CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 1 Wiki Activity Actions

Cleanup old configurations we no longer use.

Browse source 
We have a bunch of old hosts, host_vars and roles we no longer use.
There is no real value to keep them as they can just be fetched from the
git history, should they be needed again.
This make gettin a overview of the repository much simpler.
This commit is contained in:
chris 2024-11-22 23:02:41 +01:00
commit 433008d211
Signed by: c6ristian
SSH key fingerprint: SHA256:B3m+yzpaxGXSEcDBpPHfvza/DNC0wuX+CKMeGq8wgak
52 changed files with 0 additions and 1377 deletions
Download patch file Download diff file Expand all files Collapse all files

3
playbooks/roles/bluetooth_audio_sink/files/override.conf
View file

@ -1,3 +0,0 @@
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin audiosink --noclear %I 38400 linux

8
playbooks/roles/bluetooth_audio_sink/files/speaker-agent.service
View file

@ -1,8 +0,0 @@
[Unit]
Description=Bluetooth speaker agent
[Service]
ExecStart=python3 /opt/speaker-agent/speaker-agent.py
[Install]
WantedBy=default.target

14
playbooks/roles/bluetooth_audio_sink/handlers/main.yaml
View file

@ -1,14 +0,0 @@
---
- name: Restart bluetooth service
ansible.builtin.systemd:
service: bluetooth.service
state: restarted
- name: Restart speaker-agent service
become_user: audiosink
ansible.builtin.systemd:
service: speaker-agent.service
state: restarted
scope: user
daemon_reload: true
- name: Reboot host
ansible.builtin.reboot:

8
playbooks/roles/bluetooth_audio_sink/meta/argument_specs.yaml
View file

@ -1,8 +0,0 @@
---
argument_specs:
main:
options:
bluetooth_audio_sink__name:
description: Name the bluetooth device should have
type: str
required: true

8
playbooks/roles/bluetooth_audio_sink/meta/main.yaml
View file

@ -1,8 +0,0 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"

