From b20e9cccffa3ecae5b08c63ee9feac05c2add8b1 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Fri, 26 Jul 2024 10:13:59 +0200
Subject: [PATCH 1/2] Add dnsmasq role

---
 inventory.yml                              |  1 +
 roles/dnsmasq/handlers/main.yml            |  5 +++++
 roles/dnsmasq/tasks/main.yml               | 16 ++++++++++++++++
 roles/dnsmasq/templates/00-options.conf.j2 | 11 +++++++++++
 roles/dnsmasq/templates/10-ranges.conf.j2  | 18 ++++++++++++++++++
 setup.yml                                  |  5 +++++
 6 files changed, 56 insertions(+)
 create mode 100644 roles/dnsmasq/handlers/main.yml
 create mode 100644 roles/dnsmasq/tasks/main.yml
 create mode 100644 roles/dnsmasq/templates/00-options.conf.j2
 create mode 100644 roles/dnsmasq/templates/10-ranges.conf.j2

diff --git a/inventory.yml b/inventory.yml
index 326d7e4..337b1c2 100644
--- a/inventory.yml
+++ b/inventory.yml
@@ -14,5 +14,6 @@ query_filters:
   - role: 'firewall'
   - role: 'server'
   - role: 'storage-node'
+  - role: 'desktop-computer'
 group_by:
   - cluster
diff --git a/roles/dnsmasq/handlers/main.yml b/roles/dnsmasq/handlers/main.yml
new file mode 100644
index 0000000..b2ea069
--- /dev/null
+++ b/roles/dnsmasq/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: restart dnsmasq
+  service:
+    name: dnsmasq
+    state: restarted
+  when: "'handler' not in ansible_skip_tags"
diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
new file mode 100644
index 0000000..fb7b0a3
--- /dev/null
+++ b/roles/dnsmasq/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: Install packages
+  package:
+    name:
+    - dnsmasq
+
+- name: Configure dnsmasq
+  template:
+    dest: '/etc/dnsmasq.d/{{ item }}'
+    src: '{{ item }}.j2'
+  loop:
+  - 00-options.conf
+  - 10-ranges.conf
+  notify: restart dnsmasq
+
+# TODO DNS update
+# TODO netboot config
diff --git a/roles/dnsmasq/templates/00-options.conf.j2 b/roles/dnsmasq/templates/00-options.conf.j2
new file mode 100644
index 0000000..0f5bd43
--- /dev/null
+++ b/roles/dnsmasq/templates/00-options.conf.j2
@@ -0,0 +1,11 @@
+# disable DNS server
+port = 0
+
+bind-interfaces
+interface = {{ interfaces | map(attribute='name') | join(',') }}
+
+dhcp-authoritative
+dhcp-proxy
+
+dhcp-option = option:dns-server,{{ dns | join(',') }}
+dhcp-option = option:ntp-server,{{ ntp | join(',') }}
diff --git a/roles/dnsmasq/templates/10-ranges.conf.j2 b/roles/dnsmasq/templates/10-ranges.conf.j2
new file mode 100644
index 0000000..4eed62c
--- /dev/null
+++ b/roles/dnsmasq/templates/10-ranges.conf.j2
@@ -0,0 +1,18 @@
+{% for prefix in prefixes | selectattr('custom_fields.dhcp_server') %}
+{% if prefix.custom_fields.dhcp_server.address | ipaddr('address') == primary_ip4 %}
+# {{ prefix.vlan.name }}
+dhcp-range = set:{{ prefix.vlan.name }},{{ prefix.prefix | ipmath(100) }},{{ prefix.prefix | ipmath(200) }},{{ prefix.prefix | ipaddr('netmask') }}
+{% if prefix.custom_fields.gateway %}
+dhcp-option = tag:{{ prefix.vlan.name }},option:router,{{ prefix.custom_fields.gateway.address | ipaddr('address') }}
+{% endif -%}
+
+{% for host in hostvars.values() | selectattr('primary_ip4') | selectattr('primary_ip4', 'ansible.utils.in_network', prefix.prefix) %}
+{% for interface in host.interfaces | selectattr('mac_address') %}
+{% for address in interface.ip_addresses | selectattr('status.value', '==', 'dhcp') %}
+dhcp-host = {{ interface.mac_address | lower }},{{ address.address | ipaddr('address') }},{{ interface.device.name | lower }}
+{% endfor %}
+{% endfor %}
+{% endfor %}
+
+{% endif %}
+{% endfor %}
diff --git a/setup.yml b/setup.yml
index b4c17ad..5b0516f 100644
--- a/setup.yml
+++ b/setup.yml
@@ -3,6 +3,11 @@
   roles:
     - facts
 
+- hosts: dhcp
+  roles:
+    - alpine
+    - dnsmasq
+
 - hosts: zid
   roles:
     - alpine

From a3dd4eba6594019574feb94ca6c112451ee84e00 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Fri, 26 Jul 2024 10:14:23 +0200
Subject: [PATCH 2/2] =?UTF-8?q?alpine:=20don=E2=80=99t=20assume=20all=20se?=
 =?UTF-8?q?rvices=20are=20TCP?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/alpine/templates/local.nft.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/alpine/templates/local.nft.j2 b/roles/alpine/templates/local.nft.j2
index 4a1d32f..484a8e8 100644
--- a/roles/alpine/templates/local.nft.j2
+++ b/roles/alpine/templates/local.nft.j2
@@ -12,10 +12,10 @@ table inet filter {
 {% endif %}
 {% if prefixes4 or prefixes6 %}
 {% if prefixes4 %}
-        ip saddr { {{ prefixes4 | join(', ') }} } tcp dport { {{ ports }} } accept
+        ip saddr { {{ prefixes4 | join(', ') }} } {{ service.protocol.value }} dport { {{ ports }} } accept
 {% endif %}
 {% if prefixes6 %}
-        ip6 saddr { {{ prefixes6 | join(', ') }} } tcp dport { {{ ports }} } accept
+        ip6 saddr { {{ prefixes6 | join(', ') }} } {{ service.protocol.value }} dport { {{ ports }} } accept
 {% endif %}
 {% else %}
         tcp dport { {{ ports }} } accept