diff --git a/.gitignore b/.gitignore index df862d5..87eb772 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ todo.txt -vault/ +/vault/ diff --git a/.gitmodules b/.gitmodules index 3129520..619a204 100644 --- a/.gitmodules +++ b/.gitmodules @@ -61,9 +61,6 @@ [submodule "roles/varnish"] path = roles/varnish url = https://git.redxen.eu/RedXen/ansible-varnish/ -[submodule "roles/apt-clean"] - path = roles/apt-clean - url = https://git.redxen.eu/RedXen/ansible-apt-clean/ [submodule "roles/common"] path = roles/common url = https://git.redxen.eu/RedXen/ansible-common/ @@ -73,3 +70,6 @@ [submodule "roles/users"] path = roles/users url = https://git.redxen.eu/RedXen/ansible-users/ +[submodule "roles/grafana"] + path = roles/grafana + url = https://git.redxen.eu/RedXen/ansible-grafana diff --git a/backend.yml b/backend.yml index d50830f..48b3dbf 100644 --- a/backend.yml +++ b/backend.yml @@ -1,11 +1,12 @@ --- - hosts: backend vars: - apt_packages: - - { package: "postgresql", state: present } - - { package: "python3-psycopg2", state: present } - - { package: "redis", state: present } - - { package: "influxdb", state: present } + apt: + packages: + - { package: "postgresql", state: present } + - { package: "python3-psycopg2", state: present } + - { package: "redis", state: present } + - { package: "influxdb", state: present } systemd: services: - { name: "postgresql@12-main", enabled: true, action: reloaded } diff --git a/base.yml b/base.yml index d16babb..decf66b 100644 --- a/base.yml +++ b/base.yml @@ -1,17 +1,18 @@ --- - hosts: all - vars_files: - - "vault/global.yml" vars: - apt_packages: - - { package: "iptables-persistent", state: present } - - { package: "netfilter-persistent", state: present } - - { package: "sed", state: present } - - { package: "git", state: present } - - { package: "zsh", state: present } - - { package: "vim", state: present } - - { package: "sudo", state: present } - - { package: "iptables", state: present } + apt: + packages: + - { package: "iptables-persistent", state: present } + - { package: "netfilter-persistent", state: present } + - { package: "sed", state: present } + - { package: "git", state: present } + - { package: "zsh", state: present } + - { package: "vim", state: present } + - { package: "sudo", state: present } + - { package: "iptables", state: present } + clean: true + upgrade: true systemd: services: - { name: "netfilter-persistent", enabled: true, state: restarted } diff --git a/dns.yml b/dns.yml index 09319df..f34ebe5 100644 --- a/dns.yml +++ b/dns.yml @@ -10,8 +10,9 @@ services: - { name: "systemd-resolved", action: stopped } - { name: "unbound", enabled: true, action: reloaded } - apt_packages: - - { package: "unbound", state: present } + apt: + packages: + - { package: "unbound", state: present } unbound: port: 53 listen: diff --git a/frontend.yml b/frontend.yml index 0c6bfd9..4640c8f 100644 --- a/frontend.yml +++ b/frontend.yml @@ -1,10 +1,11 @@ --- - hosts: frontend vars: - apt_packages: - - { package: "haproxy", state: present } - - { package: "hitch", state: present } - - { package: "varnish", state: present } + apt: + packages: + - { package: "haproxy", state: present } + - { package: "hitch", state: present } + - { package: "varnish", state: present } systemd: services: - { name: "haproxy", enabled: true, action: reloaded, daemon_reload: true} diff --git a/group_vars/all b/group_vars/all index 7cfe655..e521b1a 100644 --- a/group_vars/all +++ b/group_vars/all @@ -25,8 +25,6 @@ global: port: http: 3200 ssh: 2443 - - # TODO: Migrate these VVVVV monitoring: grafana: domain: "dev-stats.redxen.eu" diff --git a/monitoring.yml b/monitoring.yml new file mode 100644 index 0000000..7a30614 --- /dev/null +++ b/monitoring.yml @@ -0,0 +1,56 @@ +--- +- hosts: monitoring + vars: + apt: + keys: + - "https://packages.grafana.com/gpg.key" + - "https://repos.influxdata.com/influxdb.key" + repos: + - { repo: 'https://repos.influxdata.com/ubuntu stretch stable', file: "influxdata" } + - { repo: 'https://packages.grafana.com/oss/deb stable main', file: "grafanalabs" } + packages: + - { package: "grafana", state: present } + - { package: "telegraf", state: present } + systemd: + services: + - { name: "grafana-server", enabled: true, state: restarted } + - { name: "telegraf", enabled: true, state: restarted } + vault: + roles: + - "postgresql" + - "grafana" + - "telegraf" + - "grafana" + grafana: + listen: + port: '{{ global.monitoring.grafana.port }}' + domain: '{{ global.monitoring.grafana.domain }}' + database: + type: 'postgres' + host: '{{ postgres.host }}:{{ postgres.port }}' + name: 'grafana' + user: 'grafana' + ssl: 'require' + password: "{{ postgres.dbpass['grafana'] }}" + cache: + type: "redis" + connstr: "addr={{ global.backend.redis.host }}:{{ global.backend.redis.port }},pool_size=100,db=9" + auth: + generic_oauth: + - { + name: 'Gitea', + enabled: 'true', + allow_sign_up: 'false', + client_id: '{{ vault_gitea.client_id }}', + client_secret: '{{ vault_gitea.client_secret }}', + scopes: 'user:email', + auth_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/authorize', + token_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/access_token', + api_url: 'https://{{ global.dev.gitea.domain }}/api/v1/user' + } + roles: + - vault + - apt + - grafana + - telegraf + - systemd diff --git a/net.yml b/net.yml index d2aa83f..d3b086a 100644 --- a/net.yml +++ b/net.yml @@ -4,10 +4,11 @@ file: - { path: '/etc/tor', owner: 'root', group: 'root', mode: '600', state: directory } - { path: '/etc/wireguard', owner: 'root', group: 'root', mode: '600', state: directory } - apt_packages: - - { package: "tor", state: present } - - { package: "wireguard-tools", state: present } - - { package: "wireguard", state: present } + apt: + packages: + - { package: "tor", state: present } + - { package: "wireguard-tools", state: present } + - { package: "wireguard", state: present } systemd: services: - { name: "tor@default", enabled: true, action: restarted } diff --git a/roles/apt b/roles/apt index a0d9886..0342a83 160000 --- a/roles/apt +++ b/roles/apt @@ -1 +1 @@ -Subproject commit a0d9886ba03dfe82e62af1ed9853c657c81d4e81 +Subproject commit 0342a83b7c6bb5028c4654b46ab0752cc9989499 diff --git a/roles/apt-clean b/roles/apt-clean deleted file mode 160000 index e23de96..0000000 --- a/roles/apt-clean +++ /dev/null @@ -1 +0,0 @@ -Subproject commit e23de968eb49e4ba62ac19c68d02e38426b565b3 diff --git a/roles/grafana b/roles/grafana new file mode 160000 index 0000000..9d379dd --- /dev/null +++ b/roles/grafana @@ -0,0 +1 @@ +Subproject commit 9d379dd69447bea03c636e0ddfdf3cbaf0e58578 diff --git a/roles/vault b/roles/vault new file mode 160000 index 0000000..0d4f988 --- /dev/null +++ b/roles/vault @@ -0,0 +1 @@ +Subproject commit 0d4f9886e5e294febb2dbde0f13ba54ae7f0709b diff --git a/seedbox.yml b/seedbox.yml index 2c8b6ac..9c422f4 100644 --- a/seedbox.yml +++ b/seedbox.yml @@ -1,11 +1,12 @@ --- - hosts: seedbox vars: - apt_packages: - - { package: "transmission-daemon", state: present } - - { package: "git", state: present } - - { package: "make", state: present } - - { package: "gcc", state: present } + apt: + packages: + - { package: "transmission-daemon", state: present } + - { package: "git", state: present } + - { package: "make", state: present } + - { package: "gcc", state: present } systemd: services: - { name: "darkhttpd", enabled: true, action: restarted } diff --git a/social.yml b/social.yml index e4f3315..c718766 100644 --- a/social.yml +++ b/social.yml @@ -9,22 +9,23 @@ - { path: '/etc/murmur', owner: 'root', group: 'root', mode: '600', state: directory } - { path: '{{ inspircd.paths.build }}/.configure', owner: 'root', group: 'root', mode: '600', state: directory } - { path: '{{ inspircd.paths.config }}/conf', owner: 'nobody', group: 'nogroup', mode: '600', state: directory } - apt_packages: - - { package: "git", state: present } - - { package: "gcc", state: present } - - { package: "build-essential", state: present } - #- { package: "musl-dev", state: present } - # Pleroma (Elixir) - #- { package: "libncurses6", state: present } - #- { package: "postgresql-client", state: present } - #- { package: "elixir", state: present } - # Mumble - - { package: "libqt5sql5-psql", state: present } - - { package: "mumble-server", state: present } - - { package: "xz-utils", state: present } - - { package: "libmariadbclient-dev", state: present } - # InspIRCd - - { package: "libpq-dev", state: present } + apt: + packages: + - { package: "git", state: present } + - { package: "gcc", state: present } + - { package: "build-essential", state: present } + #- { package: "musl-dev", state: present } + # Pleroma (Elixir) + #- { package: "libncurses6", state: present } + #- { package: "postgresql-client", state: present } + #- { package: "elixir", state: present } + # Mumble + - { package: "libqt5sql5-psql", state: present } + - { package: "mumble-server", state: present } + - { package: "xz-utils", state: present } + - { package: "libmariadbclient-dev", state: present } + # InspIRCd + - { package: "libpq-dev", state: present } systemd: services: #- { name: "pleroma", enabled: true, action: restarted }