Tweak vault, fix typos, update commits
This commit is contained in:
parent
b8cccbbfe7
commit
c458029a99
|
@ -73,3 +73,6 @@
|
|||
[submodule "roles/grafana"]
|
||||
path = roles/grafana
|
||||
url = https://git.redxen.eu/RedXen/ansible-grafana
|
||||
[submodule "roles/telegraf"]
|
||||
path = roles/telegraf
|
||||
url = https://git.redxen.eu/RedXen/ansible-telegraf
|
||||
|
|
|
@ -28,7 +28,10 @@
|
|||
influxdb:
|
||||
storage: "/var/lib/influxdb"
|
||||
port: "{{ global.backend.influxdb.port }}"
|
||||
vault:
|
||||
- "postgresql"
|
||||
roles:
|
||||
- vault
|
||||
- apt
|
||||
- postgresql
|
||||
- influxdb
|
||||
|
|
3
base.yml
3
base.yml
|
@ -16,7 +16,10 @@
|
|||
systemd:
|
||||
services:
|
||||
- { name: "netfilter-persistent", enabled: true, state: restarted }
|
||||
vault:
|
||||
- "common"
|
||||
roles:
|
||||
- vault
|
||||
- apt
|
||||
- apt-clean
|
||||
- common # This group relies too much on handlers, it's better to use it as it is
|
||||
|
|
4
dev.yml
4
dev.yml
|
@ -21,7 +21,11 @@
|
|||
config: "/etc/gitea"
|
||||
users:
|
||||
- { name: 'git', shell: '/bin/bash', lock: true, system: true, comm: 'Git Version Control' }
|
||||
vault:
|
||||
- "gitea"
|
||||
- "postgresql"
|
||||
roles:
|
||||
- vault
|
||||
- users
|
||||
- file
|
||||
- gitea
|
||||
|
|
|
@ -49,7 +49,10 @@
|
|||
group: '_hitch'
|
||||
frontend:
|
||||
port: 443
|
||||
vault:
|
||||
- "hitch"
|
||||
roles:
|
||||
- vault
|
||||
- apt
|
||||
- haproxy
|
||||
- varnish
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
- hosts: monitoring
|
||||
vars:
|
||||
apt:
|
||||
keys:
|
||||
sign_keys:
|
||||
- "https://packages.grafana.com/gpg.key"
|
||||
- "https://repos.influxdata.com/influxdb.key"
|
||||
repos:
|
||||
|
@ -13,25 +13,72 @@
|
|||
- { package: "telegraf", state: present }
|
||||
systemd:
|
||||
services:
|
||||
- { name: "grafana-server", enabled: true, state: restarted }
|
||||
- { name: "telegraf", enabled: true, state: restarted }
|
||||
- { name: "grafana-server", enabled: true, action: restarted }
|
||||
- { name: "telegraf", enabled: true, action: restarted }
|
||||
vault:
|
||||
roles:
|
||||
- "postgresql"
|
||||
- "grafana"
|
||||
- "telegraf"
|
||||
- "grafana"
|
||||
- "gitea"
|
||||
telegraf:
|
||||
outputs:
|
||||
influxdb:
|
||||
host: "{{ global.backend.influxdb.host }}"
|
||||
port: "{{ global.backend.influxdb.port }}"
|
||||
database: "telegraf"
|
||||
inputs:
|
||||
redis:
|
||||
servers:
|
||||
- "tcp://{{ global.backend.redis.host }}:{{ global.backend.redis.port }}"
|
||||
postgresql:
|
||||
address: "host={{ global.backend.postgres.host }} port={{ global.backend.postgres.port }} user={{ vault_postgres.user }} password={{ vault_postgres.password }} sslmode=prefer"
|
||||
|
||||
cloudwatch:
|
||||
- {
|
||||
region: "eu-central-1",
|
||||
access_key: "{{ vault_telegraf.aws.access_key }}",
|
||||
secret_key: "{{ vault_telegraf.aws.secret_key }}",
|
||||
period: "24h",
|
||||
interval: "6h",
|
||||
namespace: "AWS/S3",
|
||||
ratelimit: 50,
|
||||
statistic_include: ["average"],
|
||||
cache_ttl: "12h"
|
||||
}
|
||||
- {
|
||||
region: "eu-west-1",
|
||||
access_key: "{{ vault_telegraf.aws.access_key }}",
|
||||
secret_key: "{{ vault_telegraf.aws.secret_key }}",
|
||||
period: "24h",
|
||||
interval: "6h",
|
||||
namespace: "AWS/SES",
|
||||
ratelimit: 15,
