Templates

acpi_action_lid.sh.j2

Synopsis: Template acpi_action_lid.sh.

Description of the template.

[templates/acpi_action_lid.sh.j2]

 1#!/bin/bash
 2
 3# Ubuntu 18.04 – Disable screen on lid close
 4# https://mensfeld.pl/2018/08/ubuntu-18-04-disable-screen-on-lid-close/
 5
 6# {{ item.key }}: {{ item.value.template }}
 7
 8# USER=your_username
 9 
10# grep -q close /proc/acpi/button/lid/*/state
11# if [ $? = 0 ]; then
12#   su -c  "sleep 1 && xset -display :0.0 dpms force off" - $USER
13# fi
14 
15# grep -q open /proc/acpi/button/lid/*/state
16# if [ $? = 0 ]; then
17#   su -c  "xset -display :0 dpms force on &> /tmp/screen.lid" - $USER
18# fi

acpi_event_default.j2

Synopsis: Template acpi_event_default.

Description of the template.

[templates/acpi_event_default.j2]

1# {{ ansible_managed }}
2
3# {{ item.key }}
4{% for conf in item.value.conf %}
5{{ conf }}
6{% endfor %}

aliases.j2

Synopsis: Template aliases.

Description of the template.

[templates/aliases.j2]

1# {{ ansible_managed }}
2{% for item in lp_aliases_config %}
3
4{{ item.alias }}:{% for arg in item.users %} {{ arg }}{% if not loop.last %},{% endif %}
5{% endfor %}
6{% endfor %}

apt_confd.j2

Synopsis: Template apt_confd.

Description of the template.

[templates/apt_confd.j2]

 1## {{ ansible_managed }}
 2
 3{% for k, v in item.conf.items() recursive %}
 4{% if v is mapping %}
 5{{ k|indent(width=loop.depth0*4,first=True) }} {
 6{{ loop(v.items()) }}
 7{% elif v is not none %}
 8{{ k|indent(width=loop.depth0*4,first=True) }} {{ v }};
 9{% else %}
10{{ k|indent(width=loop.depth0*4,first=True) }};
11{% endif %}
12{% if loop.last and loop.depth0>0 %}
13{{ '};'|indent(width=loop.depth0*4,first=True) }}
14{%- endif %}
15{%- endfor %}

auto_upgrades.j2

Synopsis: Template auto_upgrades.

Description of the template.

[templates/auto_upgrades.j2]

1## {{ ansible_managed }}
2
3APT::Periodic::Update-Package-Lists "{{ lp_auto_upgrades_update_package_lists }}";
4APT::Periodic::Unattended-Upgrade "{{ lp_auto_upgrades_unattended_upgrade }}";

blacklist_module.j2

Synopsis: Template blacklist_module.

Description of the template.

[templates/blacklist_module.j2]

1# {{ ansible_managed }}
2blacklist {{ item }}

bluetooth_rfcomm_conf.j2

Synopsis: Template bluetooth_rfcomm_conf.

Description of the template.

[templates/bluetooth_rfcomm_conf.j2]

1# {{ ansible_managed }}
2START_DAEMON="{{ lp_gpsd_start_daemon }}"
3USBAUTO="{{ lp_gpsd_usbauto }}"
4DEVICES="{{ lp_gpsd_devices }}"
5GPSD_OPTIONS="{{ lp_gpsd_gpsd_options }}"

chrony.conf.j2

Synopsis: Template chrony.conf.

Description of the template.

[templates/chrony.conf.j2]

 1# {{ ansible_managed }}
 2
 3{% for i in lp_chrony_conf %}
 4{% if i.val is string %}
 5{{ i.key }} {{ i.val }}
 6{% elif i.val is boolean %}
 7{{ i.key }}
 8{% elif i.val is iterable %}
 9{% for j in i.val %}
10{{ i.key }} {{ j }}
11{% endfor %}
12{% else %}
13{{ i.key }} {{ i.val }}
14{% endif %}
15{% endfor %}
16
17# EOF

default_iptables.j2

Synopsis: Template default_iptables.

