ansible/tuer.yml

   1 ---
   2 - hosts: torwaechter
   3   connection: local
   4   pre_tasks:
   5     - name: Create go directories
   6       file:
   7         path: .cache/openwrt/tuer/{{ item }}
   8         state: directory
   9       with_items: [ gopath, gocache ]
  10
  11     - name: Clone necessary git repositories
  12       git:
  13         repo: https://github.com/realraum/{{ item }}.git
  14         dest: .cache/openwrt/tuer/{{ item }}
  15         update: True
  16       with_items: [ door_and_sensors ]
  17
  18     - name: Download dependencies
  19       command: go get -d ./...
  20       args:
  21         chdir: .cache/openwrt/tuer/door_and_sensors/{{ item }}
  22       environment:
  23         GOCACHE: "{{ playbook_dir }}/.cache/openwrt/tuer/gocache"
  24         GOPATH:  "{{ playbook_dir }}/.cache/openwrt/tuer/gopath"
  25       with_items: [ door_client, door_daemon, update-keys ]
  26
  27     - name: Cross-compile Go binaries
  28       command: go build -ldflags "-s"
  29       args:
  30         chdir: .cache/openwrt/tuer/door_and_sensors/{{ item }}
  31       environment:
  32         GOCACHE: "{{ playbook_dir }}/.cache/openwrt/tuer/gocache"
  33         GOPATH:  "{{ playbook_dir }}/.cache/openwrt/tuer/gopath"
  34         GO386: 387
  35         CGO_ENABLED: 0
  36         GOOS: linux
  37         GOARCH: 386
  38       with_items: [ door_client, door_daemon, update-keys ]
  39
  40   roles:
  41     - role: openwrt-image
  42       delegate_to: localhost
  43       vars:
  44         openwrt_arch: x86
  45         openwrt_target: geode
  46         openwrt_output_image_suffixes:
  47           - combined-ext4.img.gz
  48           - combined-squashfs.img
  49         openwrt_packages_remove:
  50           - ppp
  51           - ppp-mod-pppoe
  52           - dnsmasq
  53           - firewall
  54           - odhcpd
  55         openwrt_packages_add:
  56           - flashrom
  57           - haveged
  58           - htop
  59           - hwclock
  60           - ip
  61           - less
  62           - nano
  63           - tcpdump
  64         openwrt_packages_extra:
  65           - git
  66
  67         openwrt_mixin:
  68           # Go binaries
  69           /usr/local/bin/door_client:
  70             mode: 0755
  71             file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_client/door_client"
  72           /usr/local/bin/door_daemon:
  73             mode: 0755
  74             file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_daemon/door_daemon"
  75           /usr/local/bin/update-keys:
  76             mode: 0755
  77             file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/update-keys/update-keys"
  78
  79           /etc/dropbear/authorized_keys:
  80             mode: 0600
  81             content: |-
  82               {% for key in noc_ssh_keys %}
  83               {{ key }}
  84               {% endfor %}
  85
  86         openwrt_uci:
  87           network:
  88             - name: globals 'globals'
  89               options:
  90                 ula_prefix: fdc9:e01f:83db::/48
  91
  92             - name: interface 'loopback'
  93               options:
  94                 ifname: lo
  95                 proto: static
  96                 ipaddr: 127.0.0.1
  97                 netmask: 255.0.0.0
  98
  99             - name: interface 'lan'
 100               options:
 101                 ifname: eth0
 102                 accept_ra: 0
 103                 proto: static
 104                 ipaddr: 192.168.33.7
 105                 netmask: 255.255.255.0
 106                 gateway: 192.168.33.1
 107                 dns: 192.168.33.1
 108                 dns_search: realraum.at
 109
 110           dropbear:
 111             - name: dropbear
 112               options:
 113                 PasswordAuth: off
 114                 RootPasswordAuth: off
 115                 Port: 22000
 116
 117         openwrt_mounts:
 118           - path: /run
 119             src: none
 120             fstype: tmpfs
 121             opts: nosuid,nodev,noexec,noatime