182
playbooks/roles/bluetooth_audio_sink/tasks/main.yaml
View file

@ -1,182 +0,0 @@
---
- name: Ensure acl is installed
become: true
ansible.builtin.apt:
name: acl
- name: Ensure machine-info file is deployed
become: true
ansible.builtin.template:
src: machine-info.j2
dest: /etc/machine-info
mode: "644"
owner: root
group: root
notify: Restart bluetooth service
- name: Ensure bluetooth config is deployed
become: true
ansible.builtin.template:
src: main.conf.j2
dest: /etc/bluetooth/main.conf
mode: "644"
owner: root
group: root
notify: Restart bluetooth service
- name: Ensure bluetooth service is enabled and started
become: true
ansible.builtin.systemd:
service: bluetooth.service
state: started
enabled: true
- name: Ensure audiosink user exists
become: true
ansible.builtin.user:
name: audiosink
groups:
- audio
- name: Ensure user services are started without needing to login
become: true
ansible.builtin.command:
cmd: loginctl enable-linger audiosink
changed_when: false
- name: Detect if on Raspberry Pi # noqa ignore-errors
ansible.builtin.include_role:
name: raspberry_pi_check
ignore_errors: true
- name: Ensure debian archive keyring is installed # noqa no-handler
become: true
when: raspberry_pi_check__cpuinfo.found
ansible.builtin.apt:
deb: https://ftp.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2021.1.1+deb11u1_all.deb
- name: Ensure debian backports repository is enabled
ansible.builtin.include_role:
name: add_apt_repository
vars:
add_apt_repository__https_repo: false
add_apt_repository__repo: "deb http://deb.debian.org/debian {{ ansible_facts.lsb.codename }}-backports main contrib non-free"
add_apt_repository__filename: "{{ ansible_facts.lsb.codename }}-backports.list"
- name: Ensure pipewire, wireplumber and libspa-0.2-bluetooth are installed
become: true
ansible.builtin.apt:
name:
- pipewire
- wireplumber
- libspa-0.2-bluetooth
default_release: "{{ ansible_facts.lsb.codename }}-backports"
- name: Ensure pipewire user service is enabled and started
become: true
become_user: audiosink
ansible.builtin.systemd:
name: pipewire.service
state: started
enabled: true
scope: user
- name: Ensure pipewire-pulse user service is enabled and started
become: true
become_user: audiosink
ansible.builtin.systemd:
name: pipewire-pulse.service
state: started
enabled: true
scope: user
- name: Ensure wireplumber user service is enabled
become: true
become_user: audiosink
ansible.builtin.systemd:
name: wireplumber.service
enabled: true
scope: user
- name: Ensure speaker-agent dependencies are installed
become: true
ansible.builtin.apt:
name:
- git
- python3-dbus
- name: Ensure speaker-agent repository is cloned
become: true
ansible.builtin.git:
repo: https://github.com/fdanis-oss/pw_wp_bluetooth_rpi_speaker.git
dest: /opt/speaker-agent
version: 9a939a23865ea020816017e06fd2290f301c35f9
- name: Ensure .config directory exists
become: true
become_user: audiosink
ansible.builtin.file:
path: /home/audiosink/.config
state: directory
mode: "700"
owner: audiosink
group: audiosink
- name: Ensure .config/systemd directory exists
become: true
become_user: audiosink
ansible.builtin.file:
path: /home/audiosink/.config/systemd
state: directory
mode: "755"
owner: audiosink
group: audiosink
- name: Ensure .config/systemd/user directory exists
become: true
become_user: audiosink
ansible.builtin.file:
path: /home/audiosink/.config/systemd/user
state: directory
mode: "755"
owner: audiosink
group: audiosink
- name: Ensure speaker-agent service file is deployed
become: true
become_user: audiosink
ansible.builtin.copy:
src: speaker-agent.service
dest: /home/audiosink/.config/systemd/user/speaker-agent.service
mode: "644"
owner: audiosink
group: audiosink
notify: Restart speaker-agent service
- name: Ensure speaker-agent service is enabled and started
become: true
become_user: audiosink
ansible.builtin.systemd:
name: speaker-agent.service
state: started
enabled: true
scope: user
# This part is janky, but I don't know how to make the bluetooth service, wireplumber and pipewire
# work with each other without being logged in.
- name: Ensure getty@tty1 override file is deployed
become: true
ansible.builtin.copy:
src: override.conf
dest: /etc/systemd/system/getty@tty1.service.d/override.conf
mode: "644"
owner: root
group: root
notify: Reboot host
- name: Ensure autologin for audiosink user is enabled
become: true
ansible.builtin.systemd:
service: getty@tty1.service
enabled: true
notify: Reboot host

