CCCHH/ansible-infra
CCCHH/ansible-infra
3
0
Fork 0
Code Issues 4 Pull requests Wiki Activity

Cleanup old configurations we no longer use.

Browse source 
We have a bunch of old hosts, host_vars and roles we no longer use.
There is no real value to keep them as they can just be fetched from the
git history, should they be needed again.
This make gettin a overview of the repository much simpler.
This commit is contained in:
christian 2024-11-22 23:02:41 +01:00
parent 739a2e1cbd
commit 433008d211
Signed by: c6ristian
SSH key fingerprint: SHA256:B3m+yzpaxGXSEcDBpPHfvza/DNC0wuX+CKMeGq8wgak
52 changed files with 0 additions and 1377 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
inventories/z9/host_vars/mqtt.yaml
View file

@ -1,4 +0,0 @@
mosquitto__mosquitto_conf_content: "{{ lookup('ansible.builtin.file', 'z9/configs/automation/mosquitto/mosquitto.conf') }}"
mosquitto__configs:
- name: winkekatz
content: "{{ lookup('ansible.builtin.file', 'z9/configs/automation/mosquitto/winkekatz.conf') }}"

14
inventories/z9/host_vars/uptime-kuma.yaml
View file

@ -1,14 +0,0 @@
certbot__version_spec: ""
certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
certbot__certificate_domains:
- "status.ccchh.net"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'z9/configs/uptime-kuma/compose.yaml') }}"
docker_compose__configuration_files: [ ]
nginx__version_spec: ""
nginx__configurations:
- name: status.ccchh.net
content: "{{ lookup('ansible.builtin.file', 'z9/configs/uptime-kuma/nginx/status.ccchh.net.conf') }}"

15
inventories/z9/host_vars/zigbee2mqtt.yaml
View file

@ -1,15 +0,0 @@
zigbee2mqtt__version: "1.37.1"
zigbee2mqtt__network_key: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/z9/zigbee2mqtt/network_key', create=false, missing='error') }}"
zigbee2mqtt__initial_config: "{{ lookup('ansible.builtin.template', 'z9/configs/zigbee2mqtt/zigbee2mqtt/configuration.yaml.j2') }}"
certbot__version_spec: ""
certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
certbot__certificate_domains:
- "zigbee2mqtt.ccchh.net"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
nginx__configurations:
- name: zigbee2mqtt
content: "{{ lookup('ansible.builtin.file', 'z9/configs/zigbee2mqtt/nginx/zigbee2mqtt.conf') }}"

25
inventories/z9/hosts.yaml
View file

@ -8,43 +8,18 @@ all:
authoritative-dns: authoritative-dns:
ansible_host: authoritative-dns.z9.ccchh.net ansible_host: authoritative-dns.z9.ccchh.net
ansible_user: chaos ansible_user: chaos
uptime-kuma:
ansible_host: uptime-kuma.z9.ccchh.net
ansible_user: chaos
debian_12: debian_12:
hosts: hosts:
nginx_hosts: nginx_hosts:
hosts: hosts:
light: light:
uptime-kuma:
public_reverse_proxy_hosts:
hosts:
cert_hosts:
hosts:
certbot_hosts:
hosts:
uptime-kuma:
zigbee2mqtt_hosts:
hosts:
mosquitto_hosts:
hosts:
ola_hosts: ola_hosts:
hosts: hosts:
light: light:
foobazdmx_hosts: foobazdmx_hosts:
hosts: hosts:
light: light:
hifiberry_hosts:
hosts:
bluetooth_audio_sink_hosts:
hosts:
shairport_sync_hosts:
hosts:
docker_compose_hosts:
hosts:
uptime-kuma:
infrastructure_authorized_keys_hosts: infrastructure_authorized_keys_hosts:
hosts: hosts:
light: light:
authoritative-dns: authoritative-dns:
uptime-kuma:

33
playbooks/deploy.yaml
View file

@ -1,7 +1,4 @@
--- ---
- name: engelsystem_specific_pre_tasks
ansible.builtin.import_playbook: engelsystem_specific_pre_tasks.yaml
- name: Ensure SSH server config deployment on ssh_server_config_hosts - name: Ensure SSH server config deployment on ssh_server_config_hosts
hosts: ssh_server_config_hosts hosts: ssh_server_config_hosts
roles: roles:
@ -17,21 +14,6 @@
roles: roles:
- nextcloud - nextcloud
- name: Ensure HiFiBerry deployment on hifiberry_hosts
hosts: hifiberry_hosts
roles:
- hifiberry
- name: Ensure bluetooth audio sink deployment on bluetooth_audio_sink_hosts
hosts: bluetooth_audio_sink_hosts
roles:
- bluetooth_audio_sink
- name: Ensure shairport sync deployment on shairport_sync_hosts
hosts: shairport_sync_hosts
roles:
- shairport_sync
- name: Ensure ola deployment on ola_hosts - name: Ensure ola deployment on ola_hosts
hosts: ola_hosts hosts: ola_hosts
roles: roles:
@ -42,26 +24,11 @@
roles: roles:
- foobazdmx - foobazdmx
- name: Ensure Mosquitto MQTT broker deployment on mosquitto_hosts
hosts: mosquitto_hosts
roles:
- mosquitto
- name: Ensure Zigbee2MQTT deployment on zigbee2mqtt_hosts
hosts: zigbee2mqtt_hosts
roles:
- zigbee2mqtt
- name: Ensure Dokuwiki config - name: Ensure Dokuwiki config
hosts: wiki hosts: wiki
roles: roles:
- dokuwiki - dokuwiki
- name: Ensure certificate deployment on cert_hosts
hosts: cert_hosts
roles:
- cert
- name: Ensure NGINX deployment on nginx_hosts, which are also public_reverse_proxy_hosts, before certbot role runs - name: Ensure NGINX deployment on nginx_hosts, which are also public_reverse_proxy_hosts, before certbot role runs
hosts: nginx_hosts:&public_reverse_proxy_hosts hosts: nginx_hosts:&public_reverse_proxy_hosts
roles: roles:

