Get rid of vault role, add pleroma and murmur, update vars context
This commit is contained in:
parent
b86817fe2b
commit
9c9606453f
|
@ -43,3 +43,12 @@
|
|||
[submodule "roles/darkhttpd"]
|
||||
path = roles/darkhttpd
|
||||
url = https://git.redxen.eu/RedXen/ansible-darkhttpd
|
||||
[submodule "roles/git-clone"]
|
||||
path = roles/git-clone
|
||||
url = https://git.redxen.eu/RedXen/ansible-git-clone
|
||||
[submodule "roles/murmur"]
|
||||
path = roles/murmur
|
||||
url = https://git.redxen.eu/RedXen/ansible-murmur
|
||||
[submodule "roles/pleroma"]
|
||||
path = roles/pleroma
|
||||
url = https://git.redxen.eu/RedXen/ansible-pleroma
|
||||
|
|
15
backend.yml
15
backend.yml
|
@ -13,8 +13,21 @@
|
|||
- { name: "influxdb", enabled: true, action: restarted }
|
||||
overrides:
|
||||
- "influxdb"
|
||||
postgres:
|
||||
host: "{{ global.postgres.host }}"
|
||||
port: "{{ global.postgres.port }}"
|
||||
databases:
|
||||
- grafana
|
||||
- pleroma
|
||||
- gitea
|
||||
- murmur
|
||||
redis:
|
||||
host: "{{ global.redis.host }}"
|
||||
port: "{{ global.redis.port }}"
|
||||
influxdb:
|
||||
storage: "/var/lib/influxdb"
|
||||
port: "{{ global.influxdb.port }}"
|
||||
roles:
|
||||
- vault
|
||||
- apt
|
||||
- postgresql
|
||||
- influxdb
|
||||
|
|
52
dns.yml
52
dns.yml
|
@ -6,12 +6,52 @@
|
|||
- { port: 53, ipv: "v4", proto: "udp" }
|
||||
- { port: 53, ipv: "v6", proto: "tcp" }
|
||||
- { port: 53, ipv: "v6", proto: "udp" }
|
||||
systemd:
|
||||
services:
|
||||
- { name: "systemd-resolved", state: stopped }
|
||||
- { name: "unbound", enabled: true, state: reloaded }
|
||||
apt_packages:
|
||||
- { package: "unbound", state: present }
|
||||
systemd:
|
||||
services:
|
||||
- { name: "systemd-resolved", state: stopped }
|
||||
- { name: "unbound", enabled: true, state: reloaded }
|
||||
apt_packages:
|
||||
- { package: "unbound", state: present }
|
||||
unbound:
|
||||
port: 53
|
||||
listen:
|
||||
ipv4: "0.0.0.0"
|
||||
ipv6: "::0"
|
||||
forward: # NOTE: Specify in the specific order as you want them to be used
|
||||
- { host: "dns.quad9.net", port: 853, ipa: "2620:fe::fe" }
|
||||
- { host: "dns.quad9.net", port: 853, ipa: "9.9.9.9" }
|
||||
- { host: "cloudflare-dns.com", port: 853, ipa: "2606:4700:4700::1111" }
|
||||
- { host: "cloudflare-dns.com", port: 853, ipa: "1.1.1.1" }
|
||||
internal:
|
||||
local:
|
||||
SRV:
|
||||
- { service: "gitea", port: "{{ global.dev.gitea.port.http }}", group: "git" }
|
||||
- { service: "seedown", port: "{{ global.seedbox.darkhttpd.port }}", group: "seedbox" }
|
||||
- { service: "transmission", port: "{{ global.seedbox.transmission.port }}", group: "seedbox" }
|
||||
- { service: "grafana", port: "{{ global.monitoring.grafana.port }}", group: "monitoring" }
|
||||
A: # Wish these would support SRV, would ease a lot of configuration management
|
||||
- { service: "postgres", group: "database" }
|
||||
- { service: "redis", group: "database" }
|
||||
- { service: "influxdb", group: "database" }
|
||||
remote:
|
||||
- { service: "homepage", port: "80", domain: "rxhome.s3-website.eu-central-1.amazonaws.com." }
|
||||
public:
|
||||
SRV:
|
||||
- { service: "mumble", proto: "tcp", host: "redxen.eu", port: 2250 }
|
||||
- { service: "minecraft", proto: "tcp", host: "redxen.eu", port: 25565 }
|
||||
TXT:
|
||||
- { name: "_amazonses.", content: "PAdK+hmtSCYH2lDwBdiCfJDxyhBj2UHJtwQzL7+kh50="}
|
||||
- { name: "", content: "brave-ledger-verification=1f77ffecf7da410af2f4eeb5953ae13c5ee9ddfdfed5cae63458e63003b97444" }
|
||||
CNAME:
|
||||
- { name: "6jxdve2mevelrsc4lrp5ymhu2pku67v4._domainkey.", pointer: "6jxdve2mevelrsc4lrp5ymhu2pku67v4.dkim.amazonses.com" }
|
||||
- { name: "jqo2wv2wek7sh26vmc2tdzc4gdco6uou._domainkey.", pointer: "jqo2wv2wek7sh26vmc2tdzc4gdco6uou.dkim.amazonses.com" }
|
||||
- { name: "edzxe6qpinwhafgwlt6b44yarhhfn3xl._domainkey.", pointer: "edzxe6qpinwhafgwlt6b44yarhhfn3xl.dkim.amazonses.com" }
|
||||
group:
|
||||
A:
|
||||
- { domain: "dev-stats", group: "frontend" }
|
||||
- { domain: "dev-gitea", group: "frontend" }
|
||||
- { domain: "dev-transmission", group: "frontend" }
|
||||
- { domain: "dev-sd", group: "frontend" }
|
||||
roles:
|
||||
- apt
|
||||
- unbound
|
||||
|
|
25
frontend.yml
25
frontend.yml
|
@ -1,5 +1,30 @@
|
|||
---
|
||||
- hosts: frontend
|
||||
vars:
|
||||
apt_packages:
|
||||
- { package: "haproxy", state: present }
|
||||
systemd:
|
||||
services:
|
||||
- { name: "haproxy", enabled: true, action: reloaded, daemon_reload: true}
|
||||
overrides:
|
||||
- "haproxy"
|
||||
haproxy:
|
||||
socketroot: "/run/haproxy"
|
||||
config: "/etc/haproxy/haproxy.cfg"
|
||||
user: "nobody"
|
||||
group: "nogroup"
|
||||
ports:
|
||||
https: 443
|
||||
tcp:
|
||||
- {expose: 2442, proxy: 2443, group: "git"} # Gitea SSH
|
||||
- {expose: 6400, proxy: 6401, group: "mumble"} # Mumble
|
||||
#- {expose: 25565, proxy: 25575, group: "minecraft"} # Minecraft
|
||||
public:
|
||||
# These are load balanced, it doesn't matter what IP they point to
|
||||
- {domain: "dev-stats", service: "grafana", httpchk: true}
|
||||
- {domain: "dev-gitea", service: "gitea", httpchk: true}
|
||||
- {domain: "dev-transmission", service: "transmission", httpchk: false}
|
||||
- {domain: "dev-sd", service: "seedown", httpchk: true}
|
||||
roles:
|
||||
- apt
|
||||
- haproxy
|
||||
|
|
123
group_vars/all
123
group_vars/all
|
@ -1,87 +1,36 @@
|
|||
services:
|
||||
haproxy:
|
||||
ports:
|
||||
https: 443
|
||||
tcp:
|
||||
- {expose: 2442, proxy: 2443, group: "git"} # Gitea SSH
|
||||
- {expose: 6400, proxy: 6401, group: "mumble"} # Mumble
|
||||
#- {expose: 25565, proxy: 25575, group: "minecraft"} # Minecraft
|
||||
public:
|
||||
# These are load balanced, it doesn't matter what IP they point to
|
||||
- {domain: "dev-stats", service: "grafana", httpchk: true}
|
||||
- {domain: "dev-gitea", service: "gitea", httpchk: true}
|
||||
- {domain: "dev-transmission", service: "transmission", httpchk: false}
|
||||
- {domain: "dev-sd", service: "seedown", httpchk: true}
|
||||
unbound:
|
||||
internal:
|
||||
local:
|
||||
SRV:
|
||||
- {service: "gitea", port: 3200, group: "git"}
|
||||
- {service: "seedown", port: 8082, group: "seedbox"}
|
||||
- {service: "transmission", port: 8081, group: "seedbox"}
|
||||
- {service: "grafana", port: 3000, group: "monitoring"}
|
||||
A: # Wish these would support SRV, would ease a lot of configuration management
|
||||
- {service: "postgres", group: "database"}
|
||||
- {service: "redis", group: "database"}
|
||||
- {service: "influxdb", group: "database"}
|
||||
remote:
|
||||
- {service: "homepage", port: "80", domain: "rxhome.s3-website.eu-central-1.amazonaws.com."}
|
||||
grafana:
|
||||
domain: "dev-stats.redxen.eu"
|
||||
port: 3000
|
||||
postgres:
|
||||
host: "postgres.redxen.localhost"
|
||||
port: 5432
|
||||
databases:
|
||||
- grafana
|
||||
- pleroma
|
||||
- gitea
|
||||
- murmur
|
||||
redis:
|
||||
host: "redis.redxen.localhost"
|
||||
port: 6379
|
||||
gitea:
|
||||
user: "git"
|
||||
domain: "dev-gitea.redxen.eu"
|
||||
port:
|
||||
http: 3200
|
||||
ssh: 2443
|
||||
path:
|
||||
data: "/mnt/gitea" # TODO: Replace with device UUIDs
|
||||
config: "/etc/gitea"
|
||||
mumble:
|
||||
configpath: '/etc/mumble-server.ini'
|
||||
port: 6401
|
||||
register:
|
||||
host: "redxen.eu"
|
||||
url: "redxen.eu"
|
||||
influxdb:
|
||||
port: 8086
|
||||
tor:
|
||||
listen:
|
||||
socks:
|
||||
addr: "127.0.0.1"
|
||||
port: 9050
|
||||
http:
|
||||
addr: "127.0.0.1"
|
||||
port: 7050
|
||||
wireguard:
|
||||
interface: 'wg0'
|
||||
port: 51820
|
||||
net:
|
||||
v4:
|
||||
addr: "172.22.12"
|
||||
range:
|
||||
serv: 24
|
||||
clnt: 32
|
||||
v6:
|
||||
addr: "fd86:ea04:1115:"
|
||||
range:
|
||||
serv: 120
|
||||
clnt: 128
|
||||
peers:
|
||||
- { bit: 2, pubkey: "Xb+ASR5NdnIB+dXWEA4H0V3d0LC0KocKeFeQDyqDqjk=" }
|
||||
- { bit: 3, pubkey: "kz9vLMnPtfka11n1EJpzHb4966ieJSo4BU1P2joHLXo=" }
|
||||
- { bit: 10, pubkey: "wpjMlhrcv173ER7rZ0KrmaqahcqZA/fm3ovpaGlRIRo=" }
|
||||
- { bit: 12, pubkey: "2FRcncz/oSmqFQLrHqICi4fEkgxrCeS9P8TTv5gcfCw=" }
|
||||
- { bit: 14, pubkey: "XYUXzDDXzo1uDadvJ8YW5X/ISCZSyu10d35i7mb0pAY=" }
|
||||
global:
|
||||
backend:
|
||||
postgres:
|
||||
host: "postgres.redxen.localhost"
|
||||
port: 5432
|
||||
redis:
|
||||
host: "redis.redxen.localhost"
|
||||
port: 6379
|
||||
influxdb:
|
||||
host: "influxdb.redxen.localhost"
|
||||
port: 8086
|
||||
social:
|
||||
murmur:
|
||||
configpath: "/etc/murmur"
|
||||
port: 6401
|
||||
seedbox:
|
||||
darkhttpd:
|
||||
port: 8082
|
||||
transmission:
|
||||
port: 8081
|
||||
|
||||
# TODO: Migrate these VVVVV
|
||||
monitoring:
|
||||
grafana:
|
||||
domain: "dev-stats.redxen.eu"
|
||||
port: 3000
|
||||
dev:
|
||||
gitea:
|
||||
user: "git"
|
||||
domain: "dev-gitea.redxen.eu"
|
||||
port:
|
||||
http: 3200
|
||||
ssh: 2443
|
||||
path:
|
||||
data: "/mnt/gitea" # TODO: Replace with device UUIDs
|
||||
config: "/etc/gitea"
|
||||
|
|
33
net.yml
33
net.yml
|
@ -13,10 +13,37 @@
|
|||
- { name: "tor@default", enabled: true, action: restarted }
|
||||
- { name: "wg-quick@wg0", enabled: true, action: restarted }
|
||||
firewall:
|
||||
- { port: "{{ services.wireguard.port }}", ipv: "v4", proto: "tcp" }
|
||||
- { port: "{{ services.wireguard.port }}", ipv: "v6", proto: "tcp" }
|
||||
- { port: "{{ global.net.wireguard.port }}", ipv: "v4", proto: "tcp" }
|
||||
- { port: "{{ global.net.wireguard.port }}", ipv: "v6", proto: "tcp" }
