summaryrefslogtreecommitdiff
path: root/dan
diff options
context:
space:
mode:
Diffstat (limited to 'dan')
-rw-r--r--dan/ele-dione.yml20
-rw-r--r--dan/ele-helene.yml135
-rw-r--r--dan/ele-telesto.yml115
3 files changed, 134 insertions, 136 deletions
diff --git a/dan/ele-dione.yml b/dan/ele-dione.yml
index 45ad8b81..ca1516b5 100644
--- a/dan/ele-dione.yml
+++ b/dan/ele-dione.yml
@@ -13,6 +13,26 @@
- role: monitoring/prometheus/exporter
- role: streaming/blackmagic/desktopvideo
post_tasks:
+ ## this is needed for local rtmp proxy
+ # - name: install interface config for guest vlan
+ # copy:
+ # content: |
+ # auto {{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }}
+ # iface {{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }} inet static
+ # address {{ network_zones.guest.prefix | ipaddr(network_zones.guest.offsets[inventory_hostname]) | ipaddr('address/prefix') }}
+ # dest: "/etc/network/interfaces.d/{{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }}"
+
+ # - name: prepare storage volume for recordings
+ # vars:
+ # storage_volume:
+ # vg: "{{ host_name }}"
+ # lv: recordings
+ # size: 200g
+ # fs: ext4
+ # dest: /srv/recordings
+ # import_role:
+ # name: storage/lvm/volume
+
- name: install lm-sensors and i7z
apt:
name:
diff --git a/dan/ele-helene.yml b/dan/ele-helene.yml
index b65a3d34..b2635fc0 100644
--- a/dan/ele-helene.yml
+++ b/dan/ele-helene.yml
@@ -7,55 +7,88 @@
- role: core/sshd/base
- role: core/zsh
- role: core/cpu-microcode
- - role: core/ntp
- - role: core/admin-users
- role: apt-repo/spreadspace
- - role: monitoring/prometheus/exporter
- - role: streaming/blackmagic/desktopvideo
- post_tasks:
- ## this is needed for local rtmp proxy
- - name: install interface config for guest vlan
- copy:
- content: |
- auto {{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }}
- iface {{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }} inet static
- address {{ network_zones.guest.prefix | ipaddr(network_zones.guest.offsets[inventory_hostname]) | ipaddr('address/prefix') }}
- dest: "/etc/network/interfaces.d/{{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }}"
-
- - name: prepare storage volume for recordings
- vars:
- storage_volume:
- vg: "{{ host_name }}"
- lv: recordings
- size: 200g
- fs: ext4
- dest: /srv/recordings
- import_role:
- name: storage/lvm/volume
-
- - name: install lm-sensors and i7z
- apt:
- name:
- - lm-sensors
- - i7z
-
- - name: load modules for lm-sensors
- vars:
- sensors_modules:
- - coretemp
- block:
- - name: load special modules for lm-sensors
- loop: "{{ sensors_modules }}"
- modprobe:
- name: "{{ item }}"
- state: present
-
- - name: make sure sensor modules are loaded on reboot
- copy:
- content: |
- # Ansible managed
-
- {% for module in sensors_modules %}
- {{ module }}
- {% endfor %}
- dest: /etc/modules-load.d/sensors.conf
+# - role: monitoring/prometheus/exporter
+ - role: vm/host/base
+ - role: vm/host/network
+ - role: installer/debian/base
+# - role: installer/openbsd/base
+ # post_tasks:
+ # - name: install smstools
+ # apt:
+ # name: smstools
+ # state: present
+
+ # - name: add user for sachet
+ # user:
+ # name: sachet
+ # system: yes
+ # home: /nonexistent
+ # create_home: no
+ # groups: smsd
+ # append: yes
+
+ # - name: create sachet config directory
+ # file:
+ # path: /etc/sachet
+ # state: directory
+
+ # - name: install sachet config file
+ # copy:
+ # dest: /etc/sachet/config.yml
+ # content: |
+ # providers:
+ # smstools:
+ # outgoing_dir: /var/spool/sms/outgoing
+
+ # receivers:
+ # - name: equinox
+ # provider: smstools
+ # to:
+ # - '+436644800222'
+
+ # - name: install systemd service unit for sachet
+ # copy:
+ # dest: /etc/systemd/system/sachet.service
+ # content: |
+ # [Unit]
