diff options
Diffstat (limited to 'dan/ele-calypso.yml')
-rw-r--r-- | dan/ele-calypso.yml | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/dan/ele-calypso.yml b/dan/ele-calypso.yml new file mode 100644 index 00000000..c6fe0cfa --- /dev/null +++ b/dan/ele-calypso.yml @@ -0,0 +1,98 @@ +--- +- name: Basic Setup + hosts: ele-calypso + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp + - role: core/cpu-microcode + +- name: Payload Setup + hosts: ele-calypso + roles: + - role: apt-repo/spreadspace + - role: streaming/blackmagic/desktopvideo + - role: kubernetes/base + - role: kubernetes/standalone/base + - role: streaming/player + # post_tasks: + # - name: install smstools + # apt: + # name: smstools + # state: present + + # - name: add user for sachet + # user: + # name: sachet + # system: yes + # home: /nonexistent + # create_home: no + # groups: smsd + # append: yes + + # - name: create sachet config directory + # file: + # path: /etc/sachet + # state: directory + + # - name: install sachet config file + # copy: + # dest: /etc/sachet/config.yml + # content: | + # providers: + # smstools: + # outgoing_dir: /var/spool/sms/outgoing + + # receivers: + # - name: equinox + # provider: smstools + # to: + # - '+436644800222' + + # - name: install systemd service unit for sachet + # copy: + # dest: /etc/systemd/system/sachet.service + # content: | + # [Unit] + # Description=Sachet SMS Daemon for Prometheus Alertmanager + + # [Service] + # Restart=on-failure + # User=sachet + # ExecStart=/usr/local/bin/sachet -config /etc/sachet/config.yml + + # # systemd hardening-options + # AmbientCapabilities= + # CapabilityBoundingSet= + # DeviceAllow=/dev/null rw + # DevicePolicy=strict + # LimitMEMLOCK=0 + # LimitNOFILE=8192 + # LockPersonality=true + # MemoryDenyWriteExecute=true + # NoNewPrivileges=true + # PrivateDevices=true + # PrivateTmp=true + # PrivateUsers=true + # ProtectControlGroups=true + # ProtectHome=true + # ProtectKernelModules=true + # ProtectKernelTunables=true + # ProtectSystem=full + # ReadWritePaths=/var/spool/sms/outgoing + # RemoveIPC=true + # RestrictNamespaces=true + # RestrictRealtime=true + # SystemCallArchitectures=native + + # [Install] + # WantedBy=multi-user.target + + # ## TODO: + # ## - configure smstools + # ## - build sachet using this branch: https://github.com/spreadspace/sachet/tree/topic/add-smstools + # ## - copy binary to /usr/local/bin/sachet + # ## - $ systemctl daemon-reload + # ## - $ systemctl enable --now sachet |