Opensourcing raspberry pi roles.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/apt-cacher/client/defaults/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,3 @@
+---
+
+apt_cacher_port: "3142"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/apt-cacher/client/tasks/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,7 @@
+---
+
+- name: configure apt-cacher proxy
+ become: yes
+ template:
+ src: "02proxy.j2"
+ dest: "/etc/apt/apt.conf.d/02proxy"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/apt-cacher/client/templates/02proxy.j2 Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,1 @@
+Acquire::http::proxy "http://{{apt_cacher_host}}:{{apt_cacher_port}}";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/apt-cacher/server/defaults/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+---
+
+apt_cacher_cache_dir: "/var/cache/apt-cacher-ng"
+apt_cacher_log_dir: "/var/log/apt-cacher-ng"
+apt_cacher_port: "3142"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/apt-cacher/server/tasks/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,17 @@
+---
+
+- name: install apt packages
+ become: yes
+ apt: name="apt-cacher-ng"
+
+- name: configure apt-cacher dirs
+ become: yes
+ lineinfile:
+ path: "/etc/apt-cacher-ng/acng.conf"
+ regexp: "^{{item.key}}:"
+ insertafter: "^# {{item.key}}:"
+ line: "{{item.key}}: {{item.val}}"
+ with_items:
+ - { key: "CacheDir", val: "{{apt_cacher_cache_dir}}" }
+ - { key: "LogDir", val: "{{apt_cacher_log_dir}}" }
+ - { key: "Port", val: "{{apt_cacher_port}}" }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/defaults/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,6 @@
+---
+
+aws_s3_backup_region: "us-east-1"
+aws_s3_backup_pip_packages:
+ - "awscli"
+ - "boto3"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/files/aws-s3-backup.target Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,3 @@
+[Unit]
+Description=AWS S3 backup target
+StopWhenUnneeded=yes
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/files/aws-s3-backup.timer Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,10 @@
+[Unit]
+Description=Daily AWS S3 backup
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+Unit=aws-s3-backup.target
+
+[Install]
+WantedBy=timers.target
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/handlers/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,9 @@
+---
+
+- name: reload timer
+ systemd: name="aws-s3-backup.timer" enabled="yes" daemon_reload="yes"
+ become: yes
+
+- name: reload target
+ systemd: name="aws-s3-backup.target" enabled="yes" daemon_reload="yes"
+ become: yes
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/tasks/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,38 @@
+---
+
+- name: apt install pip
+ become: yes
+ apt: name="python-pip"
+
+- name: pip install aws cli packages
+ become: yes
+ pip: name="{{aws_s3_backup_pip_packages}}"
+
+- name: create aws config dir for root
+ become: yes
+ file: path="/root/.aws/" state="directory" mode="0755"
+
+- name: configure aws credentials for root
+ become: yes
+ template: src="aws-{{item}}.j2" dest="/root/.aws/{{item}}" mode="0600"
+ with_items:
+ - "credentials"
+ - "config"
+
+- name: create systemd target
+ become: yes
+ copy:
+ src: "aws-s3-backup.target"
+ dest: "/lib/systemd/system/aws-s3-backup.target"
+ notify: reload target
+
+- name: create systemd timer
+ become: yes
+ copy:
+ src: "aws-s3-backup.timer"
+ dest: "/lib/systemd/system/aws-s3-backup.timer"
+ notify: reload timer
+
+- name: ensure timer is started
+ become: yes
+ systemd: name="aws-s3-backup.timer" enabled="yes" state="started"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/templates/aws-config.j2 Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+# {{ansible_managed}}
+
+[default]
+region={{aws_s3_backup_region}}
+output=json
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/templates/aws-credentials.j2 Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+# {{ansible_managed}}
+
+[default]
+aws_access_key_id={{aws_access_key}}
+aws_secret_access_key={{aws_secret_key}}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/base/defaults/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,13 @@
+---
+
+rpi_base_enable_wifi: True
+rpi_base_timezone: "America/Chicago"
+rpi_base_apt_packages:
+ - "log2ram"
+ - "fail2ban"
+ - "unattended-upgrades"
+ - "emacs-nox"
+ - "htop"
+ - "jq"
+ - "tree"
