verdnatura/vn-ansible
verdnatura
/
vn-ansible
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

refs #8553 - Final works

This commit is contained in:
Xavi Lleó 2025-03-03 15:51:59 +01:00
parent 6edd7b5f50
commit ae891d4d89
6 changed files with 125 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/services/handlers/main.yml
View File

@ -5,3 +5,7 @@
- name: reload-systemd
command:
cmd: systemctl daemon-reload
- name: restart-dhcp
systemd:
name: isc-dhcp-server
state: restarted

56
roles/services/tasks/dhcp.yml Normal file
View File

@ -0,0 +1,56 @@
- name: Install DHCP packages
apt:
name: isc-dhcp-server
state: present
install_recommends: no
- name: Set DHCP configurations from templates
template:
src: "{{ item }}"
dest: "/etc/dhcp/{{ item }}"
owner: root
group: root
mode: "u=rw,g=r,o=r"
loop:
- dhcpd.conf
- partner.conf
notify: restart-dhcp
- name: Set rndc.key from template
template:
src: rndc.key
dest: /etc/dhcp/rndc.key
owner: root
group: root
mode: u=rw,g=r,o=
notify: restart-dhcp
- name: Ensure that the directories exist
file:
path: "/etc/dhcp/subnets"
state: directory
owner: root
group: root
mode: "0755"
- name: Map subnets
copy:
content: "{{ item.value }}"
dest: "/etc/dhcp/subnets/{{ item.key }}"
owner: root
group: root
mode: "0644"
loop: "{{ subnets_files | dict2items }}"
- name: Get default IPv4 interface
command: ip -o -4 route show default
register: default_route
- name: Extract interface default name
set_fact:
active_interface: "{{ default_route.stdout.split()[-1] }}"
- name: Disable IPv6
replace:
path: /etc/default/isc-dhcp-server
regexp: '^INTERFACESv6="(.*)"'
replace: '#INTERFACESv6="\1"'
- name: Set interface IPv4
lineinfile:
path: /etc/default/isc-dhcp-server
regexp: '^INTERFACESv4='
line: 'INTERFACESv4="{{ active_interface }}"'
state: present

2
roles/services/tasks/main.yml
View File

@ -2,3 +2,5 @@
tags: timeserver
- import_tasks: adsamba.yml
tags: adsamba
- import_tasks: dhcp.yml
tags: dhcp

58
roles/services/templates/dhcpd.conf Normal file
View File

@ -0,0 +1,58 @@
include "/etc/dhcp/rndc.key";
omapi-port 7911;
omapi-key rndc-key;
#++++++++++++++++++++++++++++++++++++++++++++++ Global
authoritative;
log-facility local7;
update-static-leases on;
use-host-decl-names on;
default-lease-time 86400;
max-lease-time 86400;
option domain-name "{{ domain_name.name }}";
option domain-name-servers {{ domain_name.servers }};
option ntp-servers {{ ntp_servers }};
# DHCP daemon uses default time zone UTC
db-time-format local;
# Allow each client to have exactly one lease, and expire
# old leases if a new DHCPDISCOVER occurs
one-lease-per-client true;
# This checking cause just 1s time delay in responding DHCPDISCOVER messages
# but it may help to abandone old leases from db
ping-check true;
#++++++++++++++++++++++++++++++++++++++++++++++ DNS
ddns-update-style interim;
ddns-updates on;
deny client-updates;
deny duplicates;
deny declines;
zone 10.in-addr.arpa. {
primary {{ domain_name.server_primary }};
key rndc-key;
}
zone 16.172.in-addr.arpa. {
primary {{ domain_name.server_primary }};
key rndc-key;
}
zone 168.192.in-addr.arpa. {
primary {{ domain_name.server_primary }};
key rndc-key;
}
on commit {
log (concat("Host registered: ", config-option host-name));
}
#++++++++++++++++++++++++++++++++++++++++++++++ Subnets
{{ subnets }}

1
roles/services/templates/partner.conf Normal file
View File

@ -0,0 +1 @@
{{ partner }}

4
roles/services/templates/rndc.key Normal file
View File

@ -0,0 +1,4 @@
key "rndc-key" {
algorithm hmac-md5;
secret "{{ lookup(passbolt, 'rndc-key', folder_parent_id=passbolt_folder).password }}";
};