forked from infra/ansible
Compare commits
17 Commits
homeassist
...
master
Author | SHA1 | Date | |
---|---|---|---|
62bc168983 | |||
d72fc4ceaa | |||
68fee1e0d7 | |||
2ea069f94e | |||
63df9a1a54 | |||
35a3f9ae97 | |||
71025ea2f4 | |||
ea189822fc | |||
b425f3b482 | |||
c8a0e54cc8 | |||
4b0b8adcdd | |||
06a8052353 | |||
dcf7325368 | |||
1ddcc40476 | |||
|
bcb5584874 | ||
|
3530b825e2 | ||
5c8baa80e3 |
@ -31,9 +31,9 @@ Currently the following hosts are installed:
|
||||
| knoedel.binary.kitchen | Debian 12 | SIP-DECT OMM |
|
||||
| bob.binary.kitchen | Debian 12 | Gitea Actions |
|
||||
| lasagne.binary.kitchen | Debian 12 | Home Assistant * |
|
||||
| tschunk.binary.kitchen | Debian 11 | Strichliste |
|
||||
| tschunk.binary.kitchen | Debian 12 | Strichliste |
|
||||
| bowle.binary.kitchen | Debian 12 | Files |
|
||||
| lock-auweg.binary.kitchen | Debian 11 | Doorlock |
|
||||
| lock-auweg.binary.kitchen | Debian 12 | Doorlock |
|
||||
|
||||
\*: The main application is not managed by ansible but manually installed
|
||||
|
||||
|
@ -5,3 +5,5 @@ radius_hostname: radius3.binary.kitchen
|
||||
slapd_hostname: ldap3.binary.kitchen
|
||||
slapd_replica_id: 3
|
||||
slapd_role: slave
|
||||
|
||||
uau_reboot: "false"
|
||||
|
@ -15,3 +15,5 @@ radius_hostname: radius1.binary.kitchen
|
||||
slapd_hostname: ldap1.binary.kitchen
|
||||
slapd_replica_id: 1
|
||||
slapd_role: slave
|
||||
|
||||
uau_reboot: "false"
|
||||
|
@ -1,9 +1,8 @@
|
||||
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
|
||||
|
||||
# This is the sshd server system-wide configuration file. See
|
||||
# sshd_config(5) for more information.
|
||||
|
||||
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
|
||||
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
|
||||
|
||||
# The strategy used for options in the default sshd_config shipped with
|
||||
# OpenSSH is to specify options with their default value where
|
||||
@ -69,7 +68,7 @@ PasswordAuthentication {{ sshd_password_authentication }}
|
||||
|
||||
# Change to yes to enable challenge-response passwords (beware issues with
|
||||
# some PAM modules and threads)
|
||||
ChallengeResponseAuthentication no
|
||||
KbdInteractiveAuthentication no
|
||||
|
||||
# Kerberos options
|
||||
#KerberosAuthentication no
|
||||
@ -85,13 +84,13 @@ ChallengeResponseAuthentication no
|
||||
|
||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||
# and session processing. If this is enabled, PAM authentication will
|
||||
# be allowed through the ChallengeResponseAuthentication and
|
||||
# be allowed through the KbdInteractiveAuthentication and
|
||||
# PasswordAuthentication. Depending on your PAM configuration,
|
||||
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||
# the setting of "PermitRootLogin without-password".
|
||||
# PAM authentication via KbdInteractiveAuthentication may bypass
|
||||
# the setting of "PermitRootLogin prohibit-password".
|
||||
# If you just want the PAM account and session checks to run without
|
||||
# PAM authentication, then enable this but set PasswordAuthentication
|
||||
# and ChallengeResponseAuthentication to 'no'.
|
||||
# and KbdInteractiveAuthentication to 'no'.
|
||||
UsePAM yes
|
||||
|
||||
#AllowAgentForwarding yes
|
||||
@ -109,7 +108,7 @@ PrintMotd no
|
||||
#ClientAliveInterval 0
|
||||
#ClientAliveCountMax 3
|
||||
#UseDNS no
|
||||
#PidFile /var/run/sshd.pid
|
||||
#PidFile /run/sshd.pid
|
||||
#MaxStartups 10:30:100
|
||||
#PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
|
@ -1,4 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Restart isc-dhcp-server
|
||||
service: name=isc-dhcp-server state=restarted
|
@ -1,14 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Install dhcp server
|
||||
apt: name=isc-dhcp-server
|
||||
|
||||
- name: Configure dhcp server
|
||||
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
||||
with_items:
|
||||
- default/isc-dhcp-server
|
||||
- dhcp/dhcpd.conf
|
||||
notify: Restart isc-dhcp-server
|
||||
|
||||
- name: Start the dhcp server
|
||||
service: name=isc-dhcp-server state=started enabled=yes
|
@ -1,21 +0,0 @@
|
||||
#
|
||||
# This is a POSIX shell fragment
|
||||
#
|
||||
|
||||
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
|
||||
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
|
||||
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
|
||||
|
||||
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
|
||||
#DHCPDv4_PID=/var/run/dhcpd.pid
|
||||
#DHCPDv6_PID=/var/run/dhcpd6.pid
|
||||
|
||||
# Additional options to start dhcpd with.
|
||||
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
|
||||
#OPTIONS=""
|
||||
|
||||
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
|
||||
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
|
||||
INTERFACESv4="{{ ansible_default_ipv4['interface'] }}"
|
||||
INTERFACESv6=""
|
||||
INTERFACES="{{ ansible_default_ipv4['interface'] }}"
