Inventories Update

.vscode/settings.json

@@ -1,6 +1,5 @@
 {
     "files.trimTrailingWhitespace": true,
     "files.insertFinalNewline": true,
-    "files.trimFinalNewlines": true,
     "editor.renderFinalNewline": false
 }

INSTRUCTIONS.md

@@ -1,6 +1,26 @@
-#Tietojärjestelmäasentajien Infra
+# Tietojärjestelmäasentajien Infra
-## PVJJK 1.VOS TJAS - Infra
+## Ylläpitäjän ohjeet
-### Ylläpitäjän ohjeet
+
+**Työaseman asennus**
+1. Asenna Windows Subsystem for Linux vaihtoehtoisista järjestelmäominaisuuksista.
+2. Käynnistä työasema uudelleen
+3. Asenna Debian käyttöjärjestelmä
+    1. Avaa Powershell järjestelmänvalvojana
+    2. Suorita asennuskomento – `wsl --install -d Debian`
+    3. Aseta käyttäjätunnukseksi `asentaja` ja salasanaksi sama kuin työaseman Windows käyttäjän salasana.
+    4. Vaihda isännän nimi
+        1. Lisää Network kohtaan tai luo Network kohta – `echo "[network]" > /etc/wsl.conf`
+        2. Lisää isännän nimi – `echo "hostname = argo.aito.tjas" > /etc/wsl.conf`
+        3. Lisää Hosts tiedoston generointi – `echo "generateHosts = true" > /etc/wsl.conf`
+    5. Sulje ikkuna
+4. Aseta Debian oletusarvoiseksi käyttöjärjestelmäksi ja käynnistä se uudelleen
+    1. Avaa Powershell järjestelmänvalvojana
+    2. Vaihda oletusarvoinen käyttöjärjestelmä – `wsl --set-default Debian`
+    3. Käynnistä uudelleen käyttöjärjestelmä – `wsl -t Debian`
+    4. Sulje ikkuna
+6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana `wsl -d Debian`
+7. Asenna curl-paketti käyttämällä APT-paketinhallintaa – `sudo apt update && sudo apt install curl`
+8. Lataa ja suorita Init.sh skripti – `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
 
 **Palvelimen asennus**
 1. Asenna Debian-käyttöjärjestelmä
@@ -11,3 +31,392 @@
 1. Kytke verkkolaitteen Console (Ethernet) porttiin serial portti adapteri sekä yhdistä siihen serial portti USB-adapteri
 2. Liitä USB-adapteri kiinni palvelimeen
 3. Testaa/Muodosta yhteys verkkolaitteeseen, käyttäen picocom-komentoa esim. "picocom -b 9600 /dev/ttyUSB0"
+
+r1.net.tjas
+```
+!
+version 12.4
+service timestamps debug datetime msec
+service timestamps log datetime msec
+no service password-encryption
+!
+hostname r1.net.tjas
+!
+boot-start-marker
+boot-end-marker
+!
+enable secret 5 $1$G8oa$toAwtS1iMWnV5PGXYc4qM/
+enable password ********
+!
+no aaa new-model
+!
+resource policy
+!
+memory-size iomem 5
+ip subnet-zero
+!
+!
+ip cef
+!
+!
+!
+!
+!
+!
+interface FastEthernet0/0
+ ip address dhcp
+ no ip redirects
+ no ip unreachables
+ no ip proxy-arp
+ ip nat outside
+ duplex full
+ speed auto
+ no mop enabled
+!
+interface FastEthernet0/1
+ no ip address
+ duplex auto
+ speed auto
+!
+interface FastEthernet0/1.10
+ description "TINU - INTERNET"
+ encapsulation dot1Q 10
+ ip address 192.168.1.1 255.255.255.224
+ ip access-group 10 out
+ ip helper-address 192.168.2.10
+ ip nat inside
+ no snmp trap link-status
+!
+interface FastEthernet0/1.20
+ description "JUVA - INTRA"
+ encapsulation dot1Q 20
+ ip address 192.168.2.1 255.255.255.224
+ ip access-group 20 out
+ ip helper-address 192.168.2.10
+ ip nat inside
+ no snmp trap link-status
+!
+interface FastEthernet0/1.30
+ description "AITO - TOIMISTO"
+ encapsulation dot1Q 30
+ ip address 192.168.3.1 255.255.255.224
+ ip access-group 30 out
+ ip helper-address 192.168.2.10
+ ip nat inside
+ no snmp trap link-status
+!
+interface FastEthernet0/1.69
+ description "SIVE - HALLINTA"
+ encapsulation dot1Q 69
+ ip address 192.168.69.1 255.255.255.192
+ ip access-group 69 in
+ ip access-group 69 out
+ ip helper-address 192.168.69.20
+ no snmp trap link-status
+!
+interface GigabitEthernet0/0/0
+ no ip address
+ shutdown
+ negotiation auto
+!
+ip classless
+!
+ip http server
+ip nat inside source list 1 interface FastEthernet0/0 overload
+!
+access-list 1 permit 192.168.1.0 0.0.0.31
+access-list 1 permit 192.168.2.0 0.0.0.31
+access-list 1 permit 192.168.3.0 0.0.0.31
+access-list 10 deny   192.168.0.0 0.0.255.255
+access-list 10 permit any
+access-list 20 permit 192.168.2.0 0.0.0.31
+access-list 20 deny   192.168.0.0 0.0.255.255
+access-list 20 permit any
+access-list 30 permit 192.168.2.10
+access-list 30 permit 192.168.3.0 0.0.0.31
+access-list 30 deny   192.168.0.0 0.0.255.255
+access-list 30 permit any
+access-list 69 permit 192.168.69.0 0.0.0.63
+!
+control-plane
+!
+banner motd ^C
+
+
+
+  .-') _               ('-.      .-')
+ (  OO) )             ( OO ).-. ( OO ).
+ /     '._      ,--.  / . --. /(_)---\_)
+ |'--...__) .-')| ,|  | \-.  \ /    _ |
+ '--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+    |  |   | `-'|  | \| |_.'  | '..`''.)
+    |  |   ,--. |  |  |  .-.  |.-._)   \
+    |  |   |  '-'  /  |  | |  |\       /
+    `--'    `-----'   `--' `--' `-----'
+
+
+ PVJJK 1.VOS NIINISALO
+ r1.net.tjas
+
+^C
+!
+line con 0
+line aux 0
+line vty 0 4
+ password ********
+ login
+!
+scheduler allocate 20000 1000
+!
+end
+```
+
+s1.net.tjas
+```
+hostname "s1.net.tjas"
+ip default-gateway 192.168.1.1
+snmp-server community "public" Unrestricted
+vlan 1
+   name "DEFAULT_VLAN"
+   untagged 4-52
+   ip address dhcp-bootp
+   no untagged 1-3
+   exit
+vlan 10
+   name "TINU"
+   ip address 192.168.1.2 255.255.255.224
+   tagged 1
+   exit
+vlan 20
+   name "JUVA"
+   no ip address
+   tagged 1-2
+   exit
+vlan 30
+   name "AITO"
+   no ip address
+   tagged 1,3
+   exit
+vlan 69
+   name "SIVE"
+   ip address 192.168.69.11 255.255.255.192
+   tagged 1-3
+   exit
+ip authorized-managers 192.168.69.20 255.255.255.255
+banner motd "
+
+
+  .-') _               ('-.      .-')
+ (  OO) )             ( OO ).-. ( OO ).
+ /     '._      ,--.  / . --. /(_)---\_)
+ |'--...__) .-')| ,|  | \-.  \ /    _ |
+ '--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+    |  |   | `-'|  | \| |_.'  | '..`''.)
+    |  |   ,--. |  |  |  .-.  |.-._)   \
+    |  |   |  '-'  /  |  | |  |\       /
+    `--'    `-----'   `--' `--' `-----'
+
+
+ PVJJK 1.VOS NIINISALO
+ s1.net.tjas
+
+"
+ip ssh
+password manager
+```
+
+s2.net.tjas
+```
+hostname "s2.net.tjas"
+interface 3
+   disable
+exit
+interface 4
+   disable
+exit
+interface 5
+   disable
+exit
+interface 6
+   disable
+exit
+interface 7
+   disable
+exit
+interface 8
+   disable
+exit
+interface 9
+   disable
+exit
+interface 10
+   disable
+exit
+interface 11
+   disable
+exit
+interface 12
+   disable
+exit
+interface 13
+   disable
+exit
+interface 14
+   disable
+exit
+interface 15
+   disable
+exit
+interface 16
+   disable
+exit
+interface 17
+   disable
+exit
+interface 18
+   disable
+exit
+interface 19
+   disable
+exit
+interface 20
+   disable
+exit
+interface 21
+   disable
+exit
+interface 22
+   disable
+exit
+interface 23
+   disable
+exit
+interface 24
+   disable
+exit
+ip default-gateway 192.168.2.1
+snmp-server community "public" Unrestricted
+vlan 1
+   name "DEFAULT_VLAN"
+   untagged 3-28
+   ip address dhcp-bootp
+   no untagged 1-2
+   exit
+vlan 20
+   name "JUVA"
+   untagged 3-24
+   ip address 192.168.2.2 255.255.255.224
+   tagged 1-2
+   exit
+vlan 69
+   name "SIVE"
+   ip address 192.168.69.12 255.255.255.192
+   tagged 1-2
+   exit
+ip authorized-managers 192.168.69.20
+banner motd "
+
+
+  .-') _               ('-.      .-')
+ (  OO) )             ( OO ).-. ( OO ).
+ /     '._      ,--.  / . --. /(_)---\_)
+ |'--...__) .-')| ,|  | \-.  \ /    _ |
+ '--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+    |  |   | `-'|  | \| |_.'  | '..`''.)
+    |  |   ,--. |  |  |  .-.  |.-._)   \
+    |  |   |  '-'  /  |  | |  |\       /
+    `--'    `-----'   `--' `--' `-----'
+
+
+ PVJJK 1.VOS NIINISALO
+ s2.net.tjas
+
+"
+ip ssh
+password manager
+```
+
+s3.net.tjas
+```
+hostname "s3.net.tjas"
+interface 2
+   disable
+exit
+interface 3
+   disable
+exit
+interface 4
+   disable
+exit
+interface 5
+   disable
+exit
+interface 6
+   disable
+exit
+interface 7
+   disable
+exit
+interface 8
+   disable
+exit
+interface 9
+   disable
+exit
+interface 10
+   disable
+exit
+interface 11
+   disable
+exit
+interface 12
+   disable
+exit
+ip default-gateway 192.168.3.1
+snmp-server community "public" Unrestricted
+vlan 1
+   name "DEFAULT_VLAN"
+   untagged 25-28
+   ip address dhcp-bootp
+   no untagged 1-24
+   exit
+vlan 30
+   name "AITO"
+   untagged 13-24
+   ip address 192.168.3.2 255.255.255.224
+   tagged 1
+   exit
+vlan 69
+   name "SIVE"
+   untagged 2-24
+   ip address 192.168.69.13 255.255.255.192
+   tagged 1
+   exit
+ip authorized-managers 192.168.69.20
+banner motd "
+
+
+  .-') _               ('-.      .-')
+ (  OO) )             ( OO ).-. ( OO ).
+ /     '._      ,--.  / . --. /(_)---\_)
+ |'--...__) .-')| ,|  | \-.  \ /    _ |
+ '--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+    |  |   | `-'|  | \| |_.'  | '..`''.)
+    |  |   ,--. |  |  |  .-.  |.-._)   \
+    |  |   |  '-'  /  |  | |  |\       /
+    `--'    `-----'   `--' `--' `-----'
+
+
+ PVJJK 1.VOS NIINISALO
+ s3.net.tjas
+
+"
+ip ssh
+password manager
+```
+
+# LÄHTEET
+
+## ISSUE - ASCII ART
+ASCII Art Generator
+https://www.textmods.com/ascii-art

