Update OpenSSL tasks

.vscode/settings.json

@@ -1,6 +1,5 @@
 {
     "files.trimTrailingWhitespace": true,
     "files.insertFinalNewline": true,
-    "files.trimFinalNewlines": true,
     "editor.renderFinalNewline": false
 }

INSTRUCTIONS.md

@@ -1,6 +1,26 @@
 # Tietojärjestelmäasentajien Infra
-## PVJJK 1.VOS TJAS - Infra
+## Ylläpitäjän ohjeet
-### Ylläpitäjän ohjeet
+
+**Työaseman asennus**
+1. Asenna Windows Subsystem for Linux vaihtoehtoisista järjestelmäominaisuuksista.
+2. Käynnistä työasema uudelleen
+3. Asenna Debian käyttöjärjestelmä
+    1. Avaa Powershell järjestelmänvalvojana
+    2. Suorita asennuskomento – `wsl --install -d Debian`
+    3. Aseta käyttäjätunnukseksi `asentaja` ja salasanaksi sama kuin työaseman Windows käyttäjän salasana.
+    4. Vaihda isännän nimi
+        1. Lisää Network kohtaan tai luo Network kohta – `echo "[network]" > /etc/wsl.conf`
+        2. Lisää isännän nimi – `echo "hostname = argo.aito.tjas" > /etc/wsl.conf`
+        3. Lisää Hosts tiedoston generointi – `echo "generateHosts = true" > /etc/wsl.conf`
+    5. Sulje ikkuna
+4. Aseta Debian oletusarvoiseksi käyttöjärjestelmäksi ja käynnistä se uudelleen
+    1. Avaa Powershell järjestelmänvalvojana
+    2. Vaihda oletusarvoinen käyttöjärjestelmä – `wsl --set-default Debian`
+    3. Käynnistä uudelleen käyttöjärjestelmä – `wsl -t Debian`
+    4. Sulje ikkuna
+6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana `wsl -d Debian`
+7. Asenna curl-paketti käyttämällä APT-paketinhallintaa – `sudo apt update && sudo apt install curl`
+8. Lataa ja suorita Init.sh skripti – `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
 
 **Palvelimen asennus**
 1. Asenna Debian-käyttöjärjestelmä
@@ -11,3 +31,392 @@
 1. Kytke verkkolaitteen Console (Ethernet) porttiin serial portti adapteri sekä yhdistä siihen serial portti USB-adapteri
 2. Liitä USB-adapteri kiinni palvelimeen
 3. Testaa/Muodosta yhteys verkkolaitteeseen, käyttäen picocom-komentoa esim. "picocom -b 9600 /dev/ttyUSB0"
+
+r1.net.tjas
+```
+!
+version 12.4
+service timestamps debug datetime msec
+service timestamps log datetime msec
+no service password-encryption
+!
+hostname r1.net.tjas
+!
+boot-start-marker
+boot-end-marker
+!
+enable secret 5 $1$G8oa$toAwtS1iMWnV5PGXYc4qM/
+enable password ********
+!
+no aaa new-model
+!
+resource policy
+!
+memory-size iomem 5
+ip subnet-zero
+!
+!
+ip cef
+!
+!
+!
+!
+!
+!
+interface FastEthernet0/0
+ ip address dhcp
+ no ip redirects
+ no ip unreachables
+ no ip proxy-arp
+ ip nat outside
+ duplex full
+ speed auto
+ no mop enabled
+!
+interface FastEthernet0/1
+ no ip address
+ duplex auto
+ speed auto
+!
+interface FastEthernet0/1.10
+ description "TINU - INTERNET"
+ encapsulation dot1Q 10
+ ip address 192.168.1.1 255.255.255.224
+ ip access-group 10 out
+ ip helper-address 192.168.2.10
+ ip nat inside
+ no snmp trap link-status
+!
+interface FastEthernet0/1.20
+ description "JUVA - INTRA"
+ encapsulation dot1Q 20
+ ip address 192.168.2.1 255.255.255.224
+ ip access-group 20 out
+ ip helper-address 192.168.2.10
+ ip nat inside
+ no snmp trap link-status
+!
+interface FastEthernet0/1.30
+ description "AITO - TOIMISTO"
+ encapsulation dot1Q 30
+ ip address 192.168.3.1 255.255.255.224
+ ip access-group 30 out
+ ip helper-address 192.168.2.10
+ ip nat inside
+ no snmp trap link-status
+!
+interface FastEthernet0/1.69
+ description "SIVE - HALLINTA"
+ encapsulation dot1Q 69
+ ip address 192.168.69.1 255.255.255.192
+ ip access-group 69 in
+ ip access-group 69 out
+ ip helper-address 192.168.69.20
+ no snmp trap link-status
+!
+interface GigabitEthernet0/0/0
+ no ip address
+ shutdown
+ negotiation auto
+!
+ip classless
+!
+ip http server
+ip nat inside source list 1 interface FastEthernet0/0 overload
+!
+access-list 1 permit 192.168.1.0 0.0.0.31
+access-list 1 permit 192.168.2.0 0.0.0.31
+access-list 1 permit 192.168.3.0 0.0.0.31
+access-list 10 deny   192.168.0.0 0.0.255.255
+access-list 10 permit any
+access-list 20 permit 192.168.2.0 0.0.0.31
+access-list 20 deny   192.168.0.0 0.0.255.255
+access-list 20 permit any
+access-list 30 permit 192.168.2.10
+access-list 30 permit 192.168.3.0 0.0.0.31
+access-list 30 deny   192.168.0.0 0.0.255.255
+access-list 30 permit any
+access-list 69 permit 192.168.69.0 0.0.0.63
+!
+control-plane
+!
+banner motd ^C
+
+
+
+  .-') _               ('-.      .-')
+ (  OO) )             ( OO ).-. ( OO ).
+ /     '._      ,--.  / . --. /(_)---\_)
+ |'--...__) .-')| ,|  | \-.  \ /    _ |
+ '--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+    |  |   | `-'|  | \| |_.'  | '..`''.)
+    |  |   ,--. |  |  |  .-.  |.-._)   \
+    |  |   |  '-'  /  |  | |  |\       /
+    `--'    `-----'   `--' `--' `-----'
+
+
+ PVJJK 1.VOS NIINISALO
+ r1.net.tjas
+
+^C
+!
+line con 0
+line aux 0
+line vty 0 4
+ password ********
+ login
+!
+scheduler allocate 20000 1000
+!
+end
+```
+
+s1.net.tjas
+```
+hostname "s1.net.tjas"
+ip default-gateway 192.168.1.1
+snmp-server community "public" Unrestricted
+vlan 1
+   name "DEFAULT_VLAN"
+   untagged 4-52
+   ip address dhcp-bootp
+   no untagged 1-3
+   exit
+vlan 10
+   name "TINU"
+   ip address 192.168.1.2 255.255.255.224
+   tagged 1
+   exit
+vlan 20
+   name "JUVA"
+   no ip address
+   tagged 1-2
+   exit
+vlan 30
+   name "AITO"
+   no ip address
+   tagged 1,3
+   exit
+vlan 69
+   name "SIVE"
+   ip address 192.168.69.11 255.255.255.192
+   tagged 1-3
+   exit
+ip authorized-managers 192.168.69.20 255.255.255.255
+banner motd "
+
+
+  .-') _               ('-.      .-')
+ (  OO) )             ( OO ).-. ( OO ).
+ /     '._      ,--.  / . --. /(_)---\_)
+ |'--...__) .-')| ,|  | \-.  \ /    _ |
+ '--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+    |  |   | `-'|  | \| |_.'  | '..`''.)
+    |  |   ,--. |  |  |  .-.  |.-._)   \
+    |  |   |  '-'  /  |  | |  |\       /
+    `--'    `-----'   `--' `--' `-----'
+
+
+ PVJJK 1.VOS NIINISALO
+ s1.net.tjas
+
+"
+ip ssh
+password manager
+```
+
+s2.net.tjas
+```
+hostname "s2.net.tjas"
+interface 3
+   disable
+exit
+interface 4
+   disable
+exit
+interface 5
+   disable
+exit
+interface 6
+   disable
+exit
+interface 7
+   disable
+exit
+interface 8
+   disable
+exit
+interface 9
+   disable
+exit
+interface 10
+   disable
+exit
+interface 11
+   disable
+exit
+interface 12
+   disable
+exit
+interface 13
+   disable
+exit
+interface 14
+   disable
+exit
+interface 15
+   disable
+exit
+interface 16
+   disable
+exit
+interface 17
+   disable
+exit
+interface 18
+   disable
+exit
+interface 19
+   disable
+exit
+interface 20
+   disable
+exit
+interface 21
+   disable
+exit
+interface 22
+   disable
+exit
+interface 23
+   disable
+exit
+interface 24
+   disable
+exit
+ip default-gateway 192.168.2.1
+snmp-server community "public" Unrestricted
+vlan 1
+   name "DEFAULT_VLAN"
+   untagged 3-28
+   ip address dhcp-bootp
+   no untagged 1-2
+   exit
+vlan 20
+   name "JUVA"
+   untagged 3-24
+   ip address 192.168.2.2 255.255.255.224
+   tagged 1-2
+   exit
+vlan 69
+   name "SIVE"
+   ip address 192.168.69.12 255.255.255.192
+   tagged 1-2
+   exit
+ip authorized-managers 192.168.69.20
+banner motd "
+
+
+  .-') _               ('-.      .-')
+ (  OO) )             ( OO ).-. ( OO ).
+ /     '._      ,--.  / . --. /(_)---\_)
+ |'--...__) .-')| ,|  | \-.  \ /    _ |
+ '--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+    |  |   | `-'|  | \| |_.'  | '..`''.)
+    |  |   ,--. |  |  |  .-.  |.-._)   \
+    |  |   |  '-'  /  |  | |  |\       /
+    `--'    `-----'   `--' `--' `-----'
+
+
+ PVJJK 1.VOS NIINISALO
+ s2.net.tjas
+
+"
+ip ssh
+password manager
+```
+
+s3.net.tjas
+```
+hostname "s3.net.tjas"
+interface 2
+   disable
+exit
+interface 3
+   disable
+exit
+interface 4
+   disable
+exit
+interface 5
+   disable
+exit
+interface 6
+   disable
+exit
+interface 7
+   disable
+exit
+interface 8
+   disable
+exit
+interface 9
+   disable
+exit
+interface 10
+   disable
+exit
+interface 11
+   disable
+exit
+interface 12
+   disable
+exit
+ip default-gateway 192.168.3.1
+snmp-server community "public" Unrestricted
+vlan 1
+   name "DEFAULT_VLAN"
+   untagged 25-28
+   ip address dhcp-bootp
+   no untagged 1-24
+   exit
+vlan 30
+   name "AITO"
+   untagged 13-24
+   ip address 192.168.3.2 255.255.255.224
+   tagged 1
+   exit
+vlan 69
+   name "SIVE"
+   untagged 2-24
+   ip address 192.168.69.13 255.255.255.192
+   tagged 1
+   exit
+ip authorized-managers 192.168.69.20
+banner motd "
+
+
+  .-') _               ('-.      .-')
+ (  OO) )             ( OO ).-. ( OO ).
+ /     '._      ,--.  / . --. /(_)---\_)
+ |'--...__) .-')| ,|  | \-.  \ /    _ |
+ '--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+    |  |   | `-'|  | \| |_.'  | '..`''.)
+    |  |   ,--. |  |  |  .-.  |.-._)   \
+    |  |   |  '-'  /  |  | |  |\       /
+    `--'    `-----'   `--' `--' `-----'
+
+
+ PVJJK 1.VOS NIINISALO
+ s3.net.tjas
+
+"
+ip ssh
+password manager
+```
+
+# LÄHTEET
+
+## ISSUE - ASCII ART
+ASCII Art Generator
+https://www.textmods.com/ascii-art

README.md

@@ -1,9 +1,9 @@
 # Tietojärjestelmäasentajien Infra
-## PVJJK 1.VOS TJAS - Infra
+## Tervetuloa
 
 Infran toteutus aloitettiin vuonna 2025 ja sen on suunnitellut [Jääkäri Warén](https://christerwaren.fi).
 
-Voit halutessasi pyytää oikeudet tähän Github-repoon. Oikeudet myönnetään vain, jos olet 1.VOS:issa. Voit myös halutessasi forkata projektin ja jatkokehittää sitä eteenpäin tekemällä Pull Requestin.
+Voit halutessasi pyytää oikeudet tähän Github-repoon. Oikeudet myönnetään vain, jos olet niihin oikeutettu. Voit myös halutessasi forkata projektin ja jatkokehittää sitä eteenpäin tekemällä Pull Requestin.
 