|
@ -1,319 +0,0 @@
|
||||
# dhcpd.conf
|
||||
|
||||
# option definitions common to all supported networks...
|
||||
option domain-name "binary.kitchen";
|
||||
option domain-name-servers {{ name_servers | join(', ') }};
|
||||
option domain-search "binary.kitchen";
|
||||
option ntp-servers 172.23.1.60, 172.23.2.3;
|
||||
|
||||
# options related to Mitel SIP-DECT
|
||||
option space sipdect;
|
||||
option local-encapsulation code 43 = encapsulate sipdect;
|
||||
option sipdect.ommip1 code 10 = ip-address;
|
||||
option sipdect.ommip2 code 19 = ip-address;
|
||||
option sipdect.syslogip code 14 = ip-address;
|
||||
option sipdect.syslogport code 15 = integer 16;
|
||||
option magic_str code 224 = text;
|
||||
|
||||
default-lease-time 7200;
|
||||
max-lease-time 28800;
|
||||
|
||||
# Use this to enble / disable dynamic dns updates globally.
|
||||
ddns-update-style interim;
|
||||
ddns-updates on;
|
||||
|
||||
# If this DHCP server is the official DHCP server for the local
|
||||
# network, the authoritative directive should be uncommented.
|
||||
authoritative;
|
||||
|
||||
# Use this to send dhcp log messages to a different log file (you also
|
||||
# have to hack syslog.conf to complete the redirection).
|
||||
log-facility local7;
|
||||
|
||||
{% if dhcpd_failover == true %}
|
||||
|
||||
# Failover
|
||||
|
||||
failover peer "failover-partner" {
|
||||
{% if ansible_default_ipv4.address == dhcpd_primary %}
|
||||
primary;
|
||||
address {{ dhcpd_primary }};
|
||||
peer address {{ dhcpd_secondary }};
|
||||
{% elif ansible_default_ipv4.address == dhcpd_secondary %}
|
||||
secondary;
|
||||
address {{ dhcpd_secondary }};
|
||||
peer address {{ dhcpd_primary }};
|
||||
{% endif %}
|
||||
port 520;
|
||||
peer port 520;
|
||||
max-response-delay 60;
|
||||
max-unacked-updates 10;
|
||||
{% if ansible_default_ipv4.address == dhcpd_primary %}
|
||||
mclt 600;
|
||||
split 255;
|
||||
{% endif %}
|
||||
load balance max seconds 3;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
# Binary Kitchen subnets
|
||||
|
||||
# Management
|
||||
subnet 172.23.1.0 netmask 255.255.255.0 {
|
||||
option routers 172.23.1.1;
|
||||
}
|
||||
|
||||
# Services
|
||||
subnet 172.23.2.0 netmask 255.255.255.0 {
|
||||
allow bootp;
|
||||
option routers 172.23.2.1;
|
||||
}
|
||||
|
||||
# Users
|
||||
subnet 172.23.3.0 netmask 255.255.255.0 {
|
||||
option routers 172.23.3.1;
|
||||
ddns-domainname "users.binary.kitchen";
|
||||
option domain-search "binary.kitchen", "users.binary.kitchen";
|
||||
pool {
|
||||
{% if dhcpd_failover == true %}
|
||||
failover peer "failover-partner";
|
||||
{% endif %}
|
||||
range 172.23.3.10 172.23.3.230;
|
||||
}
|
||||
}
|
||||
|
||||
# MQTT
|
||||
subnet 172.23.4.0 netmask 255.255.255.0 {
|
||||
option routers 172.23.4.1;
|
||||
pool {
|
||||
{% if dhcpd_failover == true %}
|
||||
failover peer "failover-partner";
|
||||
{% endif %}
|
||||
range 172.23.4.10 172.23.4.240;
|
||||
}
|
||||
}
|
||||
|
||||
# Management Auweg
|
||||
subnet 172.23.12.0 netmask 255.255.255.0 {
|
||||
option routers 172.23.12.1;
|
||||
}
|
||||
|
||||
# Services Auweg
|
||||
subnet 172.23.13.0 netmask 255.255.255.0 {
|
||||
allow bootp;
|
||||
option routers 172.23.13.1;
|
||||
}
|
||||
|
||||
# Users Auweg
|
||||
subnet 172.23.14.0 netmask 255.255.255.0 {
|
||||
option routers 172.23.14.1;
|
||||
option domain-search "binary.kitchen", "users.binary.kitchen";
|
||||
pool {
|
||||
{% if dhcpd_failover == true %}
|
||||
failover peer "failover-partner";
|
||||
{% endif %}
|
||||
range 172.23.14.10 172.23.14.230;
|
||||
}
|
||||
}
|
||||
|
||||
# MQTT Auweg
|
||||
subnet 172.23.15.0 netmask 255.255.255.0 {
|
||||
option routers 172.23.15.1;
|
||||
pool {
|
||||
{% if dhcpd_failover == true %}
|
||||
failover peer "failover-partner";
|
||||
{% endif %}
|
||||
range 172.23.15.10 172.23.15.240;
|
||||
}
|
||||
}
|
||||
|
||||
# DDNS zones
|
||||
|
||||
zone users.binary.kitchen {
|
||||
primary {{ dns_primary }};
|
||||
}
|
||||
|
||||
|
||||
# Fixed IPs
|
||||
|
||||
host ap01 {
|
||||
hardware ethernet 44:48:c1:ce:a9:00;
|
||||
fixed-address ap01.binary.kitchen;
|
||||
}
|
||||
|
||||
host ap04 {
|
||||
hardware ethernet 74:9e:75:ce:93:54;
|
||||
fixed-address ap04.binary.kitchen;
|
||||
}
|
||||
|
||||
