made deployment path configurable

usually noone will need this feature. This is for a
deployment system where I built individual images
with openwrt-imagebuilder. I don't want to deploy
the config to the target host but into a specific
directory on the buildhost so it will get
included into the build process

roles/ansible_openwrtacme/defaults/main.yml

@@ -2,3 +2,4 @@
 # defaults file for ansible_openwrtacme
 openwrt_acme_state_dir: "/etc/acme"
 openwrt_acme_debug: 0
+openwrt_acme_deploypath: "/etc/config/acme"

roles/ansible_openwrtacme/tasks/main.yml

@@ -6,5 +6,5 @@
 - name: Setup acme config
   template:
     src: "acme.jinja2"
-    dest: "/etc/config/acme"
+    dest: "{{ openwrt_acme_deploypath }}"
   notify: restart acme

roles/ansible_openwrtbabeld/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
-# defaults file for ansible_openwrtbabeld
+# defaults file for ansible_openwrtbabeld
+openwrt_babeld_deploypath: "/etc/config/babeld"

roles/ansible_openwrtbabeld/tasks/main.yml

@@ -22,7 +22,7 @@
 - name: Provide babeld configuration
   template:
     src: babeld.jinja2
-    dest: /etc/config/babeld
+    dest: "{{ openwrt_babeld_deploypath }}"
     owner: root
     group: root
     mode: 0600

roles/ansible_openwrtdhcp/defaults/main.yml

@@ -16,3 +16,4 @@ openwrt_dhcp_dnsmasq_leasefile: "/tmp/dhcp.leases"
 openwrt_dhcp_dnsmasq_resolvfile: "/tmp/resolv.conf.d/resolv.conf.auto"
 openwrt_dhcp_dnsmasq_nonwildcard: "1"
 openwrt_dhcp_dnsmasq_localservice: "1"
+openwrt_dhcp_deploypath: "/etc/config/dhcp"

roles/ansible_openwrtdhcp/tasks/main.yml

@@ -6,7 +6,7 @@
 - name: Install dhcp config
   template:
     src: dhcp.jinja2
-    dest: /etc/config/dhcp
+    dest: "{{ openwrt_dhcp_deploypath }}"
     owner: root
     group: root
     mode: 0600

roles/ansible_openwrtdropbear/defaults/main.yml

@@ -1,2 +1,4 @@
 ---
-# defaults file for ansible_openwrtdropbear
+# defaults file for ansible_openwrtdropbear
+openwrt_dropbear_deploypath: "/etc/config/dhcp"
+openwrt_dropbear_deploypath_keys: "/etc/dropbear/authorized_keys"

roles/ansible_openwrtdropbear/tasks/main.yml

@@ -3,14 +3,15 @@
 - name: Installing dropbear config /etc/config/dropbear
   template:
     src: dropbear.jinja2
-    dest: /etc/config/dropbear
+    dest: "{{ openwrt_dropbear_deploypath }}"
     owner: root
     group: root
     mode: 0600
   notify: restart dropbear
 - name: Installing ssh keys into /etc/dropbear/authorized_keys
   template:
     src: dropbearkeys.jinja2
+    dest: "{{ openwrt_dropbear_deploypath_keys }}"
     dest: /etc/dropbear/authorized_keys
     owner: root
     group: root

roles/ansible_openwrtfirewall/defaults/main.yml

@@ -1,6 +1,7 @@
 ---
 # defaults file for ansible_openwrtfirewall
 # global parameters
+openwrt_firewall_deploypath: "/etc/config/firewall"
 openwrt_firewall_setdefaultzones: true
 openwrt_firewall_default_forward: "REJECT"
 openwrt_firewall_default_input: "ACCEPT"

roles/ansible_openwrtfirewall/meta/argument_specs.yml

@@ -86,4 +86,17 @@ argument_specs:
         choices:
           - 0
           - 1
-
+      openwrt_firewall_synflood_burst:
+        type: 'int'
+        choices:
+          - 0
+          - 1
+      openwrt_firewall_zoneshost:
+        type: 'dict'
+          #options:
+          #  forward:
+          #    type: 'str'
+          #      choices:
+          #        - "ACCEPT"
+          #        - "REJECT"
+          #        - "DROP"

