Merge branch 'master' of ssh://dev.ccchb.de:2222/ccchb/ansible

.woodpecker.yaml

@@ -0,0 +1,20 @@
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      submodule_override:
+        roles/gitea: https://dev.ccchb.de/ccchb/ansible-role-gitea.git
+
+when:
+  - event: push
+    branch: main
+  - event: push
+    branch: master
+
+steps:
+  - name: lint
+    image: alpine
+    commands:
+      - apk update
+      - apk add ansible-lint
+      - ansible-lint

README.md

@@ -1,5 +1,7 @@
 # ansible
 
+[![status-badge](https://ci.ccchb.de/api/badges/5/status.svg)](https://ci.ccchb.de/repos/5)
+
 CCCHB Ansible
 
 ## Deployment

group_vars/mail.yml

@@ -7,6 +7,8 @@ dovecot_users:
     zeltophil: '{BLF-CRYPT}$2y$05$rct9cKgRnB/X7tZW7MXNUeIfadqCRc..dCMG4DB1fZdefH1Qx6FAq'
     haecksen:  '{BLF-CRYPT}$2y$05$e2R8ucHVPlZuI39Uy4iX3.EaRszPJ01itsPJfQa0FIeYzBuiGxUZW'
     ari:       '{BLF-CRYPT}$2y$05$HixjVZIVDVBKy40ReKRKh.ewnuyNV/t84ANsOSjOuxz5BIgk/J7k6'
+    vorstand:  '{BLF-CRYPT}$2y$05$Cw.dfEg54gvRIhT9bDCx1O7xS4TtWf/c7Hh9Owzaf23imfwltMd4e'
+    fritz:     '{BLF-CRYPT}$2y$05$NFh8LBoHfkazQDy3iNiuWODSP.rib.jIEDyf/JUbyBnQbJ03FglI6'
 
 mlmmj_lists:
   - name: 'vorstand'

host_vars/brunn.ccchb.de.yml

@@ -0,0 +1,14 @@
+user_mgmt:
+  crest:
+    state: present
+    groups: sudo
+  fritz:
+    state: present
+    groups: sudo
+  humm:
+    state: present
+    groups: sudo
+  genofire:
+    state: present
+    groups: sudo
+

host_vars/emma.ccchb.de.yml

@@ -84,11 +84,15 @@ bhyve_guests:
       - DISKS
     disks:
       - name: system
+        virtio: true
+        virtio_slot: 8
         properties:
           volsize: 32g
           volblocksize: 4k
           primarycache: metadata
       - name: data
+        virtio: true
+        virtio_slot: 9
         properties:
           volsize: 128g
           volblocksize: 64k
@@ -179,6 +183,8 @@ bhyve_guests:
       - DISKS
     disks:
       - name: disk
+        virtio: true
+        virtio_slot: 8
         properties:
           volsize: 64g
           volblocksize: 64k
@@ -241,6 +247,8 @@ bhyve_guests:
       - DISKS
     disks:
       - name: disk
+        virtio: true
+        virtio_slot: 8
         properties:
           volsize: 128g
           volblocksize: 64k

hosts/00_brunn

@@ -0,0 +1,2 @@
+[brunn]
+brunn.ccchb.de

roles/bhyve-s6/tasks/main.yml

@@ -25,7 +25,7 @@
     label: 'bhyve-{{ item.0.name }}{{ item.1.name }}'
   with_nested:
     - '{{ bhyve_guests }}'
-    - '{{ bhyve_templates }}'
+    - '{{ bhyve_templates }}'
   notify:
     - Reload s6-rc
 

roles/bhyve-s6/templates/bhyve/env/DISKS.j2

@@ -1,5 +1,5 @@
 {% set disks = [] %}
-{% for disk in item.0.disks %}
+{% for disk in item.0.disks if not disk.virtio|default(False) %}
 {{- disks.append("hd:/dev/zvol/"+bhyve_pool+"/bhyve/guests/"+item.0.name+"/"+disk.name) -}}
 {% endfor %}
 {{ disks | join(",") }}

roles/bhyve-s6/templates/bhyve/run.j2

@@ -1,5 +1,5 @@
 #!/usr/local/bin/execlineb -P
-# {{ ansible_managed }}
+# {{ ansible_managed }}
 
 s6-envdir ./env
 multisubstitute {
@@ -29,25 +29,21 @@ foreground { fdmove -c 1 2 echo "bhyve-${NAME}: Starting VM ${NAME} with ${CPUS}
 s6-notifyoncheck -d -w 100 -n 70
 
 fdmove -c 2 1
-# Use a static password to make VNC clients happy
+{% macro bhyve_run(extra_args="") -%}
+bhyve -c "${CPUS}" -m "${RAM}" -w -A -P -H
+	-s "0,amd_hostbridge"
+	-s "2:0,ahci${AHCI}"
+	-s "3,virtio-net,${NIC}"
+	-s "4,virtio-rnd"
+	{% for disk in item.0.disks if disk.virtio|default(False) -%}
+	-s "{{ disk.virtio_slot }},virtio-blk,/dev/zvol/{{ bhyve_pool }}/bhyve/guests/{{ item.0.name }}/{{ disk.name }}"
+	{% endfor -%}
+	-s "31,lpc"
+	-l "com1,/dev/${COM}"
+	-l "bootrom,${ROM}"
+	{{ extra_args }} "${NAME}"
+{%- endmacro %}
 ifelse { test -n "$PASS" } {
-	bhyve -c "${CPUS}" -m "${RAM}" -w -A -P -H
-		-s "0,amd_hostbridge"
-		-s "2:0,ahci${AHCI}"
-		-s "3,virtio-net,${NIC}"
-		-s "4,virtio-rnd"
-		-s "29,fbuf,tcp=[::1]:${PORT},w=800,h=600,password=${PASS}"
-		-s "31,lpc"
-		-l "com1,/dev/${COM}"
-		-l "bootrom,${ROM}"
-	"${NAME}"
+	{{ bhyve_run('-s "29,fbuf,tcp=[::1]:${PORT},w=800,h=600,password=${PASS}"') }}
 }
-	bhyve -c "${CPUS}" -m "${RAM}" -w -A -P -H
-		-s "0,amd_hostbridge"
-		-s "2:0,ahci${AHCI}"
-		-s "3,virtio-net,${NIC}"
-		-s "4,virtio-rnd"
-		-s "31,lpc"
-		-l "com1,/dev/${COM}"
-		-l "bootrom,${ROM}"
-	"${NAME}"
+	{{ bhyve_run() }}

roles/postfix/vars/main.yml

@@ -381,7 +381,7 @@ postfix_config:
 
   - name: tls_high_cipherlist
     value: |-
-      'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
+      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
     state: present
 
   - name: tls_ssl_options

users.yml

@@ -1,6 +1,6 @@
 ---
 - name: Perform user management
-  hosts: debian frab
+  hosts: debian frab brunn
   become: true
   tags: [user_mgmt]
   roles: