inventory/host_vars/ch-installsmb.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

---
install:
  vm:
    memory: 3072M
    numcpus: 2
    autostart: false
  disks:
    primary: /dev/sda
    scsi:
      sda:
        type: image
        path: "/srv/nvme/{{ inventory_hostname }}/root.img"
  interfaces:
  - bridge: br-mgmt


openwrt_arch: x86
openwrt_target: 64
openwrt_profile: generic
openwrt_output_image_suffixes:
  - "{{ openwrt_profile }}-ext4-combined.img.gz"

openwrt_packages_remove:
  - ppp
  - ppp-mod-pppoe
  - dnsmasq
  - firewall
  - firewall4
  - odhcpd
  - odhcpd-ipv6only
openwrt_packages_add:
  - rng-tools
  - htop
  - ip
  - less
  - nano
  - tcpdump-mini
  - iperf
  - iperf3
  - mtr
  - iptraf-ng
  - samba4-server

openwrt_mixin:
  /etc/dropbear/authorized_keys:
    content: "{{ ssh_keys_root | join('\n') }}\n"

  /etc/htoprc:
    file: "{{ global_files_dir }}/common/htoprc"

  /etc/rc.d/S90smb-tmpfs:
    link: "../init.d/smb-tmpfs"

  /etc/rc.d/K10smb-tmpfs:
    link: "../init.d/smb-tmpfs"

  /etc/init.d/smb-tmpfs:
    mode: "0755"
    content: |
      #!/bin/sh /etc/rc.common
      START=90
      STOP=10

      boot() {
        mkdir -p /srv/install-media
        mount -t tmpfs -o size=2816M install-media /srv/install-media
      }

openwrt_uci:
  system:
    - name: system
      options:
        hostname: '{{ host_name }}'
        timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
        ttylogin: '0'
        log_size: '64'
        urandom_seed: '0'

    - name: timeserver 'ntp'
      options:
        enabled: '0'
        enable_server: '0'

    - name: rngd
      options:
        enabled: '1'
        device: '/dev/hwrng'

  dropbear:
    - name: dropbear
      options:
        PasswordAuth: 'off'
        RootPasswordAuth: 'off'
        Port: '{{ ansible_port | default(22) }}'

  network:
    - name: globals 'globals'
      options:
        ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"

    - name: interface 'loopback'
      options:
        device: lo
        proto: static
        ipaddr: 127.0.0.1
        netmask: 255.0.0.0

    - name: interface 'mgmt'
      options:
        device: eth0
        proto: static
        ipaddr: "{{ network_zones.mgmt.prefix | ansible.utils.ipaddr(network_zones.mgmt.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}"
        netmask: "{{ network_zones.mgmt.prefix | ansible.utils.ipaddr('netmask') }}"

  samba4:
    - name: samba
      options:
        workgroup: 'INSTALL'
        description: 'OS installation media'
        interface: 'mgmt'
        allow_legacy_protocols: 'yes'

    - name: sambashare
      options:
        name: 'media'
        path: '/srv/install-media'
        guest_ok: 'yes'
        read_only: 'yes'