Automate light server

Co-authored-by: J <j@jsts.xyz>

ansible.cfg

@@ -1,2 +1,2 @@
 [defaults]
-inventory = ./inventories/thinkcccentre
+inventory = ./inventories/thinkcccentre/hosts.yml

inventories/thinkcccentre/host_vars/light.yml

@@ -0,0 +1,52 @@
+ola__configs:
+  - name: ola-artnet
+    content: "{{ lookup('file', 'configs/light/ola/ola-artnet.conf') }}"
+  - name: ola-dummy
+    content: "{{ lookup('file', 'configs/light/ola/ola-dummy.conf') }}"
+  - name: ola-e131
+    content: "{{ lookup('file', 'configs/light/ola/ola-e131.conf') }}"
+  - name: ola-espnet
+    content: "{{ lookup('file', 'configs/light/ola/ola-espnet.conf') }}"
+  - name: ola-ftdidmx
+    content: "{{ lookup('file', 'configs/light/ola/ola-ftdidmx.conf') }}"
+  - name: ola-gpio
+    content: "{{ lookup('file', 'configs/light/ola/ola-gpio.conf') }}"
+  - name: ola-karate
+    content: "{{ lookup('file', 'configs/light/ola/ola-karate.conf') }}"
+  - name: ola-kinet
+    content: "{{ lookup('file', 'configs/light/ola/ola-kinet.conf') }}"
+  - name: ola-milinst
+    content: "{{ lookup('file', 'configs/light/ola/ola-milinst.conf') }}"
+  - name: ola-opendmx
+    content: "{{ lookup('file', 'configs/light/ola/ola-opendmx.conf') }}"
+  - name: ola-openpixelcontrol
+    content: "{{ lookup('file', 'configs/light/ola/ola-openpixelcontrol.conf') }}"
+  - name: ola-osc
+    content: "{{ lookup('file', 'configs/light/ola/ola-osc.conf') }}"
+  - name: ola-pathport
+    content: "{{ lookup('file', 'configs/light/ola/ola-pathport.conf') }}"
+  - name: ola-port
+    content: "{{ lookup('file', 'configs/light/ola/ola-port.conf') }}"
+  - name: ola-renard
+    content: "{{ lookup('file', 'configs/light/ola/ola-renard.conf') }}"
+  - name: ola-sandnet
+    content: "{{ lookup('file', 'configs/light/ola/ola-sandnet.conf') }}"
+  - name: ola-server
+    content: "{{ lookup('file', 'configs/light/ola/ola-server.conf') }}"
+  - name: ola-shownet
+    content: "{{ lookup('file', 'configs/light/ola/ola-shownet.conf') }}"
+  - name: ola-spi
+    content: "{{ lookup('file', 'configs/light/ola/ola-spi.conf') }}"
+  - name: ola-stageprofi
+    content: "{{ lookup('file', 'configs/light/ola/ola-stageprofi.conf') }}"
+  - name: ola-uartdmx
+    content: "{{ lookup('file', 'configs/light/ola/ola-uartdmx.conf') }}"
+  - name: ola-universe
+    content: "{{ lookup('file', 'configs/light/ola/ola-universe.conf') }}"
+  - name: ola-usbdmx
+    content: "{{ lookup('file', 'configs/light/ola/ola-usbdmx.conf') }}"
+  - name: ola-usbserial
+    content: "{{ lookup('file', 'configs/light/ola/ola-usbserial.conf') }}"
+nginx__configs:
+  - name: foobazdmx
+    content: "{{ lookup('file', 'configs/light/nginx/foobazdmx.conf') }}"

playbooks/deploy_light.yml

@@ -5,6 +5,6 @@
   roles:
     - ola
     - foobazdmx
+    - nginx
   vars:
-    ola__enable_ftdi: true
     foobazdmx__art_net_host: localhost

playbooks/files/configs/light/nginx/foobazdmx.conf

@@ -0,0 +1,8 @@
+server {
+	listen 80;
+	server_name light.z9;
+
+	location / {
+		proxy_pass http://localhost:8080;
+	}
+}

playbooks/files/configs/light/ola/ola-artnet.conf

@@ -0,0 +1,10 @@
+always_broadcast = false
+enabled = true
+ip = 
+long_name = OLA - ArtNet node
+net = 0
+output_ports = 4
+short_name = OLA - ArtNet node
+subnet = 0
+use_limited_broadcast = false
+use_loopback = false

playbooks/files/configs/light/ola/ola-dummy.conf

@@ -0,0 +1,9 @@
+ack_timer_count = 0
+advanced_dimmer_count = 1
+dimmer_count = 1
+dimmer_subdevice_count = 4
+dummy_device_count = 1
+enabled = false
+moving_light_count = 1
+network_device_count = 1
+sensor_device_count = 1