roles/ansible_openwrtfirewall/tasks/checks.yml

@@ -1,35 +1,6 @@
 ---
 # waiting for Ansible 2.11 and this feature
 # https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html#role-argument-validation
-# Global Firewall parameters
-#- name: Check firewall global policies
-#  include_tasks: checks/accept_reject_drop.yml
-#  loop:
-#    - "{{ openwrt_firewall_default_forward }}"
-#    - "{{ openwrt_firewall_default_input }}"
-#    - "{{ openwrt_firewall_default_output }}"
-#  loop_control:
-#    loop_var: policyitemA
-#      #no_log: true
-#- name: Check firewall global booleans
-#  include_tasks: checks/boolean.yml
-#  loop:
-#    - "{{ openwrt_firewall_default_drop_invalid | default(omit) }}"
-#    - "{{ openwrt_firewall_default_synflood | default(omit) }}"
-#    - "{{ openwrt_firewall_default_synflood_protect | default(omit) }}"
-#    - "{{ openwrt_firewall_default_tcp_syncookies | default(omit) }}"
-#    - "{{ openwrt_firewall_default_tcp_ecn | default(omit) }}"
-#    - "{{ openwrt_firewall_default_tcp_window_scaling | default(omit) }}"
-#    - "{{ openwrt_firewall_default_accept_redirects | default(omit) }}"
-#    - "{{ openwrt_firewall_default_accept_source_route | default(omit) }}"
-#    - "{{ openwrt_firewall_default_custom_chains | default(omit) }}"
-#    - "{{ openwrt_firewall_default_disable_ipv6 | default(omit) }}"
-#    - "{{ openwrt_firewall_default_flow_offloading | default(omit) }}"
-#    - "{{ openwrt_firewall_default_flow_offloading_hw | default(omit) }}"
-#    - "{{ openwrt_firewall_default_auto_helper | default(omit) }}"
-#  loop_control:
-#    loop_var: booleanitem
-#  no_log: true
 #- name: run zone checks
 #  include_tasks: checks/zones.yml
 #  loop:

roles/ansible_openwrtfirewall/tasks/main.yml

@@ -16,7 +16,7 @@
 - name: Create firewall uci in /etc/config/firewall
   template:
     src: "firewall.jinja2"
-    dest: "/etc/config/firewall"
+    dest: "{{ openwrt_firewall_deploypath }}"
     owner: root
     group: root
     mode: 0600

roles/ansible_openwrtnetwork/defaults/main.yml

@@ -1,5 +1,6 @@
 ---
 # defaults file for ansible_openwrtnetwork
+openwrt_network_deploypath: "/etc/config/network"
 openwrt_network_interfacesdefault:
   loopback:
     device: "lo"

roles/ansible_openwrtnetwork/tasks/main.yml

@@ -3,7 +3,7 @@
 - name: Deploy Network configuration 
   template:
     src: network.jinja2
-    dest: /etc/config/network
+    dest: "{{ openwrt_network_deploypath }}"
     owner: root
     group: root
     mode: 0600

roles/ansible_openwrtrestic/defaults/main.yml

@@ -1,14 +1,18 @@
 ---
 # defaults file for ansible_openwrtrestic
-restic_cron_name: "resticbackup"
-restic_cron_hourrange_start: 1
-restic_cron_hourrange_end: 6
-restic_cron_minuterange_start: 1
-restic_cron_minuterange_end: 59
-restic_cron_hour: "{{ restic_cron_hourrange_end | random(start=restic_cron_hourrange_start, seed=inventory_hostname) }}"
-restic_cron_minute: "{{ restic_cron_minuterange_end | random(start=restic_cron_minuterange_start, seed=inventory_hostname) }}"
-restic_cron_manage: true
-restic_ssh_manage: true
-restic_keepweekly: 3
-restic_keepdaily: 9
-restic_keepmonthly: 2
+openwrt_restic_cron_name: "resticbackup"
+openwrt_restic_cron_hourrange_start: 1
+openwrt_restic_cron_hourrange_end: 6
+openwrt_restic_cron_minuterange_start: 1
+openwrt_restic_cron_minuterange_end: 59
+openwrt_restic_cron_hour: "{{ openwrt_restic_cron_hourrange_end | random(start=openwrt_restic_cron_hourrange_start, seed=inventory_hostname) }}"
+openwrt_restic_cron_minute: "{{ openwrt_restic_cron_minuterange_end | random(start=openwrt_restic_cron_minuterange_start, seed=inventory_hostname) }}"
+openwrt_restic_cron_manage: true
+openwrt_restic_ssh_manage: true
+openwrt_restic_keepweekly: 3
+openwrt_restic_keepdaily: 9
+openwrt_restic_keepmonthly: 2
+openwrt_restic_deploypath: "/etc/restic"
+openwrt_restic_deploypath_sysupgrade: "/etc/sysupgrade.conf"
+openwrt_restic_deploypath_passwordfile: "/etc/resticpassword"
+openwrt_restic_deploypath_knownhosts: "/root/.ssh/known_hosts"

