NTP/ansible/configure-server.yml

---
- hosts: pi
  gather_facts: no
  tags: pihw
  tasks:
  ## LCD STUFF
  - name: Enable i2c on boot/config.txt
    lineinfile:
      dest: /boot/config.txt
      regexp: "^#?dtparam=i2c_arm="
      line: "dtparam=i2c_arm=on"
      insertafter: EOF
      state: present

  - name: Enable i2c module
    lineinfile:
      dest: /etc/modules-load.d/raspberrypi.conf
      regexp: "^#?i2c"
      line: "i2c-dev"
      insertafter: EOF
      state: present

  - name: Copy systemd unit files
    ansible.builtin.copy:
      src: files/display.service
      dest: /etc/systemd/system/
      owner: root
      group: root
      mode: 0644
    register: display_service
    tags: display

  - name: Reload systemd
    ansible.builtin.systemd:
      daemon_reload: yes
    when: display_service.changed
    tags: display

  - name: Enable display service
    ansible.builtin.systemd:
      name: display
      enabled: yes
      state: started
    tags: display

  ## Now the most important part: PPS
  - name: Add PPS tools
    package:
      name: pps-tools
      state: present

  - name: PPS on GPIO
    lineinfile:
      dest: /boot/config.txt
      regexp: "^dtoverlay=pps-gpio"
      line: "dtoverlay=pps-gpio,gpiopin=18"
      state: present


  ## Lower ethernet latency of smsc95xx
  - name: Configure options in /boot/cmdline.txt
    replace:
      path: /boot/cmdline.txt
      regexp: '^([\w](?!.*\b{{ item }}\b).*)$'
      replace: '\1 {{ item }}'
    with_items:
    - smsc95xx.turbo_mode=N
    tags: smsc95xx

  ## Enable UART for the GPS module
  - name: Enable UART
    lineinfile:
      dest: /boot/config.txt
      regexp: "^#?enable_uart="
      line: "enable_uart=1"
      insertafter: EOF
      state: present

# - name: Disable bluetooth XXX makes it really laggy
#   lineinfile:
#     dest: /boot/config.txt
#     regexp: "^dtoverlay=pi3-disable-bt"
#     line: "dtoverlay=pi3-disable-bt"
#     state: present

  - name: Disable serial-getty@ttyS0
    systemd:
      name: serial-getty@ttyS0
      enabled: no
      state: stopped

  - name: copy gpsd config files
    ansible.builtin.copy:
      src: files/gpsd
      dest: /etc/default/gpsd
      owner: root
      group: root
      mode: 0644
    tags: gpsd

  - name: start and enable gpsd
    systemd:
      name: gpsd
      enabled: yes
      state: started
    tags: gpsd


- hosts: all
  tags: ntp
  tasks:
  - name: Disable systemd LLMNR
    lineinfile:
      dest: /etc/systemd/resolved.conf
      regexp: "^#?LLMNR="
      line: "LLMNR=no"
      insertafter: EOF
      state: present
    register: resolved_conf

  - name: Restart systemd-resolved
    systemd:
      name: systemd-resolved
      state: restarted
    when: resolved_conf.changed

  - name: Install chrony
    package:
      name: chrony
      state: present
    notify: restart chrony

  - name: Configure chrony
    template:
      src: files/chrony.conf.j2
      dest: "{{ '/etc/chrony/chrony.conf' if ansible_facts['distribution'] == 'Ubuntu' else '/etc/chrony.conf' }}"
      owner: root
      group: root
      mode: 0644
    notify: restart chrony
    tags: chrony

  - name: Enable chrony
    service:
      name: chronyd
      enabled: yes
      state: started

  handlers:
  - name: restart chrony
    service:
      name: chronyd
      state: restarted