host ap05 {
|
||||
hardware ethernet bc:9f:e4:c3:6f:aa;
|
||||
fixed-address ap05.binary.kitchen;
|
||||
}
|
||||
|
||||
host ap06 {
|
||||
hardware ethernet 94:b4:0f:c0:1d:a0;
|
||||
fixed-address ap06.binary.kitchen;
|
||||
}
|
||||
|
||||
host ap11 {
|
||||
hardware ethernet 18:64:72:c6:c2:0c;
|
||||
fixed-address ap11.binary.kitchen;
|
||||
}
|
||||
|
||||
host ap12 {
|
||||
hardware ethernet 18:64:72:c6:c4:98;
|
||||
fixed-address ap12.binary.kitchen;
|
||||
}
|
||||
|
||||
host bowle {
|
||||
hardware ethernet ac:1f:6b:25:16:b6;
|
||||
fixed-address bowle.binary.kitchen;
|
||||
}
|
||||
|
||||
host cannelloni {
|
||||
hardware ethernet b8:27:eb:18:5c:11;
|
||||
fixed-address cannelloni.binary.kitchen;
|
||||
}
|
||||
|
||||
host fusilli {
|
||||
hardware ethernet b8:27:eb:1d:b9:bf;
|
||||
fixed-address fusilli.binary.kitchen;
|
||||
}
|
||||
|
||||
host habdisplay1 {
|
||||
hardware ethernet b8:27:eb:b6:62:be;
|
||||
fixed-address habdisplay1.mqtt.binary.kitchen;
|
||||
}
|
||||
|
||||
host habdisplay2 {
|
||||
hardware ethernet b8:27:eb:df:0b:7b;
|
||||
fixed-address habdisplay2.mqtt.binary.kitchen;
|
||||
}
|
||||
|
||||
host klopi {
|
||||
hardware ethernet 74:da:38:6e:e6:9d;
|
||||
fixed-address klopi.binary.kitchen;
|
||||
}
|
||||
|
||||
host lock {
|
||||
hardware ethernet b8:27:eb:d8:b9:ad;
|
||||
fixed-address lock.binary.kitchen;
|
||||
}
|
||||
|
||||
host maccaroni {
|
||||
hardware ethernet b8:27:eb:f5:9e:a1;
|
||||
fixed-address maccaroni.binary.kitchen;
|
||||
}
|
||||
|
||||
host matrix {
|
||||
hardware ethernet b8:27:eb:ed:22:58;
|
||||
fixed-address matrix.binary.kitchen;
|
||||
}
|
||||
|
||||
host mirror {
|
||||
hardware ethernet 74:da:38:7d:ed:84;
|
||||
fixed-address mirror.binary.kitchen;
|
||||
}
|
||||
|
||||
host mpcnc {
|
||||
hardware ethernet b8:27:eb:0f:d3:8b;
|
||||
fixed-address mpcnc.binary.kitchen;
|
||||
}
|
||||
|
||||
host noodlehub {
|
||||
hardware ethernet b8:27:eb:56:2b:7c;
|
||||
fixed-address noodlehub.binary.kitchen;
|
||||
}
|
||||
|
||||
host openhabgw1 {
|
||||
hardware ethernet dc:a6:32:bf:e2:3e;
|
||||
fixed-address openhabgw1.mqtt.binary.kitchen;
|
||||
}
|
||||
|
||||
host pizza {
|
||||
hardware ethernet 52:54:00:17:02:21;
|
||||
fixed-address pizza.binary.kitchen;
|
||||
}
|
||||
|
||||
host spaghetti {
|
||||
hardware ethernet b8:27:eb:eb:e5:88;
|
||||
fixed-address spaghetti.binary.kitchen;
|
||||
}
|
||||
|
||||
host schweinshaxn {
|
||||
hardware ethernet 52:54:00:17:02:24;
|
||||
fixed-address schweinshaxn.binary.kitchen;
|
||||
}
|
||||
|
||||
host strammermax {
|
||||
hardware ethernet 08:00:37:B8:55:44;
|
||||
fixed-address strammermax.binary.kitchen;
|
||||
}
|
||||
|
||||
host obatzda {
|
||||
hardware ethernet ec:9a:74:35:35:cf;
|
||||
fixed-address obatzda.binary.kitchen;
|
||||
}
|
||||
|
||||
|
||||
# VoIP Phones
|
||||
|
||||
host voip01 {
|
||||
hardware ethernet 00:1D:45:B6:99:2F;
|
||||
option tftp-server-name "172.23.2.36";
|
||||
}
|
||||
|
||||
host voip02 {
|
||||
hardware ethernet 00:1D:A2:66:B8:3E;
|
||||
option tftp-server-name "172.23.2.36";
|
||||
}
|
||||
|
||||
host voip03 {
|
||||
hardware ethernet 00:1E:BE:90:FB:DB;
|
||||
option tftp-server-name "172.23.2.36";
|
||||
}
|
||||
|
||||
host voip04 {
|
||||
hardware ethernet 00:1E:BE:90:FF:06;
|
||||
option tftp-server-name "172.23.2.36";
|
||||
}
|
||||
|
||||
|
||||
# Mitel SIP-DECT
|
||||
|
||||
host rfp01 {
|
||||
hardware ethernet 00:30:42:1B:73:5A;
|
||||
fixed-address 172.23.1.111;
|
||||
option host-name "rfp01";
|
||||
option sipdect.ommip1 172.23.2.35;
|
||||
option magic_str = "OpenMobilitySIP-DECT";
|
||||
}
|
||||
|
||||
host rfp02 {
|
||||
hardware ethernet 00:30:42:21:D4:D5;
|
||||
fixed-address 172.23.1.112;
|
||||
option host-name "rfp02";
|
||||
option sipdect.ommip1 172.23.2.35;
|
||||
option magic_str = "OpenMobilitySIP-DECT";
|
||||
}
|
||||
|
||||
host rfp11 {
|
||||
hardware ethernet 00:30:42:1B:8B:9B;
|
||||
fixed-address 172.23.12.111;
|
||||
option host-name "rfp11";
|
||||
option sipdect.ommip1 172.23.2.35;
|
||||
option magic_str = "OpenMobilitySIP-DECT";
|
||||
}
|
||||
|
||||
|
||||
|
||||
# OMAPI
|
||||
|
||||
omapi-port 7911;
|
||||
omapi-key omapi_key;
|
||||
|
||||
key omapi_key {
|
||||
algorithm hmac-md5;
|
||||
secret {{ dhcp_omapi_key }};
