commit d34a810159cb7b2b4b1033879e1bd92598305a42 Author: Markus Pesch Date: Fri Mar 18 14:27:26 2022 +0100 Initial Commit diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..dff231b --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,3 @@ +--- + +skip_list: [] \ No newline at end of file diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..bb91ef3 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,94 @@ +--- +kind: pipeline +type: kubernetes +name: linter + +platform: + os: linux + +steps: +- name: markdown lint + commands: + - markdownlint *.md + image: docker.io/volkerraschek/markdownlint:0.31.1 + resources: + limits: + cpu: 50 + memory: 50M + +- name: email-notification + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + image: docker.io/drillster/drone-email:latest + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +trigger: + event: + exclude: + - tag + +--- +kind: pipeline +type: kubernetes +name: sync + +platform: + os: linux + arch: amd64 + +steps: +- name: github + image: docker.io/appleboy/drone-git-push:latest + resources: + limits: + cpu: 50 + memory: 25M + settings: + branch: master + remote: ssh://git@github.com/volker-raschek/networking-role.git + force: true + ssh_key: + from_secret: ssh_key + +- name: email-notification + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + image: docker.io/drillster/drone-email:latest + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +trigger: + branch: + - master + event: + - cron + - push + repo: + - volker.raschek/networking-role diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..ad4c311 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = false diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..3406b43 --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,144 @@ +# markdownlint YAML configuration +# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml + +# Default state for all rules +default: true + +# Path to configuration file to extend +extends: null + +# MD003/heading-style/header-style - Heading style +MD003: + # Heading style + style: "atx" + +# MD004/ul-style - Unordered list style +MD004: + style: "dash" + +# MD007/ul-indent - Unordered list indentation +MD007: + # Spaces for indent + indent: 2 + # Whether to indent the first level of the list + start_indented: false + +# MD009/no-trailing-spaces - Trailing spaces +MD009: + # Spaces for line break + br_spaces: 2 + # Allow spaces for empty lines in list items + list_item_empty_lines: false + # Include unnecessary breaks + strict: false + +# MD010/no-hard-tabs - Hard tabs +MD010: + # Include code blocks + code_blocks: true + +# MD012/no-multiple-blanks - Multiple consecutive blank lines +MD012: + # Consecutive blank lines + maximum: 1 + +# MD013/line-length - Line length +MD013: + # Number of characters + line_length: 80 + # Number of characters for headings + heading_line_length: 80 + # Number of characters for code blocks + code_block_line_length: 80 + # Include code blocks + code_blocks: false + # Include tables + tables: false + # Include headings + headings: true + # Include headings + headers: true + # Strict length checking + strict: false + # Stern length checking + stern: false + +# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines +MD022: + # Blank lines above heading + lines_above: 1 + # Blank lines below heading + lines_below: 1 + +# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content +MD024: + # Only check sibling headings + allow_different_nesting: true + +# MD025/single-title/single-h1 - Multiple top-level headings in the same document +MD025: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD026/no-trailing-punctuation - Trailing punctuation in heading +MD026: + # Punctuation characters + punctuation: ".,;:!。,;:!" + +# MD029/ol-prefix - Ordered list item prefix +MD029: + # List style + style: "one_or_ordered" + +# MD030/list-marker-space - Spaces after list markers +MD030: + # Spaces for single-line unordered list items + ul_single: 1 + # Spaces for single-line ordered list items + ol_single: 1 + # Spaces for multi-line unordered list items + ul_multi: 1 + # Spaces for multi-line ordered list items + ol_multi: 1 + +# MD033/no-inline-html - Inline HTML +MD033: + # Allowed elements + allowed_elements: [] + +# MD035/hr-style - Horizontal rule style +MD035: + # Horizontal rule style + style: "---" + +# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading +MD036: + # Punctuation characters + punctuation: ".,;:!?。