From a17e2c6fe9ab48b82fac0d9e231d748a01e9b4a6 Mon Sep 17 00:00:00 2001 From: DarkFeather Date: Tue, 23 Jul 2024 14:18:32 -0500 Subject: [PATCH] Updates for Raspberry Pi 12 Bookworm --- bin/deploy-role | 3 + bin/full-deploy | 3 + examples/msn0.yml | 14 ++-- .../{ircservices.service => anope.service} | 0 .../{irc.service => inspircd.service} | 0 .../{ircweb.service => kiwiirc.service} | 0 roles/IRC/tasks/daemon.yml | 8 +- roles/IRC/tasks/services.yml | 8 +- roles/IRC/tasks/web.yml | 8 +- roles/Password/files/nsswitch.conf | 19 +++++ roles/Password/files/pam.d/atd | 12 +++ roles/Password/files/pam.d/chfn | 6 ++ roles/Password/files/pam.d/chpasswd | 4 + roles/Password/files/pam.d/chsh | 6 ++ roles/Password/files/pam.d/crond | 11 +++ roles/Password/files/pam.d/cups | 3 + roles/Password/files/pam.d/groupmems | 4 + roles/Password/files/pam.d/login | 7 ++ roles/Password/files/pam.d/newusers | 4 + roles/Password/files/pam.d/nslcd.conf | 1 + roles/Password/files/pam.d/other | 9 +++ roles/Password/files/pam.d/passwd | 5 ++ roles/Password/files/pam.d/passwd.pacnew | 4 + roles/Password/files/pam.d/postgresql | 3 + roles/Password/files/pam.d/remote | 8 ++ roles/Password/files/pam.d/rlogin | 13 +++ roles/Password/files/pam.d/rsh | 11 +++ roles/Password/files/pam.d/runuser | 4 + roles/Password/files/pam.d/runuser-l | 4 + roles/Password/files/pam.d/screen | 1 + roles/Password/files/pam.d/sshd | 6 ++ roles/Password/files/pam.d/sssd-shadowutils | 6 ++ roles/Password/files/pam.d/su | 14 ++++ roles/Password/files/pam.d/su-l | 12 +++ roles/Password/files/pam.d/su-l.pacnew | 10 +++ roles/Password/files/pam.d/su.pacnew | 10 +++ roles/Password/files/pam.d/sudo | 4 + roles/Password/files/pam.d/system-auth | 20 +++++ roles/Password/files/pam.d/system-auth.pacnew | 27 +++++++ roles/Password/files/pam.d/system-local-login | 6 ++ roles/Password/files/pam.d/system-login | 19 +++++ .../Password/files/pam.d/system-login.pacnew | 20 +++++ .../Password/files/pam.d/system-remote-login | 6 ++ roles/Password/files/pam.d/system-services | 11 +++ roles/Password/files/pam.d/systemd-user | 5 ++ roles/Password/files/pam.d/vlock | 5 ++ roles/Password/package/ldap-adduser | 1 - roles/Password/package/ldap-resetpass | 7 +- roles/Password/templates/nscld.conf.j2 | 80 +++++++++++++++++++ roles/SSL/files/certbot.service | 4 +- roles/SSL/tasks/main.yml | 8 ++ roles/ShadowArch/files/motd/Geth5 | 6 ++ roles/ShadowArch/tasks/raspbian-network.yml | 2 +- roles/Sharingan/files/monit/checks/vips | 11 +-- roles/Sharingan/files/monit/hostdefs/Geth5 | 1 + roles/{Geth-Hub => Vergil}/README.md | 12 ++- .../{Geth-Hub => Vergil}/files/hardware.conf | 0 .../files/lirc_options.conf | 0 .../files/lircd.conf/Geth-Hub-1 | 0 .../files/lircd.conf/Geth-Hub-2 | 2 - .../files/lircd.conf/Geth-Hub-3 | 0 .../files/lircd.conf/LG-AKB73715608 | 0 .../files/lircd.conf/NS-RC4NA-14 | 0 .../files/motion.conf/Geth-Hub-1 | 0 .../files/motion.conf/Geth-Hub-2 | 0 .../files/motion.conf/Geth-Hub-3 | 0 roles/{Geth-Hub => Vergil}/tasks/main.yml | 28 +++++++ .../templates/lirc_rpi.conf.j2 | 0 .../{Geth-Hub => Vergil}/templates/modules.j2 | 1 - .../templates/motion.conf.j2 | 0 .../templates/snmpd.conf.j2 | 0 71 files changed, 488 insertions(+), 39 deletions(-) rename roles/IRC/files/services/{ircservices.service => anope.service} (100%) rename roles/IRC/files/services/{irc.service => inspircd.service} (100%) rename roles/IRC/files/services/{ircweb.service => kiwiirc.service} (100%) create mode 100644 roles/Password/files/nsswitch.conf create mode 100644 roles/Password/files/pam.d/atd create mode 100644 roles/Password/files/pam.d/chfn create mode 100644 roles/Password/files/pam.d/chpasswd create mode 100644 roles/Password/files/pam.d/chsh create mode 100644 roles/Password/files/pam.d/crond create mode 100644 roles/Password/files/pam.d/cups create mode 100644 roles/Password/files/pam.d/groupmems create mode 100644 roles/Password/files/pam.d/login create mode 100644 roles/Password/files/pam.d/newusers create mode 100644 roles/Password/files/pam.d/nslcd.conf create mode 100644 roles/Password/files/pam.d/other create mode 100644 roles/Password/files/pam.d/passwd create mode 100644 roles/Password/files/pam.d/passwd.pacnew create mode 100644 roles/Password/files/pam.d/postgresql create mode 100644 roles/Password/files/pam.d/remote create mode 100644 roles/Password/files/pam.d/rlogin create mode 100644 roles/Password/files/pam.d/rsh create mode 100644 roles/Password/files/pam.d/runuser create mode 100644 roles/Password/files/pam.d/runuser-l create mode 100644 roles/Password/files/pam.d/screen create mode 100644 roles/Password/files/pam.d/sshd create mode 100644 roles/Password/files/pam.d/sssd-shadowutils create mode 100644 roles/Password/files/pam.d/su create mode 100644 roles/Password/files/pam.d/su-l create mode 100644 roles/Password/files/pam.d/su-l.pacnew create mode 100644 roles/Password/files/pam.d/su.pacnew create mode 100644 roles/Password/files/pam.d/sudo create mode 100644 roles/Password/files/pam.d/system-auth create mode 100644 roles/Password/files/pam.d/system-auth.pacnew create mode 100644 roles/Password/files/pam.d/system-local-login create mode 100644 roles/Password/files/pam.d/system-login create mode 100644 roles/Password/files/pam.d/system-login.pacnew create mode 100644 