 | Doorlock |
|
| lock-auweg.binary.kitchen | Debian 11 | Doorlock |
|
||||||
|
|
||||||
\*: The main application is not managed by ansible but manually installed
|
\*: The main application is not managed by ansible but manually installed
|
||||||
|
|
||||||
|
@ -5,5 +5,3 @@ radius_hostname: radius3.binary.kitchen
|
|||||||
slapd_hostname: ldap3.binary.kitchen
|
slapd_hostname: ldap3.binary.kitchen
|
||||||
slapd_replica_id: 3
|
slapd_replica_id: 3
|
||||||
slapd_role: slave
|
slapd_role: slave
|
||||||
|
|
||||||
uau_reboot: "false"
|
|
||||||
|
@ -15,5 +15,3 @@ radius_hostname: radius1.binary.kitchen
|
|||||||
slapd_hostname: ldap1.binary.kitchen
|
slapd_hostname: ldap1.binary.kitchen
|
||||||
slapd_replica_id: 1
|
slapd_replica_id: 1
|
||||||
slapd_role: slave
|
slapd_role: slave
|
||||||
|
|
||||||
uau_reboot: "false"
|
|
||||||
|
@ -9,3 +9,40 @@ root_keys_host:
|
|||||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"
|
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa sct39667@m-mob-062"
|
||||||
|
|
||||||
uau_reboot: "false"
|
uau_reboot: "false"
|
||||||
|
|
||||||
|
mosquitto_listeners:
|
||||||
|
# Listeners for Mosquitto MQTT Broker
|
||||||
|
- name: "default"
|
||||||
|
listener: "1883"
|
||||||
|
protocol: "mqtt"
|
||||||
|
use_username_as_clientid: "false"
|
||||||
|
allow_zero_length_clientid: "true"
|
||||||
|
allow_anonymous: "false"
|
||||||
|
users:
|
||||||
|
- username: admin
|
||||||
|
password: "{{ vault_mosquitto_arwen_admin_passwd }}"
|
||||||
|
acl:
|
||||||
|
- permissions: readwrite
|
||||||
|
topic: "#"
|
||||||
|
|
||||||
|
- username: homeassistant
|
||||||
|
password: "{{ vault_mosquitto_arwen_homeassistant_passwd }}"
|
||||||
|
acl:
|
||||||
|
- permissions: readwrite
|
||||||
|
topic: "#"
|
||||||
|
|
||||||
|
mosquitto_bridges:
|
||||||
|
- connection: pizza
|
||||||
|
address: 172.23.4.6:1883
|
||||||
|
topics:
|
||||||
|
- topic: "# out 0"
|
||||||
|
- topic: "# in 0"
|
||||||
|
|
||||||
|
ha_pg_db_pass: "{{ vault_ha_pg_db_pass }}"
|
||||||
|
pgadmin4_db_password: "{{ vault_pgadmin4_db_password }}"
|
||||||
|
pgadmin4_initial_user_email: noby@binary-kitchen.de
|
||||||
|
pgadmin4_initial_user_password: "{{ vault_pgadmin4_initial_user_password }}"
|
||||||
|
ha_pg_grafana_db_pass: "{{ vault_ha_pg_grafana_db_pass }}"
|
||||||
|
|
||||||
|
ha_domains:
|
||||||
|
- lasagne.binary.kitchen
|
||||||
|
@ -1,8 +1,9 @@
|
|||||||
|
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
|
||||||
|
|
||||||
# This is the sshd server system-wide configuration file. See
|
# This is the sshd server system-wide configuration file. See
|
||||||
# sshd_config(5) for more information.
|
# sshd_config(5) for more information.
|
||||||
|
|
||||||
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
|
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
|
||||||
|
|
||||||
# The strategy used for options in the default sshd_config shipped with
|
# The strategy used for options in the default sshd_config shipped with
|
||||||
# OpenSSH is to specify options with their default value where
|
# OpenSSH is to specify options with their default value where
|
||||||
@ -68,7 +69,7 @@ PasswordAuthentication {{ sshd_password_authentication }}
|
|||||||
|
|
||||||
# Change to yes to enable challenge-response passwords (beware issues with
|
# Change to yes to enable challenge-response passwords (beware issues with
|
||||||
# some PAM modules and threads)
|
# some PAM modules and threads)
|
||||||
KbdInteractiveAuthentication no
|
ChallengeResponseAuthentication no
|
||||||
|
|
||||||
# Kerberos options
|
# Kerberos options
|
||||||
#KerberosAuthentication no
|
#KerberosAuthentication no
|
||||||
@ -84,13 +85,13 @@ KbdInteractiveAuthentication no
|
|||||||
|
|
||||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||||
# and session processing. If this is enabled, PAM authentication will
|
# and session processing. If this is enabled, PAM authentication will
|
||||||
# be allowed through the KbdInteractiveAuthentication and
|
# be allowed through the ChallengeResponseAuthentication and
|
||||||
# PasswordAuthentication. Depending on your PAM configuration,
|
# PasswordAuthentication. Depending on your PAM configuration,
|
||||||
# PAM authentication via KbdInteractiveAuthentication may bypass
|
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||||
# the setting of "PermitRootLogin prohibit-password".
|
# the setting of "PermitRootLogin without-password".
|
||||||
# If you just want the PAM account and session checks to run without
|
# If you just want the PAM account and session checks to run without
|
||||||
# PAM authentication, then enable this but set PasswordAuthentication
|
# PAM authentication, then enable this but set PasswordAuthentication
|
||||||
# and KbdInteractiveAuthentication to 'no'.
|
# and ChallengeResponseAuthentication to 'no'.
|
||||||
UsePAM yes
|
UsePAM yes
|
||||||
|
|
||||||
#AllowAgentForwarding yes
|
#AllowAgentForwarding yes
|
||||||
@ -108,7 +109,7 @@ PrintMotd no
|
|||||||
#ClientAliveInterval 0
|
#ClientAliveInterval 0
|
||||||
#ClientAliveCountMax 3
|
#ClientAliveCountMax 3
|
||||||
#UseDNS no
|
#UseDNS no
|
||||||
#PidFile /run/sshd.pid
|
#PidFile /var/run/sshd.pid
|
||||||
#MaxStartups 10:30:100
|
#MaxStartups 10:30:100
|
||||||
#PermitTunnel no
|
#PermitTunnel no
|
||||||
#ChrootDirectory none
|
#ChrootDirectory none
|
||||||
|
4
roles/dhcpd/handlers/main.yml
Normal file
4
roles/dhcpd/handlers/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Restart isc-dhcp-server
|
||||||
|
service: name=isc-dhcp-server state=restarted
|
14
roles/dhcpd/tasks/main.yml
Normal file
14
roles/dhcpd/tasks/main.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install dhcp server
|
||||||
|
apt: name=isc-dhcp-server
|
||||||
|
|
||||||
|
- name: Configure dhcp server
|
||||||
|
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
||||||
|
with_items:
|
||||||
|
- default/isc-dhcp-server
|
||||||
|
- dhcp/dhcpd.conf
|
||||||
|
notify: Restart isc-dhcp-server
|
||||||
|
|
||||||
|
- name: Start the dhcp server
|
||||||
|
service: name=isc-dhcp-server state=started enabled=yes
|
21
roles/dhcpd/templates/default/isc-dhcp-server.j2
Normal file
21
roles/dhcpd/templates/default/isc-dhcp-server.j2
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
#
|
||||||
|
# This is a POSIX shell fragment
|
||||||
|
#
|
||||||
|
|
||||||
|
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
|
||||||
|
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
|
||||||
|
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
|
||||||
|
|
||||||
|
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
|
||||||
|
#DHCPDv4_PID=/var/run/dhcpd.pid
|
||||||
|
#DHCPDv6_PID=/var/run/dhcpd6.pid
|
||||||
|
|
||||||
|
# Additional options to start dhcpd with.
|
||||||
|
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
|
||||||
|
#OPTIONS=""
|
||||||
|
|
||||||
|
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
|
||||||
|
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
|
||||||
|
INTERFACESv4="{{ ansible_default_ipv4['interface'] }}"
|
||||||
|
INTERFACESv6=""
|
||||||
|
INTERFACES="{{ ansible_default_ipv4['interface'] }}"
|
319
roles/dhcpd/templates/dhcp/dhcpd.conf.j2
Normal file
319
roles/dhcpd/templates/dhcp/dhcpd.conf.j2
Normal file
@ -0,0 +1,319 @@
|
|||||||
|
# dhcpd.conf
|
||||||
|
|
||||||
|
# option definitions common to all supported networks...
|
||||||
|
option domain-name "binary.kitchen";
|
||||||
|
option domain-name-servers {{ name_servers | join(', ') }};
|
||||||
|
option domain-search "binary.kitchen";
|
||||||
|
option ntp-servers 172.23.1.60, 172.23.2.3;
|
||||||
|
|
||||||
|
# options related to Mitel SIP-DECT
|
||||||
|
option space sipdect;
|
||||||
|
option local-encapsulation code 43 = encapsulate sipdect;
|
||||||
|
option sipdect.ommip1 code 10 = ip-address;
|
||||||
|
option sipdect.ommip2 code 19 = ip-address;
|
||||||
|
option sipdect.syslogip code 14 = ip-address;
|
||||||
|
option sipdect.syslogport code 15 = integer 16;
|
||||||
|
option magic_str code 224 = text;
|
||||||
|
|
||||||
|
default-lease-time 7200;
|
||||||
|
max-lease-time 28800;
|
||||||
|
|
||||||
|
# Use this to enble / disable dynamic dns updates globally.
|
||||||
|
ddns-update-style interim;
|
||||||
|
ddns-updates on;
|
||||||
|
|
||||||
|
# If this DHCP server is the official DHCP server for the local
|
||||||
|
# network, the authoritative directive should be uncommented.
|
||||||
|
authoritative;
