Tweak vault, fix typos, update commits
This commit is contained in:
Alex
parent
b8cccbbfe7
commit
c458029a99
GPG Key ID:
F92BA85F61F4C173
3
.gitmodules
vendored
3
.gitmodules
vendored
@ -73,3 +73,6 @@
|
|||||||
[submodule "roles/grafana"]
|
[submodule "roles/grafana"]
|
||||||
path = roles/grafana
|
path = roles/grafana
|
||||||
url = https://git.redxen.eu/RedXen/ansible-grafana
|
url = https://git.redxen.eu/RedXen/ansible-grafana
|
||||||
|
[submodule "roles/telegraf"]
|
||||||
|
path = roles/telegraf
|
||||||
|
url = https://git.redxen.eu/RedXen/ansible-telegraf
|
||||||
|
|||||||
@ -28,7 +28,10 @@
|
|||||||
influxdb:
|
influxdb:
|
||||||
storage: "/var/lib/influxdb"
|
storage: "/var/lib/influxdb"
|
||||||
port: "{{ global.backend.influxdb.port }}"
|
port: "{{ global.backend.influxdb.port }}"
|
||||||
|
vault:
|
||||||
|
- "postgresql"
|
||||||
roles:
|
roles:
|
||||||
|
- vault
|
||||||
- apt
|
- apt
|
||||||
- postgresql
|
- postgresql
|
||||||
- influxdb
|
- influxdb
|
||||||
|
|||||||
3
base.yml
3
base.yml
@ -16,7 +16,10 @@
|
|||||||
systemd:
|
systemd:
|
||||||
services:
|
services:
|
||||||
- { name: "netfilter-persistent", enabled: true, state: restarted }
|
- { name: "netfilter-persistent", enabled: true, state: restarted }
|
||||||
|
vault:
|
||||||
|
- "common"
|
||||||
roles:
|
roles:
|
||||||
|
- vault
|
||||||
- apt
|
- apt
|
||||||
- apt-clean
|
- apt-clean
|
||||||
- common # This group relies too much on handlers, it's better to use it as it is
|
- common # This group relies too much on handlers, it's better to use it as it is
|
||||||
|
|||||||
4
dev.yml
4
dev.yml
@ -21,7 +21,11 @@
|
|||||||
config: "/etc/gitea"
|
config: "/etc/gitea"
|
||||||
users:
|
users:
|
||||||
- { name: 'git', shell: '/bin/bash', lock: true, system: true, comm: 'Git Version Control' }
|
- { name: 'git', shell: '/bin/bash', lock: true, system: true, comm: 'Git Version Control' }
|
||||||
|
vault:
|
||||||
|
- "gitea"
|
||||||
|
- "postgresql"
|
||||||
roles:
|
roles:
|
||||||
|
- vault
|
||||||
- users
|
- users
|
||||||
- file
|
- file
|
||||||
- gitea
|
- gitea
|
||||||
|
|||||||
@ -49,7 +49,10 @@
|
|||||||
group: '_hitch'
|
group: '_hitch'
|
||||||
frontend:
|
frontend:
|
||||||
port: 443
|
port: 443
|
||||||
|
vault:
|
||||||
|
- "hitch"
|
||||||
roles:
|
roles:
|
||||||
|
- vault
|
||||||
- apt
|
- apt
|
||||||
- haproxy
|
- haproxy
|
||||||
- varnish
|
- varnish
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
- hosts: monitoring
|
- hosts: monitoring
|
||||||
vars:
|
vars:
|
||||||
apt:
|
apt:
|
||||||
keys:
|
sign_keys:
|
||||||
- "https://packages.grafana.com/gpg.key"
|
- "https://packages.grafana.com/gpg.key"
|
||||||
- "https://repos.influxdata.com/influxdb.key"
|
- "https://repos.influxdata.com/influxdb.key"
|
||||||
repos:
|
repos:
|
||||||
@ -13,25 +13,72 @@
|
|||||||
- { package: "telegraf", state: present }
|
- { package: "telegraf", state: present }
|
||||||
systemd:
|
systemd:
|
||||||
services:
|
services:
|
||||||
- { name: "grafana-server", enabled: true, state: restarted }
|
- { name: "grafana-server", enabled: true, action: restarted }
|
||||||
- { name: "telegraf", enabled: true, state: restarted }
|
- { name: "telegraf", enabled: true, action: restarted }
|
||||||
vault:
|
vault:
|
||||||
roles:
|
roles:
|
||||||
- "postgresql"
|
- "postgresql"
|