23
playbooks/engelsystem_specific_pre_tasks.yaml
View file

@ -1,23 +0,0 @@
---
- name: engelsystem on engelsystem.z9 specific pre tasks
hosts: engelsystem
pre_tasks:
- name: Install git
ansible.builtin.apt:
name: git
state: present
- name: Clone engelsystem repo
ansible.builtin.git:
repo: https://github.com/engelsystem/engelsystem.git
dest: "{{ ansible_user_dir }}/engelsystem"
version: main
force: true
update: false
- name: apply patch to code to add train drivers license
ansible.posix.patch:
src: patches/engelsystem/code_en.patch
dest: "{{ ansible_user_dir }}/engelsystem/includes/view/UserDriverLicenses_view.php"
- name: apply patch to german locale add train drivers license
ansible.posix.patch:
src: patches/engelsystem/lang_de.patch
dest: "{{ ansible_user_dir }}/engelsystem/resources/lang/de_DE/default.po"

42
playbooks/files/chaosknoten/configs/engelsystem/nginx/aes.ccchh.net.conf
View file

@ -1,42 +0,0 @@
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
# Listen on a custom port for the proxy protocol.
listen 8443 ssl http2 proxy_protocol;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
server_name aes.ccchh.net;
ssl_certificate /etc/letsencrypt/live/aes.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aes.ccchh.net/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/aes.ccchh.net/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 443;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
# Hide the X-Forwarded header.
proxy_hide_header X-Forwarded;
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
# is transparent).
# Also provide "_hidden" for by, since it's not relevant.
proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
location / {
proxy_pass http://127.0.0.1:5080/;
}
}

8
playbooks/files/patches/engelsystem/code_en.patch
View file

@ -1,8 +0,0 @@
22c22
< form_checkbox('wants_to_drive', __('I am willing to drive a car for the event'), $user_driver_license->wantsToDrive()),
---
> form_checkbox('wants_to_drive', __('I am willing to drive a vehicle for the event'), $user_driver_license->wantsToDrive()),
48c48
< __('Forklift'),
---
> __('Train'),

12
playbooks/files/patches/engelsystem/lang_de.patch
View file

@ -1,12 +0,0 @@
1390,1391c1390,1391
< msgid "Forklift"
< msgstr "Gabelstapler"
---
> msgid "Train"
> msgstr "Lok"
1643,1644c1643,1644
< msgid "I am willing to drive a car for the event"
< msgstr "Ich möchte für das Event Auto fahren"
---
> msgid "I am willing to drive a vehicle for the event"
> msgstr "Ich möchte für das Event Fahrzeuge fahren"

16
playbooks/files/z9/configs/automation/mosquitto/mosquitto.conf
View file

@ -1,16 +0,0 @@
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
per_listener_settings false
listener 1883
allow_anonymous true
pid_file /run/mosquitto/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d

8
playbooks/files/z9/configs/automation/mosquitto/winkekatz.conf
View file

@ -1,8 +0,0 @@
connection winkekatz
address mqtt.winkekatze24.de
bridge_protocol_version mqttv311
topic winkekatze/allcats/eye/set in 2
topic winkekatze/allcats in 2
topic +/status out 2 winkekatze/ ""
topic +/connected out 2 winkekatze/ ""

17
playbooks/files/z9/configs/uptime-kuma/compose.yaml
View file

@ -1,17 +0,0 @@
## Links & Rescources:
#
# https://github.com/louislam/uptime-kuma
# https://github.com/louislam/uptime-kuma/wiki/%F0%9F%94%A7-How-to-Install
# https://github.com/louislam/uptime-kuma/blob/master/docker/docker-compose.yml
# https://github.com/louislam/uptime-kuma/wiki/%F0%9F%86%99-How-to-Update
# https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy
# https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
services:
uptime-kuma:
image: louislam/uptime-kuma:1
restart: unless-stopped
volumes:
- "./uptime-kuma-data:/app/data"
ports:
- 3001:3001

40
playbooks/files/z9/configs/uptime-kuma/nginx/status.ccchh.net.conf
View file

@ -1,40 +0,0 @@
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
# Also see: https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy
server {
# Listen on a custom port for the proxy protocol.
listen 8443 ssl http2 proxy_protocol;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 10.31.206.1;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
server_name status.ccchh.net;
ssl_certificate /etc/letsencrypt/live/status.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/status.ccchh.net/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/status.ccchh.net/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 10.31.206.1;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:3001/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

28
playbooks/files/z9/configs/zigbee2mqtt/nginx/zigbee2mqtt.conf
View file

@ -1,28 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name zigbee2mqtt.ccchh.net;
ssl_certificate /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/chain.pem;
add_header Strict-Transport-Security "max-age=63072000" always;
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api {
proxy_pass http://localhost:8080/api;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

3
playbooks/roles/bluetooth_audio_sink/files/override.conf
View file

@ -1,3 +0,0 @@
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin audiosink --noclear %I 38400 linux

8
playbooks/roles/bluetooth_audio_sink/files/speaker-agent.service
View file

@ -1,8 +0,0 @@
[Unit]
Description=Bluetooth speaker agent
[Service]
ExecStart=python3 /opt/speaker-agent/speaker-agent.py
[Install]
WantedBy=default.target

14
playbooks/roles/bluetooth_audio_sink/handlers/main.yaml
View file

@ -1,14 +0,0 @@
---
- name: Restart bluetooth service
ansible.builtin.systemd:
service: bluetooth.service
state: restarted
- name: Restart speaker-agent service
become_user: audiosink
ansible.builtin.systemd:
service: speaker-agent.service
state: restarted
scope: user
daemon_reload: true
- name: Reboot host
ansible.builtin.reboot:

8
playbooks/roles/bluetooth_audio_sink/meta/argument_specs.yaml
View file

@ -1,8 +0,0 @@
---
argument_specs:
main:
options:
bluetooth_audio_sink__name:
description: Name the bluetooth device should have
type: str
required: true

8
playbooks/roles/bluetooth_audio_sink/meta/main.yaml
View file

@ -1,8 +0,0 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"

182
playbooks/roles/bluetooth_audio_sink/tasks/main.yaml
View file

@ -1,182 +0,0 @@
---
- name: Ensure acl is installed
become: true
ansible.builtin.apt:
name: acl
- name: Ensure machine-info file is deployed
become: true
ansible.builtin.template:
src: machine-info.j2
dest: /etc/machine-info
mode: "644"
owner: root
group: root
notify: Restart bluetooth service
- name: Ensure bluetooth config is deployed
become: true
ansible.builtin.template:
src: main.conf.j2
dest: /etc/bluetooth/main.conf
mode: "644"
owner: root
group: root
notify: Restart bluetooth service
- name: Ensure bluetooth service is enabled and started
become: true
ansible.builtin.systemd:
service: bluetooth.service
state: started
enabled: true
- name: Ensure audiosink user exists
become: true
ansible.builtin.user:
name: audiosink
groups:
- audio
- name: Ensure user services are started without needing to login
become: true
ansible.builtin.command:
cmd: loginctl enable-linger audiosink
changed_when: false
- name: Detect if on Raspberry Pi # noqa ignore-errors
ansible.builtin.include_role:
name: raspberry_pi_check
ignore_errors: true
- name: Ensure debian archive keyring is installed # noqa no-handler
become: true
when: raspberry_pi_check__cpuinfo.found
ansible.builtin.apt:
deb: https://ftp.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2021.1.1+deb11u1_all.deb
- name: Ensure debian backports repository is enabled
ansible.builtin.include_role:
name: add_apt_repository
vars:
add_apt_repository__https_repo: false
add_apt_repository__repo: "deb http://deb.debian.org/debian {{ ansible_facts.lsb.codename }}-backports main contrib non-free"
add_apt_repository__filename: "{{ ansible_facts.lsb.codename }}-backports.list"
- name: Ensure pipewire, wireplumber and libspa-0.2-bluetooth are installed
become: true
ansible.builtin.apt:
name:
- pipewire
- wireplumber
- libspa-0.2-bluetooth
default_release: "{{ ansible_facts.lsb.codename }}-backports"
- name: Ensure pipewire user service is enabled and started
become: true
become_user: audiosink
ansible.builtin.systemd:
name: pipewire.service
state: started
enabled: true
scope: user
- name: Ensure pipewire-pulse user service is enabled and started
become: true
become_user: audiosink
ansible.builtin.systemd:
name: pipewire-pulse.service
state: started
enabled: true
scope: user
- name: Ensure wireplumber user service is enabled
become: true
become_user: audiosink
ansible.builtin.systemd:
name: wireplumber.service
enabled: true
scope: user
- name: Ensure speaker-agent dependencies are installed
become: true
ansible.builtin.apt:
name:
- git
- python3-dbus
- name: Ensure speaker-agent repository is cloned
become: true
ansible.builtin.git:
repo: https://github.com/fdanis-oss/pw_wp_bluetooth_rpi_speaker.git
dest: /opt/speaker-agent
version: 9a939a23865ea020816017e06fd2290f301c35f9
- name: Ensure .config directory exists
become: true
become_user: audiosink
ansible.builtin.file:
path: /home/audiosink/.config
state: directory
mode: "700"
owner: audiosink
group: audiosink
- name: Ensure .config/systemd directory exists
become: true
become_user: audiosink
ansible.builtin.file:
path: /home/audiosink/.config/systemd
state: directory
mode: "755"
owner: audiosink
group: audiosink
- name: Ensure .config/systemd/user directory exists
become: true
become_user: audiosink
ansible.builtin.file:
path: /home/audiosink/.config/systemd/user
state: directory
mode: "755"
owner: audiosink
group: audiosink
- name: Ensure speaker-agent service file is deployed
become: true
become_user: audiosink
ansible.builtin.copy:
src: speaker-agent.service
dest: /home/audiosink/.config/systemd/user/speaker-agent.service
mode: "644"
owner: audiosink
group: audiosink
notify: Restart speaker-agent service
- name: Ensure speaker-agent service is enabled and started
become: true
become_user: audiosink
ansible.builtin.systemd:
name: speaker-agent.service
state: started
enabled: true
scope: user
# This part is janky, but I don't know how to make the bluetooth service, wireplumber and pipewire
# work with each other without being logged in.
- name: Ensure getty@tty1 override file is deployed
become: true
ansible.builtin.copy:
src: override.conf
dest: /etc/systemd/system/getty@tty1.service.d/override.conf
mode: "644"
owner: root
group: root
notify: Reboot host
- name: Ensure autologin for audiosink user is enabled
become: true
ansible.builtin.systemd:
service: getty@tty1.service
enabled: true
notify: Reboot host