|
||||||
|
|
||||||
|
# Use this to send dhcp log messages to a different log file (you also
|
||||||
|
# have to hack syslog.conf to complete the redirection).
|
||||||
|
log-facility local7;
|
||||||
|
|
||||||
|
{% if dhcpd_failover == true %}
|
||||||
|
|
||||||
|
# Failover
|
||||||
|
|
||||||
|
failover peer "failover-partner" {
|
||||||
|
{% if ansible_default_ipv4.address == dhcpd_primary %}
|
||||||
|
primary;
|
||||||
|
address {{ dhcpd_primary }};
|
||||||
|
peer address {{ dhcpd_secondary }};
|
||||||
|
{% elif ansible_default_ipv4.address == dhcpd_secondary %}
|
||||||
|
secondary;
|
||||||
|
address {{ dhcpd_secondary }};
|
||||||
|
peer address {{ dhcpd_primary }};
|
||||||
|
{% endif %}
|
||||||
|
port 520;
|
||||||
|
peer port 520;
|
||||||
|
max-response-delay 60;
|
||||||
|
max-unacked-updates 10;
|
||||||
|
{% if ansible_default_ipv4.address == dhcpd_primary %}
|
||||||
|
mclt 600;
|
||||||
|
split 255;
|
||||||
|
{% endif %}
|
||||||
|
load balance max seconds 3;
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
# Binary Kitchen subnets
|
||||||
|
|
||||||
|
# Management
|
||||||
|
subnet 172.23.1.0 netmask 255.255.255.0 {
|
||||||
|
option routers 172.23.1.1;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Services
|
||||||
|
subnet 172.23.2.0 netmask 255.255.255.0 {
|
||||||
|
allow bootp;
|
||||||
|
option routers 172.23.2.1;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Users
|
||||||
|
subnet 172.23.3.0 netmask 255.255.255.0 {
|
||||||
|
option routers 172.23.3.1;
|
||||||
|
ddns-domainname "users.binary.kitchen";
|
||||||
|
option domain-search "binary.kitchen", "users.binary.kitchen";
|
||||||
|
pool {
|
||||||
|
{% if dhcpd_failover == true %}
|
||||||
|
failover peer "failover-partner";
|
||||||
|
{% endif %}
|
||||||
|
range 172.23.3.10 172.23.3.230;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# MQTT
|
||||||
|
subnet 172.23.4.0 netmask 255.255.255.0 {
|
||||||
|
option routers 172.23.4.1;
|
||||||
|
pool {
|
||||||
|
{% if dhcpd_failover == true %}
|
||||||
|
failover peer "failover-partner";
|
||||||
|
{% endif %}
|
||||||
|
range 172.23.4.10 172.23.4.240;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Management Auweg
|
||||||
|
subnet 172.23.12.0 netmask 255.255.255.0 {
|
||||||
|
option routers 172.23.12.1;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Services Auweg
|
||||||
|
subnet 172.23.13.0 netmask 255.255.255.0 {
|
||||||
|
allow bootp;
|
||||||
|
option routers 172.23.13.1;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Users Auweg
|
||||||
|
subnet 172.23.14.0 netmask 255.255.255.0 {
|
||||||
|
option routers 172.23.14.1;
|
||||||
|
option domain-search "binary.kitchen", "users.binary.kitchen";
|
||||||
|
pool {
|
||||||
|
{% if dhcpd_failover == true %}
|
||||||
|
failover peer "failover-partner";
|
||||||
|
{% endif %}
|
||||||
|
range 172.23.14.10 172.23.14.230;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# MQTT Auweg
|
||||||
|
subnet 172.23.15.0 netmask 255.255.255.0 {
|
||||||
|
option routers 172.23.15.1;
|
||||||
|
pool {
|
||||||
|
{% if dhcpd_failover == true %}
|
||||||
|
failover peer "failover-partner";
|
||||||
|
{% endif %}
|
||||||
|
range 172.23.15.10 172.23.15.240;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# DDNS zones
|
||||||
|
|
||||||
|
zone users.binary.kitchen {
|
||||||
|
primary {{ dns_primary }};
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Fixed IPs
|
||||||
|
|
||||||
|
host ap01 {
|
||||||
|
hardware ethernet 44:48:c1:ce:a9:00;
|
||||||
|
fixed-address ap01.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host ap04 {
|
||||||
|
hardware ethernet 74:9e:75:ce:93:54;
|
||||||
|
fixed-address ap04.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host ap05 {
|
||||||
|
hardware ethernet bc:9f:e4:c3:6f:aa;
|
||||||
|
fixed-address ap05.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host ap06 {
|
||||||
|
hardware ethernet 94:b4:0f:c0:1d:a0;
|
||||||
|
fixed-address ap06.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host ap11 {
|
||||||
|
hardware ethernet 18:64:72:c6:c2:0c;
|
||||||
|
fixed-address ap11.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host ap12 {
|
||||||
|
hardware ethernet 18:64:72:c6:c4:98;
|
||||||
|
fixed-address ap12.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host bowle {
|
||||||
|
hardware ethernet ac:1f:6b:25:16:b6;
|
||||||
|
fixed-address bowle.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host cannelloni {
|
||||||
|
hardware ethernet b8:27:eb:18:5c:11;
|
||||||
|
fixed-address cannelloni.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host fusilli {
|
||||||
|
hardware ethernet b8:27:eb:1d:b9:bf;
|
||||||
|
fixed-address fusilli.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host habdisplay1 {
|
||||||
|
hardware ethernet b8:27:eb:b6:62:be;
|
||||||
|
fixed-address habdisplay1.mqtt.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host habdisplay2 {
|
||||||
|
hardware ethernet b8:27:eb:df:0b:7b;
|
||||||
|
fixed-address habdisplay2.mqtt.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host klopi {
|
||||||
|
hardware ethernet 74:da:38:6e:e6:9d;
|
||||||
|
fixed-address klopi.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host lock {
|
||||||
|
hardware ethernet b8:27:eb:d8:b9:ad;
|
||||||
|
fixed-address lock.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host maccaroni {
|
||||||
|
hardware ethernet b8:27:eb:f5:9e:a1;
|
||||||
|
fixed-address maccaroni.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host matrix {
|
||||||
|
hardware ethernet b8:27:eb:ed:22:58;
|
||||||
|
fixed-address matrix.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host mirror {
|
||||||
|
hardware ethernet 74:da:38:7d:ed:84;
|
||||||
|
fixed-address mirror.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host mpcnc {
|
||||||
|
hardware ethernet b8:27:eb:0f:d3:8b;
|
||||||
|
fixed-address mpcnc.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host noodlehub {
|
||||||
|
hardware ethernet b8:27:eb:56:2b:7c;
|
||||||
|
fixed-address noodlehub.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host openhabgw1 {
|
||||||
|
hardware ethernet dc:a6:32:bf:e2:3e;
|
||||||
|
fixed-address openhabgw1.mqtt.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host pizza {
|
||||||
|
hardware ethernet 52:54:00:17:02:21;
|
||||||
|
fixed-address pizza.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host spaghetti {
|
||||||
|
hardware ethernet b8:27:eb:eb:e5:88;
|
||||||
|
fixed-address spaghetti.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host schweinshaxn {
|
||||||
|
hardware ethernet 52:54:00:17:02:24;
|
||||||
|
fixed-address schweinshaxn.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host strammermax {
|
||||||
|
hardware ethernet 08:00:37:B8:55:44;
|
||||||
|
fixed-address strammermax.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
host obatzda {
|
||||||
|
hardware ethernet ec:9a:74:35:35:cf;
|
||||||
|
fixed-address obatzda.binary.kitchen;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# VoIP Phones
|
||||||
|
|
||||||
|
host voip01 {
|
||||||
|
hardware ethernet 00:1D:45:B6:99:2F;
|
||||||
|
option tftp-server-name "172.23.2.36";
|
||||||
|
}
|
||||||
|
|
||||||
|
host voip02 {
|
||||||
|
hardware ethernet 00:1D:A2:66:B8:3E;
|
||||||
|
option tftp-server-name "172.23.2.36";
|
||||||
|
}
|
||||||
|
|
||||||
|
host voip03 {
|
||||||
|
hardware ethernet 00:1E:BE:90:FB:DB;
|
||||||
|
option tftp-server-name "172.23.2.36";
|
||||||
|
}
|
||||||
|
|
||||||
|
host voip04 {
|
||||||
|
hardware ethernet 00:1E:BE:90:FF:06;
|
||||||
|
option tftp-server-name "172.23.2.36";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Mitel SIP-DECT
|
||||||
|
|
||||||
|
host rfp01 {
|
||||||
|
hardware ethernet 00:30:42:1B:73:5A;
|
||||||
|
fixed-address 172.23.1.111;
|
||||||
|
option host-name "rfp01";
|
||||||
|
option sipdect.ommip1 172.23.2.35;
|
||||||
|
option magic_str = "OpenMobilitySIP-DECT";
|
||||||
|
}
|
||||||
|
|
||||||
|
host rfp02 {
|
||||||
|
hardware ethernet 00:30:42:21:D4:D5;
|
||||||
|
fixed-address 172.23.1.112;
|
||||||
|
option host-name "rfp02";
|
||||||
|
option sipdect.ommip1 172.23.2.35;
|
||||||
|
option magic_str = "OpenMobilitySIP-DECT";
|
||||||
|
}
|
||||||
|
|
||||||
|
host rfp11 {
|
||||||
|
hardware ethernet 00:30:42:1B:8B:9B;
|
||||||
|
fixed-address 172.23.12.111;
|
||||||
|
option host-name "rfp11";
|
||||||
|
option sipdect.ommip1 172.23.2.35;
|
||||||
|
option magic_str = "OpenMobilitySIP-DECT";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# OMAPI
|
||||||
|
|
||||||
|
omapi-port 7911;
|
||||||
|
omapi-key omapi_key;
|
||||||
|
|
||||||
|
key omapi_key {
|
||||||
|
algorithm hmac-md5;
|
||||||
|
secret {{ dhcp_omapi_key }};
|
||||||
|
}
|
@ -1,7 +1,7 @@
|
|||||||
$ORIGIN 23.172.in-addr.arpa. ; base for unqualified names
|
$ORIGIN 23.172.in-addr.arpa. ; base for unqualified names
|
||||||
$TTL 1h ; default time-to-live
|
$TTL 1h ; default time-to-live
|
||||||
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
|
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
|
||||||
2024100600; serial
|
2024051300; serial
|
||||||
1d; refresh
|
1d; refresh
|
||||||
2h; retry
|
2h; retry
|
||||||
4w; expire
|
4w; expire
|
||||||
@ -13,7 +13,7 @@ $TTL 1h ; default time-to-live
|
|||||||
1.0 IN PTR core.binary.kitchen.
|
1.0 IN PTR core.binary.kitchen.
|
||||||
2.0 IN PTR rt-w13b.binary.kitchen.
|
2.0 IN PTR rt-w13b.binary.kitchen.
|
||||||
3.0 IN PTR erx-rz.binary.kitchen.
|
3.0 IN PTR erx-rz.binary.kitchen.
|
||||||
4.0 IN PTR rt-auweg.binary.kitchen.
|
4.0 IN PTR erx-auweg.binary.kitchen.
|
||||||
; Management
|
; Management
|
||||||
1.1 IN PTR v2301.core.binary.kitchen.
|
1.1 IN PTR v2301.core.binary.kitchen.
|
||||||
11.1 IN PTR ups1.binary.kitchen.
|
11.1 IN PTR ups1.binary.kitchen.
|
||||||
@ -87,26 +87,22 @@ $GENERATE 10-240 $.4 IN PTR dhcp-${0,3,d}-04.binary.kitchen.
