Cleanup old configurations we no longer use. #13
|
|
@ -1,4 +0,0 @@
|
|||
mosquitto__mosquitto_conf_content: "{{ lookup('ansible.builtin.file', 'z9/configs/automation/mosquitto/mosquitto.conf') }}"
|
||||
mosquitto__configs:
|
||||
- name: winkekatz
|
||||
content: "{{ lookup('ansible.builtin.file', 'z9/configs/automation/mosquitto/winkekatz.conf') }}"
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
certbot__version_spec: ""
|
||||
certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
|
||||
certbot__certificate_domains:
|
||||
- "status.ccchh.net"
|
||||
certbot__new_cert_commands:
|
||||
- "systemctl reload nginx.service"
|
||||
|
||||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'z9/configs/uptime-kuma/compose.yaml') }}"
|
||||
docker_compose__configuration_files: [ ]
|
||||
|
||||
nginx__version_spec: ""
|
||||
nginx__configurations:
|
||||
- name: status.ccchh.net
|
||||
content: "{{ lookup('ansible.builtin.file', 'z9/configs/uptime-kuma/nginx/status.ccchh.net.conf') }}"
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
zigbee2mqtt__version: "1.37.1"
|
||||
zigbee2mqtt__network_key: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/z9/zigbee2mqtt/network_key', create=false, missing='error') }}"
|
||||
zigbee2mqtt__initial_config: "{{ lookup('ansible.builtin.template', 'z9/configs/zigbee2mqtt/zigbee2mqtt/configuration.yaml.j2') }}"
|
||||
|
||||
certbot__version_spec: ""
|
||||
certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
|
||||
certbot__certificate_domains:
|
||||
- "zigbee2mqtt.ccchh.net"
|
||||
certbot__new_cert_commands:
|
||||
- "systemctl reload nginx.service"
|
||||
|
||||
nginx__version_spec: ""
|
||||
nginx__configurations:
|
||||
- name: zigbee2mqtt
|
||||
content: "{{ lookup('ansible.builtin.file', 'z9/configs/zigbee2mqtt/nginx/zigbee2mqtt.conf') }}"
|
||||
|
|
@ -8,43 +8,18 @@ all:
|
|||
authoritative-dns:
|
||||
ansible_host: authoritative-dns.z9.ccchh.net
|
||||
ansible_user: chaos
|
||||
uptime-kuma:
|
||||
ansible_host: uptime-kuma.z9.ccchh.net
|
||||
ansible_user: chaos
|
||||
debian_12:
|
||||
hosts:
|
||||
nginx_hosts:
|
||||
hosts:
|
||||
light:
|
||||
uptime-kuma:
|
||||
public_reverse_proxy_hosts:
|
||||
hosts:
|
||||
cert_hosts:
|
||||
hosts:
|
||||
certbot_hosts:
|
||||
hosts:
|
||||
uptime-kuma:
|
||||
zigbee2mqtt_hosts:
|
||||
hosts:
|
||||
mosquitto_hosts:
|
||||
hosts:
|
||||
ola_hosts:
|
||||
hosts:
|
||||
light:
|
||||
foobazdmx_hosts:
|
||||
hosts:
|
||||
light:
|
||||
hifiberry_hosts:
|
||||
hosts:
|
||||
bluetooth_audio_sink_hosts:
|
||||
hosts:
|
||||
shairport_sync_hosts:
|
||||
hosts:
|
||||
docker_compose_hosts:
|
||||
hosts:
|
||||
uptime-kuma:
|
||||
infrastructure_authorized_keys_hosts:
|
||||
hosts:
|
||||
light:
|
||||
authoritative-dns:
|
||||
uptime-kuma:
|
||||
|
|
|
|||
|
|
@ -1,7 +1,4 @@
|
|||
---
|
||||
- name: engelsystem_specific_pre_tasks
|
||||
ansible.builtin.import_playbook: engelsystem_specific_pre_tasks.yaml
|
||||
|
||||
- name: Ensure SSH server config deployment on ssh_server_config_hosts
|
||||
hosts: ssh_server_config_hosts
|
||||
roles:
|
||||
|
|
@ -17,21 +14,6 @@
|
|||
roles:
|
||||
- nextcloud
|
||||
|
||||
- name: Ensure HiFiBerry deployment on hifiberry_hosts
|
||||
hosts: hifiberry_hosts
|
||||
roles:
|
||||
- hifiberry
|
||||
|
||||
- name: Ensure bluetooth audio sink deployment on bluetooth_audio_sink_hosts
|
||||
hosts: bluetooth_audio_sink_hosts
|
||||
roles:
|
||||
- bluetooth_audio_sink
|
||||
|
||||
- name: Ensure shairport sync deployment on shairport_sync_hosts
|
||||
hosts: shairport_sync_hosts
|
||||
roles:
|
||||
- shairport_sync
|
||||
|
||||
- name: Ensure ola deployment on ola_hosts
|
||||
hosts: ola_hosts
|
||||
roles:
|
||||
|
|
@ -42,26 +24,11 @@
|
|||
roles:
|
||||
- foobazdmx
|
||||
|
||||
- name: Ensure Mosquitto MQTT broker deployment on mosquitto_hosts
|
||||
hosts: mosquitto_hosts
|
||||
roles:
|
||||
- mosquitto
|
||||
|
||||
- name: Ensure Zigbee2MQTT deployment on zigbee2mqtt_hosts
|
||||
hosts: zigbee2mqtt_hosts
|
||||
roles:
|
||||
- zigbee2mqtt
|
||||
|
||||
- name: Ensure Dokuwiki config
|
||||
hosts: wiki
|
||||
roles:
|
||||
- dokuwiki
|
||||
|
||||
- name: Ensure certificate deployment on cert_hosts
|
||||
hosts: cert_hosts
|
||||
roles:
|
||||
- cert
|
||||
|
||||
- name: Ensure NGINX deployment on nginx_hosts, which are also public_reverse_proxy_hosts, before certbot role runs
|
||||
hosts: nginx_hosts:&public_reverse_proxy_hosts
|
||||
roles:
|
||||
|
|
|
|||
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
- name: engelsystem on engelsystem.z9 specific pre tasks
|
||||
hosts: engelsystem
|
||||
pre_tasks:
|
||||
- name: Install git
|
||||
ansible.builtin.apt:
|
||||
name: git
|
||||
state: present
|
||||
- name: Clone engelsystem repo
|
||||
ansible.builtin.git:
|
||||
repo: https://github.com/engelsystem/engelsystem.git
|
||||
dest: "{{ ansible_user_dir }}/engelsystem"
|
||||
version: main
|
||||
force: true
|
||||
update: false
|
||||
- name: apply patch to code to add train drivers license
|
||||
ansible.posix.patch:
|
||||
src: patches/engelsystem/code_en.patch
|
||||
dest: "{{ ansible_user_dir }}/engelsystem/includes/view/UserDriverLicenses_view.php"
|
||||
- name: apply patch to german locale add train drivers license
|
||||
ansible.posix.patch:
|
||||
src: patches/engelsystem/lang_de.patch
|
||||
dest: "{{ ansible_user_dir }}/engelsystem/resources/lang/de_DE/default.po"
