From 3b85c249ef12fc205998bd95f18f79a7f062b7f8 Mon Sep 17 00:00:00 2001
From: Nick Fawbert <nick.fawbert@codeenigma.com>
Date: Mon, 21 Oct 2024 16:29:40 +0100
Subject: [PATCH 1/3] r70797 nodhcp module in system role for hetzner cloud
 systems

---
 roles/debian/system/README.md                 |   8 +-
 roles/debian/system/defaults/main.yml         |   1 +
 roles/debian/system/tasks/main.yml            | 115 ++++++++++++++++++
 .../debian/system/templates/50-static-init.j2 |   7 ++
 .../99-disable-network-config.cfg.j2          |   2 +
 .../templates/interfaces-nohetznerdhcp.j2     |   9 ++
 6 files changed, 141 insertions(+), 1 deletion(-)
 create mode 100644 roles/debian/system/templates/50-static-init.j2
 create mode 100644 roles/debian/system/templates/99-disable-network-config.cfg.j2
 create mode 100644 roles/debian/system/templates/interfaces-nohetznerdhcp.j2

diff --git a/roles/debian/system/README.md b/roles/debian/system/README.md
index 7a7f31327..b2c326095 100644
--- a/roles/debian/system/README.md
+++ b/roles/debian/system/README.md
@@ -1,5 +1,10 @@
 # System
 This role provides a means of applying system variables to servers.
+Currently, the following entities can be managed with the role:
+
+- Force IPv4 (noipv6)
+- Force Static IP configuration for Hetzner Cloud systems (nohetznerdhcp)
+
 <!--TOC-->
 <!--ENDTOC-->
 
@@ -9,8 +14,9 @@ This role provides a means of applying system variables to servers.
 ---
 system:
   noipv6: false
+  nohetznerchdp: false
 
 ```
 
 <!--ENDROLEVARS-->
-~~~
+
diff --git a/roles/debian/system/defaults/main.yml b/roles/debian/system/defaults/main.yml
index e7b5bd20c..9dbc2975f 100644
--- a/roles/debian/system/defaults/main.yml
+++ b/roles/debian/system/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
 system:
   noipv6: false
+  nohetznerdhcp: false
diff --git a/roles/debian/system/tasks/main.yml b/roles/debian/system/tasks/main.yml
index 46fdfc10e..349559d5b 100644
--- a/roles/debian/system/tasks/main.yml
+++ b/roles/debian/system/tasks/main.yml
@@ -10,3 +10,118 @@
     name: net.ipv6.conf.all.disable_ipv6
     value: "1"
   when: system.noipv6
+
+- name: Install dmidecode.
+  ansible.builtin.apt:
+    pkg: dmidecode
+    state: present
+  when:
+    - system.nohetznerdhcp
+
+- name: Check if the system is a Hetzner Cloud server.
+  ansible.builtin.shell: |
+    dmidecode | awk '/System Information/{getline;print;getline;print}' | sed 's/[^,:]*://g' | sed 's/^ //g' | tr '\n' ' ' | grep -q "Hetzner vServer"
+  args:
+    executable: /bin/bash
+  register: hetznercloudcheck
+  failed_when: false
+  when:
+    - system.nohetznerdhcp
+
+- name: Print if Hetzner Cloud server is detected.
+  debug:
+    msg: "This is a Hetzner Cloud server"
+  when: hetznercloudcheck.rc == 0
+
+- name: Install dhcpcd.
+  ansible.builtin.apt:
+    pkg: dhcpcd5
+    state: present
+  when:
+    - system.nohetznerdhcp
+    - hetznercloudcheck.rc == 0
+
+- name: Get default NIC.
+  ansible.builtin.shell: |
+    ifacecol=$(route | awk -v b="Iface" '{for (i=1;i<=NF;i++) { if ($i == b) { print i } }}')
+    route | awk -v ifacecol="$ifacecol" '$1 == "default" {print $ifacecol}'
+  register: dhcpdefaultnic
+  when:
+    - system.nohetznerdhcp
+    - hetznercloudcheck.rc == 0
+
+- name: Get IP from DHCP server.
+  ansible.builtin.shell: |
+    dhcpcd -T {{ dhcpdefaultnic.stdout }} 2>&1 | grep -oP 'new_ip_address=\K\S+' | sed "s/'//g"
+  register: dhcpipaddressoffer
+  when:
+    - system.nohetznerdhcp
+    - hetznercloudcheck.rc == 0
+
+- name: Get Netmask from DHCP server.
+  ansible.builtin.shell: |
+    dhcpcd -T {{ dhcpdefaultnic.stdout }} 2>&1 | grep -oP 'new_subnet_mask=\K\S+' | sed "s/'//g"
+  register: dhcpnetmaskoffer
+  when:
+    - system.nohetznerdhcp
+    - hetznercloudcheck.rc == 0
+
+- name: Get GATEWAY from DHCP server.
+  ansible.builtin.shell: |
+    dhcpcd -T {{ dhcpdefaultnic.stdout }} 2>&1 | grep -oP 'new_routers=\K\S+' | sed "s/'//g"
+  register: dhcpgatewayoffer
+  when:
+    - system.nohetznerdhcp
+    - hetznercloudcheck.rc == 0
+
+- name: Get DNS servers from DHCP server.
+  ansible.builtin.shell: |
+    dhcpcd -T {{ dhcpdefaultnic.stdout }} 2>&1 | grep -P 'new_domain_name_servers=\K\S+' | sed "s/new_domain_name_servers=//g" | sed "s/'//g"
+  register: dhcpnameserversoffer
+  when:
+    - system.nohetznerdhcp
+    - hetznercloudcheck.rc == 0
+
+- name: Copy No-DHCP Network Interfaces config.
+  ansible.builtin.template:
+    src: "interfaces-nohetznerdhcp.j2"
+    dest: "/etc/network/interfaces"
+    owner: root
+    group: root
+    mode: 0644
+    force: true
+  when:
+    - system.nohetznerdhcp
+    - hetznercloudcheck.rc == 0
+
+- name: Delete Cloud Init script.
+  ansible.builtin.file:
+    path: /etc/network/interfaces.d/50-cloud-init
+    state: absent
+  when:
+    - system.nohetznerdhcp
+    - hetznercloudcheck.rc == 0
+
+- name: Copy No-DHCP Network Interfaces include config.
+  ansible.builtin.template:
+    src: "50-static-init.j2"
+    dest: "/etc/network/interfaces.d/50-static-init"
+    owner: root
+    group: root
+    mode: 0644
+    force: true
+  when:
+    - system.nohetznerdhcp
+    - hetznercloudcheck.rc == 0
+
+- name: Copy disable cloud init config.
+  ansible.builtin.template:
+    src: "99-disable-network-config.cfg.j2"
+    dest: "/etc/cloud/cloud.cfg.d/99-disable-network-config.cfg"
+    owner: root
+    group: root
+    mode: 0644
+    force: true
+  when:
+    - system.nohetznerdhcp
+    - hetznercloudcheck.rc == 0
diff --git a/roles/debian/system/templates/50-static-init.j2 b/roles/debian/system/templates/50-static-init.j2
new file mode 100644
index 000000000..2e286641e
--- /dev/null
+++ b/roles/debian/system/templates/50-static-init.j2
@@ -0,0 +1,7 @@
+auto {{ system.dhcpdefaultnic.stdout }}
+iface {{ system.dhcpdefaultnic.stdout }} inet static
+        address {{ system.dhcpipaddressoffer.stdout }}
+        netmask {{ system.dhcpnetmaskoffer.stdout }}
+        gateway {{ system.dhcpgatewayoffer.stdout }}
+        pointopoint {{ system.dhcpgatewayoffer.stdout }}
+        dns-nameservers {{ system.dhcpnameserversoffer.stdout }}
diff --git a/roles/debian/system/templates/99-disable-network-config.cfg.j2 b/roles/debian/system/templates/99-disable-network-config.cfg.j2
new file mode 100644
index 000000000..c4b7a56a6
--- /dev/null
+++ b/roles/debian/system/templates/99-disable-network-config.cfg.j2
@@ -0,0 +1,2 @@
+network:
+  config: disabled
diff --git a/roles/debian/system/templates/interfaces-nohetznerdhcp.j2 b/roles/debian/system/templates/interfaces-nohetznerdhcp.j2
new file mode 100644