1
playbooks/roles/bluetooth_audio_sink/templates/machine-info.j2
View file

@ -1 +0,0 @@
PRETTY_HOSTNAME=Audio Pi

211
playbooks/roles/bluetooth_audio_sink/templates/main.conf.j2
View file

@ -1,211 +0,0 @@
[General]
# Defaults to 'BlueZ X.YZ', if Name is not set here and plugin 'hostname' is not loaded.
# The plugin 'hostname' is loaded by default and overides the Name set here so
# consider modifying /etc/machine-info with variable PRETTY_HOSTNAME=<NewName> instead.
Name = {{ bluetooth_audio_sink__name }}
# Default device class. Only the major and minor device class bits are
# considered. Defaults to '0x000000'.
Class = 0x200414 # Audio (Major Service Class), Audio/Video (Major Device Class), Loudspeaker (Minor Device Class)
# How long to stay in discoverable mode before going back to non-discoverable
# The value is in seconds. Default is 180, i.e. 3 minutes.
# 0 = disable timer, i.e. stay discoverable forever
#DiscoverableTimeout = 0
DiscoverableTimeout = 0
# Always allow pairing even if there are no agent registered
# Possible values: true, false
# Default: false
#AlwaysPairable = false
AlwaysPairable = true
# How long to stay in pairable mode before going back to non-discoverable
# The value is in seconds. Default is 0.
# 0 = disable timer, i.e. stay pairable forever
#PairableTimeout = 0
PairableTimeout = 0
# Use vendor id source (assigner), vendor, product and version information for
# DID profile support. The values are separated by ":" and assigner, VID, PID
# and version.
# Possible vendor id source values: bluetooth, usb (defaults to usb)
#DeviceID = bluetooth:1234:5678:abcd
# Do reverse service discovery for previously unknown devices that connect to
# us. For BR/EDR this option is really only needed for qualification since the
# BITE tester doesn't like us doing reverse SDP for some test cases, for LE
# this disables the GATT client functionally so it can be used in system which
# can only operate as peripheral.
# Defaults to 'true'.
#ReverseServiceDiscovery = true
# Enable name resolving after inquiry. Set it to 'false' if you don't need
# remote devices name and want shorter discovery cycle. Defaults to 'true'.
#NameResolving = true
# Enable runtime persistency of debug link keys. Default is false which
# makes debug link keys valid only for the duration of the connection
# that they were created for.
#DebugKeys = false
# Restricts all controllers to the specified transport. Default value
# is "dual", i.e. both BR/EDR and LE enabled (when supported by the HW).
# Possible values: "dual", "bredr", "le"
#ControllerMode = dual
# Enables Multi Profile Specification support. This allows to specify if
# system supports only Multiple Profiles Single Device (MPSD) configuration
# or both Multiple Profiles Single Device (MPSD) and Multiple Profiles Multiple
# Devices (MPMD) configurations.
# Possible values: "off", "single", "multiple"
#MultiProfile = off
# Permanently enables the Fast Connectable setting for adapters that
# support it. When enabled other devices can connect faster to us,
# however the tradeoff is increased power consumptions. This feature
# will fully work only on kernel version 4.1 and newer. Defaults to
# 'false'.
#FastConnectable = false
# Default privacy setting.
# Enables use of private address.
# Possible values: "off", "device", "network"
# "network" option not supported currently
# Defaults to "off"
# Privacy = off
# Specify the policy to the JUST-WORKS repairing initiated by peer
# Possible values: "never", "confirm", "always"
# Defaults to "never"
#JustWorksRepairing = never
JustWorksRepairing = always
# How long to keep temporary devices around
# The value is in seconds. Default is 30.
# 0 = disable timer, i.e. never keep temporary devices
#TemporaryTimeout = 30
# Enables the device to issue an SDP request to update known services when
# profile is connected. Defaults to true.
#RefreshDiscovery = true
Enable=Sink
[Controller]
# The following values are used to load default adapter parameters. BlueZ loads
# the values into the kernel before the adapter is powered if the kernel
# supports the MGMT_LOAD_DEFAULT_PARAMETERS command. If a value isn't provided,
# the kernel will be initialized to it's default value. The actual value will
# vary based on the kernel version and thus aren't provided here.
# The Bluetooth Core Specification should be consulted for the meaning and valid
# domain of each of these values.
# BR/EDR Page scan activity configuration
#BRPageScanType=
#BRPageScanInterval=
#BRPageScanWindow=
# BR/EDR Inquiry scan activity configuration
#BRInquiryScanType=
#BRInquiryScanInterval=
#BRInquiryScanWindow=
# BR/EDR Link supervision timeout
#BRLinkSupervisionTimeout=
# BR/EDR Page Timeout
#BRPageTimeout=
# BR/EDR Sniff Intervals
#BRMinSniffInterval=
#BRMaxSniffInterval=
# LE advertisement interval (used for legacy advertisement interface only)
#LEMinAdvertisementInterval=
#LEMaxAdvertisementInterval=
#LEMultiAdvertisementRotationInterval=
# LE scanning parameters used for passive scanning supporting auto connect
# scenarios
#LEScanIntervalAutoConnect=
#LEScanWindowAutoConnect=
# LE scanning parameters used for passive scanning supporting wake from suspend
# scenarios
#LEScanIntervalSuspend=
#LEScanWindowSuspend=
# LE scanning parameters used for active scanning supporting discovery
# proceedure
#LEScanIntervalDiscovery=
#LEScanWindowDiscovery=
# LE scanning parameters used for passive scanning supporting the advertisement
# monitor Apis
#LEScanIntervalAdvMonitor=
#LEScanWindowAdvMonitor=
# LE scanning parameters used for connection establishment.
#LEScanIntervalConnect=
#LEScanWindowConnect=
# LE default connection parameters. These values are superceeded by any
# specific values provided via the Load Connection Parameters interface
#LEMinConnectionInterval=
#LEMaxConnectionInterval=
#LEConnectionLatency=
#LEConnectionSupervisionTimeout=
#LEAutoconnecttimeout=
[GATT]
# GATT attribute cache.
# Possible values:
# always: Always cache attributes even for devices not paired, this is
# recommended as it is best for interoperability, with more consistent
# reconnection times and enables proper tracking of notifications for all
# devices.
# yes: Only cache attributes of paired devices.
# no: Never cache attributes
# Default: always
#Cache = always
# Minimum required Encryption Key Size for accessing secured characteristics.
# Possible values: 0 and 7-16. 0 means don't care.
# Defaults to 0
#KeySize = 0
# Exchange MTU size.
# Possible values: 23-517
# Defaults to 517
#ExchangeMTU = 517
# Number of ATT channels
# Possible values: 1-5 (1 disables EATT)
# Default to 3
#Channels = 3
[Policy]
#
# The ReconnectUUIDs defines the set of remote services that should try
# to be reconnected to in case of a link loss (link supervision
# timeout). The policy plugin should contain a sane set of values by
# default, but this list can be overridden here. By setting the list to
# empty the reconnection feature gets disabled.
#ReconnectUUIDs=00001112-0000-1000-8000-00805f9b34fb,0000111f-0000-1000-8000-00805f9b34fb,0000110a-0000-1000-8000-00805f9b34fb
# ReconnectAttempts define the number of attempts to reconnect after a link
# lost. Setting the value to 0 disables reconnecting feature.
#ReconnectAttempts=7
# ReconnectIntervals define the set of intervals in seconds to use in between
# attempts.
# If the number of attempts defined in ReconnectAttempts is bigger than the
# set of intervals the last interval is repeated until the last attempt.
#ReconnectIntervals=1,2,4,8,16,32,64
# AutoEnable defines option to enable all controllers when they are found.
# This includes adapters present on start as well as adapters that are plugged
# in later on. Defaults to 'false'.
AutoEnable=true

25
playbooks/roles/cert/README.md
View file

@ -1,25 +0,0 @@
# Role `cert`
A role for ordering and renewing certificates from Lets Encrypt via ACME.
It uses the DNS challenge and fullfills it via a BIND 9 server given to the role.
## Supported Distributions
The following distributions are supported:
- Debian 11
## Required Arguments
For the required arguments look at the [`argument_specs.yaml`](./meta/argument_specs.yml)
## `hosts`
The `hosts` for this role need to be the machines on which you want to have the certificates.
## Links & Resources
- <https://docs.ansible.com/ansible/7/collections/community/crypto/acme_certificate_module.html>
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_privatekey_module.html>
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_csr_module.html>
- <https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates>

7
playbooks/roles/cert/defaults/main.yaml
View file

@ -1,7 +0,0 @@
cert__handlers: []
cert__owner: root
cert__group: root
cert__fullchain_pem_permissions: "0660"
cert__chain_pem_permissions: "0660"
cert__cert_pem_permissions: "0660"
cert__privkey_pem_permissions: "0600"

52
playbooks/roles/cert/meta/argument_specs.yaml
View file

@ -1,52 +0,0 @@
---
argument_specs:
main:
short_description: Orders and renews certificates from Let's Encrypt
options:
cert__domains:
description: Domains for which to issue a certificate. Must be in the same DNS zone.
required: true
type: list
elements: str
cert__owner:
description: Owner of the certificate files.
required: false
type: str
default: root
cert__group:
description: Group of the certificate files.
required: false
type: str
default: root
cert__acme_account_email:
description: E-Mail address for ACME account
required: true
type: str
cert__bind_9_host:
description: The machine running BIND 9.
required: true
type: str
cert__bind_9_zone:
description: The zone to use for publishing the TXT record.
required: true
type: str
cert__fullchain_pem_permissions:
description: Permissons for the `fullchain.pem`.
type: str
required: false
default: "0660"
cert__chain_pem_permissions:
description: Permissons for the `chain.pem`.
type: str
required: false
default: "0660"
cert__cert_pem_permissions:
description: Permissons for the `cert.pem`.
type: str
required: false
default: "0660"
cert__privkey_pem_permissions:
description: Permissons for the `privkey.pem`.
type: str
required: false
default: "0600"

8
playbooks/roles/cert/meta/main.yaml
View file

@ -1,8 +0,0 @@
dependencies: # noqa meta-no-info
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"
- "12"

