Alexander Dahl
b22c86758e
We used a similar local role here, in the Freifunk Magdeburg project, and in personal playbooks. That was moved to an external project, unified, and reworked, so the external role can act as replacement for the distributed, redundant copies. Link: https://github.com/netz39/ansible-role-host-docker
172 lines
5.4 KiB
YAML
172 lines
5.4 KiB
YAML
---
|
|
- hosts: wittgenstein.n39.eu
|
|
become: true
|
|
|
|
roles:
|
|
- role: netz39.host_docker
|
|
vars:
|
|
docker_data_root: "/srv/docker"
|
|
- role: apache
|
|
- role: apache_letsencrypt # Uses configuration from dehydrated setup
|
|
- role: 24367dfa.dehydrated
|
|
vars:
|
|
dehydrated_contact_email: "{{ server_admin }}"
|
|
- role: penguineer.dehydrated_cron
|
|
|
|
tasks:
|
|
- name: Install packages needed for the system
|
|
# This is a list of all packages,
|
|
# unless they are installed by a specific role
|
|
ansible.builtin.apt:
|
|
state: present
|
|
name:
|
|
# This is needed for the user-executed tasks
|
|
- acl
|
|
# Regular packages
|
|
- tmux
|
|
- git-core
|
|
- cmake
|
|
- build-essential
|
|
- libmosquitto-dev
|
|
- libconfig-dev
|
|
- mosquitto-clients
|
|
- python3-paho-mqtt
|
|
- i2c-tools
|
|
|
|
|
|
- name: Set MAC address for proper DHCP recognition
|
|
# Uses mac variable from inventory
|
|
ansible.builtin.template:
|
|
src: templates/network-interfaces-dhcp-mac.j2
|
|
dest: /etc/network/interfaces.d/wittgenstein-mac
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Disable IPv6
|
|
# Because it is not working....
|
|
ansible.builtin.copy:
|
|
src: files/sysctl-no-ipv6.conf
|
|
dest: /etc/sysctl.d/99-systcl-no-ipv6.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
|
|
### Gatekeeper user (pi for now)
|
|
#
|
|
# All the gatekeeping / door control stuff is here!
|
|
|
|
- name: Ensure gatekeeper user is there
|
|
ansible.builtin.user:
|
|
name: "{{ gatekeeper_user }}"
|
|
groups: dialout,audio,plugdev,input,netdev,i2c,gpio
|
|
append: yes
|
|
|
|
- name: Copy management scripts
|
|
ansible.builtin.copy:
|
|
src: "files/wittgenstein/{{ item }}"
|
|
dest: "/home/{{ gatekeeper_user }}/{{ item }}"
|
|
owner: "{{ gatekeeper_user }}"
|
|
group: "{{ gatekeeper_user }}"
|
|
mode: "0750"
|
|
loop:
|
|
- reboot.sh
|
|
- unstuck.sh
|
|
- switch-on.sh
|
|
- switch-off.sh
|
|
|
|
- name: Install start-up cron
|
|
ansible.builtin.cron:
|
|
name: Start the gatekeeper services
|
|
job: "/home/{{ gatekeeper_user }}/reboot.sh"
|
|
user: "{{ gatekeeper_user }}"
|
|
special_time: reboot
|
|
|
|
|
|
- name: Download wiringPi library
|
|
# WiringPi needs to be installed, but that library seems to be
|
|
# obsolete. We download something and hope it works...
|
|
ansible.builtin.get_url:
|
|
url: https://project-downloads.drogon.net/wiringpi-latest.deb
|
|
dest: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb"
|
|
mode: "0644"
|
|
force: no
|
|
register: wiringPi_download
|
|
|
|
- name: Install wiringPi library # noqa: no-handler
|
|
ansible.builtin.apt:
|
|
state: present
|
|
deb: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb"
|
|
when: wiringPi_download.changed
|
|
|
|
|
|
### Ampelsteuerung
|
|
- name: Clone netz39_space_notification initial checkout
|
|
# Do this as the gatekeeper user!
|
|
become: yes
|
|
become_user: "{{ gatekeeper_user }}"
|
|
ansible.builtin.git:
|
|
repo: https://github.com/netz39/space_notification.git
|
|
dest: "/home/{{ gatekeeper_user }}/netz39_space_notification"
|
|
clone: yes
|
|
update: no
|
|
|
|
- name: Compile ledcontrol agent
|
|
# Do this as the gatekeeper user!
|
|
become: yes
|
|
become_user: "{{ gatekeeper_user }}"
|
|
ansible.builtin.shell:
|
|
chdir: "/home/{{ gatekeeper_user }}/netz39_space_notification/raspberry/ledcontrol"
|
|
cmd: make
|
|
creates: "/home/{{ gatekeeper_user }}/netz39_space_notification/raspberry/ledcontrol/ledcontrol"
|
|
|
|
- name: Compile statusswitch agent
|
|
# Do this as the gatekeeper user!
|
|
become: yes
|
|
become_user: "{{ gatekeeper_user }}"
|
|
ansible.builtin.shell:
|
|
chdir: "/home/{{ gatekeeper_user }}/netz39_space_notification/raspberry/statusswitch"
|
|
cmd: make
|
|
creates: "/home/{{ gatekeeper_user }}/netz39_space_notification/raspberry/statusswitch/statusswitch"
|
|
|
|
### Space API
|
|
- name: Setup the SpaceAPI Docker container
|
|
docker_container:
|
|
name: spaceapi
|
|
image: "{{ spaceapi_image }}"
|
|
pull: true
|
|
state: started
|
|
detach: yes
|
|
restart_policy: unless-stopped
|
|
ports:
|
|
- "0.0.0.0:{{ spaceapi_host_port }}:8080" # Must be reached by pottwal
|
|
# - "127.0.0.1:{{ spaceapi_host_port }}:8080"
|
|
env:
|
|
TZ: "{{ timezone }}"
|
|
MQTT_BROKER: "platon.n39.eu"
|
|
MQTT_TOPIC_STATUS: "{{ spaceapi_topic_status }}"
|
|
MQTT_TOPIC_LASTCHANGE: "{{ spaceapi_topic_lastchange }}"
|
|
tags:
|
|
- spaceapi
|
|
|
|
- name: Setup the Ampel Controller Docker container
|
|
docker_container:
|
|
name: ampelcontroller
|
|
image: "{{ ampelcontroller_image }}"
|
|
pull: true
|
|
state: started
|
|
detach: yes
|
|
restart_policy: unless-stopped
|
|
env:
|
|
TZ: "{{ timezone }}"
|
|
MQTT_BROKER: "platon.n39.eu"
|
|
MQTT_LEVER_STATE_TOPIC: "{{ topic_lever_state }}"
|
|
MQTT_DOOR_EVENTS_TOPIC: "{{ topic_door_events }}"
|
|
MQTT_SPACESTATUS_ISOPEN_TOPIC: "{{ spaceapi_topic_status }}"
|
|
MQTT_SPACESTATUS_LASTCHANGE_TOPIC: "{{ spaceapi_topic_lastchange }}"
|
|
MQTT_TRAFFIC_LIGHT_TOPIC: "{{ topic_traffic_light }}"
|
|
tags:
|
|
- spaceapi
|
|
|
|
handlers:
|