README.md

@@ -1,9 +1,9 @@
 # Tietojärjestelmäasentajien Infra
-## PVJJK 1.VOS TJAS - Infra
+## Tervetuloa
 
 Infran toteutus aloitettiin vuonna 2025 ja sen on suunnitellut [Jääkäri Warén](https://christerwaren.fi).
 
-Voit halutessasi pyytää oikeudet tähän Github-repoon. Oikeudet myönnetään vain, jos olet 1.VOS:issa. Voit myös halutessasi forkata projektin ja jatkokehittää sitä eteenpäin tekemällä Pull Requestin.
+Voit halutessasi pyytää oikeudet tähän Github-repoon. Oikeudet myönnetään vain, jos olet niihin oikeutettu. Voit myös halutessasi forkata projektin ja jatkokehittää sitä eteenpäin tekemällä Pull Requestin.
 
 [Lue käyttöohjeet](INSTRUCTIONS.md)
 

ansible.cfg

@@ -1,5 +1,5 @@
 [defaults]
-inventory = inventories/pvjjk-1vos-tjas
+inventory = inventories/pvjjk-1vos-niinisalo
 hash_behaviour = merge
 gathering = smart
 display_skipped_hosts = false

files/dhcp/dhcpd.conf

@@ -1,107 +0,0 @@
-# dhcpd.conf
-#
-# Sample configuration file for ISC dhcpd
-#
-
-# option definitions common to all supported networks...
-option domain-name "intra.tjas";
-option domain-name-servers s1.intra.tjas;
-
-default-lease-time 600;
-max-lease-time 7200;
-
-# The ddns-updates-style parameter controls whether or not the server will
-# attempt to do a DNS update when a lease is confirmed. We default to the
-# behavior of the version 2 packages ('none', since DHCP v2 didn't
-# have support for DDNS.)
-ddns-update-style none;
-
-# If this DHCP server is the official DHCP server for the local
-# network, the authoritative directive should be uncommented.
-authoritative;
-
-# Use this to send dhcp log messages to a different log file (you also
-# have to hack syslog.conf to complete the redirection).
-#log-facility local7;
-
-# No service will be given on this subnet, but declaring it helps the
-# DHCP server to understand the network topology.
-
-#subnet 10.152.187.0 netmask 255.255.255.0 {
-#}
-
-# This is a very basic subnet declaration.
-
-#subnet 10.254.239.0 netmask 255.255.255.224 {
-#  range 10.254.239.10 10.254.239.20;
-#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
-#}
-
-# This declaration allows BOOTP clients to get dynamic addresses,
-# which we don't really recommend.
-
-#subnet 10.254.239.32 netmask 255.255.255.224 {
-#  range dynamic-bootp 10.254.239.40 10.254.239.60;
-#  option broadcast-address 10.254.239.31;
-#  option routers rtr-239-32-1.example.org;
-#}
-
-# A slightly different configuration for an internal subnet.
-#subnet 10.5.5.0 netmask 255.255.255.224 {
-#  range 10.5.5.26 10.5.5.30;
-#  option domain-name-servers ns1.internal.example.org;
-#  option domain-name "internal.example.org";
-#  option routers 10.5.5.1;
-#  option broadcast-address 10.5.5.31;
-#  default-lease-time 600;
-#  max-lease-time 7200;
-#}
-
-# Hosts which require special configuration options can be listed in
-# host statements.   If no address is specified, the address will be
-# allocated dynamically (if possible), but the host-specific information
-# will still come from the host declaration.
-
-#host passacaglia {
-#  hardware ethernet 0:0:c0:5d:bd:95;
-#  filename "vmunix.passacaglia";
-#  server-name "toccata.example.com";
-#}
-
-# Fixed IP addresses can also be specified for hosts.   These addresses
-# should not also be listed as being available for dynamic assignment.
-# Hosts for which fixed IP addresses have been specified can boot using
-# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
-# be booted with DHCP, unless there is an address range on the subnet
-# to which a BOOTP client is connected which has the dynamic-bootp flag
-# set.
-#host fantasia {
-#  hardware ethernet 08:00:07:26:c0:a5;
-#  fixed-address fantasia.example.com;
-#}
-
-# You can declare a class of clients and then do address allocation
-# based on that.   The example below shows a case where all clients
-# in a certain class get addresses on the 10.17.224/24 subnet, and all
-# other clients get addresses on the 10.0.29/24 subnet.
-
-#class "foo" {
-#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
-#}
-
-#shared-network 224-29 {
-#  subnet 10.17.224.0 netmask 255.255.255.0 {
-#    option routers rtr-224.example.org;
-#  }
-#  subnet 10.0.29.0 netmask 255.255.255.0 {
-#    option routers rtr-29.example.org;
-#  }
-#  pool {
-#    allow members of "foo";
-#    range 10.17.224.10 10.17.224.250;
-#  }
-#  pool {
-#    deny members of "foo";
-#    range 10.0.29.10 10.0.29.230;
-#  }
-#}

files/dnsdist/config.conf

@@ -0,0 +1,12 @@
+setLocal('0.0.0.0:53')
+addLocal('[::]:53')
+setACL({'0.0.0.0/0', '::/0'})
+setECSOverride(true)
+setECSSourcePrefixV4(32)
+setECSSourcePrefixV6(128)
+newServer({address='127.0.0.1:531', useClientSubnet=true, pool='authorative'})
+newServer({ address='127.0.0.1:532', useClientSubnet=true, pool='recursor' })
+addAction('tjas', PoolAction('authorative'))
+addAction(AllRule(), PoolAction('recursor'))
+setSecurityPollSuffix("")
+setServFailWhenNoServer(true)

