Add f2b, disable pleroma and inspircd (cold storage), change mumble port
This commit is contained in:
parent
3a74002a04
commit
3493b1b6ea
|
@ -82,3 +82,6 @@
|
||||||
[submodule "roles/nsd"]
|
[submodule "roles/nsd"]
|
||||||
path = roles/nsd
|
path = roles/nsd
|
||||||
url = https://git.redxen.eu/RedXen/ansible-nsd
|
url = https://git.redxen.eu/RedXen/ansible-nsd
|
||||||
|
[submodule "roles/fail2ban"]
|
||||||
|
path = roles/fail2ban
|
||||||
|
url = https://git.redxen.eu/RedXen/ansible-fail2ban
|
||||||
|
|
3
base.yml
3
base.yml
|
@ -11,11 +11,13 @@
|
||||||
- { package: "vim", state: present }
|
- { package: "vim", state: present }
|
||||||
- { package: "sudo", state: present }
|
- { package: "sudo", state: present }
|
||||||
- { package: "iptables", state: present }
|
- { package: "iptables", state: present }
|
||||||
|
- { package: "fail2ban", state: present }
|
||||||
clean: true
|
clean: true
|
||||||
upgrade: true
|
upgrade: true
|
||||||
systemd:
|
systemd:
|
||||||
services:
|
services:
|
||||||
- { name: "netfilter-persistent", enabled: true, action: restarted }
|
- { name: "netfilter-persistent", enabled: true, action: restarted }
|
||||||
|
- { name: "fail2ban", enabled: true, action: restarted }
|
||||||
vault:
|
vault:
|
||||||
roles:
|
roles:
|
||||||
- "common"
|
- "common"
|
||||||
|
@ -23,4 +25,5 @@
|
||||||
- vault
|
- vault
|
||||||
- apt
|
- apt
|
||||||
- common # This group relies too much on handlers, it's better to use it as it is
|
- common # This group relies too much on handlers, it's better to use it as it is
|
||||||
|
- fail2ban
|
||||||
- systemd
|
- systemd
|
||||||
|
|
5
dns.yml
5
dns.yml
|
@ -42,8 +42,6 @@
|
||||||
- { service: "seedown", port: "{{ global.seedbox.darkhttpd.port }}", group: "seedbox" }
|
- { service: "seedown", port: "{{ global.seedbox.darkhttpd.port }}", group: "seedbox" }
|
||||||
- { service: "transmission", port: "{{ global.seedbox.transmission.port }}", group: "seedbox" }
|
- { service: "transmission", port: "{{ global.seedbox.transmission.port }}", group: "seedbox" }
|
||||||
- { service: "grafana", port: "{{ global.monitoring.grafana.port }}", group: "monitoring" }
|
- { service: "grafana", port: "{{ global.monitoring.grafana.port }}", group: "monitoring" }
|
||||||
fixed_SRV:
|
|
||||||
- { service: "pleroma", port: "4000", host: "nbg1.redxen.eu" }
|
|
||||||
A: # Wish these would support SRV, would ease a lot of configuration management
|
A: # Wish these would support SRV, would ease a lot of configuration management
|
||||||
- { service: "postgres", group: "backend" }
|
- { service: "postgres", group: "backend" }
|
||||||
- { service: "redis", group: "backend" }
|
- { service: "redis", group: "backend" }
|
||||||
|
@ -52,7 +50,7 @@
|
||||||
- { service: "homepage", port: "80", domain: "rxhome.s3-website.eu-central-1.amazonaws.com." }
|
- { service: "homepage", port: "80", domain: "rxhome.s3-website.eu-central-1.amazonaws.com." }
|
||||||
public:
|
public:
|
||||||
SRV:
|
SRV:
|
||||||
- { service: "mumble", proto: "tcp", host: "redxen.eu", port: 2250 }
|