Description of the template.

[templates/default_iptables.j2]

 1# {{ ansible_managed }}
 2
 3*filter
 4# Allow all outgoing, but drop incoming and forwarding packets by default
 5:INPUT DROP [0:0]
 6:FORWARD DROP [0:0]
 7:OUTPUT ACCEPT [0:0]
 8
 9# Custom per-protocol chains
10:UDP - [0:0]
11:TCP - [0:0]
12:ICMP - [0:0]
13
14# Acceptable UDP traffic
15
16# Acceptable TCP traffic
17-A TCP -p tcp --dport 22 -j ACCEPT
18
19# Acceptable ICMP traffic
20
21# Boilerplate acceptance policy
22-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
23-A INPUT -i lo -j ACCEPT
24
25# Drop invalid packets
26-A INPUT -m conntrack --ctstate INVALID -j DROP
27
28# Pass traffic to protocol-specific chains
29## Only allow new connections (established and related should already be handled)
30## For TCP, additionally only allow new SYN packets since that is the only valid
31## method for establishing a new TCP connection
32-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
33-A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
34-A INPUT -p icmp -m conntrack --ctstate NEW -j ICMP
35
36# Reject anything that's fallen through to this point
37## Try to be protocol-specific w/ rejection message
38-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
39-A INPUT -p tcp -j REJECT --reject-with tcp-reset
40-A INPUT -j REJECT --reject-with icmp-proto-unreachable
41
42# Commit the changes
43COMMIT
44
45*raw
46:PREROUTING ACCEPT [0:0]
47:OUTPUT ACCEPT [0:0]
48COMMIT
49
50*nat
51:PREROUTING ACCEPT [0:0]
52:INPUT ACCEPT [0:0]
53:OUTPUT ACCEPT [0:0]
54:POSTROUTING ACCEPT [0:0]
55COMMIT
56
57*security
58:INPUT ACCEPT [0:0]
59:FORWARD ACCEPT [0:0]
60:OUTPUT ACCEPT [0:0]
61COMMIT
62
63*mangle
64:PREROUTING ACCEPT [0:0]
65:INPUT ACCEPT [0:0]
66:FORWARD ACCEPT [0:0]
67:OUTPUT ACCEPT [0:0]
68:POSTROUTING ACCEPT [0:0]
69COMMIT

dnsmasq.conf.j2

Synopsis: Template dnsmasq.conf.

Description of the template.

[templates/dnsmasq.conf.j2]

1# <TBD>
2# https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html#lbAF

dnsmasq-openwrt-dhcp.j2

Synopsis: Template dnsmasq-openwrt-dhcp.

Description of the template.

[templates/dnsmasq-openwrt-dhcp.j2]

 1# {{ ansible_managed }}
 2{% for section in item.config %}
 3
 4config {{ section.name }}
 5{% for option in section.options|d([]) %}
 6	option {{ option }}
 7{% endfor %}
 8{% for list in section.lists|d([]) %}
 9	list {{ list }}
10{% endfor %}
11{% endfor %}
12{% for host in lp_dnsmasq_hosts %}
13
14config host
15	option name '{{ host.name }}'
16	option dns '{{ host.dns|d(1) }}'
17	option mac '{{ host.mac }}'
18	option ip '{{ host.ip }}'
19{% endfor %}

exports.j2

Synopsis: Template exports.

Description of the template.

[templates/exports.j2]

1# {{ ansible_managed }}
2{% for item in lp_nfsd_exports %}
3{{ item }}
4{% endfor %}
5
6# EOF

gpg.conf.j2

Synopsis: Template gpg.conf.

Description of the template.

[templates/gpg.conf.j2]

 1# {{ ansible_managed }}
 2
 3# default
 4{% for conf in item.default|d([]) %}
 5{{ conf.key }} {{ conf.value|default('') }}
 6{% endfor %}
 7
 8# user
 9{% for conf in item.conf %}
10{{ conf.key }} {{ conf.value|default('') }}
11{% endfor %}

gpsd.j2

Synopsis: Template gpsd.