|
||||
}
|
@ -1,7 +1,7 @@
|
||||
$ORIGIN 23.172.in-addr.arpa. ; base for unqualified names
|
||||
$TTL 1h ; default time-to-live
|
||||
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
|
||||
2024051300; serial
|
||||
2024100600; serial
|
||||
1d; refresh
|
||||
2h; retry
|
||||
4w; expire
|
||||
@ -13,7 +13,7 @@ $TTL 1h ; default time-to-live
|
||||
1.0 IN PTR core.binary.kitchen.
|
||||
2.0 IN PTR rt-w13b.binary.kitchen.
|
||||
3.0 IN PTR erx-rz.binary.kitchen.
|
||||
4.0 IN PTR erx-auweg.binary.kitchen.
|
||||
4.0 IN PTR rt-auweg.binary.kitchen.
|
||||
; Management
|
||||
1.1 IN PTR v2301.core.binary.kitchen.
|
||||
11.1 IN PTR ups1.binary.kitchen.
|
||||
@ -87,22 +87,26 @@ $GENERATE 10-240 $.4 IN PTR dhcp-${0,3,d}-04.binary.kitchen.
|
||||
1.10 IN PTR wg0.erx-rz.binary.kitchen.
|
||||
$GENERATE 2-254 $.10 IN PTR vpn-${0,3,d}-10.binary.kitchen.
|
||||
; Management Auweg
|
||||
1.12 IN PTR v2312.rt-auweg.binary.kitchen.
|
||||
31.12 IN PTR sw-auweg.binary.kitchen.
|
||||
41.12 IN PTR ap11.binary.kitchen.
|
||||
42.12 IN PTR ap12.binary.kitchen.
|
||||
61.12 IN PTR weizen.binary.kitchen.
|
||||
111.12 IN PTR rfp11.binary.kitchen.
|
||||
; Services Auweg
|
||||
1.13 IN PTR v2313.rt-auweg.binary.kitchen.
|
||||
3.13 IN PTR aeron.binary.kitchen.
|
||||
12.13 IN PTR lock-auweg.binary.kitchen.
|
||||
; Clients Auweg
|
||||
1.14 IN PTR v2314.rt-auweg.binary.kitchen.
|
||||
$GENERATE 10-230 $.14 IN PTR dhcp-${0,3,d}-14.binary.kitchen.
|
||||
; MQTT
|
||||
1.15 IN PTR v2315.rt-auweg.binary.kitchen.
|
||||
$GENERATE 10-240 $.15 IN PTR dhcp-${0,3,d}-15.binary.kitchen.
|
||||
; Point-to-Point
|
||||
1.96 IN PTR v400.erx-bk.binary.kitchen.
|
||||
1.96 IN PTR v400.rt-w13b.binary.kitchen.
|
||||
2.96 IN PTR v400.core.binary.kitchen.
|
||||
1.97 IN PTR wg1.erx-rz.binary.kitchen.
|
||||
2.97 IN PTR wg1.erx-bk.binary.kitchen.
|
||||
2.97 IN PTR wg1.rt-w13b.binary.kitchen.
|
||||
5.97 IN PTR wg2.erx-rz.binary.kitchen.
|
||||
6.97 IN PTR wg2.erx-auweg.binary.kitchen.
|
||||
6.97 IN PTR wg2.rt-auweg.binary.kitchen.
|
||||
|
@ -1,7 +1,7 @@
|
||||
$ORIGIN binary.kitchen ; base for unqualified names
|
||||
$TTL 1h ; default time-to-live
|
||||
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
|
||||
2024051300; serial
|
||||
2024100600; serial
|
||||
1d; refresh
|
||||
2h; retry
|
||||
4w; expire
|
||||
@ -36,7 +36,7 @@ radius IN A 172.23.2.4
|
||||
core IN A 172.23.0.1
|
||||
rt-w13b IN A 172.23.0.2
|
||||
erx-rz IN A 172.23.0.3
|
||||
erx-auweg IN A 172.23.0.4
|
||||
rt-auweg IN A 172.23.0.4
|
||||
; Management
|
||||
v2301.core IN A 172.23.1.1
|
||||
ups1 IN A 172.23.1.11
|
||||
@ -107,25 +107,29 @@ salat IN A 172.23.9.61
|
||||
salat-bmc IN A 172.23.9.81
|
||||
; Services RZ
|
||||
; Management Auweg
|
||||
v2312.rt-auweg IN A 172.23.12.1
|
||||
sw-auweg IN A 172.23.12.31
|
||||
ap11 IN A 172.23.12.41
|
||||
ap12 IN A 172.23.12.42
|
||||
weizen IN A 172.23.12.61
|
||||
rfp11 IN A 172.23.12.111
|
||||
; Services Auweg
|
||||
v2313.rt-auweg IN A 172.23.13.1
|
||||
aeron IN A 172.23.13.3
|
||||
lock-auweg IN A 172.23.13.12
|
||||
; Clients Auweg
|
||||
v2314.rt-auweg IN A 172.23.14.1
|
||||
$GENERATE 10-230 dhcp-${0,3,d}-14 IN A 172.23.14.$
|
||||
; MQTT Auweg
|
||||
v2315.rt-auweg IN A 172.23.15.1
|
||||
$GENERATE 10-240 dhcp-${0,3,d}-15 IN A 172.23.15.$
|
||||
; VPN RZ (ER-X)
|
||||
wg0.erx-rz IN A 172.23.10.1
|
||||
$GENERATE 2-254 vpn-${0,3,d}-10 IN A 172.23.10.$
|
||||
; Point-to-Point
|
||||
v400.erx-bk IN A 172.23.96.1
|
||||
v400.rt-w13b IN A 172.23.96.1
|
||||
v400.core IN A 172.23.96.2
|
||||
wg1.erx-rz IN A 172.23.97.1
|
||||
wg1.erx-bk IN A 172.23.97.2
|
||||
wg1.rt-w13b IN A 172.23.97.2
|
||||
wg2.erx-rz IN A 172.23.97.5
|
||||
wg2.erx-auweg IN A 172.23.97.6
|
||||
wg2.rt-auweg IN A 172.23.97.6
|
||||
|
10
roles/kea/handlers/main.yml
Normal file
10
roles/kea/handlers/main.yml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
|
||||
- name: Restart kea-dhcp4-server
|
||||
service: name=kea-dhcp4-server state=restarted
|
||||
|
||||
- name: Restart kea-dhcp-ddns-server
|
||||
service: name=kea-dhcp-ddns-server state=restarted
|
||||
|
||||
- name: Restart kea-ctrl-agent
|
||||
service: name=kea-ctrl-agent state=restarted
|
38
roles/kea/tasks/main.yml
Normal file
38
roles/kea/tasks/main.yml
Normal file
@ -0,0 +1,38 @@
|
||||
---
|
||||
|
||||
- name: Install the kea dhcp server
|
||||
apt:
|
||||
name:
|
||||
- kea-ctrl-agent
|
||||
- kea-dhcp4-server
|
||||
