ctucx.git: ansible-configs

move alpine stuff to sub-directory

diff --git a/.DS_Store b/.DS_Store  Binary files differ.

diff --git a/.gitignore b/.gitignore
@@ -1 +0,0 @@
-secrets/

diff --git a/alpine/.DS_Store b/alpine/.DS_Store  Binary files differ.

diff --git a/config-files/acme-redirect/acme-redirect.conf b/alpine/config-files/acme-redirect/acme-redirect.conf

diff --git a/config-files/awall/custom-services.json b/alpine/config-files/awall/custom-services.json

diff --git a/config-files/awall/dns.json b/alpine/config-files/awall/dns.json

diff --git a/config-files/awall/frps.json b/alpine/config-files/awall/frps.json

diff --git a/config-files/awall/mail.json b/alpine/config-files/awall/mail.json

diff --git a/config-files/awall/ssh.json b/alpine/config-files/awall/ssh.json

diff --git a/config-files/awall/syncthing.json b/alpine/config-files/awall/syncthing.json

diff --git a/config-files/awall/web.json b/alpine/config-files/awall/web.json

diff --git a/config-files/cgit/cgit.css b/alpine/config-files/cgit/cgit.css

diff --git a/config-files/cgit/cgitrc b/alpine/config-files/cgit/cgitrc

diff --git a/alpine/config-files/ferm/ferm-lollo.conf b/alpine/config-files/ferm/ferm-lollo.conf
@@ -0,0 +1,95 @@
+# -*- shell-script -*-
+#
+# Ferm example script
+#
+# Firewall configuration for a router with a dynamic IP.
+#
+# Author: Max Kellermann <max@duempel.org>
+#
+
+@def $DEV_LAN = brlan0;
+@def $DEV_WAN = eth0;
+
+@def $NET_LAN = 10.0.0.0/24;
+
+# globally accessible services
+@def $WAN_TCP = ( 22 );
+@def $WAN_UDP = ( 1194 );
+# ( ssh )
+# ( wireguard )
+
+# locally accessible services
+@def $LAN_TCP = ( 53 22 );
+@def $LAN_UDP = ( 53 67 69 123 );
+# ( dns ssh )
+# ( dns dhcp tftp ntp )
+
+# generic input and forwarding rules for ipv4 and ipv6
+domain (ip ip6) {
+    table filter {
+        chain INPUT {
+            policy DROP;
+
+            # connection tracking
+            mod state state INVALID DROP;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+
+            # allow local connections
+            interface lo ACCEPT;
+
+            # respond to ping
+        proto ipv6-icmp icmpv6-type redirect DROP;
+        proto ipv6-icmp icmpv6-type 139 DROP;
+        proto ipv6-icmp ACCEPT;
+            proto icmp ACCEPT;
+
+            # local services
+            interface ! $DEV_WAN {
+                proto tcp dport $LAN_TCP ACCEPT;
+                proto udp mod multiport destination-ports $LAN_UDP ACCEPT;
+            }
+
+            proto tcp dport $WAN_TCP ACCEPT;
+            proto udp dport $WAN_UDP ACCEPT;
+        }
+
+        # outgoing connections are not limited
+        chain OUTPUT policy ACCEPT;
+
+        chain FORWARD {
+            policy DROP;
+
+            # connection tracking
+            mod state state INVALID DROP;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+
+            # local clients can do whatever
+            interface $DEV_LAN ACCEPT;
+
+
+            proto icmp ACCEPT;
+
+            mod conntrack ctstate DNAT ACCEPT;
+
+            # the rest is dropped by the above policy
+        }
+    }
+}
+
+# nat only for ipv4
+domain ip {
+    table nat {
+        chain PREROUTING {
+            policy ACCEPT;
+
+            # port forwards, ala daddr $WAN_IP dport 65522 DNAT to 192.168.0.2:22;
+        }
+
+        chain POSTROUTING {
+            policy ACCEPT;
+
+            outerface $DEV_WAN MASQUERADE;
+            saddr $NET_LAN mod conntrack ctstate DNAT MASQUERADE; # needle point loopback
+        }
+    }
+}+
\ No newline at end of file

diff --git a/config-files/ferm/ferm.initd b/alpine/config-files/ferm/ferm.initd

diff --git a/config-files/gitolite/gitolite.rc.patch b/alpine/config-files/gitolite/gitolite.rc.patch