|
||||
tor:
|
||||
listen:
|
||||
socks:
|
||||
addr: "127.0.0.1"
|
||||
port: 9050
|
||||
http:
|
||||
addr: "127.0.0.1"
|
||||
port: 7050
|
||||
wireguard:
|
||||
interface: 'wg0'
|
||||
port: 51820
|
||||
net:
|
||||
v4:
|
||||
addr: "172.22.12"
|
||||
range:
|
||||
serv: 24
|
||||
clnt: 32
|
||||
v6:
|
||||
addr: "fd86:ea04:1115:"
|
||||
range:
|
||||
serv: 120
|
||||
clnt: 128
|
||||
peers:
|
||||
- { bit: 2, pubkey: "Xb+ASR5NdnIB+dXWEA4H0V3d0LC0KocKeFeQDyqDqjk=" }
|
||||
- { bit: 3, pubkey: "kz9vLMnPtfka11n1EJpzHb4966ieJSo4BU1P2joHLXo=" }
|
||||
- { bit: 10, pubkey: "wpjMlhrcv173ER7rZ0KrmaqahcqZA/fm3ovpaGlRIRo=" }
|
||||
- { bit: 12, pubkey: "2FRcncz/oSmqFQLrHqICi4fEkgxrCeS9P8TTv5gcfCw=" }
|
||||
- { bit: 14, pubkey: "XYUXzDDXzo1uDadvJ8YW5X/ISCZSyu10d35i7mb0pAY=" }
|
||||
roles:
|
||||
- vault
|
||||
- file
|
||||
- apt
|
||||
- wireguard
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
Subproject commit 40f81e78cbaa6702f73ba1753b0cd8004072119c
|
|
@ -1 +1 @@
|
|||
Subproject commit cd4aae092400eb264ba7b80d88dc1eb2daea4770
|
||||
Subproject commit 190452473b532818b6b2321e8dac51c4bcd87582
|
|
@ -1 +1 @@
|
|||
Subproject commit 7e7df77d735411a707656a466d6a2a6d1519dc4b
|
||||
Subproject commit cdcef9dc39313b786032df71ab52b7ec16dcb382
|
|
@ -0,0 +1 @@
|
|||
Subproject commit 385fda1e1b093c0478865238b6778d5cee85a8e1
|
|
@ -0,0 +1 @@
|
|||
Subproject commit 90655e53d932ef0013065c0ebe0f1cb7b8c1a486
|
|
@ -1 +1 @@
|
|||
Subproject commit 95c334a0656ed77a6b29454dcbf36184c7d6bd4a
|
||||
Subproject commit 4c83c16780f1c822d49c78b6d2ce180cd4120492
|
|
@ -1 +1 @@
|
|||
Subproject commit 95fbf873af3121d145f8da64c3121132cd21ce4d
|
||||
Subproject commit 105f71efcdbab67788c8a847da7a4373d675c9ef
|
|
@ -1 +1 @@
|
|||
Subproject commit 8cc540e1d370b8875b2311f2eb3043b26aa7c515
|
||||
Subproject commit eabc27e0a6feae9803a09fcec16ab4ad140688ad
|
|
@ -1 +1 @@
|
|||
Subproject commit a03598399e232309d913f6dcafca284769e82ef7
|
||||
Subproject commit bed63f6632c8307778aade1102d3cfc6564d6f1b
|
|
@ -1 +1 @@
|
|||
Subproject commit 5d359caeea0655d5fa2efd8c4785fcbd8dc39fa5
|
||||
Subproject commit 23ed80914bd4e1a6845f38d97929359c97e1b667
|
|
@ -1 +0,0 @@
|
|||
Subproject commit ac7941aab2f0a6c08f9a9d67de1322de054f44ed
|
|
@ -1 +1 @@
|
|||
Subproject commit 47ae9f14ebfc98e8b31e33129277d75a53aa3f99
|
||||
Subproject commit 6f146f527c224557ec2fffc2af651372cb5b2b56
|
16
seedbox.yml
16
seedbox.yml
|
@ -17,22 +17,28 @@
|
|||
- { path: "/etc/ssh/authorized_keys", owner: "root", group: "root", mode: "655", state: directory }
|
||||
- { path: "{{ transmission.root_dir }}/downloads", owner: "root", group: "root", mode: "755", state: directory }
|
||||
- { path: "{{ transmission.root_dir }}/.config", owner: "root", group: "root", mode: "600", state: directory}
|
||||
|
||||
darkhttpd:
|
||||
port: 8082
|
||||
port: "{{ global.seedbox.darkhttpd.port }}"
|
||||
path: "/etc/darkhttpd" # Where to build and run the daemon from
|
||||
servepath: "{{ transmission.root_dir }}/downloads"
|
||||
transmission:
|
||||
port:
|
||||
peer: 51413
|
||||
rpc: 8081
|
||||
peer:
|
||||
host:
|
||||
ipv4: "0.0.0.0"
|
||||
ipv6: "::"
|
||||
