diff --git a/.gitmodules b/.gitmodules
index 24dcbf1..558a786 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -82,3 +82,6 @@
[submodule "roles/nsd"]
path = roles/nsd
url = https://git.redxen.eu/RedXen/ansible-nsd
+[submodule "roles/fail2ban"]
+ path = roles/fail2ban
+ url = https://git.redxen.eu/RedXen/ansible-fail2ban
diff --git a/base.yml b/base.yml
index cf0b872..c1d118c 100644
--- a/base.yml
+++ b/base.yml
@@ -11,11 +11,13 @@
- { package: "vim", state: present }
- { package: "sudo", state: present }
- { package: "iptables", state: present }
+ - { package: "fail2ban", state: present }
clean: true
upgrade: true
systemd:
services:
- { name: "netfilter-persistent", enabled: true, action: restarted }
+ - { name: "fail2ban", enabled: true, action: restarted }
vault:
roles:
- "common"
@@ -23,4 +25,5 @@
- vault
- apt
- common # This group relies too much on handlers, it's better to use it as it is
+ - fail2ban
- systemd
diff --git a/dns.yml b/dns.yml
index 9e903aa..1a57823 100644
--- a/dns.yml
+++ b/dns.yml
@@ -42,8 +42,6 @@
- { service: "seedown", port: "{{ global.seedbox.darkhttpd.port }}", group: "seedbox" }
- { service: "transmission", port: "{{ global.seedbox.transmission.port }}", group: "seedbox" }
- { service: "grafana", port: "{{ global.monitoring.grafana.port }}", group: "monitoring" }
- fixed_SRV:
- - { service: "pleroma", port: "4000", host: "nbg1.redxen.eu" }
A: # Wish these would support SRV, would ease a lot of configuration management
- { service: "postgres", group: "backend" }
- { service: "redis", group: "backend" }
@@ -52,7 +50,7 @@
- { service: "homepage", port: "80", domain: "rxhome.s3-website.eu-central-1.amazonaws.com." }
public:
SRV:
- - { service: "mumble", proto: "tcp", host: "redxen.eu", port: 2250 }
+ - { service: "mumble", proto: "tcp", host: "n0.redxen.eu", port: 64738 }
- { service: "minecraft", proto: "tcp", host: "redxen.eu", port: 25565 }
TXT:
- { name: "_amazonses.", content: "PAdK+hmtSCYH2lDwBdiCfJDxyhBj2UHJtwQzL7+kh50="}
@@ -82,7 +80,6 @@
- { domain: "git", group: "frontend" }
- { domain: "seed", group: "frontend" }
- { domain: "sd", group: "frontend" }
- - { domain: "social", group: "frontend" }
roles:
- file
- apt
diff --git a/frontend.yml b/frontend.yml
index 33dcf49..f24f759 100644
--- a/frontend.yml
+++ b/frontend.yml
@@ -6,8 +6,8 @@
- { port: "{{ haproxy.ports.https }}", ipv: "v6", proto: "tcp" }
- { port: "2442", ipv: "v4", proto: "tcp" }
- { port: "2442", ipv: "v6", proto: "tcp" }
- - { port: "6400", ipv: "v4", proto: "tcp" }
- - { port: "6400", ipv: "v6", proto: "tcp" }
+ - { port: "64738", ipv: "v4", proto: "tcp" }
+ - { port: "64738", ipv: "v6", proto: "tcp" }
apt:
packages:
- { package: "haproxy", state: present }
@@ -31,7 +31,7 @@
https: 443
tcp:
- {expose: 2442, proxy: 2443, group: "dev"} # Gitea SSH
- - {expose: 6400, proxy: 6401, group: "social"} # Mumble
+ - {expose: 64738, proxy: "{{ global.social.murmur.port }}", group: "social"} # Mumble
#- {expose: 25565, proxy: 25575, group: "minecraft"} # Minecraft
redirect:
prefix:
diff --git a/roles/fail2ban b/roles/fail2ban
new file mode 160000
index 0000000..bacb1b0
--- /dev/null
+++ b/roles/fail2ban
@@ -0,0 +1 @@
+Subproject commit bacb1b092f53bba40aa28486a90d81dee441fb15
diff --git a/roles/murmur b/roles/murmur
index 654b973..dceb77d 160000
--- a/roles/murmur
+++ b/roles/murmur
@@ -1 +1 @@
-Subproject commit 654b9730f223f3137b97aa4c08acfc8ffe829540
+Subproject commit dceb77dc260f360c5d14ef59bad489e799bc75e6
diff --git a/roles/pleroma b/roles/pleroma
index 90655e5..8c8ee89 160000
--- a/roles/pleroma
+++ b/roles/pleroma
@@ -1 +1 @@
-Subproject commit 90655e53d932ef0013065c0ebe0f1cb7b8c1a486
+Subproject commit 8c8ee895ea8312e890d3603ac2d5cecaf6adfb3d
diff --git a/roles/systemd b/roles/systemd
index ac55d40..64e64e6 160000
--- a/roles/systemd
+++ b/roles/systemd
@@ -1 +1 @@
-Subproject commit ac55d40cd9fbf04d6632359a1d7ede68117e2547
+Subproject commit 64e64e6b03af48899d73098eb7de78a53e28386a
diff --git a/roles/telegraf b/roles/telegraf
index 363015e..dcd661a 160000
--- a/roles/telegraf
+++ b/roles/telegraf
@@ -1 +1 @@
-Subproject commit 363015e26cb29c4456e81a38b7bce06ba5a57619
+Subproject commit dcd661a35a8c7780fa55b77aa4ab90648f6a2e78
diff --git a/roles/varnish b/roles/varnish
index 1e18560..2182ef9 160000
--- a/roles/varnish
+++ b/roles/varnish
@@ -1 +1 @@
-Subproject commit 1e18560a7e63b36d464ceb52f248820fb7764719
+Subproject commit 2182ef94d9ed25bbbea62282f52d052a215eac9e
diff --git a/social.yml b/social.yml
index c6eedf6..af81fc9 100644
--- a/social.yml
+++ b/social.yml