 [Lue käyttöohjeet](INSTRUCTIONS.md)
 

ansible.cfg

@@ -1,5 +1,5 @@
 [defaults]
-inventory = inventories/pvjjk-1vos-tjas
+inventory = inventories/pvjjk-1vos-niinisalo
 hash_behaviour = merge
 gathering = smart
 display_skipped_hosts = false

assets/images/logo.svg

@@ -0,0 +1,273 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="695.94501"
+   height="286.38599"
+   viewBox="0 0 184.13545 75.772958"
+   version="1.1"
+   id="svg1"
+   sodipodi:docname="logo.svg"
+   inkscape:version="1.4.2 (ebf0e940d0, 2025-05-08)"
+   inkscape:export-filename="logo.png"
+   inkscape:export-xdpi="96.010002"
+   inkscape:export-ydpi="96.010002"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="px"
+     inkscape:zoom="1.44"
+     inkscape:cx="329.51389"
+     inkscape:cy="169.44444"
+     inkscape:window-width="1920"
+     inkscape:window-height="1008"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1" />
+  <defs
+     id="defs1">
+    <linearGradient
+       id="linearGradient1"
+       inkscape:collect="always">
+      <stop
+         style="stop-color:#c84dff;stop-opacity:1;"
+         offset="0"
+         id="stop1" />
+      <stop
+         style="stop-color:#ad00fa;stop-opacity:1;"
+         offset="0.20007552"
+         id="stop3" />
+      <stop
+         style="stop-color:#c84dff;stop-opacity:1;"
+         offset="0.36412308"
+         id="stop4" />
+      <stop
+         style="stop-color:#8800c4;stop-opacity:1;"
+         offset="0.49973571"
+         id="stop5" />
+      <stop
+         style="stop-color:#c84dff;stop-opacity:1;"
+         offset="0.82178771"
+         id="stop6" />
+      <stop
+         style="stop-color:#58007e;stop-opacity:1;"
+         offset="1"
+         id="stop2" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient1"
+       id="linearGradient2"
+       x1="25.938683"
+       y1="80.4786"
+       x2="25.641027"
+       y2="115.3044"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient1"
+       id="linearGradient3"
+       gradientUnits="userSpaceOnUse"
+       x1="25.938683"
+       y1="80.4786"
+       x2="25.641027"
+       y2="115.3044" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient1"
+       id="linearGradient4"
+       gradientUnits="userSpaceOnUse"
+       x1="25.938683"
+       y1="80.4786"
+       x2="25.641027"
+       y2="115.3044" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient1"
+       id="linearGradient5"
+       gradientUnits="userSpaceOnUse"
+       x1="25.938683"
+       y1="80.4786"
+       x2="25.641027"
+       y2="115.3044" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient1"
+       id="linearGradient6"
+       gradientUnits="userSpaceOnUse"
+       x1="25.938683"
+       y1="80.4786"
+       x2="25.641027"
+       y2="115.3044" />
+  </defs>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1">
+    <g
+       id="g9"
+       style="display:none"
+       transform="translate(-8.8234898,-66.083592)">
+      <g
+         id="g7">
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke-width:0.264583"
+           x="39.283604"
+           y="115.8997"
+           id="text1"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;text-anchor:middle;stroke-width:0.264583"
+             x="39.283604"
+             y="115.8997"
+             id="tspan5">T</tspan></text>
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke-width:0.264583"
+           x="79.859314"
+           y="115.52763"
+           id="text1-1"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;text-anchor:middle;stroke-width:0.264583"
+             x="79.859314"
+             y="115.52763"
+             id="tspan5-8">J</tspan></text>
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke-width:0.264583"
+           x="122.32855"
+           y="115.8997"
+           id="text1-28"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;text-anchor:middle;stroke-width:0.264583"
+             x="122.32855"
+             y="115.8997"
+             id="tspan5-9">A</tspan></text>
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke-width:0.264583"
+           x="161.78362"
+           y="116.07333"
+           id="text1-2"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;text-anchor:middle;stroke-width:0.264583"
+             x="161.78362"
+             y="116.07333"
+             id="tspan5-3">S</tspan></text>
+      </g>
+      <g
+         id="g8"
+         style="stroke:none">
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke:none;stroke-width:0.264583"
+           x="39.344238"
+           y="128.46199"
+           id="text1-3-2"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;text-anchor:middle;stroke:none;stroke-width:0.264583"
+             x="39.344238"
+             y="128.46199"
+             id="tspan5-2-9">TANGO</tspan></text>
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke:none;stroke-width:0.264583"
+           x="79.264"
+           y="128.3297"
+           id="text1-3"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;text-anchor:middle;stroke:none;stroke-width:0.264583"
+             x="79.264"
+             y="128.3297"
+             id="tspan5-2">JULIET</tspan></text>
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke:none;stroke-width:0.264583"
+           x="122.30926"
+           y="128.43994"
+           id="text1-3-7"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;text-anchor:middle;stroke:none;stroke-width:0.264583"
+             x="122.30926"
+             y="128.43994"
+             id="tspan5-2-8">ALPHA</tspan></text>
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke:none;stroke-width:0.264583"
+           x="161.81256"
+           y="128.5116"
+           id="text1-3-6"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;text-anchor:middle;stroke:none;stroke-width:0.264583"
+             x="161.81256"
+             y="128.5116"
+             id="tspan5-2-1">SIERRA</tspan></text>
+      </g>
+    </g>
+    <g
+       id="g17"
+       style="display:inline;fill:#f9f9f9;stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+       transform="translate(-8.8234921,-66.083609)">
+      <g
+         id="g12"
+         style="fill:url(#linearGradient2);stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers">
+        <path
+           style="font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:url(#linearGradient3);stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 52.975791,80.428994 -0.248047,10.517187 -7.391797,0.297656 -1.885156,23.514843 -10.467578,0.5457 0.04961,-23.51484 -7.391797,0.396875 0.297656,-11.707812 z"
+           id="text9"
+           aria-label="T" />
+        <path
+           style="font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:url(#linearGradient4);stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 91.864783,95.088571 q 0,1.463477 0,2.902149 0,1.438672 -0.148829,2.90215 -0.272851,3.10058 -1.339453,5.87871 -1.066601,2.75332 -2.902148,4.83691 -1.810742,2.0836 -4.415234,3.29903 -2.604493,1.21543 -5.97793,1.21543 -1.314648,0 -2.75332,-0.22325 -1.413867,-0.22324 -2.827735,-0.66972 -1.389062,-0.44649 -2.678906,-1.09141 -1.265039,-0.66973 -2.257226,-1.53789 l 1.53789,-10.26914 q 1.463477,1.41387 3.249414,2.30684 1.785938,0.86816 3.894336,0.86816 1.364258,0 2.306836,-0.39687 0.942578,-0.39688 1.562695,-1.09141 0.620118,-0.69453 0.967383,-1.61231 0.37207,-0.94257 0.520899,-1.98437 0.173632,-1.066602 0.198437,-2.182813 0.04961,-1.116211 0.04961,-2.207617 0,-3.943946 -0.396875,-7.838282 -0.396875,-3.91914 -0.694531,-7.838281 l 11.360547,-0.74414 q 0.744141,7.739062 0.74414,15.478124 z"
+           id="text10"
+           aria-label="J" />
+        <path
+           style="font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:url(#linearGradient5);stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 138.9725,113.76649 -12.30313,1.5875 -1.48828,-5.60586 h -5.65547 l -1.24023,5.60586 -12.65039,-1.24023 9.87226,-33.039844 13.79141,-0.694532 z m -14.68438,-11.60859 -1.88515,-8.632031 -1.83555,8.632031 z"
+           id="text11"
+           aria-label="A" />
+        <path
+           style="font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:url(#linearGradient6);stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 174.96731,102.87724 q 0,3.39824 -1.19063,5.95313 -1.16582,2.53007 -3.22461,4.21679 -2.03398,1.68672 -4.7873,2.53008 -2.72852,0.84336 -5.87871,0.84336 -1.21543,0 -2.67891,-0.32246 -1.43867,-0.32246 -2.92695,-0.79375 -1.48828,-0.4961 -2.87735,-1.0418 -1.36425,-0.57051 -2.43086,-1.0666 l 1.09141,-10.21953 q 2.1084,1.26504 4.66328,1.93476 2.57969,0.64493 5.06016,0.64493 0.47129,0 1.14101,-0.0248 0.66973,-0.0496 1.26504,-0.22324 0.62012,-0.19844 1.0418,-0.57051 0.42168,-0.37207 0.42168,-1.0666 0,-0.47129 -0.29766,-0.79375 -0.29765,-0.34727 -0.76894,-0.5457 -0.47129,-0.22325 -1.0666,-0.32246 -0.59532,-0.12403 -1.16582,-0.17364 -0.57051,-0.0496 -1.06661,-0.0496 -0.49609,0 -0.79375,0 -2.1332,0 -3.89433,-0.74414 -1.73633,-0.74414 -3.00137,-2.058786 -1.24023,-1.339453 -1.93476,-3.150195 -0.69454,-1.835547 -0.69454,-3.96875 0,-2.926953 1.16582,-5.233789 1.19063,-2.33164 3.1502,-3.943945 1.98437,-1.637109 4.53926,-2.505274 2.55488,-0.868164 5.2834,-0.868164 1.21543,0 2.50527,0.09922 1.28984,0.07441 2.55488,0.297656 1.28985,0.223243 2.50528,0.570508 1.21543,0.347266 2.30683,0.868164 l -0.94258,10.070703 q -1.68672,-0.570508 -3.54707,-0.942578 -1.83554,-0.396875 -3.59668,-0.396875 -0.32246,0 -0.84336,0.02481 -0.49609,0 -1.0666,0.07441 -0.5457,0.04961 -1.11621,0.173633 -0.57051,0.124023 -1.01699,0.347265 -0.44649,0.198438 -0.71934,0.545703 -0.27285,0.347266 -0.24804,0.818555 0.0248,0.545703 0.39687,0.892969 0.39688,0.322461 0.99219,0.520898 0.62012,0.173633 1.33945,0.248047 0.74414,0.07441 1.46348,0.09922 0.71933,0 1.33945,0 0.62012,-0.02481 1.01699,0.02481 1.98438,0.124023 3.57188,0.843359 1.5875,0.719336 2.67891,1.909961 1.11621,1.190625 1.68671,2.852539 0.59532,1.637116 0.59532,3.621486 z"
+           id="text12"
+           aria-label="S" />
+      </g>
+      <g
+         id="g16"
+         style="fill:#f9f9f9;stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers">
+        <path
