Add f2b, disable pleroma and inspircd (cold storage), change mumble port

This commit is contained in:
Alex 2020-06-04 14:40:39 +02:00
parent 3a74002a04
commit 3493b1b6ea
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
11 changed files with 60 additions and 45 deletions

3
.gitmodules vendored
View File

@ -82,3 +82,6 @@
[submodule "roles/nsd"] [submodule "roles/nsd"]
path = roles/nsd path = roles/nsd
url = https://git.redxen.eu/RedXen/ansible-nsd url = https://git.redxen.eu/RedXen/ansible-nsd
[submodule "roles/fail2ban"]
path = roles/fail2ban
url = https://git.redxen.eu/RedXen/ansible-fail2ban

View File

@ -11,11 +11,13 @@
- { package: "vim", state: present } - { package: "vim", state: present }
- { package: "sudo", state: present } - { package: "sudo", state: present }
- { package: "iptables", state: present } - { package: "iptables", state: present }
- { package: "fail2ban", state: present }
clean: true clean: true
upgrade: true upgrade: true
systemd: systemd:
services: services:
- { name: "netfilter-persistent", enabled: true, action: restarted } - { name: "netfilter-persistent", enabled: true, action: restarted }
- { name: "fail2ban", enabled: true, action: restarted }
vault: vault:
roles: roles:
- "common" - "common"
@ -23,4 +25,5 @@
- vault - vault
- apt - apt
- common # This group relies too much on handlers, it's better to use it as it is - common # This group relies too much on handlers, it's better to use it as it is
- fail2ban
- systemd - systemd

View File

@ -42,8 +42,6 @@
- { service: "seedown", port: "{{ global.seedbox.darkhttpd.port }}", group: "seedbox" } - { service: "seedown", port: "{{ global.seedbox.darkhttpd.port }}", group: "seedbox" }
- { service: "transmission", port: "{{ global.seedbox.transmission.port }}", group: "seedbox" } - { service: "transmission", port: "{{ global.seedbox.transmission.port }}", group: "seedbox" }
- { service: "grafana", port: "{{ global.monitoring.grafana.port }}", group: "monitoring" } - { service: "grafana", port: "{{ global.monitoring.grafana.port }}", group: "monitoring" }
fixed_SRV:
- { service: "pleroma", port: "4000", host: "nbg1.redxen.eu" }
A: # Wish these would support SRV, would ease a lot of configuration management A: # Wish these would support SRV, would ease a lot of configuration management
- { service: "postgres", group: "backend" } - { service: "postgres", group: "backend" }
- { service: "redis", group: "backend" } - { service: "redis", group: "backend" }
@ -52,7 +50,7 @@
- { service: "homepage", port: "80", domain: "rxhome.s3-website.eu-central-1.amazonaws.com." } - { service: "homepage", port: "80", domain: "rxhome.s3-website.eu-central-1.amazonaws.com." }
public: public:
SRV: SRV:
- { service: "mumble", proto: "tcp", host: "redxen.eu", port: 2250 } - { service: "mumble", proto: "tcp", host: "n0.redxen.eu", port: 64738 }
- { service: "minecraft", proto: "tcp", host: "redxen.eu", port: 25565 } - { service: "minecraft", proto: "tcp", host: "redxen.eu", port: 25565 }
TXT: TXT:
- { name: "_amazonses.", content: "PAdK+hmtSCYH2lDwBdiCfJDxyhBj2UHJtwQzL7+kh50="} - { name: "_amazonses.", content: "PAdK+hmtSCYH2lDwBdiCfJDxyhBj2UHJtwQzL7+kh50="}
@ -82,7 +80,6 @@
- { domain: "git", group: "frontend" } - { domain: "git", group: "frontend" }
- { domain: "seed", group: "frontend" } - { domain: "seed", group: "frontend" }
- { domain: "sd", group: "frontend" } - { domain: "sd", group: "frontend" }
- { domain: "social", group: "frontend" }
roles: roles:
- file - file
- apt - apt

