AniNIX/Wiki#21 -- effecting renames for policy

roles/Chappaai/README.md

@@ -0,0 +1,18 @@
+A Chappaai host is a gateway to accessing other hosts. It is a safeguard against admin error.
+
+## Etymology
+Chappaai hosts are named to follow the non-English naming of the Stargate network by the other denizens of the galaxy.
+
+They are the first line of defense against administrative error -- similar to the way that [Stargate Command](https://stargate.fandom.com/wiki/Stargate_Command) was for Earth. They prevent admins from being locked out of correcting their changes and are connected to everything in the ecosystem. They also control DNS, which allows a sort of subliminal control of the entire ecosystem. This prevents infiltration by infections (similar to Goauld) and in fact can be the extinction of any DNS-enabled malware in the ecosystem by sinkholing the Command-and-Control.
+
+## Capacity and Components
+A Chappaai host needs minimal CPU or memory.
+
+## Hosted Services and Entities
+Chappaai should host a Pihole installation and [SSH](../Services/SSH.md). It should be linked by NAT to an obscure port to the outside world.
+
+## Connections
+Any host should be able to connect to a Chappaai with SSH and X11, and it should be able to dial to any service provider.
+
+## Additional Reference
+Chappaai hosts should be deployed alongside any Hypervisor. They can be as simple as a Pi-hole with SSH access, and they should be allowed to receive SSH connections from a non-tcp/22/ssh port.

roles/Chappaai/files/pihole-FTL.conf

@@ -0,0 +1,2 @@
+PRIVACYLEVEL=0
+RATE_LIMIT=1000/5

roles/Chappaai/tasks/main.yml

@@ -0,0 +1,80 @@
+---
+
+ - name: Clone pi-hole
+   become: yes
+   git:
+     accept_newhostkey: yes
+     dest: /opt/pi-hole
+     repo: https://github.com/pi-hole/pi-hole.git
+
+ - name: Install pi-hole if needed
+   become: yes
+   register: pihole_install
+   command:
+       creates: /usr/bin/pihole-FTL
+       cmd: false # bash basic-install.sh
+       chdir: '/opt/pi-hole/automated install'
+
+ - name: Ensure pihole web admin password
+   become: yes
+   command: "pihole -a -p {{ passwords['Chappaai'] }}"
+     # when: pihole_install.changed
+
+ - name: Generate DNS/DHCP from inventory
+   delegate_to: localhost
+   run_once: true
+   command: "python3 ../bin/generate-pihole-dns-dhcp.py {{ inventory_file }}"
+
+ - name: Chappaai DNS
+   become: yes
+   register: dns_updated
+   copy:
+     dest: /etc/pihole/custom.list
+     src: dns
+     owner: pihole
+     group: pihole
+     mode: 0644
+
+ - name: Chappaai DHCP
+   become: yes
+   register: dhcp_updated
+   copy:
+     src: dhcp
+     dest: /etc/dnsmasq.d/04-pihole-static-dhcp.conf
+     owner: root
+     group: root
+     mode: 0644
+
+ - name: Chappaai Configuration
+   become: yes
+   register: conf_updated
+   copy:
+     src: pihole-FTL.conf
+     dest: /etc/pihole/pihole-FTL.conf
+     owner: root
+     group: root
+     mode: 0644
+
+
+ - name: Chappaai DHCP Leases dir
+   become: yes
+   file:
+     path: /var/lib/misc/
+     state: directory
+     owner: root
+     group: root
+     mode: 0777
+
+ - name: Chappaai DHCP Leases
+   become: yes
+   file:
+     path: /var/lib/misc/dnsmasq.leases
+     state: touch
+     owner: pihole
+     group: pihole
+     mode: 0660
+
+ - name: Reload services
+   become: yes
+   command: pihole restartdns
+   when: dns_updated.changed or dhcp_updated.changed or conf_updated.changed