|
|||||||
1.10 IN PTR wg0.erx-rz.binary.kitchen.
|
1.10 IN PTR wg0.erx-rz.binary.kitchen.
|
||||||
$GENERATE 2-254 $.10 IN PTR vpn-${0,3,d}-10.binary.kitchen.
|
$GENERATE 2-254 $.10 IN PTR vpn-${0,3,d}-10.binary.kitchen.
|
||||||
; Management Auweg
|
; Management Auweg
|
||||||
1.12 IN PTR v2312.rt-auweg.binary.kitchen.
|
|
||||||
31.12 IN PTR sw-auweg.binary.kitchen.
|
31.12 IN PTR sw-auweg.binary.kitchen.
|
||||||
41.12 IN PTR ap11.binary.kitchen.
|
41.12 IN PTR ap11.binary.kitchen.
|
||||||
42.12 IN PTR ap12.binary.kitchen.
|
42.12 IN PTR ap12.binary.kitchen.
|
||||||
61.12 IN PTR weizen.binary.kitchen.
|
61.12 IN PTR weizen.binary.kitchen.
|
||||||
111.12 IN PTR rfp11.binary.kitchen.
|
111.12 IN PTR rfp11.binary.kitchen.
|
||||||
; Services Auweg
|
; Services Auweg
|
||||||
1.13 IN PTR v2313.rt-auweg.binary.kitchen.
|
|
||||||
3.13 IN PTR aeron.binary.kitchen.
|
3.13 IN PTR aeron.binary.kitchen.
|
||||||
12.13 IN PTR lock-auweg.binary.kitchen.
|
12.13 IN PTR lock-auweg.binary.kitchen.
|
||||||
; Clients Auweg
|
; Clients Auweg
|
||||||
1.14 IN PTR v2314.rt-auweg.binary.kitchen.
|
|
||||||
$GENERATE 10-230 $.14 IN PTR dhcp-${0,3,d}-14.binary.kitchen.
|
$GENERATE 10-230 $.14 IN PTR dhcp-${0,3,d}-14.binary.kitchen.
|
||||||
; MQTT
|
; MQTT
|
||||||
1.15 IN PTR v2315.rt-auweg.binary.kitchen.
|
|
||||||
$GENERATE 10-240 $.15 IN PTR dhcp-${0,3,d}-15.binary.kitchen.
|
$GENERATE 10-240 $.15 IN PTR dhcp-${0,3,d}-15.binary.kitchen.
|
||||||
; Point-to-Point
|
; Point-to-Point
|
||||||
1.96 IN PTR v400.rt-w13b.binary.kitchen.
|
1.96 IN PTR v400.erx-bk.binary.kitchen.
|
||||||
2.96 IN PTR v400.core.binary.kitchen.
|
2.96 IN PTR v400.core.binary.kitchen.
|
||||||
1.97 IN PTR wg1.erx-rz.binary.kitchen.
|
1.97 IN PTR wg1.erx-rz.binary.kitchen.
|
||||||
2.97 IN PTR wg1.rt-w13b.binary.kitchen.
|
2.97 IN PTR wg1.erx-bk.binary.kitchen.
|
||||||
5.97 IN PTR wg2.erx-rz.binary.kitchen.
|
5.97 IN PTR wg2.erx-rz.binary.kitchen.
|
||||||
6.97 IN PTR wg2.rt-auweg.binary.kitchen.
|
6.97 IN PTR wg2.erx-auweg.binary.kitchen.
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
$ORIGIN binary.kitchen ; base for unqualified names
|
$ORIGIN binary.kitchen ; base for unqualified names
|
||||||
$TTL 1h ; default time-to-live
|
$TTL 1h ; default time-to-live
|
||||||
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
|
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
|
||||||
2024100600; serial
|
2024051300; serial
|
||||||
1d; refresh
|
1d; refresh
|
||||||
2h; retry
|
2h; retry
|
||||||
4w; expire
|
4w; expire
|
||||||
@ -36,7 +36,7 @@ radius IN A 172.23.2.4
|
|||||||
core IN A 172.23.0.1
|
core IN A 172.23.0.1
|
||||||
rt-w13b IN A 172.23.0.2
|
rt-w13b IN A 172.23.0.2
|
||||||
erx-rz IN A 172.23.0.3
|
erx-rz IN A 172.23.0.3
|
||||||
rt-auweg IN A 172.23.0.4
|
erx-auweg IN A 172.23.0.4
|
||||||
; Management
|
; Management
|
||||||
v2301.core IN A 172.23.1.1
|
v2301.core IN A 172.23.1.1
|
||||||
ups1 IN A 172.23.1.11
|
ups1 IN A 172.23.1.11
|
||||||
@ -107,29 +107,25 @@ salat IN A 172.23.9.61
|
|||||||
salat-bmc IN A 172.23.9.81
|
salat-bmc IN A 172.23.9.81
|
||||||
; Services RZ
|
; Services RZ
|
||||||
; Management Auweg
|
; Management Auweg
|
||||||
v2312.rt-auweg IN A 172.23.12.1
|
|
||||||
sw-auweg IN A 172.23.12.31
|
sw-auweg IN A 172.23.12.31
|
||||||
ap11 IN A 172.23.12.41
|
ap11 IN A 172.23.12.41
|
||||||
ap12 IN A 172.23.12.42
|
ap12 IN A 172.23.12.42
|
||||||
weizen IN A 172.23.12.61
|
weizen IN A 172.23.12.61
|
||||||
rfp11 IN A 172.23.12.111
|
rfp11 IN A 172.23.12.111
|
||||||
; Services Auweg
|
; Services Auweg
|
||||||
v2313.rt-auweg IN A 172.23.13.1
|
|
||||||
aeron IN A 172.23.13.3
|
aeron IN A 172.23.13.3
|
||||||
lock-auweg IN A 172.23.13.12
|
lock-auweg IN A 172.23.13.12
|
||||||
; Clients Auweg
|
; Clients Auweg
|
||||||
v2314.rt-auweg IN A 172.23.14.1
|
|
||||||
$GENERATE 10-230 dhcp-${0,3,d}-14 IN A 172.23.14.$
|
$GENERATE 10-230 dhcp-${0,3,d}-14 IN A 172.23.14.$
|
||||||
; MQTT Auweg
|
; MQTT Auweg
|
||||||
v2315.rt-auweg IN A 172.23.15.1
|
|
||||||
$GENERATE 10-240 dhcp-${0,3,d}-15 IN A 172.23.15.$
|
$GENERATE 10-240 dhcp-${0,3,d}-15 IN A 172.23.15.$
|
||||||
; VPN RZ (ER-X)
|
; VPN RZ (ER-X)
|
||||||
wg0.erx-rz IN A 172.23.10.1
|
wg0.erx-rz IN A 172.23.10.1
|
||||||
$GENERATE 2-254 vpn-${0,3,d}-10 IN A 172.23.10.$
|
$GENERATE 2-254 vpn-${0,3,d}-10 IN A 172.23.10.$
|
||||||
; Point-to-Point
|
; Point-to-Point
|
||||||
v400.rt-w13b IN A 172.23.96.1
|
v400.erx-bk IN A 172.23.96.1
|
||||||
v400.core IN A 172.23.96.2
|
v400.core IN A 172.23.96.2
|
||||||
wg1.erx-rz IN A 172.23.97.1
|
wg1.erx-rz IN A 172.23.97.1
|
||||||
wg1.rt-w13b IN A 172.23.97.2
|
wg1.erx-bk IN A 172.23.97.2
|
||||||
wg2.erx-rz IN A 172.23.97.5
|
wg2.erx-rz IN A 172.23.97.5
|
||||||
wg2.rt-auweg IN A 172.23.97.6
|
wg2.erx-auweg IN A 172.23.97.6
|
||||||
|
22
roles/homeassistant/defaults/main.yml
Normal file
22
roles/homeassistant/defaults/main.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
# Python version required for home assistant
|
||||||
|
ha_python_version: '3.12'
|
||||||
|
|
||||||
|
# The location of the config directory
|
||||||
|
ha_conf_dir: /etc/homeassistant
|
||||||
|
|
||||||
|
# The location of the installatin directory
|
||||||
|
ha_venv_dir: "/opt/homeassistant"
|
||||||
|
|
||||||
|
# The default user
|
||||||
|
ha_user: homeassistant
|
||||||
|
|
||||||
|
ha_pg_db_version: 15
|
||||||
|
ha_pg_db_name: homeassistant
|
||||||
|
ha_pg_db_user: homeassistant
|
||||||
|
ha_pg_db_pass: xxxxx
|
||||||
|
|
||||||
|
ha_pg_grafana_db_name: grafana
|
||||||
|
ha_pg_grafana_db_user: grafana
|
||||||
|
ha_pg_grafana_db_pass: xxxxx
|
21
roles/homeassistant/handlers/main.yml
Normal file
21
roles/homeassistant/handlers/main.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Restart postgresql
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: postgresql
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Restart homeassistant
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: home-assistant
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Restart grafana
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: grafana-server
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Restart nginx
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
14
roles/homeassistant/meta/main.yml
Normal file
14
roles/homeassistant/meta/main.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
galaxy_info:
|
||||||
|
author: Thomas Basler
|
||||||
|
description: Install HomeAssistant environment
|
||||||
|
license: None
|
||||||
|
platforms:
|
||||||
|
- name: Debian
|
||||||
|
min_ansible_version: "2.4"
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
- { role: mosquitto }
|
||||||
|
- { role: pgadmin4 }
|
||||||
|
- { role: nginx, nginx_ssl: false }
|
77
roles/homeassistant/tasks/grafana.yml
Normal file
77
roles/homeassistant/tasks/grafana.yml
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Grafana | add GPG signing key
|
||||||
|
become: true
|
||||||
|
ansible.builtin.apt_key:
|
||||||
|
url: "https://apt.grafana.com/gpg.key"
|
||||||
|
state: present
|
||||||
|
validate_certs: true
|
||||||
|
|
||||||
|
- name: Grafana | add official repository
|
||||||
|
become: true
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: "deb https://apt.grafana.com stable main"
|
||||||
|
state: present
|
||||||
|
filename: grafana
|
||||||
|
update_cache: true
|
||||||
|
tags: install
|
||||||
|
|
||||||
|
- name: Grafana | establish dependencies
|
||||||
|
become: true
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
loop: ["grafana"]
|
||||||
|
tags: install
|
||||||
|
|
||||||
|
- name: Grafana | Configure PostgreSQL database
|
||||||
|
community.general.postgresql_db:
|
||||||
|
name: "{{ ha_pg_grafana_db_name }}"
|
||||||
|
template: template0
|
||||||
|
encoding: utf8
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: Grafana | Configure PostgreSQL user
|
||||||
|
community.general.postgresql_user:
|
||||||
|
db: "{{ ha_pg_grafana_db_name }}"
|
||||||
|
name: "{{ ha_pg_grafana_db_user }}"
|
||||||
|
password: "{{ ha_pg_grafana_db_pass }}"
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: Grafana | GRANT ALL PRIVILEGES ON SCHEMA public TO {{ pgadmin4_db_user }}
|
||||||
|
community.postgresql.postgresql_privs:
|
||||||
|
db: "{{ ha_pg_grafana_db_name }}"
|
||||||
|
privs: ALL
|
||||||
|
type: schema
|
||||||
|
objs: public
|
||||||
|
role: "{{ ha_pg_grafana_db_user }}"
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: GRANT SELECT PRIVILEGES ON DATABASE {{ ha_pg_db_name }} TO {{ ha_pg_grafana_db_user }}
|
||||||
|
community.general.postgresql_privs:
|
||||||
|
db: "{{ ha_pg_db_name }}"
|
||||||
|
privs: SELECT
|
||||||
|
type: table
|
||||||
|
objs: statistics,statistics_meta
|
||||||
|
role: "{{ ha_pg_grafana_db_user }}"
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: Grafana | install config file
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: grafana.ini.j2
|
||||||
|
dest: "/etc/grafana/grafana.ini"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
notify: Restart grafana
|
||||||
|
|
||||||
|
- name: Grafana | Start service
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: grafana-server
|
||||||
|
state: started
|
||||||
|
enabled: true
|
33
roles/homeassistant/tasks/installation.yml
Normal file
33
