diff options
| -rw-r--r-- | dan/sk-2019.yml | 45 | ||||
| -rw-r--r-- | inventory/group_vars/chaos-at-home/network.yml | 8 | ||||
| -rw-r--r-- | inventory/host_vars/ch-equinox-t450s.yml | 1 | ||||
| -rw-r--r-- | inventory/host_vars/ch-mon.yml | 6 | ||||
| -rw-r--r-- | inventory/host_vars/ele-telesto.yml | 3 |
5 files changed, 52 insertions, 11 deletions
diff --git a/dan/sk-2019.yml b/dan/sk-2019.yml index 061e0b85..192a5a3b 100644 --- a/dan/sk-2019.yml +++ b/dan/sk-2019.yml @@ -5,9 +5,9 @@ # - role: apt-repo/base # - role: core/base # - role: core/sshd/base - - role: core/zsh + # - role: core/zsh - role: core/cpu-microcode - - role: core/admin-users + # - role: core/admin-users - role: storage/luks/volumes - role: storage/zfs/pools - role: apt-repo/spreadspace @@ -67,9 +67,42 @@ enabled: yes state: started + ### the machine reboots often - make it so that no manual intervention is necessary + ### of course this makes encrypting the disks a little bit silly... + - name: create base dir for crypto volume key files + file: + path: /etc/cryptsetup-keys.d/ + state: directory + mode: 0500 + + - name: generate key files for crypto volumes + loop: "{{ luks_volumes | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + dest: "/etc/cryptsetup-keys.d/{{ item.key }}.key" + content: "{{ item.value.passphrase }}" + mode: 0400 + notify: rebuild initramfs + + - name: generate crypttab + copy: + dest: /etc/crypttab + content: | + # ansible generated + {% for name, volume in luks_volumes.items() %} + {{ name }} {{ volume.device }} /etc/cryptsetup-keys.d/{{ name }}.key luks + {% endfor %} + notify: rebuild initramfs + + handlers: + - name: rebuild initramfs + command: dpkg-reconfigure initramfs-tools + + ### TODO: # -# zfs create -o quota=30G +# zfs create -o quota=30G -o compress=lz4 storage/mysql # zfs create -o quota=35G -o compress=lz4 storage/automysqlbackup # zfs create -o quota=300G -o compress=lz4 storage/vmail # zfs create -o quota=600G -o compress=lz4 storage/www @@ -77,9 +110,9 @@ # zfs create -o quota=50G -o compress=lz4 storage/configz # zfs create -o quota=20G -o compress=lz4 storage/backup # -# mkdir -p /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig -# chmod 0000 /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig -# chattr +i /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig +# mkdir -p /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup +# chmod 0000 /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup +# chattr +i /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup # ### add to /etc/fstab: ## diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index 29e53a2b..20d6f214 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -6,8 +6,8 @@ network_zones: gateway: 192.168.28.254 dns: # - 192.168.28.254 -# - 9.9.9.9 - - 1.1.1.1 + - 195.58.160.194 + - 195.58.161.122 dhcp: start: 100 limit: 199 @@ -62,8 +62,8 @@ network_zones: gateway: 192.168.32.254 dns: # - 192.168.32.254 -# - 9.9.9.9 - - 1.1.1.1 + - 195.58.160.194 + - 195.58.161.122 offsets: ch-apps: 1 ch-http-proxy: 8 diff --git a/inventory/host_vars/ch-equinox-t450s.yml b/inventory/host_vars/ch-equinox-t450s.yml index 13101472..a3224e89 100644 --- a/inventory/host_vars/ch-equinox-t450s.yml +++ b/inventory/host_vars/ch-equinox-t450s.yml @@ -136,6 +136,7 @@ ws_base_extra_packages: - gnome-games - gnome-mahjongg - gpredict + - gpsd-clients - gputils - gstreamer1.0-vaapi - guvcview diff --git a/inventory/host_vars/ch-mon.yml b/inventory/host_vars/ch-mon.yml index ee9d12cc..f189501b 100644 --- a/inventory/host_vars/ch-mon.yml +++ b/inventory/host_vars/ch-mon.yml @@ -101,6 +101,12 @@ prometheus_job_multitarget_blackbox__probe: - instance: "ping-magentagw" target: 62.99.185.129 module: icmp + - instance: "ping-magentadns1" + target: 195.58.160.194 + module: icmp + - instance: "ping-magentadns2" + target: 195.58.161.122 + module: icmp - instance: "ping-quad9" target: 9.9.9.9 module: icmp diff --git a/inventory/host_vars/ele-telesto.yml b/inventory/host_vars/ele-telesto.yml index ca776d92..a321e5ed 100644 --- a/inventory/host_vars/ele-telesto.yml +++ b/inventory/host_vars/ele-telesto.yml @@ -8,7 +8,8 @@ install: network: # nameservers: "{{ network_zones.cc_hmtsaal.dns }}" nameservers: - - 1.1.1.1 + - 195.58.160.194 + - 195.58.161.122 domain: "{{ host_domain }}" primary: &_network_primary_ name: enp35s0 |