Networking Presets (#399)

* provide a selection of networking presets (network manager ap) * manual networking tools install * configure network/passwords etc the majority of this work is done, and ready to be merged it is still considered experimental at this stage so lives in the experimental menu.
retronas · Aug 19, 2024 · d1d488e · d1d488e
1 parent 4db8a21
commit d1d488e
Show file tree

Hide file tree

Showing 83 changed files with 2,688 additions and 157 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,4 +5,5 @@ src
 log
 ansible/retronas_vars.yml
 etc/*
-config/installed.json
+config/installed.json
+ansible/collections
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
@@ -5,4 +5,5 @@ inventory = /opt/retronas/ansible/hosts.yml
 log_path = /opt/retronas/log/ansible.log
 callbacks_enabled = profile_tasks
 callback_whitelist = profile_tasks
-cache = True
+cache = True
+collections_paths = /opt/retronas/ansible/collections
diff --git a/ansible/install_adtpro.yml b/ansible/install_adtpro.yml
@@ -80,6 +80,23 @@
     with_items: "{{ systemd_units }}"
     notify: "{{ my_name }} daemon-reload" 
 
+  #
+  # FIREWALL
+  #
+  - name: "{{ my_name }} - checking firewall rule"
+    ansible.builtin.stat:
+      path: /etc/firewalld/services
+    register: firewalld_services
+
+  - name: "{{ my_name }} - enable firewall rule"
+    ansible.posix.firewalld:
+      zone: retro
+      port: 60000/tcp
+      permanent: true
+      state: enabled
+      immediate: true
+    when: firewalld_services.stat.exists
+
   handlers:
     - name: "{{ my_name }} daemon-reload"
       ansible.builtin.systemd:

diff --git a/ansible/install_atarist-sidecart.yml b/ansible/install_atarist-sidecart.yml
@@ -89,6 +89,15 @@
       value: "/etc/samba/retronas_atarist.conf"
     notify: "{{ my_name }} - Install changed"
 
+  - name: "{{ my_name }} - enable firewall rule"
+    ansible.posix.firewalld:
+      zone: retro
+      service: http
+      permanent: true
+      state: enabled
+      immediate: true
+    when: firewalld_services.stat.exists
+
   handlers:
 
   - name: "{{ my_name }} daemon-reload"

diff --git a/ansible/install_cockpit.yml b/ansible/install_cockpit.yml
@@ -15,6 +15,10 @@
       - cockpit-storaged
       - cockpit-networkmanager
 
+    - firewalld_rules:
+      - { zone: "retro" }
+      - { zone: "modern" }
+
   tasks:
 
   - name: "{{ my_name }} - Load RetroNAS config"
@@ -34,6 +38,24 @@
       enabled: yes
       daemon_reload: yes
 
+  #
+  # FIREWALL
+  #
+  - name: "{{ my_name }} - checking firewall rule"
+    ansible.builtin.stat:
+      path: /etc/firewalld/services
+    register: firewalld_services
+
+  - name: "{{ my_name }} - enable firewall rule"
+    ansible.posix.firewalld:
+      zone: "{{ item.zone | default('retro') }}"
+      service: "{{ item.service | default('cockpit') }}"
+      permanent: true
+      state: enabled
+      immediate: true
+    with_items: "{{ firewalld_rules }}"
+    when: firewalld_services.stat.exists
+
   handlers:
 
   - name: "{{ my_name }} - Restart service"

diff --git a/ansible/install_deluge.yml b/ansible/install_deluge.yml
@@ -32,6 +32,12 @@
       - { file: "auth",              path: "/var/lib/deluged/config/auth" }
       - { file: "upgrade_deluge.sh", path: "{{ retronas_root }}/scripts/upgrade_deluge.sh", mode: "0755" }
 
+    - firewall_ports:
+      - { zone: retro, port: "8112", protocol: "tcp" }
+      - { zone: modern, port: "8112", protocol: "tcp" }
+      - { zone: retro, port: "58846", protocol: "tcp" }
+      - { zone: modern, port: "58846", protocol: "tcp" }
+
   tasks:
 
