Cleanup old configurations we no longer use.
We have a bunch of old hosts, host_vars and roles we no longer use. There is no real value to keep them as they can just be fetched from the git history, should they be needed again. This make gettin a overview of the repository much simpler.
This commit is contained in:
parent
739a2e1cbd
commit
433008d211
52 changed files with 0 additions and 1377 deletions
|
@ -1,4 +0,0 @@
|
|||
mosquitto__mosquitto_conf_content: "{{ lookup('ansible.builtin.file', 'z9/configs/automation/mosquitto/mosquitto.conf') }}"
|
||||
mosquitto__configs:
|
||||
- name: winkekatz
|
||||
content: "{{ lookup('ansible.builtin.file', 'z9/configs/automation/mosquitto/winkekatz.conf') }}"
|
|
@ -1,14 +0,0 @@
|
|||
certbot__version_spec: ""
|
||||
certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
|
||||
certbot__certificate_domains:
|
||||
- "status.ccchh.net"
|
||||
certbot__new_cert_commands:
|
||||
- "systemctl reload nginx.service"
|
||||
|
||||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'z9/configs/uptime-kuma/compose.yaml') }}"
|
||||
docker_compose__configuration_files: [ ]
|
||||
|
||||
nginx__version_spec: ""
|
||||
nginx__configurations:
|
||||
- name: status.ccchh.net
|
||||
content: "{{ lookup('ansible.builtin.file', 'z9/configs/uptime-kuma/nginx/status.ccchh.net.conf') }}"
|
|
@ -1,15 +0,0 @@
|
|||
zigbee2mqtt__version: "1.37.1"
|
||||
zigbee2mqtt__network_key: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/z9/zigbee2mqtt/network_key', create=false, missing='error') }}"
|
||||
zigbee2mqtt__initial_config: "{{ lookup('ansible.builtin.template', 'z9/configs/zigbee2mqtt/zigbee2mqtt/configuration.yaml.j2') }}"
|
||||
|
||||
certbot__version_spec: ""
|
||||
certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
|
||||
certbot__certificate_domains:
|
||||
- "zigbee2mqtt.ccchh.net"
|
||||
certbot__new_cert_commands:
|
||||
- "systemctl reload nginx.service"
|
||||
|
||||
nginx__version_spec: ""
|
||||
nginx__configurations:
|
||||
- name: zigbee2mqtt
|
||||
content: "{{ lookup('ansible.builtin.file', 'z9/configs/zigbee2mqtt/nginx/zigbee2mqtt.conf') }}"
|
|
@ -8,43 +8,18 @@ all:
|
|||
authoritative-dns:
|
||||
ansible_host: authoritative-dns.z9.ccchh.net
|
||||
ansible_user: chaos
|
||||
uptime-kuma:
|
||||
ansible_host: uptime-kuma.z9.ccchh.net
|
||||
ansible_user: chaos
|
||||
debian_12:
|
||||
hosts:
|
||||
nginx_hosts:
|
||||
hosts:
|
||||
light:
|
||||
uptime-kuma:
|
||||
public_reverse_proxy_hosts:
|
||||
hosts:
|
||||
cert_hosts:
|
||||
hosts:
|
||||
certbot_hosts:
|
||||
hosts:
|
||||
uptime-kuma:
|
||||
zigbee2mqtt_hosts:
|
||||
hosts:
|
||||
mosquitto_hosts:
|
||||
hosts:
|
||||
ola_hosts:
|
||||
hosts:
|
||||
light:
|
||||
foobazdmx_hosts:
|
||||
hosts:
|
||||
light:
|
||||
hifiberry_hosts:
|
||||
hosts:
|
||||
bluetooth_audio_sink_hosts:
|
||||
hosts:
|
||||
shairport_sync_hosts:
|
||||
hosts:
|
||||
docker_compose_hosts:
|
||||
hosts:
|
||||
uptime-kuma:
|
||||
infrastructure_authorized_keys_hosts:
|
||||
hosts:
|
||||
light:
|
||||
authoritative-dns:
|
||||
uptime-kuma:
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
---
|
||||
- name: engelsystem_specific_pre_tasks
|
||||
ansible.builtin.import_playbook: engelsystem_specific_pre_tasks.yaml
|
||||
|
||||
- name: Ensure SSH server config deployment on ssh_server_config_hosts
|
||||
hosts: ssh_server_config_hosts
|
||||
roles:
|
||||
|
@ -17,21 +14,6 @@
|
|||
roles:
|
||||
- nextcloud
|
||||
|
||||
- name: Ensure HiFiBerry deployment on hifiberry_hosts
|
||||
hosts: hifiberry_hosts
|
||||
roles:
|
||||
- hifiberry
|
||||
|
||||
- name: Ensure bluetooth audio sink deployment on bluetooth_audio_sink_hosts
|
||||
hosts: bluetooth_audio_sink_hosts
|
||||
roles:
|
||||
- bluetooth_audio_sink
|
||||
|
||||
- name: Ensure shairport sync deployment on shairport_sync_hosts
|
||||
hosts: shairport_sync_hosts
|
||||
roles:
|
||||
- shairport_sync
|
||||
|
||||
- name: Ensure ola deployment on ola_hosts
|
||||
hosts: ola_hosts
|
||||
roles:
|
||||
|
@ -42,26 +24,11 @@
|
|||
roles:
|
||||
- foobazdmx
|
||||
|
||||
- name: Ensure Mosquitto MQTT broker deployment on mosquitto_hosts
|
||||
hosts: mosquitto_hosts
|
||||
roles:
|
||||
- mosquitto
|
||||
|
||||
- name: Ensure Zigbee2MQTT deployment on zigbee2mqtt_hosts
|
||||
hosts: zigbee2mqtt_hosts
|
||||
roles:
|
||||
- zigbee2mqtt
|
||||
|
||||
- name: Ensure Dokuwiki config
|
||||
hosts: wiki
|
||||
roles:
|
||||
- dokuwiki
|
||||
|
||||
- name: Ensure certificate deployment on cert_hosts
|
||||
hosts: cert_hosts
|
||||
roles:
|
||||
- cert
|
||||
|
||||
- name: Ensure NGINX deployment on nginx_hosts, which are also public_reverse_proxy_hosts, before certbot role runs
|
||||
hosts: nginx_hosts:&public_reverse_proxy_hosts
|
||||
roles:
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
- name: engelsystem on engelsystem.z9 specific pre tasks
|
||||
hosts: engelsystem
|
||||
pre_tasks:
|
||||
- name: Install git
|
||||
ansible.builtin.apt:
|
||||
name: git
|
||||
state: present
|
||||
- name: Clone engelsystem repo
|
||||
ansible.builtin.git:
|
||||
repo: https://github.com/engelsystem/engelsystem.git
|
||||
dest: "{{ ansible_user_dir }}/engelsystem"
|
||||
version: main
|
||||
force: true
|
||||
update: false
|
||||
- name: apply patch to code to add train drivers license
|
||||
ansible.posix.patch:
|
||||
src: patches/engelsystem/code_en.patch
|
||||
dest: "{{ ansible_user_dir }}/engelsystem/includes/view/UserDriverLicenses_view.php"
|
||||
- name: apply patch to german locale add train drivers license
|
||||
ansible.posix.patch:
|
||||
src: patches/engelsystem/lang_de.patch
|
||||
dest: "{{ ansible_user_dir }}/engelsystem/resources/lang/de_DE/default.po"
