Templates
acpi_action_lid.sh.j2
Synopsis: Template acpi_action_lid.sh.
Description of the template.
[templates/acpi_action_lid.sh.j2]
1#!/bin/bash
2
3# Ubuntu 18.04 – Disable screen on lid close
4# https://mensfeld.pl/2018/08/ubuntu-18-04-disable-screen-on-lid-close/
5
6# {{ item.key }}: {{ item.value.template }}
7
8# USER=your_username
9
10# grep -q close /proc/acpi/button/lid/*/state
11# if [ $? = 0 ]; then
12# su -c "sleep 1 && xset -display :0.0 dpms force off" - $USER
13# fi
14
15# grep -q open /proc/acpi/button/lid/*/state
16# if [ $? = 0 ]; then
17# su -c "xset -display :0 dpms force on &> /tmp/screen.lid" - $USER
18# fi
acpi_event_default.j2
Synopsis: Template acpi_event_default.
Description of the template.
[templates/acpi_event_default.j2]
1# {{ ansible_managed }}
2
3# {{ item.key }}
4{% for conf in item.value.conf %}
5{{ conf }}
6{% endfor %}
aliases.j2
Synopsis: Template aliases.
Description of the template.
1# {{ ansible_managed }}
2{% for item in lp_aliases_config %}
3
4{{ item.alias }}:{% for arg in item.users %} {{ arg }}{% if not loop.last %},{% endif %}
5{% endfor %}
6{% endfor %}
apt_confd.j2
Synopsis: Template apt_confd.
Description of the template.
1## {{ ansible_managed }}
2
3{% for k, v in item.conf.items() recursive %}
4{% if v is mapping %}
5{{ k|indent(width=loop.depth0*4,first=True) }} {
6{{ loop(v.items()) }}
7{% elif v is not none %}
8{{ k|indent(width=loop.depth0*4,first=True) }} {{ v }};
9{% else %}
10{{ k|indent(width=loop.depth0*4,first=True) }};
11{% endif %}
12{% if loop.last and loop.depth0>0 %}
13{{ '};'|indent(width=loop.depth0*4,first=True) }}
14{%- endif %}
15{%- endfor %}
auto_upgrades.j2
Synopsis: Template auto_upgrades.
Description of the template.
1## {{ ansible_managed }}
2
3APT::Periodic::Update-Package-Lists "{{ lp_auto_upgrades_update_package_lists }}";
4APT::Periodic::Unattended-Upgrade "{{ lp_auto_upgrades_unattended_upgrade }}";
blacklist_module.j2
Synopsis: Template blacklist_module.
Description of the template.
[templates/blacklist_module.j2]
1# {{ ansible_managed }}
2blacklist {{ item }}
bluetooth_rfcomm_conf.j2
Synopsis: Template bluetooth_rfcomm_conf.
Description of the template.
[templates/bluetooth_rfcomm_conf.j2]
1# {{ ansible_managed }}
2START_DAEMON="{{ lp_gpsd_start_daemon }}"
3USBAUTO="{{ lp_gpsd_usbauto }}"
4DEVICES="{{ lp_gpsd_devices }}"
5GPSD_OPTIONS="{{ lp_gpsd_gpsd_options }}"
chrony.conf.j2
Synopsis: Template chrony.conf.
Description of the template.
1# {{ ansible_managed }}
2
3{% for i in lp_chrony_conf %}
4{% if i.val is string %}
5{{ i.key }} {{ i.val }}
6{% elif i.val is boolean %}
7{{ i.key }}
8{% elif i.val is iterable %}
9{% for j in i.val %}
10{{ i.key }} {{ j }}
11{% endfor %}
12{% else %}
13{{ i.key }} {{ i.val }}
14{% endif %}
15{% endfor %}
16
17# EOF
default_iptables.j2
Synopsis: Template default_iptables.
Description of the template.
