Update playbook tasks + support install from pkg URL.

The install from pkg. URL option can be useful in case you want to fix
the ChirpStack and ChirpStack Gateway Bridge version to a specific
version instead of the latest version from the apt repository.

Author: brocaar

group_vars/chirpstack.example.yml

@@ -28,6 +28,14 @@ iptables:
       source: 0.0.0.0/0
       protocol: udp
 
+# Apt configuration.
+apt:
+  # Use ChirpStack repository.
+  # If set to false, you must specify a package_url variable in the ChirpStack
+  # components below. With the ChirpStack repo enabled, Ansible will always
+  # install the latest version.
+  use_chirpstack_repo: true
+
 # Mosquitto configuration (MQTT)
 mosquitto:
   # the full domain by which the MQTT broker is reachable

host_vars/vagrant.yml

@@ -28,6 +28,14 @@ iptables:
       source: 0.0.0.0/0
       protocol: udp
 
+# Apt configuration.
+apt:
+  # Use ChirpStack repository.
+  # If set to false, you must specify a package_url variable in the ChirpStack
+  # components below. With the ChirpStack repo enabled, Ansible will always
+  # install the latest version.
+  use_chirpstack_repo: true
+
 # Mosquitto configuration
 mosquitto:
   # the full domain by which the MQTT broker is reachable

roles/base/tasks/main.yml

@@ -1,10 +1,10 @@
 - name: upgrade installed packages
-  apt:
+  ansible.builtin.apt:
     update_cache: 'yes'
     upgrade: 'yes'
 
 - name: install packages
-  package: name={{ item }} state=latest
+  ansible.builtin.package: name={{ item }} state=latest
   with_items:
     - apt-transport-https
     - iptables-persistent
@@ -13,10 +13,11 @@
     - golang-cfssl
 
 - name: import ChirpStack gpg key
-  apt_key:
+  ansible.builtin.apt_key:
     keyserver: keyserver.ubuntu.com
     id: 1CE2AFD36DBCCA00
 
 - name: add ChirpStack deb repository
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: deb https://artifacts.chirpstack.io/packages/4.x/deb stable main
+  when: apt.use_chirpstack_repo

roles/chirpstack-ca/tasks/main.yml

@@ -1,13 +1,13 @@
 - name: create directory
-  file:
+  ansible.builtin.file:
     path: /etc/chirpstack-certs
     state: directory
     owner: root
     group: root
     mode: "0700"
 
 - name: copy configuration
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: "/etc/chirpstack-certs/{{ item }}"
     owner: root
@@ -18,7 +18,7 @@
     - ca-csr.json
 
 - name: generate chirpstack ca
-  shell: "cfssl gencert -initca ca-csr.json | cfssljson -bare /etc/chirpstack-certs/ca"
+  ansible.builtin.shell: "cfssl gencert -initca ca-csr.json | cfssljson -bare /etc/chirpstack-certs/ca"
   args:
     chdir: /etc/chirpstack-certs
     creates: /etc/chirpstack-certs/ca.pem

roles/chirpstack-gateway-bridge-basicstation/handlers/main.yml

@@ -1,8 +1,8 @@
 - name: reload systemctl daemon
-  systemd:
+  ansible.builtin.systemd:
     daemon_reload: true
 
 - name: restart chirpstack-gateway-bridge-basicstation
-  service:
+  ansible.builtin.service:
     name: chirpstack-gateway-bridge-basicstation
     state: restarted

roles/chirpstack-gateway-bridge-basicstation/tasks/main.yml

@@ -1,33 +1,43 @@
 - name: install chirpstack-gateway-bridge
-  package:
+  ansible.builtin.package:
     name: chirpstack-gateway-bridge
     state: latest
+  when: apt.use_chirpstack_repo
+  notify:
+    - restart chirpstack-gateway-bridge-basicstation
+
+- name: install chirpstack-gateway-bridge from package_url
+  ansible.builtin.apt:
+    deb: "{{ chirpstack_gateway_bridge.package_url }}"
+  when: not apt.use_chirpstack_repo
+  notify:
+    - restart chirpstack-gateway-bridge-basicstation
 
 - name: create certs directory
-  file:
+  ansible.builtin.file:
     path: /etc/chirpstack-gateway-bridge/certs
     state: directory
     owner: gatewaybridge
     group: gatewaybridge
     mode: "0700"
 
 - name: copy server cert config
-  template:
+  ansible.builtin.template:
     src: server-cert.json
     dest: /etc/chirpstack-gateway-bridge/certs/server-cert.json
     owner: gatewaybridge
     group: gatewaybridge
     mode: "0600"
 
