From e676b4c40cf00d6f93aec551f1115b5486e3eb05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20B=C3=B6hm?= <alexander.boehm@malbolge.net>
Date: Thu, 8 Oct 2020 20:17:01 +0200
Subject: [PATCH] Some extensions

- add offline mode
- removed wan config
- add apt.faiserver.lan domain to unbound
- website apt.faiserver.lan in nginx to point to apt-cacher apt-repo
---
 roles/fai/defaults/main.yml       |  2 ++
 roles/fai/tasks/apt-cacher-ng.yml |  3 ++-
 roles/fai/tasks/fai-pxe.yml       |  7 ++++++
 roles/fai/tasks/fai-root.yml      |  8 +++----
 roles/fai/tasks/nginx.yml         | 21 +++++++++++++++++
 roles/fai/tasks/routing.yml       | 39 ++++++++++++++++++++++---------
 roles/fai/tasks/time-server.yml   | 15 ++++++++----
 roles/fai/tasks/unbound.yml       |  9 +++++++
 8 files changed, 83 insertions(+), 21 deletions(-)

diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml
index dd70f33..e72cee5 100644
--- a/roles/fai/defaults/main.yml
+++ b/roles/fai/defaults/main.yml
@@ -4,6 +4,7 @@
 use_ipxe: true
 fai_menu: true
 ensure_fai_setup_run: false
+disable_fai_chroot_build: false
 dhcp_interface: eth1
 wan_interface: eth0
 server_name: faiserver
@@ -13,3 +14,4 @@ server_netmask: 255.255.255.0
 domain_name: lan
 linux_version: 4.19.0-10
 use_apt_cache: true
+apt_cacher_offline_mode: false
diff --git a/roles/fai/tasks/apt-cacher-ng.yml b/roles/fai/tasks/apt-cacher-ng.yml
index 7c0e4bd..10e7823 100644
--- a/roles/fai/tasks/apt-cacher-ng.yml
+++ b/roles/fai/tasks/apt-cacher-ng.yml
@@ -18,6 +18,7 @@
       ReportPage: acng-report.html
 
       ExThreshold: 4
+      Offlinemode: {% if apt_cacher_offline_mode %}1{% else %}0{% endif %}
 
       ReuseConnections: 1
       PipelineDepth: 1
@@ -28,7 +29,7 @@
   register: apt_cacher_config
 
 - name: ensure service is started and enabled
-  systemd:
+  service:
     name: apt-cacher-ng
     enabled: yes
     state: started
diff --git a/roles/fai/tasks/fai-pxe.yml b/roles/fai/tasks/fai-pxe.yml
index 4a669fd..387fb1f 100644
--- a/roles/fai/tasks/fai-pxe.yml
+++ b/roles/fai/tasks/fai-pxe.yml
@@ -11,6 +11,13 @@
     - pxe
     - http
 
+- name: ensure fai dir exists
+  file:
+    path: /srv/tftp/fai
+    owner: root
+    group: root
+    mode: 0755
+
 - name: copy dban image
   copy:
     src: files/dban/dban.bzi
diff --git a/roles/fai/tasks/fai-root.yml b/roles/fai/tasks/fai-root.yml
index a7ebc7b..e2f606e 100644
--- a/roles/fai/tasks/fai-root.yml
+++ b/roles/fai/tasks/fai-root.yml
@@ -10,14 +10,14 @@
   file:
     dest: /srv/fai/nfsroot
     state: absent
-  when: "ensure_fai_setup_run"
+  when: "ensure_fai_setup_run and not disable_fai_chroot_build"
   tags:
     - fai
     - root
 
 - name: generate fai chroot
-  shell: fai-make-nfsroot
-  when: "not nfsroot_res.stat.exists or ensure_fai_setup_run"
+  shell: fai-make-nfsroot -N
+  when: "(not nfsroot_res.stat.exists or ensure_fai_setup_run) and not disable_fai_chroot_build"
   tags:
     - fai
     - root
@@ -29,7 +29,7 @@
 
