removed old pfsense static dhcp leases

doc/ariane.md

@@ -4,7 +4,7 @@
 | :-: | :-: | :-: | :-: | :-: |
 |**H1**|00 /dev/sda `6TB` <br> `WD-WX21D36PP32E`|04  |08  |12  |
 |**H2**|01 /dev/sdb `6TB` <br> `WD-WX21D36PPLPH`|05  |09  |13  |
-|**H3**|02 /dev/sdc `6TB` <br> `WD-WX21D36PP0K1`|06  |10  |14  |
+|**H3**|02 /dev/sdc `6TB` <br> `WD-C80TT4VG`    |06  |10  |14  |
 |**H4**|03 /dev/sdd `6TB` <br> `WD-WXB1HB4MJCMM`|07  |11  |15  |
 ## Debian setup install steps
 ```

doc/configs/switch.cfg

@@ -0,0 +1,204 @@
+!TL-SG5428
+#
+#
+#
+#
+#
+#
+#
+hostname "SW-FET-INT"
+location "CD0107A"
+contact-info "bofh@fet.at"
+#
+mac address-table aging-time 300
+#
+logging buffer 6
+logging file flash 2
+#
+enable secret 5 $1$F;J4O6I6N:@;M3K=H=G<C/A>B1B:E;A3]),,[
+enable password test
+#
+system-time ntp UTC+01:00 128.130.3.131 128.131.2.3 12
+system-time dst predefined Europe
+#
+#
+user name admin privilege admin secret 5 $1$F;J4O6I6N:@;M3K=H=G<C/A>B1B:E;A3]),,[
+#
+#
+#
+#
+#
+port-channel load-balance src-dst-ip
+#
+#
+#
+#
+no ip ssh version v1
+#
+interface gigabitEthernet 1/0/1
+  description "CD0109 potemkin"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/2
+  description "CD0109 lunik"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/3
+  description "CD0109 wlan"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/4
+  description "baikal"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/5
+  description "ariane enp9s0"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  channel-group 2 mode active
+  
+#
+interface gigabitEthernet 1/0/6
+  description "ariane enp10s0"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  channel-group 2 mode active
+  
+#
+interface gigabitEthernet 1/0/7
+  description "dnepr enp3s0"
+  channel-group 1 mode active
+  
+#
+interface gigabitEthernet 1/0/8
+  description "dnepr enp2s0"
+  channel-group 1 mode active
+  
+#
+interface gigabitEthernet 1/0/9
+  description "CD0111"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/10
+  description "CD0111"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/11
+  description "CD0111"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/12
+  description "CD0111"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/13
+  description "CD0111"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/14
+  description "CD0111"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/15
+  description "CD0111"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/16
+  description "CD0111 sputnik2"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/17
+  description "CD0111 fet-av"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/18
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/19
+  description "atlas enp7s1f1"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/20
+  description "CD0117 R"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/21
+  description "CD0117 L"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/22
+  description "kistl LAN"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/23
+  description "energija VLAN856"
+  spanning-tree common-config port-priority 64
+  spanning-tree bpdufilter
+  
+#
+interface gigabitEthernet 1/0/24
+  description "CD0109 absturz"
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/25
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/26
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/27
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface gigabitEthernet 1/0/28
+  spanning-tree common-config portfast enable
+  spanning-tree bpduguard
+  
+#
+interface vlan 1
+ip address-alloc dhcp
+#
+end

doc/fsdrnas.md

@@ -0,0 +1,39 @@
+# fsdrnas
+Install with UEFI partition
+## Setup Network
+```shell
+vi /etc/dhcpcd.conf
+interface enp4s0
+static ip_address=128.131.95.243/24
+static routers=128.131.95.1
+static domain_name_servers=128.130.4.3 128.131.4.3
+sv restart dhcpcd.conf
+```
+## Enable SSH and prohibit-password
+```shell
+xbps-install -Suy
+vim /etc/ssh/sshd_config
+ln -s /etc/sv/sshd/ /var/service
+vim /etc/ssh/sshd_config
+sv restart sshd
+```
+# Setup Auto Update
+```shell
+xbps-install -y cronie
+ln -s /etc/sv/cronie/ /var/service
+crontab -e
+@reboot vkpurge rm all
+5 16 * * 0 xbps-install -Suy && xbps-install -Suy && xbps-remove -oOy && reboot
+5 17 * * 1 zfs scrub ...