files/issue

@@ -0,0 +1,25 @@
+
+
+
+ .-') _               ('-.      .-')
+(  OO) )             ( OO ).-. ( OO ).
+/     '._      ,--.  / . --. /(_)---\_)
+|'--...__) .-')| ,|  | \-.  \ /    _ |
+'--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+   |  |   | `-'|  | \| |_.'  | '..`''.)
+   |  |   ,--. |  |  |  .-.  |.-._)   \
+   |  |   |  '-'  /  |  | |  |\       /
+   `--'    `-----'   `--' `--' `-----'
+
+
+{{ location | upper }}
+TIETOJÄRJESTELMÄASENTAJIEN INTRA
+{{ hostname | upper }}
+
+Made by
+Jääkäri Warén
+https://christerwaren.fi
+
+
+
+

files/kea/kea-dhcp4.conf

@@ -0,0 +1,232 @@
+{
+    "Dhcp4": {
+        "interfaces-config": {
+            "interfaces": [ "enp0s25.20" ]
+        },
+        "control-socket": {
+            "socket-type": "unix",
+            "socket-name": "/run/kea/kea4-ctrl-socket"
+        },
+        "lease-database": {
+            "type": "mysql",
+            "name": "{{ config.mariadb.users['kea'].database }}",
+            "user": "{{ config.mariadb.users['kea'].username }}",
+            "password": "{{ config.mariadb.users['kea'].password }}",
+            "host": "127.0.0.1",
+            "port": 3306
+        },
+        "expired-leases-processing": {
+            "reclaim-timer-wait-time": 10,
+            "flush-reclaimed-timer-wait-time": 25,
+            "hold-reclaimed-time": 3600,
+            "max-reclaim-leases": 100,
+            "max-reclaim-time": 250,
+            "unwarned-reclaim-cycles": 5
+        },
+        "renew-timer": 900,
+        "rebind-timer": 1800,
+        "valid-lifetime": 3600,
+        "subnet4": [
+            {
+                "id": 1,
+                "subnet": "192.168.1.0/27",
+                "pools": [
+                    {
+                        "pool": "192.168.1.1 - 192.168.1.30"
+                    }
+                ],
+                "option-data": [
+                    {
+                        "name": "routers",
+                        "data": "192.168.1.1"
+                    },
+                    {
+                        "name": "domain-name-servers",
+                        "data": "1.1.1.1"
+                    },
+                    {
+                        "name": "domain-search",
+                        "data": "puolustusvoimat.fi"
+                    }
+                ],
+                "user-context": {
+                    "name": "Tinu",
+                    "purpose": "Internet"
+                },
+                "reservations": [
+                    {
+                        "hw-address": "00:1d:46:dc:80:09",
+                        "ip-address": "192.168.1.1",
+                        "hostname": "r1.net.tjas"
+                    },
+                    {
+                        "hw-address": "9c:8e:99:9b:c3:80",
+                        "ip-address": "192.168.1.2",
+                        "hostname": "s1.net.tjas"
+                    }
+                ]
+            },
+            {
+                "id": 2,
+                "subnet": "192.168.2.0/27",
+                "interface": "enp0s25.20",
+                "pools": [
+                    {
+                        "pool": "192.168.2.1 - 192.168.2.30"
+                    }
+                ],
+                "option-data": [
+                    {
+                        "name": "routers",
+                        "data": "192.168.2.1"
+                    },
+                    {
+                        "name": "domain-name-servers",
+                        "data": "192.168.2.10, 1.1.1.1"
+                    },
+                    {
+                        "name": "domain-name",
+                        "data": "juva.tjas"
+                    },
+                    {
+                        "name": "domain-search",
+                        "data": "juva.tjas, tjas"
+                    }
+                ],
+                "user-context": {
+                    "name": "Juva",
+                    "purpose": "Intra"
+                },
+                "reservations": [
+                    {
+                        "hw-address": "00:1d:46:dc:80:09",
+                        "ip-address": "192.168.2.1",
+                        "hostname": "r1.net.tjas"
+                    },
+                    {
+                        "hw-address": "00:24:a8:f1:c7:40",
+                        "ip-address": "192.168.2.2",
+                        "hostname": "s2.net.tjas"
+                    },
+                    {
+                        "hw-address": "90:1b:0e:5b:18:fb",
+                        "ip-address": "192.168.2.10",
+                        "hostname": "olympus.juva.tjas"
+                    }
+                ]
+            },
+            {
+                "id": 3,
+                "subnet": "192.168.3.0/27",
+                "pools": [
+                    {
+                        "pool": "192.168.3.1 - 192.168.3.30"
+                    }
+                ],
+                "option-data": [
+                    {
+                        "name": "routers",
+                        "data": "192.168.3.1"
+                    },
+                    {
+                        "name": "domain-name-servers",
+                        "data": "192.168.2.10"
+                    },
+                    {
+                        "name": "domain-name",
+                        "data": "aito.tjas"
+                    },
+                    {
+                        "name": "domain-search",
+                        "data": "aito.tjas, tjas"
+                    }
+                ],
+                "user-context": {
+                    "name": "Aito",
+                    "purpose": "Toimisto"
+                },
+                "reservations": [
+                    {
+                        "hw-address": "00:1d:46:dc:80:09",
+                        "ip-address": "192.168.3.1",
+                        "hostname": "r1.net.tjas"
+                    },
+                    {
+                        "hw-address": "00:1f:fe:ab:9e:c0",
+                        "ip-address": "192.168.3.2",
+                        "hostname": "s3.net.tjas"
+                    }
+                ]
+            },
+            {
+                "id": 69,
+                "subnet": "192.168.69.0/26",
+                "interface": "enp0s25.69",
+                "pools": [
+                    {
+                        "pool": "192.168.69.1 - 192.168.69.62"
+                    }
+                ],
+                "option-data": [
+                    {
+                        "name": "domain-name-servers",
+                        "data": "192.168.69.20"
+                    },
+                    {
+                        "name": "domain-name",
+                        "data": "sive.tjas"
+                    },
+                    {
+                        "name": "domain-search",
+                        "data": "sive.tjas"
+                    }
+                ],
+                "user-context": {
+                    "name": "Sive",
+                    "purpose": "Hallinta"
+                },
+                "reservations": [
+                    {
+                        "hw-address": "00:1d:46:dc:80:09",
+                        "ip-address": "192.168.69.1",
+                        "hostname": "r1.net.tjas"
+                    },
+                    {
+                        "hw-address": "9c:8e:99:9b:c3:80",
+                        "ip-address": "192.168.69.11",
+                        "hostname": "s1.net.tjas"
+                    },
+                    {
+                        "hw-address": "00:24:a8:f1:c7:40",
+                        "ip-address": "192.168.69.12",
+                        "hostname": "s2.net.tjas"
+                    },
+                    {
+                        "hw-address": "00:1f:fe:ab:9e:c0",
+                        "ip-address": "192.168.69.13",
+                        "hostname": "s3.net.tjas"
+                    },
+                    {
+                        "hw-address": "90:1b:0e:5b:18:fc",
+                        "ip-address": "192.168.69.20",
+                        "hostname": "olympus.juva.tjas"
+                    }
+                ]
+            }
+        ],
+
+        "loggers": [
+            {
+                "name": "kea-dhcp4",
+                "output_options": [
+                    {
+                        "output": "stdout",
+                        "pattern": "%-5p %m\n"
+                    }
+                ],
+                "severity": "ERROR",
+                "debuglevel": 0
+            }
+        ]
+    }
+}

files/motd

@@ -0,0 +1,29 @@
+
+
+
+
+  _____                             _       _ _      _
+ |_   _|_ _ _ __   __ _  ___       | |_   _| (_) ___| |_
+   | |/ _` | '_ \ / _` |/ _ \   _  | | | | | | |/ _ \ __|
+   | | (_| | | | | (_| | (_) | | |_| | |_| | | |  __/ |_
+   |_|\__,_|_| |_|\__, |\___/   \___/ \__,_|_|_|\___|\__|
+     _    _       |___/         ____  _
+    / \  | |_ __ | |__   __ _  / ___|(_) ___ _ __ _ __ __ _
+   / _ \ | | '_ \| '_ \ / _` | \___ \| |/ _ \ '__| '__/ _` |
+  / ___ \| | |_) | | | | (_| |  ___) | |  __/ |  | | | (_| |
+ /_/   \_\_| .__/|_| |_|\__,_| |____/|_|\___|_|  |_|  \__,_|
+           |_|
+
+
+{{ location | upper }}
+TIETOJÄRJESTELMÄASENTAJIEN INTRA
+{{ hostname | upper }}
+
+Palvelimen hallinta on automatisoitu. Manuaaliset muutokset saatetaan
+ylikirjoittaa automatisoidusti.
+
+https://github.com/cwchristerw/tjas-intra
+
+
+
+

files/networking/interfaces

@@ -0,0 +1,23 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+allow-hotplug enp0s25
+iface enp0s25 inet dhcp
+
+auto enp0s25.20
+iface enp0s25.20 inet static
+  address 192.168.2.10/27
+  gateway 192.168.2.1
+  hwaddress 90:1b:0e:5b:18:fb
+
+auto enp0s25.69
+iface enp0s25.69 inet static
+  address 192.168.69.20/26
+  hwaddress 90:1b:0e:5b:18:fc

files/nginx/conf/000-default.conf

@@ -37,8 +37,8 @@ server {
 
 #     http2 on;
 
-#     ssl_certificate /etc/nginx/certs/pvjjk-1vos-tjas/fullchain.pem;
+#     ssl_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/fullchain.pem;
-#     ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-tjas/privkey.pem;
+#     ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-niinisalo/privkey.pem;
 #     ssl_protocols TLSv1.2 TLSv1.3;
 #     ssl_ecdh_curve X25519:prime256v1:secp384r1;
 #     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
@@ -46,7 +46,7 @@ server {
 #     ssl_session_cache shared:SSL:20m;
 #     ssl_session_timeout 180m;
 
