Merge branch 'master' of ssh://dev.ccchb.de:2222/ccchb/ansible

2025-02-10 15:38:03 +01:00 · 2025-02-10 15:38:03 +01:00 · f90c5fbfa4
parent 9596dd549b 4cc2c52a6e
commit f90c5fbfa4
11 changed files with 73 additions and 29 deletions
--- a/.woodpecker.yaml
+++ b/.woodpecker.yaml
@ -0,0 +1,20 @@
 clone:
  git:
    image: woodpeckerci/plugin-git
    settings:
      submodule_override:
        roles/gitea: https://dev.ccchb.de/ccchb/ansible-role-gitea.git
 when:
  - event: push
    branch: main
  - event: push
    branch: master
 steps:
  - name: lint
    image: alpine
    commands:
      - apk update
      - apk add ansible-lint
      - ansible-lint
--- a/README.md
+++ b/README.md
@ -1,7 +1,9 @@
 # ansible
-CCC HB Ansible
+[![status-badge](https://ci.ccchb.de/api/badges/5/status.svg)](https://ci.ccchb.de/repos/5)
 CCCHB Ansible
 ## Deployment
-    ansible-playbook -i hosts/ [-l HOSTS] [-t TAGS] sites.yml 
+    ansible-playbook -i hosts/ [-l HOSTS] [-t TAGS] sites.yml
--- a/group_vars/mail.yml
+++ b/group_vars/mail.yml
@ -7,6 +7,8 @@ dovecot_users:
    zeltophil: '{BLF-CRYPT}$2y$05$rct9cKgRnB/X7tZW7MXNUeIfadqCRc..dCMG4DB1fZdefH1Qx6FAq'
    haecksen:  '{BLF-CRYPT}$2y$05$e2R8ucHVPlZuI39Uy4iX3.EaRszPJ01itsPJfQa0FIeYzBuiGxUZW'
    ari:       '{BLF-CRYPT}$2y$05$HixjVZIVDVBKy40ReKRKh.ewnuyNV/t84ANsOSjOuxz5BIgk/J7k6'
    vorstand:  '{BLF-CRYPT}$2y$05$Cw.dfEg54gvRIhT9bDCx1O7xS4TtWf/c7Hh9Owzaf23imfwltMd4e'
    fritz:     '{BLF-CRYPT}$2y$05$NFh8LBoHfkazQDy3iNiuWODSP.rib.jIEDyf/JUbyBnQbJ03FglI6'
 mlmmj_lists:
  - name: 'vorstand'
--- a/host_vars/brunn.ccchb.de.yml
+++ b/host_vars/brunn.ccchb.de.yml
@ -0,0 +1,14 @@
 user_mgmt:
  crest:
    state: present
    groups: sudo
  fritz:
    state: present
    groups: sudo
  humm:
    state: present
    groups: sudo
  genofire:
    state: present
    groups: sudo
--- a/host_vars/emma.ccchb.de.yml
+++ b/host_vars/emma.ccchb.de.yml
@ -84,11 +84,15 @@ bhyve_guests:
      - DISKS
    disks:
      - name: system
        virtio: true
        virtio_slot: 8
        properties:
          volsize: 32g
          volblocksize: 4k
          primarycache: metadata
      - name: data
        virtio: true
        virtio_slot: 9
        properties:
          volsize: 128g
          volblocksize: 64k
@ -179,6 +183,8 @@ bhyve_guests:
      - DISKS
    disks:
      - name: disk
        virtio: true
        virtio_slot: 8
        properties:
          volsize: 64g
          volblocksize: 64k
@ -241,6 +247,8 @@ bhyve_guests:
      - DISKS
    disks:
      - name: disk
        virtio: true
        virtio_slot: 8
        properties:
          volsize: 128g
          volblocksize: 64k
--- a/hosts/00_brunn
+++ b/hosts/00_brunn
@ -0,0 +1,2 @@
 [brunn]
 brunn.ccchb.de
--- a/roles/bhyve-s6/tasks/main.yml
+++ b/roles/bhyve-s6/tasks/main.yml
@ -25,7 +25,7 @@
    label: 'bhyve-{{ item.0.name }}{{ item.1.name }}'