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
server {
|
||||
# Listen on a custom port for the proxy protocol.
|
||||
listen 8443 ssl http2 proxy_protocol;
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 172.31.17.140;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
server_name aes.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/aes.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/aes.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/aes.ccchh.net/chain.pem;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Port 443;
|
||||
# This is https in any case.
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
# Hide the X-Forwarded header.
|
||||
proxy_hide_header X-Forwarded;
|
||||
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
|
||||
# is transparent).
|
||||
# Also provide "_hidden" for by, since it's not relevant.
|
||||
proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:5080/;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
22c22
|
||||
< form_checkbox('wants_to_drive', __('I am willing to drive a car for the event'), $user_driver_license->wantsToDrive()),
|
||||
---
|
||||
> form_checkbox('wants_to_drive', __('I am willing to drive a vehicle for the event'), $user_driver_license->wantsToDrive()),
|
||||
48c48
|
||||
< __('Forklift'),
|
||||
---
|
||||
> __('Train'),
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
1390,1391c1390,1391
|
||||
< msgid "Forklift"
|
||||
< msgstr "Gabelstapler"
|
||||
---
|
||||
> msgid "Train"
|
||||
> msgstr "Lok"
|
||||
1643,1644c1643,1644
|
||||
< msgid "I am willing to drive a car for the event"
|
||||
< msgstr "Ich möchte für das Event Auto fahren"
|
||||
---
|
||||
> msgid "I am willing to drive a vehicle for the event"
|
||||
> msgstr "Ich möchte für das Event Fahrzeuge fahren"
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
# Place your local configuration in /etc/mosquitto/conf.d/
|
||||
#
|
||||
# A full description of the configuration file is at
|
||||
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
|
||||
|
||||
per_listener_settings false
|
||||
listener 1883
|
||||
allow_anonymous true
|
||||
pid_file /run/mosquitto/mosquitto.pid
|
||||
|
||||
persistence true
|
||||
persistence_location /var/lib/mosquitto/
|
||||
|
||||
log_dest file /var/log/mosquitto/mosquitto.log
|
||||
|
||||
include_dir /etc/mosquitto/conf.d
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
connection winkekatz
|
||||
address mqtt.winkekatze24.de
|
||||
bridge_protocol_version mqttv311
|
||||
|
||||
topic winkekatze/allcats/eye/set in 2
|
||||
topic winkekatze/allcats in 2
|
||||
topic +/status out 2 winkekatze/ ""
|
||||
topic +/connected out 2 winkekatze/ ""
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
## Links & Rescources:
|
||||
#
|
||||
# https://github.com/louislam/uptime-kuma
|
||||
# https://github.com/louislam/uptime-kuma/wiki/%F0%9F%94%A7-How-to-Install
|
||||
# https://github.com/louislam/uptime-kuma/blob/master/docker/docker-compose.yml
|
||||
# https://github.com/louislam/uptime-kuma/wiki/%F0%9F%86%99-How-to-Update
|
||||
# https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy
|
||||
# https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
|
||||
|
||||
services:
|
||||
uptime-kuma:
|
||||
image: louislam/uptime-kuma:1
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- "./uptime-kuma-data:/app/data"
|
||||
ports:
|
||||
- 3001:3001
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
# Also see: https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy
|
||||
server {
|
||||
# Listen on a custom port for the proxy protocol.
|
||||
listen 8443 ssl http2 proxy_protocol;
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 10.31.206.1;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
server_name status.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/status.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/status.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/status.ccchh.net/chain.pem;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
# replace with the IP address of your resolver
|
||||
resolver 10.31.206.1;
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# This is https in any case.