Description of the template.

[templates/gpsd.j2]

1# {{ ansible_managed }}
2START_DAEMON="{{ lp_gpsd_start_daemon }}"
3USBAUTO="{{ lp_gpsd_usbauto }}"
4DEVICES="{{ lp_gpsd_devices }}"
5GPSD_OPTIONS="{{ lp_gpsd_gpsd_options }}"

hci_name.rules.j2

Synopsis: Template hci_name.rules.

Description of the template.

[templates/hci_name.rules.j2]

 1# {{ ansible_managed }}
 2# For MAC of BT devices "phys" is used instead of "address".
 3# There is no phys/address of the controller available in udev.
 4{% for item in lp_udev_hci_name_rules %}
 5{% if item.mac is defined %}
 6ACTION=="add", ATTR{phys}=="{{ item.mac }}", NAME="{{ item.name }}"
 7{% endif %}
 8{% if item.product is defined %}
 9ACTION=="add", ATTR{product}=="{{ item.product }}", NAME="{{ item.name }}"
10{% endif %}
11{% endfor %}
12# EOF

hci_run.rules.j2

Synopsis: Template hci_run.rules.

Description of the template.

[templates/hci_run.rules.j2]

 1# {{ ansible_managed }}
 2# For MAC of BT devices "phys" is used instead of "address".
 3# There is no phys/address of the controller available in udev.
 4{% for item in lp_udev_hci_run_rules %}
 5{% if item.mac is defined %}
 6ACTION=="add|change", ATTR{phys}=="{{ item.mac }}", RUN+="{{ item.run }}"
 7{% endif %}
 8{% if item.product is defined %}
 9ACTION=="add|change", ATTR{product}=="{{ item.product }}" RUN+="{{ item.run }}"
10{% endif %}
11{% endfor %}
12# EOF

hostname.j2

Synopsis: Template hostname.

Description of the template.

[templates/hostname.j2]

1{{ lp_hostname }}

hosts.j2

Synopsis: Template hosts.

Description of the template.

[templates/hosts.j2]

 1# {{ ansible_managed }}
 2
 3# lp_hosts_default
 4{% for item in lp_hosts_default_override|default(lp_hosts_default) %}
 5{{ "%-20s" | format(item.ip) }}     {{ item.name1 }} {{ item.name2|default('') }} {{ item.name3|default('') }} {{ item.name4|default('') }}
 6{% endfor %}
 7
 8# lp_hosts
 9{% for item in lp_hosts %}
10{{ "%-20s" | format(item.ip) }}     {{ item.fqdn }} {{ item.hostname|default('') }}
11{% endfor %}
12
13# EOF

hosts-aliases-list.j2

Synopsis: Template hosts-aliases-list.

Description of the template.

[templates/hosts-aliases-list.j2]

 1# {{ ansible_managed }}
 2
 3# lp_hosts_default
 4{% for item in lp_hosts_default_override|default(lp_hosts_default) %}
 5{{ "%-20s" | format(item.ip) }}     {{ item.name1 }} {{ item.name2|default('') }} {{ item.name3|default('') }} {{ item.name4|default('') }}
 6{% endfor %}
 7
 8# lp_hosts
 9{% for item in lp_hosts %}
10{{ "%-20s" | format(item.ip) }}     {{ item.fqdn }}{% for alias in item.aliases|default([]) %} {{ alias }}{% endfor %}{% if item.hostname|default('')|length > 0 %} {{ item.hostname }}
11{% endif %}
12{% endfor %}
13
14# EOF

iptables_restore.j2

Synopsis: Template iptables_restore.

Description of the template.

[templates/iptables_restore.j2]

1#!/bin/sh
2/sbin/iptables-restore < /etc/network/iptables

modem_manager_override.j2

Synopsis: Template modem_manager_override.

Description of the template.

[templates/modem_manager_override.j2]

1{{ lp_modemmanager_override }}

netplan_conf.j2

Synopsis: Template netplan_conf.

Description of the template.

