import common roles

access.yaml

@@ -0,0 +1,9 @@
+---
+
+- hosts:
+    - servers
+    - desktops
+    - laptops
+  remote_user: root
+  roles:
+    - name: root_user

cameras.yaml

@@ -0,0 +1,70 @@
+---
+
+- hosts: servers[0]
+  remote_user: root
+  handlers:
+    - name: reload systemd daemon
+      command: systemctl daemon-reload
+    - name: restart camera-download service
+      systemd:
+        name: camera-download@{{item}}.service
+        state: restarted
+      with_items: "{{groups.cameras}}"
+  tasks:
+    - name: install debian packages
+      apt:
+        pkg:
+          - gphoto2
+          - fping
+    - name: camera-download script
+      copy:
+        content: |
+          #!/usr/bin/fish
+          source /etc/camera-download/$argv[1].fish
+          cd $dir
+          while sleep 1
+            echo waiting for PING reply from $ip
+            if fping -4 -r60 -B1 -p5000 -q $ip
+              echo got PING reply from $ip - starting camera download
+              gphoto2 --port ptpip:$ip --get-all-files --skip-existing --force-overwrite --recurse --delete-all-files
+            end
+          end
+        dest: /usr/local/bin/camera-download
+        mode: 0755
+      notify: restart camera-download service
+    - name: camera-download config directory
+      file:
+        path: /etc/camera-download
+        state: directory
+    - name: camera-download config
+      copy:
+        content: |
+          set ip {{hostvars[item].ip}}
+          set dir {{hostvars[item].camera_download_directory}}
+        dest: /etc/camera-download/{{item}}.fish
+      with_items: "{{groups.cameras}}"
+      notify: restart camera-download service
+    - name: camera-download systemd service
+      copy:
+        content: |
+          [Unit]
+          Description=run camera-download
+
+          [Service]
+          User={{camera_download_user}}
+          Group={{camera_download_group}}
+          Type=simple
+          ExecStart=/usr/local/bin/camera-download %i
+
+          [Install]
+          WantedBy=multi-user.target
+        dest: /etc/systemd/system/camera-download@.service
+      notify:
+        - reload systemd daemon
+        - restart camera-download service
+    - name: enable and start camera-download service
+      systemd:
+        name: camera-download@{{item}}.service
+        state: started
+        enabled: yes
+      with_items: "{{groups.cameras}}"

desktop.yaml

@@ -0,0 +1,8 @@
+---
+
+- hosts: desktops:laptops
+  remote_user: root
+  tasks:
+    - name: kita-pro-desktop
+      import_role:
+        name: kita-pro-desktop

docs/LIVE-ROOT-PASSWORD

@@ -0,0 +1 @@
+boat orange winner park

group_vars/all/ips.yml

@@ -1,9 +0,0 @@
-ips:
--   host: kita-pro-vdesk
-    ip: 172.23.48.1
-    network: kita-pro-service-net
-    subnet: 172.23.48.0/24
--   host: kita-pro-vpn
-    ip: 172.23.48.2
-    network: kita-pro-service-net
-    subnet: 172.23.48.0/24

group_vars/all/networks.yml

@@ -1,48 +0,0 @@
-networks:
-
-  tg-net:
-    subnets:
-      - fd47:17e0:993c::/48
-      - 172.23/16
-
-  kita-pro-net:
-    parent: tg-net
-    site: kita-pro
-    subnets:
-      - fd47:17e0:993c:30::/60
-      - 172.23.48/20
-
-  kita-pro-service-net:
-    parent: tg-net
-    site: kita-pro
-    subnets:
-      - fd47:17e0:993c:30::/64
-      - 172.23.48/24
-
-  testkita-net:
-    parent: tg-net
-    site: testkita
-    subnets:
-      - fd47:17e0:993c:31::/64
-      - 172.23.49/24
-
-  kita-stjs-net:
-    parent: tg-net
-    site: kita-pro
-    subnets:
-      - fd47:17e0:993c:3d::/64
-      - 172.23.61/24
-
-  kita-stma-net:
-    parent: tg-net
-    site: kita-pro
-    subnets:
-      - fd47:17e0:993c:3e::/64
-      - 172.23.62/24
-
-  kita-stwg-net:
-    parent: tg-net
-    site: kita-pro
-    subnets:
-      - fd47:17e0:993c:3f::/64
-      - 172.23.63/24

group_vars/all/site.yml

@@ -1 +0,0 @@
-site_name: kita-pro

group_vars/all/users.yml

@@ -1,4 +1,3 @@
 root_ssh_authorized_keys:
-  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwdEkFBdQfY5YB6LR1l+copG7rZXlGLQyWWwhZdNkpW chaotika
-  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOC5/P9eYaHzOZGB/HE7zpjbCiYkfPFBzMvqIglFOWLe ansible-generated on tg-devops-emardely
-  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaeOFGQL7P71uJyGh5naztKyzM+9aUJT8moCzG/DlcW ansible-generated on kita-pro-vdesk
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwdEkFBdQfY5YB6LR1l+copG7rZXlGLQyWWwhZdNkpW markus.brechtel
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaeOFGQL7P71uJyGh5naztKyzM+9aUJT8moCzG/DlcW markus.brechtel@kita-pro-vdesk

group_vars/all/virt.yml

@@ -1 +0,0 @@
-virt_host: tg-srv-0

group_vars/vdesks/netif.yml

@@ -1,11 +0,0 @@
-netif_primary: virt
-netifs_profile:
-  virt:
-    networks:
-      - kita-pro-service-net
-    type: virt_ptp
-    virt_host_netif: virt
-    dns_resolvers:
-      - fd47:17e0:993c:c2::c:1
-      - fd47:17e0:993c:c2::c:2
-      - fd47:17e0:993c:c2::c:3

group_vars/vdesks/users.yml

@@ -1,7 +0,0 @@
-users:
-  chaotika:
-    uid: 4716
-    gid: 4716
-    ssh_authorized_keys:
-      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwdEkFBdQfY5YB6LR1l+copG7rZXlGLQyWWwhZdNkpW chaotika
-    linger: true

group_vars/vdesks/virt.yml

@@ -1,2 +0,0 @@
-virt_memory: 4096
-virt_vcpu: 4

group_vars/vpn_servers/netif.yml

@@ -1,26 +0,0 @@
-netif_primary: virt
-netifs_profile:
-  virt:
-    networks:
-      - kita-pro-service-net
-    type: virt_ptp
-    virt_host_netif: virt
-    dns_resolvers:
-      - fd47:17e0:993c:c2::c:1
-      - fd47:17e0:993c:c2::c:2
-      - fd47:17e0:993c:c2::c:3
-  vpn:
-    type: fastd
-    networks:
-      - kita-pro-service-net
-    fastd_port: 10060
-    fastd_peers: []
-    babeld: true
-  mesh:
-    networks:
-      - kita-pro-service-net
-    type: virt_bridge
-    virt_host_netif: mesh
-    babeld:
-      redistribute_networks:
-        - kita-pro-net

host_files/kita-pro-vdesk/root/.local/share/fish/fish_history

@@ -1,10 +0,0 @@
-- cmd: reboot
-  when: 1536583700
-- cmd: reboot
-  when: 1536680205
-- cmd: nano /etc/hosts
-  when: 1536912724
-  paths:
-    - /etc/hosts
-- cmd: apt install pwgen
-  when: 1536912876

host_files/kita-pro-vpn/fastd/vpn/peer.conf

@@ -1,6 +0,0 @@
-key "c61a1701cf00cde38efcbd88d7b365f4d18c45290ffda6900677b18dcd3d0287";
-remote 172.23.48.2:10060;
-remote 51.68.177.5:10060;
-remote [fd47:17e0:993c:30:47:baff:fe21:28f9]:10060;
-remote [fd47:17e0:993c:30:47:d4ff:fe1c:ac1d]:10060;
-float yes;

host_files/kita-pro-vpn/root/.local/share/fish/fish_history

@@ -1,108 +0,0 @@
-- cmd: top
-  when: 1536587819
-- cmd: cat /dev/urandom 
-  when: 1536588003
-- cmd: cat /dev/urandom | base32
-  when: 1536588018
-  paths:
-    - /dev/urandom
-- cmd: cat /dev/urandom | base64
-  when: 1536588024
-  paths:
-    - /dev/urandom
-- cmd: cat /etc/network/interfaces
-  when: 1536588218
-  paths:
-    - /etc/network/interfaces
-- cmd: cat /etc/network/interfaces.d/virt 
-  when: 1536588220
-  paths:
-    - /etc/network/interfaces.d/virt
-- cmd: nano /etc/network/interfaces
-  when: 1536588487
-  paths:
-    - /etc/network/interfaces
-- cmd: nano /etc/network/interfaces.d/virt 
-  when: 1536588490
-  paths:
-    - /etc/network/interfaces.d/virt
-- cmd: systemctl status babeld@vpn
-  when: 1536591535
-- cmd: nano /etc/fastd/vpn/fastd.conf 
-  when: 1536591642
-  paths:
-    - /etc/fastd/vpn/fastd.conf
-- cmd: nano /etc/fastd/vpn/peers/kita-stwg-9.conf
-  when: 1536591654
-- cmd: mv /etc/fastd/vpn/peers/kita-stwg-9.conf /etc/fastd/vpn/peers/kita-stwg-9
-  when: 1536591678
-  paths:
-    - /etc/fastd/vpn/peers/kita-stwg-9.conf
-- cmd: systemctl restart fastd@vpn
-  when: 1536591681
-- cmd: systemctl status fastd@vpn
-  when: 1536591691
-- cmd: tcpdump -h
-  when: 1537775177
-- cmd: ping fd47:17e0:993c:3f:47:b9ff:fed9:2951
-  when: 1537775501
-- cmd: nano /etc/hosts
-  when: 1537775509
-  paths:
-    - /etc/hosts
-- cmd: ifup mesh
-  when: 1537779973
-- cmd: ip a
-  when: 1537779975
-- cmd: systemctl status babeld
-  when: 1537780044
-- cmd: reboot
-  when: 1537780101
-- cmd: systemctl status babeld.service 
-  when: 1537780115
-- cmd: ip -6 route
-  when: 1537780118
-- cmd: tcpdump -i enp7s1
-  when: 1537780217
-- cmd: ip r
-  when: 1537780250
-- cmd: ip -6 r
-  when: 1537780256
-- cmd: tcpdump -i enp7s2
-  when: 1537780259
-- cmd: ip a
-  when: 1537783936
-- cmd: nano /etc/fastd/vpn/peers/kita-stwg-9.conf
-  when: 1537783943
-- cmd: nano /etc/fastd/vpn/peers/kita-stwg-9 
-  when: 1537783950
-  paths:
-    - /etc/fastd/vpn/peers/kita-stwg-9
-- cmd: nano /etc/fastd/vpn/fastd.conf 
-  when: 1537783956
-  paths:
-    - /etc/fastd/vpn/fastd.conf
-- cmd: ip -6 route
-  when: 1537783978
-- cmd: nano /etc/babeld.conf 
-  when: 1537783998
-  paths:
-    - /etc/babeld.conf
-- cmd: nano /etc/babeld.conf 
-  when: 1537784089
-  paths:
-    - /etc/babeld.conf
-- cmd: ip -6 route
-  when: 1537784189
-- cmd: ip route
-  when: 1537784208
-- cmd: ip -6 route
-  when: 1537784221
-- cmd: cat /etc/babeld.conf 
-  when: 1537784227
-  paths:
-    - /etc/babeld.conf
-- cmd: cat /etc/babeld.conf 
-  when: 1537784523
-  paths:
-    - /etc/babeld.conf

