From bbab498c1c5a80cf263cf138f7f438760520bd3f 2023-08-22 14:28:13
From: x <xbr@c3l.lu>
Date: 2023-08-22 14:28:13
Subject: [PATCH] feat: initial_gw_setup, add config tag to tasks

---

diff --git a/gateway/initial_gw_setup.yml b/gateway/initial_gw_setup.yml
index f550698b968649436ff0c2673ba88600c53e8f7d..e325c5e6495c3a12951ad8a3a11dfc524645ce96 100644
--- a/gateway/initial_gw_setup.yml
+++ b/gateway/initial_gw_setup.yml
@@ -10,6 +10,7 @@
       ansible.builtin.apt:
         update_cache: true
         upgrade: "yes"
+      tags: update
     - name: Install a list of packages
       ansible.builtin.apt:
         update_cache: true
@@ -32,6 +33,7 @@
           - ethtool
           - python3
           - wget # for fastd-blacklist
+      tags: update
     - name: Reboot host and wait for it to restart
       ansible.builtin.reboot:
         msg: "Reboot initiated by Ansible"
@@ -50,6 +52,7 @@
           33      lux
           42      icvpn
           100     vpn
+      tags: config
 
     # Sysctl
     - name: Add the freifunk settings to sysctl config
@@ -75,8 +78,10 @@
           net.ipv6.conf.default.accept_ra = 0
           net.ipv6.conf.eth0.accept_ra = 1
           net.ipv4.conf.default.rp_filter = 2
+      tags: config
     - name: Reload sysctl config
       ansible.builtin.shell: sysctl -p /etc/sysctl.conf
+      tags: config
 
     # Modules
     - name: Load `br_netfilter` kernel module
@@ -89,6 +94,7 @@
         name: "nf_conntrack"
         state: "present"
         persistent: "present"
+      tags: config
 
     # Basic networking
     - name: Setup network interfaces (bridge + bat0)
@@ -98,9 +104,10 @@
         owner: root
         group: root
         mode: "0644"
-      register: basic_networking
+      tags: config
     - name: Pull up new interfaces
       ansible.builtin.command: /usr/sbin/ifup -a
+      tags: config
     - name: Copy iptables rulesv4
       ansible.builtin.copy:
         src: "{{ server_config_dir }}/iptables/rules.v4"
@@ -108,11 +115,13 @@
         owner: root
         group: root
         mode: "0644"
+      tags: config
     - name: Restart iptables-persistent
       ansible.builtin.service:
         name: "netfilter-persistent"
         state: "restarted"
         enabled: true
+      tags: config
     - name: Setup dnsmasq config w/ IPv4 ranges
       ansible.builtin.template:
         src: "{{ server_config_dir }}/dnsmasq/fflux.j2"
@@ -120,6 +129,7 @@
         owner: root
         group: root
         mode: "0644"
+      tags: config
 
     # fastd
     - name: Create the fflux dir inside of fastd
@@ -127,6 +137,7 @@
         path: /etc/fastd/fflux
         state: directory
         mode: "0755"
+      tags: config
     - name: Setup fastd (fflux) config w/ MAC address
       ansible.builtin.template:
         src: "{{ server_config_dir }}/fastd/fastd.conf.j2"
@@ -134,22 +145,28 @@
         owner: root
         group: root
         mode: "0644"
+      tags: config
     - name: Create peers-gw directory in fastd/fflux
       ansible.builtin.file:
         path: /etc/fastd/fflux/peers-gw
         state: directory
         mode: "0755"
+      tags: config
     - name: List all peers but ourselves
       ansible.builtin.find:
         path: "{{ server_config_dir }}/fastd/peers-gw/"
         excludes: "{{ inventory_hostname }}"
       delegate_to: localhost
       register: peers_to_copy
+      tags: config
     - name: Copy fastd peers
       ansible.builtin.copy:
         src: "{{ item.path }}"
         dest: /etc/fastd/fflux/peers-gw/
+        owner: root
+        mode: "0644"
       with_items: "{{ peers_to_copy.files }}"
+      tags: config
     - name: Copy fastd blacklist script
       ansible.builtin.copy:
         src: "{{ server_scripts_dir }}/fastd-blacklist.sh"
@@ -157,6 +174,7 @@
         owner: root
         group: root
         mode: "0755"
+      tags: config
     - name: Set fastd to autostart all
       ansible.builtin.copy:
         src: "{{ server_config_dir }}/fastd/fastd"
@@ -164,22 +182,25 @@
         owner: root
         group: root
         mode: "0644"
+      tags: config
     - name: Start fastd
       ansible.builtin.service:
         name: "fastd"
         state: "started"
         enabled: "true"
-
+      tags: config
 
