RedXen/ansible
RedXen
/
ansible
Archived
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Update apt and add monitoring

This commit is contained in:
Alex 2020-05-27 19:38:21 +02:00
parent d0eea62673
commit b8cccbbfe7
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
15 changed files with 117 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
todo.txt
vault/
/vault/

6
.gitmodules vendored
View File

@ -61,9 +61,6 @@
[submodule "roles/varnish"]
path = roles/varnish
url = https://git.redxen.eu/RedXen/ansible-varnish/
[submodule "roles/apt-clean"]
path = roles/apt-clean
url = https://git.redxen.eu/RedXen/ansible-apt-clean/
[submodule "roles/common"]
path = roles/common
url = https://git.redxen.eu/RedXen/ansible-common/
@ -73,3 +70,6 @@
[submodule "roles/users"]
path = roles/users
url = https://git.redxen.eu/RedXen/ansible-users/
[submodule "roles/grafana"]
path = roles/grafana
url = https://git.redxen.eu/RedXen/ansible-grafana

11
backend.yml
View File

@ -1,11 +1,12 @@
---
- hosts: backend
vars:
apt_packages:
- { package: "postgresql", state: present }
- { package: "python3-psycopg2", state: present }
- { package: "redis", state: present }
- { package: "influxdb", state: present }
apt:
packages:
- { package: "postgresql", state: present }
- { package: "python3-psycopg2", state: present }
- { package: "redis", state: present }
- { package: "influxdb", state: present }
systemd:
services:
- { name: "postgresql@12-main", enabled: true, action: reloaded }

23
base.yml
View File

@ -1,17 +1,18 @@
---
- hosts: all
vars_files:
- "vault/global.yml"
vars:
apt_packages:
- { package: "iptables-persistent", state: present }
- { package: "netfilter-persistent", state: present }
- { package: "sed", state: present }
- { package: "git", state: present }
- { package: "zsh", state: present }
- { package: "vim", state: present }
- { package: "sudo", state: present }
- { package: "iptables", state: present }
apt:
packages:
- { package: "iptables-persistent", state: present }
- { package: "netfilter-persistent", state: present }
- { package: "sed", state: present }
- { package: "git", state: present }
- { package: "zsh", state: present }
- { package: "vim", state: present }
- { package: "sudo", state: present }
- { package: "iptables", state: present }
clean: true
upgrade: true
systemd:
services:
- { name: "netfilter-persistent", enabled: true, state: restarted }

5
dns.yml
View File

@ -10,8 +10,9 @@
services:
- { name: "systemd-resolved", action: stopped }
- { name: "unbound", enabled: true, action: reloaded }
apt_packages:
- { package: "unbound", state: present }
apt:
packages:
- { package: "unbound", state: present }
unbound:
port: 53
listen:

9
frontend.yml
View File

@ -1,10 +1,11 @@
---
- hosts: frontend
vars:
apt_packages:
- { package: "haproxy", state: present }
- { package: "hitch", state: present }
- { package: "varnish", state: present }
apt:
packages:
- { package: "haproxy", state: present }
- { package: "hitch", state: present }
- { package: "varnish", state: present }
systemd:
services:
- { name: "haproxy", enabled: true, action: reloaded, daemon_reload: true}

2
group_vars/all
View File

@ -25,8 +25,6 @@ global:
port:
http: 3200
ssh: 2443
# TODO: Migrate these VVVVV
monitoring:
grafana:
domain: "dev-stats.redxen.eu"

