diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..9759e1fd0fbc4a299c5254b6fca1865ca4f8356e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+.venv
+.idea
+tmp/*
\ No newline at end of file
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..0d5619b14196845d40ef043dce92692423c0e2bb
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,4 @@
+[defaults]
+inventory = inventory.yml
+timeout = 30
+host_key_checking = False
\ No newline at end of file
diff --git a/bootstrap.sh b/bootstrap.sh
new file mode 100755
index 0000000000000000000000000000000000000000..2a9b8d6a2506c11725e5001b2729c86ab8de526c
--- /dev/null
+++ b/bootstrap.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+
+########################### Folder setup ####################################
+
+[[ ! -d ./tasks ]] && mkdir tasks
+[[ ! -d ./vars ]] && mkdir vars
+
+#Password Vault file
+if [ ! -f vars/password-vault.yml ]; then
+
+cat << EOF > vars/password-vault.yml
+---
+sudopass: #TODO replace it
+EOF
+ echo "vars/password-vault.yml has created. Please fill the decrypt password."
+ ansible-vault encrypt vars/password-vault.yml
+ echo "vars/password-vault.yml has created. Please fill the missing arguments."
+
+else
+ echo "vars/password-vault.yml already exists!"
+fi
+
+
+########################### Virtualenv setup ####################################
+
+# create virtualenv if not present
+[[ ! -d .venv ]] && python3 -m venv .venv
+
+source .venv/bin/activate
+
+pip3 install wheel
+pip3 install ansible
+pip3 install docker
+pip3 install docker-py
+
+########################### Ansible setup ####################################
+
+ansible-galaxy install -r requirements.galaxy.yml --force
+
+########################### Help ####################################
+
+echo
+echo "########################################"
+echo
+echo "Your playbooks:"
+
+find . -maxdepth 1 -type f -name "*.yml" | grep -v inventory
+
+echo
+echo "Recommendation: Set up your OpenSSH config based on inventory.yml"
+
+echo
+echo "You can run playbook with:"
+printf "\tansible-playbook -i inventory.yml your-playbook.yml --ask-vault-pass"
+echo
+
diff --git a/inventory.yml b/inventory.yml
new file mode 100644
index 0000000000000000000000000000000000000000..83cc0b0d035433432e699d39555d50c91820ee06
--- /dev/null
+++ b/inventory.yml
@@ -0,0 +1,15 @@
+---
+richardvm:
+ hosts:
+ richardvm.sch.bme.hu:
+ ansible_host: 152.66.211.105
+ mac_vlan211: 00:50:56:10:3d:21
+ ip_vlan211: 152.66.211.105/24
+ ansible_become_pass: "{{ sudopass }}"
+ ansible_ssh_user: richard
+ ansible_become: yes
+
+
+all:
+ children:
+ richardvm: {}
diff --git a/main.yml b/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..81a8a2bd508d1c58b96a7efdf462da42627a312c
--- /dev/null
+++ b/main.yml
@@ -0,0 +1,39 @@
+---
+- name: basic stuffs
+ hosts: all
+ gather_facts: no
+ tags: basic
+ vars_files:
+ - vars/password-vault.yml
+ tasks:
+ - name: create richard user
+ import_tasks: tasks/create-richard-user.yaml
+
+- name: basic stuffs
+ hosts: all
+ gather_facts: yes
+ tags: basic
+ vars_files:
+ - vars/password-vault.yml
+ vars:
+ network_configs:
+ - 40-vlan211-static
+ tasks:
+ - name: apt install basic packages
+ become: true
+ apt:
+ name: "{{ item }}"
+ state: present
+ update_cache: "yes"
+ with_items:
+ - open-vm-tools
+ tags: basic
+
+ - name: set up banner
+ import_tasks: tasks/banner.yaml
+
+ - name: "set up networks"
+ import_tasks: tasks/network.yaml
+
+ - name: "set up petalinux"
+ import_tasks: tasks/petalinux.yaml
diff --git a/requirements.galaxy.yml b/requirements.galaxy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..765ad429baa1ed4b872b4a55802154fd42792d16
--- /dev/null
+++ b/requirements.galaxy.yml
@@ -0,0 +1,14 @@
+---
+
+# items from https://galaxy.ansible.com/home
+
+collections:
+ - ansible.posix
+ - community.docker
+
+roles:
+ - geerlingguy.docker
+ - src: git@git.sch.bme.hu:NETAdmin/ansibleroles/neteamvm.git
+ scm: git
+ #ref: 2.0.0
+ name: neteam.vm
diff --git a/run.sh b/run.sh
new file mode 100755
index 0000000000000000000000000000000000000000..1d206c82000a77075bc4503c45a2294ed787109f
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+source .venv/bin/activate
+ansible-playbook main.yml --ask-vault-pass
diff --git a/tasks/banner.yaml b/tasks/banner.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ad4d590a3ef0b7f3f58763da18c54d94e2152850
--- /dev/null
+++ b/tasks/banner.yaml
@@ -0,0 +1,35 @@
+---
+- name: Install figlet for creating motd
+ package:
+ state: present
+ name:
+ - figlet
+
+- name: Generate motd ascii from text
+ command: figlet {{ motd_text | default(ansible_hostname.split('.')[0]) }}
+ register: motd_ascii_art
+ changed_when: false
+
+- name: Install update-motd
+ apt:
+ name: update-motd
+ state: present
+
+- name: Remove parts of factory banner
+ become: true
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - /etc/update-motd.d/10-help-text
+ - /etc/update-motd.d/50-motd-news
+
+- name: Place motd file.
+ template:
+ src: etc/update-motd.d/motd.sh.j2
+ dest: /etc/update-motd.d/40-custom-banner
+ mode: 0755
+
+- name: Update motd
+ command: update-motd
+ changed_when: false
diff --git a/tasks/create-richard-user.yaml b/tasks/create-richard-user.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..be4406774794b16cd370d4b982397bbf892e5e11
--- /dev/null
+++ b/tasks/create-richard-user.yaml
@@ -0,0 +1,75 @@
+---
+- name: Try connecting as richard
+ ping: {}
+ changed_when: False
+ register: ans
+ ignore_errors: yes
+ ignore_unreachable: yes
+
+- name: Connect as ubuntu user
+ when: '"unreachable" in ans and ans.unreachable'
+ set_fact:
+ ansible_ssh_user: ubuntu
+ changed_when: False
+ delegate_to: localhost
+
+- block:
+ - name: Create richard user
+ user:
+ name: richard
+ append: yes
+ shell: /bin/bash
+ groups:
+ - sudo
+ password: "{{ sudopass | password_hash('sha512') }}"
+
+ - name: Create .ssh folder
+ file:
+ state: directory
+ path: /home/richard/.ssh
+ owner: richard
+ group: richard
+ mode: "700"
+
+ - name: Add currently approved keys to richard
+ copy:
+ src: "/home/ubuntu/.ssh/authorized_keys"
+ dest: /home/richard/.ssh/authorized_keys
+ remote_src: yes
+ owner: richard
+ group: richard
+ mode: "600"
+
+ - name: Change back to richard user
+ set_fact:
+ ansible_ssh_user: richard
+
+ - name: Kill remaining procecces of ubuntu user
+ command: killall -u ubuntu
+ register: ubuntu_is_kil
+ failed_when: ubuntu_is_kil.stdout.strip() != ""
