commit 6c4427224970e128587e19b19cfa6c0041c11136
parent 06d8deb2b722110e6983812a850266ce16926271
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 6 Apr 2021 18:58:34 +0200
parent 06d8deb2b722110e6983812a850266ce16926271
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 6 Apr 2021 18:58:34 +0200
move allmost all services to osterei
3 files changed, 377 insertions(+), 491 deletions(-)
M
|
336
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
M
|
476
+------------------------------------------------------------------------------
diff --git a/configuration/osterei.yml b/configuration/osterei.yml @@ -77,6 +77,29 @@ files: mode: "0755" owner: "leah" group: "nginx" + /var/lib/websites/photos.ctu.cx: + state: "directory" + mode: "0755" + owner: "leah" + group: "nginx" + /etc/nginx/passwd/print: + state: "file" + content: "{{ lookup('diskcache', 'passwordstore', 'Server/{{system.hostname}}/passwd/ctu.cx/drucken returnall=true')}}" + mode: "0600" + owner: "nginx" + group: "nginx" + /etc/nginx/passwd/synapse: + state: "file" + content: "{{ lookup('diskcache', 'passwordstore', 'Server/{{system.hostname}}/passwd/synapse returnall=true')}}" + mode: "0600" + owner: "nginx" + group: "nginx" + /usr/share/webapps/cgit/custom-cgit.css: + state: "file" + src: "config-files/wanderduene/cgit/cgit.css" + mode: "0600" + owner: "nginx" + group: "nginx" services: openssh: @@ -94,13 +117,31 @@ services: vnstat: enable: true + bind: + enable: true + zonesRepo: https://cgit.ctu.cx/dns-zones + serveDomains: + - ctu.cx + - ctucx.de + - thein.ovh + - antifa.jetzt + - oeffisear.ch + - trans-agenda.de + acme_redirect: enable: true email: lets-encrypt@ctu.cx certs: + ctu.cx: + renewTasks: + - sudo rc-service nginx restart osterei.ctu.cx: renewTasks: - sudo rc-service nginx restart + - sudo rc-service maddy restart + syncthing.osterei.ctu.cx: + renewTasks: + - sudo rc-service nginx restart fbexporter.ctu.cx: renewTasks: - sudo rc-service nginx restart @@ -120,6 +161,30 @@ services: - isa-mac.frp.ctu.cx renewTasks: - sudo rc-service nginx restart + dav.ctu.cx: + renewTasks: + - sudo rc-service nginx restart + cgit.ctu.cx: + renewTasks: + - sudo rc-service nginx restart + oeffi.ctu.cx: + renewTasks: + - sudo rc-service nginx restart + pleroma.ctu.cx: + renewTasks: + - sudo rc-service nginx restart + matrix.ctu.cx: + renewTasks: + - sudo rc-service nginx restart + photos.ctu.cx: + renewTasks: + - sudo rc-service nginx restart + repo.f2k1.de: + renewTasks: + - sudo rc-service nginx restart + oeffisear.ch: + renewTasks: + - sudo rc-service nginx restart nginx: enable: true @@ -137,6 +202,60 @@ services: locations: - path: /node-exporter proxy: http://127.0.0.1:9100/metrics + ctu.cx: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/ctu.cx/privkey" + root: /var/lib/websites/ctu.cx + locations: + - path: "/.well-known/host-meta" + extraConfig: "return 301 https://pleroma.ctu.cx$request_uri;" + - path: "/.well-known/matrix/client" + extraConfig: ' + add_header Content-Type application/json; + return 200 "{\"m.homeserver\": {\"base_url\": \"https://matrix.ctu.cx\"}}"; + ' + - path: "/.well-known/matrix/server" + extraConfig: ' + add_header Content-Type application/json; + return 200 "{\"m.server\": \"matrix.ctu.cx:443\"}"; + ' + - path: "/vodafone-map" + extraConfig: ' + proxy_set_header Accept-Encoding ""; + proxy_pass https://netmap.vodafone.de/arcgis/rest/services/CoKart/netzabdeckung_mobilfunk_4x/MapServer; + ' + - path: "/magenta-at-map" + extraConfig: ' + proxy_set_header Accept-Encoding ""; + proxy_pass https://app.wigeogis.com/kunden/tmobile/data/geoserver.php; + ' + - path: "/drei-at-data" + extraConfig: ' + proxy_set_header Accept-Encoding ""; + proxy_pass https://www.drei.at/media/common/netzabdeckung; + proxy_hide_header "access-control-allow-origin"; + add_header "access-control-allow-origin" "*"; + ' + - path: "/drucken" + directoryListing: true + baiscAuth: /etc/nginx/passwd/print + - path: "/cypro-dispenser" + directoryListing: true + extraConfig: " + autoindex_format xml; + xslt_string_param path $uri; + xslt_stylesheet /var/lib/websites/superbindex.xslt; + " + repo.f2k1.de: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/repo.f2k1.de/fullchain" + privkey: "/var/lib/acme-redirect/live/repo.f2k1.de/privkey" + locations: + - path: / + proxy: http://127.0.0.1:8088 prometheus: enable: true @@ -275,3 +394,220 @@ services: - toaster - isa - isa-mac + + oeffisearch: + enable: true + instances: 4 #currently not used and allways 4 + nginx: + enable: true + domain: "oeffisear.ch" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/oeffisear.ch/fullchain" + privkey: "/var/lib/acme-redirect/live/oeffisear.ch/privkey" + + oeffi_web: + enable: true + instances: 4 #currently not used and allways 4 + nginx: + enable: true + domain: "oeffi.ctu.cx" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/oeffi.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/oeffi.ctu.cx/privkey" + + radicale: + enable: true + users: "{{ lookup('diskcache', 'passwordstore', 'Server/{{system.hostname}}/radicale.users returnall=true')}}" + nginx: + enable: true + domain: "dav.ctu.cx" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/dav.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/dav.ctu.cx/privkey" + + gitolite: + enable: true + initialKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829" + + cgit: + enable: true + configFile: config-files/wanderduene/cgit/cgitrc + nginx: + enable: true + domain: "cgit.ctu.cx" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/cgit.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/cgit.ctu.cx/privkey" + + maddy: + enable: true + hostname: "osterei.ctu.cx" + ssl_cert: "/var/lib/acme-redirect/live/osterei.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/osterei.ctu.cx/privkey" + + syncthing: + enable: true + user: leah + nginx: + enable: true + domain: "syncthing.osterei.ctu.cx" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/syncthing.osterei.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/syncthing.osterei.ctu.cx/privkey" + + pleroma: + enable: true + configFile: config-files/wanderduene/pleroma.exs + secretsContent: "{{ lookup('diskcache', 'passwordstore', 'Server/{{system.hostname}}/pleroma.secrets returnall=true')}}" + nginx: + enable: true + domain: "pleroma.ctu.cx" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/pleroma.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/pleroma.ctu.cx/privkey" + + synapse: + enable: true + homeserverConfig: + suppress_key_server_warning: true + no_tls: false + server_name: "ctu.cx" + pid_file: "/run/matrix-synapse.pid" + public_baseurl: "https://matrix.ctu.cx/" + listeners: + - port: 8008 + bind_address: "127.0.0.1" + type: http + tls: false + x_forwarded: true + resources: + - names: ["client", "metrics"] + compress: true + - names: ["federation"] + compress: false + database: + name: "psycopg2" + args: + database: "synapse" + event_cache_size: "10K" + verbose: 0 + rc_messages_per_second: 0.2 + rc_message_burst_count: 10.0 + federation_rc_window_size: 1000 + federation_rc_sleep_limit: 10 + federation_rc_sleep_delay: 