1
playbooks/roles/bluetooth_audio_sink/templates/machine-info.j2
View file

@ -1 +0,0 @@
PRETTY_HOSTNAME=Audio Pi

211
playbooks/roles/bluetooth_audio_sink/templates/main.conf.j2
View file

@ -1,211 +0,0 @@
[General]
# Defaults to 'BlueZ X.YZ', if Name is not set here and plugin 'hostname' is not loaded.
# The plugin 'hostname' is loaded by default and overides the Name set here so
# consider modifying /etc/machine-info with variable PRETTY_HOSTNAME=<NewName> instead.
Name = {{ bluetooth_audio_sink__name }}
# Default device class. Only the major and minor device class bits are
# considered. Defaults to '0x000000'.
Class = 0x200414 # Audio (Major Service Class), Audio/Video (Major Device Class), Loudspeaker (Minor Device Class)
# How long to stay in discoverable mode before going back to non-discoverable
# The value is in seconds. Default is 180, i.e. 3 minutes.
# 0 = disable timer, i.e. stay discoverable forever
#DiscoverableTimeout = 0
DiscoverableTimeout = 0
# Always allow pairing even if there are no agent registered
# Possible values: true, false
# Default: false
#AlwaysPairable = false
AlwaysPairable = true
# How long to stay in pairable mode before going back to non-discoverable
# The value is in seconds. Default is 0.
# 0 = disable timer, i.e. stay pairable forever
#PairableTimeout = 0
PairableTimeout = 0
# Use vendor id source (assigner), vendor, product and version information for
# DID profile support. The values are separated by ":" and assigner, VID, PID
# and version.
# Possible vendor id source values: bluetooth, usb (defaults to usb)
#DeviceID = bluetooth:1234:5678:abcd
# Do reverse service discovery for previously unknown devices that connect to
# us. For BR/EDR this option is really only needed for qualification since the
# BITE tester doesn't like us doing reverse SDP for some test cases, for LE
# this disables the GATT client functionally so it can be used in system which
# can only operate as peripheral.
# Defaults to 'true'.
#ReverseServiceDiscovery = true
# Enable name resolving after inquiry. Set it to 'false' if you don't need
# remote devices name and want shorter discovery cycle. Defaults to 'true'.
#NameResolving = true
# Enable runtime persistency of debug link keys. Default is false which
# makes debug link keys valid only for the duration of the connection
# that they were created for.
#DebugKeys = false
# Restricts all controllers to the specified transport. Default value
# is "dual", i.e. both BR/EDR and LE enabled (when supported by the HW).
# Possible values: "dual", "bredr", "le"
#ControllerMode = dual
# Enables Multi Profile Specification support. This allows to specify if
# system supports only Multiple Profiles Single Device (MPSD) configuration
# or both Multiple Profiles Single Device (MPSD) and Multiple Profiles Multiple
# Devices (MPMD) configurations.
# Possible values: "off", "single", "multiple"
#MultiProfile = off
# Permanently enables the Fast Connectable setting for adapters that
# support it. When enabled other devices can connect faster to us,
# however the tradeoff is increased power consumptions. This feature
# will fully work only on kernel version 4.1 and newer. Defaults to
# 'false'.
#FastConnectable = false
# Default privacy setting.
# Enables use of private address.
# Possible values: "off", "device", "network"
# "network" option not supported currently
# Defaults to "off"
# Privacy = off
# Specify the policy to the JUST-WORKS repairing initiated by peer
# Possible values: "never", "confirm", "always"
# Defaults to "never"
#JustWorksRepairing = never
JustWorksRepairing = always
# How long to keep temporary devices around
# The value is in seconds. Default is 30.
# 0 = disable timer, i.e. never keep temporary devices
#TemporaryTimeout = 30
# Enables the device to issue an SDP request to update known services when
# profile is connected. Defaults to true.
#RefreshDiscovery = true
Enable=Sink
[Controller]
# The following values are used to load default adapter parameters. BlueZ loads
# the values into the kernel before the adapter is powered if the kernel
# supports the MGMT_LOAD_DEFAULT_PARAMETERS command. If a value isn't provided,
# the kernel will be initialized to it's default value. The actual value will
# vary based on the kernel version and thus aren't provided here.
# The Bluetooth Core Specification should be consulted for the meaning and valid
# domain of each of these values.
# BR/EDR Page scan activity configuration
#BRPageScanType=
#BRPageScanInterval=
#BRPageScanWindow=
# BR/EDR Inquiry scan activity configuration
#BRInquiryScanType=
#BRInquiryScanInterval=
#BRInquiryScanWindow=
# BR/EDR Link supervision timeout
#BRLinkSupervisionTimeout=
# BR/EDR Page Timeout
#BRPageTimeout=
# BR/EDR Sniff Intervals
#BRMinSniffInterval=
#BRMaxSniffInterval=
# LE advertisement interval (used for legacy advertisement interface only)
#LEMinAdvertisementInterval=
#LEMaxAdvertisementInterval=
#LEMultiAdvertisementRotationInterval=
# LE scanning parameters used for passive scanning supporting auto connect
# scenarios
#LEScanIntervalAutoConnect=
#LEScanWindowAutoConnect=
# LE scanning parameters used for passive scanning supporting wake from suspend
# scenarios
#LEScanIntervalSuspend=
#LEScanWindowSuspend=
# LE scanning parameters used for active scanning supporting discovery
# proceedure
#LEScanIntervalDiscovery=
#LEScanWindowDiscovery=
# LE scanning parameters used for passive scanning supporting the advertisement
# monitor Apis
#LEScanIntervalAdvMonitor=
#LEScanWindowAdvMonitor=
# LE scanning parameters used for connection establishment.
#LEScanIntervalConnect=
#LEScanWindowConnect=
# LE default connection parameters. These values are superceeded by any
# specific values provided via the Load Connection Parameters interface
#LEMinConnectionInterval=
#LEMaxConnectionInterval=
#LEConnectionLatency=
#LEConnectionSupervisionTimeout=
#LEAutoconnecttimeout=
[GATT]
# GATT attribute cache.
# Possible values:
# always: Always cache attributes even for devices not paired, this is
# recommended as it is best for interoperability, with more consistent
# reconnection times and enables proper tracking of notifications for all
# devices.
# yes: Only cache attributes of paired devices.
# no: Never cache attributes
# Default: always
#Cache = always
# Minimum required Encryption Key Size for accessing secured characteristics.
# Possible values: 0 and 7-16. 0 means don't care.
# Defaults to 0
#KeySize = 0
# Exchange MTU size.
# Possible values: 23-517
# Defaults to 517
#ExchangeMTU = 517
# Number of ATT channels
# Possible values: 1-5 (1 disables EATT)
# Default to 3
#Channels = 3
[Policy]
#
# The ReconnectUUIDs defines the set of remote services that should try
# to be reconnected to in case of a link loss (link supervision
# timeout). The policy plugin should contain a sane set of values by
# default, but this list can be overridden here. By setting the list to
# empty the reconnection feature gets disabled.
#ReconnectUUIDs=00001112-0000-1000-8000-00805f9b34fb,0000111f-0000-1000-8000-00805f9b34fb,0000110a-0000-1000-8000-00805f9b34fb
# ReconnectAttempts define the number of attempts to reconnect after a link
# lost. Setting the value to 0 disables reconnecting feature.
#ReconnectAttempts=7
# ReconnectIntervals define the set of intervals in seconds to use in between
# attempts.
# If the number of attempts defined in ReconnectAttempts is bigger than the
# set of intervals the last interval is repeated until the last attempt.
#ReconnectIntervals=1,2,4,8,16,32,64
# AutoEnable defines option to enable all controllers when they are found.
# This includes adapters present on start as well as adapters that are plugged
# in later on. Defaults to 'false'.
AutoEnable=true

