ansible: Update bk2

ansible/bk2.v.vstill.cz.yml

@@ -3,9 +3,14 @@
   vars:
     ansible_fqdn: bk2.v.vstill.cz
     postfix: true
-    mail_relay: relay.fi.muni.cz # gate.p.vstill.cz
+    mail_relay: 192.168.2.52
     pam_use_kerberos: false
-    admin_email: xstill+bk2@fi.muni.cz
+    nft_extra:
+        # Samba (local nets only)
+
+        ip saddr 192.168.0.0/21 tcp dport { 139, 445 } accept
+
+        ip saddr 192.168.0.0/21 tcp dport { 137, 138 } accept
 
   tasks:
     - fail:
@@ -15,6 +20,16 @@
     - import_role:
         name: common_deb
 
+    - name: Additional static IPv4 setup
+      template:
+        src: dhcpcd-ipv4-static-hook
+        dest: /lib/dhcpcd/dhcpcd-hooks/09-ipv4-static
+      vars:
+        static_ip: 192.168.2.51/24
+        static_dev: enp2s0
+      notify:
+        - restart dhcpcd
+
     - import_role:
         name: vstill_deb
 
@@ -75,3 +90,25 @@
         - raid1
         - raid456
         - dm_integrity
+
+    - name: OpenVPN service config
+      template:
+        src: openvpn-vstill.conf
+        dest: '/etc/openvpn/client/{{ovpn_hostname | default(inventory_hostname)}}.conf'
+      register: ovpn_config
+
+    - name: OpenVPN service
+      systemd:
+        name: 'openvpn-client@{{ovpn_hostname | default(inventory_hostname)}}.service'
+        enabled: true
+        state: '{{"restarted" if ovpn_config.changed else "started"}}'
+
+    - name: Samba
+      import_role:
+        name: samba
+      vars:
+        shares:
+          - name: "public"
+            path: "/data/public"
+            public: true
+            writeable: true

ansible/templates/dhcpcd-ipv4-static-hook

+# WARNING: This file is automatically managed by ansible, any changes in it will be discarded on configuration reload
+set -x
+if [ $reason = "CARRIER" ] && [ $interface = "{{static_dev}}" ]; then
+    ip addr add {{static_ip}} dev {{static_dev}}
+fi
+# vim: ft=sh
+