+           style="font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#f9f9f9;stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 28.126996,120.5796 -0.05512,2.33716 -1.642623,0.0661 -0.418924,5.22553 -2.326131,0.12127 0.01103,-5.22553 -1.642624,0.0882 0.06615,-2.60174 z m 6.493322,7.40834 -2.73403,0.35278 -0.33073,-1.24574 h -1.256772 l -0.275608,1.24574 -2.8112,-0.27561 2.193839,-7.34219 3.06476,-0.15434 z m -3.263197,-2.57969 -0.418924,-1.91823 -0.4079,1.91823 z m 10.875488,-4.85069 -0.396876,7.47448 -2.888371,0.26459 -1.543404,-4.00183 -0.242535,4.079 h -2.480471 l 0.198437,-7.81624 2.756079,-0.1323 1.907207,3.96876 0.08819,-3.74827 z m 7.099659,6.77995 q -0.259071,0.32522 -0.63941,0.56775 -0.380339,0.24254 -0.8158,0.40239 -0.43546,0.15985 -0.892969,0.23702 -0.457509,0.0827 -0.870921,0.0827 -0.799263,0 -1.471747,-0.28664 -0.672483,-0.28663 -1.163065,-0.78824 -0.48507,-0.50711 -0.760678,-1.19062 -0.275608,-0.68351 -0.275608,-1.47175 0,-0.60082 0.137804,-1.17409 0.137804,-0.57877 0.391363,-1.08589 0.259072,-0.51263 0.628386,-0.93707 0.369315,-0.42995 0.837849,-0.73863 0.468533,-0.30868 1.025261,-0.47956 0.556728,-0.17087 1.190626,-0.17087 0.237023,0 0.507119,0.022 0.270096,0.0165 0.534679,0.0661 0.270096,0.0441 0.523655,0.12678 0.25356,0.0827 0.463022,0.20395 l -0.154341,2.10564 q -0.308681,-0.11575 -0.63941,-0.15434 -0.325218,-0.0441 -0.639411,-0.0441 -0.440972,0 -0.826823,0.1378 -0.380339,0.13229 -0.666972,0.38585 -0.28112,0.25356 -0.446484,0.61736 -0.165365,0.36381 -0.165365,0.82132 0,0.28663 0.07717,0.55672 0.07717,0.26459 0.231511,0.47405 0.159852,0.20395 0.391363,0.33073 0.237023,0.12678 0.545704,0.12678 0.209462,0 0.429948,-0.0551 0.225998,-0.0551 0.385851,-0.18742 l 0.02205,-0.42995 -1.322918,-0.022 0.06615,-1.65365 q 0.821311,-0.0276 1.642623,-0.0441 0.821311,-0.0221 1.653647,-0.0551 z m 7.231952,-2.7671 q 0,0.5016 -0.115755,0.97014 -0.115755,0.46302 -0.336241,0.87092 -0.214975,0.4079 -0.529168,0.74965 -0.308681,0.33624 -0.700044,0.57878 -0.385851,0.24253 -0.84336,0.38034 -0.457509,0.13229 -0.97014,0.13229 -0.496094,0 -0.948091,-0.12678 -0.446485,-0.12678 -0.837848,-0.35278 -0.391363,-0.23151 -0.711069,-0.55122 -0.314193,-0.32521 -0.540191,-0.71658 -0.220487,-0.39687 -0.347266,-0.84887 -0.121268,-0.452 -0.121268,-0.94258 0,-0.47956 0.115756,-0.93706 0.115755,-0.46303 0.330729,-0.87093 0.220487,-0.4079 0.529167,-0.74965 0.308681,-0.34175 0.68902,-0.5898 0.385851,-0.24805 0.832336,-0.38585 0.446485,-0.1378 0.942579,-0.1378 0.799263,0 1.45521,0.24804 0.661459,0.24805 1.12448,0.71107 0.468534,0.45751 0.722093,1.11346 0.259071,0.65043 0.259071,1.45521 z m -2.447398,0.14331 q 0,-0.23702 -0.07166,-0.45751 -0.06615,-0.22599 -0.198438,-0.39687 -0.132291,-0.17639 -0.330729,-0.28112 -0.192926,-0.11025 -0.446485,-0.11025 -0.259071,0 -0.463021,0.0937 -0.20395,0.0937 -0.352778,0.25907 -0.143316,0.15986 -0.220487,0.38034 -0.07717,0.21498 -0.07717,0.45751 0,0.23151 0.06615,0.46302 0.06615,0.23151 0.198438,0.41893 0.132291,0.18741 0.325217,0.30317 0.198438,0.11575 0.457509,0.11575 0.259072,0 0.463021,-0.0992 0.209462,-0.10473 0.352779,-0.27561 0.143316,-0.17639 0.220486,-0.40238 0.07717,-0.226 0.07717,-0.46854 z"
+           id="text13"
+           aria-label="TANGO" />
+        <path
+           style="font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#f9f9f9;stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 68.416072,123.78768 q 0,0.32522 0,0.64492 0,0.31971 -0.03307,0.64492 -0.06063,0.68902 -0.297656,1.30638 -0.237023,0.61185 -0.644923,1.07488 -0.402387,0.46302 -0.981164,0.73311 -0.578777,0.2701 -1.32843,0.2701 -0.292145,0 -0.61185,-0.0496 -0.314193,-0.0496 -0.628386,-0.14883 -0.308681,-0.0992 -0.595313,-0.24253 -0.28112,-0.14883 -0.501606,-0.34176 l 0.341754,-2.28203 q 0.325217,0.31419 0.722092,0.51263 0.396876,0.19292 0.865409,0.19292 0.303169,0 0.512631,-0.0882 0.209462,-0.0882 0.347266,-0.24253 0.137804,-0.15435 0.214974,-0.3583 0.08268,-0.20946 0.115755,-0.44097 0.03858,-0.23702 0.0441,-0.48507 0.01102,-0.24804 0.01102,-0.49058 0,-0.87643 -0.08819,-1.74184 -0.08819,-0.87092 -0.15434,-1.74184 l 2.524568,-0.16537 q 0.165365,1.71979 0.165365,3.43959 z m 7.083124,-1.5875 q 0,0.4079 -0.03858,0.89848 -0.03858,0.49058 -0.12678,1.01424 -0.08819,0.52365 -0.23151,1.06384 -0.137804,0.53468 -0.347266,1.03078 -0.209462,0.49609 -0.490583,0.93155 -0.275607,0.42995 -0.63941,0.75517 -0.35829,0.3197 -0.804775,0.5016 -0.446485,0.18742 -0.992189,0.18742 -0.63941,0 -1.113456,-0.20947 -0.468533,-0.20395 -0.804775,-0.55121 -0.336241,-0.35278 -0.551216,-0.8158 -0.214974,-0.46853 -0.336241,-0.98668 -0.121268,-0.52365 -0.170877,-1.06384 -0.0441,-0.54571 -0.0441,-1.04731 0,-0.77171 0.07717,-1.5379 0.07717,-0.7717 0.220486,-1.53789 l 2.57969,0.0992 q -0.148828,0.86541 -0.259071,1.74184 -0.104731,0.87092 -0.104731,1.75287 0,0.0937 0.0055,0.28112 0.01102,0.1819 0.03307,0.41341 0.02205,0.226 0.06063,0.46853 0.0441,0.23703 0.115755,0.43546 0.07166,0.19844 0.170877,0.32522 0.104731,0.12678 0.242535,0.12678 0.159853,0 0.286632,-0.14883 0.12678,-0.15434 0.220486,-0.4079 0.09922,-0.25356 0.170877,-0.58429 0.07166,-0.33072 0.121268,-0.68902 0.04961,-0.35829 0.07717,-0.71658 0.03307,-0.35829 0.04961,-0.66697 0.02205,-0.30868 0.02756,-0.5457 0.0055,-0.23702 0.0055,-0.35278 0,-0.42995 -0.01654,-0.85438 -0.01102,-0.42995 -0.03859,-0.85439 h 2.57969 q 0.06615,0.76068 0.06615,1.54341 z m 5.28616,2.98759 -0.23151,2.44739 -4.641238,0.36381 q 0.03307,-1.92375 0.07166,-3.82544 0.0441,-1.9017 0.104731,-3.82544 h 2.866323 q -0.12678,1.20716 -0.242535,2.41433 -0.115756,1.20165 -0.165365,2.42535 0.259071,0.011 0.512631,0.011 0.253559,0 0.51263,0 0.308681,0 0.606338,-0.006 0.297656,-0.006 0.606337,-0.006 z m 3.235636,-4.61919 -0.606337,7.50756 -2.326131,0.12126 v -7.47448 z m 5.600354,-0.18742 q -0.03307,0.51815 -0.06063,1.02527 -0.02756,0.50711 -0.07166,1.02526 l -2.337155,0.12126 -0.05512,0.69454 H 88.7394 l -0.121267,1.70877 -1.653648,0.0551 -0.05512,0.80477 h 1.367015 0.97014 q -0.03307,0.60634 -0.07166,1.20717 -0.03307,0.59531 -0.06063,1.19613 l -4.751481,0.11025 0.17639,-7.94854 z m 6.013764,0.0662 -0.05512,2.33716 -1.642623,0.0661 -0.418924,5.22553 -2.326131,0.12126 0.01102,-5.22552 -1.642623,0.0882 0.06615,-2.60174 z"
+           id="text14"
+           aria-label="JULIET" />
+        <path
+           style="font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#f9f9f9;stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 113.02678,127.9659 -2.73403,0.35277 -0.33073,-1.24574 h -1.25677 l -0.27561,1.24574 -2.8112,-0.2756 2.19384,-7.3422 3.06476,-0.15434 z m -3.26319,-2.57969 -0.41893,-1.91824 -0.4079,1.91824 z m 8.22414,-0.0882 -0.23152,2.4474 -4.64123,0.3638 q 0.0331,-1.92374 0.0717,-3.82544 0.0441,-1.90169 0.10473,-3.82543 h 2.86632 q -0.12678,1.20716 -0.24254,2.41432 -0.11575,1.20165 -0.16536,2.42535 0.25907,0.011 0.51263,0.011 0.25356,0 0.51263,0 0.30868,0 0.60634,-0.006 0.29765,-0.006 0.60634,-0.006 z m 6.68073,-2.16076 q 0,0.53467 -0.15985,0.94809 -0.15985,0.41341 -0.44097,0.72209 -0.27561,0.30868 -0.65044,0.52365 -0.37483,0.21498 -0.80477,0.35278 -0.42444,0.13229 -0.88195,0.19844 -0.45751,0.0606 -0.89848,0.0661 v 2.56866 h -2.56867 q 0,-1.26228 0.006,-2.51354 0.006,-1.25126 0.0165,-2.52457 0.011,-0.67248 0.006,-1.34497 -0.006,-0.67248 0.0276,-1.35599 0.70556,-0.20946 1.41112,-0.31419 0.70555,-0.10473 1.45521,-0.10473 0.42443,0 0.84887,0.0717 0.42444,0.0661 0.81029,0.21497 0.39136,0.14883 0.72209,0.37483 0.33624,0.22048 0.57878,0.52916 0.24253,0.30868 0.38033,0.70556 0.14332,0.39136 0.14332,0.88195 z m -2.4474,0.18741 q 0,-0.35829 -0.22048,-0.55673 -0.21498,-0.20395 -0.56224,-0.20395 -0.11576,0 -0.24254,0.022 -0.12127,0.0165 -0.23151,0.0441 l -0.0662,1.60955 q 0.0772,0.011 0.14883,0.011 0.0717,0 0.14883,0 0.19844,0 0.38034,-0.0661 0.18741,-0.0662 0.33073,-0.18742 0.14332,-0.12678 0.226,-0.29214 0.0882,-0.17088 0.0882,-0.38034 z m 9.2935,5.11528 -2.75608,0.13229 -0.022,-2.54661 h -1.26779 l -0.0772,2.41432 h -2.46945 l 0.20946,-7.75009 2.62379,0.12126 -0.16536,3.95773 h 1.22369 l 0.011,-4.25538 2.51354,0.0661 z m 7.47449,-0.47404 -2.73403,0.35277 -0.33073,-1.24574 h -1.25677 l -0.27561,1.24574 -2.8112,-0.2756 2.19384,-7.3422 3.06476,-0.15434 z m -3.2632,-2.57969 -0.41892,-1.91824 -0.4079,1.91824 z"
+           id="text15"
+           aria-label="ALPHA" />
+        <path
+           style="font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#f9f9f9;stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 149.98623,125.57913 q 0,0.75516 -0.26459,1.32292 -0.25907,0.56224 -0.71658,0.93706 -0.452,0.37483 -1.06385,0.56224 -0.60633,0.18742 -1.30638,0.18742 -0.27009,0 -0.59531,-0.0717 -0.31971,-0.0717 -0.65043,-0.17639 -0.33073,-0.11024 -0.63942,-0.23151 -0.30316,-0.12678 -0.54019,-0.23702 l 0.24254,-2.27101 q 0.46853,0.28112 1.03628,0.42995 0.57327,0.14331 1.12448,0.14331 0.10474,0 0.25356,-0.006 0.14883,-0.011 0.28112,-0.0496 0.13781,-0.0441 0.23151,-0.12678 0.0937,-0.0827 0.0937,-0.23702 0,-0.10473 -0.0661,-0.17639 -0.0661,-0.0772 -0.17088,-0.12127 -0.10473,-0.0496 -0.23702,-0.0717 -0.1323,-0.0276 -0.25908,-0.0386 -0.12678,-0.011 -0.23702,-0.011 -0.11024,0 -0.17639,0 -0.47404,0 -0.86541,-0.16536 -0.38585,-0.16537 -0.66697,-0.45751 -0.27561,-0.29766 -0.42995,-0.70004 -0.15434,-0.4079 -0.15434,-0.88195 0,-0.65043 0.25907,-1.16307 0.26459,-0.51814 0.70005,-0.87643 0.44097,-0.3638 1.00872,-0.55673 0.56776,-0.19292 1.17409,-0.19292 0.2701,0 0.55673,0.0221 0.28663,0.0165 0.56775,0.0661 0.28664,0.0496 0.55673,0.12678 0.2701,0.0772 0.51263,0.19293 l -0.20946,2.23793 q -0.37483,-0.12678 -0.78824,-0.20946 -0.4079,-0.0882 -0.79926,-0.0882 -0.0717,0 -0.18741,0.006 -0.11025,0 -0.23703,0.0165 -0.12126,0.011 -0.24804,0.0386 -0.12678,0.0276 -0.226,0.0772 -0.0992,0.0441 -0.15986,0.12127 -0.0606,0.0772 -0.0551,0.1819 0.006,0.12127 0.0882,0.19844 0.0882,0.0717 0.22048,0.11575 0.13781,0.0386 0.29766,0.0551 0.16537,0.0165 0.32522,0.022 0.15985,0 0.29765,0 0.13781,-0.006 0.226,0.006 0.44098,0.0276 0.79375,0.18741 0.35278,0.15985 0.59532,0.42444 0.24804,0.26458 0.37482,0.63389 0.1323,0.36381 0.1323,0.80478 z m 3.32383,-4.82865 -0.60634,7.50756 -2.32613,0.12126 v -7.47448 z m 5.60035,-0.18742 q -0.0331,0.51815 -0.0606,1.02527 -0.0276,0.50711 -0.0717,1.02526 l -2.33716,0.12126 -0.0551,0.69454 h 1.64263 l -0.12127,1.70877 -1.65365,0.0551 -0.0551,0.80477 h 1.36701 0.97014 q -0.0331,0.60634 -0.0717,1.20717 -0.0331,0.59531 -0.0606,1.19613 l -4.75148,0.11025 0.17639,-7.94854 z m 6.64766,2.63482 q 0,0.42994 -0.0772,0.78272 -0.0717,0.34727 -0.23151,0.63941 -0.15985,0.29215 -0.41341,0.54019 -0.25356,0.24805 -0.61185,0.47405 l 1.31189,2.33716 -2.48047,0.48507 -0.84887,-2.34818 -0.68351,0.022 -0.0992,2.29306 h -2.37022 q 0.0276,-1.25677 0.0496,-2.50252 0.0276,-1.24575 0.0606,-2.50252 0.011,-0.6339 0.0221,-1.25677 0.011,-0.62287 0.0441,-1.25677 0.38585,-0.14332 0.76067,-0.23702 0.37483,-0.0937 0.74966,-0.14332 0.38034,-0.0551 0.76619,-0.0717 0.39136,-0.0221 0.79926,-0.0221 0.62839,0 1.21267,0.17639 0.58981,0.17088 1.0418,0.51814 0.452,0.34727 0.72209,0.86541 0.27561,0.51815 0.27561,1.20717 z m -2.46944,0.17639 q 0,-0.23152 -0.0661,-0.42444 -0.0606,-0.19293 -0.18741,-0.33073 -0.12127,-0.14332 -0.30868,-0.22049 -0.18191,-0.0827 -0.42995,-0.0827 -0.11025,0 -0.21498,0.0165 -0.10473,0.011 -0.20395,0.0386 l -0.0882,2.05053 h 0.13229 q 0.23702,0 0.47956,-0.0606 0.24805,-0.0606 0.44097,-0.18741 0.19844,-0.12678 0.31971,-0.32522 0.12678,-0.19844 0.12678,-0.47404 z m 9.31003,-0.17639 q 0,0.42994 -0.0772,0.78272 -0.0717,0.34727 -0.23151,0.63941 -0.15985,0.29215 -0.41341,0.54019 -0.25356,0.24805 -0.61185,0.47405 l 1.31189,2.33716 -2.48047,0.48507 -0.84887,-2.34818 -0.68351,0.022 -0.0992,2.29306 h -2.37022 q 0.0276,-1.25677 0.0496,-2.50252 0.0276,-1.24575 0.0606,-2.50252 0.011,-0.6339 0.0221,-1.25677 0.011,-0.62287 0.0441,-1.25677 0.38586,-0.14332 0.76068,-0.23702 0.37483,-0.0937 0.74966,-0.14332 0.38033,-0.0551 0.76619,-0.0717 0.39136,-0.0221 0.79926,-0.0221 0.62838,0 1.21267,0.17639 0.5898,0.17088 1.0418,0.51814 0.452,0.34727 0.72209,0.86541 0.27561,0.51815 0.27561,1.20717 z m -2.46944,0.17639 q 0,-0.23152 -0.0661,-0.42444 -0.0606,-0.19293 -0.18741,-0.33073 -0.12127,-0.14332 -0.30868,-0.22049 -0.18191,-0.0827 -0.42995,-0.0827 -0.11025,0 -0.21498,0.0165 -0.10473,0.011 -0.20395,0.0386 l -0.0882,2.05053 h 0.13229 q 0.23702,0 0.47956,-0.0606 0.24805,-0.0606 0.44097,-0.18741 0.19844,-0.12678 0.31971,-0.32522 0.12678,-0.19844 0.12678,-0.47404 z m 9.80061,4.66328 -2.73403,0.35278 -0.33073,-1.24575 h -1.25677 l -0.27561,1.24575 -2.8112,-0.27561 2.19384,-7.34219 3.06476,-0.15434 z m -3.2632,-2.57969 -0.41892,-1.91823 -0.4079,1.91823 z"
+           id="text16"
+           aria-label="SIERRA" />
+      </g>
+    </g>
+  </g>
+</svg>

