HalisCz/ansible-vpsfree-kvm-alpine

## ansible-vpsfree-kvm-alpine
---
- name: Instalace KVM na Alpine Linuxu #podle https://kb.vpsfree.cz/navody/vps/kvm#instalace_balicku_a_konfigurace_hypervizoru
  block:
  - name: install packages
    apk: name={{ item }} state=latest
    update_cache: yes
    with_items:
      - qemu-system-x86_64
      - qemu-openrc
      - qemu-img
      - bridge
      - iptables
      - ip6tables

  - name: set permission for /dev/kvm
    file:
      path: /dev/kvm
      group: kvm
      mode: g+rw

  - name: set permission for /dev/net/tun
    file:
      path: /dev/net/tun
      group: netdev
      mode: g+rw

  - name: set up networking
    copy:
      dest: /etc/network/interfaces.tail
      content: |
        auto br0
        iface br0 inet static
          pre-up brctl addbr br0
          address 172.17.1.1
          netmask 255.255.255.0
          post-down brctl delbr br0
    register: networking

  - name: reboot for networking changes
    shell: "sleep 2 && reboot"
    async: 1
    poll: 0
    ignore_errors: true
    when: networking|changed

  - name: Wait for the server to become online
    local_action: wait_for host="{{ hostvars[inventory_hostname]['ansible_host'] | default(inventory_hostname) }}" state=started delay=8 port=22 connect_timeout=3 search_regex=OpenSSH
    become: no
    when: networking|changed

  - name: configure br0
    copy:
      dest: /etc/qemu/bridge.conf
      content: |
        allow br0

  - name: set permission for br0
    file:
      path: /etc/qemu/bridge.conf
      group: qemu
      owner: root
      mode: 0640

  tags: instalace

- name: Nastavení iptables #podle https://kb.vpsfree.cz/navody/vps/kvm#nastaveni_iptables
  block:
  - name: Zjištění zda existuje složka s defaultními pravidly
    stat:
      path: /etc/iptables
    register: iptables_dir

  - name: Vyčištění defaultní konfigurace iptables
    file:
      path: /etc/iptables
      state: absent
    when: iptables_dir.stat.isdir is defined and iptables_dir.stat.isdir

  - name: Stažení iptables konfigurace
    uri:
      url: https://gist.githubusercontent.com/jirutka/3742890/raw/c9f6bdbfcf597578e562c92ea1e256a9ebcf3a2c/rules-both.iptables
      return_content: yes
    register: iptables_default

  - name: Instalace iptables konfigurace
    copy:
      dest: /etc/iptables
      content: |
        {{ iptables_default.content }}

        # KVM MASQUERADE
        *nat
        -A POSTROUTING -s 172.17.1.0/24 ! -o br0 -j MASQUERADE
        COMMIT

  - name: Nastavení iptables
    copy:
      dest: /etc/conf.d/iptables
      content: |
        # /etc/conf.d/iptables

        IPTABLES_SAVE="/etc/iptables"
        #SAVE_RESTORE_OPTIONS="-c"
        SAVE_ON_STOP="no"
        IPFORWARD="yes"

  - name: Nastavení ip6tables
    copy:
      dest: /etc/conf.d/ip6tables
      content: |
        # /etc/conf.d/ip6tables

        IP6TABLES_SAVE="/etc/iptables"
        SAVE_RESTORE_OPTIONS="-T filter"
        SAVE_ON_STOP="no"
        IPFORWARD="yes"

  - name: Enable iptables
    service:
      name: iptables
      enabled: yes
      runlevel: boot
      state: started

  - name: Enable ip6tables
    service:
      name: ip6tables
      enabled: yes
      runlevel: boot
      state: started

  tags: nastaveni-iptables
	---
	- name: Instalace KVM na Alpine Linuxu #podle https://kb.vpsfree.cz/navody/vps/kvm#instalace_balicku_a_konfigurace_hypervizoru
	block:
	- name: install packages
	apk: name={{ item }} state=latest
	update_cache: yes
	with_items:
	- qemu-system-x86_64
	- qemu-openrc
	- qemu-img
	- bridge
	- iptables
	- ip6tables

	- name: set permission for /dev/kvm
	file:
	path: /dev/kvm
	group: kvm
	mode: g+rw

	- name: set permission for /dev/net/tun
	file:
	path: /dev/net/tun
	group: netdev
	mode: g+rw

	- name: set up networking
	copy:
	dest: /etc/network/interfaces.tail
	content: \|
	auto br0
	iface br0 inet static
	pre-up brctl addbr br0
	address 172.17.1.1
	netmask 255.255.255.0
	post-down brctl delbr br0
	register: networking

	- name: reboot for networking changes
	shell: "sleep 2 && reboot"
	async: 1
	poll: 0
	ignore_errors: true
	when: networking\|changed

	- name: Wait for the server to become online
	local_action: wait_for host="{{ hostvars[inventory_hostname]['ansible_host'] \| default(inventory_hostname) }}" state=started delay=8 port=22 connect_timeout=3 search_regex=OpenSSH
	become: no
	when: networking\|changed

	- name: configure br0
	copy:
	dest: /etc/qemu/bridge.conf
	content: \|
	allow br0

	- name: set permission for br0
	file:
	path: /etc/qemu/bridge.conf
	group: qemu
	owner: root
	mode: 0640

	tags: instalace

	- name: Nastavení iptables #podle https://kb.vpsfree.cz/navody/vps/kvm#nastaveni_iptables
	block:
	- name: Zjištění zda existuje složka s defaultními pravidly
	stat:
	path: /etc/iptables
	register: iptables_dir

	- name: Vyčištění defaultní konfigurace iptables
	file:
	path: /etc/iptables
	state: absent
	when: iptables_dir.stat.isdir is defined and iptables_dir.stat.isdir

	- name: Stažení iptables konfigurace
	uri:
	url: https://gist.githubusercontent.com/jirutka/3742890/raw/c9f6bdbfcf597578e562c92ea1e256a9ebcf3a2c/rules-both.iptables
	return_content: yes
	register: iptables_default

	- name: Instalace iptables konfigurace
	copy:
	dest: /etc/iptables
	content: \|
	{{ iptables_default.content }}

	# KVM MASQUERADE
	*nat
	-A POSTROUTING -s 172.17.1.0/24 ! -o br0 -j MASQUERADE
	COMMIT

	- name: Nastavení iptables
	copy:
	dest: /etc/conf.d/iptables
	content: \|
	# /etc/conf.d/iptables

	IPTABLES_SAVE="/etc/iptables"
	#SAVE_RESTORE_OPTIONS="-c"
	SAVE_ON_STOP="no"
	IPFORWARD="yes"

	- name: Nastavení ip6tables
	copy:
	dest: /etc/conf.d/ip6tables
	content: \|
	# /etc/conf.d/ip6tables

	IP6TABLES_SAVE="/etc/iptables"
	SAVE_RESTORE_OPTIONS="-T filter"
	SAVE_ON_STOP="no"
	IPFORWARD="yes"

	- name: Enable iptables
	service:
	name: iptables
	enabled: yes
	runlevel: boot
	state: started

	- name: Enable ip6tables
	service:
	name: ip6tables
	enabled: yes
	runlevel: boot
	state: started

	tags: nastaveni-iptables