-#     ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-tjas/chain.pem;
+#     ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/chain.pem;
 
 #     expires off;
 #     etag off;

files/nginx/index.html

@@ -47,7 +47,7 @@
     </head>
     <body>
         <div>
-            <p class="org">PVJJK 1.VOS TJAS</p>
+            <p class="org">{{ location | upper }}</p>
             <p class="link"><a href="https://intra.tjas">Visit website</a></p>
 
             <div class="server">

files/powerdns-authorative/config.conf

@@ -1,6 +1,6 @@
 local-address=0.0.0.0,::
-local-port=53
+local-port=531
-default-soa-content=s1.intra.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
+default-soa-content=olympus.juva.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
 launch=gmysql
 gmysql-host=127.0.0.1
 gmysql-port=3306

files/powerdns-authorative/schema.mysql.sql

@@ -0,0 +1,92 @@
+CREATE TABLE domains (
+  id                    INT AUTO_INCREMENT,
+  name                  VARCHAR(255) NOT NULL,
+  master                VARCHAR(128) DEFAULT NULL,
+  last_check            INT DEFAULT NULL,
+  type                  VARCHAR(8) NOT NULL,
+  notified_serial       INT UNSIGNED DEFAULT NULL,
+  account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
+  options               VARCHAR(64000) DEFAULT NULL,
+  catalog               VARCHAR(255) DEFAULT NULL,
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE UNIQUE INDEX name_index ON domains(name);
+CREATE INDEX catalog_idx ON domains(catalog);
+
+
+CREATE TABLE records (
+  id                    BIGINT AUTO_INCREMENT,
+  domain_id             INT DEFAULT NULL,
+  name                  VARCHAR(255) DEFAULT NULL,
+  type                  VARCHAR(10) DEFAULT NULL,
+  content               VARCHAR(64000) DEFAULT NULL,
+  ttl                   INT DEFAULT NULL,
+  prio                  INT DEFAULT NULL,
+  disabled              TINYINT(1) DEFAULT 0,
+  ordername             VARCHAR(255) BINARY DEFAULT NULL,
+  auth                  TINYINT(1) DEFAULT 1,
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE INDEX nametype_index ON records(name,type);
+CREATE INDEX domain_id ON records(domain_id);
+CREATE INDEX ordername ON records (ordername);
+
+
+CREATE TABLE supermasters (
+  ip                    VARCHAR(64) NOT NULL,
+  nameserver            VARCHAR(255) NOT NULL,
+  account               VARCHAR(40) CHARACTER SET 'utf8' NOT NULL,
+  PRIMARY KEY (ip, nameserver)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+
+CREATE TABLE comments (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT NOT NULL,
+  name                  VARCHAR(255) NOT NULL,
+  type                  VARCHAR(10) NOT NULL,
+  modified_at           INT NOT NULL,
+  account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
+  comment               TEXT CHARACTER SET 'utf8' NOT NULL,
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE INDEX comments_name_type_idx ON comments (name, type);
+CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
+
+
+CREATE TABLE domainmetadata (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT NOT NULL,
+  kind                  VARCHAR(32),
+  content               TEXT,
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
+
+
+CREATE TABLE cryptokeys (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT NOT NULL,
+  flags                 INT NOT NULL,
+  active                BOOL,
+  published             BOOL DEFAULT 1,
+  content               TEXT,
+  PRIMARY KEY(id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE INDEX domainidindex ON cryptokeys(domain_id);
+
+
+CREATE TABLE tsigkeys (
+  id                    INT AUTO_INCREMENT,
+  name                  VARCHAR(255),
+  algorithm             VARCHAR(50),
+  secret                VARCHAR(255),
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

files/powerdns-recursor/config.conf

@@ -0,0 +1,9 @@
+incoming:
+  listen:
+    - 127.0.0.1:532
+recursor:
+  forward_zones:
+    - zone: tjas
+      recurse: false
+      forwarders:
+        - 127.0.0.1:531

files/ssh/authorized_keys

@@ -1,2 +1,2 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 l1.office.tjas
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 argo.aito.tjas
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW5phGhwAG8dmT+sR0uF1gRc0X9xXZiiFxvKUEsPk1N cwchristerw

files/yggdrasil/config.conf

@@ -6,11 +6,17 @@
     # use this section when you may connect via different interfaces.
 
     Peers: [
-        #TRUSTED PEERS - Waren Group
+{% if config.yggdrasil.peers is defined %}
-        #aurora.devices.waren.io
+        #TRUSTED PEERS
-        #201:361f:bbfb:7210:c5b8:3f74:a285:adb9
+{% for peer in config.yggdrasil.peers %}
-        "tls://[2a01:4f9:2a:60c::2]:18836",
+{% if peer.name is defined and peer.address is defined and peer.address is defined %}
-        "tls://95.216.5.243:18836",
+
+        #{{ peer.name }}
+        "{{ peer.address }}"{% if not loop.last %},{% endif %}
+{% endif %}
+{% endfor %}
+{% endif %}
+
     ]
 
     # List of connection strings for static peers in URI format, arranged

init.sh

@@ -4,66 +4,83 @@ if [ ! "$BASH_VERSION" ] ; then
     exit 1
 fi
 
+underline=`tput smul`
+nounderline=`tput rmul`
+bold=$(tput bold)
+normal=$(tput sgr0)
+
 ti-header(){
-    echo $(tput bold)$1$(tput sgr0)
+    echo ${bold}$1${normal}
 }
 
+echo "${bold}"
 echo "
-==============================
+ .-') _               ('-.      .-')
-
+(  OO) )             ( OO ).-. ( OO ).
-PVJJK 1.VOS TJAS - Infra
+/     '._      ,--.  / . --. /(_)---\_)
-Init Script
+|'--...__) .-')| ,|  | \-.  \ /    _ |
-
+'--.  .--'( OO |(_|.-'-'  |  |\  :\` \`.
-------------------------------
+   |  |   | \`-'|  | \| |_.'  | '..\`''.)
+   |  |   ,--. |  |  |  .-.  |.-._)   \\
+   |  |   |  '-'  /  |  | |  |\       /
+   \`--'    \`-----'   \`--' \`--' \`-----'
 "
+echo "
+TIETOJÄRJESTELMÄASENTAJIEN INTRA
+INIT SCRIPT
+"
+echo -n "${normal}"
 
 stop () {
 
-echo "
-==============================
-"
-
 exit 1
 
 }
 
 ti-header "Haetaan pakettien tiedot..."
-apt update
+sudo apt update
 echo -e "\n\n"
 
-ti-header "Asennetaan PVJJK 1.VOS TJAS Infran riippuvuudet APT-paketinhallinnalla..."
+ti-header "Asennetaan Ansiblen järjestelmäpaketti riippuvuudet..."
-apt-get install -y python3-pip python3-venv jq git curl lsb-release
+sudo apt-get install -y python3-pip python3-venv jq git curl lsb-release
 echo -e "\n\n"
 
-mkdir -p ~/.ssh/keys/pvjjk-1vos-tjas &> /dev/null
-if [[ ! -f ~/.ssh/keys/pvjjk-1vos-tjas/infra ]]
-then
-    ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
-    ssh-keygen -f ~/.ssh/keys/pvjjk-1vos-tjas/infra -t ed25519 -N '' -C $(hostname --fqdn)
-    echo -e "\n\n"
-fi
-
 ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
-python3 -m venv ~/.venv/ansible
+python3 -m venv $HOME/.venv/ansible
 echo -e "\n\n"
 
-ti-header "Asennetaan Ansiblen riippuvuudet..."
+ti-header "Asennetaan Ansiblen Python-kirjasto riippuvuudet..."
-~/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
+$HOME/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
 echo -e "\n\n"
 
 ti-header "Asennetaan Ansible..."
-~/.venv/ansible/bin/pip3 install ansible
+$HOME/.venv/ansible/bin/pip3 install ansible
 echo -e "\n\n"
 
 ti-header "Asennetaan Ansible kokoelmat..."
-~/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
+$HOME/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
 echo -e "\n\n"
 
-ti-header "Näytetään SSH-avain Infra-repon käyttöön..."
+mkdir -p $HOME/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null
-cat ~/.ssh/keys/pvjjk-1vos-tjas/infra.pub
+if [[ ! -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra ]]
+then
+    ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
+    ssh-keygen -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn)
+    echo -e "\n\n"
+fi
+
+ti-header "Lisää SSH-avain Infra-repon käyttöön..."
+cat $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub
+
+echo -n "Onko avain lisätty Github-repoon? [K/E]"
+while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
+do
+    read SSHKEY_QUESTION
+done
 echo -e "\n\n"
 