,;:!?" + +# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading +MD041: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD044/proper-names - Proper names should have the correct capitalization +MD044: + # List of proper names + names: + - gitea + # Include code blocks + code_blocks: false + +# MD046/code-block-style - Code block style +MD046: + # Block style + style: "fenced" + +# MD048/code-fence-style - Code fence style +MD048: + # Code fence syle + style: "backtick" \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..51ff935 --- /dev/null +++ b/LICENSE @@ -0,0 +1,20 @@ +Copyright (c) 2022 Markus Pesch + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..2cead0e --- /dev/null +++ b/README.md @@ -0,0 +1,21 @@ +# networking + +[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/networking-role/status.svg)](https://drone.cryptic.systems/volker.raschek/networking-role) +[![Ansible Role](https://img.shields.io/ansible/role/d/58170)](https://galaxy.ansible.com/volker_raschek/networking_role) + +With following role can the networking stack provided by systemd be configured. + +## Supported distributions + +- Arch Linux +- Ubuntu 20.04 + +## Features + +- Installing systemd-networkd, systemd-resolved and systemd-timesyncd +- Configuring systemd networking services + +## Configuring + +In the default directory are examples how to configure the network stack. Copy the +defaults into your `host_vars` or `group_vars` and adapt the examples. diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..74b1ada --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,64 @@ +--- + +systemd_networkd_netdev: [] +# - netdev_options: +# - key: Name +# value: bo0 +# - key: Kind +# value: Bond +# bond_options: +# - key: Mode +# value: 802.3ad +# - key: TransmitHashPolicy +# value: layer3+4 +# - key: MIIMonitorSec +# value: 1s +# - key: LACPRransmitRate +# value: fast +# filename: 10-bo0.netdev +# - netdev_options: +# - key: Name +# value: br0 +# - key: Kind +# value: Bridge +# bridge_options: {} +# filename: 10-br0.netdev + +systemd_networkd_network: [] +# - match_options: +# - key: Name +# value: enp* +# network_options: +# - key: Bond +# value: bo0 +# filename: 20-enp.network +# - match_options: +# - key: Name +# value: wlp* +# network_options: +# - key: DHCP +# value: "yes" +# dhcp_options: +# - key: RouteMetric +# value: 20 +# filename: 20-wlp.network +# - match_options: +# - key: Name +# value: bo0 +# network_options: +# - key: Bridge +# value: br0 +# - key: BindCarrier +# value: enp* +# filename: 30-bo0.network +# - match_options: +# - key: Name +# value: br0 +# network_options: +# - key: DHCP +# value: "yes" +# dhcp_options: +# - key: RouteMetric +# value: 10 + +systemd_timesyncd_timezone: Europe/Berlin \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..25ee114 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,11 @@ +--- + +- name: restart networkd + systemd: + name: "{{ item }}" + state: restarted + daemon_reload: true + with_items: + - systemd-networkd + - systemd-resolved + - systemd-timesyncd diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..0eb214c --- /dev/null +++ b/renovate.json @@ -0,0 +1,17 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "assignees": [ "volker.raschek" ], + "automergeStrategy": "merge-commit", + "automergeType": "pr", + "labels": [ "renovate" ], + "packageRules": [ + { + "addLabels": [ "renovate/droneci", "renovate/automerge" ], + "automerge": true, + "matchManagers": "droneci", + "matchUpdateTypes": [ "minor", "patch"] + } + ], + "rebaseLabel": "renovate/rebase", + "rebaseWhen": "behind-base-branch" +} diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..4d6f26b --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,89 @@ +--- + +- name: Load variables + include_vars: "{{ ansible_os_family }}.yml" + +- name: "remove existing systemd-networkd configuration" + file: + path: "/etc/systemd/network" + state: absent + +- name: "create systemd-networkd directory" + file: + path: "/etc/systemd/network" + owner: root + group: root + mode: 0755 + state: directory + +- name: Create systemd.netdev files + block: + - name: Create systemd.netdev files + template: + src: systemd.netdev.j2 + dest: "/etc/systemd/network/{{ item.filename }}" + owner: "{{ systemd_networkd_unix_user }}" + group: "{{ systemd_networkd_unix_user }}" + mode: 0644 + when: item.netdev_options is defined and + item.netdev_options | selectattr("key", "==", "Kind") and + item.netdev_options | selectattr("value", "!