roles/ansible_openwrtrestic/tasks/1install.yml

@@ -6,21 +6,22 @@
     update_cache: yes
 - name: add /etc/config/installed.packages to sysupgrade config
   lineinfile:
+    path: "{{ openwrt_restic_deploypath_sysupgrade }}"
     path: /etc/sysupgrade.conf
     line: /etc/config/installed.packages
     regexp: /etc/config/installed.packages
     state: present
 - name: deploy restic configuration
   template:
     src: restic.conf.jinja2
-    dest: /etc/restic
+    dest: "{{ openwrt_restic_deploypath }}"
     owner: root
     group: root
     mode: 0600
 - name: deploy restic password file
   template:
     src: password.jinja2
-    dest: /etc/resticpassword
+    dest: "{{ openwrt_restic_deploypath_passwordfile }}"
     owner: root
     group: root
     mode: 0600

roles/ansible_openwrtrestic/tasks/3ssh.yml

@@ -20,19 +20,19 @@
 #    currentpublickey: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
 - name: provide root user's public key to destination machine
   authorized_key:
-    user: "{{ restic_sshkey_user }}"
+    user: "{{ openwrt_restic_sshkey_user }}"
     state: present
     key: "{{ rootuser['ssh_public_key'] }}"
   become: True
   become_user: root
-  delegate_to: "{{ restic_sshkey_targethost }}"
+  delegate_to: "{{ openwrt_restic_sshkey_targethost }}"
 - name: make sure known_hosts file exists
   file:
-    path: "/root/.ssh/known_hosts"
+    path: "{{ openwrt_restic_deploypath_knownhosts }}"
     state: "touch"
 - name: install target hosts fingerprint to known hosts
   known_hosts:
     path: "/root/.ssh/known_hosts"
     key: "{{ lookup('pipe', '/usr/bin/ssh-keyscan -tecdsa ' + borgmatic_sshkey_targethost) }}"
-    name: "{{ restic_sshkey_targethost }}"
+    name: "{{ openwrt_restic_sshkey_targethost }}"
     state: present

roles/ansible_openwrtrestic/tasks/5cron.yml

@@ -7,16 +7,16 @@
     job: "/bin/opkg list-installed > /etc/config/installed.packages"
 - name: setup cron backup jobs for different include paths
   cron:
-    name: "{{ restic_cron_name }} {{ item }}"
-    hour: "{{ restic_cron_hour }}"
-    minute: "{{ restic_cron_minute }}"
+    name: "{{ openwrt_restic_cron_name }} {{ item }}"
+    hour: "{{ openwrt_restic_cron_hour }}"
+    minute: "{{ openwrt_restic_cron_minute }}"
     user: "root"
-    job: "/usr/bin/restic -p /etc/resticpassword -r {{ restic_repository }} backup {{ item }}"
-  loop: "{{ restic_srcdirs }}"
+    job: "/usr/bin/restic -p /etc/resticpassword -r {{ openwrt_restic_repository }} backup {{ item }}"
+  loop: "{{ openwrt_restic_srcdirs }}"
 - name: setup cron prune jobs
   cron:
-    name: "{{ restic_cron_name }} prune"
+    name: "{{ openwrt_restic_cron_name }} prune"
     hour: 6
     minute: 0
     user: "root"
-    job: "/usr/bin/restic forget --keep-daily {{ restic_keepdaily }} --keep-weekly {{ restic_keepweekly }} --keep-monthly {{ restic_keepmonthly }} -p /etc/resticpassword -r {{ restic_repository }} --prune"
+    job: "/usr/bin/restic forget --keep-daily {{ openwrt_restic_keepdaily }} --keep-weekly {{ openwrt_restic_keepweekly }} --keep-monthly {{ openwrt_restic_keepmonthly }} -p /etc/resticpassword -r {{ restic_repository }} --prune"

roles/ansible_openwrtrestic/tasks/main.yml

@@ -5,9 +5,9 @@
 - name: SSH setup
   include_tasks: 3ssh.yml
 - name: init repository
-  command: "restic -r {{ restic_repository }} init"
+  command: "restic -r {{ openwrt_restic_repository }} init"
   environment:
-    RESTIC_PASSWORD: "{{ restic_encpassphrase }}"
+    RESTIC_PASSWORD: "{{ openwrt_restic_encpassphrase }}"
   register: restic_init
   failed_when:
     - restic_init.rc != 0

roles/ansible_openwrtrestic/templates/password.jinja2

@@ -1 +1 @@
-{{ restic_encpassphrase }}
+{{ openwrt_restic_encpassphrase }}

roles/ansible_openwrtrestic/templates/restic.conf.jinja2

@@ -1,4 +1,4 @@
 #!/usr/bin/env ash
 # File managed by Ansible
-RESTIC_REPOSITORY="{{ restic_repository }}"
-RESTIC_PASSWORD="{{ restic_encpassphrase }}"
+RESTIC_REPOSITORY="{{ openwrt_restic_repository }}"
+RESTIC_PASSWORD="{{ openwrt_restic_encpassphrase }}"

roles/ansible_openwrtservices/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
-# defaults file for ansible_openwrtservices
+# defaults file for ansible_openwrtservices
+openwrt_services_deploypath: "/etc/rc.local"

roles/ansible_openwrtservices/tasks/main.yml

@@ -19,7 +19,7 @@
 - name: Setup Start Scripts in /etc/rc.local
   template:
     src: rc.local.jinja2
-    dest: /etc/rc.local
+    dest: "{{ openwrt_services_deploypath }}"
     owner: root
     group: root
     mode: 0600

roles/ansible_openwrtsqm/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
 # defaults file for ansible_openwrtsqm
+openwrt_sqm_deploypath: "{{ /etc/config/sqm }}"

roles/ansible_openwrtsqm/tasks/main.yml

@@ -3,6 +3,6 @@
 - name: deploy sqm configuration
   template:
     src: sqm.jinja2
-    dest: /etc/config/sqm
+    dest: "{{ openwrt_sqm_deploypath }}"
   when: openwrt_sqm_interfaces is defined
   notify: restart sqm

roles/ansible_openwrtsystem/defaults/main.yml

@@ -2,3 +2,6 @@
 # defaults file for ansible_openwrtsystem
 openwrt_system_ttylogin: "1"
 openwrt_system_kernellogonconsole: false
+openwrt_system_deploypath: "/etc/config/system"
+openwrt_system_deploypath_kernellogging: "/etc/sysctl.d/kernellogging.conf"
+openwrt_system_deploypath_sysctl: "/etc/sysctl.conf"

roles/ansible_openwrtsystem/tasks/kernel.yml

@@ -2,20 +2,21 @@
 - name: enable kernel logging on console
   file:
     path: "/etc/sysctl.d/kernellogging.conf"
+    path: "{{ openwrt_system_deploypath_kernellogging }}"
     state: absent
   when: openwrt_system_kernellogonconsole
 - name: disable kernel logging on console
   template:
     src: "kernellogging.conf.jinja2"
-    dest: "/etc/sysctl.d/kernellogging.conf"
+    dest: "{{ openwrt_system_deploypath_kernellogging }}"
     mode: 0644
     owner: "root"
     group: "root"
   when: not openwrt_system_kernellogonconsole 
 - name: set additional kernel parameters in sysctl.conf
   template:
     src: sysctl.conf.jinja2
-    dest: "/etc/sysctl.conf"
+    dest: "{{ openwrt_system_deploypath_sysctl }}"
     mode: 0644
     owner: "root"
     group: "root"

roles/ansible_openwrtsystem/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: Install system config /etc/config/system
   template:
     src: system.jinja2
-    dest: /etc/config/system
+    dest: "{{ openwrt_system_deploypath }}"
     owner: root
     group: root
     mode: 0600

roles/ansible_openwrtwifi/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
 # defaults file for ansible_openwrtwifi
+openwrt_wifi_deploypath: "/etc/config/wireless"

roles/ansible_openwrtwifi/tasks/main.yml

@@ -3,7 +3,7 @@
 - name: deploy wifi config
   template:
     src: "wireless.jinja2"
-    dest: "/etc/config/wireless"
+    dest: "{{ openwrt_wifi_deploypath }}"
     owner: "root"
     group: "root"
     mode: "0600"