From 79416ace67b942e0e3680cf1a18f41bc215c34f6 Mon Sep 17 00:00:00 2001
From: Stefan <stefan@freifunk-troisdorf.de>
Date: Sun, 26 Feb 2023 10:35:39 +0100
Subject: [PATCH] changed role based setup

---
 roles/00-create-sudo-user/tasks/main.yml      | 39 -----------
 roles/00-system-set-hostname/tasks/main.yml   | 17 -----
 roles/00-ubuntu-basic/files/nils.key.pub      |  1 +
 roles/00-ubuntu-basic/files/roman.key.pub     |  1 +
 roles/00-ubuntu-basic/files/stefan.key.pub    |  1 +
 roles/00-ubuntu-basic/tasks/main.yml          | 64 +++++++++++++++++++
 roles/00-ubuntu-basic/vars/main.yml           |  4 ++
 .../01-system-install-packages/tasks/main.yml | 18 ------
 .../tasks/main.yml                            |  0
 roles/40-vyos-system/tasks/main.yml           |  7 --
 roles/41-vyos-interfaces/tasks/main.yml       | 14 ----
 system-setup.yml                              | 11 ++--
 12 files changed, 75 insertions(+), 102 deletions(-)
 delete mode 100644 roles/00-create-sudo-user/tasks/main.yml
 delete mode 100644 roles/00-system-set-hostname/tasks/main.yml
 create mode 100644 roles/00-ubuntu-basic/files/nils.key.pub
 create mode 100644 roles/00-ubuntu-basic/files/roman.key.pub
 create mode 100644 roles/00-ubuntu-basic/files/stefan.key.pub
 create mode 100644 roles/00-ubuntu-basic/tasks/main.yml
 create mode 100644 roles/00-ubuntu-basic/vars/main.yml
 delete mode 100644 roles/01-system-install-packages/tasks/main.yml
 rename roles/{01-system-set-networking => 01-vpn-offloader-setup}/tasks/main.yml (100%)
 delete mode 100644 roles/40-vyos-system/tasks/main.yml
 delete mode 100644 roles/41-vyos-interfaces/tasks/main.yml

diff --git a/roles/00-create-sudo-user/tasks/main.yml b/roles/00-create-sudo-user/tasks/main.yml
deleted file mode 100644
index 214afb7..0000000
--- a/roles/00-create-sudo-user/tasks/main.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-- name: Make sure we have a 'wheel' group
-  group:
-    name: wheel
-    state: present
-
-- name: Allow 'wheel' group to have passwordless sudo
-  lineinfile:
-    path: /etc/sudoers
-    state: present
-    regexp: '^%wheel'
-    line: '%wheel ALL=(ALL) NOPASSWD: ALL'
-    validate: '/usr/sbin/visudo -cf %s'
-
-- name: Create a new regular user with sudo privileges
-  user:
-    name: freifunk
-    state: present
-    groups: wheel
-    append: true
-    create_home: true
-    shell: /bin/bash
-
-- name: Set authorized key for Stefan
-  authorized_key:
-    user: freifunk
-    state: present
-    key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux"
-
-- name: Set authorized key for Roman
-  authorized_key:
-    user: freifunk
-    state: present
-    key: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDPUaWm37b93Lqmg1wMj0qvUURBKpWsRiRUzzRAaQrIdhcZjo0Gkw4vv7tpFQCmvWqxUpzH00GDKjLrMvNfcv+5b0Ctl06Bo+e4nb2SVsFhjaP9MLIjHiKpgivIPx9aKwxKx/VjsW920eWOG+VaDKIJTxPGUYedaUgIktvhutAbOyRR/OJlIZ3Qs0cnyT4KTM4pe4br2p3+mNs6J7G+z8Lw99WiUBfUwsRLVO68nJA2PKlJNEUGJycngqV06iQpcDfei88DFRMetN9bhVYxWFIzCQfjjqs8dkomEhfFQwfOTYiOouhaycZABwU4pPmQwZIkp1q4KduodU/KYsf78WitYgavHVInWBQuAUljafwQpTLHy8AI6M3XmbKi5rvNZiy4hoxfaT7rYJGuBoTwsZEHI7Sf26XsyQKJdu29mmIYPpzPKP7VAyjAVLqruLX1Yy0oZuM22YFFj5MHuoEN3WdXOYymvZyOM05xXeQk6gVh3EE6MpbK8CFz1KPNEjd+vce1zUyACDvqdt6ZIjqmUdivBsvHDTqMgH9mSxjjjwLy+Sd7snXx0bqksTdPChAlXN9vs3ez8FJl0P4inzjza8l8zGqaa2A1CsO8dRcyojohczLYoTHWQTB3tVIdcj55UIE= roman"
