From acb6cb64180ade4ad021f679e2125809d9185fc9 Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Tue, 15 Oct 2024 20:10:56 +0200 Subject: [PATCH 01/14] Re-add vorstand@ and fritz@ mailboxes --- group_vars/mail.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/mail.yml b/group_vars/mail.yml index de756d2..9e29279 100644 --- a/group_vars/mail.yml +++ b/group_vars/mail.yml @@ -7,6 +7,8 @@ dovecot_users: zeltophil: '{BLF-CRYPT}$2y$05$rct9cKgRnB/X7tZW7MXNUeIfadqCRc..dCMG4DB1fZdefH1Qx6FAq' haecksen: '{BLF-CRYPT}$2y$05$e2R8ucHVPlZuI39Uy4iX3.EaRszPJ01itsPJfQa0FIeYzBuiGxUZW' ari: '{BLF-CRYPT}$2y$05$HixjVZIVDVBKy40ReKRKh.ewnuyNV/t84ANsOSjOuxz5BIgk/J7k6' + vorstand: '{BLF-CRYPT}$2y$05$Cw.dfEg54gvRIhT9bDCx1O7xS4TtWf/c7Hh9Owzaf23imfwltMd4e' + fritz: '{BLF-CRYPT}$2y$05$NFh8LBoHfkazQDy3iNiuWODSP.rib.jIEDyf/JUbyBnQbJ03FglI6' mlmmj_lists: - name: 'vorstand' From c9571efbb636b913eed1ce1849b9d669927ffe15 Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Tue, 15 Oct 2024 22:02:11 +0200 Subject: [PATCH 02/14] fix tls_high_cipherlist setting for postfix --- roles/postfix/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postfix/vars/main.yml b/roles/postfix/vars/main.yml index 3b0f7f8..84617f8 100644 --- a/roles/postfix/vars/main.yml +++ b/roles/postfix/vars/main.yml @@ -381,7 +381,7 @@ postfix_config: - name: tls_high_cipherlist value: |- - 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384' + ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 state: present - name: tls_ssl_options From a60f6eb0a20d0fa6d8f7261e3cdcd998b6026691 Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Sat, 2 Nov 2024 21:09:24 +0100 Subject: [PATCH 03/14] add brunn.ccchb.de --- host_vars/brunn.ccchb.de.yml | 14 ++++++++++++++ hosts/00_brunn | 2 ++ users.yml | 2 +- 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 host_vars/brunn.ccchb.de.yml create mode 100644 hosts/00_brunn diff --git a/host_vars/brunn.ccchb.de.yml b/host_vars/brunn.ccchb.de.yml new file mode 100644 index 0000000..f34a13b --- /dev/null +++ b/host_vars/brunn.ccchb.de.yml @@ -0,0 +1,14 @@ +user_mgmt: + crest: + state: present + groups: sudo + fritz: + state: present + groups: sudo + humm: + state: present + groups: sudo + genofire: + state: present + groups: sudo + diff --git a/hosts/00_brunn b/hosts/00_brunn new file mode 100644 index 0000000..da0e00a --- /dev/null +++ b/hosts/00_brunn @@ -0,0 +1,2 @@ +[brunn] +brunn.ccchb.de diff --git a/users.yml b/users.yml index 41abe04..d5fc2be 100644 --- a/users.yml +++ b/users.yml @@ -1,6 +1,6 @@ --- - name: Perform user management - hosts: debian frab + hosts: debian frab brunn become: true tags: [user_mgmt] roles: From 78a9b5db85ad1352278d582b4c29bf7cab4c9b87 Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Sat, 9 Nov 2024 03:44:13 +0100 Subject: [PATCH 04/14] run ansible lint in ci --- .woodpecker.yaml | 13 +++++++++++++ README.md | 6 ++++-- 2 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 .woodpecker.yaml diff --git a/.woodpecker.yaml b/.woodpecker.yaml new file mode 100644 index 0000000..f5b526a --- /dev/null +++ b/.woodpecker.yaml @@ -0,0 +1,13 @@ +when: + - event: push + branch: main + - event: push + branch: master + +steps: + - name: lint + image: alpine + commands: + - apk update + - apk add ansible-lint + - ansible-lint diff --git a/README.md b/README.md index af86f26..8b4ba61 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,9 @@ # ansible -CCC HB Ansible +[![status-badge](https://ci.ccchb.de/api/badges/5/status.svg)](https://ci.ccchb.de/repos/5) + +CCCHB Ansible ## Deployment - ansible-playbook -i hosts/ [-l HOSTS] [-t TAGS] sites.yml + ansible-playbook -i hosts/ [-l HOSTS] [-t TAGS] sites.yml From ffb11979c22910dace5e9311ec317b4f58f68634 Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Sat, 9 Nov 2024 03:46:19 +0100 Subject: [PATCH 05/14] CI: Override submodule clone URI --- .woodpecker.