freifunk/Ansible-Configuration Changeset - 7382c88e89fc · Chaos Computer Club Lëtzebuerg Projects

Changeset - 7382c88e89fc

Parent rev.

Child rev.

[Not reviewed]

0 1 0

x - 21 months ago 2023-08-21 03:43:57
xbr@c3l.lu

style: make initial-gw-setup conform MORE to the linter

Not perfect yet, but much better.
Issues right now lie with shell usage & permissions.

1 file changed with 84 insertions and 86 deletions:

gateway/initial_gw_setup.yml

0 comments (0 inline, 0 general)

gateway/initial_gw_setup.yml

➞

Show inline comments

 ---
 # Defining the remote server where the package will be deployed
 - hosts: test
 - name: Initial Gateway Setup
   hosts: test
   remote_user: root
   become: yes
   become_method: sudo
   become: true
   become_method: ansible.builtin.sudo
   vars:
 #    domain: '{{ domain.name }}'
     batman: 2022.2
   tasks:
 # edit sources.list
 #    - name: add the correct dkms source
 #      blockinfile:
 #        path: /etc/apt/sources.list
 #        backup: yes
 #        block: |
 #          # backports
 #          deb http://deb.debian.org/debian bullseye-backports main
 # Installing the sudo, git, vim and python3 packadges on ther servers
   tasks:
     - name: Install a list of packages
       apt:
       ansible.builtin.apt:
         update_cache: true
         pkg:
         - git
         - bridge-utils
         - ntp
         - dnsmasq
         - iptables-persistent
         - openvpn
         - fastd
         - build-essential
         - pkg-config
         - checkinstall
         - libnl-3-dev
         - libnl-genl-3-dev
         - linux-headers-amd64
         - dkms
         - lsb-release
         - ethtool
         - python3
           - git
           - bridge-utils
           - ntp
           - dnsmasq
           - iptables-persistent
           - openvpn
           - fastd
           - build-essential
           - pkg-config
           - checkinstall
           - libnl-3-dev
           - libnl-genl-3-dev
           - linux-headers-amd64
           - dkms
           - lsb-release
           - ethtool
           - python3
 # Updating all packages to their latest version
     - name: Update all packages to their latest version
       apt:
         name: "*"
         state: latest
       ansible.builtin.apt:
         update_cache: true
         upgrade: "yes"
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
+      ansible.builtin.reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
@@ @@ -56,10 +48,10 @@ @@
         test_command: whoami
 # edit routing tables
     - name: add the routing table ports for freifunk
       blockinfile:
     - name: Add the routing table ports for freifunk
       ansible.builtin.blockinfile:
         path: /etc/iproute2/rt_tables
-        backup: yes
+        backup: true
         block: |
           # freifunk
 lux
@@ @@ -67,10 +59,10 @@ @@
 vpn
 # edit rsysctl config
     - name: add the freifunk settings to sysctl config
       blockinfile:
     - name: Add the freifunk settings to sysctl config
       ansible.builtin.blockinfile:
         path: /etc/sysctl.conf
-        backup: yes
+        backup: true
         block: |
           # Freifunk specific settings
           net.ipv4.ip_forward=1
@@ @@ -90,18 +82,18 @@ @@
           net.ipv6.conf.default.accept_ra = 0
           net.ipv6.conf.eth0.accept_ra = 1
           net.ipv4.conf.default.rp_filter = 2
 # load kernel module
     - name: Load kernel module
       become: true
       become_user: root
       shell: modprobe br_netfilter
+      ansible.builtin.shell: modprobe br_netfilter
 # edit the module list
     - name: add nf conntrack to modules
       blockinfile:
     - name: Add nf conntrack to modules
       ansible.builtin.blockinfile:
         path: /etc/modules
-        backup: yes
+        backup: true
         block: |
           nf_conntrack
@@ @@ -109,11 +101,11 @@ @@
     - name: Reload sysctl config
       become: true
       become_user: root
       shell: sysctl -p /etc/sysctl.conf
+      ansible.builtin.shell: sysctl -p /etc/sysctl.conf
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
+      ansible.builtin.reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
@@ @@ -122,7 +114,7 @@ @@
         test_command: whoami
 # create the Freifunk bridge interface file
-# copy default interface file to remote host
 # copy default interface file to remote host
     - name: Copy interface file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/interface/freifunk
@@ @@ -132,7 +124,7 @@ @@
         mode: '0644'
 # create IPV4 Iptables rules
-# copy default IPV4 iptables rules file to remote host
 # copy default IPV4 iptables rules file to remote host
     - name: Copy rulesv4 file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/iptables/rules.v4
@@ @@ -142,7 +134,7 @@ @@
         mode: '0644'
 # create dnsmasq file
-# copy default dnsmasq file to remote host
 # copy default dnsmasq file to remote host
     - name: Copy dnsmasq file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/dnsmasq/fflux
@@ @@ -159,7 +151,7 @@ @@
         mode: '0755'
 # create fastd config file
-# copy default dnsmasq file to remote host
 # copy default dnsmasq file to remote host
     - name: Copy fastd config file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/fastd/fastd.conf
@@ @@ -176,7 +168,7 @@ @@
         mode: '0755'
 # create fastd blacklist script
-# copy fastd blacklist script to remote host
 # copy fastd blacklist script to remote host
     - name: Copy fastd blacklist script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/fastd-blacklist.sh
@@ @@ -186,7 +178,7 @@ @@
         mode: '0755'
 # change fasts autostart to all
-# copy default fastd default file to remote host
 # copy default fastd default file to remote host
     - name: Copy fastd config file with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/fastd/fastd