|
|
@ -1,42 +0,0 @@
|
|||
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
server {
|
||||
# Listen on a custom port for the proxy protocol.
|
||||
listen 8443 ssl http2 proxy_protocol;
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 172.31.17.140;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
server_name aes.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/aes.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/aes.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/aes.ccchh.net/chain.pem;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Port 443;
|
||||
# This is https in any case.
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
# Hide the X-Forwarded header.
|
||||
proxy_hide_header X-Forwarded;
|
||||
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
|
||||
# is transparent).
|
||||
# Also provide "_hidden" for by, since it's not relevant.
|
||||
proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:5080/;
|
||||
}
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
22c22
|
||||
< form_checkbox('wants_to_drive', __('I am willing to drive a car for the event'), $user_driver_license->wantsToDrive()),
|
||||
---
|
||||
> form_checkbox('wants_to_drive', __('I am willing to drive a vehicle for the event'), $user_driver_license->wantsToDrive()),
|
||||
48c48
|
||||
< __('Forklift'),
|
||||
---
|
||||
> __('Train'),
|
|
@ -1,12 +0,0 @@
|
|||
1390,1391c1390,1391
|
||||
< msgid "Forklift"
|
||||
< msgstr "Gabelstapler"
|
||||
---
|
||||
> msgid "Train"
|
||||
> msgstr "Lok"
|
||||
1643,1644c1643,1644
|
||||
< msgid "I am willing to drive a car for the event"
|
||||
< msgstr "Ich möchte für das Event Auto fahren"
|
||||
---
|
||||
> msgid "I am willing to drive a vehicle for the event"
|
||||
> msgstr "Ich möchte für das Event Fahrzeuge fahren"
|
|
@ -1,16 +0,0 @@
|
|||
# Place your local configuration in /etc/mosquitto/conf.d/
|
||||
#
|
||||
# A full description of the configuration file is at
|
||||
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
|
||||
|
||||
per_listener_settings false
|
||||
listener 1883
|
||||
allow_anonymous true
|
||||
pid_file /run/mosquitto/mosquitto.pid
|
||||
|
||||
persistence true
|
||||
persistence_location /var/lib/mosquitto/
|
||||
|
||||
log_dest file /var/log/mosquitto/mosquitto.log
|
||||
|
||||
include_dir /etc/mosquitto/conf.d
|
|
@ -1,8 +0,0 @@
|
|||
connection winkekatz
|
||||
address mqtt.winkekatze24.de
|
||||
bridge_protocol_version mqttv311
|
||||
|
||||
topic winkekatze/allcats/eye/set in 2
|
||||
topic winkekatze/allcats in 2
|
||||
topic +/status out 2 winkekatze/ ""
|
||||
topic +/connected out 2 winkekatze/ ""
|
|
@ -1,17 +0,0 @@
|
|||
## Links & Rescources:
|
||||
#
|
||||
# https://github.com/louislam/uptime-kuma
|
||||
# https://github.com/louislam/uptime-kuma/wiki/%F0%9F%94%A7-How-to-Install
|
||||
# https://github.com/louislam/uptime-kuma/blob/master/docker/docker-compose.yml
|
||||
# https://github.com/louislam/uptime-kuma/wiki/%F0%9F%86%99-How-to-Update
|
||||
# https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy
|
||||
# https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
|
||||
|
||||
services:
|
||||
uptime-kuma:
|
||||
image: louislam/uptime-kuma:1
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- "./uptime-kuma-data:/app/data"
|
||||
ports:
|
||||
- 3001:3001
|
|
@ -1,40 +0,0 @@
|
|||
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
# Also see: https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy
|
||||
server {
|
||||
# Listen on a custom port for the proxy protocol.
|
||||
listen 8443 ssl http2 proxy_protocol;
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 10.31.206.1;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
server_name status.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/status.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/status.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/status.ccchh.net/chain.pem;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
# replace with the IP address of your resolver
|
||||
resolver 10.31.206.1;
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# This is https in any case.
