--- - hosts: platon.n39.eu become: true vars: ansible_python_interpreter: /usr/bin/python3 door_open_command: '/home/pi/sesame-open.sh' ble_keykeeper_dir: '/home/pi/netz39_ble_keykeeper' roles: - role: ble-keykeeper-role vars: ble_keykeeper_user: "{{ gatekeeper_user }}" ble_keykeeper_group: "{{ gatekeeper_user }}" tasks: - name: Install packages needed for the system # This is a list of all packages, # unless they are installed by a specific role ansible.builtin.apt: state: present name: # This is needed for the user-executed tasks - acl # Regular packages - tmux - git-core - cmake - build-essential - libmosquitto-dev - libconfig-dev - mpg123 - mosquitto - i2c-tools - asterisk - asterisk-mp3 - jq - name: Set MAC address for proper DHCP recognition # Uses mac variable from inventory ansible.builtin.template: src: templates/network-interfaces-dhcp-mac.j2 dest: /etc/network/interfaces.d/platon-mac owner: root group: root mode: '0644' - name: Disable IPv6 # Because it is not working.... ansible.builtin.copy: src: files/sysctl-no-ipv6.conf dest: /etc/sysctl.d/99-systcl-no-ipv6.conf owner: root group: root mode: '0644' ### Mosquitto for local MQTT - name: Local configuration for Mosquitto ansible.builtin.copy: src: files/platon/mosquitto-local.conf dest: /etc/mosquitto/conf.d/platon-local.conf owner: root group: root mode: '0644' notify: restart mosquitto ### Sesam for SSH access # # Make sure to provide the .ssh/authorized_keys from backup, if needed - name: Ensure sesam user is there ansible.builtin.user: name: sesam shell: /home/sesam/door-open.sh groups: i2c append: yes generate_ssh_key: yes - name: Get the SSH public key for sesam ansible.builtin.slurp: src: /home/sesam/.ssh/id_rsa.pub register: sesam_key - name: Add SSH public identity as authorized key to pi ansible.posix.authorized_key: user: "{{ gatekeeper_user }}" state: present key: "{{ sesam_key['content'] | b64decode }}" comment: "Sesam access" - name: Copy door-open.ssh for sesam ansible.builtin.copy: src: files/platon/sesam-door-open.sh dest: /home/sesam/door-open.sh owner: sesam group: sesam mode: "0755" ### Gatekeeper user (pi for now) # # All the gatekeeping / door control stuff is here! - name: Ensure gatekeeper user is there ansible.builtin.user: name: "{{ gatekeeper_user }}" groups: dialout,audio,plugdev,input,netdev,i2c,gpio append: yes - name: Copy management scripts ansible.builtin.copy: src: "files/platon/{{ item }}" dest: "/home/{{ gatekeeper_user }}/{{ item }}" owner: "{{ gatekeeper_user }}" group: "{{ gatekeeper_user }}" mode: "0755" loop: - i2cspeed.sh - reboot.sh - unstuck.sh - sesame-open.sh - name: Install start-up cron ansible.builtin.cron: name: Start the gatekeeper services job: "/home/{{ gatekeeper_user }}/reboot.sh" user: "{{ gatekeeper_user }}" special_time: reboot - name: Copy wiringPi library deb # WiringPi needs to be installed, but that library seems to be # obsolete. Download seems to be obsolete, too, so we keep it in # the Ansible repo for now. ansible.builtin.copy: src: files/wiringpi-latest.deb dest: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb" owner: "{{ gatekeeper_user }}" group: "{{ gatekeeper_user }}" mode: "0644" register: wiringPi_copy - name: Install wiringPi library # noqa 503 ansible.builtin.apt: state: present deb: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb" when: wiringPi_copy.changed ### Rollladensteuerung - name: Clone netz39_rollladensteuerung initial checkout # Do this as the gatekeeper user! become: yes become_user: "{{ gatekeeper_user }}" ansible.builtin.git: repo: https://github.com/netz39/rollladensteuerung.git dest: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung" clone: yes update: no - name: Compile dootstate agent # Do this as the gatekeeper user! become: yes become_user: "{{ gatekeeper_user }}" ansible.builtin.shell: chdir: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/doorstate" cmd: make creates: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/doorstate/doorstate" - name: Compile shuttercontrol # Do this as the gatekeeper user! become: yes become_user: "{{ gatekeeper_user }}" ansible.builtin.shell: chdir: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/shuttercontrol" cmd: make creates: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/shuttercontrol/shuttercontrol" - name: Create directory for tyr sounds ansible.builtin.file: path: "/home/{{ gatekeeper_user }}/tyr/sounds" state: directory owner: "{{ gatekeeper_user }}" group: "{{ gatekeeper_user }}" mode: "0755" ### MQTT Tools - name: Clone MQTT tools (initial checkout) # Do this as the gatekeeper user! become: yes become_user: "{{ gatekeeper_user }}" ansible.builtin.git: repo: https://github.com/penguineer/mqtt-tools.git dest: "/home/{{ gatekeeper_user }}/mqtt-tools" clone: yes update: no - name: Compile MQTT clock # Do this as the gatekeeper user! become: yes become_user: "{{ gatekeeper_user }}" ansible.builtin.shell: warn: false chdir: "/home/{{ gatekeeper_user }}/mqtt-tools" cmd: | mkdir build cd build cmake .. make cp agents/mqtt-clock ../agents/mqtt-clock creates: "/home/{{ gatekeeper_user }}/mqtt-tools/agents/mqtt-clock" ### Syslog setup for shuttercontrol.log - name: Check if rsyslog is actually installed ansible.builtin.package: name: rsyslog state: present check_mode: true register: rsyslog_check - name: Fail if rsyslog is missing ansible.builtin.fail: msg: "Please make sure that rsyslog is installed!" when: rsyslog_check is not succeeded - name: Make sure shuttercontrol.log exists ansible.builtin.copy: content: "" dest: /var/log/shuttercontrol.log # force=no ensures the file is created only if it does not exist force: no owner: root group: root mode: "0644" - name: Copy syslog setting for shuttercontrol ansible.builtin.copy: src: files/platon/syslog-shuttercontrol.conf dest: /etc/rsyslog.d/20-shuttercontrol.conf owner: root group: root mode: "0644" notify: restart rsyslog ### Asterisk - name: Set up SIP settings for asterisk # This uses the variable gatekeeper_sip_registration ansible.builtin.template: src: templates/platon/sip.conf.j2 dest: /etc/asterisk/sip.conf owner: root group: root mode: "0644" notify: restart asterisk - name: Set up extensions for asterisk # This uses the variables gatekeeper_user and door_open_command ansible.builtin.template: src: templates/platon/extensions.conf.j2 dest: /etc/asterisk/extensions.conf owner: root group: root mode: "0644" notify: restart asterisk - name: Ensure asterisk is in the right groups ansible.builtin.user: name: asterisk groups: audio,i2c,gpio append: yes notify: restart asterisk - name: Copy sounds ansible.builtin.copy: src: "files/platon/{{ item }}" dest: "/usr/local/share/asterisk/sounds/n39/" owner: root group: root mode: "0644" loop: # Check the extensions.conf.j2 template to see which files are needed - hello.gsm - granted.gsm - denied.gsm # Asterisk restart is not necessary handlers: - name: restart mosquitto service: name: mosquitto state: restarted enabled: yes - name: restart rsyslog service: name: rsyslog state: restarted enabled: yes - name: restart asterisk service: name: asterisk state: restarted enabled: yes