+
+ - name: Remove ubuntu user
+ user:
+ name: ubuntu
+ state: absent
+
+ - name: Remove unconditional sudo for ubuntu user
+ file:
+ path: /etc/sudoers.d/90-cloud-init-users
+ state: absent
+
+ - name: Add trusted ssh keys
+ authorized_key:
+ key: "https://git.sch.bme.hu/{{ item }}.keys"
+ user: richard
+ state: present
+ with_items:
+ - szabo_richard
+ - woranhun
+
+ - name: Gather facts
+ gather_facts:
+ parallel: yes
+
+ when: '"unreachable" in ans and ans.unreachable'
diff --git a/tasks/network.yaml b/tasks/network.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..aebc8b8783c18c90ca48c0f53355b585ae897554
--- /dev/null
+++ b/tasks/network.yaml
@@ -0,0 +1,20 @@
+---
+- name: Remove parts of factory netplan
+ become: true
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - /etc/netplan/50-cloud-init.yaml
+
+- name: Configure netplan
+ become: true
+ template:
+ src: etc/netplan/{{ item }}.yml.j2
+ dest: /etc/netplan/{{ item }}.yaml
+ with_items: "{{ network_configs }}"
+
+- name: run netplan apply
+ become: true
+ command: netplan apply
+ changed_when: false
diff --git a/tasks/petalinux.yaml b/tasks/petalinux.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ddc4ff3de1f807f3089da573414ae92c5fa045ad
--- /dev/null
+++ b/tasks/petalinux.yaml
@@ -0,0 +1,140 @@
+---
+- name: make sh bash symlink
+ become: true
+ ansible.builtin.shell: ln -sf /bin/bash /bin/sh
+
+- name: copy plnx-env-setup
+ become: true
+ template:
+ src: plnx-env-setup.sh
+ dest: /root/plnx-env-setup.sh
+ mode: 0755
+
+- name: run /root/plnx-env-setup.sh
+ become: true
+ ansible.builtin.shell: /root/plnx-env-setup.sh > /root/plnx-env-setup.output
+
+- name: apt install required packages
+ become: true
+ apt:
+ name: "{{ item }}"
+ state: present
+ update_cache: "yes"
+ cache_valid_time: 9600
+ with_items:
+ - iproute2
+ - gcc
+ - g++
+ - net-tools
+ - libncurses5-dev
+ - zlib1g:i386
+ - libssl-dev
+ - flex
+ - bison
+ - libselinux1
+ - xterm
+ - autoconf
+ - libtool
+ - texinfo
+ - zlib1g-dev
+ - gcc-multilib
+ - build-essential
+ - screen
+ - pax
+ - gawk
+ - python3
+ - python3-pexpect
+ - python3-pip
+ - python3-git
+ - python3-jinja2
+ - xz-utils
+ - debianutils
+ - iputils-ping
+ - libegl1-mesa
+ - libsdl1.2-dev
+ - pylint3
+ - cpio
+ - python
+ - git
+ - make
+ - gnupg
+ - wget
+ - git-core
+ - diffstat
+ - chrpath
+ - socat
+ - tar
+ - unzip
+ - automake
+ - gzip
+
+- name: create /tools folder
+ become: true
+ file:
+ path: /tools
+ state: directory
+ mode: 0755
+
+- name: create /tools/Xilinx folder
+ become: true
+ file:
+ path: /tools/Xilinx
+ state: directory
+ mode: 0755
+ owner: richard
+ group: richard
+
+- name: create /tools/Xilinx/PetaLinux folder
+ become: true
+ file:
+ path: /tools/Xilinx/PetaLinux
+ state: directory
+ mode: 0755
+ owner: richard
+ group: richard
+
+- name: create /tools/Xilinx/PetaLinux/2021.1 folder
+ become: true
+ file:
+ path: /tools/Xilinx/PetaLinux/2021.1
+ state: directory
+ mode: 0755
+ owner: richard
+ group: richard
+
+- name: copy installer
+ copy:
+ src: ../tmp/petalinux-v2021.1-final-installer.run
+ dest: /home/richard/petalinux-v2021.1-final-installer.run
+
+# - name: run installer