[templates/default_iptables.j2]
1# {{ ansible_managed }}
2
3*filter
4# Allow all outgoing, but drop incoming and forwarding packets by default
5:INPUT DROP [0:0]
6:FORWARD DROP [0:0]
7:OUTPUT ACCEPT [0:0]
8
9# Custom per-protocol chains
10:UDP - [0:0]
11:TCP - [0:0]
12:ICMP - [0:0]
13
14# Acceptable UDP traffic
15
16# Acceptable TCP traffic
17-A TCP -p tcp --dport 22 -j ACCEPT
18
19# Acceptable ICMP traffic
20
21# Boilerplate acceptance policy
22-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
23-A INPUT -i lo -j ACCEPT
24
25# Drop invalid packets
26-A INPUT -m conntrack --ctstate INVALID -j DROP
27
28# Pass traffic to protocol-specific chains
29## Only allow new connections (established and related should already be handled)
30## For TCP, additionally only allow new SYN packets since that is the only valid
31## method for establishing a new TCP connection
32-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
33-A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
34-A INPUT -p icmp -m conntrack --ctstate NEW -j ICMP
35
36# Reject anything that's fallen through to this point
37## Try to be protocol-specific w/ rejection message
38-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
39-A INPUT -p tcp -j REJECT --reject-with tcp-reset
40-A INPUT -j REJECT --reject-with icmp-proto-unreachable
41
42# Commit the changes
43COMMIT
44
45*raw
46:PREROUTING ACCEPT [0:0]
47:OUTPUT ACCEPT [0:0]
48COMMIT
49
50*nat
51:PREROUTING ACCEPT [0:0]
52:INPUT ACCEPT [0:0]
53:OUTPUT ACCEPT [0:0]
54:POSTROUTING ACCEPT [0:0]
55COMMIT
56
57*security
58:INPUT ACCEPT [0:0]
59:FORWARD ACCEPT [0:0]
60:OUTPUT ACCEPT [0:0]
61COMMIT
62
63*mangle
64:PREROUTING ACCEPT [0:0]
65:INPUT ACCEPT [0:0]
66:FORWARD ACCEPT [0:0]
67:OUTPUT ACCEPT [0:0]
68:POSTROUTING ACCEPT [0:0]
69COMMIT
dnsmasq.conf.j2
Synopsis: Template dnsmasq.conf.
Description of the template.
1# <TBD>
2# https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html#lbAF
dnsmasq-openwrt-dhcp.j2
Synopsis: Template dnsmasq-openwrt-dhcp.
Description of the template.
[templates/dnsmasq-openwrt-dhcp.j2]
1# {{ ansible_managed }}
2{% for section in item.config %}
3
4config {{ section.name }}
5{% for option in section.options|d([]) %}
6 option {{ option }}
7{% endfor %}
8{% for list in section.lists|d([]) %}
9 list {{ list }}
10{% endfor %}
11{% endfor %}
12{% for host in lp_dnsmasq_hosts %}
13
14config host
15 option name '{{ host.name }}'
16 option dns '{{ host.dns|d(1) }}'
17 option mac '{{ host.mac }}'
18 option ip '{{ host.ip }}'
19{% endfor %}
exports.j2
Synopsis: Template exports.
Description of the template.
1# {{ ansible_managed }}
2{% for item in lp_nfsd_exports %}
3{{ item }}
4{% endfor %}
5
6# EOF
gpg.conf.j2
Synopsis: Template gpg.conf.
Description of the template.
1# {{ ansible_managed }}
2
3# default
4{% for conf in item.default|d([]) %}
5{{ conf.key }} {{ conf.value|default('') }}
6{% endfor %}
7
8# user
9{% for conf in item.conf %}
10{{ conf.key }} {{ conf.value|default('') }}
11{% endfor %}
gpsd.j2
Synopsis: Template gpsd.
Description of the template.
1# {{ ansible_managed }}
2START_DAEMON="{{ lp_gpsd_start_daemon }}"
3USBAUTO="{{ lp_gpsd_usbauto }}"
4DEVICES="{{ lp_gpsd_devices }}"
5GPSD_OPTIONS="{{ lp_gpsd_gpsd_options }}"
hci_name.rules.j2
Synopsis: Template hci_name.rules.
Description of the template.
1# {{ ansible_managed }}
2# For MAC of BT devices "phys" is used instead of "address".
3# There is no phys/address of the controller available in udev.
4{% for item in lp_udev_hci_name_rules %}
5{% if item.mac is defined %}
6ACTION=="add", ATTR{phys}=="{{ item.mac }}", NAME="{{ item.name }}"
7{% endif %}
8{% if item.product is defined %}
9ACTION=="add", ATTR{product}=="{{ item.product }}", NAME="{{ item.name }}"
10{% endif %}
11{% endfor %}
12# EOF
hci_run.rules.j2
Synopsis: Template hci_run.rules.
Description of the template.
1# {{ ansible_managed }}
2# For MAC of BT devices "phys" is used instead of "address".
3# There is no phys/address of the controller available in udev.
4{% for item in lp_udev_hci_run_rules %}
5{% if item.mac is defined %}
6ACTION=="add|change", ATTR{phys}=="{{ item.mac }}", RUN+="{{ item.run }}"
7{% endif %}
8{% if item.product is defined %}
9ACTION=="add|change", ATTR{product}=="{{ item.product }}" RUN+="{{ item.run }}"
10{% endif %}
11{% endfor %}
12# EOF
hostname.j2
Synopsis: Template hostname.
