cleanup tinc; fix k3s install

README.md

@@ -12,12 +12,14 @@ ansible-galaxy collection install wenerme.alpine
  - setup
  - upgrade
 - apk
-- k3s
-- haproxy
 - consul
 - dnsmasq
 - docker
+- frpc
+- frps
+- haproxy
 - k0s
+- k3s
 - n2n
 - nextcloud
 - ntp
@@ -26,6 +28,7 @@ ansible-galaxy collection install wenerme.alpine
 - tinc
 - zerotier
 - zfs
+- [ ] aports
 
 ## Setup
 

galaxy.yml

@@ -17,7 +17,7 @@ readme: README.md
 # A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
 # @nicks:irc/im.site#channel'
 authors:
- - 陈杨文 @wenerme
+- 陈杨文 @wenerme
 
 ### OPTIONAL but strongly recommended
 
@@ -27,7 +27,7 @@ description: Collection of tasks for AlpineLinux ops
 # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
 # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
 license:
- - MIT
+- MIT
 
 # The path to the license file for the collection. This path is relative to the root of the collection. This key is
 # mutually exclusive with 'license'
@@ -36,17 +36,17 @@ license:
 # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
 # requirements as 'namespace' and 'name'
 tags:
- - alpine
- - alpinelinux
- - linux
- - k3s
- - tinc
+- alpine
+- alpinelinux
+- linux
+- k3s
+- tinc
 
 # Collections that this collection requires to be installed for it to be usable. The key of the dict is the
 # collection label 'namespace.name'. The value is a version range
 # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
 # range specifiers can be set and are separated by ','
-dependencies: {}
+dependencies: { }
 
 # The URL of the originating SCM repository
 repository: https://github.com/wenerme/ansible-collection-wenerme-alpine
@@ -61,11 +61,11 @@ homepage: https://github.com/wenerme/ansible-collection-wenerme-alpine
 issues: https://github.com/wenerme/ansible-collection-wenerme-alpine/issue
 
 build_ignore:
- - tests/integration/inventory*
- - changelogs/.plugin-cache.yaml
- - .env
- - .DS_Store
- - ignored.md
- - ignored
- - '*.tar.gz'
- - '.idea'
+- tests/integration/inventory*
+- changelogs/.plugin-cache.yaml
+- .env
+- .DS_Store
+- ignored.md
+- ignored
+- '*.tar.gz'
+- '.idea'

roles/alpine/handlers/main.yaml

@@ -152,13 +152,13 @@
 - name: frps.restart
  service: name=frps state=restarted
  become: true
-- name: frps.reloaded
+- name: frps.reload
  service: name=frps state=reloaded
  become: true
 
 - name: frpc.restart
  service: name=frpc state=restarted
  become: true
-- name: frpc.reloaded
+- name: frpc.reload
  service: name=frpc state=reloaded
  become: true

roles/alpine/tasks/alpine-info.yaml

@@ -0,0 +1,28 @@
+- name: Gathering facts
+ setup: { }
+- name: Package count
+ shell: wc -l /etc/apk/world | cut -d ' ' -f 1
+ register: result
+ changed_when: false
+
+- set_fact:
+ package_count: "{{ result.stdout }}"
+
+- name: OS Info
+ debug:
+ msg:
+ - "{{ ansible_user_id }}({{ ansible_user_uid }})@{{ ansible_nodename }}"
+ - "OS: {{ ansible_os_family }} {{ ansible_distribution_version }} {{ ansible_osversion|default('-')}}/{{ansible_osrevision|default('-') }} {{ ansible_machine }}"
+ - "Host: {{ ansible_model | default(ansible_product_name) | default(ansible_system_vendor) }}"
+ - "Ansible inventory: {{ inventory_hostname }} ,host: {{ ansible_host }}"
+ - "CPU: {{ ansible_processor_count|default('-') }}x{{ ansible_processor_cores }}Cx{{ ansible_processor_threads_per_core|default('-') }}T={{ ansible_processor_vcpus }} vcpu {{ (ansible_processor[2]|length > 1)|ternary(ansible_processor[2],ansible_processor) }}"
+ - "Memory: {{ ansible_memtotal_mb - ansible_memfree_mb }} MB / {{ ansible_memtotal_mb }} MB"
+ - "Kernel: {{ ansible_kernel }}"
+ - "Uptime: {{ (ansible_uptime_seconds|default(0)/60/60/24)|int }} days {{ (ansible_uptime_seconds|default(0)/60/60 % 24)|int}} hours {{(ansible_uptime_seconds|default(0)/60 % 60)|int }} minutes"
+ - "Packages: {{ package_count }} ({{ ansible_pkg_mgr }})"
+ - "Shell: {{ ansible_user_shell }}"
+ - "Network: {% if ansible_default_ipv4 is defined %}{{ ansible_default_ipv4.interface }} {{ ansible_default_ipv4.address }} {{ ansible_default_ipv4.netmask }}{% else %}n/a{% endif %}"
+ - "DNS: {{ ' '.join(ansible_dns.nameservers|default('-')) }}"
+ - "Python: {{ ansible_python.executable }} {{ ansible_python_version }}"
+ - "Interfaces: {% if ansible_interfaces is defined %}{{ ', '.join(ansible_interfaces|sort) }}{% else %}n/a{% endif %}"
+ - "Addresses: {% if ansible_all_ipv4_addresses is defined %}{{ ', '.join(ansible_all_ipv4_addresses|sort) }}{% else %}n/a{% endif %}"