|
||||
statistic_include: ["average"],
|
||||
cache_ttl: "12h"
|
||||
}
|
||||
- {
|
||||
region: "us-east-1",
|
||||
access_key: "{{ vault_telegraf.aws.access_key }}",
|
||||
secret_key: "{{ vault_telegraf.aws.secret_key }}",
|
||||
period: "12h",
|
||||
interval: "6h",
|
||||
namespace: "AWS/Billing",
|
||||
ratelimit: 15,
|
||||
statistic_include: ["average"],
|
||||
cache_ttl: "6h"
|
||||
}
|
||||
grafana:
|
||||
listen:
|
||||
port: '{{ global.monitoring.grafana.port }}'
|
||||
domain: '{{ global.monitoring.grafana.domain }}'
|
||||
database:
|
||||
type: 'postgres'
|
||||
host: '{{ postgres.host }}:{{ postgres.port }}'
|
||||
host: '{{ global.backend.postgres.host }}:{{ global.backend.postgres.port }}'
|
||||
name: 'grafana'
|
||||
user: 'grafana'
|
||||
ssl: 'require'
|
||||
password: "{{ postgres.dbpass['grafana'] }}"
|
||||
password: "{{ vault_postgres.dbpass['grafana'] }}"
|
||||
cache:
|
||||
type: "redis"
|
||||
connstr: "addr={{ global.backend.redis.host }}:{{ global.backend.redis.port }},pool_size=100,db=9"
|
||||
|
@ -41,8 +88,8 @@
|
|||
name: 'Gitea',
|
||||
enabled: 'true',
|
||||
allow_sign_up: 'false',
|
||||
client_id: '{{ vault_gitea.client_id }}',
|
||||
client_secret: '{{ vault_gitea.client_secret }}',
|
||||
client_id: '{{ vault_gitea.oauth.client_id }}',
|
||||
client_secret: '{{ vault_gitea.oauth.client_secret }}',
|
||||
scopes: 'user:email',
|
||||
auth_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/authorize',
|
||||
token_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/access_token',
|
||||
|
|
3
net.yml
3
net.yml
|
@ -44,7 +44,10 @@
|
|||
- { bit: 10, pubkey: "wpjMlhrcv173ER7rZ0KrmaqahcqZA/fm3ovpaGlRIRo=" }
|
||||
- { bit: 12, pubkey: "2FRcncz/oSmqFQLrHqICi4fEkgxrCeS9P8TTv5gcfCw=" }
|
||||
- { bit: 14, pubkey: "XYUXzDDXzo1uDadvJ8YW5X/ISCZSyu10d35i7mb0pAY=" }
|
||||
vault:
|
||||
- "wireguard"
|
||||
roles:
|
||||
- vault
|
||||
- file
|
||||
- apt
|
||||
- wireguard
|
||||
|
|
|
@ -11,6 +11,7 @@ n1
|
|||
|
||||
[monitoring]
|
||||
n0
|
||||
n1
|
||||
|
||||
[dns]
|
||||
n0
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
Subproject commit 2149916cb51aaa536f281974f4c201d1c9f93ede
|
|
@ -39,7 +39,10 @@
|
|||
home: "{{ transmission.root_dir }}/downloads",
|
||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsD58tySBudDE7dw4aDttDv7rLWCqZ2c6N+GnrbSzqAxTcMxxn3GZeozXuz4pkl8NrGEKFk22AlB1hUl0gqnpAr0roL72mXE1WmjVc4EvEVYXLdHnm+rEi/FqvEK8D5mj1vs/ALGqtKGmY1363a8JRR7jSlBa45HkdC7IyJP0stpIkcriPS4kj/lEW0+J5KZ4NuKocjTbyVDoX67fLwBeu/YG4pz0ETKKU1/5xfBN+AxeD8brWvMMwrQzqJoAoRfLKCuD2yTSTPxek/Oa3lbNLUBF6o114gyxsc7zAWMpyNCPvstZoLCdQYqZ0sqVvcFGt0vmlrCtcQozkDVChz1E3 none"
|
||||
}
|
||||
vault:
|
||||
- "transmission"
|
||||
roles:
|
||||
- vault
|
||||
- apt
|
||||
- darkhttpd
|
||||
- file
|
||||
|
|
|
@ -73,7 +73,12 @@
|
|||
permchannels:
|
||||
- { channel: "redxen", topic: "Welcome to RedXen IRC | https://redxen.eu", modes: "+nt *!*@*!*" }
|
||||
- { channel: "support", topic: "Have patience when asking, it can take some time until someone answers your question", modes: "+nt *!*@*!*" }
|
||||
vault:
|
||||
- "pleroma"
|
||||
- "murmur"
|
||||
- "inspircd"
|
||||
roles:
|
||||
- vault
|
||||
- git-clone # NOTE: Uncomment pleroma stuff when parse_trans supports OTP >= 21
|
||||
- apt
|
||||
- file
|
||||
|
|
Reference in New Issue