From 79e70690d6811f49ae1043968b525a8054c1cfee Mon Sep 17 00:00:00 2001
From: Glenn <glenux@glenux.net>
Date: Fri, 17 Feb 2023 15:48:29 +0100
Subject: [PATCH] Initial import

---
 ansible/ansible.cfg                          |  2 ++
 ansible/files/etc.network.interfaces.d.svc0  |  9 +++++
 ansible/files/etc.sudoers.d.vagrant          |  7 ++++
 ansible/files/home.developer.src.Vagrantfile | 31 ++++++++++++++++
 ansible/install.yml                          | 15 ++++++++
 ansible/tasks/buildtools.yml                 |  8 +++++
 ansible/tasks/libvirt.yml                    | 34 ++++++++++++++++++
 ansible/tasks/nfs.yml                        | 34 ++++++++++++++++++
 ansible/tasks/user.yml                       | 38 ++++++++++++++++++++
 ansible/tasks/vagrant.yml                    | 32 +++++++++++++++++
 inventories/real.ini                         |  2 ++
 vagrant/Vagrantfile                          | 23 ++++++++++++
 12 files changed, 235 insertions(+)
 create mode 100644 ansible/ansible.cfg
 create mode 100644 ansible/files/etc.network.interfaces.d.svc0
 create mode 100644 ansible/files/etc.sudoers.d.vagrant
 create mode 100644 ansible/files/home.developer.src.Vagrantfile
 create mode 100644 ansible/install.yml
 create mode 100644 ansible/tasks/buildtools.yml
 create mode 100644 ansible/tasks/libvirt.yml
 create mode 100644 ansible/tasks/nfs.yml
 create mode 100644 ansible/tasks/user.yml
 create mode 100644 ansible/tasks/vagrant.yml
 create mode 100644 inventories/real.ini
 create mode 100644 vagrant/Vagrantfile

diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
new file mode 100644
index 0000000..bf578e2
--- /dev/null
+++ b/ansible/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+allow_world_readable_tmpfiles = true
diff --git a/ansible/files/etc.network.interfaces.d.svc0 b/ansible/files/etc.network.interfaces.d.svc0
new file mode 100644
index 0000000..f981597
--- /dev/null
+++ b/ansible/files/etc.network.interfaces.d.svc0
@@ -0,0 +1,9 @@
+
+auto svc0
+iface svc0 inet static
+        address 192.168.254.254
+        netmask 255.255.255.0
+        network 192.168.254.0
+        pre-up ip link add dev svc0 type dummy
+        post-down ip link del dev svc0
+
diff --git a/ansible/files/etc.sudoers.d.vagrant b/ansible/files/etc.sudoers.d.vagrant
new file mode 100644
index 0000000..fc4aedc
--- /dev/null
+++ b/ansible/files/etc.sudoers.d.vagrant
@@ -0,0 +1,7 @@
+Cmnd_Alias VAGRANT_EXPORTS_CHOWN = /bin/chown 0\:0 /tmp/vagrant-exports
+Cmnd_Alias VAGRANT_EXPORTS_MV = /bin/mv -f /tmp/vagrant-exports /etc/exports
+Cmnd_Alias VAGRANT_NFSD_CHECK = /etc/init.d/nfs-kernel-server status
+Cmnd_Alias VAGRANT_NFSD_START = /etc/init.d/nfs-kernel-server start
+Cmnd_Alias VAGRANT_NFSD_APPLY = /usr/sbin/exportfs -ar
+%vagrant ALL=(root) NOPASSWD: VAGRANT_EXPORTS_CHOWN, VAGRANT_EXPORTS_MV, VAGRANT_NFSD_CHECK, VAGRANT_NFSD_START, VAGRANT_NFSD_APPLY
+
diff --git a/ansible/files/home.developer.src.Vagrantfile b/ansible/files/home.developer.src.Vagrantfile
new file mode 100644
index 0000000..8a0a712
--- /dev/null
+++ b/ansible/files/home.developer.src.Vagrantfile
@@ -0,0 +1,31 @@
+ENV['VAGRANT_EXPERIMENTAL']='1'
+
+Vagrant.configure('2') do |config|
+  config.vm.box = 'debian/bullseye64'
+