- { service: "mumble", proto: "tcp", host: "n0.redxen.eu", port: 64738 }
|
||||||
- { service: "minecraft", proto: "tcp", host: "redxen.eu", port: 25565 }
|
- { service: "minecraft", proto: "tcp", host: "redxen.eu", port: 25565 }
|
||||||
TXT:
|
TXT:
|
||||||
- { name: "_amazonses.", content: "PAdK+hmtSCYH2lDwBdiCfJDxyhBj2UHJtwQzL7+kh50="}
|
- { name: "_amazonses.", content: "PAdK+hmtSCYH2lDwBdiCfJDxyhBj2UHJtwQzL7+kh50="}
|
||||||
|
@ -82,7 +80,6 @@
|
||||||
- { domain: "git", group: "frontend" }
|
- { domain: "git", group: "frontend" }
|
||||||
- { domain: "seed", group: "frontend" }
|
- { domain: "seed", group: "frontend" }
|
||||||
- { domain: "sd", group: "frontend" }
|
- { domain: "sd", group: "frontend" }
|
||||||
- { domain: "social", group: "frontend" }
|
|
||||||
roles:
|
roles:
|
||||||
- file
|
- file
|
||||||
- apt
|
- apt
|
||||||
|
|
|
@ -6,8 +6,8 @@
|
||||||
- { port: "{{ haproxy.ports.https }}", ipv: "v6", proto: "tcp" }
|
- { port: "{{ haproxy.ports.https }}", ipv: "v6", proto: "tcp" }
|
||||||
- { port: "2442", ipv: "v4", proto: "tcp" }
|
- { port: "2442", ipv: "v4", proto: "tcp" }
|
||||||
- { port: "2442", ipv: "v6", proto: "tcp" }
|
- { port: "2442", ipv: "v6", proto: "tcp" }
|
||||||
- { port: "6400", ipv: "v4", proto: "tcp" }
|
- { port: "64738", ipv: "v4", proto: "tcp" }
|
||||||
- { port: "6400", ipv: "v6", proto: "tcp" }
|
- { port: "64738", ipv: "v6", proto: "tcp" }
|
||||||
apt:
|
apt:
|
||||||
packages:
|
packages:
|
||||||
- { package: "haproxy", state: present }
|
- { package: "haproxy", state: present }
|
||||||
|
@ -31,7 +31,7 @@
|
||||||
https: 443
|
https: 443
|
||||||
tcp:
|
tcp:
|
||||||
- {expose: 2442, proxy: 2443, group: "dev"} # Gitea SSH
|
- {expose: 2442, proxy: 2443, group: "dev"} # Gitea SSH
|
||||||
- {expose: 6400, proxy: 6401, group: "social"} # Mumble
|
- {expose: 64738, proxy: "{{ global.social.murmur.port }}", group: "social"} # Mumble
|
||||||
#- {expose: 25565, proxy: 25575, group: "minecraft"} # Minecraft
|
#- {expose: 25565, proxy: 25575, group: "minecraft"} # Minecraft
|
||||||
redirect:
|
redirect:
|
||||||
prefix:
|
prefix:
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit bacb1b092f53bba40aa28486a90d81dee441fb15
|
|
@ -1 +1 @@
|
||||||
Subproject commit 654b9730f223f3137b97aa4c08acfc8ffe829540
|
Subproject commit dceb77dc260f360c5d14ef59bad489e799bc75e6
|
|
@ -1 +1 @@
|
||||||
Subproject commit 90655e53d932ef0013065c0ebe0f1cb7b8c1a486
|
Subproject commit 8c8ee895ea8312e890d3603ac2d5cecaf6adfb3d
|
|
@ -1 +1 @@
|
||||||
Subproject commit ac55d40cd9fbf04d6632359a1d7ede68117e2547
|
Subproject commit 64e64e6b03af48899d73098eb7de78a53e28386a
|
|
@ -1 +1 @@
|
||||||
Subproject commit 363015e26cb29c4456e81a38b7bce06ba5a57619
|
Subproject commit dcd661a35a8c7780fa55b77aa4ab90648f6a2e78
|
|
@ -1 +1 @@
|
||||||
Subproject commit 1e18560a7e63b36d464ceb52f248820fb7764719
|
Subproject commit 2182ef94d9ed25bbbea62282f52d052a215eac9e
|
77
social.yml
77
social.yml
|
@ -2,35 +2,41 @@
|
||||||
- hosts: social
|
- hosts: social
|
||||||
vars:
|
vars:
|
||||||
git_clone:
|
git_clone:
|
||||||