   - name: "{{ my_name }} - Load RetroNAS config"
@@ -87,6 +93,24 @@
       - item.instance == 'no'
     notify: "{{ my_name }} - Restart service"
 
+  #
+  # FIREWALL
+  #
+  - name: "{{ my_name }} - checking firewall rule"
+    ansible.builtin.stat:
+      path: /etc/firewalld/services
+    register: firewalld_services
+
+  - name: "{{ my_name }} - enable firewall rule"
+    ansible.posix.firewalld:
+      zone: "{{ item.zone }}"
+      port: "{{ item.port }}/{{ item.protocol }}"
+      permanent: true
+      state: enabled
+      immediate: true
+    with_items: "{{ firewall_ports }}"
+    when: firewalld_services.stat.exists
+
   handlers:
 
   - name: "{{ my_name }} - Restart service"

diff --git a/ansible/install_dhcpcd.yml b/ansible/install_dhcpcd.yml
@@ -0,0 +1,33 @@
+# Dependencies
+- hosts: localhost
+  gather_facts: no
+
+  vars:
+    - my_name: "dhcpcd"
+    - my_file: "install_{{ my_name }}"
+
+    - packages:
+      - dhcpcd
+
+    - changed: false
+
+  tasks:
+
+  - name: "{{ my_name }} - Install packages"
+    package:
+       name: "{{ packages }}"
+       state: latest
+
+  - name: "{{ my_name }} - restart if imported because handlers will not run"
+    service:
+      name: "{{ item }}"
+      state: restarted
+      enabled: yes
+    with_items: "{{ my_services }}"
+    when: changed is true
+
+
+- import_playbook: retronas_system_config.yml
+  vars:
+    module_name: "dhcpcd"
+    module_state: "present"
diff --git a/ansible/install_dnsmasq-retro.yml b/ansible/install_dnsmasq-retro.yml
@@ -0,0 +1,100 @@
+# Dependencies
+- import_playbook: install_ntp.yml
+- import_playbook: install_dnsmasq.yml
+
+- hosts: localhost
+  gather_facts: no
+
+  vars:
+    - my_name: "dnsmasq-retro"
+    - my_service: "{{ my_name }}"
+    - my_file: "install_{{ my_name }}"
+
+    - templates:
+      - { name: "dhcp-retro-ethernet.conf", sub: "retro", dest: "/etc/dnsmasq.d/retro", force: no }
+      - { name: "dhcp-retro-wifi.conf",     sub: "retro", dest: "/etc/dnsmasq.d/retro", force: no }
+      - { name: "dhcp.conf",                sub: "retro", dest: "/etc/dnsmasq.d/retro", force: no }
+      - { name: "dns.conf",                 sub: "retro", dest: "/etc/dnsmasq.d/retro", force: no } 
+      - { name: "dnsmasq.conf",             sub: "retro", dest: "/etc/dnsmasq.d/retro", force: no }
+      - { name: "interfaces.conf",          sub: "retro", dest: "/etc/dnsmasq.d/retro", force: no }
+      - { name: "ipv6.conf",                sub: "retro", dest: "/etc/dnsmasq.d/retro", force: no }
+      - { name: "dnsmasq-retro.service",    sub: "",      dest: "/etc/systemd/system"}
+
+    - paths:
+      - { name: "dnsmasq.d",                dest: "/etc",                 state: "directory", mode: "0755" }
+      - { name: "retro",                    dest: "/etc/dnsmasq.d",       state: "directory", mode: "0755" }
+
+
+    - net_settings:
+      - { option: "interface",  value: "{{ retronas_net_retro_interface }}",  match_regex: "^interface {{ retronas_net_retro_interface }}$",    after_regex: "",                                               state: "present", dest: "/etc/dhcpcd.conf" }
+      #- { option: "interface",  value: "{{ retronas_net_wifi_interface }}",  match_regex: "^interface {{ retronas_net_wifi_interface }}$",      after_regex: "",                                               state: "present", dest: "/etc/dhcpcd.conf" }