roles/alpine/tasks/copy-conf.yaml

@@ -1,33 +1,44 @@
 # dest
 # src
 # conf_files
+# skip
 
-- ansible.builtin.set_fact:
- src: "{{ lookup('ansible.builtin.first_found', conf_files|default(_conf_files)) }}"
+- block:
+ - ansible.builtin.set_fact:
+ src: "{{ lookup('ansible.builtin.first_found', conf_files|default(_conf_files)) }}"
+ name: conf | find {{dest}} for host {{inventory_hostname}}
+ rescue:
+ - debug:
+ msg: "{{_conf_files}}"
+ when: src|default(None) == None
  vars:
  _inv_name: "{{inv_name | default('.')}}"
  _conf_files:
- - '{{_inv_name}}/{{inventory_hostname}}{{dest}}.j2'
- - '{{_inv_name}}/{{inventory_hostname}}{{dest}}'
- - '{{_inv_name}}/host/{{dest}}.j2'
- - '{{_inv_name}}/host/{{dest}}'
- when: src is undefined
-
+ - '{{file_dir}}/{{inventory_hostname}}/{{dest}}.j2'
+ - '{{file_dir}}/{{inventory_hostname}}/{{dest}}'
+ - '{{file_dir}}/host/{{dest}}.j2'
+ - '{{file_dir}}/host/{{dest}}'
 
 - block:
  - copy:
  src: "{{src}}"
  dest: "{{dest}}"
  when:
  - "src is not regex('[.]j2$')"
- name: conf | copy {{dest}}
+ name: conf | copy {{src}} to {{dest}}
  - template:
  src: "{{src}}"
  dest: "{{dest}}"
  when:
  - "src is regex('[.]j2$')"
- name: conf | tpl {{dest}}
+ name: conf | tpl {{src}} to {{dest}}
  when:
- - 'src is file'
+ - src|default(None) != None
+ - src is file
  become: true
  notify: "{{notify|default([])}}"
+
+# unset
+- set_fact:
+ src:
+ dest:

roles/alpine/tasks/haproxy-conf.yaml

@@ -4,4 +4,3 @@
  notify: haproxy.reload
  loop:
  - /etc/haproxy/haproxy.cfg
-

roles/alpine/tasks/k3s-fetch.yaml

@@ -1,3 +1,9 @@
+- name: k3s | prepare
+ become: true
+ apk:
+ name: [curl, jq]
+ state: present
+
 - name: k3s | arch of {{ansible_architecture}}
  block:
  - name: setup ansible_architecture
@@ -12,7 +18,8 @@
  - shell: |
  curl -sf https://update.k3s.io/v1-release/channels | jq -r '.data[] | select(.id == "stable") | .latest'
  register: result
- name: fetch latest version
+ name: k3s | fetch latest version
+ changed_when: false
  - set_fact:
  k3s_version: "{{ result.stdout }}"
  when: k3s_version is undefined
@@ -37,7 +44,7 @@
  url: https://ghproxy.com/github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s
  dest: /data/opt/k3s/k3s-{{k3s_version}}
  mode: 0755
- name: k3s | fetch
+ name: k3s | fetch binary
  when: k3s_arch == 'amd64'
  - get_url:
  url: https://ghproxy.com/github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s-{{k3s_arch}}
@@ -56,6 +63,7 @@
  cd /data/opt/k3s
  sha256sum -c sha256sum-{{k3s_version}}.txt --ignore-missing
  name: k3s | checksum
+ changed_when: false
  rescue:
  - file:
  path: /data/opt/k3s/k3s-{{k3s_version}}

roles/alpine/tasks/k3s-upgrade.yaml

@@ -5,17 +5,23 @@
  name: k3s
  state: stopped
  runlevel: default
+ when: service is undefined or service
 
