foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix OpenBSD installs

Browse source
This commit is contained in:
Timo Makinen 2022-07-13 12:01:37 +00:00
parent 0aad691b2e
commit f371c3436f
3 changed files with 41 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

44
playbooks/dna-gw.yml
View file

@ -23,10 +23,15 @@
- name: use configured dns servers and domain name - name: use configured dns servers and domain name
copy: copy:
dest: /etc/dhclient.conf dest: /etc/dhclient.conf
content: "ignore domain-name-servers, domain-name;" content: "ignore domain-name-servers, domain-name;\n"
mode: 0644 mode: 0644
owner: root owner: root
group: "{{ ansible_wheel }}" group: "{{ ansible_wheel }}"
- name: disable resolvd
ansible.builtin.service:
name: resolvd
state: stopped
enabled: false
- name: enable ip forwarding - name: enable ip forwarding
sysctl: sysctl:
@ -59,20 +64,49 @@
group: "{{ ansible_wheel }}" group: "{{ ansible_wheel }}"
- name: create tftp pxeboot loader for openbssd - name: create tftp pxeboot loader for openbssd
get_url: get_url:
url: "https://mirrors.foo.sh/openbsd/6.9/amd64/pxeboot" url: "https://mirrors.foo.sh/openbsd/7.1/amd64/pxeboot"
checksum: sha1:e04ff88afbd41fbd33fc68bdb027c0f5bf8d29af checksum: sha1:2acf476afc545f099840945bc03c23de321f421f
dest: /srv/tftpboot/pxeboot dest: /srv/tftpboot/pxeboot
mode: 0644 mode: 0644
owner: root owner: root
group: "{{ ansible_wheel }}" group: "{{ ansible_wheel }}"
- name: create tftp ramdisk for openbsd - name: create tftp ramdisk for openbsd
get_url: get_url:
url: "https://mirrors.foo.sh/openbsd/6.9/amd64/bsd.rd" url: "https://mirrors.foo.sh/openbsd/7.1/amd64/bsd.rd"
checksum: sha1:4d9df57080b89e954cef28366db52f2d66e66426 checksum: sha1:3ed026859ab7fb54b4e279b65f3d3e58a56dda5d
dest: /srv/tftpboot/bsd.rd dest: /srv/tftpboot/bsd.rd
mode: 0644 mode: 0644
owner: root owner: root
group: "{{ ansible_wheel }}" group: "{{ ansible_wheel }}"
- name: create install.conf for openbsd
get_url:
url: "https://boot.foo.sh/openbsd/install.conf"
checksum: sha1:f6270708dad3f759df02eefeab300d9b8670f3d4
dest: /srv/tftpboot/install.conf
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
- name: copy custom nginx config
copy:
dest: /etc/nginx/conf.d/172.20.20.1.conf
content: |
server {
listen 172.20.20.1:80;
server_name 172.20.20.1;
location / {
location /install.conf {
alias /srv/tftpboot/install.conf;
}
location / {
deny all;
}
}
}
mode: 0644
owner: root
group: "{{ ansible_wheel }}"
notify: restart nginx
- name: copy dns private key - name: copy dns private key
copy: copy:

2
roles/dhcpd/templates/dhcpd.conf.j2
View file

@ -40,8 +40,6 @@ class "OpenBSD" {
match if not exists vendor-class-identifier and not exists user-class; match if not exists vendor-class-identifier and not exists user-class;
next-server 172.20.20.10; next-server 172.20.20.10;
filename "auto_install";
option tftp-server-name "boot.foo.sh/openbsd";
} }
shared-network FOOSH { shared-network FOOSH {

4
roles/pf/files/pf.conf.gw_home
View file

@ -56,8 +56,8 @@ pass in quick on $int_if proto tcp from $int_net to self port domain-s
pass in quick on $int_if proto udp from $int_net to self port tftp pass in quick on $int_if proto udp from $int_net to self port tftp
# allow http and https from outside # allow http and https from outside
pass in quick on $ext_if proto tcp from any to self port http pass in quick proto tcp from any to self port http
pass in quick on $ext_if proto tcp from any to self port https pass in quick proto tcp from any to self port https
# block rest of packets coming to me # block rest of packets coming to me
block in quick from any to self block in quick from any to self