Initial commit

2024-10-30 01:50:38 +01:00
commit 587ca23374
147 changed files with 7521 additions and 0 deletions
--- a/roles/pbr/tasks/main.yml
+++ b/roles/pbr/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+# Install required packages
+- name: Install required packages
+  ansible.builtin.include_tasks: prepare.yml
+
+# Configure pbr service settings
+- name: Configure pbr service settings
+  ansible.builtin.include_tasks: service.yml
+
+# Configure pbr policies
+- name: Configure pbr policies
+  ansible.builtin.include_tasks: policy.yml
+  loop: "{{ pbr_policies | default([]) }}"
+
+# Apply changes and reload pbr service
+- name: Apply changes and reload pbr
+  uci:
+    command: commit
+  notify: Reload pbr
--- a/roles/pbr/tasks/policy.yml
+++ b/roles/pbr/tasks/policy.yml
@@ -0,0 +1,44 @@
+---
+# Set state status for policy
+- name: Set state status for policy {{ item.id | default('@policy[-1]') }}
+  ansible.builtin.set_fact:
+    policy_state: "{{ item.state | default('present') }}"
+
+# Delete policy
+- name: Delete policy {{ item.id }}
+  when: "'absent' in policy_state"
+  uci:
+    command: "absent"
+    config: "pbr"
+    section: "{{ item.id | default('@policy[-1]') }}"
+    type: "policy"
+
+# Create and configure policy
+- name: Create and configure policy
+  when: "'present' in policy_state"
+  block:
+    # Create policy
+    - name: Create policy {{ item.id | default('@policy[-1]') }}
+      uci:
+        command: "add"
+        config: "pbr"
+        section: "{{ item.id | default('@policy[-1]') }}"
+        type: "policy"
+
+    # Configure policy
+    - name: Configure policy {{ item.id | default('@policy[-1]') }}
+      uci:
+        command: "set"
+        config: "pbr"
+        section: "{{ item.id | default('@policy[-1]') }}"
+        type: "policy"
+        value:
+          name: "{{ item.name | default(omit) }}"
+          enabled: "{{ item.enabled | default(omit) }}"
+          interface: "{{ item.interface | default(omit) }}"
+          src_addr: "{{ item.src_addr | default([]) | join(' ') }}"
+          src_port: "{{ item.src_port | default([]) | join(' ') }}"
+          dest_addr: "{{ item.dest_addr | default([]) | join(' ') }}"
+          dest_port: "{{ item.dest_port | default([]) | join(' ') }}"
+          proto: "{{ item.proto | default(omit) }}"
+          chain: "{{ item.chain | default(omit) }}"
--- a/roles/pbr/tasks/prepare.yml
+++ b/roles/pbr/tasks/prepare.yml
@@ -0,0 +1,88 @@
+---
+# Update opkg cache
+- name: Update opkg cache
+  ansible.builtin.command:
+    cmd: "opkg update"
+  changed_when: false
+
+# Install pbr packages
+- name: Install pbr packages
+  opkg:
+    name: "{{ item }}"
+    state: "present"
+  loop: "{{ pbr_pkgs }}"
+
+# Check dnsmasq-full installed version
+- name: Check dnsmasq-full installed version
+  ansible.builtin.command:
+    cmd: "opkg list-installed | grep dnsmasq-full | awk '{print $3}'"
+    uses_shell: true
+  register: dnsmasq_full_installed_version
+  changed_when: false
+
+# Check dnsmasq-full release version
+- name: Check dnsmasq-full release version
+  ansible.builtin.command:
+    cmd: "opkg find dnsmasq-full | awk '{print $3}'"
+    uses_shell: true
+  register: dnsmasq_full_release_version
+  changed_when: false
+
+# Install dnsmasq-full release version
+- name: Install dnsmasq-full release version
+  when: >
+    (dnsmasq_full_installed_version.stdout is undefined or
+    dnsmasq_full_installed_version.stdout < dnsmasq_full_required_version) and
+    dnsmasq_full_release_version.stdout >= dnsmasq_full_required_version
+  block:
+    # Remove dnsmasq-base packages
+    - name: Remove dnsmasq-base package
+      opkg:
+        name: "{{ item }}"
+        state: "absent"
+      loop: ["dnsmasq", "dnsmasq-full"]
+
+    # Install dnsmasq-full release version
+    - name: Install dnsmasq-full release version
+      opkg:
+        name: "dnsmasq-full"
+        state: "present"
+
+# Install dnsmasq-full snapshot version
+- name: Install dnsmasq-full snapshot version