diff --git a/config-files/grafana/grafana.ini b/alpine/config-files/grafana/grafana.ini

diff --git a/config-files/grafana/provisioning/dashboards/FritzBox.json b/alpine/config-files/grafana/provisioning/dashboards/FritzBox.json

diff --git a/config-files/grafana/provisioning/dashboards/dashboards.yml b/alpine/config-files/grafana/provisioning/dashboards/dashboards.yml

diff --git a/config-files/grafana/provisioning/dashboards/node-exporter.json b/alpine/config-files/grafana/provisioning/dashboards/node-exporter.json

diff --git a/config-files/grafana/provisioning/dashboards/node-stats.json b/alpine/config-files/grafana/provisioning/dashboards/node-stats.json

diff --git a/config-files/grafana/provisioning/datasources/datasources.yml b/alpine/config-files/grafana/provisioning/datasources/datasources.yml

diff --git a/config-files/maddy/maddy-service.patch b/alpine/config-files/maddy/maddy-service.patch

diff --git a/config-files/nginx/nginx.conf b/alpine/config-files/nginx/nginx.conf

diff --git a/config-files/nginx/proxy.conf b/alpine/config-files/nginx/proxy.conf

diff --git a/config-files/nginx/ssl.conf b/alpine/config-files/nginx/ssl.conf

diff --git a/config-files/pleroma/config.exs b/alpine/config-files/pleroma/config.exs

diff --git a/config-files/prometheus/prometheus.yml b/alpine/config-files/prometheus/prometheus.yml

diff --git a/config-files/radicale/config b/alpine/config-files/radicale/config

diff --git a/config-files/rest-server/rest-server.initd b/alpine/config-files/rest-server/rest-server.initd

diff --git a/config-files/riot-web/config.json b/alpine/config-files/riot-web/config.json

diff --git a/config-files/ssh/sshd_config.patch b/alpine/config-files/ssh/sshd_config.patch

diff --git a/config-files/sudo/sudoers.patch b/alpine/config-files/sudo/sudoers.patch

diff --git a/config-files/synapse/homeserver.yaml b/alpine/config-files/synapse/homeserver.yaml

diff --git a/config-files/synapse/log.yaml b/alpine/config-files/synapse/log.yaml

diff --git a/config-files/website-vhosts/ctu.cx.conf b/alpine/config-files/website-vhosts/ctu.cx.conf

diff --git a/config-files/website-vhosts/photos.ctu.cx.conf b/alpine/config-files/website-vhosts/photos.ctu.cx.conf

diff --git a/config-files/website-vhosts/repo.f2k1.de.conf b/alpine/config-files/website-vhosts/repo.f2k1.de.conf

diff --git a/alpine/inventory b/alpine/inventory
@@ -0,0 +1,12 @@
+[all:vars]
+ansible_ssh_user=root
+
+[taurus]
+taurus.ctu.cx
+
+
+[wanderduene]
+wanderduene.ctu.cx
+
+[lollo]
+10.0.0.1

diff --git a/alpine/playbook-router.yml b/alpine/playbook-router.yml
@@ -0,0 +1,77 @@
+---
+- hosts: all
+  remote_user: root
+  gather_facts: false
+  tasks:
+    - name: Install Python
+      raw: test -e /usr/bin/python || (apk update && apk add python3)
+
+- hosts: lollo
+  name: Install lollo
+  roles:
+    - common
+    - dnsmasq
+#    - hostapd
+#    - syncthing
+#    - frp
+  vars:
+    alpineVersion: v3.12
+    users:
+      - name: leah
+        groups: "wheel"
+        password: "$6$foobar123$1qcCmnoveirSdWY9XdgH5hCXv32hj0n/AyJX46sSp1LyGCA8QT/xxifebRxr89uIH6vwhzFGgz4.H2sG0en0f0"
+        sshKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829"
+    network:
+      hostname: lollo
+      domain: ctu.cx
+      nameservers:
+        - 1.1.1.1
+        - 8.8.8.8
+      useFerm: true
+      useAwall: false
+      vlanSupport:   true
+      natSupport:    true
+      bridgeSupport: true
+      interfaces:
+        - name: lo
+          loopback: true
+        - name: eth0
+          ipv4:
+            dhcp: true
+          ipv6:
+            stateless: true
+        - name: eth0.5
+          manual: true
+        - name: brlan0
+          bridge_ports: eth0.5
+          bridge_stp: false
+          ipv4:
+            addresses:
+             - 10.0.0.1
+             - 195.39.246.40
+            netmask: 255.255.255.0
+          ipv6:
+            address: 2a0f:4ac0:acab::1
+            netmask: 64
+    hostapd:
+      interface: wlan0
+      bridge: brlan0
+      channel: 1
+      ssid: legacy.home.ctu.cx
+      passphrase: wasd1998
+    dnsmasq:
+      dhcp: true
+    syncthing:
+      disableReverseProxy: true
+      guiAddress: 0.0.0.0:8384
+    frpc:
+      serverAddress: wanderduene.ctu.cx
+      serverPort: 5050
+      token: "{{ lookup('community.general.passwordstore', 'server/wanderduene/frps/token returnall=true')}}"
+      dashboard: false
+      tunnels:
+        - name: lollo-ssh
+          type: tcp
+          local_ip: 127.0.0.1
+          local_port: 22
+          remote_port: 2202+
\ No newline at end of file

