mirror of
https://github.com/iiab/iiab.git
synced 2025-02-14 20:22:08 +00:00
A Holt
GitHub
commit
f1fcdb82bc
7 changed files with 52 additions and 69 deletions
|
|
@ -1,54 +0,0 @@
|
|||
- name: Disable firewalld service (OS's other than debuntu)
|
||||
service:
|
||||
name: firewalld
|
||||
enabled: no
|
||||
when: not is_debuntu
|
||||
|
||||
# Likely no longer nec as of 2019
|
||||
- name: Use larger hammer -- systemctl disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
|
||||
shell: systemctl disable firewalld.service
|
||||
when: not is_debuntu
|
||||
|
||||
- name: Mask firewalld service (OS's other than debuntu)
|
||||
shell: systemctl mask firewalld
|
||||
ignore_errors: yes
|
||||
when: not installing and not is_debuntu
|
||||
|
||||
- name: Stop firewalld service (OS's other than debuntu)
|
||||
service:
|
||||
name: firewalld
|
||||
state: stopped
|
||||
ignore_errors: yes
|
||||
when: not installing and not is_debuntu
|
||||
|
||||
- name: Remove /etc/systemd/system/iptables.service
|
||||
file:
|
||||
path: /etc/systemd/system/iptables.service
|
||||
state: absent
|
||||
|
||||
- name: Install package iptables-persistent (debuntu)
|
||||
package:
|
||||
name: iptables-persistent
|
||||
state: present
|
||||
when: is_debuntu
|
||||
|
||||
- name: Install package iptables-services (OS's other than debuntu)
|
||||
package:
|
||||
name: iptables-services
|
||||
state: present
|
||||
when: not is_debuntu
|
||||
|
||||
- name: Install /etc/sysconfig/iptables-config from template
|
||||
template:
|
||||
src: iptables-config
|
||||
dest: /etc/sysconfig/iptables-config
|
||||
# owner: root
|
||||
# group: root
|
||||
# mode: '0644'
|
||||
|
||||
- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu)
|
||||
template:
|
||||
src: iptables
|
||||
dest: /etc/network/if-pre-up.d/iptables
|
||||
mode: '0755'
|
||||
when: is_debuntu
|
||||
|
|
@ -19,7 +19,7 @@
|
|||
when: xo_model != "none" or osbuilder is defined
|
||||
|
||||
- include_tasks: packages.yml
|
||||
- include_tasks: iptables.yml
|
||||
- include_tasks: network.yml
|
||||
|
||||
# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes:
|
||||
- name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible
|
||||
|
|
|
|||
23
roles/2-common/tasks/network.yml
Normal file
23
roles/2-common/tasks/network.yml
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
- name: Install package networkd-dispatcher (OS's other than RaspOS)
|
||||
package:
|
||||
name: networkd-dispatcher
|
||||
state: present
|
||||
when: not is_raspbian
|
||||
|
||||
# used in the network role
|
||||
- name: Install network related packages (debuntu)
|
||||
package:
|
||||
name:
|
||||
- iproute2
|
||||
- iptables-persistent
|
||||
- hostapd
|
||||
- netmask
|
||||
state: present
|
||||
when: is_debuntu
|
||||
|
||||
- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu)
|
||||
template:
|
||||
src: iptables
|
||||
dest: /etc/network/if-pre-up.d/iptables
|
||||
mode: '0755'
|
||||
when: is_debuntu
|
||||
|
|
@ -27,7 +27,7 @@
|
|||
state: present
|
||||
when: is_debuntu
|
||||
|
||||
- name: "Install 22 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget"
|
||||
- name: "Install 20 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget"
|
||||
package:
|
||||
name:
|
||||
- acpid # Daemon for ACPI (power mgmt) events
|
||||
|
|
@ -35,7 +35,6 @@
|
|||
- curl # Used to install roles/nodejs and roles/nodered
|
||||
#- etckeeper # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146
|
||||
- gawk
|
||||
- hostapd
|
||||
- htop
|
||||
- i2c-tools # Low-level bus/chip/register/EEPROM tools e.g. for RTC
|
||||
- iproute2
|
||||
|
|
@ -43,7 +42,6 @@
|
|||
#- lynx # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
|
||||
- make # 2021-04-26: What roles (if any) truly still use this?
|
||||
- mlocate
|
||||
- netmask
|
||||
- net-tools # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output?
|
||||
- ntfs-3g # Possibly no longer nec, similar to exfat packages above?
|
||||
#- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml
|
||||
|
|
|
|||
|
|
@ -70,9 +70,14 @@
|
|||
mode: 0600
|
||||
when: wan_ip != "dhcp"
|
||||
|
||||
- name: Use systemd-networkd to handle br0
|
||||
include_tasks: sysd-netd-debian.yml
|
||||
when: iiab_lan_iface == "br0" and not systemd_networkd_active
|
||||
|
||||
- name: Reload systemd
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
when: not iiab_lan_iface == "br0"
|
||||
|
||||
- name: Restart the NetworkManager service
|
||||
systemd:
|
||||
|
|
|
|||
|
|
@ -23,17 +23,19 @@
|
|||
- systemd-networkd-wait-online
|
||||
when: systemd_networkd_active
|
||||
|
||||
- name: Unmask and enable the systemd-networkd service for br0
|
||||
systemd:
|
||||
name: systemd-networkd
|
||||
enabled: yes
|
||||
masked: no
|
||||
when: network_manager_active and iiab_lan_iface == "br0"
|
||||
# Moved to NM-debian.yml 2020-12-07
|
||||
#- name: Unmask and enable the systemd-networkd service for br0
|
||||
# systemd:
|
||||
# name: systemd-networkd
|
||||
# enabled: yes
|
||||
# masked: no
|
||||
# when: network_manager_active and iiab_lan_iface == "br0"
|
||||
|
||||
- name: Ensure systemd-networkd gets enabled for br0
|
||||
set_fact:
|
||||
systemd_networkd_active: True
|
||||
when: network_manager_active and iiab_lan_iface == "br0"
|
||||
# Moved to NM-debian.yml 2020-12-07
|
||||
#- name: Ensure systemd-networkd gets enabled for br0
|
||||
# set_fact:
|
||||
# systemd_networkd_active: True
|
||||
# when: network_manager_active and iiab_lan_iface == "br0"
|
||||
|
||||
# ICO will always set gui_static_wan_ip away from the default of 'unset' while
|
||||
# gui_static_wan turns dhcp on/off through wan_ip in computed_network and
|
||||
|
|
|
|||
|
|
@ -57,10 +57,19 @@
|
|||
state: started
|
||||
when: wifi_up_down and discovered_wireless_iface != "none"
|
||||
|
||||
- name: Restart the systemd-networkd service
|
||||
- name: Enable & Restart systemd-networkd.service
|
||||
systemd:
|
||||
name: systemd-networkd
|
||||
state: restarted
|
||||
enabled: yes
|
||||
masked: no
|
||||
|
||||
- name: Enable & Restart networkd-dispatcher.service
|
||||
systemd:
|
||||
name: networkd-dispatcher
|
||||
state: restarted
|
||||
enabled: yes
|
||||
masked: no
|
||||
|
||||
- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False
|
||||
systemd:
|
||||
|
|
|
|||
Loading…
Reference in a new issue