-if [[ ! -f ~/.ansible/vault/pvjjk-1vos-tjas ]]
+mkdir -p $HOME/.ansible/vault &> /dev/null
+if [[ ! -f $HOME/.ansible/vault/pvjjk-1vos-niinisalo ]]
 then
     ti-header "Syötä Ansible Vaultin salasana..."
     echo -n "Salasana: "
@@ -73,14 +90,14 @@ then
 
         if [[ ! -z $VAULT_PASSWORD ]]
         then
-            echo "$VAULT_PASSWORD" > ~/.ansible/vault/pvjjk-1vos-tjas
+            echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/pvjjk-1vos-niinisalo
         fi
     done
     echo -e "\n\n"
 fi
 
 ti-header "Suoritetaan Infran asennus..."
-~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t installer
+$HOME/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file $HOME/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer
 echo -e "\n\n"
 
 echo "

inventories/pvjjk-1vos-niinisalo/group_vars/pvjjk_1vos_niinisalo

@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
+33626530633633343930643365353865363637353932383533653137336461386136303433666130
+6132376364633136366538353466313464366164633339380a646139353563323966613935666664
+31643638666439333563386231333037373033653734613563626137333631666361623034613436
+3966393739636534650a633638383961333937383130303038626465326465616333626465303335
+37323531653335613535366534323761333938623933383236356466366230353965346366303164
+3862333635643161353463306431303936393062616339323834

inventories/pvjjk-1vos-niinisalo/host_vars/argo.aito.tjas

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
+38303231643539646631303933373431326331623033326661653533613739363963613138366136
+3030303335346635643133636565386433623866323333320a346638346235653434623930653437
+33303231643536663532353235363961313637353830376138626630306133653334303264356335
+3361373161666534350a363233346665616437646562636135373531646663333161333064316333
+3134

inventories/pvjjk-1vos-niinisalo/host_vars/olympus.juva.tjas

@@ -0,0 +1,51 @@
+$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
+32653637663866356332306361353964303131616465363963343664313536353434316366613262
+3730653431636437353433626431363764373239306637320a366230306565343464636533653931
+31303734336166346530613662306237656662623366636532656535633539383835373337383233
+3465323337633235360a373338633562623636663366306635633235313334306338633234623663
+34643733376431626438643531396332346631656337633835613332663435306438313338323031
+63616264386438393133616238383665376338613334396561616435666365643037323336643931
+30333962326132666133306263636662663564643430653165393238343938333264636438323362
+32303162396435303262663938663033623232346663373061313061386163643136656661636230
+37343330656535396135646364316365346133663663626237393336323331376465323734643931
+37336130663563353665643938376264313033396136626135383332653866633832396566616530
+36666563396232356339363630643162653436663063306162646661633864653663343230646663
+66366632653638386361633562363534316666356261623038636236613763383038383061313365
+66363862306335393934336461613637393466363162323735363763343131613065623433626134
+39356136653462613461653733663662373965326464363132393465633033613564303264653533
+35316562356639646365613237343061303132626436343535326462613065616432323366393039
+62643365353837666635363663613862323637366363396262366135666266303661393539643561
+34383132356437376330396637303332306566306162326164323931666238393865663030336665
+63616265393335353535323463666639393630386535323830616661393430373136373938653532
+34393166383933313830646361303836323065616133666262383139363165336631396230396566
+35386238656162353530373130336631323237616539376461326132366165333662346134346461
+61613066376463383734343232313133373030626337346361363730663861316465363635376536
+31333132316462336262613832373532323233326335333934626330393339383330613933316561
+64663539366639336635363736353962653637656466313033616266316630623734613939663736
+32363932323733633165326236643536633864353864613565396238333261333337623831633233
+32323163353264663837313836633864616336643538326563646235383633356365346434643930
+62323765396365326438636566636134663065386565653438363466316465323265646435636561
+39613235636133626534323834656363326231393364356438356238346339633064356230366136
+30393838346130613230613562383963393661343766333039616333316333373139383236313730
+38363239653962333732383436373935303163636531316439383339396531366230613635383630
+38643331363136636364303831613231383063663662393162353463386136376662383534633936
+38356565636539663135306535666564313332373336393139383831383937626563306264633865
+39643466363362333561643863653465366265633363373361303863393665666663633430646138
+36663830623939366163653138343230343731613038333237323734656238353830323766323131
+30366632626361343633303061323335633965643564313363623364643231396534663865353735
+37383539383965356539383163373966643263643634613762666632363561363666346339623233
+66313639346631313538643130343361346336363839343061336165333931343931323935623734
+38623835653934323662306431336531313331616461393338336366616239356232653232393633
+66366434306333623638343464316137303764366335663462613736656535663362386634323237
+31643962333832373164383731613262663933336565653362663230366432653637663739363734
+30666538343162383338343965636339326634643339306333353239663630363662373332316562
+39383262653730616336363831323437666565306364366232316433333139373231666431636334
+35336163613832633233343633393535313663656331376139313266623132643063366665623765
+35323861626239393064306462383765663433366535613433383037663762633161306461623862
+39386336363838616465663361623861353165346564636262373935393165363233626539646163
+30626532613833663238343536333865343765653461666437663831613139633030613831343966
+32396134333235616562333362306236646531646232633565396531333664303232396132333537
+31353461393832376362353136333863396335626535663836323138336161343139393034323261
+33336335363834653939363438373435643561613032306435316262333435333432316663363465
+65616363313630616365623332613034353961363665626164306361333266303339666462663264
+3031623763396234336539306332643035326162363036636262

inventories/pvjjk-1vos-niinisalo/hosts.yml

@@ -1,6 +1,7 @@
 ---
-pvjjk_1vos_tjas:
+pvjjk_1vos_niinisalo:
   hosts:
-    olympus.intra.tjas:
+    argo.aito.tjas:
+    olympus.juva.tjas:
   vars:
     ansible_python_interpreter: /usr/bin/python3

inventories/pvjjk-1vos-tjas/host_vars/olympus.intra.tjas

@@ -1,34 +0,0 @@
-$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-tjas
-31643232626264313563383833393334366265313436323430656162336630643339346535636331
-3431666132306362373135643535633962393632306264640a646430366531623033343730653232
-64363331623636633030373433336637366161333538353537386266653036383963323631393463
-3235363936353665380a633861336461313230323630336666633936353064616237366234393938
-30623365613830623238363061356138346434323830303564626130626436646362656430383035
-33343232303661393833393862626466363034653537643331393261363461363366323330303761
-66343464363732616431363166353263376537633962636637653162366166633635316538643664
-33363937303438393032326131656262636234656266666265633630383766346531663562336561
-33316438663937343030623935346663623365333636643763666133313863636632346235643731
-38343863313066663565626165613165663633323435303562663238323662353665353732393139
-35616665366633653662646530643663376235313234373462333738623662363865376332313739
-36373733656264333664626261636635336330653965366435306665613663313531636563373666
-33653230396430336537633865373530316530646264646562643936633861653963373133616136
-39353836663438313733333638366331353365616237303264656231363538333332343032386632
-65623334623532656335356636393263313863386565383437663131616536623633363036343335
-30313834373936366631383031666432643765336534633339396365343932353338646661393530
-64363264653963643231336263396265633334366636333939393836383832306239643137633539
-34616533666165353338383038383331646431333039646635393063326532646462373365306163
-64363364396632393662623133326261643963343539353431623932633965306539393563303035
-62363835356365623265666538646334313338623632336234616566326161396638326238383462
-38356231356638656639326132653539663761646265336236663535333364343635313633353538
-33396532343661666564636365323263643562633031353438323263663738643035666230346238
-32303864353537656534336266346231383031656633323035656538376665626566316136353234
-65313166316466646666663430343134623137336139353561613336383766623834393665393832
-66313463626437613437366137313331656135636335383661616363633664323438643761653666
-30346561633162386238666264633265333539383066646532393563373137663566663939343637
-61323437313331663663316261623866326434656532363133333239353135363865643337306339
-34356564623163356534393034653330343036333461613639353632313633343536336533643265
-66666237646161363965383539303838646132663234313736663036303435636436353336336535
-32616531353535323037613337363365336563353536373437393063616339393437393232376537
-39303633333032393861623930653535636564383539643138353036316564366235343064323764
-65353330616662346263393632303637336534333334373335633064623130346261643037303864
-61633361306566633761326237363038323433653632653132303263623835613936

maintainer.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+underline=`tput smul`
+nounderline=`tput rmul`
+bold=$(tput bold)
+normal=$(tput sgr0)
+
+echo "${bold}"
+echo "
+ .-') _               ('-.      .-')
+(  OO) )             ( OO ).-. ( OO ).
+/     '._      ,--.  / . --. /(_)---\_)
+|'--...__) .-')| ,|  | \-.  \ /    _ |
+'--.  .--'( OO |(_|.-'-'  |  |\  :\` \`.
+   |  |   | \`-'|  | \| |_.'  | '..\`''.)
+   |  |   ,--. |  |  |  .-.  |.-._)   \\
+   |  |   |  '-'  /  |  | |  |\       /
+   \`--'    \`-----'   \`--' \`--' \`-----'
+"
+echo "
+TIETOJÄRJESTELMÄASENTAJIEN INTRA
+MAINTAINER SCRIPT
+"
+echo -n "${normal}"
+
+echo "${bold}PowerDNS Authorative - MySQL Schema${normal}"
+echo "Downloading..."
+curl https://raw.githubusercontent.com/PowerDNS/pdns/refs/heads/master/modules/gmysqlbackend/schema.mysql.sql -o "$PWD/files/powerdns-authorative/schema.mysql.sql" -s
+
+echo -e "\n\n\n"

protect.sh

@@ -5,23 +5,36 @@ nounderline=`tput rmul`
 bold=$(tput bold)
 normal=$(tput sgr0)
 