     # OpenVPN
     - name: Remove client directory
       ansible.builtin.file:
         path: /etc/openvpn/client
         state: absent
+      tags: config
     - name: Remove server directory
       ansible.builtin.file:
         path: /etc/openvpn/server
         state: absent
+      tags: config
     - name: Copy hideme config
       ansible.builtin.copy:
         src: "{{ server_config_dir }}/openvpn/hideme.conf"
@@ -187,6 +208,7 @@
         owner: root
         group: root
         mode: "0644"
+      tags: config
     - name: Copy hideme auth file
       ansible.builtin.copy:
         src: "{{ server_config_dir }}/openvpn/auth.txt"
@@ -194,6 +216,7 @@
         owner: root
         group: root
         mode: "0640"
+      tags: config
     - name: Copy hideme-up script
       ansible.builtin.copy:
         src: "{{ server_scripts_dir }}/hideme-up"
@@ -201,6 +224,7 @@
         owner: root
         group: root
         mode: "0755"
+      tags: config
     - name: Copy hideme-down script
       ansible.builtin.copy:
         src: "{{ server_scripts_dir }}/hideme-down"
@@ -208,6 +232,7 @@
         owner: root
         group: root
         mode: "0755"
+      tags: config
     - name: Copy update-resolv-conf
       ansible.builtin.copy:
         src: "{{ server_config_dir }}/openvpn/update-resolv-conf"
@@ -215,11 +240,13 @@
         owner: root
         group: root
         mode: "0755"
+      tags: config
     - name: Ensure OpenVPN sevice is enabled + starts
       ansible.builtin.service:
         name: "openvpn@hideme"
         state: "started"
         enabled: true
+      tags: config
 
     # batman-adv
     - name: Add batman-adv to modules
@@ -227,23 +254,19 @@
         name: "batman-adv"
         state: "present"
         persistent: "present"
+      tags: config
     - name: Add nf_conntrack to modules
       community.general.modprobe:
         name: "nf_conntrack"
         state: "present"
         persistent: "present"
+      tags: config
     - name: Add ebtables to modules
       community.general.modprobe:
         name: "ebtables"
         state: "present"
         persistent: "present"
-      ansible.builtin.reboot:
-        msg: "Reboot initiated by Ansible"
-        connect_timeout: 5
-        reboot_timeout: 600
-        pre_reboot_delay: 0
-        post_reboot_delay: 30
-        test_command: whoami
+      tags: config
 
     # "check" scripts
     - name: Copy check gateway script
@@ -253,6 +276,7 @@
         owner: root
         group: root
         mode: "0755"
+      tags: config
     - name: Copy check vpn script
       ansible.builtin.copy:
         src: "{{ server_scripts_dir }}/check_vpn.sh"
@@ -260,6 +284,7 @@
         owner: root
         group: root
         mode: "0755"
+      tags: config
 
     # mesh-announce
     - name: Clone mesh-announce git repo
@@ -268,12 +293,14 @@
         dest: /opt/mesh-announce
         # TODO: Verify that there has been no update!
         version: 40be9a18ee91fa058478bc04105cbd79fd70279e
+      tags: config
     - name: Configure respondd.service file
       ansible.builtin.lineinfile:
         path: /opt/mesh-announce/respondd.service
         regexp: "^ExecStart="
         line: "ExecStart=/opt/mesh-announce/respondd.py -d /opt/mesh-announce/providers -f /opt/mesh-announce/respondd.conf"
         state: present
+      tags: config
     - name: Symbolic link for respondd.service
       ansible.builtin.file:
         src: /opt/mesh-announce/respondd.service
@@ -282,23 +309,27 @@
         group: root
         state: link
         force: true
+      tags: config
     - name: Copy respondd.conf template w/ IP + Hardware
       ansible.builtin.template:
         src: "{{ server_config_dir }}/respondd.conf.j2"
         dest: /opt/mesh-announce/respondd.conf
         owner: root
         mode: "0644"
+      tags: config
     - name: Enable + Start respondd.service
       ansible.builtin.service:
         name: "respondd"
         state: "started"
         enabled: "true"
+      tags: config
 
     # Disables systemd-resolved Stub Listener
     - name: Stop systemd-resolved
       ansible.builtin.service:
         name: "systemd-resolved"
         state: "stopped"
+      tags: config
     - name: Copy resolved.conf
       ansible.builtin.copy:
         src: "{{ server_config_dir }}/systemd-resolved/resolved.conf"
@@ -306,6 +337,7 @@
         owner: root
         group: root
         mode: "0644"
+      tags: config
     - name: Create a symbolic link for resolv.conf, replacing the initial resolv.conf
       ansible.builtin.file:
         src: /run/systemd/resolve/resolv.conf
@@ -314,20 +346,24 @@
         group: root
         state: link
         force: true
+      tags: config
     - name: Start systemd-resolved
       ansible.builtin.service:
         name: "systemd-resolved"
         state: "started"
         enabled: "true"
+      tags: config
     - name: Make sure dnsmasq is started
       ansible.builtin.service:
         name: "dnsmasq"
         state: "started"
         enabled: "true"
+      tags: config
     - name: Reload dnsmasq
       ansible.builtin.service:
         name: "dnsmasq"
         state: "reloaded"
+      tags: config
 
     # Crontab
     - name: Add check_gateway to cron
@@ -341,6 +377,7 @@
         day: "*"
         month: "*"
         weekday: "*"
+      tags: config
     - name: Add check_vpn to cron
       ansible.builtin.cron:
         name: "check if vpn is online"
@@ -352,6 +389,7 @@
         day: "*"
         month: "*"
         weekday: "*"
+      tags: config
     - name: Regularly download the peer blacklist
       ansible.builtin.cron:
         name: "download blacklist"
@@ -363,6 +401,7 @@
         day: "*"
         month: "*"
         weekday: "*"
+      tags: config
 
     # Reboot and reconnect
     - name: Reboot host and wait for it to restart