25
playbooks/roles/cert/README.md
View file

@ -1,25 +0,0 @@
# Role `cert`
A role for ordering and renewing certificates from Lets Encrypt via ACME.
It uses the DNS challenge and fullfills it via a BIND 9 server given to the role.
## Supported Distributions
The following distributions are supported:
- Debian 11
## Required Arguments
For the required arguments look at the [`argument_specs.yaml`](./meta/argument_specs.yml)
## `hosts`
The `hosts` for this role need to be the machines on which you want to have the certificates.
## Links & Resources
- <https://docs.ansible.com/ansible/7/collections/community/crypto/acme_certificate_module.html>
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_privatekey_module.html>
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_csr_module.html>
- <https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates>

7
playbooks/roles/cert/defaults/main.yaml
View file

@ -1,7 +0,0 @@
cert__handlers: []
cert__owner: root
cert__group: root
cert__fullchain_pem_permissions: "0660"
cert__chain_pem_permissions: "0660"
cert__cert_pem_permissions: "0660"
cert__privkey_pem_permissions: "0600"

52
playbooks/roles/cert/meta/argument_specs.yaml
View file

@ -1,52 +0,0 @@
---
argument_specs:
main:
short_description: Orders and renews certificates from Let's Encrypt
options:
cert__domains:
description: Domains for which to issue a certificate. Must be in the same DNS zone.
required: true
type: list
elements: str
cert__owner:
description: Owner of the certificate files.
required: false
type: str
default: root
cert__group:
description: Group of the certificate files.
required: false
type: str
default: root
cert__acme_account_email:
description: E-Mail address for ACME account
required: true
type: str
cert__bind_9_host:
description: The machine running BIND 9.
required: true
type: str
cert__bind_9_zone:
description: The zone to use for publishing the TXT record.
required: true
type: str
cert__fullchain_pem_permissions:
description: Permissons for the `fullchain.pem`.
type: str
required: false
default: "0660"
cert__chain_pem_permissions:
description: Permissons for the `chain.pem`.
type: str
required: false
default: "0660"
cert__cert_pem_permissions:
description: Permissons for the `cert.pem`.
type: str
required: false
default: "0660"
cert__privkey_pem_permissions:
description: Permissons for the `privkey.pem`.
type: str
required: false
default: "0600"

