restrucure

ansible/ansible.cfg

@@ -0,0 +1,6 @@
+[defaults]
+inventory=inventory
+interpreter_python=/usr/bin/python3
+
+[diff]
+always = True

ansible/dnsmasq.conf

@@ -0,0 +1,39 @@
+# Disable /etc/resolv.conf
+no-resolv
+# Upstream DNS server
+server=192.168.30.1
+# Always serve .dmz locally
+local=/dmz/
+# Put all clients in the dmz domain
+dhcp-fqdn
+# Don't read /etc/hosts
+no-hosts
+# Domain is automatically added to if missing
+expand-hosts
+# Domain that is used for DHCP on this network
+domain=dmz
+# IPv4 DHCP range
+dhcp-range=192.168.30.100,192.168.30.200,infinite
+# Predefined DHCP hosts
+dhcp-host=b8:27:eb:b9:ab:e2,esrom
+dhcp-host=b4:2e:99:77:1b:da,max
+dhcp-host=d8:5e:d3:47:33:6e,lewis
+# Advertise router
+dhcp-option=3,192.168.30.1
+# Always send the IPv6 DNS server address (this machine)
+dhcp-option=option6:dns-server,[2a02:58:19a:f730::1]
+# Advertise SLAAC for the given prefix
+dhcp-range=2a02:58:19a:f730::, ra-stateless, ra-names
+# Do not advertise default gateway via DHCPv6
+ra-param=*,0,0
+# Alias public IP address to local
+alias=84.245.14.149,192.168.30.3
+# Override DNS servers for our domains
+server=/pizzapim.nl/192.168.30.3
+server=/geokunis2.nl/192.168.30.3
+server=/pim.kunis.nl/192.168.30.3
+# Enable extended logging
+log-dhcp
+log-queries
+# Resolve dns.dmz to addresses on main NIC
+interface-name=hermes.dmz,ens3

ansible/hermes.yml

@@ -0,0 +1,46 @@
+---
+- hosts: all
+  gather_facts: no
+  tasks:
+    - name: Wait for host to come up
+      wait_for:
+        state: started
+        port: 22
+        host: "{{ internal_ip }}"
+        delay: 10
+        timeout: 300
+        connect_timeout: 300
+        search_regex: OpenSSH
+      delegate_to: localhost
+    - name: Wait for cloud-init to finish
+      command:
+        cmd: cloud-init status --wait
+    - name: Gather facts
+      setup:
+    - name: Update repositories
+      apt:
+        autoremove: true
+        upgrade: yes
+        state: latest
+        update_cache: yes
+        cache_valid_time: 86400 # One day
+    - name: Install packages
+      apt:
+        pkg:
+          - qemu-guest-agent
+          - dnsmasq
+          - dnsutils
+    - name: Disable systemd-resolved
+      systemd:
+        name: systemd-resolved
+        enabled: false
+        state: stopped
+    - name: Copy dnsmasq configuration
+      copy:
+        src: "dnsmasq.conf"
+        dest: "/etc/dnsmasq.conf"
+    - name: Enable dnsmasq
+      systemd:
+        name: dnsmasq
+        enabled: true
+        state: started

ansible/inventory

@@ -0,0 +1,3 @@
+[targets]
+
+192.168.30.7     ansible_connection=ssh        ansible_user=root