Description of the template.
1{{ lp_hostname }}
hosts.j2
Synopsis: Template hosts.
Description of the template.
1# {{ ansible_managed }}
2
3# lp_hosts_default
4{% for item in lp_hosts_default_override|default(lp_hosts_default) %}
5{{ "%-20s" | format(item.ip) }} {{ item.name1 }} {{ item.name2|default('') }} {{ item.name3|default('') }} {{ item.name4|default('') }}
6{% endfor %}
7
8# lp_hosts
9{% for item in lp_hosts %}
10{{ "%-20s" | format(item.ip) }} {{ item.fqdn }} {{ item.hostname|default('') }}
11{% endfor %}
12
13# EOF
hosts-aliases-list.j2
Synopsis: Template hosts-aliases-list.
Description of the template.
[templates/hosts-aliases-list.j2]
1# {{ ansible_managed }}
2
3# lp_hosts_default
4{% for item in lp_hosts_default_override|default(lp_hosts_default) %}
5{{ "%-20s" | format(item.ip) }} {{ item.name1 }} {{ item.name2|default('') }} {{ item.name3|default('') }} {{ item.name4|default('') }}
6{% endfor %}
7
8# lp_hosts
9{% for item in lp_hosts %}
10{{ "%-20s" | format(item.ip) }} {{ item.fqdn }}{% for alias in item.aliases|default([]) %} {{ alias }}{% endfor %}{% if item.hostname|default('')|length > 0 %} {{ item.hostname }}
11{% endif %}
12{% endfor %}
13
14# EOF
iptables_restore.j2
Synopsis: Template iptables_restore.
Description of the template.
[templates/iptables_restore.j2]
1#!/bin/sh
2/sbin/iptables-restore < /etc/network/iptables
modem_manager_override.j2
Synopsis: Template modem_manager_override.
Description of the template.
[templates/modem_manager_override.j2]
1{{ lp_modemmanager_override }}
netplan_conf.j2
Synopsis: Template netplan_conf.
Description of the template.
1#jinja2: trim_blocks:False
2# {{ ansible_managed }}
3network:
4 version: {{ lp_netplan_version }}
5 renderer: {{ lp_netplan_renderer }}
6 {{ item.category }}:
7 {{ item.conf|to_yaml|indent(4) }}
netplan_default.j2
Synopsis: Template netplan_default.
Description of the template.
[templates/netplan_default.j2]
1# {{ ansible_managed }}
2network:
3 version: {{ lp_netplan_version }}
4 renderer: {{ lp_netplan_renderer }}
networkd.conf.j2
Synopsis: Template networkd.conf.
Description of the template.
1# {{ ansible_managed }}
2{% for section in item.conf %}
3[{{ section.section }}]
4{% for line in section.conf %}
5{{ line.key }}={{ line.val }}
6{% endfor %}
7{% endfor %}
network_manager_override.j2
Synopsis: Template network_manager_override.
Description of the template.
[templates/network_manager_override.j2]
1{{ lp_nm_override }}
options_module.j2
Synopsis: Template options_module.
Description of the template.
1# {{ ansible_managed }}
2{% for option in item.options %}
3{{ option }}
4{% endfor %}
persistent_net.rules2.j2
Synopsis: Template persistent_net.rules2.
Description of the template.
[templates/persistent_net.rules2.j2]
1# {{ ansible_managed }}
2{% for dev in lp_udev_persistent_net_rules %}
3{% for item in dev %}
4{{ item.key }}{{ item.operator }}"{{ item.value }}"{% if not loop.last %}, {% endif %}
5{% endfor %}
6
7{% endfor %}
8# EOF
persistent_net.rules.j2
Synopsis: Template persistent_net.rules.
Description of the template.
[templates/persistent_net.rules.j2]
1# {{ ansible_managed }}
2{% for item in lp_udev_persistent_net_rules %}
3ACTION=="add", ATTR{address}=="{{ item.mac }}", KERNEL=="{{ item.kernel }}", NAME="{{ item.name }}"
4{% endfor %}
5# EOF
pm_sleepd.j2
Synopsis: Template pm_sleepd.
Description of the template.
