diff options
author | Christian Pointner <equinox@spreadspace.org> | 2024-04-03 20:18:22 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2024-04-03 20:18:22 +0200 |
commit | b90a0f8dfdcfc045bdfef50ce0e91bbd056f3d47 (patch) | |
tree | e4a3b32502905113b1c1a499ee6a2a10e3af78c3 /inventory | |
parent | nginx/vhost: fix string concat issue incase nginx_vhost.name is not a string (diff) |
cleanup old linuxtage stuff and add new glt-jitsi
Diffstat (limited to 'inventory')
-rw-r--r-- | inventory/group_vars/glt-c3voc/vars.yml | 2 | ||||
-rw-r--r-- | inventory/group_vars/glt-live-misc/vars.yml | 15 | ||||
-rw-r--r-- | inventory/group_vars/glt-live-r3/vars.yml | 3 | ||||
-rw-r--r-- | inventory/group_vars/glt-live/network.yml | 78 | ||||
-rw-r--r-- | inventory/group_vars/glt-live/vars.yml | 13 | ||||
-rw-r--r-- | inventory/group_vars/linuxtage/vars.yml | 2 | ||||
-rw-r--r-- | inventory/host_vars/glt-calypso.yml | 77 | ||||
-rw-r--r-- | inventory/host_vars/glt-coturn.yml | 56 | ||||
-rw-r--r-- | inventory/host_vars/glt-gw-r3.yml | 147 | ||||
-rw-r--r-- | inventory/host_vars/glt-gw-tug.yml | 177 | ||||
-rw-r--r-- | inventory/host_vars/glt-jitsi.yml (renamed from inventory/host_vars/glt-meet2.yml) | 16 | ||||
-rw-r--r-- | inventory/host_vars/glt-meet1.yml | 65 | ||||
-rw-r--r-- | inventory/host_vars/glt-stream.yml | 8 | ||||
-rw-r--r-- | inventory/host_vars/glt-tsdatacop.yml | 70 | ||||
-rw-r--r-- | inventory/hosts.ini | 44 |
15 files changed, 20 insertions, 753 deletions
diff --git a/inventory/group_vars/glt-c3voc/vars.yml b/inventory/group_vars/glt-c3voc/vars.yml index 65185f33..9ed69195 100644 --- a/inventory/group_vars/glt-c3voc/vars.yml +++ b/inventory/group_vars/glt-c3voc/vars.yml @@ -1,6 +1,4 @@ --- -zsh_banner: linuxtage - ssh_users_root: - equinox - kunsi diff --git a/inventory/group_vars/glt-live-misc/vars.yml b/inventory/group_vars/glt-live-misc/vars.yml deleted file mode 100644 index 4f1862b5..00000000 --- a/inventory/group_vars/glt-live-misc/vars.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -install: - cloud: - credentials: - token: "{{ vault_hcloud_api_token }}" - - -apt_repo_provider: hetzner - -ssh_keys_root_extra: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/tPDEC1q6YIhKKYK3ioN+flmB2ACw0X7rew144g71jeD1/ZXt2JaPJND8TiGAITtM7jOAc6EVHCjpRrA71+tOu119T/0ewRDTTg1B+X7/MgiXtV7OaG0SuxULrzHv2oH0XWX750EKqdRN56uw2WKkyHQafKgPULIYcRKuj2NbUxh3jnbwA3yaPZ47I+nSRUuLLPr87eoaeJB0LYvK0DfDoe5jlwds8lp20jbY5SVYlPH+tqRo//hiYWbEUL5h3aFqOlphXp3eTnK1uUfWoII6IEudMfj7+ajn17CDd9THMNyIN7EdyZ7Lum9sIMjU1JGbT+xW1t6VVx0pGY2zmTt6XTVYrGmc/T/yD+aQZHKtaiRrvZiL5Izl5gkrvXgFmjgebMlLm6adplqK239PoyjgVjxBiZbKwsEq+YmNrCWImwoJ7d1j52Z0CqIcWF6DrXbT0nAFuIYayVjBSMvf2/dnan6NhYPxj+yfAUVUkhza5jtVW6woIgJlZ5Zi3rXmXDE= emergency@glt - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHB2GxQrL18sfbdgTvaimYR/F94UtZ3BMA8cNQyTzT8h martin@adelmann - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvzYsE/QAjqvmNU1MoYzd9FTe+xmNadvosoQHyyXYh5qBQYI5AfCpeZmkHgSrdUOiA4Z6BOW5RvDjbHQlQK2D3I1uuCSGIt830t4btbuffCw+6HpnZ9Q7Q/1GKLaUH+qdHISoNmt+3eFUPr3Xg5CK3fJ8zfCxjagHxn7AVXPBqJK5fRYtmXLNVo8NaoTe3o3YhChD7sR1FlzZhFIeqVHFJxvwFYtYbXfwsJI43oQON+oxHCIRodJDrUwsqBXIeqxJGBi/UjTHLaxBpy89oi5kZjPhmZDu3vyJpcEn9vkVpwKgKK110Zya2F07CXLTE/6VoetwAYeWDBiZiXfbLI7SPr1PZ+wkd8UX/evdEhJhh3ySW9Gi3n2AzCz8tUJPJvDxqr+KpiI138dYLAyuLoRK4I2MbvO/5/zAqByZP10Ru3MLunHrNsiI/pSu4bvOnwM8F71w9fkTuv5jOeIJo5YHupJZsl7LfcRwokxFMhJ2bk5fiJFvDeHkCKfnlq/dq7zk= lukas@regular - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5dIGN5o3LKThsA/hnTqazsVW5UNuGxia6Kheq40UChnfiF0+XaNRgXZYWO9HvKO0Cer9srZy9Ok1YirQBHAujRZmvnk3il7cbxepD+j2+oPaL57mevYD5lBzVqoqANCaTaq5if7aQEwGOqgz1HFtU44ElgAEjamwFfAOG3WPckOjGmqnSGQrS7+tZg/Z8S7d1zjbUJvXbvwehMpFz8pun2E1FhFrDWmmP4bA4GXGMAZvXDQ5bLeb4uspUI2N8oAFGvf5SxXLiZx2VmOf6ZIVS4FZqweR6wI0C8RBJuvAtzThZgaCY3kIrQKxD+eYYgBJB+mMYySoUQBFHaBW967v5T+2uR9oxD8l21lb39E3R6fhn3YM4BTv67GR2B1fvryu7Wz5u5wMW6dOptpVoyVaYbQAUcb0wRhzZzDjoL7xH+dYio6rs4BjtpWjspi0tRtN/L7H59qvZLxzK/VsBj82t2fXylE+/LnZQ+yNvcqHteJS+VH4LxTNOzqlaaRJ0GYs= ansible@glt - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCdm5WCNt0ul9R7B8ndbuh8aw+OWXDEx0jjXI2Ep8TcjXlo7b2NScunqZHA9WkLNNi8f46N1c2UYm7LVrLFs1mWaaVPeM0jzBHPXCVJPJDMiWPfdxsIQqKM+q09kVlGGNGQvEeVYVLPg+K2t/sEdPgjb7/UhOblurQhQewWvvypReVLhPU5K8/ZCh/uXHmBxmp0kcm0UhIJ73tjdpIoeseQgA7FjA/h1lKKakChu3kqGHL0FJmH9ZcMfPkYUziQ6hv583PrU03vq5Q3J+tyXR3ytY1yqTUntnkHHE6e2Q3zfFWZcrhgUG6UOch2exv1vH2c1yBL3EYecZ/1s2gx/7QX0rrP2byMRorvnAY06rIQ5HXBJrUMEPsiTM16EfLHC1CsolsKTEQ+2DrrqSCACJmO+La8QunqA6l0G2SnRCW6I/A3RATzP6V2bUuJpBnS3hVfP5Q11xO+8zfu/58i3S3EaMNsUc8GwxJ9L6sjTO3W2LQ1UsG2fECPm9Ghec6iJyM= spel@lspe.organsible diff --git a/inventory/group_vars/glt-live-r3/vars.yml b/inventory/group_vars/glt-live-r3/vars.yml deleted file mode 100644 index 8c360f8d..00000000 --- a/inventory/group_vars/glt-live-r3/vars.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -apt_repo_provider: anexia -#apt_repo_provider: ffgraz diff --git a/inventory/group_vars/glt-live/network.yml b/inventory/group_vars/glt-live/network.yml deleted file mode 100644 index e78ddd2d..00000000 --- a/inventory/group_vars/glt-live/network.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -network_zones: - r3_lan: - description: "realraum LAN, Internetuplink via Magenta" - vlan: 127 - prefix: 192.168.127.0/24 - gateway: 192.168.127.254 - dns: - - 192.168.127.254 - dhcp: - start: 1 - limit: 149 - offsets: - # Saal 1 - glt-s1mod: 150 - glt-s1slide: 151 - glt-s1speak1: 152 - glt-s1speak2: 153 - glt-s1info: 154 - glt-dione: 155 - glt-calypso: 156 - glt-s1atemctl: 157 - glt-s1atem: 158 - glt-s1switch: 159 - # Saal 2 - glt-s2mod: 160 - glt-s2slide: 161 - glt-s2speak: 162 - glt-s2info: 163 - glt-helene: 165 - glt-telesto: 166 - glt-s2atemctl: 167 - glt-s2atem: 168 - glt-s2switch: 169 - # Saal 3 - glt-s3mod: 170 - glt-s3slide: 171 - glt-s3speak: 172 - glt-s3info: 173 - glt-tsdatacop: 175 - glt-thetys: 176 - glt-s3atemctl: 177 - glt-s3atem: 178 - glt-s3switch: 179 - # misc - equinox-t450s: 190 - spel: 191 - glt-gw-r3: 199 - - r3_ff: - description: "realraum Funkfeuer Subnet, Internetuplink via Funkfeuer and mur.at" - vlan: 255 - prefix: 10.12.240.240/28 - gateway: 10.12.240.247 - dns: - - 10.12.0.10 - offsets: - glt-gw-r3: 8 - - murat_transfer: - description: "transfer network for upstream