cleanup old linuxtage stuff and add new glt-jitsi

author: Christian Pointner <equinox@spreadspace.org> 2024-04-03 20:18:22 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2024-04-03 20:18:22 +0200
commit: b90a0f8dfdcfc045bdfef50ce0e91bbd056f3d47 (patch)
tree: e4a3b32502905113b1c1a499ee6a2a10e3af78c3 /inventory
parent: nginx/vhost: fix string concat issue incase nginx_vhost.name is not a string (diff)
15 files changed, 20 insertions, 753 deletions
diff --git a/inventory/group_vars/glt-c3voc/vars.yml b/inventory/group_vars/glt-c3voc/vars.yml
index 65185f33..9ed69195 100644
--- a/inventory/group_vars/glt-c3voc/vars.yml
+++ b/inventory/group_vars/glt-c3voc/vars.yml
@@ -1,6 +1,4 @@
 ---
-zsh_banner: linuxtage
-
 ssh_users_root:
   - equinox
   - kunsi
diff --git a/inventory/group_vars/glt-live-misc/vars.yml b/inventory/group_vars/glt-live-misc/vars.yml
deleted file mode 100644
index 4f1862b5..00000000
--- a/inventory/group_vars/glt-live-misc/vars.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-install:
-  cloud:
-    credentials:
-      token: "{{ vault_hcloud_api_token }}"
-
-
-apt_repo_provider: hetzner
-
-ssh_keys_root_extra:
-  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/tPDEC1q6YIhKKYK3ioN+flmB2ACw0X7rew144g71jeD1/ZXt2JaPJND8TiGAITtM7jOAc6EVHCjpRrA71+tOu119T/0ewRDTTg1B+X7/MgiXtV7OaG0SuxULrzHv2oH0XWX750EKqdRN56uw2WKkyHQafKgPULIYcRKuj2NbUxh3jnbwA3yaPZ47I+nSRUuLLPr87eoaeJB0LYvK0DfDoe5jlwds8lp20jbY5SVYlPH+tqRo//hiYWbEUL5h3aFqOlphXp3eTnK1uUfWoII6IEudMfj7+ajn17CDd9THMNyIN7EdyZ7Lum9sIMjU1JGbT+xW1t6VVx0pGY2zmTt6XTVYrGmc/T/yD+aQZHKtaiRrvZiL5Izl5gkrvXgFmjgebMlLm6adplqK239PoyjgVjxBiZbKwsEq+YmNrCWImwoJ7d1j52Z0CqIcWF6DrXbT0nAFuIYayVjBSMvf2/dnan6NhYPxj+yfAUVUkhza5jtVW6woIgJlZ5Zi3rXmXDE= emergency@glt
-  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHB2GxQrL18sfbdgTvaimYR/F94UtZ3BMA8cNQyTzT8h martin@adelmann
-  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvzYsE/QAjqvmNU1MoYzd9FTe+xmNadvosoQHyyXYh5qBQYI5AfCpeZmkHgSrdUOiA4Z6BOW5RvDjbHQlQK2D3I1uuCSGIt830t4btbuffCw+6HpnZ9Q7Q/1GKLaUH+qdHISoNmt+3eFUPr3Xg5CK3fJ8zfCxjagHxn7AVXPBqJK5fRYtmXLNVo8NaoTe3o3YhChD7sR1FlzZhFIeqVHFJxvwFYtYbXfwsJI43oQON+oxHCIRodJDrUwsqBXIeqxJGBi/UjTHLaxBpy89oi5kZjPhmZDu3vyJpcEn9vkVpwKgKK110Zya2F07CXLTE/6VoetwAYeWDBiZiXfbLI7SPr1PZ+wkd8UX/evdEhJhh3ySW9Gi3n2AzCz8tUJPJvDxqr+KpiI138dYLAyuLoRK4I2MbvO/5/zAqByZP10Ru3MLunHrNsiI/pSu4bvOnwM8F71w9fkTuv5jOeIJo5YHupJZsl7LfcRwokxFMhJ2bk5fiJFvDeHkCKfnlq/dq7zk= lukas@regular
-  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5dIGN5o3LKThsA/hnTqazsVW5UNuGxia6Kheq40UChnfiF0+XaNRgXZYWO9HvKO0Cer9srZy9Ok1YirQBHAujRZmvnk3il7cbxepD+j2+oPaL57mevYD5lBzVqoqANCaTaq5if7aQEwGOqgz1HFtU44ElgAEjamwFfAOG3WPckOjGmqnSGQrS7+tZg/Z8S7d1zjbUJvXbvwehMpFz8pun2E1FhFrDWmmP4bA4GXGMAZvXDQ5bLeb4uspUI2N8oAFGvf5SxXLiZx2VmOf6ZIVS4FZqweR6wI0C8RBJuvAtzThZgaCY3kIrQKxD+eYYgBJB+mMYySoUQBFHaBW967v5T+2uR9oxD8l21lb39E3R6fhn3YM4BTv67GR2B1fvryu7Wz5u5wMW6dOptpVoyVaYbQAUcb0wRhzZzDjoL7xH+dYio6rs4BjtpWjspi0tRtN/L7H59qvZLxzK/VsBj82t2fXylE+/LnZQ+yNvcqHteJS+VH4LxTNOzqlaaRJ0GYs= ansible@glt
-  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCdm5WCNt0ul9R7B8ndbuh8aw+OWXDEx0jjXI2Ep8TcjXlo7b2NScunqZHA9WkLNNi8f46N1c2UYm7LVrLFs1mWaaVPeM0jzBHPXCVJPJDMiWPfdxsIQqKM+q09kVlGGNGQvEeVYVLPg+K2t/sEdPgjb7/UhOblurQhQewWvvypReVLhPU5K8/ZCh/uXHmBxmp0kcm0UhIJ73tjdpIoeseQgA7FjA/h1lKKakChu3kqGHL0FJmH9ZcMfPkYUziQ6hv583PrU03vq5Q3J+tyXR3ytY1yqTUntnkHHE6e2Q3zfFWZcrhgUG6UOch2exv1vH2c1yBL3EYecZ/1s2gx/7QX0rrP2byMRorvnAY06rIQ5HXBJrUMEPsiTM16EfLHC1CsolsKTEQ+2DrrqSCACJmO+La8QunqA6l0G2SnRCW6I/A3RATzP6V2bUuJpBnS3hVfP5Q11xO+8zfu/58i3S3EaMNsUc8GwxJ9L6sjTO3W2LQ1UsG2fECPm9Ghec6iJyM= spel@lspe.organsible
