diff --git a/ansible/bk2.v.vstill.cz.yml b/ansible/bk2.v.vstill.cz.yml
index 2ec584a96b19fecda2410fa3fc2ded71f03ea7b5..4078ba188a5de4732f511dd5a19a10081ace4004 100644
--- a/ansible/bk2.v.vstill.cz.yml
+++ b/ansible/bk2.v.vstill.cz.yml
@@ -3,9 +3,14 @@
vars:
ansible_fqdn: bk2.v.vstill.cz
postfix: true
- mail_relay: relay.fi.muni.cz # gate.p.vstill.cz
+ mail_relay: 192.168.2.52
pam_use_kerberos: false
- admin_email: xstill+bk2@fi.muni.cz
+ nft_extra:
+ # Samba (local nets only)
+
+ ip saddr 192.168.0.0/21 tcp dport { 139, 445 } accept
+
+ ip saddr 192.168.0.0/21 tcp dport { 137, 138 } accept
tasks:
- fail:
@@ -15,6 +20,16 @@
- import_role:
name: common_deb
+ - name: Additional static IPv4 setup
+ template:
+ src: dhcpcd-ipv4-static-hook
+ dest: /lib/dhcpcd/dhcpcd-hooks/09-ipv4-static
+ vars:
+ static_ip: 192.168.2.51/24
+ static_dev: enp2s0
+ notify:
+ - restart dhcpcd
+
- import_role:
name: vstill_deb
@@ -75,3 +90,25 @@
- raid1
- raid456
- dm_integrity
+
+ - name: OpenVPN service config
+ template:
+ src: openvpn-vstill.conf
+ dest: '/etc/openvpn/client/{{ovpn_hostname | default(inventory_hostname)}}.conf'
+ register: ovpn_config
+
+ - name: OpenVPN service
+ systemd:
+ name: 'openvpn-client@{{ovpn_hostname | default(inventory_hostname)}}.service'
+ enabled: true
+ state: '{{"restarted" if ovpn_config.changed else "started"}}'
+
+ - name: Samba
+ import_role:
+ name: samba
+ vars:
+ shares:
+ - name: "public"
+ path: "/data/public"
+ public: true
+ writeable: true
diff --git a/ansible/templates/dhcpcd-ipv4-static-hook b/ansible/templates/dhcpcd-ipv4-static-hook
new file mode 100644
index 0000000000000000000000000000000000000000..2452786d2c0c3de27ce65faedbe3f5b76242c8dc
--- /dev/null
+++ b/ansible/templates/dhcpcd-ipv4-static-hook
@@ -0,0 +1,7 @@
+# WARNING: This file is automatically managed by ansible, any changes in it will be discarded on configuration reload
+set -x
+if [ $reason = "CARRIER" ] && [ $interface = "{{static_dev}}" ]; then
+ ip addr add {{static_ip}} dev {{static_dev}}
+fi
+# vim: ft=sh
+