500 + federation_rc_reject_limit: 50 + federation_rc_concurrent: 3 + media_store_path: "/var/lib/synapse/media" + uploads_path: "/var/lib/synapse/uploads" + max_upload_size: "100M" + max_image_pixels: "32M" + dynamic_thumbnails: false + url_preview_enabled: true + url_preview_ip_range_blacklist: ["127.0.0.0/8","10.0.0.0/8","172.16.0.0/12","192.168.0.0/16","100.64.0.0/10","169.254.0.0/16","::1/128","fe80::/64","fc00::/7"] + url_preview_ip_range_whitelist: [] + url_preview_url_blacklist: [] + enable_registration: false + registration_shared_secret: "{{ lookup('diskcache', 'passwordstore', 'Server/osterei/synapse.secret')}}" + enable_registration_captcha: false + recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" + turn_uris: [] + turn_shared_secret: "" + turn_user_lifetime: "1h" + enable_metrics: true + user_creation_max_duration: 1209600000 + bcrypt_rounds: 12 + allow_guest_access: false + room_invite_state_types: ["m.room.join_rules", "m.room.canonical_alias", "m.room.avatar", "m.room.name"] + expire_access_token: false + report_stats: false + signing_key_path: "/var/lib/synapse/homeserver.signing.key" + key_refresh_interval: "1d" + redaction_retention_period: 7 + perspectives: + servers: + "matrix.org": + verify_keys: + "ed25519:auto": + key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" + logConfig: + version: 1 + formatters: + precise: + format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' + handlers: + file: + class: logging.handlers.TimedRotatingFileHandler + formatter: precise + filename: /var/log/synapse/homeserver.log + when: midnight + backupCount: 3 # Does not include the current log file. + encoding: utf8 + buffer: + class: logging.handlers.MemoryHandler + target: file + capacity: 10 + flushLevel: 30 # Flush for WARNING logs as well + console: + class: logging.StreamHandler + formatter: precise + loggers: + synapse.storage.SQL: + level: INFO + twisted: + handlers: [file] + propagate: false + root: + level: INFO + handlers: [buffer] + disable_existing_loggers: false + webClient: + enable: true + configFile: config-files/wanderduene/schildichat-web.json + nginx: + enable: true + domain: "matrix.ctu.cx" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/matrix.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/matrix.ctu.cx/privkey" + extraConfig: " + location /_synapse { + proxy_pass http://127.0.0.1:8008; + proxy_set_header X-Forwarded-For $remote_addr; + auth_basic 'Authorization required'; + auth_basic_user_file /etc/nginx/passwd/synapse; + } + " + + ctucxGallery: + enable: true + user: leah + sourceDir: /home/leah/syncthing/Pictures/photos.ctu.cx + targetDir: /var/lib/websites/photos.ctu.cx + site: + name: ctucx' photos + author: ctucx + description: photos that i made + tags: ctucx, ctucx bahnbilder + nginx: + enable: true + domain: "photos.ctu.cx" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/photos.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/photos.ctu.cx/privkey"
diff --git a/configuration/wanderduene.yml b/configuration/wanderduene.yml @@ -29,21 +29,6 @@ system: fstype: ext4 options: rw,relatime checks: 0 2 - - device: 10.0.0.1:/srv/wanderduene/pleroma - path: /var/lib/pleroma - fstype: nfs - options: defaults,nolock - checks: 0 0 - - device: 10.0.0.1:/srv/wanderduene/synapse - path: /var/lib/synapse - fstype: nfs - options: defaults,nolock - checks: 0 0 - - device: 10.0.0.1:/srv/wanderduene/oeffisearch - path: /var/lib/oeffisearch - fstype: nfs - options: defaults,nolock - checks: 0 0 nameservers: - 1.1.1.1 - 8.8.8.8 @@ -80,37 +65,6 @@ network: address: 10.0.0.10 netmask: 255.255.255.0 -files: - /var/lib/websites: - state: "directory" - mode: "0755" - owner: "leah" - group: "nginx" - /var/lib/websites/ctu.cx: - state: "directory" - mode: "0755" - owner: "leah" - group: "nginx" - /etc/nginx/passwd/print: - state: "file" - content: "{{ lookup('diskcache', 'passwordstore', 'Server/{{system.hostname}}/passwd/ctu.cx/drucken returnall=true')}}" - mode: "0600" - owner: "nginx" - group: "nginx" - /usr/share/webapps/cgit/custom-cgit.css: - state: "file" - src: "config-files/wanderduene/cgit/cgit.css" - mode: "0600" - owner: "nginx" - group: "nginx" - /etc/nginx/passwd/synapse: - state: "file" - content: "{{ lookup('diskcache', 'passwordstore', 'Server/{{system.hostname}}/passwd/synapse returnall=true')}}" - mode: "0600" - owner: "nginx" - group: "nginx" - - services: openssh: enable: true @@ -122,7 +76,7 @@ services: enable: true postgresql: - enable: true + enable: false vnstat: enable: true @@ -142,56 +96,10 @@ services: enable: true email: lets-encrypt@ctu.cx certs: - ctucx.de: - renewTasks: - - sudo rc-service nginx restart - ctu.cx: - renewTasks: - - sudo rc-service nginx restart wanderduene.ctu.cx: renewTasks: - sudo rc-service nginx restart - sudo rc-service maddy restart - matrix.ctu.cx: - renewTasks: - - sudo rc-service nginx restart - dav.ctu.cx: - renewTasks: - - sudo rc-service nginx restart - cgit.ctu.cx: - renewTasks: - - sudo rc-service nginx restart -# fbexporter.ctu.cx: -# renewTasks: -# - sudo rc-service nginx restart -# prometheus.ctu.cx: -# renewTasks: -# - sudo rc-service nginx restart -# grafana.ctu.cx: -# renewTasks: -# - sudo rc-service nginx restart - pleroma.ctu.cx: - renewTasks: - - sudo rc-service nginx restart -# frp.ctu.cx: -# extraDnsNames: -# - stasicontainer-mac.frp.ctu.cx -# - stasicontainer.frp.ctu.cx -# - coladose.frp.ctu.cx -# - toaster.frp.ctu.cx -# - isa.frp.ctu.cx -# - isa-mac.frp.ctu.cx -# renewTasks: -# - sudo rc-service nginx restart - oeffi.ctu.cx: - renewTasks: - - sudo rc-service nginx restart - repo.f2k1.de: - renewTasks: - - sudo rc-service nginx restart - oeffisear.ch: - renewTasks: - - sudo rc-service nginx restart nginx: enable: true @@ -209,391 +117,9 @@ services: locations: - path: /node-exporter proxy: http://127.0.0.1:9100/metrics - ctu.cx: - ssl: - enable: true - cert: "/var/lib/acme-redirect/live/ctu.cx/fullchain" - privkey: "/var/lib/acme-redirect/live/ctu.cx/privkey" - root: /var/lib/websites/ctu.cx - locations: - - path: "/.well-known/host-meta" - extraConfig: "return 301 https://pleroma.ctu.cx$request_uri;" - - path: "/.well-known/matrix/client" - extraConfig: ' - add_header Content-Type application/json; - return 200 "{\"m.homeserver\": {\"base_url\": \"https://matrix.ctu.cx\"}}"; - ' - - path: "/.well-known/matrix/server" - extraConfig: ' - add_header Content-Type application/json; - return 200 "{\"m.server\": \"matrix.ctu.cx:443\"}"; - ' - - path: "/vodafone-map" - extraConfig: ' - proxy_set_header Accept-Encoding ""; - proxy_pass https://netmap.vodafone.de/arcgis/rest/services/CoKart/netzabdeckung_mobilfunk_4x/MapServer; - ' - - path: "/magenta-at-map" - extraConfig: ' - proxy_set_header Accept-Encoding ""; - proxy_pass https://app.wigeogis.com/kunden/tmobile/data/geoserver.php; - ' - - path: "/drei-at-data" - extraConfig: ' - proxy_set_header Accept-Encoding ""; - proxy_pass https://www.drei.at/media/common/netzabdeckung; - proxy_hide_header "access-control-allow-origin"; - add_header "access-control-allow-origin" "*"; - ' - - path: "/drucken" - directoryListing: true - baiscAuth: /etc/nginx/passwd/print - - path: "/cypro-dispenser" - directoryListing: true - extraConfig: " - autoindex_format xml; - xslt_string_param path $uri; - xslt_stylesheet /var/lib/websites/superbindex.xslt; - " - repo.f2k1.de: - ssl: - enable: true - cert: "/var/lib/acme-redirect/live/repo.f2k1.de/fullchain" - privkey: "/var/lib/acme-redirect/live/repo.f2k1.de/privkey" - locations: - - path: / - proxy: http://127.0.0.1:8088 - - gitolite: - enable: true - initialKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829" - - cgit: - enable: true - configFile: config-files/wanderduene/cgit/cgitrc - nginx: - enable: true - domain: "cgit.ctu.cx" - sslOnly: true - ssl: - enable: true - cert: "/var/lib/acme-redirect/live/cgit.ctu.cx/fullchain" - privkey: "/var/lib/acme-redirect/live/cgit.ctu.cx/privkey" - - oeffisearch: - enable: true - instances: 4 #currently not used and allways 4 - nginx: - enable: true - domain: "oeffisear.ch" - sslOnly: true - ssl: - enable: true - cert: "/var/lib/acme-redirect/live/oeffisear.ch/fullchain" - privkey: "/var/lib/acme-redirect/live/oeffisear.ch/privkey" - - oeffi_web: - enable: true - instances: 4 #currently not used and allways 4 - nginx: - enable: true - domain: "oeffi.ctu.cx" - sslOnly: true - ssl: - enable: true - cert: "/var/lib/acme-redirect/live/oeffi.ctu.cx/fullchain" - privkey: "/var/lib/acme-redirect/live/oeffi.ctu.cx/privkey" maddy: enable: true hostname: "wanderduene.ctu.cx" ssl_cert: "/var/lib/acme-redirect/live/wanderduene.ctu.cx/fullchain" ssl_privkey: "/var/lib/acme-redirect/live/wanderduene.ctu.cx/privkey" - - radicale: - enable: true - users: "{{ lookup('diskcache', 'passwordstore', 'Server/{{system.hostname}}/radicale.users returnall=true')}}" - nginx: - enable: true - domain: "dav.ctu.cx" - sslOnly: true - ssl: - enable: true - cert: "/var/lib/acme-redirect/live/dav.ctu.cx/fullchain" - privkey: "/var/lib/acme-redirect/live/dav.ctu.cx/privkey" - - synapse: - enable: true - homeserverConfig: - suppress_key_server_warning: true - no_tls: false - server_name: "ctu.cx" - pid_file: "/run/matrix-synapse.pid" - public_baseurl: "https://matrix.ctu.cx/" - listeners: - - port: 8008 - bind_address: "127.0.0.1" - type: http - tls: false - x_forwarded: true - resources: - - names: ["client", "metrics"] - compress: true - - names: ["federation"] - compress: false - database: - name: "psycopg2" - args: - database: "synapse" - event_cache_size: "10K" - verbose: 0 - rc_messages_per_second: 0.2 - rc_message_burst_count: 10.0 - federation_rc_window_size: 1000 - federation_rc_sleep_limit: 10 - federation_rc_sleep_delay: 500 - federation_rc_reject_limit: 50 - federation_rc_concurrent: 3 - media_store_path: "/var/lib/synapse/media" - uploads_path: "/var/lib/synapse/uploads" - max_upload_size: "100M" - max_image_pixels: "32M" - dynamic_thumbnails: false - url_preview_enabled: true - url_preview_ip_range_blacklist: ["127.0.0.0/8","10.0.0.0/8","172.16.0.0/12","192.168.0.0/16","100.64.0.0/10","169.254.0.0/16","::1/128","fe80::/64","fc00::/7"] - url_preview_ip_range_whitelist: [] - url_preview_url_blacklist: [] - enable_registration: false - registration_shared_secret: "{{ lookup('diskcache', 'passwordstore', 'Server/wanderduene/synapse.secret')}}" - enable_registration_captcha: false - recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" - turn_uris: [] - turn_shared_secret: "" - turn_user_lifetime: "1h" - enable_metrics: true - user_creation_max_duration: 1209600000 - bcrypt_rounds: 12 - allow_guest_access: false - room_invite_state_types: ["m.room.join_rules", "m.room.canonical_alias", "m.room.avatar", "m.room.name"] - expire_access_token: false - report_stats: false - signing_key_path: "/var/lib/synapse/homeserver.signing.key" - key_refresh_interval: "1d" - redaction_retention_period: 7 - perspectives: - servers: - "matrix.org": - verify_keys: - "ed25519:auto": - key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" - logConfig: - version: 1 - formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - handlers: - file: - class: logging.handlers.TimedRotatingFileHandler - formatter: precise - filename: /var/log/synapse/homeserver.log - when: midnight - backupCount: 3 # Does not include the current log file. - encoding: utf8 - buffer: - class: logging.handlers.MemoryHandler - target: file - capacity: 10 - flushLevel: 30 # Flush for WARNING logs as well - console: - class: logging.StreamHandler - formatter: precise - loggers: - synapse.storage.SQL: - level: INFO - twisted: - handlers: [file] - propagate: false - root: - level: INFO - handlers: [buffer] - disable_existing_loggers: false - webClient: - enable: true - configFile: config-files/wanderduene/schildichat-web.json - nginx: - enable: true - domain: "matrix.ctu.cx" - sslOnly: true - ssl: - enable: true - cert: "/var/lib/acme-redirect/live/matrix.ctu.cx/fullchain" - privkey: "/var/lib/acme-redirect/live/matrix.ctu.cx/privkey" - extraConfig: " - location /_synapse { - proxy_pass http://127.0.0.1:8008; - proxy_set_header X-Forwarded-For $remote_addr; - auth_basic 'Authorization required'; - auth_basic_user_file /etc/nginx/passwd/synapse; - } - " -# prometheus: -# enable: true -# nginx: -# enable: true -# domain: "prometheus.ctu.cx" -# sslOnly: true -# ssl: -# enable: true -# cert: "/var/lib/acme-redirect/live/prometheus.ctu.cx/fullchain" -# privkey: "/var/lib/acme-redirect/live/prometheus.ctu.cx/privkey" -# config: -# global: -# scrape_interval: 20s -# evaluation_interval: 1m -# scrape_configs: -# - job_name: 'prometheus' -# static_configs: -# - targets: ['127.0.0.1:9090'] - -# - job_name: 'node-exporter' -# metrics_path: '/node-exporter' -# scheme: 'https' -# scrape_interval: 30s -# static_configs: -# - targets: [ -# 'wanderduene.ctu.cx', -# 'taurus.ctu.cx', -# 'quitschi.ctu.cx', -# 'osterei.ctu.cx', -# 'desastro.ctu.cx', -# 'lollo.ctu.cx', -# 'joguhrtbecher.ctu.cx', -# 'repo.f2k1.de', -# 'stasicontainer.home.ctu.cx', -# 'toaster.frp.ctu.cx', -# 'luna.f2k1.de' -# ] - -# - job_name: 'fritzbox-exporter' -# metrics_path: '/metrics' -# scheme: 'https' -# scrape_interval: 30s -# static_configs: -# - targets: [ -# 'fbexporter.ctu.cx', -# 'fbexporter.f2k1.de' -# ] - -# grafana: -# enable: true -# configFile: config-files/wanderduene/grafana/grafana.ini -# provisioning: -# enable: true -# dashboards: config-files/wanderduene/grafana/dashboards -# datasources: -# - name: Prometheus -# type: prometheus -# access: proxy -# orgId: 1 -# url: http://127.0.0.1:9090 -# isDefault: true -# jsonData: -# httpMode: GET -# version: 1 -# editable: false -# -# - name: InfluxDB (Powermeters) -# type: influxdb -# access: proxy -# orgId: 1 -# url: https://influx.home.ctu.cx -# database: powermeters -## secureJsonData: -## token: "{{ lookup('diskcache', 'passwordstore', 'Server/lollo/influx/smartied.token')}}" -## jsonData: -## version: Flux -## organization: organization -## defaultBucket: bucket -## tlsSkipVerify: true -# jsonData: -# httpMode: GET -# httpHeaderName1: "Authorization" -# secureJsonData: -# httpHeaderValue1: "Token {{ lookup('diskcache', 'passwordstore', 'Server/lollo/influx/smartied.token')}}" -# version: 3 -# editable: false -# -# - name: InfluxDB (Sensors) -# type: influxdb -# access: proxy -# orgId: 1 -# url: https://influx.home.ctu.cx -# database: sensors -# secureJsonData: -# token: "{{ lookup('diskcache', 'passwordstore', 'Server/lollo/influx/smartied.token')}}" -# jsonData: -# version: Flux -# organization: organization -# defaultBucket: bucket -# tlsSkipVerify: true -# jsonData: -# httpMode: GET -# httpHeaderName1: "Authorization" -# secureJsonData: -# httpHeaderValue1: "Token {{ lookup('diskcache', 'passwordstore', 'Server/lollo/influx/smartied.token')}}" -# version: 3 -# editable: false -# -# nginx: -# enable: true -# domain: "grafana.ctu.cx" -# sslOnly: true -# ssl: -# enable: true -# cert: "/var/lib/acme-redirect/live/grafana.ctu.cx/fullchain" -# privkey: "/var/lib/acme-redirect/live/grafana.ctu.cx/privkey" - - pleroma: - enable: true - configFile: config-files/wanderduene/pleroma.exs - secretsContent: "{{ lookup('diskcache', 'passwordstore', 'Server/{{system.hostname}}/pleroma.secrets returnall=true')}}" - nginx: - enable: true - domain: "pleroma.ctu.cx" - sslOnly: true - ssl: - enable: true - cert: "/var/lib/acme-redirect/live/pleroma.ctu.cx/fullchain" - privkey: "/var/lib/acme-redirect/live/pleroma.ctu.cx/privkey" - -# fritzboxExporter: -# enable: true -# nginx: -# enable: true -# domain: "fbexporter.ctu.cx" -# sslOnly: true -# ssl: -# enable: true -# cert: "/var/lib/acme-redirect/live/fbexporter.ctu.cx/fullchain" -# privkey: "/var/lib/acme-redirect/live/fbexporter.ctu.cx/privkey" -# -# frps: -# enable: true -# token: "{{ lookup('diskcache', 'passwordstore', 'Server/{{system.hostname}}/frps/token returnall=true')}}" -# port: 5050 -# vhostDomain: "frp.ctu.cx" -# vhostPort: 8088 -# nginx: -# enable: true -# sslOnly: true -# ssl: -# enable: true -# cert: "/var/lib/acme-redirect/live/frp.ctu.cx/fullchain" -# privkey: "/var/lib/acme-redirect/live/frp.ctu.cx/privkey" -# vhosts: -# - stasicontainer-mac -# - stasicontainer -# - coladose -# - toaster -# - isa -# - isa-mac
diff --git a/playbook.yml b/playbook.yml @@ -26,24 +26,30 @@ tags: vnstat - role: nginx tags: nginx - - role: gitolite - tags: gitolite - - role: cgit - tags: cgit - - role: oeffisearch - tags: oeffisearch - - role: oeffi-web - tags: oeffi-web - role: maddy tags: maddy - - role: radicale - tags: radicale - role: pleroma tags: pleroma - - role: synapse - tags: synapse - role: backup tags: backup + - role: frps + tags: [ frp, frps ] + - role: fritzboxExporter + tags: fritzboxExporter + - role: pleroma + tags: pleroma + - role: prometheus + tags: prometheus + - role: grafana + tags: grafana + - role: synapse + tags: synapse + - role: oeffisearch + tags: oeffisearch + - role: oeffi-web + tags: oeffi-web + - role: cgit + tags: cgit - hosts: taurus @@ -66,8 +72,6 @@ tags: nginx - role: syncthing tags: syncthing - - role: ctucx-gallery - tags: ctucx-gallery - role: rest-server tags: [ backup, rest-server, restic ] @@ -81,8 +85,6 @@ tags: [ openssh, common ] - role: files tags: files - - role: bind - tags: bind - role: vnstat tags: vnstat - role: nginx @@ -224,3 +226,25 @@ tags: fritzboxExporter - role: frps tags: [ frp, frps ] + - role: oeffisearch + tags: oeffisearch + - role: oeffi-web + tags: oeffi-web + - role: radicale + tags: radicale + - role: gitolite + tags: gitolite + - role: cgit + tags: cgit + - role: maddy + tags: maddy + - role: syncthing + tags: syncthing + - role: pleroma + tags: pleroma + - role: synapse + tags: synapse + - role: ctucx-gallery + tags: ctucx-gallery + - role: backup + tags: backup