-echo "${bold}PVJJK 1.VOS TJAS / Infra / Protect${normal}"
+echo "${bold}"
+echo "
+ .-') _               ('-.      .-')
+(  OO) )             ( OO ).-. ( OO ).
+/     '._      ,--.  / . --. /(_)---\_)
+|'--...__) .-')| ,|  | \-.  \ /    _ |
+'--.  .--'( OO |(_|.-'-'  |  |\  :\` \`.
+   |  |   | \`-'|  | \| |_.'  | '..\`''.)
+   |  |   ,--. |  |  |  .-.  |.-._)   \\
+   |  |   |  '-'  /  |  | |  |\       /
+   \`--'    \`-----'   \`--' \`--' \`-----'
+"
+echo "
+TIETOJÄRJESTELMÄASENTAJIEN INTRA
+PROTECT SCRIPT
+"
+echo -n "${normal}"
 action=$1
 
 encrypt() {
-    echo "${underline}Encrypting...${nounderline}"
+    execute "ansible-vault encrypt --vault-id $1@vault/$1" $1
-    execute "ansible-vault encrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas"
 }
 
 decrypt() {
-    echo "${underline}Decrypting...${nounderline}"
+    execute "ansible-vault decrypt --vault-id $1@vault/$1" $1
-    execute "ansible-vault decrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas"
 }
 
 list() {
-    echo "${underline}Listing...${nounderline}"
     i=0
-    for file in inventories/*/group_vars/* inventories/*/host_vars/*;
+    for file in inventories/$1/group_vars/* inventories/$1/host_vars/*;
     do
         i=$((i + 1))
         echo $i")"$file
@@ -29,7 +42,8 @@ list() {
 }
 
 execute() {
-for file in inventories/*/group_vars/* inventories/*/host_vars/*;
+i=0
+for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
     do
         i=$((i + 1))
         echo $i")"$file
@@ -40,18 +54,23 @@ for file in inventories/*/group_vars/* inventories/*/host_vars/*;
 
 case $action in
     encrypt)
-        encrypt
+        echo "${underline}Encrypting...${nounderline}"
+        encrypt pvjjk-1vos-niinisalo
         ;;
     decrypt)
-        decrypt
+        echo "${underline}Decrypting...${nounderline}"
+        decrypt pvjjk-1vos-niinisalo
         ;;
     list)
-        list
+        echo "${underline}Listing...${nounderline}"
-        ;;
+        list pvjjk-1vos-niinisalo
-    help)
-        echo "encrypt, decrypt, list"
         ;;
     *)
-        echo "..."
+        echo "${underline}HELP${nounderline}"
+        echo "encrypt - Encrypt Files"
+        echo "decrypt - Decrypt Files"
+        echo "list - List Files"
         ;;
 esac
+
+echo -e "\n\n\n"

tasks.yml

@@ -10,6 +10,8 @@
       import_tasks: tasks/installer.yml
       vars:
         ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
+      when:
+        - inventory_hostname == "olympus.juva.tjas"
       tags:
         - installer
         - never
@@ -18,6 +20,8 @@
       import_tasks: tasks/maintenance.yml
       vars:
         ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
+      when:
+        - inventory_hostname == "olympus.juva.tjas"
       tags:
         - maintenance
         - never
@@ -26,6 +30,8 @@
       import_tasks: tasks/deployer.yml
       vars:
         ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
+      when:
+        - inventory_hostname == "olympus.juva.tjas"
       tags:
         - deployer
         - never

tasks/deployer.yml

@@ -2,7 +2,7 @@
 - name: "Deployer - SSH - Add Authorized Keys"
   ansible.builtin.template:
     src: './files/ssh/authorized_keys'
-    dest: '~/.ssh/authorized_keys'
+    dest: '/root/.ssh/authorized_keys'
   tags:
     - ssh
 
@@ -24,14 +24,14 @@
 
 - name: "Deployer - Yggdrasil - Configure - Create Folder"
   ansible.builtin.file:
-    path: "~/data/yggdrasil/"
+    path: "/root/data/yggdrasil/"
     state: directory
   tags:
     - yggdrasil
 
 - name: "Deployer - Yggdrasil - Configure - Create Subfolders"
   ansible.builtin.file:
-    dest: '~/data/yggdrasil/{{ item.path }}'
+    dest: '/root/data/yggdrasil/{{ item.path }}'
     state: directory
   with_filetree: './files/yggdrasil/'
   loop_control:
@@ -44,7 +44,7 @@
 - name: "Deployer - Yggdrasil - Configure - Generating & Transferring Files"
   ansible.builtin.template:
     src: '{{ item.src }}'
-    dest: '~/data/yggdrasil/{{ item.path }}'
+    dest: '/root/data/yggdrasil/{{ item.path }}'
   register: deployerTaskY1
   with_filetree: './files/yggdrasil/'
   loop_control:
@@ -58,7 +58,6 @@
   containers.podman.podman_image:
     name: docker.io/library/golang
     tag: alpine
-    force: true
   register: deployerTaskY2
 
 - name: "Deployer - Yggdrasil - Clone Repository"
@@ -67,11 +66,11 @@
     dest: ".cache/git/yggdrasil"
   register: deployerTaskY3
 
-- name: "Deployer - Yggdrasil - Pull Image"
+- name: "Deployer - Yggdrasil - Build Image"
   containers.podman.podman_image:
-    name: pvjjk-1vos-tjas/nginx
+    name: pvjjk-1vos-niinisalo/yggdrasil
     tag: latest
-    path: "~/data/yggdrasil"
+    path: "/root/data/yggdrasil"
     build:
       format: docker
     force: true
@@ -80,7 +79,7 @@
 - name: "Deployer - Yggdrasil - Run Container"
   containers.podman.podman_container:
     name: yggdrasil
-    image: pvjjk-1vos-tjas/nginx:latest
+    image: pvjjk-1vos-niinisalo/yggdrasil:latest
     state: started
     recreate: on
     network: host
@@ -96,40 +95,18 @@
   tags:
     - yggdrasil
 
-# - name: "Deployer - DHCP - Install"
-#   ansible.builtin.apt:
-#     name:
-#       - isc-dhcp-server
-#     state: latest
-
-# - name: "Deployer - DHCP - Config"
-#   ansible.builtin.template:
-#     src: './files/dhcp/dhcpd.conf'
-#     dest: '/etc/dhcp/dhcpd.conf'
-#   register: deployerTaskD1
-#   tags:
-#     - dhcp
-
-# - name: "Deployer : DHCP : Restart"
-#   ansible.builtin.systemd_service:
-#     name: isc-dhcp-server
-#     state: restarted
-#     enabled: true
-#   when:
-#     - (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined
-
 - name: "Deployer - MariaDB - Create Folder"
   ansible.builtin.file:
-    path: ~/data/mariadb
+    path: /root/data/mariadb
     state: directory
   tags:
     - mariadb
+    - database
 
 - name: "Deployer - MariaDB - Pull Image"
   containers.podman.podman_image:
     name: docker.io/library/mariadb
     tag: latest
-    force: true
   register: deployerTaskM1
 
 - name: "Deployer - MariaDB - Run Container"
@@ -140,15 +117,16 @@
     restart: on
     network: host
     volumes:
-      - "~/data/mariadb:/var/lib/mysql"
+      - "/root/data/mariadb:/var/lib/mysql"
     restart_policy: always
     env:
-      MYSQL_ROOT_PASSWORD: "{{ config.databases.mariadb.users.root.password }}"
+      MYSQL_ROOT_PASSWORD: "{{ config.mariadb.users.root.password }}"
   register: deployerTaskM2
   when:
     - (deployerTaskM1 is defined and deployerTaskM1.changed) or deployerTaskM1 is undefined
   tags:
     - mariadb
+    - database
 