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_pass http://127.0.0.1:3001/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
}
|
|
@ -1,28 +0,0 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name zigbee2mqtt.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/chain.pem;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8080/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location /api {
|
||||
proxy_pass http://localhost:8080/api;
|
||||
proxy_set_header Host $host;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=-/sbin/agetty --autologin audiosink --noclear %I 38400 linux
|
|
@ -1,8 +0,0 @@
|
|||
[Unit]
|
||||
Description=Bluetooth speaker agent
|
||||
|
||||
[Service]
|
||||
ExecStart=python3 /opt/speaker-agent/speaker-agent.py
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
- name: Restart bluetooth service
|
||||
ansible.builtin.systemd:
|
||||
service: bluetooth.service
|
||||
state: restarted
|
||||
- name: Restart speaker-agent service
|
||||
become_user: audiosink
|
||||
ansible.builtin.systemd:
|
||||
service: speaker-agent.service
|
||||
state: restarted
|
||||
scope: user
|
||||
daemon_reload: true
|
||||
- name: Reboot host
|
||||
ansible.builtin.reboot:
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
bluetooth_audio_sink__name:
|
||||
description: Name the bluetooth device should have
|
||||
type: str
|
||||
required: true
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
|
@ -1,182 +0,0 @@
|
|||
---
|
||||
- name: Ensure acl is installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name: acl
|
||||
|
||||
- name: Ensure machine-info file is deployed
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: machine-info.j2
|
||||
dest: /etc/machine-info
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
notify: Restart bluetooth service
|
||||
|
||||
- name: Ensure bluetooth config is deployed
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: main.conf.j2
|
||||
dest: /etc/bluetooth/main.conf
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
notify: Restart bluetooth service
|
||||
|
||||
- name: Ensure bluetooth service is enabled and started
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: bluetooth.service
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Ensure audiosink user exists
|
||||
become: true
|
||||
ansible.builtin.user:
|
||||
name: audiosink
|
||||
groups:
|
||||
- audio
|
||||
|
||||
- name: Ensure user services are started without needing to login
|
||||
become: true
|
||||
ansible.builtin.command:
|
||||
cmd: loginctl enable-linger audiosink
|
||||
changed_when: false
|
||||
|
||||
- name: Detect if on Raspberry Pi # noqa ignore-errors
|
||||
ansible.builtin.include_role:
|
||||
name: raspberry_pi_check
|
||||
ignore_errors: true
|
||||
|
||||
- name: Ensure debian archive keyring is installed # noqa no-handler
|
||||
become: true
|
||||
when: raspberry_pi_check__cpuinfo.found
|
||||
ansible.builtin.apt:
|
||||
deb: https://ftp.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2021.1.1+deb11u1_all.deb
|
||||
|
||||
- name: Ensure debian backports repository is enabled
|
||||
ansible.builtin.include_role:
|
||||
name: add_apt_repository
|
||||
vars:
|
||||
add_apt_repository__https_repo: false
|
||||
add_apt_repository__repo: "deb http://deb.debian.org/debian {{ ansible_facts.lsb.codename }}-backports main contrib non-free"
|
||||
add_apt_repository__filename: "{{ ansible_facts.lsb.codename }}-backports.list"
|
||||
|
||||
- name: Ensure pipewire, wireplumber and libspa-0.2-bluetooth are installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- pipewire
|
||||
- wireplumber
|
||||
- libspa-0.2-bluetooth
|
||||
default_release: "{{ ansible_facts.lsb.codename }}-backports"
|
||||
|
||||
- name: Ensure pipewire user service is enabled and started
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.systemd:
|
||||
name: pipewire.service
|
||||
state: started
|
||||
enabled: true
|
||||
scope: user
|
||||
|
||||
- name: Ensure pipewire-pulse user service is enabled and started
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.systemd:
|
||||
name: pipewire-pulse.service
|
||||
state: started
|
||||
enabled: true
|
||||
scope: user
|
||||
|
||||
- name: Ensure wireplumber user service is enabled
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.systemd:
|
||||
name: wireplumber.service
|
||||
enabled: true
|
||||
scope: user
|
||||
|
||||
- name: Ensure speaker-agent dependencies are installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- git
|
||||
- python3-dbus
|
||||
|
||||
- name: Ensure speaker-agent repository is cloned
|
||||
become: true
|
||||
ansible.builtin.git:
|
||||
repo: https://github.com/fdanis-oss/pw_wp_bluetooth_rpi_speaker.git
|
||||
dest: /opt/speaker-agent
|
||||
version: 9a939a23865ea020816017e06fd2290f301c35f9
|
||||
|
||||
- name: Ensure .config directory exists
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.file:
|
||||
path: /home/audiosink/.config
|
||||
state: directory
|
||||
mode: "700"
|
||||
owner: audiosink
|
||||
group: audiosink
|
||||
|
||||
- name: Ensure .config/systemd directory exists
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.file:
|
||||
path: /home/audiosink/.config/systemd
|
||||
state: directory
|
||||
mode: "755"
|
||||
owner: audiosink
|
||||
group: audiosink
|
||||
|
||||
- name: Ensure .config/systemd/user directory exists
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.file:
|
||||
path: /home/audiosink/.config/systemd/user
|
||||
state: directory
|
||||
mode: "755"
|
||||
owner: audiosink
|
||||
group: audiosink
|
||||
|
||||
- name: Ensure speaker-agent service file is deployed
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.copy:
|
||||
src: speaker-agent.service
|
||||
dest: /home/audiosink/.config/systemd/user/speaker-agent.service
|
||||
mode: "644"
|
||||
owner: audiosink
|
||||
group: audiosink
|
||||
notify: Restart speaker-agent service
|
||||
|
||||
- name: Ensure speaker-agent service is enabled and started
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.systemd:
|
||||
name: speaker-agent.service
|
||||
state: started
|
||||
enabled: true
|
||||
scope: user
|
||||
|
||||
# This part is janky, but I don't know how to make the bluetooth service, wireplumber and pipewire
|
||||
# work with each other without being logged in.
|
||||
- name: Ensure getty@tty1 override file is deployed
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: override.conf
|
||||
dest: /etc/systemd/system/getty@tty1.service.d/override.conf
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
notify: Reboot host
|
||||
|
||||
- name: Ensure autologin for audiosink user is enabled
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: getty@tty1.service
|
||||
enabled: true
|
||||
notify: Reboot host
|
|
@ -1 +0,0 @@
|
|||
PRETTY_HOSTNAME=Audio Pi
|
|
@ -1,211 +0,0 @@
|
|||
[General]