playbooks/files/configs/light/ola/ola-e131.conf

@@ -0,0 +1,10 @@
+cid = 4ff3f64a-e2de-43e5-847f-d4daad6cb63b
+draft_discovery = false
+dscp = 0
+enabled = false
+ignore_preview = true
+input_ports = 5
+ip = 
+output_ports = 5
+prepend_hostname = true
+revision = 0.46

playbooks/files/configs/light/ola/ola-espnet.conf

@@ -0,0 +1,3 @@
+enabled = false
+ip = 
+name = ola-EspNet

playbooks/files/configs/light/ola/ola-ftdidmx.conf

@@ -0,0 +1,2 @@
+enabled = true
+frequency = 30

playbooks/files/configs/light/ola/ola-gpio.conf

@@ -0,0 +1,5 @@
+enabled = false
+gpio_pins = 
+gpio_slot_offset = 1
+gpio_turn_off = 127
+gpio_turn_on = 128

playbooks/files/configs/light/ola/ola-karate.conf

@@ -0,0 +1,2 @@
+device = /dev/kldmx0
+enabled = false

playbooks/files/configs/light/ola/ola-kinet.conf

@@ -0,0 +1,2 @@
+enabled = false
+power_supply = 

playbooks/files/configs/light/ola/ola-milinst.conf

@@ -0,0 +1,2 @@
+device = 
+enabled = false

playbooks/files/configs/light/ola/ola-opendmx.conf

@@ -0,0 +1,2 @@
+device = /dev/dmx0
+enabled = false

playbooks/files/configs/light/ola/ola-openpixelcontrol.conf

@@ -0,0 +1 @@
+enabled = false

playbooks/files/configs/light/ola/ola-osc.conf

@@ -0,0 +1,19 @@
+enabled = false
+input_ports = 5
+output_ports = 5
+port_0_address = /dmx/universe/%d
+port_0_output_format = blob
+port_0_targets = 
+port_1_address = /dmx/universe/%d
+port_1_output_format = blob
+port_1_targets = 
+port_2_address = /dmx/universe/%d
+port_2_output_format = blob
+port_2_targets = 
+port_3_address = /dmx/universe/%d
+port_3_output_format = blob
+port_3_targets = 
+port_4_address = /dmx/universe/%d
+port_4_output_format = blob
+port_4_targets = 
+udp_listen_port = 7770

playbooks/files/configs/light/ola/ola-pathport.conf

@@ -0,0 +1,5 @@
+dscp = 0
+enabled = false
+ip = 
+name = ola-Pathport
+node-id = 672065429

playbooks/files/configs/light/ola/ola-port.conf

@@ -0,0 +1,60 @@
+11-1-I-0_priority_mode = 0
+11-1-I-0_priority_value = 100
+11-1-I-1_priority_mode = 0
+11-1-I-1_priority_value = 100
+11-1-I-2_priority_mode = 0
+11-1-I-2_priority_value = 100
+11-1-I-3_priority_mode = 0
+11-1-I-3_priority_value = 100
+11-1-I-4_priority_mode = 0
+11-1-I-4_priority_value = 100
+11-1-O-0_priority_mode = 0
+11-1-O-0_priority_value = 100
+11-1-O-1_priority_mode = 0
+11-1-O-1_priority_value = 100
+11-1-O-2_priority_mode = 0
+11-1-O-2_priority_value = 100
+11-1-O-3_priority_mode = 0
+11-1-O-3_priority_value = 100
+11-1-O-4_priority_mode = 0
+11-1-O-4_priority_value = 100
+13-A60300JF-O-1 = 1
+14-1-I-0_priority_value = 100
+14-1-I-1_priority_value = 100
+14-1-I-2_priority_value = 100
+14-1-I-3_priority_value = 100
+14-1-I-4_priority_value = 100
+2-1-I-0 = 1
+2-1-I-0_priority_value = 100
+2-1-I-1_priority_value = 100
+2-1-I-2_priority_value = 100
+2-1-I-3_priority_value = 100
+3-1-I-0_priority_value = 100
+3-1-I-1_priority_value = 100
+3-1-I-2_priority_value = 100
+3-1-I-3_priority_value = 100
+3-1-I-4_priority_value = 100
+3-1-I-5_priority_value = 100
+3-1-I-6_priority_value = 100
+3-1-I-7_priority_value = 100
+4-1-I-0_priority_value = 100
+4-1-I-1_priority_value = 100
+4-1-I-2_priority_value = 100
+4-1-I-3_priority_value = 100
+4-1-I-4_priority_value = 100
+7-1-I-0_priority_value = 100
+7-1-I-1_priority_value = 100
+7-1-I-2_priority_value = 100
+7-1-I-3_priority_value = 100
+7-1-I-4_priority_value = 100
+7-1-I-5_priority_value = 100
+7-1-I-6_priority_value = 100
+7-1-I-7_priority_value = 100
+9-1-I-0_priority_value = 100
+9-1-I-1_priority_value = 100
+9-1-I-2_priority_value = 100
+9-1-I-3_priority_value = 100
+9-1-I-4_priority_value = 100
+9-1-I-5_priority_value = 100
+9-1-I-6_priority_value = 100
+9-1-I-7_priority_value = 100