roles/homeassistant/tasks/installation.yml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install defined version of Home Assistant
|
||||||
|
ansible.builtin.pip:
|
||||||
|
name:
|
||||||
|
- wheel
|
||||||
|
- psycopg2
|
||||||
|
- packaging
|
||||||
|
- uv
|
||||||
|
- netifaces
|
||||||
|
- homeassistant=={{ ha_version }}
|
||||||
|
virtualenv: '{{ ha_venv_dir }}'
|
||||||
|
virtualenv_command: 'python{{ ha_python_version }} -m venv'
|
||||||
|
when: ha_version is defined
|
||||||
|
become: true
|
||||||
|
become_user: "{{ ha_user }}"
|
||||||
|
notify: Restart homeassistant
|
||||||
|
|
||||||
|
- name: Install latest version of Home Assistant
|
||||||
|
ansible.builtin.pip:
|
||||||
|
name:
|
||||||
|
- wheel
|
||||||
|
- psycopg2
|
||||||
|
- packaging
|
||||||
|
- uv
|
||||||
|
- homeassistant
|
||||||
|
extra_args: "--upgrade"
|
||||||
|
virtualenv: "{{ ha_venv_dir }}"
|
||||||
|
virtualenv_command: 'python{{ ha_python_version }} -m venv'
|
||||||
|
when: ha_version is undefined
|
||||||
|
become: true
|
||||||
|
become_user: "{{ ha_user }}"
|
||||||
|
notify: Restart homeassistant
|
15
roles/homeassistant/tasks/main.yml
Normal file
15
roles/homeassistant/tasks/main.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install python if required
|
||||||
|
ansible.builtin.include_tasks: python_312.yml
|
||||||
|
when: ha_python_version == '3.12'
|
||||||
|
|
||||||
|
- name: Include sub-tasks
|
||||||
|
ansible.builtin.include_tasks: '{{ item }}'
|
||||||
|
loop:
|
||||||
|
- preparation.yml
|
||||||
|
- postgres.yml
|
||||||
|
- systemd.yml
|
||||||
|
- installation.yml
|
||||||
|
- grafana.yml
|
||||||
|
- nginx.yml
|
15
roles/homeassistant/tasks/nginx.yml
Normal file
15
roles/homeassistant/tasks/nginx.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Configure vhost
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: vhost.j2
|
||||||
|
dest: /etc/nginx/sites-available/homeassistant
|
||||||
|
mode: "0644"
|
||||||
|
notify: Restart nginx
|
||||||
|
|
||||||
|
- name: Enable vhost
|
||||||
|
ansible.builtin.file:
|
||||||
|
src: /etc/nginx/sites-available/homeassistant
|
||||||
|
dest: /etc/nginx/sites-enabled/homeassistant
|
||||||
|
state: link
|
||||||
|
notify: Restart nginx
|
54
roles/homeassistant/tasks/postgres.yml
Normal file
54
roles/homeassistant/tasks/postgres.yml
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Postgres | establish dependencies
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
loop:
|
||||||
|
- postgresql-{{ ha_pg_db_version }}
|
||||||
|
- libpq-dev
|
||||||
|
- python3-psycopg2
|
||||||
|
|
||||||
|
- name: Postgres | Configure PostgreSQL database
|
||||||
|
community.general.postgresql_db:
|
||||||
|
name: "{{ ha_pg_db_name }}"
|
||||||
|
template: template0
|
||||||
|
encoding: utf8
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: Postgres | Configure PostgreSQL user
|
||||||
|
community.general.postgresql_user:
|
||||||
|
db: "{{ ha_pg_db_name }}"
|
||||||
|
name: "{{ ha_pg_db_user }}"
|
||||||
|
password: "{{ ha_pg_db_pass }}"
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: Postgres | GRANT ALL PRIVILEGES ON SCHEMA public TO {{ ha_pg_db_user }}
|
||||||
|
community.postgresql.postgresql_privs:
|
||||||
|
db: "{{ ha_pg_db_user }}"
|
||||||
|
privs: ALL
|
||||||
|
type: schema
|
||||||
|
objs: public
|
||||||
|
role: "{{ ha_pg_db_user }}"
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: Postgres | Grant all users access to all dbs
|
||||||
|
community.general.postgresql_pg_hba:
|
||||||
|
dest: /etc/postgresql/{{ ha_pg_db_version }}/main/pg_hba.conf
|
||||||
|
contype: host
|
||||||
|
users: all
|
||||||
|
databases: all
|
||||||
|
method: scram-sha-256
|
||||||
|
source: 0.0.0.0/0
|
||||||
|
notify: Restart postgresql
|
||||||
|
|
||||||
|
- name: Postgres | Listen to external interfaces
|
||||||
|
community.general.postgresql_set:
|
||||||
|
name: listen_addresses
|
||||||
|
value: "*"
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
notify: Restart postgresql
|
41
roles/homeassistant/tasks/preparation.yml
Normal file
41
roles/homeassistant/tasks/preparation.yml
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install commonly-named packages
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
loop:
|
||||||
|
- python3
|
||||||
|
- python3-dev
|
||||||
|
- python3-venv
|
||||||
|
- python3-pip
|
||||||
|
- libffi-dev
|
||||||
|
- libssl-dev
|
||||||
|
- libjpeg-dev
|
||||||
|
- zlib1g-dev
|
||||||
|
- autoconf
|
||||||
|
- build-essential
|
||||||
|
- libopenjp2-7
|
||||||
|
- libtiff6
|
||||||
|
- libturbojpeg0
|
||||||
|
- tzdata
|
||||||
|
- git
|
||||||
|
- ffmpeg
|
||||||
|
|
||||||
|
- name: Create user
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ ha_user }}"
|
||||||
|
comment: "Home Assistant"
|
||||||
|
system: true
|
||||||
|
shell: "/sbin/nologin"
|
||||||
|
|
||||||
|
- name: Create directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: "02775"
|
||||||
|
owner: "{{ ha_user }}"
|
||||||
|
group: "{{ ha_user }}"
|
||||||
|
loop:
|
||||||
|
- "{{ ha_conf_dir }}"
|
||||||
|
- "{{ ha_venv_dir }}"
|
26
roles/homeassistant/tasks/python_312.yml
Normal file
26
roles/homeassistant/tasks/python_312.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Python 3.12 | add GPG signing key
|
||||||
|
become: true
|
||||||
|
ansible.builtin.apt_key:
|
||||||
|
url: "https://pascalroeleven.nl/deb-pascalroeleven.gpg"
|
||||||
|
state: present
|
||||||
|
validate_certs: true
|
||||||
|
tags: install
|
||||||
|
|
||||||
|
- name: Python 3.12 | add official repository
|
||||||
|
become: true
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: "deb http://deb.pascalroeleven.nl/python3.12 bookworm-backports main"
|
||||||
|
state: present
|
||||||
|
filename: python312
|
||||||
|
update_cache: true
|
||||||
|
tags: install
|
||||||
|
|
||||||
|
- name: Python 3.12 | establish dependencies
|
||||||
|
become: true
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
loop: "{{ python312_dependencies }}"
|
||||||
|
tags: install
|
17
roles/homeassistant/tasks/systemd.yml
Normal file
17
roles/homeassistant/tasks/systemd.yml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install systemd unit file
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: home-assistant.service.j2
|
||||||
|
dest: "/etc/systemd/system/home-assistant.service"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
notify: Restart homeassistant
|
||||||
|
|
||||||
|
- name: Enable home assistant service
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: home-assistant
|
||||||
|
daemon_reload: true
|
||||||
|
enabled: true
|
||||||
|
notify: Restart homeassistant
|
1082
roles/homeassistant/templates/grafana.ini.j2
Normal file
1082
roles/homeassistant/templates/grafana.ini.j2
Normal file
File diff suppressed because it is too large
Load Diff
14
roles/homeassistant/templates/home-assistant.service.j2
Normal file
14
roles/homeassistant/templates/home-assistant.service.j2
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Home Assistant
|
||||||
|
After=network.target postgresql.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User={{ ha_user }}
|
||||||
|
Environment="PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:{{ ha_venv_dir }}/bin"
|
||||||
|
ExecStart={{ ha_venv_dir }}/bin/hass --config {{ ha_conf_dir }}
|
||||||
|
Restart=always
|
||||||
|
RestartSec=3
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
41
roles/homeassistant/templates/vhost.j2
Normal file
41
roles/homeassistant/templates/vhost.j2
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name {{ ha_domains | join(' ') }};
|
||||||
|
|
||||||
|
proxy_buffering off;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:8123;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_redirect http:// https://;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api/websocket {
|
||||||
|
proxy_pass http://127.0.0.1:8123;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
}
|
||||||
|
|
||||||
|
location /grafana {
|
||||||
|
client_max_body_size 1024M;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_pass http://localhost:3000;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /pgadmin4 { rewrite ^ /pgadmin4/; }
|
||||||
|
location /pgadmin4 { try_files $uri @pgadmin4; }
|
||||||
|
location @pgadmin4 {
|
||||||
|
include uwsgi_params;
|
||||||
|
uwsgi_pass unix:/run/pgadmin4/pgadmin4.sock;
|
||||||
|
}
|
||||||
|
}
|
6
roles/homeassistant/vars/main.yml
Normal file
6
roles/homeassistant/vars/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
python312_dependencies:
|
||||||
|
- python3.12
|
||||||
|
- python3.12-venv
|
||||||
|
- python3.12-dev
|
@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Restart kea-dhcp4-server
|
|
||||||
service: name=kea-dhcp4-server state=restarted
|
|
||||||
|
|
||||||
- name: Restart kea-dhcp-ddns-server
|
|
||||||
service: name=kea-dhcp-ddns-server state=restarted
|
|
||||||
|
|
||||||
- name: Restart kea-ctrl-agent
|
|
||||||
service: name=kea-ctrl-agent state=restarted
|
|
@ -1,38 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Install the kea dhcp server
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- kea-ctrl-agent
|
|
||||||
- kea-dhcp4-server
|
|
||||||
- kea-dhcp-ddns-server
|
|
||||||
|
|
||||||
- name: Configure the kea dhcp4 server
