commit 1d3c3d8b040015138ddaa65890bccd7f00aae7ea
parent 7132461cd0615ff344b613dcd1d8e9db985c41c7
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 2 Feb 2021 10:56:37 +0100
parent 7132461cd0615ff344b613dcd1d8e9db985c41c7
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 2 Feb 2021 10:56:37 +0100
update playbooks and configs
5 files changed, 115 insertions(+), 42 deletions(-)
diff --git a/configuration/joguhrtbecher.yml b/configuration/joguhrtbecher.yml @@ -15,6 +15,49 @@ system: password: "$6$foobar123$1qcCmnoveirSdWY9XdgH5hCXv32hj0n/AyJX46sSp1LyGCA8QT/xxifebRxr89uIH6vwhzFGgz4.H2sG0en0f0" sshKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829" +networkd: + networkd_resolv_conf_content: + - nameserver 1.1.1.1 + - nameserver 8.8.8.8 + networkd_apply_action: "restart" + netdev: + - name: wg-pbb + priority: 30 + content: + - NetDev: + - Name: wg-pbb + - Kind: wireguard + - WireGuard: + - PrivateKey: "{{ lookup('diskcache', 'community.general.passwordstore', 'Server/joguhrtbecher/wireguard.privkey returnall=true') }}" + - FirewallMark: 51820 + - WireGuardPeer: + - PublicKey: "{{ lookup('diskcache', 'community.general.passwordstore', 'Server/desastro/wireguard.pubkey returnall=true') }}" + - AllowedIPs: "0.0.0.0/0, ::/0" + - Endpoint: "195.39.247.172:51820" + - PersistentKeepalive: 10 + network: + - name: enp2s0 + priority: 20 + content: + - Match: + - Name: enp0s25 + - Network: + - DHCP: yes + - name: wg-pbb + priority: 30 + content: + - Match: + - Name: wg-pbb + - Network: + - Address: 195.39.247.49/32 + - Address: 2a0f:4ac0:acab:1234::49/128 + - Route: + - Destination: 0.0.0.0/0 + - Route: + - Destination: ::/0 + - Link: + - MTUBytes: 1472 + services: prometheus_node_exporter: enable: true @@ -30,4 +73,4 @@ services: defaultServer: true locations: - path: /node-exporter - proxy: http://127.0.0.1:9100 + proxy: http://127.0.0.1:9100+ \ No newline at end of file
diff --git a/configuration/taurus.yml b/configuration/taurus.yml @@ -69,12 +69,6 @@ services: renew_tasks: - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/syncthing.taurus.ctu.cx - sudo rc-service nginx restart - restic.ctu.cx: - dns_names: - - restic.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/restic.ctu.cx - - sudo rc-service nginx restart photos.ctu.cx: dns_names: - photos.ctu.cx @@ -123,29 +117,33 @@ services: cert: "/var/lib/acme-redirect/live/syncthing.taurus.ctu.cx/fullchain" privkey: "/var/lib/acme-redirect/live/syncthing.taurus.ctu.cx/privkey" - rest_server: - enable: true - port: 8060 - user: leah - nginx: - enable: true - domain: "restic.ctu.cx" - password: "{{ lookup('diskcache', 'community.general.passwordstore', 'Server/taurus/rest-server.htpasswd returnall=true') }}" - sslOnly: true - ssl: - enable: true - cert: "/var/lib/acme-redirect/live/restic.ctu.cx/fullchain" - privkey: "/var/lib/acme-redirect/live/restic.ctu.cx/privkey" +# rest_server: +# enable: true +# port: 8060 +# user: leah +# nginx: +# enable: true +# domain: "restic.ctu.cx" +# password: "{{ lookup('diskcache', 'community.general.passwordstore', 'Server/taurus/rest-server.htpasswd returnall=true') }}" +# sslOnly: true +# ssl: +# enable: true +# cert: "/var/lib/acme-redirect/live/restic.ctu.cx/fullchain" +# privkey: "/var/lib/acme-redirect/live/restic.ctu.cx/privkey" nfsserver: enable: true exports: - path: /srv/wanderduene/pleroma - address: 10.0.0.2 - options: rw,sync + address: 10.0.0.10 + options: rw,fsid=0,sync,no_subtree_check,no_auth_nlm,insecure,no_root_squash - path: /srv/wanderduene/synapse - address: 10.0.0.2 - options: rw,sync + address: 10.0.0.10 + options: rw,fsid=1,sync,no_subtree_check,no_auth_nlm,insecure,no_root_squash + - path: /srv/wanderduene/oeffisearch + address: 10.0.0.10 + options: rw,fsid=2,sync,no_subtree_check,no_auth_nlm,insecure,no_root_squash + files: /var/lib/websites/photos.ctu.cx: state: "directory"
diff --git a/configuration/wanderduene.yml b/configuration/wanderduene.yml @@ -7,6 +7,7 @@ system: enableSSH: true enableSudo: true useNTP: true #todo: support archlinux + enableNFS: true #todo: support archlinux fstab: - device: UUID=fc06e9aa-37fc-45ab-ad89-4f04e8ed78ba path: / @@ -21,7 +22,17 @@ system: - device: 10.0.0.1:/srv/wanderduene/pleroma path: /var/lib/pleroma fstype: nfs - options: defaults + options: defaults,nolock + checks: 0 0 + - device: 10.0.0.1:/srv/wanderduene/synapse + path: /var/lib/synapse + fstype: nfs + options: defaults,nolock + checks: 0 0 + - device: 10.0.0.1:/srv/wanderduene/oeffisearch + path: /var/lib/oeffisearch + fstype: nfs + options: defaults,nolock checks: 0 0 nameservers: - 1.1.1.1 @@ -50,7 +61,7 @@ network: netmask: 64 - name: eth1 ipv4: - address: 10.0.0.2 + address: 10.0.0.10 netmask: 255.255.255.0 services: @@ -217,11 +228,6 @@ services: proxy_hide_header "access-control-allow-origin"; add_header "access-control-allow-origin" "*"; ' - - path: "/nuc8rugged" - extraConfig: ' - autoindex on; - autoindex_exact_size off; - ' - path: "/drucken" extraConfig: ' autoindex on; @@ -242,7 +248,6 @@ services: enable: true initialKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829" - cgit: enable: true configFile: config-files/cgit/cgitrc @@ -289,7 +294,7 @@ services: radicale: enable: true configFile: config-files/radicale/config - users: "{{ lookup('diskcache', 'community.general.passwordstore', 'Server/wanderduene/radicale.users returnall=true')}}" + users: "{{ lookup('diskcache', 'community.general.passwordstore', 'Server/{{system.hostname}}/radicale.users returnall=true')}}" nginx: enable: true domain: "dav.ctu.cx" @@ -393,9 +398,20 @@ services: cert: "/var/lib/acme-redirect/live/pleroma.ctu.cx/fullchain" privkey: "/var/lib/acme-redirect/live/pleroma.ctu.cx/privkey" + fritzboxExporter: + enable: true + nginx: + enable: true + domain: "fbexporter.ctu.cx" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/fbexporter.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/fbexporter.ctu.cx/privkey" + frps: enable: true - token: "{{ lookup('diskcache', 'community.general.passwordstore', 'Server/wanderduene/frps/token returnall=true')}}" + token: "{{ lookup('diskcache', 'community.general.passwordstore', 'Server/{{system.hostname}}/frps/token returnall=true')}}" port: 5050 vhostDomain: "frp.ctu.cx" vhostPort: 8088 @@ -417,7 +433,13 @@ services: files: /var/lib/websites/ctu.cx: - state: "directory" - mode: "0755" - owner: "leah" - group: "nginx"- \ No newline at end of file + state: "directory" + mode: "0755" + owner: "leah" + group: "nginx" + /etc/nginx/passwd/print: + state: "file" + content: "{{ lookup('diskcache', 'community.general.passwordstore', 'Server/{{system.hostname}}/passwd/ctu.cx/drucken returnall=true')}}" + mode: "0600" + owner: "nginx" + group: "nginx"+ \ No newline at end of file
diff --git a/inventory b/inventory @@ -4,9 +4,16 @@ ansible_ssh_user=root [taurus] taurus.ctu.cx - [wanderduene] wanderduene.ctu.cx +[desastro] +desastro.ctu.cx + [lollo] -10.0.0.1- \ No newline at end of file +lollo.ctu.cx + +[joguhrtbecher] +c4y72xuu85nwkhkx.myfritz.net +[joguhrtbecher:vars] +ansible_ssh_port=2222+ \ No newline at end of file
diff --git a/playbook-servers.yml b/playbook-servers.yml @@ -42,6 +42,8 @@ tags: prometheus - role: grafana # supports: alpine, arch(untested) tags: grafana + - role: fritzboxExporter # supports: alpine + tags: fritzboxExporter - role: frp # frps supports: alpine, arch(untested) tags: [ frp, frps ] - role: backup # todo