diff options
| -rw-r--r-- | inventory/host_vars/sk-cloudio/etherpad.yml | 58 | ||||
| -rw-r--r-- | inventory/host_vars/sk-cloudio/pigallery2.yml | 20 | ||||
| -rw-r--r-- | inventory/host_vars/sk-cloudio/vars.yml | 63 | ||||
| -rw-r--r-- | roles/x509/acmetool/base/templates/responses.j2 | 1 | ||||
| -rw-r--r-- | skillz/sk-cloudio.yml | 20 |
5 files changed, 49 insertions, 113 deletions
diff --git a/inventory/host_vars/sk-cloudio/etherpad.yml b/inventory/host_vars/sk-cloudio/etherpad.yml deleted file mode 100644 index a368be44..00000000 --- a/inventory/host_vars/sk-cloudio/etherpad.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -etherpad_lite_zfs: - pool: storage - name: etherpad-lite - properties: - compression: lz4 - -etherpad_lite_instances: - pad.elevate.at: - version: c65c5f17aa26c9179ce591f44721861ba6f6bec4-elevate - port: 8300 - hostnames: - - pad.elevate.at - zfs_properties: - quota: 5G - settings: - title: Elevate Etherpad - users: - admin: - is_admin: true - password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['admin'] }}" - user: - is_admin: false - password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['user'] }}" - - defaultPadText: "Welcome to the ELEVATE - Etherpad!\n\nThis pad text is synchronized\ - \ as you type, so that everyone viewing this page sees the same text. This allows\ - \ you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http://etherpad.org\n\ - \n IMPORTANT: THIS PAD IS PRIVIDED FOR FREE TO THE PUBLIC! There is no guarantee\ - \ for your data - please take care of backups yourself! This is usually intended\ - \ only for the Elevate Team and it might get access control in the future! If you\ - \ are interested in having a PAD for your project, please get back to dan@elevate.at\ - \ for information. It can be made available!" - favicon: favicon.ico - - maxAge: 21600 - editOnly: false - minify: true - requireSession: false - requireAuthentication: false - requireAuthorization: false - socketTransportProtocols: [xhr-polling, jsonp-polling, htmlfile] - abiword: null - loglevel: INFO - logconfig: - appenders: - - type: console - dbType: "mysql" - dbSettings: - host: "127.0.0.1" - user: "etherpad-lite" - password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}" - database: "etherpad-lite" - charset: "utf8mb4" - database: - type: mariadb - version: 10.4.22 - password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}" diff --git a/inventory/host_vars/sk-cloudio/pigallery2.yml b/inventory/host_vars/sk-cloudio/pigallery2.yml deleted file mode 100644 index 2a7d5c84..00000000 --- a/inventory/host_vars/sk-cloudio/pigallery2.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -pigallery2_zfs: - pool: storage - name: pigallery2 - properties: - compression: lz4 - -pigallery2_instances: - pix.elevate.at: - version: 1.9.3 - port: 8700 - hostname: pix.elevate.at - zfs_properties: - quota: 5G - images_paths: - 2019: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2019/ - 2020: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2020/ - 2021: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2021/ - 2022: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2022/ - 2023: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2023/ diff --git a/inventory/host_vars/sk-cloudio/vars.yml b/inventory/host_vars/sk-cloudio/vars.yml index 058c785f..740ee2c0 100644 --- a/inventory/host_vars/sk-cloudio/vars.yml +++ b/inventory/host_vars/sk-cloudio/vars.yml @@ -1,19 +1,43 @@ --- -system_lvm_volume_size_root: 3584M +system_lvm_volume_size_root: 4G system_lvm_volume_size_varlog: 5G install: - cloud: - credentials: "{{ vault_hroot_robot_account }}" - server_name: "{{ host_name }}" + vm: + memory: 48G + numcpus: 12 + autostart: True disks: - primary: software-raid - raid: - level: 1 - members: - - /dev/nvme0n1 - - /dev/nvme1n1 - system_lvm: - size: 15G + primary: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0 + scsi: + sda: + type: zfs + name: root + size: 15g + sdb: + type: zfs + name: data + size: 900g + properties: + 'syncoid:sync': 'false' + interfaces: + - bridge: br-public + name: primary0 + +network: + nameservers: "{{ vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: &_network_primary_ + name: primary0 + address: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) }}" + gateway: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ansible.utils.ipaddr('address') }}" + template: overlay + overlay: "{{ (vm_host.network.bridges.public.overlays.default.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.overlays.default.offsets[inventory_hostname])).split('/')[0] }}" + interfaces: + - *_network_primary_ + +external_ip: "{{ network.primary.overlay }}" apt_repo_components: @@ -22,7 +46,6 @@ apt_repo_components: - non-free-firmware spreadspace_apt_repo_components: - - main - container @@ -33,7 +56,7 @@ zfs_arc_size: zfs_pools: storage: mountpoint: /srv/storage - create_vdevs: mirror /dev/nvme0n1p3 /dev/nvme1n1p3 + create_vdevs: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-1 properties: ashift: 12 autotrim: "on" @@ -43,10 +66,6 @@ zfs_sanoid_modules: use_template: production recursive: yes process_children_only: yes - storage/etherpad-lite: - use_template: production - recursive: yes - process_children_only: yes storage/keycloak: use_template: production recursive: yes @@ -73,7 +92,7 @@ kubelet_storage: properties: quota: 20G -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 @@ -93,9 +112,3 @@ postfix_base_inet_protocols: acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool - -## TODO: remove once migration of elevate services has been done -ssh_users_root: - - equinox - - dan - - brt diff --git a/roles/x509/acmetool/base/templates/responses.j2 b/roles/x509/acmetool/base/templates/responses.j2 index 981eba90..81f4f8a4 100644 --- a/roles/x509/acmetool/base/templates/responses.j2 +++ b/roles/x509/acmetool/base/templates/responses.j2 @@ -3,6 +3,7 @@ "acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf": true "acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.3-August-10-2022.pdf": true "acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf": true +"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf": true "acmetool-quickstart-choose-server": {{ acmetool_directory_server }} "acmetool-quickstart-choose-method": webroot "acmetool-quickstart-webroot-path": "{{ acmetool_challenge_webroot_path | default('/var/run/acme/acme-challenge') }}" diff --git a/skillz/sk-cloudio.yml b/skillz/sk-cloudio.yml index 15e8bfec..b9c8dc7c 100644 --- a/skillz/sk-cloudio.yml +++ b/skillz/sk-cloudio.yml @@ -6,7 +6,7 @@ - role: core/base - role: core/sshd/base - role: core/zsh - - role: core/cpu-microcode + - role: core/ntp - name: Payload Setup hosts: sk-cloudio @@ -20,12 +20,12 @@ - role: x509/acmetool/base - role: nginx/base - role: mail/postfix/base - - role: apps/nextcloud - - role: apps/collabora/code - - role: apps/onlyoffice - #- role: apps/etherpad-lite - - role: apps/coturn - - role: apps/jitsi/meet - - role: apps/keycloak - #- role: apps/pigallery2 - - role: apps/wikijs + +# - role: apps/nextcloud +# - role: apps/collabora/code +# - role: apps/onlyoffice + +# - role: apps/coturn +# - role: apps/jitsi/meet +# - role: apps/wikijs +# - role: apps/keycloak |