+      - { option: "static",     value: 'ip_address\={{ retronas_net_retro_ip }}/{{ retronas_net_retro_subnet }}',                               after_regex: "^interface {{ retronas_net_retro_interface }}$", state: "present", dest: "/etc/dhcpcd.conf" }
+      - { option: "static",     value: 'domain_name_servers\={{ retronas_net_retro_dns }}',                                                     after_regex: "^interface ip_address=.+$",                      state: "present", dest: "/etc/dhcpcd.conf" }
+
+    - my_services:
+      - dhcpcd
+      - "{{ my_name }}"
+
+
+  tasks:
+  - name: "{{ my_name }} - Load RetroNAS config"
+    ansible.builtin.include_vars: retronas_vars.yml
+
+  - name: "{{ my_name }} - mask default dnsmasq service" 
+    service:
+      name: "dnsmasq"
+      state: stopped
+      daemon_reload: yes
+      enabled: no
+      masked: yes
+
+  - name: "{{ my_name }} - paths"
+    file:
+      dest: "{{ item.dest }}/{{ item.name }}"
+      owner: "{{ item.owner|default('root') }}"
+      group: "{{ item.group|default('root') }}"
+      mode: "{{ item.mode|default('0755') }}"
+      state: "{{ item.state|default('directory') }}"
+    with_items: "{{ paths }}"
+
+  - name: "{{ my_name }} - templates"
+    template:
+      src: "templates/{{ my_file }}/{{ item.sub }}/{{ item.name }}"
+      dest: "{{ item.dest }}/{{ item.name }}"
+      owner: "{{ item.owner|default('root') }}"
+      group: "{{ item.group|default('root') }}"
+      mode: "{{ item.mode|default('0644') }}"
+      force: "{{ item.force|default('yes') }}"
+    with_items: "{{ templates }}"
+    notify: "{{ my_name }} - Restart services"
+
+  - name: "{{ my_name }} - checking for dhcpcd"
+    stat:
+      path: "/etc/dhcpcd.conf"
+    register: dhcpcd_check
+
+  - name: "{{ my_name }} - setup dhcpcd"
+    lineinfile:
+      path: "{{ item.dest }}"
+      search_string: "{{ item.match_regex | default('^$') }}"
+      insertbefore: "{{ item.before_regex | default(omit) }}"
+      insertafter: "{{ item.after_regex | default(omit) }}"
+      line: "{{ item.option }} {{ item.value }}"
+    with_items: "{{ net_settings }}"
+    when: dhcpcd_check.stat.exists
+    notify: "{{ my_name }} - Restart services"
+
+  handlers:
+
+  - name: "{{ my_name }} - Restart services"
+    service:
+      name: "{{ item }}"
+      state: restarted
+      daemon_reload: yes
+      enabled: yes
+    with_items: "{{ my_service }}"
+
+- import_playbook: retronas_system_config.yml
+  vars:
+    module_name: "dnsmasq-retro"
+    module_state: "present"
diff --git a/ansible/install_dnsmasq.yml b/ansible/install_dnsmasq.yml
@@ -0,0 +1,36 @@
+# Dependencies
+- hosts: localhost
+  gather_facts: no
+
+  vars:
+    - my_name: "dnsmasq"
+    - my_file: "install_{{ my_name }}"
+
+    - packages:
+      - dnsmasq
+
+    - my_services:
+      - dnsmasq
+
+    - changed: false
+
+  tasks:
+
+  - name: "{{ my_name }} - Install dnsmasq from repos"
+    package:
+       name: "{{ packages }}"
+       state: latest
+
+  - name: "{{ my_name }} - restart if imported because handlers will not run"
+    service:
+      name: "{{ item }}"
+      state: restarted
+      enabled: yes
+    with_items: "{{ my_services }}"
+    when: changed is true
+
+
+- import_playbook: retronas_system_config.yml
+  vars:
+    module_name: "dnsmasq"
+    module_state: "present"