Update apt and add monitoring
This commit is contained in:
parent
d0eea62673
commit
b8cccbbfe7
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
todo.txt
|
||||
vault/
|
||||
/vault/
|
||||
|
6
.gitmodules
vendored
6
.gitmodules
vendored
@ -61,9 +61,6 @@
|
||||
[submodule "roles/varnish"]
|
||||
path = roles/varnish
|
||||
url = https://git.redxen.eu/RedXen/ansible-varnish/
|
||||
[submodule "roles/apt-clean"]
|
||||
path = roles/apt-clean
|
||||
url = https://git.redxen.eu/RedXen/ansible-apt-clean/
|
||||
[submodule "roles/common"]
|
||||
path = roles/common
|
||||
url = https://git.redxen.eu/RedXen/ansible-common/
|
||||
@ -73,3 +70,6 @@
|
||||
[submodule "roles/users"]
|
||||
path = roles/users
|
||||
url = https://git.redxen.eu/RedXen/ansible-users/
|
||||
[submodule "roles/grafana"]
|
||||
path = roles/grafana
|
||||
url = https://git.redxen.eu/RedXen/ansible-grafana
|
||||
|
@ -1,7 +1,8 @@
|
||||
---
|
||||
- hosts: backend
|
||||
vars:
|
||||
apt_packages:
|
||||
apt:
|
||||
packages:
|
||||
- { package: "postgresql", state: present }
|
||||
- { package: "python3-psycopg2", state: present }
|
||||
- { package: "redis", state: present }
|
||||
|
7
base.yml
7
base.yml
@ -1,9 +1,8 @@
|
||||
---
|
||||
- hosts: all
|
||||
vars_files:
|
||||
- "vault/global.yml"
|
||||
vars:
|
||||
apt_packages:
|
||||
apt:
|
||||
packages:
|
||||
- { package: "iptables-persistent", state: present }
|
||||
- { package: "netfilter-persistent", state: present }
|
||||
- { package: "sed", state: present }
|
||||
@ -12,6 +11,8 @@
|
||||
- { package: "vim", state: present }
|
||||
- { package: "sudo", state: present }
|
||||
- { package: "iptables", state: present }
|
||||
clean: true
|
||||
upgrade: true
|
||||
systemd:
|
||||
services:
|
||||
- { name: "netfilter-persistent", enabled: true, state: restarted }
|
||||
|
3
dns.yml
3
dns.yml
@ -10,7 +10,8 @@
|
||||
services:
|
||||
- { name: "systemd-resolved", action: stopped }
|
||||
- { name: "unbound", enabled: true, action: reloaded }
|
||||
apt_packages:
|
||||
apt:
|
||||
packages:
|
||||
- { package: "unbound", state: present }
|
||||
unbound:
|
||||
port: 53
|
||||
|
@ -1,7 +1,8 @@
|
||||
---
|
||||
- hosts: frontend
|
||||
vars:
|
||||
apt_packages:
|
||||
apt:
|
||||
packages:
|
||||
- { package: "haproxy", state: present }
|
||||
- { package: "hitch", state: present }
|
||||
- { package: "varnish", state: present }
|
||||
|
@ -25,8 +25,6 @@ global:
|
||||
port:
|
||||
http: 3200
|
||||
ssh: 2443
|
||||
|
||||
# TODO: Migrate these VVVVV
|
||||
monitoring:
|
||||
grafana:
|
||||
domain: "dev-stats.redxen.eu"
|
||||
|
56
monitoring.yml
Normal file
56
monitoring.yml
Normal file
@ -0,0 +1,56 @@
|
||||
---
|
||||
- hosts: monitoring
|
||||
vars:
|
||||
apt:
|
||||
keys:
|
||||
- "https://packages.grafana.com/gpg.key"
|
||||
- "https://repos.influxdata.com/influxdb.key"
|
||||
repos:
|
||||
- { repo: 'https://repos.influxdata.com/ubuntu stretch stable', file: "influxdata" }
|
||||
- { repo: 'https://packages.grafana.com/oss/deb stable main', file: "grafanalabs" }
|
||||
packages:
|
||||
- { package: "grafana", state: present }
|
||||
- { package: "telegraf", state: present }
|
||||
systemd:
|
||||
services:
|
||||
- { name: "grafana-server", enabled: true, state: restarted }
|
||||
- { name: "telegraf", enabled: true, state: restarted }
|
||||
vault:
|
||||
roles:
|
||||
- "postgresql"
|
||||
- "grafana"
|
||||
- "telegraf"
|
||||
- "grafana"
|
||||
grafana:
|
||||
listen:
|
||||
port: '{{ global.monitoring.grafana.port }}'
|
||||
domain: '{{ global.monitoring.grafana.domain }}'
|
||||
database:
|
||||
type: 'postgres'
|
||||
host: '{{ postgres.host }}:{{ postgres.port }}'
|
||||
name: 'grafana'
|
||||
user: 'grafana'
|
||||
ssl: 'require'
|
||||
password: "{{ postgres.dbpass['grafana'] }}"
|
||||
cache:
|
||||
type: "redis"
|
||||
connstr: "addr={{ global.backend.redis.host }}:{{ global.backend.redis.port }},pool_size=100,db=9"
|
||||
auth:
|
||||
generic_oauth:
|
||||
- {
|
||||
name: 'Gitea',
|
||||
enabled: 'true',
|
||||
allow_sign_up: 'false',
|
||||
client_id: '{{ vault_gitea.client_id }}',
|
||||
client_secret: '{{ vault_gitea.client_secret }}',
|
||||
scopes: 'user:email',
|
||||
auth_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/authorize',
|
||||
token_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/access_token',
|
||||
api_url: 'https://{{ global.dev.gitea.domain }}/api/v1/user'
|
||||
}
|
||||
roles:
|
||||
- vault
|
||||
- apt
|
||||
- grafana
|
||||
- telegraf
|
||||
- systemd
|
3
net.yml
3
net.yml
@ -4,7 +4,8 @@
|
||||
file:
|
||||
- { path: '/etc/tor', owner: 'root', group: 'root', mode: '600', state: directory }
|
||||
- { path: '/etc/wireguard', owner: 'root', group: 'root', mode: '600', state: directory }
|
||||
apt_packages:
|
||||
apt:
|
||||
packages:
|
||||
- { package: "tor", state: present }
|
||||
- { package: "wireguard-tools", state: present }
|
||||
- { package: "wireguard", state: present }
|
||||
|
@ -1 +1 @@
|
||||
Subproject commit a0d9886ba03dfe82e62af1ed9853c657c81d4e81
|
||||
Subproject commit 0342a83b7c6bb5028c4654b46ab0752cc9989499
|
@ -1 +0,0 @@
|
||||
Subproject commit e23de968eb49e4ba62ac19c68d02e38426b565b3
|
1
roles/grafana
Submodule
1
roles/grafana
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit 9d379dd69447bea03c636e0ddfdf3cbaf0e58578
|
1
roles/vault
Submodule
1
roles/vault
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit 0d4f9886e5e294febb2dbde0f13ba54ae7f0709b
|
@ -1,7 +1,8 @@
|
||||
---
|
||||
- hosts: seedbox
|
||||
vars:
|
||||
apt_packages:
|
||||
apt:
|
||||
packages:
|
||||
- { package: "transmission-daemon", state: present }
|
||||
- { package: "git", state: present }
|
||||
- { package: "make", state: present }
|
||||
|
@ -9,7 +9,8 @@
|
||||
- { path: '/etc/murmur', owner: 'root', group: 'root', mode: '600', state: directory }
|
||||
- { path: '{{ inspircd.paths.build }}/.configure', owner: 'root', group: 'root', mode: '600', state: directory }
|
||||
- { path: '{{ inspircd.paths.config }}/conf', owner: 'nobody', group: 'nogroup', mode: '600', state: directory }
|
||||
apt_packages:
|
||||
apt:
|
||||
packages:
|
||||
- { package: "git", state: present }
|
||||
- { package: "gcc", state: present }
|
||||
- { package: "build-essential", state: present }
|
||||
|
Reference in New Issue
Block a user