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.woodpecker.yaml b/.woodpecker.yaml index f5b526a..23213c9 100644 --- a/.woodpecker.yaml +++ b/.woodpecker.yaml @@ -1,3 +1,9 @@ +clone: + git: + image: ccchb/ansible + submodule_override: + roles/gitea: https://dev.ccchb.de/ccchb/ansible-role-gitea.git + when: - event: push branch: main From d73003647b5f8179d2db8eaba50393d016e394b0 Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Sat, 9 Nov 2024 03:47:08 +0100 Subject: [PATCH 06/14] CI: Use correct image for git pull --- .woodpecker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker.yaml b/.woodpecker.yaml index 23213c9..95bca11 100644 --- a/.woodpecker.yaml +++ b/.woodpecker.yaml @@ -1,6 +1,6 @@ clone: git: - image: ccchb/ansible + image: woodpeckerci/plugin-git submodule_override: roles/gitea: https://dev.ccchb.de/ccchb/ansible-role-gitea.git From 167702d3458b0d04706bca50ea144e22e8e528c8 Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Sat, 9 Nov 2024 03:48:01 +0100 Subject: [PATCH 07/14] CI: Override submodule URI --- .woodpecker.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.woodpecker.yaml b/.woodpecker.yaml index 95bca11..53da633 100644 --- a/.woodpecker.yaml +++ b/.woodpecker.yaml @@ -1,8 +1,9 @@ clone: git: image: woodpeckerci/plugin-git - submodule_override: - roles/gitea: https://dev.ccchb.de/ccchb/ansible-role-gitea.git + settings: + submodule_override: + roles/gitea: https://dev.ccchb.de/ccchb/ansible-role-gitea.git when: - event: push From da0941bdefaa8cfff38609dd4b4fc8275692912e Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Sat, 4 Jan 2025 03:36:17 +0100 Subject: [PATCH 08/14] s6 bhyve fuckstack schlimmer gemacht --- host_vars/emma.ccchb.de.yml | 2 + roles/bhyve-s6/tasks/main.yml | 2 +- roles/bhyve-s6/templates/bhyve/env/DISKS.j2 | 2 +- roles/bhyve-s6/templates/bhyve/run.j2 | 42 +++++++++------------ 4 files changed, 21 insertions(+), 27 deletions(-) diff --git a/host_vars/emma.ccchb.de.yml b/host_vars/emma.ccchb.de.yml index 320672d..a1f7b0c 100644 --- a/host_vars/emma.ccchb.de.yml +++ b/host_vars/emma.ccchb.de.yml @@ -241,6 +241,8 @@ bhyve_guests: - DISKS disks: - name: disk + virtio: true + virtio_slot: 8 properties: volsize: 128g volblocksize: 64k diff --git a/roles/bhyve-s6/tasks/main.yml b/roles/bhyve-s6/tasks/main.yml index 1e75949..622ff0b 100644 --- a/roles/bhyve-s6/tasks/main.yml +++ b/roles/bhyve-s6/tasks/main.yml @@ -25,7 +25,7 @@ label: 'bhyve-{{ item.0.name }}{{ item.1.name }}' with_nested: - '{{ bhyve_guests }}' - - '{{ bhyve_templates }}' + - '{{ bhyve_templates }}' notify: - Reload s6-rc diff --git a/roles/bhyve-s6/templates/bhyve/env/DISKS.j2 b/roles/bhyve-s6/templates/bhyve/env/DISKS.j2 index 1abddda..70e4086 100644 --- a/roles/bhyve-s6/templates/bhyve/env/DISKS.j2 +++ b/roles/bhyve-s6/templates/bhyve/env/DISKS.j2 @@ -1,5 +1,5 @@ {% set disks = [] %} -{% for disk in item.0.disks %} +{% for disk in item.0.disks if not disk.virtio|default(False) %} {{- disks.append("hd:/dev/zvol/"+bhyve_pool+"/bhyve/guests/"+item.0.name+"/"+disk.name) -}} {% endfor %} {{ disks | join(",") }} diff --git a/roles/bhyve-s6/templates/bhyve/run.j2 b/roles/bhyve-s6/templates/bhyve/run.j2 index ebe1c38..d71c6dd 100644 --- a/roles/bhyve-s6/templates/bhyve/run.j2 +++ b/roles/bhyve-s6/templates/bhyve/run.j2 @@ -1,9 +1,9 @@ #!