8
playbooks/roles/cert/meta/main.yaml
View file

@ -1,8 +0,0 @@
dependencies: # noqa meta-no-info
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"
- "12"

180
playbooks/roles/cert/tasks/deploy_cert.yaml
View file

@ -1,180 +0,0 @@
- name: Ensure `ansible_certs` directory exists
ansible.builtin.file:
path: /etc/ansible_certs
state: directory
owner: root
group: root
mode: "755"
become: true
- name: Ensure `certs` sub-directory exists
ansible.builtin.file:
path: /etc/ansible_certs/certs
state: directory
owner: root
group: root
mode: "755"
become: true
- name: Ensure sub-directory for the certificate exists
ansible.builtin.file:
path: "/etc/ansible_certs/certs/{{ item }}"
state: directory
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "755"
become: true
- name: Ensure private key for certificate exists
community.crypto.openssl_privatekey:
path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
size: 4096
type: RSA
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "{{ cert__privkey_pem_permissions }}"
become: true
- name: Ensure certificate signing request is created
community.crypto.openssl_csr:
path: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
privatekey_path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
common_name: "{{ item }}"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "0660"
become: true
register: cert__csr_result
- name: Ensure private key for ACME account exists
community.crypto.openssl_privatekey:
path: "/etc/ansible_certs/account_key.pem"
size: 4096
type: RSA
owner: root
group: root
mode: "0600"
become: true
- name: Check certificate status and create ACME challenge if needed
community.crypto.acme_certificate:
account_email: "{{ cert__acme_account_email }}"
account_key_src: "/etc/ansible_certs/account_key.pem"
acme_directory: https://acme-v02.api.letsencrypt.org/directory
acme_version: 2
remaining_days: 28
terms_agreed: true
challenge: dns-01
csr: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
dest: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
fullchain_dest: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
become: true
register: cert__acme_challenge
- name: Retrieve certificate and fulfill challenge if needed # noqa no-handler
when: cert__acme_challenge.changed # Can't be put in a handler, because then the block "always" tasks won't be executed for some reason
block:
- name: Add file containing nsupdate commands for adding TXT record for DNS-01 challenge
ansible.builtin.template:
src: nsupdate_add_txt_record.j2
dest: /root/nsupdate_add_txt_record
owner: root
group: root
mode: "0600"
vars:
cert__nsupdate_domain: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].record }}"
cert__nsupdate_txt_data: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].resource_value }}"
become: true
delegate_to: "{{ cert__bind_9_host }}"
- name: Add DNS record to BIND 9 server via nsupdate # noqa: no-changed-when
ansible.builtin.command: /usr/bin/nsupdate -l /root/nsupdate_add_txt_record
become: true
delegate_to: "{{ cert__bind_9_host }}"
- name: Retrieve certificate
community.crypto.acme_certificate:
account_email: "{{ cert__acme_account_email }}"
account_key_src: "/etc/ansible_certs/account_key.pem"
acme_directory: https://acme-v02.api.letsencrypt.org/directory
acme_version: 2
terms_agreed: true
remaining_days: 28
challenge: dns-01
csr: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
dest: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
fullchain_dest: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
data: "{{ cert__acme_challenge }}"
become: true
notify: "{{ cert__handlers }}"
always:
- name: Remove file containing nsupdate commands for adding TXT record again
ansible.builtin.file:
path: /root/nsupdate_add_txt_record
state: absent
become: true
delegate_to: "{{ cert__bind_9_host }}"
- name: Remove TXT record again
block:
- name: Add file containing nsupdate commands for deleting TXT record for DNS-01 challenge
ansible.builtin.template:
src: nsupdate_delete_txt_record.j2
dest: /root/nsupdate_delete_txt_record
owner: root
group: root
mode: "0600"
vars:
cert__nsupdate_domain: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].record }}"
cert__nsupdate_txt_data: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].resource_value }}"
become: true
delegate_to: "{{ cert__bind_9_host }}"
- name: Remove DNS record from BIND 9 server via nsupdate # noqa: no-changed-when
ansible.builtin.command: /usr/bin/nsupdate -l /root/nsupdate_delete_txt_record
become: true
delegate_to: "{{ cert__bind_9_host }}"
always:
- name: Remove file containing nsupdate commands for deleting TXT record again
ansible.builtin.file:
path: /root/nsupdate_delete_txt_record
state: absent
become: true
delegate_to: "{{ cert__bind_9_host }}"
- name: Ensure correct permissions for certificate are set
ansible.builtin.file:
path: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "{{ cert__cert_pem_permissions }}"
become: true
- name: Ensure correct permissions for fullchain cert are set
ansible.builtin.file:
path: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "{{ cert__fullchain_pem_permissions }}"
become: true
- name: Get content of cert.pem
ansible.builtin.slurp:
src: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
become: true
register: cert__cert_slurp
- name: Get content of fullchain.pem
ansible.builtin.slurp:
src: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
become: true
register: cert__fullchain_slurp
- name: Ensure chain.pem is created
ansible.builtin.copy:
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "{{ cert__chain_pem_permissions }}"
become: true