56
monitoring.yml Normal file
View File

@ -0,0 +1,56 @@
---
- hosts: monitoring
vars:
apt:
keys:
- "https://packages.grafana.com/gpg.key"
- "https://repos.influxdata.com/influxdb.key"
repos:
- { repo: 'https://repos.influxdata.com/ubuntu stretch stable', file: "influxdata" }
- { repo: 'https://packages.grafana.com/oss/deb stable main', file: "grafanalabs" }
packages:
- { package: "grafana", state: present }
- { package: "telegraf", state: present }
systemd:
services:
- { name: "grafana-server", enabled: true, state: restarted }
- { name: "telegraf", enabled: true, state: restarted }
vault:
roles:
- "postgresql"
- "grafana"
- "telegraf"
- "grafana"
grafana:
listen:
port: '{{ global.monitoring.grafana.port }}'
domain: '{{ global.monitoring.grafana.domain }}'
database:
type: 'postgres'
host: '{{ postgres.host }}:{{ postgres.port }}'
name: 'grafana'
user: 'grafana'
ssl: 'require'
password: "{{ postgres.dbpass['grafana'] }}"
cache:
type: "redis"
connstr: "addr={{ global.backend.redis.host }}:{{ global.backend.redis.port }},pool_size=100,db=9"
auth:
generic_oauth:
- {
name: 'Gitea',
enabled: 'true',
allow_sign_up: 'false',
client_id: '{{ vault_gitea.client_id }}',
client_secret: '{{ vault_gitea.client_secret }}',
scopes: 'user:email',
auth_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/authorize',
token_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/access_token',
api_url: 'https://{{ global.dev.gitea.domain }}/api/v1/user'
}
roles:
- vault
- apt
- grafana
- telegraf
- systemd

9
net.yml
View File

@ -4,10 +4,11 @@
file:
- { path: '/etc/tor', owner: 'root', group: 'root', mode: '600', state: directory }
- { path: '/etc/wireguard', owner: 'root', group: 'root', mode: '600', state: directory }
apt_packages:
- { package: "tor", state: present }
- { package: "wireguard-tools", state: present }
- { package: "wireguard", state: present }
apt:
packages:
- { package: "tor", state: present }
- { package: "wireguard-tools", state: present }
- { package: "wireguard", state: present }
systemd:
services:
- { name: "tor@default", enabled: true, action: restarted }

2
roles/apt

@ -1 +1 @@
Subproject commit a0d9886ba03dfe82e62af1ed9853c657c81d4e81
Subproject commit 0342a83b7c6bb5028c4654b46ab0752cc9989499

1
roles/apt-clean

@ -1 +0,0 @@
Subproject commit e23de968eb49e4ba62ac19c68d02e38426b565b3

1
roles/grafana Submodule

@ -0,0 +1 @@
Subproject commit 9d379dd69447bea03c636e0ddfdf3cbaf0e58578

1
roles/vault Submodule

@ -0,0 +1 @@
Subproject commit 0d4f9886e5e294febb2dbde0f13ba54ae7f0709b

11
seedbox.yml
View File

@ -1,11 +1,12 @@
---
- hosts: seedbox
vars:
apt_packages:
- { package: "transmission-daemon", state: present }
- { package: "git", state: present }
- { package: "make", state: present }
- { package: "gcc", state: present }
apt:
packages:
- { package: "transmission-daemon", state: present }
- { package: "git", state: present }
- { package: "make", state: present }
- { package: "gcc", state: present }
systemd:
services:
- { name: "darkhttpd", enabled: true, action: restarted }

33
social.yml
View File

@ -9,22 +9,23 @@
- { path: '/etc/murmur', owner: 'root', group: 'root', mode: '600', state: directory }
- { path: '{{ inspircd.paths.build }}/.configure', owner: 'root', group: 'root', mode: '600', state: directory }
- { path: '{{ inspircd.paths.config }}/conf', owner: 'nobody', group: 'nogroup', mode: '600', state: directory }
apt_packages:
- { package: "git", state: present }
- { package: "gcc", state: present }
- { package: "build-essential", state: present }
#- { package: "musl-dev", state: present }
# Pleroma (Elixir)
#- { package: "libncurses6", state: present }
#- { package: "postgresql-client", state: present }
#- { package: "elixir", state: present }
# Mumble
- { package: "libqt5sql5-psql", state: present }
- { package: "mumble-server", state: present }
- { package: "xz-utils", state: present }
- { package: "libmariadbclient-dev", state: present }
# InspIRCd
- { package: "libpq-dev", state: present }
apt:
packages:
- { package: "git", state: present }
- { package: "gcc", state: present }
- { package: "build-essential", state: present }
#- { package: "musl-dev", state: present }
# Pleroma (Elixir)
#- { package: "libncurses6", state: present }
#- { package: "postgresql-client", state: present }
#- { package: "elixir", state: present }
# Mumble
- { package: "libqt5sql5-psql", state: present }
- { package: "mumble-server", state: present }
- { package: "xz-utils", state: present }
- { package: "libmariadbclient-dev", state: present }
# InspIRCd
- { package: "libpq-dev", state: present }
systemd:
services:
#- { name: "pleroma", enabled: true, action: restarted }