+  config.vm.provider 'libvirt' do |domain|
+    domain.memory = 2000
+    domain.nested = true
+    domain.cpus = 2
+  	domain.cpu_mode = "host-model"
+   	domain.management_network_name = 'vagrant-libvirt-new'
+   	domain.management_network_address = '192.168.124.0/24'
+  end
+
+  # nouveau serveur applicatif
+  config.vm.define 'bisket-jatra' do |machine|
+    machine.vm.hostname = 'bisket-jatra'
+  end
+
+  # nouveau serveur backups
+  config.vm.define 'nag-panchami' do |machine|
+    machine.vm.hostname = 'nag-panchami'
+  end
+
+  config.vm.provision 'shell', inline: <<-MARK
+    apt-get update
+    apt-get install -y python3
+  MARK
+  config.vm.provision 'shell', inline: 'echo "SUCCESS"'
+end
+
diff --git a/ansible/install.yml b/ansible/install.yml
new file mode 100644
index 0000000..c42049a
--- /dev/null
+++ b/ansible/install.yml
@@ -0,0 +1,15 @@
+---
+- hosts: all
+  become: true
+  tasks:
+    - name: Install vim
+      apt:
+        name:
+          - vim
+          - acl
+        state: present
+    - include_tasks: tasks/buildtools.yml
+    - include_tasks: tasks/libvirt.yml
+    - include_tasks: tasks/vagrant.yml
+    - include_tasks: tasks/nfs.yml
+    - include_tasks: tasks/user.yml
diff --git a/ansible/tasks/buildtools.yml b/ansible/tasks/buildtools.yml
new file mode 100644
index 0000000..9e43313
--- /dev/null
+++ b/ansible/tasks/buildtools.yml
@@ -0,0 +1,8 @@
+---
+- name: Install build tools
+  apt:
+    name:
+      - gcc
+      - make
+    state: present
+
diff --git a/ansible/tasks/libvirt.yml b/ansible/tasks/libvirt.yml
new file mode 100644
index 0000000..3419aad
--- /dev/null
+++ b/ansible/tasks/libvirt.yml
@@ -0,0 +1,34 @@
+---
+- name: Install LibVirt dependencies
+  apt:
+    name:
+      - qemu
+      - libvirt-daemon-system
+      - libvirt-daemon-config-network
+      - libvirt-dev
+      - ebtables
+      - libguestfs-tools
+    state: present
+
+- name: Test libvirt default network
+  shell: virsh net-list | grep -q default
+  register: virsh_net_test
+  ignore_errors: true
+  changed_when: false
+
+- ansible.builtin.service:
+    name: libvirtd
+    state: restarted
+  when: virsh_net_test.rc != 0
+
+- name: Autostart libvirt default network
+  command:
+    cmd: virsh net-autostart default
+  when: virsh_net_test.rc != 0
+
+- name: Start default network
+  command:
+    cmd: virsh net-start default
+  when: virsh_net_test.rc != 0
+
+#
diff --git a/ansible/tasks/nfs.yml b/ansible/tasks/nfs.yml
new file mode 100644
index 0000000..9be2009
--- /dev/null
+++ b/ansible/tasks/nfs.yml
@@ -0,0 +1,34 @@
+---
+- name: Add extra internal network interface for NFS
+  ansible.builtin.copy:
+    src: files/etc.network.interfaces.d.svc0
+    dest: /etc/network/interfaces.d/svc0
+    owner: root
+    group: root
+  register: nfs_net_iface
+
+- name: Restart network interface
+  shell:
+    cmd: ifdown svc0 && ifup svc0
+  when: nfs_net_iface.changed == true
+
+- name: Install nfs
+  apt:
+    name: nfs-kernel-server
+    state: present
+
+- name: Limit nfs service to localhost and svc0
+  ansible.builtin.blockinfile:
+    path: /etc/default/nfs-kernel-server
+    insertafter: '^RPCSVCGSSDOPTS='
+    block: |
+      # Listen only on localhost and svc0
+      RPCNFSDOPTS="-H 127.0.0.1 -H 192.168.254.254"
+  register: nfs_config_limit
+
+- ansible.builtin.service:
+    name: nfs-kernel-server
+    state: restarted
+  when: nfs_config_limit.changed == true
+
+#
diff --git a/ansible/tasks/user.yml b/ansible/tasks/user.yml
new file mode 100644
index 0000000..fc4993d
--- /dev/null
+++ b/ansible/tasks/user.yml
@@ -0,0 +1,38 @@
+---
+- name: Add the user 'developer'
+  ansible.builtin.user:
+    name: developer
+    shell: /bin/bash
+    groups: libvirt,vagrant
+    append: 'yes'
+    ssh_key_file: .ssh/id_rsa
+    password: '$6$mysecretsalt$QjSLl.VQoxPKJkBE9.oLX82C5P4tAMH8UfFRpkxgkqSg2GNob8Y39hj5/cl7o0gbpPXVBGaB9oLuCPfVhIhyA0'
+
+- name: Add src directory
+  ansible.builtin.file:
+    path: /home/developer/src
+    owner: developer
+    group: developer
+    state: directory
+
+- name: Add vagrantfile
+  ansible.builtin.copy:
+    src: files/home.developer.src.Vagrantfile
+    dest: /home/developer/src/Vagrantfile
+    owner: developer
+    group: developer
+
+- name: Test Vagrant plugin presence
+  become_user: developer
+  shell:
+    cmd: vagrant plugin list  |grep -q vagrant-libvirt
+  register: vagrant_libvirt_test
+  ignore_errors: true
+  changed_when: false
+
+- name: Install Vagrant plugin for libvirt
+  # become: yes
+  become_user: developer
+  command:
+    cmd: vagrant plugin install vagrant-libvirt
+  when: vagrant_libvirt_test.rc != 0
diff --git a/ansible/tasks/vagrant.yml b/ansible/tasks/vagrant.yml
new file mode 100644
index 0000000..371883a
--- /dev/null
+++ b/ansible/tasks/vagrant.yml
@@ -0,0 +1,32 @@
+- name: Install Vagrant key
+  get_url:
+    url: https://apt.releases.hashicorp.com/gpg
+    dest: /etc/apt/trusted.gpg.d/vagrant.asc
+
+- name: Ensure vagrant group exists
+  ansible.builtin.group:
+    name: vagrant
+    state: present
+
+- name: Add sudoers file
+  ansible.builtin.copy:
+    src: files/etc.sudoers.d.vagrant
+    dest: /etc/sudoers.d/vagrant
+    owner: root
+    group: root
+
+- name: Add Vagrant repository
+  apt_repository:
+    repo: >
+      deb
+      [signed-by=/etc/apt/trusted.gpg.d/vagrant.asc]
+      https://apt.releases.hashicorp.com bullseye main
+    state: present
+    update_cache: true
+
+- name: Install Vagrant
+  apt:
+    name: vagrant
+    state: present
+
+#
diff --git a/inventories/real.ini b/inventories/real.ini
new file mode 100644
index 0000000..38fc07f
--- /dev/null
+++ b/inventories/real.ini
@@ -0,0 +1,2 @@
+
+vagrant-host ansible_host=5.135.143.189 ansible_user=debian ansible_become=yes
diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile
new file mode 100644
index 0000000..5b7e663
--- /dev/null
+++ b/vagrant/Vagrantfile
@@ -0,0 +1,23 @@
+Vagrant.configure("2") do |config|
+  config.vm.box = 'debian/bullseye64'
+
+  config.vm.provider 'libvirt' do |domain|
+    domain.memory = 8000
+    domain.nested = true
+    domain.cpus = 2
+  end
+
+  config.vm.provision 'shell', inline: <<-MARK
+    apt-get update
+    apt-get install -y python3
+  MARK
+  config.vm.provision 'shell', inline: 'echo "SUCCESS"'
+
+  config.vm.provision 'ansible', after: :all do |ansible|
+    ansible.limit = 'all'
+    ansible.playbook = '../ansible/install.yml'
+    # ansible.inventory_path = '../inventories/vagrant.ini'
+  end
+
+
+end