added host2 and some other stuff

2020-07-10 14:56:02 -05:00 · 2020-07-10 14:56:02 -05:00 · 26971a234f
commit 26971a234f
parent f386dd2d18
14 changed files with 284 additions and 7 deletions
--- a/pillars/roles/ca/vpnclients.sls
+++ b/pillars/roles/ca/vpnclients.sls
@ -1,6 +1,4 @@
 ca:
-  standesk:
-    type: client
  masau-llm.actcur.com:
    type: client
  masau-apm.actcur.com:
--- a/pillars/roles/init.sls
+++ b/pillars/roles/init.sls
@ -10,3 +10,4 @@ include:
  - roles.services
  - roles.laradev
  - roles.lxc
+  - roles.router
--- a/pillars/roles/router/init.sls
+++ b/pillars/roles/router/init.sls
@ -0,0 +1,15 @@
+{% set states = salt['cp.list_states'](saltenv) %}
+include:
+  - roles.router.none
+{%- if grains['roles'] is defined -%}
+  {%- if grains['roles'] is not none -%}
+    {%- if 'router' in grains['roles'] -%}
+      {%- for state in states %}
+        {%- if state.startswith("pillars.roles.router.") -%}
+          {%- set role = state.split('.')[3] %}
+  - roles.router.{{ role }}
+        {%- endif -%}
+      {%- endfor -%}
+    {%- endif -%}
+  {%- endif -%}
+{%- endif -%}
--- a/pillars/roles/router/misc.sls
+++ b/pillars/roles/router/misc.sls
@ -0,0 +1,183 @@
+router:
+  masau-ldm:
+    mac: 00:1e:e5:e6:5d:1a
+    ip: 172.16.40.1
+  masau-llm:
+    mac: 54:27:1e:ee:0a:0a
+    ip: 172.16.40.2
+  steam:
+    mac: 52:54:00:80:8a:68
+    ip: 172.16.40.3
+  babybrat-wdm:
+    mac: 00:02:6F:DC:94:F6
+    ip: 172.16.40.4
+  babybrat-wlm:
+    mac: 54:27:1e:79:0c:4e
+    ip: 172.16.40.5
+  mitri-wdm:
+    mac: 00:00:00:00:00:05
+    ip: 172.16.40.6
+  host:
+    mac: b8:97:5a:49:70:fe
+    ip: 172.16.41.25
+  virt:
+    mac: 52:54:00:3f:16:f3
+    ip: 172.16.41.26
+  icinga:
+    mac: 52:54:00:e9:85:5e
+    ip: 172.16.41.27
+  ipa:
+    mac: 52:54:00:94:ae:44
+    ip: 172.16.41.28
+  salt:
+    mac: 52:54:00:f7:c9:c9
+    ip: 172.16.41.29
+  ssh:
+    mac: 52:54:00:cf:ce:52
+    ip: 172.16.41.30
+    ports:
+      - ssh: 23453.22
+  pkg:
+    mac: 52:54:00:ff:a4:c4
+    ip: 172.16.41.31
+  ca:
+    mac: 52:54:00:18:c3:c4
+    ip: 172.16.41.32
+  vpn:
+    mac: 52:54:00:6e:d5:cf
+    ip: 172.16.41.33
+  smb:
+    mac: 52:54:00:f0:0f:fd
+    ip: 172.16.41.34
+  vnc:
+    mac: 52:54:00:8c:c5:e7
+    ip: 172.16.41.35
+  pass:
+    mac: 52:54:00:a0:b8:d8
+    ip: 172.16.41.36
+  authelia:
+    mac: 52:54:00:a6:25:11
+    ip: 172.16.41.37
+  ssh2:
+    mac: 52:54:00:aa:8b:b3
+    ip: 172.16.41.38
+    ports:
+      ssh2: 25432.22
+  plex:
+    mac: 52:54:00:75:14:b7
+    ip: 172.16.41.40
+  arr:
+    mac: 52:54:00:99:63:17
+    ip: 172.16.41.41
+  emby:
+    mac: 52:54:00:a3:7d:ff
+    ip: 172.16.41.42
+    ports:
+      emby: 8096.8096
+  rtorrent:
+    mac: 52:54:00:d5:15:74
+    ip: 172.16.41.43
+  cast:
+    mac: 52:54:00:68:94:67
+    ip: 172.16.41.44
+  ombi:
+    mac: 52:54:00:e1:c4:dd
+    ip: 172.16.41.45
+  transmission:
+    mac: 52:54:00:8e:79:5e
+    ip: 172.16.41.46
+  mc:
+    mac: 52:54:00:2a:58:fc
+    ip: 172.16.41.50
+  starbound:
+    mac: 52:54:00:ef:4d:ee
+    ip: 172.16.41.51
+  portal:
+    mac: 52:54:00:04:4d:b2
+    ip: 172.16.41.60
+    ports:
+      portal-http: 80.80
+      portal-https: 443.443
+  lara:
+    mac: 52:54:00:fa:d4:0d
+    ip: 172.16.41.61
+  shell:
+    mac: 52:54:00:5f:4b:ac
+    ip: 172.16.41.62
+  multi:
+    mac: 52:54:00:2a:0a:c5
+    ip: 172.16.41.65
+  tt:
+    mac: 52:54:00:ef:f2:37
+    ip: 172.16.41.66
+  sql:
+    mac: 52:54:00:8c:d0:53
+    ip: 172.16.41.67
+  git:
+    mac: 52:54:00:7e:cc:99
+    ip: 172.16.41.68
+    ports:
+      gogs-ssh: 5022.5022
+  baikal:
+    mac: 52:54:00:0f:81:f8
+    ip: 172.16.41.69
+  sync:
+    mac: 52:54:00:d6:69:8e
+    ip: 172.16.41.70
+  squid:
+    mac: 52:54:00:e0:72:28
+    ip: 172.16.41.71
+  archtest:
+    mac: 52:54:00:8f:03:fe
+    ip: 172.16.41.72
+  debtest:
+    mac: 52:54:00:1c:47:9a
+    ip: 172.16.41.73
+  books:
+    mac: 52:54:00:6f:37:7e
+    ip: 172.16.41.74
+  cloud:
+    mac: 52:54:00:65:10:a2
+    ip: 172.16.41.75
+  mycroft:
+    mac: 52:54:00:07:8f:03
+    ip: 172.16.41.76
+  rss:
+    mac: 52:54:00:ea:97:fb
+    ip: 172.16.41.200
+  git2:
+    mac: 52:54:00:32:22:8c
+    ip: 172.16.41.201
+  gitlab:
+    mac: 52:54:00:51:26:ff
+    ip: 172.16.41.202
+  abase:
+    mac: 52:54:00:bc:ed:77
+    ip: 172.16.41.203
+  cbase:
+    mac: 52:54:00:e0:ac:cf
+    ip: 172.16.41.204
+  dbase:
+    mac: 52:54:00:b0:d9:94
+    ip: 172.16.41.205
+  centtest:
+    mac: 52:54:00:65:8e:c7
+    ip: 172.16.41.206
+  project:
+    mac: 52:54:00:9e:a5:48
+    ip: 172.16.41.208
+  dipa:
+    mac: 52:54:00:57:2c:b1
+    ip: 172.16.41.209
+  fipa:
+    mac: 52:54:00:49:79:84
+    ip: 172.16.41.210
+  ipa2:
+    mac: 52:54:00:5b:98:ee
+    ip: 172.16.41.211
+  acearo:
+    mac: 52:54:00:c1:b1:e2
+    ip: 172.16.41.212
+  jelly:
+    mac: 52:54:00:bb:40:09
+    ip: 172.16.41.213
--- a/pillars/roles/router/none.sls
+++ b/pillars/roles/router/none.sls
--- a/pillars/servers/env/server/host2.sls
+++ b/pillars/servers/env/server/host2.sls
@ -0,0 +1 @@
+env: prod
--- a/pillars/servers/env/server/router.sls
+++ b/pillars/servers/env/server/router.sls
@ -0,0 +1 @@
+env: prod
--- a/pillars/servers/roles/server/host2.sls
+++ b/pillars/servers/roles/server/host2.sls
@ -0,0 +1,7 @@
+grains:
+  roles:
+    - server
+    - ssh
+    - nrpe
+    - saltminion
+    - host
--- a/pillars/servers/roles/server/router.sls
+++ b/pillars/servers/roles/server/router.sls
@ -0,0 +1,4 @@
+grains:
+  roles:
+    - router
+    - ssh
--- a/states/roles/maintain/host/init.sls
+++ b/states/roles/maintain/host/init.sls
@ -0,0 +1,11 @@
+add_kvm:
+  kmod.present:
+    - name: kvm_intel
+
+install_host_pkgs:
+  pkg.installed:
+    - pkgs:
+      - qemu-headless
+      - net-tools
+      - speedtest-cli
+      - btrfs-progs
--- a/states/roles/maintain/nginx-proxy/init.sls
+++ b/states/roles/maintain/nginx-proxy/init.sls
@ -26,10 +26,7 @@ nginx:

 {##ensure that nginx pillar exists##}
 {%- if pillar['nginx'] is defined -%}
-  {%- set resolver = salt['dnsutil.A']('r.actcur.com')[0] -%}
-  {%- if resolver|string() == "U" -%}
  {%- set resolver = "172.16.40.20" -%}
-  {%- endif -%}

 {##set up conf files for this server##}
 {%- for name in pillar['nginx'] %}
--- a/states/roles/maintain/router/dhcp
+++ b/states/roles/maintain/router/dhcp
@ -0,0 +1,50 @@
+config dnsmasq
+        option domainneeded '1'
+        option boguspriv '1'
+        option filterwin2k '0'
+        option localise_queries '1'
+        option rebind_protection '1'
+        option rebind_localhost '1'
+        option local '/actcur.com/'
+        option domain 'actcur.com'
+        option expandhosts '1'
+        option nonegcache '0'
+        option authoritative '1'
+        option readethers '1'
+        option leasefile '/tmp/dhcp.leases'
+        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
+        option nonwildcard '1'
+        option localservice '1'
+
+config dhcp 'lan'
+        option interface 'lan'
+        option start '100'
+        option limit '150'
+        option leasetime '12h'
+        option dhcpv6 'server'
+        option ra 'server'
+        option ra_slaac '1'
+        list ra_flags 'managed-config'
+        list ra_flags 'other-config'
+        option ra_management '1'
+
+config dhcp 'wan'
+        option interface 'wan'
+        option ignore '1'
+
+config odhcpd 'odhcpd'
+        option maindhcp '0'
+        option leasefile '/tmp/hosts/odhcpd'
+        option leasetrigger '/usr/sbin/odhcpd-update'
+        option loglevel '4'
+
+{%- if pillar['dns'] is defined -%}
+{%- for name in pillar['dns'] %}
+config host
+        option name {{ name }}
+        option ip {{ pillar['dns'][name]['ip'] }}
+        option mac {{ pillar['dns'][name]['mac'] }}
+        option dns '1'
+
+{%- endfor %}
+{%- endif %}
--- a/states/roles/maintain/router/init.sls
+++ b/states/roles/maintain/router/init.sls
@ -0,0 +1,9 @@
+{##ensure that dns pillar exists##}
+/etc/config/dhcp:
+  file.managed:
+    - makedirs: true
+    - source: salt://roles/maintain/dns/dhcp
+    - user: root
+    - group: root
+    - mode: 600
+    - template: jinja
--- a/0
+++ b/0