via mur.at" - prefix: 172.31.255.240/28 - offsets: - ele-tub: 1 - ff-10g: 2 - ele-mur: 14 - - tug_lan: - description: "glt@tug LAN, Internetuplink via TUG and ACOnet" - prefix: 192.168.27.0/24 - gateway: 192.168.27.254 - dns: - - 192.168.27.254 - dhcp: - start: 1 - limit: 199 - offsets: - glt-gw-tug: 254 diff --git a/inventory/group_vars/glt-live/vars.yml b/inventory/group_vars/glt-live/vars.yml deleted file mode 100644 index 65287b3a..00000000 --- a/inventory/group_vars/glt-live/vars.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -zsh_banner: linuxtage - -ssh_users_root: - - equinox - - spel - -acme_account_email: equinox@spreadspace.org -acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" - -apt_repo_blackmagic_auth: - username: "glt" - password: "{{ vault_apt_repo_blackmagic_auth.password }}" diff --git a/inventory/group_vars/linuxtage/vars.yml b/inventory/group_vars/linuxtage/vars.yml new file mode 100644 index 00000000..370ba5b2 --- /dev/null +++ b/inventory/group_vars/linuxtage/vars.yml @@ -0,0 +1,2 @@ +--- +zsh_banner: linuxtage diff --git a/inventory/host_vars/glt-calypso.yml b/inventory/host_vars/glt-calypso.yml deleted file mode 100644 index afa7766c..00000000 --- a/inventory/host_vars/glt-calypso.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -system_lvm_volume_size_root: 3G - -install: - efi: true - disks: - primary: /dev/disk/by-id/ata-OCZ-VERTEX2_OCZ-5328NA52AN84G246 - kernel_cmdline: - - "consoleblank=0" - - "nomodeset" - -network: - nameservers: "{{ network_zones.r3_lan.dns }}" - domain: "{{ host_domain }}" - primary: &_network_primary_ - name: eno1 - address: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets[inventory_hostname]) }}" - gateway: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets['glt-gw-r3']) | ansible.utils.ipaddr('address') }}" - interfaces: - - *_network_primary_ - - -apt_repo_components: - - main - - contrib ## for zfs - - non-free-firmware ## for microcode updates - -spreadspace_apt_repo_components: - - container - -zfs_arc_size: - min: 1GB - max: 2GB - -zfs_pools: - storage: - mountpoint: /srv/storage - create_vdevs: mirror /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720805 /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720811 - - -blackmagic_desktopvideo_version: 12.5a15 -blackmagic_desktopvideo_include_gui: yes - - -docker_pkg_provider: docker-com -docker_storage: - type: lvm - vg: "{{ host_name }}" - lv: docker - size: 15G - fs: ext4 - -kubelet_storage: - type: lvm - vg: "{{ host_name }}" - lv: kubelet - size: 10G - fs: ext4 - -kubernetes_version: 1.29.2 -kubernetes_container_runtime: docker -kubernetes_standalone_max_pods: 42 -kubernetes_standalone_cni_variant: with-portmap - - -recorder_storage: - type: zfs - pool: storage - name: recorder -recorder_base_path: /srv/storage/recorder -recorder_inst_name: feed-glt21s1 -recorder_ffmpeg_image_version: bookworm-decklink12.5-2024-02-18.33 -recorder_input: ['-f', 'decklink', '-video_input', 'sdi', '-format_code', 'Hp25', '-channels', '2', '-i', 'DeckLink SDI (1)'] -recorder_video_filter_common: "colorspace=iall=bt709:irange=tv:all=bt709:range=tv" - -recorder_segment_time: 3600 -recorder_segment_clocktime_offset: 3300 diff --git a/inventory/host_vars/glt-coturn.yml b/inventory/host_vars/glt-coturn.yml deleted file mode 100644 index 6dc0f5c4..00000000 --- a/inventory/host_vars/glt-coturn.