/usr/local/bin/execlineb -P -# {{ ansible_managed }} +# {{ ansible_managed }} s6-envdir ./env multisubstitute { - importas -i -u NAME NAME + importas -i -u NAME NAME importas -i -u -s ORDER ORDER importas -i -u RAM RAM importas -i -u ROM ROM @@ -15,7 +15,7 @@ multisubstitute { } backtick -n AHCI { - forx X { $ORDER } + forx X { $ORDER } importas X X importas Y $X echo -n ,$Y @@ -29,25 +29,17 @@ foreground { fdmove -c 1 2 echo "bhyve-${NAME}: Starting VM ${NAME} with ${CPUS} s6-notifyoncheck -d -w 100 -n 70 fdmove -c 2 1 -# Use a static password to make VNC clients happy -ifelse { test -n "$PASS" } { - bhyve -c "${CPUS}" -m "${RAM}" -w -A -P -H - -s "0,amd_hostbridge" - -s "2:0,ahci${AHCI}" - -s "3,virtio-net,${NIC}" - -s "4,virtio-rnd" - -s "29,fbuf,tcp=[::1]:${PORT},w=800,h=600,password=${PASS}" - -s "31,lpc" - -l "com1,/dev/${COM}" - -l "bootrom,${ROM}" - "${NAME}" -} - bhyve -c "${CPUS}" -m "${RAM}" -w -A -P -H - -s "0,amd_hostbridge" - -s "2:0,ahci${AHCI}" - -s "3,virtio-net,${NIC}" - -s "4,virtio-rnd" - -s "31,lpc" - -l "com1,/dev/${COM}" - -l "bootrom,${ROM}" - "${NAME}" +bhyve -c "{{ item.0.cpus }}" -m "{{ item.0.ram }}" -w -A -P -h + -s "0,amd_hostbridge" + -s "2:0,ahci${AHCI}" + -s "3,virtio-net,${NIC}" + -s "4,virtio-rnd" + {% for disk in item.0.disks if disk.virtio|default(False) -%} + -s "{{ disk.virtio_slot }},virtio,/dev/zvol/{{ bhyve_pool }}/bhyve/guests/{{ item.0.name }}/{{ disk.name }}" + {% endfor -%} + {% if item.0.password is defined -%} + -s "29,fbuf,tcp=[::1]:${PORT},w=800,h=600,password=${PASS}" + {% endif -%} + -s "31,lpc" + -l "com1,/dev/${COM}" + -l "bootrom,${ROM}" From 5f5e66140918af265616d4ff40ddf84c9c73e817 Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Sat, 4 Jan 2025 03:45:26 +0100 Subject: [PATCH 09/14] upps --- roles/bhyve-s6/templates/bhyve/run.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/bhyve-s6/templates/bhyve/run.j2 b/roles/bhyve-s6/templates/bhyve/run.j2 index d71c6dd..562b900 100644 --- a/roles/bhyve-s6/templates/bhyve/run.j2 +++ b/roles/bhyve-s6/templates/bhyve/run.j2 @@ -29,7 +29,7 @@ foreground { fdmove -c 1 2 echo "bhyve-${NAME}: Starting VM ${NAME} with ${CPUS} s6-notifyoncheck -d -w 100 -n 70 fdmove -c 2 1 -bhyve -c "{{ item.0.cpus }}" -m "{{ item.0.ram }}" -w -A -P -h +bhyve -c "{{ item.0.cpus }}" -m "{{ item.0.ram }}" -w -A -P -H -s "0,amd_hostbridge" -s "2:0,ahci${AHCI}" -s "3,virtio-net,${NIC}" From dafaed4f06acde999835686cd593c2704eac6c50 Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Sat, 4 Jan 2025 04:02:23 +0100 Subject: [PATCH 10/14] upps (2) --- roles/bhyve-s6/templates/bhyve/run.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/bhyve-s6/templates/bhyve/run.j2 b/roles/bhyve-s6/templates/bhyve/run.j2 index 562b900..c60ad65 100644 --- a/roles/bhyve-s6/templates/bhyve/run.j2 +++ b/roles/bhyve-s6/templates/bhyve/run.j2 @@ -35,7 +35,7 @@ bhyve -c "{{ item.0.cpus }}" -m "{{ item.0.ram }}" -w -A -P -H -s "3,virtio-net,${NIC}" -s "4,virtio-rnd" {% for disk in item.0.disks if disk.virtio|default(False) -%} - -s "{{ disk.virtio_slot }},virtio,/dev/zvol/{{ bhyve_pool }}/bhyve/guests/{{ item.0.name }}/{{ disk.name }}" + -s "{{ disk.virtio_slot }},virtio-blk,/dev/zvol/{{ bhyve_pool }}/bhyve/guests/{{ item.0.name }}/{{ disk.name }}" {% endfor -%} {% if item.0.password is defined -%} -s "29,fbuf,tcp=[::1]:${PORT},w=800,h=600,password=${PASS}" From b55ca7c10f0c0cc67e3fc428f2bb1eaad0cd2798 Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Sat, 4 Jan 2025 04:20:41 +0100 Subject: [PATCH 11/14] =?UTF-8?q?VM-Name=20an=20bhyve=20als=20Argument=20?