playbooks/files/configs/light/ola/ola-renard.conf

@@ -0,0 +1,2 @@
+device = 
+enabled = false

playbooks/files/configs/light/ola/ola-sandnet.conf

@@ -0,0 +1,3 @@
+enabled = false
+ip = 
+name = ola-SandNet

playbooks/files/configs/light/ola/ola-server.conf

@@ -0,0 +1 @@
+instance-name = OLA Server

playbooks/files/configs/light/ola/ola-shownet.conf

@@ -0,0 +1,3 @@
+enabled = false
+ip = 
+name = ola-ShowNet

playbooks/files/configs/light/ola/ola-spi.conf

@@ -0,0 +1,3 @@
+base_uid = 7a70:00000100
+device_prefix = spidev
+enabled = false

playbooks/files/configs/light/ola/ola-stageprofi.conf

@@ -0,0 +1,2 @@
+device = /dev/ttyUSB0
+enabled = false

playbooks/files/configs/light/ola/ola-uartdmx.conf

@@ -0,0 +1,2 @@
+device = /dev/ttyACM0
+enabled = false

playbooks/files/configs/light/ola/ola-universe.conf

@@ -0,0 +1,2 @@
+uni_1_merge = LTP
+uni_1_name = Universe 1

playbooks/files/configs/light/ola/ola-usbdmx.conf

@@ -0,0 +1,2 @@
+enabled = false
+libusb_debug_level = 0

playbooks/files/configs/light/ola/ola-usbserial.conf

@@ -0,0 +1,8 @@
+device_dir = /dev
+device_prefix = ttyUSB
+device_prefix = cu.usbserial-
+device_prefix = ttyU
+enabled = false
+pro_fps_limit = 190
+tri_use_raw_rdm = false
+ultra_fps_limit = 40

playbooks/roles/add_apt_repository/meta/argument_specs.yml

@@ -0,0 +1,25 @@
+---
+argument_specs:
+  main:
+    short_description: Add a 3rd party apt repository to the system
+    options:
+      add_apt_repository__https_repo:
+        description: The repository URL uses HTTPS
+        required: true
+        type: bool
+      add_apt_repository__keyring_url:
+        description: URL to the repository's keyring
+        required: true
+        type: str
+      add_apt_repository__keyring_path:
+        description: Path where to store the keyring
+        required: true
+        type: str
+      add_apt_repository__repo:
+        description: The apt source line
+        required: true
+        type: str
+      add_apt_repository__filename:
+        description: Filename in /etc/apt/sources.list.d/
+        required: true
+        type: str

playbooks/roles/add_apt_repository/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Check OS family
+  ansible.builtin.fail:
+    msg: "Can only add apt repositories on Debian-based systems!"
+  when: ansible_facts.os_family != "Debian"
+- name: Install required apt packages for adding an apt repository
+  ansible.builtin.apt:
+    name:
+      - ca-certificates
+      - gnupg
+- name: Install apt-transport-https if https repository
+  ansible.builtin.apt:
+    name: apt-transport-https
+  when: add_apt_repository__https_repo
+- name: Add repository signing key to keychain
+  ansible.builtin.apt_key:
+    url: "{{ add_apt_repository__keyring_url }}"
+    keyring: "{{ add_apt_repository__keyring_path }}"
+    state: present
+- name: Add repository and update cache
+  ansible.builtin.apt_repository:
+    repo: "{{ add_apt_repository__repo }}"
+    filename: "{{ add_apt_repository__filename }}"

playbooks/roles/nginx/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: Reload nginx
+  ansible.builtin.systemd:
+    service: nginx
+    state: reloaded

playbooks/roles/nginx/meta/argument_specs.yml

@@ -0,0 +1,20 @@
+---
+argument_specs:
+  main:
+    options:
+      nginx__enable_https_redirect:
+        description: Redirect HTTP traffic to HTTPS
+        type: bool
+        required: false
+      nginx__configs:
+        description: Configuration files to add to /etc/nginx/conf.d/
+        type: list
+        elements: dict
+        required: false
+        options:
+          name:
+            description: Name of the config file without file extension
+            type: str
+          content:
+            description: Content of the config file
+            type: str