|
|
||||||
template:
|
|
||||||
src: kea/kea-dhcp4.conf.j2
|
|
||||||
dest: /etc/kea/kea-dhcp4.conf
|
|
||||||
# validate: kea-dhcp4 -t %s
|
|
||||||
notify: Restart kea-dhcp4-server
|
|
||||||
|
|
||||||
- name: Start the kea dhcp4 server
|
|
||||||
service: name=kea-dhcp4-server state=started enabled=yes
|
|
||||||
|
|
||||||
- name: Configure the kea dhcp-ddns server
|
|
||||||
template:
|
|
||||||
src: kea/kea-dhcp-ddns.conf.j2
|
|
||||||
dest: /etc/kea/kea-dhcp-ddns.conf
|
|
||||||
# validate: kea-dhcp-ddns -t %s
|
|
||||||
notify: Restart kea-dhcp-ddns-server
|
|
||||||
|
|
||||||
- name: Start the kea dhcp-ddns server
|
|
||||||
service: name=kea-dhcp-ddns-server state=started enabled=yes
|
|
||||||
|
|
||||||
- name: Configure the kea control agent
|
|
||||||
template:
|
|
||||||
src: kea/kea-ctrl-agent.conf.j2
|
|
||||||
dest: /etc/kea/kea-ctrl-agent.conf
|
|
||||||
# validate: kea-ctrl-agent -t %s
|
|
||||||
notify: Restart kea-ctrl-agent
|
|
||||||
|
|
||||||
- name: Start the kea control agent
|
|
||||||
service: name=kea-ctrl-agent state=started enabled=yes
|
|
@ -1,37 +0,0 @@
|
|||||||
{
|
|
||||||
"Control-agent":
|
|
||||||
{
|
|
||||||
"http-host": "0.0.0.0",
|
|
||||||
"http-port": 8000,
|
|
||||||
"control-sockets":
|
|
||||||
{
|
|
||||||
"dhcp4":
|
|
||||||
{
|
|
||||||
"comment": "socket to DHCP4 server",
|
|
||||||
"socket-type": "unix",
|
|
||||||
"socket-name": "/run/kea/kea4-ctrl-socket"
|
|
||||||
},
|
|
||||||
|
|
||||||
"d2":
|
|
||||||
{
|
|
||||||
"socket-type": "unix",
|
|
||||||
"socket-name": "/run/kea/kea-ddns-ctrl-socket",
|
|
||||||
"user-context": { "in-use": false }
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"loggers": [
|
|
||||||
{
|
|
||||||
"name": "kea-ctrl-agent",
|
|
||||||
"output_options": [
|
|
||||||
{
|
|
||||||
"output": "stdout",
|
|
||||||
"pattern": "%-5p %m\n"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"severity": "INFO",
|
|
||||||
"debuglevel": 0
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,38 +0,0 @@
|
|||||||
{
|
|
||||||
"DhcpDdns": {
|
|
||||||
"ip-address": "127.0.0.1",
|
|
||||||
"port": 53001,
|
|
||||||
"control-socket": {
|
|
||||||
"socket-type": "unix",
|
|
||||||
"socket-name": "/run/kea/kea-ddns-ctrl-socket"
|
|
||||||
},
|
|
||||||
|
|
||||||
"forward-ddns": {
|
|
||||||
"ddns-domains": [
|
|
||||||
{
|
|
||||||
"name": "users.binary.kitchen.",
|
|
||||||
"dns-servers": [
|
|
||||||
{ "ip-address": "{{ dns_primary }}" }
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
|
|
||||||
"reverse-ddns": {
|
|
||||||
},
|
|
||||||
|
|
||||||
"loggers": [
|
|
||||||
{
|
|
||||||
"name": "kea-dhcp4",
|
|
||||||
"output_options": [
|
|
||||||
{
|
|
||||||
"output": "stdout",
|
|
||||||
"pattern": "%-5p %m\n"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"severity": "INFO",
|
|
||||||
"debuglevel": 0
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,470 +0,0 @@
|
|||||||
{
|
|
||||||
|
|
||||||
"Dhcp4": {
|
|
||||||
"interfaces-config": {
|
|
||||||
"interfaces": [ "{{ ansible_default_ipv4['interface'] }}" ]
|
|
||||||
},
|
|
||||||
|
|
||||||
"control-socket": {
|
|
||||||
"socket-type": "unix",
|
|
||||||
"socket-name": "/run/kea/kea4-ctrl-socket"
|
|
||||||
},
|
|
||||||
|
|
||||||
"dhcp-ddns": {
|
|
||||||
"enable-updates": true,
|
|
||||||
"server-ip": "127.0.0.1",
|
|
||||||
"server-port": 53001,
|
|
||||||
"sender-ip": "",
|
|
||||||
"sender-port": 0,
|
|
||||||
"max-queue-size": 1024,
|
|
||||||
"ncr-protocol": "UDP",
|
|
||||||
"ncr-format": "JSON"
|
|
||||||
},
|
|
||||||
|
|
||||||
"hooks-libraries": [
|
|
||||||
{
|
|
||||||
"library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so"
|
|
||||||
{% if dhcpd_failover %}
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_ha.so",
|
|
||||||
"parameters": {
|
|
||||||
"high-availability": [ {
|
|
||||||
"this-server-name": "{{ inventory_hostname.split('.')[0] }}",
|
|
||||||
"mode": "hot-standby",
|
|
||||||
"heartbeat-delay": 10000,
|
|
||||||
"max-response-delay": 60000,
|
|
||||||
"max-ack-delay": 5000,
|
|
||||||
"max-unacked-clients": 5,
|
|
||||||
"sync-timeout": 60000,
|
|
||||||
"peers": [
|
|
||||||
{
|
|
||||||
"name": "{{ lookup('dig', dhcpd_primary+'/PTR', '@'+dns_primary).split('.')[0] }}",
|
|
||||||
"url": "http://{{ dhcpd_primary }}:8000/",
|
|
||||||
"role": "primary"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "{{ lookup('dig', dhcpd_secondary+'/PTR', '@'+dns_primary).split('.')[0] }}",
|
|
||||||
"url": "http://{{ dhcpd_secondary }}:8000/",
|
|
||||||
"role": "standby"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
} ]
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
|
|
||||||
"lease-database": {
|
|
||||||
"type": "memfile",
|
|
||||||
"lfc-interval": 3600
|
|
||||||
},
|
|
||||||
|
|
||||||
"expired-leases-processing": {
|
|
||||||
"reclaim-timer-wait-time": 10,
|
|
||||||
"flush-reclaimed-timer-wait-time": 25,
|
|
||||||
"hold-reclaimed-time": 3600,
|
|
||||||
"max-reclaim-leases": 100,
|
|
||||||
"max-reclaim-time": 250,
|
|
||||||
"unwarned-reclaim-cycles": 5
|
|
||||||
},
|
|
||||||
|
|
||||||
"renew-timer": 900,
|
|
||||||
"rebind-timer": 1800,
|
|
||||||
"valid-lifetime": 3600,
|
|
||||||
|
|
||||||
"option-def": [
|
|
||||||
{
|
|
||||||
"code": 43,
|
|
||||||
"encapsulate": "sipdect",
|
|
||||||
"name": "vendor-encapsulated-options",
|
|
||||||
"space": "dhcp4",
|
|
||||||
"type": "empty"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"code": 10,
|
|
||||||
"name": "ommip1",
|
|
||||||
"space": "sipdect",
|
|
||||||
"type": "ipv4-address"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"code": 19,
|
|
||||||
"name": "ommip2",
|
|
||||||
"space": "sipdect",
|
|
||||||
"type": "ipv4-address"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"code": 14,
|
|
||||||
"name": "syslogip",
|
|
||||||
"space": "sipdect",
|
|
||||||
"type": "ipv4-address"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"code": 15,
|
|
||||||
"name": "syslogport",
|
|
||||||
"space": "sipdect",
|
|
||||||
"type": "int16"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"code": 224,
|
|
||||||
"name": "magic_str",
|
|
||||||
"space": "dhcp4",
|
|
||||||
"type": "string"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "domain-name-servers",
|
|
||||||
"data": "{{ name_servers | join(', ') }}"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"name": "domain-name",
|
|
||||||
"data": "binary.kitchen"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"name": "domain-search",
|
|
||||||
"data": "binary.kitchen"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
|
|
||||||
"client-classes": [
|
|
||||||
{
|
|
||||||
"name": "voip-phone",
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "tftp-server-name",
|
|
||||||
"data": "172.23.2.36"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"name": "dect-rfp",
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "vendor-encapsulated-options"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"data": "172.23.2.35",
|
|
||||||
"name": "ommip1",
|
|
||||||
"space": "sipdect"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"data": "OpenMobilitySIP-DECT",
|
|
||||||
"name": "magic_str"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
],
|
|
||||||
|
|
||||||
"subnet4": [
|
|
||||||
{
|
|
||||||
"subnet": "172.23.1.0/24",
|
|
||||||
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "routers",
|
|
||||||
"data": "172.23.1.1"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
|
|
||||||
"reservations": [
|
|
||||||
{
|
|
||||||
"hw-address": "44:48:c1:ce:a9:00",
|
|
||||||
"ip-address": "172.23.1.41",
|
|
||||||
"hostname": "ap01"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "74:9e:75:ce:93:54",
|
|
||||||
"ip-address": "172.23.1.44",
|
|
||||||
"hostname": "ap04"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "bc:9f:e4:c3:6f:aa",
|
|
||||||
"ip-address": "172.23.1.45",
|
|
||||||
"hostname": "ap05"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "94:b4:0f:c0:1d:a0",
|
|
||||||
"ip-address": "172.23.1.46",
|
|
||||||
"hostname": "ap06"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "00:30:42:1B:73:5A",
|
|
||||||
"ip-address": "172.23.1.111",
|
|
||||||
"client-classes": [ "dect-rfp" ],
|
|
||||||
"hostname": "rfp01"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "00:30:42:21:D4:D5",
|
|
||||||
"ip-address": "172.23.1.112",
|
|
||||||
"client-classes": [ "dect-rfp" ],
|
|
||||||
"hostname": "rfp02"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"subnet": "172.23.2.0/24",
|
|
||||||
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "routers",
|
|
||||||
"data": "172.23.2.1"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
|
|
||||||
"reservations": [
|
|
||||||
{
|
|
||||||
"hw-address": "b8:27:eb:d8:b9:ad",
|
|
||||||
"ip-address": "172.23.2.12",
|
|
||||||
"hostname": "lock"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "b8:27:eb:ed:22:58",
|
|
||||||
"ip-address": "172.23.2.13",
|
|
||||||
"hostname": "matrix"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "08:00:37:B8:55:44",
|
|
||||||
"ip-address": "172.23.2.91",
|
|
||||||
"hostname": "strammermax"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "ec:9a:74:35:35:cf",
|
|
||||||
"ip-address": "172.23.2.92",
|
|
||||||
"hostname": "obatzda"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"subnet": "172.23.3.0/24",