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -docker_storage: - type: lvm - vg: "{{ host_name }}" - lv: docker - size: 5G - fs: ext4 - -kubelet_storage: - type: lvm - vg: "{{ host_name }}" - lv: kubelet - size: 5G - fs: ext4 - - -spreadspace_apt_repo_components: - - container - -acme_client: acmetool - - -kubernetes_version: 1.29.2 -kubernetes_container_runtime: docker -kubernetes_standalone_max_pods: 100 -kubernetes_standalone_pod_cidr: 192.168.255.0/24 -kubernetes_standalone_cni_variant: with-portmap - - -coturn_version: 4.6.2-r4 -coturn_realm: linuxtage.at -coturn_hostnames: - - cdn13.linuxtage.at - -coturn_auth_secret: "{{ vault_coturn_auth_secret }}" -coturn_listening_port: 3478 -coturn_tls_listening_port: 443 -coturn_install_nginx_vhost: no -coturn_tls: - certificate_provider: "{{ acme_client }}" - - -mumble_version: v1.4.287-4 -mumble_instance: linuxtage.at -mumble_hostnames: - - mumble.linuxtage.at -mumble_tls: - certificate_provider: "{{ acme_client }}" - -mumble_superuser_password: "{{ vault_mumble_superuser_password }}" - -mumble_config_options: - bonjour: false - sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5" - welcometext: "Willkommen im Mumble der Grazer Linuxtage <br>Intercom für Helfer und Orga während der GLT21" - rememberchannel: true diff --git a/inventory/host_vars/glt-gw-r3.yml b/inventory/host_vars/glt-gw-r3.yml deleted file mode 100644 index d5d8538e..00000000 --- a/inventory/host_vars/glt-gw-r3.yml +++ /dev/null @@ -1,147 +0,0 @@ ---- -openwrt_arch: x86 -openwrt_target: geode -openwrt_profile: generic -openwrt_output_image_suffixes: - - "{{ openwrt_profile }}-ext4-combined.img.gz" - -openwrt_packages_remove: - - ppp - - ppp-mod-pppoe - - firewall - - dnsmasq - - odhcpd-ipv6only -openwrt_packages_add: - - kmod-ipt-nat - - kmod-ipt-conntrack - - haveged - - htop - - ip - - less - - nano - - tcpdump-mini - - iperf - - iperf3 - - mtr - - iptraf-ng - - -openwrt_mixin: - /etc/dropbear/authorized_keys: - content: "{{ ssh_keys_root | join('\n') }}\n" - - /etc/htoprc: - file: "{{ global_files_dir }}/common/htoprc" - - /etc/rc.d/S22network-fw: - link: "../init.d/network-fw" - - /etc/rc.d/K92network-fw: - link: "../init.d/network-fw" - - /etc/init.d/network-fw: - mode: "0755" - content: | - #!/bin/sh /etc/rc.common - - START=22 - STOP=91 - - start() { - WAN_IF=$(uci get network.wan.device) - LAN_IF=$(uci get network.lan.device) - LAN_IP=$(uci get network.lan.ipaddr) - LAN_MASK=$(uci get network.lan.netmask) - - iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT - - ### external incoming - iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT - iptables -A INPUT -i "$WAN_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT - iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - ### internal - iptables -A INPUT -i "$LAN_IF" -p udp --dport 67 --sport 68 -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -p udp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -p tcp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - - iptables -A INPUT -i "$LAN_IF" -p icmp -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -p tcp --dport {{ ansible_port }} -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - iptables -A FORWARD -i "$LAN_IF" -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A FORWARD -i "$WAN_IF" -o "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j MASQUERADE - - ### default policies - iptables -P INPUT DROP - iptables -P FORWARD DROP - } - - stop() { - iptables -P INPUT ACCEPT - iptables -F INPUT - iptables -P FORWARD ACCEPT - iptables -F FORWARD - iptables -t nat -F POSTROUTING - } - -openwrt_uci: - system: - - name: system - options: - hostname: '{{ host_name }}' - timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' - ttylogin: '0' - log_size: '64' - urandom_seed: '0' - - - name: timeserver 'ntp' - options: - enabled: '1' - enable_server: '0' - server: - - '0.lede.pool.ntp.org' - - '1.lede.pool.ntp.org' - - '2.lede.pool.ntp.org' - - '3.lede.pool.ntp.org' - - dropbear: - - name: dropbear - options: - PasswordAuth: 'off' - RootPasswordAuth: 'off' - Port: '{{ ansible_port }}' - - network: - - name: globals 'globals' - options: - ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48" - - - name: interface 'loopback' - options: - device: lo - proto: static - ipaddr: 127.0.0.1 - netmask: 255.0.0.0 - - - name: interface 'wan' - options: - device: eth0 - proto: static - ipaddr: "{{ network_zones.r3_ff.prefix | ansible.utils.ipaddr(network_zones.r3_ff.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" - netmask: "{{ network_zones.r3_ff.prefix | ansible.utils.ipaddr('netmask') }}" - gateway: "{{ network_zones.r3_ff.gateway }}" - dns: "{{ network_zones.r3_ff.dns }}" - - - name: interface 'lan' - options: - device: eth1 - proto: static - ipaddr: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" - netmask: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr('netmask') }}" - - - name: interface 'unused' - options: - device: eth2 - proto: none diff --git a/inventory/host_vars/glt-gw-tug.yml b/inventory/host_vars/glt-gw-tug.yml deleted file mode 100644 index 5e1d0a45..00000000 --- a/inventory/host_vars/glt-gw-tug.yml +++ /dev/null @@ -1,177 +0,0 @@ ---- -openwrt_arch: x86 -openwrt_target: 64 -openwrt_profile: generic -openwrt_output_image_suffixes: - - "{{ openwrt_profile }}-ext4-combined.img.gz" - -openwrt_packages_remove: - - ppp - - ppp-mod-pppoe - - firewall -openwrt_packages_add: - - kmod-ipt-nat - - kmod-ipt-conntrack - - haveged - - htop - - ip - - less - - nano - - tcpdump-mini - - iperf - - iperf3 - - mtr - - iptraf-ng - - -openwrt_mixin: - /etc/dropbear/authorized_keys: - content: "{{ ssh_keys_root | join('\n') }}\n" - - /etc/htoprc: - file: "{{ global_files_dir }}/common/htoprc" - - /etc/rc.d/S22network-fw: - link: "../init.d/network-fw" - - /etc/rc.d/K92network-fw: - link: "../init.d/network-fw" - - /etc/init.d/network-fw: - mode: "0755" - content: | - #!/bin/sh /etc/rc.common - - START=22 - STOP=91 - - start() { - WAN_IF=$(uci get network.wan.device) - LAN_IF="br-lan" - LAN_IP=$(uci get network.lan.ipaddr) - LAN_MASK=$(uci get network.lan.netmask) - - iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT - - ### external incoming - iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT - iptables -A INPUT -i "$WAN_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT - iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - ### internal - iptables -A INPUT -i "$LAN_IF" -p udp --dport 67 --sport 68 -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -p udp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -p tcp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - - iptables -A INPUT -i "$LAN_IF" -p icmp -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -p tcp --dport {{ ansible_port }} -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - iptables -A FORWARD -i "$LAN_IF" -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A FORWARD -i "$WAN_IF" -o "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j MASQUERADE - - ### default policies - iptables -P INPUT DROP - iptables -P FORWARD DROP - } - - stop() { - iptables -P INPUT ACCEPT - iptables -F INPUT - iptables -P FORWARD ACCEPT - iptables -F FORWARD - iptables -t nat -F POSTROUTING - } - -openwrt_uci: - system: - - name: system - options: - hostname: '{{ host_name }}' - timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' - ttylogin: '0' - log_size: '64' - urandom_seed: '0' - - - name: timeserver 'ntp' - options: - enabled: '1' - enable_server: '0' - server: - - '0.lede.pool.ntp.org' - - '1.lede.pool.ntp.org' - - '2.lede.pool.ntp.org' - - '3.lede.pool.ntp.org' - - dropbear: - - name: dropbear - options: - PasswordAuth: 'off' - RootPasswordAuth: 'off' - Port: '{{ ansible_port }}' - - dhcp: - - name: dnsmasq - options: - domainneeded: '1' - boguspriv: '0' - filterwin2k: '0' - localise_queries: '1' - rebind_protection: '0' - rebind_localhost: '1' - local: '/lan/' - domain: 'lan' - expandhosts: '1' - nonegcache: '0' - authoritative: '1' - readethers: '1' - leasefile: '/tmp/dhcp.leases' - resolvfile: '/tmp/resolv.conf.auto' - localservice: '1' - - - name: odhcpd 'odhcpd' - options: - maindhcp: '0' - leasefile: '/tmp/hosts/odhcpd' - leasetrigger: '/usr/sbin/odhcpd-update' - - - name: dhcp 'wan' - options: - interface: 'wan' - ignore: '1' - - - name: dhcp 'lan' - options: - interface: 'lan' - start: "{{ network_zones.tug_lan.dhcp.start }}" - limit: "{{ network_zones.tug_lan.dhcp.limit }}" - leasetime: "{{ network_zones.tug_lan.dhcp.leasetime | default('12h') }}" - dhcpv6: 'disabled' - ra: 'disabled' - - network: - - name: globals 'globals' - options: - ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48" - - - name: interface 'loopback' - options: - device: lo - proto: static - ipaddr: 127.0.0.1 - netmask: 255.0.0.0 - - - name: interface 'lan' - options: - type: bridge - device: "eth0 eth1 eth2 eth3 eth4" - proto: static - ipaddr: "{{ network_zones.tug_lan.prefix | ansible.utils.ipaddr(network_zones.tug_lan.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" - netmask: "{{ network_zones.tug_lan.prefix | ansible.utils.ipaddr('netmask') }}" - - - name: interface 'wan' - options: - device: eth5 - proto: dhcp - macaddr: 00:11:22:33:44:55 diff --git a/inventory/host_vars/glt-meet2.yml b/inventory/host_vars/glt-jitsi.yml index b194b9f6..4242da92 100644 --- a/inventory/host_vars/glt-meet2.yml +++ b/inventory/host_vars/glt-jitsi.yml @@ -1,4 +1,10 @@ --- +install: + cloud: + credentials: + token: "{{ vault_hcloud_api_token }}" + + docker_storage: type: lvm vg: "{{ host_name }}" @@ -16,11 +22,13 @@ kubelet_storage: spreadspace_apt_repo_components: - container + - prometheus +acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -kubernetes_version: 1.29.2 +kubernetes_version: 1.29.3 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_cni_variant: with-portmap @@ -28,8 +36,8 @@ kubernetes_standalone_cni_variant: with-portmap jitsi_meet_base_path: /srv/jitsi/meet -jitsi_meet_version: stable-9258 -jitsi_meet_hostname: meet2.linuxtage.at +jitsi_meet_version: stable-9364-1 +jitsi_meet_hostname: glt-jitsi.spreadspace.org jitsi_meet_p2p_enable: no jitsi_meet_require_display_name: yes @@ -62,4 +70,4 @@ jitsi_meet_streamui: # http_auth: # operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}" image_tag: latest - default_control_room: glt + default_control_room: ohro0tum diff --git a/inventory/host_vars/glt-meet1.yml b/inventory/host_vars/glt-meet1.yml deleted file mode 100644 index a7d619c8..00000000 --- a/inventory/host_vars/glt-meet1.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -docker_storage: - type: lvm - vg: "{{ host_name }}" - lv: docker - size: 5G - fs: ext4 - -kubelet_storage: - type: lvm - vg: "{{ host_name }}" - lv: kubelet - size: 5G - fs: ext4 - - -spreadspace_apt_repo_components: - - container - -acme_client: acmetool - - -kubernetes_version: 1.29.2 -kubernetes_container_runtime: docker -kubernetes_standalone_max_pods: 100 -kubernetes_standalone_cni_variant: with-portmap - - -jitsi_meet_base_path: /srv/jitsi/meet - -jitsi_meet_version: stable-9258 -jitsi_meet_hostname: meet1.linuxtage.at - -jitsi_meet_p2p_enable: no -jitsi_meet_require_display_name: yes - -jitsi_meet_resolution: - default: - width: 1920 - height: 1080 - min: - width: 1280 - height: 720 - -jitsi_meet_jvb_config_extra: | - videobridge { - cc { - trust-bwe = false - onstage-preferred-framerate = 25 - } - } - -jitsi_meet_secrets: "{{ vault_jitsi_meet_secrets }}" - -jitsi_meet_auth: - enable_guests: yes - users: - operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}" - -jitsi_meet_streamui: - http_port: "{{ jitsi_meet_http_port + 1 }}" -# http_auth: -# operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}" - image_tag: latest - default_control_room: glt diff --git a/inventory/host_vars/glt-stream.yml b/inventory/host_vars/glt-stream.yml deleted file mode 100644 index db9292da..00000000 --- a/inventory/host_vars/glt-stream.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -lvm_volumes: - system/www: - vg: "{{ host_name }}" - lv: www - size: 10G - fs: ext4 - dest: /srv/www diff --git a/inventory/host_vars/glt-tsdatacop.yml b/inventory/host_vars/glt-tsdatacop.yml deleted file mode 100644 index c78513a6..00000000 --- a/inventory/host_vars/glt-tsdatacop.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -system_lvm_volume_size_root: 3G - -install: - efi: false - disks: - primary: /dev/disk/by-id/ata-WDC_WDS120G2G0A-00JH30_200854446208 - kernel_cmdline: - - "consoleblank=0" - -network: - nameservers: "{{ network_zones.r3_lan.dns }}" - domain: "{{ host_domain }}" - primary: &_network_primary_ - name: eno1 - address: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets[inventory_hostname]) }}" - gateway: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets['glt-gw-r3']) | ansible.utils.ipaddr('address') }}" - interfaces: - - *_network_primary_ - - -spreadspace_apt_repo_components: - - container - - -lvm_groups: - storage: - pvs: - - /dev/disk/by-id/ata-WDC_WD5000AAJS-00TKA0_WD-WCAPW2771922-part1 - - -blackmagic_desktopvideo_version: 12.5a15 -blackmagic_desktopvideo_include_gui: yes - - -docker_pkg_provider: docker-com -docker_storage: - type: lvm - vg: "{{ host_name }}" - lv: docker - size: 15G - fs: ext4 - -kubelet_storage: - type: lvm - vg: "{{ host_name }}" - lv: kubelet - size: 10G - fs: ext4 - -kubernetes_version: 1.29.2 -kubernetes_container_runtime: docker -kubernetes_standalone_max_pods: 42 -kubernetes_standalone_cni_variant: with-portmap - - -recorder_storage: - type: lvm - vg: storage - lv: recorder - size: 400G - fs: ext4 -recorder_base_path: /srv/recorder -recorder_inst_name: feed-glt21s3 -recorder_ffmpeg_image_version: bookworm-decklink12.5-2024-02-18.33 -recorder_input: ['-f', 'decklink', '-video_input', 'sdi', '-format_code', 'Hp25', '-channels', '2', '-i', 'DeckLink Mini Recorder'] -recorder_video_filter_common: "colorspace=iall=bt709:irange=tv:all=bt709:range=tv" - -recorder_segment_time: 3600 -recorder_segment_clocktime_offset: 3300 diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 376ec48e..994b1243 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -142,32 +142,15 @@ s2-mr-snuggles host_name=mr-snuggles s2-chromebook host_name=chromebook -[glt-live:vars] -host_domain=linuxtage.at +[linuxtage:vars] +host_domain=spreadspace.org env_group=spreadspace -[glt-live:children] -glt-live-misc -glt-live-r3 -glt-live-tug - -[glt-live-misc] -glt-coturn host_name=cdn13 -glt-meet1 host_name=meet1 -glt-meet2 host_name=meet2 -glt-stream host_name=stream - -[glt-live-r3] -glt-gw-r3 host_name=gw-r3 -#glt-dione host_name=dione -#glt-helene host_name=helene -glt-calypso host_name=calypso -#glt-telesto host_name=telesto -glt-tsdatacop host_name=tsdatacop -#glt-thetys host_name=thetys +[linuxtage] +glt-jitsi -[glt-live-tug] -glt-gw-tug host_name=gw-tug +[linuxtage:children] +glt-c3voc [glt-c3voc:vars] @@ -318,8 +301,6 @@ ch-gw-c3voc ch-raspi-openwrt mz-ap mz-router -glt-gw-r3 -glt-gw-tug ele-router-hmtsaal ele-router-orpheum ele-router-emc @@ -535,10 +516,6 @@ ch-mimas ele-lt ele-coturn ele-jitsi -glt-coturn -glt-meet1 -glt-meet2 -glt-stream [hcloud:children] elevate-mediachannel-relay @@ -607,15 +584,6 @@ ele-jitsi s2-thetys sk-tomnext-nc ch-thetys -glt-coturn -glt-meet1 -glt-meet2 -glt-dione -glt-helene -glt-calypso -glt-telesto -glt-tsdatacop -glt-thetys sk-testvm ch-testvm-prometheus ch-companion-raspi |