diff --git a/playbook-servers.yml b/alpine/playbook-servers.yml

diff --git a/roles/acme-redirect/tasks/main.yml b/alpine/roles/acme-redirect/tasks/main.yml

diff --git a/roles/acme-redirect/templates/acme-redirect.conf.j2 b/alpine/roles/acme-redirect/templates/acme-redirect.conf.j2

diff --git a/roles/backup/tasks/main.yml b/alpine/roles/backup/tasks/main.yml

diff --git a/roles/backup/tasks/wanderduene.yml b/alpine/roles/backup/tasks/wanderduene.yml

diff --git a/roles/bind/tasks/main.yml b/alpine/roles/bind/tasks/main.yml

diff --git a/roles/bind/templates/named.conf.j2 b/alpine/roles/bind/templates/named.conf.j2

diff --git a/roles/cgit/tasks/main.yml b/alpine/roles/cgit/tasks/main.yml

diff --git a/roles/cgit/templates/cgit-vhost.conf.j2 b/alpine/roles/cgit/templates/cgit-vhost.conf.j2

diff --git a/roles/common/tasks/chrony.yml b/alpine/roles/common/tasks/chrony.yml

diff --git a/roles/common/tasks/firewall-awall.yml b/alpine/roles/common/tasks/firewall-awall.yml

diff --git a/roles/common/tasks/firewall-ferm.yml b/alpine/roles/common/tasks/firewall-ferm.yml

diff --git a/roles/common/tasks/main.yml b/alpine/roles/common/tasks/main.yml

diff --git a/roles/common/tasks/network.yml b/alpine/roles/common/tasks/network.yml

diff --git a/roles/common/tasks/node-exporter.yml b/alpine/roles/common/tasks/node-exporter.yml

diff --git a/alpine/roles/common/tasks/packages.yml b/alpine/roles/common/tasks/packages.yml
@@ -0,0 +1,32 @@
+---
+
+- name: get signature from personal repo
+  get_url:
+    url: http://home.f2k1.de:8080/leah-5f817de5.rsa.pub
+    dest: /etc/apk/keys/leah-5f817de5.rsa.pub
+
+- name: "Update file: /etc/apk/repositories"
+  template:
+    src: repositories.j2
+    dest: /etc/apk/repositories
+
+- name: update system
+  raw: "apk update && apk upgrade"
+
+- name: Install common packages
+  apk:
+    name:
+      - nano
+      - sudo
+      - htop
+      - tar
+      - unzip
+      - curl 
+      - wget
+      - tmux
+      - git
+      - patch
+      - jq
+      - restic
+    update_cache: yes
+    

diff --git a/roles/common/tasks/sshd.yml b/alpine/roles/common/tasks/sshd.yml

diff --git a/roles/common/tasks/sudo.yml b/alpine/roles/common/tasks/sudo.yml

diff --git a/roles/common/tasks/users.yml b/alpine/roles/common/tasks/users.yml

diff --git a/roles/common/templates/awall-baseconfig.yaml.j2 b/alpine/roles/common/templates/awall-baseconfig.yaml.j2

diff --git a/roles/common/templates/hosts.conf.j2 b/alpine/roles/common/templates/hosts.conf.j2

diff --git a/roles/common/templates/interfaces.conf.j2 b/alpine/roles/common/templates/interfaces.conf.j2