@@ -2,35 +2,41 @@
- hosts: social
vars:
git_clone:
- # - { dest: "/home/repositories/pleroma", repo: "https://git.pleroma.social/pleroma/pleroma.git", branch: "develop" }
-
- - { dest: "{{ inspircd.paths.build }}", repo: "https://github.com/inspircd/inspircd.git", branch: "insp3" }
+# - { dest: "/home/repositories/pleroma", repo: "https://git.pleroma.social/pleroma/pleroma.git", branch: "develop" }
+# - { dest: "{{ inspircd.paths.build }}", repo: "https://github.com/inspircd/inspircd.git", branch: "insp3" }
file:
- { path: '/etc/murmur', owner: 'root', group: 'root', mode: '600', state: directory }
- - { path: '{{ inspircd.paths.build }}/.configure', owner: 'root', group: 'root', mode: '600', state: directory }
- - { path: '{{ inspircd.paths.config }}/conf', owner: 'nobody', group: 'nogroup', mode: '600', state: directory }
+# - { path: '{{ inspircd.paths.build }}/.configure', owner: 'root', group: 'root', mode: '600', state: directory }
+# - { path: '{{ inspircd.paths.config }}/conf', owner: 'nobody', group: 'nogroup', mode: '600', state: directory }
apt:
+# sign_keys:
+# - "https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc"
packages:
- { package: "git", state: present }
- { package: "gcc", state: present }
- { package: "build-essential", state: present }
- #- { package: "musl-dev", state: present }
+# - { package: "musl-dev", state: present }
# Pleroma (Elixir)
- #- { package: "libncurses6", state: present }
- #- { package: "postgresql-client", state: present }
- #- { package: "elixir", state: present }
+# - { package: "libncurses6", state: present }
+# - { package: "postgresql-client", state: present }
+# - { package: "elixir", state: present }
+# - { package: "erlang-dev", state: present }
+# - { package: "erlang-parsetools", state: present }
+# - { package: "erlang-eldap", state: present }
+# - { package: "erlang-xmerl", state: present }
# Mumble
- { package: "libqt5sql5-psql", state: present }
- { package: "mumble-server", state: present }
- { package: "xz-utils", state: present }
- { package: "libmariadbclient-dev", state: present }
# InspIRCd
- - { package: "libpq-dev", state: present }
+# - { package: "libpq-dev", state: present }
systemd:
services:
- #- { name: "pleroma", enabled: true, action: restarted }
+# - { name: "pleroma", enabled: true, action: restarted }
- { name: "murmur", enabled: true, action: restarted }
- - { name: "inspircd", enabled: true, action: restarted }
+ - { name: "mumble-server", action: stopped }
+# - { name: "inspircd", enabled: true, action: restarted }
murmur:
configpath: "{{ global.social.murmur.configpath }}"
name: "RedXen Community Mumble [High Bandwidth, User channels, 24/7]"
@@ -57,33 +63,38 @@
Enjoy your stay!
Have a group that you want to represent or a question? Contact me at caskd@gmx.de
- inspircd:
- server:
- name: "redxen.eu"
- description: "RedXen IRC Community"
- network: "RedXen"
- bind:
- - { address: "", port: 6667, tls: false, type: "clients" }
- - { address: "", port: 6697, tls: true, type: "clients" }
- #- { address: "", port: 7000, tls: false, type: "servers" }
- #- { address: "", port: 70001, tls: true, type: "servers" }
- paths:
- config: '/etc/inspircd'
- build: '/home/repositories/inspircd'
- permchannels:
- - { channel: "redxen", topic: "Welcome to RedXen IRC | https://redxen.eu", modes: "+nt *!*@*!*" }
- - { channel: "support", topic: "Have patience when asking, it can take some time until someone answers your question", modes: "+nt *!*@*!*" }
+# pleroma:
+# root: "/etc/pleroma"
+# data: "/mnt/pleroma"
+# inspircd:
+# server:
+# name: "redxen.eu"
+# description: "RedXen IRC Community"
+# network: "RedXen"
+# bind:
+# - { address: "", port: 6667, tls: false, type: "clients" }
+# - { address: "", port: 6697, tls: true, type: "clients" }
+# #- { address: "", port: 7000, tls: false, type: "servers" }
+# #- { address: "", port: 70001, tls: true, type: "servers" }
+# paths:
+# config: '/etc/inspircd'
+# build: '/home/repositories/inspircd'
+# permchannels:
+# - { channel: "redxen", topic: "Welcome to RedXen IRC | https://redxen.eu", modes: "+nt *!*@*!*" }
+# - { channel: "support", topic: "Have patience when asking, it can take some time until someone answers your question", modes: "+nt *!*@*!*" }
vault:
roles:
- - "pleroma"
+# - "pleroma"
- "murmur"
- - "inspircd"
+ - "postgresql"
+# - "inspircd"
+#
roles:
- vault
- - git-clone # NOTE: Uncomment pleroma stuff when parse_trans supports OTP >= 21
+ #- git-clone
- apt
- file
- #- pleroma
- murmur
- - inspircd
+# - pleroma
+# - inspircd
- systemd