 # fetch
 - include_tasks: k3s-fetch.yaml
+ when: fetch is undefined or fetch
 
 # upgrade
+- stat:
+ path: /usr/local/bin/k3s
+ register: result
 - name: k3s | backup last
  copy:
  src: /usr/local/bin/k3s
  dest: /data/opt/k3s/k3s.last
  mode: 0755
  remote_src: true
+ when: result.stat.exists
 
 - name: k3s | install
  become: true
@@ -32,3 +38,4 @@
  name: k3s
  state: started
  runlevel: default
+ when: service is undefined or service

roles/alpine/tasks/tinc-install.yaml

@@ -21,3 +21,69 @@
  state: present
  loop:
  - tinc-pre
+
+- name: tinc | install tinc.netanme service
+ become: true
+ copy:
+ dest: /etc/init.d/tinc.netname
+ mode: +x
+ content: |
+ #!/sbin/openrc-run
+ supervisor=supervise-daemon
+
+ name="TincVPN Daemon"
+ description="tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet."
+ description_reload="Reload configuration without exiting"
+
+ # tinc.netname -> netname
+ NETNAME=${RC_SVCNAME##*.}
+ : ${TINC_DEBUG:=0}
+
+ command=/usr/sbin/tincd
+ command_args="-n $NETNAME -d $TINC_DEBUG $TINC_OPTS"
+ command_args_foreground="-D"
+
+ TINC_LOGFILE="${TINC_LOGFILE:-/var/log/${RC_SVCNAME}.log}"
+ TINC_ERRFILE="${TINC_ERRFILE:-${TINC_LOGFILE}}"
+ TINC_OUTFILE="${TINC_OUTFILE:-${TINC_LOGFILE}}"
+ supervise_daemon_args="--stderr \"${TINC_ERRFILE}\" --stdout \"${TINC_OUTFILE}\""
+
+ extra_started_commands="reload"
+ retry="${TINC_RETRY:-TERM/60/KILL/10}"
+
+ depend() {
+ use logger dns
+ need net
+ }
+
+ checkconfig() {
+ # warn this if not found
+ if [ ! -f "/etc/tinc/$NETNAME/tinc.conf" ]; then
+ eerror "No VPN network configured"
+ return 1
+ fi
+ return 0
+ }
+
+ reload() {
+ ebegin "Reloading configuration"
+ $supervisor $RC_SVCNAME --signal HUP
+ eend $?
+ }
+
+- name: tinc | install tinc.{{ tinc_netname }}
+ become: true
+ file:
+ dest: /etc/init.d/tinc.{{ tinc_netname }}
+ src: /etc/init.d/tinc.netname
+ state: link
+ when: tinc_netname is defined
+
+- name: tinc | install tinc.{{ item }}
+ become: true
+ file:
+ dest: /etc/init.d/tinc.{{ item }}
+ src: /etc/init.d/tinc.netname
+ state: link
+ when: tinc_netnames is defined
+ loop: "{{ tinc_netnames }}"

roles/alpine/tasks/tinc-start.yaml

@@ -0,0 +1,16 @@
+- name: tinc | start tincd.{{ tinc_netname }} service
+ become: true
+ service:
+ name: tincd.{{ tinc_netname }}
+ state: started
+ enabled: true
+ when: tinc_netname is defined
+
+- name: tinc | start tincd.{{ item }} service
+ become: true
+ service:
+ name: tincd.{{ item }}
+ state: started
+ enabled: true
+ when: tinc_netnames is defined
+ loop: "{{ tinc_netnames }}"

roles/alpine/tasks/tinc-stop.yaml

@@ -0,0 +1,16 @@
+- name: tinc | start tincd.{{ tinc_netname }} service
+ become: true
+ service:
+ name: tincd.{{ tinc_netname }}
+ state: stopped
+ enabled: false
+ when: tinc_netname is defined
+
+- name: tinc | start tincd.{{ item }} service
+ become: true
+ service:
+ name: tincd.{{ item }}
+ state: stopped
+ enabled: false
+ when: tinc_netnames is defined
+ loop: "{{ tinc_netnames }}"