|
||||
|
||||
# Defaults to 'BlueZ X.YZ', if Name is not set here and plugin 'hostname' is not loaded.
|
||||
# The plugin 'hostname' is loaded by default and overides the Name set here so
|
||||
# consider modifying /etc/machine-info with variable PRETTY_HOSTNAME=<NewName> instead.
|
||||
Name = {{ bluetooth_audio_sink__name }}
|
||||
|
||||
# Default device class. Only the major and minor device class bits are
|
||||
# considered. Defaults to '0x000000'.
|
||||
Class = 0x200414 # Audio (Major Service Class), Audio/Video (Major Device Class), Loudspeaker (Minor Device Class)
|
||||
|
||||
# How long to stay in discoverable mode before going back to non-discoverable
|
||||
# The value is in seconds. Default is 180, i.e. 3 minutes.
|
||||
# 0 = disable timer, i.e. stay discoverable forever
|
||||
#DiscoverableTimeout = 0
|
||||
DiscoverableTimeout = 0
|
||||
|
||||
# Always allow pairing even if there are no agent registered
|
||||
# Possible values: true, false
|
||||
# Default: false
|
||||
#AlwaysPairable = false
|
||||
AlwaysPairable = true
|
||||
|
||||
# How long to stay in pairable mode before going back to non-discoverable
|
||||
# The value is in seconds. Default is 0.
|
||||
# 0 = disable timer, i.e. stay pairable forever
|
||||
#PairableTimeout = 0
|
||||
PairableTimeout = 0
|
||||
|
||||
# Use vendor id source (assigner), vendor, product and version information for
|
||||
# DID profile support. The values are separated by ":" and assigner, VID, PID
|
||||
# and version.
|
||||
# Possible vendor id source values: bluetooth, usb (defaults to usb)
|
||||
#DeviceID = bluetooth:1234:5678:abcd
|
||||
|
||||
# Do reverse service discovery for previously unknown devices that connect to
|
||||
# us. For BR/EDR this option is really only needed for qualification since the
|
||||
# BITE tester doesn't like us doing reverse SDP for some test cases, for LE
|
||||
# this disables the GATT client functionally so it can be used in system which
|
||||
# can only operate as peripheral.
|
||||
# Defaults to 'true'.
|
||||
#ReverseServiceDiscovery = true
|
||||
|
||||
# Enable name resolving after inquiry. Set it to 'false' if you don't need
|
||||
# remote devices name and want shorter discovery cycle. Defaults to 'true'.
|
||||
#NameResolving = true
|
||||
|
||||
# Enable runtime persistency of debug link keys. Default is false which
|
||||
# makes debug link keys valid only for the duration of the connection
|
||||
# that they were created for.
|
||||
#DebugKeys = false
|
||||
|
||||
# Restricts all controllers to the specified transport. Default value
|
||||
# is "dual", i.e. both BR/EDR and LE enabled (when supported by the HW).
|
||||
# Possible values: "dual", "bredr", "le"
|
||||
#ControllerMode = dual
|
||||
|
||||
# Enables Multi Profile Specification support. This allows to specify if
|
||||
# system supports only Multiple Profiles Single Device (MPSD) configuration
|
||||
# or both Multiple Profiles Single Device (MPSD) and Multiple Profiles Multiple
|
||||
# Devices (MPMD) configurations.
|
||||
# Possible values: "off", "single", "multiple"
|
||||
#MultiProfile = off
|
||||
|
||||
# Permanently enables the Fast Connectable setting for adapters that
|
||||
# support it. When enabled other devices can connect faster to us,
|
||||
# however the tradeoff is increased power consumptions. This feature
|
||||
# will fully work only on kernel version 4.1 and newer. Defaults to
|
||||
# 'false'.
|
||||
#FastConnectable = false
|
||||
|
||||
# Default privacy setting.
|
||||
# Enables use of private address.
|
||||
# Possible values: "off", "device", "network"
|
||||
# "network" option not supported currently
|
||||
# Defaults to "off"
|
||||
# Privacy = off
|
||||
|
||||
# Specify the policy to the JUST-WORKS repairing initiated by peer
|
||||
# Possible values: "never", "confirm", "always"
|
||||
# Defaults to "never"
|
||||
#JustWorksRepairing = never
|
||||
JustWorksRepairing = always
|
||||
|
||||
# How long to keep temporary devices around
|
||||
# The value is in seconds. Default is 30.
|
||||
# 0 = disable timer, i.e. never keep temporary devices
|
||||
#TemporaryTimeout = 30
|
||||
|
||||
# Enables the device to issue an SDP request to update known services when
|
||||
# profile is connected. Defaults to true.
|
||||
#RefreshDiscovery = true
|
||||
|
||||
Enable=Sink
|
||||
|
||||
[Controller]
