netz39-infra-ansible/host-platon.yml

312 lines
8.8 KiB
YAML

---
- hosts: platon.n39.eu
become: true
vars:
ansible_python_interpreter: /usr/bin/python3
door_open_command: '/home/pi/sesame-open.sh'
ble_keykeeper_dir: '/home/pi/netz39_ble_keykeeper'
roles:
- role: ble-keykeeper-role
vars:
ble_keykeeper_user: "{{ gatekeeper_user }}"
ble_keykeeper_group: "{{ gatekeeper_user }}"
tasks:
- name: Install packages needed for the system
# This is a list of all packages,
# unless they are installed by a specific role
ansible.builtin.apt:
state: present
name:
# This is needed for the user-executed tasks
- acl
# Regular packages
- tmux
- git-core
- cmake
- build-essential
- libmosquitto-dev
- libconfig-dev
- mpg123
- mosquitto
- i2c-tools
- asterisk
- asterisk-mp3
- jq
- name: Set MAC address for proper DHCP recognition
# Uses mac variable from inventory
ansible.builtin.template:
src: templates/network-interfaces-dhcp-mac.j2
dest: /etc/network/interfaces.d/platon-mac
owner: root
group: root
mode: '0644'
- name: Disable IPv6
# Because it is not working....
ansible.builtin.copy:
src: files/sysctl-no-ipv6.conf
dest: /etc/sysctl.d/99-systcl-no-ipv6.conf
owner: root
group: root
mode: '0644'
### Mosquitto for local MQTT
- name: Local configuration for Mosquitto
ansible.builtin.copy:
src: files/platon/mosquitto-local.conf
dest: /etc/mosquitto/conf.d/platon-local.conf
owner: root
group: root
mode: '0644'
notify: restart mosquitto
### Sesam for SSH access
#
# Make sure to provide the .ssh/authorized_keys from backup, if needed
- name: Ensure sesam user is there
ansible.builtin.user:
name: sesam
shell: /home/sesam/door-open.sh
groups: i2c
append: yes
generate_ssh_key: yes
- name: Get the SSH public key for sesam
ansible.builtin.slurp:
src: /home/sesam/.ssh/id_rsa.pub
register: sesam_key
- name: Add SSH public identity as authorized key to pi
ansible.posix.authorized_key:
user: "{{ gatekeeper_user }}"
state: present
key: "{{ sesam_key['content'] | b64decode }}"
comment: "Sesam access"
- name: Copy door-open.ssh for sesam
ansible.builtin.copy:
src: files/platon/sesam-door-open.sh
dest: /home/sesam/door-open.sh
owner: sesam
group: sesam
mode: "0755"
### Gatekeeper user (pi for now)
#
# All the gatekeeping / door control stuff is here!
- name: Ensure gatekeeper user is there
ansible.builtin.user:
name: "{{ gatekeeper_user }}"
groups: dialout,audio,plugdev,input,netdev,i2c,gpio
append: yes
- name: Copy management scripts
ansible.builtin.copy:
src: "files/platon/{{ item }}"
dest: "/home/{{ gatekeeper_user }}/{{ item }}"
owner: "{{ gatekeeper_user }}"
group: "{{ gatekeeper_user }}"
mode: "0755"
loop:
- i2cspeed.sh
- reboot.sh
- unstuck.sh
- sesame-open.sh
- name: Install start-up cron
ansible.builtin.cron:
name: Start the gatekeeper services
job: "/home/{{ gatekeeper_user }}/reboot.sh"
user: "{{ gatekeeper_user }}"
special_time: reboot
- name: Copy wiringPi library deb
# WiringPi needs to be installed, but that library seems to be
# obsolete. Download seems to be obsolete, too, so we keep it in
# the Ansible repo for now.
ansible.builtin.copy:
src: files/wiringpi-latest.deb
dest: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb"
owner: "{{ gatekeeper_user }}"
group: "{{ gatekeeper_user }}"
mode: "0644"
register: wiringPi_copy
- name: Install wiringPi library # noqa 503
ansible.builtin.apt:
state: present
deb: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb"