= =?UTF-8?q?=C3=BCbergeben?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/bhyve-s6/templates/bhyve/run.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/bhyve-s6/templates/bhyve/run.j2 b/roles/bhyve-s6/templates/bhyve/run.j2 index c60ad65..f8508a9 100644 --- a/roles/bhyve-s6/templates/bhyve/run.j2 +++ b/roles/bhyve-s6/templates/bhyve/run.j2 @@ -43,3 +43,4 @@ bhyve -c "{{ item.0.cpus }}" -m "{{ item.0.ram }}" -w -A -P -H -s "31,lpc" -l "com1,/dev/${COM}" -l "bootrom,${ROM}" + "${NAME}" From ada85d9126df975848c037554d8abf3d0ceb4cb3 Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Sat, 4 Jan 2025 04:21:07 +0100 Subject: [PATCH 12/14] virtio for wiki.emma.ccchb.de --- host_vars/emma.ccchb.de.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/host_vars/emma.ccchb.de.yml b/host_vars/emma.ccchb.de.yml index a1f7b0c..7ef7d7f 100644 --- a/host_vars/emma.ccchb.de.yml +++ b/host_vars/emma.ccchb.de.yml @@ -179,6 +179,8 @@ bhyve_guests: - DISKS disks: - name: disk + virtio: true + virtio_slot: 8 properties: volsize: 64g volblocksize: 64k From c15ca7e8a79628c36d998b975472d35112542d96 Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Sun, 19 Jan 2025 21:10:42 +0100 Subject: [PATCH 13/14] bhyve: Restore old behavior wrt PASS --- roles/bhyve-s6/templates/bhyve/run.j2 | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/bhyve-s6/templates/bhyve/run.j2 b/roles/bhyve-s6/templates/bhyve/run.j2 index f8508a9..57bbdd2 100644 --- a/roles/bhyve-s6/templates/bhyve/run.j2 +++ b/roles/bhyve-s6/templates/bhyve/run.j2 @@ -29,7 +29,8 @@ foreground { fdmove -c 1 2 echo "bhyve-${NAME}: Starting VM ${NAME} with ${CPUS} s6-notifyoncheck -d -w 100 -n 70 fdmove -c 2 1 -bhyve -c "{{ item.0.cpus }}" -m "{{ item.0.ram }}" -w -A -P -H +{% macro bhyve_run(extra_args="") -%} +bhyve -c "${CPUS}" -m "${RAM}" -w -A -P -H -s "0,amd_hostbridge" -s "2:0,ahci${AHCI}" -s "3,virtio-net,${NIC}" @@ -37,10 +38,12 @@ bhyve -c "{{ item.0.cpus }}" -m "{{ item.0.ram }}" -w -A -P -H {% for disk in item.0.disks if disk.virtio|default(False) -%} -s "{{ disk.virtio_slot }},virtio-blk,/dev/zvol/{{ bhyve_pool }}/bhyve/guests/{{ item.0.name }}/{{ disk.name }}" {% endfor -%} - {% if item.0.password is defined -%} - -s "29,fbuf,tcp=[::1]:${PORT},w=800,h=600,password=${PASS}" - {% endif -%} -s "31,lpc" -l "com1,/dev/${COM}" -l "bootrom,${ROM}" - "${NAME}" + {{ extra_args }} "${NAME}" +{%- endmacro %} +ifelse { test -n "$PASS" } { + {{ bhyve_run('-s "29,fbuf,tcp=[::1]:${PORT},w=800,h=600,password=${PASS}"') }} +} + {{ bhyve_run() }} From 4cc2c52a6e3b9bb3d81d7a2969fffc5d52012a8c Mon Sep 17 00:00:00 2001 From: Fritz Grimpen Date: Sun, 19 Jan 2025 21:17:13 +0100 Subject: [PATCH 14/14] Convert cloud VM storage to virtio --- host_vars/emma.ccchb.de.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/host_vars/emma.ccchb.de.yml b/host_vars/emma.ccchb.de.yml index 7ef7d7f..5187c83 100644 --- a/host_vars/emma.ccchb.de.yml +++ b/host_vars/emma.ccchb.de.yml @@ -84,11 +84,15 @@ bhyve_guests: - DISKS disks: - name: system + virtio: true + virtio_slot: 8 properties: volsize: 32g volblocksize: 4k primarycache: metadata - name: data + virtio: true + virtio_slot: 9 properties: volsize: 128g volblocksize: 64k