commit a4dbc0be879dae8fec0f69b9799760da8987187f
parent 44aecb4fb85a9bfd9d1177966dfa48d4f5b542c3
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 30 May 2021 21:20:38 +0200
parent 44aecb4fb85a9bfd9d1177966dfa48d4f5b542c3
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 30 May 2021 21:20:38 +0200
add host: isa-nuc
3 files changed, 143 insertions(+), 2 deletions(-)
A
|
121
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/configuration/isa-nuc.yml b/configuration/isa-nuc.yml @@ -0,0 +1,121 @@ +system: + hostname: isa-nuc + domain: home.ctu.cx + timezone: Europe/Berlin + enableOwnRepos: true + enableSudo: true + useNTP: true + extraPackages: + - iftop + - iotop + - htop + - rsync + - mtr + - traceroute + - dnsutils + - tar + - unzip + - wget + - curl + - screen + - zsh + - tmux + - dnsmasq + - dmidecode + - libvirt + - qemu-headless + - iptables-nft + - bridge-utils + - openbsd-netcat + users: + - name: root + allowedSshKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161 + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local + - name: isa + groups: "wheel" + shell: /usr/bin/zsh + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32646436343430316239336133663933356637336239653637386638393766376133623335343338 + 3066636233353436326461336561616365613233643965340a383036663337313466316139313061 + 31353232373536646565336563633166366639353563303534633336646532316131363266306335 + 3063393532396238300a393835373462636662303665333035343066376666383637326132346336 + 3966 + allowedSshKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:000606445161 + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local + +network: + nftables: + enable: true + +networkd: + networkd_resolv_conf_content: + - nameserver 1.1.1.1 + - nameserver 8.8.8.8 + networkd_apply_action: "restart" + netdev: + - name: br0 + priority: 20 + content: + - NetDev: + - Name: br0 + - Kind: bridge + network: + - name: br0 + priority: 20 + content: + - Match: + - Name: br0 + - Network: + - DNS: 195.39.246.1 + - Address: 195.39.246.41/28 + - Gateway: 195.39.246.33 + - Address: 2a0f:4ac0:acab::41/128 + - Gateway: fe80::1 + - name: eno1 + priority: 10 + content: + - Match: + - Name: eno1 + - Network: + - Bridge: br0 + + +services: + openssh: + enable: true + port: 22 + permitRootLogin: true + passwordAuthentication: false + + prometheus_node_exporter: + enable: true + + vnstat: + enable: true + + acme_redirect: + enable: true + email: hi@f2k1.de + certs: + isa-nuc.home.ctu.cx: + renewTasks: + - sudo systemctl restart nginx + + nginx: + enable: true + sslOnly: true + vhosts: + luna.f2k1.de: + defaultServer: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/isa-nuc.home.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/isa-nuc.home.ctu.cx/privkey" + locations: + - path: /node-exporter + proxy: http://127.0.0.1:9100/metrics
diff --git a/inventory b/inventory @@ -32,4 +32,7 @@ luna.f2k1.de ansible_ssh_port=24 [osterei] -185.232.70.80- \ No newline at end of file +185.232.70.80 + +[isanuc] +195.39.246.41+ \ No newline at end of file
diff --git a/playbook.yml b/playbook.yml @@ -250,3 +250,20 @@ tags: ctucx-gallery - role: backup tags: backup + +- hosts: isanuc + name: Install isa-nuc + vars_files: configuration/isa-nuc.yml + roles: + - role: common + tags: common + - role: systemd-networkd + tags: systemd-networkd + - role: openssh + tags: [ openssh, common ] + - role: files + tags: files + - role: vnstat + tags: vnstat + - role: nginx + tags: nginx