diff --git a/roles/common/templates/repositories.j2 b/alpine/roles/common/templates/repositories.j2

diff --git a/roles/common/templates/resolv.conf.j2 b/alpine/roles/common/templates/resolv.conf.j2

diff --git a/alpine/roles/dnsmasq/tasks/main.yml b/alpine/roles/dnsmasq/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+
+- name: "Install package: dnsmasq" 
+  apk:
+   name: dnsmasq 
+   state: present
+   update_cache: yes
+
+- name: "create file: /etc/dnsmasq.conf"
+  template:
+    src: dnsmasq.conf.j2
+    dest: /etc/dnsmasq.d/ansible.conf
+
+- name: "Enable and restart service: dnsmasq"
+  service:
+   name: dnsmasq
+   enabled: yes
+   state: restarted

diff --git a/roles/dnsmasq/templates/dnsmasq.conf.j2 b/alpine/roles/dnsmasq/templates/dnsmasq.conf.j2

diff --git a/roles/frp/tasks/frpc.yml b/alpine/roles/frp/tasks/frpc.yml

diff --git a/roles/frp/tasks/frps.yml b/alpine/roles/frp/tasks/frps.yml

diff --git a/roles/frp/tasks/main.yml b/alpine/roles/frp/tasks/main.yml

diff --git a/roles/frp/templates/frpc.conf.j2 b/alpine/roles/frp/templates/frpc.conf.j2

diff --git a/roles/frp/templates/frps-vhost.conf.j2 b/alpine/roles/frp/templates/frps-vhost.conf.j2

diff --git a/roles/frp/templates/frps.confd.j2 b/alpine/roles/frp/templates/frps.confd.j2

diff --git a/roles/gitolite/tasks/main.yml b/alpine/roles/gitolite/tasks/main.yml

diff --git a/roles/grafana/tasks/main.yml b/alpine/roles/grafana/tasks/main.yml

diff --git a/roles/grafana/templates/grafana-vhost.conf.j2 b/alpine/roles/grafana/templates/grafana-vhost.conf.j2

diff --git a/roles/hostapd/tasks/main.yml b/alpine/roles/hostapd/tasks/main.yml

diff --git a/roles/hostapd/templates/hostapd.conf.j2 b/alpine/roles/hostapd/templates/hostapd.conf.j2

diff --git a/roles/maddy/tasks/main.yml b/alpine/roles/maddy/tasks/main.yml

diff --git a/roles/maddy/templates/maddy.conf.j2 b/alpine/roles/maddy/templates/maddy.conf.j2

diff --git a/roles/nginx/tasks/main.yml b/alpine/roles/nginx/tasks/main.yml

diff --git a/roles/nginx/templates/vhost.conf.j2 b/alpine/roles/nginx/templates/vhost.conf.j2

diff --git a/roles/oeffi-web/tasks/main.yml b/alpine/roles/oeffi-web/tasks/main.yml

diff --git a/roles/oeffi-web/templates/oeffi-web-vhost.conf.j2 b/alpine/roles/oeffi-web/templates/oeffi-web-vhost.conf.j2

diff --git a/roles/oeffi-web/templates/oeffi-web.initd.j2 b/alpine/roles/oeffi-web/templates/oeffi-web.initd.j2

diff --git a/roles/oeffisearch/tasks/main.yml b/alpine/roles/oeffisearch/tasks/main.yml

diff --git a/roles/oeffisearch/templates/oeffisearch-vhost.conf.j2 b/alpine/roles/oeffisearch/templates/oeffisearch-vhost.conf.j2

diff --git a/roles/oeffisearch/templates/oeffisearch.initd.j2 b/alpine/roles/oeffisearch/templates/oeffisearch.initd.j2

diff --git a/roles/pleroma/tasks/main.yml b/alpine/roles/pleroma/tasks/main.yml

diff --git a/roles/pleroma/templates/pleroma-vhost.conf.j2 b/alpine/roles/pleroma/templates/pleroma-vhost.conf.j2

diff --git a/roles/prometheus/tasks/main.yml b/alpine/roles/prometheus/tasks/main.yml

diff --git a/roles/prometheus/templates/prometheus-vhost.conf.j2 b/alpine/roles/prometheus/templates/prometheus-vhost.conf.j2

diff --git a/roles/radicale/tasks/main.yml b/alpine/roles/radicale/tasks/main.yml