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_pass http://127.0.0.1:3001/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name zigbee2mqtt.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/zigbee2mqtt.ccchh.net/chain.pem;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8080/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location /api {
|
||||
proxy_pass http://localhost:8080/api;
|
||||
proxy_set_header Host $host;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
}
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=-/sbin/agetty --autologin audiosink --noclear %I 38400 linux
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
[Unit]
|
||||
Description=Bluetooth speaker agent
|
||||
|
||||
[Service]
|
||||
ExecStart=python3 /opt/speaker-agent/speaker-agent.py
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
- name: Restart bluetooth service
|
||||
ansible.builtin.systemd:
|
||||
service: bluetooth.service
|
||||
state: restarted
|
||||
- name: Restart speaker-agent service
|
||||
become_user: audiosink
|
||||
ansible.builtin.systemd:
|
||||
service: speaker-agent.service
|
||||
state: restarted
|
||||
scope: user
|
||||
daemon_reload: true
|
||||
- name: Reboot host
|
||||
ansible.builtin.reboot:
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
bluetooth_audio_sink__name:
|
||||
description: Name the bluetooth device should have
|
||||
type: str
|
||||
required: true
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
||||
|
|
@ -1,182 +0,0 @@
|
|||
---
|
||||
- name: Ensure acl is installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name: acl
|
||||
|
||||
- name: Ensure machine-info file is deployed
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: machine-info.j2
|
||||
dest: /etc/machine-info
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
notify: Restart bluetooth service
|
||||
|
||||
- name: Ensure bluetooth config is deployed
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: main.conf.j2
|
||||
dest: /etc/bluetooth/main.conf
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
notify: Restart bluetooth service
|
||||
|
||||
- name: Ensure bluetooth service is enabled and started
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: bluetooth.service
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Ensure audiosink user exists
|
||||
become: true
|
||||
ansible.builtin.user:
|
||||
name: audiosink
|
||||
groups:
|
||||
- audio
|
||||
|
||||
- name: Ensure user services are started without needing to login
|
||||
become: true
|
||||
ansible.builtin.command:
|
||||
cmd: loginctl enable-linger audiosink
|
||||
changed_when: false
|
||||
|
||||
- name: Detect if on Raspberry Pi # noqa ignore-errors
|
||||
ansible.builtin.include_role:
|
||||
name: raspberry_pi_check
|
||||
ignore_errors: true
|
||||
|
||||
- name: Ensure debian archive keyring is installed # noqa no-handler
|
||||
become: true
|
||||
when: raspberry_pi_check__cpuinfo.found
|
||||
ansible.builtin.apt:
|
||||
deb: https://ftp.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2021.1.1+deb11u1_all.deb
|
||||
|
||||
- name: Ensure debian backports repository is enabled
|
||||
ansible.builtin.include_role:
|
||||
name: add_apt_repository
|
||||
vars:
|
||||
add_apt_repository__https_repo: false
|
||||
add_apt_repository__repo: "deb http://deb.debian.org/debian {{ ansible_facts.lsb.codename }}-backports main contrib non-free"
|
||||
add_apt_repository__filename: "{{ ansible_facts.lsb.codename }}-backports.list"
|
||||
|
||||
- name: Ensure pipewire, wireplumber and libspa-0.2-bluetooth are installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- pipewire
|
||||
- wireplumber
|
||||
- libspa-0.2-bluetooth
|
||||
default_release: "{{ ansible_facts.lsb.codename }}-backports"
|
||||
|
||||
- name: Ensure pipewire user service is enabled and started
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.systemd:
|
||||
name: pipewire.service
|
||||
state: started
|
||||
enabled: true
|
||||
scope: user
|
||||
|
||||
- name: Ensure pipewire-pulse user service is enabled and started
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.systemd:
|
||||
name: pipewire-pulse.service
|
||||
state: started
|
||||
enabled: true
|
||||
scope: user
|
||||
|
||||
- name: Ensure wireplumber user service is enabled
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.systemd:
|
||||
name: wireplumber.service
|
||||
enabled: true
|
||||
scope: user
|
||||
|
||||
- name: Ensure speaker-agent dependencies are installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- git
|
||||
- python3-dbus
|
||||
|
||||
- name: Ensure speaker-agent repository is cloned
|
||||
become: true
|
||||
ansible.builtin.git:
|
||||
repo: https://github.com/fdanis-oss/pw_wp_bluetooth_rpi_speaker.git
|
||||
dest: /opt/speaker-agent
|
||||
version: 9a939a23865ea020816017e06fd2290f301c35f9
|
||||
|
||||
- name: Ensure .config directory exists
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.file:
|
||||
path: /home/audiosink/.config
|
||||
state: directory
|
||||
mode: "700"
|
||||
owner: audiosink
|
||||
group: audiosink
|
||||
|
||||
- name: Ensure .config/systemd directory exists
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.file:
|
||||
path: /home/audiosink/.config/systemd
|
||||
state: directory
|
||||
mode: "755"
|
||||
owner: audiosink
|
||||
group: audiosink
|
||||
|
||||
- name: Ensure .config/systemd/user directory exists
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.file:
|
||||
path: /home/audiosink/.config/systemd/user
|
||||
state: directory
|
||||
mode: "755"
|
||||
owner: audiosink
|
||||
group: audiosink
|
||||
|
||||
- name: Ensure speaker-agent service file is deployed
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.copy:
|
||||
src: speaker-agent.service
|
||||
dest: /home/audiosink/.config/systemd/user/speaker-agent.service
|
||||
mode: "644"
|
||||
owner: audiosink
|
||||
group: audiosink
|
||||
notify: Restart speaker-agent service
|
||||
|
||||
- name: Ensure speaker-agent service is enabled and started
|
||||
become: true
|
||||
become_user: audiosink
|
||||
ansible.builtin.systemd:
|
||||
name: speaker-agent.service
|
||||
state: started
|
||||
enabled: true
|
||||
scope: user
|
||||
|
||||
# This part is janky, but I don't know how to make the bluetooth service, wireplumber and pipewire
|
||||
# work with each other without being logged in.
|
||||
- name: Ensure getty@tty1 override file is deployed
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: override.conf
|
||||
dest: /etc/systemd/system/getty@tty1.service.d/override.conf
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
notify: Reboot host
|
||||
|
||||
- name: Ensure autologin for audiosink user is enabled
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: getty@tty1.service
|
||||
enabled: true
|
||||
notify: Reboot host
|
||||
|
|
@ -1 +0,0 @@
|
|||
PRETTY_HOSTNAME=Audio Pi
|
||||
|
|
@ -1,211 +0,0 @@
|
|||
[General]
