Update apt and add monitoring

This commit is contained in:
Alex 2020-05-27 19:38:21 +02:00
parent d0eea62673
commit b8cccbbfe7
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
15 changed files with 117 additions and 55 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
todo.txt
vault/
/vault/

6
.gitmodules vendored
View File

@ -61,9 +61,6 @@
[submodule "roles/varnish"]
path = roles/varnish
url = https://git.redxen.eu/RedXen/ansible-varnish/
[submodule "roles/apt-clean"]
path = roles/apt-clean
url = https://git.redxen.eu/RedXen/ansible-apt-clean/
[submodule "roles/common"]
path = roles/common
url = https://git.redxen.eu/RedXen/ansible-common/
@ -73,3 +70,6 @@
[submodule "roles/users"]
path = roles/users
url = https://git.redxen.eu/RedXen/ansible-users/
[submodule "roles/grafana"]
path = roles/grafana
url = https://git.redxen.eu/RedXen/ansible-grafana

View File

@ -1,7 +1,8 @@
---
- hosts: backend
vars:
apt_packages:
apt:
packages:
- { package: "postgresql", state: present }
- { package: "python3-psycopg2", state: present }
- { package: "redis", state: present }

View File

@ -1,9 +1,8 @@
---
- hosts: all
vars_files:
- "vault/global.yml"
vars:
apt_packages:
apt:
packages:
- { package: "iptables-persistent", state: present }
- { package: "netfilter-persistent", state: present }
- { package: "sed", state: present }
@ -12,6 +11,8 @@
- { package: "vim", state: present }
- { package: "sudo", state: present }
- { package: "iptables", state: present }
clean: true
upgrade: true
systemd:
services:
- { name: "netfilter-persistent", enabled: true, state: restarted }

View File

@ -10,7 +10,8 @@
services:
- { name: "systemd-resolved", action: stopped }
- { name: "unbound", enabled: true, action: reloaded }
apt_packages:
apt:
packages:
- { package: "unbound", state: present }
unbound:
port: 53

View File

@ -1,7 +1,8 @@
---
- hosts: frontend
vars:
apt_packages:
apt:
packages:
- { package: "haproxy", state: present }
- { package: "hitch", state: present }
- { package: "varnish", state: present }

View File

@ -25,8 +25,6 @@ global:
port:
http: 3200
ssh: 2443
# TODO: Migrate these VVVVV
monitoring:
grafana:
domain: "dev-stats.redxen.eu"

56
monitoring.yml Normal file
View File

@ -0,0 +1,56 @@
---
- hosts: monitoring
vars:
apt:
keys:
- "https://packages.grafana.com/gpg.key"
- "https://repos.influxdata.com/influxdb.key"
repos:
- { repo: 'https://repos.influxdata.com/ubuntu stretch stable', file: "influxdata" }
- { repo: 'https://packages.grafana.com/oss/deb stable main', file: "grafanalabs" }
packages:
- { package: "grafana", state: present }
- { package: "telegraf", state: present }
systemd:
services:
- { name: "grafana-server", enabled: true, state: restarted }
- { name: "telegraf", enabled: true, state: restarted }
vault:
roles:
- "postgresql"
- "grafana"
- "telegraf"
- "grafana"
grafana:
listen:
port: '{{ global.monitoring.grafana.port }}'
domain: '{{ global.monitoring.grafana.domain }}'
database:
type: 'postgres'
host: '{{ postgres.host }}:{{ postgres.port }}'
name: 'grafana'
user: 'grafana'
ssl: 'require'
password: "{{ postgres.dbpass['grafana'] }}"
cache:
type: "redis"
connstr: "addr={{ global.backend.redis.host }}:{{ global.backend.redis.port }},pool_size=100,db=9"
auth:
generic_oauth:
- {
name: 'Gitea',
enabled: 'true',
allow_sign_up: 'false',
client_id: '{{ vault_gitea.client_id }}',
client_secret: '{{ vault_gitea.client_secret }}',
scopes: 'user:email',
auth_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/authorize',
token_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/access_token',
api_url: 'https://{{ global.dev.gitea.domain }}/api/v1/user'
}
roles:
- vault
- apt
- grafana
- telegraf
- systemd

View File

@ -4,7 +4,8 @@
file:
- { path: '/etc/tor', owner: 'root', group: 'root', mode: '600', state: directory }
- { path: '/etc/wireguard', owner: 'root', group: 'root', mode: '600', state: directory }
apt_packages:
apt:
packages:
- { package: "tor", state: present }
- { package: "wireguard-tools", state: present }
- { package: "wireguard", state: present }

@ -1 +1 @@
Subproject commit a0d9886ba03dfe82e62af1ed9853c657c81d4e81
Subproject commit 0342a83b7c6bb5028c4654b46ab0752cc9989499

@ -1 +0,0 @@
Subproject commit e23de968eb49e4ba62ac19c68d02e38426b565b3

1
roles/grafana Submodule

@ -0,0 +1 @@
Subproject commit 9d379dd69447bea03c636e0ddfdf3cbaf0e58578

1
roles/vault Submodule

@ -0,0 +1 @@
Subproject commit 0d4f9886e5e294febb2dbde0f13ba54ae7f0709b

View File

@ -1,7 +1,8 @@
---
- hosts: seedbox
vars:
apt_packages:
apt:
packages:
- { package: "transmission-daemon", state: present }
- { package: "git", state: present }
- { package: "make", state: present }

View File

@ -9,7 +9,8 @@
- { path: '/etc/murmur', owner: 'root', group: 'root', mode: '600', state: directory }
- { path: '{{ inspircd.paths.build }}/.configure', owner: 'root', group: 'root', mode: '600', state: directory }
- { path: '{{ inspircd.paths.config }}/conf', owner: 'nobody', group: 'nogroup', mode: '600', state: directory }
apt_packages:
apt:
packages:
- { package: "git", state: present }
- { package: "gcc", state: present }
- { package: "build-essential", state: present }