roles/Password/files/pam.d/system-remote-login create mode 100644 roles/Password/files/pam.d/system-services create mode 100644 roles/Password/files/pam.d/systemd-user create mode 100644 roles/Password/files/pam.d/vlock create mode 100644 roles/Password/templates/nscld.conf.j2 create mode 100644 roles/ShadowArch/files/motd/Geth5 create mode 100644 roles/Sharingan/files/monit/hostdefs/Geth5 rename roles/{Geth-Hub => Vergil}/README.md (58%) rename roles/{Geth-Hub => Vergil}/files/hardware.conf (100%) rename roles/{Geth-Hub => Vergil}/files/lirc_options.conf (100%) rename roles/{Geth-Hub => Vergil}/files/lircd.conf/Geth-Hub-1 (100%) rename roles/{Geth-Hub => Vergil}/files/lircd.conf/Geth-Hub-2 (99%) rename roles/{Geth-Hub => Vergil}/files/lircd.conf/Geth-Hub-3 (100%) rename roles/{Geth-Hub => Vergil}/files/lircd.conf/LG-AKB73715608 (100%) rename roles/{Geth-Hub => Vergil}/files/lircd.conf/NS-RC4NA-14 (100%) rename roles/{Geth-Hub => Vergil}/files/motion.conf/Geth-Hub-1 (100%) rename roles/{Geth-Hub => Vergil}/files/motion.conf/Geth-Hub-2 (100%) rename roles/{Geth-Hub => Vergil}/files/motion.conf/Geth-Hub-3 (100%) rename roles/{Geth-Hub => Vergil}/tasks/main.yml (77%) rename roles/{Geth-Hub => Vergil}/templates/lirc_rpi.conf.j2 (100%) rename roles/{Geth-Hub => Vergil}/templates/modules.j2 (99%) rename roles/{Geth-Hub => Vergil}/templates/motion.conf.j2 (100%) rename roles/{Geth-Hub => Vergil}/templates/snmpd.conf.j2 (100%) diff --git a/bin/deploy-role b/bin/deploy-role index 9fa52e3..c162b80 100755 --- a/bin/deploy-role +++ b/bin/deploy-role @@ -1,5 +1,8 @@ #!/bin/bash +# Ensure we are in the source directory. +cd $(dirname $0)/.. + # Role is first argument role="$1" if [ -z "$role" ]; then diff --git a/bin/full-deploy b/bin/full-deploy index 2e51443..62d99d9 100755 --- a/bin/full-deploy +++ b/bin/full-deploy @@ -1,5 +1,8 @@ #!/bin/bash +# Ensure we are in the source directory. +cd $(dirname $0)/.. + # Arguments inventory="$1" if [ "$inventory" == "-h" ] || [ "$inventory" == "--help" ]; then diff --git a/examples/msn0.yml b/examples/msn0.yml index 3f1e90a..d4372b2 100644 --- a/examples/msn0.yml +++ b/examples/msn0.yml @@ -28,6 +28,8 @@ all: orgdn: "dc=aninix,dc=net" binduser: 'binduser' userou: 'ou=People' + groupou: 'ou=Group' + filter: '(&(objectClass=person)(!(pwdReset=TRUE)))' organization: # Information about the group admin: 'DarkFeather' email: 'ircs://irc.aninix.net:6697/DarkFeather' @@ -46,11 +48,6 @@ all: ip: 10.0.1.2 mac: B8:27:EB:B6:AA:0C static: true - Maker: - ipinterface: eth0 - ip: 10.0.1.14 - mac: B8:27:EB:B6:AA:0D - static: true children: Node: hosts: @@ -107,6 +104,11 @@ all: ip: 10.0.1.13 mac: E4:5F:01:01:FF:E4 static: true + Geth5: + ipinterface: eth0 + ip: 10.0.1.14 + mac: B8:27:EB:B6:AA:0D + static: true virtual: # 10.0.1.16/28 vars: hosts: @@ -165,7 +167,7 @@ all: - '-drive format=raw,index=0,media=disk,file=/dev/sdb' - '-drive format=raw,index=0,media=disk,file=/dev/sdc' - '-drive format=raw,index=0,media=disk,file=/dev/sdd' - geth_hubs: # 10.0.1.32/28 + Vergil: # 10.0.1.32/28 vars: motion_enabled: yes hosts: diff --git a/roles/IRC/files/services/ircservices.service b/roles/IRC/files/services/anope.service similarity index 100% rename from roles/IRC/files/services/ircservices.service rename to roles/IRC/files/services/anope.service diff --git a/roles/IRC/files/services/irc.service b/roles/IRC/files/services/inspircd.service similarity index 100% rename from roles/IRC/files/services/irc.service rename to roles/IRC/files/services/inspircd.service diff --git a/roles/IRC/files/services/ircweb.service b/roles/IRC/files/services/kiwiirc.service similarity index 100% rename from roles/IRC/files/services/ircweb.service rename to roles/IRC/files/services/kiwiirc.service diff --git a/roles/IRC/tasks/daemon.yml b/roles/IRC/tasks/daemon.yml index 9713204..48c0016 100644 --- a/roles/IRC/tasks/daemon.yml +++ b/roles/IRC/tasks/daemon.yml @@ -38,8 +38,8 @@ become: yes register: servicesfile copy: - src: services/irc.service - dest: /usr/lib/systemd/system/irc.service + src: services/inspircd.service + dest: /usr/lib/systemd/system/inspircd.service owner: root group: root mode: 0644 @@ -90,7 +90,7 @@ - name: Ensure service running become: yes service: - name: irc + name: inspircd state: started enabled: yes @@ -98,5 +98,5 @@ become: yes when: templatefiles.changed or servicesfile.changed service: - name: irc + name: inspircd state: reloaded diff --git a/roles/IRC/tasks/services.yml b/roles/IRC/tasks/services.yml index 83e40fb..c51772f 100644 --- a/roles/IRC/tasks/services.yml +++ b/roles/IRC/tasks/services.yml @@ -38,8 +38,8 @@ become: yes register: servicesfile copy: - src: services/ircservices.service - dest: /usr/lib/systemd/system/ircservices.service + src: services/anope.service + dest: /usr/lib/systemd/system/anope.service owner: root group: root mode: 0644 @@ -53,7 +53,7 @@ - name: Ensure service running become: yes service: - name: ircservices + name: anope state: started enabled: yes @@ -61,5 +61,5 @@ become: yes when: templatefiles.changed or servicesfile.changed service: - name: ircservices + name: anope state: reloaded diff --git a/roles/IRC/tasks/web.yml b/roles/IRC/tasks/web.yml index 1e4f43f..ef42451 100644 --- a/roles/IRC/tasks/web.yml +++ b/roles/IRC/tasks/web.yml @@ -31,8 +31,8 @@ become: yes register: servicesfile