From 433008d211e4b45abbbfd4a597b92d8e98514e6c Mon Sep 17 00:00:00 2001 From: c6ristian Date: Fri, 22 Nov 2024 23:02:41 +0100 Subject: [PATCH] Cleanup old configurations we no longer use. We have a bunch of old hosts, host_vars and roles we no longer use. There is no real value to keep them as they can just be fetched from the git history, should they be needed again. This make gettin a overview of the repository much simpler. --- inventories/z9/host_vars/mqtt.yaml | 4 - inventories/z9/host_vars/uptime-kuma.yaml | 14 -- inventories/z9/host_vars/zigbee2mqtt.yaml | 15 -- inventories/z9/hosts.yaml | 25 --- playbooks/deploy.yaml | 33 --- playbooks/engelsystem_specific_pre_tasks.yaml | 23 -- .../engelsystem/nginx/aes.ccchh.net.conf | 42 ---- .../files/patches/engelsystem/code_en.patch | 8 - .../files/patches/engelsystem/lang_de.patch | 12 - .../automation/mosquitto/mosquitto.conf | 16 -- .../automation/mosquitto/winkekatz.conf | 8 - .../files/z9/configs/uptime-kuma/compose.yaml | 17 -- .../uptime-kuma/nginx/status.ccchh.net.conf | 40 ---- .../zigbee2mqtt/nginx/zigbee2mqtt.conf | 28 --- .../bluetooth_audio_sink/files/override.conf | 3 - .../files/speaker-agent.service | 8 - .../bluetooth_audio_sink/handlers/main.yaml | 14 -- .../meta/argument_specs.yaml | 8 - .../roles/bluetooth_audio_sink/meta/main.yaml | 8 - .../bluetooth_audio_sink/tasks/main.yaml | 182 --------------- .../templates/machine-info.j2 | 1 - .../templates/main.conf.j2 | 211 ------------------ playbooks/roles/cert/README.md | 25 --- playbooks/roles/cert/defaults/main.yaml | 7 - playbooks/roles/cert/meta/argument_specs.yaml | 52 ----- playbooks/roles/cert/meta/main.yaml | 8 - playbooks/roles/cert/tasks/deploy_cert.yaml | 180 --------------- playbooks/roles/cert/tasks/main.yaml | 3 - .../cert/templates/nsupdate_add_txt_record.j2 | 4 - .../templates/nsupdate_delete_txt_record.j2 | 4 - playbooks/roles/hifiberry/handlers/main.yaml | 4 - .../roles/hifiberry/meta/argument_specs.yaml | 17 -- playbooks/roles/hifiberry/meta/main.yaml | 9 - playbooks/roles/hifiberry/tasks/main.yaml | 23 -- playbooks/roles/mosquitto/handlers/main.yaml | 6 - .../roles/mosquitto/meta/argument_specs.yaml | 26 --- playbooks/roles/mosquitto/meta/main.yaml | 8 - playbooks/roles/mosquitto/tasks/main.yaml | 33 --- .../roles/nodejs/meta/argument_specs.yaml | 8 - playbooks/roles/nodejs/meta/main.yaml | 17 -- playbooks/roles/nodejs/tasks/main.yaml | 4 - .../roles/raspberry_pi_check/tasks/main.yaml | 12 - .../roles/shairport_sync/handlers/main.yaml | 6 - .../shairport_sync/meta/argument_specs.yaml | 8 - playbooks/roles/shairport_sync/meta/main.yaml | 8 - .../roles/shairport_sync/tasks/main.yaml | 22 -- .../zigbee2mqtt/files/zigbee2mqtt.service | 18 -- .../roles/zigbee2mqtt/handlers/main.yaml | 12 - .../zigbee2mqtt/meta/argument_specs.yaml | 13 -- playbooks/roles/zigbee2mqtt/meta/main.yaml | 12 - playbooks/roles/zigbee2mqtt/tasks/main.yaml | 87 -------- .../zigbee2mqtt/configuration.yaml.j2 | 21 -- 52 files changed, 1377 deletions(-) delete mode 100644 inventories/z9/host_vars/mqtt.yaml delete mode 100644 inventories/z9/host_vars/uptime-kuma.yaml delete mode 100644 inventories/z9/host_vars/zigbee2mqtt.yaml delete mode 100644 playbooks/engelsystem_specific_pre_tasks.yaml delete mode 100644 playbooks/files/chaosknoten/configs/engelsystem/nginx/aes.ccchh.net.conf delete mode 100644 playbooks/files/patches/engelsystem/code_en.patch delete mode 100644 playbooks/files/patches/engelsystem/lang_de.patch delete mode 100644 playbooks/files/z9/configs/automation/mosquitto/mosquitto.conf delete mode 100644 playbooks/files/z9/configs/automation/mosquitto/winkekatz.conf delete mode 100644 playbooks/files/z9/configs/uptime-kuma/compose.yaml delete mode 100644 playbooks/files/z9/configs/uptime-kuma/nginx/status.ccchh.net.conf delete mode 100644 playbooks/files/z9/configs/zigbee2mqtt/nginx/zigbee2mqtt.conf delete mode 100644 playbooks/roles/bluetooth_audio_sink/files/override.conf delete mode 100644 playbooks/roles/bluetooth_audio_sink/files/speaker-agent.service delete mode 100644 playbooks/roles/bluetooth_audio_sink/handlers/main.yaml delete mode 100644 playbooks/roles/bluetooth_audio_sink/meta/argument_specs.yaml delete mode 100644 playbooks/roles/bluetooth_audio_sink/meta/main.yaml delete mode 100644 playbooks/roles/bluetooth_audio_sink/tasks/main.yaml delete mode 100644 playbooks/roles/bluetooth_audio_sink/templates/machine-info.j2 delete mode 100644 playbooks/roles/bluetooth_audio_sink/templates/main.conf.j2 delete mode 100644 playbooks/roles/cert/README.md delete mode 100644 playbooks/roles/cert/defaults/main.yaml delete mode 100644 playbooks/roles/cert/meta/argument_specs.yaml delete mode 100644 playbooks/roles/cert/meta/main.yaml delete mode 100644 playbooks/roles/cert/tasks/deploy_cert.yaml delete mode 100644 playbooks/roles/cert/tasks/main.yaml delete mode 100644 playbooks/roles/cert/templates/nsupdate_add_txt_record.j2 delete mode 100644 playbooks/roles/cert/templates/nsupdate_delete_txt_record.j2 delete mode 100644 playbooks/roles/hifiberry/handlers/main.yaml delete mode 100644 playbooks/roles/hifiberry/meta/argument_specs.yaml delete mode 100644 playbooks/roles/hifiberry/meta/main.yaml delete mode 100644 playbooks/roles/hifiberry/tasks/main.yaml delete mode 100644 playbooks/roles/mosquitto/handlers/main.yaml delete mode 100644 playbooks/roles/mosquitto/meta/argument_specs.yaml delete mode 100644 playbooks/roles/mosquitto/meta/main.yaml delete mode 100644 playbooks/roles/mosquitto/tasks/main.yaml delete mode 100644 playbooks/roles/nodejs/meta/argument_specs.yaml delete mode 100644 playbooks/roles/nodejs/meta/main.yaml delete mode 100644 playbooks/roles/nodejs/tasks/main.yaml delete mode 100644 playbooks/roles/raspberry_pi_check/tasks/main.yaml delete mode 100644 playbooks/roles/shairport_sync/handlers/main.yaml delete mode 100644 playbooks/roles/shairport_sync/meta/argument_specs.yaml delete mode 100644 playbooks/roles/shairport_sync/meta/main.yaml delete mode 100644 playbooks/roles/shairport_sync/tasks/main.yaml delete mode 100644 playbooks/roles/zigbee2mqtt/files/zigbee2mqtt.service delete mode 100644 playbooks/roles/zigbee2mqtt/handlers/main.yaml delete mode 100644 playbooks/roles/zigbee2mqtt/meta/argument_specs.yaml delete mode 100644 playbooks/roles/zigbee2mqtt/meta/main.yaml delete mode 100644 playbooks/roles/zigbee2mqtt/tasks/main.yaml delete mode 100644 playbooks/templates/z9/configs/zigbee2mqtt/zigbee2mqtt/configuration.yaml.j2 diff --git a/inventories/z9/host_vars/mqtt.yaml b/inventories/z9/host_vars/mqtt.yaml deleted file mode 100644 index 37ab3b9..0000000 --- a/inventories/z9/host_vars/mqtt.yaml +++ /dev/null @@ -1,4 +0,0 @@ -mosquitto__mosquitto_conf_content: "{{ lookup('ansible.builtin.file', 'z9/configs/automation/mosquitto/mosquitto.conf') }}" -mosquitto__configs: - - name: winkekatz - content: "{{ lookup('ansible.builtin.file', 'z9/configs/automation/mosquitto/winkekatz.conf') }}" diff --git a/inventories/z9/host_vars/uptime-kuma.yaml b/inventories/z9/host_vars/uptime-kuma.yaml deleted file mode 100644 index 625bd2b..0000000 --- a/inventories/z9/host_vars/uptime-kuma.yaml +++ /dev/null @@ -1,14 +0,0 @@ -certbot__version_spec: "" -certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz -certbot__certificate_domains: - - "status.ccchh.net" -certbot__new_cert_commands: - - "systemctl reload nginx.service" - -docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'z9/configs/uptime-kuma/compose.yaml') }}" -docker_compose__configuration_files: [ ] - -nginx__version_spec: "" -nginx__configurations: - - name: status.ccchh.net - content: "{{ lookup('ansible.builtin.file', 'z9/configs/uptime-kuma/nginx/status.ccchh.net.conf') }}" diff --git a/inventories/z9/host_vars/zigbee2mqtt.yaml b/inventories/z9/host_vars/zigbee2mqtt.yaml deleted file mode 100644 index 5d0f857..0000000 --- a/inventories/z9/host_vars/zigbee2mqtt.yaml +++ /dev/null @@ -1,15 +0,0 @@ -zigbee2mqtt__version: "1.37.1" -zigbee2mqtt__network_key: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/z9/zigbee2mqtt/network_key', create=false, missing='error') }}" -zigbee2mqtt__initial_config: "{{ lookup('ansible.builtin.template', 'z9/configs/zigbee2mqtt/zigbee2mqtt/configuration.yaml.j2') }}" - -certbot__version_spec: "" -certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz -certbot__certificate_domains: - - "zigbee2mqtt.ccchh.net" -certbot__new_cert_commands: - - "systemctl reload nginx.service" - -nginx__version_spec: "" -nginx__configurations: - - name: zigbee2mqtt - content: "{{ lookup('ansible.builtin.file', 'z9/configs/zigbee2mqtt/nginx/zigbee2mqtt.conf') }}" diff --git a/inventories/z9/hosts.yaml b/inventories/z9/hosts.yaml index db59ba4..f8a452d 100644 --- a/inventories/z9/hosts.yaml +++ b/inventories/z9/hosts.yaml @@ -8,43 +8,18 @@ all: authoritative-dns: ansible_host: authoritative-dns.z9.ccchh.net ansible_user: chaos - uptime-kuma: - ansible_host: uptime-kuma.z9.ccchh.net - ansible_user: chaos debian_12: hosts: nginx_hosts: hosts: light: - uptime-kuma: - public_reverse_proxy_hosts: - hosts: - cert_hosts: - hosts: - certbot_hosts: - hosts: - uptime-kuma: - zigbee2mqtt_hosts: - hosts: - mosquitto_hosts: - hosts: ola_hosts: hosts: light: foobazdmx_hosts: hosts: light: - hifiberry_hosts: - hosts: - bluetooth_audio_sink_hosts: - hosts: - shairport_sync_hosts: - hosts: - docker_compose_hosts: - hosts: - uptime-kuma: infrastructure_authorized_keys_hosts: hosts: light: authoritative-dns: - uptime-kuma: diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml index 50e55dc..ba1bea6 100644 --- a/playbooks/deploy.yaml +++ b/playbooks/deploy.yaml @@ -1,7 +1,4 @@ --- -- name: engelsystem_specific_pre_tasks - ansible.builtin.import_playbook: engelsystem_specific_pre_tasks.yaml - - name: Ensure SSH server config deployment on ssh_server_config_hosts hosts: ssh_server_config_hosts roles: @@ -17,21 +14,6 @@ roles: - nextcloud -- name: Ensure HiFiBerry deployment on hifiberry_hosts - hosts: hifiberry_hosts - roles: - - hifiberry - -- name: Ensure bluetooth audio sink deployment on bluetooth_audio_sink_hosts - hosts: bluetooth_audio_sink_hosts - roles: - - bluetooth_audio_sink - -- name: Ensure shairport sync deployment on shairport_sync_hosts - hosts: shairport_sync_hosts - roles: - - shairport_sync - - name: Ensure ola deployment on ola_hosts hosts: ola_hosts roles: @@ -42,26 +24,11 @@ roles: - foobazdmx -- name: Ensure Mosquitto MQTT broker deployment on mosquitto_hosts - hosts: mosquitto_hosts - roles: - - mosquitto - -- name: Ensure Zigbee2MQTT deployment on zigbee2mqtt_hosts - hosts: zigbee2mqtt_hosts - roles: - - zigbee2mqtt - - name: Ensure Dokuwiki config hosts: wiki roles: - dokuwiki -- name: Ensure certificate deployment on cert_hosts - hosts: cert_hosts - roles: - - cert - - name: Ensure NGINX deployment on nginx_hosts, which are also public_reverse_proxy_hosts, before certbot role runs hosts: nginx_hosts:&public_reverse_proxy_hosts roles: diff --git a/playbooks/engelsystem_specific_pre_tasks.yaml b/playbooks/engelsystem_specific_pre_tasks.yaml deleted file mode 100644 index b7a57b1..0000000 --- a/playbooks/engelsystem_specific_pre_tasks.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: engelsystem on engelsystem.z9 specific pre tasks - hosts: engelsystem - pre_tasks: - - name: Install git - ansible.builtin.apt: - name: git - state: present - - name: Clone engelsystem repo - ansible.builtin.git: - repo: https://github.com/engelsystem/engelsystem.git - dest: "{{ ansible_user_dir }}/engelsystem" - version: main - force: true - update: false - - name: apply patch to code to add train drivers license - ansible.posix.patch: - src: patches/engelsystem/code_en.patch - dest: "{{ ansible_user_dir }}/engelsystem/includes/view/UserDriverLicenses_view.php" - - name: apply patch to german locale add train drivers license - ansible.posix.patch: - src: patches/engelsystem/lang_de.patch - dest: "{{ ansible_user_dir }}/engelsystem/resources/lang/de_DE/default.po" diff --git a/playbooks/files/chaosknoten/configs/engelsystem/nginx/aes.ccchh.net.conf b/playbooks/files/chaosknoten/configs/engelsystem/nginx/aes.ccchh.net.conf deleted file mode 100644 index 937bdb7..0000000 --- a/playbooks/files/chaosknoten/configs/engelsystem/nginx/aes.ccchh.net.conf +++ /dev/null @@ -1,42 +0,0 @@ -# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration -# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 -server { - # Listen on a custom port for the proxy protocol. - listen 8443 ssl http2 proxy_protocol; - # Make use of the ngx_http_realip_module to set the $remote_addr and - # $remote_port to the client address and client port, when using proxy - # protocol. - # First set our proxy protocol proxy as trusted. - set_real_ip_from 172.31.17.140; - # Then tell the realip_module to get the addreses from the proxy protocol - # header. - real_ip_header proxy_protocol; - - server_name aes.ccchh.net; - - ssl_certificate /etc/letsencrypt/live/aes.ccchh.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/aes.ccchh.net/privkey.pem; - # verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /etc/letsencrypt/live/aes.ccchh.net/chain.pem; - - # HSTS (ngx_http_headers_module is required) (63072000 seconds) - add_header Strict-Transport-Security "max-age=63072000" always; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Port 443; - # This is https in any case. - proxy_set_header X-Forwarded-Proto https; - # Hide the X-Forwarded header. - proxy_hide_header X-Forwarded; - # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that - # is transparent). - # Also provide "_hidden" for by, since it's not relevant. - proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden"; - - location / { - proxy_pass http://127.0.0.1:5080/; - } -} diff --git a/playbooks/files/patches/engelsystem/code_en.patch b/playbooks/files/patches/engelsystem/code_en.patch deleted file mode 100644 index cdb613e..0000000 --- a/playbooks/files/patches/engelsystem/code_en.patch +++ /dev/null @@ -1,8 +0,0 @@ -22c22 -< form_checkbox('wants_to_drive', __('I am willing to drive a car for the event'), $user_driver_license->wantsToDrive()), ---- -> form_checkbox('wants_to_drive', __('I am willing to drive a vehicle for the event'), $user_driver_license->wantsToDrive()), -48c48 -< __('Forklift'), ---- -> __('Train'), diff --git a/playbooks/files/patches/engelsystem/lang_de.patch b/playbooks/files/patches/engelsystem/lang_de.patch deleted file mode 100644 index 2983bfa..0000000 --- a/playbooks/files/patches/engelsystem/lang_de.patch +++ /dev/null @@ -1,12 +0,0 @@ -1390,1391c1390,1391 -< msgid "Forklift" -< msgstr "Gabelstapler" ---- -> msgid "Train" -> msgstr "Lok" -1643,1644c1643,1644 -< msgid "I am willing to drive a car for the event" -< msgstr "Ich möchte für das Event Auto fahren" ---- -> msgid "I am willing to drive a vehicle for the event" -> msgstr "Ich möchte für das Event Fahrzeuge fahren" diff --git a/playbooks/files/z9/configs/automation/mosquitto/mosquitto.conf b/playbooks/files/z9/configs/automation/mosquitto/mosquitto.conf deleted file mode 100644 index 05141ab..0000000 --- a/playbooks/files/z9/configs/automation/mosquitto/mosquitto.