files/dhcp/dhcpd.conf

@@ -1,107 +0,0 @@
-# dhcpd.conf
-#
-# Sample configuration file for ISC dhcpd
-#
-
-# option definitions common to all supported networks...
-option domain-name "intra.tjas";
-option domain-name-servers s1.intra.tjas;
-
-default-lease-time 600;
-max-lease-time 7200;
-
-# The ddns-updates-style parameter controls whether or not the server will
-# attempt to do a DNS update when a lease is confirmed. We default to the
-# behavior of the version 2 packages ('none', since DHCP v2 didn't
-# have support for DDNS.)
-ddns-update-style none;
-
-# If this DHCP server is the official DHCP server for the local
-# network, the authoritative directive should be uncommented.
-authoritative;
-
-# Use this to send dhcp log messages to a different log file (you also
-# have to hack syslog.conf to complete the redirection).
-#log-facility local7;
-
-# No service will be given on this subnet, but declaring it helps the
-# DHCP server to understand the network topology.
-
-#subnet 10.152.187.0 netmask 255.255.255.0 {
-#}
-
-# This is a very basic subnet declaration.
-
-#subnet 10.254.239.0 netmask 255.255.255.224 {
-#  range 10.254.239.10 10.254.239.20;
-#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
-#}
-
-# This declaration allows BOOTP clients to get dynamic addresses,
-# which we don't really recommend.
-
-#subnet 10.254.239.32 netmask 255.255.255.224 {
-#  range dynamic-bootp 10.254.239.40 10.254.239.60;
-#  option broadcast-address 10.254.239.31;
-#  option routers rtr-239-32-1.example.org;
-#}
-
-# A slightly different configuration for an internal subnet.
-#subnet 10.5.5.0 netmask 255.255.255.224 {
-#  range 10.5.5.26 10.5.5.30;
-#  option domain-name-servers ns1.internal.example.org;
-#  option domain-name "internal.example.org";
-#  option routers 10.5.5.1;
-#  option broadcast-address 10.5.5.31;
-#  default-lease-time 600;
-#  max-lease-time 7200;
-#}
-
-# Hosts which require special configuration options can be listed in
-# host statements.   If no address is specified, the address will be
-# allocated dynamically (if possible), but the host-specific information
-# will still come from the host declaration.
-
-#host passacaglia {
-#  hardware ethernet 0:0:c0:5d:bd:95;
-#  filename "vmunix.passacaglia";
-#  server-name "toccata.example.com";
-#}
-
-# Fixed IP addresses can also be specified for hosts.   These addresses
-# should not also be listed as being available for dynamic assignment.
-# Hosts for which fixed IP addresses have been specified can boot using
-# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
-# be booted with DHCP, unless there is an address range on the subnet
-# to which a BOOTP client is connected which has the dynamic-bootp flag
-# set.
-#host fantasia {
-#  hardware ethernet 08:00:07:26:c0:a5;
-#  fixed-address fantasia.example.com;
-#}
-
-# You can declare a class of clients and then do address allocation
-# based on that.   The example below shows a case where all clients
-# in a certain class get addresses on the 10.17.224/24 subnet, and all
-# other clients get addresses on the 10.0.29/24 subnet.
-
-#class "foo" {
-#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
-#}
-
-#shared-network 224-29 {
-#  subnet 10.17.224.0 netmask 255.255.255.0 {
-#    option routers rtr-224.example.org;
-#  }
-#  subnet 10.0.29.0 netmask 255.255.255.0 {
-#    option routers rtr-29.example.org;
-#  }
-#  pool {
-#    allow members of "foo";
-#    range 10.17.224.10 10.17.224.250;
-#  }
-#  pool {
-#    deny members of "foo";
-#    range 10.0.29.10 10.0.29.230;
-#  }
-#}

files/dnsdist/config.conf

@@ -0,0 +1,12 @@
+setLocal('0.0.0.0:53')
+addLocal('[::]:53')
+setACL({'0.0.0.0/0', '::/0'})
+setECSOverride(true)
+setECSSourcePrefixV4(32)
+setECSSourcePrefixV6(128)
+newServer({address='127.0.0.1:531', useClientSubnet=true, pool='authorative'})
+newServer({ address='127.0.0.1:532', useClientSubnet=true, pool='recursor' })
+addAction('tjas', PoolAction('authorative'))
+addAction(AllRule(), PoolAction('recursor'))
+setSecurityPollSuffix("")
+setServFailWhenNoServer(true)

files/issue

@@ -0,0 +1,25 @@
+
+
+
+ .-') _               ('-.      .-')
+(  OO) )             ( OO ).-. ( OO ).
+/     '._      ,--.  / . --. /(_)---\_)
+|'--...__) .-')| ,|  | \-.  \ /    _ |
+'--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+   |  |   | `-'|  | \| |_.'  | '..`''.)
+   |  |   ,--. |  |  |  .-.  |.-._)   \
+   |  |   |  '-'  /  |  | |  |\       /
+   `--'    `-----'   `--' `--' `-----'
+
+
+{{ location | upper }}
+TIETOJÄRJESTELMÄASENTAJIEN INTRA
+{{ hostname | upper }}
+
+Made by
+Jääkäri Warén
+https://christerwaren.fi
+
+
+
+

files/kea/kea-dhcp4.conf

@@ -0,0 +1,232 @@
+{
+    "Dhcp4": {
+        "interfaces-config": {
+            "interfaces": [ "enp0s25.20" ]
+        },
+        "control-socket": {
+            "socket-type": "unix",
+            "socket-name": "/run/kea/kea4-ctrl-socket"
+        },
+        "lease-database": {
+            "type": "mysql",
+            "name": "{{ config.mariadb.users['kea'].database }}",
+            "user": "{{ config.mariadb.users['kea'].username }}",
+            "password": "{{ config.mariadb.users['kea'].password }}",
+            "host": "127.0.0.1",
+            "port": 3306
+        },
+        "expired-leases-processing": {
+            "reclaim-timer-wait-time": 10,
+            "flush-reclaimed-timer-wait-time": 25,
+            "hold-reclaimed-time": 3600,
+            "max-reclaim-leases": 100,
+            "max-reclaim-time": 250,
+            "unwarned-reclaim-cycles": 5
+        },
+        "renew-timer": 900,
+        "rebind-timer": 1800,
+        "valid-lifetime": 3600,
+        "subnet4": [
+            {
+                "id": 1,
+                "subnet": "192.168.1.0/27",
+                "pools": [
+                    {
+                        "pool": "192.168.1.1 - 192.168.1.30"
+                    }
+                ],
+                "option-data": [
+                    {
+                        "name": "routers",
+                        "data": "192.168.1.1"
+                    },
+                    {
+                        "name": "domain-name-servers",
+                        "data": "1.1.1.1"
+                    },
+                    {
+                        "name": "domain-search",
+                        "data": "puolustusvoimat.fi"
+                    }
+                ],
+                "user-context": {
+                    "name": "Tinu",
+                    "purpose": "Internet"
+                },
+                "reservations": [
+                    {
+                        "hw-address": "00:1d:46:dc:80:09",
+                        "ip-address": "192.168.1.1",
+                        "hostname": "r1.net.tjas"
+                    },
+                    {
+                        "hw-address": "9c:8e:99:9b:c3:80",
+                        "ip-address": "192.168.1.2",
+                        "hostname": "s1.net.tjas"
+                    }
+                ]
+            },
+            {
+                "id": 2,
+                "subnet": "192.168.2.0/27",
+                "interface": "enp0s25.20",
+                "pools": [
+                    {
+                        "pool": "192.168.2.1 - 192.168.2.30"
+                    }
+                ],
+                "option-data": [
+                    {
+                        "name": "routers",
+                        "data": "192.168.2.1"
+                    },
+                    {
+                        "name": "domain-name-servers",
+                        "data": "192.168.2.10, 1.1.1.1"
+                    },
+                    {
+                        "name": "domain-name",
+                        "data": "juva.tjas"
+                    },
+                    {
+                        "name": "domain-search",
+                        "data": "juva.tjas, tjas"
+                    }
+                ],
+                "user-context": {
+                    "name": "Juva",
+                    "purpose": "Intra"
+                },
+                "reservations": [
+                    {
+                        "hw-address": "00:1d:46:dc:80:09",
+                        "ip-address": "192.168.2.1",
+                        "hostname": "r1.net.tjas"
+                    },
+                    {
+                        "hw-address": "00:24:a8:f1:c7:40",
+                        "ip-address": "192.168.2.2",
+                        "hostname": "s2.net.tjas"
+                    },
+                    {
+                        "hw-address": "90:1b:0e:5b:18:fb",
+                        "ip-address": "192.168.2.10",
+                        "hostname": "olympus.juva.tjas"
+                    }
+                ]
+            },
+            {
+                "id": 3,
+                "subnet": "192.168.3.0/27",
+                "pools": [
+                    {
+                        "pool": "192.168.3.1 - 192.168.3.30"
+                    }
+                ],
+                "option-data": [
+                    {
+                        "name": "routers",
+                        "data": "192.168.3.1"
+                    },
+                    {
+                        "name": "domain-name-servers",
+                        "data": "192.168.2.10"
+                    },
+                    {
+                        "name": "domain-name",
+                        "data": "aito.tjas"
+                    },
+                    {
+                        "name": "domain-search",
+                        "data": "aito.tjas, tjas"
+                    }
+                ],
+                "user-context": {
+                    "name": "Aito",
+                    "purpose": "Toimisto"
+                },
+                "reservations": [
+                    {
+                        "hw-address": "00:1d:46:dc:80:09",
+                        "ip-address": "192.168.3.1",
+                        "hostname": "r1.net.tjas"
+                    },
+                    {
+                        "hw-address": "00:1f:fe:ab:9e:c0",
+                        "ip-address": "192.168.3.2",
+                        "hostname": "s3.net.tjas"
+                    }
+                ]
+            },
+            {
+                "id": 69,
+                "subnet": "192.168.69.0/26",
+                "interface": "enp0s25.69",
+                "pools": [
+                    {
+                        "pool": "192.168.69.1 - 192.168.69.62"
+                    }
+                ],
+                "option-data": [
+                    {
+                        "name": "domain-name-servers",
+                        "data": "192.168.69.20"
+                    },
+                    {
+                        "name": "domain-name",
+                        "data": "sive.tjas"
+                    },
+                    {
+                        "name": "domain-search",
+                        "data": "sive.tjas"
+                    }
+                ],
+                "user-context": {
+                    "name": "Sive",
+                    "purpose": "Hallinta"
+                },
+                "reservations": [
+                    {
+                        "hw-address": "00:1d:46:dc:80:09",
+                        "ip-address": "192.168.69.1",
+                        "hostname": "r1.net.tjas"
+                    },
+                    {
+                        "hw-address": "9c:8e:99:9b:c3:80",
+                        "ip-address": "192.168.69.11",
+                        "hostname": "s1.net.tjas"
+                    },
+                    {
+                        "hw-address": "00:24:a8:f1:c7:40",
+                        "ip-address": "192.168.69.12",
+                        "hostname": "s2.net.tjas"
+                    },
+                    {
+                        "hw-address": "00:1f:fe:ab:9e:c0",
+                        "ip-address": "192.168.69.13",
+                        "hostname": "s3.net.tjas"
+                    },
+                    {
+                        "hw-address": "90:1b:0e:5b:18:fc",
+                        "ip-address": "192.168.69.20",
+                        "hostname": "olympus.juva.tjas"
+                    }
+                ]
+            }
+        ],
+
+        "loggers": [
+            {
+                "name": "kea-dhcp4",
+                "output_options": [
+                    {
+                        "output": "stdout",
+                        "pattern": "%-5p %m\n"
+                    }
+                ],
+                "severity": "ERROR",
+                "debuglevel": 0
+            }
+        ]
+    }
+}

files/motd

@@ -0,0 +1,29 @@
+
+
+
+
+  _____                             _       _ _      _
+ |_   _|_ _ _ __   __ _  ___       | |_   _| (_) ___| |_
+   | |/ _` | '_ \ / _` |/ _ \   _  | | | | | | |/ _ \ __|
+   | | (_| | | | | (_| | (_) | | |_| | |_| | | |  __/ |_
+   |_|\__,_|_| |_|\__, |\___/   \___/ \__,_|_|_|\___|\__|
+     _    _       |___/         ____  _
+    / \  | |_ __ | |__   __ _  / ___|(_) ___ _ __ _ __ __ _
+   / _ \ | | '_ \| '_ \ / _` | \___ \| |/ _ \ '__| '__/ _` |
+  / ___ \| | |_) | | | | (_| |  ___) | |  __/ |  | | | (_| |
+ /_/   \_\_| .__/|_| |_|\__,_| |____/|_|\___|_|  |_|  \__,_|
+           |_|
+
+
+{{ location | upper }}
+TIETOJÄRJESTELMÄASENTAJIEN INTRA
+{{ hostname | upper }}
+
+Palvelimen hallinta on automatisoitu. Manuaaliset muutokset saatetaan
+ylikirjoittaa automatisoidusti.
+
+https://github.com/cwchristerw/tjas-intra
+
+
+
+

files/networking/interfaces

@@ -0,0 +1,23 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+allow-hotplug enp0s25
+iface enp0s25 inet dhcp
+
+auto enp0s25.20
+iface enp0s25.20 inet static
+  address 192.168.2.10/27
+  gateway 192.168.2.1
+  hwaddress 90:1b:0e:5b:18:fb
+
+auto enp0s25.69
+iface enp0s25.69 inet static
+  address 192.168.69.20/26
+  hwaddress 90:1b:0e:5b:18:fc

files/nginx/conf/000-default.conf

@@ -19,7 +19,7 @@ server {
         root   /usr/share/nginx/html;
         index  index.html index.htm;
 
-        #return 301 https://$host$request_uri;
+        return 301 https://$host$request_uri;
     }
 
     if ($request_method !~ ^(GET|HEAD|POST)$ )
@@ -28,43 +28,43 @@ server {
     }
 }
 
-# server {
+server {
 
-#     listen  443 ssl default_server;
+    listen  443 ssl default_server;
-#     listen  [::]:443 ssl default_server;
+    listen  [::]:443 ssl default_server;
 
-#     server_name _;
+    server_name _;
 
-#     http2 on;
+    http2 on;
 
-#     ssl_certificate /etc/nginx/certs/pvjjk-1vos-tjas/fullchain.pem;
+    ssl_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/fullchain.pem;
-#     ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-tjas/privkey.pem;
+    ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-niinisalo/privkey.pem;
-#     ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_protocols TLSv1.2 TLSv1.3;
-#     ssl_ecdh_curve X25519:prime256v1:secp384r1;
+    ssl_ecdh_curve X25519:prime256v1:secp384r1;
-#     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
-#     ssl_prefer_server_ciphers off;
+    ssl_prefer_server_ciphers off;
-#     ssl_session_cache shared:SSL:20m;
+    ssl_session_cache shared:SSL:20m;
-#     ssl_session_timeout 180m;
+    ssl_session_timeout 180m;
 
-#     ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-tjas/chain.pem;
+    ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/chain.pem;
 
-#     expires off;
+    expires off;
-#     etag off;
+    etag off;
-#     if_modified_since off;
+    if_modified_since off;
 
-#     gzip on;
+    gzip on;
-#     gzip_min_length 1000;
+    gzip_min_length 1000;
-#     gzip_proxied any;
+    gzip_proxied any;
-#     gzip_types *;
+    gzip_types *;
-#     gunzip on;
+    gunzip on;
 
