Some extensions

- add offline mode
- removed wan config
- add apt.faiserver.lan domain to unbound
- website apt.faiserver.lan in nginx to point to apt-cacher apt-repo

roles/fai/defaults/main.yml

@@ -4,6 +4,7 @@
 use_ipxe: true
 fai_menu: true
 ensure_fai_setup_run: false
+disable_fai_chroot_build: false
 dhcp_interface: eth1
 wan_interface: eth0
 server_name: faiserver
@@ -13,3 +14,4 @@ server_netmask: 255.255.255.0
 domain_name: lan
 linux_version: 4.19.0-10
 use_apt_cache: true
+apt_cacher_offline_mode: false

roles/fai/tasks/apt-cacher-ng.yml

@@ -18,6 +18,7 @@
       ReportPage: acng-report.html
 
       ExThreshold: 4
+      Offlinemode: {% if apt_cacher_offline_mode %}1{% else %}0{% endif %}
 
       ReuseConnections: 1
       PipelineDepth: 1
@@ -28,7 +29,7 @@
   register: apt_cacher_config
 
 - name: ensure service is started and enabled
-  systemd:
+  service:
     name: apt-cacher-ng
     enabled: yes
     state: started

roles/fai/tasks/fai-pxe.yml

@@ -11,6 +11,13 @@
     - pxe
     - http
 
+- name: ensure fai dir exists
+  file:
+    path: /srv/tftp/fai
+    owner: root
+    group: root
+    mode: 0755
+
 - name: copy dban image
   copy:
     src: files/dban/dban.bzi

roles/fai/tasks/fai-root.yml

@@ -10,14 +10,14 @@
   file:
     dest: /srv/fai/nfsroot
     state: absent
-  when: "ensure_fai_setup_run"
+  when: "ensure_fai_setup_run and not disable_fai_chroot_build"
   tags:
     - fai
     - root
 
 - name: generate fai chroot
-  shell: fai-make-nfsroot
+  shell: fai-make-nfsroot -N
-  when: "not nfsroot_res.stat.exists or ensure_fai_setup_run"
+  when: "(not nfsroot_res.stat.exists or ensure_fai_setup_run) and not disable_fai_chroot_build"
   tags:
     - fai
     - root
@@ -29,7 +29,7 @@
 
 - name: generate squashfs
   shell: fai-cd -f -M -S /srv/tftp/fai/squash.img
-  when: "not squash_img.stat.exists or ensure_fai_setup_run"
+  when: "(not squash_img.stat.exists or ensure_fai_setup_run) and not disable_fai_chroot_build"
   tags:
     - fai
     - root

roles/fai/tasks/nginx.yml

@@ -20,6 +20,19 @@
           try_files $uri $uri/ =404;
         }
       }
+
+      server {
+        listen 80 apt.faiserver.lan;
+        listen [::]:80 apt.faiserver.lan;
+        root /var/cache/apt-cacher-ng/uburep;
+        index index.html;
+        server_name _;
+
+        location / {
+          autoindex on;
+          try_files $uri $uri/ =404;
+        }
+      }
     dest: /etc/nginx/sites-enabled/default
     mode: 0644
     owner: root
@@ -29,6 +42,14 @@
     - http
 
 - name: ensure http server is running
+  service:
+    name: nginx
+    state: started
+    enabled: true
+  tags:
+    - http
+
+- name: ensure http server is restart after config change
   systemd:
     name: nginx
     state: restarted

roles/fai/tasks/routing.yml

@@ -1,19 +1,36 @@
-- name: delete nm dhcp setting
+- name: install packages
-  shell: "nmcli connection delete FAI || true" 
-
-- name: configure dhcp nic
-  shell: "nmcli connection add type ethernet ifname {{ dhcp_interface }} con-name FAI autoconnect yes save yes ip4 {{ server_ip }}/{{ server_netbits }} || true" 
-
-- name: ensure dhcp nic is up
-  shell: nmcli connection up FAI
-
-- name: ensure iptabes is installed
   apt:
-    name: iptables
+    name: ['iptables', 'ifupdown']
     state: present
   tags:
     - routing
 
+- name: ensure resolved is stopped and disabled
+  service:
+    name: systemd-resolved
+    enabled: false
+    state: stopped
+
+- name: write config for lan interface
+  copy:
+    content: |
+      auto {{ dhcp_interface }}
+      allow-hotplug {{ dhcp_interface }}
+      iface {{ dhcp_interface }} inet static
+        address {{ server_ip }}
+        netmask {{ server_netmask }}
+    dest: "/etc/network/interfaces.d/{{ dhcp_interface }}"
+    owner: root
+    group: root
+    mode: 0644
+  register: lan_iface_cfg
+
+- name: setup lan interface
+  shell: |
+    ifdown {{ dhcp_interface }} || true
+    ifup {{ dhcp_interface }}
+  when: lan_iface_cfg.changed
+
 - name: enable permantent masquerading
   copy:
     content: |

roles/fai/tasks/time-server.yml

@@ -19,13 +19,12 @@
     - time
     - rdate
 
-- systemd:
+- name: ensure inetd started
-    name: inetd
+  service:
+    name: inetutils-inetd
     state: restarted
+    enabled: true
   when: inetd_conf.changed
-  tags:
-    - time
-    - rdate
 
 - name: install ntp server
   apt:
@@ -64,6 +63,12 @@
     group: root
   register: ntp_conf
 
+- name: ntp is running and enabled
+  service:
+    name: ntp
+    state: started
+    enabled: true
+
 - name: reload ntp config
   systemd:
     name: ntp

roles/fai/tasks/unbound.yml

@@ -17,6 +17,7 @@
 
         local-zone: "{{domain_name}}." static
         local-data: "{{server_name}}.{{domain_name}}. IN A {{server_ip}}"
+        local-data: "apt.{{server_name}}.{{domain_name}}. IN A {{server_ip}}"
         local-data: "monserver.{{domain_name}} IN A {{server_ip}}"
     dest: /etc/unbound/unbound.conf.d/fai.conf
     mode: 0644
@@ -26,6 +27,14 @@
   tags:
     - dns
 
+- name: ensure unbound is enabled and running
+  service:
+    name: unbound
+    state: started
+    enabled: true
+  tags:
+    - dns
+
 - name: apply dns config
   systemd:
     name: unbound