port: 51413
|
||||
rpc:
|
||||
host: "{{ ansible_ens10.ipv4.address }}"
|
||||
port: "{{ global.seedbox.transmission.port }}"
|
||||
root_dir: "/mnt/seedbox" # TODO: Use device UUIDs
|
||||
blacklist: "https://github.com/sahsu/transmission-blocklist/releases/download/1.0.3/blocklist.gz"
|
||||
sftp_chroot:
|
||||
- { user: "seedbox",
|
||||
home: "{{ transmission.root_dir }}/downloads",
|
||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsD58tySBudDE7dw4aDttDv7rLWCqZ2c6N+GnrbSzqAxTcMxxn3GZeozXuz4pkl8NrGEKFk22AlB1hUl0gqnpAr0roL72mXE1WmjVc4EvEVYXLdHnm+rEi/FqvEK8D5mj1vs/ALGqtKGmY1363a8JRR7jSlBa45HkdC7IyJP0stpIkcriPS4kj/lEW0+J5KZ4NuKocjTbyVDoX67fLwBeu/YG4pz0ETKKU1/5xfBN+AxeD8brWvMMwrQzqJoAoRfLKCuD2yTSTPxek/Oa3lbNLUBF6o114gyxsc7zAWMpyNCPvstZoLCdQYqZ0sqVvcFGt0vmlrCtcQozkDVChz1E3 none"
|
||||
}
|
||||
roles:
|
||||
- vault
|
||||
- apt
|
||||
- darkhttpd
|
||||
- transmission
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
- hosts: social
|
||||
vars:
|
||||
#git_clone:
|
||||
# - { dest: "/home/repositories/pleroma", repo: "https://git.pleroma.social/pleroma/pleroma.git", branch: "develop" }
|
||||
apt_packages:
|
||||
- { package: "git", state: present }
|
||||
#- { package: "gcc", state: present }
|
||||
#- { package: "musl-dev", state: present }
|
||||
# Pleroma (Elixir)
|
||||
#- { package: "libncurses6", state: present }
|
||||
#- { package: "postgresql-client", state: present }
|
||||
#- { package: "elixir", state: present }
|
||||
# Mumble
|
||||
- { package: "libqt5sql5-psql", state: present }
|
||||
- { package: "mumble-server", state: present }
|
||||
systemd:
|
||||
services:
|
||||
#- { name: "pleroma", enabled: true, action: restarted }
|
||||
- { name: "murmur", enabled: true, action: restarted }
|
||||
overrides:
|
||||
- "murmur"
|
||||
murmur:
|
||||
configpath: "{{ global.murmur.configpath }}"
|
||||
name: "RedXen Community Mumble [High Bandwidth, User channels, 24/7]"
|
||||
username: "root"
|
||||
defaultchan: 1
|
||||
listen:
|
||||
host: "{{ ansible_ens10.ipv4.address }} ::1"
|
||||
port: "{{ global.murmur.port }}"
|
||||
database:
|
||||
host: "{{ global.postgres.host }}"
|
||||
port: "{{ global.postgres.port }}"
|
||||
driver: "QPSQL"
|
||||
dbname: "murmur"
|
||||
username: "murmur"
|
||||
password: "{{ vault_postgres.dbpass[murmur.database.username]|default() }}"
|
||||
register:
|
||||
host: "redxen.eu"
|
||||
url: "redxen.eu"
|
||||
password: "{{ vault_murmur.registerpass|default() }}"
|
||||
motd: |
|
||||
<center><br />
|
||||
<h1>RedXen Community</h1><br />
|
||||
<a href="https://redxen.eu">[ Homepage ]</a> <a href="https://t.me/rxtelegram">[ Telegram ]</a> <a href="https://git.redxen.eu">[ Git ]</a> <a href="https://paypal.me/caskdrx">[ Support us! ]</a> <a title="(redxen.eu:6697 TLS)" href="ircs://redxen.eu:6697/">[ IRC ]</a><br />
|
||||
Enjoy your stay!<br />
|
||||
Have a group that you want to represent or a question? Contact me at caskd@gmx.de<br />
|
||||
</center>
|
||||
roles:
|
||||
#- git-clone # NOTE: Uncomment when parse_trans supports OTP >= 21
|
||||
- apt
|
||||
#- pleroma
|
||||
- murmur
|
||||
- file
|
||||
- systemd
|
Reference in New Issue