index 000000000..388f1c5f1
--- /dev/null
+++ b/roles/debian/system/templates/interfaces-nohetznerdhcp.j2
@@ -0,0 +1,9 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5)
+
+# Include files from /etc/network/interfaces.d:
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback

From 64d789f9494164dd50f6c3979cb94189f6223829 Mon Sep 17 00:00:00 2001
From: Nick Fawbert <nick.fawbert@codeenigma.com>
Date: Mon, 21 Oct 2024 16:44:19 +0100
Subject: [PATCH 2/3] fix syntax

---
 roles/aws/aws_backup_validation/tasks/testing_resources.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/aws/aws_backup_validation/tasks/testing_resources.yml b/roles/aws/aws_backup_validation/tasks/testing_resources.yml
index 99e2cc425..085f6ba75 100644
--- a/roles/aws/aws_backup_validation/tasks/testing_resources.yml
+++ b/roles/aws/aws_backup_validation/tasks/testing_resources.yml
@@ -26,7 +26,7 @@
   amazon.aws.ec2_vpc_subnet_info:
     region: "{{ _aws_region }}"
     filters:
-      vpc-id: "{{ _main_vpc_info.vpcs[0].vpc_id}}"
+      vpc-id: "{{ _main_vpc_info.vpcs[0].vpc_id }}"
   register: _main_subnets_info
 
 - name: Create SG for restored instances.

From b6343e93531a69935777c0caac9d3dbc9999bffd Mon Sep 17 00:00:00 2001
From: Nick Fawbert <nick.fawbert@codeenigma.com>
Date: Mon, 21 Oct 2024 16:52:36 +0100
Subject: [PATCH 3/3] r70797 set pipefail to resolve linting failure

---
 roles/debian/system/tasks/main.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/debian/system/tasks/main.yml b/roles/debian/system/tasks/main.yml
index 349559d5b..c534306d7 100644
--- a/roles/debian/system/tasks/main.yml
+++ b/roles/debian/system/tasks/main.yml
@@ -20,6 +20,7 @@
 
 - name: Check if the system is a Hetzner Cloud server.
   ansible.builtin.shell: |
+    set -o pipefail
     dmidecode | awk '/System Information/{getline;print;getline;print}' | sed 's/[^,:]*://g' | sed 's/^ //g' | tr '\n' ' ' | grep -q "Hetzner vServer"
   args:
     executable: /bin/bash
@@ -43,6 +44,7 @@
 
 - name: Get default NIC.
   ansible.builtin.shell: |
+    set -o pipefail
     ifacecol=$(route | awk -v b="Iface" '{for (i=1;i<=NF;i++) { if ($i == b) { print i } }}')
     route | awk -v ifacecol="$ifacecol" '$1 == "default" {print $ifacecol}'
   register: dhcpdefaultnic
@@ -52,6 +54,7 @@
 
 - name: Get IP from DHCP server.
   ansible.builtin.shell: |
+    set -o pipefail
     dhcpcd -T {{ dhcpdefaultnic.stdout }} 2>&1 | grep -oP 'new_ip_address=\K\S+' | sed "s/'//g"
   register: dhcpipaddressoffer
   when:
@@ -60,6 +63,7 @@
 
 - name: Get Netmask from DHCP server.
   ansible.builtin.shell: |
+    set -o pipefail
     dhcpcd -T {{ dhcpdefaultnic.stdout }} 2>&1 | grep -oP 'new_subnet_mask=\K\S+' | sed "s/'//g"
   register: dhcpnetmaskoffer
   when:
@@ -68,6 +72,7 @@
 
 - name: Get GATEWAY from DHCP server.
   ansible.builtin.shell: |
+    set -o pipefail
     dhcpcd -T {{ dhcpdefaultnic.stdout }} 2>&1 | grep -oP 'new_routers=\K\S+' | sed "s/'//g"
   register: dhcpgatewayoffer
   when:
@@ -76,6 +81,7 @@
 
 - name: Get DNS servers from DHCP server.
   ansible.builtin.shell: |
+    set -o pipefail
     dhcpcd -T {{ dhcpdefaultnic.stdout }} 2>&1 | grep -P 'new_domain_name_servers=\K\S+' | sed "s/new_domain_name_servers=//g" | sed "s/'//g"
   register: dhcpnameserversoffer
   when: