Initial Commit
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Markus Pesch 2022-03-18 14:27:26 +01:00
commit d34a810159
Signed by: volker.raschek
GPG Key ID: 852BCC170D81A982
16 changed files with 621 additions and 0 deletions

3
.ansible-lint Normal file
View File

@ -0,0 +1,3 @@
---
skip_list: []

94
.drone.yml Normal file
View File

@ -0,0 +1,94 @@
---
kind: pipeline
type: kubernetes
name: linter
platform:
os: linux
steps:
- name: markdown lint
commands:
- markdownlint *.md
image: docker.io/volkerraschek/markdownlint:0.31.1
resources:
limits:
cpu: 50
memory: 50M
- name: email-notification
environment:
PLUGIN_HOST:
from_secret: smtp_host
PLUGIN_USERNAME:
from_secret: smtp_username
PLUGIN_PASSWORD:
from_secret: smtp_password
PLUGIN_FROM:
from_secret: smtp_mail_address
image: docker.io/drillster/drone-email:latest
resources:
limits:
cpu: 50
memory: 25M
when:
status:
- changed
- failure
trigger:
event:
exclude:
- tag
---
kind: pipeline
type: kubernetes
name: sync
platform:
os: linux
arch: amd64
steps:
- name: github
image: docker.io/appleboy/drone-git-push:latest
resources:
limits:
cpu: 50
memory: 25M
settings:
branch: master
remote: ssh://git@github.com/volker-raschek/networking-role.git
force: true
ssh_key:
from_secret: ssh_key
- name: email-notification
environment:
PLUGIN_HOST:
from_secret: smtp_host
PLUGIN_USERNAME:
from_secret: smtp_username
PLUGIN_PASSWORD:
from_secret: smtp_password
PLUGIN_FROM:
from_secret: smtp_mail_address
image: docker.io/drillster/drone-email:latest
resources:
limits:
cpu: 50
memory: 25M
when:
status:
- changed
- failure
trigger:
branch:
- master
event:
- cron
- push
repo:
- volker.raschek/networking-role

12
.editorconfig Normal file
View File

@ -0,0 +1,12 @@
# EditorConfig is awesome: https://EditorConfig.org
# top-most EditorConfig file
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = false

144
.markdownlint.yaml Normal file
View File

@ -0,0 +1,144 @@
# markdownlint YAML configuration
# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml
# Default state for all rules
default: true
# Path to configuration file to extend
extends: null
# MD003/heading-style/header-style - Heading style
MD003:
# Heading style
style: "atx"
# MD004/ul-style - Unordered list style
MD004:
style: "dash"
# MD007/ul-indent - Unordered list indentation
MD007:
# Spaces for indent
indent: 2
# Whether to indent the first level of the list
start_indented: false
# MD009/no-trailing-spaces - Trailing spaces
MD009:
# Spaces for line break
br_spaces: 2
# Allow spaces for empty lines in list items
list_item_empty_lines: false
# Include unnecessary breaks
strict: false
# MD010/no-hard-tabs - Hard tabs
MD010:
# Include code blocks
code_blocks: true
# MD012/no-multiple-blanks - Multiple consecutive blank lines
MD012:
# Consecutive blank lines
maximum: 1
# MD013/line-length - Line length
MD013:
# Number of characters
line_length: 80
# Number of characters for headings
heading_line_length: 80
# Number of characters for code blocks
code_block_line_length: 80
# Include code blocks
code_blocks: false
# Include tables
tables: false
# Include headings
headings: true
# Include headings
headers: true
# Strict length checking
strict: false
# Stern length checking
stern: false
# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines
MD022:
# Blank lines above heading
lines_above: 1
# Blank lines below heading
lines_below: 1
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
MD024:
# Only check sibling headings
allow_different_nesting: true
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
MD025:
# Heading level
level: 1
# RegExp for matching title in front matter
front_matter_title: "^\\s*title\\s*[:=]"
# MD026/no-trailing-punctuation - Trailing punctuation in heading
MD026:
# Punctuation characters
punctuation: ".,;:!。,;:!"
# MD029/ol-prefix - Ordered list item prefix
MD029:
# List style
style: "one_or_ordered"
# MD030/list-marker-space - Spaces after list markers
MD030:
# Spaces for single-line unordered list items
ul_single: 1
# Spaces for single-line ordered list items
ol_single: 1
# Spaces for multi-line unordered list items
ul_multi: 1
# Spaces for multi-line ordered list items
ol_multi: 1
# MD033/no-inline-html - Inline HTML
MD033:
# Allowed elements
allowed_elements: []
# MD035/hr-style - Horizontal rule style
MD035:
# Horizontal rule style
style: "---"
# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading
MD036:
# Punctuation characters
punctuation: ".,;:!?。,;:!?"
# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading
MD041:
# Heading level
level: 1
# RegExp for matching title in front matter
front_matter_title: "^\\s*title\\s*[:=]"
# MD044/proper-names - Proper names should have the correct capitalization
MD044:
# List of proper names
names:
- gitea
# Include code blocks
code_blocks: false
# MD046/code-block-style - Code block style
MD046:
# Block style
style: "fenced"
# MD048/code-fence-style - Code fence style
MD048:
# Code fence syle
style: "backtick"