|
||||
|
||||
# Defaults to 'BlueZ X.YZ', if Name is not set here and plugin 'hostname' is not loaded.
|
||||
# The plugin 'hostname' is loaded by default and overides the Name set here so
|
||||
# consider modifying /etc/machine-info with variable PRETTY_HOSTNAME=<NewName> instead.
|
||||
Name = {{ bluetooth_audio_sink__name }}
|
||||
|
||||
# Default device class. Only the major and minor device class bits are
|
||||
# considered. Defaults to '0x000000'.
|
||||
Class = 0x200414 # Audio (Major Service Class), Audio/Video (Major Device Class), Loudspeaker (Minor Device Class)
|
||||
|
||||
# How long to stay in discoverable mode before going back to non-discoverable
|
||||
# The value is in seconds. Default is 180, i.e. 3 minutes.
|
||||
# 0 = disable timer, i.e. stay discoverable forever
|
||||
#DiscoverableTimeout = 0
|
||||
DiscoverableTimeout = 0
|
||||
|
||||
# Always allow pairing even if there are no agent registered
|
||||
# Possible values: true, false
|
||||
# Default: false
|
||||
#AlwaysPairable = false
|
||||
AlwaysPairable = true
|
||||
|
||||
# How long to stay in pairable mode before going back to non-discoverable
|
||||
# The value is in seconds. Default is 0.
|
||||
# 0 = disable timer, i.e. stay pairable forever
|
||||
#PairableTimeout = 0
|
||||
PairableTimeout = 0
|
||||
|
||||
# Use vendor id source (assigner), vendor, product and version information for
|
||||
# DID profile support. The values are separated by ":" and assigner, VID, PID
|
||||
# and version.
|
||||
# Possible vendor id source values: bluetooth, usb (defaults to usb)
|
||||
#DeviceID = bluetooth:1234:5678:abcd
|
||||
|
||||
# Do reverse service discovery for previously unknown devices that connect to
|
||||
# us. For BR/EDR this option is really only needed for qualification since the
|
||||
# BITE tester doesn't like us doing reverse SDP for some test cases, for LE
|
||||
# this disables the GATT client functionally so it can be used in system which
|
||||
# can only operate as peripheral.
|
||||
# Defaults to 'true'.
|
||||
#ReverseServiceDiscovery = true
|
||||
|
||||
# Enable name resolving after inquiry. Set it to 'false' if you don't need
|
||||
# remote devices name and want shorter discovery cycle. Defaults to 'true'.
|
||||
#NameResolving = true
|
||||
|
||||
# Enable runtime persistency of debug link keys. Default is false which
|
||||
# makes debug link keys valid only for the duration of the connection
|
||||
# that they were created for.
|
||||
#DebugKeys = false
|
||||
|
||||
# Restricts all controllers to the specified transport. Default value
|
||||
# is "dual", i.e. both BR/EDR and LE enabled (when supported by the HW).
|
||||
# Possible values: "dual", "bredr", "le"
|
||||
#ControllerMode = dual
|
||||
|
||||
# Enables Multi Profile Specification support. This allows to specify if
|
||||
# system supports only Multiple Profiles Single Device (MPSD) configuration
|
||||
# or both Multiple Profiles Single Device (MPSD) and Multiple Profiles Multiple
|
||||
# Devices (MPMD) configurations.
|
||||
# Possible values: "off", "single", "multiple"
|
||||
#MultiProfile = off
|
||||
|
||||
# Permanently enables the Fast Connectable setting for adapters that
|
||||
# support it. When enabled other devices can connect faster to us,
|
||||
# however the tradeoff is increased power consumptions. This feature
|
||||
# will fully work only on kernel version 4.1 and newer. Defaults to
|
||||
# 'false'.
|
||||
#FastConnectable = false
|
||||
|
||||
# Default privacy setting.
|
||||
# Enables use of private address.
|
||||
# Possible values: "off", "device", "network"
|
||||
# "network" option not supported currently
|
||||
# Defaults to "off"
|
||||
# Privacy = off
|
||||
|
||||
# Specify the policy to the JUST-WORKS repairing initiated by peer
|
||||
# Possible values: "never", "confirm", "always"
|
||||
# Defaults to "never"
|
||||
#JustWorksRepairing = never
|
||||
JustWorksRepairing = always
|
||||
|
||||
# How long to keep temporary devices around
|
||||
# The value is in seconds. Default is 30.
|
||||
# 0 = disable timer, i.e. never keep temporary devices
|
||||
#TemporaryTimeout = 30
|
||||
|
||||
# Enables the device to issue an SDP request to update known services when
|
||||
# profile is connected. Defaults to true.
|
||||
#RefreshDiscovery = true
|
||||
|
||||
Enable=Sink
|
||||
|
||||
[Controller]