host_vars/kita-pro-vdesk/netif.yml

@@ -1,23 +0,0 @@
-ansible_host: fd47:17e0:993c:30:47:aff:fed8:5484
-netifs:
-    virt:
-        device: enp7s1
-        dns_resolvers:
-        - fd47:17e0:993c:c2::c:1
-        - fd47:17e0:993c:c2::c:2
-        - fd47:17e0:993c:c2::c:3
-        eui64: 47:aff:fed8:5484
-        id: 305124627588
-        ips:
-        -   ip: fd47:17e0:993c:30:47:aff:fed8:5484/64
-            type: eui64
-        -   ip: 172.23.48.1/24
-            type: host
-        ll6: fe80::47:aff:fed8:5484
-        mac: 02:47:0a:d8:54:84
-        networks:
-        - kita-pro-service-net
-        type: virt_ptp
-        virt_host_netif: virt
-        virt_pci_id: 0
-ssh_ip: fd47:17e0:993c:30:47:aff:fed8:5484

host_vars/kita-pro-vdesk/ssh_host_key.yml

@@ -1 +0,0 @@
-ssh_host_key_ed25519_public: AAAAC3NzaC1lZDI1NTE5AAAAIABTb/3+sP5/TUhCMKcHqcKQfVBuG+QGbPI1VHvF9G03

host_vars/kita-pro-vdesk/staging.yml

@@ -1 +0,0 @@
-stage: production

host_vars/kita-pro-vdesk/virt.yml

@@ -1,19 +0,0 @@
-filesystems:
--   device: /dev/vda
-    fstype: ext4
-    keep: true
-    mount_point: /
-swap_devices:
--   device: /dev/vdb
-    uuid: 4c5c7c6a-1331-5447-874a-3a7be8985c6b
-virt_console: serial
-virt_disks:
--   boot: true
-    name: root
-    size: 32G
-    type: qcow2
--   name: swap
-    size: 2G
-    type: raw
-virt_host: tg-srv-0
-virt_uuid: 1d23b7cf-fc5c-40bd-a127-1caa2bf64b40

host_vars/kita-pro-vpn/netif.yml

@@ -1,67 +0,0 @@
-ansible_host: fd47:17e0:993c:30:47:baff:fe21:28f9
-netifs:
-    mesh:
-        babeld:
-            redistribute_networks:
-            - kita-pro-net
-        device: enp7s2
-        eui64: 47:d4ff:fe1c:ac1d
-        id: 308501326877
-        ips:
-        -   ip: fd47:17e0:993c:30:47:d4ff:fe1c:ac1d/64
-            type: eui64
-        -   ip: 172.23.48.2/24
-            type: host
-        ll6: fe80::47:d4ff:fe1c:ac1d
-        mac: 02:47:d4:1c:ac:1d
-        networks:
-        - kita-pro-service-net
-        type: virt_bridge
-        virt_host_netif: mesh
-        virt_pci_id: 1
-    virt:
-        device: enp7s1
-        dns_resolvers:
-        - fd47:17e0:993c:c2::c:1
-        - fd47:17e0:993c:c2::c:2
-        - fd47:17e0:993c:c2::c:3
-        eui64: 47:baff:fe21:28f9
-        id: 308065413369
-        ips:
-        -   ip: fd47:17e0:993c:30:47:baff:fe21:28f9/64
-            type: eui64
-        -   ip: 172.23.48.2/24
-            type: host
-        -   ip: 51.68.177.5/32
-            type: static
-        ll6: fe80::47:baff:fe21:28f9
-        mac: 02:47:ba:21:28:f9
-        networks:
-        - kita-pro-service-net
-        type: virt_ptp
-        virt_host_netif: virt
-        virt_pci_id: 0
-    vpn:
-        babeld: true
-        device: vpn
-        eui64: 47:cdff:fe01:ea1f
-        fastd_key: c61a1701cf00cde38efcbd88d7b365f4d18c45290ffda6900677b18dcd3d0287
-        fastd_peers: []
-        fastd_port: 10060
-        fastd_remote:
-        - 172.23.48.2:10060
-        - 51.68.177.5:10060
-        - '[fd47:17e0:993c:30:47:baff:fe21:28f9]:10060'
-        - '[fd47:17e0:993c:30:47:d4ff:fe1c:ac1d]:10060'
-        id: 308382132767
-        ips:
-        -   ip: fd47:17e0:993c:30:47:cdff:fe01:ea1f/64
-            type: eui64
-        -   ip: 172.23.48.2/24
-            type: host
-        ll6: fe80::47:cdff:fe01:ea1f
-        mac: 02:47:cd:01:ea:1f
-        networks:
-        - kita-pro-service-net
-        type: fastd
-ssh_ip: fd47:17e0:993c:30:47:baff:fe21:28f9

host_vars/kita-pro-vpn/ssh_host_key.yml

@@ -1 +0,0 @@
-ssh_host_key_ed25519_public: AAAAC3NzaC1lZDI1NTE5AAAAIJNs5NesENwxBenS5ErcgdKqDdqBOBT90t2GWBrIbyVq

host_vars/kita-pro-vpn/staging.yml

@@ -1 +0,0 @@
-stage: staging

host_vars/kita-pro-vpn/virt.yml

@@ -1,19 +0,0 @@
-filesystems:
--   device: /dev/vda
-    fstype: ext4
-    keep: true
-    mount_point: /
-swap_devices:
--   device: /dev/vdb
-    uuid: a5434f37-3986-5feb-9abc-f22f0a5ecb60
-virt_console: serial
-virt_disks:
--   boot: true
-    name: root
-    size: 32G
-    type: qcow2
--   name: swap
-    size: 2G
-    type: raw
-virt_host: tg-srv-0
-virt_uuid: 5adee200-b8c7-4e7d-bf71-d2381ec85fbb

host_vars/tg-srv-0/netif.yml

@@ -1,33 +0,0 @@
-ansible_host: tg-srv-0.thengo.net
-netifs:
-    virt:
-        device: virt
-        eui64: 47:9ff:fee0:9d4
-        id: 305108355540
-        ips:
-        -   ip: fd47:17e0:993c:0:47:9ff:fee0:9d4/64
-            type: eui64
-        -   ip: 172.23.0.1/24
-            type: host
-        ll6: fe80::47:9ff:fee0:9d4
-        mac: 02:47:09:e0:09:d4
-        networks:
-        - tg-srv-0
-        type: bridge
-    mesh:
-        babeld:
-            redistribute_networks:
-            - tg-net
-        device: mesh
-        eui64: 47:9ff:fee0:9d4
-        id: 305108355540
-        ips:
-        -   ip: fd47:17e0:993c:f:47:9ff:fee0:9d4/64
-            type: eui64
-        -   ip: 172.23.15.1/24
-            type: host
-        ll6: fe80::47:9ff:fee0:9d4
-        mac: 02:47:09:e0:09:d4
-        networks:
-        - tg-srv-mesh
-        type: bridge

live.yaml

@@ -0,0 +1,7 @@
+---
+
+- hosts: vdesks
+  remote_user: root
+  roles:
+    - name: live-build
+      root_password: $6$8ZibwB8fIEdq8Vp$MX1bKxjuRh41LDK7JV6VZ3aOLXR5k6RDA.hSnUzCG1cB2QYy9A0b9VYF5zF5QHtAPwpyQhep2hOm.OnTdf5Kx1

maintenance.yaml

@@ -0,0 +1,8 @@
+---
+
+- hosts: desktops:laptops
+  remote_user: root
+  roles:
+    - name: display_manager
+    - name: staging
+      next_stage: maintenance

rollover.yaml

@@ -0,0 +1,9 @@
+---
+
+- import_playbook: maintenance.yaml
+#- import_playbook: servers.yaml
+- import_playbook: users.yaml
+- import_playbook: shares.yaml
+#- import_playbook: printers.yaml
+- import_playbook: printers.yaml
+- import_playbook: desktop.yaml

servers-common.yaml

@@ -0,0 +1,6 @@
+---
+
+- hosts: servers
+  remote_user: root
+  roles:
+    - name: common

servers-network.yaml

@@ -0,0 +1,6 @@
+---
+
+- hosts: servers
+  remote_user: root
+  roles:
+    - name: network

servers.yaml

@@ -0,0 +1,4 @@
+---
+
+- import_playbook: servers-network.yaml
+- import_playbook: servers-common.yaml

teamviewer.yaml

@@ -0,0 +1,12 @@
+---
+
+- hosts: desktops
+  remote_user: root
+  tasks:
+    - name: download teamviewer
+      get_url:
+        url: https://download.teamviewer.com/download/linux/teamviewer_amd64.deb
+        dest: /opt/teamviewer_amd64.deb
+    - name: teamviewer package
+      apt:
+        deb: /opt/teamviewer_amd64.deb

users.yaml

@@ -0,0 +1,56 @@
+---
+
+- hosts: servers:desktops:laptops
+  remote_user: root
+  roles:
+    - name: root_user
+    - name: users
+
+- hosts: desktops:laptops
+  remote_user: root
+  tasks:
+    - fetch:
+        src: /etc/ssh/ssh_host_ed25519_key.pub
+        dest: host_files/{{ inventory_hostname }}
+    - name: /etc/ssh/ssh_config
+      template:
+        src: ssh_config.j2
+        dest: /etc/ssh/ssh_config
+    - name: /etc/ssh/ssh_known_hosts
+      template:
+        src: ssh_known_hosts.j2
+        dest: /etc/ssh/ssh_known_hosts
+        mode: 'u=rw,g=r,o=r'
+
+- hosts:
+    - servers
+    - desktops
+    - laptops
+  remote_user: root
+  tasks:
+
+    - name: fetch ssh public keys
+      fetch:
+        src: /home/{{item}}/.ssh/id_ed25519.pub
+        dest: host_files
+        fail_on_missing: yes
+      loop: "{{ users.keys() | list }}"
+
+    - name: delete ssh known hosts user files
+      shell: rm /home/*/.ssh/known_hosts
+      failed_when: false
+
+- hosts:
+    - servers
+  remote_user: root
+  tasks:
+    - name: read ssh public keys
+      local_action: command fish -c 'cat host_files/*/home/{{item}}/.ssh/id_ed25519.pub'
+      loop: "{{ users.keys() | list }}"
+      register: _ssh_public_keys
+
+    - name: authorize ssh public keys
+      copy:
+        content: "{{ _ssh_public_keys  | json_query(\"results[?item=='\"+item+\"'].stdout\") | join(\"\n\") }}"
+        dest: /home/{{item}}/.ssh/authorized_keys
+      loop: "{{ users.keys() | list }}"

vdesks-custom.yaml

@@ -0,0 +1,10 @@
+---
+
+- hosts: vdesks
+  remote_user: root
+  tasks:
+    - import_role:
+        name: debian-installer
+        tasks_from: setup
+      vars:
+        debian_installer_nonfree_firmware: true

vdesks-provisioning.yaml

@@ -1,8 +0,0 @@
----
-
-- hosts: vdesks:&provisioning
-  remote_user: root
-  gather_facts: false
-  roles:
-    - role: netif
-    - role: virt_provision

vdesks.yaml

@@ -1,24 +0,0 @@
----
-
-- hosts: vdesks
-  gather_facts: false
-  roles:
-    - name: staging
-      default_stage: provisioning
-
-- import_playbook: vdesks-provisioning.yaml
-- import_playbook: vdesks-network.yaml
-
-- hosts: vdesks:&provisioning
-  remote_user: root
-  roles:
-    - name: staging
-      next_stage: staging
-
-- import_playbook: vdesks-common.yaml
-
-- hosts: vdesks:&staging
-  remote_user: root
-  roles:
-    - name: staging
-      next_stage: production