180
playbooks/roles/cert/tasks/deploy_cert.yaml
View file

@ -1,180 +0,0 @@
- name: Ensure `ansible_certs` directory exists
ansible.builtin.file:
path: /etc/ansible_certs
state: directory
owner: root
group: root
mode: "755"
become: true
- name: Ensure `certs` sub-directory exists
ansible.builtin.file:
path: /etc/ansible_certs/certs
state: directory
owner: root
group: root
mode: "755"
become: true
- name: Ensure sub-directory for the certificate exists
ansible.builtin.file:
path: "/etc/ansible_certs/certs/{{ item }}"
state: directory
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "755"
become: true
- name: Ensure private key for certificate exists
community.crypto.openssl_privatekey:
path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
size: 4096
type: RSA
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "{{ cert__privkey_pem_permissions }}"
become: true
- name: Ensure certificate signing request is created
community.crypto.openssl_csr:
path: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
privatekey_path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
common_name: "{{ item }}"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "0660"
become: true
register: cert__csr_result
- name: Ensure private key for ACME account exists
community.crypto.openssl_privatekey:
path: "/etc/ansible_certs/account_key.pem"
size: 4096
type: RSA
owner: root
group: root
mode: "0600"
become: true
- name: Check certificate status and create ACME challenge if needed
community.crypto.acme_certificate:
account_email: "{{ cert__acme_account_email }}"
account_key_src: "/etc/ansible_certs/account_key.pem"
acme_directory: https://acme-v02.api.letsencrypt.org/directory
acme_version: 2
remaining_days: 28
terms_agreed: true
challenge: dns-01
csr: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
dest: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
fullchain_dest: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
become: true
register: cert__acme_challenge
- name: Retrieve certificate and fulfill challenge if needed # noqa no-handler
when: cert__acme_challenge.changed # Can't be put in a handler, because then the block "always" tasks won't be executed for some reason
block:
- name: Add file containing nsupdate commands for adding TXT record for DNS-01 challenge
ansible.builtin.template:
src: nsupdate_add_txt_record.j2
dest: /root/nsupdate_add_txt_record
owner: root
group: root
mode: "0600"
vars:
cert__nsupdate_domain: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].record }}"
cert__nsupdate_txt_data: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].resource_value }}"
become: true
delegate_to: "{{ cert__bind_9_host }}"
- name: Add DNS record to BIND 9 server via nsupdate # noqa: no-changed-when
ansible.builtin.command: /usr/bin/nsupdate -l /root/nsupdate_add_txt_record
become: true
delegate_to: "{{ cert__bind_9_host }}"
- name: Retrieve certificate
community.crypto.acme_certificate:
account_email: "{{ cert__acme_account_email }}"
account_key_src: "/etc/ansible_certs/account_key.pem"
acme_directory: https://acme-v02.api.letsencrypt.org/directory
acme_version: 2
terms_agreed: true
remaining_days: 28
challenge: dns-01
csr: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
dest: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
fullchain_dest: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
data: "{{ cert__acme_challenge }}"
become: true
notify: "{{ cert__handlers }}"
always:
- name: Remove file containing nsupdate commands for adding TXT record again
ansible.builtin.file:
path: /root/nsupdate_add_txt_record
state: absent
become: true
delegate_to: "{{ cert__bind_9_host }}"
- name: Remove TXT record again
block:
- name: Add file containing nsupdate commands for deleting TXT record for DNS-01 challenge
ansible.builtin.template:
src: nsupdate_delete_txt_record.j2
dest: /root/nsupdate_delete_txt_record
owner: root
group: root
mode: "0600"
vars:
cert__nsupdate_domain: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].record }}"
cert__nsupdate_txt_data: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].resource_value }}"
become: true
delegate_to: "{{ cert__bind_9_host }}"
- name: Remove DNS record from BIND 9 server via nsupdate # noqa: no-changed-when
ansible.builtin.command: /usr/bin/nsupdate -l /root/nsupdate_delete_txt_record
become: true
delegate_to: "{{ cert__bind_9_host }}"
always:
- name: Remove file containing nsupdate commands for deleting TXT record again
ansible.builtin.file:
path: /root/nsupdate_delete_txt_record
state: absent
become: true
delegate_to: "{{ cert__bind_9_host }}"
- name: Ensure correct permissions for certificate are set
ansible.builtin.file:
path: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "{{ cert__cert_pem_permissions }}"
become: true
- name: Ensure correct permissions for fullchain cert are set
ansible.builtin.file:
path: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "{{ cert__fullchain_pem_permissions }}"
become: true
- name: Get content of cert.pem
ansible.builtin.slurp:
src: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
become: true
register: cert__cert_slurp
- name: Get content of fullchain.pem
ansible.builtin.slurp:
src: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
become: true
register: cert__fullchain_slurp
- name: Ensure chain.pem is created
ansible.builtin.copy:
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "{{ cert__chain_pem_permissions }}"
become: true

3
playbooks/roles/cert/tasks/main.yaml
View file

@ -1,3 +0,0 @@
- name: Deploy cert
ansible.builtin.include_tasks: deploy_cert.yaml
loop: "{{ cert__domains }}"

4
playbooks/roles/cert/templates/nsupdate_add_txt_record.j2
View file

@ -1,4 +0,0 @@
debug
zone {{ cert__bind_9_zone }}
update add {{ cert__nsupdate_domain }} 60 TXT {{ cert__nsupdate_txt_data }}
send

4
playbooks/roles/cert/templates/nsupdate_delete_txt_record.j2
View file

@ -1,4 +0,0 @@
debug
zone {{ cert__bind_9_zone }}
update delete {{ cert__nsupdate_domain }} 60 TXT {{ cert__nsupdate_txt_data }}
send

4
playbooks/roles/hifiberry/handlers/main.yaml
View file

@ -1,4 +0,0 @@
---
- name: Restart system
become: true
ansible.builtin.reboot:

17
playbooks/roles/hifiberry/meta/argument_specs.yaml
View file

@ -1,17 +0,0 @@
---
argument_specs:
main:
options:
hifiberry__device:
description: Which HiFiBerry board to enable
type: str
choices:
- hifiberry-dac
- hifiberry-dacplus
- hifiberry-dacplushd
- hifiberry-dacplusadc
- hifiberry-dacplusadcpro
- hifiberry-digi
- hifiberry-digi-pro
- hifiberry-amp
required: true

9
playbooks/roles/hifiberry/meta/main.yaml
View file

@ -1,9 +0,0 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"
- role: raspberry_pi_check

23
playbooks/roles/hifiberry/tasks/main.yaml
View file

@ -1,23 +0,0 @@
---
- name: Remove dtparam=audio=on
become: true
ansible.builtin.lineinfile:
line: dtparam=audio=on
dest: /boot/config.txt
state: absent
notify: Restart system
- name: Set audio=off for dtoverlay=vc4-kms-v3d
become: true
ansible.builtin.lineinfile:
regexp: ^dtoverlay=vc4-kms-v3d
line: dtoverlay=vc4-kms-v3d,audio=off
dest: /boot/config.txt
notify: Restart system
- name: Add hifiberry dtoverlay
become: true
ansible.builtin.lineinfile:
line: "dtoverlay={{ hifiberry__device }}"
dest: /boot/config.txt
notify: Restart system

6
playbooks/roles/mosquitto/handlers/main.yaml
View file

@ -1,6 +0,0 @@
---
- name: Restart mosquitto
become: true
ansible.builtin.systemd:
service: mosquitto.service
state: restarted

26
playbooks/roles/mosquitto/meta/argument_specs.yaml
View file

@ -1,26 +0,0 @@
---
argument_specs:
main:
options:
mosquitto__mosquitto_conf_content:
description: The content of the main mosquitto configuration file.
type: str
required: true
mosquitto__configs:
description: A list of additional mosquitto configurations.
type: list
elements: dict
required: false
options:
name:
description: >-
The name of the configuration file, where the configuration should
be deployed to. The file will be placed under `/etc/mosquitto/conf.d` and
`.conf` will be appended to the given name. So in the end the path
will be like this: `/etc/mosquitto/conf.d/\{\ name \}\}.conf`.
type: str
required: true
content:
description: The content of the configuration.
type: str
required: true

8
playbooks/roles/mosquitto/meta/main.yaml
View file

@ -1,8 +0,0 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"

33
playbooks/roles/mosquitto/tasks/main.yaml
View file

@ -1,33 +0,0 @@
---
- name: Ensure mosquitto is installed
become: true
ansible.builtin.apt:
name: mosquitto
- name: Ensure main configuraton file is deployed
become: true
ansible.builtin.copy:
content: "{{ mosquitto__mosquitto_conf_content }}"
dest: /etc/mosquitto/mosquitto.conf
mode: "644"
owner: root
group: root
notify: Restart mosquitto
- name: Ensure all additional configuraton files are deployed
become: true
ansible.builtin.copy:
content: "{{ item.content }}"
dest: /etc/mosquitto/conf.d/{{ item.name }}.conf
mode: "644"
owner: root
group: root
loop: "{{ mosquitto__configs }}"
notify: Restart mosquitto
- name: Ensure mosquitto service is enabled and started
become: true
ansible.builtin.systemd:
service: mosquitto.service
enabled: true
state: started

8
playbooks/roles/nodejs/meta/argument_specs.yaml
View file

@ -1,8 +0,0 @@
---
argument_specs:
main:
options:
nodejs__major_version:
description: Major version of nodejs to install
type: int
required: true

17
playbooks/roles/nodejs/meta/main.yaml
View file

@ -1,17 +0,0 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"
- "12"
- role: add_apt_repository
vars:
add_apt_repository__https_repo: true
add_apt_repository__keyring_url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
add_apt_repository__keyring_path: /usr/share/keyrings/nodesource.gpg
add_apt_repository__repo: "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_\
{{ nodejs__major_version }}.x {{ ansible_facts.lsb.codename }} main"
add_apt_repository__filename: nodesource.list

4
playbooks/roles/nodejs/tasks/main.yaml
View file

@ -1,4 +0,0 @@
---
- name: Ensure nodejs is installed
ansible.builtin.apt:
name: nodejs

12
playbooks/roles/raspberry_pi_check/tasks/main.yaml
View file

@ -1,12 +0,0 @@
- name: Detect if on Raspberry Pi
ansible.builtin.lineinfile:
path: /proc/cpuinfo
regexp: ".*Raspberry Pi.*"
state: absent
check_mode: true
register: raspberry_pi_check__cpuinfo
changed_when: false
- name: Fail when not on Raspberry Pi # noqa no-handler
when: not raspberry_pi_check__cpuinfo.found
ansible.builtin.fail:
msg: You are not running on Raspberry Pi hardware!

