Fix OpenBSD installs

2022-07-13 12:01:37 +00:00 · 2022-07-13 12:01:37 +00:00 · f371c3436f
commit f371c3436f
parent 0aad691b2e
3 changed files with 41 additions and 9 deletions
--- a/playbooks/dna-gw.yml
+++ b/playbooks/dna-gw.yml
@ -23,10 +23,15 @@
    - name: use configured dns servers and domain name
      copy:
        dest: /etc/dhclient.conf
-        content: "ignore domain-name-servers, domain-name;"
+        content: "ignore domain-name-servers, domain-name;\n"
        mode: 0644
        owner: root
        group: "{{ ansible_wheel }}"
+    - name: disable resolvd
+      ansible.builtin.service:
+        name: resolvd
+        state: stopped
+        enabled: false

    - name: enable ip forwarding
      sysctl:
@ -59,20 +64,49 @@
        group: "{{ ansible_wheel }}"
    - name: create tftp pxeboot loader for openbssd
      get_url:
-        url: "https://mirrors.foo.sh/openbsd/6.9/amd64/pxeboot"
-        checksum: sha1:e04ff88afbd41fbd33fc68bdb027c0f5bf8d29af
+        url: "https://mirrors.foo.sh/openbsd/7.1/amd64/pxeboot"
+        checksum: sha1:2acf476afc545f099840945bc03c23de321f421f
        dest: /srv/tftpboot/pxeboot
        mode: 0644
        owner: root
        group: "{{ ansible_wheel }}"
    - name: create tftp ramdisk for openbsd
      get_url:
-        url: "https://mirrors.foo.sh/openbsd/6.9/amd64/bsd.rd"
-        checksum: sha1:4d9df57080b89e954cef28366db52f2d66e66426
+        url: "https://mirrors.foo.sh/openbsd/7.1/amd64/bsd.rd"
+        checksum: sha1:3ed026859ab7fb54b4e279b65f3d3e58a56dda5d
        dest: /srv/tftpboot/bsd.rd
        mode: 0644
        owner: root
        group: "{{ ansible_wheel }}"
+    - name: create install.conf for openbsd
+      get_url:
+        url: "https://boot.foo.sh/openbsd/install.conf"
+        checksum: sha1:f6270708dad3f759df02eefeab300d9b8670f3d4
+        dest: /srv/tftpboot/install.conf
+        mode: 0644
+        owner: root
+        group: "{{ ansible_wheel }}"
+
+    - name: copy custom nginx config
+      copy:
+        dest: /etc/nginx/conf.d/172.20.20.1.conf
+        content: |
+          server {
+            listen 172.20.20.1:80;
+            server_name 172.20.20.1;
+            location / {
+              location /install.conf {
+                alias /srv/tftpboot/install.conf;
+              }
+              location / {
+                deny all;
+              }
+            }
+          }
+        mode: 0644
+        owner: root
+        group: "{{ ansible_wheel }}"
+      notify: restart nginx

    - name: copy dns private key
      copy:
--- a/roles/dhcpd/templates/dhcpd.conf.j2
+++ b/roles/dhcpd/templates/dhcpd.conf.j2
@ -40,8 +40,6 @@ class "OpenBSD" {
    match if not exists vendor-class-identifier and not exists user-class;

    next-server 172.20.20.10;
-    filename "auto_install";
-    option tftp-server-name "boot.foo.sh/openbsd";
 }

 shared-network FOOSH {
--- a/roles/pf/files/pf.conf.gw_home
+++ b/roles/pf/files/pf.conf.gw_home
@ -56,8 +56,8 @@ pass in quick on $int_if proto tcp from $int_net to self port domain-s
 pass in quick on $int_if proto udp from $int_net to self port tftp

 # allow http and https from outside
-pass in quick on $ext_if proto tcp from any to self port http
-pass in quick on $ext_if proto tcp from any to self port https
+pass in quick proto tcp from any to self port http
+pass in quick proto tcp from any to self port https

 # block rest of packets coming to me
 block in quick from any to self