@@ @@ -208,7 +200,7 @@ @@
         state: absent
 # create hideme config
-# copy the default hidme config to remote host
 # copy the default hidme config to remote host
     - name: Copy hideme config with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/openvpn/hideme.conf
@@ @@ -218,7 +210,7 @@ @@
         mode: '0644'
 # create hideme-up script
-# copy hideme-up script to remote host
 # copy hideme-up script to remote host
     - name: Copy hideme-up script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/hideme-up
@@ @@ -236,7 +228,7 @@ @@
         mode: '0755'
 # create update resolv conf
-# copy update-resolv.conf script to remote host
 # copy update-resolv.conf script to remote host
     - name: Copy update-resolv.conf with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/openvpn/update-resolv-conf
@@ @@ -248,7 +240,7 @@ @@
 # Create for batman installation
     - name: Create directory for batman installation
       ansible.builtin.file:
         path: /usr/src/batman-adv-{{batman}}
+        path: /usr/src/batman-adv-{{ batman }}
         state: directory
         mode: '0755'
@@ @@ -256,21 +248,21 @@ @@
     - name: Clone and check out batman git repo
       ansible.builtin.git:
         repo: 'https://git.open-mesh.org/batman-adv.git'
         dest: /usr/src/batman-adv-{{batman}}
         version: v{{batman}}
         dest: /usr/src/batman-adv-{{ batman }}
         version: v{{ batman }}
 # create dkms conf
-# copy dkms conf to remote host
 # copy dkms conf to remote host
     - name: Copy dkms.conf with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/dkms/dkms.conf
         dest: /usr/src/batman-adv-{{batman}}
+        dest: /usr/src/batman-adv-{{ batman }}
         owner: root
         group: root
         mode: '0644'
 # create dkms install script
-# copy dkms install script to remote host
 # copy dkms install script to remote host
     - name: Copy dkms install script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/install_dkms.sh
@@ @@ -280,7 +272,7 @@ @@
         mode: '0744'
 # create build batclt script
-# copy build batctl script to remote host
 # copy build batctl script to remote host
     - name: Copy build batctl script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/build_batctl.sh
@@ @@ -291,22 +283,22 @@ @@
 # Run batman scripts
     - name: Run install_dkms.sh
       command: bash /usr/local/bin/install_dkms.sh
+      ansible.builtin.command: bash /usr/local/bin/install_dkms.sh
     - name: Run build_batctl.sh
       command: /usr/local/bin/build_batctl.sh
     - name: Run build_batctl.sh
       ansible.builtin.command: /usr/local/bin/build_batctl.sh
 # edit the module list
     - name: add batman-adv to modules
       blockinfile:
     - name: Add batman-adv to modules
       ansible.builtin.blockinfile:
         path: /etc/modules
-        backup: yes
+        backup: true
         block: |
           nf_conntrack
           batman-adv
     - name: Creating a file with content
       copy:
+      ansible.builtin.copy:
         dest: "/etc/modules-load.d/freifunk.conf"
         content: |
           ebtables
@@ @@ -314,7 +306,7 @@ @@
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
+      ansible.builtin.reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600
@@ @@ -323,7 +315,7 @@ @@
         test_command: whoami
 # create check gateway script
-# copy check gateway script to remote host
 # copy check gateway script to remote host
     - name: Copy check gateway script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/check_gateway.sh
@@ @@ -333,7 +325,7 @@ @@
         mode: '0755'
 # create check vpn script
-# copy check vpn script to remote host
 # copy check vpn script to remote host
     - name: Copy check vpn script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/check_vpn.sh
@@ @@ -347,9 +339,11 @@ @@
       ansible.builtin.git:
         repo: 'https://github.com/ffnord/mesh-announce'
         dest: /opt/mesh-announce
         # TODO: Verify that there has been no update!
         version: 40be9a18ee91fa058478bc04105cbd79fd70279e
 # create respondd service
-# copy respondd service script to remote host
 # copy respondd service script to remote host
     - name: Copy respondd service script with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/scripts/respondd.service
@@ @@ -366,14 +360,16 @@ @@
         owner: root
         group: root
         state: link
-        force: yes
+        force: true
 # Stop respondd
     - name: stop systemd-resolved
       command: systemctl stop systemd-resolved
     - name: Stop systemd-resolved
       ansible.builtin.service:
         name: "systemd-resolved"
         state: "stopped"
 # create resolved conf
-# copy resolved conf to remote host
 # copy resolved conf to remote host
     - name: Copy resolved.conf with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/systemd-resolved/resolved.conf
@@ @@ -390,14 +386,16 @@ @@
         owner: root
         group: root
         state: link
-        force: yes
+        force: true
 # Start respondd
     - name: start systemd-resolved
       command: systemctl start systemd-resolved
     - name: Start systemd-resolved
       ansible.builtin.service:
         name: "systemd-resolved"
         state: "started"
 # create default crontab
-# copy default crontab to remote host
 # copy default crontab to remote host
     - name: Copy crontab with owner and permissions
       ansible.builtin.copy:
         src: /home/fflux/Infrastructure-Intern/server_config/crontab/crontab
@@ @@ -408,7 +406,7 @@ @@
 # Reboot and reconnect
     - name: Reboot host and wait for it to restart
       reboot:
+      ansible.builtin.reboot:
         msg: "Reboot initiated by Ansible"
         connect_timeout: 5
         reboot_timeout: 600

0 comments (0 inline, 0 general)