3
playbooks/roles/cert/tasks/main.yaml
View file

@ -1,3 +0,0 @@
- name: Deploy cert
ansible.builtin.include_tasks: deploy_cert.yaml
loop: "{{ cert__domains }}"

4
playbooks/roles/cert/templates/nsupdate_add_txt_record.j2
View file

@ -1,4 +0,0 @@
debug
zone {{ cert__bind_9_zone }}
update add {{ cert__nsupdate_domain }} 60 TXT {{ cert__nsupdate_txt_data }}
send

4
playbooks/roles/cert/templates/nsupdate_delete_txt_record.j2
View file

@ -1,4 +0,0 @@
debug
zone {{ cert__bind_9_zone }}
update delete {{ cert__nsupdate_domain }} 60 TXT {{ cert__nsupdate_txt_data }}
send

4
playbooks/roles/hifiberry/handlers/main.yaml
View file

@ -1,4 +0,0 @@
---
- name: Restart system
become: true
ansible.builtin.reboot:

17
playbooks/roles/hifiberry/meta/argument_specs.yaml
View file

@ -1,17 +0,0 @@
---
argument_specs:
main:
options:
hifiberry__device:
description: Which HiFiBerry board to enable
type: str
choices:
- hifiberry-dac
- hifiberry-dacplus
- hifiberry-dacplushd
- hifiberry-dacplusadc
- hifiberry-dacplusadcpro
- hifiberry-digi
- hifiberry-digi-pro
- hifiberry-amp
required: true

9
playbooks/roles/hifiberry/meta/main.yaml
View file

@ -1,9 +0,0 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"
- role: raspberry_pi_check

23
playbooks/roles/hifiberry/tasks/main.yaml
View file

@ -1,23 +0,0 @@
---
- name: Remove dtparam=audio=on
become: true
ansible.builtin.lineinfile:
line: dtparam=audio=on
dest: /boot/config.txt
state: absent
notify: Restart system
- name: Set audio=off for dtoverlay=vc4-kms-v3d
become: true
ansible.builtin.lineinfile:
regexp: ^dtoverlay=vc4-kms-v3d
line: dtoverlay=vc4-kms-v3d,audio=off
dest: /boot/config.txt
notify: Restart system
- name: Add hifiberry dtoverlay
become: true
ansible.builtin.lineinfile:
line: "dtoverlay={{ hifiberry__device }}"
dest: /boot/config.txt
notify: Restart system

6
playbooks/roles/mosquitto/handlers/main.yaml
View file

@ -1,6 +0,0 @@
---
- name: Restart mosquitto
become: true
ansible.builtin.systemd:
service: mosquitto.service
state: restarted

26
playbooks/roles/mosquitto/meta/argument_specs.yaml
View file

@ -1,26 +0,0 @@
---
argument_specs:
main:
options:
mosquitto__mosquitto_conf_content:
description: The content of the main mosquitto configuration file.
type: str
required: true
mosquitto__configs:
description: A list of additional mosquitto configurations.
type: list
elements: dict
required: false
options:
name:
description: >-
The name of the configuration file, where the configuration should
be deployed to. The file will be placed under `/etc/mosquitto/conf.d` and
`.conf` will be appended to the given name. So in the end the path
will be like this: `/etc/mosquitto/conf.d/\{\ name \}\}.conf`.
type: str
required: true
content:
description: The content of the configuration.
type: str
required: true