[templates/netplan_conf.j2]

1#jinja2: trim_blocks:False
2# {{ ansible_managed }}
3network:
4  version: {{ lp_netplan_version }}
5  renderer: {{ lp_netplan_renderer }}
6  {{ item.category }}:
7    {{ item.conf|to_yaml|indent(4) }}

netplan_default.j2

Synopsis: Template netplan_default.

Description of the template.

[templates/netplan_default.j2]

1# {{ ansible_managed }}
2network:
3  version: {{ lp_netplan_version }}
4  renderer: {{ lp_netplan_renderer }}

networkd.conf.j2

Synopsis: Template networkd.conf.

Description of the template.

[templates/networkd.conf.j2]

1# {{ ansible_managed }}
2{% for section in item.conf %}
3[{{ section.section }}]
4{% for line in section.conf %}
5{{ line.key }}={{ line.val }}
6{% endfor %}
7{% endfor %}

network_manager_override.j2

Synopsis: Template network_manager_override.

Description of the template.

[templates/network_manager_override.j2]

1{{ lp_nm_override }}

options_module.j2

Synopsis: Template options_module.

Description of the template.

[templates/options_module.j2]

1# {{ ansible_managed }}
2{% for option in item.options %}
3{{ option }}
4{% endfor %}

persistent_net.rules2.j2

Synopsis: Template persistent_net.rules2.

Description of the template.

[templates/persistent_net.rules2.j2]

1# {{ ansible_managed }}
2{% for dev in lp_udev_persistent_net_rules %}
3{% for item in dev %}
4{{ item.key }}{{ item.operator }}"{{ item.value }}"{% if not loop.last %}, {% endif %}
5{% endfor %}
6
7{% endfor %}
8# EOF

persistent_net.rules.j2

Synopsis: Template persistent_net.rules.

Description of the template.

[templates/persistent_net.rules.j2]

1# {{ ansible_managed }}
2{% for item in lp_udev_persistent_net_rules %}
3ACTION=="add", ATTR{address}=="{{ item.mac }}", KERNEL=="{{ item.kernel }}", NAME="{{ item.name }}"
4{% endfor %}
5# EOF

pm_sleepd.j2

Synopsis: Template pm_sleepd.

Description of the template.

[templates/pm_sleepd.j2]

 1#!/bin/sh
 2# {{ ansible_managed }}
 3
 4PATH={{ item.value.path }}
 5
 6case "$1" in
 7    suspend|hibernate)
 8{% for command in item.value.suspend_hibernate %}
 9{{ command|indent(10, true) }}
10{% endfor %}
11          ;;
12    resume|thaw)
13{% for command in item.value.resume_thaw %}
14{{ command|indent(10, true) }}
15{% endfor %}
16          ;;
17esac
18exit 0
19
20# EOF

rc.local.j2

Synopsis: Template rc.local.

Description of the template.

[templates/rc.local.j2]

 1#!/bin/bash
 2# {{ ansible_managed }}
 3
 4# Note: To debug /etc/rc.local run
 5# shell> sudo SYSTEMD_LOG_LEVEL=debug \
 6# /usr/lib/systemd/system-generators/systemd-rc-local-generator
 7
 8{{ lp_rc_local_content }}
 9
10exit 0

resolvconf_confd_head.j2

Synopsis: Template resolvconf_confd_head.

Description of the template.

[templates/resolvconf_confd_head.j2]

1# {{ ansible_managed }}
2# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
3#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
4# 127.0.0.53 is the systemd-resolved stub resolver.
5# run "systemd-resolve --status" to see details about the actual nameservers.
6
7{% for item in lp_resolvconf_confd_head %}
8{{ item.key }} {{ item.val }}
9{% endfor %}

router1_iptables.j2

Synopsis: Template router1_iptables.

Description of the template.

