AniNIX/Kapisi
AniNIX
/
Kapisi
2
0
Fork 0
Code Issues 25 Pull Requests 1 Projects 1 Releases Wiki Activity

Evolution of deployment

This commit is contained in:
DarkFeather 2023-11-30 02:47:16 -06:00
parent 8392a3fe46
commit 69e2bcc966
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
21 changed files with 196 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bin/generate-mirrorlist
View File

@ -1,4 +1,14 @@
#!/bin/bash
curl -s https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/pacman-mirrorlist/trunk/mirrorlist | awk '/^## United States$/{f=1; next}f==0{next}/^$/{exit}{print substr($0, 1);}' | sed 's/^#Server/Server/' > /tmp/candidates
rankmirrors -n 6 /tmp/candidates > ../roles/ShadowArch/files/mirrorlist
cat <<EOM > ../roles/Maat/files/pacoloco.yaml
port: 9129
download_timeout: 3600 # download will timeout after 3600 seconds
cache_dir: /var/cache/pacoloco
purge_files_after: 360000 # 360000 seconds or 100 hours, 0 to disable
repos:
archlinux:
urls:
$(rankmirrors -n 6 /tmp/candidates | sed 's/^Server = / - /' | grep -v generated\ by | cut -f 1 -d \$)
user_agent: Pacoloco
EOM

1
examples/msn0.yml
View File

@ -12,6 +12,7 @@ all:
dns: "10.0.1.2"
logserver: "10.0.1.16"
webfront: "10.0.1.3"
mirroruri: "http://Maat.MSN0.AniNIX.net:9129/repo/archlinux/$repo/os/$arch"
# Standards
daemon_shell: /sbin/nologin
user_shell: /bin/bash

6
roles/Geth-Hub/README.md
View File

@ -6,5 +6,9 @@ For the camera, we use the [motion](https://motion-project.github.io/motion_conf
For the IR control we use an [IR shield](https://www.amazon.com/s?k=Raspberry+pi+infrared+expansion+board+IR+transmitter&ref=nb_sb_noss) controlled by the [lircd](https://www.lirc.org/) service. As a note, in order for this to work, you have to set the pinout in the `/boot/config.txt` -- we try to default this in, but you may need to set `gpio_in_pin` and `gpio_out_pin` attributes for your particular board and shield.
We also pass in an SSH key to integrate with the [Geth](../Geth/) command service, so that users don't have to connect to the boards directly.
We also set up an SNMPv3 daemon service on the hubs, to work with their IR control. This snmpd requires the Geth OVA to add snmpget using `apk update && apk add net-snmp-tools` from the `Terminal & SSH` add-on. Covers can then be added from the [command-line integration](https://www.home-assistant.io/integrations/command_line/). They'll look something like this:
```
```

16
roles/Geth-Hub/files/lircd.conf/Geth-Hub-3
View File

@ -1,17 +1,3 @@
# Please make this file available to others
# by sending it to <lirc@bartelmus.de>
#
# this config file was automatically generated
# using lirc-0.9.0-pre1(default) on Thu Jun 29 00:24:26 2017
#
# contributed by darkfeather@aninix.net
#
# brand: LG.conf
# model no. of remote control: AKB73715608
# devices being controlled by this remote: TV
#
begin remote
name LG-AKB73715608
@ -40,5 +26,3 @@ begin remote
end codes
end remote

28
roles/Geth-Hub/files/lircd.conf/LG-AKB73715608 Normal file
View File

@ -0,0 +1,28 @@
begin remote
name LG-AKB73715608
bits 16
flags SPACE_ENC|CONST_LENGTH
eps 30
aeps 100
header 9063 4496
one 579 1673
zero 579 546
ptrail 580
repeat 9066 2248
pre_data_bits 16
pre_data 0x20DF
gap 108528
toggle_bit_mask 0x0
begin codes
KEY_POWER 0x10EF
KEY_VOLUMEUP 0x40BF
KEY_VOLUMEDOWN 0xC03F
KEY_CONFIG 0xD02F
KEY_ENTER 0x22DD
KEY_MUTE 0x906F
end codes
end remote