-
-- name: Set authorized key for Nils
-  authorized_key:
-    user: freifunk
-    state: present
-    key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ== Nils Stinnesbeck"
diff --git a/roles/00-system-set-hostname/tasks/main.yml b/roles/00-system-set-hostname/tasks/main.yml
deleted file mode 100644
index 52e0af2..0000000
--- a/roles/00-system-set-hostname/tasks/main.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-- name: Ensure hostname set
-  hostname:
-    name: "{{ inventory_hostname }}"
-  when: not inventory_hostname|trim is match('(\d{1,3}\.){3}\d{1,3}')
-  become: yes
-  register: hostname_set
-
-- name: Reboot host and wait for it to restart
-  reboot:
-    msg: "Reboot initiated by Ansible"
-    connect_timeout: 5
-    reboot_timeout: 600
-    pre_reboot_delay: 0
-    post_reboot_delay: 30
-    test_command: whoami
-  when: hostname_set.changed
\ No newline at end of file
diff --git a/roles/00-ubuntu-basic/files/nils.key.pub b/roles/00-ubuntu-basic/files/nils.key.pub
new file mode 100644
index 0000000..0b88510
--- /dev/null
+++ b/roles/00-ubuntu-basic/files/nils.key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ== Nils Stinnesbeck
\ No newline at end of file
diff --git a/roles/00-ubuntu-basic/files/roman.key.pub b/roles/00-ubuntu-basic/files/roman.key.pub
new file mode 100644
index 0000000..9c41c46
--- /dev/null
+++ b/roles/00-ubuntu-basic/files/roman.key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDPUaWm37b93Lqmg1wMj0qvUURBKpWsRiRUzzRAaQrIdhcZjo0Gkw4vv7tpFQCmvWqxUpzH00GDKjLrMvNfcv+5b0Ctl06Bo+e4nb2SVsFhjaP9MLIjHiKpgivIPx9aKwxKx/VjsW920eWOG+VaDKIJTxPGUYedaUgIktvhutAbOyRR/OJlIZ3Qs0cnyT4KTM4pe4br2p3+mNs6J7G+z8Lw99WiUBfUwsRLVO68nJA2PKlJNEUGJycngqV06iQpcDfei88DFRMetN9bhVYxWFIzCQfjjqs8dkomEhfFQwfOTYiOouhaycZABwU4pPmQwZIkp1q4KduodU/KYsf78WitYgavHVInWBQuAUljafwQpTLHy8AI6M3XmbKi5rvNZiy4hoxfaT7rYJGuBoTwsZEHI7Sf26XsyQKJdu29mmIYPpzPKP7VAyjAVLqruLX1Yy0oZuM22YFFj5MHuoEN3WdXOYymvZyOM05xXeQk6gVh3EE6MpbK8CFz1KPNEjd+vce1zUyACDvqdt6ZIjqmUdivBsvHDTqMgH9mSxjjjwLy+Sd7snXx0bqksTdPChAlXN9vs3ez8FJl0P4inzjza8l8zGqaa2A1CsO8dRcyojohczLYoTHWQTB3tVIdcj55UIE= roman
\ No newline at end of file
diff --git a/roles/00-ubuntu-basic/files/stefan.key.pub b/roles/00-ubuntu-basic/files/stefan.key.pub
new file mode 100644
index 0000000..48b11a8
--- /dev/null
+++ b/roles/00-ubuntu-basic/files/stefan.key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux
\ No newline at end of file
diff --git a/roles/00-ubuntu-basic/tasks/main.yml b/roles/00-ubuntu-basic/tasks/main.yml
new file mode 100644
index 0000000..260f8ae
--- /dev/null
+++ b/roles/00-ubuntu-basic/tasks/main.yml
@@ -0,0 +1,64 @@
+---
+- name: Ensure hostname set
+  hostname:
+    name: "{{ inventory_hostname }}"
+  when: not inventory_hostname|trim is match('(\d{1,3}\.){3}\d{1,3}')
+  become: yes
+  register: hostname_set
+
+- name: Reboot host and wait for it to restart
+  reboot:
+    msg: "Reboot initiated by Ansible"
+    connect_timeout: 5
+    reboot_timeout: 600
+    pre_reboot_delay: 0
+    post_reboot_delay: 30
+    test_command: whoami
+  when: hostname_set.changed
+
+#
+# Users defined in /vars/main.yml
+# pub key files in /files/USER.key.pub
+#
+
+- name: "Create user accounts and add users to groups"
+  user:
+    name: "{{ item }}"
+    groups: wheel
+  with_items: "{{ users }}"
+
+- name: "Add authorized keys"
+    authorized_key:
+      user: "{{ item }}"
+      key: "{{ lookup('file', 'files/'+ item + '.key.pub') }}"
+    with_items: "{{ users }}"
+
+- name: Allow 'wheel' group to have passwordless sudo
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%wheel'
+    line: '%wheel ALL=(ALL) NOPASSWD: ALL'
+    validate: '/usr/sbin/visudo -cf %s'
+
+#
+# Install basic packages for Ubuntu minimal Systems
+#
+- name: Install all Packages
+  ansible.builtin.apt: 
+    name: 
+      - curl
+      - nano
+      - vim
+      - htop
+      - screen
+      - iproute2
+      - iptables
+      - cron
+      - qemu-guest-agent
+      - iputils-ping
+      - iw
+      - speedtest-cli
+      - telnet
+    state: latest
+    update_cache: yes
\ No newline at end of file
diff --git a/roles/00-ubuntu-basic/vars/main.yml b/roles/00-ubuntu-basic/vars/main.yml
new file mode 100644
index 0000000..5c857d1
--- /dev/null
+++ b/roles/00-ubuntu-basic/vars/main.yml
@@ -0,0 +1,4 @@
+users:
+  - stefan
+  - nils
+  - roman
\ No newline at end of file
diff --git a/roles/01-system-install-packages/tasks/main.yml b/roles/01-system-install-packages/tasks/main.yml
deleted file mode 100644
index 985a88d..0000000
--- a/roles/01-system-install-packages/tasks/main.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-- name: Install all Packages
-  ansible.builtin.apt: 
-    name: 
-      - curl
-      - nano
-      - vim
-      - htop
-      - screen
-      - iproute2
-      - iptables
-      - cron
-      - qemu-guest-agent
-      - iputils-ping
-      - iw
-      - speedtest-cli
-      - telnet
-    state: latest
-    update_cache: yes
\ No newline at end of file
diff --git a/roles/01-system-set-networking/tasks/main.yml b/roles/01-vpn-offloader-setup/tasks/main.yml
similarity index 100%
rename from roles/01-system-set-networking/tasks/main.yml
rename to roles/01-vpn-offloader-setup/tasks/main.yml
diff --git a/roles/40-vyos-system/tasks/main.yml b/roles/40-vyos-system/tasks/main.yml
deleted file mode 100644
index ccdaee8..0000000
--- a/roles/40-vyos-system/tasks/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-- name: Set Vyos Hostname
-  vyos.vyos.vyos_hostname:
-    config:
-      hostname: "{{ inventory_hostname }}"
-    state: merged
-
diff --git a/roles/41-vyos-interfaces/tasks/main.yml b/roles/41-vyos-interfaces/tasks/main.yml
deleted file mode 100644
index c681162..0000000
--- a/roles/41-vyos-interfaces/tasks/main.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-- name: Create Local Interfaces
-  vyos.vyos.vyos_l3_interfaces:
-    config:
-    - name: eth0
-      ipv4:
-      - address: "{{ wan_address }}"
-    - name: eth1
-      ipv4:
-      - address: "{{ local_address }}"
-    - name: lo
-      - address: "{{ ffrl_address }}"
-    state: merged
-
diff --git a/system-setup.yml b/system-setup.yml
index 1154b4e..160abc6 100644
--- a/system-setup.yml
+++ b/system-setup.yml
@@ -2,13 +2,10 @@
 - name: System preperation
   hosts: supernodes
   roles:
-    - 00-system-set-hostname
-    - 00-create-sudo-user
-    - 01-system-set-networking
-    - 01-system-install-packages
+    - 00-ubuntu-basic
 
-- name: System preperation
+- name: VPN Offloader Setup
   hosts: vpn-offloader
   roles:
-     - 21-install-wireguard
-     - 21-install-oitc
\ No newline at end of file
+    - 01-vpn-offloader-setup
+    - 21-install-wireguard
\ No newline at end of file