[templates/router1_iptables.j2]

 1# {{ ansible_managed }}
 2*nat
 3:PREROUTING ACCEPT [0:0]
 4:INPUT ACCEPT [0:0]
 5:OUTPUT ACCEPT [0:0]
 6:POSTROUTING ACCEPT [0:0]
 7
 8# {{ lp_iptables_wan_if }} is WAN interface
 9# {{ lp_iptables_lan_if }} is LAN interface
10-A POSTROUTING -o {{ lp_iptables_wan_if }} -j MASQUERADE
11
12# NAT pinhole: HTTP from WAN to LAN
13# -A PREROUTING -p tcp -m tcp -i {{ lp_iptables_wan_if }} --dport 80 -j DNAT --to-destination 192.168.99.100:80
14
15COMMIT
16
17*filter
18:INPUT ACCEPT [0:0]
19:FORWARD ACCEPT [0:0]
20:OUTPUT ACCEPT [0:0]
21
22# Service rules
23
24# basic global accept rules - ICMP, loopback, traceroute, established all accepted
25-A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
26-A INPUT -p icmp -j ACCEPT
27-A INPUT -m state --state ESTABLISHED -j ACCEPT
28
29# enable traceroute rejections to get sent out
30-A INPUT -p udp -m udp --dport 33434:33523 -j REJECT --reject-with icmp-port-unreachable
31
32# DNS - accept from LAN
33-A INPUT -i {{ lp_iptables_lan_if }} -p tcp --dport 53 -j ACCEPT
34-A INPUT -i {{ lp_iptables_lan_if }} -p udp --dport 53 -j ACCEPT
35
36# SSH - accept from LAN
37-A INPUT -i {{ lp_iptables_lan_if }} -p tcp --dport 22 -j ACCEPT
38#-A INPUT -p tcp --dport 22 -s {{ lp_iptables_lan }} -j ACCEPT
39#-A INPUT -p tcp --dport 22 -s 127.0.0.0/8 -j ACCEPT
40#-A INPUT -p tcp --dport 22 -j DROP
41
42# DHCP client requests - accept from LAN
43-A INPUT -i {{ lp_iptables_lan_if }} -p udp --dport 67:68 -j ACCEPT
44
45# Additional interface policies for INPUT
46{% for item in lp_iptables_input_if %}
47-A INPUT -i {{ item.if }} -p {{ item.proto }} --dport {{ item.port }} -j {{ item.policy }}
48{% endfor %}
49
50# Additional subnet policies for INPUT
51{% for item in lp_iptables_input_net %}
52-A INPUT -s {{ item.net }} -p {{ item.proto }} --dport {{ item.port }} -j {{ item.policy }}
53{% endfor %}
54
55# drop all other inbound traffic
56-A INPUT -j DROP
57
58# Forwarding rules
59
60# forward packets along established/related connections
61-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
62
63# forward from LAN ({{ lp_iptables_lan_if }}) to WAN ({{ lp_iptables_wan_if }})
64-A FORWARD -i {{ lp_iptables_lan_if }} -o {{ lp_iptables_wan_if }} -j ACCEPT
65
66# allow traffic from our NAT pinhole
67-A FORWARD -p tcp -d 192.168.99.100 --dport 80 -j ACCEPT
68
69# drop all other forwarded traffic
70-A FORWARD -j DROP
71
72COMMIT

ssh_config.j2

Synopsis: Template ssh_config.

Description of the template.

[templates/ssh_config.j2]

1# {{ ansible_managed }}
2{% for item  in lp_ssh_config %}
3Host {{ item.host }}
4{% for conf  in item.conf %}
5    {{ conf.key }} {{ conf.val }}
6{% endfor %}
7{% endfor %}
8
9# EOF

systemd_unit.j2

Synopsis: Template systemd_unit.

Description of the template.

[templates/systemd_unit.j2]

 1{{ ansible_managed }}
 2
 3{% if "Unit" in item %}
 4[Unit]
 5{% for key, val in item["Unit"].items() %}
 6{{ key }}={{ val }}
 7{% endfor %}
 8{% endif %}
 9
10{% if item.type|default(lp_systemd_unit_type)|title in item %}
11[{{ item.type|default(lp_systemd_unit_type)|title }}]
12{% for key, val in item[item.type|default(lp_systemd_unit_type)|title].items() %}
13{{ key }}={{ val }}
14{% endfor %}
15{% endif %}
16
17{% if "Install" in item %}
18[Install]
19{% for key, val in item["Install"].items() %}
20{{ key }}={{ val }}
21{% endfor %}
22{% endif %}

timesyncd.conf.j2

Synopsis: Template timesyncd.conf.