-#     location / {
+    location / {
-#         root   /usr/share/nginx/html;
+        root   /usr/share/nginx/html;
-#         index  index.html index.htm;
+        index  index.html index.htm;
-#     }
+    }
 
-#     if ($request_method !~ ^(GET|HEAD|POST)$ )
+    if ($request_method !~ ^(GET|HEAD|POST)$ )
-#     {
+    {
-#        return 405;
+       return 405;
-#     }
+    }
-# }
+}

files/nginx/index.html

@@ -1,10 +1,23 @@
 <!DOCTYPE html>
 <html lang="en">
     <head>
-        <title>{{ ansible_facts.fqdn }}</title>
+        <title>{{ hostname }}</title>
+
+        <!-- Meta: Charset -->
         <meta charset="UTF-8">
-        <meta name="robots" content="noindex">
+
-        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <!-- Meta: Viewport -->
+        <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+
+        <!-- Meta: Robots -->
+        <meta name="robots" content="noindex,noodp,noarchive">
+        <meta name="google" content="notranslate">
+
+        <!-- Link: Preconnect & DNS Prefetch & Preload -->
+        <link rel="preconnect" href="//cdn.waren.io">
+        <link rel="dns-prefetch" href="//cdn.waren.io">
+        <link rel="preload" as="style" href="https://cdn.waren.io/frameworks/font-awesome/7.0.0/css/all.min.css" crossorigin="anonymous">
+        <link rel="preload" as="font" type="font/woff2" href="https://cdn.waren.io/frameworks/font-awesome/7.0.0/webfonts/fa-solid-900.woff2" crossorigin="anonymous">
 
         <style>
             body {
@@ -16,6 +29,7 @@
                 align-items: center;
                 justify-content: center;
                 text-align: center;
+                flex-direction: column;
             }
 
             *, *:active, *:focus, *:hover, *:visited, *:link {
@@ -23,37 +37,51 @@
                 font-family: sans-serif;
             }
 
+            img {
+                width: 50%;
+            }
+
+            ul {
+                font-size: 1.5rem;
+                list-style-type: none;
+                padding-left: 0;
+            }
+
             p {
                 margin-bottom: 0px;
                 margin-top: 0px;
             }
 
-            .org {
+            a {
-                font-size: xx-large;
+                font-weight: bold;
+                text-decoration: none;
             }
 
-            .link {
+            footer {
-                margin-top: 10px;
+                color: #555555 !important;
-            }
-
-            .server {
                 margin-top: 50px;
             }
-
-            .server * {
-                color: #555555;
-            }
         </style>
+
+        <!-- Link: CSS -->
+        <link rel="stylesheet" href="https://cdn.waren.io/frameworks/font-awesome/7.0.0/css/all.min.css" crossorigin="anonymous" media="screen">
     </head>
     <body>
-        <div>
+        <header>
-            <p class="org">PVJJK 1.VOS TJAS</p>
+            <h1 style="display:none;">TJAS - Tango Juliet Alpha Sierra</h1>
-            <p class="link"><a href="https://intra.tjas">Visit website</a></p>
+            <img src="data:image/svg+xml;base64,{{ lookup('ansible.builtin.file', './assets/images/logo.svg') | ansible.builtin.b64encode }}" alt="TJAS - Tango Juliet Alpha Sierra">
-
+        </header>
+        <nav>
+            <ul>
+                <li><a href="https://cloud.tjas"><i class="fa-solid fa-cloud"></i> Cloud</a></li>
+                <li><a href="https://status.tjas"><i class="fa-solid fa-signal"></i> Status</a></li>
+            </ul>
+        </nav>
+        <footer>
             <div class="server">
-                <p class="name">{{ ansible_facts.fqdn }}</p>
+                <p class="name">{{ hostname | upper }}</p>
+                <p class="location">{{ location | upper }}</p>
             </div>
-        </div>
+        </footer>
-
     </body>
 </html>

files/powerdns-authorative/config.conf

@@ -1,6 +1,6 @@
 local-address=0.0.0.0,::
-local-port=53
+local-port=531
-default-soa-content=s1.intra.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
+default-soa-content=olympus.juva.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
 launch=gmysql
 gmysql-host=127.0.0.1
 gmysql-port=3306

files/powerdns-authorative/schema.mysql.sql

@@ -0,0 +1,92 @@
+CREATE TABLE domains (
+  id                    INT AUTO_INCREMENT,
+  name                  VARCHAR(255) NOT NULL,
+  master                VARCHAR(128) DEFAULT NULL,
+  last_check            INT DEFAULT NULL,
+  type                  VARCHAR(8) NOT NULL,
+  notified_serial       INT UNSIGNED DEFAULT NULL,
+  account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
+  options               VARCHAR(64000) DEFAULT NULL,
+  catalog               VARCHAR(255) DEFAULT NULL,
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE UNIQUE INDEX name_index ON domains(name);
+CREATE INDEX catalog_idx ON domains(catalog);
+
+
+CREATE TABLE records (
+  id                    BIGINT AUTO_INCREMENT,
+  domain_id             INT DEFAULT NULL,
+  name                  VARCHAR(255) DEFAULT NULL,
+  type                  VARCHAR(10) DEFAULT NULL,
+  content               VARCHAR(64000) DEFAULT NULL,
+  ttl                   INT DEFAULT NULL,
+  prio                  INT DEFAULT NULL,
+  disabled              TINYINT(1) DEFAULT 0,
+  ordername             VARCHAR(255) BINARY DEFAULT NULL,
+  auth                  TINYINT(1) DEFAULT 1,
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE INDEX nametype_index ON records(name,type);
+CREATE INDEX domain_id ON records(domain_id);
+CREATE INDEX ordername ON records (ordername);
+
+
+CREATE TABLE supermasters (
+  ip                    VARCHAR(64) NOT NULL,
+  nameserver            VARCHAR(255) NOT NULL,
+  account               VARCHAR(40) CHARACTER SET 'utf8' NOT NULL,
+  PRIMARY KEY (ip, nameserver)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+
+CREATE TABLE comments (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT NOT NULL,
+  name                  VARCHAR(255) NOT NULL,
+  type                  VARCHAR(10) NOT NULL,
+  modified_at           INT NOT NULL,
+  account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
+  comment               TEXT CHARACTER SET 'utf8' NOT NULL,
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE INDEX comments_name_type_idx ON comments (name, type);
+CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
+
+
+CREATE TABLE domainmetadata (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT NOT NULL,
+  kind                  VARCHAR(32),
+  content               TEXT,
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
+
+
+CREATE TABLE cryptokeys (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT NOT NULL,
+  flags                 INT NOT NULL,
+  active                BOOL,
+  published             BOOL DEFAULT 1,
+  content               TEXT,
+  PRIMARY KEY(id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE INDEX domainidindex ON cryptokeys(domain_id);
+
+
+CREATE TABLE tsigkeys (
+  id                    INT AUTO_INCREMENT,
+  name                  VARCHAR(255),
+  algorithm             VARCHAR(50),
+  secret                VARCHAR(255),
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

files/powerdns-recursor/config.conf

@@ -0,0 +1,9 @@
+incoming:
+  listen:
+    - 127.0.0.1:532
+recursor:
+  forward_zones:
+    - zone: tjas
+      recurse: false
+      forwarders:
+        - 127.0.0.1:531

files/ssh/authorized_keys

@@ -1,2 +1,2 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 l1.office.tjas
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 argo.aito.tjas
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW5phGhwAG8dmT+sR0uF1gRc0X9xXZiiFxvKUEsPk1N cwchristerw

files/yggdrasil/config.conf

@@ -6,11 +6,17 @@
     # use this section when you may connect via different interfaces.
 
     Peers: [
-        #TRUSTED PEERS - Waren Group
+{% if config.yggdrasil.peers is defined %}
-        #aurora.devices.waren.io
+        #TRUSTED PEERS
-        #201:361f:bbfb:7210:c5b8:3f74:a285:adb9
+{% for peer in config.yggdrasil.peers %}
-        "tls://[2a01:4f9:2a:60c::2]:18836",
+{% if peer.name is defined and peer.address is defined and peer.address is defined %}
-        "tls://95.216.5.243:18836",
+
+        #{{ peer.name }}
+        "{{ peer.address }}"{% if not loop.last %},{% endif %}
+{% endif %}
+{% endfor %}
+{% endif %}
+
     ]
 
     # List of connection strings for static peers in URI format, arranged

init.sh

@@ -4,66 +4,83 @@ if [ ! "$BASH_VERSION" ] ; then
     exit 1
 fi
 
+underline=`tput smul`
+nounderline=`tput rmul`
+bold=$(tput bold)
+normal=$(tput sgr0)
+
 ti-header(){
-    echo $(tput bold)$1$(tput sgr0)
+    echo ${bold}$1${normal}
 }
 
+echo "${bold}"
 echo "
-==============================
+ .-') _               ('-.      .-')
-
+(  OO) )             ( OO ).-. ( OO ).
-PVJJK 1.VOS TJAS - Infra
+/     '._      ,--.  / . --. /(_)---\_)
-Init Script
+|'--...__) .-')| ,|  | \-.  \ /    _ |
-
+'--.  .--'( OO |(_|.-'-'  |  |\  :\` \`.
-------------------------------
+   |  |   | \`-'|  | \| |_.'  | '..\`''.)
+   |  |   ,--. |  |  |  .-.  |.-._)   \\
+   |  |   |  '-'  /  |  | |  |\       /
+   \`--'    \`-----'   \`--' \`--' \`-----'
 "
+echo "
+TIETOJÄRJESTELMÄASENTAJIEN INTRA
+INIT SCRIPT
+"
+echo -n "${normal}"
 
 stop () {
 
-echo "
-==============================
-"
-
 exit 1
 
 }
 
 ti-header "Haetaan pakettien tiedot..."
-apt update
+sudo apt update
 echo -e "\n\n"
 
-ti-header "Asennetaan PVJJK 1.VOS TJAS Infran riippuvuudet APT-paketinhallinnalla..."
+ti-header "Asennetaan Ansiblen järjestelmäpaketti riippuvuudet..."
-apt-get install -y python3-pip python3-venv jq git curl lsb-release
+sudo apt-get install -y python3-pip python3-venv jq git curl lsb-release
 echo -e "\n\n"
 
-mkdir -p ~/.ssh/keys/pvjjk-1vos-tjas &> /dev/null
-if [[ ! -f ~/.ssh/keys/pvjjk-1vos-tjas/infra ]]
-then
-    ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
-    ssh-keygen -f ~/.ssh/keys/pvjjk-1vos-tjas/infra -t ed25519 -N '' -C $(hostname --fqdn)
-    echo -e "\n\n"
-fi
-
 ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
-python3 -m venv ~/.venv/ansible
+python3 -m venv $HOME/.venv/ansible
 echo -e "\n\n"
 
-ti-header "Asennetaan Ansiblen riippuvuudet..."
+ti-header "Asennetaan Ansiblen Python-kirjasto riippuvuudet..."
-~/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
+$HOME/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
 echo -e "\n\n"
 
 ti-header "Asennetaan Ansible..."
-~/.venv/ansible/bin/pip3 install ansible
+$HOME/.venv/ansible/bin/pip3 install ansible
 echo -e "\n\n"
 
 ti-header "Asennetaan Ansible kokoelmat..."
-~/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
+$HOME/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
 echo -e "\n\n"
 
-ti-header "Näytetään SSH-avain Infra-repon käyttöön..."
+mkdir -p $HOME/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null
-cat ~/.ssh/keys/pvjjk-1vos-tjas/infra.pub
+if [[ ! -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra ]]
+then
+    ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
+    ssh-keygen -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn)
+    echo -e "\n\n"
+fi
+
+ti-header "Lisää SSH-avain Infra-repon käyttöön..."
+cat $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub
+
+echo -n "Onko avain lisätty Github-repoon? [K/E]"
+while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
+do
+    read SSHKEY_QUESTION
+done
 echo -e "\n\n"
 
-if [[ ! -f ~/.ansible/vault/pvjjk-1vos-tjas ]]
+mkdir -p $HOME/.ansible/vault &> /dev/null
+if [[ ! -f $HOME/.ansible/vault/pvjjk-1vos-niinisalo ]]
 then
     ti-header "Syötä Ansible Vaultin salasana..."
     echo -n "Salasana: "
@@ -73,14 +90,14 @@ then
 
         if [[ ! -z $VAULT_PASSWORD ]]
         then
-            echo "$VAULT_PASSWORD" > ~/.ansible/vault/pvjjk-1vos-tjas
+            echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/pvjjk-1vos-niinisalo
         fi
     done
     echo -e "\n\n"
 fi
 
 ti-header "Suoritetaan Infran asennus..."
-~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t installer
+$HOME/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file $HOME/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer
 echo -e "\n\n"
 
 echo "

inventories/pvjjk-1vos-niinisalo/group_vars/pvjjk_1vos_niinisalo

@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
+64373431636239356632363666323830353431363731373136336331373964613963393632323534
+3635613634643837353437366539623264396536316363630a323064363839393466373136393938
+36313137393737663664306234313437626465626430363666396635376131396462383662306561
+3762313765633838330a386230636239363238396162303933633634356632643133386132356464
+63316138313761386534666533316665316538306335666665336634393431356262313830643930
+3162366261366665633439633330623164613063303435366233

inventories/pvjjk-1vos-niinisalo/host_vars/argo.aito.tjas

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
+39393765323033633961393730623431656435313631306263316231653036343335656532616235
+6531666133623435333231383164646237383633386136320a393836653465376439303866666338
+31386432613936343834636339393964323434333836653738373636623634323035333262313965
+3532666465333561610a383166343835666631323038643335306437653565303937303462336631
+6232

