alpine: don’t assume all services are TCP

inventory.yml

@@ -14,5 +14,6 @@ query_filters:
   - role: 'firewall'
   - role: 'server'
   - role: 'storage-node'
+  - role: 'desktop-computer'
 group_by:
   - cluster

roles/alpine/templates/local.nft.j2

@@ -12,10 +12,10 @@ table inet filter {
 {% endif %}
 {% if prefixes4 or prefixes6 %}
 {% if prefixes4 %}
-        ip saddr { {{ prefixes4 | join(', ') }} } tcp dport { {{ ports }} } accept
+        ip saddr { {{ prefixes4 | join(', ') }} } {{ service.protocol.value }} dport { {{ ports }} } accept
 {% endif %}
 {% if prefixes6 %}
-        ip6 saddr { {{ prefixes6 | join(', ') }} } tcp dport { {{ ports }} } accept
+        ip6 saddr { {{ prefixes6 | join(', ') }} } {{ service.protocol.value }} dport { {{ ports }} } accept
 {% endif %}
 {% else %}
         tcp dport { {{ ports }} } accept

roles/dnsmasq/handlers/main.yml

@@ -0,0 +1,5 @@
+- name: restart dnsmasq
+  service:
+    name: dnsmasq
+    state: restarted
+  when: "'handler' not in ansible_skip_tags"

roles/dnsmasq/tasks/main.yml

@@ -0,0 +1,16 @@
+- name: Install packages
+  package:
+    name:
+    - dnsmasq
+
+- name: Configure dnsmasq
+  template:
+    dest: '/etc/dnsmasq.d/{{ item }}'
+    src: '{{ item }}.j2'
+  loop:
+  - 00-options.conf
+  - 10-ranges.conf
+  notify: restart dnsmasq
+
+# TODO DNS update
+# TODO netboot config

roles/dnsmasq/templates/00-options.conf.j2

@@ -0,0 +1,11 @@
+# disable DNS server
+port = 0
+
+bind-interfaces
+interface = {{ interfaces | map(attribute='name') | join(',') }}
+
+dhcp-authoritative
+dhcp-proxy
+
+dhcp-option = option:dns-server,{{ dns | join(',') }}
+dhcp-option = option:ntp-server,{{ ntp | join(',') }}

roles/dnsmasq/templates/10-ranges.conf.j2

@@ -0,0 +1,18 @@
+{% for prefix in prefixes | selectattr('custom_fields.dhcp_server') %}
+{% if prefix.custom_fields.dhcp_server.address | ipaddr('address') == primary_ip4 %}
+# {{ prefix.vlan.name }}
+dhcp-range = set:{{ prefix.vlan.name }},{{ prefix.prefix | ipmath(100) }},{{ prefix.prefix | ipmath(200) }},{{ prefix.prefix | ipaddr('netmask') }}
+{% if prefix.custom_fields.gateway %}
+dhcp-option = tag:{{ prefix.vlan.name }},option:router,{{ prefix.custom_fields.gateway.address | ipaddr('address') }}
+{% endif -%}
+
+{% for host in hostvars.values() | selectattr('primary_ip4') | selectattr('primary_ip4', 'ansible.utils.in_network', prefix.prefix) %}
+{% for interface in host.interfaces | selectattr('mac_address') %}
+{% for address in interface.ip_addresses | selectattr('status.value', '==', 'dhcp') %}
+dhcp-host = {{ interface.mac_address | lower }},{{ address.address | ipaddr('address') }},{{ interface.device.name | lower }}
+{% endfor %}
+{% endfor %}
+{% endfor %}
+
+{% endif %}
+{% endfor %}

setup.yml

@@ -3,6 +3,11 @@
   roles:
     - facts
 
+- hosts: dhcp
+  roles:
+    - alpine
+    - dnsmasq
+
 - hosts: zid
   roles:
     - alpine