 - name: generate squashfs
   shell: fai-cd -f -M -S /srv/tftp/fai/squash.img
-  when: "not squash_img.stat.exists or ensure_fai_setup_run"
+  when: "(not squash_img.stat.exists or ensure_fai_setup_run) and not disable_fai_chroot_build"
   tags:
     - fai
     - root
diff --git a/roles/fai/tasks/nginx.yml b/roles/fai/tasks/nginx.yml
index 8fb6879..2f65d28 100644
--- a/roles/fai/tasks/nginx.yml
+++ b/roles/fai/tasks/nginx.yml
@@ -20,6 +20,19 @@
           try_files $uri $uri/ =404;
         }
       }
+
+      server {
+        listen 80 apt.faiserver.lan;
+        listen [::]:80 apt.faiserver.lan;
+        root /var/cache/apt-cacher-ng/uburep;
+        index index.html;
+        server_name _;
+
+        location / {
+          autoindex on;
+          try_files $uri $uri/ =404;
+        }
+      }
     dest: /etc/nginx/sites-enabled/default
     mode: 0644
     owner: root
@@ -29,6 +42,14 @@
     - http
 
 - name: ensure http server is running
+  service:
+    name: nginx
+    state: started
+    enabled: true
+  tags:
+    - http
+
+- name: ensure http server is restart after config change
   systemd:
     name: nginx
     state: restarted
diff --git a/roles/fai/tasks/routing.yml b/roles/fai/tasks/routing.yml
index a6f5cc0..926db00 100644
--- a/roles/fai/tasks/routing.yml
+++ b/roles/fai/tasks/routing.yml
@@ -1,19 +1,36 @@
-- name: delete nm dhcp setting
-  shell: "nmcli connection delete FAI || true" 
-
-- name: configure dhcp nic
-  shell: "nmcli connection add type ethernet ifname {{ dhcp_interface }} con-name FAI autoconnect yes save yes ip4 {{ server_ip }}/{{ server_netbits }} || true" 
-
-- name: ensure dhcp nic is up
-  shell: nmcli connection up FAI
-
-- name: ensure iptabes is installed
+- name: install packages
   apt:
-    name: iptables
+    name: ['iptables', 'ifupdown']
     state: present
   tags:
     - routing
 
+- name: ensure resolved is stopped and disabled
+  service:
+    name: systemd-resolved
+    enabled: false
+    state: stopped
+
+- name: write config for lan interface
+  copy:
+    content: |
+      auto {{ dhcp_interface }}
+      allow-hotplug {{ dhcp_interface }}
+      iface {{ dhcp_interface }} inet static
+        address {{ server_ip }}
+        netmask {{ server_netmask }}
+    dest: "/etc/network/interfaces.d/{{ dhcp_interface }}"
+    owner: root
+    group: root
+    mode: 0644
+  register: lan_iface_cfg
+
+- name: setup lan interface
+  shell: |
+    ifdown {{ dhcp_interface }} || true
+    ifup {{ dhcp_interface }}
+  when: lan_iface_cfg.changed
+
 - name: enable permantent masquerading
   copy:
     content: |
diff --git a/roles/fai/tasks/time-server.yml b/roles/fai/tasks/time-server.yml
index b3b1775..8fa6082 100644
--- a/roles/fai/tasks/time-server.yml
+++ b/roles/fai/tasks/time-server.yml
@@ -19,13 +19,12 @@
     - time
     - rdate
 
-- systemd:
-    name: inetd
+- name: ensure inetd started
+  service:
+    name: inetutils-inetd
     state: restarted
+    enabled: true
   when: inetd_conf.changed
-  tags:
-    - time
-    - rdate
 
 - name: install ntp server
   apt:
@@ -64,6 +63,12 @@
     group: root
   register: ntp_conf
 
+- name: ntp is running and enabled
+  service:
+    name: ntp
+    state: started
+    enabled: true
+
 - name: reload ntp config
   systemd:
     name: ntp
diff --git a/roles/fai/tasks/unbound.yml b/roles/fai/tasks/unbound.yml
index 21a5b7b..607c4ac 100644
--- a/roles/fai/tasks/unbound.yml
+++ b/roles/fai/tasks/unbound.yml
@@ -17,6 +17,7 @@
 
         local-zone: "{{domain_name}}." static
         local-data: "{{server_name}}.{{domain_name}}. IN A {{server_ip}}"
+        local-data: "apt.{{server_name}}.{{domain_name}}. IN A {{server_ip}}"
         local-data: "monserver.{{domain_name}} IN A {{server_ip}}"
     dest: /etc/unbound/unbound.conf.d/fai.conf
     mode: 0644
@@ -26,6 +27,14 @@
   tags:
     - dns
 
+- name: ensure unbound is enabled and running
+  service:
+    name: unbound
+    state: started
+    enabled: true
+  tags:
+    - dns
+
 - name: apply dns config
   systemd:
     name: unbound