|
|
||||||
|
|
||||||
"pools": [ { "pool": "172.23.3.10 - 172.23.3.230" } ],
|
|
||||||
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "routers",
|
|
||||||
"data": "172.23.3.1"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"name": "domain-search",
|
|
||||||
"data": "binary.kitchen, users.binary.kitchen"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
|
|
||||||
"ddns-send-updates": true,
|
|
||||||
"ddns-override-client-update": true,
|
|
||||||
"ddns-override-no-update": true,
|
|
||||||
"ddns-qualifying-suffix": "users.binary.kitchen",
|
|
||||||
"ddns-generated-prefix": "dhcp",
|
|
||||||
"ddns-replace-client-name": "when-not-present",
|
|
||||||
"ddns-update-on-renew": true,
|
|
||||||
|
|
||||||
"reservations": [
|
|
||||||
{
|
|
||||||
"hw-address": "b8:27:eb:18:5c:11",
|
|
||||||
"ip-address": "172.23.3.250",
|
|
||||||
"hostname": "cannelloni"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "b8:27:eb:1d:b9:bf",
|
|
||||||
"ip-address": "172.23.3.240",
|
|
||||||
"hostname": "fusilli"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "74:da:38:6e:e6:9d",
|
|
||||||
"ip-address": "172.23.3.241",
|
|
||||||
"hostname": "klopi"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "b8:27:eb:f5:9e:a1",
|
|
||||||
"ip-address": "172.23.3.246",
|
|
||||||
"hostname": "maccaroni"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "74:da:38:7d:ed:84",
|
|
||||||
"ip-address": "172.23.3.244",
|
|
||||||
"hostname": "mirror"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "b8:27:eb:0f:d3:8b",
|
|
||||||
"ip-address": "172.23.3.242",
|
|
||||||
"hostname": "mpcnc"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "b8:27:eb:56:2b:7c",
|
|
||||||
"ip-address": "172.23.3.251",
|
|
||||||
"hostname": "noodlehub"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "b8:27:eb:eb:e5:88",
|
|
||||||
"ip-address": "172.23.3.245",
|
|
||||||
"hostname": "spaghetti"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "00:1D:45:B6:99:2F",
|
|
||||||
"hostname": "voip01",
|
|
||||||
"client-classes": [ "voip-phone" ]
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "00:1D:A2:66:B8:3E",
|
|
||||||
"hostname": "voip02",
|
|
||||||
"client-classes": [ "voip-phone" ]
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "00:1E:BE:90:FB:DB",
|
|
||||||
"hostname": "voip03",
|
|
||||||
"client-classes": [ "voip-phone" ]
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "00:1E:BE:90:FF:06",
|
|
||||||
"hostname": "voip04",
|
|
||||||
"client-classes": [ "voip-phone" ]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"subnet": "172.23.4.0/24",
|
|
||||||
|
|
||||||
"pools": [ { "pool": "172.23.4.10 - 172.23.4.240" } ],
|
|
||||||
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "routers",
|
|
||||||
"data": "172.23.4.1"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
|
|
||||||
"reservations": [
|
|
||||||
{
|
|
||||||
"hw-address": "b8:27:eb:b6:62:be",
|
|
||||||
"ip-address": "172.23.4.241",
|
|
||||||
"hostname": "habdisplay1"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "b8:27:eb:df:0b:7b",
|
|
||||||
"ip-address": "172.23.4.242",
|
|
||||||
"hostname": "habdisplay2"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "dc:a6:32:bf:e2:3e",
|
|
||||||
"ip-address": "172.23.4.251",
|
|
||||||
"hostname": "openhabgw1"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"subnet": "172.23.12.0/24",
|
|
||||||
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "routers",
|
|
||||||
"data": "172.23.12.1"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
|
|
||||||
"reservations": [
|
|
||||||
{
|
|
||||||
"hw-address": "18:64:72:c6:c2:0c",
|
|
||||||
"ip-address": "172.23.12.41",
|
|
||||||
"hostname": "ap11"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "18:64:72:c6:c4:98",
|
|
||||||
"ip-address": "172.23.12.42",
|
|
||||||
"hostname": "ap12"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"hw-address": "00:30:42:1B:8B:9B",
|
|
||||||
"ip-address": "172.23.12.111",
|
|
||||||
"client-classes": [ "dect-rfp" ],
|
|
||||||
"hostname": "rfp11"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"subnet": "172.23.13.0/24",
|
|
||||||
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "routers",
|
|
||||||
"data": "172.23.13.1"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"subnet": "172.23.14.0/24",
|
|
||||||
|
|
||||||
"pools": [ { "pool": "172.23.14.10 - 172.23.14.240" } ],
|
|
||||||
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "routers",
|
|
||||||
"data": "172.23.14.1"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"subnet": "172.23.15.0/24",
|
|
||||||
|
|
||||||
"pools": [ { "pool": "172.23.15.10 - 172.23.15.240" } ],
|
|
||||||
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "routers",
|
|
||||||
"data": "172.23.15.1"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
],
|
|
||||||
|
|
||||||
"loggers": [
|
|
||||||
{
|
|
||||||
"name": "kea-dhcp4",
|
|
||||||
"output_options": [
|
|
||||||
{
|
|
||||||
"output": "stdout",
|
|
||||||
"pattern": "%-5p %m\n"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"severity": "INFO",
|
|
||||||
"debuglevel": 0
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
@ -2793,7 +2793,7 @@ background_updates:
|
|||||||
# marked as protected from quarantine will not be deleted.
|
# marked as protected from quarantine will not be deleted.
|
||||||
#
|
#
|
||||||
media_retention:
|
media_retention:
|
||||||
local_media_lifetime: 180d
|
local_media_lifetime: 90d
|
||||||
remote_media_lifetime: 14d
|
remote_media_lifetime: 14d
|
||||||
|
|
||||||
|
|
||||||
|
4
roles/mosquitto/README.md
Normal file
4
roles/mosquitto/README.md
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
Ansible Role: Mosquitto
|
||||||
|
=========
|
||||||
|
|
||||||
|
Install and configure [Mosquitto](https://mosquitto.org/) MQTT message broker.
|
46
roles/mosquitto/defaults/main.yml
Normal file
46
roles/mosquitto/defaults/main.yml
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
mosquitto_packages:
|
||||||
|
- mosquitto
|
||||||
|
- mosquitto-clients
|
||||||
|
|
||||||
|
mosquitto_listeners:
|
||||||
|
# Listeners for Mosquitto MQTT Broker
|
||||||
|
- name: "default"
|
||||||
|
listener: "1883 localhost"
|
||||||
|
protocol: "mqtt"
|
||||||
|
use_username_as_clientid: "true"
|
||||||
|
allow_zero_length_clientid: "true"
|
||||||
|
allow_anonymous: "false"
|
||||||
|
users: []
|
||||||
|
# Users for Mosquitto MQTT Broker
|
||||||
|
# Type: Arrays of Objects with following parameters defined:
|
||||||
|
# - username: <string>
|
||||||
|
# password: <string>
|
||||||
|
# acl: <Array> of Objects as follows:
|
||||||
|
# - permissions: <string> Acceptable Value: either `read`, `readwrite`, `write`, `deny`
|
||||||
|
# - topic: <string> Acceptable Value: your/mqtt/topic (wildcards `+`, and `*` allowed)
|
||||||
|
auth_anonymous: []
|
||||||
|
# Topics which are accessable with anonymous access
|
||||||
|
# Example
|
||||||
|
# - "topic read topic_name"
|
||||||
|
auth_patterns: []
|
||||||
|
# %c to match the client id of the client
|
||||||
|
# %u to match the username of the client
|
||||||
|
# Example
|
||||||
|
# - "pattern write $SYS/broker/connection/%c/state"
|
||||||
|
|
||||||
|
mosquitto_bridges: []
|
||||||
|
# Bridges for Mosquitto MQTT Broker
|
||||||
|
# Type: Arrays of Objects with following parameters defined:
|
||||||
|
# - connection: <string>
|
||||||
|
# address: <string>
|
||||||
|
# bridge_insecure: <boolean>
|
||||||
|
# bridge_capath: <string>
|
||||||
|
# remote_password: <string>
|
||||||
|
# remote_username: <string>
|
||||||
|
# remote_clientid: <string>
|
||||||
|
# try_private: <boolean>
|
||||||
|
# topics:
|
||||||
|
# - topic: # in 0 down/ to-level/02/line/
|
||||||
|
# - topic: # out 0 up/ from-level/02/line/
|
34
roles/mosquitto/filter_plugins/mosquitto_passwd.py
Normal file
34
roles/mosquitto/filter_plugins/mosquitto_passwd.py
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
# mosquitto_passwd.py: Custom Jinja2 filter plugin to generate valid PBKDF2_SHA512
|
||||||
|
# hash digests for plain-text passwords in `users` file for
|
||||||
|
# Eclipse Mosquitto Broker
|
||||||
|
|
||||||
|
|
||||||
|
from ansible.errors import AnsibleError
|
||||||
|
|
||||||
|
|
||||||
|
def mosquitto_passwd(passwd):
|
||||||
|
try:
|
||||||
|
import passlib.hash
|
||||||
|
except Exception as e:
|
||||||
|
raise AnsibleError(
|
||||||
|
'mosquitto_passlib custom filter requires the passlib pip package installed')
|
||||||
|
|
||||||
|
SALT_SIZE = 12
|
||||||
|
ITERATIONS = 101
|
||||||
|
salt = passwd[:SALT_SIZE]
|
||||||
|
salt = bytes(salt, 'utf-8')
|
||||||
|
salt += b"0" * (SALT_SIZE - len(salt))
|
||||||
|
|
||||||
|
digest = passlib.hash.pbkdf2_sha512.using(salt_size=SALT_SIZE, rounds=ITERATIONS, salt=salt) \
|
||||||
|
.hash(passwd) \
|
||||||
|
.replace("pbkdf2-sha512", "7") \
|
||||||
|
.replace(".", "+")
|
||||||
|
|
||||||
|
return digest + "=="
|
||||||
|
|
||||||
|
|
||||||
|
class FilterModule(object):
|
||||||
|
def filters(self):
|
||||||
|
return {
|
||||||
|
'mosquitto_passwd': mosquitto_passwd,
|
||||||
|
}
|
6
roles/mosquitto/handlers/main.yml
Normal file
6
roles/mosquitto/handlers/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Restart Mosquitto