20
LICENSE Normal file
View File

@ -0,0 +1,20 @@
Copyright (c) 2022 Markus Pesch
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

21
README.md Normal file
View File

@ -0,0 +1,21 @@
# networking
[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/networking-role/status.svg)](https://drone.cryptic.systems/volker.raschek/networking-role)
[![Ansible Role](https://img.shields.io/ansible/role/d/58170)](https://galaxy.ansible.com/volker_raschek/networking_role)
With following role can the networking stack provided by systemd be configured.
## Supported distributions
- Arch Linux
- Ubuntu 20.04
## Features
- Installing systemd-networkd, systemd-resolved and systemd-timesyncd
- Configuring systemd networking services
## Configuring
In the default directory are examples how to configure the network stack. Copy the
defaults into your `host_vars` or `group_vars` and adapt the examples.

64
defaults/main.yml Normal file
View File

@ -0,0 +1,64 @@
---
systemd_networkd_netdev: []
# - netdev_options:
# - key: Name
# value: bo0
# - key: Kind
# value: Bond
# bond_options:
# - key: Mode
# value: 802.3ad
# - key: TransmitHashPolicy
# value: layer3+4
# - key: MIIMonitorSec
# value: 1s
# - key: LACPRransmitRate
# value: fast
# filename: 10-bo0.netdev
# - netdev_options:
# - key: Name
# value: br0
# - key: Kind
# value: Bridge
# bridge_options: {}
# filename: 10-br0.netdev
systemd_networkd_network: []
# - match_options:
# - key: Name
# value: enp*
# network_options:
# - key: Bond
# value: bo0
# filename: 20-enp.network
# - match_options:
# - key: Name
# value: wlp*
# network_options:
# - key: DHCP
# value: "yes"
# dhcp_options:
# - key: RouteMetric
# value: 20
# filename: 20-wlp.network
# - match_options:
# - key: Name
# value: bo0
# network_options:
# - key: Bridge
# value: br0
# - key: BindCarrier
# value: enp*
# filename: 30-bo0.network
# - match_options:
# - key: Name
# value: br0
# network_options:
# - key: DHCP
# value: "yes"
# dhcp_options:
# - key: RouteMetric
# value: 10
systemd_timesyncd_timezone: Europe/Berlin

11
handlers/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: restart networkd
systemd:
name: "{{ item }}"
state: restarted
daemon_reload: true
with_items:
- systemd-networkd
- systemd-resolved
- systemd-timesyncd

52
meta/main.yml Normal file
View File

@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

17
renovate.json Normal file
View File

@ -0,0 +1,17 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"assignees": [ "volker.raschek" ],
"automergeStrategy": "merge-commit",
"automergeType": "pr",
"labels": [ "renovate" ],
"packageRules": [
{
"addLabels": [ "renovate/droneci", "renovate/automerge" ],
"automerge": true,
"matchManagers": "droneci",
"matchUpdateTypes": [ "minor", "patch"]
}
],
"rebaseLabel": "renovate/rebase",
"rebaseWhen": "behind-base-branch"
}

