commit 235b25efbd9ddb5b7eef06eefca2d86b447bcac9
parent 544d6fb12e7f463cc6e634920bc9eeb7c23207e9
Author: Isa <hi@f2k1.de>
Date: Sun, 13 Jun 2021 00:17:01 +0200
parent 544d6fb12e7f463cc6e634920bc9eeb7c23207e9
Author: Isa <hi@f2k1.de>
Date: Sun, 13 Jun 2021 00:17:01 +0200
add new host: repo
3 files changed, 139 insertions(+), 0 deletions(-)
A
|
123
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/configuration/repo.yml b/configuration/repo.yml @@ -0,0 +1,123 @@ +system: + hostname: repo + domain: ctu.cx + timezone: Europe/Berlin + alpineVersion: v3.13 + enableSudo: true + enableOwnRepos: true + useNTP: true + extraPackages: + - iftop + - htop + - rsync + - tar + - wget + - curl + - nginx + - alpine-sdk + fstab: + - device: UUID=7f1081f9-440d-4a69-a376-202584e19f6b + path: / + fstype: ext4 + options: rw,relatime + checks: 0 1 + - device: UUID=fdeede44-8e0a-4eeb-9d9c-ad9732fe7412 + path: /boot + fstype: ext4 + options: rw,relatime + checks: 0 2 + nameservers: + - 1.1.1.1 + - 8.8.8.8 + users: + - name: root + allowedSshKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161 + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local + - name: isa + groups: "wheel" + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32646436343430316239336133663933356637336239653637386638393766376133623335343338 + 3066636233353436326461336561616365613233643965340a383036663337313466316139313061 + 31353232373536646565336563633166366639353563303534633336646532316131363266306335 + 3063393532396238300a393835373462636662303665333035343066376666383637326132346336 + 3966 + allowedSshKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161 + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local + - name: leah + groups: "wheel" + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32646436343430316239336133663933356637336239653637386638393766376133623335343338 + 3066636233353436326461336561616365613233643965340a383036663337313466316139313061 + 31353232373536646565336563633166366639353563303534633336646532316131363266306335 + 3063393532396238300a393835373462636662303665333035343066376666383637326132346336 + 3966 + allowedSshKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161 + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local + +#secrets: + +network: + nftables: + enable: true + interfaces: + - name: lo + loopback: true + - name: eth0 + ipv4: + address: 188.68.34.93 + gateway: 188.68.32.1 + netmask: 255.255.252.0 + ipv6: + address: 2a03:4000:10:854::1 + gateway: fe80::1 + netmask: 64 + +services: + openssh: + enable: true + port: 22 + permitRootLogin: true + passwordAuthentication: false + + prometheus_node_exporter: + enable: true + + vnstat: + enable: true + + acme_redirect: + enable: true + email: hi@f2k1.de + certs: + repo.ctu.cx: + renewTasks: + - sudo rc-service nginx restart + + nginx: + enable: true + user: nginx + group: nginx + sslOnly: true + vhosts: + localhost: + defaultServer: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/repo.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/repo.ctu.cx/privkey" + locations: + - path: / + root: /home/isa/packages + directoryListing: true + - path: /node-exporter + proxy: http://127.0.0.1:9100/metrics + +
diff --git a/inventory b/inventory @@ -26,6 +26,8 @@ joguhrtbecher.ctu.cx #[joguhrtbecher:vars] #ansible_ssh_port=2222 +[repo] +repo.ctu.cx [osterei] 185.232.70.80
diff --git a/playbook.yml b/playbook.yml @@ -246,3 +246,16 @@ tags: ctucx-gallery - role: backup tags: backup + +- hosts: repo + name: Install repo.ctu.cx + vars_files: configuration/repo.yml + roles: + - role: common + tags: common + - role: openssh + tags: [ openssh, common ] + - role: vnstat + tags: vnstat + - role: nginx + tags: nginx+ \ No newline at end of file