+  when: >
+    (dnsmasq_full_installed_version.stdout is undefined or
+    dnsmasq_full_installed_version.stdout < dnsmasq_full_required_version) and
+    dnsmasq_full_release_version.stdout < dnsmasq_full_required_version
+  block:
+    # Remove current dnsmasq-base packages
+    - name: Remove current dnsmasq packages
+      opkg:
+        name: "{{ item }}"
+        state: "absent"
+      loop: ["dnsmasq", "dnsmasq-full"]
+
+    # Install curl for package downloading
+    - name: Install curl
+      opkg:
+        name: "curl"
+        state: "present"
+
+    # Get current package architecture
+    - name: Get current package architecture
+      ansible.builtin.command:
+        cmd: "opkg print-architecture | tail -n 1 | awk '{print $2}'"
+        uses_shell: true
+      register: current_package_architecture
+      changed_when: false
+
+    # Set snapshot packages facts
+    - name: Set snapshot packages facts
+      ansible.builtin.set_fact:
+        snapshot_repo_url: "https://downloads.openwrt.org/snapshots/packages/{{ current_package_architecture.stdout }}/base/"
+        snapshot_pkgs_list: ["libubox[0-9]", "libubus[0-9]", "dnsmasq-full"]
+
+    # Download and install snapshot packages
+    - name: Download and install snapshot packages
+      ansible.builtin.include_tasks: snapshot.yml
+      loop: "{{ snapshot_pkgs_list }}"
--- a/roles/pbr/tasks/service.yml
+++ b/roles/pbr/tasks/service.yml
@@ -0,0 +1,25 @@
+---
+# Configure service settings
+- name: Configure service settings
+  uci:
+    command: "set"
+    config: "pbr"
+    section: "config"
+    type: "pbr"
+    value:
+      enabled: "{{ pbr_service.enabled | default(omit) }}"
+      verbosity: "{{ pbr_service.verbosity | default(omit) }}"
+      strict_enforcement: "{{ pbr_service.strict_enforcement | default(omit) }}"
+      resolver_set: "{{ pbr_service.resolver_set | default(omit) }}"
+      resolver_instance: "{{ pbr_service.resolver_instance | default([]) | join(' ') }}"
+      ipv6_enabled: "{{ pbr_service.ipv6_enabled | default(omit) }}"
+      supported_interface: "{{ pbr_service.supported_interface | default([]) | join(' ') }}"
+      ignored_interface: "{{ pbr_service.ignored_interface | default([]) | join(' ') }}"
+      boot_timeout: "{{ pbr_service.boot_timeout | default(omit) }}"
+      rule_create_option: "{{ pbr_service.rule_create_option | default(omit) }}"
+      icmp_interface: "{{ pbr_service.icmp_interface | default(omit) }}"
+      wan_mark: "{{ pbr_service.wan_mark | default(omit) }}"
+      fw_mask: "{{ pbr_service.fw_mask | default(omit) }}"
+      secure_reload: "{{ pbr_service.secure_reload | default(omit) }}"
+      webui_show_ignore_target: "{{ pbr_service.webui_show_ignore_target | default(omit) }}"
+      webui_supported_protocol: "{{ pbr_service.webui_supported_protocol | default([]) | join(' ') }}"
--- a/roles/pbr/tasks/snapshot.yml
+++ b/roles/pbr/tasks/snapshot.yml
@@ -0,0 +1,32 @@
+---
+# Get package file name
+- name: Get package file name {{ item }}
+  ansible.builtin.command:
+    cmd: 'curl {{ snapshot_repo_url }} | grep {{ item }} | sed ''s/.*href=\"//'' | sed -r ''s/\".+//'''
+    uses_shell: true
+  register: snapshot_package_file_name
+  changed_when: false
+
+# Set package file name fact
+- name: Set package file name fact
+  ansible.builtin.set_fact:
+    snapshot_package_name: "{{ snapshot_package_file_name.stdout }}"
+
+# Download package file
+- name: Download package file {{ snapshot_package_name }}
+  ansible.builtin.command:
+    cmd: "curl {{ snapshot_repo_url }}{{ snapshot_package_name }} -o {{ snapshot_package_name }}"
+    uses_shell: true
+    chdir: "/tmp"
+
+# Install package file
+- name: Install package from file {{ snapshot_package_name }}
+  ansible.builtin.command:
+    cmd: "opkg install {{ snapshot_package_name }}"
+    chdir: "/tmp"
+
+# Clean package file
+- name: Clean package file {{ snapshot_package_name }}
+  ansible.builtin.command:
+    cmd: "rm -f {{ snapshot_package_name }}"
+    chdir: "/tmp"