+```
+## Install LXD & ZFS
+xbps-install -y sqlite
+xbps-install -y lxd zfs
+```shell
+```
+## Check disks
+```shell
+xbps-install smartmontools
+smartctl -a /dev/sda
+smartctl -a /dev/sdb
+```

doc/fsdrnas.yml

@@ -1,20 +0,0 @@
-# fsdrnas
-## Enable SSH and prohibit-password
-```shell
-xbps-install -Su
-vim /etc/ssh/sshd_config
-ln -s /etc/sv/sshd/ /var/service/
-```
-# Create RAID
-```shell
-xbps-install mdadm
-mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sda2 /dev/sdb2
-mkfs.btrfs -f /dev/md0
-cat /proc/mdstat
-```
-## Check disks
-```shell
-xbps-install smartmontools
-smartctl -a /dev/sda
-smartctl -a /dev/sdb
-```

doc/wlan.md

@@ -1,3 +1,10 @@
 # wlan
 ## Current config
 See [config file](configs/wlan-OpenWrt-backup.tar.gz)
+
+## Extra Packages
+### SSH to and install
+```shell
+opkg update
+opkg remove wpad-basic && opkg install wpad
+```

group_vars/all

@@ -46,6 +46,7 @@ common_openssh_keys_root:
   - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmv/aixvhRzeQiD3XABD448WHW2sHSX5wj5TkqKmHG3MekovCjacEDwAEdH+3MzXzbQXCD8NOHxlvRsqfzsaIZw6al+i7hd7xeYzRAITeXAod/eQNJY71Czh1xt/rtfjgVrwFKe6kUo+RqUUBxOXjKNtCROxvsa/gxTSJD4xz/TGOTM7EbRfkOGBh3j/xmdBinURTACwKwHCR4SUnpAA7usY/QQGW22Nqczvj9SW1Un0TnYpMm7jAghGo7pvwInTerbbA2OQ07QEp9T/mAbPUks5QGEw1lwMZgEtl0EZrKxDoWjssGPw5ZA6RzwIggjuEN1zzE+pn9jWL+9sd2Tihr pet@fet.at"
   - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyK21mF11p4DAWSL2x7sAs9brbuRYgbdlEm/npOT1ufV6YGnNGjgrIS+a5VxiyKXhor8TUgTHjlmzcLSdEs3puBB2nZifwIEnbEwxvj5LRIljPp9rx9irPG6wnkpMXmRRuyAijf+Lhf1jMtsSgCH9HVG2F6H5hwFwaXcwiInn8tiKaDyuxl1Y9kNDUayTmbWfu2hyyRTDRvpgG4PITuUpXuA5/lHv9+kEXKl71BlyFsJ2LQx+1Lwruy6cQmfttApsrbowlbdtaJOWwnoFGNKupBpFgcGGqNTUajPGx3R1QREm+44NzPH9vGdYTg/+8vDCcTYe3zX0/XecB+Ka4WI2B3c4NPsxtZJNPWzihCVW8xpV4ipHqqFnZuVThJYtoC5C8h3LKbpQeaBwMIv34sN/AS7y3l8k7/70ttcvH4AmoEjc4OgXOE8nkwly2XZx1ndfevBdUU5osf6UTsCa3gdB/d67djz7jU50q/LtiSsL3oontw5khBR98iZAu4m7MXC7VvbyFz0Ju4OLmDBY6mxwBjakihEdfrs8jwnzxsZ3QuVIq96HC/E8gWpspECzGeXwezwTvT1tUefD7rwz9jD18qLMK8SSteDUqhXION/6gXhZ8FENUnBI2Qj6gHcwFc2tbfKMbXDqHAUHrtDdxgyxRc7JTnOI/9gS5idKXzsanhw== bajo@fet.at"
   - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGP2Y1fDTbN/fbWBCVYVpXUDyBRgUYo+OwDJq2gdII6O2YHeW7k6wY5wQEIIJR6sjHUrT7lNIx8/xv3SRlaq5w0KLZrI3fpiK07GMy0AxGIBCN1xhKb6fvlgLTTSl+/X2XhsmuxtUREENnq9M909kUuUb/8BiVV4sGSIURk4khN3oh/E7mL/sICDju1N2j+p/V0pn4kWuXRp8BMG73xIBvOMzjP/B7Y0SdLWI08bgQHi/OYLBDSHj17N4B/ZE4f5OqpZI7RqwC+TxkCJey04IMw+AXitm6q25zffGI9Mt+4lrBi/RMlEOjE7bQU4p9ZyZY2OIDNRPSr3nDBqA6g3a/v0C7cpdIYPf3khyNtV61x/irRBcOjsc44g0umaUgrmity5f/ZLyvD/zd+HSF0ft1m3AAp6z9w7bxAWs7m894HWZPJ0l39SRGVF2uiOJhbZEXG1lmCWss+do0jfy+U4hb6vC7LTKUBp6or5PF9tHDsNe3CxOmiRPt5GQmr/AA/FQRBC1BC+PO8INltKO4Np15DZ2v7Y2+nlcI++F2ef/IgJmAEfl5Y7d8N/wT5IyfBYy5+PuqLqCOOFBc/sOb2OJvsR0syX5SJM5roznrQ071G2BpxPWaPIgfABKJ8T0M/R+mdIGxlttD3z6S2LRNLoeNOKF1vIEYkxIErpRBavuvXQ== andis@fet.at"
+  - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD49PS1E7mfg/hQjp2lwcQLnu75G64LvMZ5OVLKqmnYFFqulQ3nERJfHgoGAzRTP78AwUqWwicKa7cgsRVFGEckpVKc5n/EiBdpF7Y7+ewb4jGfulVqW0CilwWD2QY+cnh+hqU7j93PpDXhPnr06z+zg30ADrrGRqKcjEI57uBXBar95C6jKaslkzLKzH/bx/peG4KjshC9dALJuGTGIczgn1ewcCUfyYc/V8mqlN6t7TN9sWU30vTxyYATsdZxnOBfHPx/TstWV9CQURAaTbUoLpsfl6FCJx2WbTtrI06VyY0oO5PJT0N8WGmejE3NfQKsOr/8MqA2WKZsgvY1h0Op andreas@LAPTOP-VMVFFSM9 andis@fet.at"
   - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGy7lvScEwrJ7/PiykH1b2+K7WQH2WovdUMV/1n7y90kwm2sMERJN9R9mSQIGdF325MPWREAv+cEPIvyRAgER9CuiLF9fWFPas8tKumtu4rPyGim0jR30nn4ARSe5GEn+R8lgdJ9nKiBF0D5kFCeUoxkSu4mF9hqHL4JtmU7IfcD05VLTLNivInKAh6OuN2iF6D9BfWS1TkB7LCYjpKPJ94srh86EM5uV5WjPLnERZkBixk0Bi7mVq8qXWZCrMP4o7wwCCeEnbTKUq9zy629fu28O9t7N5J23g0SdH+3Y+WfYjp4CAtFWULdAHwjNp8ql0IbBzY7Q6Pf0+rOKaM7d3HvnV7Ihv8+hEHVtxC/PiCaIQJKpVpi5qhf8mMHMkPmdJZ9a3zmdUvVQVCrCMqXjn6fx0/4s1aogkujXnN5yZP4KfPkiEc0+FtY7j0P4dOZ/Uc6INkxSXphnjDoAi5M8dbH3Gn7prS+jZpSX/S4q7HDxnEZDvhD9gu0v3eaVmjVaVZEiuPgtKiTvXK/kJzIu7RdgHSqTx2kN9rR61oTVu2fcDr1N94axQTqjuey27ixytOMYVP3ZsCNFi+M4Y8ExYGgpDl34ne8IN6JHtCsIiUSPVteLppjOr4C2IkXBuqnHymfzt0Il2RKLnnbJvgxVgzEyqnAMTKuKjv2DWWK7H4w== berni@fet.at"
   - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC97hn9b7HPGpD2iQTelwxn/xLuvc2ZmOKoczpYequTYYNBf2SGBWTj75rIk7En+6J7cwRd+UDzI1MU09+TPY+e9PenzxCed9cvdhrjkigqBs9Gwz1rTE8Sgl2m9XtIqzg4Pu2ZTyTFB2ZOrF/3BEJ6UBycmnUaxOuoCoxMflEk/Xc14ZXnjAw2M5IZzgZBPYeHtn032noBlglXtgfXQy5dZy2DvbfuEPlc2x/m/zz/QFiWyFHn05FNpvz8grifz+7VIuWvXS0H7uWFFq2Zwjf3yfr8EZo3/bX/fseW5lpkWwYYKjeIXGkwZOnfCFqbbopB+vqhhISwTCQM3ObpY3VlEKyIpKM+0pzfDdQhv3ze4NPLf4wl4fHKvUEdOvpYBkn54s3inft6AzwRw1PRzIiBZbCHM2Lj1/m0s0LB979MvDkkG9wyAWqrRfVRZHO8D/9xfPyDJsNiSpO0R4rpfTV21BRowxBfEjGDsxf+MtzGHSpt6G0MUbg4LOPXmJKecfxK46hFMCDGotQHNf3ZUF2hMpee8dbNhj7Ao0fuf+hYmGrYBdA9SB8XJJLoAjiA0yQpreQD+jTd4pjfofKr5FHZnEBRY0etl6oc4wALfhSDSqd81lBGTEfJx4++6Vm7fI1aQ7UAfqLeT126rXqG9aN20MZ10sEU4isJFgm5741w2w== moses@fet.at"