Description of the template.

[templates/timesyncd.conf.j2]

 1# {{ ansible_managed }}
 2
 3[Time]
 4{% if lp_timesyncd_ntp|length > 0 %}
 5NTP={{ lp_timesyncd_ntp }}
 6{% endif %}
 7FallbackNTP={{ lp_timesyncd_fallbackntp }}
 8RootDistanceMaxSec={{ lp_timesyncd_rootdistancemaxsec }}
 9PollIntervalMinSec={{ lp_timesyncd_pollintervalminsec }}
10PollIntervalMaxSec={{ lp_timesyncd_pollintervalmaxsec }}
11
12# EOF

udev_rules.j2

Synopsis: Template udev_rules.

Description of the template.

[templates/udev_rules.j2]

1# {{ ansible_managed }}
2{% for dev in item.value %}
3{% for conf in dev %}
4{{ conf.key }}{{ conf.operator }}"{{ conf.value }}"{% if not loop.last %}, {% endif %}
5{% endfor %}
6
7{% endfor %}
8# EOF

wpa_action.sh.j2

Synopsis: Template wpa_action.sh.

Description of the template.

[templates/wpa_action.sh.j2]

 1#!/bin/bash
 2
 3# All rights reserved (c) 2019-2020, Vladimir Botka <vbotka@gmail.com>
 4# Simplified BSD License, https://opensource.org/licenses/BSD-2-Clause
 5
 6# See Ansible Galaxy role Linux postinstall
 7# https://github.com/vbotka/ansible-linux-postinstall
 8# https://github.com/vbotka/ansible-linux-postinstall/blob/master/templates/wpa_action.sh.j2
 9
10# Example how to activate the script
11# wpa_cli -B -i wlan2 -a /root/bin/wpa_action.sh
12
13ifname=$1
14cmd=$2
15
16dhclient="{{ lp_wpa_action_script_dhclient }}"
17pidfile="{{ lp_wpa_action_script_pidfile }}"
18options_connect="{{ lp_wpa_action_script_options_connect }}"
19options_disconnect="{{ lp_wpa_action_script_options_disconnect }}"
20logfile="{{ lp_wpa_action_script_logfile }}"
21
22my_date=`date +"%b %d %T"`
23printf "$my_date $ifname: $cmd \n" >> $logfile
24
25if [ "$cmd" == "CONNECTED" ]; then
26    #SSID=`wpa_cli -i$ifname status | grep ^ssid= | cut -f2- -d=`
27    $dhclient $options_connect $ifname
28fi
29if [ "$cmd" == "DISCONNECTED" ]; then
30    $dhclient $options_disconnect $ifname
31fi
32exit 0
33
34# EOF

wpa_supplicant.conf.j2

Synopsis: Template wpa_supplicant.conf.

Description of the template.

[templates/wpa_supplicant.conf.j2]

 1# {{ ansible_managed }}
 2{% for gvar in lp_wpasupplicant_conf_global %}
 3{{ gvar.key }}={{ gvar.value }}
 4{% endfor %}
 5{% for net in item.network %}
 6{% for nvar in net.conf %}
 7{% if loop.first %}
 8
 9network={
10{% endif %}
11        {{ nvar.key }}={{ nvar.value }}
12{% if loop.last %}
13}
14{% endif %}
15{% endfor %}
16{% endfor %}
17
18# EOF

xorg.conf.j2

Synopsis: Template xorg.conf.

Description of the template.

[templates/xorg.conf.j2]

1# {{ ansible_managed }}
2{% for section in item.section %}
3{{ section.param }} {{ section.val1 }} {{ section.val2 }}
4{% endfor %}
5EndSection