RedXen/ansible
RedXen
/
ansible
Archived
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Tweak vault, fix typos, update commits

This commit is contained in:
Alex 2020-05-28 17:08:29 +02:00
parent b8cccbbfe7
commit c458029a99
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
11 changed files with 84 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitmodules vendored
View File

@ -73,3 +73,6 @@
[submodule "roles/grafana"]
path = roles/grafana
url = https://git.redxen.eu/RedXen/ansible-grafana
[submodule "roles/telegraf"]
path = roles/telegraf
url = https://git.redxen.eu/RedXen/ansible-telegraf

3
backend.yml
View File

@ -28,7 +28,10 @@
influxdb:
storage: "/var/lib/influxdb"
port: "{{ global.backend.influxdb.port }}"
vault:
- "postgresql"
roles:
- vault
- apt
- postgresql
- influxdb

3
base.yml
View File

@ -16,7 +16,10 @@
systemd:
services:
- { name: "netfilter-persistent", enabled: true, state: restarted }
vault:
- "common"
roles:
- vault
- apt
- apt-clean
- common # This group relies too much on handlers, it's better to use it as it is

4
dev.yml
View File

@ -21,7 +21,11 @@
config: "/etc/gitea"
users:
- { name: 'git', shell: '/bin/bash', lock: true, system: true, comm: 'Git Version Control' }
vault:
- "gitea"
- "postgresql"
roles:
- vault
- users
- file
- gitea

3
frontend.yml
View File

@ -49,7 +49,10 @@
group: '_hitch'
frontend:
port: 443
vault:
- "hitch"
roles:
- vault
- apt
- haproxy
- varnish

63
monitoring.yml
View File

@ -2,7 +2,7 @@
- hosts: monitoring
vars:
apt:
keys:
sign_keys:
- "https://packages.grafana.com/gpg.key"
- "https://repos.influxdata.com/influxdb.key"
repos:
@ -13,25 +13,72 @@
- { package: "telegraf", state: present }
systemd:
services:
- { name: "grafana-server", enabled: true, state: restarted }
- { name: "telegraf", enabled: true, state: restarted }
- { name: "grafana-server", enabled: true, action: restarted }
- { name: "telegraf", enabled: true, action: restarted }
vault:
roles:
- "postgresql"
- "grafana"
- "telegraf"
- "grafana"
- "gitea"
telegraf:
outputs:
influxdb:
host: "{{ global.backend.influxdb.host }}"
port: "{{ global.backend.influxdb.port }}"
database: "telegraf"
inputs:
redis:
servers:
- "tcp://{{ global.backend.redis.host }}:{{ global.backend.redis.port }}"
postgresql:
address: "host={{ global.backend.postgres.host }} port={{ global.backend.postgres.port }} user={{ vault_postgres.user }} password={{ vault_postgres.password }} sslmode=prefer"
cloudwatch:
- {
region: "eu-central-1",
access_key: "{{ vault_telegraf.aws.access_key }}",
secret_key: "{{ vault_telegraf.aws.secret_key }}",
period: "24h",
interval: "6h",
namespace: "AWS/S3",
ratelimit: 50,
statistic_include: ["average"],
cache_ttl: "12h"
}
- {
region: "eu-west-1",
access_key: "{{ vault_telegraf.aws.access_key }}",
secret_key: "{{ vault_telegraf.aws.secret_key }}",
period: "24h",
interval: "6h",
namespace: "AWS/SES",
ratelimit: 15,
statistic_include: ["average"],
cache_ttl: "12h"
}
- {
region: "us-east-1",
access_key: "{{ vault_telegraf.aws.access_key }}",
secret_key: "{{ vault_telegraf.aws.secret_key }}",
period: "12h",
interval: "6h",
namespace: "AWS/Billing",
ratelimit: 15,
statistic_include: ["average"],
cache_ttl: "6h"
}
grafana:
listen:
port: '{{ global.monitoring.grafana.port }}'
domain: '{{ global.monitoring.grafana.domain }}'
database:
type: 'postgres'
host: '{{ postgres.host }}:{{ postgres.port }}'
host: '{{ global.backend.postgres.host }}:{{ global.backend.postgres.port }}'
name: 'grafana'
user: 'grafana'
ssl: 'require'
password: "{{ postgres.dbpass['grafana'] }}"
password: "{{ vault_postgres.dbpass['grafana'] }}"
cache:
type: "redis"
connstr: "addr={{ global.backend.redis.host }}:{{ global.backend.redis.port }},pool_size=100,db=9"
@ -41,8 +88,8 @@
name: 'Gitea',
enabled: 'true',
allow_sign_up: 'false',
client_id: '{{ vault_gitea.client_id }}',
client_secret: '{{ vault_gitea.client_secret }}',
client_id: '{{ vault_gitea.oauth.client_id }}',
client_secret: '{{ vault_gitea.oauth.client_secret }}',
scopes: 'user:email',
auth_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/authorize',
token_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/access_token',

3
net.yml
View File

@ -44,7 +44,10 @@
- { bit: 10, pubkey: "wpjMlhrcv173ER7rZ0KrmaqahcqZA/fm3ovpaGlRIRo=" }
- { bit: 12, pubkey: "2FRcncz/oSmqFQLrHqICi4fEkgxrCeS9P8TTv5gcfCw=" }
- { bit: 14, pubkey: "XYUXzDDXzo1uDadvJ8YW5X/ISCZSyu10d35i7mb0pAY=" }
vault:
- "wireguard"
roles:
- vault
- file
- apt
- wireguard

1
production
View File

@ -11,6 +11,7 @@ n1
[monitoring]
n0
n1
[dns]
n0

1
roles/telegraf Submodule

@ -0,0 +1 @@
Subproject commit 2149916cb51aaa536f281974f4c201d1c9f93ede

3
seedbox.yml
View File

@ -39,7 +39,10 @@
home: "{{ transmission.root_dir }}/downloads",
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsD58tySBudDE7dw4aDttDv7rLWCqZ2c6N+GnrbSzqAxTcMxxn3GZeozXuz4pkl8NrGEKFk22AlB1hUl0gqnpAr0roL72mXE1WmjVc4EvEVYXLdHnm+rEi/FqvEK8D5mj1vs/ALGqtKGmY1363a8JRR7jSlBa45HkdC7IyJP0stpIkcriPS4kj/lEW0+J5KZ4NuKocjTbyVDoX67fLwBeu/YG4pz0ETKKU1/5xfBN+AxeD8brWvMMwrQzqJoAoRfLKCuD2yTSTPxek/Oa3lbNLUBF6o114gyxsc7zAWMpyNCPvstZoLCdQYqZ0sqVvcFGt0vmlrCtcQozkDVChz1E3 none"
}
vault:
- "transmission"
roles:
- vault
- apt
- darkhttpd
- file

5
social.yml
View File

@ -73,7 +73,12 @@
permchannels:
- { channel: "redxen", topic: "Welcome to RedXen IRC | https://redxen.eu", modes: "+nt *!*@*!*" }
- { channel: "support", topic: "Have patience when asking, it can take some time until someone answers your question", modes: "+nt *!*@*!*" }
vault:
- "pleroma"
- "murmur"
- "inspircd"
roles:
- vault
- git-clone # NOTE: Uncomment pleroma stuff when parse_trans supports OTP >= 21
- apt
- file