View File

@ -6,8 +6,8 @@
- { port: "{{ haproxy.ports.https }}", ipv: "v6", proto: "tcp" } - { port: "{{ haproxy.ports.https }}", ipv: "v6", proto: "tcp" }
- { port: "2442", ipv: "v4", proto: "tcp" } - { port: "2442", ipv: "v4", proto: "tcp" }
- { port: "2442", ipv: "v6", proto: "tcp" } - { port: "2442", ipv: "v6", proto: "tcp" }
- { port: "6400", ipv: "v4", proto: "tcp" } - { port: "64738", ipv: "v4", proto: "tcp" }
- { port: "6400", ipv: "v6", proto: "tcp" } - { port: "64738", ipv: "v6", proto: "tcp" }
apt: apt:
packages: packages:
- { package: "haproxy", state: present } - { package: "haproxy", state: present }
@ -31,7 +31,7 @@
https: 443 https: 443
tcp: tcp:
- {expose: 2442, proxy: 2443, group: "dev"} # Gitea SSH - {expose: 2442, proxy: 2443, group: "dev"} # Gitea SSH
- {expose: 6400, proxy: 6401, group: "social"} # Mumble - {expose: 64738, proxy: "{{ global.social.murmur.port }}", group: "social"} # Mumble
#- {expose: 25565, proxy: 25575, group: "minecraft"} # Minecraft #- {expose: 25565, proxy: 25575, group: "minecraft"} # Minecraft
redirect: redirect:
prefix: prefix:

1
roles/fail2ban Submodule

@ -0,0 +1 @@
Subproject commit bacb1b092f53bba40aa28486a90d81dee441fb15

@ -1 +1 @@
Subproject commit 654b9730f223f3137b97aa4c08acfc8ffe829540 Subproject commit dceb77dc260f360c5d14ef59bad489e799bc75e6

@ -1 +1 @@
Subproject commit 90655e53d932ef0013065c0ebe0f1cb7b8c1a486 Subproject commit 8c8ee895ea8312e890d3603ac2d5cecaf6adfb3d

@ -1 +1 @@
Subproject commit ac55d40cd9fbf04d6632359a1d7ede68117e2547 Subproject commit 64e64e6b03af48899d73098eb7de78a53e28386a

@ -1 +1 @@
Subproject commit 363015e26cb29c4456e81a38b7bce06ba5a57619 Subproject commit dcd661a35a8c7780fa55b77aa4ab90648f6a2e78

@ -1 +1 @@
Subproject commit 1e18560a7e63b36d464ceb52f248820fb7764719 Subproject commit 2182ef94d9ed25bbbea62282f52d052a215eac9e

