diff options
Diffstat (limited to 'chaos-at-home')
| -rw-r--r-- | chaos-at-home/ch-equinox-t450s.yml | 16 | ||||
| -rw-r--r-- | chaos-at-home/ch-equinox-ws.yml | 17 | ||||
| -rw-r--r-- | chaos-at-home/ch-iot.yml | 44 | ||||
| -rw-r--r-- | chaos-at-home/ch-mz-ap.yml (renamed from chaos-at-home/mz-ap.yml) | 2 | ||||
| -rw-r--r-- | chaos-at-home/ch-mz-router.yml | 15 | ||||
| -rw-r--r-- | chaos-at-home/ch-repo.yml | 18 | ||||
| -rw-r--r-- | chaos-at-home/ch-sw2.yml (renamed from chaos-at-home/ch-sw0.yml) | 2 | ||||
| -rw-r--r-- | chaos-at-home/ch-sw3.yml (renamed from chaos-at-home/ch-sw1.yml) | 2 | ||||
| -rw-r--r-- | chaos-at-home/host_vars/ch-repo.yml | 9 | ||||
| -rw-r--r-- | chaos-at-home/host_vars/mz-router.yml | 61 | ||||
| -rw-r--r-- | chaos-at-home/mz-router.yml | 14 |
11 files changed, 106 insertions, 94 deletions
diff --git a/chaos-at-home/ch-equinox-t450s.yml b/chaos-at-home/ch-equinox-t450s.yml index 35f76d6d..ea1aca7f 100644 --- a/chaos-at-home/ch-equinox-t450s.yml +++ b/chaos-at-home/ch-equinox-t450s.yml @@ -23,18 +23,17 @@ - role: apt-repo/backports - role: apt-repo/spreadspace - role: apt-repo/ansible - - role: apt-repo/tor-project + #- role: apt-repo/tor-project ## https://gitlab.torproject.org/tpo/core/tor/-/issues/40946 - role: apt-repo/kubernetes - role: apt-repo/element - - role: apt-repo/kicad6 - role: storage/zfs/base - role: storage/zfs/sanoid - role: ws/base - role: core/users - role: network/wireguard/base - role: ws/minet - - role: ws/pipewire - role: ws/flatpak + - role: ws/thunderbird-gpg-hack post_tasks: - name: make sure tlp is started and enabled systemd: @@ -87,8 +86,9 @@ echo "Touchpad not found..." fi - - name: install deps for c3voc/cm repo - pip: - name: - - "bundlewrap>=4.13.6" - - "bundlewrap-keepass" + ## PEP 668 + #- name: install deps for c3voc/cm repo + # pip: + # name: + # - "bundlewrap>=4.13.6" + # - "bundlewrap-keepass" diff --git a/chaos-at-home/ch-equinox-ws.yml b/chaos-at-home/ch-equinox-ws.yml index e89df4f3..c3010e44 100644 --- a/chaos-at-home/ch-equinox-ws.yml +++ b/chaos-at-home/ch-equinox-ws.yml @@ -24,16 +24,16 @@ - role: apt-repo/backports - role: apt-repo/spreadspace - role: apt-repo/ansible - - role: apt-repo/tor-project + #- role: apt-repo/tor-project ## https://gitlab.torproject.org/tpo/core/tor/-/issues/40946 - role: apt-repo/kubernetes - role: apt-repo/element - - role: apt-repo/kicad6 + #- role: apt-repo/qmk ## qmk-repo does not support noble yet.. - role: storage/zfs/base - role: storage/zfs/sanoid - role: ws/base - role: core/users - - role: ws/pipewire - role: ws/flatpak + - role: ws/thunderbird-gpg-hack post_tasks: - name: disable caps-lock lineinfile: @@ -49,11 +49,12 @@ opts: nodev,x-systemd.automount,nofail state: mounted - - name: install deps for c3voc/cm repo - pip: - name: - - "bundlewrap>=4.13.6" - - "bundlewrap-keepass" + ## PEP 668 + #- name: install deps for c3voc/cm repo + # pip: + # name: + # - "bundlewrap>=4.13.6" + # - "bundlewrap-keepass" # - name: install gotify-desktop # become: yes diff --git a/chaos-at-home/ch-iot.yml b/chaos-at-home/ch-iot.yml index 1cc18e76..9a5d1641 100644 --- a/chaos-at-home/ch-iot.yml +++ b/chaos-at-home/ch-iot.yml @@ -14,6 +14,50 @@ - role: apt-repo/spreadspace - role: x509/managed-ca/base - role: x509/managed-ca/ca + - role: network/nftables/base + - role: network/coredns - role: mosquitto/broker - role: nginx/base - role: monitoring/prometheus/exporter + post_tasks: + - name: create systemd override directory for nginx service unit + file: + path: /etc/systemd/system/nginx.service.d + state: directory + + - name: create overrides for nginx systemd unit + copy: + content: | + [Unit] + After=network-online.target + Wants=network-online.target + dest: /etc/systemd/system/nginx.service.d/after-network-online.conf + + - name: configure default vhost web.chaos-at-home.org + vars: + nginx_vhost: + name: iot-default + default: yes + listen: + - "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:80" + template: generic + locations: + '/': + return: 404 + include_role: + name: nginx/vhost + + - name: configure reverse-proxy for apt-cache + vars: + nginx_vhost: + name: apt.chaos-at-home.org + listen: + - "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:80" + hostnames: + - apt.chaos-at-home.org + template: generic + locations: + '/': + proxy_pass: "http://apt.chaos-at-home.org/" + include_role: + name: nginx/vhost diff --git a/chaos-at-home/mz-ap.yml b/chaos-at-home/ch-mz-ap.yml index 46b0aa88..545d8c4a 100644 --- a/chaos-at-home/mz-ap.yml +++ b/chaos-at-home/ch-mz-ap.yml @@ -1,6 +1,6 @@ --- - name: Basic Setup - hosts: mz-ap + hosts: ch-mz-ap connection: local gather_facts: no roles: diff --git a/chaos-at-home/ch-mz-router.yml b/chaos-at-home/ch-mz-router.yml new file mode 100644 index 00000000..65c0c2b0 --- /dev/null +++ b/chaos-at-home/ch-mz-router.yml @@ -0,0 +1,15 @@ +--- +- name: Basic Setup + hosts: ch-mz-router + connection: local + gather_facts: no + roles: + - role: installer/openwrt/image + post_tasks: + - pause: + prompt: | + * scp -O {{ output_images[0] }} ch-mz-router:/tmp/openwrt.bin + * ssh ch-mz-router sysupgrade -n /tmp/openwrt.bin + * ssh ch-mz-router dropbearkey -t ed25519 -f /etc/dyndns/id_ed25519 + replace the key at the dyndns server (ch-pan: /var/lib/dyndns/.ssh/authorized_keys) + after that run the dyndns update script manually to accept the ssh host-key diff --git a/chaos-at-home/ch-repo.yml b/chaos-at-home/ch-repo.yml new file mode 100644 index 00000000..96255b0b --- /dev/null +++ b/chaos-at-home/ch-repo.yml @@ -0,0 +1,18 @@ +--- +- name: Basic Setup + hosts: ch-repo + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp + +- name: Payload Setup + hosts: ch-repo + roles: + - role: storage/lvm/base + - role: apt-repo/spreadspace + - role: nginx/base + - role: monitoring/prometheus/exporter + - role: approx diff --git a/chaos-at-home/ch-sw0.yml b/chaos-at-home/ch-sw2.yml index c3d02802..124c2026 100644 --- a/chaos-at-home/ch-sw0.yml +++ b/chaos-at-home/ch-sw2.yml @@ -1,6 +1,6 @@ --- - name: bootstrap - hosts: ch-sw0 + hosts: ch-sw2 gather_facts: no roles: - role: dellos6/bootstrap diff --git a/chaos-at-home/ch-sw1.yml b/chaos-at-home/ch-sw3.yml index ed7b0be5..bb98d389 100644 --- a/chaos-at-home/ch-sw1.yml +++ b/chaos-at-home/ch-sw3.yml @@ -1,6 +1,6 @@ --- - name: bootstrap - hosts: ch-sw1 + hosts: ch-sw3 gather_facts: no roles: - role: dellos6/bootstrap diff --git a/chaos-at-home/host_vars/ch-repo.yml b/chaos-at-home/host_vars/ch-repo.yml new file mode 100644 index 00000000..8a46a632 --- /dev/null +++ b/chaos-at-home/host_vars/ch-repo.yml @@ -0,0 +1,9 @@ +$ANSIBLE_VAULT;1.2;AES256;chaos-at-home +63343434616336326566326464383931386565363433613635653836613166333461333633613239 +6261316164363531663932353564303764336536383239620a316130313064363863353138303763 +34666638616332396238303733396431326661663634313365383136393434383338336161653864 +6164363531313835380a656565353133666562633739363234336164326464323235343232656639 +30623532313433613266623864353436666362356239306339363139623766626265343933366261 +31326636393539326163313334323235313763643231363863303566376238383164316330663936 +62383062613039393733323532643437626232383963383035346264333665346538343130333733 +64306631343436323762 diff --git a/chaos-at-home/host_vars/mz-router.yml b/chaos-at-home/host_vars/mz-router.yml deleted file mode 100644 index 9d5b814b..00000000 --- a/chaos-at-home/host_vars/mz-router.yml +++ /dev/null @@ -1,61 +0,0 @@ -$ANSIBLE_VAULT;1.2;AES256;chaos-at-home -65643339366566643435323363386430633134636135383962623132373433393832663837376539 -3235323334643539356336333737646438393664336265660a393134323731336665386165613435 -33393233666434643462323235656163373365333565373566616666666339616632663464326436 -3061343337356139330a653463376366343835616237646239643338333866653530613364323638 -35336561633037366437333866306231613738336339646538373261656365386231393265363130 -37303830386562646335353462353662383636393233623962376565363435643366633733626334 -35643363306163666662353962393231643939313230343961666661333334313438653234373733 -37376530633163323462366434623532626536323830333562316239306634303731643965386233 -32383466356366613262653731663665343036373136343731393332616435636165393639643165 -30363663376236613533393333663163376332326536396465656162653961316563373861323662 -64393265636566306631323937333164613165616232393633386438316362656635383062303337 -39333932616535613230346666373635653363333761373765346237313731343166666136323734 -31383930646434306137333262376264323539383365303931353666333738666639386537353831 -63616366346336326331663938383161373837356331633265303266353738633233303039383066 -62633738376139626662366632373435373337323737336639306339653231336433333863303130 -64663964393562616635633738333139646334636433316638393835306366363238623562626134 -39643465303936633564373933343163643637616239663534666631633536613165326663663431 -37623931303461376336653562646366383836343534386366306334666330306635396561303661 -62353830666234616438383565636638663436303830356535323935653034646366396530313336 -61646137336435313138326535376339333735393931373333323561373936396664333537336361 -61646332623639663264646362393133356562616338303835336330393265663432323139356233 -66356161366564316339623835613266343233373434666462326531303361313230633638353963 -34303262653534326562623138313566646631343136393766316434663735326661623930626539 -66363066363236363965613765666362616137333035383331666163623266316434353731306366 -32623733613165653265386430663361373466396430306262353631326238396130613165656332 -34373139313063336636626461646563373531383935376436653933306333346431393833656366 -61356437333031346634616539326438613931346666346234333365303463626465353039616437 -37613433396138636534326638393966356661386662396330623234616638633333333161653735 -38386261306561383632613065653538376136306239336663356662386638623338613462353663 -62373666633333333461333963386632613137326165396433633439363938623838656665326339 -30323765613437373539333339646136633263323061653764306264316437353832313263323139 -32323633323562626661313534616263326561613030656363616461393334363833396133323266 -66386139383163386537383433396261373766653164373736323235643631656161393262383738 -61316533336662646232303936356236366436663265646131363237366463363732343964363366 -37653037303630613330333663623535663739643430333263636539613632303738653031663936 -38623665643939353733386335356161336531663333623538343332336264376663623261656633 -30333638646363356236303532363532353039323862366135653166316336623062333537366335 -31633839396461336361643465636664646164663762346236363763396263383163326465653964 -34663134623430353432646130633661636237613435323836386262333363373139376462363765 -63623638366136646265396432333339653234643532336233383461386361616630313936303162 -35626366366262623934333961653363616135313836643365613836343438353365383264623037 -31663231316462616137373435663039633434623466356266633235313865323362393636393862 -64343062336433343137316565373535666337653833353136376635666539656662373763623238 -30666532633965386264323565353431306633666364656662333631646139386138393066356238 -62653837656664333462363334373664373937333932313465353237636134626466343735633466 -31643039333866303233613762323866333264313135373130623166393339613131323537373537 -35626633373838363766623233626130646332336435316333323439613636373536343233633137 -30363863656465636635633936356165386633653637333932396164653835313163376363616133 -35376637376630636336386538353235353364313464313231633663616536323532336432376232 -64396234303332313134366133643664643165393932323361616666383162303337626663396131 -35613865373635303834373062666539386462663238383332616565303866316239613361373661 -37346162623764336332663431303664343430366562633361623566356266616534656562363833 -63366238656261646564306133623433306663376531373563363032303938303538356630636466 -30616630306334616237346661346235376133303538306638663631376163383138636365326230 -32376139373030303239376631316166393363613465323436633932376463303531386161313264 -65323261326232366332396335386639313735353135356139343937386232653737393565376639 -31363530313038306131383236396364666165393837343538316539336263333663643031623136 -30316436633662353162363836633238613833613530613762383662653435393263626161373938 -61613133643937346433643862326165326233363335656431663064336165383462623636383334 -63313438346136633461 diff --git a/chaos-at-home/mz-router.yml b/chaos-at-home/mz-router.yml deleted file mode 100644 index 8f4f056f..00000000 --- a/chaos-at-home/mz-router.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Basic Setup - hosts: mz-router - connection: local - gather_facts: no - roles: - - role: installer/openwrt/image - post_tasks: - - pause: - prompt: "\n****** copy and install image onto router and wait for it to come back ******\n" - - - shell: "base64 -d | ssh chmz-router \"/bin/sh -c 'umask 077; cat > /etc/dyndns/id_rsa'\"" - args: - stdin: "{{ vault_dyndns_ssh_key_b64 }}" |