8
playbooks/roles/mosquitto/meta/main.yaml
View file

@ -1,8 +0,0 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"

33
playbooks/roles/mosquitto/tasks/main.yaml
View file

@ -1,33 +0,0 @@
---
- name: Ensure mosquitto is installed
become: true
ansible.builtin.apt:
name: mosquitto
- name: Ensure main configuraton file is deployed
become: true
ansible.builtin.copy:
content: "{{ mosquitto__mosquitto_conf_content }}"
dest: /etc/mosquitto/mosquitto.conf
mode: "644"
owner: root
group: root
notify: Restart mosquitto
- name: Ensure all additional configuraton files are deployed
become: true
ansible.builtin.copy:
content: "{{ item.content }}"
dest: /etc/mosquitto/conf.d/{{ item.name }}.conf
mode: "644"
owner: root
group: root
loop: "{{ mosquitto__configs }}"
notify: Restart mosquitto
- name: Ensure mosquitto service is enabled and started
become: true
ansible.builtin.systemd:
service: mosquitto.service
enabled: true
state: started

8
playbooks/roles/nodejs/meta/argument_specs.yaml
View file

@ -1,8 +0,0 @@
---
argument_specs:
main:
options:
nodejs__major_version:
description: Major version of nodejs to install
type: int
required: true

17
playbooks/roles/nodejs/meta/main.yaml
View file

@ -1,17 +0,0 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"
- "12"
- role: add_apt_repository
vars:
add_apt_repository__https_repo: true
add_apt_repository__keyring_url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
add_apt_repository__keyring_path: /usr/share/keyrings/nodesource.gpg
add_apt_repository__repo: "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_\
{{ nodejs__major_version }}.x {{ ansible_facts.lsb.codename }} main"
add_apt_repository__filename: nodesource.list

4
playbooks/roles/nodejs/tasks/main.yaml
View file

@ -1,4 +0,0 @@
---
- name: Ensure nodejs is installed
ansible.builtin.apt:
name: nodejs

12
playbooks/roles/raspberry_pi_check/tasks/main.yaml
View file

@ -1,12 +0,0 @@
- name: Detect if on Raspberry Pi
ansible.builtin.lineinfile:
path: /proc/cpuinfo
regexp: ".*Raspberry Pi.*"
state: absent
check_mode: true
register: raspberry_pi_check__cpuinfo
changed_when: false
- name: Fail when not on Raspberry Pi # noqa no-handler
when: not raspberry_pi_check__cpuinfo.found
ansible.builtin.fail:
msg: You are not running on Raspberry Pi hardware!

6
playbooks/roles/shairport_sync/handlers/main.yaml
View file

@ -1,6 +0,0 @@
---
- name: Restart shairport-sync service
become: true
ansible.builtin.systemd:
service: shairport-sync
state: restarted

8
playbooks/roles/shairport_sync/meta/argument_specs.yaml
View file

@ -1,8 +0,0 @@
---
argument_specs:
main:
options:
shairport_sync__config:
description: shairport-sync config content
type: str
required: true

8
playbooks/roles/shairport_sync/meta/main.yaml
View file

@ -1,8 +0,0 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"

22
playbooks/roles/shairport_sync/tasks/main.yaml
View file

@ -1,22 +0,0 @@
---
- name: Ensure shairport-sync is installed
become: true
ansible.builtin.apt:
name: shairport-sync
- name: Ensure shairport-sync config is deployed
become: true
ansible.builtin.copy:
content: "{{ shairport_sync__config }}"
dest: /etc/shairport-sync.conf
mode: "644"
owner: root
group: root
notify: Restart shairport-sync service
- name: Ensure shairport-sync service is enabled and started
become: true
ansible.builtin.systemd:
service: shairport-sync
state: started
enabled: true

