start on orcha config

.gitignore

@@ -1,4 +1,3 @@
 htpasswd
 .env
 playbook.retry
-keys/

hosts

@@ -3,3 +3,6 @@ web-internal ansible_ssh_private_key_file=~/.ssh/internal_ed25519
 
 [nas]
 nas-internal ansible_ssh_private_key_file=~/.ssh/internal_ed25519
+
+[orcha]
+localhost ansible_connection=local

playbook.yml

@@ -3,6 +3,10 @@
   roles:
     - basic
 
+- hosts: orcha
+  roles:
+    - orcha
+
 - hosts: web
   roles:
     - web

roles/orcha/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: Install dnsmasq
+  apt:
+   name: dnsmasq
+   state: present
+   update_cache: yes
+
+- name: Write dnsmasq config
+  template:
+    src: templates/orcha/etc/dnsmasq.conf
+    dest: /etc/dnsmasq.conf
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+
+- name: Start & enable dnsmasq service
+  service:
+    name: dnsmasq
+    state: started
+    enabled: yes
+    daemon_reload: yes
+
+# - name: Set default route to outward-facing NIC
+#   command: ip route add default via 

templates/orcha/etc/dnsmasq.conf

@@ -0,0 +1,5 @@
+local=/internal/
+
+dhcp-range=172.21.69.3,172.21.69.253,12h
+
+dhcp-option=3,172.21.69.1