inventories/pvjjk-1vos-niinisalo/host_vars/olympus.juva.tjas

@@ -0,0 +1,93 @@
+$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
+62396335666232306632323234376337323766313834643232356538363335353861363761656531
+6334353239383966653039363166363264393465353161390a333465323863643034363664376563
+61643133393861376532636666636135343431653662663663623363663762313435616666656539
+6162663931333235340a326266336632363232383431653631353164346466636263393636303762
+39373833663535623432366465333637363462646265303932363364373335636666343361373535
+35356265373937353038636261313266643665623330343434663339336432306362636462646663
+32343061343262396539343265306666623365363965313839643533336137633531353564326230
+64643138666634663535303138353465383062393763663135613434333664333761623966613566
+35313936666466653230633565343037336133303932303334393730303637346439383039373062
+38653665636563353739386534663364663035663634626138303037336661613861353633383332
+33356366336435616366326134636233613465356431353332333239313335616633363362346662
+64323165366161636665303965326362316433373166633761346365653530316333323262323433
+61306435326335316630623336613661356464633234316165343939353236356436353163306664
+62363138373930373066643163646564636336636361653462643331643662376231303439626438
+33373235663466666233613339626232666166653835623364313665346566363634333832336233
+35333363363732643562333938316463616330643666373834633862656162663034353030643565
+33623830643735356563313232666433383666346236346366363632316331366639656138333939
+32623433333139376633376564326261303835383062383065313639623939323230363561383565
+32333135333366643565626263376661313339383230386130643863666238616161323433613933
+30616638623063623438366366373465353332336266633264366165393035366461633564636638
+39636164643239313936303839623561356664393764656437336562643236636466616130353333
+39313236396166313963363538633237376435613664636531613564346336386362366637656230
+37643934316337343562396431363162643165326531616463323065316537616262323063643938
+36363030663835333035613439663935633930663833613333333763356563396438323065356639
+30306235376330623264376130616435303730633434386336636431306432666430333836666462
+30316434336166646238393563376465306261306630303238306261613838653135363031363964
+62656366306564643733336334303938616365393138396339353563343631313238663537306536
+37393230343963326635373131343339356266383263646461336137613433343033323566386535
+63613735643234666663663937653532353836613439613438383963633964633232613066653965
+65653565643262626436656535306338613839393566393562643761343439636366376637666464
+30323439613233343030353636613139646365616363326566623735343637323136623532643738
+33366437623733383733323164656639363139646639626239363961326230346566333537366364
+32346233356666343637326661663639313936616537326534376563363061383030326139323434
+39306266336139366363373532623066613763666139313464353064643937376663363936383333
+31656361326435353561623532653364616335316634306332653737383234393866663764333730
+65303039383236643832653531333263323138653232356633343065363766316565616439356137
+31373531303735313333373432626563653132393464623961393136616332326534656639396264
+31656461376639356433623733626363396463356537323531323038336338383162643636306134
+30633734613066303765366436343735653832383662393664376435663761356564363139613330
+34626166303132313266623035336536343239643230626165323637326532353563613537613131
+37663030313438396239666138346365653964386531613966393637393535343031383235343032
+61386630303665346630643035383430656261646463386133326232653537373561306634653366
+36316530333938333333366233393039333363316138323136613931303666343035356637383738
+66366465373265353864626364633662356364616165346130623531306462306134373630396265
+61623434336433306533623566653939343331356464333237336233303930663666643734666364
+34303331303061643635636462393461643362316235336463316531663333653362386534653030
+31363034316432393939333035326336356531316166643938626136346164366565636664346266
+30323339336464363963356166323263346164646637646534313132633165303536366366333362
+31653535343939656565393866393366636634393437353162353931393036326531346331653664
+66366138323562393366613433653231333331313064356237383435363437326336646162383161
+30363439656631366161383039303733656437623031613534363539376266616662303561313033
+32333331643033326364663734643635363865376132383166633664366532346638666566336463
+34366365666237666630373639393736356338653366313739626238303361386130373337333736
+31663337346530346666313034396661333864323936393366303061373834633961303336323238
+31363165653832656332313763613266643862343437663035303166633966363335356332393731
+61653236316439643435333438633461306561326133653232656637383664343634303935363937
+39623633323266633338343232346264336631323437623466656638396538343838326666626666
+61323463303665373239373139326361633530366530366439386335623337666232333839383766
+62663432373961363133323134316334313433303763613064373163663565356332636363393633
+39636635363038393737323461343830643062656133336538653565393138613934666439636161
+36383830623837663731396531653136343961316164383565636363343639383634646331356438
+32313939343762666130383736643034346565323939363265663566316132363030363538313733
+33616537356665366432376530313566316662636437373365306133373763633963393632313935
+36313833313763386466653832366163623537383265656361343066393464363332646262613264
+39333735303034643631623863653961653637333465333766363832396532666661383836326134
+63343639626663393236373865636238613565333739643531656535646530303132303462303535
+36303136373234643961396331636531313361343033626433636435313835356632326537363865
+34343139343633396263646561376135393161343730643563393235306130656332613164653436
+61653362666162313436323630626463363761643666613466393234653863313661643638353930
+66326232653866363938653135386165633538666665633261356430346265333635323366653433
+30623037346561303431373437626666313835613039373233323737376261366164653239303133
+39643161633464333166303732356663366432383836303332636635373963343033353939383731
+38373637363961623662363266616430376164626665356163663665616665303564323335303864
+39643764363139623661313862383831663533393739643063313839393766663264306261626334
+65343734393665366235613533393238316639366331613266623032303137396666616437363764
+34353936306638623062343437316666616330613063323236353161366334373533373663666261
+35323936323062313763303334333136316533643031303064616339653562386635613436326462
+62323164663539626334393130316561303765646666373265353831373833323666336138323439
+34653930386334363763636464343230613838383966333764646561306566646163316337343639
+61656337663064316634633639633338396231623037643461386335666466326535346537386333
+66656630313937626266363764306339313662653564366436353739373261313033303962323961
+30386362313863323138326230653132333538643463323839386134366563303463616630363036
+31623666613834313565376533396635666264613464323064653135306238393162613061333935
+30373062363930333331633232613738356639616566626438646337616463623664326561643566
+63373930386530623761393231666162346438633735323431353038666138323230376334653439
+61333966306563303562343630303961663236343635636338333839353262316339323561393932
+34626564346137663863396538623335356163613166393534633931323836303766353462333534
+39616462303262353839653237376461613939393035663665633539306132633664396530323532
+30383064613363363131643335323131383937653034303864626138366233356261323934393737
+63303139656235373365616339363533623734353034303237323465636532613866333962636234
+34346634633536623538636330313439376566306337393639336439653665306663613430336237
+65333832326262356463

inventories/pvjjk-1vos-niinisalo/hosts.yml

@@ -0,0 +1,9 @@
+---
+pvjjk_1vos_niinisalo:
+  hosts:
+    argo.aito.tjas:
+      hostname: argo.aito.tjas
+    olympus.juva.tjas:
+      hostname: olympus.juva.tjas
+  vars:
+    ansible_python_interpreter: /usr/bin/python3

inventories/pvjjk-1vos-tjas/host_vars/olympus.intra.tjas

@@ -1,34 +0,0 @@
-$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-tjas
-31643232626264313563383833393334366265313436323430656162336630643339346535636331
-3431666132306362373135643535633962393632306264640a646430366531623033343730653232
-64363331623636633030373433336637366161333538353537386266653036383963323631393463
-3235363936353665380a633861336461313230323630336666633936353064616237366234393938
-30623365613830623238363061356138346434323830303564626130626436646362656430383035
-33343232303661393833393862626466363034653537643331393261363461363366323330303761
-66343464363732616431363166353263376537633962636637653162366166633635316538643664
-33363937303438393032326131656262636234656266666265633630383766346531663562336561
-33316438663937343030623935346663623365333636643763666133313863636632346235643731
-38343863313066663565626165613165663633323435303562663238323662353665353732393139
-35616665366633653662646530643663376235313234373462333738623662363865376332313739
-36373733656264333664626261636635336330653965366435306665613663313531636563373666
-33653230396430336537633865373530316530646264646562643936633861653963373133616136
-39353836663438313733333638366331353365616237303264656231363538333332343032386632
-65623334623532656335356636393263313863386565383437663131616536623633363036343335
-30313834373936366631383031666432643765336534633339396365343932353338646661393530
-64363264653963643231336263396265633334366636333939393836383832306239643137633539
-34616533666165353338383038383331646431333039646635393063326532646462373365306163
-64363364396632393662623133326261643963343539353431623932633965306539393563303035
-62363835356365623265666538646334313338623632336234616566326161396638326238383462
-38356231356638656639326132653539663761646265336236663535333364343635313633353538
-33396532343661666564636365323263643562633031353438323263663738643035666230346238
-32303864353537656534336266346231383031656633323035656538376665626566316136353234
-65313166316466646666663430343134623137336139353561613336383766623834393665393832
-66313463626437613437366137313331656135636335383661616363633664323438643761653666
-30346561633162386238666264633265333539383066646532393563373137663566663939343637
-61323437313331663663316261623866326434656532363133333239353135363865643337306339
-34356564623163356534393034653330343036333461613639353632313633343536336533643265
-66666237646161363965383539303838646132663234313736663036303435636436353336336535
-32616531353535323037613337363365336563353536373437393063616339393437393232376537
-39303633333032393861623930653535636564383539643138353036316564366235343064323764
-65353330616662346263393632303637336534333334373335633064623130346261643037303864
-61633361306566633761326237363038323433653632653132303263623835613936

inventories/pvjjk-1vos-tjas/hosts.yml

@@ -1,6 +0,0 @@
----
-pvjjk_1vos_tjas:
-  hosts:
-    olympus.intra.tjas:
-  vars:
-    ansible_python_interpreter: /usr/bin/python3

maintainer.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+underline=`tput smul`
+nounderline=`tput rmul`
+bold=$(tput bold)
+normal=$(tput sgr0)
+
+echo "${bold}"
+echo "
+ .-') _               ('-.      .-')
+(  OO) )             ( OO ).-. ( OO ).
+/     '._      ,--.  / . --. /(_)---\_)
+|'--...__) .-')| ,|  | \-.  \ /    _ |
+'--.  .--'( OO |(_|.-'-'  |  |\  :\` \`.
+   |  |   | \`-'|  | \| |_.'  | '..\`''.)
+   |  |   ,--. |  |  |  .-.  |.-._)   \\
+   |  |   |  '-'  /  |  | |  |\       /
+   \`--'    \`-----'   \`--' \`--' \`-----'
+"
+echo "
+TIETOJÄRJESTELMÄASENTAJIEN INTRA
+MAINTAINER SCRIPT
+"
+echo -n "${normal}"
+
+echo "${bold}PowerDNS Authorative - MySQL Schema${normal}"
+echo "Downloading..."
+curl https://raw.githubusercontent.com/PowerDNS/pdns/refs/heads/master/modules/gmysqlbackend/schema.mysql.sql -o "$PWD/files/powerdns-authorative/schema.mysql.sql" -s
+
+echo -e "\n\n\n"

protect.sh

@@ -5,23 +5,36 @@ nounderline=`tput rmul`
 bold=$(tput bold)
 normal=$(tput sgr0)
 
-echo "${bold}PVJJK 1.VOS TJAS / Infra / Protect${normal}"
+echo "${bold}"
+echo "
+ .-') _               ('-.      .-')
+(  OO) )             ( OO ).-. ( OO ).
+/     '._      ,--.  / . --. /(_)---\_)
+|'--...__) .-')| ,|  | \-.  \ /    _ |
+'--.  .--'( OO |(_|.-'-'  |  |\  :\` \`.
+   |  |   | \`-'|  | \| |_.'  | '..\`''.)
+   |  |   ,--. |  |  |  .-.  |.-._)   \\
+   |  |   |  '-'  /  |  | |  |\       /
+   \`--'    \`-----'   \`--' \`--' \`-----'
+"
+echo "
+TIETOJÄRJESTELMÄASENTAJIEN INTRA
+PROTECT SCRIPT
+"
+echo -n "${normal}"
 action=$1
 
 encrypt() {
-    echo "${underline}Encrypting...${nounderline}"
+    execute "ansible-vault encrypt --vault-id $1@vault/$1" $1
-    execute "ansible-vault encrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas"
 }
 
 decrypt() {
-    echo "${underline}Decrypting...${nounderline}"
+    execute "ansible-vault decrypt --vault-id $1@vault/$1" $1
-    execute "ansible-vault decrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas"
 }
 
 list() {
-    echo "${underline}Listing...${nounderline}"
     i=0
-    for file in inventories/*/group_vars/* inventories/*/host_vars/*;
+    for file in inventories/$1/group_vars/* inventories/$1/host_vars/*;
     do
         i=$((i + 1))
         echo $i")"$file
@@ -29,7 +42,8 @@ list() {
 }
 
 execute() {
-for file in inventories/*/group_vars/* inventories/*/host_vars/*;
+i=0
+for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
     do
         i=$((i + 1))
         echo $i")"$file
@@ -40,18 +54,23 @@ for file in inventories/*/group_vars/* inventories/*/host_vars/*;
 
 case $action in
     encrypt)
-        encrypt
+        echo "${underline}Encrypting...${nounderline}"
+        encrypt pvjjk-1vos-niinisalo
         ;;
     decrypt)
-        decrypt
+        echo "${underline}Decrypting...${nounderline}"
+        decrypt pvjjk-1vos-niinisalo
         ;;
     list)
-        list
+        echo "${underline}Listing...${nounderline}"
-        ;;
+        list pvjjk-1vos-niinisalo
-    help)
-        echo "encrypt, decrypt, list"
         ;;
     *)
-        echo "..."
+        echo "${underline}HELP${nounderline}"
+        echo "encrypt - Encrypt Files"
+        echo "decrypt - Decrypt Files"
+        echo "list - List Files"
         ;;
 esac
+
+echo -e "\n\n\n"

tasks.yml

@@ -10,6 +10,8 @@
       import_tasks: tasks/installer.yml
       vars:
         ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
+      when:
+        - inventory_hostname == "olympus.juva.tjas"
       tags:
         - installer
         - never
@@ -18,6 +20,8 @@
       import_tasks: tasks/maintenance.yml
       vars:
         ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
+      when:
+        - inventory_hostname == "olympus.juva.tjas"
       tags:
         - maintenance
         - never
@@ -26,6 +30,8 @@
       import_tasks: tasks/deployer.yml
       vars:
         ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
+      when:
+        - inventory_hostname == "olympus.juva.tjas"
       tags:
         - deployer
         - never

tasks/deployer.yml

@@ -2,7 +2,7 @@
 - name: "Deployer - SSH - Add Authorized Keys"
   ansible.builtin.template:
     src: './files/ssh/authorized_keys'
-    dest: '~/.ssh/authorized_keys'
+    dest: '/root/.ssh/authorized_keys'
   tags:
     - ssh
 
@@ -24,14 +24,14 @@
 
 - name: "Deployer - Yggdrasil - Configure - Create Folder"
   ansible.builtin.file:
-    path: "~/data/yggdrasil/"
+    path: "/root/data/yggdrasil/"
     state: directory
   tags:
     - yggdrasil
 
