diff --git a/files/platon/i2cspeed.sh b/files/platon/i2cspeed.sh new file mode 100755 index 0000000..5ae50b4 --- /dev/null +++ b/files/platon/i2cspeed.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# https://gist.github.com/ribasco/c22ab6b791e681800df47dd0a46c7c3a + +var="$(xxd -ps /sys/class/i2c-adapter/i2c-1/of_node/clock-frequency)" +var=${var//[[:blank:].\}]/} +printf "%d\n" 0x$var diff --git a/files/platon/mosquitto-local.conf b/files/platon/mosquitto-local.conf new file mode 100644 index 0000000..c8348ac --- /dev/null +++ b/files/platon/mosquitto-local.conf @@ -0,0 +1,2 @@ +listener 1883 +allow_anonymous true diff --git a/files/platon/reboot.sh b/files/platon/reboot.sh new file mode 100755 index 0000000..f05d0c6 --- /dev/null +++ b/files/platon/reboot.sh @@ -0,0 +1,37 @@ +#!/bin/sh +PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games' +echo 'start i2c-foo' +sudo modprobe i2c_dev +sudo modprobe i2c_bcm2708 +echo 'starting log' +tmux new-session -s status -d 'sudo less /var/log/shuttercontrol.log' +cd /home/pi/netz39_rollladensteuerung/raspberry/shuttercontrol +echo 'switch-on.sh' +../switch-on.sh +cd /home/pi +echo 'start shuttercontrol' +tmux new-window -t status:1 'cd /home/pi/netz39_rollladensteuerung/raspberry/shuttercontrol && ./shuttercontrol.sh' +echo 'start watchdog' +tmux new-window -t status:2 'cd /home/pi/netz39_rollladensteuerung/raspberry/doorcontrol && ./door-with-spacestatus.sh' +#tmux new-window -t status:2 'cd /home/pi/netz39_rollladensteuerung/raspberry/door-watchdog && python3 ./door-watchdog.py' + +echo 'start door-sound.sh' +tmux new-window -t status:3 'cd /home/pi/netz39_rollladensteuerung/raspberry/doorcontrol && ./door-sound.sh' +echo 'start ic3-client' +tmux new-window -t status:4 'cd /home/pi/netz39_xmpp_space_control/i3c_client && build/i3c_client --foreground' +echo 'start asterisk abuse check' +tmux new-window -t status:5 'cd /home/pi/netz39_rollladensteuerung/raspberry/asterisk && sudo ./check-abuse.sh' +echo 'start asterisk console' +tmux new-window -t status:6 'sudo asterisk -vvvr' +echo 'start door service' +tmux new-window -t status:7 'cd /home/pi/netz39_rollladensteuerung/raspberry/door-service && python3 door-service.py' +echo 'start mqtt-clock' +tmux new-window -t status:8 'cd /home/pi/mqtt-tools/agents && ./mqtt-clock' + +#echo 'start ampel controller' +# This does not work as intended xD +#tmux new-window -t status:9 'cd /home/pi/netz39_space_notification/raspberry/ledcontrol && ./ledcontrol' + + +#echo 'start shuttercontrol-service (experimental)' +#tmux new-window -t status:9 'cd /home/pi && python3 ./shuttercontrol-service.py' diff --git a/files/platon/sesam-door-open.sh b/files/platon/sesam-door-open.sh new file mode 100755 index 0000000..5a3c18c --- /dev/null +++ b/files/platon/sesam-door-open.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +echo "`date` : $SSH_KEY_OWNER" >> /home/sesam/door_open.log +ssh pi@localhost -i /home/sesam/.ssh/id_rsa \ + -t /home/pi/sesame-open.sh + + diff --git a/files/platon/sesame-open.sh b/files/platon/sesame-open.sh new file mode 100755 index 0000000..575af40 --- /dev/null +++ b/files/platon/sesame-open.sh @@ -0,0 +1,5 @@ +#/bin/bash + +/home/pi/netz39_rollladensteuerung/raspberry/doorcontrol/door-open.sh +/home/pi/netz39_rollladensteuerung/raspberry/shuttercontrol/doorshutter-open.sh + diff --git a/files/platon/syslog-shuttercontrol.conf b/files/platon/syslog-shuttercontrol.conf new file mode 100644 index 0000000..c35ff71 --- /dev/null +++ b/files/platon/syslog-shuttercontrol.conf @@ -0,0 +1,4 @@ +if $programname == 'lockfailsafe' then /var/log/shuttercontrol.log +if $programname == 'shuttercontrol' then /var/log/shuttercontrol.log +if $programname == 'doorservice' then /var/log/shuttercontrol.log +& ~ diff --git a/files/platon/unstuck.sh b/files/platon/unstuck.sh new file mode 100755 index 0000000..c35bc22 --- /dev/null +++ b/files/platon/unstuck.sh @@ -0,0 +1,13 @@ +#!