+# ansible.builtin.shell: /home/richard/petalinux-v2021.1-final-installer.run -d /tools/Xilinx/PetaLinux/2021.1
+
+- name: "Check if .bashrc add settings is set"
+ shell: grep -c "^source /tools/Xilinx/PetaLinux/2021.1/settings.sh" /home/richard/.bashrc || true
+ register: bashrcok
+ changed_when: false
+
+- name: ".bashrc add settings"
+ lineinfile:
+ dest: /home/richard/.bashrc
+ line: "source /tools/Xilinx/PetaLinux/2021.1/settings.sh"
+ when: bashrcok.stdout == "0"
+
+- name: create /Xilinx folder
+ become: true
+ file:
+ path: /Xilinx
+ state: directory
+ mode: 0755
+ owner: richard
+ group: richard
+
+- name: create /Xilinx/PetaLinux/ folder
+ become: true
+ file:
+ path: /Xilinx/PetaLinux/
+ state: directory
+ mode: 0755
+ owner: richard
+ group: richard
diff --git a/templates/etc/netplan/40-vlan211-static.yml.j2 b/templates/etc/netplan/40-vlan211-static.yml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..2383face3c093594e0704723aaa0da8cd7a3b751
--- /dev/null
+++ b/templates/etc/netplan/40-vlan211-static.yml.j2
@@ -0,0 +1,17 @@
+network:
+ version: 2
+ renderer: networkd
+ ethernets:
+ ens160:
+ dhcp4: no
+ addresses: [{{ ip_vlan211 }}]
+ routes:
+ - to: 0.0.0.0/0
+ via: 152.66.211.254
+ metric: 200
+ match:
+ macaddress: {{ mac_vlan211 }}
+ set-name: ens160
+ nameservers:
+ addresses: [152.66.208.1, 1.1.1.1]
+ search: [sch.bme.hu]
diff --git a/templates/etc/update-motd.d/motd.sh.j2 b/templates/etc/update-motd.d/motd.sh.j2
new file mode 100644
index 0000000000000000000000000000000000000000..8a17f1edb1ef8ad08619728cc6046ec33ee52480
--- /dev/null
+++ b/templates/etc/update-motd.d/motd.sh.j2
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# !!!
+# {{ ansible_managed }}
+# !!!
+
+# source: http://patorjk.com/software/taag/#p=display&f=Standard&t=KSZK%20server
+cat <<EOF
+{% for line in motd_ascii_art.stdout.split('\n') %}
+{{ line | replace("`","\\`") }}
+{% endfor %}
+EOF
+
+echo "! ! !"
+echo "! Deployed with Ansible on {{ template_run_date.strftime('%Y-%m-%d %H:%M') }}."
+echo "! ! !"
diff --git a/templates/plnx-env-setup.sh b/templates/plnx-env-setup.sh
new file mode 100644
index 0000000000000000000000000000000000000000..a425c5da5178a9b06b579c8775ace15a9a599342
--- /dev/null
+++ b/templates/plnx-env-setup.sh
@@ -0,0 +1,161 @@
+#!/bin/bash
+
+#PetaLinux environment setup script
+#original version by Tony McDowell (tmcdowe@xilinx.com)
+#updated version by Sandeep Gundlupet Raju (sandeep.gundlupet-raju@xilinx.com)
+
+# Enable debug=1 mode -- this disables actual changes on the host machine using dry-run options.
+# Disable debbug=0 to proceed with installation
+debug=0;
+
+#get OS pretty name
+osPrettyName=`cat /etc/os-release | grep PRETTY_NAME | sed 's/.*="\(.*\)"/\1/'`;
+centosVersion=`cat /etc/centos-release | sed 's/[^0-9.]*\([0-9.]*\).*/\1/'`;
+osKernelVer=`uname -r`
+
+echo "***************************************************************";
+echo "PetaLinux Environment Setup Tool";
+echo "Running on $osPrettyName ($osKernelVer)";
+echo "***************************************************************";
+#print the debug message header
+if [ $debug -eq 1 ]; then echo "***DEBUG MODE ON!***"; fi;
+echo " "
+
+echo -n "NOTE: Check for superuser..."