 - name: "Deployer - MariaDB - Wait"
   ansible.builtin.wait_for:
@@ -159,6 +137,7 @@
     - (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
   tags:
     - mariadb
+    - database
 
 - name: "Deployer - MariaDB - Upgrade"
   containers.podman.podman_container_exec:
@@ -171,6 +150,7 @@
     - (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
   tags:
     - mariadb
+    - database
 
 - name: "Deployer - MariaDB - Create Users"
   community.mysql.mysql_user:
@@ -187,8 +167,14 @@
     loop_var: "user"
   when:
     - (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
+    - config.mariadb.users is defined
+    - config.mariadb.users[user] is defined
+    - config.mariadb.users[user].username is defined
+    - config.mariadb.users[user].password is defined
+    - config.mariadb.users[user].database is defined
   tags:
     - mariadb
+    - database
 
 - name: "Deployer - MariaDB - Create Database"
   community.mysql.mysql_db:
@@ -202,73 +188,282 @@
     loop_var: "user"
   when:
     - (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
+    - config.mariadb.users is defined
+    - config.mariadb.users[user] is defined
+    - config.mariadb.users[user].username is defined
+    - config.mariadb.users[user].password is defined
+    - config.mariadb.users[user].database is defined
   tags:
     - mariadb
+    - database
 
-- name: "Deployer - PowerDNS - Configure - Create Folder"
+- name: "Deployer - Kea - Install"
+  ansible.builtin.apt:
+    name:
+      - kea
+    state: latest
+
+- name: "Deployer - Kea - Configure - DHCP4"
+  ansible.builtin.template:
+    src: './files/kea/kea-dhcp4.conf'
+    dest: '/etc/kea/kea-dhcp4.conf'
+  register: deployerTaskK1
+  tags:
+    - kea
+    - dhcp
+
+- name: "Deployer - Kea - Configure - Database : Init"
+  ansible.builtin.command:
+    cmd: "/usr/sbin/kea-admin db-init mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
+  register: deployerTaskK2
+  changed_when:
+    - deployerTaskK2.stdout.find('Initializing database') != -1
+  failed_when:
+    - deployerTaskK2.stdout.find('ERROR') != -1
+    - deployerTaskK2.stdout.find('Expected empty database kea.') == -1
+  tags:
+    - kea
+    - dhcp
+
+- name: "Deployer - Kea - Configure - Database : Upgrade"
+  ansible.builtin.command:
+    cmd: "/usr/sbin/kea-admin db-upgrade mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
+  tags:
+    - kea
+    - dhcp
+
+- name: "Deployer : Kea : Restart"
+  ansible.builtin.systemd_service:
+    name: kea-dhcp4-server
+    state: restarted
+  when:
+    - (deployerTaskK1 is defined and deployerTaskK1.changed) or deployerTaskK1 is undefined or (deployerTaskK2 is defined and deployerTaskK2.changed) or deployerTaskK2 is undefined
+  tags:
+    - kea
+    - dhcp
+
+- name: "Deployer : Kea : Start"
+  ansible.builtin.systemd_service:
+    name: kea-dhcp4-server
+    state: started
+  tags:
+    - kea
+    - dhcp
+
+
+- name: "Deployer - dnsdist - Configure - Create Folder"
   ansible.builtin.file:
-    path: "~/data/powerdns/"
+    path: "/root/data/dnsdist/"
     state: directory
   tags:
-    - powerdns
+    - dnsdist
+    - dns
 
-- name: "Deployer - PowerDNS - Configure - Create Subfolders"
+- name: "Deployer - dnsdist - Configure - Create Subfolders"
   ansible.builtin.file:
-    dest: '~/data/powerdns/{{ item.path }}'
+    dest: '/root/data/dnsdist/{{ item.path }}'
     state: directory
-  with_filetree: './files/powerdns/'
+  with_filetree: './files/dnsdist/'
   loop_control:
     label: "{{ item.path }}"
   when:
     - item.state == 'directory'
   tags:
-    - powerdns
+    - dnsdist
+    - dns
 
-- name: "Deployer - PowerDNS - Configure - Generating & Transferring Files"
+- name: "Deployer - dnsdist - Configure - Generating & Transferring Files"
   ansible.builtin.template:
     src: '{{ item.src }}'
-    dest: '~/data/powerdns/{{ item.path }}'
+    dest: '/root/data/dnsdist/{{ item.path }}'
-  register: deployerTaskP1
+  register: deployerTaskD1
-  with_filetree: './files/powerdns/'
+  with_filetree: './files/dnsdist/'
   loop_control:
     label: "{{ item.path }}"
   when:
     - item.state == 'file'
   tags:
-    - powerdns
+    - dnsdist
+    - dns
 
-- name: "Deployer - PowerDNS - Pull Image"
+- name: "Deployer - dnsdist - Pull Image"
   containers.podman.podman_image:
-    name: docker.io/powerdns/pdns-auth-49
+    name: docker.io/powerdns/dnsdist-20
     tag: latest
-    force: true
+  register: deployerTaskD2
-  register: deployerTaskP2
 
-- name: "Deployer - PowerDNS - Run Container"
+- name: "Deployer - dnsdist - Run Container"
   containers.podman.podman_container:
-    name: powerdns
+    name: dnsdist
-    image: docker.io/powerdns/pdns-auth-49:latest
+    image: docker.io/powerdns/dnsdist-20:latest
     state: started
     recreate: on
     network: host
     restart_policy: always
     volumes:
-      - "~/data/powerdns/config.conf:/etc/powerdns/pdns.conf:ro"
+      - "/root/data/dnsdist/config.conf:/etc/dnsdist/dnsdist.conf:ro"
+    tty: yes
+    interactive: yes
+    capabilities:
+      - NET_BIND_SERVICE
   when:
-    - (deployerTaskP1 is defined and deployerTaskP1.changed) or deployerTaskP1 is undefined or (deployerTaskP2 is defined and deployerTaskP2.changed) or deployerTaskP2 is undefined
+    - (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined or (deployerTaskD2 is defined and deployerTaskD2.changed) or deployerTaskD2 is undefined
   tags:
-    - powerdns
+    - dnsdist
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Configure - Create Folder"
+  ansible.builtin.file:
+    path: "/root/data/powerdns-authorative/"
+    state: directory
+  tags:
+    - powerdns-authorative
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Configure - Create Subfolders"
+  ansible.builtin.file:
+    dest: '/root/data/powerdns-authorative/{{ item.path }}'
+    state: directory
+  with_filetree: './files/powerdns-authorative/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'directory'
+  tags:
+    - powerdns-authorative
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Configure - Generating & Transferring Files"
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '/root/data/powerdns-authorative/{{ item.path }}'
+  register: deployerTaskPA1
+  with_filetree: './files/powerdns-authorative/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'file'
+  tags:
+    - powerdns-authorative
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Database - Init"
+  community.mysql.mysql_db:
+    login_host: "127.0.0.1"
+    login_user: "{{ config.mariadb.users['powerdns'].username }}"
+    login_password: "{{ config.mariadb.users['powerdns'].password }}"
+    name: "{{ config.mariadb.users['powerdns'].database }}"
+    state: import
+    target: './files/powerdns-authorative/schema.mysql.sql'
+  register: deployerTaskPA2
+  failed_when:
+    - "deployerTaskPA2.msg.find('ERROR') != -1"
+    - "deployerTaskPA2.msg.find('already exists') == -1"
+  when:
+    - config.mariadb.users is defined
+    - config.mariadb.users['powerdns'] is defined
+    - config.mariadb.users['powerdns'].username is defined
+    - config.mariadb.users['powerdns'].password is defined
+    - config.mariadb.users['powerdns'].database is defined
+  tags:
+    - powerdns-authorative
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Pull Image"
+  containers.podman.podman_image:
+    name: docker.io/powerdns/pdns-auth-50
+    tag: latest
+  register: deployerTaskPA3
+
+- name: "Deployer - PowerDNS Authorative - Run Container"
+  containers.podman.podman_container:
+    name: powerdns-authorative
+    image: docker.io/powerdns/pdns-auth-50:latest
+    state: started
+    recreate: on
+    network: host
+    restart_policy: always
+    volumes:
+      - "/root/data/powerdns-authorative/config.conf:/etc/powerdns/pdns.conf:ro"
+    capabilities:
+      - NET_BIND_SERVICE
+  when:
+    - (deployerTaskPA1 is defined and deployerTaskPA1.changed) or deployerTaskPA1 is undefined or (deployerTaskPA3 is defined and deployerTaskPA3.changed) or deployerTaskPA3 is undefined
+  tags:
+    - powerdns-authorative
+    - dns
+
+
+- name: "Deployer - PowerDNS Recursor - Configure - Create Folder"
+  ansible.builtin.file:
+    path: "/root/data/powerdns-recursor/"
+    state: directory
+  tags:
+    - powerdns-recursor
+    - dns
+
+- name: "Deployer - PowerDNS Recursor - Configure - Create Subfolders"
+  ansible.builtin.file:
+    dest: '/root/data/powerdns-recursor/{{ item.path }}'
+    state: directory
+  with_filetree: './files/powerdns-recursor/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'directory'
+  tags:
+    - powerdns-recursor
+    - dns
+
+- name: "Deployer - PowerDNS Recursor - Configure - Generating & Transferring Files"
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '/root/data/powerdns-recursor/{{ item.path }}'
+  register: deployerTaskPR1
+  with_filetree: './files/powerdns-recursor/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'file'
+  tags:
+    - powerdns-recursor
+    - dns
+
+- name: "Deployer - PowerDNS Recursor - Pull Image"
+  containers.podman.podman_image:
+    name: docker.io/powerdns/pdns-recursor-52
+    tag: latest
+  register: deployerTaskPR2
+
+- name: "Deployer - PowerDNS Recursor - Run Container"
+  containers.podman.podman_container:
+    name: powerdns-recursor
+    image: docker.io/powerdns/pdns-recursor-52:latest
+    state: started
+    recreate: on
+    network: host
+    restart_policy: always
+    volumes:
+      - "/root/data/powerdns-recursor/config.conf:/etc/powerdns/recursor.conf:ro"
+    capabilities:
+      - NET_BIND_SERVICE
+  when:
+    - (deployerTaskPR1 is defined and deployerTaskPR1.changed) or deployerTaskPR1 is undefined or (deployerTaskPR2 is defined and deployerTaskPR2.changed) or deployerTaskPR2 is undefined
+  tags:
+    - powerdns-recursor
+    - dns
 