 - name: "Deployer - Yggdrasil - Configure - Create Subfolders"
   ansible.builtin.file:
-    dest: '~/data/yggdrasil/{{ item.path }}'
+    dest: '/root/data/yggdrasil/{{ item.path }}'
     state: directory
   with_filetree: './files/yggdrasil/'
   loop_control:
@@ -44,7 +44,7 @@
 - name: "Deployer - Yggdrasil - Configure - Generating & Transferring Files"
   ansible.builtin.template:
     src: '{{ item.src }}'
-    dest: '~/data/yggdrasil/{{ item.path }}'
+    dest: '/root/data/yggdrasil/{{ item.path }}'
   register: deployerTaskY1
   with_filetree: './files/yggdrasil/'
   loop_control:
@@ -58,7 +58,6 @@
   containers.podman.podman_image:
     name: docker.io/library/golang
     tag: alpine
-    force: true
   register: deployerTaskY2
 
 - name: "Deployer - Yggdrasil - Clone Repository"
@@ -67,11 +66,11 @@
     dest: ".cache/git/yggdrasil"
   register: deployerTaskY3
 
-- name: "Deployer - Yggdrasil - Pull Image"
+- name: "Deployer - Yggdrasil - Build Image"
   containers.podman.podman_image:
-    name: pvjjk-1vos-tjas/nginx
+    name: pvjjk-1vos-niinisalo/yggdrasil
     tag: latest
-    path: "~/data/yggdrasil"
+    path: "/root/data/yggdrasil"
     build:
       format: docker
     force: true
@@ -80,7 +79,7 @@
 - name: "Deployer - Yggdrasil - Run Container"
   containers.podman.podman_container:
     name: yggdrasil
-    image: pvjjk-1vos-tjas/nginx:latest
+    image: pvjjk-1vos-niinisalo/yggdrasil:latest
     state: started
     recreate: on
     network: host
@@ -96,40 +95,18 @@
   tags:
     - yggdrasil
 
-# - name: "Deployer - DHCP - Install"
-#   ansible.builtin.apt:
-#     name:
-#       - isc-dhcp-server
-#     state: latest
-
-# - name: "Deployer - DHCP - Config"
-#   ansible.builtin.template:
-#     src: './files/dhcp/dhcpd.conf'
-#     dest: '/etc/dhcp/dhcpd.conf'
-#   register: deployerTaskD1
-#   tags:
-#     - dhcp
-
-# - name: "Deployer : DHCP : Restart"
-#   ansible.builtin.systemd_service:
-#     name: isc-dhcp-server
-#     state: restarted
-#     enabled: true
-#   when:
-#     - (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined
-
 - name: "Deployer - MariaDB - Create Folder"
   ansible.builtin.file:
-    path: ~/data/mariadb
+    path: /root/data/mariadb
     state: directory
   tags:
     - mariadb
+    - database
 
 - name: "Deployer - MariaDB - Pull Image"
   containers.podman.podman_image:
     name: docker.io/library/mariadb
     tag: latest
-    force: true
   register: deployerTaskM1
 
 - name: "Deployer - MariaDB - Run Container"
@@ -140,15 +117,16 @@
     restart: on
     network: host
     volumes:
-      - "~/data/mariadb:/var/lib/mysql"
+      - "/root/data/mariadb:/var/lib/mysql"
     restart_policy: always
     env:
-      MYSQL_ROOT_PASSWORD: "{{ config.databases.mariadb.users.root.password }}"
+      MYSQL_ROOT_PASSWORD: "{{ config.mariadb.users.root.password }}"
   register: deployerTaskM2
   when:
     - (deployerTaskM1 is defined and deployerTaskM1.changed) or deployerTaskM1 is undefined
   tags:
     - mariadb
+    - database
 
 - name: "Deployer - MariaDB - Wait"
   ansible.builtin.wait_for:
@@ -159,6 +137,7 @@
     - (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
   tags:
     - mariadb
+    - database
 
 - name: "Deployer - MariaDB - Upgrade"
   containers.podman.podman_container_exec:
@@ -171,6 +150,7 @@
     - (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
   tags:
     - mariadb
+    - database
 
 - name: "Deployer - MariaDB - Create Users"
   community.mysql.mysql_user:
@@ -187,8 +167,14 @@
     loop_var: "user"
   when:
     - (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
+    - config.mariadb.users is defined
+    - config.mariadb.users[user] is defined
+    - config.mariadb.users[user].username is defined
+    - config.mariadb.users[user].password is defined
+    - config.mariadb.users[user].database is defined
   tags:
     - mariadb
+    - database
 
 - name: "Deployer - MariaDB - Create Database"
   community.mysql.mysql_db:
@@ -202,73 +188,463 @@
     loop_var: "user"
   when:
     - (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
+    - config.mariadb.users is defined
+    - config.mariadb.users[user] is defined
+    - config.mariadb.users[user].username is defined
+    - config.mariadb.users[user].password is defined
+    - config.mariadb.users[user].database is defined
   tags:
     - mariadb
+    - database
 
-- name: "Deployer - PowerDNS - Configure - Create Folder"
+- name: "Deployer - Kea - Install"
+  ansible.builtin.apt:
+    name:
+      - kea
+    state: latest
+
+- name: "Deployer - Kea - Configure - DHCP4"
+  ansible.builtin.template:
+    src: './files/kea/kea-dhcp4.conf'
+    dest: '/etc/kea/kea-dhcp4.conf'
+  register: deployerTaskK1
+  tags:
+    - kea
+    - dhcp
+
+- name: "Deployer - Kea - Configure - Database : Init"
+  ansible.builtin.command:
+    cmd: "/usr/sbin/kea-admin db-init mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
+  register: deployerTaskK2
+  changed_when:
+    - deployerTaskK2.stdout.find('Initializing database') != -1
+  failed_when:
+    - deployerTaskK2.stdout.find('ERROR') != -1
+    - deployerTaskK2.stdout.find('Expected empty database kea.') == -1
+  tags:
+    - kea
+    - dhcp
+
+- name: "Deployer - Kea - Configure - Database : Upgrade"
+  ansible.builtin.command:
+    cmd: "/usr/sbin/kea-admin db-upgrade mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
+  tags:
+    - kea
+    - dhcp
+
+- name: "Deployer : Kea : Restart"
+  ansible.builtin.systemd_service:
+    name: kea-dhcp4-server
+    state: restarted
+  when:
+    - (deployerTaskK1 is defined and deployerTaskK1.changed) or deployerTaskK1 is undefined or (deployerTaskK2 is defined and deployerTaskK2.changed) or deployerTaskK2 is undefined
+  tags:
+    - kea
+    - dhcp
+
+- name: "Deployer : Kea : Start"
+  ansible.builtin.systemd_service:
+    name: kea-dhcp4-server
+    state: started
+  tags:
+    - kea
+    - dhcp
+
+
+- name: "Deployer - dnsdist - Configure - Create Folder"
   ansible.builtin.file:
-    path: "~/data/powerdns/"
+    path: "/root/data/dnsdist/"
     state: directory
   tags:
-    - powerdns
+    - dnsdist
+    - dns
 
-- name: "Deployer - PowerDNS - Configure - Create Subfolders"
+- name: "Deployer - dnsdist - Configure - Create Subfolders"
   ansible.builtin.file:
-    dest: '~/data/powerdns/{{ item.path }}'
+    dest: '/root/data/dnsdist/{{ item.path }}'
     state: directory
-  with_filetree: './files/powerdns/'
+  with_filetree: './files/dnsdist/'
   loop_control:
     label: "{{ item.path }}"
   when:
     - item.state == 'directory'
   tags:
-    - powerdns
+    - dnsdist
+    - dns
 
-- name: "Deployer - PowerDNS - Configure - Generating & Transferring Files"
+- name: "Deployer - dnsdist - Configure - Generating & Transferring Files"
   ansible.builtin.template:
     src: '{{ item.src }}'
-    dest: '~/data/powerdns/{{ item.path }}'
+    dest: '/root/data/dnsdist/{{ item.path }}'
-  register: deployerTaskP1
+  register: deployerTaskD1
-  with_filetree: './files/powerdns/'
+  with_filetree: './files/dnsdist/'
   loop_control:
     label: "{{ item.path }}"
   when:
     - item.state == 'file'
   tags:
-    - powerdns
+    - dnsdist
+    - dns
 
-- name: "Deployer - PowerDNS - Pull Image"
+- name: "Deployer - dnsdist - Pull Image"
   containers.podman.podman_image:
-    name: docker.io/powerdns/pdns-auth-49
+    name: docker.io/powerdns/dnsdist-20
     tag: latest
-    force: true
+  register: deployerTaskD2
-  register: deployerTaskP2
 
