From 7382c88e89fc58d5559fad6118cec33a7a3e5b08 2023-08-21 03:43:57 From: x Date: 2023-08-21 03:43:57 Subject: [PATCH] style: make initial-gw-setup conform MORE to the linter Not perfect yet, but much better. Issues right now lie with shell usage & permissions. --- diff --git a/gateway/initial_gw_setup.yml b/gateway/initial_gw_setup.yml index bd778301e3438acee38f7c24db06aa116b104504..a0470501b399d0cdd2b4f779d09ad90b5b4e523b 100644 --- a/gateway/initial_gw_setup.yml +++ b/gateway/initial_gw_setup.yml @@ -1,53 +1,45 @@ --- -# Defining the remote server where the package will be deployed -- hosts: test +- name: Initial Gateway Setup + hosts: test remote_user: root - become: yes - become_method: sudo + become: true + become_method: ansible.builtin.sudo + vars: -# domain: '{{ domain.name }}' batman: 2022.2 - tasks: -# edit sources.list -# - name: add the correct dkms source -# blockinfile: -# path: /etc/apt/sources.list -# backup: yes -# block: | -# # backports -# deb http://deb.debian.org/debian bullseye-backports main -# Installing the sudo, git, vim and python3 packadges on ther servers + tasks: - name: Install a list of packages - apt: + ansible.builtin.apt: + update_cache: true pkg: - - git - - bridge-utils - - ntp - - dnsmasq - - iptables-persistent - - openvpn - - fastd - - build-essential - - pkg-config - - checkinstall - - libnl-3-dev - - libnl-genl-3-dev - - linux-headers-amd64 - - dkms - - lsb-release - - ethtool - - python3 + - git + - bridge-utils + - ntp + - dnsmasq + - iptables-persistent + - openvpn + - fastd + - build-essential + - pkg-config + - checkinstall + - libnl-3-dev + - libnl-genl-3-dev + - linux-headers-amd64 + - dkms + - lsb-release + - ethtool + - python3 # Updating all packages to their latest version - name: Update all packages to their latest version - apt: - name: "*" - state: latest + ansible.builtin.apt: + update_cache: true + upgrade: "yes" # Reboot and reconnect - name: Reboot host and wait for it to restart - reboot: + ansible.builtin.reboot: msg: "Reboot initiated by Ansible" connect_timeout: 5 reboot_timeout: 600 @@ -56,10 +48,10 @@ test_command: whoami # edit routing tables - - name: add the routing table ports for freifunk - blockinfile: + - name: Add the routing table ports for freifunk + ansible.builtin.blockinfile: path: /etc/iproute2/rt_tables - backup: yes + backup: true block: | # freifunk 33 lux @@ -67,10 +59,10 @@ 100 vpn # edit rsysctl config - - name: add the freifunk settings to sysctl config - blockinfile: + - name: Add the freifunk settings to sysctl config + ansible.builtin.blockinfile: path: /etc/sysctl.conf - backup: yes + backup: true block: | # Freifunk specific settings net.ipv4.ip_forward=1 @@ -90,18 +82,18 @@ net.ipv6.conf.default.accept_ra = 0 net.ipv6.conf.eth0.accept_ra = 1 net.ipv4.conf.default.rp_filter = 2 - + # load kernel module - name: Load kernel module become: true become_user: root - shell: modprobe br_netfilter + ansible.builtin.shell: modprobe br_netfilter # edit the module list - - name: add nf conntrack to modules - blockinfile: + - name: Add nf conntrack to modules + ansible.builtin.blockinfile: path: /etc/modules - backup: yes + backup: true block: | nf_conntrack @@ -109,11 +101,11 @@ - name: Reload sysctl config become: true become_user: root - shell: sysctl -p /etc/sysctl.conf + ansible.builtin.shell: sysctl -p /etc/sysctl.conf # Reboot and reconnect - name: Reboot host and wait for it to restart - reboot: + ansible.builtin.reboot: msg: "Reboot initiated by Ansible" connect_timeout: 5 reboot_timeout: 600 @@ -122,7 +114,7 @@ test_command: whoami # create the Freifunk bridge interface file -# copy default interface file to remote host +# copy default interface file to remote host - name: Copy interface file with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/interface/freifunk @@ -132,7 +124,7 @@ mode: '0644' # create IPV4 Iptables rules -# copy default IPV4 iptables rules file to remote host +# copy default IPV4 iptables rules file to remote host - name: Copy rulesv4 file with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/iptables/rules.v4 @@ -142,7 +134,7 @@ mode: '0644' # create dnsmasq file -# copy default dnsmasq file to remote host +# copy default dnsmasq file to remote host - name: Copy dnsmasq file with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/dnsmasq/fflux @@ -159,7 +151,7 @@ mode: '0755' # create fastd config file -# copy default dnsmasq file to remote host +# copy default dnsmasq file to remote host - name: Copy fastd config file with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/fastd/fastd.conf @@ -176,7 +168,7 @@ mode: '0755' # create fastd blacklist script -# copy fastd blacklist script to remote host +# copy fastd blacklist script to remote host - name: Copy fastd blacklist script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/fastd-blacklist.sh @@ -186,7 +178,7 @@ mode: '0755' # change fasts autostart to all -# copy default fastd default file to remote host +# copy default fastd default file to remote host - name: Copy fastd config file with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/fastd/fastd @@ -208,7 +200,7 @@ state: absent # create hideme config -# copy the default hidme config to remote host +# copy the default hidme config to remote host - name: Copy hideme config with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/openvpn/hideme.conf @@ -218,7 +210,7 @@ mode: '0644' # create hideme-up script -# copy hideme-up script to remote host +# copy hideme-up script to remote host - name: Copy hideme-up script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/hideme-up @@ -236,7 +228,7 @@ mode: '0755' # create update resolv conf -# copy update-resolv.conf script to remote host +# copy update-resolv.conf script to remote host - name: Copy update-resolv.conf with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/openvpn/update-resolv-conf @@ -248,7 +240,7 @@ # Create for batman installation - name: Create directory for batman installation ansible.builtin.file: - path: /usr/src/batman-adv-{{batman}} + path: /usr/src/batman-adv-{{ batman }} state: directory mode: '0755' @@ -256,21 +248,21 @@ - name: Clone and check out batman git repo ansible.builtin.git: repo: 'https://git.open-mesh.org/batman-adv.git' - dest: /usr/src/batman-adv-{{batman}} - version: v{{batman}} + dest: /usr/src/batman-adv-{{ batman }} + version: v{{ batman }} # create dkms conf -# copy dkms conf to remote host +# copy dkms conf to remote host - name: Copy dkms.conf with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/dkms/dkms.conf - dest: /usr/src/batman-adv-{{batman}} + dest: /usr/src/batman-adv-{{ batman }} owner: root group: root mode: '0644' # create dkms install script -# copy dkms install script to remote host +# copy dkms install script to remote host - name: Copy dkms install script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/install_dkms.sh @@ -280,7 +272,7 @@ mode: '0744' # create build batclt script -# copy build batctl script to remote host +# copy build batctl script to remote host - name: Copy build batctl script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/build_batctl.sh @@ -291,22 +283,22 @@ # Run batman scripts - name: Run install_dkms.sh - command: bash /usr/local/bin/install_dkms.sh + ansible.builtin.command: bash /usr/local/bin/install_dkms.sh - - name: Run build_batctl.sh - command: /usr/local/bin/build_batctl.sh + - name: Run build_batctl.sh + ansible.builtin.command: /usr/local/bin/build_batctl.sh # edit the module list - - name: add batman-adv to modules - blockinfile: + - name: Add batman-adv to modules + ansible.builtin.blockinfile: path: /etc/modules - backup: yes + backup: true block: | nf_conntrack batman-adv - name: Creating a file with content - copy: + ansible.builtin.copy: dest: "/etc/modules-load.d/freifunk.conf" content: | ebtables @@ -314,7 +306,7 @@ # Reboot and reconnect - name: Reboot host and wait for it to restart - reboot: + ansible.builtin.reboot: msg: "Reboot initiated by Ansible" connect_timeout: 5 reboot_timeout: 600 @@ -323,7 +315,7 @@ test_command: whoami # create check gateway script -# copy check gateway script to remote host +# copy check gateway script to remote host - name: Copy check gateway script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/check_gateway.sh @@ -333,7 +325,7 @@ mode: '0755' # create check vpn script -# copy check vpn script to remote host +# copy check vpn script to remote host - name: Copy check vpn script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/check_vpn.sh @@ -347,9 +339,11 @@ ansible.builtin.git: repo: 'https://github.com/ffnord/mesh-announce' dest: /opt/mesh-announce + # TODO: Verify that there has been no update! + version: 40be9a18ee91fa058478bc04105cbd79fd70279e # create respondd service -# copy respondd service script to remote host +# copy respondd service script to remote host - name: Copy respondd service script with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/scripts/respondd.service @@ -366,14 +360,16 @@ owner: root group: root state: link - force: yes + force: true # Stop respondd - - name: stop systemd-resolved - command: systemctl stop systemd-resolved + - name: Stop systemd-resolved + ansible.builtin.service: + name: "systemd-resolved" + state: "stopped" # create resolved conf -# copy resolved conf to remote host +# copy resolved conf to remote host - name: Copy resolved.conf with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/systemd-resolved/resolved.conf @@ -390,14 +386,16 @@ owner: root group: root state: link - force: yes + force: true # Start respondd - - name: start systemd-resolved - command: systemctl start systemd-resolved + - name: Start systemd-resolved + ansible.builtin.service: + name: "systemd-resolved" + state: "started" # create default crontab -# copy default crontab to remote host +# copy default crontab to remote host - name: Copy crontab with owner and permissions ansible.builtin.copy: src: /home/fflux/Infrastructure-Intern/server_config/crontab/crontab @@ -408,7 +406,7 @@ # Reboot and reconnect - name: Reboot host and wait for it to restart - reboot: + ansible.builtin.reboot: msg: "Reboot initiated by Ansible" connect_timeout: 5 reboot_timeout: 600