ele-* playbook refactoring and ele-calypso base install

author: Christian Pointner <equinox@spreadspace.org> 2022-07-20 19:54:18 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2022-07-20 19:54:18 +0200
commit: b5a95405f7aec03a95abdad0f3b937b367c14c97 (patch)
tree: 1324dfd27176b02f237cac90943928c9332ac5e3 /dan
parent: add new grafana dashboard for openwrt (diff)
18 files changed, 181 insertions, 101 deletions
diff --git a/dan/ele-calypso.yml b/dan/ele-calypso.yml
new file mode 100644
index 00000000..c6fe0cfa
--- /dev/null
+++ b/dan/ele-calypso.yml
@@ -0,0 +1,98 @@
+---
+- name: Basic Setup
+  hosts: ele-calypso
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/ntp
+  - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: ele-calypso
+  roles:
+  - role: apt-repo/spreadspace
+  - role: streaming/blackmagic/desktopvideo
+  - role: kubernetes/base
+  - role: kubernetes/standalone/base
+  - role: streaming/player
+  # post_tasks:
+  # - name: install smstools
+  #   apt:
+  #     name: smstools
+  #     state: present
+
+  # - name: add user for sachet
+  #   user:
+  #     name: sachet
+  #     system: yes
+  #     home: /nonexistent
+  #     create_home: no
+  #     groups: smsd
+  #     append: yes
+
+  # - name: create sachet config directory
+  #   file:
+  #     path: /etc/sachet
+  #     state: directory
+
+  # - name: install sachet config file
+  #   copy:
+  #     dest: /etc/sachet/config.yml
+  #     content: |
+  #       providers:
+  #         smstools:
+  #           outgoing_dir: /var/spool/sms/outgoing
+
+  #       receivers:
+  #       - name: equinox
+  #         provider: smstools
+  #         to:
+  #         - '+436644800222'
+
+  # - name: install systemd service unit for sachet
+  #   copy:
+  #     dest: /etc/systemd/system/sachet.service
+  #     content: |
+  #       [Unit]
+  #       Description=Sachet SMS Daemon for Prometheus Alertmanager
+
+  #       [Service]
+  #       Restart=on-failure
+  #       User=sachet
+  #       ExecStart=/usr/local/bin/sachet -config /etc/sachet/config.yml
+
+  #       # systemd hardening-options
+  #       AmbientCapabilities=
+  #       CapabilityBoundingSet=
+  #       DeviceAllow=/dev/null rw
+  #       DevicePolicy=strict
+  #       LimitMEMLOCK=0
+  #       LimitNOFILE=8192
+  #       LockPersonality=true
+  #       MemoryDenyWriteExecute=true
+  #       NoNewPrivileges=true
+  #       PrivateDevices=true
+  #       PrivateTmp=true
+  #       PrivateUsers=true
+  #       ProtectControlGroups=true
+  #       ProtectHome=true
+  #       ProtectKernelModules=true
+  #       ProtectKernelTunables=true
+  #       ProtectSystem=full
+  #       ReadWritePaths=/var/spool/sms/outgoing
+  #       RemoveIPC=true
+  #       RestrictNamespaces=true
+  #       RestrictRealtime=true
+  #       SystemCallArchitectures=native
+
+  #       [Install]
+  #       WantedBy=multi-user.target
+
+  # ## TODO:
+  # ##   - configure smstools
+  # ##   - build sachet using this branch: https://github.com/spreadspace/sachet/tree/topic/add-smstools
+  # ##   - copy binary to /usr/local/bin/sachet
+  # ##   - $ systemctl daemon-reload
+  # ##   - $ systemctl enable --now sachet
diff --git a/dan/ele-coturn.yml b/dan/ele-coturn.yml
index dcb8b417..9438c7b5 100644
--- a/dan/ele-coturn.yml
+++ b/dan/ele-coturn.yml
@@ -7,6 +7,10 @@
   - role: core/sshd/base
   - role: core/zsh
   - role: core/ntp
+
+- name: Payload Setup
+  hosts: ele-coturn
+  roles:
   - role: apt-repo/spreadspace
   - role: kubernetes/base
   - role: kubernetes/standalone/base
diff --git a/dan/ele-dione.yml b/dan/ele-dione.yml
index a6baf4c5..322818ae 100644
--- a/dan/ele-dione.yml
+++ b/dan/ele-dione.yml
@@ -6,23 +6,18 @@
   - role: core/base
   - role: core/sshd/base
   - role: core/zsh
-  - role: core/cpu-microcode
   - role: core/ntp
+  - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: ele-dione
+  roles:
   - role: core/admin-users
   - role: apt-repo/spreadspace
   - role: nginx/base
   - role: monitoring/prometheus/exporter
   - role: streaming/blackmagic/desktopvideo
   post_tasks:
-    ## this is needed for local rtmp proxy
-  # - name: install interface config for guest vlan
-  #   copy:
-  #     content: |
-  #       auto {{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }}
-  #       iface {{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }} inet static
-  #         address {{ network_zones.guest.prefix | ipaddr(network_zones.guest.offsets[inventory_hostname]) | ipaddr('address/prefix') }}
-  #     dest: "/etc/network/interfaces.d/{{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }}"
-
   # - name: prepare storage volume for recordings
   #   vars:
   #     storage_volume:
diff --git a/dan/ele-dolmetsch-raspi.yml b/dan/ele-dolmetsch-raspi.yml
index f75afcf8..f4008892 100644
--- a/dan/ele-dolmetsch-raspi.yml
+++ b/dan/ele-dolmetsch-raspi.yml
@@ -6,4 +6,8 @@
   - role: core/base
   - role: core/sshd/base
   - role: core/zsh
+
+- name: Payload Setup
+  hosts: "{{ install_hostname }}"
+  roles:
   - role: streaming/dolmetsch-raspi
diff --git a/dan/ele-emcplayer.yml b/dan/ele-emcplayer.yml
index 03058a03..8654c2af 100644
--- a/dan/ele-emcplayer.yml
+++ b/dan/ele-emcplayer.yml
@@ -8,6 +8,10 @@
   - role: core/zsh
   - role: core/ntp
   - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: "{{ install_hostname }}"
+  roles:
   - role: ws/base
   - role: core/admin-users
   post_tasks:
diff --git a/dan/ele-gwhetzner.yml b/dan/ele-gwhetzner.yml
index bcd75bcd..754fae65 100644
--- a/dan/ele-gwhetzner.yml
+++ b/dan/ele-gwhetzner.yml
@@ -7,6 +7,10 @@
   - role: core/sshd/base
   - role: core/zsh
   - role: core/ntp
+
+- name: Payload Setup
+  hosts: ele-gwhetzner
+  roles:
   - role: network/wireguard/base
   - role: network/wireguard/p2p
   - role: network/nftables/base
diff --git a/dan/ele-helene.yml b/dan/ele-helene.yml
index e3913843..fea6a533 100644
--- a/dan/ele-helene.yml
+++ b/dan/ele-helene.yml
@@ -8,93 +8,10 @@
   - role: core/zsh
   - role: core/ntp
   - role: core/cpu-microcode
-  - role: apt-repo/spreadspace
-  - role: nginx/base
-  - role: monitoring/prometheus/exporter
-  - role: vm/host/base
-  - role: vm/host/network
-  - role: installer/debian/base
-  - role: installer/openbsd/base
-  - role: streaming/blackmagic/desktopvideo
-  - role: kubernetes/base
-  - role: kubernetes/standalone/base
-  - role: streaming/player
-  # post_tasks:
-  # - name: install smstools
-  #   apt:
-  #     name: smstools
-  #     state: present
 
-  # - name: add user for sachet
-  #   user:
-  #     name: sachet
-  #     system: yes
-  #     home: /nonexistent
-  #     create_home: no
-  #     groups: smsd
-  #     append: yes
-
-  # - name: create sachet config directory
-  #   file:
-  #     path: /etc/sachet
-  #     state: directory
-
-  # - name: install sachet config file
-  #   copy:
-  #     dest: /etc/sachet/config.yml
-  #     content: |
-  #       providers:
-  #         smstools:
-  #           outgoing_dir: /var/spool/sms/outgoing
-
-  #       receivers:
-  #       - name: equinox
-  #         provider: smstools
-  #         to:
-  #         - '+436644800222'
-
-  # - name: install systemd service unit for sachet
-  #   copy:
-  #     dest: /etc/systemd/system/sachet.service
-  #     content: |
-  #       [Unit]
-  #       Description=Sachet SMS Daemon for Prometheus Alertmanager
-
-  #       [Service]
-  #       Restart=on-failure
-  #       User=sachet
-  #       ExecStart=/usr/local/bin/sachet -config /etc/sachet/config.yml
-
-  #       # systemd hardening-options
-  #       AmbientCapabilities=
-  #       CapabilityBoundingSet=
-  #       DeviceAllow=/dev/null rw
-  #       DevicePolicy=strict
-  #       LimitMEMLOCK=0
-  #       LimitNOFILE=8192
-  #       LockPersonality=true
-  #       MemoryDenyWriteExecute=true
-  #       NoNewPrivileges=true
-  #       PrivateDevices=true
-  #       PrivateTmp=true
-  #       PrivateUsers=true
-  #       ProtectControlGroups=true
-  #       ProtectHome=true
-  #       ProtectKernelModules=true
-  #       ProtectKernelTunables=true
-  #       ProtectSystem=full
-  #       ReadWritePaths=/var/spool/sms/outgoing
-  #       RemoveIPC=true
-  #       RestrictNamespaces=true
-  #       RestrictRealtime=true
-  #       SystemCallArchitectures=native
-
-  #       [Install]
-  #       WantedBy=multi-user.target
-
-  # ## TODO:
-  # ##   - configure smstools
-  # ##   - build sachet using this branch: https://github.com/spreadspace/sachet/tree/topic/add-smstools
-  # ##   - copy binary to /usr/local/bin/sachet
-  # ##   - $ systemctl daemon-reload
-  # ##   - $ systemctl enable --now sachet
+- name: Payload Setup
+  hosts: ele-helene
+  roles:
+  # - role: apt-repo/spreadspace
+  # - role: nginx/base
+  # - role: monitoring/prometheus/exporter
diff --git a/dan/ele-hpws-maxi.yml b/dan/ele-hpws-maxi.yml
index 70132f90..a5c67366 100644
--- a/dan/ele-hpws-maxi.yml
+++ b/dan/ele-hpws-maxi.yml
@@ -8,6 +8,10 @@
   - role: core/zsh
   - role: core/ntp
   - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: ele-hpws-maxi
+  roles:
   - role: apt-repo/obs-studio
   - role: apt-repo/spreadspace
   - role: ws/base
diff --git a/dan/ele-hpws-mini1.yml b/dan/ele-hpws-mini1.yml
index 8bb1fc72..657ff5d8 100644
--- a/dan/ele-hpws-mini1.yml
+++ b/dan/ele-hpws-mini1.yml
@@ -8,6 +8,10 @@
   - role: core/zsh
   - role: core/ntp
   - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: ele-hpws-mini1
+  roles:
   - role: apt-repo/obs-studio
   - role: apt-repo/spreadspace
   - role: ws/base
diff --git a/dan/ele-jitsi.yml b/dan/ele-jitsi.yml
index 2e63f558..1ac3ef3f 100644
--- a/dan/ele-jitsi.yml
+++ b/dan/ele-jitsi.yml
@@ -7,6 +7,10 @@
   - role: core/sshd/base
   - role: core/zsh
   - role: core/ntp
+
+- name: Payload Setup
+  hosts: ele-jitsi
+  roles:
   - role: apt-repo/spreadspace
   - role: kubernetes/base
   - role: kubernetes/standalone/base
diff --git a/dan/ele-laptop.yml b/dan/ele-laptop.yml
index 097feeec..58b9d9f5 100644
--- a/dan/ele-laptop.yml
+++ b/dan/ele-laptop.yml
@@ -8,5 +8,9 @@
   - role: core/zsh
   - role: core/ntp
   - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: ele-laptop
+  roles:
   - role: ws/base
   - role: core/admin-users
diff --git a/dan/ele-lt.yml b/dan/ele-lt.yml
index 6749d744..097ee5d1 100644
--- a/dan/ele-lt.yml
+++ b/dan/ele-lt.yml
@@ -6,6 +6,11 @@
   - role: core/base
   - role: core/sshd/base
   - role: core/zsh
+  - role: core/ntp
+
+- name: Payload Setup
+  hosts: ele-lt
+  roles:
   - role: apt-repo/spreadspace
   - role: acmetool/base
   - role: nginx/base
diff --git a/dan/ele-media.yml b/dan/ele-media.yml
index 65e02c32..c3913273 100644
--- a/dan/ele-media.yml
+++ b/dan/ele-media.yml
@@ -8,6 +8,10 @@
   - role: core/zsh
   - role: core/ntp
   - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: ele-media
+  roles:
   - role: core/admin-users
   - role: storage/zfs/pools
   - role: apt-repo/spreadspace
diff --git a/dan/ele-mon.yml b/dan/ele-mon.yml
index 91498205..08a2d283 100644
--- a/dan/ele-mon.yml
+++ b/dan/ele-mon.yml
@@ -7,6 +7,10 @@
   - role: core/sshd/base
   - role: core/zsh
   - role: core/ntp
+
+- name: Payload Setup
+  hosts: ele-mon
+  roles:
   - role: nginx/base
   - role: apt-repo/spreadspace
   - role: monitoring/prometheus/ca
diff --git a/dan/ele-telesto.yml b/dan/ele-telesto.yml
index 9c49295b..a1e877dd 100644
--- a/dan/ele-telesto.yml
+++ b/dan/ele-telesto.yml
@@ -6,15 +6,28 @@
   - role: core/base
   - role: core/sshd/base
   - role: core/zsh
-  - role: core/cpu-microcode
   - role: core/ntp
+  - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: ele-telesto
+  roles:
   - role: core/admin-users
   - role: apt-repo/spreadspace
   - role: nginx/base
   - role: monitoring/prometheus/exporter
   - role: streaming/blackmagic/desktopvideo
   post_tasks:
-  - name: install lm-sensors
+    ## this is needed for local icecast relay
+  # - name: install interface config for guest vlan
+  #   copy:
+  #     content: |
+  #       auto {{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }}
+  #       iface {{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }} inet static
+  #         address {{ network_zones.guest.prefix | ipaddr(network_zones.guest.offsets[inventory_hostname]) | ipaddr('address/prefix') }}
+  #     dest: "/etc/network/interfaces.d/{{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }}"
+
+  - name: install lm-sensors and i7z
     apt:
       name: lm-sensors
 
diff --git a/dan/ele-thetys.yml b/dan/ele-thetys.yml
index c11cf01b..46a41b77 100644
--- a/dan/ele-thetys.yml
+++ b/dan/ele-thetys.yml
@@ -8,6 +8,10 @@
   - role: core/zsh
   - role: core/ntp
   - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: ele-thetys
+  roles:
   - role: storage/lvm/groups
   - role: core/admin-users
   - role: apt-repo/spreadspace
diff --git a/dan/ele-tsdatacop.yml b/dan/ele-tsdatacop.yml
index 187dc110..d163d82e 100644
--- a/dan/ele-tsdatacop.yml
+++ b/dan/ele-tsdatacop.yml
@@ -8,6 +8,10 @@
   - role: core/zsh
   - role: core/ntp
   - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: ele-tsdatacop
+  roles:
   - role: apt-repo/obs-studio
   - role: apt-repo/spreadspace
   - role: ws/base
diff --git a/dan/ele-uhrturm.yml b/dan/ele-uhrturm.yml
index afbe781d..ff5f3332 100644
--- a/dan/ele-uhrturm.yml
+++ b/dan/ele-uhrturm.yml
@@ -7,6 +7,10 @@
   - role: core/sshd/base
   - role: core/zsh
   - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: ele-uhrturm
+  roles:
   - role: core/admin-users
   - role: streaming/blackmagic/desktopvideo
   - role: apt-repo/spreadspace
author	Christian Pointner <equinox@spreadspace.org>	2022-07-20 19:54:18 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2022-07-20 19:54:18 +0200
commit	b5a95405f7aec03a95abdad0f3b937b367c14c97 (patch)
tree	1324dfd27176b02f237cac90943928c9332ac5e3 /dan
parent	add new grafana dashboard for openwrt (diff)