copy: - src: services/ircweb.service - dest: /usr/lib/systemd/system/ircweb.service + src: services/kiwiirc.service + dest: /usr/lib/systemd/system/kiwiirc.service owner: root group: root mode: 0644 @@ -46,7 +46,7 @@ - name: Ensure service running become: yes service: - name: ircweb + name: kiwiirc state: started enabled: yes @@ -54,5 +54,5 @@ become: yes when: config.changed or servicesfile.changed service: - name: ircweb + name: kiwiirc state: reloaded diff --git a/roles/Password/files/nsswitch.conf b/roles/Password/files/nsswitch.conf new file mode 100644 index 0000000..1020e00 --- /dev/null +++ b/roles/Password/files/nsswitch.conf @@ -0,0 +1,19 @@ +# Begin /etc/nsswitch.conf + +passwd: files ldap +group: files ldap +shadow: files ldap + +publickey: files + +hosts: files dns myhostname +networks: files + +protocols: files +services: files +ethers: files +rpc: files + +netgroup: files + +# End /etc/nsswitch.conf diff --git a/roles/Password/files/pam.d/atd b/roles/Password/files/pam.d/atd new file mode 100644 index 0000000..0da9757 --- /dev/null +++ b/roles/Password/files/pam.d/atd @@ -0,0 +1,12 @@ +#%PAM-1.0 + +auth required pam_unix.so +auth required pam_env.so + +account required pam_access.so +account required pam_unix.so +account required pam_time.so + +session required pam_loginuid.so +session required pam_limits.so +session required pam_unix.so diff --git a/roles/Password/files/pam.d/chfn b/roles/Password/files/pam.d/chfn new file mode 100644 index 0000000..066186e --- /dev/null +++ b/roles/Password/files/pam.d/chfn @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/roles/Password/files/pam.d/chpasswd b/roles/Password/files/pam.d/chpasswd new file mode 100644 index 0000000..8f49f5c --- /dev/null +++ b/roles/Password/files/pam.d/chpasswd @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/roles/Password/files/pam.d/chsh b/roles/Password/files/pam.d/chsh new file mode 100644 index 0000000..066186e --- /dev/null +++ b/roles/Password/files/pam.d/chsh @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/roles/Password/files/pam.d/crond b/roles/Password/files/pam.d/crond new file mode 100644 index 0000000..560529d --- /dev/null +++ b/roles/Password/files/pam.d/crond @@ -0,0 +1,11 @@ +# +# The PAM configuration file for the cron daemon +# +# +# Although no PAM authentication is called, auth modules +# are used for credential setting +auth include system-auth +account required pam_access.so +account include system-auth +session required pam_loginuid.so +session include system-auth diff --git a/roles/Password/files/pam.d/cups b/roles/Password/files/pam.d/cups new file mode 100644 index 0000000..53724d1 --- /dev/null +++ b/roles/Password/files/pam.d/cups @@ -0,0 +1,3 @@ +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so diff --git a/roles/Password/files/pam.d/groupmems b/roles/Password/files/pam.d/groupmems new file mode 100644 index 0000000..8f49f5c --- /dev/null +++ b/roles/Password/files/pam.d/groupmems @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/roles/Password/files/pam.d/login b/roles/Password/files/pam.d/login new file mode 100644 index 0000000..28f6fc5 --- /dev/null +++ b/roles/Password/files/pam.d/login @@ -0,0 +1,7 @@ +#%PAM-1.0 + +auth requisite pam_nologin.so +auth include system-local-login +account include system-local-login +session include system-local-login +password include system-local-login diff --git a/roles/Password/files/pam.d/newusers b/roles/Password/files/pam.d/newusers new file mode 100644 index 0000000..8f49f5c --- /dev/null +++ b/roles/Password/files/pam.d/newusers @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/roles/Password/files/pam.d/nslcd.conf b/roles/Password/files/pam.d/nslcd.conf new file mode 100644 index 0000000..1ce0280 --- /dev/null +++ b/roles/Password/files/pam.d/nslcd.conf @@ -0,0 +1 @@ +UiqiKXIU diff --git a/roles/Password/files/pam.d/other b/roles/Password/files/pam.d/other new file mode 100644 index 0000000..3f50bd1 --- /dev/null +++ b/roles/Password/files/pam.d/other @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth required pam_deny.so +auth required pam_warn.so +account required pam_deny.so +account required pam_warn.so +password required pam_deny.so +password required pam_warn.so +session required pam_deny.so +session required pam_warn.so diff --git a/roles/Password/files/pam.d/passwd b/roles/Password/files/pam.d/passwd new file mode 100644 index 0000000..1944edc --- /dev/null +++ b/roles/Password/files/pam.d/passwd @@ -0,0 +1,5 @@ +#%PAM-1.0 +#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 +#password required pam_unix.so sha512 shadow use_authtok +password sufficient pam_ldap.so +password required pam_unix.so sha512 shadow nullok diff --git a/roles/Password/files/pam.d/passwd.pacnew b/roles/Password/files/pam.d/passwd.pacnew new file mode 100644 index 0000000..731c0d3 --- /dev/null +++ b/roles/Password/files/pam.d/passwd.pacnew @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include system-auth +account include system-auth +password include system-auth diff --git a/roles/Password/files/pam.d/postgresql b/roles/Password/files/pam.d/postgresql new file mode 100644 index 0000000..53724d1 --- /dev/null +++ b/roles/Password/files/pam.d/postgresql @@ -0,0 +1,3 @@ +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so diff --git a/roles/Password/files/pam.d/remote b/roles/Password/files/pam.d/remote new file mode 100644 index 0000000..7fce079 --- /dev/null +++ b/roles/Password/files/pam.d/remote @@ -0,0 +1,8 @@ +#%PAM-1.0 + +auth required pam_securetty.so +auth requisite pam_nologin.so +auth include system-remote-login +account include system-remote-login +session include system-remote-login +password include system-remote-login diff --git a/roles/Password/files/pam.d/rlogin b/roles/Password/files/pam.d/rlogin new file mode 100644 index 0000000..d92a5da --- /dev/null +++ b/roles/Password/files/pam.d/rlogin @@ -0,0 +1,13 @@ +#%PAM-1.0 +# For root login to succeed here with pam_securetty, "rlogin" must be +# listed in /etc/securetty. +auth required pam_nologin.so +auth required pam_securetty.so +auth required pam_env.so +auth sufficient pam_rhosts.so +auth include system-auth +account include system-auth +password include system-auth +session optional pam_keyinit.so force revoke +session required pam_loginuid.so +session include system-auth diff --git a/roles/Password/files/pam.d/rsh b/roles/Password/files/pam.d/rsh new file mode 100644 index 0000000..3c04bc7 --- /dev/null +++ b/roles/Password/files/pam.d/rsh @@ -0,0 +1,11 @@ +#%PAM-1.0 +# For root login to succeed here with pam_securetty, "rsh" must be +# listed in /etc/securetty. +auth required pam_nologin.so +auth required pam_securetty.so +auth required pam_env.so +auth required pam_rhosts.so +account include system-auth +session optional pam_keyinit.so force revoke +session required pam_loginuid.so +session include system-auth diff --git a/roles/Password/files/pam.d/runuser b/roles/Password/files/pam.d/runuser new file mode 100644 index 0000000..26b59d5 --- /dev/null +++ b/roles/Password/files/pam.d/runuser @@ -0,0 +1,4 @@ +#%PAM-1.0 + +auth sufficient pam_rootok.so +session include system-login diff --git a/roles/Password/files/pam.d/runuser-l b/roles/Password/files/pam.d/runuser-l new file mode 100644 index 0000000..26b59d5 --- /dev/null +++ b/roles/Password/files/pam.d/runuser-l @@ -0,0 +1,4 @@ +#%PAM-1.0 + +auth sufficient pam_rootok.so +session include system-login diff --git a/roles/Password/files/pam.d/screen b/roles/Password/files/pam.d/screen new file mode 100644 index 0000000..07c42ad --- /dev/null +++ b/roles/Password/files/pam.d/screen @@ -0,0 +1 @@ +auth required pam_unix.so diff --git a/roles/Password/files/pam.d/sshd b/roles/Password/files/pam.d/sshd new file mode 100644 index 0000000..4efc1ee --- /dev/null +++ b/roles/Password/files/pam.d/sshd @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/roles/Password/files/pam.d/sssd-shadowutils b/roles/Password/files/pam.d/sssd-shadowutils new file mode 100644 index 0000000..626c7d0 --- /dev/null +++ b/roles/Password/files/pam.d/sssd-shadowutils @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass +auth required pam_deny.so + +account required pam_unix.so +account required pam_permit.so diff --git a/roles/Password/files/pam.d/su b/roles/Password/files/pam.d/su new file mode 100644 index 0000000..21c7e9c --- /dev/null +++ b/roles/Password/files/pam.d/su @@ -0,0 +1,14 @@ +#%PAM-1.0 +auth sufficient pam_ldap.so +auth sufficient pam_rootok.so +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +auth required pam_unix.so use_first_pass + +account sufficient pam_ldap.so +account required pam_unix.so + +session sufficient pam_ldap.so +session required pam_unix.so diff --git a/roles/Password/files/pam.d/su-l b/roles/Password/files/pam.d/su-l new file mode 100644 index 0000000..a8db28e --- /dev/null +++ b/roles/Password/files/pam.d/su-l @@ -0,0 +1,12 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +auth sufficient pam_ldap.so +auth required pam_unix.so use_first_pass +account sufficient pam_ldap.so +account required pam_unix.so +session sufficient pam_ldap.so +session required pam_unix.so diff --git a/roles/Password/files/pam.d/su-l.pacnew b/roles/Password/files/pam.d/su-l.pacnew new file mode 100644 index 0000000..cb5aa84 --- /dev/null +++ b/roles/Password/files/pam.d/su-l.pacnew @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password include system-auth diff --git a/roles/Password/files/pam.d/su.pacnew b/roles/Password/files/pam.d/su.pacnew new file mode 100644 index 0000000..cb5aa84 --- /dev/null +++ b/roles/Password/files/pam.d/su.pacnew @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password include system-auth diff --git a/roles/Password/files/pam.d/sudo b/roles/Password/files/pam.d/sudo new file mode 100644 index 0000000..ab053c5 --- /dev/null +++ b/roles/Password/files/pam.d/sudo @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include system-auth +account include system-auth +session include system-auth diff --git a/roles/Password/files/pam.d/system-auth b/roles/Password/files/pam.d/system-auth new file mode 100644 index 0000000..5966ce6 --- /dev/null +++ b/roles/Password/files/pam.d/system-auth @@ -0,0 +1,20 @@ +#%PAM-1.0 + +auth sufficient pam_ldap.so +auth required pam_unix.so try_first_pass nullok +auth optional pam_permit.so +auth required pam_env.so + +account sufficient pam_ldap.so +account required pam_unix.so +account optional pam_permit.so +account required pam_time.so + +password sufficient pam_ldap.so +password required pam_unix.so try_first_pass nullok sha512 shadow +password optional pam_permit.so + +session required pam_limits.so +session required pam_unix.so +session optional pam_ldap.so +session optional pam_permit.so diff --git a/roles/Password/files/pam.d/system-auth.pacnew b/roles/Password/files/pam.d/system-auth.pacnew new file mode 100644 index 0000000..5785ce8 --- /dev/null +++ b/roles/Password/files/pam.d/system-auth.pacnew @@ -0,0 +1,27 @@ +#%PAM-1.0 + +auth required pam_faillock.so preauth +# Optionally use requisite above if you do not want to prompt for the password +# on locked accounts. +-auth [success=2 default=ignore] pam_systemd_home.so +auth [success=1 default=bad] pam_unix.so try_first_pass nullok +auth [default=die] pam_faillock.so authfail +auth optional pam_permit.so +auth required pam_env.so +auth required pam_faillock.so authsucc +# If you drop the above call to pam_faillock.so the lock will be done also +# on non-consecutive authentication failures. + +-account [success=1 default=ignore] pam_systemd_home.so +account required pam_unix.so +account optional pam_permit.so +account required pam_time.so + +-password [success=1 default=ignore] pam_systemd_home.so +password required pam_unix.so try_first_pass nullok shadow +password optional pam_permit.so + +-session optional pam_systemd_home.so +session required pam_limits.so +session required pam_unix.so +session optional pam_permit.so diff --git a/roles/Password/files/pam.d/system-local-login b/roles/Password/files/pam.d/system-local-login new file mode 100644 index 0000000..347b815 --- /dev/null +++ b/roles/Password/files/pam.d/system-local-login @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include system-login +account include system-login +password include system-login +session include system-login diff --git a/roles/Password/files/pam.d/system-login b/roles/Password/files/pam.d/system-login new file mode 100644 index 0000000..7a2334c --- /dev/null +++ b/roles/Password/files/pam.d/system-login @@ -0,0 +1,19 @@ +#%PAM-1.0 + +auth required pam_shells.so +auth requisite pam_nologin.so +auth include system-auth + +account required pam_access.so +account required pam_nologin.so +account include system-auth + +password include system-auth + +session optional pam_loginuid.so +session include system-auth +session optional pam_motd.so motd=/etc/motd +session optional pam_mail.so dir=/var/spool/mail standard quiet +-session optional pam_systemd.so +session required pam_env.so +#session required pam_mkhomedir.so skel=/etc/skel umask=0027 diff --git a/roles/Password/files/pam.d/system-login.pacnew b/roles/Password/files/pam.d/system-login.pacnew new file mode 100644 index 0000000..e48136d --- /dev/null +++ b/roles/Password/files/pam.d/system-login.pacnew @@ -0,0 +1,20 @@ +#%PAM-1.0 + +auth required pam_shells.so +auth requisite pam_nologin.so +auth include system-auth + +account required pam_access.so +account required pam_nologin.so +account include system-auth + +password include system-auth + +session optional pam_loginuid.so +session optional pam_keyinit.so force revoke +session include system-auth +session optional pam_motd.so +session optional pam_mail.so dir=/var/spool/mail standard quiet +session optional pam_umask.so +-session optional pam_systemd.so +session required pam_env.so diff --git a/roles/Password/files/pam.d/system-remote-login b/roles/Password/files/pam.d/system-remote-login new file mode 100644 index 0000000..347b815 --- /dev/null +++ b/roles/Password/files/pam.d/system-remote-login @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include system-login +account include system-login +password include system-login +session include system-login diff --git a/roles/Password/files/pam.d/system-services b/roles/Password/files/pam.d/system-services new file mode 100644 index 0000000..6ed9bdc --- /dev/null +++ b/roles/Password/files/pam.d/system-services @@ -0,0 +1,11 @@ +#%PAM-1.0 + +auth sufficient pam_permit.so + +account include system-auth + +session optional pam_loginuid.so +session required pam_limits.so +session required pam_unix.so +session optional pam_permit.so +session required pam_env.so diff --git a/roles/Password/files/pam.d/systemd-user b/roles/Password/files/pam.d/systemd-user new file mode 100644 index 0000000..83f7626 --- /dev/null +++ b/roles/Password/files/pam.d/systemd-user @@ -0,0 +1,5 @@ +# Used by systemd --user instances. + +account include system-login +session required pam_loginuid.so +session include system-login diff --git a/roles/Password/files/pam.d/vlock b/roles/Password/files/pam.d/vlock new file mode 100644 index 0000000..dbda833 --- /dev/null +++ b/roles/Password/files/pam.d/vlock @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required pam_unix.so +account required pam_unix.so +password required pam_unix.so +session required pam_unix.so diff --git a/roles/Password/package/ldap-adduser b/roles/Password/package/ldap-adduser index 9847b4f..3de9b4d 100755 --- a/roles/Password/package/ldap-adduser +++ b/roles/Password/package/ldap-adduser @@ -52,7 +52,6 @@ if [ "$?" -eq 0 ]; then line="$(grep -E '^uidNumber: ' "$file")"; sed -i "s/$line/uidNumber: $newuserid/" "$file" ldapadd -D 'cn=root,dc=aninix,dc=net' -W -f "$file" ldap-resetpass "$username" - # Create default home cp -r /etc/skel "/home/$username"; chmod 0027 "/home/$username"; chown -R "$username": "/home/$username" fi rmdir "$lockfile" diff --git a/roles/Password/package/ldap-resetpass b/roles/Password/package/ldap-resetpass index 9a4ca49..d811abf 100755 --- a/roles/Password/package/ldap-resetpass +++ b/roles/Password/package/ldap-resetpass @@ -7,11 +7,8 @@ if [ -z "$uid" ]; then exit 1 fi -ldappasswd -D 'cn=root,dc=aninix,dc=net' -W "uid=$uid,ou=People,dc=aninix,dc=net" +ldappasswd -D 'cn=root,dc=aninix,dc=net' -W -H ldap://127.0.0.1 "uid=$uid,ou=People,dc=aninix,dc=net" -if [ `ldapsearch -x "(uid=$uid)" + \* | grep -c shadowLastChange\:` -ne 0 ]; then - (printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\ndelete: shadowLastChange\n\n") | ldapmodify -D 'cn=root,dc=aninix,dc=net' -W &>/dev/null; -fi -(printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: shadowLastChange\nshadowLastChange: 0\n\ndn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: pwdReset\npwdReset: TRUE\n\n") | ldapmodify -D 'cn=root,dc=aninix,dc=net' -W &>/dev/null; +#ldapmodify -D 'cn=root,dc=aninix,dc=net' -W -H ldap://127.0.0.1 -f <(printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: pwdReset\npwdReset: TRUE\n\n") exit $? diff --git a/roles/Password/templates/nscld.conf.j2 b/roles/Password/templates/nscld.conf.j2 new file mode 100644 index 0000000..88dcbef --- /dev/null +++ b/roles/Password/templates/nscld.conf.j2 @@ -0,0 +1,80 @@ +# This is the configuration file for the LDAP nameservice +# switch library's nslcd daemon. It configures the mapping +# between NSS names (see /etc/nsswitch.conf) and LDAP +# information in the directory. +# See the manual page nslcd.conf(5) for more information. + +# The user and group nslcd should run as. +uid nslcd +gid nslcd + +# The uri pointing to the LDAP server to use for name lookups. +# Multiple entries may be specified. The address that is used +# here should be resolvable without using LDAP (obviously). +#uri ldap://127.0.0.1/ +#uri ldaps://127.0.0.1/ +#uri ldapi://%2fvar%2frun%2fldapi_sock/ +# Note: %2f encodes the '/' used as directory separator +uri ldap://{{ ldap['server'] }}/ + +# The LDAP version to use (defaults to 3 +# if supported by client library) +#ldap_version 3 + +# The distinguished name of the search base. +base {{ ldap['orgdn'] }} + +# The distinguished name to bind to the server with. +# Optional: default is to bind anonymously. +binddn {{ ldap['binduser'] }},{{ ldap['userou'] }},{{ ldap['orgdn'] }} + +# The credentials to bind with. +# Optional: default is no credentials. +# Note that if you set a bindpw you should check the permissions of this file. +bindpw {{ secrets['Sora']['bindpassword'] }} + +# The distinguished name to perform password modifications by root by. +rootpwmoddn cn=root,{{ ldap['orgdn'] }} + +# The default search scope. +scope sub +#filter (&(!(pwdReset=TRUE))(objectClass=person)) +#scope one +#scope base + +# Customize certain database lookups. +base group {{ ldap['groupou'] }},{{ ldap['orgdn'] }} +base passwd {{ ldap['userou'] }},{{ ldap['orgdn'] }} +base shadow {{ ldap['userou'] }},{{ ldap['orgdn'] }} +#scope group onelevel +scope hosts sub + +# Bind/connect timelimit. +#bind_timelimit 30 + +# Search timelimit. +#timelimit 30 + +# Idle timelimit. nslcd will close connections if the +# server has not been contacted for the number of seconds. +#idle_timelimit 3600 + +# Use StartTLS without verifying the server certificate. +#ssl start_tls +#tls_reqcert never + +# CA certificates for server certificate verification +#tls_cacertdir /etc/ssl/certs +#tls_cacertfile /etc/ssl/ca.cert + +# Seed the PRNG if /dev/urandom is not provided +#tls_randfile /var/run/egd-pool + +# SSL cipher suite +# See man ciphers for syntax +#tls_ciphers TLSv1 + +# Client certificate and key +# Use these, if your server requires client authentication. +#tls_cert +#tls_key diff --git a/roles/SSL/files/certbot.service b/roles/SSL/files/certbot.service index 657a4cd..f3a6f89 100755 --- a/roles/SSL/files/certbot.service +++ b/roles/SSL/files/certbot.service @@ -3,8 +3,8 @@ Description=Certbot [Service] ExecStart=certbot renew -w /var/lib/letsencrypt/ --preferred-chain "ISRG Root X1" -ExecStartPost=-/usr/bin/systemctl reload webserver -ExecStartPost=-/usr/bin/systemctl reload irc +ExecStartPost=-/usr/bin/systemctl reload nginx +ExecStartPost=-/usr/bin/systemctl reload inspircd KillMode=process Type=oneshot RemainAfterExit=no diff --git a/roles/SSL/tasks/main.yml b/roles/SSL/tasks/main.yml index 8bfb3b1..3a5fd5f 100644 --- a/roles/SSL/tasks/main.yml +++ b/roles/SSL/tasks/main.yml @@ -7,6 +7,14 @@ - certbot - openssl + - name: LetsEncrypt directory + become: yes + file: + path: /etc/letsencrypt + owner: root + group: ssl + mode: 0750 + - name: Services become: yes register: services diff --git a/roles/ShadowArch/files/motd/Geth5 b/roles/ShadowArch/files/motd/Geth5 new file mode 100644 index 0000000..d1ffe7a --- /dev/null +++ b/roles/ShadowArch/files/motd/Geth5 @@ -0,0 +1,6 @@ +################################################################################ +# AniNIX/Node0 # +# # +# This is the network virtualization platform. VMs can be found with this: # +# cd /usr/lib/systemd/system; ls -1 *vm.service | xargs -n 1 systemctl status # +################################################################################ diff --git a/roles/ShadowArch/tasks/raspbian-network.yml b/roles/ShadowArch/tasks/raspbian-network.yml index a80adfe..f5064e8 100644 --- a/roles/ShadowArch/tasks/raspbian-network.yml +++ b/roles/ShadowArch/tasks/raspbian-network.yml @@ -30,7 +30,7 @@ - name: Raspbian wireless become: yes command: - cmd: /bin/bash -c "wpa_passphrase {{ wireless_ssid }} '{{ passwords['Shadowfeed'] }}' > /etc/wpa_supplicant.conf" + cmd: /bin/bash -c "wpa_passphrase {{ wireless_ssid }} '{{ secrets['Shadownet']['ssid_passphrase'] }}' > /etc/wpa_supplicant.conf" creates: '/etc/wpa_supplicant.conf' - name: Raspbian wireless hardening diff --git a/roles/Sharingan/files/monit/checks/vips b/roles/Sharingan/files/monit/checks/vips index c2a0a67..7d00142 100644 --- a/roles/Sharingan/files/monit/checks/vips +++ b/roles/Sharingan/files/monit/checks/vips @@ -4,8 +4,8 @@ check program https_aninix with path "/usr/lib/monitoring-plugins/check_http --s check program https_foundation with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H foundation.aninix.net" if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical foundation.aninix.net not reporting OK" -check program https_geth with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H geth.aninix.net" - if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical geth.aninix.net not reporting OK" +check program https_superintendent with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H superintendent.aninix.net" + if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical superintendent.aninix.net not reporting OK" check program https_lykos with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H lykos.aninix.net" if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical lykos.aninix.net not reporting OK" @@ -22,9 +22,6 @@ check program https_sharingan with path "/usr/lib/monitoring-plugins/check_http check program https_singularity with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H singularity.aninix.net" if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical singularity.aninix.net not reporting OK" -check program https_wolfpack with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H wolfpack.aninix.net" - if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical wolfpack.aninix.net not reporting OK" - check program https_yggdrasil with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -u /web/index.html -H yggdrasil.aninix.net" every "* 6-23 * * *" if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical yggdrasil.aninix.net not reporting OK" @@ -32,5 +29,5 @@ check program https_yggdrasil with path "/usr/lib/monitoring-plugins/check_http check program http_eyes with path "/usr/lib/monitoring-plugins/check_http -w 10 -c 10 -u / -H geth-eyes.msn0.aninix.net" if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical geth-eyes HTTP not reporting OK" -check program http_shadowfeed with path "/usr/lib/monitoring-plugins/check_http -w 10 -c 10 -u / -H shadowfeed.msn0.aninix.net" - if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical shadowfeed HTTP not reporting OK" +check program http_shadownet with path "/usr/lib/monitoring-plugins/check_http -w 10 -c 10 -u / -H shadownet.msn0.aninix.net" + if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical shadownet HTTP not reporting OK" diff --git a/roles/Sharingan/files/monit/hostdefs/Geth5 b/roles/Sharingan/files/monit/hostdefs/Geth5 new file mode 100644 index 0000000..4229188 --- /dev/null +++ b/roles/Sharingan/files/monit/hostdefs/Geth5 @@ -0,0 +1 @@ +include "/etc/monit.d/checks/system" diff --git a/roles/Geth-Hub/README.md b/roles/Vergil/README.md similarity index 58% rename from roles/Geth-Hub/README.md rename to roles/Vergil/README.md index 28a9955..0ea43e3 100644 --- a/roles/Geth-Hub/README.md +++ b/roles/Vergil/README.md @@ -9,6 +9,14 @@ For the IR control we use an [IR shield](https://www.amazon.com/s?k=Raspberry+pi We also set up an SNMPv3 daemon service on the hubs, to work with their IR control. This snmpd requires the Geth OVA to add snmpget using `apk update && apk add net-snmp-tools` from the `Terminal & SSH` add-on. Covers can then be added from the [command-line integration](https://www.home-assistant.io/integrations/command_line/). They'll look something like this: ``` - + - cover: + command_open: bash /config/snmp.sh 10.0.1.32 .1.3.6.1.4.1.8072.1.3.2.4.1.2.5.112.111.119.101.114.1 # NET-SNMP-EXTEND-MIB::nsExtendOutLine."power".1 + command_close: bash /config/snmp.sh 10.0.1.32 .1.3.6.1.4.1.8072.1.3.2.4.1.2.6.99.111.110.102.105.103.1 # NET-SNMP-EXTEND-MIB::nsExtendOutLine."config".1 + command_stop: bash /config/snmp.sh 10.0.1.32 .1.3.6.1.4.1.8072.1.3.2.4.1.2.5.101.110.116.101.114.1 # NET-SNMP-EXTEND-MIB::nsExtendOutLine."enter".1 + name: livingroom_power + - cover: + command_open: bash /config/snmp.sh 10.0.1.32 .1.3.6.1.4.1.8072.1.3.2.4.1.2.8.118.111.108.117.109.101.117.112.1 # NET-SNMP-EXTEND-MIB::nsExtendOutLine."volumeup".1 + command_close: bash /config/snmp.sh 10.0.1.32 .1.3.6.1.4.1.8072.1.3.2.4.1.2.10.118.111.108.117.109.101.100.111.119.110.1 # NET-SNMP-EXTEND-MIB::nsExtendOutLine."volumedown".1 + command_stop: bash /config/snmp.sh 10.0.1.32 .1.3.6.1.4.1.8072.1.3.2.4.1.2.4.109.117.116.101.1 # NET-SNMP-EXTEND-MIB::nsExtendOutLine."mute".1 + name: livingroom_volume ``` - diff --git a/roles/Geth-Hub/files/hardware.conf