diff --git a/roles/radicale/templates/radicale-vhost.conf.j2 b/alpine/roles/radicale/templates/radicale-vhost.conf.j2

diff --git a/roles/rest-server/tasks/main.yml b/alpine/roles/rest-server/tasks/main.yml

diff --git a/roles/rest-server/templates/rest-server-vhost.conf.j2 b/alpine/roles/rest-server/templates/rest-server-vhost.conf.j2

diff --git a/roles/synapse/tasks/main.yml b/alpine/roles/synapse/tasks/main.yml

diff --git a/roles/synapse/templates/synapse-vhost.conf.j2 b/alpine/roles/synapse/templates/synapse-vhost.conf.j2

diff --git a/roles/syncthing/tasks/main.yml b/alpine/roles/syncthing/tasks/main.yml

diff --git a/roles/syncthing/templates/syncthing-initd.j2 b/alpine/roles/syncthing/templates/syncthing-initd.j2

diff --git a/roles/syncthing/templates/syncthing-vhost.conf.j2 b/alpine/roles/syncthing/templates/syncthing-vhost.conf.j2

diff --git a/roles/websites/tasks/ctu.cx.yml b/alpine/roles/websites/tasks/ctu.cx.yml

diff --git a/roles/websites/tasks/main.yml b/alpine/roles/websites/tasks/main.yml

diff --git a/roles/websites/tasks/photos.ctu.cx.yml b/alpine/roles/websites/tasks/photos.ctu.cx.yml

diff --git a/roles/websites/tasks/repo.f2k1.de.yml b/alpine/roles/websites/tasks/repo.f2k1.de.yml

diff --git a/alpine/roles/wireguard/tasks/main.yml b/alpine/roles/wireguard/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+
+- name: "Install package: wireguard-tools-wg" 
+  apk:
+   name: wireguard-tools-wg 
+   state: present
+   update_cache: yes
+
+- name: "Create directory: /etc/wireguard"
+  file:
+    path: /etc/wireguard
+    mode: 0700
+    state: directory
+

diff --git a/scripts/restic-backup-wanderduene.sh b/alpine/scripts/restic-backup-wanderduene.sh

diff --git a/config-files/ferm/ferm-lollo.conf b/config-files/ferm/ferm-lollo.conf
@@ -1,87 +0,0 @@
-# -*- shell-script -*-
-#
-# Ferm example script
-#
-# Firewall configuration for a router with a dynamic IP.
-#
-# Author: Max Kellermann <max@duempel.org>
-#
-
-@def $DEV_LAN = brlan0;
-@def $DEV_WAN = eth0;
-
-@def $NET_LAN = 10.0.0.0/24;
-
-# globally accessible services
-@def $WAN_TCP = ( 22 );
-@def $WAN_UDP = ( 1194 );
-# ( ssh )
-# ( wireguard )
-
-# locally accessible services
-@def $LAN_TCP = ( 53 22 );
-@def $LAN_UDP = ( 53 67 69 123 );
-# ( dns ssh )
-# ( dns dhcp tftp ntp )
-
-table filter {
-    chain INPUT {
-        policy DROP;
-
-        # connection tracking
-        mod state state INVALID DROP;
-        mod state state (ESTABLISHED RELATED) ACCEPT;
-
-        # allow local connections
-        interface lo ACCEPT;
-
-        # respond to ping
-        proto icmp ACCEPT;
-
-
-        # local services
-        interface ! $DEV_WAN {
-            proto tcp dport $LAN_TCP ACCEPT;
-            proto udp mod multiport destination-ports $LAN_UDP ACCEPT;
-        }
-
-        proto tcp dport $WAN_TCP ACCEPT;
-        proto udp dport $WAN_UDP ACCEPT;
-    }
-
-    # outgoing connections are not limited
-    chain OUTPUT policy ACCEPT;
-
-    chain FORWARD {
-        policy DROP;
-
-        # connection tracking
-        mod state state INVALID DROP;
-        mod state state (ESTABLISHED RELATED) ACCEPT;
-
-        # local clients can do whatever
-        interface $DEV_LAN ACCEPT;
-
-
-        proto icmp ACCEPT;
-
-        mod conntrack ctstate DNAT ACCEPT;
-
-        # the rest is dropped by the above policy
-    }
-}
-
-table nat {
-    chain PREROUTING {
-        policy ACCEPT;
-
-        # port forwards, ala daddr $WAN_IP dport 65522 DNAT to 192.168.0.2:22;
-    }
-
-    chain POSTROUTING {
-        policy ACCEPT;
-
-        outerface $DEV_WAN MASQUERADE;
-        saddr $NET_LAN mod conntrack ctstate DNAT MASQUERADE; # needle point loopback
-    }
-}-
\ No newline at end of file

diff --git a/inventory b/inventory
@@ -1,12 +0,0 @@
-[all:vars]
-ansible_ssh_user=root
-
-[taurus]
-taurus.ctu.cx
-
-
-[wanderduene]
-wanderduene.ctu.cx
-
-[lollo]
-192.168.178.116-
\ No newline at end of file

diff --git a/playbook-router.yml b/playbook-router.yml
@@ -1,75 +0,0 @@
----
-- hosts: all
-  remote_user: root
-  gather_facts: false
-  tasks:
-    - name: Install Python
-      raw: test -e /usr/bin/python || (apk update && apk add python3)
-
-- hosts: lollo
-  name: Install lollo
-  roles:
-    - common
-    - dnsmasq
-#    - hostapd
-#    - syncthing
-#    - frp
-  vars:
-    alpineVersion: v3.12
-    users:
-      - name: leah
-        groups: "wheel"
-        password: "$6$foobar123$1qcCmnoveirSdWY9XdgH5hCXv32hj0n/AyJX46sSp1LyGCA8QT/xxifebRxr89uIH6vwhzFGgz4.H2sG0en0f0"
-        sshKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829"
-    network:
-      hostname: lollo
-      domain: ctu.cx
-      nameservers:
-        - 1.1.1.1
-        - 8.8.8.8
-      useFerm: true
-      useAwall: false
-      vlanSupport:   true
-      natSupport:    true
-      bridgeSupport: true
-      interfaces:
-        - name: lo
-          loopback: true
-        - name: eth0
-          ipv4:
-            dhcp: true
-          ipv6:
-            stateless: true
-        - name: eth0.5
-          manual: true
-        - name: brlan0
-          bridge_ports: eth0.5
-          bridge_stp: false
-          ipv4:
-            address: 10.0.0.1
-            netmask: 255.255.255.0
-          ipv6:
-            address: fe80:acab::1
-            netmask: 64
-    hostapd:
-      interface: wlan0
-      bridge: brlan0
-      channel: 1
-      ssid: legacy.home.ctu.cx
-      passphrase: wasd1998
-    dnsmasq:
-      dhcp: true
-    syncthing:
-      disableReverseProxy: true
-      guiAddress: 0.0.0.0:8384
-    frpc:
-      serverAddress: wanderduene.ctu.cx
-      serverPort: 5050
-      token: "{{ lookup('community.general.passwordstore', 'server/wanderduene/frps/token returnall=true')}}"
-      dashboard: false
-      tunnels:
-        - name: lollo-ssh
-          type: tcp
-          local_ip: 127.0.0.1
-          local_port: 22
-          remote_port: 2202-
\ No newline at end of file

diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml
@@ -1,31 +0,0 @@
----
-- name: get signature from personal repo
-  get_url:
-    url: http://home.f2k1.de:8080/leah-5f817de5.rsa.pub
-    dest: /etc/apk/keys/leah-5f817de5.rsa.pub
-
-- name: "Update file: /etc/apk/repositories"
-  template:
-    src: repositories.j2
-    dest: /etc/apk/repositories
-
-- name: update system
-  raw: "apk update && apk upgrade"
-
-- name: Install common packages
-  apk:
-    name:
-      - nano
-      - sudo
-      - htop
-      - tar
-      - unzip
-      - curl 
-      - wget
-      - tmux
-      - git
-      - patch
-      - jq
-      - restic
-    update_cache: yes
-    

diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
@@ -1,18 +0,0 @@
----
-
-- name: "Install package: dnsmasq" 
-  apk:
-   name: dnsmasq 
-   state: present
-   update_cache: yes
-
-- name: "create file: /etc/dnsmasq.d/ansible.conf"
-  template:
-    src: dnsmasq.conf.j2
-    dest: /etc/dnsmasq.d/ansible.conf
-
-- name: "Enable and restart service: dnsmasq"
-  service:
-   name: dnsmasq
-   enabled: yes
-   state: restarted