From 3c0cd65a7c3df993000029cb0cb8ec430845ef46 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 27 May 2024 22:53:29 +0200
Subject: move ch-cm4-sensors* to iot vlan

---
 chaos-at-home/ch-iot.yml                       | 42 ++++++++++++++++++++++++++
 inventory/group_vars/chaos-at-home/network.yml |  4 +--
 inventory/host_vars/ch-cm4-sensors0.yml        |  8 +----
 inventory/host_vars/ch-cm4-sensors1.yml        |  8 +----
 4 files changed, 46 insertions(+), 16 deletions(-)

diff --git a/chaos-at-home/ch-iot.yml b/chaos-at-home/ch-iot.yml
index 1cc18e76..86e78956 100644
--- a/chaos-at-home/ch-iot.yml
+++ b/chaos-at-home/ch-iot.yml
@@ -17,3 +17,45 @@
   - role: mosquitto/broker
   - role: nginx/base
   - role: monitoring/prometheus/exporter
+  post_tasks:
+  - name: create systemd override directory for nginx service unit
+    file:
+      path: /etc/systemd/system/nginx.service.d
+      state: directory
+
+  - name: create overrides for nginx systemd unit
+    copy:
+      content: |
+        [Unit]
+        After=network-online.target
+        Wants=network-online.target
+      dest: /etc/systemd/system/nginx.service.d/after-network-online.conf
+
+  - name: configure default vhost web.chaos-at-home.org
+    vars:
+      nginx_vhost:
+        name: iot-default
+        default: yes
+        listen:
+        - "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:80"
+        template: generic
+        locations:
+          '/':
+            return: 404
+    include_role:
+      name: nginx/vhost
+
+  - name: configure reverse-proxy for apt-cache
+    vars:
+      nginx_vhost:
+        name: apt.chaos-at-home.org
+        listen:
+        - "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:80"
+        hostnames:
+        - apt.chaos-at-home.org
+        template: generic
+        locations:
+          '/':
+            proxy_pass: "http://apt.chaos-at-home.org/"
+    include_role:
+      name: nginx/vhost
diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml
index d4a5d2cd..099cd4d9 100644
--- a/inventory/group_vars/chaos-at-home/network.yml
+++ b/inventory/group_vars/chaos-at-home/network.yml
@@ -70,6 +70,8 @@ network_zones:
       ch-sensors1: 11
       ch-sensors2: 12
       ch-testvm-phoebe: 43
+      ch-cm4-sensors0: 200
+      ch-cm4-sensors1: 201
       ch-mon: 230
       ch-iot: 254
 
@@ -97,8 +99,6 @@ network_zones:
       ch-gw-c3voc: 73
       __svc_http__: 80
       __svc_imap__: 143
-      ch-cm4-sensors0: 200
-      ch-cm4-sensors1: 201
       ch-mon: 230
       ch-greenbone: 231
       ch-router-obsd: 253
diff --git a/inventory/host_vars/ch-cm4-sensors0.yml b/inventory/host_vars/ch-cm4-sensors0.yml
index 79b0e4c3..dd4c649c 100644
--- a/inventory/host_vars/ch-cm4-sensors0.yml
+++ b/inventory/host_vars/ch-cm4-sensors0.yml
@@ -3,15 +3,9 @@ raspios_variant: lite
 raspios_arch: arm64
 
 network:
-  nameservers: "{{ network_zones.svc.dns }}"
-  domain: "{{ host_domain }}"
   primary: &_network_primary_
     name: eth0
-    address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}"
-    gateway: "{{ network_zones.svc.gateway }}"
-    static_routes:
-    - destination: "{{ network_zones.lan.prefix }}"
-      gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
+    address: "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) }}"
   interfaces:
   - *_network_primary_
 
diff --git a/inventory/host_vars/ch-cm4-sensors1.yml b/inventory/host_vars/ch-cm4-sensors1.yml
index 79b0e4c3..dd4c649c 100644
--- a/inventory/host_vars/ch-cm4-sensors1.yml
+++ b/inventory/host_vars/ch-cm4-sensors1.yml
@@ -3,15 +3,9 @@ raspios_variant: lite
 raspios_arch: arm64
 
 network:
-  nameservers: "{{ network_zones.svc.dns }}"
-  domain: "{{ host_domain }}"
   primary: &_network_primary_
     name: eth0
-    address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}"
-    gateway: "{{ network_zones.svc.gateway }}"
-    static_routes:
-    - destination: "{{ network_zones.lan.prefix }}"
-      gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
+    address: "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) }}"
   interfaces:
   - *_network_primary_
 
-- 
cgit v1.2.3