r/hass-dhcp: Clean up DHCP/DNS service

The production deployment of *dnsmasq* for Home Assistant has deviated from how the *hass-dhcp* role configures it. Bringing the role back in sync with how things really are.
2021-07-24 18:33:15 -05:00 · 2021-07-24 18:33:15 -05:00 · 5d7ebbaa05
parent ceeb61cdb0
commit 5d7ebbaa05
5 changed files with 62 additions and 5 deletions
--- a/roles/hass-dhcp/defaults/main.yml
+++ b/roles/hass-dhcp/defaults/main.yml
@ -1,5 +1,5 @@
 hass_dhcp_range:
  start: 192.168.1.100
  end: 192.168.1.250
-hass_dhcp_lease_time: 1h
+hass_dhcp_lease_time: 24h
 hass_dns_domain: homeassistant.io
--- a/roles/hass-dhcp/handlers/main.yml
+++ b/roles/hass-dhcp/handlers/main.yml
@ -2,3 +2,7 @@
  service:
    name: dnsmasq
    state: restarted
+- name: reload firewalld
+  command: firewall-cmd --reload
+- name: save firewalld configuration
+  command: firewall-cmd --runtime-to-permanent
--- a/roles/hass-dhcp/tasks/main.yml
+++ b/roles/hass-dhcp/tasks/main.yml
@ -12,3 +12,43 @@
    mode: '0644'
  notify:
  - restart dnsmasq
+
+- meta: flush_handlers
+- name: ensure homeassistant firewall zone exists
+  firewalld:
+    zone: homeassistant
+    permanent: true
+    state: present
+  tags:
+  - firewall
+  notify:
+  - reload firewalld
+- name: ensure homeassistant firewalld zone is configured
+  firewalld:
+    zone: homeassistant
+    interface: '{{ hass_interface }}'
+    permanent: true
+    state: enabled
+  notify:
+  - reload firewalld
+  tags:
+  - firewall
+- meta: flush_handlers
+- name: ensure firewall is configured for home assistant services
+  firewalld:
+    zone: homeassistant
+    service: '{{ item }}'
+    immediate: yes
+    permanent: no
+    state: enabled
+  loop:
+  - dhcp
+  - dns
+  - http
+  - https
+  - mdns
+  - mqtt-tls
+  notify:
+  - save firewalld configuration
+  tags:
+  - firewall
--- a/roles/hass-dhcp/templates/homeassistant.dnsmasq.conf.j2
+++ b/roles/hass-dhcp/templates/homeassistant.dnsmasq.conf.j2
@ -1,5 +1,9 @@
+no-resolv
+no-hosts
 interface={{ hass_interface }}
-dhcp-range={{ hass_dhcp_range.start }},{{ hass_dhcp_range.end }},{{ hass_dhcp_lease_time }}
-domain={{ hass_dns_domain }}
-
-log-queries=extra
+dhcp-range=set:homeassistant,{{ hass_dhcp_range.start }},{{ hass_dhcp_range.end }},{{ hass_dhcp_lease_time }}
+domain={{ hass_dns_domain }},{{ hass_net_cidr }}
+interface-name={{ homeassistant_server_name }},{{ hass_interface }}
+{% if hass_net_gateway|d %}
+dhcp-option=option:router,{{ hass_net_gateway }}
+{% endif %}
--- a/roles/hass-dhcp/vars/main.yml
+++ b/roles/hass-dhcp/vars/main.yml
@ -0,0 +1,9 @@
+hass_net_cidr: >-
+  {{
+    (
+      ansible_facts[hass_interface].ipv4.network
+      + '/'
+      + ansible_facts[hass_interface].ipv4.netmask
+    )
+    | ipaddr('net')
+  }}