diff --git a/inventory/group_vars/glt-live-r3/vars.yml b/inventory/group_vars/glt-live-r3/vars.yml
deleted file mode 100644
index 8c360f8d..00000000
--- a/inventory/group_vars/glt-live-r3/vars.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-apt_repo_provider: anexia
-#apt_repo_provider: ffgraz
diff --git a/inventory/group_vars/glt-live/network.yml b/inventory/group_vars/glt-live/network.yml
deleted file mode 100644
index e78ddd2d..00000000
--- a/inventory/group_vars/glt-live/network.yml
+++ /dev/null
@@ -1,78 +0,0 @@
----
-network_zones:
-  r3_lan:
-    description: "realraum LAN, Internetuplink via Magenta"
-    vlan: 127
-    prefix: 192.168.127.0/24
-    gateway: 192.168.127.254
-    dns:
-    - 192.168.127.254
-    dhcp:
-      start: 1
-      limit: 149
-    offsets:
-      # Saal 1
-      glt-s1mod: 150
-      glt-s1slide: 151
-      glt-s1speak1: 152
-      glt-s1speak2: 153
-      glt-s1info: 154
-      glt-dione: 155
-      glt-calypso: 156
-      glt-s1atemctl: 157
-      glt-s1atem: 158
-      glt-s1switch: 159
-      # Saal 2
-      glt-s2mod: 160
-      glt-s2slide: 161
-      glt-s2speak: 162
-      glt-s2info: 163
-      glt-helene: 165
-      glt-telesto: 166
-      glt-s2atemctl: 167
-      glt-s2atem: 168
-      glt-s2switch: 169
-      # Saal 3
-      glt-s3mod: 170
-      glt-s3slide: 171
-      glt-s3speak: 172
-      glt-s3info: 173
-      glt-tsdatacop: 175
-      glt-thetys: 176
-      glt-s3atemctl: 177
-      glt-s3atem: 178
-      glt-s3switch: 179
-      # misc
-      equinox-t450s: 190
-      spel: 191
-      glt-gw-r3: 199
-
-  r3_ff:
-    description: "realraum Funkfeuer Subnet, Internetuplink via Funkfeuer and mur.at"
-    vlan: 255
-    prefix: 10.12.240.240/28
-    gateway: 10.12.240.247
-    dns:
-    - 10.12.0.10
-    offsets:
-      glt-gw-r3: 8
-
-  murat_transfer:
-    description: "transfer network for upstream via mur.at"
-    prefix: 172.31.255.240/28
-    offsets:
-      ele-tub: 1
-      ff-10g: 2
-      ele-mur: 14
-
-  tug_lan:
-    description: "glt@tug LAN, Internetuplink via TUG and ACOnet"
-    prefix: 192.168.27.0/24
-    gateway: 192.168.27.254
-    dns:
-    - 192.168.27.254
-    dhcp:
-      start: 1
-      limit: 199
-    offsets:
-      glt-gw-tug: 254
diff --git a/inventory/group_vars/glt-live/vars.yml b/inventory/group_vars/glt-live/vars.yml
deleted file mode 100644
index 65287b3a..00000000
--- a/inventory/group_vars/glt-live/vars.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-zsh_banner: linuxtage
-
-ssh_users_root:
-  - equinox
-  - spel
-
-acme_account_email: equinox@spreadspace.org
-acme_directory_server: "{{ acme_directory_server_le_live_v2 }}"
-
-apt_repo_blackmagic_auth:
-  username: "glt"
-  password: "{{ vault_apt_repo_blackmagic_auth.password }}"
diff --git a/inventory/group_vars/linuxtage/vars.yml b/inventory/group_vars/linuxtage/vars.yml
new file mode 100644
index 00000000..370ba5b2
--- /dev/null
+++ b/inventory/group_vars/linuxtage/vars.yml
@@ -0,0 +1,2 @@
+---
+zsh_banner: linuxtage
diff --git a/inventory/host_vars/glt-calypso.yml b/inventory/host_vars/glt-calypso.yml
deleted file mode 100644
index afa7766c..00000000
--- a/inventory/host_vars/glt-calypso.yml
+++ /dev/null
@@ -1,77 +0,0 @@
----
-system_lvm_volume_size_root: 3G
-
-install:
-  efi: true
-  disks:
-    primary: /dev/disk/by-id/ata-OCZ-VERTEX2_OCZ-5328NA52AN84G246
-  kernel_cmdline:
-    - "consoleblank=0"
-    - "nomodeset"
-
-network:
-  nameservers: "{{ network_zones.r3_lan.dns }}"
-  domain: "{{ host_domain }}"
-  primary: &_network_primary_
-    name: eno1
-    address: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets[inventory_hostname]) }}"
-    gateway: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets['glt-gw-r3']) | ansible.utils.ipaddr('address') }}"
-  interfaces:
-  - *_network_primary_
-
-
-apt_repo_components:
-  - main
-  - contrib ## for zfs
-  - non-free-firmware ## for microcode updates
-
-spreadspace_apt_repo_components:
-  - container
-
-zfs_arc_size:
-  min: 1GB
-  max: 2GB
-
-zfs_pools:
-  storage:
-    mountpoint: /srv/storage
-    create_vdevs: mirror /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720805 /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720811
-
-
-blackmagic_desktopvideo_version: 12.5a15
-blackmagic_desktopvideo_include_gui: yes
-
-
-docker_pkg_provider: docker-com
-docker_storage:
-  type: lvm
-  vg: "{{ host_name }}"
-  lv: docker
-  size: 15G
-  fs: ext4
-
-kubelet_storage:
-  type: lvm
-  vg: "{{ host_name }}"
-  lv: kubelet
-  size: 10G
-  fs: ext4
-
-kubernetes_version: 1.29.2
-kubernetes_container_runtime: docker
-kubernetes_standalone_max_pods: 42
-kubernetes_standalone_cni_variant: with-portmap
-
-
-recorder_storage:
-  type: zfs
-  pool: storage
-  name: recorder
-recorder_base_path: /srv/storage/recorder
-recorder_inst_name: feed-glt21s1
-recorder_ffmpeg_image_version: bookworm-decklink12.5-2024-02-18.33
-recorder_input: ['-f', 'decklink', '-video_input', 'sdi', '-format_code', 'Hp25', '-channels', '2', '-i', 'DeckLink SDI (1)']
-recorder_video_filter_common: "colorspace=iall=bt709:irange=tv:all=bt709:range=tv"
-
-recorder_segment_time: 3600
-recorder_segment_clocktime_offset: 3300
diff --git a/inventory/host_vars/glt-coturn.yml b/inventory/host_vars/glt-coturn.yml
deleted file mode 100644
index 6dc0f5c4..00000000
--- a/inventory/host_vars/glt-coturn.yml
+++ /dev/null
@@ -1,56 +0,0 @@
----
-docker_storage:
-  type: lvm
-  vg: "{{ host_name }}"
-  lv: docker
-  size: 5G
-  fs: ext4
-
-kubelet_storage:
-  type: lvm
-  vg: "{{ host_name }}"
-  lv: kubelet
-  size: 5G
-  fs: ext4
-
-
-spreadspace_apt_repo_components:
-  - container
-
-acme_client: acmetool
-
-
-kubernetes_version: 1.29.2
-kubernetes_container_runtime: docker
-kubernetes_standalone_max_pods: 100
-kubernetes_standalone_pod_cidr: 192.168.255.0/24
-kubernetes_standalone_cni_variant: with-portmap
-
-
-coturn_version: 4.6.2-r4
-coturn_realm: linuxtage.at
-coturn_hostnames:
- - cdn13.linuxtage.at
-
-coturn_auth_secret: "{{ vault_coturn_auth_secret }}"
-coturn_listening_port: 3478
-coturn_tls_listening_port: 443
-coturn_install_nginx_vhost: no
-coturn_tls:
-  certificate_provider: "{{ acme_client }}"
-
-
-mumble_version: v1.4.287-4
-mumble_instance: linuxtage.at
-mumble_hostnames:
- - mumble.linuxtage.at
-mumble_tls:
-  certificate_provider: "{{ acme_client }}"
-
-mumble_superuser_password: "{{ vault_mumble_superuser_password }}"
-
-mumble_config_options:
-  bonjour: false
-  sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5"
-  welcometext: "Willkommen im Mumble der Grazer Linuxtage <br>Intercom für Helfer und Orga während der GLT21"
-  rememberchannel: true
diff --git a/inventory/host_vars/glt-gw-r3.yml b/inventory/host_vars/glt-gw-r3.yml
deleted file mode 100644
index d5d8538e..00000000
--- a/inventory/host_vars/glt-gw-r3.yml
+++ /dev/null
@@ -1,147 +0,0 @@
----
-openwrt_arch: x86
-openwrt_target: geode
-openwrt_profile: generic
-openwrt_output_image_suffixes:
-  - "{{ openwrt_profile }}-ext4-combined.img.gz"
-
-openwrt_packages_remove:
-  - ppp
-  - ppp-mod-pppoe
-  - firewall
-  - dnsmasq
-  - odhcpd-ipv6only
-openwrt_packages_add:
-  - kmod-ipt-nat
-  - kmod-ipt-conntrack
-  - haveged
-  - htop
-  - ip
-  - less
-  - nano
-  - tcpdump-mini
-  - iperf
-  - iperf3
-  - mtr
-  - iptraf-ng
-
-
-openwrt_mixin:
-  /etc/dropbear/authorized_keys:
-    content: "{{ ssh_keys_root | join('\n') }}\n"
-
-  /etc/htoprc:
-    file: "{{ global_files_dir }}/common/htoprc"
-
-  /etc/rc.d/S22network-fw:
-    link: "../init.d/network-fw"
-
-  /etc/rc.d/K92network-fw:
-    link: "../init.d/network-fw"
-
-  /etc/init.d/network-fw:
-    mode: "0755"
-    content: |
-      #!/bin/sh /etc/rc.common
-
-      START=22
-      STOP=91
-
-      start() {
-        WAN_IF=$(uci get network.wan.device)
-        LAN_IF=$(uci get network.lan.device)
-        LAN_IP=$(uci get network.lan.ipaddr)
-        LAN_MASK=$(uci get network.lan.netmask)
-
-        iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT
-
-        ### external incoming
-        iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT
-        iptables -A INPUT -i "$WAN_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT
-        iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-
-        ### internal
-        iptables -A INPUT -i "$LAN_IF" -p udp --dport 67 --sport 68 -j ACCEPT
-        iptables -A INPUT -i "$LAN_IF" -p udp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
-        iptables -A INPUT -i "$LAN_IF" -p tcp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
-
-        iptables -A INPUT -i "$LAN_IF" -p icmp -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
-        iptables -A INPUT -i "$LAN_IF" -p tcp --dport {{ ansible_port }} -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
-        iptables -A INPUT -i "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-
-        iptables -A FORWARD -i "$LAN_IF" -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
-        iptables -A FORWARD -i "$WAN_IF" -o "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-        iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j MASQUERADE
-
-        ### default policies
-        iptables -P INPUT DROP
-        iptables -P FORWARD DROP
-      }
-
-      stop() {
-        iptables -P INPUT ACCEPT
-        iptables -F INPUT
-        iptables -P FORWARD ACCEPT
-        iptables -F FORWARD
-        iptables -t nat -F POSTROUTING
-      }
-
-openwrt_uci:
-  system:
-    - name: system
-      options:
-        hostname: '{{ host_name }}'
-        timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
-        ttylogin: '0'
-        log_size: '64'
-        urandom_seed: '0'
-
-    - name: timeserver 'ntp'
-      options:
-        enabled: '1'
-        enable_server: '0'
-        server:
-          - '0.lede.pool.ntp.org'
-          - '1.lede.pool.ntp.org'
-          - '2.lede.pool.ntp.org'
-          - '3.lede.pool.ntp.org'
-
-  dropbear:
-    - name: dropbear
-      options:
-        PasswordAuth: 'off'
-        RootPasswordAuth: 'off'
-        Port: '{{ ansible_port }}'
-
-  network:
-    - name: globals 'globals'
-      options:
-        ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
-
-    - name: interface 'loopback'
-      options:
-        device: lo
-        proto: static
-        ipaddr: 127.0.0.1
-        netmask: 255.0.0.0
-
-    - name: interface 'wan'
-      options:
-        device: eth0
-        proto: static
-        ipaddr: "{{ network_zones.r3_ff.prefix | ansible.utils.ipaddr(network_zones.r3_ff.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}"
-        netmask: "{{ network_zones.r3_ff.prefix | ansible.utils.ipaddr('netmask') }}"
-        gateway: "{{ network_zones.r3_ff.gateway }}"
-        dns: "{{ network_zones.r3_ff.dns }}"
-
-    - name: interface 'lan'
-      options:
-        device: eth1
-        proto: static
-        ipaddr: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}"
-        netmask: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr('netmask') }}"
-
-    - name: interface 'unused'
-      options:
-        device: eth2
-        proto: none
diff --git a/inventory/host_vars/glt-gw-tug.yml b/inventory/host_vars/glt-gw-tug.yml
deleted file mode 100644
index 5e1d0a45..00000000
--- a/inventory/host_vars/glt-gw-tug.yml
+++ /dev/null
@@ -1,177 +0,0 @@
----
-openwrt_arch: x86
-openwrt_target: 64
-openwrt_profile: generic
-openwrt_output_image_suffixes:
-  - "{{ openwrt_profile }}-ext4-combined.img.gz"
-
-openwrt_packages_remove:
-  - ppp
-  - ppp-mod-pppoe
-  - firewall
-openwrt_packages_add:
-  - kmod-ipt-nat
-  - kmod-ipt-conntrack
-  - haveged
-  - htop
-  - ip
-  - less
-  - nano
-  - tcpdump-mini
-  - iperf
-  - iperf3
-  - mtr
-  - iptraf-ng
-
-
-openwrt_mixin:
-  /etc/dropbear/authorized_keys:
-    content: "{{ ssh_keys_root | join('\n') }}\n"
-
-  /etc/htoprc:
-    file: "{{ global_files_dir }}/common/htoprc"
-
-  /etc/rc.d/S22network-fw:
-    link: "../init.d/network-fw"
-
-  /etc/rc.d/K92network-fw:
-    link: "../init.d/network-fw"
-
-  /etc/init.d/network-fw:
-    mode: "0755"
-    content: |
-      #!/bin/sh /etc/rc.common
-
-      START=22
-      STOP=91
-
-      start() {
-        WAN_IF=$(uci get network.wan.device)
-        LAN_IF="br-lan"
-        LAN_IP=$(uci get network.lan.ipaddr)
-        LAN_MASK=$(uci get network.lan.netmask)
-
-        iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT
-
-        ### external incoming
-        iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT
-        iptables -A INPUT -i "$WAN_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT
-        iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-
-        ### internal
-        iptables -A INPUT -i "$LAN_IF" -p udp --dport 67 --sport 68 -j ACCEPT
-        iptables -A INPUT -i "$LAN_IF" -p udp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
-        iptables -A INPUT -i "$LAN_IF" -p tcp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
-
-        iptables -A INPUT -i "$LAN_IF" -p icmp -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
-        iptables -A INPUT -i "$LAN_IF" -p tcp --dport {{ ansible_port }} -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
-        iptables -A INPUT -i "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-
-        iptables -A FORWARD -i "$LAN_IF" -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
-        iptables -A FORWARD -i "$WAN_IF" -o "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-        iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j MASQUERADE
-
-        ### default policies
-        iptables -P INPUT DROP
-        iptables -P FORWARD DROP
-      }
-
-      stop() {
-        iptables -P INPUT ACCEPT
-        iptables -F INPUT
-        iptables -P FORWARD ACCEPT
-        iptables -F FORWARD
-        iptables -t nat -F POSTROUTING
-      }
-
-openwrt_uci:
-  system:
-    - name: system
-      options:
-        hostname: '{{ host_name }}'
-        timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
-        ttylogin: '0'
-        log_size: '64'
-        urandom_seed: '0'
-
-    - name: timeserver 'ntp'
-      options:
-        enabled: '1'
-        enable_server: '0'
-        server:
-          - '0.lede.pool.ntp.org'
-          - '1.lede.pool.ntp.org'
-          - '2.lede.pool.ntp.org'
-          - '3.lede.pool.ntp.org'
-
-  dropbear:
-    - name: dropbear
-      options:
-        PasswordAuth: 'off'
-        RootPasswordAuth: 'off'
-        Port: '{{ ansible_port }}'
-
-  dhcp:
-    - name: dnsmasq
-      options:
-        domainneeded: '1'
-        boguspriv: '0'
-        filterwin2k: '0'
-        localise_queries: '1'
-        rebind_protection: '0'
-        rebind_localhost: '1'
-        local: '/lan/'
-        domain: 'lan'
-        expandhosts: '1'
-        nonegcache: '0'
-        authoritative: '1'
-        readethers: '1'
-        leasefile: '/tmp/dhcp.leases'
-        resolvfile: '/tmp/resolv.conf.auto'
-        localservice: '1'
-
-    - name: odhcpd 'odhcpd'
-      options:
-        maindhcp: '0'
-        leasefile: '/tmp/hosts/odhcpd'
-        leasetrigger: '/usr/sbin/odhcpd-update'
-
-    - name: dhcp 'wan'
-      options:
-        interface: 'wan'
-        ignore: '1'
-
-    - name: dhcp 'lan'
-      options:
-        interface: 'lan'
-        start: "{{ network_zones.tug_lan.dhcp.start }}"
-        limit: "{{ network_zones.tug_lan.dhcp.limit }}"
-        leasetime: "{{ network_zones.tug_lan.dhcp.leasetime | default('12h') }}"
-        dhcpv6: 'disabled'
-        ra: 'disabled'
-
-  network:
-    - name: globals 'globals'
-      options:
-        ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
-
-    - name: interface 'loopback'
-      options:
-        device: lo
-        proto: static
-        ipaddr: 127.0.0.1
-        netmask: 255.0.0.0
-
-    - name: interface 'lan'
-      options:
-        type: bridge
-        device: "eth0 eth1 eth2 eth3 eth4"
-        proto: static
-        ipaddr: "{{ network_zones.tug_lan.prefix | ansible.utils.ipaddr(network_zones.tug_lan.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}"
-        netmask: "{{ network_zones.tug_lan.prefix | ansible.utils.ipaddr('netmask') }}"
-
-    - name: interface 'wan'
-      options:
-        device: eth5
-        proto: dhcp
-        macaddr: 00:11:22:33:44:55
diff --git a/inventory/host_vars/glt-meet2.yml b/inventory/host_vars/glt-jitsi.yml
index b194b9f6..4242da92 100644
--- a/inventory/host_vars/glt-meet2.yml
+++ b/inventory/host_vars/glt-jitsi.yml
@@ -1,4 +1,10 @@
 ---
+install:
+  cloud:
+    credentials:
+      token: "{{ vault_hcloud_api_token }}"
+
+
 docker_storage:
   type: lvm
   vg: "{{ host_name }}"
@@ -16,11 +22,13 @@ kubelet_storage:
 
 spreadspace_apt_repo_components:
   - container
+  - prometheus
 
+acme_directory_server: "{{ acme_directory_server_le_live_v2 }}"
 acme_client: acmetool
 
 
-kubernetes_version: 1.29.2
+kubernetes_version: 1.29.3
 kubernetes_container_runtime: docker
 kubernetes_standalone_max_pods: 100
 kubernetes_standalone_cni_variant: with-portmap
@@ -28,8 +36,8 @@ kubernetes_standalone_cni_variant: with-portmap
 
 jitsi_meet_base_path: /srv/jitsi/meet
 
-jitsi_meet_version: stable-9258
-jitsi_meet_hostname: meet2.linuxtage.at
+jitsi_meet_version: stable-9364-1
+jitsi_meet_hostname: glt-jitsi.spreadspace.org
 
 jitsi_meet_p2p_enable: no
 jitsi_meet_require_display_name: yes
@@ -62,4 +70,4 @@ jitsi_meet_streamui:
 #  http_auth:
 #    operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}"
   image_tag: latest
-  default_control_room: glt
+  default_control_room: ohro0tum
diff --git a/inventory/host_vars/glt-meet1.yml b/inventory/host_vars/glt-meet1.yml
deleted file mode 100644
index a7d619c8..00000000
--- a/inventory/host_vars/glt-meet1.yml
+++ /dev/null
@@ -1,65 +0,0 @@
----
-docker_storage:
-  type: lvm
-  vg: "{{ host_name }}"
-  lv: docker
-  size: 5G
-  fs: ext4
-
-kubelet_storage:
-  type: lvm
-  vg: "{{ host_name }}"
-  lv: kubelet
-  size: 5G
-  fs: ext4
-
-
-spreadspace_apt_repo_components:
-  - container
-
-acme_client: acmetool
-
-
-kubernetes_version: 1.29.2
-kubernetes_container_runtime: docker
-kubernetes_standalone_max_pods: 100
-kubernetes_standalone_cni_variant: with-portmap
-
-
-jitsi_meet_base_path: /srv/jitsi/meet
-
-jitsi_meet_version: stable-9258
-jitsi_meet_hostname: meet1.linuxtage.at
-
-jitsi_meet_p2p_enable: no
-jitsi_meet_require_display_name: yes
-
-jitsi_meet_resolution:
-  default:
-    width: 1920
-    height: 1080
-  min:
-    width: 1280
-    height: 720
-
-jitsi_meet_jvb_config_extra: |
-  videobridge {
-    cc {
-      trust-bwe = false
-      onstage-preferred-framerate = 25
-    }
-  }
-
-jitsi_meet_secrets: "{{ vault_jitsi_meet_secrets }}"
-
-jitsi_meet_auth:
-  enable_guests: yes
-  users:
-    operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}"
-
-jitsi_meet_streamui:
-  http_port: "{{ jitsi_meet_http_port + 1 }}"
-#  http_auth:
-#    operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}"
-  image_tag: latest
-  default_control_room: glt
diff --git a/inventory/host_vars/glt-stream.yml b/inventory/host_vars/glt-stream.yml
deleted file mode 100644
index db9292da..00000000
--- a/inventory/host_vars/glt-stream.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-lvm_volumes:
-  system/www:
-    vg: "{{ host_name }}"
-    lv: www
-    size: 10G
-    fs: ext4
-    dest: /srv/www
diff --git a/inventory/host_vars/glt-tsdatacop.yml b/inventory/host_vars/glt-tsdatacop.yml
deleted file mode 100644
index c78513a6..00000000
--- a/inventory/host_vars/glt-tsdatacop.yml
+++ /dev/null
@@ -1,70 +0,0 @@
----
-system_lvm_volume_size_root: 3G
-
-install:
-  efi: false
-  disks:
-    primary: /dev/disk/by-id/ata-WDC_WDS120G2G0A-00JH30_200854446208
-  kernel_cmdline:
-    - "consoleblank=0"
-
-network:
-  nameservers: "{{ network_zones.r3_lan.dns }}"
-  domain: "{{ host_domain }}"
-  primary: &_network_primary_
-    name: eno1
-    address: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets[inventory_hostname]) }}"
-    gateway: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets['glt-gw-r3']) | ansible.utils.ipaddr('address') }}"
-  interfaces:
-  - *_network_primary_
-
-
-spreadspace_apt_repo_components:
-  - container
-
-
-lvm_groups:
-  storage:
-    pvs:
-    - /dev/disk/by-id/ata-WDC_WD5000AAJS-00TKA0_WD-WCAPW2771922-part1
-
-
-blackmagic_desktopvideo_version: 12.5a15
-blackmagic_desktopvideo_include_gui: yes
-
-
-docker_pkg_provider: docker-com
-docker_storage:
-  type: lvm
-  vg: "{{ host_name }}"
-  lv: docker
-  size: 15G
-  fs: ext4
-
-kubelet_storage:
-  type: lvm
-  vg: "{{ host_name }}"
-  lv: kubelet
-  size: 10G
-  fs: ext4
-
-kubernetes_version: 1.29.2
-kubernetes_container_runtime: docker
-kubernetes_standalone_max_pods: 42
-kubernetes_standalone_cni_variant: with-portmap
-
-
-recorder_storage:
-  type: lvm
-  vg: storage
-  lv: recorder
-  size: 400G
-  fs: ext4
-recorder_base_path: /srv/recorder
-recorder_inst_name: feed-glt21s3
-recorder_ffmpeg_image_version: bookworm-decklink12.5-2024-02-18.33
-recorder_input: ['-f', 'decklink', '-video_input', 'sdi', '-format_code', 'Hp25', '-channels', '2', '-i', 'DeckLink Mini Recorder']
-recorder_video_filter_common: "colorspace=iall=bt709:irange=tv:all=bt709:range=tv"
-
-recorder_segment_time: 3600
-recorder_segment_clocktime_offset: 3300
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index 376ec48e..994b1243 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -142,32 +142,15 @@ s2-mr-snuggles host_name=mr-snuggles
 s2-chromebook host_name=chromebook
 
 
-[glt-live:vars]
-host_domain=linuxtage.at
+[linuxtage:vars]
+host_domain=spreadspace.org
 env_group=spreadspace
 
-[glt-live:children]
-glt-live-misc
-glt-live-r3
-glt-live-tug
-
-[glt-live-misc]
-glt-coturn host_name=cdn13
-glt-meet1 host_name=meet1
-glt-meet2 host_name=meet2
-glt-stream host_name=stream
-
-[glt-live-r3]
-glt-gw-r3 host_name=gw-r3
-#glt-dione host_name=dione
-#glt-helene host_name=helene
-glt-calypso host_name=calypso
-#glt-telesto host_name=telesto
-glt-tsdatacop host_name=tsdatacop
-#glt-thetys host_name=thetys
+[linuxtage]
+glt-jitsi
 
-[glt-live-tug]
-glt-gw-tug host_name=gw-tug
+[linuxtage:children]
+glt-c3voc
 
 
 [glt-c3voc:vars]
@@ -318,8 +301,6 @@ ch-gw-c3voc
 ch-raspi-openwrt
 mz-ap
 mz-router
-glt-gw-r3
-glt-gw-tug
 ele-router-hmtsaal
 ele-router-orpheum
 ele-router-emc
@@ -535,10 +516,6 @@ ch-mimas
 ele-lt
 ele-coturn
 ele-jitsi
-glt-coturn
-glt-meet1
-glt-meet2
-glt-stream
 
 [hcloud:children]
 elevate-mediachannel-relay
@@ -607,15 +584,6 @@ ele-jitsi
 s2-thetys
 sk-tomnext-nc
 ch-thetys
-glt-coturn
-glt-meet1
-glt-meet2
-glt-dione
-glt-helene
-glt-calypso
-glt-telesto
-glt-tsdatacop
-glt-thetys
 sk-testvm
 ch-testvm-prometheus
 ch-companion-raspi
author	Christian Pointner <equinox@spreadspace.org>	2024-04-03 20:18:22 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2024-04-03 20:18:22 +0200
commit	b90a0f8dfdcfc045bdfef50ce0e91bbd056f3d47 (patch)
tree	e4a3b32502905113b1c1a499ee6a2a10e3af78c3 /inventory
parent	nginx/vhost: fix string concat issue incase nginx_vhost.name is not a string (diff)