View File

@ -2,35 +2,41 @@
- hosts: social - hosts: social
vars: vars:
git_clone: git_clone:
# - { dest: "/home/repositories/pleroma", repo: "https://git.pleroma.social/pleroma/pleroma.git", branch: "develop" } # - { dest: "/home/repositories/pleroma", repo: "https://git.pleroma.social/pleroma/pleroma.git", branch: "develop" }
# - { dest: "{{ inspircd.paths.build }}", repo: "https://github.com/inspircd/inspircd.git", branch: "insp3" }
- { dest: "{{ inspircd.paths.build }}", repo: "https://github.com/inspircd/inspircd.git", branch: "insp3" }
file: file:
- { path: '/etc/murmur', owner: 'root', group: 'root', mode: '600', state: directory } - { path: '/etc/murmur', owner: 'root', group: 'root', mode: '600', state: directory }
- { path: '{{ inspircd.paths.build }}/.configure', owner: 'root', group: 'root', mode: '600', state: directory } # - { path: '{{ inspircd.paths.build }}/.configure', owner: 'root', group: 'root', mode: '600', state: directory }
- { path: '{{ inspircd.paths.config }}/conf', owner: 'nobody', group: 'nogroup', mode: '600', state: directory } # - { path: '{{ inspircd.paths.config }}/conf', owner: 'nobody', group: 'nogroup', mode: '600', state: directory }
apt: apt:
# sign_keys:
# - "https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc"
packages: packages:
- { package: "git", state: present } - { package: "git", state: present }
- { package: "gcc", state: present } - { package: "gcc", state: present }
- { package: "build-essential", state: present } - { package: "build-essential", state: present }
#- { package: "musl-dev", state: present } # - { package: "musl-dev", state: present }
# Pleroma (Elixir) # Pleroma (Elixir)
#- { package: "libncurses6", state: present } # - { package: "libncurses6", state: present }
#- { package: "postgresql-client", state: present } # - { package: "postgresql-client", state: present }
#- { package: "elixir", state: present } # - { package: "elixir", state: present }
# - { package: "erlang-dev", state: present }
# - { package: "erlang-parsetools", state: present }
# - { package: "erlang-eldap", state: present }
# - { package: "erlang-xmerl", state: present }
# Mumble # Mumble
- { package: "libqt5sql5-psql", state: present } - { package: "libqt5sql5-psql", state: present }
- { package: "mumble-server", state: present } - { package: "mumble-server", state: present }
- { package: "xz-utils", state: present } - { package: "xz-utils", state: present }
- { package: "libmariadbclient-dev", state: present } - { package: "libmariadbclient-dev", state: present }
# InspIRCd # InspIRCd
- { package: "libpq-dev", state: present } # - { package: "libpq-dev", state: present }
systemd: systemd:
services: services:
#- { name: "pleroma", enabled: true, action: restarted } # - { name: "pleroma", enabled: true, action: restarted }
- { name: "murmur", enabled: true, action: restarted } - { name: "murmur", enabled: true, action: restarted }
- { name: "inspircd", enabled: true, action: restarted } - { name: "mumble-server", action: stopped }
# - { name: "inspircd", enabled: true, action: restarted }
murmur: murmur:
configpath: "{{ global.social.murmur.configpath }}" configpath: "{{ global.social.murmur.configpath }}"
name: "RedXen Community Mumble [High Bandwidth, User channels, 24/7]" name: "RedXen Community Mumble [High Bandwidth, User channels, 24/7]"
@ -57,33 +63,38 @@
Enjoy your stay!<br /> Enjoy your stay!<br />
Have a group that you want to represent or a question? Contact me at caskd@gmx.de<br /> Have a group that you want to represent or a question? Contact me at caskd@gmx.de<br />
</center> </center>
inspircd: # pleroma:
server: # root: "/etc/pleroma"
name: "redxen.eu" # data: "/mnt/pleroma"
description: "RedXen IRC Community" # inspircd:
network: "RedXen" # server:
bind: # name: "redxen.eu"
- { address: "", port: 6667, tls: false, type: "clients" } # description: "RedXen IRC Community"
- { address: "", port: 6697, tls: true, type: "clients" } # network: "RedXen"
#- { address: "", port: 7000, tls: false, type: "servers" } # bind:
#- { address: "", port: 70001, tls: true, type: "servers" } # - { address: "", port: 6667, tls: false, type: "clients" }
paths: # - { address: "", port: 6697, tls: true, type: "clients" }
config: '/etc/inspircd' # #- { address: "", port: 7000, tls: false, type: "servers" }
build: '/home/repositories/inspircd' # #- { address: "", port: 70001, tls: true, type: "servers" }
permchannels: # paths:
- { channel: "redxen", topic: "Welcome to RedXen IRC | https://redxen.eu", modes: "+nt *!*@*!*" } # config: '/etc/inspircd'
- { channel: "support", topic: "Have patience when asking, it can take some time until someone answers your question", modes: "+nt *!*@*!*" } # build: '/home/repositories/inspircd'
# permchannels:
# - { channel: "redxen", topic: "Welcome to RedXen IRC | https://redxen.eu", modes: "+nt *!*@*!*" }
# - { channel: "support", topic: "Have patience when asking, it can take some time until someone answers your question", modes: "+nt *!*@*!*" }
vault: vault:
roles: roles:
- "pleroma" # - "pleroma"
- "murmur" - "murmur"
- "inspircd" - "postgresql"
# - "inspircd"
#
roles: roles:
- vault - vault
- git-clone # NOTE: Uncomment pleroma stuff when parse_trans supports OTP >= 21 #- git-clone
- apt - apt
- file - file
#- pleroma
- murmur - murmur
- inspircd # - pleroma
# - inspircd
- systemd - systemd