  with_nested:
    - '{{ bhyve_guests }}'
-    - '{{ bhyve_templates }}'
+    - '{{ bhyve_templates }}'
  notify:
    - Reload s6-rc
--- a/roles/bhyve-s6/templates/bhyve/env/DISKS.j2
+++ b/roles/bhyve-s6/templates/bhyve/env/DISKS.j2
@ -1,5 +1,5 @@
 {% set disks = [] %}
-{% for disk in item.0.disks %}
+{% for disk in item.0.disks if not disk.virtio|default(False) %}
 {{- disks.append("hd:/dev/zvol/"+bhyve_pool+"/bhyve/guests/"+item.0.name+"/"+disk.name) -}}
 {% endfor %}
 {{ disks | join(",") }}
--- a/roles/bhyve-s6/templates/bhyve/run.j2
+++ b/roles/bhyve-s6/templates/bhyve/run.j2
@ -1,9 +1,9 @@
 #!/usr/local/bin/execlineb -P
-# {{ ansible_managed }}
+# {{ ansible_managed }}
 s6-envdir ./env
 multisubstitute {
-        importas -i -u    NAME  NAME
+	importas -i -u    NAME  NAME
 	importas -i -u -s ORDER ORDER
 	importas -i -u    RAM   RAM
 	importas -i -u    ROM   ROM
@ -15,7 +15,7 @@ multisubstitute {
 }
 backtick -n AHCI {
-        forx X { $ORDER }
+	forx X { $ORDER }
 		importas X X
 		importas Y $X
 		echo -n ,$Y
@ -29,25 +29,21 @@ foreground { fdmove -c 1 2 echo "bhyve-${NAME}: Starting VM ${NAME} with ${CPUS}
 s6-notifyoncheck -d -w 100 -n 70
 fdmove -c 2 1
-# Use a static password to make VNC clients happy
+{% macro bhyve_run(extra_args="") -%}
 bhyve -c "${CPUS}" -m "${RAM}" -w -A -P -H
 	-s "0,amd_hostbridge"
 	-s "2:0,ahci${AHCI}"
 	-s "3,virtio-net,${NIC}"
 	-s "4,virtio-rnd"
 	{% for disk in item.0.disks if disk.virtio|default(False) -%}
 	-s "{{ disk.virtio_slot }},virtio-blk,/dev/zvol/{{ bhyve_pool }}/bhyve/guests/{{ item.0.name }}/{{ disk.name }}"
 	{% endfor -%}
 	-s "31,lpc"
 	-l "com1,/dev/${COM}"
 	-l "bootrom,${ROM}"
 	{{ extra_args }} "${NAME}"
 {%- endmacro %}
 ifelse { test -n "$PASS" } {
-	bhyve -c "${CPUS}" -m "${RAM}" -w -A -P -H
+	{{ bhyve_run('-s "29,fbuf,tcp=[::1]:${PORT},w=800,h=600,password=${PASS}"') }}
 		-s "0,amd_hostbridge"
 		-s "2:0,ahci${AHCI}"
 		-s "3,virtio-net,${NIC}"
 		-s "4,virtio-rnd"
 		-s "29,fbuf,tcp=[::1]:${PORT},w=800,h=600,password=${PASS}"
 		-s "31,lpc"
 		-l "com1,/dev/${COM}"
 		-l "bootrom,${ROM}"
 	"${NAME}"
 }
-	bhyve -c "${CPUS}" -m "${RAM}" -w -A -P -H
+	{{ bhyve_run() }}
 		-s "0,amd_hostbridge"
 		-s "2:0,ahci${AHCI}"
 		-s "3,virtio-net,${NIC}"
 		-s "4,virtio-rnd"
 		-s "31,lpc"
 		-l "com1,/dev/${COM}"
 		-l "bootrom,${ROM}"
 	"${NAME}"
--- a/roles/postfix/vars/main.yml
+++ b/roles/postfix/vars/main.yml
@ -381,7 +381,7 @@ postfix_config:
  - name: tls_high_cipherlist
    value: |-
-      'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
+      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    state: present
  - name: tls_ssl_options
--- a/users.yml
+++ b/users.yml
@ -1,6 +1,6 @@
 ---
 - name: Perform user management
-  hosts: debian frab
+  hosts: debian frab brunn
  become: true
  tags: [user_mgmt]
  roles: