commit acdf678947aeaee4e11fd0387c0ae8ae99e768dc
parent 8908026390ee4ce27999f3077e12616de5842f62
Author: Leah (ctucx) <leah@ctu.cx>
Date: Fri, 26 Feb 2021 21:51:41 +0100
parent 8908026390ee4ce27999f3077e12616de5842f62
Author: Leah (ctucx) <leah@ctu.cx>
Date: Fri, 26 Feb 2021 21:51:41 +0100
update configuartions, playbook, add host luna
11 files changed, 662 insertions(+), 25 deletions(-)
A
|
564
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/ansible.cfg b/ansible.cfg @@ -6,6 +6,7 @@ fact_caching = jsonfile fact_caching_connection = .ansible-cache fact_caching_timeout = 86400 nocows = 1 +vault_password_file = gpg/open_the_vault.sh [ssh_connection] -pipelining = True- \ No newline at end of file +pipelining = True
diff --git a/configuration/joguhrtbecher.yml b/configuration/joguhrtbecher.yml @@ -109,6 +109,9 @@ services: prometheus_node_exporter: enable: true + vnstat: + enable: true + mariadb: enable: true databases:
diff --git a/configuration/lollo.yml b/configuration/lollo.yml @@ -176,6 +176,9 @@ services: prometheus_node_exporter: enable: true + vnstat: + enable: true + acme_redirect: enable: true email: lets-encrypt@ctu.cx
diff --git a/configuration/luna.yml b/configuration/luna.yml @@ -0,0 +1,564 @@ +system: + hostname: luna + domain: f2k1.de + timezone: Europe/Berlin + enableOwnRepos: true + enableSudo: true + useNTP: true + extraPackages: + - iftop + - iotop + - htop + - rsync + - mtr + - traceroute + - dnsutils + - tar + - unzip + - wget + - curl + - screen + - zsh + users: + - name: isa + groups: "wheel" + shell: /usr/bin/zsh + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32646436343430316239336133663933356637336239653637386638393766376133623335343338 + 3066636233353436326461336561616365613233643965340a383036663337313466316139313061 + 31353232373536646565336563633166366639353563303534633336646532316131363266306335 + 3063393532396238300a393835373462636662303665333035343066376666383637326132346336 + 3966 + allowedSshKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829 + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrvhqC/tZzpLMs/qy+1xNSVi2mfn8LXPIEhh7dcGn9e isa@Isabelles-MacBook-Pro.local + +network: + nftables: + enable: true + +networkd: + networkd_resolv_conf_content: + - nameserver 1.1.1.1 + - nameserver 8.8.8.8 + networkd_apply_action: "restart" + network: + - name: ens18 + priority: 10 + content: + - Match: + - Name: ens18 + - Network: + - DNS: 2a02:c205::1:53 + - Address: 2a02:c207:3002:8320:0000:0000:0000:0001/64 + - Address: 2a02:c207:3002:8320:feed:f2c1:c0ff:ee/128 + - Gateway: fe80::1 + - DNS: 1.1.1.1:53 + - Address: 5.189.140.103/24 + - Gateway: 5.189.140.1 + +files: + /home/isa/photos.f2k1.de: + state: "directory" + mode: "0755" + owner: "isa" + group: "isa" + /var/lib/websites: + state: "directory" + mode: "0755" + owner: "isa" + group: "http" + /var/lib/websites/f2k1.de: + state: "directory" + mode: "0755" + owner: "isa" + group: "http" + /var/lib/websites/www.f2k1.de: + state: "directory" + mode: "0755" + owner: "isa" + group: "http" + /var/lib/websites/cloud.f2k1.de: + state: "directory" + mode: "0755" + owner: "isa" + group: "http" + /var/lib/websites/photos.f2k1.de: + state: "directory" + mode: "0755" + owner: "isa" + group: "http" + /var/lib/websites/windows.f2k1.de: + state: "directory" + mode: "0755" + owner: "isa" + group: "http" + /var/lib/websites/pma.f2k1.de: + state: "directory" + mode: "0755" + owner: "isa" + group: "http" + /var/lib/websites/moodle.toolsnbots.de: + state: "directory" + mode: "0755" + owner: "isa" + group: "http" + /var/lib/websites/wiki.flauschekatze.space: + state: "directory" + mode: "0755" + owner: "isa" + group: "http" + /var/lib/websites/c3fridge.de: + state: "directory" + mode: "0755" + owner: "isa" + group: "http" + /var/lib/websites/flauschehorn.sexy: + state: "directory" + mode: "0755" + owner: "isa" + group: "http" + /var/lib/websites/keinsexmitnazis.de: + state: "directory" + mode: "0755" + owner: "isa" + group: "http" + /etc/nginx/passwd/windows.f2k1.de: + state: "file" + content: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 39306334386433663833336663633766333066656239663839393263663533666137366532663461 + 6331643735656362343637616132623831623063313233330a393131323763636163383537633238 + 34313365316165366361636337396239663663396161366232623735326539306231663135356362 + 3933333733633730360a326132636161626562363461323730656437653463313032353466383439 + 36633839323932333331363535343163363164313539643735303433303562333161 + mode: "0600" + owner: "http" + group: "http" + +timers: + blahajstats: + timer_command: /home/isa/blahaj_stats/blahajstats.sh + timer_user: isa + timer_OnCalendar: "hourly" + timer_AccuracySec: 5s + unistats: + timer_command: /home/isa/unistats/unistats.sh + timer_user: isa + timer_OnCalendar: "minutely" + timer_AccuracySec: 5s + LarusBot: + timer_command: /home/isa/LarusBot/LarusBot.sh + timer_user: isa + timer_OnCalendar: "*-*-* 19:00:00" + timer_AccuracySec: 5s + +services: + openssh: + enable: true + port: 24 + permitRootLogin: true + passwordAuthentication: false + + prometheus_node_exporter: + enable: true + + vnstat: + enable: true + + mariadb: + enable: true + databases: + - name: etherpad + - name: flauschehorn + - name: flauschekatzewiki + - name: grafana_blahaj + - name: moodle + - name: wuecampusstats + users: + - username: isa + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62323831653137326430383361343132643265386230346339326363333636373232366137326635 + 3966636264386263333262323561303838653066316632630a333166616430653461316430393438 + 34373664373536313032343666633239393034393763663266626364323338373932306463346236 + 3239356361333061640a306631666364306464376466326437363935323364343965666434633664 + 33373032386235336162373934306536383761616665626530643565666634613633 + state: present + privileges: + "*.*": "ALL,GRANT" + - username: etherpad + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64396439646132303237323661326438373264383263393435396662303938666435323436373466 + 3266663665383031303766323461643665653664616564340a383830313863323832353138333630 + 30663636623530303164653863323466356565346131336332303666303635393063326262386137 + 3734653234616433360a383036663362623735396233396636316231363231313065643631366633 + 39393430363565353439353436323265623435363738313364616637663832333262 + state: present + privileges: + "etherpad.*": "ALL,GRANT" + - username: flauschehorn + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33663635343635306239613230663235333933393632623166353265376230313632373434376439 + 6262643462643963333432303461313065303065333435620a623064353061613962633761363530 + 63393735316466393039373838323166373238656437326130386432663137383762613263373961 + 6635346235393436650a346630306462386435316162343164613665316333626462646563653463 + 34376538663634616337313130326638386466373035353532663734363663396664 + state: present + privileges: + "flauschehorn.*": "ALL,GRANT" + - username: flauschekatzewiki + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32306166663630323030333461646162393538633433353536373330376535333263353466336236 + 6531663239613765353936613936313434303262383238660a316538313061623734383939323464 + 30353764636436643163623038623436373135653562653134616437636537323730653238666634 + 3930303434303665630a346536303865343534376364386563643332623437353266333835623637 + 66353132633363613933393937643231646335613134656238376436306162643336 + state: present + privileges: + "flauschekatzewiki.*": "ALL,GRANT" + - username: grafana + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35383865653363363531356139646361306236346533623463636166636463646535616137653034 + 6334613065656632376666616266656464386631346336630a626265336431623763386161326362 + 65626663613066303461623635376335323731393737383966323264663737376137633739366231 + 6337376138633637650a643138656662663932346139666162326562396338366236366630303863 + 38393861323361646333363733353764373938303961643134663234653438636637 + state: present + privileges: + "grafana_blahaj.*": "ALL,GRANT" + - username: moodle + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35353861363133343936326532626564303837383131663061373565656263396366653564373265 + 3833396539393362336165643032623939376433623132650a623634366331633466353466363462 + 64396534613861363166333634393862393237663337366663386438643335303462303935653461 + 3564353132623062340a653934336630353637656164663065323837343461633238326662636533 + 36316439356539333433313861316633326338323934306435313737663638633834 + state: present + privileges: + "moodle.*": "ALL,GRANT" + - username: wuecampusstats + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38323163343562663735616263626162326461383062663461636235633831653764666136613535 + 6462316631663732306239653734663738336637646335320a343032643436613264333231303937 + 39333462653063633663383632383164333166346462323831323865653535343061343135356638 + 3434306632376337330a636334356562666365633362303965633531333665663636303635613839 + 34623638653631663739643431303938653238306633643635313965383632336636 + state: present + privileges: + "wuecampusstats.*": "ALL,GRANT" + + acme_redirect: + enable: true + email: hi@f2k1.de + certs: + f2k1.de: + extraDnsNames: + - www.f2k1.de + renew_tasks: + - sudo systemctl restart nginx + luna.f2k1.de: + renewTasks: + - sudo systemctl restart nginx + photos.f2k1.de: + renewTasks: + - sudo systemctl restart nginx + windows.f2k1.de: + renewTasks: + - sudo systemctl restart nginx + grafana.f2k1.de: + renewTasks: + - sudo systemctl restart nginx + prometheus.f2k1.de: + renewTasks: + - sudo systemctl restart nginx + fbexporter.f2k1.de: + renewTasks: + - sudo systemctl restart nginx + cloud.f2k1.de: + renewTasks: + - sudo systemctl restart nginx + pma.f2k1.de: + renewTasks: + - sudo systemctl restart nginx + moodle.toolsnbots.de: + renewTasks: + - sudo systemctl restart nginx + systemusagestats.toolsnbots.de: + renewTasks: + - sudo systemctl restart nginx + isapad.de: + renewTasks: + - sudo systemctl restart nginx + c3fridge.de: + renewTasks: + - sudo systemctl restart nginx + free-spee.ch: + renewTasks: + - sudo systemctl restart nginx + flauschekatze.space: + renewTasks: + - sudo systemctl restart nginx + wiki.flauschekatze.space: + renewTasks: + - sudo systemctl restart nginx + flauschehorn.sexy: + renewTasks: + - sudo systemctl restart nginx + + php_fpm: + enable: true + version: 7 + extraModules: + - gd + - intl + listeners: + www: + user: isa + group: http + listenerPath: /run/php-fpm7/php-fpm.sock + listenerOwner: http + listenerGroup: http + extraConfig: " + php_admin_value[post_max_size] = 128M\n + php_admin_value[upload_max_filesize] = 100M + " + + nginx: + enable: true + sslOnly: true + vhosts: + f2k1.de: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/f2k1.de/fullchain" + privkey: "/var/lib/acme-redirect/live/f2k1.de/privkey" + root: /var/lib/websites/f2k1.de + enablePhpSupport: true + phpSocket: /run/php-fpm7/php-fpm.sock + www.f2k1.de: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/f2k1.de/fullchain" + privkey: "/var/lib/acme-redirect/live/f2k1.de/privkey" + root: /var/lib/websites/www.f2k1.de + enablePhpSupport: true + phpSocket: /run/php-fpm7/php-fpm.sock + luna.f2k1.de: + defaultServer: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/luna.f2k1.de/fullchain" + privkey: "/var/lib/acme-redirect/live/luna.f2k1.de/privkey" + locations: + - path: /node-exporter + proxy: http://127.0.0.1:9100/metrics + windows.f2k1.de: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/windows.f2k1.de/fullchain" + privkey: "/var/lib/acme-redirect/live/windows.f2k1.de/privkey" + root: /var/lib/websites/windows.f2k1.de + locations: + - path: / + directoryListing: true + basicAuth: /etc/nginx/passwd/windows.f2k1.de + pma.f2k1.de: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/pma.f2k1.de/fullchain" + privkey: "/var/lib/acme-redirect/live/pma.f2k1.de/privkey" + root: /var/lib/websites/pma.f2k1.de + enablePhpSupport: true + phpSocket: /run/php-fpm7/php-fpm.sock + cloud.f2k1.de: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/cloud.f2k1.de/fullchain" + privkey: "/var/lib/acme-redirect/live/cloud.f2k1.de/privkey" + root: /var/lib/websites/cloud.f2k1.de + enablePhpSupport: true + phpSocket: /run/php-fpm7/php-fpm.sock + moodle.toolsnbots.de: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/moodle.toolsnbots.de/fullchain" + privkey: "/var/lib/acme-redirect/live/moodle.toolsnbots.de/privkey" + root: /var/lib/websites/moodle.toolsnbots.de + enablePhpSupport: true + phpSocket: /run/php-fpm7/php-fpm.sock + systemusagestats.toolsnbots.de: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/systemusagestats.toolsnbots.de/fullchain" + privkey: "/var/lib/acme-redirect/live/systemusagestats.toolsnbots.de/privkey" + locations: + - path: "/" + extraConfig: 'return 301 systemusagestats:/$request_uri;' + isapad.de: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/isapad.de/fullchain" + privkey: "/var/lib/acme-redirect/live/isapad.de/privkey" + locations: + - path: "/" + extraConfig: 'return 200 "todo";' + c3fridge.de: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/c3fridge.de/fullchain" + privkey: "/var/lib/acme-redirect/live/c3fridge.de/privkey" + root: /var/lib/websites/c3fridge.de + free-spee.ch: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/free-spee.ch/fullchain" + privkey: "/var/lib/acme-redirect/live/free-spee.ch/privkey" + locations: + - path: "/" + extraConfig: 'return 301 "https://skrt.social/@kumitterer/104392956272864310";' + flauschekatze.space: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/flauschekatze.space/fullchain" + privkey: "/var/lib/acme-redirect/live/flauschekatze.space/privkey" + locations: + - path: "/.well-known/matrix/client" + extraConfig: ' + add_header Content-Type application/json; + return 200 "{\"m.homeserver\": {\"base_url\": \"https://matrix.flauschekatze.space\"}}"; + ' + - path: "/.well-known/matrix/server" + extraConfig: ' + add_header Content-Type application/json; + return 200 "{\"m.server\": \"matrix.flauschekatze.space:443\"}"; + ' + wiki.flauschekatze.space: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/wiki.flauschekatze.space/fullchain" + privkey: "/var/lib/acme-redirect/live/wiki.flauschekatze.space/privkey" + root: /var/lib/websites/wiki.flauschekatze.space + enablePhpSupport: true + phpSocket: /run/php-fpm7/php-fpm.sock + flauschehorn.sexy: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/flauschehorn.sexy/fullchain" + privkey: "/var/lib/acme-redirect/live/flauschehorn.sexy/privkey" + root: /var/lib/websites/flauschehorn.sexy + enablePhpSupport: true + phpSocket: /run/php-fpm7/php-fpm.sock + keinsexmitnazis.de: + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/f2k1.de/fullchain" + privkey: "/var/lib/acme-redirect/live/f2k1.de/privkey" + root: /var/lib/websites/keinsexmitnazis.de + + prometheus: + enable: true + config: + global: + scrape_interval: 20s + evaluation_interval: 1m + scrape_configs: + - job_name: 'prometheus' + static_configs: + - targets: ['127.0.0.1:9090'] + + - job_name: 'node-exporter' + metrics_path: '/node-exporter' + scheme: 'https' + scrape_interval: 30s + static_configs: + - targets: [ + 'luna.f2k1.de', + 'wanderduene.ctu.cx', + 'taurus.ctu.cx', + 'desastro.ctu.cx', + 'lollo.ctu.cx', + 'joguhrtbecher.ctu.cx', + 'repo.f2k1.de', + 'toaster.frp.ctu.cx', + 'stasicontainer-mac.frp.ctu.cx' + ] + + - job_name: 'fritzbox-exporter' + metrics_path: '/metrics' + scheme: 'https' + scrape_interval: 30s + static_configs: + - targets: [ + 'fbexporter.ctu.cx', + 'fbexporter.f2k1.de' + ] + + - job_name: 'parkplatz-exporter' + metrics_path: '/parkplaetze.php' + scheme: 'https' + scrape_interval: 5m + static_configs: + - targets: [ + 'f2k1.de' + ] + nginx: + enable: true + domain: "prometheus.f2k1.de" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/prometheus.f2k1.de/fullchain" + privkey: "/var/lib/acme-redirect/live/prometheus.f2k1.de/privkey" + + grafana: + enable: true + configFile: config-files/luna/grafana.ini + nginx: + enable: true + domain: "grafana.f2k1.de" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/grafana.f2k1.de/fullchain" + privkey: "/var/lib/acme-redirect/live/grafana.f2k1.de/privkey" + + fritzboxExporter: + enable: true + nginx: + enable: true + domain: "fbexporter.f2k1.de" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/fbexporter.f2k1.de/fullchain" + privkey: "/var/lib/acme-redirect/live/fbexporter.f2k1.de/privkey" + + mumble: + enable: true + + ctucxGallery: + enable: true + user: isa + sourceDir: /home/isa/photos.f2k1.de + targetDir: /var/lib/websites/photos.f2k1.de + site: + name: isas photos + author: f2k1de + description: ein paar bilder + tags: "" + nginx: + enable: true + domain: "photos.f2k1.de" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/photos.f2k1.de/fullchain" + privkey: "/var/lib/acme-redirect/live/photos.f2k1.de/privkey"
diff --git a/configuration/taurus.yml b/configuration/taurus.yml @@ -80,6 +80,9 @@ services: - antifa.jetzt - oeffisear.ch + vnstat: + enable: true + acme_redirect: enable: true email: lets-encrypt@ctu.cx @@ -109,21 +112,6 @@ services: locations: - path: /node-exporter proxy: http://127.0.0.1:9100 - photos.ctu.cx: - ssl: - enable: true - cert: "/var/lib/acme-redirect/live/photos.ctu.cx/fullchain" - privkey: "/var/lib/acme-redirect/live/photos.ctu.cx/privkey" - root: /var/lib/websites/photos.ctu.cx - locations: - - path: '~* \.(html)$' - extraConfig: " - add_header Last-Modified $date_gmt; - add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; - if_modified_since off; - expires off; - etag off; - " syncthing: enable: true @@ -163,3 +151,22 @@ services: - path: /srv/wanderduene/oeffisearch address: 10.0.0.10 options: rw,fsid=2,sync,no_subtree_check,no_auth_nlm,insecure,no_root_squash + + ctucxGallery: + enable: true + user: leah + sourceDir: /home/leah/syncthing/Pictures/photos.ctu.cx + targetDir: /var/lib/websites/photos.ctu.cx + site: + name: ctucx' photos + author: ctucx + description: photos that i made + tags: ctucx, ctucx bahnbilder + nginx: + enable: true + domain: "photos.ctu.cx" + sslOnly: true + ssl: + enable: true + cert: "/var/lib/acme-redirect/live/photos.ctu.cx/fullchain" + privkey: "/var/lib/acme-redirect/live/photos.ctu.cx/privkey"
diff --git a/configuration/wanderduene.yml b/configuration/wanderduene.yml @@ -113,6 +113,9 @@ services: postgresql: enable: true + vnstat: + enable: true + bind: enable: true zonesRepo: https://cgit.ctu.cx/dns-zones @@ -439,7 +442,8 @@ services: 'joguhrtbecher.ctu.cx', 'repo.f2k1.de', 'toaster.frp.ctu.cx', - 'stasicontainer-mac.frp.ctu.cx' + 'stasicontainer-mac.frp.ctu.cx', + 'luna.f2k1.de' ] - job_name: 'fritzbox-exporter'
diff --git a/gpg/open_the_vault.sh b/gpg/open_the_vault.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e -u +have() { + command -v "$1" >/dev/null +} +if have gpg2; then + GPG="gpg2" +else + GPG="gpg" +fi +exec "$GPG" --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.asc 2>/dev/null
diff --git a/gpg/vault_passphrase.asc b/gpg/vault_passphrase.asc @@ -0,0 +1,23 @@ +-----BEGIN PGP MESSAGE----- + +hQEMAzKSAdb/T1iJAQf/WXRvvBBGvXNczYtvkgUYojWKIQwkxpGYwvK8HznmgIe5 +G6GXRzIuu4RVqNUShbfVLiLXxCiPd3ICVEw+ZD7B7g9A1AnEyL6CXxHTLVv0Yzt2 +HnXnjiTfQ3gKNGpeJuiKmukGWRegIp85vw9uL9A+DpAxxyEfpcZr8EM1VfGMpKdr +eS3DsmHtI5IBUYsdus+8/wtPB8vrFfksMxpMuAg6snhCZT3WnSlfEEdlcfZ+sOKW +vK/ADtD+WLIWdYIsoxvrpLrr6owb5SY5nIr4gxbzvFoTFq5KOn4Lib6t8KOFcLhA +nG9dfoPfkP1CR1kw3WbpbFZ8/Mbzplp4yerg8h3jKoUCDAPu778iPtQh+QEQAI8P +OyxveLgkgS4cy/d+rV9kS4J64FW/vvEvdinU+jvkKw/64Br0mSU1RrOyQyO9gE5G +xnYhxA/aNx9X0FsXDqUnth0Et4238m4izTNYVfslelg+ysdcNZWsvD5SwSKRMQoW +9b5TpWrfYuDet6BxdiekOfi5xurRHxDFnRxweA8ptJ++AnoA9nOmkwgVB6tNvjNn +gjk1xCIfh6/PKEOh58sVUl3lBwx8A78RAMEQNTIu8oLhieHZ4n6KqqfoYGLodzZp +jHUbS8fpWwlIQ4b85t1WGWiiH09+O0Udl46vV/b6otG4Ylg/u3NHPuJNshnZvSmO +yjo6A33PtkWjbI7YcQw4ApPY5UlopUKX2pEFk8+bLV5nq2npQB0H0V70KnUxu/dO +ko4pZhLpVdCEe+J/KozpSuwAyZLYy22zWMYhue4apae8Ve+zZR/+iF+VDCtBktAW +JBavcyGaUbznvx0QJbkUHC3DWHcTjNkmQW5Fda46HscQGn7pgcNe+FrJ8oqlAghd +JbM1FnHkpzYBIkSdmF0pfz24zcFoQczMtKiIiGKf6cUAFxvLINSIzx3KqQpaWee4 +beJLRgqa49bOT9bt+KBKzGrdpEn/wmBKSUOLpIBIJ4IwaPjtSL3M/tWmjTD1NXmk +eXVYBLRDgCu4+uI68t5tyzIHbaPZLtT4OM3EbVpP0l0B8JXItPA1QHBFJRd+aMmQ +5/xGgLPdzDSqrYcYBV0qC/gNgrZTAf/VlN4R7PMnZIOyBLJqCDHuYTZqFz63iAVA +6lAfRIwmoYBd8yy/jgWkvY6siWiFC2TPSJ+evXI= +=xiIr +-----END PGP MESSAGE-----
diff --git a/playbook.yml b/playbook.yml @@ -22,6 +22,8 @@ tags: files - role: bind # supports: alpine, arch(untested) tags: bind + - role: vnstat + tags: vnstat - role: nginx # supports: alpine, arch tags: nginx - role: gitolite # supports: alpine, arch(untested) @@ -64,17 +66,17 @@ tags: files - role: bind # supports: alpine, arch(untested) tags: bind + - role: vnstat + tags: vnstat - role: nfsserver # supports: alpine tags: nfs - role: nginx # supports: alpine, arch tags: nginx - role: syncthing # supports: alpine, arch tags: syncthing + - role: ctucx-gallery + tags: ctucx-gallery - role: rest-server # supports: alpine, arch(untested) - vars: - rest_server: - nginx: - password: "{}" tags: [ backup, rest-server, restic ] - hosts: joguhrtbecher @@ -89,6 +91,8 @@ tags: systemd-networkd - role: files # supports: alpine, arch tags: files + - role: vnstat + tags: vnstat - role: mariadb tags: mariadb - role: nginx # supports: alpine, arch @@ -110,6 +114,8 @@ tags: timers - role: systemd-networkd tags: systemd-networkd + - role: vnstat + tags: vnstat - role: php-fpm # supports: alpine, arch tags: php-fpm - role: nginx @@ -153,3 +159,9 @@ tags: grafana - role: fritzboxExporter tags: fritzboxExporter + - role: vnstat + tags: vnstat + - role: mumble + tags: mumble + - role: ctucx-gallery + tags: ctucx-gallery
diff --git a/roles/cgit/templates/nginx-vhost.conf.j2 b/roles/cgit/templates/nginx-vhost.conf.j2 @@ -1,3 +1,7 @@ +# +# !!! This file is managed by Ansible !!! +# + {% if services.cgit.nginx.sslOnly is not defined or services.cgit.nginx.sslOnly is false %} server { listen 80 ;
diff --git a/todo.txt b/todo.txt @@ -1,10 +1,15 @@ todo: + -> rewrite für moodle + -> rewrite für mediawiki + -> nextcloud einrichten + -> f2k1.de aufräumen + -> minecraft + -> etherpad + -> role for serverstatus -> check that defined cert-files are existing - -> vnstat role -> alertmanager role -> etherpad role - -> mumble role -> minecraft role - -> ctucx-gallery role and aur package -> acme-redirect role - create certs for new defined configs + -> cron role + \ No newline at end of file