118 lines
3.0 KiB
YAML
118 lines
3.0 KiB
YAML
---
|
|
- name: Gather system facts (hardware)
|
|
ansible.builtin.setup:
|
|
gather_subset:
|
|
- hardware
|
|
become: true
|
|
|
|
- name: Create blocky group
|
|
ansible.builtin.group:
|
|
name: "blocky"
|
|
gid: 953
|
|
state: "present"
|
|
become: true
|
|
|
|
- name: Create blocky user
|
|
ansible.builtin.user:
|
|
name: "blocky"
|
|
uid: 953
|
|
group: "blocky"
|
|
shell: "/usr/sbin/nologin"
|
|
password_lock: true
|
|
comment: "Blocky DNS User"
|
|
state: "present"
|
|
become: true
|
|
|
|
- name: Create blocky etc directory
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: "blocky"
|
|
group: "blocky"
|
|
mode: "0750"
|
|
state: "directory"
|
|
loop:
|
|
- "/etc/blocky"
|
|
- "/etc/blocky/ssl"
|
|
become: true
|
|
|
|
- name: Deploy blocky binary file (x86_64)
|
|
ansible.builtin.unarchive:
|
|
src: "{{ hostvars['console']['node']['data_path'] }}/bin/blocky-{{ version['packages']['blocky'] }}-x86_64.tar.gz"
|
|
dest: "/usr/local/bin/"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0755"
|
|
extra_opts:
|
|
- "--strip-components=0"
|
|
- "--wildcards"
|
|
- "blocky"
|
|
become: true
|
|
when: ansible_facts['architecture'] == "x86_64"
|
|
notify: "notification_restart_blocky"
|
|
|
|
- name: Deploy blocky binary file (aarch64)
|
|
ansible.builtin.unarchive:
|
|
src: "{{ hostvars['console']['node']['data_path'] }}/bin/blocky-{{ version['packages']['blocky'] }}-arm64.tar.gz"
|
|
dest: "/usr/local/bin/"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0755"
|
|
extra_opts:
|
|
- "--strip-components=0"
|
|
- "--wildcards"
|
|
- "blocky"
|
|
become: true
|
|
when: ansible_facts['architecture'] == "aarch64"
|
|
notify: "notification_restart_blocky"
|
|
|
|
- name: Deploy blocky config
|
|
ansible.builtin.template:
|
|
src: "{{ hostvars['console']['node']['config_path'] }}/services/systemd/fw/blocky/etc/config.yaml.j2"
|
|
dest: "/etc/blocky/config.yaml"
|
|
owner: "blocky"
|
|
group: "blocky"
|
|
mode: "0640"
|
|
become: true
|
|
notify: "notification_restart_blocky"
|
|
no_log: true
|
|
|
|
- name: Deploy blocky certificate and key
|
|
ansible.builtin.copy:
|
|
content: |
|
|
{{ item.value }}
|
|
dest: "/etc/blocky/ssl/{{ item.name }}"
|
|
owner: "blocky"
|
|
group: "blocky"
|
|
mode: "{{ item.mode }}"
|
|
loop:
|
|
- name: "blocky.crt"
|
|
value: |
|
|
{{ hostvars['console']['blocky']['crt'] | trim }}
|
|
{{ hostvars['console']['ca']['intermediate']['crt'] }}
|
|
mode: "0440"
|
|
- name: "blocky.key"
|
|
value: "{{ hostvars['console']['blocky']['key'] }}"
|
|
mode: "0400"
|
|
become: true
|
|
notify: "notification_restart_blocky"
|
|
no_log: true
|
|
|
|
- name: Deploy blocky service
|
|
ansible.builtin.copy:
|
|
src: "{{ hostvars['console']['node']['config_path'] }}/services/systemd/fw/blocky/blocky.service"
|
|
dest: "/etc/systemd/system/blocky.service"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
validate: "/usr/bin/systemd-analyze verify %s"
|
|
become: true
|
|
notify: "notification_restart_blocky"
|
|
|
|
- name: Enable blocky service
|
|
ansible.builtin.systemd:
|
|
name: "blocky.service"
|
|
state: "started"
|
|
enabled: true
|
|
daemon_reload: true
|
|
become: true
|