|
||||
# The following values are used to load default adapter parameters. BlueZ loads
|
||||
# the values into the kernel before the adapter is powered if the kernel
|
||||
# supports the MGMT_LOAD_DEFAULT_PARAMETERS command. If a value isn't provided,
|
||||
# the kernel will be initialized to it's default value. The actual value will
|
||||
# vary based on the kernel version and thus aren't provided here.
|
||||
# The Bluetooth Core Specification should be consulted for the meaning and valid
|
||||
# domain of each of these values.
|
||||
|
||||
# BR/EDR Page scan activity configuration
|
||||
#BRPageScanType=
|
||||
#BRPageScanInterval=
|
||||
#BRPageScanWindow=
|
||||
|
||||
# BR/EDR Inquiry scan activity configuration
|
||||
#BRInquiryScanType=
|
||||
#BRInquiryScanInterval=
|
||||
#BRInquiryScanWindow=
|
||||
|
||||
# BR/EDR Link supervision timeout
|
||||
#BRLinkSupervisionTimeout=
|
||||
|
||||
# BR/EDR Page Timeout
|
||||
#BRPageTimeout=
|
||||
|
||||
# BR/EDR Sniff Intervals
|
||||
#BRMinSniffInterval=
|
||||
#BRMaxSniffInterval=
|
||||
|
||||
# LE advertisement interval (used for legacy advertisement interface only)
|
||||
#LEMinAdvertisementInterval=
|
||||
#LEMaxAdvertisementInterval=
|
||||
#LEMultiAdvertisementRotationInterval=
|
||||
|
||||
# LE scanning parameters used for passive scanning supporting auto connect
|
||||
# scenarios
|
||||
#LEScanIntervalAutoConnect=
|
||||
#LEScanWindowAutoConnect=
|
||||
|
||||
# LE scanning parameters used for passive scanning supporting wake from suspend
|
||||
# scenarios
|
||||
#LEScanIntervalSuspend=
|
||||
#LEScanWindowSuspend=
|
||||
|
||||
# LE scanning parameters used for active scanning supporting discovery
|
||||
# proceedure
|
||||
#LEScanIntervalDiscovery=
|
||||
#LEScanWindowDiscovery=
|
||||
|
||||
# LE scanning parameters used for passive scanning supporting the advertisement
|
||||
# monitor Apis
|
||||
#LEScanIntervalAdvMonitor=
|
||||
#LEScanWindowAdvMonitor=
|
||||
|
||||
# LE scanning parameters used for connection establishment.
|
||||
#LEScanIntervalConnect=
|
||||
#LEScanWindowConnect=
|
||||
|
||||
# LE default connection parameters. These values are superceeded by any
|
||||
# specific values provided via the Load Connection Parameters interface
|
||||
#LEMinConnectionInterval=
|
||||
#LEMaxConnectionInterval=
|
||||
#LEConnectionLatency=
|
||||
#LEConnectionSupervisionTimeout=
|
||||
#LEAutoconnecttimeout=
|
||||
|
||||
[GATT]
|
||||
# GATT attribute cache.
|
||||
# Possible values:
|
||||
# always: Always cache attributes even for devices not paired, this is
|
||||
# recommended as it is best for interoperability, with more consistent
|
||||
# reconnection times and enables proper tracking of notifications for all
|
||||
# devices.
|
||||
# yes: Only cache attributes of paired devices.
|
||||
# no: Never cache attributes
|
||||
# Default: always
|
||||
#Cache = always
|
||||
|
||||
# Minimum required Encryption Key Size for accessing secured characteristics.
|
||||
# Possible values: 0 and 7-16. 0 means don't care.
|
||||
# Defaults to 0
|
||||
#KeySize = 0
|
||||
|
||||
# Exchange MTU size.
|
||||
# Possible values: 23-517
|
||||
# Defaults to 517
|
||||
#ExchangeMTU = 517
|
||||
|
||||
# Number of ATT channels
|
||||
# Possible values: 1-5 (1 disables EATT)
|
||||
# Default to 3
|
||||
#Channels = 3
|
||||
|
||||
[Policy]
|
||||
#
|
||||
# The ReconnectUUIDs defines the set of remote services that should try
|
||||
# to be reconnected to in case of a link loss (link supervision
|
||||
# timeout). The policy plugin should contain a sane set of values by
|
||||
# default, but this list can be overridden here. By setting the list to
|
||||
# empty the reconnection feature gets disabled.
|
||||
#ReconnectUUIDs=00001112-0000-1000-8000-00805f9b34fb,0000111f-0000-1000-8000-00805f9b34fb,0000110a-0000-1000-8000-00805f9b34fb
|
||||
|
||||
# ReconnectAttempts define the number of attempts to reconnect after a link
|
||||
# lost. Setting the value to 0 disables reconnecting feature.
|
||||
#ReconnectAttempts=7
|
||||
|
||||
# ReconnectIntervals define the set of intervals in seconds to use in between
|
||||
# attempts.
|
||||
# If the number of attempts defined in ReconnectAttempts is bigger than the
|
||||
# set of intervals the last interval is repeated until the last attempt.
|
||||
#ReconnectIntervals=1,2,4,8,16,32,64
|
||||
|
||||
# AutoEnable defines option to enable all controllers when they are found.
|
||||
# This includes adapters present on start as well as adapters that are plugged
|
||||
# in later on. Defaults to 'false'.
|
||||
AutoEnable=true
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
# Role `cert`
|
||||
|
||||
A role for ordering and renewing certificates from Lets Encrypt via ACME.
|
||||
It uses the DNS challenge and fullfills it via a BIND 9 server given to the role.
|
||||
|
||||
## Supported Distributions
|
||||
|
||||
The following distributions are supported:
|
||||
|
||||
- Debian 11
|
||||
|
||||
## Required Arguments
|
||||
|
||||
For the required arguments look at the [`argument_specs.yaml`](./meta/argument_specs.yml)
|
||||
|
||||
## `hosts`
|
||||
|
||||
The `hosts` for this role need to be the machines on which you want to have the certificates.
|
||||
|
||||
## Links & Resources
|
||||
|
||||
- <https://docs.ansible.com/ansible/7/collections/community/crypto/acme_certificate_module.html>
|
||||
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_privatekey_module.html>
|
||||
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_csr_module.html>
|
||||
- <https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates>
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
cert__handlers: []
|
||||
cert__owner: root
|
||||
cert__group: root
|
||||
cert__fullchain_pem_permissions: "0660"
|
||||
cert__chain_pem_permissions: "0660"
|
||||
cert__cert_pem_permissions: "0660"
|
||||
cert__privkey_pem_permissions: "0600"
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
short_description: Orders and renews certificates from Let's Encrypt
|
||||
options:
|
||||
cert__domains:
|
||||
description: Domains for which to issue a certificate. Must be in the same DNS zone.
|
||||
required: true
|
||||
type: list
|
||||
elements: str
|
||||
cert__owner:
|
||||
description: Owner of the certificate files.
|
||||
required: false
|
||||
type: str
|
||||
default: root
|
||||
cert__group:
|
||||
description: Group of the certificate files.
|
||||
required: false
|
||||
type: str
|
||||
default: root
|
||||
cert__acme_account_email:
|
||||
description: E-Mail address for ACME account
|
||||
required: true
|
||||
type: str
|
||||
cert__bind_9_host:
|
||||
description: The machine running BIND 9.
|
||||
required: true
|
||||
type: str
|
||||
cert__bind_9_zone:
|
||||
description: The zone to use for publishing the TXT record.
|
||||
required: true
|
||||
type: str
|
||||
cert__fullchain_pem_permissions:
|
||||
description: Permissons for the `fullchain.pem`.
|
||||
type: str
|
||||
required: false
|
||||
default: "0660"
|
||||
cert__chain_pem_permissions:
|
||||
description: Permissons for the `chain.pem`.
