From 5d7ebbaa052f127c65e06ec6cf2db9c5a524a371 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 24 Jul 2021 18:33:15 -0500 Subject: [PATCH] r/hass-dhcp: Clean up DHCP/DNS service The production deployment of *dnsmasq* for Home Assistant has deviated from how the *hass-dhcp* role configures it. Bringing the role back in sync with how things really are. --- roles/hass-dhcp/defaults/main.yml | 2 +- roles/hass-dhcp/handlers/main.yml | 4 ++ roles/hass-dhcp/tasks/main.yml | 40 +++++++++++++++++++ .../templates/homeassistant.dnsmasq.conf.j2 | 12 ++++-- roles/hass-dhcp/vars/main.yml | 9 +++++ 5 files changed, 62 insertions(+), 5 deletions(-) create mode 100644 roles/hass-dhcp/vars/main.yml diff --git a/roles/hass-dhcp/defaults/main.yml b/roles/hass-dhcp/defaults/main.yml index 3f30a2e..bd7ee4e 100644 --- a/roles/hass-dhcp/defaults/main.yml +++ b/roles/hass-dhcp/defaults/main.yml @@ -1,5 +1,5 @@ hass_dhcp_range: start: 192.168.1.100 end: 192.168.1.250 -hass_dhcp_lease_time: 1h +hass_dhcp_lease_time: 24h hass_dns_domain: homeassistant.io diff --git a/roles/hass-dhcp/handlers/main.yml b/roles/hass-dhcp/handlers/main.yml index bf3bfdc..b3d091a 100644 --- a/roles/hass-dhcp/handlers/main.yml +++ b/roles/hass-dhcp/handlers/main.yml @@ -2,3 +2,7 @@ service: name: dnsmasq state: restarted +- name: reload firewalld + command: firewall-cmd --reload +- name: save firewalld configuration + command: firewall-cmd --runtime-to-permanent diff --git a/roles/hass-dhcp/tasks/main.yml b/roles/hass-dhcp/tasks/main.yml index 8a0a651..0c042c0 100644 --- a/roles/hass-dhcp/tasks/main.yml +++ b/roles/hass-dhcp/tasks/main.yml @@ -12,3 +12,43 @@ mode: '0644' notify: - restart dnsmasq + +- meta: flush_handlers +- name: ensure homeassistant firewall zone exists + firewalld: + zone: homeassistant + permanent: true + state: present + tags: + - firewall + notify: + - reload firewalld +- name: ensure homeassistant firewalld zone is configured + firewalld: + zone: homeassistant + interface: '{{ hass_interface }}' + permanent: true + state: enabled + notify: + - reload firewalld + tags: + - firewall +- meta: flush_handlers +- name: ensure firewall is configured for home assistant services + firewalld: + zone: homeassistant + service: '{{ item }}' + immediate: yes + permanent: no + state: enabled + loop: + - dhcp + - dns + - http + - https + - mdns + - mqtt-tls + notify: + - save firewalld configuration + tags: + - firewall diff --git a/roles/hass-dhcp/templates/homeassistant.dnsmasq.conf.j2 b/roles/hass-dhcp/templates/homeassistant.dnsmasq.conf.j2 index ee854de..858d870 100644 --- a/roles/hass-dhcp/templates/homeassistant.dnsmasq.conf.j2 +++ b/roles/hass-dhcp/templates/homeassistant.dnsmasq.conf.j2 @@ -1,5 +1,9 @@ +no-resolv +no-hosts interface={{ hass_interface }} -dhcp-range={{ hass_dhcp_range.start }},{{ hass_dhcp_range.end }},{{ hass_dhcp_lease_time }} -domain={{ hass_dns_domain }} - -log-queries=extra +dhcp-range=set:homeassistant,{{ hass_dhcp_range.start }},{{ hass_dhcp_range.end }},{{ hass_dhcp_lease_time }} +domain={{ hass_dns_domain }},{{ hass_net_cidr }} +interface-name={{ homeassistant_server_name }},{{ hass_interface }} +{% if hass_net_gateway|d %} +dhcp-option=option:router,{{ hass_net_gateway }} +{% endif %} diff --git a/roles/hass-dhcp/vars/main.yml b/roles/hass-dhcp/vars/main.yml new file mode 100644 index 0000000..7bef48f --- /dev/null +++ b/roles/hass-dhcp/vars/main.yml @@ -0,0 +1,9 @@ +hass_net_cidr: >- + {{ + ( + ansible_facts[hass_interface].ipv4.network + + '/' + + ansible_facts[hass_interface].ipv4.netmask + ) + | ipaddr('net') + }}