1 files changed, 98 insertions, 0 deletions
diff --git a/dan/ele-calypso.yml b/dan/ele-calypso.yml
new file mode 100644
index 00000000..c6fe0cfa
--- /dev/null
+++ b/dan/ele-calypso.yml
@@ -0,0 +1,98 @@
+---
+- name: Basic Setup
+  hosts: ele-calypso
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/ntp
+  - role: core/cpu-microcode
+
+- name: Payload Setup
+  hosts: ele-calypso
+  roles:
+  - role: apt-repo/spreadspace
+  - role: streaming/blackmagic/desktopvideo
+  - role: kubernetes/base
+  - role: kubernetes/standalone/base
+  - role: streaming/player
+  # post_tasks:
+  # - name: install smstools
+  #   apt:
+  #     name: smstools
+  #     state: present
+
+  # - name: add user for sachet
+  #   user:
+  #     name: sachet
+  #     system: yes
+  #     home: /nonexistent
+  #     create_home: no
+  #     groups: smsd
+  #     append: yes
+
+  # - name: create sachet config directory
+  #   file:
+  #     path: /etc/sachet
+  #     state: directory
+
+  # - name: install sachet config file
+  #   copy:
+  #     dest: /etc/sachet/config.yml
+  #     content: |
+  #       providers:
+  #         smstools:
+  #           outgoing_dir: /var/spool/sms/outgoing
+
+  #       receivers:
+  #       - name: equinox
+  #         provider: smstools
+  #         to:
+  #         - '+436644800222'
+
+  # - name: install systemd service unit for sachet
+  #   copy:
+  #     dest: /etc/systemd/system/sachet.service
+  #     content: |
+  #       [Unit]
+  #       Description=Sachet SMS Daemon for Prometheus Alertmanager
+
+  #       [Service]
+  #       Restart=on-failure
+  #       User=sachet
+  #       ExecStart=/usr/local/bin/sachet -config /etc/sachet/config.yml
+
+  #       # systemd hardening-options
+  #       AmbientCapabilities=
+  #       CapabilityBoundingSet=
+  #       DeviceAllow=/dev/null rw
+  #       DevicePolicy=strict
+  #       LimitMEMLOCK=0
+  #       LimitNOFILE=8192
+  #       LockPersonality=true
+  #       MemoryDenyWriteExecute=true
+  #       NoNewPrivileges=true
+  #       PrivateDevices=true
+  #       PrivateTmp=true
+  #       PrivateUsers=true
+  #       ProtectControlGroups=true
+  #       ProtectHome=true
+  #       ProtectKernelModules=true
+  #       ProtectKernelTunables=true
+  #       ProtectSystem=full
+  #       ReadWritePaths=/var/spool/sms/outgoing
+  #       RemoveIPC=true
+  #       RestrictNamespaces=true
+  #       RestrictRealtime=true
+  #       SystemCallArchitectures=native
+
+  #       [Install]
+  #       WantedBy=multi-user.target
+
+  # ## TODO:
+  # ##   - configure smstools
+  # ##   - build sachet using this branch: https://github.com/spreadspace/sachet/tree/topic/add-smstools
+  # ##   - copy binary to /usr/local/bin/sachet
+  # ##   - $ systemctl daemon-reload
+  # ##   - $ systemctl enable --now sachet