||||||
- "grafana"
|
- "grafana"
|
||||||
- "telegraf"
|
- "telegraf"
|
||||||
- "grafana"
|
- "gitea"
|
||||||
|
telegraf:
|
||||||
|
outputs:
|
||||||
|
influxdb:
|
||||||
|
host: "{{ global.backend.influxdb.host }}"
|
||||||
|
port: "{{ global.backend.influxdb.port }}"
|
||||||
|
database: "telegraf"
|
||||||
|
inputs:
|
||||||
|
redis:
|
||||||
|
servers:
|
||||||
|
- "tcp://{{ global.backend.redis.host }}:{{ global.backend.redis.port }}"
|
||||||
|
postgresql:
|
||||||
|
address: "host={{ global.backend.postgres.host }} port={{ global.backend.postgres.port }} user={{ vault_postgres.user }} password={{ vault_postgres.password }} sslmode=prefer"
|
||||||
|
|
||||||
|
cloudwatch:
|
||||||
|
- {
|
||||||
|
region: "eu-central-1",
|
||||||
|
access_key: "{{ vault_telegraf.aws.access_key }}",
|
||||||
|
secret_key: "{{ vault_telegraf.aws.secret_key }}",
|
||||||
|
period: "24h",
|
||||||
|
interval: "6h",
|
||||||
|
namespace: "AWS/S3",
|
||||||
|
ratelimit: 50,
|
||||||
|
statistic_include: ["average"],
|
||||||
|
cache_ttl: "12h"
|
||||||
|
}
|
||||||
|
- {
|
||||||
|
region: "eu-west-1",
|
||||||
|
access_key: "{{ vault_telegraf.aws.access_key }}",
|
||||||
|
secret_key: "{{ vault_telegraf.aws.secret_key }}",
|
||||||
|
period: "24h",
|
||||||
|
interval: "6h",
|
||||||
|
namespace: "AWS/SES",
|
||||||
|
ratelimit: 15,
|
||||||
|
statistic_include: ["average"],
|
||||||
|
cache_ttl: "12h"
|
||||||
|
}
|
||||||
|
- {
|
||||||
|
region: "us-east-1",
|
||||||
|
access_key: "{{ vault_telegraf.aws.access_key }}",
|
||||||
|
secret_key: "{{ vault_telegraf.aws.secret_key }}",
|
||||||
|
period: "12h",
|
||||||
|
interval: "6h",
|
||||||
|
namespace: "AWS/Billing",
|
||||||
|
ratelimit: 15,
|
||||||
|
statistic_include: ["average"],
|
||||||
|
cache_ttl: "6h"
|
||||||
|
}
|
||||||
grafana:
|
grafana:
|
||||||
listen:
|
listen:
|
||||||
port: '{{ global.monitoring.grafana.port }}'
|
port: '{{ global.monitoring.grafana.port }}'
|
||||||
domain: '{{ global.monitoring.grafana.domain }}'
|
domain: '{{ global.monitoring.grafana.domain }}'
|
||||||
database:
|
database:
|
||||||
type: 'postgres'
|
type: 'postgres'
|
||||||
host: '{{ postgres.host }}:{{ postgres.port }}'
|
host: '{{ global.backend.postgres.host }}:{{ global.backend.postgres.port }}'
|
||||||
name: 'grafana'
|
name: 'grafana'
|
||||||
user: 'grafana'
|
user: 'grafana'
|
||||||
ssl: 'require'
|
ssl: 'require'
|
||||||
password: "{{ postgres.dbpass['grafana'] }}"
|
password: "{{ vault_postgres.dbpass['grafana'] }}"
|
||||||
cache:
|
cache:
|
||||||
type: "redis"
|
type: "redis"
|
||||||
connstr: "addr={{ global.backend.redis.host }}:{{ global.backend.redis.port }},pool_size=100,db=9"
|
connstr: "addr={{ global.backend.redis.host }}:{{ global.backend.redis.port }},pool_size=100,db=9"
|
||||||
@ -41,8 +88,8 @@
|
|||||||
name: 'Gitea',
|
name: 'Gitea',
|
||||||
enabled: 'true',
|
enabled: 'true',
|
||||||
allow_sign_up: 'false',
|
allow_sign_up: 'false',
|
||||||
client_id: '{{ vault_gitea.client_id }}',
|
client_id: '{{ vault_gitea.oauth.client_id }}',
|
||||||
client_secret: '{{ vault_gitea.client_secret }}',
|
client_secret: '{{ vault_gitea.oauth.client_secret }}',
|
||||||
scopes: 'user:email',
|
scopes: 'user:email',
|
||||||
auth_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/authorize',
|
