diff --git a/roles/alpine/tasks/main.yml b/roles/alpine/tasks/main.yml index 4292d41..9fce34c 100644 --- a/roles/alpine/tasks/main.yml +++ b/roles/alpine/tasks/main.yml @@ -65,6 +65,7 @@ - acl - git - iproute2 + - logrotate - nftables - procps - rsync @@ -97,11 +98,33 @@ - meta: flush_handlers +- name: Enable QEMU guest agent + when: is_virtual + block: + - name: Install QEMU guest agent package + package: + name: qemu-guest-agent + + - name: Enable QEMU guest agent service + service: + name: qemu-guest-agent + enabled: yes + state: started + +- name: Install automatic upgrade script + copy: + dest: /etc/periodic/weekly/ + src: unattended-upgrade + mode: 0755 + +- name: Configure log rotation for automatic upgrades + copy: + dest: /etc/logrotate.d/unattended-upgrade + src: unattended-upgrade.logrotate + mode: 0644 + - name: Set authorized SSH keys authorized_key: user: root exclusive: true key: "{{ ssh_keys | join('\n') }}" - -- when: is_virtual - include_tasks: vm.yml diff --git a/roles/alpine/tasks/vm.yml b/roles/alpine/tasks/vm.yml deleted file mode 100644 index 45ce0af..0000000 --- a/roles/alpine/tasks/vm.yml +++ /dev/null @@ -1,25 +0,0 @@ -- name: Install QEMU guest agent package - package: - name: qemu-guest-agent - -- name: Enable QEMU guest agent service - service: - name: qemu-guest-agent - enabled: yes - state: started - -- name: Install logrotate - package: - name: logrotate - -- name: Install automatic upgrade script - copy: - dest: /etc/periodic/weekly/ - src: unattended-upgrade - mode: "0755" - -- name: Configure log rotation for automatic upgrades - copy: - dest: /etc/logrotate.d/unattended-upgrade - src: unattended-upgrade.logrotate - mode: "0644" diff --git a/roles/alpine/templates/interfaces.j2 b/roles/alpine/templates/interfaces.j2 index 882e93e..0ccf500 100644 --- a/roles/alpine/templates/interfaces.j2 +++ b/roles/alpine/templates/interfaces.j2 @@ -1,20 +1,10 @@ -{# Loopback interface must be present so create it here if none is defined in inventory. #} -{% if not interfaces | selectattr("name", "==", "lo") %} +{# Loopback interface must be present so define it here if none exists. #} +{% if interfaces | rejectattr("name", "==", "lo") %} auto lo iface lo {% endif -%} -{# Define VRFs. #} -{% for vrf in interfaces | selectattr("vrf") | map(attribute="vrf.name") %} -auto {{ vrf }} -iface {{ vrf }} - pre-up ip link add $IFACE type vrf table {{ 100 + loop.index }} - up ip link set dev $IFACE up - post-down ip link del $IFACE - -{% endfor -%} - {# Skip disabled and OOB management interfaces. #} {# For VMs we have to set the attribute manually (to false) so rejectattr works. #} {% for iface in interfaces @@ -23,10 +13,6 @@ iface {{ vrf }} | selectattr('enabled') %} auto {{ iface.name }} iface {{ iface.name }} -{% if iface.vrf %} - requires {{ iface.vrf.name }} - pre-up ip link set $IFACE master {{ iface.vrf.name }} -{% endif %} {% if iface.mtu %} mtu {{ iface.mtu }} {% endif %} @@ -37,17 +23,13 @@ iface {{ iface.name }} {% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %} {% set gateway = prefix.custom_fields.gateway.address %} {% if gateway is defined and gateway != address.address %} -{% if iface.vrf %} - up ip route add default via {{ gateway | ipaddr('address') }} {% if iface.vrf.name %}vrf {{ iface.vrf.name }}{% endif +%} -{% else %} gateway {{ gateway | ipaddr('address') }} {% endif %} {% endif %} -{% endif %} {% endfor -%} {# disable SLAAC if we have a manually set IPv6 address #} -{% if iface.ip_addresses | selectattr("family.value", "==", 6) and iface.name != "lo" %} +{% if iface.ip_addresses | selectattr("family.value", "==", 6) %} pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf {% endif %} diff --git a/roles/debian/tasks/main.yml b/roles/debian/tasks/main.yml index cf25d0e..11d7942 100644 --- a/roles/debian/tasks/main.yml +++ b/roles/debian/tasks/main.yml @@ -89,6 +89,19 @@ include_tasks: firewall.yml when: not is_proxmox # proxmox has its own firewall configuration +- name: Install automatic upgrade package + package: + name: unattended-upgrades + +- name: Configure automatic upgrades + lineinfile: + path: /etc/apt/apt.conf.d/20auto-upgrades + create: yes + line: '{{ item }}' + loop: + - 'APT::Periodic::Update-Package-Lists "1";' + - 'APT::Periodic::Unattended-Upgrade "1";' + - name: Run SSH instance in management VRF when: interfaces | selectattr('vrf') | selectattr('vrf.name', '==', 'mgmt') block: @@ -111,6 +124,3 @@ name: sshd@mgmt enabled: yes notify: reboot - -- when: is_virtual - include_tasks: vm.yml diff --git a/roles/debian/tasks/vm.yml b/roles/debian/tasks/vm.yml deleted file mode 100644 index 1b6fa97..0000000 --- a/roles/debian/tasks/vm.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Install automatic upgrade package - package: - name: unattended-upgrades - -- name: Configure automatic upgrades - lineinfile: - path: /etc/apt/apt.conf.d/20auto-upgrades - create: yes - line: '{{ item }}' - loop: - - 'APT::Periodic::Update-Package-Lists "1";' - - 'APT::Periodic::Unattended-Upgrade "1";'