+ - "iperf3"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/base/files/jail.local Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,10 @@
+[ssh]
+
+enabled = true
+port = ssh
+filter = sshd
+logpath = /var/log/auth.log
+bantime = 900
+banaction = iptables-allports
+findtime = 900
+maxretry = 3
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/base/tasks/main.yml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,42 @@
+---
+
+- name: turn swap off
+ become: yes
+ command: "swapoff -a"
+ changed_when: false
+
+- name: remove swap apt package
+ become: yes
+ apt: state="absent" name="dphys-swapfile"
+
+- name: add log2ram apt key
+ become: yes
+ apt_key: url="https://azlux.fr/repo.gpg.key"
+
+- name: add log2ram apt repo
+ become: yes
+ apt_repository: repo="deb http://packages.azlux.fr/debian/ buster main"
+
+- name: set timezone
+ become: yes
+ timezone: name="{{rpi_base_timezone}}"
+
+- name: setup wifi
+ become: yes
+ template: src="wpa_supplicant.conf.j2" dest="/etc/wpa_supplicant/wpa_supplicant.conf" mode="0644"
+
+- name: update apt package cache
+ become: yes
+ apt: upgrade="dist" autoremove="yes" autoclean="yes" update_cache="yes" cache_valid_time="3600"
+
+- name: install extra apt packages
+ become: yes
+ apt: name="{{rpi_base_apt_packages}}" state="latest"
+
+- name: install fail2ban config
+ become: yes
+ copy: src="jail.local" dest="/etc/fail2ban/jail.local"
+
+- name: authorize admin ssh keys
+ become: yes
+ authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/base/templates/wpa_supplicant.conf.j2 Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,14 @@
+# {{ansible_managed}}
+
+country=US
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
+update_config=1
+{% for network in wpa_networks %}
+
+network={
+ ssid="{{network.ssid}}"
+ psk="{{network.psk}}"
+ disabled={% if rpi_base_enable_wifi %}0{% else %}1{% endif %}
+
+}
+{% endfor %}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/block-device/defaults/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,7 @@
+---
+
+block_device_user: "{{ansible_user}}"
+block_device_group: "{{ansible_group}}"
+block_device_mode: "0755"
+block_device_umask: "0022"
+block_device_opts: "defaults"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/block-device/tasks/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,17 @@
+---
+
+- name: create mount point
+ become: yes
+ file:
+ path: "{{block_device_mount_point}}"
+ mode: "{{block_device_mode}}"
+ state: "directory"
+
+- name: mount block device
+ become: yes
+ mount:
+ path: "{{block_device_mount_point}}"
+ src: "{{block_device_uuid}}"
+ fstype: "{{block_device_fstype}}"
+ opts: "{{block_device_opts}}"
+ state: "mounted"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/homebridge/defaults/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,24 @@
+---
+
+homebridge_user: "homebridge"
+homebridge_dir: "/home/{{homebridge_user}}"
+homebridge_restart_sec: "10"
+
+homebridge_pin: "031-45-154"
+homebridge_port: "51900"
+
+homebridge_apt_packages:
+ - "libavahi-compat-libdnssd-dev"
+ - "ffmpeg"
+
+homebridge_npm_packages:
+ - "homebridge-camera-ffmpeg"
+ - "homebridge-roomba-stv"
+
+homebridge_rtsp_vcodec: "h264_omx"
+homebridge_rtsp_debug: "false"
+homebridge_rtsp_max_streams: 5
+
+homebridge_roomba_auto_refresh: "true"
+homebridge_roomba_keep_alive: "true"
+homebridge_roomba_cache_TTL: "30"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/homebridge/handlers/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: restart homebridge service
+ systemd: name="homebridge" state="restarted" daemon_reload="yes"
+ become: yes
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/homebridge/meta/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+ - nodejs
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/homebridge/tasks/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,56 @@
+---
+
+- name: create homebridge user
+ become: yes
+ user:
+ name: "{{homebridge_user}}"
+ comment: "Homebridge"
+ shell: "/bin/false"
+ home: "{{homebridge_dir}}"
+ groups: "video,spi,i2c,gpio"
+ move_home: yes
+ notify: restart homebridge service
+
+- name: create homebridge directory
+ become: yes
+ file:
+ path: "{{homebridge_dir}}"
+ state: "directory"
+ owner: "{{homebridge_user}}"
+ group: "{{homebridge_user}}"
+ mode: "0755"
+
+- name: install homebridge apt deps
+ become: yes
+ apt: name="{{homebridge_apt_packages}}"