18
playbooks/roles/zigbee2mqtt/files/zigbee2mqtt.service
View file

@ -1,18 +0,0 @@
[Unit]
Description=zigbee2mqtt
After=network.target
[Service]
Environment=ZIGBEE2MQTT_DATA=/home/zigbee2mqtt/zigbee2mqtt_data
Environment=NODE_ENV=production
ExecStart=/usr/bin/npm start
WorkingDirectory=/opt/zigbee2mqtt
StandardOutput=inherit
# Or use StandardOutput=null if you don't want Zigbee2MQTT messages filling syslog, for more options see systemd.exec(5)
StandardError=inherit
Restart=always
RestartSec=10s
User=zigbee2mqtt
[Install]
WantedBy=multi-user.target

12
playbooks/roles/zigbee2mqtt/handlers/main.yaml
View file

@ -1,12 +0,0 @@
- name: Restart zigbee2mqtt
become: true
ansible.builtin.systemd:
name: zigbee2mqtt
state: restarted
- name: Reload systemd-daemon and restart zigbee2mqtt
become: true
ansible.builtin.systemd:
name: zigbee2mqtt
state: restarted
daemon_reload: true

13
playbooks/roles/zigbee2mqtt/meta/argument_specs.yaml
View file

@ -1,13 +0,0 @@
---
argument_specs:
main:
options:
zigbee2mqtt__version:
description: zigbee2mqtt version to install
type: str
required: true
zigbee2mqtt__initial_config:
description: Configuration file content for initial deployment.
It does not replace the configuration if it already exists.
type: str
required: true

12
playbooks/roles/zigbee2mqtt/meta/main.yaml
View file

@ -1,12 +0,0 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"
- "12"
- role: nodejs
vars:
nodejs__major_version: 16

87
playbooks/roles/zigbee2mqtt/tasks/main.yaml
View file

@ -1,87 +0,0 @@
- name: Ensure acl is installed
become: true
ansible.builtin.apt:
name: acl
- name: Ensure git is installed
become: true
ansible.builtin.apt:
name: git
- name: Ensure zigbee2mqtt user exists
become: true
ansible.builtin.user:
name: zigbee2mqtt
groups:
- zigbee2mqtt
- dialout
group: zigbee2mqtt
- name: Ensure installation directory exists
become: true
ansible.builtin.file:
dest: /opt/zigbee2mqtt
state: directory
mode: "755"
owner: zigbee2mqtt
group: zigbee2mqtt
- name: Ensure zigbee2mqtt repository is cloned
become: true
become_user: zigbee2mqtt
ansible.builtin.git:
repo: https://github.com/Koenkk/zigbee2mqtt.git
depth: 1
dest: /opt/zigbee2mqtt
version: "{{ zigbee2mqtt__version }}"
notify: Restart zigbee2mqtt
- name: Ensure npm dependencies are installed
become: true
become_user: zigbee2mqtt
community.general.npm:
path: /opt/zigbee2mqtt
ci: true
changed_when: false # installs packages according to package-lock.json, but always reports a change
- name: Ensure custom zigbee2mqtt data directory exists
become: true
ansible.builtin.file:
dest: /home/zigbee2mqtt/zigbee2mqtt_data
state: directory
mode: "755"
owner: zigbee2mqtt
group: zigbee2mqtt
- name: Check configuration file status
ansible.builtin.stat:
path: /home/zigbee2mqtt/zigbee2mqtt_data/configuration.yaml
register: zigbee2mqtt__conf_stat
- name: Ensure configuration file is deployed when it doesn't exist
become: true
when: not zigbee2mqtt__conf_stat.stat.exists
ansible.builtin.copy:
content: "{{ zigbee2mqtt__initial_config }}"
dest: /home/zigbee2mqtt/zigbee2mqtt_data/configuration.yaml
mode: "640"
owner: zigbee2mqtt
group: zigbee2mqtt
notify: Restart zigbee2mqtt
- name: Ensure zigbee2mqtt service file is deployed
become: true
ansible.builtin.copy:
src: zigbee2mqtt.service
dest: /etc/systemd/system/zigbee2mqtt.service
mode: "644"
owner: root
group: root
notify: Reload systemd-daemon and restart zigbee2mqtt
- name: Ensure zigbee2mqtt is enabled and started
become: true
ansible.builtin.systemd:
service: zigbee2mqtt
enabled: true
state: started