- kea-dhcp-ddns-server
|
||||
|
||||
- name: Configure the kea dhcp4 server
|
||||
template:
|
||||
src: kea/kea-dhcp4.conf.j2
|
||||
dest: /etc/kea/kea-dhcp4.conf
|
||||
# validate: kea-dhcp4 -t %s
|
||||
notify: Restart kea-dhcp4-server
|
||||
|
||||
- name: Start the kea dhcp4 server
|
||||
service: name=kea-dhcp4-server state=started enabled=yes
|
||||
|
||||
- name: Configure the kea dhcp-ddns server
|
||||
template:
|
||||
src: kea/kea-dhcp-ddns.conf.j2
|
||||
dest: /etc/kea/kea-dhcp-ddns.conf
|
||||
# validate: kea-dhcp-ddns -t %s
|
||||
notify: Restart kea-dhcp-ddns-server
|
||||
|
||||
- name: Start the kea dhcp-ddns server
|
||||
service: name=kea-dhcp-ddns-server state=started enabled=yes
|
||||
|
||||
- name: Configure the kea control agent
|
||||
template:
|
||||
src: kea/kea-ctrl-agent.conf.j2
|
||||
dest: /etc/kea/kea-ctrl-agent.conf
|
||||
# validate: kea-ctrl-agent -t %s
|
||||
notify: Restart kea-ctrl-agent
|
||||
|
||||
- name: Start the kea control agent
|
||||
service: name=kea-ctrl-agent state=started enabled=yes
|
37
roles/kea/templates/kea/kea-ctrl-agent.conf.j2
Normal file
37
roles/kea/templates/kea/kea-ctrl-agent.conf.j2
Normal file
@ -0,0 +1,37 @@
|
||||
{
|
||||
"Control-agent":
|
||||
{
|
||||
"http-host": "0.0.0.0",
|
||||
"http-port": 8000,
|
||||
"control-sockets":
|
||||
{
|
||||
"dhcp4":
|
||||
{
|
||||
"comment": "socket to DHCP4 server",
|
||||
"socket-type": "unix",
|
||||
"socket-name": "/run/kea/kea4-ctrl-socket"
|
||||
},
|
||||
|
||||
"d2":
|
||||
{
|
||||
"socket-type": "unix",
|
||||
"socket-name": "/run/kea/kea-ddns-ctrl-socket",
|
||||
"user-context": { "in-use": false }
|
||||
}
|
||||
},
|
||||
|
||||
"loggers": [
|
||||
{
|
||||
"name": "kea-ctrl-agent",
|
||||
"output_options": [
|
||||
{
|
||||
"output": "stdout",
|
||||
"pattern": "%-5p %m\n"
|
||||
}
|
||||
],
|
||||
"severity": "INFO",
|
||||
"debuglevel": 0
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
38
roles/kea/templates/kea/kea-dhcp-ddns.conf.j2
Normal file
38
roles/kea/templates/kea/kea-dhcp-ddns.conf.j2
Normal file
@ -0,0 +1,38 @@
|
||||
{
|
||||
"DhcpDdns": {
|
||||
"ip-address": "127.0.0.1",
|
||||
"port": 53001,
|
||||
"control-socket": {
|
||||
"socket-type": "unix",
|
||||
"socket-name": "/run/kea/kea-ddns-ctrl-socket"
|
||||
},
|
||||
|
||||
"forward-ddns": {
|
||||
"ddns-domains": [
|
||||
{
|
||||
"name": "users.binary.kitchen.",
|
||||
"dns-servers": [
|
||||
{ "ip-address": "{{ dns_primary }}" }
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
"reverse-ddns": {
|
||||
},
|
||||
|
||||
"loggers": [
|
||||
{
|
||||
"name": "kea-dhcp4",
|
||||
"output_options": [
|
||||
{
|
||||
"output": "stdout",
|
||||
"pattern": "%-5p %m\n"
|
||||
}
|
||||
],
|
||||
"severity": "INFO",
|
||||
"debuglevel": 0
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
470
roles/kea/templates/kea/kea-dhcp4.conf.j2
Normal file
470
roles/kea/templates/kea/kea-dhcp4.conf.j2
Normal file
@ -0,0 +1,470 @@
|
||||
{
|
||||
|
||||
"Dhcp4": {
|
||||
"interfaces-config": {
|
||||
"interfaces": [ "{{ ansible_default_ipv4['interface'] }}" ]
|
||||
},
|
||||
|
||||
"control-socket": {
|
||||
"socket-type": "unix",
|
||||
"socket-name": "/run/kea/kea4-ctrl-socket"
|
||||
},
|
||||
|
||||
"dhcp-ddns": {
|
||||
"enable-updates": true,
|
||||
"server-ip": "127.0.0.1",
|
||||
"server-port": 53001,
|
||||
"sender-ip": "",
|
||||
"sender-port": 0,
|
||||
"max-queue-size": 1024,
|
||||
"ncr-protocol": "UDP",
|
||||
"ncr-format": "JSON"
|
||||
},
|
||||
|
||||
"hooks-libraries": [
|
||||
{
|
||||
"library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so"
|
||||
{% if dhcpd_failover %}
|
||||
},
|
||||
|
||||
{
|
||||
"library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_ha.so",
|
||||
"parameters": {
|
||||
"high-availability": [ {
|
||||
"this-server-name": "{{ inventory_hostname.split('.')[0] }}",
|
||||
"mode": "hot-standby",
|
||||
"heartbeat-delay": 10000,
|
||||
"max-response-delay": 60000,
|
||||
"max-ack-delay": 5000,
|
||||
"max-unacked-clients": 5,
|
||||
"sync-timeout": 60000,
|
||||
"peers": [
|
||||
{
|
||||
"name": "{{ lookup('dig', dhcpd_primary+'/PTR', '@'+dns_primary).split('.')[0] }}",
|
||||
"url": "http://{{ dhcpd_primary }}:8000/",
|
||||
"role": "primary"
|
||||
},
|
||||
{
|
||||
"name": "{{ lookup('dig', dhcpd_secondary+'/PTR', '@'+dns_primary).split('.')[0] }}",
|
||||
"url": "http://{{ dhcpd_secondary }}:8000/",
|
||||
"role": "standby"
|