1#!/bin/sh
2# {{ ansible_managed }}
3
4PATH={{ item.value.path }}
5
6case "$1" in
7 suspend|hibernate)
8{% for command in item.value.suspend_hibernate %}
9{{ command|indent(10, true) }}
10{% endfor %}
11 ;;
12 resume|thaw)
13{% for command in item.value.resume_thaw %}
14{{ command|indent(10, true) }}
15{% endfor %}
16 ;;
17esac
18exit 0
19
20# EOF
rc.local.j2
Synopsis: Template rc.local.
Description of the template.
1#!/bin/bash
2# {{ ansible_managed }}
3
4# Note: To debug /etc/rc.local run
5# shell> sudo SYSTEMD_LOG_LEVEL=debug \
6# /usr/lib/systemd/system-generators/systemd-rc-local-generator
7
8{{ lp_rc_local_content }}
9
10exit 0
resolvconf_confd_head.j2
Synopsis: Template resolvconf_confd_head.
Description of the template.
[templates/resolvconf_confd_head.j2]
1# {{ ansible_managed }}
2# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
3# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
4# 127.0.0.53 is the systemd-resolved stub resolver.
5# run "systemd-resolve --status" to see details about the actual nameservers.
6
7{% for item in lp_resolvconf_confd_head %}
8{{ item.key }} {{ item.val }}
9{% endfor %}
router1_iptables.j2
Synopsis: Template router1_iptables.
Description of the template.
[templates/router1_iptables.j2]
1# {{ ansible_managed }}
2*nat
3:PREROUTING ACCEPT [0:0]
4:INPUT ACCEPT [0:0]
5:OUTPUT ACCEPT [0:0]
6:POSTROUTING ACCEPT [0:0]
7
8# {{ lp_iptables_wan_if }} is WAN interface
9# {{ lp_iptables_lan_if }} is LAN interface
10-A POSTROUTING -o {{ lp_iptables_wan_if }} -j MASQUERADE
11
12# NAT pinhole: HTTP from WAN to LAN
13# -A PREROUTING -p tcp -m tcp -i {{ lp_iptables_wan_if }} --dport 80 -j DNAT --to-destination 192.168.99.100:80
14
15COMMIT
16
17*filter
18:INPUT ACCEPT [0:0]
19:FORWARD ACCEPT [0:0]
20:OUTPUT ACCEPT [0:0]
21
22# Service rules
23
24# basic global accept rules - ICMP, loopback, traceroute, established all accepted
25-A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
26-A INPUT -p icmp -j ACCEPT
27-A INPUT -m state --state ESTABLISHED -j ACCEPT
28
29# enable traceroute rejections to get sent out
30-A INPUT -p udp -m udp --dport 33434:33523 -j REJECT --reject-with icmp-port-unreachable
31
32# DNS - accept from LAN
33-A INPUT -i {{ lp_iptables_lan_if }} -p tcp --dport 53 -j ACCEPT
34-A INPUT -i {{ lp_iptables_lan_if }} -p udp --dport 53 -j ACCEPT
35
36# SSH - accept from LAN
37-A INPUT -i {{ lp_iptables_lan_if }} -p tcp --dport 22 -j ACCEPT
38#-A INPUT -p tcp --dport 22 -s {{ lp_iptables_lan }} -j ACCEPT
39#-A INPUT -p tcp --dport 22 -s 127.0.0.0/8 -j ACCEPT
40#-A INPUT -p tcp --dport 22 -j DROP
41
42# DHCP client requests - accept from LAN
43-A INPUT -i {{ lp_iptables_lan_if }} -p udp --dport 67:68 -j ACCEPT
44
45# Additional interface policies for INPUT
46{% for item in lp_iptables_input_if %}
47-A INPUT -i {{ item.if }} -p {{ item.proto }} --dport {{ item.port }} -j {{ item.policy }}
48{% endfor %}
49
50# Additional subnet policies for INPUT
51{% for item in lp_iptables_input_net %}
52-A INPUT -s {{ item.net }} -p {{ item.proto }} --dport {{ item.port }} -j {{ item.policy }}
53{% endfor %}
54
55# drop all other inbound traffic
56-A INPUT -j DROP
57
58# Forwarding rules
59
60# forward packets along established/related connections
61-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
62
63# forward from LAN ({{ lp_iptables_lan_if }}) to WAN ({{ lp_iptables_wan_if }})
64-A FORWARD -i {{ lp_iptables_lan_if }} -o {{ lp_iptables_wan_if }} -j ACCEPT
65
66# allow traffic from our NAT pinhole
67-A FORWARD -p tcp -d 192.168.99.100 --dport 80 -j ACCEPT
68
69# drop all other forwarded traffic
70-A FORWARD -j DROP
71
72COMMIT
ssh_config.j2
Synopsis: Template ssh_config.