   - key: 'no-pty,no-agent-forwarding,no-X11-forwarding,command="zfs_mount.sh shutdown || shutdown -h +1" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCiI41+XkobMT0K8ZrHdCeomdGAIRMZbdX1VjGe5OWa72rcaDFmBtK7MxD5xPZEdSaDkn+Nrpwv5/j10MccvkAOI/tx6PIxcgDF52FnHLMMVrXRM3cnkm9CrBi4kCN0D2fpbDLhknJhiqftIcPdct/a9foZQwkWOzGUN2Rk0mCw2QzkGyWHNxOMzMjV0gpfAWPv6Jg+JKDl5EHf2xJTeJ/l0TG6O0lsc5YY/7cqjRJJzTVFDo1Gy+qNgff0mbPrhcbWepG5R1tjkdT++f8uuoVkBUamwkjwDpH2y57sdESEPB0C5ES2cglOp2X3MMN7EnUBHYU3mMiYU0wV+b7Q3oKmQuG86a2D+yEp+0+WFaUY/TMCNpslGOtTBrNLshMIX/bnrx/aF9DApl9L/kUIlSxwwBNiPIl4VVU1p5Zzj/YAPvRl0kAKjosOZgl108JeRUbhQSGVrcODyhaIMQv4BAzHnV0kii7jNACHhqBR36eo3N6HX7GkbnU1YadZRcrxrpE9z9mrXuqWxzl4Cmz1yHb1JTwsnQQ2Dy0trIklQjEmLxvG8zpxHLV3EQmtIMK/g2Mk6VTdz9HZnwYLU7Mj/uZk0DWhTZ5Eyj6QAbcw2gLPLEUmdQhkHSoQKxHY0at3OjGFGydyc/3n7B7d578uxVBrp04uhTbW7SDi6mYGCkvCRQ== nut ups shutdown'

group_vars/fet_lxc_debian

@@ -2,7 +2,6 @@
 common_basic_packages:
   - cron-apt
   - curl
-  - emacs-nox
   - ncurses-term
   - etckeeper
   - git
@@ -20,6 +19,6 @@ common_basic_packages:
   - zsh
   # for ansible/debian
   - lsb-release
-  - python3-apt
-  - python3-pycurl
+  - python-apt
+  - python-pycurl
   - molly-guard

host_vars/ariane

@@ -21,8 +21,8 @@ lxc:
       - lxc.network.1.hwaddr = 00:50:fc:ce:1b:c3
       - lxc.network.1.link = br0
       - lxc.network.1.flags = up
-      - lxc.network.1.ipv4 = 128.131.95.206/24
-      - lxc.network.1.ipv4.gateway = 128.131.95.1
+      - lxc.network.1.ipv4 = 128.130.95.206/27
+      - lxc.network.1.ipv4.gateway = 128.130.95.193
       - lxc.pts = 6
 
   - name: betam
@@ -70,8 +70,8 @@ lxc:
       - lxc.network.1.hwaddr = 00:15:c5:5d:78:0e
       - lxc.network.1.link = br0
       - lxc.network.1.flags = up
-      - lxc.network.1.ipv4 = 128.131.95.204/24
-      - lxc.network.1.ipv4.gateway = 128.131.95.1
+      - lxc.network.1.ipv4 = 128.130.95.205/27
+      - lxc.network.1.ipv4.gateway = 128.130.95.193
 
       - lxc.pts = 6
       - lxc.mount.entry = /zv1/laika /var/lib/lxc/lxc-laika-01/rootfs/home/backup/repos none bind,create=dir 0 0
@@ -114,4 +114,34 @@ lxc:
       - lxc.network.flags = up
       - lxc.mount.entry = /zv1/andis /var/lib/lxc/lxc-fetsite-02/rootfs/srv/ none bind,create=dir 0 0
 
+  - name: fetsite
+    revision: "03"
+    template: debian
+    config:
+      - lxc.network.type = veth
+      - lxc.network.hwaddr = 2e:6d:b6:07:10:03
+      - lxc.network.link = br1
+      - lxc.network.flags = up
+      - lxc.mount.entry = /zv1/andis /var/lib/lxc/lxc-fetsite-03/rootfs/srv/ none bind,create=dir 0 0
+
+  - name: fetsite
+    revision: "04"
+    template: debian
+    config:
+      - lxc.network.type = veth
+      - lxc.network.hwaddr = 2e:6d:b6:07:10:04
+      - lxc.network.link = br1
+      - lxc.network.flags = up
+      - lxc.mount.entry = /zv1/andis /var/lib/lxc/lxc-fetsite-04/rootfs/srv/ none bind,create=dir 0 0
+
+  - name: fetsite
+    revision: "05"
+    template: debian
+    config:
+      - lxc.network.type = veth
+      - lxc.network.hwaddr = 2e:6d:b6:07:10:05
+      - lxc.network.link = br1
+      - lxc.network.flags = up
+      - lxc.mount.entry = /zv1/andis /var/lib/lxc/lxc-fetsite-05/rootfs/srv/ none bind,create=dir 0 0
+
 common_zfs: True

host_vars/fetsite3

@@ -0,0 +1,3 @@
+inventory_hostname: fetsite3.fet.htu.tuwien.ac.at
+inventory_hostname_short: fetsite3
+

host_vars/fetsite4

@@ -0,0 +1,3 @@
+inventory_hostname: fetsite4.fet.htu.tuwien.ac.at
+inventory_hostname_short: fetsite4
+

host_vars/fetsite5

@@ -0,0 +1,3 @@
+inventory_hostname: fetsite5.fet.htu.tuwien.ac.at
+inventory_hostname_short: fetsite5
+

hosts/production

@@ -11,6 +11,11 @@ all:
         alekse:
         wostok:
         fetsite:
+        fetsite3:
+        fetsite4:
+        fetsite5:
+        fetsite6:
+        fetsite21:
     fet_lxc_void:
       hosts:
         sputnik:

install3

@@ -0,0 +1,7 @@
+#/bin/bash
+if [ ! -d ".env_ansible" ]; then
+python3 -m venv .env_ansible
+fi
+source .env_ansible/bin/activate
+pip3 install --upgrade pip
+pip3 install --upgrade ansible

ssh.cfg

@@ -43,6 +43,18 @@ Host progress
     User root
     Proxyjump sputnik
 
+Host fetsite3
+    User root
+    Proxyjump sputnik
+
+Host fetsite4
+    User root
+    Proxyjump sputnik
+
+Host fetsite5
+    User root
+    Proxyjump sputnik
+
 Host energija
     Hostname energija.htu.tuwien.ac.at
     ProxyJump sputnik