|
||||
# The following values are used to load default adapter parameters. BlueZ loads
|
||||
# the values into the kernel before the adapter is powered if the kernel
|
||||
# supports the MGMT_LOAD_DEFAULT_PARAMETERS command. If a value isn't provided,
|
||||
# the kernel will be initialized to it's default value. The actual value will
|
||||
# vary based on the kernel version and thus aren't provided here.
|
||||
# The Bluetooth Core Specification should be consulted for the meaning and valid
|
||||
# domain of each of these values.
|
||||
|
||||
# BR/EDR Page scan activity configuration
|
||||
#BRPageScanType=
|
||||
#BRPageScanInterval=
|
||||
#BRPageScanWindow=
|
||||
|
||||
# BR/EDR Inquiry scan activity configuration
|
||||
#BRInquiryScanType=
|
||||
#BRInquiryScanInterval=
|
||||
#BRInquiryScanWindow=
|
||||
|
||||
# BR/EDR Link supervision timeout
|
||||
#BRLinkSupervisionTimeout=
|
||||
|
||||
# BR/EDR Page Timeout
|
||||
#BRPageTimeout=
|
||||
|
||||
# BR/EDR Sniff Intervals
|
||||
#BRMinSniffInterval=
|
||||
#BRMaxSniffInterval=
|
||||
|
||||
# LE advertisement interval (used for legacy advertisement interface only)
|
||||
#LEMinAdvertisementInterval=
|
||||
#LEMaxAdvertisementInterval=
|
||||
#LEMultiAdvertisementRotationInterval=
|
||||
|
||||
# LE scanning parameters used for passive scanning supporting auto connect
|
||||
# scenarios
|
||||
#LEScanIntervalAutoConnect=
|
||||
#LEScanWindowAutoConnect=
|
||||
|
||||
# LE scanning parameters used for passive scanning supporting wake from suspend
|
||||
# scenarios
|
||||
#LEScanIntervalSuspend=
|
||||
#LEScanWindowSuspend=
|
||||
|
||||
# LE scanning parameters used for active scanning supporting discovery
|
||||
# proceedure
|
||||
#LEScanIntervalDiscovery=
|
||||
#LEScanWindowDiscovery=
|
||||
|
||||
# LE scanning parameters used for passive scanning supporting the advertisement
|
||||
# monitor Apis
|
||||
#LEScanIntervalAdvMonitor=
|
||||
#LEScanWindowAdvMonitor=
|
||||
|
||||
# LE scanning parameters used for connection establishment.
|
||||
#LEScanIntervalConnect=
|
||||
#LEScanWindowConnect=
|
||||
|
||||
# LE default connection parameters. These values are superceeded by any
|
||||
# specific values provided via the Load Connection Parameters interface
|
||||
#LEMinConnectionInterval=
|
||||
#LEMaxConnectionInterval=
|
||||
#LEConnectionLatency=
|
||||
#LEConnectionSupervisionTimeout=
|
||||
#LEAutoconnecttimeout=
|
||||
|
||||
[GATT]
|
||||
# GATT attribute cache.
|
||||
# Possible values:
|
||||
# always: Always cache attributes even for devices not paired, this is
|
||||
# recommended as it is best for interoperability, with more consistent
|
||||
# reconnection times and enables proper tracking of notifications for all
|
||||
# devices.
|
||||
# yes: Only cache attributes of paired devices.
|
||||
# no: Never cache attributes
|
||||
# Default: always
|
||||
#Cache = always
|
||||
|
||||
# Minimum required Encryption Key Size for accessing secured characteristics.
|
||||
# Possible values: 0 and 7-16. 0 means don't care.
|
||||
# Defaults to 0
|
||||
#KeySize = 0
|
||||
|
||||
# Exchange MTU size.
|
||||
# Possible values: 23-517
|
||||
# Defaults to 517
|
||||
#ExchangeMTU = 517
|
||||
|
||||
# Number of ATT channels
|
||||
# Possible values: 1-5 (1 disables EATT)
|
||||
# Default to 3
|
||||
#Channels = 3
|
||||
|
||||
[Policy]
|
||||
#
|
||||
# The ReconnectUUIDs defines the set of remote services that should try
|
||||
# to be reconnected to in case of a link loss (link supervision
|
||||
# timeout). The policy plugin should contain a sane set of values by
|
||||
# default, but this list can be overridden here. By setting the list to
|
||||
# empty the reconnection feature gets disabled.
|
||||
#ReconnectUUIDs=00001112-0000-1000-8000-00805f9b34fb,0000111f-0000-1000-8000-00805f9b34fb,0000110a-0000-1000-8000-00805f9b34fb
|
||||
|
||||
# ReconnectAttempts define the number of attempts to reconnect after a link
|
||||
# lost. Setting the value to 0 disables reconnecting feature.
|
||||
#ReconnectAttempts=7
|
||||
|
||||
# ReconnectIntervals define the set of intervals in seconds to use in between
|
||||
# attempts.
|
||||
# If the number of attempts defined in ReconnectAttempts is bigger than the
|
||||
# set of intervals the last interval is repeated until the last attempt.
|
||||
#ReconnectIntervals=1,2,4,8,16,32,64
|
||||
|
||||
# AutoEnable defines option to enable all controllers when they are found.
|
||||
# This includes adapters present on start as well as adapters that are plugged
|
||||
# in later on. Defaults to 'false'.
|
||||
AutoEnable=true
|
|
@ -1,25 +0,0 @@
|
|||
# Role `cert`
|
||||
|
||||
A role for ordering and renewing certificates from Lets Encrypt via ACME.
|
||||
It uses the DNS challenge and fullfills it via a BIND 9 server given to the role.
|
||||
|
||||
## Supported Distributions
|
||||
|
||||
The following distributions are supported:
|
||||
|
||||
- Debian 11
|
||||
|
||||
## Required Arguments
|
||||
|
||||
For the required arguments look at the [`argument_specs.yaml`](./meta/argument_specs.yml)
|
||||
|
||||
## `hosts`
|
||||
|
||||
The `hosts` for this role need to be the machines on which you want to have the certificates.
|
||||
|
||||
## Links & Resources
|
||||
|
||||
- <https://docs.ansible.com/ansible/7/collections/community/crypto/acme_certificate_module.html>
|
||||
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_privatekey_module.html>
|
||||
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_csr_module.html>
|
||||
- <https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates>
|
|
@ -1,7 +0,0 @@
|
|||
cert__handlers: []
|
||||
cert__owner: root
|
||||
cert__group: root
|
||||
cert__fullchain_pem_permissions: "0660"
|
||||
cert__chain_pem_permissions: "0660"
|
||||
cert__cert_pem_permissions: "0660"
|
||||
cert__privkey_pem_permissions: "0600"
|
|
@ -1,52 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
short_description: Orders and renews certificates from Let's Encrypt
|
||||
options:
|
||||
cert__domains:
|
||||
description: Domains for which to issue a certificate. Must be in the same DNS zone.
|
||||
required: true
|
||||
type: list
|
||||
elements: str
|
||||
cert__owner:
|
||||
description: Owner of the certificate files.
|
||||
required: false
|
||||
type: str
|
||||
default: root
|
||||
cert__group:
|
||||
description: Group of the certificate files.
|
||||
required: false
|
||||
type: str
|
||||
default: root
|
||||
cert__acme_account_email:
|
||||
description: E-Mail address for ACME account
|
||||
required: true
|
||||
type: str
|
||||
cert__bind_9_host:
|
||||
description: The machine running BIND 9.
|
||||
required: true
|
||||
type: str
|
||||
cert__bind_9_zone:
|
||||
description: The zone to use for publishing the TXT record.
|
||||
required: true
|
||||
type: str
|
||||
cert__fullchain_pem_permissions:
|
||||
description: Permissons for the `fullchain.pem`.
|
||||
type: str
|
||||
required: false
|
||||
default: "0660"
|
||||
cert__chain_pem_permissions:
|
||||
description: Permissons for the `chain.pem`.