when: wiringPi_copy.changed
### Rollladensteuerung
- name: Clone netz39_rollladensteuerung initial checkout
# Do this as the gatekeeper user!
become: yes
become_user: "{{ gatekeeper_user }}"
ansible.builtin.git:
repo: https://github.com/netz39/rollladensteuerung.git
dest: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung"
clone: yes
update: no
- name: Compile dootstate agent
# Do this as the gatekeeper user!
become: yes
become_user: "{{ gatekeeper_user }}"
ansible.builtin.shell:
chdir: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/doorstate"
cmd: make
creates: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/doorstate/doorstate"
- name: Compile shuttercontrol
# Do this as the gatekeeper user!
become: yes
become_user: "{{ gatekeeper_user }}"
ansible.builtin.shell:
chdir: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/shuttercontrol"
cmd: make
creates: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/shuttercontrol/shuttercontrol"
- name: Create directory for tyr sounds
ansible.builtin.file:
path: "/home/{{ gatekeeper_user }}/tyr/sounds"
state: directory
owner: "{{ gatekeeper_user }}"
group: "{{ gatekeeper_user }}"
mode: "0755"
### MQTT Tools
- name: Clone MQTT tools (initial checkout)
# Do this as the gatekeeper user!
become: yes
become_user: "{{ gatekeeper_user }}"
ansible.builtin.git:
repo: https://github.com/penguineer/mqtt-tools.git
dest: "/home/{{ gatekeeper_user }}/mqtt-tools"
clone: yes
update: no
- name: Compile MQTT clock
# Do this as the gatekeeper user!
become: yes
become_user: "{{ gatekeeper_user }}"
ansible.builtin.shell:
chdir: "/home/{{ gatekeeper_user }}/mqtt-tools"
cmd: |
mkdir build
cd build
cmake ..
make
cp agents/mqtt-clock ../agents/mqtt-clock
creates: "/home/{{ gatekeeper_user }}/mqtt-tools/agents/mqtt-clock"
### Syslog setup for shuttercontrol.log
- name: Check if rsyslog is actually installed
ansible.builtin.package:
name: rsyslog
state: present
check_mode: true
register: rsyslog_check
- name: Fail if rsyslog is missing
ansible.builtin.fail:
msg: "Please make sure that rsyslog is installed!"
when: rsyslog_check is not succeeded
- name: Make sure shuttercontrol.log exists
ansible.builtin.copy:
content: ""
dest: /var/log/shuttercontrol.log
# force=no ensures the file is created only if it does not exist
force: no
owner: root
group: root
mode: "0644"
- name: Copy syslog setting for shuttercontrol
ansible.builtin.copy:
src: files/platon/syslog-shuttercontrol.conf
dest: /etc/rsyslog.d/20-shuttercontrol.conf
owner: root
group: root
mode: "0644"
notify: restart rsyslog
### Asterisk
- name: Set up SIP settings for asterisk
# This uses the variable gatekeeper_sip_registration
ansible.builtin.template:
src: templates/platon/sip.conf.j2
dest: /etc/asterisk/sip.conf
owner: root
group: root
mode: "0644"
notify: restart asterisk
- name: Set up extensions for asterisk
# This uses the variables gatekeeper_user and door_open_command
ansible.builtin.template:
src: templates/platon/extensions.conf.j2
dest: /etc/asterisk/extensions.conf
owner: root
group: root
mode: "0644"
notify: restart asterisk
- name: Ensure asterisk is in the right groups
ansible.builtin.user:
name: asterisk
groups: audio,i2c,gpio
append: yes
notify: restart asterisk
- name: Copy sounds
ansible.builtin.copy:
src: "files/platon/{{ item }}"
dest: "/usr/local/share/asterisk/sounds/n39/"
owner: root
group: root
mode: "0644"
loop:
# Check the extensions.conf.j2 template to see which files are needed
- hello.gsm
- granted.gsm
- denied.gsm
# Asterisk restart is not necessary
handlers:
- name: restart mosquitto
service:
name: mosquitto
state: restarted
enabled: yes
- name: restart rsyslog
service:
name: rsyslog
state: restarted
enabled: yes
- name: restart asterisk
service:
name: asterisk
state: restarted
enabled: yes