# - { dest: "/home/repositories/pleroma", repo: "https://git.pleroma.social/pleroma/pleroma.git", branch: "develop" }
|
# - { dest: "/home/repositories/pleroma", repo: "https://git.pleroma.social/pleroma/pleroma.git", branch: "develop" }
|
||||||
|
# - { dest: "{{ inspircd.paths.build }}", repo: "https://github.com/inspircd/inspircd.git", branch: "insp3" }
|
||||||
- { dest: "{{ inspircd.paths.build }}", repo: "https://github.com/inspircd/inspircd.git", branch: "insp3" }
|
|
||||||
file:
|
file:
|
||||||
- { path: '/etc/murmur', owner: 'root', group: 'root', mode: '600', state: directory }
|
- { path: '/etc/murmur', owner: 'root', group: 'root', mode: '600', state: directory }
|
||||||
- { path: '{{ inspircd.paths.build }}/.configure', owner: 'root', group: 'root', mode: '600', state: directory }
|
# - { path: '{{ inspircd.paths.build }}/.configure', owner: 'root', group: 'root', mode: '600', state: directory }
|
||||||
- { path: '{{ inspircd.paths.config }}/conf', owner: 'nobody', group: 'nogroup', mode: '600', state: directory }
|
# - { path: '{{ inspircd.paths.config }}/conf', owner: 'nobody', group: 'nogroup', mode: '600', state: directory }
|
||||||
apt:
|
apt:
|
||||||
|
# sign_keys:
|
||||||
|
# - "https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc"
|
||||||
packages:
|
packages:
|
||||||
- { package: "git", state: present }
|
- { package: "git", state: present }
|
||||||
- { package: "gcc", state: present }
|
- { package: "gcc", state: present }
|
||||||
- { package: "build-essential", state: present }
|
- { package: "build-essential", state: present }
|
||||||
#- { package: "musl-dev", state: present }
|
# - { package: "musl-dev", state: present }
|
||||||
# Pleroma (Elixir)
|
# Pleroma (Elixir)
|
||||||
#- { package: "libncurses6", state: present }
|
# - { package: "libncurses6", state: present }
|
||||||
#- { package: "postgresql-client", state: present }
|
# - { package: "postgresql-client", state: present }
|
||||||
#- { package: "elixir", state: present }
|
# - { package: "elixir", state: present }
|
||||||
|
# - { package: "erlang-dev", state: present }
|
||||||
|
# - { package: "erlang-parsetools", state: present }
|
||||||
|
# - { package: "erlang-eldap", state: present }
|
||||||
|
# - { package: "erlang-xmerl", state: present }
|
||||||
# Mumble
|
# Mumble
|
||||||
- { package: "libqt5sql5-psql", state: present }
|
- { package: "libqt5sql5-psql", state: present }
|
||||||
- { package: "mumble-server", state: present }
|
- { package: "mumble-server", state: present }
|
||||||
- { package: "xz-utils", state: present }
|
- { package: "xz-utils", state: present }
|
||||||
- { package: "libmariadbclient-dev", state: present }
|
- { package: "libmariadbclient-dev", state: present }
|
||||||
# InspIRCd
|
# InspIRCd
|
||||||
- { package: "libpq-dev", state: present }
|
# - { package: "libpq-dev", state: present }
|
||||||
systemd:
|
systemd:
|
||||||
services:
|
services:
|
||||||
#- { name: "pleroma", enabled: true, action: restarted }
|
# - { name: "pleroma", enabled: true, action: restarted }
|
||||||