28
roles/Geth-Hub/files/lircd.conf/NS-RC4NA-14 Normal file
View File

@ -0,0 +1,28 @@
begin remote
name NS-RC4NA-14
bits 16
flags SPACE_ENC|CONST_LENGTH
eps 30
aeps 100
header 9102 4441
one 640 1623
zero 640 496
ptrail 639
repeat 9103 2189
pre_data_bits 16
pre_data 0x61A0
gap 108350
toggle_bit_mask 0x0
begin codes
KEY_POWER 0xF00F
KEY_CONFIG 0xB847
KEY_VOLUMEUP 0x30CF
KEY_VOLUMEDOWN 0xB04F
KEY_MUTE 0x708F
KEY_ENTER 0x18E7
end codes
end remote

17
roles/Geth-Hub/tasks/main.yml
View File

@ -6,6 +6,7 @@
name:
- motion
- lirc
- snmpd
- libcamera-apps
- ir-keytable
state: present
@ -120,7 +121,7 @@
register: lircd_remote_config
become: yes
copy:
src: "lircd.conf/{{ inventory_hostname }}"
src: "lircd.conf/{{ remote }}"
dest: /etc/lirc/lircd.conf
- name: Start the services
@ -130,3 +131,17 @@
name: lircd
state: restarted
enabled: yes
- name: SNMPD config
become: yes
template:
src: snmpd.conf.j2
dest: /etc/snmp/snmpd.conf
- name: SNMPD service
become: yes
service:
name: snmpd
state: restarted
enabled: yes

23
roles/Geth-Hub/templates/snmpd.conf.j2 Normal file
View File

@ -0,0 +1,23 @@
sysLocation {{ inventory_hostname }}
sysContact {{ organization['admin'] }} <{{ organization['email'] }}>
sysServices 72
master agentx
agentaddress {{ ip }}:161
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
view remotecmds included .1
CreateUser remote SHA {{ passwords[inventory_hostname] }} AES {{ passwords[inventory_hostname] }}
rouser remote priv .1
extend -cacheTime 1 power /usr/bin/irsend SEND_ONCE {{ remote }} KEY_POWER
extend -cacheTime 1 mute /usr/bin/irsend SEND_ONCE {{ remote }} KEY_MUTE
extend -cacheTime 1 volumeup /usr/bin/irsend SEND_ONCE {{ remote }} KEY_VOLUMEUP
extend -cacheTime 1 volumedown /usr/bin/irsend SEND_ONCE {{ remote }} KEY_VOLUMEDOWN
extend -cacheTime 1 config /usr/bin/irsend SEND_ONCE {{ remote }} KEY_CONFIG
extend -cacheTime 1 enter /usr/bin/irsend SEND_ONCE {{ remote }} KEY_ENTER

11
roles/IRC/README.md
View File

@ -28,6 +28,17 @@ The following entities can be messaged personally (PM'ed) for help with `/msg <e
* ChanServ will manage IRC channels -- new channels can be registered on the network here.
* MemoServ will manage IRC memos (short text-message-like messages between users).
### Bots
#### Bitbot
BitBot is a webhook engine -- we tie it into AniNIX/Yggdrasil and AniNIX/Foundation.
### discord-irc
Discord-IRC acts as a bridge between our IRC network and Discord -- this lets us integrate with mobile push notifications & lowers the barrier to entry to the network.
# Available Clients
A [simple web client](https://irc.aninix.net) is hosted.

14
roles/Maat/files/pacoloco.yaml Normal file
View File

@ -0,0 +1,14 @@
port: 9129
download_timeout: 3600 # download will timeout after 3600 seconds
cache_dir: /var/cache/pacoloco
purge_files_after: 360000 # 360000 seconds or 100 hours, 0 to disable
repos:
archlinux:
urls:
- http://mirrors.gigenet.com/archlinux/
- http://mnvoip.mm.fcix.net/archlinux/
- http://mirrors.kernel.org/archlinux/
- http://ftp.osuosl.org/pub/archlinux/
- https://mnvoip.mm.fcix.net/archlinux/
- http://southfront.mm.fcix.net/archlinux/
user_agent: Pacoloco

22
roles/Maat/tasks/main.yml
View File

@ -4,6 +4,7 @@
package:
name:
- Maat
- pacoloco
- name: makepkg.conf configuration
become: yes
@ -26,3 +27,24 @@
name: maat.timer
state: restarted
enabled: yes
- name: Generate mirrorlist
delegate_to: localhost
run_once: yes
command: "bash ../bin/generate-mirrorlist"
- name: Copy pacoloco config
become: yes
copy:
src: pacoloco.yaml
dest: /etc/pacoloco.yaml
owner: root
group: root
mode: 0755
- name: Start pacoloco service
become: yes
service:
name: pacoloco
state: restarted
enabled: yes

6
roles/ShadowArch/files/motd/Node1 Normal file
View File

@ -0,0 +1,6 @@
################################################################################
# AniNIX/Node0 #
# #
# This is the network virtualization platform. VMs can be found with this: #
# cd /usr/lib/systemd/system; ls -1 *vm.service | xargs -n 1 systemctl status #
################################################################################

6
roles/ShadowArch/files/motd/Node2 Normal file
View File

@ -0,0 +1,6 @@
################################################################################
# AniNIX/Node0 #
# #
# This is the network virtualization platform. VMs can be found with this: #
# cd /usr/lib/systemd/system; ls -1 *vm.service | xargs -n 1 systemctl status #
################################################################################

6
roles/ShadowArch/files/motd/Node3 Normal file
View File

@ -0,0 +1,6 @@
################################################################################
# AniNIX/Node0 #
# #
# This is the network virtualization platform. VMs can be found with this: #
# cd /usr/lib/systemd/system; ls -1 *vm.service | xargs -n 1 systemctl status #
################################################################################

12
roles/ShadowArch/tasks/main.yml
View File

@ -94,16 +94,12 @@
mode: 0644
when: ansible_os_family == "Archlinux"
- name: Generate mirrorlist
delegate_to: localhost
run_once: yes
command: "bash ../bin/generate-mirrorlist"
- name: Copy mirrorlist
- name: Set mirror
become: yes
when: ansible_os_family == "Archlinux"
copy:
src: mirrorlist
content: |
Server = {{ mirroruri }}
dest: /etc/pacman.d/mirrorlist.shadowarch
owner: root
group: root
@ -160,7 +156,7 @@
become: yes
command:
chdir: '/opt/aninix/ShadowArch'
cmd: '/bin/bash -c "make install; /usr/local/sbin/shadowarch-sync"'
cmd: '/bin/bash -c "make install"'
when: ansible_os_family != "Archlinux"
- name: Set up hostname

4
roles/ShadowArch/tasks/raspbian-network.yml
View File

@ -41,3 +41,7 @@
owner: root
group: root
mode: 0600
- name: Ensure keys
become: yes
command: /bin/bash -c 'chmod go-rwx /etc/ssh/*key'

1
roles/Sharingan/files/monit/hostdefs/Node1 Normal file
View File

@ -0,0 +1 @@
include "/etc/monit.d/checks/system"

1
roles/Sharingan/files/monit/hostdefs/Node2 Normal file
View File

@ -0,0 +1 @@
include "/etc/monit.d/checks/system"

1
roles/Sharingan/files/monit/hostdefs/Node3 Normal file
View File

@ -0,0 +1 @@
include "/etc/monit.d/checks/system"

2
roles/Sharingan/files/sharingan-heartbeat.service
View File

@ -2,7 +2,7 @@
Description=AniNIX/Sharingan | Heartbeat service
[Service]
ExecStart=/bin/bash -c 'systemd-cat -t sharingan-heartbeat echo `systemctl is-system-running`'
ExecStart=/bin/bash -c 'systemd-cat -t sharingan-heartbeat echo `systemctl is-system-running` - `systemctl is-active sharingan-eval.service`'
Type=oneshot
RemainAfterExit=no
User=root

7
roles/common/service_account.yml Normal file
View File

@ -0,0 +1,7 @@
---
- name: Ensure service account is set up.
become: true
user:
name: "{{ service_account }}"
shell: /sbin/nologin