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: mosquitto
|
||||||
|
state: restarted
|
11
roles/mosquitto/meta/main.yml
Normal file
11
roles/mosquitto/meta/main.yml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
galaxy_info:
|
||||||
|
author: Thomas Basler
|
||||||
|
description: Install Mosquitto
|
||||||
|
license: None
|
||||||
|
platforms:
|
||||||
|
- name: Debian
|
||||||
|
min_ansible_version: "2.4"
|
||||||
|
|
||||||
|
dependencies: []
|
35
roles/mosquitto/tasks/main.yml
Normal file
35
roles/mosquitto/tasks/main.yml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Mosquitto | Install Mosquitto packages
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ mosquitto_packages }}"
|
||||||
|
notify: Restart Mosquitto
|
||||||
|
|
||||||
|
- name: Mosquitto | Generating Configuration File
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: mosquitto.conf.j2
|
||||||
|
dest: /etc/mosquitto/conf.d/mosquitto.conf
|
||||||
|
mode: "0755"
|
||||||
|
notify: Restart Mosquitto
|
||||||
|
|
||||||
|
- name: Mosquitto | Generating Authentication Users File
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: users.j2
|
||||||
|
dest: "/etc/mosquitto/users_{{ item.name }}"
|
||||||
|
mode: "0755"
|
||||||
|
vars:
|
||||||
|
mosquitto_users: "{{ item.users }}"
|
||||||
|
with_items: "{{ mosquitto_listeners }}"
|
||||||
|
notify: Restart Mosquitto
|
||||||
|
|
||||||
|
- name: Mosquitto | Generating Access Control List File
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: acl.j2
|
||||||
|
dest: "/etc/mosquitto/acl_{{ item.name }}"
|
||||||
|
mode: "0755"
|
||||||
|
vars:
|
||||||
|
listener: "{{ item }}"
|
||||||
|
with_items: "{{ mosquitto_listeners }}"
|
||||||
|
notify: Restart Mosquitto
|
28
roles/mosquitto/templates/acl.j2
Normal file
28
roles/mosquitto/templates/acl.j2
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% for entry in listener.auth_anonymous | default([]) %}
|
||||||
|
{% if loop.first %}
|
||||||
|
# Anonymous access
|
||||||
|
{% endif %}
|
||||||
|
{{ entry }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{% for user in listener.users %}
|
||||||
|
{% if loop.first %}
|
||||||
|
# User access
|
||||||
|
{% endif %}
|
||||||
|
user {{ user.username }}
|
||||||
|
{% for access_list in user.acl | default([]) %}
|
||||||
|
topic {{ access_list.permissions }} {{ access_list.topic }}
|
||||||
|
{% if loop.last %}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{% for entry in listener.auth_patterns | default([]) %}
|
||||||
|
{% if loop.first %}
|
||||||
|
# Global patterns
|
||||||
|
{% endif %}
|
||||||
|
{{ entry }}
|
||||||
|
{% endfor %}
|
36
roles/mosquitto/templates/mosquitto.conf.j2
Normal file
36
roles/mosquitto/templates/mosquitto.conf.j2
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
# Logging Configuration
|
||||||
|
log_timestamp true
|
||||||
|
log_type all
|
||||||
|
|
||||||
|
# Listener
|
||||||
|
per_listener_settings true
|
||||||
|
|
||||||
|
{% for elem in mosquitto_listeners %}
|
||||||
|
### Listener '{{ elem.name }}'
|
||||||
|
listener {{ elem.listener }}
|
||||||
|
{% for key, value in elem | dictsort %}
|
||||||
|
{% if key not in ["listener", "name", "users", "auth_anonymous", "auth_patterns"] %}
|
||||||
|
{{ key }} {{ value }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
password_file /etc/mosquitto/users_{{ elem.name }}
|
||||||
|
acl_file /etc/mosquitto/acl_{{ elem.name }}
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{% for elem in mosquitto_bridges %}
|
||||||
|
{% if loop.first %}
|
||||||
|
# Bridges
|
||||||
|
{% endif %}
|
||||||
|
connection {{ elem.connection }}
|
||||||
|
{% for key, value in elem | dictsort %}
|
||||||
|
{% if key not in ["connection", "topics"] %}
|
||||||
|
{{ key }} {{ value }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% for topic in elem.topics %}
|
||||||
|
topic {{ topic.topic }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
5
roles/mosquitto/templates/users.j2
Normal file
5
roles/mosquitto/templates/users.j2
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% for user in mosquitto_users %}
|
||||||
|
{{ user.username }}:{{ user.password | mosquitto_passwd }}
|
||||||
|
{% endfor %}
|
@ -2,4 +2,4 @@
|
|||||||
|
|
||||||
netbox_group: netbox
|
netbox_group: netbox
|
||||||
netbox_user: netbox
|
netbox_user: netbox
|
||||||
netbox_version: 4.1.4
|
netbox_version: 4.1.3
|
||||||
|
10
roles/pgadmin4/defaults/main.yml
Normal file
10
roles/pgadmin4/defaults/main.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
pgadmin4_user: pgadmin4
|
||||||
|
pgadmin4_db_database: pgadmin4
|
||||||
|
pgadmin4_db_user: pgadmin4
|
||||||
|
pgadmin4_db_password: xxxxx
|
||||||
|
pgadmin4_conf_dir: /etc/pgadmin
|
||||||
|
|
||||||
|
pgadmin4_initial_user_email: admin@admin.com
|
||||||
|
pgadmin4_initial_user_password: admin42
|
6
roles/pgadmin4/handlers/main.yml
Normal file
6
roles/pgadmin4/handlers/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Restart pgadmin4
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: pgadmin4
|
||||||
|
state: restarted
|
11
roles/pgadmin4/meta/main.yml
Normal file
11
roles/pgadmin4/meta/main.yml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
galaxy_info:
|
||||||
|
author: Thomas Basler
|
||||||
|
description: Install PgAdmin4
|
||||||
|
license: None
|
||||||
|
platforms:
|
||||||
|
- name: Debian
|
||||||
|
min_ansible_version: "2.4"
|
||||||
|
|
||||||
|
dependencies: []
|
119
roles/pgadmin4/tasks/main.yml
Normal file
119
roles/pgadmin4/tasks/main.yml
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: PgAdmin 4 | add GPG signing key
|
||||||
|
become: true
|
||||||
|
ansible.builtin.apt_key:
|
||||||
|
url: "https://www.pgadmin.org/static/packages_pgadmin_org.pub"
|
||||||
|
state: present
|
||||||
|
validate_certs: true
|
||||||
|
tags: install
|
||||||
|
|
||||||
|
- name: PgAdmin 4 | add official repository
|
||||||
|
become: true
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: "deb https://ftp.postgresql.org/pub/pgadmin/pgadmin4/apt/bookworm pgadmin4 main"
|
||||||
|
state: present
|
||||||
|
filename: pgadmin4
|
||||||
|
update_cache: true
|
||||||
|
tags: install
|
||||||
|
|
||||||
|
- name: PgAdmin 4 | establish dependencies
|
||||||
|
become: true
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
tags: install
|
||||||
|
loop: ["pgadmin4-server", "uwsgi-core", "uwsgi-plugin-python3", "python3-pexpect"]
|
||||||
|
|
||||||
|
- name: PgAdmin 4 | Configure PostgreSQL database
|
||||||
|
community.general.postgresql_db:
|
||||||
|
name: "{{ pgadmin4_db_database }}"
|
||||||
|
template: template0
|
||||||
|
encoding: utf8
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
register: pgadmin4_db
|
||||||
|
|
||||||
|
- name: PgAdmin 4 | Configure PostgreSQL user
|
||||||
|
community.general.postgresql_user:
|
||||||
|
db: "{{ pgadmin4_db_database }}"
|
||||||
|
name: "{{ pgadmin4_db_user }}"
|
||||||
|
password: "{{ pgadmin4_db_password }}"
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: PgAdmin 4 | Configure PostgreSQL user privileges
|
||||||
|
community.postgresql.postgresql_privs:
|
||||||
|
database: "{{ pgadmin4_db_database }}"
|
||||||
|
state: present
|
||||||
|
privs: ALL
|
||||||
|
type: database
|
||||||
|
role: "{{ pgadmin4_db_user }}"
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: PgAdmin 4 | GRANT ALL PRIVILEGES ON SCHEMA public TO {{ pgadmin4_db_user }}
|
||||||
|
community.postgresql.postgresql_privs:
|
||||||
|
db: "{{ pgadmin4_db_database }}"
|
||||||
|
privs: ALL
|
||||||
|
type: schema
|
||||||
|
objs: public
|
||||||
|
role: "{{ pgadmin4_db_user }}"
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: Create user
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ pgadmin4_user }}"
|
||||||
|
comment: "pgAdmin 4"
|
||||||
|
createhome: false
|
||||||
|
system: true
|
||||||
|
shell: "/sbin/nologin"
|
||||||
|
|
||||||
|
- name: PgAdmin 4 | create config directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: "02775"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
with_items:
|
||||||
|
- "{{ pgadmin4_conf_dir }}"
|
||||||
|
|
||||||
|
- name: PgAdmin 4 | install config file
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: config_system.py.j2
|
||||||
|
dest: "{{ pgadmin4_conf_dir }}/config_system.py"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
notify: Restart pgadmin4
|
||||||
|
|
||||||
|
- name: PgAdmin 4 | install systemd unit file
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: pgadmin4.service.j2
|
||||||
|
dest: "/etc/systemd/system/pgadmin4.service"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
notify: Restart pgadmin4
|
||||||
|
|
||||||
|
- name: PgAdmin 4 | enable service
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: pgadmin4
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: PgAdmin 4 | setup pgadmin # noqa: no-handler
|
||||||
|
ansible.builtin.expect:
|
||||||
|
command: /bin/bash -c "/usr/pgadmin4/venv/bin/python3 /usr/pgadmin4/web/setup.py setup-db"
|
||||||
|
chdir: /usr/pgadmin4/web/
|
||||||
|
echo: true
|
||||||
|
timeout: 300
|
||||||
|
responses:
|
||||||
|
'Email\ address:': "{{ pgadmin4_initial_user_email | trim }}"
|
||||||
|
'Password:': "{{ pgadmin4_initial_user_password | trim }}"
|
||||||
|
'Retype\ password:': "{{ pgadmin4_initial_user_password | trim }}"