+
+- name: install homebridge
+ become: yes
+ become_user: "{{homebridge_user}}"
+ npm: name="homebridge" global="yes"
+ notify: restart homebridge service
+
+- name: install platform accessories
+ become: yes
+ become_user: "{{homebridge_user}}"
+ npm: name="{{item}}" global="yes"
+ notify: restart homebridge service
+ with_items: "{{homebridge_npm_packages}}"
+
+- name: configure homebridge
+ become: yes
+ template:
+ src: "config.json.j2"
+ dest: "{{homebridge_dir}}/config.json"
+ notify: restart homebridge service
+
+- name: configure systemd service
+ become: yes
+ template:
+ src: "homebridge.service.j2"
+ dest: "/lib/systemd/system/homebridge.service"
+ notify: restart homebridge service
+
+- name: ensure homebridge is started
+ become: yes
+ systemd: name="homebridge.service" enabled="yes" state="started"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/homebridge/templates/config.json.j2 Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,48 @@
+{
+ "bridge": {
+ "name": "Homebridge",
+ "username": "{{ansible_default_ipv4.macaddress | upper}}",
+ "port": {{homebridge_port}},
+ "pin": "{{homebridge_pin}}"
+ },
+
+ "description": "Homebridge",
+
+ "platforms": [
+
+ {"platform": "Camera-ffmpeg",
+ "cameras": [
+
+ {% for cam in homebridge_rtsp_cams %}
+ {"name": "{{cam.name}}", "videoConfig": {
+ "source": "-i {{cam.rtsp_url}}",
+ "stillImageSource": "-i {{cam.rtsp_url}} -vframes 1 -r 1",
+ "vcodec": "{{homebridge_rtsp_vcodec}}",
+ "maxStreams": {{homebridge_rtsp_max_streams}},
+ "debug": {{homebridge_rtsp_debug}}
+ }
+ {% if not loop.last %}
+ },
+ {% else %}
+ }
+ {% endif %}
+ {% endfor %}
+ ]}
+
+ ],
+
+ "accessories": [
+ {
+ "accessory": "Roomba",
+ "name": "Roomba",
+ "model": "{{homebridge_roomba_model}}",
+ "blid": "{{homebridge_roomba_blid}}",
+ "robotpwd": "{{homebridge_roomba_passwd}}",
+ "ipaddress": "{{homebridge_roomba_ip}}",
+ "autoRefreshEnabled": {{homebridge_roomba_auto_refresh}},
+ "keepAliveEnabled": {{homebridge_roomba_keep_alive}},
+ "cacheTTL": {{homebridge_roomba_cache_TTL}}
+ }
+ ]
+
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/homebridge/templates/homebridge.service.j2 Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,16 @@
+# {{ansible_managed}}
+
+[Unit]
+Description=Homebridge
+
+[Service]
+User={{homebridge_user}}
+Group={{homebridge_user}}
+Restart=always
+RestartSec={{homebridge_restart_sec}}
+
+WorkingDirectory={{homebridge_dir}}
+ExecStart=/usr/bin/node /opt/{{nodejs_dir}}/bin/homebridge -U {{homebridge_dir}}
+
+[Install]
+WantedBy=default.target
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/mercurial/files/mercurial-s3-backup.sh Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+BUCKET=$1
+DATE=`date --iso-8601`
+BACKUP_DIR=$2
+BACKUP_TAR="/tmp/$BUCKET-$DATE.tgz"
+
+tar -zc -f $BACKUP_TAR $BACKUP_DIR
+aws s3 mb "s3://$BUCKET/"
+aws s3 cp $BACKUP_TAR "s3://$BUCKET/"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/mercurial/handlers/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: reload s3 backup service
+ systemd: name="mercurial-s3-backup@{{mercurial_s3_backup_bucket}}.service" enabled="yes" daemon_reload="yes"
+ become: yes
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/mercurial/tasks/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,23 @@
+---
+
+- name: install mercurial
+ become: yes
+ apt: name="mercurial"
+
+- name: create mercurial s3 backup shell script
+ become: yes
+ copy:
+ src: "mercurial-s3-backup.sh"
+ dest: "/usr/local/bin/mercurial-s3-backup.sh"
+ mode: "0755"
+
+- name: configure mercurial s3 backup systemd service
+ become: yes
+ template:
+ src: "[email protected]"
+ dest: "/lib/systemd/system/mercurial-s3-backup@{{mercurial_s3_backup_bucket}}.service"
+ notify: reload s3 backup service
+
+- name: ensure mercurial s3 backup service is started
+ become: yes
+ systemd: name="mercurial-s3-backup@{{mercurial_s3_backup_bucket}}.service" enabled="yes"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/mercurial/templates/[email protected] Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,9 @@
+[Unit]
+Description=Mercurial s3 backup for "%I"
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/mercurial-s3-backup.sh %i "{{mercurial_s3_backup_dir}}"
+
+[Install]
+WantedBy=aws-s3-backup.target
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nodejs/defaults/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,7 @@