## BGP STUFF
- hosts: all
  tags: bgp
  tasks:
  - name: gather facts
    setup:
    tags: check
  - name: install FRR
    package:
      name: frr
      state: present
    when: ansible_facts['distribution'] == 'Ubuntu'
    #XXX for arch install it manually with yay

  - name: Enable FRR bgp daemon
    lineinfile:
      dest: /etc/frr/daemons
      regexp: "^bgpd=no"
      line: "bgpd=yes"
      state: present

  - name: Copy frr config
    ansible.builtin.template:
      src: files/frr.conf.j2
      dest: /etc/frr/frr.conf
      owner: frr
      group: frr
      mode: 0640
    notify: restart frr

  - name: Copy systemd netdevs
    ansible.builtin.template:
      src: files/{{item}}.netdev
      dest: /etc/systemd/network/
      owner: root
      group: root
      mode: 0644
    with_items:
      - bgp
      - bgp-backup
    register: netdevs

  - name: Copy systemd bgp network
    ansible.builtin.template:
      src: files/{{item}}.network
      dest: /etc/systemd/network/
      owner: root
      group: root
      mode: 0644
    with_items:
      - bgp
      - bgp-backup
    register: bgpnetworks

  - name: Copy systemd bgp-backup network
    ansible.builtin.template:
      src: files/bgp-backup.network
      dest: /etc/systemd/network/
      owner: root
      group: root
      mode: 0644
    register: networks

  - name: Reload systemd-networkd
    shell: networkctl reload
    when: netdevs.changed or networks.changed or bgpnetworks.changed


  - name: Enable FRR
    service:
      name: frr
      enabled: yes
      state: started


  - name: Check that announces are okay
    delegate_to: ikvps.k3s.fr
    shell: "curl http://[{{bgp_ipv6}}] | grep 'NTP server {{ansible_hostname}}'"
    tags: check

  handlers:
  - name: restart frr
    systemd:
      name: frr
      state: restarted

- hosts: all
  tags: web
  tasks:
  - name: Install nginx
    package:
      name: nginx
      state: present

  - name: Copy nginx config
    ansible.builtin.template:
      src: files/nginx.conf.j2
      dest: /etc/nginx/nginx.conf
    register: nginx_conf

  - name: Enable nginx
    service:
      name: nginx
      enabled: yes
      state: started

  - name: Restart nginx
    systemd:
      name: nginx
      state: restarted
    when: nginx_conf.changed


  - name: ensure /var/www/html exists
    file:
      path: /var/www/html
      state: directory

  - name: Copy index page
    ansible.builtin.template:
      src: files/index.html
      dest: /var/www/html/
      owner: root
      group: root
      mode: 0644
first commit Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-13 21:05:10 +00:00			`---`
			`- hosts: pi`
			`gather_facts: no`
More betterer with FRR Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-18 18:20:56 +00:00			`tags: pihw`
first commit Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-13 21:05:10 +00:00			`tasks:`
PI: add PPS Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-13 21:45:11 +00:00			`## LCD STUFF`
first commit Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-13 21:05:10 +00:00			`- name: Enable i2c on boot/config.txt`
			`lineinfile:`
			`dest: /boot/config.txt`
			`regexp: "^#?dtparam=i2c_arm="`
			`line: "dtparam=i2c_arm=on"`
			`insertafter: EOF`
			`state: present`

			`- name: Enable i2c module`
			`lineinfile:`
			`dest: /etc/modules-load.d/raspberrypi.conf`
			`regexp: "^#?i2c"`
			`line: "i2c-dev"`
			`insertafter: EOF`
			`state: present`

			`- name: Copy systemd unit files`
			`ansible.builtin.copy:`
			`src: files/display.service`
			`dest: /etc/systemd/system/`
			`owner: root`
			`group: root`
			`mode: 0644`
			`register: display_service`
			`tags: display`

			`- name: Reload systemd`
			`ansible.builtin.systemd:`
			`daemon_reload: yes`
			`when: display_service.changed`
			`tags: display`