+#get the actual user
+if [ $SUDO_USER ]; then actualUser=$SUDO_USER; else actualUser=`whoami`; fi
+#get the effective user
+currentUser=`whoami`
+if [ $currentUser != "root" ]; then echo "FAILED! \r\n Please re-run this script as sudo"; exit 1; else echo "SUCCESS! (from "$actualUser")"; fi;
+
+#determine the host OS from the pretty_name
+if [[ $(echo $osPrettyName | grep buntu) ]]; then
+ hostOS="ubuntu";
+ #echo "Running on Ubuntu";
+elif [[ $(echo $osPrettyName | grep CentOS) ]]; then
+ hostOS="centos";
+ echo "Running on CentOS version $centosVersion";
+elif [[ $(echo $osPrettyName | grep "Red Hat") ]]; then
+ hostOS="rhel";
+ #echo "Running on Red Hat";
+else
+ echo "ERROR: Cannot determine host operating system!"
+ echo "This script is only supported on Ubuntu, CentOS, and RHEL Linux distribution!"
+ exit 1;
+fi;
+
+## declare the package lists
+debPackages=(iproute2 gawk python3 python build-essential gcc git make net-tools libncurses5-dev tftpd zlib1g-dev libssl-dev flex bison libselinux1 gnupg wget git-core diffstat chrpath socat xterm autoconf libtool tar unzip texinfo zlib1g-dev gcc-multilib automake zlib1g:i386 screen pax gzip cpio python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev pylint3);
+
+rhelPackages=(net-tools gawk make wget tar bzip2 gzip python3 unzip perl patch diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath socat perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue python3-pip python3-GitPython python3-jinja2 python3-pexpect xz which SDL-devel xterm autoconf libtool.x86_64 zlib-devel automake glib2-devel zlib ncurses-devel openssl-devel dos2unix flex bison glibc.i686 glibc.x86_64 screen pax glibc-devel.i686 compat-libstdc++-33.i686 libstdc++.i686 libstdc++.x86_64);
+
+if [ $hostOS == "ubuntu" ]; then
+ packageList=(${debPackages[@]});
+elif [ $hostOS == "rhel" ]; then
+ packageList=(${rhelPackages[@]});
+elif [ $hostOS == "centos" ]; then
+ packageList=(${rhelPackages[@]});
+fi;
+
+#update shell on UBUNTU only
+#place this portion near the start of the script so that it runs before sudo expires if package installation takes a long time
+if [ $hostOS == "ubuntu" ]; then
+ echo -n "NOTE: Checking for DASH shell as default (Ubuntu only)...";
+ if echo `echo $0` | grep 'dash'; then
+ echo "FOUND!";
+ echo -n "NOTE: Changing default shell to from DASH to BASH...";
+ export DEBIAN_FRONTEND=noninteractive;
+ export DEBCONF_NONINTERACTIVE_SEEN=true;
+
+ echo "dash dash/sh boolean false" | debconf-set-selections;
+ dpkg-reconfigure dash;
+
+ unset DEBIAN_FRONTEND;
+ unset DEBCONF_NONINTERACTIVE_SEEN;
+ echo "DONE!";
+ echo "INFO: You must log out of this shell and back in for change to take effect";
+ else
+ echo "NOT FOUND!";
+ fi;
+fi;
+
+#start building the package installation command line
+if [ $hostOS == "ubuntu" ]; then
+ packageCommand="apt";
+elif [ $hostOS == "rhel" ]; then
+ packageCommand="yum";
+elif [ $hostOS == "centos" ]; then
+ packageCommand="yum";
+fi;
+
+#DEBIAN/UBUNTU ONLY -- check if dpkg repo is set up for 32-bit packages
+if [ $hostOS == "ubuntu" ]; then
+ echo -n "NOTE: Check for x86 package access..."