 - name: generate server certificate
-  shell: "cfssl gencert -ca /etc/chirpstack-certs/ca.pem -ca-key /etc/chirpstack-certs/ca-key.pem -config /etc/chirpstack-certs/ca-config.json -profile server server-cert.json | cfssljson -bare /etc/chirpstack-gateway-bridge/certs/server"
+  ansible.builtin.shell: "cfssl gencert -ca /etc/chirpstack-certs/ca.pem -ca-key /etc/chirpstack-certs/ca-key.pem -config /etc/chirpstack-certs/ca-config.json -profile server server-cert.json | cfssljson -bare /etc/chirpstack-gateway-bridge/certs/server"
   args:
     chdir: /etc/chirpstack-gateway-bridge/certs
   notify:
     - restart chirpstack-gateway-bridge-basicstation
 
 - name: copy ca cert
-  copy:
+  ansible.builtin.copy:
     src: /etc/chirpstack-certs/ca.pem
     dest: /etc/chirpstack-gateway-bridge/certs/ca.pem
     remote_src: "yes"
@@ -38,7 +48,7 @@
     - restart chirpstack-gateway-bridge-basicstation
 
 - name: set certificate permissions
-  file:
+  ansible.builtin.file:
     path: /etc/chirpstack-gateway-bridge/certs
     state: directory
     recurse: "yes"
@@ -47,22 +57,22 @@
     mode: "0600"
 
 - name: set certificate directory permissions
-  file:
+  ansible.builtin.file:
     path: /etc/chirpstack-gateway-bridge/certs
     state: directory
     owner: gatewaybridge
     group: gatewaybridge
     mode: "0700"
 
 - name: add systemd service
-  template:
+  ansible.builtin.template:
     src: chirpstack-gateway-bridge-basicstation.service
     dest: /lib/systemd/system/chirpstack-gateway-bridge-basicstation.service
   notify:
     - reload systemctl daemon
 
 - name: copy configuration
-  template:
+  ansible.builtin.template:
     src: "chirpstack-gateway-bridge-basicstation-{{ chirpstack_gateway_bridge_basicstation.region }}.toml"
     dest: /etc/chirpstack-gateway-bridge/chirpstack-gateway-bridge-basicstation.toml
     owner: gatewaybridge
@@ -72,7 +82,7 @@
     - restart chirpstack-gateway-bridge-basicstation
 
 - name: start chirpstack-gateway-bridge-basicstation on boot
-  service:
+  ansible.builtin.service:
     name: chirpstack-gateway-bridge-basicstation
     state: started
     enabled: true

roles/chirpstack-gateway-bridge/handlers/main.yml

@@ -1,4 +1,4 @@
 - name: restart chirpstack-gateway-bridge
-  service:
+  ansible.builtin.service:
     name: chirpstack-gateway-bridge
     state: restarted

roles/chirpstack-gateway-bridge/tasks/main.yml

@@ -1,10 +1,20 @@
 - name: install chirpstack-gateway-bridge
-  package:
+  ansible.builtin.package:
     name: chirpstack-gateway-bridge
     state: latest
+  when: apt.use_chirpstack_repo
+  notify:
+    - restart chirpstack-gateway-bridge
+
+- name: install chirpstack-gateway-bridge from package_url
+  ansible.builtin.apt:
+    deb: "{{ chirpstack_gateway_bridge.package_url }}"
+  when: not apt.use_chirpstack_repo
+  notify:
+    - restart chirpstack-gateway-bridge
 
 - name: copy configuration
-  template:
+  ansible.builtin.template:
     src: chirpstack-gateway-bridge.toml
     dest: /etc/chirpstack-gateway-bridge/chirpstack-gateway-bridge.toml
     owner: gatewaybridge
@@ -14,7 +24,7 @@
     - restart chirpstack-gateway-bridge
 
 - name: start chirpstack-gateway-bridge on boot
-  service:
+  ansible.builtin.service:
     name: chirpstack-gateway-bridge
     state: started
     enabled: "yes"

roles/chirpstack/handlers/main.yml

@@ -1,4 +1,4 @@
 - name: restart chirpstack
-  service:
+  ansible.builtin.service:
     name: chirpstack
     state: restarted

roles/chirpstack/tasks/gen_self_signed_cert.yml

@@ -1,21 +1,21 @@
 - name: create certs directory
-  file:
+  ansible.builtin.file:
     path: /etc/nginx/certs
     state: directory
     owner: root
     group: root
     mode: "0700"
 
 - name: copy server cert config
-  template:
+  ansible.builtin.template:
     src: server-cert.json
     dest: /etc/nginx/certs/chirpstack.json
     owner: root
     group: root
     mode: "0600"
 