89
tasks/main.yml Normal file
View File

@ -0,0 +1,89 @@
---
- name: Load variables
include_vars: "{{ ansible_os_family }}.yml"
- name: "remove existing systemd-networkd configuration"
file:
path: "/etc/systemd/network"
state: absent
- name: "create systemd-networkd directory"
file:
path: "/etc/systemd/network"
owner: root
group: root
mode: 0755
state: directory
- name: Create systemd.netdev files
block:
- name: Create systemd.netdev files
template:
src: systemd.netdev.j2
dest: "/etc/systemd/network/{{ item.filename }}"
owner: "{{ systemd_networkd_unix_user }}"
group: "{{ systemd_networkd_unix_user }}"
mode: 0644
when: item.netdev_options is defined and
item.netdev_options | selectattr("key", "==", "Kind") and
item.netdev_options | selectattr("value", "!=", "WireGuard")
with_items: "{{ systemd_networkd_netdev }}"
- name: Create sensitive systemd.netdev files
template:
src: systemd.netdev.j2
dest: "/etc/systemd/network/{{ item.filename }}"
owner: "{{ systemd_networkd_unix_user }}"
group: "{{ systemd_networkd_unix_user }}"
mode: 0600
when: item.netdev_options is defined and
item.netdev_options | selectattr("key", "equalto", "Kind") and
item.netdev_options | selectattr("value", "equalto", "WireGuard")
with_items: "{{ systemd_networkd_netdev }}"
notify: restart networkd
- name: Create systemd.networkd files
template:
src: systemd.network.j2
dest: "/etc/systemd/network/{{ item.filename }}"
owner: "{{ systemd_networkd_unix_user }}"
group: "{{ systemd_networkd_unix_user }}"
mode: 0644
with_items: "{{ systemd_networkd_network }}"
notify: restart networkd
- name: Create symlink to use systemd-resolved's stub-listener
file:
src: /run/systemd/resolve/stub-resolv.conf
dest: /etc/resolv.conf
state: link
force: yes
follow: no
owner: root
group: root
- name: start and enable networkd
service:
name: systemd-networkd
state: started
enabled: yes
daemon_reload: yes
- name: start and enable resolved
service:
name: systemd-resolved
state: started
enabled: yes
daemon_reload: yes
- name: set timezone
timezone:
name: "{{ systemd_timesyncd_timezone }}"
- name: start and enable timesyncd
service:
name: systemd-timesyncd
state: started
enabled: yes
daemon_reload: yes

View File

@ -0,0 +1,38 @@
#
# {{ ansible_managed }}
#
{% if item.netdev_options is defined and item.netdev_options | length > 0 %}
[NetDev]
{% for netdev_option in item.netdev_options %}
{{ netdev_option.key }}={{ netdev_option.value }}
{% endfor %}
{% endif %}
{% if item.bond_options is defined and item.bond_options | length > 0 %}
[Bond]
{% for bond_option in item.bond_options %}
{{ bond_option.key }}={{ bond_option.value }}
{% endfor %}
{% endif %}
{% if item.bridge_options is defined and item.bridge_options | length > 0 %}
[Bridge]
{% for bridge_option in item.bridge_options %}
{{ bridge_option.key }}={{ bridge_option.value }}
{% endfor %}
{% endif %}
{% if item.wireguard_options is defined and item.wireguard_options | length > 0 %}
[WireGuard]
{% for wireguard_option in item.wireguard_options %}
{{ wireguard_option.key }}={{ wireguard_option.value }}
{% endfor %}
{% endif %}
{% if item.wireguard_peer_options is defined and item.wireguard_peer_options | length > 0 %}
[WireGuardPeer]
{% for wireguard_peer_option in item.wireguard_peer_options %}
{{ wireguard_peer_option.key }}={{ wireguard_peer_option.value }}
{% endfor %}
{% endif %}

View File

@ -0,0 +1,42 @@
#jinja2: lstrip_blocks: "True", trim_blocks: "True"
#
# {{ ansible_managed }}
#
{% if item.match_options is defined and item.match_options | length > 0 %}
[Match]
{% for match_option in item.match_options %}
{{ match_option.key }}={{ match_option.value }}
{% endfor %}
{% endif %}
{% if item.network_options is defined and item.network_options | length > 0 %}
[Network]
{% for network_option in item.network_options %}
{{ network_option.key }}={{ network_option.value }}
{% endfor %}
{% endif %}
{% if item.dhcp_options is defined and item.dhcp_options | length > 0 %}
[DHCP]
{% for dhcp_option in item.dhcp_options %}
{{ dhcp_option.key }}={{ dhcp_option.value }}
{% endfor %}
{% endif %}
{% if item.addresses is defined and item.addresses | length > 0 %}
{% for address in item.addresses %}
[Address]
{% for address_option in address.options %}
{{ address_option.key }}={{ address_option.value }}
{% endfor %}
{% endfor %}
{% endif %}
{% if item.route_options is defined and item.route_options | length > 0 %}
[Route]
{% for route_option in item.route_options %}
{{ route_option.key }}={{ route_option.value }}
{% endfor %}
{% endif %}

4
vars/Archlinux.yml Normal file
View File

@ -0,0 +1,4 @@
---
systemd_networkd_unix_user: systemd-network
systemd_networkd_unix_group: systemd-network

4
vars/Debian.yml Normal file
View File

@ -0,0 +1,4 @@
---
systemd_networkd_unix_user: systemd-network
systemd_networkd_unix_group: systemd-network

6
vars/RedHat.yml Normal file
View File

@ -0,0 +1,6 @@
---
systemd_networkd_unix_user: systemd-network
systemd_networkd_unix_group: systemd-network
systemd_networkd_package_names: []