- { name: "murmur", enabled: true, action: restarted }
|
- { name: "murmur", enabled: true, action: restarted }
|
||||||
- { name: "inspircd", enabled: true, action: restarted }
|
- { name: "mumble-server", action: stopped }
|
||||||
|
# - { name: "inspircd", enabled: true, action: restarted }
|
||||||
murmur:
|
murmur:
|
||||||
configpath: "{{ global.social.murmur.configpath }}"
|
configpath: "{{ global.social.murmur.configpath }}"
|
||||||
name: "RedXen Community Mumble [High Bandwidth, User channels, 24/7]"
|
name: "RedXen Community Mumble [High Bandwidth, User channels, 24/7]"
|
||||||
|
@ -57,33 +63,38 @@
|
||||||
Enjoy your stay!<br />
|
Enjoy your stay!<br />
|
||||||
Have a group that you want to represent or a question? Contact me at caskd@gmx.de<br />
|
Have a group that you want to represent or a question? Contact me at caskd@gmx.de<br />
|
||||||
</center>
|
</center>
|
||||||
inspircd:
|
# pleroma:
|
||||||
server:
|
# root: "/etc/pleroma"
|
||||||
name: "redxen.eu"
|
# data: "/mnt/pleroma"
|
||||||
description: "RedXen IRC Community"
|
# inspircd:
|
||||||
network: "RedXen"
|
# server:
|
||||||
bind:
|
# name: "redxen.eu"
|
||||||
- { address: "", port: 6667, tls: false, type: "clients" }
|
# description: "RedXen IRC Community"
|
||||||
- { address: "", port: 6697, tls: true, type: "clients" }
|
# network: "RedXen"
|
||||||
#- { address: "", port: 7000, tls: false, type: "servers" }
|
# bind:
|
||||||
#- { address: "", port: 70001, tls: true, type: "servers" }
|
# - { address: "", port: 6667, tls: false, type: "clients" }
|
||||||
paths:
|
# - { address: "", port: 6697, tls: true, type: "clients" }
|
||||||
config: '/etc/inspircd'
|
# #- { address: "", port: 7000, tls: false, type: "servers" }
|
||||||
build: '/home/repositories/inspircd'
|
# #- { address: "", port: 70001, tls: true, type: "servers" }
|
||||||
permchannels:
|
# paths:
|
||||||
- { channel: "redxen", topic: "Welcome to RedXen IRC | https://redxen.eu", modes: "+nt *!*@*!*" }
|
# config: '/etc/inspircd'
|
||||||
- { channel: "support", topic: "Have patience when asking, it can take some time until someone answers your question", modes: "+nt *!*@*!*" }
|
# build: '/home/repositories/inspircd'
|
||||||
|
# permchannels:
|
||||||
|
# - { channel: "redxen", topic: "Welcome to RedXen IRC | https://redxen.eu", modes: "+nt *!*@*!*" }
|
||||||
|
# - { channel: "support", topic: "Have patience when asking, it can take some time until someone answers your question", modes: "+nt *!*@*!*" }
|
||||||
vault:
|
vault:
|
||||||
roles:
|
roles:
|
||||||
- "pleroma"
|
# - "pleroma"
|
||||||
- "murmur"
|
- "murmur"
|
||||||
- "inspircd"
|
- "postgresql"
|
||||||
|
# - "inspircd"
|
||||||
|
#
|
||||||
roles:
|
roles:
|
||||||
- vault
|
- vault
|
||||||
- git-clone # NOTE: Uncomment pleroma stuff when parse_trans supports OTP >= 21
|
#- git-clone
|
||||||
- apt
|
- apt
|
||||||
- file
|
- file
|
||||||
#- pleroma
|
|
||||||
- murmur
|
- murmur
|
||||||
- inspircd
|
# - pleroma
|
||||||
|
# - inspircd
|
||||||
- systemd
|
- systemd
|
||||||
|
|
Reference in New Issue