			`- name: Enable display service`
			`ansible.builtin.systemd:`
			`name: display`
			`enabled: yes`
			`state: started`
			`tags: display`

PI: add PPS Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-13 21:45:11 +00:00			`## Now the most important part: PPS`
			`- name: Add PPS tools`
			`package:`
			`name: pps-tools`
			`state: present`

			`- name: PPS on GPIO`
			`lineinfile:`
			`dest: /boot/config.txt`
			`regexp: "^dtoverlay=pps-gpio"`
			`line: "dtoverlay=pps-gpio,gpiopin=18"`
			`state: present`

moar perf Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-17 15:38:00 +00:00
			`## Lower ethernet latency of smsc95xx`
			`- name: Configure options in /boot/cmdline.txt`
			`replace:`
			`path: /boot/cmdline.txt`
			`regexp: '^([\w](?!.\b{{ item }}\b).)$'`
			`replace: '\1 {{ item }}'`
			`with_items:`
			`- smsc95xx.turbo_mode=N`
			`tags: smsc95xx`

pi: enable GPSD Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-17 12:00:30 +00:00			`## Enable UART for the GPS module`
			`- name: Enable UART`
			`lineinfile:`
			`dest: /boot/config.txt`
			`regexp: "^#?enable_uart="`
			`line: "enable_uart=1"`
			`insertafter: EOF`
			`state: present`

moar perf Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-17 15:38:00 +00:00			`# - name: Disable bluetooth XXX makes it really laggy`
			`# lineinfile:`
			`# dest: /boot/config.txt`
			`# regexp: "^dtoverlay=pi3-disable-bt"`
			`# line: "dtoverlay=pi3-disable-bt"`
			`# state: present`

pi: enable GPSD Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-17 12:00:30 +00:00			`- name: Disable serial-getty@ttyS0`
			`systemd:`
			`name: serial-getty@ttyS0`
			`enabled: no`
			`state: stopped`

			`- name: copy gpsd config files`
			`ansible.builtin.copy:`
			`src: files/gpsd`
			`dest: /etc/default/gpsd`
			`owner: root`
			`group: root`
			`mode: 0644`
			`tags: gpsd`

			`- name: start and enable gpsd`
			`systemd:`
			`name: gpsd`
			`enabled: yes`
			`state: started`
			`tags: gpsd`

first commit Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-13 21:05:10 +00:00


			`- hosts: all`
add nginx Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-20 09:03:28 +00:00			`tags: ntp`
first commit Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-13 21:05:10 +00:00			`tasks:`
oauoau Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-16 17:18:21 +00:00			`- name: Disable systemd LLMNR`
			`lineinfile:`
			`dest: /etc/systemd/resolved.conf`
			`regexp: "^#?LLMNR="`
			`line: "LLMNR=no"`
			`insertafter: EOF`
			`state: present`
			`register: resolved_conf`

			`- name: Restart systemd-resolved`
			`systemd:`
			`name: systemd-resolved`
			`state: restarted`
			`when: resolved_conf.changed`

			`- name: Install chrony`
			`package:`
			`name: chrony`
			`state: present`
			`notify: restart chrony`
first commit Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-13 21:05:10 +00:00
			`- name: Configure chrony`
			`template:`
			`src: files/chrony.conf.j2`
More betterer with FRR Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-18 18:20:56 +00:00			`dest: "{{ '/etc/chrony/chrony.conf' if ansible_facts['distribution'] == 'Ubuntu' else '/etc/chrony.conf' }}"`
first commit Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-13 21:05:10 +00:00			`owner: root`
			`group: root`
			`mode: 0644`
			`notify: restart chrony`
chrony: add S1 servers as backup Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-13 21:45:26 +00:00			`tags: chrony`
first commit Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-13 21:05:10 +00:00
			`- name: Enable chrony`
			`service:`
			`name: chronyd`
			`enabled: yes`
			`state: started`

			`handlers:`
			`- name: restart chrony`
			`service:`
			`name: chronyd`
			`state: restarted`
More betterer with FRR Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-18 18:20:56 +00:00
			`## BGP STUFF`
			`- hosts: all`
			`tags: bgp`
			`tasks:`
check bgp is working great Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-20 10:06:30 +00:00			`- name: gather facts`
			`setup:`
			`tags: check`
More betterer with FRR Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-18 18:20:56 +00:00			`- name: install FRR`
			`package:`
			`name: frr`
			`state: present`
			`when: ansible_facts['distribution'] == 'Ubuntu'`
			`#XXX for arch install it manually with yay`

			`- name: Enable FRR bgp daemon`
			`lineinfile:`
			`dest: /etc/frr/daemons`
			`regexp: "^bgpd=no"`
			`line: "bgpd=yes"`
			`state: present`

			`- name: Copy frr config`
			`ansible.builtin.template:`
			`src: files/frr.conf.j2`
			`dest: /etc/frr/frr.conf`
			`owner: frr`
			`group: frr`
			`mode: 0640`
			`notify: restart frr`

BGP announces Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-20 08:16:56 +00:00			`- name: Copy systemd netdevs`
			`ansible.builtin.template:`
			`src: files/{{item}}.netdev`
			`dest: /etc/systemd/network/`
			`owner: root`
			`group: root`
			`mode: 0644`
			`with_items:`
			`- bgp`
			`- bgp-backup`
			`register: netdevs`

			`- name: Copy systemd bgp network`
			`ansible.builtin.template:`
			`src: files/{{item}}.network`
			`dest: /etc/systemd/network/`
			`owner: root`
			`group: root`
			`mode: 0644`
			`with_items:`
			`- bgp`
			`- bgp-backup`
			`register: bgpnetworks`
More betterer with FRR Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-18 18:20:56 +00:00
BGP announces Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-20 08:16:56 +00:00			`- name: Copy systemd bgp-backup network`
			`ansible.builtin.template:`
			`src: files/bgp-backup.network`
			`dest: /etc/systemd/network/`
			`owner: root`
			`group: root`
			`mode: 0644`
			`register: networks`

			`- name: Reload systemd-networkd`
			`shell: networkctl reload`
			`when: netdevs.changed or networks.changed or bgpnetworks.changed`


			`- name: Enable FRR`
			`service:`
			`name: frr`
			`enabled: yes`
			`state: started`
More betterer with FRR Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-18 18:20:56 +00:00
check bgp is working great Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-20 10:06:30 +00:00
			`- name: Check that announces are okay`
			`delegate_to: ikvps.k3s.fr`
			`shell: "curl http://[{{bgp_ipv6}}] \| grep 'NTP server {{ansible_hostname}}'"`
			`tags: check`

More betterer with FRR Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-18 18:20:56 +00:00			`handlers:`
			`- name: restart frr`
			`systemd:`
			`name: frr`
add nginx Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu> 2024-06-20 09:03:28 +00:00			`state: restarted`

			`- hosts: all`
			`tags: web`
			`tasks:`
			`- name: Install nginx`
			`package:`
			`name: nginx`
			`state: present`

			`- name: Copy nginx config`
			`ansible.builtin.template:`
			`src: files/nginx.conf.j2`
			`dest: /etc/nginx/nginx.conf`
			`register: nginx_conf`

			`- name: Enable nginx`
			`service:`
			`name: nginx`
			`enabled: yes`
			`state: started`

			`- name: Restart nginx`
			`systemd:`
			`name: nginx`
			`state: restarted`
			`when: nginx_conf.changed`


			`- name: ensure /var/www/html exists`
			`file:`
			`path: /var/www/html`
			`state: directory`

			`- name: Copy index page`
			`ansible.builtin.template:`
			`src: files/index.html`
			`dest: /var/www/html/`
			`owner: root`
			`group: root`
			`mode: 0644`