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Place your local configuration in /etc/mosquitto/conf.d/ -# -# A full description of the configuration file is at -# /usr/share/doc/mosquitto/examples/mosquitto.conf.example - -per_listener_settings false -listener 1883 -allow_anonymous true -pid_file /run/mosquitto/mosquitto.pid - -persistence true -persistence_location /var/lib/mosquitto/ - -log_dest file /var/log/mosquitto/mosquitto.log - -include_dir /etc/mosquitto/conf.d diff --git a/playbooks/files/z9/configs/automation/mosquitto/winkekatz.conf b/playbooks/files/z9/configs/automation/mosquitto/winkekatz.conf deleted file mode 100644 index d728ecf..0000000 --- a/playbooks/files/z9/configs/automation/mosquitto/winkekatz.conf +++ /dev/null @@ -1,8 +0,0 @@ -connection winkekatz -address mqtt.winkekatze24.de -bridge_protocol_version mqttv311 - -topic winkekatze/allcats/eye/set in 2 -topic winkekatze/allcats in 2 -topic +/status out 2 winkekatze/ "" -topic +/connected out 2 winkekatze/ "" diff --git a/playbooks/files/z9/configs/uptime-kuma/compose.yaml b/playbooks/files/z9/configs/uptime-kuma/compose.yaml deleted file mode 100644 index 11482de..0000000 --- a/playbooks/files/z9/configs/uptime-kuma/compose.yaml +++ /dev/null @@ -1,17 +0,0 @@ -## Links & Rescources: -# -# https://github.com/louislam/uptime-kuma -# https://github.com/louislam/uptime-kuma/wiki/%F0%9F%94%A7-How-to-Install -# https://github.com/louislam/uptime-kuma/blob/master/docker/docker-compose.yml -# https://github.com/louislam/uptime-kuma/wiki/%F0%9F%86%99-How-to-Update -# https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy -# https://github.com/louislam/uptime-kuma/wiki/Environment-Variables - -services: - uptime-kuma: - image: louislam/uptime-kuma:1 - restart: unless-stopped - volumes: - - "./uptime-kuma-data:/app/data" - ports: - - 3001:3001 diff --git a/playbooks/files/z9/configs/uptime-kuma/nginx/status.ccchh.net.conf b/playbooks/files/z9/configs/uptime-kuma/nginx/status.ccchh.net.conf deleted file mode 100644 index 41e2925..0000000 --- a/playbooks/files/z9/configs/uptime-kuma/nginx/status.ccchh.net.conf +++ /dev/null @@ -1,40 +0,0 @@ -# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration -# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 -# Also see: https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy -server { - # Listen on a custom port for the proxy protocol. - listen 8443 ssl http2 proxy_protocol; - # Make use of the ngx_http_realip_module to set the $remote_addr and - # $remote_port to the client address and client port, when using proxy - # protocol. - # First set our proxy protocol proxy as trusted. - set_real_ip_from 10.31.206.1; - # Then tell the realip_module to get the addreses from the proxy protocol - # header. - real_ip_header proxy_protocol; - - server_name status.ccchh.net; - - ssl_certificate /etc/letsencrypt/live/status.ccchh.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/status.ccchh.net/privkey.pem; - # verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /etc/letsencrypt/live/status.ccchh.net/chain.pem; - - # HSTS (ngx_http_headers_module is required) (63072000 seconds) - add_header Strict-Transport-Security "max-age=63072000" always; - - # replace with the IP address of your resolver - resolver 10.31.206.1; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # This is https in any case. - proxy_set_header X-Forwarded-Proto https; - proxy_pass http://127.0.0.1:3001/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} diff --git a/playbooks/files/z9/configs/zigbee2mqtt/nginx/zigbee2mqtt.conf b/playbooks/files/z9/configs/zigbee2mqtt/nginx/zigbee2mqtt.conf deleted file mode 100644 index 9c35e87..0000000 --- a/playbooks/files/z9/configs/zigbee2mqtt/nginx/zigbee2mqtt.conf +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name zigbee2mqtt.ccchh.net; - - ssl_certificate /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/privkey.pem; - # verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/chain.pem; - - add_header Strict-Transport-Security "max-age=63072000" always; - - location / { - proxy_pass http://localhost:8080/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - location /api { - proxy_pass http://localhost:8080/api; - proxy_set_header Host $host; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} diff --git a/playbooks/roles/bluetooth_audio_sink/files/override.conf b/playbooks/roles/bluetooth_audio_sink/files/override.conf deleted file mode 100644 index de07b82..0000000 --- a/playbooks/roles/bluetooth_audio_sink/files/override.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -ExecStart= -ExecStart=-/sbin/agetty --autologin audiosink --noclear %I 38400 linux diff --git a/playbooks/roles/bluetooth_audio_sink/files/speaker-agent.service b/playbooks/roles/bluetooth_audio_sink/files/speaker-agent.service deleted file mode 100644 index e665f19..0000000 --- a/playbooks/roles/bluetooth_audio_sink/files/speaker-agent.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Bluetooth speaker agent - -[Service] -ExecStart=python3 /opt/speaker-agent/speaker-agent.py - -[Install] -WantedBy=default.target diff --git a/playbooks/roles/bluetooth_audio_sink/handlers/main.yaml b/playbooks/roles/bluetooth_audio_sink/handlers/main.yaml deleted file mode 100644 index 5b734ad..0000000 --- a/playbooks/roles/bluetooth_audio_sink/handlers/main.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Restart bluetooth service - ansible.builtin.systemd: - service: bluetooth.service - state: restarted -- name: Restart speaker-agent service - become_user: audiosink - ansible.builtin.systemd: - service: speaker-agent.service - state: restarted - scope: user - daemon_reload: true -- name: Reboot host - ansible.builtin.reboot: diff --git a/playbooks/roles/bluetooth_audio_sink/meta/argument_specs.yaml b/playbooks/roles/bluetooth_audio_sink/meta/argument_specs.yaml deleted file mode 100644 index 3b66203..0000000 --- a/playbooks/roles/bluetooth_audio_sink/meta/argument_specs.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -argument_specs: - main: - options: - bluetooth_audio_sink__name: - description: Name the bluetooth device should have - type: str - required: true diff --git a/playbooks/roles/bluetooth_audio_sink/meta/main.yaml b/playbooks/roles/bluetooth_audio_sink/meta/main.yaml deleted file mode 100644 index 386685c..0000000 --- a/playbooks/roles/bluetooth_audio_sink/meta/main.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -dependencies: - - role: distribution_check - vars: - distribution_check__distribution_support_spec: - - name: Debian - major_versions: - - "11" diff --git a/playbooks/roles/bluetooth_audio_sink/tasks/main.yaml b/playbooks/roles/bluetooth_audio_sink/tasks/main.yaml deleted file mode 100644 index 76d6355..0000000 --- a/playbooks/roles/bluetooth_audio_sink/tasks/main.yaml +++ /dev/null @@ -1,182 +0,0 @@ ---- -- name: Ensure acl is installed - become: true - ansible.builtin.apt: - name: acl - -- name: Ensure machine-info file is deployed - become: true - ansible.builtin.template: - src: machine-info.j2 - dest: /etc/machine-info - mode: "644" - owner: root - group: root - notify: Restart bluetooth service - -- name: Ensure bluetooth config is deployed - become: true - ansible.builtin.template: - src: main.conf.j2 - dest: /etc/bluetooth/main.conf - mode: "644" - owner: root - group: root - notify: Restart bluetooth service - -- name: Ensure bluetooth service is enabled and started - become: true - ansible.builtin.systemd: - service: bluetooth.service - state: started - enabled: true - -- name: Ensure audiosink user exists - become: true - ansible.builtin.user: - name: audiosink - groups: - - audio - -- name: Ensure user services are started without needing to login - become: true - ansible.builtin.command: - cmd: loginctl enable-linger audiosink - changed_when: false - -- name: Detect if on Raspberry Pi # noqa ignore-errors - ansible.builtin.include_role: - name: raspberry_pi_check - ignore_errors: true - -- name: Ensure debian archive keyring is installed # noqa no-handler - become: true - when: raspberry_pi_check__cpuinfo.found - ansible.builtin.apt: - deb: https://ftp.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2021.1.1+deb11u1_all.deb - -- name: Ensure debian backports repository is enabled - ansible.builtin.include_role: - name: add_apt_repository - vars: - add_apt_repository__https_repo: false - add_apt_repository__repo: "deb http://deb.debian.org/debian {{ ansible_facts.lsb.codename }}-backports main contrib non-free" - add_apt_repository__filename: "{{ ansible_facts.lsb.codename }}-backports.list" - -- name: Ensure pipewire, wireplumber and libspa-0.2-bluetooth are installed - become: true - ansible.builtin.apt: - name: - - pipewire - - wireplumber - - libspa-0.2-bluetooth - default_release: "{{ ansible_facts.lsb.codename }}-backports" - -- name: Ensure pipewire user service is enabled and started - become: true - become_user: audiosink - ansible.builtin.systemd: - name: pipewire.service - state: started - enabled: true - scope: user - -- name: Ensure pipewire-pulse user service is enabled and started - become: true - become_user: audiosink - ansible.builtin.systemd: - name: pipewire-pulse.service - state: started - enabled: true - scope: user - -- name: Ensure wireplumber user service is enabled - become: true - become_user: audiosink - ansible.builtin.systemd: - name: wireplumber.service - enabled: true - scope: user - -- name: Ensure speaker-agent dependencies are installed - become: true - ansible.builtin.apt: - name: - - git - - python3-dbus - -- name: Ensure speaker-agent repository is cloned - become: true - ansible.builtin.git: - repo: https://github.com/fdanis-oss/pw_wp_bluetooth_rpi_speaker.git - dest: /opt/speaker-agent - version: 9a939a23865ea020816017e06fd2290f301c35f9 - -- name: Ensure .config directory exists - become: true - become_user: audiosink - ansible.builtin.file: - path: /home/audiosink/.config - state: directory - mode: "700" - owner: audiosink - group: audiosink - -- name: Ensure .config/systemd directory exists - become: true - become_user: audiosink - ansible.builtin.file: - path: /home/audiosink/.config/systemd - state: directory - mode: "755" - owner: audiosink - group: audiosink - -- name: Ensure .config/systemd/user directory exists - become: true - become_user: audiosink - ansible.builtin.file: - path: /home/audiosink/.config/systemd/user - state: directory - mode: "755" - owner: audiosink - group: audiosink - -- name: Ensure speaker-agent service file is deployed - become: true - become_user: audiosink - ansible.builtin.copy: - src: speaker-agent.service - dest: /home/audiosink/.config/systemd/user/speaker-agent.service - mode: "644" - owner: audiosink - group: audiosink - notify: Restart speaker-agent service - -- name: Ensure speaker-agent service is enabled and started - become: true - become_user: audiosink - ansible.builtin.systemd: - name: speaker-agent.service - state: started - enabled: true - scope: user - -# This part is janky, but I don't know how to make the bluetooth service, wireplumber and pipewire -# work with each other without being logged in. -- name: Ensure getty@tty1 override file is deployed - become: true - ansible.builtin.copy: - src: override.conf - dest: /etc/systemd/system/getty@tty1.service.d/override.conf - mode: "644" - owner: root - group: root - notify: Reboot host - -- name: Ensure autologin for audiosink user is enabled - become: true - ansible.builtin.systemd: - service: getty@tty1.service - enabled: true - notify: Reboot host diff --git a/playbooks/roles/bluetooth_audio_sink/templates/machine-info.j2 b/playbooks/roles/bluetooth_audio_sink/templates/machine-info.j2 deleted file mode 100644 index 88ebdfa..0000000 --- a/playbooks/roles/bluetooth_audio_sink/templates/machine-info.j2 +++ /dev/null @@ -1 +0,0 @@ -PRETTY_HOSTNAME=Audio Pi diff --git a/playbooks/roles/bluetooth_audio_sink/templates/main.conf.j2 b/playbooks/roles/bluetooth_audio_sink/templates/main.conf.j2 deleted file mode 100644 index 05cf708..0000000 --- a/playbooks/roles/bluetooth_audio_sink/templates/main.conf.j2 +++ /dev/null @@ -1,211 +0,0 @@ -[General] - -# Defaults to 'BlueZ X.YZ', if Name is not set here and plugin 'hostname' is not loaded. -# The plugin 'hostname' is loaded by default and overides the Name set here so -# consider modifying /etc/machine-info with variable PRETTY_HOSTNAME= instead. -Name = {{ bluetooth_audio_sink__name }} - -# Default device class. Only the major and minor device class bits are -# considered. Defaults to '0x000000'. -Class = 0x200414 # Audio (Major Service Class), Audio/Video (Major Device Class), Loudspeaker (Minor Device Class) - -# How long to stay in discoverable mode before going back to non-discoverable -# The value is in seconds. Default is 180, i.e. 3 minutes. -# 0 = disable timer, i.e. stay discoverable forever -#DiscoverableTimeout = 0 -DiscoverableTimeout = 0 - -# Always allow pairing even if there are no agent registered -# Possible values: true, false -# Default: false -#AlwaysPairable = false -AlwaysPairable = true - -# How long to stay in pairable mode before going back to non-discoverable -# The value is in seconds. Default is 0. -# 0 = disable timer, i.e. stay pairable forever -#PairableTimeout = 0 -PairableTimeout = 0 - -# Use vendor id source (assigner), vendor, product and version information for -# DID profile support. The values are separated by ":" and assigner, VID, PID -# and version. -# Possible vendor id source values: bluetooth, usb (defaults to usb) -#DeviceID = bluetooth:1234:5678:abcd - -# Do reverse service discovery for previously unknown devices that connect to -# us. For BR/EDR this option is really only needed for qualification since the -# BITE tester doesn't like us doing reverse SDP for some test cases, for LE -# this disables the GATT client functionally so it can be used in system which -# can only operate as peripheral. -# Defaults to 'true'. -#ReverseServiceDiscovery = true - -# Enable name resolving after inquiry. Set it to 'false' if you don't need -# remote devices name and want shorter discovery cycle. Defaults to 'true'. -#NameResolving = true - -# Enable runtime persistency of debug link keys. Default is false which -# makes debug link keys valid only for the duration of the connection -# that they were created for. -#DebugKeys = false - -# Restricts all controllers to the specified transport. Default value -# is "dual", i.e. both BR/EDR and LE enabled (when supported by the HW). -# Possible values: "dual", "bredr", "le" -#ControllerMode = dual - -# Enables Multi Profile Specification support. This allows to specify if -# system supports only Multiple Profiles Single Device (MPSD) configuration -# or both Multiple Profiles Single Device (MPSD) and Multiple Profiles Multiple -# Devices (MPMD) configurations. -# Possible values: "off", "single", "multiple" -#MultiProfile = off - -# Permanently enables the Fast Connectable setting for adapters that -# support it. When enabled other devices can connect faster to us, -# however the tradeoff is increased power consumptions. This feature -# will fully work only on kernel version 4.1 and newer. Defaults to -# 'false'. -#FastConnectable = false - -# Default privacy setting. -# Enables use of private address. -# Possible values: "off", "device", "network" -# "network" option not supported currently -# Defaults to "off" -# Privacy = off - -# Specify the policy to the JUST-WORKS repairing initiated by peer -# Possible values: "never", "confirm", "always" -# Defaults to "never" -#JustWorksRepairing = never -JustWorksRepairing = always - -# How long to keep temporary devices around -# The value is in seconds. Default is 30. -# 0 = disable timer, i.e. never keep temporary devices -#TemporaryTimeout = 30 - -# Enables the device to issue an SDP request to update known services when -# profile is connected. Defaults to true. -#RefreshDiscovery = true - -Enable=Sink - -[Controller] -# The following values are used to load default adapter parameters. BlueZ loads -# the values into the kernel before the adapter is powered if the kernel -# supports the MGMT_LOAD_DEFAULT_PARAMETERS command. If a value isn't provided, -# the kernel will be initialized to it's default value. The actual value will -# vary based on the kernel version and thus aren't provided here. -# The Bluetooth Core Specification should be consulted for the meaning and valid -# domain of each of these values. - -# BR/EDR Page scan activity configuration -#BRPageScanType= -#BRPageScanInterval= -#BRPageScanWindow= - -# BR/EDR Inquiry scan activity configuration -#BRInquiryScanType= -#BRInquiryScanInterval= -#BRInquiryScanWindow= - -# BR/EDR Link supervision timeout -#BRLinkSupervisionTimeout= - -# BR/EDR Page Timeout -#BRPageTimeout= - -# BR/EDR Sniff Intervals -#BRMinSniffInterval= -#BRMaxSniffInterval= - -# LE advertisement interval (used for legacy advertisement interface only) -#LEMinAdvertisementInterval= -#LEMaxAdvertisementInterval= -#LEMultiAdvertisementRotationInterval= - -# LE scanning parameters used for passive scanning supporting auto connect -# scenarios -#LEScanIntervalAutoConnect= -#LEScanWindowAutoConnect= - -# LE scanning parameters used for passive scanning supporting wake from suspend -# scenarios -#LEScanIntervalSuspend= -#LEScanWindowSuspend= - -# LE scanning parameters used for active scanning supporting discovery -# proceedure -#LEScanIntervalDiscovery= -#LEScanWindowDiscovery= - -# LE scanning parameters used for passive scanning supporting the advertisement -# monitor Apis -#LEScanIntervalAdvMonitor= -#LEScanWindowAdvMonitor= - -# LE scanning parameters used for connection establishment. -#LEScanIntervalConnect= -#LEScanWindowConnect= - -# LE default connection parameters. These values are superceeded by any -# specific values provided via the Load Connection Parameters interface -#LEMinConnectionInterval= -#LEMaxConnectionInterval= -#LEConnectionLatency= -#LEConnectionSupervisionTimeout= -#LEAutoconnecttimeout= - -[GATT] -# GATT attribute cache. -# Possible values: -# always: Always cache attributes even for devices not paired, this is -# recommended as it is best for interoperability, with more consistent -# reconnection times and enables proper tracking of notifications for all -# devices. -# yes: Only cache attributes of paired devices. -# no: Never cache attributes -# Default: always -#Cache = always - -# Minimum required Encryption Key Size for accessing secured characteristics. -# Possible values: 0 and 7-16. 0 means don't care. -# Defaults to 0 -#KeySize = 0 - -# Exchange MTU size. -# Possible values: 23-517 -# Defaults to 517 -#ExchangeMTU = 517 - -# Number of ATT channels -# Possible values: 1-5 (1 disables EATT) -# Default to 3 -#Channels = 3 - -[Policy] -# -# The ReconnectUUIDs defines the set of remote services that should try -# to be reconnected to in case of a link loss (link supervision -# timeout). The policy plugin should contain a sane set of values by -# default, but this list can be overridden here. By setting the list to -# empty the reconnection feature gets disabled. -#ReconnectUUIDs=00001112-0000-1000-8000-00805f9b34fb,0000111f-0000-1000-8000-00805f9b34fb,0000110a-0000-1000-8000-00805f9b34fb - -# ReconnectAttempts define the number of attempts to reconnect after a link -# lost. Setting the value to 0 disables reconnecting feature. -#ReconnectAttempts=7 - -# ReconnectIntervals define the set of intervals in seconds to use in between -# attempts. -# If the number of attempts defined in ReconnectAttempts is bigger than the -# set of intervals the last interval is repeated until the last attempt. -#ReconnectIntervals=1,2,4,8,16,32,64 - -# AutoEnable defines option to enable all controllers when they are found. -# This includes adapters present on start as well as adapters that are plugged -# in later on. Defaults to 'false'. -AutoEnable=true diff --git a/playbooks/roles/cert/README.md b/playbooks/roles/cert/README.md deleted file mode 100644 index a6ffc60..0000000 --- a/playbooks/roles/cert/README.md +++ /dev/null @@ -1,25 +0,0 @@ -# Role `cert` - -A role for ordering and renewing certificates from Lets Encrypt via ACME. -It uses the DNS challenge and fullfills it via a BIND 9 server given to the role. - -## Supported Distributions - -The following distributions are supported: - -- Debian 11 - -## Required Arguments - -For the required arguments look at the [`argument_specs.yaml`](./meta/argument_specs.yml) - -## `hosts` - -The `hosts` for this role need to be the machines on which you want to have the certificates. - -## Links & Resources - -- -- -- -- diff --git a/playbooks/roles/cert/defaults/main.yaml b/playbooks/roles/cert/defaults/main.yaml deleted file mode 100644 index f08b1e9..0000000 --- a/playbooks/roles/cert/defaults/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ -cert__handlers: [] -cert__owner: root -cert__group: root -cert__fullchain_pem_permissions: "0660" -cert__chain_pem_permissions: "0660" -cert__cert_pem_permissions: "0660" -cert__privkey_pem_permissions: "0600" diff --git a/playbooks/roles/cert/meta/argument_specs.yaml b/playbooks/roles/cert/meta/argument_specs.yaml deleted file mode 100644 index cee160e..0000000 --- a/playbooks/roles/cert/meta/argument_specs.yaml +++ /dev/null @@ -1,52 +0,0 @@ ---- -argument_specs: - main: - short_description: Orders and renews certificates from Let's Encrypt - options: - cert__domains: - description: Domains for which to issue a certificate. Must be in the same DNS zone. - required: true - type: list - elements: str - cert__owner: - description: Owner of the certificate files. - required: false - type: str - default: root - cert__group: - description: Group of the certificate files. - required: false - type: str - default: root - cert__acme_account_email: - description: E-Mail address for ACME account - required: true - type: str - cert__bind_9_host: - description: The machine running BIND 9. - required: true - type: str - cert__bind_9_zone: - description: The zone to use for publishing the TXT record. - required: true - type: str - cert__fullchain_pem_permissions: - description: Permissons for the `fullchain.pem`. - type: str - required: false - default: "0660" - cert__chain_pem_permissions: - description: Permissons for the `chain.pem`. - type: str - required: false - default: "0660" - cert__cert_pem_permissions: - description: Permissons for the `cert.pem`. - type: str - required: false - default: "0660" - cert__privkey_pem_permissions: - description: Permissons for the `privkey.pem`. - type: str - required: false - default: "0600" diff --git a/playbooks/roles/cert/meta/main.yaml b/playbooks/roles/cert/meta/main.yaml deleted file mode 100644 index a8c1110..0000000 --- a/playbooks/roles/cert/meta/main.yaml +++ /dev/null @@ -1,8 +0,0 @@ -dependencies: # noqa meta-no-info - - role: distribution_check - vars: - distribution_check__distribution_support_spec: - - name: Debian - major_versions: - - "11" - - "12" diff --git a/playbooks/roles/cert/tasks/deploy_cert.yaml b/playbooks/roles/cert/tasks/deploy_cert.yaml deleted file mode 100644 index bd97ebe..0000000 --- a/playbooks/roles/cert/tasks/deploy_cert.yaml +++ /dev/null @@ -1,180 +0,0 @@ -- name: Ensure `ansible_certs` directory exists - ansible.builtin.file: - path: /etc/ansible_certs - state: directory - owner: root - group: root - mode: "755" - become: true - -- name: Ensure `certs` sub-directory exists - ansible.builtin.file: - path: /etc/ansible_certs/certs - state: directory - owner: root - group: root - mode: "755" - become: true - -- name: Ensure sub-directory for the certificate exists - ansible.builtin.file: - path: "/etc/ansible_certs/certs/{{ item }}" - state: directory - owner: "{{ cert__owner }}" - group: "{{ cert__group }}" - mode: "755" - become: true - -- name: Ensure private key for certificate exists - community.crypto.openssl_privatekey: - path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem" - size: 4096 - type: RSA - owner: "{{ cert__owner }}" - group: "{{ cert__group }}" - mode: "{{ cert__privkey_pem_permissions }}" - become: true - -- name: Ensure certificate signing request is created - community.crypto.openssl_csr: - path: "/etc/ansible_certs/certs/{{ item }}/csr.pem" - privatekey_path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem" - common_name: "{{ item }}" - owner: "{{ cert__owner }}" - group: "{{ cert__group }}" - mode: "0660" - become: true - register: cert__csr_result - -- name: Ensure private key for ACME account exists - community.crypto.openssl_privatekey: - path: "/etc/ansible_certs/account_key.pem" - size: 4096 - type: RSA - owner: root - group: root - mode: "0600" - become: true - -- name: Check certificate status and create ACME challenge if needed - community.crypto.acme_certificate: - account_email: "{{ cert__acme_account_email }}" - account_key_src: "/etc/ansible_certs/account_key.pem" - acme_directory: https://acme-v02.api.letsencrypt.org/directory - acme_version: 2 - remaining_days: 28 - terms_agreed: true - challenge: dns-01 - csr: "/etc/ansible_certs/certs/{{ item }}/csr.pem" - dest: "/etc/ansible_certs/certs/{{ item }}/cert.pem" - fullchain_dest: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem" - become: true - register: cert__acme_challenge - -- name: Retrieve certificate and fulfill challenge if needed # noqa no-handler - when: cert__acme_challenge.changed # Can't be put in a handler, because then the block "always" tasks won't be executed for some reason - block: - - name: Add file containing nsupdate commands for adding TXT record for DNS-01 challenge - ansible.builtin.template: - src: nsupdate_add_txt_record.j2 - dest: /root/nsupdate_add_txt_record - owner: root - group: root - mode: "0600" - vars: - cert__nsupdate_domain: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].record }}" - cert__nsupdate_txt_data: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].resource_value }}" - become: true - delegate_to: "{{ cert__bind_9_host }}" - - - name: Add DNS record to BIND 9 server via nsupdate # noqa: no-changed-when - ansible.builtin.command: /usr/bin/nsupdate -l /root/nsupdate_add_txt_record - become: true - delegate_to: "{{ cert__bind_9_host }}" - - - name: Retrieve certificate - community.crypto.acme_certificate: - account_email: "{{ cert__acme_account_email }}" - account_key_src: "/etc/ansible_certs/account_key.pem" - acme_directory: https://acme-v02.api.letsencrypt.org/directory - acme_version: 2 - terms_agreed: true - remaining_days: 28 - challenge: dns-01 - csr: "/etc/ansible_certs/certs/{{ item }}/csr.pem" - dest: "/etc/ansible_certs/certs/{{ item }}/cert.pem" - fullchain_dest: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem" - data: "{{ cert__acme_challenge }}" - become: true - notify: "{{ cert__handlers }}" - always: - - name: Remove file containing nsupdate commands for adding TXT record again - ansible.builtin.file: - path: /root/nsupdate_add_txt_record - state: absent - become: true - delegate_to: "{{ cert__bind_9_host }}" - - - name: Remove TXT record again - block: - - name: Add file containing nsupdate commands for deleting TXT record for DNS-01 challenge - ansible.builtin.template: - src: nsupdate_delete_txt_record.j2 - dest: /root/nsupdate_delete_txt_record - owner: root - group: root - mode: "0600" - vars: - cert__nsupdate_domain: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].record }}" - cert__nsupdate_txt_data: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].resource_value }}" - become: true - delegate_to: "{{ cert__bind_9_host }}" - - - name: Remove DNS record from BIND 9 server via nsupdate # noqa: no-changed-when - ansible.builtin.command: /usr/bin/nsupdate -l /root/nsupdate_delete_txt_record - become: true - delegate_to: "{{ cert__bind_9_host }}" - always: - - name: Remove file containing nsupdate commands for deleting TXT record again - ansible.builtin.file: - path: /root/nsupdate_delete_txt_record - state: absent - become: true - delegate_to: "{{ cert__bind_9_host }}" - -- name: Ensure correct permissions for certificate are set - ansible.builtin.file: - path: "/etc/ansible_certs/certs/{{ item }}/cert.pem" - owner: "{{ cert__owner }}" - group: "{{ cert__group }}" - mode: "{{ cert__cert_pem_permissions }}" - become: true - -- name: Ensure correct permissions for fullchain cert are set - ansible.builtin.file: - path: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem" - owner: "{{ cert__owner }}" - group: "{{ cert__group }}" - mode: "{{ cert__fullchain_pem_permissions }}" - become: true - -- name: Get content of cert.pem - ansible.builtin.slurp: - src: "/etc/ansible_certs/certs/{{ item }}/cert.pem" - become: true - register: cert__cert_slurp - -- name: Get content of fullchain.pem - ansible.builtin.slurp: - src: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem" - become: true - register: cert__fullchain_slurp - -- name: Ensure chain.pem is created - ansible.builtin.copy: - content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}" - dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem" - owner: "{{ cert__owner }}" - group: "{{ cert__group }}" - mode: "{{ cert__chain_pem_permissions }}" - become: true diff --git a/playbooks/roles/cert/tasks/main.yaml b/playbooks/roles/cert/tasks/main.yaml deleted file mode 100644 index 5c9c0e8..0000000 --- a/playbooks/roles/cert/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Deploy cert - ansible.builtin.include_tasks: deploy_cert.yaml - loop: "{{ cert__domains }}" diff --git a/playbooks/roles/cert/templates/nsupdate_add_txt_record.j2 b/playbooks/roles/cert/templates/nsupdate_add_txt_record.j2 deleted file mode 100644 index 1b0b9e7..0000000 --- a/playbooks/roles/cert/templates/nsupdate_add_txt_record.j2 +++ /dev/null @@ -1,4 +0,0 @@ -debug -zone {{ cert__bind_9_zone }} -update add {{ cert__nsupdate_domain }} 60 TXT {{ cert__nsupdate_txt_data }} -send diff --git a/playbooks/roles/cert/templates/nsupdate_delete_txt_record.j2 b/playbooks/roles/cert/templates/nsupdate_delete_txt_record.j2 deleted file mode 100644 index 274c76b..0000000 --- a/playbooks/roles/cert/templates/nsupdate_delete_txt_record.j2 +++ /dev/null @@ -1,4 +0,0 @@ -debug -zone {{ cert__bind_9_zone }} -update delete {{ cert__nsupdate_domain }} 60 TXT {{ cert__nsupdate_txt_data }} -send diff --git a/playbooks/roles/hifiberry/handlers/main.yaml b/playbooks/roles/hifiberry/handlers/main.yaml deleted file mode 100644 index 774b511..0000000 --- a/playbooks/roles/hifiberry/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Restart system - become: true - ansible.builtin.reboot: diff --git a/playbooks/roles/hifiberry/meta/argument_specs.yaml b/playbooks/roles/hifiberry/meta/argument_specs.yaml deleted file mode 100644 index 5972bd6..0000000 --- a/playbooks/roles/hifiberry/meta/argument_specs.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -argument_specs: - main: - options: - hifiberry__device: - description: Which HiFiBerry board to enable - type: str - choices: - - hifiberry-dac - - hifiberry-dacplus - - hifiberry-dacplushd - - hifiberry-dacplusadc - - hifiberry-dacplusadcpro - - hifiberry-digi - - hifiberry-digi-pro - - hifiberry-amp - required: true diff --git a/playbooks/roles/hifiberry/meta/main.yaml b/playbooks/roles/hifiberry/meta/main.yaml deleted file mode 100644 index ff798a8..0000000 --- a/playbooks/roles/hifiberry/meta/main.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -dependencies: - - role: distribution_check - vars: - distribution_check__distribution_support_spec: - - name: Debian - major_versions: - - "11" - - role: raspberry_pi_check diff --git a/playbooks/roles/hifiberry/tasks/main.yaml b/playbooks/roles/hifiberry/tasks/main.yaml deleted file mode 100644 index 987def8..0000000 --- a/playbooks/roles/hifiberry/tasks/main.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Remove dtparam=audio=on - become: true - ansible.builtin.lineinfile: - line: dtparam=audio=on - dest: /boot/config.txt - state: absent - notify: Restart system - -- name: Set audio=off for dtoverlay=vc4-kms-v3d - become: true - ansible.builtin.lineinfile: - regexp: ^dtoverlay=vc4-kms-v3d - line: dtoverlay=vc4-kms-v3d,audio=off - dest: /boot/config.txt - notify: Restart system - -- name: Add hifiberry dtoverlay - become: true - ansible.builtin.lineinfile: - line: "dtoverlay={{ hifiberry__device }}" - dest: /boot/config.txt - notify: Restart system diff --git a/playbooks/roles/mosquitto/handlers/main.yaml b/playbooks/roles/mosquitto/handlers/main.yaml deleted file mode 100644 index efa0b7f..0000000 --- a/playbooks/roles/mosquitto/handlers/main.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Restart mosquitto - become: true - ansible.builtin.systemd: - service: mosquitto.service - state: restarted diff --git a/playbooks/roles/mosquitto/meta/argument_specs.yaml b/playbooks/roles/mosquitto/meta/argument_specs.yaml deleted file mode 100644 index 72f0bdd..0000000 --- a/playbooks/roles/mosquitto/meta/argument_specs.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -argument_specs: - main: - options: - mosquitto__mosquitto_conf_content: - description: The content of the main mosquitto configuration file. - type: str - required: true - mosquitto__configs: - description: A list of additional mosquitto configurations. - type: list - elements: dict - required: false - options: - name: - description: >- - The name of the configuration file, where the configuration should - be deployed to. The file will be placed under `/etc/mosquitto/conf.d` and - `.conf` will be appended to the given name. So in the end the path - will be like this: `/etc/mosquitto/conf.d/\{\ name \}\}.conf`. - type: str - required: true - content: - description: The content of the configuration. - type: str - required: true diff --git a/playbooks/roles/mosquitto/meta/main.yaml b/playbooks/roles/mosquitto/meta/main.yaml deleted file mode 100644 index 386685c..0000000 --- a/playbooks/roles/mosquitto/meta/main.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -dependencies: - - role: distribution_check - vars: - distribution_check__distribution_support_spec: - - name: Debian - major_versions: - - "11" diff --git a/playbooks/roles/mosquitto/tasks/main.yaml b/playbooks/roles/mosquitto/tasks/main.yaml deleted file mode 100644 index 5fb90be..0000000 --- a/playbooks/roles/mosquitto/tasks/main.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: Ensure mosquitto is installed - become: true - ansible.builtin.apt: - name: mosquitto - -- name: Ensure main configuraton file is deployed - become: true - ansible.builtin.copy: - content: "{{ mosquitto__mosquitto_conf_content }}" - dest: /etc/mosquitto/mosquitto.conf - mode: "644" - owner: root - group: root - notify: Restart mosquitto - -- name: Ensure all additional configuraton files are deployed - become: true - ansible.builtin.copy: - content: "{{ item.content }}" - dest: /etc/mosquitto/conf.d/{{ item.name }}.conf - mode: "644" - owner: root - group: root - loop: "{{ mosquitto__configs }}" - notify: Restart mosquitto - -- name: Ensure mosquitto service is enabled and started - become: true - ansible.builtin.systemd: - service: mosquitto.service - enabled: true - state: started diff --git a/playbooks/roles/nodejs/meta/argument_specs.yaml b/playbooks/roles/nodejs/meta/argument_specs.yaml deleted file mode 100644 index e950b49..0000000 --- a/playbooks/roles/nodejs/meta/argument_specs.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -argument_specs: - main: - options: - nodejs__major_version: - description: Major version of nodejs to install - type: int - required: true diff --git a/playbooks/roles/nodejs/meta/main.yaml b/playbooks/roles/nodejs/meta/main.yaml deleted file mode 100644 index 15aceb3..0000000 --- a/playbooks/roles/nodejs/meta/main.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -dependencies: - - role: distribution_check - vars: - distribution_check__distribution_support_spec: - - name: Debian - major_versions: - - "11" - - "12" - - role: add_apt_repository - vars: - add_apt_repository__https_repo: true - add_apt_repository__keyring_url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key - add_apt_repository__keyring_path: /usr/share/keyrings/nodesource.gpg - add_apt_repository__repo: "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_\ - {{ nodejs__major_version }}.x {{ ansible_facts.lsb.codename }} main" - add_apt_repository__filename: nodesource.list diff --git a/playbooks/roles/nodejs/tasks/main.yaml b/playbooks/roles/nodejs/tasks/main.yaml deleted file mode 100644 index 84950f6..0000000 --- a/playbooks/roles/nodejs/tasks/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Ensure nodejs is installed - ansible.builtin.apt: - name: nodejs diff --git a/playbooks/roles/raspberry_pi_check/tasks/main.yaml b/playbooks/roles/raspberry_pi_check/tasks/main.yaml deleted file mode 100644 index 925fc67..0000000 --- a/playbooks/roles/raspberry_pi_check/tasks/main.yaml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Detect if on Raspberry Pi - ansible.builtin.lineinfile: - path: /proc/cpuinfo - regexp: ".*Raspberry Pi.*" - state: absent - check_mode: true - register: raspberry_pi_check__cpuinfo - changed_when: false -- name: Fail when not on Raspberry Pi # noqa no-handler - when: not raspberry_pi_check__cpuinfo.found - ansible.builtin.fail: - msg: You are not running on Raspberry Pi hardware! diff --git a/playbooks/roles/shairport_sync/handlers/main.yaml b/playbooks/roles/shairport_sync/handlers/main.yaml deleted file mode 100644 index eff4ae7..0000000 --- a/playbooks/roles/shairport_sync/handlers/main.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Restart shairport-sync service - become: true - ansible.builtin.systemd: - service: shairport-sync - state: restarted diff --git a/playbooks/roles/shairport_sync/meta/argument_specs.yaml b/playbooks/roles/shairport_sync/meta/argument_specs.yaml deleted file mode 100644 index 55570ac..0000000 --- a/playbooks/roles/shairport_sync/meta/argument_specs.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -argument_specs: - main: - options: - shairport_sync__config: - description: shairport-sync config content - type: str - required: true diff --git a/playbooks/roles/shairport_sync/meta/main.yaml b/playbooks/roles/shairport_sync/meta/main.yaml deleted file mode 100644 index 386685c..0000000 --- a/playbooks/roles/shairport_sync/meta/main.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -dependencies: - - role: distribution_check - vars: - distribution_check__distribution_support_spec: - - name: Debian - major_versions: - - "11" diff --git a/playbooks/roles/shairport_sync/tasks/main.yaml b/playbooks/roles/shairport_sync/tasks/main.yaml deleted file mode 100644 index 8406acc..0000000 --- a/playbooks/roles/shairport_sync/tasks/main.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Ensure shairport-sync is installed - become: true - ansible.builtin.apt: - name: shairport-sync - -- name: Ensure shairport-sync config is deployed - become: true - ansible.builtin.copy: - content: "{{ shairport_sync__config }}" - dest: /etc/shairport-sync.conf - mode: "644" - owner: root - group: root - notify: Restart shairport-sync service - -- name: Ensure shairport-sync service is enabled and started - become: true - ansible.builtin.systemd: - service: shairport-sync - state: started - enabled: true diff --git a/playbooks/roles/zigbee2mqtt/files/zigbee2mqtt.service b/playbooks/roles/zigbee2mqtt/files/zigbee2mqtt.service deleted file mode 100644 index 389e7a0..0000000 --- a/playbooks/roles/zigbee2mqtt/files/zigbee2mqtt.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=zigbee2mqtt -After=network.target - -[Service] -Environment=ZIGBEE2MQTT_DATA=/home/zigbee2mqtt/zigbee2mqtt_data -Environment=NODE_ENV=production -ExecStart=/usr/bin/npm start -WorkingDirectory=/opt/zigbee2mqtt -StandardOutput=inherit -# Or use StandardOutput=null if you don't want Zigbee2MQTT messages filling syslog, for more options see systemd.exec(5) -StandardError=inherit -Restart=always -RestartSec=10s -User=zigbee2mqtt - -[Install] -WantedBy=multi-user.target diff --git a/playbooks/roles/zigbee2mqtt/handlers/main.yaml b/playbooks/roles/zigbee2mqtt/handlers/main.yaml deleted file mode 100644 index 6036e5f..0000000 --- a/playbooks/roles/zigbee2mqtt/handlers/main.yaml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Restart zigbee2mqtt - become: true - ansible.builtin.systemd: - name: zigbee2mqtt - state: restarted - -- name: Reload systemd-daemon and restart zigbee2mqtt - become: true - ansible.builtin.systemd: - name: zigbee2mqtt - state: restarted - daemon_reload: true diff --git a/playbooks/roles/zigbee2mqtt/meta/argument_specs.yaml b/playbooks/roles/zigbee2mqtt/meta/argument_specs.yaml deleted file mode 100644 index 54ab016..0000000 --- a/playbooks/roles/zigbee2mqtt/meta/argument_specs.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -argument_specs: - main: - options: - zigbee2mqtt__version: - description: zigbee2mqtt version to install - type: str - required: true - zigbee2mqtt__initial_config: - description: Configuration file content for initial deployment. - It does not replace the configuration if it already exists. - type: str - required: true diff --git a/playbooks/roles/zigbee2mqtt/meta/main.yaml b/playbooks/roles/zigbee2mqtt/meta/main.yaml deleted file mode 100644 index dd0c5ed..0000000 --- a/playbooks/roles/zigbee2mqtt/meta/main.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -dependencies: - - role: distribution_check - vars: - distribution_check__distribution_support_spec: - - name: Debian - major_versions: - - "11" - - "12" - - role: nodejs - vars: - nodejs__major_version: 16 diff --git a/playbooks/roles/zigbee2mqtt/tasks/main.yaml b/playbooks/roles/zigbee2mqtt/tasks/main.yaml deleted file mode 100644 index e1e0c5c..0000000 --- a/playbooks/roles/zigbee2mqtt/tasks/main.yaml +++ /dev/null @@ -1,87 +0,0 @@ -- name: Ensure acl is installed - become: true - ansible.builtin.apt: - name: acl - -- name: Ensure git is installed - become: true - ansible.builtin.apt: - name: git - -- name: Ensure zigbee2mqtt user exists - become: true - ansible.builtin.user: - name: zigbee2mqtt - groups: - - zigbee2mqtt - - dialout - group: zigbee2mqtt - -- name: Ensure installation directory exists - become: true - ansible.builtin.file: - dest: /opt/zigbee2mqtt - state: directory - mode: "755" - owner: zigbee2mqtt - group: zigbee2mqtt - -- name: Ensure zigbee2mqtt repository is cloned - become: true - become_user: zigbee2mqtt - ansible.builtin.git: - repo: https://github.com/Koenkk/zigbee2mqtt.git - depth: 1 - dest: /opt/zigbee2mqtt - version: "{{ zigbee2mqtt__version }}" - notify: Restart zigbee2mqtt - -- name: Ensure npm dependencies are installed - become: true - become_user: zigbee2mqtt - community.general.npm: - path: /opt/zigbee2mqtt - ci: true - changed_when: false # installs packages according to package-lock.json, but always reports a change - -- name: Ensure custom zigbee2mqtt data directory exists - become: true - ansible.builtin.file: - dest: /home/zigbee2mqtt/zigbee2mqtt_data - state: directory - mode: "755" - owner: zigbee2mqtt - group: zigbee2mqtt - -- name: Check configuration file status - ansible.builtin.stat: - path: /home/zigbee2mqtt/zigbee2mqtt_data/configuration.yaml - register: zigbee2mqtt__conf_stat - -- name: Ensure configuration file is deployed when it doesn't exist - become: true - when: not zigbee2mqtt__conf_stat.stat.exists - ansible.builtin.copy: - content: "{{ zigbee2mqtt__initial_config }}" - dest: /home/zigbee2mqtt/zigbee2mqtt_data/configuration.yaml - mode: "640" - owner: zigbee2mqtt - group: zigbee2mqtt - notify: Restart zigbee2mqtt - -- name: Ensure zigbee2mqtt service file is deployed - become: true - ansible.builtin.copy: - src: zigbee2mqtt.service - dest: /etc/systemd/system/zigbee2mqtt.service - mode: "644" - owner: root - group: root - notify: Reload systemd-daemon and restart zigbee2mqtt - -- name: Ensure zigbee2mqtt is enabled and started - become: true - ansible.builtin.systemd: - service: zigbee2mqtt - enabled: true - state: started diff --git a/playbooks/templates/z9/configs/zigbee2mqtt/zigbee2mqtt/configuration.yaml.j2 b/playbooks/templates/z9/configs/zigbee2mqtt/zigbee2mqtt/configuration.yaml.j2 deleted file mode 100644 index 183543a..0000000 --- a/playbooks/templates/z9/configs/zigbee2mqtt/zigbee2mqtt/configuration.yaml.j2 +++ /dev/null @@ -1,21 +0,0 @@ -homeassistant: true - -permit_join: false - -mqtt: - base_topic: zigbee2mqtt - server: 'mqtt://mqtt.z9' - -serial: - port: /dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014DBC72F-if00 - -advanced: - network_key: [{{ zigbee2mqtt__network_key }}] - pan_id: 32673 - ext_pan_id: [58, 76, 37, 2, 22, 198, 237, 124] - channel: 11 - -frontend: - port: 8080 - host: localhost - url: https://zigbee2mqtt.z9 -- 2.44.2