|
||||||
|
'Do\ you\ wish\ to\ continue\ \(y/n\)\?': "y"
|
||||||
|
'Would\ you\ like\ to\ continue\ \(y/n\)\?': "y"
|
||||||
|
when: pgadmin4_db.changed
|
||||||
|
notify: Restart pgadmin4
|
4
roles/pgadmin4/templates/config_system.py.j2
Normal file
4
roles/pgadmin4/templates/config_system.py.j2
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
LOG_FILE = '/var/log/pgadmin/pgadmin4.log'
|
||||||
|
CONFIG_DATABASE_URI = 'postgresql://{{ pgadmin4_db_user }}:{{ pgadmin4_db_password }}@localhost:5432/{{ pgadmin4_db_database }}'
|
||||||
|
SESSION_DB_PATH = '/var/lib/pgadmin/sessions'
|
||||||
|
STORAGE_DIR = '/var/lib/pgadmin/storage'
|
29
roles/pgadmin4/templates/pgadmin4.service.j2
Normal file
29
roles/pgadmin4/templates/pgadmin4.service.j2
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
[Unit]
|
||||||
|
Description = PgAdmin4 uwsgi Service
|
||||||
|
After = network.target network-online.target
|
||||||
|
Wants = network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User={{ pgadmin4_user }}
|
||||||
|
StateDirectory=pgadmin
|
||||||
|
RuntimeDirectory=pgadmin4
|
||||||
|
LogsDirectory=pgadmin
|
||||||
|
ExecStart=uwsgi \
|
||||||
|
--socket /run/pgadmin4/pgadmin4.sock --chmod-socket=666 \
|
||||||
|
--plugin python3 \
|
||||||
|
-H /usr/pgadmin4/venv \
|
||||||
|
--processes 1 \
|
||||||
|
--threads 25 \
|
||||||
|
--chdir /usr/pgadmin4/web/ \
|
||||||
|
--manage-script-name \
|
||||||
|
--mount /pgadmin4=pgAdmin4:app
|
||||||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
ExecStop=/bin/kill -INT $MAINPID
|
||||||
|
Restart=always
|
||||||
|
Type=notify
|
||||||
|
StandardError=syslog
|
||||||
|
NotifyAccess=all
|
||||||
|
KillSignal=SIGQUIT
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy = multi-user.target
|
@ -3,21 +3,28 @@
|
|||||||
- name: Request nsupdate key for certificate
|
- name: Request nsupdate key for certificate
|
||||||
include_role: name=acme-dnskey-generate
|
include_role: name=acme-dnskey-generate
|
||||||
|
|
||||||
|
- name: Enable sury php apt-key
|
||||||
|
apt_key: url="https://packages.sury.org/php/apt.gpg"
|
||||||
|
|
||||||
|
- name: Enable sury php repository
|
||||||
|
apt_repository: repo="deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
|
||||||
|
|
||||||
- name: Install packages
|
- name: Install packages
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- php
|
- php8.1
|
||||||
- php-common
|
- php8.1-common
|
||||||
- php-curl
|
- php8.1-curl
|
||||||
- php-mysql
|
- php8.1-mysql
|
||||||
- php-mbstring
|
- php8.1-mbstring
|
||||||
- php-cli
|
- php8.1-cli
|
||||||
- php-opcache
|
- php8.1-opcache
|
||||||
- php-xml
|
- php8.1-xml
|
||||||
- php-fpm
|
- php8.1-fpm
|
||||||
- php-readline
|
- php8.1-readline
|
||||||
- mariadb-server
|
- mariadb-server
|
||||||
- python3-mysqldb
|
- python3-mysqldb
|
||||||
|
- python3-psycopg2
|
||||||
|
|
||||||
- name: Ensure certificates are available
|
- name: Ensure certificates are available
|
||||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ strichliste_domain }}.key -out /etc/nginx/ssl/{{ strichliste_domain }}.crt -days 730 -subj "/CN={{ strichliste_domain }}" creates=/etc/nginx/ssl/{{ strichliste_domain }}.crt
|
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ strichliste_domain }}.key -out /etc/nginx/ssl/{{ strichliste_domain }}.crt -days 730 -subj "/CN={{ strichliste_domain }}" creates=/etc/nginx/ssl/{{ strichliste_domain }}.crt
|
||||||
@ -30,6 +37,12 @@
|
|||||||
- name: Create vhost directory
|
- name: Create vhost directory
|
||||||
file: path=/var/www/strichliste state=directory owner=www-data group=www-data
|
file: path=/var/www/strichliste state=directory owner=www-data group=www-data
|
||||||
|
|
||||||
|
- name: Install Mariadb
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- mariadb-server
|
||||||
|
- python3-mysqldb
|
||||||
|
|
||||||
- name: Configure Mariadb database
|
- name: Configure Mariadb database
|
||||||
community.mysql.mysql_db: name={{ strichliste_dbname }}
|
community.mysql.mysql_db: name={{ strichliste_dbname }}
|
||||||
become: true
|
become: true
|
||||||
@ -64,5 +77,5 @@
|
|||||||
file: src=/etc/nginx/sites-available/strichliste dest=/etc/nginx/sites-enabled/strichliste state=link
|
file: src=/etc/nginx/sites-available/strichliste dest=/etc/nginx/sites-enabled/strichliste state=link
|
||||||
notify: Restart nginx
|
notify: Restart nginx
|
||||||
|
|
||||||
- name: Start php8.2-fpm
|
- name: Start php8.1-fpm
|
||||||
service: name=php8.2-fpm state=started enabled=yes
|
service: name=php8.1-fpm state=started enabled=yes
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
// Unattended-Upgrade::Origins-Pattern controls which packages are
|
// Unattended-Upgrade::Origins-Pattern controls which packages are
|
||||||
// upgraded.
|
// upgraded.
|
||||||
//
|
//
|
||||||
// Lines below have the format "keyword=value,...". A
|
// Lines below have the format format is "keyword=value,...". A
|
||||||
// package will be upgraded only if the values in its metadata match
|
// package will be upgraded only if the values in its metadata match
|
||||||
// all the supplied keywords in a line. (In other words, omitted
|
// all the supplied keywords in a line. (In other words, omitted
|
||||||
// keywords are wild cards.) The keywords originate from the Release
|
// keywords are wild cards.) The keywords originate from the Release
|
||||||
@ -31,7 +31,6 @@ Unattended-Upgrade::Origins-Pattern {
|
|||||||
// "origin=Debian,codename=${distro_codename}-proposed-updates";
|
// "origin=Debian,codename=${distro_codename}-proposed-updates";
|
||||||
"origin=Debian,codename=${distro_codename},label=Debian";
|
"origin=Debian,codename=${distro_codename},label=Debian";
|
||||||
"origin=Debian,codename=${distro_codename},label=Debian-Security";
|
"origin=Debian,codename=${distro_codename},label=Debian-Security";
|
||||||
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
|
|
||||||
|
|
||||||
// Archive or Suite based matching:
|
// Archive or Suite based matching:
|
||||||
// Note that this will silently match a different release after
|
// Note that this will silently match a different release after
|
||||||
@ -94,11 +93,9 @@ Unattended-Upgrade::Package-Blacklist {
|
|||||||
// 'mailx' must be installed. E.g. "user@example.com"
|
// 'mailx' must be installed. E.g. "user@example.com"
|
||||||
Unattended-Upgrade::Mail "root";
|
Unattended-Upgrade::Mail "root";
|
||||||
|
|
||||||
// Set this value to one of:
|
// Set this value to "true" to get emails only on errors. Default
|
||||||
// "always", "only-on-error" or "on-change"
|
// is to always send a mail if Unattended-Upgrade::Mail is set
|
||||||
// If this is not set, then any legacy MailOnlyOnError (boolean) value
|
Unattended-Upgrade::MailOnlyOnError "true";
|
||||||
// is used to chose between "only-on-error" and "on-change"
|
|
||||||
Unattended-Upgrade::MailReport "only-on-error";
|
|
||||||
|
|
||||||
// Remove unused automatically installed kernel-related packages
|
// Remove unused automatically installed kernel-related packages
|
||||||
// (kernel images, kernel headers and kernel version locked tools).
|
// (kernel images, kernel headers and kernel version locked tools).
|
||||||
@ -148,18 +145,3 @@ Unattended-Upgrade::Automatic-Reboot "{{ uau_reboot }}";
|
|||||||
// Print debugging information both in unattended-upgrades and
|
// Print debugging information both in unattended-upgrades and
|
||||||
// in unattended-upgrade-shutdown
|
// in unattended-upgrade-shutdown
|
||||||
// Unattended-Upgrade::Debug "false";
|
// Unattended-Upgrade::Debug "false";
|
||||||
|
|
||||||
// Allow package downgrade if Pin-Priority exceeds 1000
|
|
||||||
// Unattended-Upgrade::Allow-downgrade "false";
|
|
||||||
|
|
||||||
// When APT fails to mark a package to be upgraded or installed try adjusting
|
|
||||||
// candidates of related packages to help APT's resolver in finding a solution
|
|
||||||
// where the package can be upgraded or installed.
|
|
||||||
// This is a workaround until APT's resolver is fixed to always find a
|
|
||||||
// solution if it exists. (See Debian bug #711128.)
|
|
||||||
// The fallback is enabled by default, except on Debian's sid release because
|
|
||||||
// uninstallable packages are frequent there.
|
|
||||||
// Disabling the fallback speeds up unattended-upgrades when there are
|
|
||||||
// uninstallable packages at the expense of rarely keeping back packages which
|
|
||||||
// could be upgraded or installed.
|
|
||||||
// Unattended-Upgrade::Allow-APT-Mark-Fallback "true";
|
|
||||||
|
7
site.yml
7
site.yml
@ -20,7 +20,7 @@
|
|||||||
hosts: [bacon.binary.kitchen, aveta.binary.kitchen, aeron.binary.kitchen]
|
hosts: [bacon.binary.kitchen, aveta.binary.kitchen, aeron.binary.kitchen]
|
||||||
roles:
|
roles:
|
||||||
- dns_intern
|
- dns_intern
|
||||||
- kea
|
- dhcpd
|
||||||
- slapd
|
- slapd
|
||||||
- radius
|
- radius
|
||||||
|
|
||||||
@ -172,3 +172,8 @@
|
|||||||
hosts: barium.binary-kitchen.net
|
hosts: barium.binary-kitchen.net
|
||||||
roles:
|
roles:
|
||||||
- workadventure
|
- workadventure
|
||||||
|
|
||||||
|
- name: Setup HomeAssistant server
|
||||||
|
hosts: lasagne.binary.kitchen
|
||||||
|
roles:
|
||||||
|
- homeassistant
|
Loading…
Reference in New Issue
Block a user