playbooks/roles/nginx/meta/main.yml

@@ -0,0 +1,16 @@
+dependencies:
+  - role: distribution_check
+    vars:
+      distribution_check__supported_distributions:
+        - name: Debian
+          versions:
+            - "10"
+            - "11"
+  - role: add_apt_repository
+    vars:
+      add_apt_repository__https_repo: false
+      add_apt_repository__keyring_url: https://nginx.org/keys/nginx_signing.key
+      add_apt_repository__keyring_path: /usr/share/keyrings/nginx-archive-keyring.gpg
+      add_apt_repository__repo: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg]
+         http://nginx.org/packages/{{ ansible_facts.distribution | lower }} {{ ansible_facts.lsb.codename }} nginx
+      add_apt_repository__filename: nginx.list

playbooks/roles/nginx/tasks/main.yml

@@ -0,0 +1,45 @@
+---
+- name: Setup up repository pinning
+  ansible.builtin.template:
+    src: 99nginx.j2
+    dest: /etc/apt/preferences.d/99nginx
+    mode: "0644"
+- name: Install nginx
+  ansible.builtin.apt:
+    update_cache: true
+    name: nginx
+    state: present
+- name: Delete default.conf
+  ansible.builtin.file:
+    path: /etc/nginx/conf.d/default.conf
+    state: absent
+  when: nginx__configs
+- name: Create nginx redirect.conf
+  ansible.builtin.template:
+    src: redirect.conf.j2
+    dest: /etc/nginx/conf.d/redirect.conf
+    mode: "0644"
+  when: nginx__enable_https_redirect is defined and nginx__enable_https_redirect
+- name: Create nginx tls.conf
+  ansible.builtin.template:
+    src: tls.conf.j2
+    dest: /etc/nginx/conf.d/tls.conf
+    mode: "0644"
+- name: Download dhparam file
+  ansible.builtin.get_url:
+    url: https://ssl-config.mozilla.org/ffdhe2048.txt
+    dest: /etc/nginx/dhparam.pem
+    mode: "0644"
+- name: Add user specified configs
+  ansible.builtin.copy:
+    content: "{{ item.content }}"
+    dest: /etc/nginx/conf.d/{{ item.name }}.conf
+    mode: "0644"
+  loop: "{{ nginx__configs }}"
+  notify: Reload nginx
+- name: Enable and start systemd service
+  ansible.builtin.systemd:
+    name: nginx.service
+    daemon_reload: true
+    enabled: true
+    state: started

playbooks/roles/nginx/templates/99nginx.j2

@@ -0,0 +1,4 @@
+Package: *
+Pin: origin nginx.org
+Pin: release o=nginx
+Pin-Priority: 900

playbooks/roles/nginx/templates/redirect.conf.j2

@@ -0,0 +1,9 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    server_name _;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}

playbooks/roles/nginx/templates/tls.conf.j2

@@ -0,0 +1,9 @@
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
+ssl_prefer_server_ciphers off;
+ssl_dhparam /etc/nginx/dhparam.pem;
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;

playbooks/roles/ola/meta/argument_specs.yml

@@ -2,7 +2,21 @@
 argument_specs:
   main:
     options:
-      ola__enable_ftdi:
+      ola__configs:
-        description: Enable FTDI USB DMX support
+        description: A list of ola configurations.
-        type: bool
+        type: list
+        elements: dict
         required: true
+        options:
+          name:
+            description: >-
+              The name of the configuration file, where the configuration should
+              be deployed to. The file will be placed under `/etc/ola/` and
+              `.conf` will be appended to the given name. So in the end the path
+              will be like this: `/etc/ola/\{\ name \}\}.conf`.
+            type: str
+            required: true
+          content:
+            description: The content of the configuration.
+            type: str
+            required: true

playbooks/roles/ola/tasks/main.yml

@@ -1,13 +1,15 @@
 - name: Install ola
   ansible.builtin.apt:
     name: ola
-- name: Generate ola-ftdidmx.conf
+- name: Ensure all given configuraton files are deployed
-  ansible.builtin.template:
+  ansible.builtin.copy:
-    src: ola-ftdidmx.conf.j2
+    content: "{{ item.content }}"
-    dest: /etc/ola/ola-ftdidmx.conf
+    dest: /etc/ola/{{ item.name }}.conf
-    mode: "0664"
+    mode: 0644
     owner: olad
     group: olad
+  loop: "{{ ola__configs }}"
+  notify: Restart olad
 - name: Enable and start ola service
   ansible.builtin.systemd:
     name: olad.service