auth_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/authorize',
|
||||||
token_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/access_token',
|
token_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/access_token',
|
||||||
|
|||||||
3
net.yml
3
net.yml
@ -44,7 +44,10 @@
|
|||||||
- { bit: 10, pubkey: "wpjMlhrcv173ER7rZ0KrmaqahcqZA/fm3ovpaGlRIRo=" }
|
- { bit: 10, pubkey: "wpjMlhrcv173ER7rZ0KrmaqahcqZA/fm3ovpaGlRIRo=" }
|
||||||
- { bit: 12, pubkey: "2FRcncz/oSmqFQLrHqICi4fEkgxrCeS9P8TTv5gcfCw=" }
|
- { bit: 12, pubkey: "2FRcncz/oSmqFQLrHqICi4fEkgxrCeS9P8TTv5gcfCw=" }
|
||||||
- { bit: 14, pubkey: "XYUXzDDXzo1uDadvJ8YW5X/ISCZSyu10d35i7mb0pAY=" }
|
- { bit: 14, pubkey: "XYUXzDDXzo1uDadvJ8YW5X/ISCZSyu10d35i7mb0pAY=" }
|
||||||
|
vault:
|
||||||
|
- "wireguard"
|
||||||
roles:
|
roles:
|
||||||
|
- vault
|
||||||
- file
|
- file
|
||||||
- apt
|
- apt
|
||||||
- wireguard
|
- wireguard
|
||||||
|
|||||||
@ -11,6 +11,7 @@ n1
|
|||||||
|
|
||||||
[monitoring]
|
[monitoring]
|
||||||
n0
|
n0
|
||||||
|
n1
|
||||||
|
|
||||||
[dns]
|
[dns]
|
||||||
n0
|
n0
|
||||||
|
|||||||
1
roles/telegraf
Submodule
1
roles/telegraf
Submodule
@ -0,0 +1 @@
|
|||||||
|
Subproject commit 2149916cb51aaa536f281974f4c201d1c9f93ede
|
||||||
@ -39,7 +39,10 @@
|
|||||||
home: "{{ transmission.root_dir }}/downloads",
|
home: "{{ transmission.root_dir }}/downloads",
|
||||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsD58tySBudDE7dw4aDttDv7rLWCqZ2c6N+GnrbSzqAxTcMxxn3GZeozXuz4pkl8NrGEKFk22AlB1hUl0gqnpAr0roL72mXE1WmjVc4EvEVYXLdHnm+rEi/FqvEK8D5mj1vs/ALGqtKGmY1363a8JRR7jSlBa45HkdC7IyJP0stpIkcriPS4kj/lEW0+J5KZ4NuKocjTbyVDoX67fLwBeu/YG4pz0ETKKU1/5xfBN+AxeD8brWvMMwrQzqJoAoRfLKCuD2yTSTPxek/Oa3lbNLUBF6o114gyxsc7zAWMpyNCPvstZoLCdQYqZ0sqVvcFGt0vmlrCtcQozkDVChz1E3 none"
|
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsD58tySBudDE7dw4aDttDv7rLWCqZ2c6N+GnrbSzqAxTcMxxn3GZeozXuz4pkl8NrGEKFk22AlB1hUl0gqnpAr0roL72mXE1WmjVc4EvEVYXLdHnm+rEi/FqvEK8D5mj1vs/ALGqtKGmY1363a8JRR7jSlBa45HkdC7IyJP0stpIkcriPS4kj/lEW0+J5KZ4NuKocjTbyVDoX67fLwBeu/YG4pz0ETKKU1/5xfBN+AxeD8brWvMMwrQzqJoAoRfLKCuD2yTSTPxek/Oa3lbNLUBF6o114gyxsc7zAWMpyNCPvstZoLCdQYqZ0sqVvcFGt0vmlrCtcQozkDVChz1E3 none"
|
||||||
}
|
}
|
||||||
|
vault:
|
||||||
|
- "transmission"
|
||||||
roles:
|
roles:
|
||||||
|
- vault
|
||||||
- apt
|
- apt
|
||||||
- darkhttpd
|
- darkhttpd
|
||||||
- file
|
- file
|
||||||
|
|||||||
@ -73,7 +73,12 @@
|
|||||||
permchannels:
|
permchannels:
|
||||||
- { channel: "redxen", topic: "Welcome to RedXen IRC | https://redxen.eu", modes: "+nt *!*@*!*" }
|
- { channel: "redxen", topic: "Welcome to RedXen IRC | https://redxen.eu", modes: "+nt *!*@*!*" }
|
||||||
- { channel: "support", topic: "Have patience when asking, it can take some time until someone answers your question", modes: "+nt *!*@*!*" }
|
- { channel: "support", topic: "Have patience when asking, it can take some time until someone answers your question", modes: "+nt *!*@*!*" }
|
||||||
|
vault:
|
||||||
|
- "pleroma"
|
||||||
|
- "murmur"
|
||||||
|
- "inspircd"
|
||||||
roles:
|
roles:
|
||||||
|
- vault
|
||||||
- git-clone # NOTE: Uncomment pleroma stuff when parse_trans supports OTP >= 21
|
- git-clone # NOTE: Uncomment pleroma stuff when parse_trans supports OTP >= 21
|
||||||
- apt
|
- apt
|
||||||
- file
|
- file
|
||||||
|
|||||||
Reference in New Issue
Block a user