|
||||
type: str
|
||||
required: false
|
||||
default: "0660"
|
||||
cert__cert_pem_permissions:
|
||||
description: Permissons for the `cert.pem`.
|
||||
type: str
|
||||
required: false
|
||||
default: "0660"
|
||||
cert__privkey_pem_permissions:
|
||||
description: Permissons for the `privkey.pem`.
|
||||
type: str
|
||||
required: false
|
||||
default: "0600"
|
|
@ -1,8 +0,0 @@
|
|||
dependencies: # noqa meta-no-info
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
||||
- "12"
|
|
@ -1,180 +0,0 @@
|
|||
- name: Ensure `ansible_certs` directory exists
|
||||
ansible.builtin.file:
|
||||
path: /etc/ansible_certs
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "755"
|
||||
become: true
|
||||
|
||||
- name: Ensure `certs` sub-directory exists
|
||||
ansible.builtin.file:
|
||||
path: /etc/ansible_certs/certs
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "755"
|
||||
become: true
|
||||
|
||||
- name: Ensure sub-directory for the certificate exists
|
||||
ansible.builtin.file:
|
||||
path: "/etc/ansible_certs/certs/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "755"
|
||||
become: true
|
||||
|
||||
- name: Ensure private key for certificate exists
|
||||
community.crypto.openssl_privatekey:
|
||||
path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
|
||||
size: 4096
|
||||
type: RSA
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "{{ cert__privkey_pem_permissions }}"
|
||||
become: true
|
||||
|
||||
- name: Ensure certificate signing request is created
|
||||
community.crypto.openssl_csr:
|
||||
path: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
|
||||
privatekey_path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
|
||||
common_name: "{{ item }}"
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "0660"
|
||||
become: true
|
||||
register: cert__csr_result
|
||||
|
||||
- name: Ensure private key for ACME account exists
|
||||
community.crypto.openssl_privatekey:
|
||||
path: "/etc/ansible_certs/account_key.pem"
|
||||
size: 4096
|
||||
type: RSA
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0600"
|
||||
become: true
|
||||
|
||||
- name: Check certificate status and create ACME challenge if needed
|
||||
community.crypto.acme_certificate:
|
||||
account_email: "{{ cert__acme_account_email }}"
|
||||
account_key_src: "/etc/ansible_certs/account_key.pem"
|
||||
acme_directory: https://acme-v02.api.letsencrypt.org/directory
|
||||
acme_version: 2
|
||||
remaining_days: 28
|
||||
terms_agreed: true
|
||||
challenge: dns-01
|
||||
csr: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
|
||||
dest: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
|
||||
fullchain_dest: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
|
||||
become: true
|
||||
register: cert__acme_challenge
|
||||
|
||||
- name: Retrieve certificate and fulfill challenge if needed # noqa no-handler
|
||||
when: cert__acme_challenge.changed # Can't be put in a handler, because then the block "always" tasks won't be executed for some reason
|
||||
block:
|
||||
- name: Add file containing nsupdate commands for adding TXT record for DNS-01 challenge
|
||||
ansible.builtin.template:
|
||||
src: nsupdate_add_txt_record.j2
|
||||
dest: /root/nsupdate_add_txt_record
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0600"
|
||||
vars:
|
||||
cert__nsupdate_domain: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].record }}"
|
||||
cert__nsupdate_txt_data: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].resource_value }}"
|
||||
become: true
|
||||
delegate_to: "{{ cert__bind_9_host }}"
|
||||
|
||||
- name: Add DNS record to BIND 9 server via nsupdate # noqa: no-changed-when
|
||||
ansible.builtin.command: /usr/bin/nsupdate -l /root/nsupdate_add_txt_record
|
||||
become: true
|
||||
delegate_to: "{{ cert__bind_9_host }}"
|
||||
|
||||
- name: Retrieve certificate
|
||||
community.crypto.acme_certificate:
|
||||
account_email: "{{ cert__acme_account_email }}"
|
||||
account_key_src: "/etc/ansible_certs/account_key.pem"
|
||||
acme_directory: https://acme-v02.api.letsencrypt.org/directory
|
||||
acme_version: 2
|
||||
terms_agreed: true
|
||||
remaining_days: 28
|
||||
challenge: dns-01
|
||||
csr: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
|
||||
dest: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
|
||||
fullchain_dest: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
|
||||
data: "{{ cert__acme_challenge }}"
|
||||
become: true
|
||||
notify: "{{ cert__handlers }}"
|
||||
always:
|
||||
- name: Remove file containing nsupdate commands for adding TXT record again
|
||||
ansible.builtin.file:
|
||||
path: /root/nsupdate_add_txt_record
|
||||
state: absent
|
||||
become: true
|
||||
delegate_to: "{{ cert__bind_9_host }}"
|
||||
|
||||
- name: Remove TXT record again
|
||||
block:
|
||||
- name: Add file containing nsupdate commands for deleting TXT record for DNS-01 challenge
|
||||
ansible.builtin.template:
|
||||
src: nsupdate_delete_txt_record.j2
|
||||
dest: /root/nsupdate_delete_txt_record
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0600"
|
||||
vars:
|
||||
cert__nsupdate_domain: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].record }}"
|
||||
cert__nsupdate_txt_data: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].resource_value }}"
|
||||
become: true
|
||||
delegate_to: "{{ cert__bind_9_host }}"
|
||||
|
||||
- name: Remove DNS record from BIND 9 server via nsupdate # noqa: no-changed-when
|
||||
ansible.builtin.command: /usr/bin/nsupdate -l /root/nsupdate_delete_txt_record
|
||||
become: true
|
||||
delegate_to: "{{ cert__bind_9_host }}"
|
||||
always:
|
||||
- name: Remove file containing nsupdate commands for deleting TXT record again
|
||||
ansible.builtin.file:
|
||||
path: /root/nsupdate_delete_txt_record
|
||||
state: absent
|
||||
become: true
|
||||
delegate_to: "{{ cert__bind_9_host }}"
|
||||
|
||||
- name: Ensure correct permissions for certificate are set
|
||||
ansible.builtin.file:
|
||||
path: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "{{ cert__cert_pem_permissions }}"
|
||||
become: true
|
||||
|
||||
- name: Ensure correct permissions for fullchain cert are set
|
||||
ansible.builtin.file:
|
||||
path: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "{{ cert__fullchain_pem_permissions }}"
|
||||
become: true
|
||||
|
||||
- name: Get content of cert.pem
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
|
||||
become: true
|
||||
register: cert__cert_slurp
|
||||
|
||||
- name: Get content of fullchain.pem
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
|
||||
become: true
|
||||
register: cert__fullchain_slurp
|
||||
|
||||
- name: Ensure chain.pem is created
|
||||
ansible.builtin.copy:
|
||||
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
|
||||
dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem"
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "{{ cert__chain_pem_permissions }}"
|
||||
become: true
|
|
@ -1,3 +0,0 @@
|
|||
- name: Deploy cert
|
||||
ansible.builtin.include_tasks: deploy_cert.yaml
|
||||
loop: "{{ cert__domains }}"
|
|
@ -1,4 +0,0 @@
|
|||
debug
|
||||
zone {{ cert__bind_9_zone }}
|
||||
update add {{ cert__nsupdate_domain }} 60 TXT {{ cert__nsupdate_txt_data }}
|
||||
send
|
|
@ -1,4 +0,0 @@
|
|||
debug
|
||||
zone {{ cert__bind_9_zone }}
|
||||
update delete {{ cert__nsupdate_domain }} 60 TXT {{ cert__nsupdate_txt_data }}
|
||||
send
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
- name: Restart system
|
||||
become: true
|
||||
ansible.builtin.reboot:
|
|
@ -1,17 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
hifiberry__device:
|
||||
description: Which HiFiBerry board to enable
|
||||
type: str
|
||||
choices:
|
||||
- hifiberry-dac
|
||||
- hifiberry-dacplus
|
||||
- hifiberry-dacplushd
|
||||
- hifiberry-dacplusadc
|
||||
- hifiberry-dacplusadcpro
|
||||
- hifiberry-digi
|
||||
- hifiberry-digi-pro
|
||||
- hifiberry-amp
|
||||
required: true
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
||||
- role: raspberry_pi_check
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
- name: Remove dtparam=audio=on
|
||||
become: true
|
||||
ansible.builtin.lineinfile:
|
||||
line: dtparam=audio=on
|
||||
dest: /boot/config.txt
|
||||
state: absent
|
||||
notify: Restart system
|
||||
|
||||
- name: Set audio=off for dtoverlay=vc4-kms-v3d
|
||||
become: true
|
||||
ansible.builtin.lineinfile:
|
||||
regexp: ^dtoverlay=vc4-kms-v3d
|
||||
line: dtoverlay=vc4-kms-v3d,audio=off
|
||||
dest: /boot/config.txt
|
||||
notify: Restart system
|
||||
|
||||
- name: Add hifiberry dtoverlay
|
||||
become: true
|
||||
ansible.builtin.lineinfile:
|
||||
line: "dtoverlay={{ hifiberry__device }}"
|
||||
dest: /boot/config.txt
|
||||
notify: Restart system
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
- name: Restart mosquitto
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: mosquitto.service
|
||||
state: restarted
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
mosquitto__mosquitto_conf_content:
|
||||
description: The content of the main mosquitto configuration file.
|
||||
type: str
|
||||
required: true
|
||||
mosquitto__configs:
|
||||
description: A list of additional mosquitto configurations.
|
||||
type: list
|
||||
elements: dict
|
||||
required: false
|
||||
options:
|
||||
name:
|
||||
description: >-
|
||||
The name of the configuration file, where the configuration should
|
||||
be deployed to. The file will be placed under `/etc/mosquitto/conf.d` and
|
||||
`.conf` will be appended to the given name. So in the end the path
|
||||
will be like this: `/etc/mosquitto/conf.d/\{\ name \}\}.conf`.
|
||||
type: str
|
||||
required: true
|
||||
content:
|
||||
description: The content of the configuration.
|
||||
type: str
|
||||
required: true
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
|
@ -1,33 +0,0 @@
|
|||
---
|
||||
- name: Ensure mosquitto is installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name: mosquitto
|
||||
|
||||
- name: Ensure main configuraton file is deployed
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
content: "{{ mosquitto__mosquitto_conf_content }}"
|
||||
dest: /etc/mosquitto/mosquitto.conf
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
notify: Restart mosquitto
|
||||
|
||||
- name: Ensure all additional configuraton files are deployed
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
content: "{{ item.content }}"
|
||||
dest: /etc/mosquitto/conf.d/{{ item.name }}.conf
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
loop: "{{ mosquitto__configs }}"
|
||||
notify: Restart mosquitto
|
||||
|
||||
- name: Ensure mosquitto service is enabled and started
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: mosquitto.service
|
||||
enabled: true
|
||||
state: started
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
nodejs__major_version:
|
||||
description: Major version of nodejs to install
|
||||
type: int
|
||||
required: true
|
|
@ -1,17 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
||||
- "12"
|
||||
- role: add_apt_repository
|
||||
vars:
|
||||
add_apt_repository__https_repo: true
|
||||
add_apt_repository__keyring_url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
|
||||
add_apt_repository__keyring_path: /usr/share/keyrings/nodesource.gpg
|
||||
add_apt_repository__repo: "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_\
|
||||
{{ nodejs__major_version }}.x {{ ansible_facts.lsb.codename }} main"
|
||||
add_apt_repository__filename: nodesource.list
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
- name: Ensure nodejs is installed
|
||||
ansible.builtin.apt:
|
||||
name: nodejs
|
|
@ -1,12 +0,0 @@
|
|||
- name: Detect if on Raspberry Pi
|
||||
ansible.builtin.lineinfile:
|
||||
path: /proc/cpuinfo
|
||||
regexp: ".*Raspberry Pi.*"
|
||||
state: absent
|
||||
check_mode: true
|
||||
register: raspberry_pi_check__cpuinfo
|
||||
changed_when: false
|
||||
- name: Fail when not on Raspberry Pi # noqa no-handler
|
||||
when: not raspberry_pi_check__cpuinfo.found
|
||||
ansible.builtin.fail:
|
||||
msg: You are not running on Raspberry Pi hardware!
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
- name: Restart shairport-sync service
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: shairport-sync
|
||||
state: restarted
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
shairport_sync__config:
|
||||
description: shairport-sync config content
|
||||
type: str
|
||||
required: true
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
|
@ -1,22 +0,0 @@
|
|||
---
|
||||
- name: Ensure shairport-sync is installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name: shairport-sync
|
||||
|
||||
- name: Ensure shairport-sync config is deployed
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
content: "{{ shairport_sync__config }}"
|
||||
dest: /etc/shairport-sync.conf
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
notify: Restart shairport-sync service
|
||||
|
||||
- name: Ensure shairport-sync service is enabled and started
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: shairport-sync
|
||||
state: started
|
||||
enabled: true
|
|
@ -1,18 +0,0 @@
|
|||
[Unit]
|
||||
Description=zigbee2mqtt
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Environment=ZIGBEE2MQTT_DATA=/home/zigbee2mqtt/zigbee2mqtt_data
|
||||
Environment=NODE_ENV=production
|
||||
ExecStart=/usr/bin/npm start
|
||||
WorkingDirectory=/opt/zigbee2mqtt
|
||||
StandardOutput=inherit
|
||||
# Or use StandardOutput=null if you don't want Zigbee2MQTT messages filling syslog, for more options see systemd.exec(5)
|
||||
StandardError=inherit
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
User=zigbee2mqtt
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,12 +0,0 @@
|
|||
- name: Restart zigbee2mqtt
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: zigbee2mqtt
|
||||
state: restarted
|
||||
|
||||
- name: Reload systemd-daemon and restart zigbee2mqtt
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: zigbee2mqtt
|
||||
state: restarted
|
||||
daemon_reload: true
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
zigbee2mqtt__version:
|
||||
description: zigbee2mqtt version to install
|
||||
type: str
|
||||
required: true
|
||||
zigbee2mqtt__initial_config:
|
||||
description: Configuration file content for initial deployment.
|
||||
It does not replace the configuration if it already exists.
|
||||
type: str
|
||||
required: true
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
||||
- "12"
|
||||
- role: nodejs
|
||||
vars:
|
||||
nodejs__major_version: 16
|
|
@ -1,87 +0,0 @@
|
|||
- name: Ensure acl is installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name: acl
|
||||
|
||||
- name: Ensure git is installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name: git
|
||||
|
||||
- name: Ensure zigbee2mqtt user exists
|
||||
become: true
|
||||
ansible.builtin.user:
|
||||
name: zigbee2mqtt
|
||||
groups:
|
||||
- zigbee2mqtt
|
||||
- dialout
|
||||
group: zigbee2mqtt
|
||||
|
||||
- name: Ensure installation directory exists
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
dest: /opt/zigbee2mqtt
|
||||
state: directory
|
||||
mode: "755"
|
||||
owner: zigbee2mqtt
|
||||
group: zigbee2mqtt
|
||||
|
||||
- name: Ensure zigbee2mqtt repository is cloned
|
||||
become: true
|
||||
become_user: zigbee2mqtt
|
||||
ansible.builtin.git:
|
||||
repo: https://github.com/Koenkk/zigbee2mqtt.git
|
||||
depth: 1
|
||||
dest: /opt/zigbee2mqtt
|
||||
version: "{{ zigbee2mqtt__version }}"
|
||||
notify: Restart zigbee2mqtt
|
||||
|
||||
- name: Ensure npm dependencies are installed
|
||||
become: true
|
||||
become_user: zigbee2mqtt
|
||||
community.general.npm:
|
||||
path: /opt/zigbee2mqtt
|
||||
ci: true
|
||||
changed_when: false # installs packages according to package-lock.json, but always reports a change
|
||||
|
||||
- name: Ensure custom zigbee2mqtt data directory exists
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
dest: /home/zigbee2mqtt/zigbee2mqtt_data
|
||||
state: directory
|
||||
mode: "755"
|
||||
owner: zigbee2mqtt
|
||||
group: zigbee2mqtt
|
||||
|
||||
- name: Check configuration file status
|
||||
ansible.builtin.stat:
|
||||
path: /home/zigbee2mqtt/zigbee2mqtt_data/configuration.yaml
|
||||
register: zigbee2mqtt__conf_stat
|
||||
|
||||
- name: Ensure configuration file is deployed when it doesn't exist
|
||||
become: true
|
||||
when: not zigbee2mqtt__conf_stat.stat.exists
|
||||
ansible.builtin.copy:
|
||||
content: "{{ zigbee2mqtt__initial_config }}"
|
||||
dest: /home/zigbee2mqtt/zigbee2mqtt_data/configuration.yaml
|
||||
mode: "640"
|
||||
owner: zigbee2mqtt
|
||||
group: zigbee2mqtt
|
||||
notify: Restart zigbee2mqtt
|
||||
|
||||
- name: Ensure zigbee2mqtt service file is deployed
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: zigbee2mqtt.service
|
||||
dest: /etc/systemd/system/zigbee2mqtt.service
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
notify: Reload systemd-daemon and restart zigbee2mqtt
|
||||
|
||||
- name: Ensure zigbee2mqtt is enabled and started
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: zigbee2mqtt
|
||||
enabled: true
|
||||
state: started
|
|
@ -1,21 +0,0 @@
|
|||
homeassistant: true
|
||||
|
||||
permit_join: false
|
||||
|
||||
mqtt:
|
||||
base_topic: zigbee2mqtt
|
||||
server: 'mqtt://mqtt.z9'
|
||||
|
||||
serial:
|
||||
port: /dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014DBC72F-if00
|
||||
|
||||
advanced:
|
||||
network_key: [{{ zigbee2mqtt__network_key }}]
|
||||
pan_id: 32673
|
||||
ext_pan_id: [58, 76, 37, 2, 22, 198, 237, 124]
|
||||
channel: 11
|
||||
|
||||
frontend:
|
||||
port: 8080
|
||||
host: localhost
|
||||
url: https://zigbee2mqtt.z9
|
Loading…
Reference in a new issue