=", "WireGuard") + with_items: "{{ systemd_networkd_netdev }}" + + - name: Create sensitive systemd.netdev files + template: + src: systemd.netdev.j2 + dest: "/etc/systemd/network/{{ item.filename }}" + owner: "{{ systemd_networkd_unix_user }}" + group: "{{ systemd_networkd_unix_user }}" + mode: 0600 + when: item.netdev_options is defined and + item.netdev_options | selectattr("key", "equalto", "Kind") and + item.netdev_options | selectattr("value", "equalto", "WireGuard") + with_items: "{{ systemd_networkd_netdev }}" + notify: restart networkd + +- name: Create systemd.networkd files + template: + src: systemd.network.j2 + dest: "/etc/systemd/network/{{ item.filename }}" + owner: "{{ systemd_networkd_unix_user }}" + group: "{{ systemd_networkd_unix_user }}" + mode: 0644 + with_items: "{{ systemd_networkd_network }}" + notify: restart networkd + +- name: Create symlink to use systemd-resolved's stub-listener + file: + src: /run/systemd/resolve/stub-resolv.conf + dest: /etc/resolv.conf + state: link + force: yes + follow: no + owner: root + group: root + +- name: start and enable networkd + service: + name: systemd-networkd + state: started + enabled: yes + daemon_reload: yes + +- name: start and enable resolved + service: + name: systemd-resolved + state: started + enabled: yes + daemon_reload: yes + +- name: set timezone + timezone: + name: "{{ systemd_timesyncd_timezone }}" + +- name: start and enable timesyncd + service: + name: systemd-timesyncd + state: started + enabled: yes + daemon_reload: yes diff --git a/templates/systemd.netdev.j2 b/templates/systemd.netdev.j2 new file mode 100644 index 0000000..243cb23 --- /dev/null +++ b/templates/systemd.netdev.j2 @@ -0,0 +1,38 @@ +# +# {{ ansible_managed }} +# + +{% if item.netdev_options is defined and item.netdev_options | length > 0 %} +[NetDev] +{% for netdev_option in item.netdev_options %} +{{ netdev_option.key }}={{ netdev_option.value }} +{% endfor %} +{% endif %} + +{% if item.bond_options is defined and item.bond_options | length > 0 %} +[Bond] +{% for bond_option in item.bond_options %} +{{ bond_option.key }}={{ bond_option.value }} +{% endfor %} +{% endif %} + +{% if item.bridge_options is defined and item.bridge_options | length > 0 %} +[Bridge] +{% for bridge_option in item.bridge_options %} +{{ bridge_option.key }}={{ bridge_option.value }} +{% endfor %} +{% endif %} + +{% if item.wireguard_options is defined and item.wireguard_options | length > 0 %} +[WireGuard] +{% for wireguard_option in item.wireguard_options %} +{{ wireguard_option.key }}={{ wireguard_option.value }} +{% endfor %} +{% endif %} + +{% if item.wireguard_peer_options is defined and item.wireguard_peer_options | length > 0 %} +[WireGuardPeer] +{% for wireguard_peer_option in item.wireguard_peer_options %} +{{ wireguard_peer_option.key }}={{ wireguard_peer_option.value }} +{% endfor %} +{% endif %} diff --git a/templates/systemd.network.j2 b/templates/systemd.network.j2 new file mode 100644 index 0000000..d7b1e04 --- /dev/null +++ b/templates/systemd.network.j2 @@ -0,0 +1,42 @@ +#jinja2: lstrip_blocks: "True", trim_blocks: "True" +# +# {{ ansible_managed }} +# + +{% if item.match_options is defined and item.match_options | length > 0 %} +[Match] +{% for match_option in item.match_options %} +{{ match_option.key }}={{ match_option.value }} +{% endfor %} +{% endif %} + +{% if item.network_options is defined and item.network_options | length > 0 %} +[Network] +{% for network_option in item.network_options %} +{{ network_option.key }}={{ network_option.value }} +{% endfor %} +{% endif %} + +{% if item.dhcp_options is defined and item.dhcp_options | length > 0 %} +[DHCP] +{% for dhcp_option in item.dhcp_options %} +{{ dhcp_option.key }}={{ dhcp_option.value }} +{% endfor %} +{% endif %} + +{% if item.addresses is defined and item.addresses | length > 0 %} +{% for address in item.addresses %} +[Address] +{% for address_option in address.options %} +{{ address_option.key }}={{ address_option.value }} +{% endfor %} + +{% endfor %} +{% endif %} + +{% if item.route_options is defined and item.route_options | length > 0 %} +[Route] +{% for route_option in item.route_options %} +{{ route_option.key }}={{ route_option.value }} +{% endfor %} +{% endif %} \ No newline at end of file diff --git a/vars/Archlinux.yml b/vars/Archlinux.yml new file mode 100644 index 0000000..dbc81ee --- /dev/null +++ b/vars/Archlinux.yml @@ -0,0 +1,4 @@ +--- + +systemd_networkd_unix_user: systemd-network +systemd_networkd_unix_group: systemd-network \ No newline at end of file diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..dbc81ee --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,4 @@ +--- + +systemd_networkd_unix_user: systemd-network +systemd_networkd_unix_group: systemd-network \ No newline at end of file diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..2a17aca --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,6 @@ +--- + +systemd_networkd_unix_user: systemd-network +systemd_networkd_unix_group: systemd-network + +systemd_networkd_package_names: [] \ No newline at end of file