|
||||
type: str
|
||||
required: false
|
||||
default: "0660"
|
||||
cert__cert_pem_permissions:
|
||||
description: Permissons for the `cert.pem`.
|
||||
type: str
|
||||
required: false
|
||||
default: "0660"
|
||||
cert__privkey_pem_permissions:
|
||||
description: Permissons for the `privkey.pem`.
|
||||
type: str
|
||||
required: false
|
||||
default: "0600"
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
dependencies: # noqa meta-no-info
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
||||
- "12"
|
||||
|
|
@ -1,180 +0,0 @@
|
|||
- name: Ensure `ansible_certs` directory exists
|
||||
ansible.builtin.file:
|
||||
path: /etc/ansible_certs
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "755"
|
||||
become: true
|
||||
|
||||
- name: Ensure `certs` sub-directory exists
|
||||
ansible.builtin.file:
|
||||
path: /etc/ansible_certs/certs
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "755"
|
||||
become: true
|
||||
|
||||
- name: Ensure sub-directory for the certificate exists
|
||||
ansible.builtin.file:
|
||||
path: "/etc/ansible_certs/certs/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "755"
|
||||
become: true
|
||||
|
||||
- name: Ensure private key for certificate exists
|
||||
community.crypto.openssl_privatekey:
|
||||
path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
|
||||
size: 4096
|
||||
type: RSA
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "{{ cert__privkey_pem_permissions }}"
|
||||
become: true
|
||||
|
||||
- name: Ensure certificate signing request is created
|
||||
community.crypto.openssl_csr:
|
||||
path: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
|
||||
privatekey_path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
|
||||
common_name: "{{ item }}"
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "0660"
|
||||
become: true
|
||||
register: cert__csr_result
|
||||
|
||||
- name: Ensure private key for ACME account exists
|
||||
community.crypto.openssl_privatekey:
|
||||
path: "/etc/ansible_certs/account_key.pem"
|
||||
size: 4096
|
||||
type: RSA
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0600"
|
||||
become: true
|
||||
|
||||
- name: Check certificate status and create ACME challenge if needed
|
||||
community.crypto.acme_certificate:
|
||||
account_email: "{{ cert__acme_account_email }}"
|
||||
account_key_src: "/etc/ansible_certs/account_key.pem"
|
||||
acme_directory: https://acme-v02.api.letsencrypt.org/directory
|
||||
acme_version: 2
|
||||
remaining_days: 28
|
||||
terms_agreed: true
|
||||
challenge: dns-01
|
||||
csr: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
|
||||
dest: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
|
||||
fullchain_dest: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
|
||||
become: true
|
||||
register: cert__acme_challenge
|
||||
|
||||
- name: Retrieve certificate and fulfill challenge if needed # noqa no-handler
|
||||
when: cert__acme_challenge.changed # Can't be put in a handler, because then the block "always" tasks won't be executed for some reason
|
||||
block:
|
||||
- name: Add file containing nsupdate commands for adding TXT record for DNS-01 challenge
|
||||
ansible.builtin.template:
|
||||
src: nsupdate_add_txt_record.j2
|
||||
dest: /root/nsupdate_add_txt_record
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0600"
|
||||
vars:
|
||||
cert__nsupdate_domain: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].record }}"
|
||||
cert__nsupdate_txt_data: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].resource_value }}"
|
||||
become: true
|
||||
delegate_to: "{{ cert__bind_9_host }}"
|
||||
|
||||
- name: Add DNS record to BIND 9 server via nsupdate # noqa: no-changed-when
|
||||
ansible.builtin.command: /usr/bin/nsupdate -l /root/nsupdate_add_txt_record
|
||||
become: true
|
||||
delegate_to: "{{ cert__bind_9_host }}"
|
||||
|
||||
- name: Retrieve certificate
|
||||
community.crypto.acme_certificate:
|
||||
account_email: "{{ cert__acme_account_email }}"
|
||||
account_key_src: "/etc/ansible_certs/account_key.pem"
|
||||
acme_directory: https://acme-v02.api.letsencrypt.org/directory
|
||||
acme_version: 2
|
||||
terms_agreed: true
|
||||
remaining_days: 28
|
||||
challenge: dns-01
|
||||
csr: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
|
||||
dest: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
|
||||
fullchain_dest: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
|
||||
data: "{{ cert__acme_challenge }}"
|
||||
become: true
|
||||
notify: "{{ cert__handlers }}"
|
||||
always:
|
||||
- name: Remove file containing nsupdate commands for adding TXT record again
|
||||
ansible.builtin.file:
|
||||
path: /root/nsupdate_add_txt_record
|
||||
state: absent
|
||||
become: true
|
||||
delegate_to: "{{ cert__bind_9_host }}"
|
||||
|
||||
- name: Remove TXT record again
|
||||
block:
|
||||
- name: Add file containing nsupdate commands for deleting TXT record for DNS-01 challenge
|
||||
ansible.builtin.template:
|
||||
src: nsupdate_delete_txt_record.j2
|
||||
dest: /root/nsupdate_delete_txt_record
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0600"
|
||||
vars:
|
||||
cert__nsupdate_domain: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].record }}"
|
||||
cert__nsupdate_txt_data: "{{ cert__acme_challenge.challenge_data[item]['dns-01'].resource_value }}"
|
||||
become: true
|
||||
delegate_to: "{{ cert__bind_9_host }}"
|
||||
|
||||
- name: Remove DNS record from BIND 9 server via nsupdate # noqa: no-changed-when
|
||||
ansible.builtin.command: /usr/bin/nsupdate -l /root/nsupdate_delete_txt_record
|
||||
become: true
|
||||
delegate_to: "{{ cert__bind_9_host }}"
|
||||
always:
|
||||
- name: Remove file containing nsupdate commands for deleting TXT record again
|
||||
ansible.builtin.file:
|
||||
path: /root/nsupdate_delete_txt_record
|
||||
state: absent
|
||||
become: true
|
||||
delegate_to: "{{ cert__bind_9_host }}"
|
||||
|
||||
- name: Ensure correct permissions for certificate are set
|
||||
ansible.builtin.file:
|
||||
path: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "{{ cert__cert_pem_permissions }}"
|
