Update apt and add monitoring
This commit is contained in:
parent
d0eea62673
commit
b8cccbbfe7
|
@ -1,2 +1,2 @@
|
||||||
todo.txt
|
todo.txt
|
||||||
vault/
|
/vault/
|
||||||
|
|
|
@ -61,9 +61,6 @@
|
||||||
[submodule "roles/varnish"]
|
[submodule "roles/varnish"]
|
||||||
path = roles/varnish
|
path = roles/varnish
|
||||||
url = https://git.redxen.eu/RedXen/ansible-varnish/
|
url = https://git.redxen.eu/RedXen/ansible-varnish/
|
||||||
[submodule "roles/apt-clean"]
|
|
||||||
path = roles/apt-clean
|
|
||||||
url = https://git.redxen.eu/RedXen/ansible-apt-clean/
|
|
||||||
[submodule "roles/common"]
|
[submodule "roles/common"]
|
||||||
path = roles/common
|
path = roles/common
|
||||||
url = https://git.redxen.eu/RedXen/ansible-common/
|
url = https://git.redxen.eu/RedXen/ansible-common/
|
||||||
|
@ -73,3 +70,6 @@
|
||||||
[submodule "roles/users"]
|
[submodule "roles/users"]
|
||||||
path = roles/users
|
path = roles/users
|
||||||
url = https://git.redxen.eu/RedXen/ansible-users/
|
url = https://git.redxen.eu/RedXen/ansible-users/
|
||||||
|
[submodule "roles/grafana"]
|
||||||
|
path = roles/grafana
|
||||||
|
url = https://git.redxen.eu/RedXen/ansible-grafana
|
||||||
|
|
11
backend.yml
11
backend.yml
|
@ -1,11 +1,12 @@
|
||||||
---
|
---
|
||||||
- hosts: backend
|
- hosts: backend
|
||||||
vars:
|
vars:
|
||||||
apt_packages:
|
apt:
|
||||||
- { package: "postgresql", state: present }
|
packages:
|
||||||
- { package: "python3-psycopg2", state: present }
|
- { package: "postgresql", state: present }
|
||||||
- { package: "redis", state: present }
|
- { package: "python3-psycopg2", state: present }
|
||||||
- { package: "influxdb", state: present }
|
- { package: "redis", state: present }
|
||||||
|
- { package: "influxdb", state: present }
|
||||||
systemd:
|
systemd:
|
||||||
services:
|
services:
|
||||||
- { name: "postgresql@12-main", enabled: true, action: reloaded }
|
- { name: "postgresql@12-main", enabled: true, action: reloaded }
|
||||||
|
|
23
base.yml
23
base.yml
|
@ -1,17 +1,18 @@
|
||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: all
|
||||||
vars_files:
|
|
||||||
- "vault/global.yml"
|
|
||||||
vars:
|
vars:
|
||||||
apt_packages:
|
apt:
|
||||||
- { package: "iptables-persistent", state: present }
|
packages:
|
||||||
- { package: "netfilter-persistent", state: present }
|
- { package: "iptables-persistent", state: present }
|
||||||
- { package: "sed", state: present }
|
- { package: "netfilter-persistent", state: present }
|
||||||
- { package: "git", state: present }
|
- { package: "sed", state: present }
|
||||||
- { package: "zsh", state: present }
|
- { package: "git", state: present }
|
||||||
- { package: "vim", state: present }
|
- { package: "zsh", state: present }
|
||||||
- { package: "sudo", state: present }
|
- { package: "vim", state: present }
|
||||||
- { package: "iptables", state: present }
|
- { package: "sudo", state: present }
|
||||||
|
- { package: "iptables", state: present }
|
||||||
|
clean: true
|
||||||
|
upgrade: true
|
||||||
systemd:
|
systemd:
|
||||||
services:
|
services:
|
||||||
- { name: "netfilter-persistent", enabled: true, state: restarted }
|
- { name: "netfilter-persistent", enabled: true, state: restarted }
|
||||||
|
|
5
dns.yml
5
dns.yml
|
@ -10,8 +10,9 @@
|
||||||
services:
|
services:
|
||||||
- { name: "systemd-resolved", action: stopped }
|
- { name: "systemd-resolved", action: stopped }
|
||||||
- { name: "unbound", enabled: true, action: reloaded }
|
- { name: "unbound", enabled: true, action: reloaded }
|
||||||
apt_packages:
|
apt:
|
||||||
- { package: "unbound", state: present }
|
packages:
|
||||||
|
- { package: "unbound", state: present }
|
||||||
unbound:
|
unbound:
|
||||||
port: 53
|
port: 53
|
||||||
listen:
|
listen:
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
---
|
---
|
||||||
- hosts: frontend
|
- hosts: frontend
|
||||||
vars:
|
vars:
|
||||||
apt_packages:
|
apt:
|
||||||
- { package: "haproxy", state: present }
|
packages:
|
||||||
- { package: "hitch", state: present }
|
- { package: "haproxy", state: present }
|
||||||
- { package: "varnish", state: present }
|
- { package: "hitch", state: present }
|
||||||
|
- { package: "varnish", state: present }
|
||||||
systemd:
|
systemd:
|
||||||
services:
|
services:
|
||||||
- { name: "haproxy", enabled: true, action: reloaded, daemon_reload: true}
|
- { name: "haproxy", enabled: true, action: reloaded, daemon_reload: true}
|
||||||
|
|
|
@ -25,8 +25,6 @@ global:
|
||||||
port:
|
port:
|
||||||
http: 3200
|
http: 3200
|
||||||
ssh: 2443
|
ssh: 2443
|
||||||
|
|
||||||
# TODO: Migrate these VVVVV
|
|
||||||
monitoring:
|
monitoring:
|
||||||
grafana:
|
grafana:
|
||||||
domain: "dev-stats.redxen.eu"
|
domain: "dev-stats.redxen.eu"
|
||||||
|
|
|
@ -0,0 +1,56 @@
|
||||||
|
---
|
||||||
|
- hosts: monitoring
|
||||||
|
vars:
|
||||||
|
apt:
|
||||||
|
keys:
|
||||||
|
- "https://packages.grafana.com/gpg.key"
|
||||||
|
- "https://repos.influxdata.com/influxdb.key"
|
||||||
|
repos:
|
||||||
|
- { repo: 'https://repos.influxdata.com/ubuntu stretch stable', file: "influxdata" }
|
||||||
|
- { repo: 'https://packages.grafana.com/oss/deb stable main', file: "grafanalabs" }
|
||||||
|
packages:
|
||||||
|
- { package: "grafana", state: present }
|
||||||
|
- { package: "telegraf", state: present }
|
||||||
|
systemd:
|
||||||
|
services:
|
||||||
|
- { name: "grafana-server", enabled: true, state: restarted }
|
||||||
|
- { name: "telegraf", enabled: true, state: restarted }
|
||||||
|
vault:
|
||||||
|
roles:
|
||||||
|
- "postgresql"
|
||||||
|
- "grafana"
|
||||||
|
- "telegraf"
|
||||||
|
- "grafana"
|
||||||
|
grafana:
|
||||||
|
listen:
|
||||||
|
port: '{{ global.monitoring.grafana.port }}'
|
||||||
|
domain: '{{ global.monitoring.grafana.domain }}'
|
||||||
|
database:
|
||||||
|
type: 'postgres'
|
||||||
|
host: '{{ postgres.host }}:{{ postgres.port }}'
|
||||||
|
name: 'grafana'
|
||||||
|
user: 'grafana'
|
||||||
|
ssl: 'require'
|
||||||
|
password: "{{ postgres.dbpass['grafana'] }}"
|
||||||
|
cache:
|
||||||
|
type: "redis"
|
||||||
|
connstr: "addr={{ global.backend.redis.host }}:{{ global.backend.redis.port }},pool_size=100,db=9"
|
||||||
|
auth:
|
||||||
|
generic_oauth:
|
||||||
|
- {
|
||||||
|
name: 'Gitea',
|
||||||
|
enabled: 'true',
|
||||||
|
allow_sign_up: 'false',
|
||||||
|
client_id: '{{ vault_gitea.client_id }}',
|
||||||
|
client_secret: '{{ vault_gitea.client_secret }}',
|
||||||
|
scopes: 'user:email',
|
||||||
|
auth_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/authorize',
|
||||||
|
token_url: 'https://{{ global.dev.gitea.domain }}/login/oauth/access_token',
|
||||||
|
api_url: 'https://{{ global.dev.gitea.domain }}/api/v1/user'
|
||||||
|
}
|
||||||
|
roles:
|
||||||
|
- vault
|
||||||
|
- apt
|
||||||
|
- grafana
|
||||||
|
- telegraf
|
||||||
|
- systemd
|
9
net.yml
9
net.yml
|
@ -4,10 +4,11 @@
|
||||||
file:
|
file:
|
||||||
- { path: '/etc/tor', owner: 'root', group: 'root', mode: '600', state: directory }
|
- { path: '/etc/tor', owner: 'root', group: 'root', mode: '600', state: directory }
|
||||||
- { path: '/etc/wireguard', owner: 'root', group: 'root', mode: '600', state: directory }
|
- { path: '/etc/wireguard', owner: 'root', group: 'root', mode: '600', state: directory }
|
||||||
apt_packages:
|
apt:
|
||||||
- { package: "tor", state: present }
|
packages:
|
||||||
- { package: "wireguard-tools", state: present }
|
- { package: "tor", state: present }
|
||||||
- { package: "wireguard", state: present }
|
- { package: "wireguard-tools", state: present }
|
||||||
|
- { package: "wireguard", state: present }
|
||||||
systemd:
|
systemd:
|
||||||
services:
|
services:
|
||||||
- { name: "tor@default", enabled: true, action: restarted }
|
- { name: "tor@default", enabled: true, action: restarted }
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit a0d9886ba03dfe82e62af1ed9853c657c81d4e81
|
Subproject commit 0342a83b7c6bb5028c4654b46ab0752cc9989499
|
|
@ -1 +0,0 @@
|
||||||
Subproject commit e23de968eb49e4ba62ac19c68d02e38426b565b3
|
|
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit 9d379dd69447bea03c636e0ddfdf3cbaf0e58578
|
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit 0d4f9886e5e294febb2dbde0f13ba54ae7f0709b
|
11
seedbox.yml
11
seedbox.yml
|
@ -1,11 +1,12 @@
|
||||||
---
|
---
|
||||||
- hosts: seedbox
|
- hosts: seedbox
|
||||||
vars:
|
vars:
|
||||||
apt_packages:
|
apt:
|
||||||
- { package: "transmission-daemon", state: present }
|
packages:
|
||||||
- { package: "git", state: present }
|
- { package: "transmission-daemon", state: present }
|
||||||
- { package: "make", state: present }
|
- { package: "git", state: present }
|
||||||
- { package: "gcc", state: present }
|
- { package: "make", state: present }
|
||||||
|
- { package: "gcc", state: present }
|
||||||
systemd:
|
systemd:
|
||||||
services:
|
services:
|
||||||
- { name: "darkhttpd", enabled: true, action: restarted }
|
- { name: "darkhttpd", enabled: true, action: restarted }
|
||||||
|
|
33
social.yml
33
social.yml
|
@ -9,22 +9,23 @@
|
||||||
- { path: '/etc/murmur', owner: 'root', group: 'root', mode: '600', state: directory }
|
- { path: '/etc/murmur', owner: 'root', group: 'root', mode: '600', state: directory }
|
||||||
- { path: '{{ inspircd.paths.build }}/.configure', owner: 'root', group: 'root', mode: '600', state: directory }
|
- { path: '{{ inspircd.paths.build }}/.configure', owner: 'root', group: 'root', mode: '600', state: directory }
|
||||||
- { path: '{{ inspircd.paths.config }}/conf', owner: 'nobody', group: 'nogroup', mode: '600', state: directory }
|
- { path: '{{ inspircd.paths.config }}/conf', owner: 'nobody', group: 'nogroup', mode: '600', state: directory }
|
||||||
apt_packages:
|
apt:
|
||||||
- { package: "git", state: present }
|
packages:
|
||||||
- { package: "gcc", state: present }
|
- { package: "git", state: present }
|
||||||
- { package: "build-essential", state: present }
|
- { package: "gcc", state: present }
|
||||||
#- { package: "musl-dev", state: present }
|
- { package: "build-essential", state: present }
|
||||||
# Pleroma (Elixir)
|
#- { package: "musl-dev", state: present }
|
||||||
#- { package: "libncurses6", state: present }
|
# Pleroma (Elixir)
|
||||||
#- { package: "postgresql-client", state: present }
|
#- { package: "libncurses6", state: present }
|
||||||
#- { package: "elixir", state: present }
|
#- { package: "postgresql-client", state: present }
|
||||||
# Mumble
|
#- { package: "elixir", state: present }
|
||||||
- { package: "libqt5sql5-psql", state: present }
|
# Mumble
|
||||||
- { package: "mumble-server", state: present }
|
- { package: "libqt5sql5-psql", state: present }
|
||||||
- { package: "xz-utils", state: present }
|
- { package: "mumble-server", state: present }
|
||||||
- { package: "libmariadbclient-dev", state: present }
|
- { package: "xz-utils", state: present }
|
||||||
# InspIRCd
|
- { package: "libmariadbclient-dev", state: present }
|
||||||
- { package: "libpq-dev", state: present }
|
# InspIRCd
|
||||||
|
- { package: "libpq-dev", state: present }
|
||||||
systemd:
|
systemd:
|
||||||
services:
|
services:
|
||||||
#- { name: "pleroma", enabled: true, action: restarted }
|
#- { name: "pleroma", enabled: true, action: restarted }
|
||||||
|
|
Reference in New Issue