 - name: "Deployer - Nginx - Configure - Create Folder"
   ansible.builtin.file:
-    path: "~/data/nginx/"
+    path: "/root/data/nginx/"
     state: directory
   tags:
     - nginx
+    - www
 
 - name: "Deployer - Nginx - Configure - Create Subfolders"
   ansible.builtin.file:
-    dest: '~/data/nginx/{{ item.path }}'
+    dest: '/root/data/nginx/{{ item.path }}'
     state: directory
   with_filetree: './files/nginx/'
   loop_control:
@@ -277,11 +472,12 @@
     - item.state == 'directory'
   tags:
     - nginx
+    - www
 
 - name: "Deployer - Nginx - Configure - Generating & Transferring Files"
   ansible.builtin.template:
     src: '{{ item.src }}'
-    dest: '~/data/nginx/{{ item.path }}'
+    dest: '/root/data/nginx/{{ item.path }}'
   register: deployerTaskN1
   with_filetree: './files/nginx/'
   loop_control:
@@ -290,12 +486,12 @@
     - item.state == 'file'
   tags:
     - nginx
+    - www
 
 - name: "Deployer - Nginx - Pull Image"
   containers.podman.podman_image:
     name: docker.io/library/nginx
     tag: latest
-    force: true
   register: deployerTaskN2
 
 - name: "Deployer - Nginx - Run Container"
@@ -315,3 +511,4 @@
     - (deployerTaskN1 is defined and deployerTaskN1.changed) or deployerTaskN1 is undefined or (deployerTaskN2 is defined and deployerTaskN2.changed) or deployerTaskN2 is undefined
   tags:
     - nginx
+    - www

tasks/installer.yml

@@ -12,14 +12,14 @@
     - "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1"
 
 - name: "Init : Python 3 : Configure - Virtual Environment : Test"
-  ansible.builtin.raw: "~/.venv/ansible/bin/pip3"
+  ansible.builtin.raw: "/root/.venv/ansible/bin/pip3"
   register: task632
   changed_when: false
   failed_when: false
 
 - name: "Init : Python 3 : Configure - Virtual Environment : Delete"
   ansible.builtin.file:
-    path: "~/.venv/ansible"
+    path: "/root/.venv/ansible"
     state: absent
   when:
     - "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1"
@@ -29,7 +29,7 @@
     name: pip
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
 
 - name: "Installer : Tools : Install"
@@ -50,28 +50,76 @@
       - pkg-config
       - etckeeper
       - picocom
+      - vlan
   loop: "{{ packages }}"
   loop_control:
     label: "{{ package }}"
     loop_var: "package"
 
+- name: "Installer : Issue : Configure - Copy File"
+  ansible.builtin.template:
+    src: './files/issue'
+    dest: '/etc/{{ file }}'
+  vars:
+    files:
+      - "issue"
+      - "issue.net"
+  loop: "{{ files }}"
+  loop_control:
+    label: "{{ file }}"
+    loop_var: "file"
+  tags:
+    - issue
+
+- name: "Installer : Motd : Configure - Copy File"
+  ansible.builtin.template:
+    src: './files/motd'
+    dest: '/etc/motd'
+  tags:
+    - motd
+
+- name: "Installer : Networking : Configure - Copy Configuration"
+  ansible.builtin.template:
+    src: './files/networking/interfaces'
+    dest: '/etc/network/interfaces'
+  tags:
+    - networking
+    - network
+
+- name: "Installer : Networking : Start - Restart Service"
+  ansible.builtin.systemd_service:
+    name: networking
+    state: restarted
+  tags:
+    - networking
+    - network
+
 - name: "Installer : FirewallD : Dependencies - Packages"
   ansible.builtin.apt:
     name:
       - python3-firewall
       - iptables
     state: latest
+  tags:
+    - firewalld
+    - firewall
 
 - name: "Installer : FirewallD : Install"
   ansible.builtin.apt:
     name: "firewalld"
     state: latest
+  tags:
+    - firewalld
+    - firewall
 
 - name: "Installer : FirewallD : Start"
   ansible.builtin.systemd_service:
     name: firewalld
     state: started
     enabled: true
+  tags:
+    - firewalld
+    - firewall
 
 - name: "Installer : FirewallD : Rules"
   ansible.posix.firewalld:
@@ -85,32 +133,37 @@
       - http
       - https
       - ssh
+      - dhcp
+      - dns
   loop: "{{ services }}"
   loop_control:
     label: "{{ service }}"
     loop_var: "service"
+  tags:
+    - firewalld
+    - firewall
 
 - name: "Installer - Ansible - Python Library"
   ansible.builtin.pip:
     name: ansible
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
   tags:
     - ansible
 
 - name: "Installer : Ansible : Create Folder"
   ansible.builtin.file:
-    path: ~/bin
+    path: /root/bin
     state: directory
   tags:
     - ansible
 
 - name: "Installer : Ansible : Create Symbolic Links"
   ansible.builtin.file:
-    src: ~/.venv/ansible/bin/{{ binary }}
+    src: /root/.venv/ansible/bin/{{ binary }}
-    dest: ~/bin/{{ binary }}
+    dest: /root/bin/{{ binary }}
     state: link
   vars:
     binaries:
@@ -132,12 +185,12 @@
   tags:
     - ansible
 
-- name: "Installer - Ansible - Dependencies / Python Libraries"
+- name: "Installer - Ansible - Dependencies - Python Libraries"
   ansible.builtin.pip:
     name: "{{ library }}"
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
   vars:
     libraries:
@@ -151,16 +204,27 @@
   loop_control:
     label: "{{ library }}"
     loop_var: "library"
+  tags:
+    - ansible
 
-- name: "Installer : MariaDB : Dependencies / Python Library : pymysql"
+- name: "Installer : MariaDB : Dependencies - Python Library : pymysql"
   ansible.builtin.pip:
     name: pymysql
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
   tags:
     - mariadb
+    - database
+
+- name: "Installer : MariaDB : Dependencies - Package : mariadb-client"
+  ansible.builtin.apt:
+    name: "mariadb-client"
+    state: latest
+  tags:
+    - mariadb
+    - database
 
 - name: "Installer : Podman : Install"
   ansible.builtin.apt:
@@ -171,20 +235,22 @@
       - buildah
       - slirp4netns
     state: latest
+  tags:
+    - podman
 
 - name: "Installer : Schedule : Maintenance"
   ansible.builtin.cron:
-    name: "PVJJK 1.VOS TJAS - Infra - Maintenance"
+    name: "{{ location | upper }} - Infra - Maintenance"
     hour: "*/3"
     minute: "0"
-    job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t maintenance"
+    job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t maintenance"
   tags:
     - cron
 
 - name: "Installer : Schedule : Deployer"
   ansible.builtin.cron:
-    name: "PVJJK 1.VOS TJAS - Infra - Deployer"
+    name: "{{ location | upper }} - Infra - Deployer"
     minute: "*/5"
-    job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t deployer"
+    job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t deployer"
   tags:
     - cron

tasks/maintenance.yml

@@ -4,7 +4,7 @@
     name: "{{ library }}"
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
   vars:
     libraries:
@@ -24,7 +24,7 @@
     name: ansible
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
 
 - name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql"
@@ -32,7 +32,7 @@
     name: pymysql
     state: latest
     extra_args: --upgrade
-    virtualenv: ~/.venv/ansible
+    virtualenv: /root/.venv/ansible
     virtualenv_command: "python3 -m venv"
 
 - name: "Maintenance : Podman : Prune"