||||
}
|
||||
]
|
||||
} ]
|
||||
}
|
||||
{% endif %}
|
||||
}
|
||||
],
|
||||
|
||||
"lease-database": {
|
||||
"type": "memfile",
|
||||
"lfc-interval": 3600
|
||||
},
|
||||
|
||||
"expired-leases-processing": {
|
||||
"reclaim-timer-wait-time": 10,
|
||||
"flush-reclaimed-timer-wait-time": 25,
|
||||
"hold-reclaimed-time": 3600,
|
||||
"max-reclaim-leases": 100,
|
||||
"max-reclaim-time": 250,
|
||||
"unwarned-reclaim-cycles": 5
|
||||
},
|
||||
|
||||
"renew-timer": 900,
|
||||
"rebind-timer": 1800,
|
||||
"valid-lifetime": 3600,
|
||||
|
||||
"option-def": [
|
||||
{
|
||||
"code": 43,
|
||||
"encapsulate": "sipdect",
|
||||
"name": "vendor-encapsulated-options",
|
||||
"space": "dhcp4",
|
||||
"type": "empty"
|
||||
},
|
||||
{
|
||||
"code": 10,
|
||||
"name": "ommip1",
|
||||
"space": "sipdect",
|
||||
"type": "ipv4-address"
|
||||
},
|
||||
{
|
||||
"code": 19,
|
||||
"name": "ommip2",
|
||||
"space": "sipdect",
|
||||
"type": "ipv4-address"
|
||||
},
|
||||
{
|
||||
"code": 14,
|
||||
"name": "syslogip",
|
||||
"space": "sipdect",
|
||||
"type": "ipv4-address"
|
||||
},
|
||||
{
|
||||
"code": 15,
|
||||
"name": "syslogport",
|
||||
"space": "sipdect",
|
||||
"type": "int16"
|
||||
},
|
||||
{
|
||||
"code": 224,
|
||||
"name": "magic_str",
|
||||
"space": "dhcp4",
|
||||
"type": "string"
|
||||
}
|
||||
],
|
||||
|
||||
"option-data": [
|
||||
{
|
||||
"name": "domain-name-servers",
|
||||
"data": "{{ name_servers | join(', ') }}"
|
||||
},
|
||||
|
||||
{
|
||||
"name": "domain-name",
|
||||
"data": "binary.kitchen"
|
||||
},
|
||||
|
||||
{
|
||||
"name": "domain-search",
|
||||
"data": "binary.kitchen"
|
||||
}
|
||||
],
|
||||
|
||||
"client-classes": [
|
||||
{
|
||||
"name": "voip-phone",
|
||||
"option-data": [
|
||||
{
|
||||
"name": "tftp-server-name",
|
||||
"data": "172.23.2.36"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
{
|
||||
"name": "dect-rfp",
|
||||
"option-data": [
|
||||
{
|
||||
"name": "vendor-encapsulated-options"
|
||||
},
|
||||
{
|
||||
"data": "172.23.2.35",
|
||||
"name": "ommip1",
|
||||
"space": "sipdect"
|
||||
},
|
||||
{
|
||||
"data": "OpenMobilitySIP-DECT",
|
||||
"name": "magic_str"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
|
||||
"subnet4": [
|
||||
{
|
||||
"subnet": "172.23.1.0/24",
|
||||
|
||||
"option-data": [
|
||||
{
|
||||
"name": "routers",
|
||||
"data": "172.23.1.1"
|
||||
}
|
||||
],
|
||||
|
||||
"reservations": [
|
||||
{
|
||||
"hw-address": "44:48:c1:ce:a9:00",
|
||||
"ip-address": "172.23.1.41",
|
||||
"hostname": "ap01"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "74:9e:75:ce:93:54",
|
||||
"ip-address": "172.23.1.44",
|
||||
"hostname": "ap04"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "bc:9f:e4:c3:6f:aa",
|
||||
"ip-address": "172.23.1.45",
|
||||
"hostname": "ap05"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "94:b4:0f:c0:1d:a0",
|
||||
"ip-address": "172.23.1.46",
|
||||
"hostname": "ap06"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:30:42:1B:73:5A",
|
||||
"ip-address": "172.23.1.111",
|
||||
"client-classes": [ "dect-rfp" ],
|
||||
"hostname": "rfp01"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:30:42:21:D4:D5",
|
||||
"ip-address": "172.23.1.112",
|
||||
"client-classes": [ "dect-rfp" ],
|
||||
"hostname": "rfp02"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
{
|
||||
"subnet": "172.23.2.0/24",
|
||||
|
||||
"option-data": [
|
||||
{
|
||||
"name": "routers",
|
||||
"data": "172.23.2.1"
|
||||
}
|
||||
],
|
||||
|
||||
"reservations": [
|
||||
{
|
||||
"hw-address": "b8:27:eb:d8:b9:ad",
|
||||
"ip-address": "172.23.2.12",
|
||||
"hostname": "lock"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "b8:27:eb:ed:22:58",
|
||||
"ip-address": "172.23.2.13",
|
||||
"hostname": "matrix"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "08:00:37:B8:55:44",
|
||||
"ip-address": "172.23.2.91",
|
||||
"hostname": "strammermax"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "ec:9a:74:35:35:cf",
|
||||
"ip-address": "172.23.2.92",
|
||||
"hostname": "obatzda"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
{
|
||||
"subnet": "172.23.3.0/24",
|
||||
|
||||
"pools": [ { "pool": "172.23.3.10 - 172.23.3.230" } ],
|
||||
|
||||
"option-data": [
|
||||
{
|
||||
"name": "routers",
|
||||
"data": "172.23.3.1"
|
||||
},
|
||||
|
||||
{
|
||||
"name": "domain-search",
|
||||
"data": "binary.kitchen, users.binary.kitchen"
|
||||
}