b/roles/Vergil/files/hardware.conf similarity index 100% rename from roles/Geth-Hub/files/hardware.conf rename to roles/Vergil/files/hardware.conf diff --git a/roles/Geth-Hub/files/lirc_options.conf b/roles/Vergil/files/lirc_options.conf similarity index 100% rename from roles/Geth-Hub/files/lirc_options.conf rename to roles/Vergil/files/lirc_options.conf diff --git a/roles/Geth-Hub/files/lircd.conf/Geth-Hub-1 b/roles/Vergil/files/lircd.conf/Geth-Hub-1 similarity index 100% rename from roles/Geth-Hub/files/lircd.conf/Geth-Hub-1 rename to roles/Vergil/files/lircd.conf/Geth-Hub-1 diff --git a/roles/Geth-Hub/files/lircd.conf/Geth-Hub-2 b/roles/Vergil/files/lircd.conf/Geth-Hub-2 similarity index 99% rename from roles/Geth-Hub/files/lircd.conf/Geth-Hub-2 rename to roles/Vergil/files/lircd.conf/Geth-Hub-2 index 3f05b04..491dc8b 100644 --- a/roles/Geth-Hub/files/lircd.conf/Geth-Hub-2 +++ b/roles/Vergil/files/lircd.conf/Geth-Hub-2 @@ -153,5 +153,3 @@ begin remote end codes end remote - - diff --git a/roles/Geth-Hub/files/lircd.conf/Geth-Hub-3 b/roles/Vergil/files/lircd.conf/Geth-Hub-3 similarity index 100% rename from roles/Geth-Hub/files/lircd.conf/Geth-Hub-3 rename to roles/Vergil/files/lircd.conf/Geth-Hub-3 diff --git a/roles/Geth-Hub/files/lircd.conf/LG-AKB73715608 b/roles/Vergil/files/lircd.conf/LG-AKB73715608 similarity index 100% rename from roles/Geth-Hub/files/lircd.conf/LG-AKB73715608 rename to roles/Vergil/files/lircd.conf/LG-AKB73715608 diff --git a/roles/Geth-Hub/files/lircd.conf/NS-RC4NA-14 b/roles/Vergil/files/lircd.conf/NS-RC4NA-14 similarity index 100% rename from roles/Geth-Hub/files/lircd.conf/NS-RC4NA-14 rename to roles/Vergil/files/lircd.conf/NS-RC4NA-14 diff --git a/roles/Geth-Hub/files/motion.conf/Geth-Hub-1 b/roles/Vergil/files/motion.conf/Geth-Hub-1 similarity index 100% rename from roles/Geth-Hub/files/motion.conf/Geth-Hub-1 rename to roles/Vergil/files/motion.conf/Geth-Hub-1 diff --git a/roles/Geth-Hub/files/motion.conf/Geth-Hub-2 b/roles/Vergil/files/motion.conf/Geth-Hub-2 similarity index 100% rename from roles/Geth-Hub/files/motion.conf/Geth-Hub-2 rename to roles/Vergil/files/motion.conf/Geth-Hub-2 diff --git a/roles/Geth-Hub/files/motion.conf/Geth-Hub-3 b/roles/Vergil/files/motion.conf/Geth-Hub-3 similarity index 100% rename from roles/Geth-Hub/files/motion.conf/Geth-Hub-3 rename to roles/Vergil/files/motion.conf/Geth-Hub-3 diff --git a/roles/Geth-Hub/tasks/main.yml b/roles/Vergil/tasks/main.yml similarity index 77% rename from roles/Geth-Hub/tasks/main.yml rename to roles/Vergil/tasks/main.yml index 6f621e4..c6cecd6 100644 --- a/roles/Geth-Hub/tasks/main.yml +++ b/roles/Vergil/tasks/main.yml @@ -58,6 +58,7 @@ - name: Set the dtoverlay become: yes register: dtoverlay + when: ansible_distribution_major_version == 11 blockinfile: path: "/boot/config.txt" insertafter: EOF @@ -70,15 +71,40 @@ - name: Unset camera autodetect become: yes register: camera_autodetect + when: ansible_distribution_major_version == 11 lineinfile: path: "/boot/config.txt" regexp: "camera_auto_detect" line: "# camera_auto_detect=1" +# Thanks to https://wiki.geekworm.com/Raspberry_Pi_IR_Control_Expansion_Board for instructions setting up lirc + - name: Set the dtoverlay + become: yes + register: dtoverlay + when: ansible_distribution_major_version == 12 + blockinfile: + path: "/boot/firmware/config.txt" + insertafter: EOF + marker: "# {mark} Ubiqtorate Managed Block" + block: | + dtoverlay=gpio-ir,gpio_pin={{ gpio_in_pin | default('18') }} + dtoverlay=gpio-ir-tx,gpio_pin={{ gpio_out_pin | default('17') }} + start_x=1 + + - name: Unset camera autodetect + become: yes + register: camera_autodetect + when: ansible_distribution_major_version == 12 + lineinfile: + path: "/boot/firmware/config.txt" + regexp: "camera_auto_detect" + line: "# camera_auto_detect=1" + - name: Set the dtparam become: yes register: dtparam lineinfile: + path: "/boot/firmware/config.txt" path: "/boot/config.txt" regexp: "^dtparam=" line: "dtparam=gpio_in_pull={{ gpio_in_pull | default('down') }}" @@ -113,6 +139,8 @@ copy: src: "{{ item }}" dest: "/etc/lirc/{{ item }}" + force: no + # TODO: -- need a switch on the version of the RPi image loop: - hardware.conf - lirc_options.conf diff --git a/roles/Geth-Hub/templates/lirc_rpi.conf.j2 b/roles/Vergil/templates/lirc_rpi.conf.j2 similarity index 100% rename from roles/Geth-Hub/templates/lirc_rpi.conf.j2 rename to roles/Vergil/templates/lirc_rpi.conf.j2 diff --git a/roles/Geth-Hub/templates/modules.j2 b/roles/Vergil/templates/modules.j2 similarity index 99% rename from roles/Geth-Hub/templates/modules.j2 rename to roles/Vergil/templates/modules.j2 index 074952d..51fc515 100644 --- a/roles/Geth-Hub/templates/modules.j2 +++ b/roles/Vergil/templates/modules.j2 @@ -7,4 +7,3 @@ # lirc_rpi gpio_in_pin={{ gpio_in_pin | default('18') }} gpio_out_pin={{ gpio_out_pin | default('17') }} bcm2835-v4l2 r8188eu - diff --git a/roles/Geth-Hub/templates/motion.conf.j2 b/roles/Vergil/templates/motion.conf.j2 similarity index 100% rename from roles/Geth-Hub/templates/motion.conf.j2 rename to roles/Vergil/templates/motion.conf.j2 diff --git a/roles/Geth-Hub/templates/snmpd.conf.j2 b/roles/Vergil/templates/snmpd.conf.j2 similarity index 100% rename from roles/Geth-Hub/templates/snmpd.conf.j2 rename to roles/Vergil/templates/snmpd.conf.j2