Description of the template.
1# {{ ansible_managed }}
2{% for item in lp_ssh_config %}
3Host {{ item.host }}
4{% for conf in item.conf %}
5 {{ conf.key }} {{ conf.val }}
6{% endfor %}
7{% endfor %}
8
9# EOF
systemd_unit.j2
Synopsis: Template systemd_unit.
Description of the template.
1{{ ansible_managed }}
2
3{% if "Unit" in item %}
4[Unit]
5{% for key, val in item["Unit"].items() %}
6{{ key }}={{ val }}
7{% endfor %}
8{% endif %}
9
10{% if item.type|default(lp_systemd_unit_type)|title in item %}
11[{{ item.type|default(lp_systemd_unit_type)|title }}]
12{% for key, val in item[item.type|default(lp_systemd_unit_type)|title].items() %}
13{{ key }}={{ val }}
14{% endfor %}
15{% endif %}
16
17{% if "Install" in item %}
18[Install]
19{% for key, val in item["Install"].items() %}
20{{ key }}={{ val }}
21{% endfor %}
22{% endif %}
timesyncd.conf.j2
Synopsis: Template timesyncd.conf.
Description of the template.
1# {{ ansible_managed }}
2
3[Time]
4{% if lp_timesyncd_ntp|length > 0 %}
5NTP={{ lp_timesyncd_ntp }}
6{% endif %}
7FallbackNTP={{ lp_timesyncd_fallbackntp }}
8RootDistanceMaxSec={{ lp_timesyncd_rootdistancemaxsec }}
9PollIntervalMinSec={{ lp_timesyncd_pollintervalminsec }}
10PollIntervalMaxSec={{ lp_timesyncd_pollintervalmaxsec }}
11
12# EOF
udev_rules.j2
Synopsis: Template udev_rules.
Description of the template.
1# {{ ansible_managed }}
2{% for dev in item.value %}
3{% for conf in dev %}
4{{ conf.key }}{{ conf.operator }}"{{ conf.value }}"{% if not loop.last %}, {% endif %}
5{% endfor %}
6
7{% endfor %}
8# EOF
wpa_action.sh.j2
Synopsis: Template wpa_action.sh.
Description of the template.
1#!/bin/bash
2
3# All rights reserved (c) 2019-2020, Vladimir Botka <vbotka@gmail.com>
4# Simplified BSD License, https://opensource.org/licenses/BSD-2-Clause
5
6# See Ansible Galaxy role Linux postinstall
7# https://github.com/vbotka/ansible-linux-postinstall
8# https://github.com/vbotka/ansible-linux-postinstall/blob/master/templates/wpa_action.sh.j2
9
10# Example how to activate the script
11# wpa_cli -B -i wlan2 -a /root/bin/wpa_action.sh
12
13ifname=$1
14cmd=$2
15
16dhclient="{{ lp_wpa_action_script_dhclient }}"
17pidfile="{{ lp_wpa_action_script_pidfile }}"
18options_connect="{{ lp_wpa_action_script_options_connect }}"
19options_disconnect="{{ lp_wpa_action_script_options_disconnect }}"
20logfile="{{ lp_wpa_action_script_logfile }}"
21
22my_date=`date +"%b %d %T"`
23printf "$my_date $ifname: $cmd \n" >> $logfile
24
25if [ "$cmd" == "CONNECTED" ]; then
26 #SSID=`wpa_cli -i$ifname status | grep ^ssid= | cut -f2- -d=`
27 $dhclient $options_connect $ifname
28fi
29if [ "$cmd" == "DISCONNECTED" ]; then
30 $dhclient $options_disconnect $ifname
31fi
32exit 0
33
34# EOF
wpa_supplicant.conf.j2
Synopsis: Template wpa_supplicant.conf.
Description of the template.
[templates/wpa_supplicant.conf.j2]
1# {{ ansible_managed }}
2{% for gvar in lp_wpasupplicant_conf_global %}
3{{ gvar.key }}={{ gvar.value }}
4{% endfor %}
5{% for net in item.network %}
6{% for nvar in net.conf %}
7{% if loop.first %}
8
9network={
10{% endif %}
11 {{ nvar.key }}={{ nvar.value }}
12{% if loop.last %}
13}
14{% endif %}
15{% endfor %}
16{% endfor %}
17
18# EOF
xorg.conf.j2
Synopsis: Template xorg.conf.
Description of the template.
1# {{ ansible_managed }}
2{% for section in item.section %}
3{{ section.param }} {{ section.val1 }} {{ section.val2 }}
4{% endfor %}
5EndSection