6
playbooks/roles/shairport_sync/handlers/main.yaml
View file

@ -1,6 +0,0 @@
---
- name: Restart shairport-sync service
become: true
ansible.builtin.systemd:
service: shairport-sync
state: restarted

8
playbooks/roles/shairport_sync/meta/argument_specs.yaml
View file

@ -1,8 +0,0 @@
---
argument_specs:
main:
options:
shairport_sync__config:
description: shairport-sync config content
type: str
required: true

8
playbooks/roles/shairport_sync/meta/main.yaml
View file

@ -1,8 +0,0 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"

22
playbooks/roles/shairport_sync/tasks/main.yaml
View file

@ -1,22 +0,0 @@
---
- name: Ensure shairport-sync is installed
become: true
ansible.builtin.apt:
name: shairport-sync
- name: Ensure shairport-sync config is deployed
become: true
ansible.builtin.copy:
content: "{{ shairport_sync__config }}"
dest: /etc/shairport-sync.conf
mode: "644"
owner: root
group: root
notify: Restart shairport-sync service
- name: Ensure shairport-sync service is enabled and started
become: true
ansible.builtin.systemd:
service: shairport-sync
state: started
enabled: true

18
playbooks/roles/zigbee2mqtt/files/zigbee2mqtt.service
View file

@ -1,18 +0,0 @@
[Unit]
Description=zigbee2mqtt
After=network.target
[Service]
Environment=ZIGBEE2MQTT_DATA=/home/zigbee2mqtt/zigbee2mqtt_data
Environment=NODE_ENV=production
ExecStart=/usr/bin/npm start
WorkingDirectory=/opt/zigbee2mqtt
StandardOutput=inherit
# Or use StandardOutput=null if you don't want Zigbee2MQTT messages filling syslog, for more options see systemd.exec(5)
StandardError=inherit
Restart=always
RestartSec=10s
User=zigbee2mqtt
[Install]
WantedBy=multi-user.target

12
playbooks/roles/zigbee2mqtt/handlers/main.yaml
View file

@ -1,12 +0,0 @@
- name: Restart zigbee2mqtt
become: true
ansible.builtin.systemd:
name: zigbee2mqtt
state: restarted
- name: Reload systemd-daemon and restart zigbee2mqtt
become: true
ansible.builtin.systemd:
name: zigbee2mqtt
state: restarted
daemon_reload: true

13
playbooks/roles/zigbee2mqtt/meta/argument_specs.yaml
View file

@ -1,13 +0,0 @@
---
argument_specs:
main:
options:
zigbee2mqtt__version:
description: zigbee2mqtt version to install
type: str
required: true
zigbee2mqtt__initial_config:
description: Configuration file content for initial deployment.
It does not replace the configuration if it already exists.
type: str
required: true

12
playbooks/roles/zigbee2mqtt/meta/main.yaml
View file

@ -1,12 +0,0 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
major_versions:
- "11"
- "12"
- role: nodejs
vars:
nodejs__major_version: 16

87
playbooks/roles/zigbee2mqtt/tasks/main.yaml
View file

@ -1,87 +0,0 @@
- name: Ensure acl is installed
become: true
ansible.builtin.apt:
name: acl
- name: Ensure git is installed
become: true
ansible.builtin.apt:
name: git
- name: Ensure zigbee2mqtt user exists
become: true
ansible.builtin.user:
name: zigbee2mqtt
groups:
- zigbee2mqtt
- dialout
group: zigbee2mqtt
- name: Ensure installation directory exists
become: true
ansible.builtin.file:
dest: /opt/zigbee2mqtt
state: directory
mode: "755"
owner: zigbee2mqtt
group: zigbee2mqtt
- name: Ensure zigbee2mqtt repository is cloned
become: true
become_user: zigbee2mqtt
ansible.builtin.git:
repo: https://github.com/Koenkk/zigbee2mqtt.git
depth: 1
dest: /opt/zigbee2mqtt
version: "{{ zigbee2mqtt__version }}"
notify: Restart zigbee2mqtt
- name: Ensure npm dependencies are installed
become: true
become_user: zigbee2mqtt
community.general.npm:
path: /opt/zigbee2mqtt
ci: true
changed_when: false # installs packages according to package-lock.json, but always reports a change
- name: Ensure custom zigbee2mqtt data directory exists
become: true
ansible.builtin.file:
dest: /home/zigbee2mqtt/zigbee2mqtt_data
state: directory
mode: "755"
owner: zigbee2mqtt
group: zigbee2mqtt
- name: Check configuration file status
ansible.builtin.stat:
path: /home/zigbee2mqtt/zigbee2mqtt_data/configuration.yaml
register: zigbee2mqtt__conf_stat
- name: Ensure configuration file is deployed when it doesn't exist
become: true
when: not zigbee2mqtt__conf_stat.stat.exists
ansible.builtin.copy:
content: "{{ zigbee2mqtt__initial_config }}"
dest: /home/zigbee2mqtt/zigbee2mqtt_data/configuration.yaml
mode: "640"
owner: zigbee2mqtt
group: zigbee2mqtt
notify: Restart zigbee2mqtt
- name: Ensure zigbee2mqtt service file is deployed
become: true
ansible.builtin.copy:
src: zigbee2mqtt.service
dest: /etc/systemd/system/zigbee2mqtt.service
mode: "644"
owner: root
group: root
notify: Reload systemd-daemon and restart zigbee2mqtt
- name: Ensure zigbee2mqtt is enabled and started
become: true
ansible.builtin.systemd:
service: zigbee2mqtt
enabled: true
state: started

21
playbooks/templates/z9/configs/zigbee2mqtt/zigbee2mqtt/configuration.yaml.j2
View file

@ -1,21 +0,0 @@
homeassistant: true
permit_join: false
mqtt:
base_topic: zigbee2mqtt
server: 'mqtt://mqtt.z9'
serial:
port: /dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014DBC72F-if00
advanced:
network_key: [{{ zigbee2mqtt__network_key }}]
pan_id: 32673
ext_pan_id: [58, 76, 37, 2, 22, 198, 237, 124]
channel: 11
frontend:
port: 8080
host: localhost
url: https://zigbee2mqtt.z9