From 9e02de276f2dab55cbb267c18db534f2e1dc6c6c Mon Sep 17 00:00:00 2001
From: Vladimir Still <git@vstill.eu>
Date: Mon, 28 Mar 2022 23:07:16 +0200
Subject: [PATCH] ansible: Update bk2

---
 ansible/bk2.v.vstill.cz.yml               | 41 +++++++++++++++++++++--
 ansible/templates/dhcpcd-ipv4-static-hook |  7 ++++
 2 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 ansible/templates/dhcpcd-ipv4-static-hook

diff --git a/ansible/bk2.v.vstill.cz.yml b/ansible/bk2.v.vstill.cz.yml
index 2ec584a..4078ba1 100644
--- a/ansible/bk2.v.vstill.cz.yml
+++ b/ansible/bk2.v.vstill.cz.yml
@@ -3,9 +3,14 @@
   vars:
     ansible_fqdn: bk2.v.vstill.cz
     postfix: true
-    mail_relay: relay.fi.muni.cz # gate.p.vstill.cz
+    mail_relay: 192.168.2.52
     pam_use_kerberos: false
-    admin_email: xstill+bk2@fi.muni.cz
+    nft_extra:
+        # Samba (local nets only)
+
+        ip saddr 192.168.0.0/21 tcp dport { 139, 445 } accept
+
+        ip saddr 192.168.0.0/21 tcp dport { 137, 138 } accept
 
   tasks:
     - fail:
@@ -15,6 +20,16 @@
     - import_role:
         name: common_deb
 
+    - name: Additional static IPv4 setup
+      template:
+        src: dhcpcd-ipv4-static-hook
+        dest: /lib/dhcpcd/dhcpcd-hooks/09-ipv4-static
+      vars:
+        static_ip: 192.168.2.51/24
+        static_dev: enp2s0
+      notify:
+        - restart dhcpcd
+
     - import_role:
         name: vstill_deb
 
@@ -75,3 +90,25 @@
         - raid1
         - raid456
         - dm_integrity
+
+    - name: OpenVPN service config
+      template:
+        src: openvpn-vstill.conf
+        dest: '/etc/openvpn/client/{{ovpn_hostname | default(inventory_hostname)}}.conf'
+      register: ovpn_config
+
+    - name: OpenVPN service
+      systemd:
+        name: 'openvpn-client@{{ovpn_hostname | default(inventory_hostname)}}.service'
+        enabled: true
+        state: '{{"restarted" if ovpn_config.changed else "started"}}'
+
+    - name: Samba
+      import_role:
+        name: samba
+      vars:
+        shares:
+          - name: "public"
+            path: "/data/public"
+            public: true
+            writeable: true
diff --git a/ansible/templates/dhcpcd-ipv4-static-hook b/ansible/templates/dhcpcd-ipv4-static-hook
new file mode 100644
index 0000000..2452786
--- /dev/null
+++ b/ansible/templates/dhcpcd-ipv4-static-hook
@@ -0,0 +1,7 @@
+# WARNING: This file is automatically managed by ansible, any changes in it will be discarded on configuration reload
+set -x
+if [ $reason = "CARRIER" ] && [ $interface = "{{static_dev}}" ]; then
+    ip addr add {{static_ip}} dev {{static_dev}}
+fi
+# vim: ft=sh
+
-- 
GitLab