+ foreignArchitecture=`dpkg --print-foreign-architectures | grep i386`;
+ if [ $foreignArchitecture == "i386" ]; then
+ echo "FOUND!";
+ else
+ echo "NOT FOUND! Now adding i386 foreign archiecture to dpkg";
+ sudo dpkg --add-architexture i386;
+ fi;
+fi;
+
+#make sure the package lists are up-to-date
+echo "NOTE: Updating the package lists...";
+if [ $hostOS == "ubuntu" ]; then
+ sudo $packageCommand update;
+elif [ $hostOS == "rhel" ]; then
+ sudo $packageCommand makecache;
+elif [ $hostOS == "centos" ]; then
+ sudo $packageCommand makecache;
+fi;
+
+#install the packages
+for package in "${packageList[@]}"; do
+ echo "######";
+ echo "NOTE: Processing package: "$package;
+ echo -n "NOTE: Checking to see if package is already installed..."
+ installPackage=0;
+
+ if [ $hostOS == "ubuntu" ]; then
+ if [[ $($packageCommand -qq list $package | grep installed) ]]; then
+ echo "INSTALLED! Skipping."
+ else
+ echo "NOT INSTALLED!";
+ echo "Starting installation of package $package";
+ packageInstallCommand="$packageCommand install";
+ if [ $debug -eq 1 ]; then
+ packageInstallCommand+=" --dry-run";
+ else
+ packageInstallCommand+=" -y";
+ fi;
+ sudo $packageInstallCommand $package;
+ fi;
+ elif [ $hostOS == "rhel" ] || [ $hostOS == "centos" ]; then
+ if [[ $($packageCommand list installed | grep $package) ]]; then
+ echo "INSTALLED! Skipping."
+ else
+ echo "NOT INSTALLED!";
+ echo "Starting installation of package $package";
+ packageInstallCommand="$packageCommand install";
+ if [ $debug -eq 1 ]; then
+ packageInstallCommand+=" --assumeno";
+ else
+ packageInstallCommand+=" -y";
+ fi;
+ sudo $packageInstallCommand $package;
+ fi;
+
+ fi;
+ echo "Package installation complete for package $package";
+ echo -e "######\n";
+
+done;
+
+# For CentOS/RHEL version 7 install GitPython jinja2 using pip3 commands
+if [ $hostOS == "rhel" ] || [ $hostOS == "centos" ] && [ $debug -eq 0 ]; then
+ echo "NOTE: Installing GitPython jinja2 using pip3 commands";
+ pip3 install GitPython jinja2;
+fi;
+
+echo "INFO: Environment setup complete!";
diff --git a/vars/AD.yml b/vars/AD.yml
new file mode 100644
index 0000000000000000000000000000000000000000..394fbb785ec56f5ffbc91320d85f5c80ec2c5563
--- /dev/null
+++ b/vars/AD.yml
@@ -0,0 +1,6 @@
+---
+Domain: wifi.test
+ADJoinusername: nocSA
+ADJoinpassword: "{{ ADJoinpw }}"
+ADLoginGroup: NOCUsers
+ADNocSudo: NOCSudo
\ No newline at end of file
diff --git a/vars/noc.yml b/vars/noc.yml
new file mode 100644
index 0000000000000000000000000000000000000000..537b96e9e0d4b595842f5a67b6e242af6a6d75f5
--- /dev/null
+++ b/vars/noc.yml
@@ -0,0 +1,13 @@
+---
+noc-a:
+ - vlans:
+ - 69:10.69.69.1
+ssh:
+ allowedIPv4Range: "152.66.0.0/16"
+ allowedIPv6Range: "2001:738:2001::/48"
+ ansibleRunnerIP: "10.151.0.34/16"
+ port: 22
+
+iptablesDEBUG: false
+#TODO ezt dinamikussá reszelni
+ntp_server_ip: 10.151.0.53
\ No newline at end of file
diff --git a/vars/password-vault.yml b/vars/password-vault.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9ff72015624a72d3f3847da1869445c33a708f89
--- /dev/null
+++ b/vars/password-vault.yml
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+65343565393737313237366630306635646433656339383037616337613265633339323831393362
+3634306137666661623235373361656534333061663038350a653139653939636235383932636634
+37386366633233666139646532376634616538623663393664613539326564393065643538623834
+3463633161643061320a373136323637326564356435643363386666653934656466666431616431
+31333834363938613639396237323639393436323432303233383137636435373137