||||
become: true
|
||||
|
||||
- name: Ensure correct permissions for fullchain cert are set
|
||||
ansible.builtin.file:
|
||||
path: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "{{ cert__fullchain_pem_permissions }}"
|
||||
become: true
|
||||
|
||||
- name: Get content of cert.pem
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
|
||||
become: true
|
||||
register: cert__cert_slurp
|
||||
|
||||
- name: Get content of fullchain.pem
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
|
||||
become: true
|
||||
register: cert__fullchain_slurp
|
||||
|
||||
- name: Ensure chain.pem is created
|
||||
ansible.builtin.copy:
|
||||
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
|
||||
dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem"
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "{{ cert__chain_pem_permissions }}"
|
||||
become: true
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
- name: Deploy cert
|
||||
ansible.builtin.include_tasks: deploy_cert.yaml
|
||||
loop: "{{ cert__domains }}"
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
debug
|
||||
zone {{ cert__bind_9_zone }}
|
||||
update add {{ cert__nsupdate_domain }} 60 TXT {{ cert__nsupdate_txt_data }}
|
||||
send
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
debug
|
||||
zone {{ cert__bind_9_zone }}
|
||||
update delete {{ cert__nsupdate_domain }} 60 TXT {{ cert__nsupdate_txt_data }}
|
||||
send
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
- name: Restart system
|
||||
become: true
|
||||
ansible.builtin.reboot:
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
hifiberry__device:
|
||||
description: Which HiFiBerry board to enable
|
||||
type: str
|
||||
choices:
|
||||
- hifiberry-dac
|
||||
- hifiberry-dacplus
|
||||
- hifiberry-dacplushd
|
||||
- hifiberry-dacplusadc
|
||||
- hifiberry-dacplusadcpro
|
||||
- hifiberry-digi
|
||||
- hifiberry-digi-pro
|
||||
- hifiberry-amp
|
||||
required: true
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
||||
- role: raspberry_pi_check
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
- name: Remove dtparam=audio=on
|
||||
become: true
|
||||
ansible.builtin.lineinfile:
|
||||
line: dtparam=audio=on
|
||||
dest: /boot/config.txt
|
||||
state: absent
|
||||
notify: Restart system
|
||||
|
||||
- name: Set audio=off for dtoverlay=vc4-kms-v3d
|
||||
become: true
|
||||
ansible.builtin.lineinfile:
|
||||
regexp: ^dtoverlay=vc4-kms-v3d
|
||||
line: dtoverlay=vc4-kms-v3d,audio=off
|
||||
dest: /boot/config.txt
|
||||
notify: Restart system
|
||||
|
||||
- name: Add hifiberry dtoverlay
|
||||
become: true
|
||||
ansible.builtin.lineinfile:
|
||||
line: "dtoverlay={{ hifiberry__device }}"
|
||||
dest: /boot/config.txt
|
||||
notify: Restart system
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
- name: Restart mosquitto
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: mosquitto.service
|
||||
state: restarted
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
mosquitto__mosquitto_conf_content:
|
||||
description: The content of the main mosquitto configuration file.
|
||||
type: str
|
||||
required: true
|
||||
mosquitto__configs:
|
||||
description: A list of additional mosquitto configurations.
|
||||
type: list
|
||||
elements: dict
|
||||
required: false
|
||||
options:
|
||||
name:
|
||||
description: >-
|
||||
The name of the configuration file, where the configuration should
|
||||
be deployed to. The file will be placed under `/etc/mosquitto/conf.d` and
|
||||
`.conf` will be appended to the given name. So in the end the path
|
||||
will be like this: `/etc/mosquitto/conf.d/\{\ name \}\}.conf`.
|
||||
type: str
|
||||
required: true
|
||||
content:
|
||||
description: The content of the configuration.
|
||||
type: str
|
||||
required: true
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
---
|
||||
- name: Ensure mosquitto is installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name: mosquitto
|
||||
|
||||
- name: Ensure main configuraton file is deployed
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
content: "{{ mosquitto__mosquitto_conf_content }}"
|
||||
dest: /etc/mosquitto/mosquitto.conf
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
notify: Restart mosquitto
|
||||
|
||||
- name: Ensure all additional configuraton files are deployed
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
content: "{{ item.content }}"
|
||||
dest: /etc/mosquitto/conf.d/{{ item.name }}.conf
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
loop: "{{ mosquitto__configs }}"
|
||||
notify: Restart mosquitto
|
||||
|
||||
- name: Ensure mosquitto service is enabled and started
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: mosquitto.service
|
||||
enabled: true
|
||||
state: started
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
nodejs__major_version:
|
||||
description: Major version of nodejs to install
|
||||
type: int
|
||||
required: true
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
||||
- "12"
|
||||
- role: add_apt_repository
|
||||
vars:
|
||||
add_apt_repository__https_repo: true
|
||||
add_apt_repository__keyring_url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
|
||||
add_apt_repository__keyring_path: /usr/share/keyrings/nodesource.gpg
|
||||
add_apt_repository__repo: "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_\
|
||||
{{ nodejs__major_version }}.x {{ ansible_facts.lsb.codename }} main"
|
||||
add_apt_repository__filename: nodesource.list
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
- name: Ensure nodejs is installed
|
||||
ansible.builtin.apt:
|
||||
name: nodejs
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
- name: Detect if on Raspberry Pi
|
||||
ansible.builtin.lineinfile:
|
||||
path: /proc/cpuinfo
|
||||
regexp: ".*Raspberry Pi.*"
|
||||
state: absent
|
||||
check_mode: true
|
||||
register: raspberry_pi_check__cpuinfo
|
||||
changed_when: false
|
||||
- name: Fail when not on Raspberry Pi # noqa no-handler
|
||||
when: not raspberry_pi_check__cpuinfo.found
|
||||
ansible.builtin.fail:
|
||||
msg: You are not running on Raspberry Pi hardware!