/bin/bash +logger -t unstuck "unstuck $(date)" + +killall tmux +gpio mode 2 output +gpio mode 3 output +gpio write 2 0 +gpio write 3 0 +sudo modprobe -r i2c_dev +sudo modprobe -r i2c_bcm2708 + +sleep 1 +~/reboot.sh diff --git a/files/sysctl-no-ipv6.conf b/files/sysctl-no-ipv6.conf new file mode 100644 index 0000000..8c41d94 --- /dev/null +++ b/files/sysctl-no-ipv6.conf @@ -0,0 +1,3 @@ +net.ipv6.conf.all.disable_ipv6 = 1 +net.ipv6.conf.default.disable_ipv6 = 1 +net.ipv6.conf.lo.disable_ipv6 = 1 diff --git a/inventory.yml b/inventory.yml index c849471..beed07b 100644 --- a/inventory.yml +++ b/inventory.yml @@ -76,7 +76,8 @@ all: server_admin: "admin+unicorn@netz39.de" platon.n39.eu: server_admin: "admin+platon@netz39.de" - ansible_ssh_user: pi + mac: "b8:27:eb:8f:98:2f" + gatekeeper_user: pi radon.n39.eu: server_admin: "admin+radon@netz39.de" krypton.n39.eu: diff --git a/platon.yml b/platon.yml index 6f7155c..164b571 100644 --- a/platon.yml +++ b/platon.yml @@ -7,3 +7,251 @@ ble_keykeeper_dir: '/home/pi/netz39_ble_keykeeper' roles: - role: ble-keykeeper-role + + tasks: + - name: Install packages needed for the system + # This is a list of all packages, + # unless they are installed by a specific role + ansible.builtin.apt: + state: present + name: + # Should come from ble-keeper-role + # see https://github.com/netz39/ble-keykeeper-role/issues/4 + - python3-pip + # This is needed for the user-executed tasks + - acl + # Regular packages + - tmux + - git-core + - cmake + - build-essential + - libmosquitto-dev + - libconfig-dev + - mpg123 + - mosquitto + - i2c-tools + + + - name: Set MAC address for proper DHCP recognition + # Uses mac variable from inventory + ansible.builtin.template: + src: templates/network-interfaces-dhcp-mac.j2 + dest: /etc/network/interfaces.d/platon-mac + owner: root + group: root + mode: '0644' + + - name: Disable IPv6 + # Because it is not working.... + ansible.builtin.copy: + src: files/sysctl-no-ipv6.conf + dest: /etc/sysctl.d/99-systcl-no-ipv6.conf + owner: root + group: root + mode: '0644' + + + ### Mosquitto for local MQTT + + - name: Local configuration for Mosquitto + ansible.builtin.copy: + src: files/platon/mosquitto-local.conf + dest: /etc/mosquitto/conf.d/platon-local.conf + owner: root + group: root + mode: '0644' + notify: restart mosquitto + + + ### Sesam for SSH access + # + # Make sure to provide the .ssh/authorized_keys from backup, if needed + + - name: Ensure sesam user is there + ansible.builtin.user: + name: sesam + shell: /home/sesam/door-open.sh + groups: i2c + append: yes + generate_ssh_key: yes + + - name: Get the SSH public key for sesam + ansible.builtin.slurp: + src: /home/sesam/.ssh/id_rsa.pub + register: sesam_key + + - name: Add SSH public identity as authorized key to pi + ansible.posix.authorized_key: + user: "{{ gatekeeper_user }}" + state: present + key: "{{ sesam_key['content'] | b64decode }}" + comment: "Sesam access" + + - name: Copy door-open.ssh for sesam + ansible.builtin.copy: + src: files/platon/sesam-door-open.sh + dest: /home/sesam/door-open.sh + owner: sesam + group: sesam + mode: "0755" + + + ### Gatekeeper user (pi for now) + # + # All the gatekeeping / door control stuff is here! + + - name: Ensure gatekeeper user is there + ansible.builtin.user: + name: "{{ gatekeeper_user }}" + groups: dialout,audio,plugdev,input,netdev,i2c,gpio + append: yes + + - name: Copy management scripts + ansible.builtin.copy: + src: "files/platon/{{ item }}" + dest: "/home/{{ gatekeeper_user }}/{{ item }}" + owner: "{{ gatekeeper_user }}" + group: "{{ gatekeeper_user }}" + mode: "0755" + loop: + - i2cspeed.sh + - reboot.sh + - unstuck.sh + - sesame-open.sh + + - name: Install start-up cron + ansible.builtin.cron: + name: Start the gatekeeper services + job: "/home/{{ gatekeeper_user }}/reboot.sh" + user: "{{ gatekeeper_user }}" + special_time: reboot + + - name: Download wiringPi library + # WiringPi needs to be installed, but that library seems to be + # obsolete. We download something and hope it works... + ansible.builtin.get_url: + url: https://project-downloads.drogon.net/wiringpi-latest.deb + dest: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb" + mode: "0644" + force: no + register: wiringPi_download + + - name: Install wiringPi library + ansible.builtin.apt: + state: present + deb: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb" + when: wiringPi_download.changed + + + ### Rollladensteuerung + + - name: Clone netz39_rollladensteuerung initial checkout + # Do this as the gatekeeper user! + become: yes + become_user: "{{ gatekeeper_user }}" + ansible.builtin.git: + repo: https://github.com/netz39/rollladensteuerung.git + dest: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung" + clone: yes + update: no + + - name: Compile dootstate agent + # Do this as the gatekeeper user! + become: yes + become_user: "{{ gatekeeper_user }}" + ansible.builtin.shell: + chdir: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/doorstate" + cmd: make + creates: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/doorstate/doorstate" + + - name: Compile shuttercontrol + # Do this as the gatekeeper user! + become: yes + become_user: "{{ gatekeeper_user }}" + ansible.builtin.shell: + chdir: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/shuttercontrol" + cmd: make + creates: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/shuttercontrol/shuttercontrol" + + - name: Create directory for tyr sounds + ansible.builtin.file: + path: "/home/{{ gatekeeper_user }}/tyr/sounds" + state: directory + owner: "{{ gatekeeper_user }}" + group: "{{ gatekeeper_user }}" + mode: "0755" + + + ### MQTT Tools + + - name: Clone MQTT tools (initial checkout) + # Do this as the gatekeeper user! + become: yes + become_user: "{{ gatekeeper_user }}" + ansible.builtin.git: + repo: https://github.com/penguineer/mqtt-tools.git + dest: "/home/{{ gatekeeper_user }}/mqtt-tools" + clone: yes + update: no + + - name: Compile MQTT clock + # Do this as the gatekeeper user! + become: yes + become_user: "{{ gatekeeper_user }}" + ansible.builtin.shell: + warn: false + chdir: "/home/{{ gatekeeper_user }}/mqtt-tools" + cmd: | + mkdir build + cd build + cmake .. + make + cp agents/mqtt-clock ../agents/mqtt-clock + creates: "/home/{{ gatekeeper_user }}/mqtt-tools/agents/mqtt-clock" + + + ### Syslog setup for shuttercontrol.log + + - name: Check if rsyslog is actually installed + ansible.builtin.package: + name: rsyslog + state: present + check_mode: true + register: rsyslog_check + + - name: Fail if rsyslog is missing + ansible.builtin.fail: + msg: "Please make sure that rsyslog is installed!" + when: rsyslog_check is not succeeded + + - name: Make sure shuttercontrol.log exists + ansible.builtin.copy: + content: "" + dest: /var/log/shuttercontrol.log + # force=no ensures the file is created only if it does not exist + force: no + owner: root + group: root + mode: "0644" + + - name: Copy syslog setting for shuttercontrol + ansible.builtin.copy: + src: files/platon/syslog-shuttercontrol.conf + dest: /etc/rsyslog.d/20-shuttercontrol.conf + owner: root + group: root + mode: "0644" + notify: restart rsyslog + + handlers: + - name: restart mosquitto + service: + name: mosquitto + state: restarted + enabled: yes + + - name: restart rsyslog + service: + name: rsyslog + state: restarted + enabled: yes diff --git a/templates/network-interfaces-dhcp-mac.j2 b/templates/network-interfaces-dhcp-mac.j2 new file mode 100644 index 0000000..a254bfa --- /dev/null +++ b/templates/network-interfaces-dhcp-mac.j2 @@ -0,0 +1,6 @@ +# Set a specific MAC address to enable DHCP recognition +allow-hotplug eth0 +iface eth0 inet dhcp + hwaddress ether {{ mac }} + +# THIS FILE IS MANAGED VIA ANSIBLE!