 - name: generate server certificate
-  shell: "cfssl gencert -ca /etc/chirpstack-certs/ca.pem -ca-key /etc/chirpstack-certs/ca-key.pem -config /etc/chirpstack-certs/ca-config.json -profile server chirpstack.json | cfssljson -bare /etc/nginx/certs/chirpstack"
+  ansible.builtin.shell: "cfssl gencert -ca /etc/chirpstack-certs/ca.pem -ca-key /etc/chirpstack-certs/ca-key.pem -config /etc/chirpstack-certs/ca-config.json -profile server chirpstack.json | cfssljson -bare /etc/nginx/certs/chirpstack"
   args:
     chdir: /etc/nginx/certs
   notify:

roles/chirpstack/tasks/main.yml

@@ -1,10 +1,16 @@
 - name: install chirpstack
-  package:
+  ansible.builtin.package:
     name: chirpstack
     state: latest
+  when: apt.use_chirpstack_repo
+
+- name: install chirpstack from package_url
+  ansible.builtin.apt:
+    deb: "{{ chirpstack.package_url }}"
+  when: not apt.use_chirpstack_repo
 
 - name: copy configuration
-  template:
+  ansible.builtin.template:
     src: chirpstack.toml
     dest: /etc/chirpstack/chirpstack.toml
     owner: chirpstack
@@ -14,15 +20,15 @@
     - restart chirpstack
 
 - name: create certs directory
-  file:
+  ansible.builtin.file:
     path: /etc/chirpstack/certs
     state: directory
     owner: chirpstack
     group: chirpstack
     mode: "0700"
 
 - name: copy ca cert
-  copy:
+  ansible.builtin.copy:
     src: "/etc/chirpstack-certs/{{ item }}"
     dest: "/etc/chirpstack/certs/{{ item }}"
     remote_src: "yes"
@@ -36,22 +42,22 @@
     - restart chirpstack
 
 - name: request letsencrypt certificate
-  command: "certbot --nginx certonly --non-interactive --agree-tos -m {{ chirpstack.letsencrypt.email }} -d {{ chirpstack.fqdn }}"
+  ansible.builtin.command: "certbot --nginx certonly --non-interactive --agree-tos -m {{ chirpstack.letsencrypt.email }} -d {{ chirpstack.fqdn }}"
   when: chirpstack.letsencrypt.request
 
 - name: generate self-signed certificate
   include_tasks: gen_self_signed_cert.yml
   when: not chirpstack.letsencrypt.request
 
 - name: add nginx proxy configuration
-  template:
+  ansible.builtin.template:
     src: chirpstack.nginx
     dest: /etc/nginx/sites-enabled/chirpstack
   notify:
     - reload nginx
 
 - name: start chirpstack on boot
-  service:
+  ansible.builtin.service:
     name: chirpstack
     state: started
     enabled: "yes"

roles/iptables/handlers/main.yml

@@ -1,3 +1,3 @@
 - name: persist iptables
-  shell: iptables-save > /etc/iptables/rules.v4
+  ansible.builtin.shell: iptables-save > /etc/iptables/rules.v4
 

roles/iptables/tasks/main.yml

@@ -1,5 +1,5 @@
 - name: allow connections on configured ports
-  iptables:
+  ansible.builtin.iptables:
     chain: INPUT
     jump: ACCEPT
     protocol: "{{ item.protocol }}"
@@ -10,31 +10,30 @@
     - persist iptables
 
 - name: allow established connections
-  iptables:
+  ansible.builtin.iptables:
     chain: INPUT
     ctstate: ESTABLISHED,RELATED
     jump: ACCEPT
   notify:
     - persist iptables
 
 - name: allow loopback input
-  iptables:
+  ansible.builtin.iptables:
     chain: INPUT
     in_interface: lo
     jump: ACCEPT
   notify:
     - persist iptables
 
 - name: allow loopback output
-  iptables:
+  ansible.builtin.iptables:
     chain: OUTPUT
     out_interface: lo
     jump: ACCEPT
   notify:
     - persist iptables
 
 - name: drop all other connections
-  command: iptables -P INPUT DROP
+  ansible.builtin.command: iptables -P INPUT DROP
   notify:
     - persist iptables
-

roles/letsencrypt/tasks/main.yml

@@ -1,13 +1,13 @@
 - name: install packages
-  package:
+  ansible.builtin.package:
     name: "{{ item }}"
     state: latest
   with_items:
     - certbot
     - python3-certbot-nginx
 
 - name: setup renew cron
-  cron:
+  ansible.builtin.cron:
     name: "certbot renew"
     minute: "0"
     hour: "0"

roles/mosquitto/handlers/main.yml

@@ -1,4 +1,4 @@
 - name: restart mosquitto
-  service:
+  ansible.builtin.service:
     name: mosquitto
     state: restarted