+---
+
+nodejs_tag: "latest-v11.x"
+nodejs_version: "11.15.0"
+nodejs_arch: "{{ansible_architecture}}"
+nodejs_dir: "node-v{{nodejs_version}}-{{ansible_system | lower}}-{{nodejs_arch}}"
+nodejs_src: "https://nodejs.org/dist/{{nodejs_tag}}/{{nodejs_dir}}.tar.gz"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nodejs/tasks/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,21 @@
+---
+
+- name: download and unarchive nodejs
+ become: yes
+ unarchive:
+ src: "https://nodejs.org/dist/{{nodejs_tag}}/{{nodejs_dir}}.tar.xz"
+ dest: "/opt/"
+ remote_src: yes
+ creates: "/opt/{{nodejs_dir}}"
+
+# sudo update-alternatives --install "/usr/bin/node" "node" "/opt/node/bin/node" 1
+- name: update node alterantives
+ become: yes
+ alternatives:
+ link: "/usr/bin/{{item}}"
+ name: "{{item}}"
+ path: "/opt/{{nodejs_dir}}/bin/{{item}}"
+ priority: "1"
+ with_items:
+ - "node"
+ - "npm"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/plex/handlers/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: restart plex service
+ systemd: name="plexmediaserver" state="restarted" daemon_reload="yes"
+ become: yes
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/plex/tasks/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,21 @@
+---
+
+# https://forums.plex.tv/t/read-me-first-about-server-armv7-and-armv8-ubuntu-debian/226567
+
+- name: add plex apt key
+ become: yes
+ apt_key: url="https://downloads.plex.tv/plex-keys/PlexSign.key"
+
+- name: add plex apt repo
+ become: yes
+ apt_repository: repo="deb http://downloads.plex.tv/repo/deb public main"
+ notify: restart plex service
+
+- name: update apt package cache
+ become: yes
+ apt: upgrade="dist" update_cache="yes" cache_valid_time="3600"
+
+- name: install plex server
+ become: yes
+ apt: name="plexmediaserver"
+ notify: restart plex service
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/transmission/defaults/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,6 @@
+---
+
+transmission_config: "/var/lib/transmission-daemon/info/settings.json"
+transmission_port: "9091"
+transmission_passwd: "transmission"
+transmission_download_dir: "/var/lib/transmission-daemon/downloads"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/transmission/handlers/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: restart transmission service
+ systemd: name="transmission-daemon" state="restarted" daemon_reload="yes"
+ become: yes
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/transmission/tasks/main.yaml Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,70 @@
+---
+
+- name: install transmission
+ become: yes
+ apt: name="transmission-daemon"
+ notify: restart transmission service
+
+- name: stop transmission service
+ systemd: name="transmission-daemon" state="stopped" daemon_reload="yes"
+ become: yes
+
+- name: config ip whitelist
+ become: yes
+ lineinfile:
+ path: "{{transmission_config}}"
+ regexp: '^ "rpc-whitelist":'
+ line: ' "rpc-whitelist": "127.0.0.1,192.168.*.*",'
+ notify: restart transmission service
+
+- name: config umask
+ become: yes
+ lineinfile:
+ path: "{{transmission_config}}"
+ regexp: '^ "umask":'
+ line: ' "umask": 2,'
+ notify: restart transmission service
+
+- name: config port
+ become: yes
+ lineinfile:
+ path: "{{transmission_config}}"
+ regexp: '^ "rpc-port":'
+ line: " \"rpc-port\": {{transmission_port}},"
+ notify: restart transmission service
+
+- name: config password
+ become: yes
+ lineinfile:
+ path: "{{transmission_config}}"
+ regexp: '^ "rpc-password":'
+ line: " \"rpc-password\": \"{{transmission_passwd}}\","
+ notify: restart transmission service
+
+- name: config download dir
+ become: yes
+ lineinfile:
+ path: "{{transmission_config}}"
+ regexp: '^ "download-dir":'
+ line: " \"download-dir\": \"{{transmission_download_dir}}\","
+ notify: restart transmission service
+
+- name: config disable seeding
+ become: yes
+ lineinfile:
+ path: "{{transmission_config}}"
+ regexp: '^ "idle-seeding-limit":'
+ line: " \"idle-seeding-limit\": 0,"
+ notify: restart transmission service
+
+- name: config disable seeding
+ become: yes
+ lineinfile:
+ path: "{{transmission_config}}"
+ regexp: '^ "idle-seeding-limit-enabled":'
+ line: " \"idle-seeding-limit-enabled\": true,"
+ notify: restart transmission service
+
+- name: start transmission service
+ systemd: name="transmission-daemon" state="started" daemon_reload="yes"
+ become: yes