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
- name: Restart shairport-sync service
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: shairport-sync
|
||||
state: restarted
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
shairport_sync__config:
|
||||
description: shairport-sync config content
|
||||
type: str
|
||||
required: true
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
---
|
||||
- name: Ensure shairport-sync is installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name: shairport-sync
|
||||
|
||||
- name: Ensure shairport-sync config is deployed
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
content: "{{ shairport_sync__config }}"
|
||||
dest: /etc/shairport-sync.conf
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
notify: Restart shairport-sync service
|
||||
|
||||
- name: Ensure shairport-sync service is enabled and started
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: shairport-sync
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[Unit]
|
||||
Description=zigbee2mqtt
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Environment=ZIGBEE2MQTT_DATA=/home/zigbee2mqtt/zigbee2mqtt_data
|
||||
Environment=NODE_ENV=production
|
||||
ExecStart=/usr/bin/npm start
|
||||
WorkingDirectory=/opt/zigbee2mqtt
|
||||
StandardOutput=inherit
|
||||
# Or use StandardOutput=null if you don't want Zigbee2MQTT messages filling syslog, for more options see systemd.exec(5)
|
||||
StandardError=inherit
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
User=zigbee2mqtt
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
- name: Restart zigbee2mqtt
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: zigbee2mqtt
|
||||
state: restarted
|
||||
|
||||
- name: Reload systemd-daemon and restart zigbee2mqtt
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: zigbee2mqtt
|
||||
state: restarted
|
||||
daemon_reload: true
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
zigbee2mqtt__version:
|
||||
description: zigbee2mqtt version to install
|
||||
type: str
|
||||
required: true
|
||||
zigbee2mqtt__initial_config:
|
||||
description: Configuration file content for initial deployment.
|
||||
It does not replace the configuration if it already exists.
|
||||
type: str
|
||||
required: true
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: distribution_check
|
||||
vars:
|
||||
distribution_check__distribution_support_spec:
|
||||
- name: Debian
|
||||
major_versions:
|
||||
- "11"
|
||||
- "12"
|
||||
- role: nodejs
|
||||
vars:
|
||||
nodejs__major_version: 16
|
||||
|
|
@ -1,87 +0,0 @@
|
|||
- name: Ensure acl is installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name: acl
|
||||
|
||||
- name: Ensure git is installed
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
name: git
|
||||
|
||||
- name: Ensure zigbee2mqtt user exists
|
||||
become: true
|
||||
ansible.builtin.user:
|
||||
name: zigbee2mqtt
|
||||
groups:
|
||||
- zigbee2mqtt
|
||||
- dialout
|
||||
group: zigbee2mqtt
|
||||
|
||||
- name: Ensure installation directory exists
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
dest: /opt/zigbee2mqtt
|
||||
state: directory
|
||||
mode: "755"
|
||||
owner: zigbee2mqtt
|
||||
group: zigbee2mqtt
|
||||
|
||||
- name: Ensure zigbee2mqtt repository is cloned
|
||||
become: true
|
||||
become_user: zigbee2mqtt
|
||||
ansible.builtin.git:
|
||||
repo: https://github.com/Koenkk/zigbee2mqtt.git
|
||||
depth: 1
|
||||
dest: /opt/zigbee2mqtt
|
||||
version: "{{ zigbee2mqtt__version }}"
|
||||
notify: Restart zigbee2mqtt
|
||||
|
||||
- name: Ensure npm dependencies are installed
|
||||
become: true
|
||||
become_user: zigbee2mqtt
|
||||
community.general.npm:
|
||||
path: /opt/zigbee2mqtt
|
||||
ci: true
|
||||
changed_when: false # installs packages according to package-lock.json, but always reports a change
|
||||
|
||||
- name: Ensure custom zigbee2mqtt data directory exists
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
dest: /home/zigbee2mqtt/zigbee2mqtt_data
|
||||
state: directory
|
||||
mode: "755"
|
||||
owner: zigbee2mqtt
|
||||
group: zigbee2mqtt
|
||||
|
||||
- name: Check configuration file status
|
||||
ansible.builtin.stat:
|
||||
path: /home/zigbee2mqtt/zigbee2mqtt_data/configuration.yaml
|
||||
register: zigbee2mqtt__conf_stat
|
||||
|
||||
- name: Ensure configuration file is deployed when it doesn't exist
|
||||
become: true
|
||||
when: not zigbee2mqtt__conf_stat.stat.exists
|
||||
ansible.builtin.copy:
|
||||
content: "{{ zigbee2mqtt__initial_config }}"
|
||||
dest: /home/zigbee2mqtt/zigbee2mqtt_data/configuration.yaml
|
||||
mode: "640"
|
||||
owner: zigbee2mqtt
|
||||
group: zigbee2mqtt
|
||||
notify: Restart zigbee2mqtt
|
||||
|
||||
- name: Ensure zigbee2mqtt service file is deployed
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: zigbee2mqtt.service
|
||||
dest: /etc/systemd/system/zigbee2mqtt.service
|
||||
mode: "644"
|
||||
owner: root
|
||||
group: root
|
||||
notify: Reload systemd-daemon and restart zigbee2mqtt
|
||||
|
||||
- name: Ensure zigbee2mqtt is enabled and started
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
service: zigbee2mqtt
|
||||
enabled: true
|
||||
state: started
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
homeassistant: true
|
||||
|
||||
permit_join: false
|
||||
|
||||
mqtt:
|
||||
base_topic: zigbee2mqtt
|
||||
server: 'mqtt://mqtt.z9'
|
||||
|
||||
serial:
|
||||
port: /dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014DBC72F-if00
|
||||
|
||||
advanced:
|
||||
network_key: [{{ zigbee2mqtt__network_key }}]
|
||||
pan_id: 32673
|
||||
ext_pan_id: [58, 76, 37, 2, 22, 198, 237, 124]
|
||||
channel: 11
|
||||
|
||||
frontend:
|
||||
port: 8080
|
||||
host: localhost
|
||||
url: https://zigbee2mqtt.z9
|
||||
Loading…
Reference in a new issue