|
||||
],
|
||||
|
||||
"ddns-send-updates": true,
|
||||
"ddns-override-client-update": true,
|
||||
"ddns-override-no-update": true,
|
||||
"ddns-qualifying-suffix": "users.binary.kitchen",
|
||||
"ddns-generated-prefix": "dhcp",
|
||||
"ddns-replace-client-name": "when-not-present",
|
||||
"ddns-update-on-renew": true,
|
||||
|
||||
"reservations": [
|
||||
{
|
||||
"hw-address": "b8:27:eb:18:5c:11",
|
||||
"ip-address": "172.23.3.250",
|
||||
"hostname": "cannelloni"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "b8:27:eb:1d:b9:bf",
|
||||
"ip-address": "172.23.3.240",
|
||||
"hostname": "fusilli"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "74:da:38:6e:e6:9d",
|
||||
"ip-address": "172.23.3.241",
|
||||
"hostname": "klopi"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "b8:27:eb:f5:9e:a1",
|
||||
"ip-address": "172.23.3.246",
|
||||
"hostname": "maccaroni"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "74:da:38:7d:ed:84",
|
||||
"ip-address": "172.23.3.244",
|
||||
"hostname": "mirror"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "b8:27:eb:0f:d3:8b",
|
||||
"ip-address": "172.23.3.242",
|
||||
"hostname": "mpcnc"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "b8:27:eb:56:2b:7c",
|
||||
"ip-address": "172.23.3.251",
|
||||
"hostname": "noodlehub"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "b8:27:eb:eb:e5:88",
|
||||
"ip-address": "172.23.3.245",
|
||||
"hostname": "spaghetti"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:1D:45:B6:99:2F",
|
||||
"hostname": "voip01",
|
||||
"client-classes": [ "voip-phone" ]
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:1D:A2:66:B8:3E",
|
||||
"hostname": "voip02",
|
||||
"client-classes": [ "voip-phone" ]
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:1E:BE:90:FB:DB",
|
||||
"hostname": "voip03",
|
||||
"client-classes": [ "voip-phone" ]
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:1E:BE:90:FF:06",
|
||||
"hostname": "voip04",
|
||||
"client-classes": [ "voip-phone" ]
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
{
|
||||
"subnet": "172.23.4.0/24",
|
||||
|
||||
"pools": [ { "pool": "172.23.4.10 - 172.23.4.240" } ],
|
||||
|
||||
"option-data": [
|
||||
{
|
||||
"name": "routers",
|
||||
"data": "172.23.4.1"
|
||||
}
|
||||
],
|
||||
|
||||
"reservations": [
|
||||
{
|
||||
"hw-address": "b8:27:eb:b6:62:be",
|
||||
"ip-address": "172.23.4.241",
|
||||
"hostname": "habdisplay1"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "b8:27:eb:df:0b:7b",
|
||||
"ip-address": "172.23.4.242",
|
||||
"hostname": "habdisplay2"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "dc:a6:32:bf:e2:3e",
|
||||
"ip-address": "172.23.4.251",
|
||||
"hostname": "openhabgw1"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
{
|
||||
"subnet": "172.23.12.0/24",
|
||||
|
||||
"option-data": [
|
||||
{
|
||||
"name": "routers",
|
||||
"data": "172.23.12.1"
|
||||
}
|
||||
],
|
||||
|
||||
"reservations": [
|
||||
{
|
||||
"hw-address": "18:64:72:c6:c2:0c",
|
||||
"ip-address": "172.23.12.41",
|
||||
"hostname": "ap11"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "18:64:72:c6:c4:98",
|
||||
"ip-address": "172.23.12.42",
|
||||
"hostname": "ap12"
|
||||
},
|
||||
|
||||
{
|
||||
"hw-address": "00:30:42:1B:8B:9B",
|
||||
"ip-address": "172.23.12.111",
|
||||
"client-classes": [ "dect-rfp" ],
|
||||
"hostname": "rfp11"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
{
|
||||
"subnet": "172.23.13.0/24",
|
||||
|
||||
"option-data": [
|
||||
{
|
||||
"name": "routers",
|
||||
"data": "172.23.13.1"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
{
|
||||
"subnet": "172.23.14.0/24",
|
||||
|
||||
"pools": [ { "pool": "172.23.14.10 - 172.23.14.240" } ],
|
||||
|
||||
"option-data": [
|
||||
{
|
||||
"name": "routers",
|
||||
"data": "172.23.14.1"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
{
|
||||
"subnet": "172.23.15.0/24",
|
||||
|
||||
"pools": [ { "pool": "172.23.15.10 - 172.23.15.240" } ],
|
||||
|
||||
"option-data": [
|
||||
{
|
||||
"name": "routers",
|
||||
"data": "172.23.15.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
|
||||
"loggers": [
|
||||
{
|
||||
"name": "kea-dhcp4",
|
||||
"output_options": [
|
||||
{
|
||||
"output": "stdout",
|
||||
"pattern": "%-5p %m\n"
|
||||
}
|
||||
],
|
||||
"severity": "INFO",
|
||||
"debuglevel": 0
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -2793,7 +2793,7 @@ background_updates:
|
||||
# marked as protected from quarantine will not be deleted.
|
||||
#
|
||||
media_retention:
|
||||
local_media_lifetime: 90d
|
||||
local_media_lifetime: 180d
|
||||
remote_media_lifetime: 14d
|
||||
|
||||
|
||||
|
@ -2,4 +2,4 @@
|
||||
|
||||
netbox_group: netbox
|
||||
netbox_user: netbox
|
||||
netbox_version: 4.1.3
|
||||
netbox_version: 4.1.4
|
||||
|
@ -3,28 +3,21 @@
|
||||
- name: Request nsupdate key for certificate
|
||||
include_role: name=acme-dnskey-generate
|
||||
|
||||
- name: Enable sury php apt-key
|
||||
apt_key: url="https://packages.sury.org/php/apt.gpg"
|
||||
|
||||
- name: Enable sury php repository
|
||||
apt_repository: repo="deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
|
||||
|
||||
- name: Install packages
|
||||
apt:
|
||||
name:
|
||||
- php8.1
|
||||
- php8.1-common
|
||||
- php8.1-curl
|
||||
- php8.1-mysql
|
||||
- php8.1-mbstring
|
||||
- php8.1-cli
|
||||
- php8.1-opcache
|
||||
- php8.1-xml
|
||||
- php8.1-fpm
|
||||
- php8.1-readline
|
||||
- php
|
||||
- php-common
|
||||
- php-curl
|
||||
- php-mysql
|
||||
- php-mbstring
|
||||
- php-cli
|
||||
- php-opcache
|
||||
- php-xml
|
||||
- php-fpm
|
||||
- php-readline
|
||||
- mariadb-server
|
||||
- python3-mysqldb
|
||||
- python3-psycopg2
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ strichliste_domain }}.key -out /etc/nginx/ssl/{{ strichliste_domain }}.crt -days 730 -subj "/CN={{ strichliste_domain }}" creates=/etc/nginx/ssl/{{ strichliste_domain }}.crt
|
||||
@ -37,12 +30,6 @@
|
||||
- name: Create vhost directory
|
||||
file: path=/var/www/strichliste state=directory owner=www-data group=www-data
|
||||
|
||||
- name: Install Mariadb
|
||||
apt:
|
||||
name:
|
||||
- mariadb-server
|
||||
- python3-mysqldb
|
||||
|
||||
- name: Configure Mariadb database
|
||||
community.mysql.mysql_db: name={{ strichliste_dbname }}
|
||||
become: true
|
||||
@ -77,5 +64,5 @@
|
||||
file: src=/etc/nginx/sites-available/strichliste dest=/etc/nginx/sites-enabled/strichliste state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Start php8.1-fpm
|
||||
service: name=php8.1-fpm state=started enabled=yes
|
||||
- name: Start php8.2-fpm
|
||||
service: name=php8.2-fpm state=started enabled=yes
|
||||
|
@ -2,7 +2,7 @@
|
||||
// Unattended-Upgrade::Origins-Pattern controls which packages are
|
||||
// upgraded.
|
||||
//
|
||||
// Lines below have the format format is "keyword=value,...". A
|
||||
// Lines below have the format "keyword=value,...". A
|
||||
// package will be upgraded only if the values in its metadata match
|
||||
// all the supplied keywords in a line. (In other words, omitted
|
||||
// keywords are wild cards.) The keywords originate from the Release
|
||||
@ -31,6 +31,7 @@ Unattended-Upgrade::Origins-Pattern {
|
||||
// "origin=Debian,codename=${distro_codename}-proposed-updates";
|
||||
"origin=Debian,codename=${distro_codename},label=Debian";
|
||||
"origin=Debian,codename=${distro_codename},label=Debian-Security";
|
||||
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
|
||||
|
||||
// Archive or Suite based matching:
|
||||
// Note that this will silently match a different release after
|
||||
@ -93,9 +94,11 @@ Unattended-Upgrade::Package-Blacklist {
|
||||
// 'mailx' must be installed. E.g. "user@example.com"
|
||||
Unattended-Upgrade::Mail "root";
|
||||
|
||||
// Set this value to "true" to get emails only on errors. Default
|
||||
// is to always send a mail if Unattended-Upgrade::Mail is set
|
||||
Unattended-Upgrade::MailOnlyOnError "true";
|
||||
// Set this value to one of:
|
||||
// "always", "only-on-error" or "on-change"
|
||||
// If this is not set, then any legacy MailOnlyOnError (boolean) value
|
||||
// is used to chose between "only-on-error" and "on-change"
|
||||
Unattended-Upgrade::MailReport "only-on-error";
|
||||
|
||||
// Remove unused automatically installed kernel-related packages
|
||||
// (kernel images, kernel headers and kernel version locked tools).
|
||||
@ -145,3 +148,18 @@ Unattended-Upgrade::Automatic-Reboot "{{ uau_reboot }}";
|
||||
// Print debugging information both in unattended-upgrades and
|
||||
// in unattended-upgrade-shutdown
|
||||
// Unattended-Upgrade::Debug "false";
|
||||
|
||||
// Allow package downgrade if Pin-Priority exceeds 1000
|
||||
// Unattended-Upgrade::Allow-downgrade "false";
|
||||
|
||||
// When APT fails to mark a package to be upgraded or installed try adjusting
|
||||
// candidates of related packages to help APT's resolver in finding a solution
|
||||
// where the package can be upgraded or installed.
|
||||
// This is a workaround until APT's resolver is fixed to always find a
|
||||
// solution if it exists. (See Debian bug #711128.)
|
||||
// The fallback is enabled by default, except on Debian's sid release because
|
||||
// uninstallable packages are frequent there.
|
||||
// Disabling the fallback speeds up unattended-upgrades when there are
|
||||
// uninstallable packages at the expense of rarely keeping back packages which
|
||||
// could be upgraded or installed.
|
||||
// Unattended-Upgrade::Allow-APT-Mark-Fallback "true";
|
||||
|
Loading…
Reference in New Issue
Block a user