-- name: "Deployer - PowerDNS - Run Container"
+- name: "Deployer - dnsdist - Run Container"
   containers.podman.podman_container:
-    name: powerdns
+    name: dnsdist
-    image: docker.io/powerdns/pdns-auth-49:latest
+    image: docker.io/powerdns/dnsdist-20:latest
     state: started
     recreate: on
     network: host
     restart_policy: always
     volumes:
-      - "~/data/powerdns/config.conf:/etc/powerdns/pdns.conf:ro"
+      - "/root/data/dnsdist/config.conf:/etc/dnsdist/dnsdist.conf:ro"
+    tty: yes
+    interactive: yes
+    capabilities:
+      - NET_BIND_SERVICE
   when:
-    - (deployerTaskP1 is defined and deployerTaskP1.changed) or deployerTaskP1 is undefined or (deployerTaskP2 is defined and deployerTaskP2.changed) or deployerTaskP2 is undefined
+    - (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined or (deployerTaskD2 is defined and deployerTaskD2.changed) or deployerTaskD2 is undefined
   tags:
-    - powerdns
+    - dnsdist
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Configure - Create Folder"
+  ansible.builtin.file:
+    path: "/root/data/powerdns-authorative/"
+    state: directory
+  tags:
+    - powerdns-authorative
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Configure - Create Subfolders"
+  ansible.builtin.file:
+    dest: '/root/data/powerdns-authorative/{{ item.path }}'
+    state: directory
+  with_filetree: './files/powerdns-authorative/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'directory'
+  tags:
+    - powerdns-authorative
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Configure - Generating & Transferring Files"
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '/root/data/powerdns-authorative/{{ item.path }}'
+  register: deployerTaskPA1
+  with_filetree: './files/powerdns-authorative/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'file'
+  tags:
+    - powerdns-authorative
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Database - Init"
+  community.mysql.mysql_db:
+    login_host: "127.0.0.1"
+    login_user: "{{ config.mariadb.users['powerdns'].username }}"
+    login_password: "{{ config.mariadb.users['powerdns'].password }}"
+    name: "{{ config.mariadb.users['powerdns'].database }}"
+    state: import
+    target: './files/powerdns-authorative/schema.mysql.sql'
+  register: deployerTaskPA2
+  failed_when:
+    - "deployerTaskPA2.msg.find('ERROR') != -1"
+    - "deployerTaskPA2.msg.find('already exists') == -1"
+  when:
+    - config.mariadb.users is defined
+    - config.mariadb.users['powerdns'] is defined
+    - config.mariadb.users['powerdns'].username is defined
+    - config.mariadb.users['powerdns'].password is defined
+    - config.mariadb.users['powerdns'].database is defined
+  tags:
+    - powerdns-authorative
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Pull Image"
+  containers.podman.podman_image:
+    name: docker.io/powerdns/pdns-auth-50
+    tag: latest
+  register: deployerTaskPA3
+
+- name: "Deployer - PowerDNS Authorative - Run Container"
+  containers.podman.podman_container:
+    name: powerdns-authorative
+    image: docker.io/powerdns/pdns-auth-50:latest
+    state: started
+    recreate: on
+    network: host
+    restart_policy: always
+    volumes:
+      - "/root/data/powerdns-authorative/config.conf:/etc/powerdns/pdns.conf:ro"
+    capabilities:
+      - NET_BIND_SERVICE
+  when:
+    - (deployerTaskPA1 is defined and deployerTaskPA1.changed) or deployerTaskPA1 is undefined or (deployerTaskPA3 is defined and deployerTaskPA3.changed) or deployerTaskPA3 is undefined
+  tags:
+    - powerdns-authorative
+    - dns
+
+
+- name: "Deployer - PowerDNS Recursor - Configure - Create Folder"
+  ansible.builtin.file:
+    path: "/root/data/powerdns-recursor/"
+    state: directory
+  tags:
+    - powerdns-recursor
+    - dns
+
+- name: "Deployer - PowerDNS Recursor - Configure - Create Subfolders"
+  ansible.builtin.file:
+    dest: '/root/data/powerdns-recursor/{{ item.path }}'
+    state: directory
+  with_filetree: './files/powerdns-recursor/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'directory'
+  tags:
+    - powerdns-recursor
+    - dns
+
+- name: "Deployer - PowerDNS Recursor - Configure - Generating & Transferring Files"
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '/root/data/powerdns-recursor/{{ item.path }}'
+  register: deployerTaskPR1
+  with_filetree: './files/powerdns-recursor/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'file'
+  tags:
+    - powerdns-recursor
+    - dns
+
+- name: "Deployer - PowerDNS Recursor - Pull Image"
+  containers.podman.podman_image:
+    name: docker.io/powerdns/pdns-recursor-52
+    tag: latest
+  register: deployerTaskPR2
+
+- name: "Deployer - PowerDNS Recursor - Run Container"
+  containers.podman.podman_container:
+    name: powerdns-recursor
+    image: docker.io/powerdns/pdns-recursor-52:latest
+    state: started
+    recreate: on
+    network: host
+    restart_policy: always
+    volumes:
+      - "/root/data/powerdns-recursor/config.conf:/etc/powerdns/recursor.conf:ro"
+    capabilities:
+      - NET_BIND_SERVICE
+  when:
+    - (deployerTaskPR1 is defined and deployerTaskPR1.changed) or deployerTaskPR1 is undefined or (deployerTaskPR2 is defined and deployerTaskPR2.changed) or deployerTaskPR2 is undefined
+  tags:
+    - powerdns-recursor
+    - dns
+
+- name: "Deployer - OpenSSL - Configure - Create Folder"
+  ansible.builtin.file:
+    path: "/root/data/openssl/{{ cert }}"
+    state: directory
+  loop: "{{ config.openssl.certificates.keys() | list }}"
+  loop_control:
+    label: "{{ cert }}"
+    loop_var: "cert"
+  tags:
+    - openssl
+    - www
+
+- name: "Deployer - OpenSSL - Configure - Generate Private Key"
+  community.crypto.openssl_privatekey:
+    path: "/root/data/openssl/{{ cert }}/privkey.pem"
+    type: ECC
+    curve: secp384r1
+  loop: "{{ config.openssl.certificates.keys() | list }}"
+  loop_control:
+    label: "{{ cert }}"
+    loop_var: "cert"
+  tags:
+    - openssl
+    - www
+
+- name: "Deployer - OpenSSL - Configure - Generate Certificate Signing Request / Root"
+  community.crypto.openssl_csr:
+    path: "/root/data/openssl/{{ cert }}/csr.pem"
+    privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
+    commonName: "{{ config.openssl.certificates[cert].commonName }}"
+    organizationName: "{{ config.openssl.certificates[cert].organization.name }}"
+    organizationalUnitName: "{{ config.openssl.certificates[cert].organization.unit }}"
+    countryName: FI
+  loop: "{{ config.openssl.certificates.keys() | list }}"
+  loop_control:
+    label: "{{ cert }}"
+    loop_var: "cert"
+  when:
+    - config.openssl.certificates[cert].location.providence is not defined
+    - config.openssl.certificates[cert].location.city is not defined
+    - config.openssl.certificates[cert].domains is undefined
+  tags:
+    - openssl
+    - www
+
+- name: "Deployer - OpenSSL - Configure - Generate Certificate Signing Request / Intermediate"
+  community.crypto.openssl_csr:
+    path: "/root/data/openssl/{{ cert }}/csr.pem"
+    privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
+    commonName: "{{ config.openssl.certificates[cert].commonName }}"
+    organizationName: "{{ config.openssl.certificates[cert].organization.name }}"
+    organizationalUnitName: "{{ config.openssl.certificates[cert].organization.unit }}"
+    stateOrProvinceName: "{{ config.openssl.certificates[cert].location.providence }}"
+    localityName: "{{ config.openssl.certificates[cert].location.city }}"
+    countryName: FI
+  loop: "{{ config.openssl.certificates.keys() | list }}"
+  loop_control:
+    label: "{{ cert }}"
+    loop_var: "cert"
+  when:
+    - config.openssl.certificates[cert].location.providence is defined
+    - config.openssl.certificates[cert].location.city is defined
+    - config.openssl.certificates[cert].domains is undefined
+  tags:
+    - openssl
+    - www
+
+- name: "Deployer - OpenSSL - Configure - Generate Certificate Signing Request / Service"
+  community.crypto.openssl_csr:
+    path: "/root/data/openssl/{{ cert }}/csr.pem"
+    privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
+    commonName: "{{ config.openssl.certificates[cert].commonName }}"
+    organizationName: "{{ config.openssl.certificates[cert].organization.name }}"
+    organizationalUnitName: "{{ config.openssl.certificates[cert].organization.unit }}"
+    stateOrProvinceName: "{{ config.openssl.certificates[cert].location.providence | default(None) }}"
+    localityName: "{{ config.openssl.certificates[cert].location.city | default(None) }}"
+    countryName: FI
+    subjectAltName: "{{ ['DNS:'] | product(config.openssl.certificates[cert].domains) | map('join') | list }}"
+  loop: "{{ config.openssl.certificates.keys() | list }}"
+  loop_control:
+    label: "{{ cert }}"
+    loop_var: "cert"
+  when:
+    - config.openssl.certificates[cert].domains is defined
+  tags:
+    - openssl
+    - www
+
+- name: "Deployer - OpenSSL - Configure - Generate Certificate / Root"
+  community.crypto.x509_certificate:
+    path: "/root/data/openssl/{{ cert }}/cert.pem"
+    privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
+    csr_path: "/root/data/openssl/{{ cert }}/csr.pem"
+    provider: "ownca"
+    ownca_path: /etc/ssl/crt/ansible_CA.crt
+    ownca_privatekey_path: /etc/ssl/private/ansible_CA.pem
+    provider: selfsigned
+    selfsigned_not_after: "+7300d"
+  loop: "{{ config.openssl.certificates.keys() | list }}"
+  loop_control:
+    label: "{{ cert }}"
+    loop_var: "cert"
+  when:
+    - config.openssl.certificates[cert].issuer is undefined
+  tags:
+    - openssl
+    - www
+
+- name: "Deployer - OpenSSL - Configure - Generate Certificate / Intermediate"
+  community.crypto.x509_certificate:
+    path: "/root/data/openssl/{{ cert }}/cert.pem"
+    privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
+    csr_path: "/root/data/openssl/{{ cert }}/csr.pem"
+    provider: "ownca"
+    ownca_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/cert.pem"
+    ownca_privatekey_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/privkey.pem"
+    provider: ownca
+    ownca_not_after: "+365d"
+  loop: "{{ config.openssl.certificates.keys() | list }}"
+  loop_control:
+    label: "{{ cert }}"
+    loop_var: "cert"
+  when:
+    - config.openssl.certificates[cert].domains is undefined
+    - config.openssl.certificates[cert].issuer is defined
+  tags:
+    - openssl
+    - www
+
+- name: "Deployer - OpenSSL - Configure - Generate Certificate / Service"
+  community.crypto.x509_certificate:
+    path: "/root/data/openssl/{{ cert }}/cert.pem"
+    privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
+    csr_path: "/root/data/openssl/{{ cert }}/csr.pem"
+    provider: "ownca"
+    ownca_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/cert.pem"
+    ownca_privatekey_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/privkey.pem"
+    provider: ownca
+    ownca_not_after: "+30d"
+  loop: "{{ config.openssl.certificates.keys() | list }}"
+  loop_control:
+    label: "{{ cert }}"
+    loop_var: "cert"
+  when:
+    - config.openssl.certificates[cert].domains is defined
+    - config.openssl.certificates[cert].issuer is defined
+  tags:
+    - openssl
+    - www
+
+- name: "Deployer - OpenSSL - Configure - Generate Fullchain"
+  community.crypto.certificate_complete_chain:
+    chain:
+      - "/root/data/openssl/{{ cert }}/cert.pem"
+      - "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/cert.pem"
+    path: "/root/data/openssl/{{ cert }}/fullchain.pem"
+  loop: "{{ config.openssl.certificates.keys() | list }}"
+  loop_control:
+    label: "{{ cert }}"
+    loop_var: "cert"
+  when:
+    - config.openssl.certificates[cert].issuer is defined
+  tags:
+    - openssl
+    - www
+
+- name: "Deployer - OpenSSL - Configure - Generate Chain"
+  community.crypto.certificate_complete_chain:
+    chain:
+      - "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/cert.pem"
+    path: "/root/data/openssl/{{ cert }}/chain.pem"
+  loop: "{{ config.openssl.certificates.keys() | list }}"
+  loop_control:
+    label: "{{ cert }}"
+    loop_var: "cert"
+  when:
+    - config.openssl.certificates[cert].issuer is defined
+  tags:
+    - openssl
+    - www
 
 - name: "Deployer - Nginx - Configure - Create Folder"
   ansible.builtin.file:
-    path: "~/data/nginx/"
+    path: "/root/data/nginx/"
     state: directory
   tags:
     - nginx
+    - www
 
 - name: "Deployer - Nginx - Configure - Create Subfolders"
   ansible.builtin.file:
-    dest: '~/data/nginx/{{ item.path }}'
+    dest: '/root/data/nginx/{{ item.path }}'
     state: directory
   with_filetree: './files/nginx/'
   loop_control:
@@ -277,11 +653,12 @@
     - item.state == 'directory'
   tags:
     - nginx
+    - www
 
 - name: "Deployer - Nginx - Configure - Generating & Transferring Files"
   ansible.builtin.template:
     src: '{{ item.src }}'
-    dest: '~/data/nginx/{{ item.path }}'
+    dest: '/root/data/nginx/{{ item.path }}'
   register: deployerTaskN1
   with_filetree: './files/nginx/'
   loop_control:
@@ -290,12 +667,12 @@
     - item.state == 'file'
   tags:
     - nginx
+    - www
 
 - name: "Deployer - Nginx - Pull Image"
   containers.podman.podman_image:
     name: docker.io/library/nginx
     tag: latest
-    force: true
   register: deployerTaskN2
 
 - name: "Deployer - Nginx - Run Container"
@@ -309,9 +686,11 @@
       - "{{ ansible_facts.user_dir }}/data/nginx/index.html:/usr/share/nginx/html/index.html:ro"
       - "{{ ansible_facts.user_dir }}/data/nginx/config.conf:/etc/nginx/nginx.conf:ro"
       - "{{ ansible_facts.user_dir }}/data/nginx/conf/:/etc/nginx/conf.d/:ro"
-      #- "{{ ansible_facts.user_dir }}/data/certs/:/etc/nginx/certs/:ro"
+      - "{{ ansible_facts.user_dir }}/data/openssl/:/etc/nginx/certs/:ro"
     restart_policy: always
   when:
     - (deployerTaskN1 is defined and deployerTaskN1.changed) or deployerTaskN1 is undefined or (deployerTaskN2 is defined and deployerTaskN2.changed) or deployerTaskN2 is undefined
   tags:
     - nginx
+    - www
+

tasks/installer.yml

@@ -12,14 +12,14 @@
     - "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1"
 
 - name: "Init : Python 3 : Configure - Virtual Environment : Test"
-  ansible.builtin.raw: "~/.venv/ansible/bin/pip3"
+  ansible.builtin.raw: "/root/.venv/ansible/bin/pip3"
   register: task632
   changed_when: false
   failed_when: false
 
 - name: "Init : Python 3 : Configure - Virtual Environment : Delete"
   ansible.builtin.file:
-    path: "~/.venv/ansible"
+    path: "/root/.venv/ansible"
     state: absent
   when:
     - "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1"
@@ -29,7 +29,7 @@
     name: pip
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
 
 - name: "Installer : Tools : Install"
@@ -50,28 +50,76 @@
       - pkg-config
       - etckeeper
       - picocom
+      - vlan
   loop: "{{ packages }}"
   loop_control:
     label: "{{ package }}"
     loop_var: "package"
 
+- name: "Installer : Issue : Configure - Copy File"
+  ansible.builtin.template:
+    src: './files/issue'
+    dest: '/etc/{{ file }}'
+  vars:
+    files:
+      - "issue"
+      - "issue.net"
+  loop: "{{ files }}"
+  loop_control:
+    label: "{{ file }}"
+    loop_var: "file"
+  tags:
+    - issue
+
+- name: "Installer : Motd : Configure - Copy File"
+  ansible.builtin.template:
+    src: './files/motd'
+    dest: '/etc/motd'
+  tags:
+    - motd
+
+- name: "Installer : Networking : Configure - Copy Configuration"
+  ansible.builtin.template:
+    src: './files/networking/interfaces'
+    dest: '/etc/network/interfaces'
+  tags:
+    - networking
+    - network
+
+- name: "Installer : Networking : Start - Restart Service"
+  ansible.builtin.systemd_service:
+    name: networking
+    state: restarted
+  tags:
+    - networking
+    - network
+
 - name: "Installer : FirewallD : Dependencies - Packages"
   ansible.builtin.apt:
     name:
       - python3-firewall
       - iptables
     state: latest
+  tags:
+    - firewalld
+    - firewall
 
 - name: "Installer : FirewallD : Install"
   ansible.builtin.apt:
     name: "firewalld"
     state: latest
+  tags:
+    - firewalld
+    - firewall
 
 - name: "Installer : FirewallD : Start"
   ansible.builtin.systemd_service:
     name: firewalld
     state: started
     enabled: true
+  tags:
+    - firewalld
+    - firewall
 
 - name: "Installer : FirewallD : Rules"
   ansible.posix.firewalld:
@@ -85,32 +133,37 @@
       - http
       - https
       - ssh
+      - dhcp
+      - dns
   loop: "{{ services }}"
   loop_control:
     label: "{{ service }}"
     loop_var: "service"
+  tags:
+    - firewalld
+    - firewall
 
 - name: "Installer - Ansible - Python Library"
   ansible.builtin.pip:
     name: ansible
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
   tags:
     - ansible
 
 - name: "Installer : Ansible : Create Folder"
   ansible.builtin.file:
-    path: ~/bin
+    path: /root/bin
     state: directory
   tags:
     - ansible
 
 - name: "Installer : Ansible : Create Symbolic Links"
   ansible.builtin.file:
-    src: ~/.venv/ansible/bin/{{ binary }}
+    src: /root/.venv/ansible/bin/{{ binary }}
-    dest: ~/bin/{{ binary }}
+    dest: /root/bin/{{ binary }}
     state: link
   vars:
     binaries:
@@ -132,12 +185,12 @@
   tags:
     - ansible
 
-- name: "Installer - Ansible - Dependencies / Python Libraries"
+- name: "Installer - Ansible - Dependencies - Python Libraries"
   ansible.builtin.pip:
     name: "{{ library }}"
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
   vars:
     libraries:
@@ -151,16 +204,27 @@
   loop_control:
     label: "{{ library }}"
     loop_var: "library"
+  tags:
+    - ansible
 
-- name: "Installer : MariaDB : Dependencies / Python Library : pymysql"
+- name: "Installer : MariaDB : Dependencies - Python Library : pymysql"
   ansible.builtin.pip:
     name: pymysql
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
   tags:
     - mariadb
+    - database
+
+- name: "Installer : MariaDB : Dependencies - Package : mariadb-client"
+  ansible.builtin.apt:
+    name: "mariadb-client"
+    state: latest
+  tags:
+    - mariadb
+    - database
 
 - name: "Installer : Podman : Install"
   ansible.builtin.apt:
@@ -171,20 +235,22 @@
       - buildah
       - slirp4netns
     state: latest
+  tags:
+    - podman
 
 - name: "Installer : Schedule : Maintenance"
   ansible.builtin.cron:
-    name: "PVJJK 1.VOS TJAS - Infra - Maintenance"
+    name: "{{ location | upper }} - Infra - Maintenance"
     hour: "*/3"
     minute: "0"
-    job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t maintenance"
+    job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t maintenance"
   tags:
     - cron
 
 - name: "Installer : Schedule : Deployer"
   ansible.builtin.cron:
-    name: "PVJJK 1.VOS TJAS - Infra - Deployer"
+    name: "{{ location | upper }} - Infra - Deployer"
     minute: "*/5"
-    job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t deployer"
+    job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t deployer"
   tags:
     - cron

tasks/maintenance.yml

@@ -4,7 +4,7 @@
     name: "{{ library }}"
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
   vars:
     libraries:
@@ -24,7 +24,7 @@
     name: ansible
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
 
 - name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql"
@@ -32,7 +32,7 @@
     name: pymysql
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
 
 - name: "Maintenance : Podman : Prune"