+ # Description=Sachet SMS Daemon for Prometheus Alertmanager
+
+ # [Service]
+ # Restart=on-failure
+ # User=sachet
+ # ExecStart=/usr/local/bin/sachet -config /etc/sachet/config.yml
+
+ # # systemd hardening-options
+ # AmbientCapabilities=
+ # CapabilityBoundingSet=
+ # DeviceAllow=/dev/null rw
+ # DevicePolicy=strict
+ # LimitMEMLOCK=0
+ # LimitNOFILE=8192
+ # LockPersonality=true
+ # MemoryDenyWriteExecute=true
+ # NoNewPrivileges=true
+ # PrivateDevices=true
+ # PrivateTmp=true
+ # PrivateUsers=true
+ # ProtectControlGroups=true
+ # ProtectHome=true
+ # ProtectKernelModules=true
+ # ProtectKernelTunables=true
+ # ProtectSystem=full
+ # ReadWritePaths=/var/spool/sms/outgoing
+ # RemoveIPC=true
+ # RestrictNamespaces=true
+ # RestrictRealtime=true
+ # SystemCallArchitectures=native
+
+ # [Install]
+ # WantedBy=multi-user.target
+
+ # ## TODO:
+ # ## - configure smstools
+ # ## - build sachet using this branch: https://github.com/spreadspace/sachet/tree/topic/add-smstools
+ # ## - copy binary to /usr/local/bin/sachet
+ # ## - $ systemctl daemon-reload
+ # ## - $ systemctl enable --now sachet
diff --git a/dan/ele-telesto.yml b/dan/ele-telesto.yml
index 41ae9151..2370fdc2 100644
--- a/dan/ele-telesto.yml
+++ b/dan/ele-telesto.yml
@@ -7,90 +7,35 @@
- role: core/sshd/base
- role: core/zsh
- role: core/cpu-microcode
- - role: storage/zfs/pools
+ - role: core/ntp
+ - role: core/admin-users
- role: apt-repo/spreadspace
- - role: storage/zfs/sanoid
- role: monitoring/prometheus/exporter
- - role: vm/host/base
- - role: vm/host/network
- - role: installer/debian/base
- - role: installer/openbsd/base
- post_tasks:
- - name: install smstools
- apt:
- name: smstools
- state: present
-
- - name: add user for sachet
- user:
- name: sachet
- system: yes
- home: /nonexistent
- create_home: no
- groups: smsd
- append: yes
-
- - name: create sachet config directory
- file:
- path: /etc/sachet
- state: directory
-
- - name: install sachet config file
- copy:
- dest: /etc/sachet/config.yml
- content: |
- providers:
- smstools:
- outgoing_dir: /var/spool/sms/outgoing
-
- receivers:
- - name: equinox
- provider: smstools
- to:
- - '+436644800222'
-
- - name: install systemd service unit for sachet
- copy:
- dest: /etc/systemd/system/sachet.service
- content: |
- [Unit]
- Description=Sachet SMS Daemon for Prometheus Alertmanager
-
- [Service]
- Restart=on-failure
- User=sachet
- ExecStart=/usr/local/bin/sachet -config /etc/sachet/config.yml
-
- # systemd hardening-options
- AmbientCapabilities=
- CapabilityBoundingSet=
- DeviceAllow=/dev/null rw
- DevicePolicy=strict
- LimitMEMLOCK=0
- LimitNOFILE=8192
- LockPersonality=true
- MemoryDenyWriteExecute=true
- NoNewPrivileges=true
- PrivateDevices=true
- PrivateTmp=true
- PrivateUsers=true
- ProtectControlGroups=true
- ProtectHome=true
- ProtectKernelModules=true
- ProtectKernelTunables=true
- ProtectSystem=full
- ReadWritePaths=/var/spool/sms/outgoing
- RemoveIPC=true
- RestrictNamespaces=true
- RestrictRealtime=true
- SystemCallArchitectures=native
-
- [Install]
- WantedBy=multi-user.target
-
- ## TODO:
- ## - configure smstools
- ## - build sachet using this branch: https://github.com/spreadspace/sachet/tree/topic/add-smstools
- ## - copy binary to /usr/local/bin/sachet
- ## - $ systemctl daemon-reload
- ## - $ systemctl enable --now sachet
+ - role: streaming/blackmagic/desktopvideo
+# post_tasks:
+# - name: install lm-sensors and i7z
+# apt:
+# name:
+# - lm-sensors
+# - i7z
+#
+# - name: load modules for lm-sensors
+# vars:
+# sensors_modules:
+# - coretemp
+# block:
+# - name: load special modules for lm-sensors
+# loop: "{{ sensors_modules }}"
+# modprobe:
+# name: "{{ item }}"
+# state: present
+#
+# - name: make sure sensor modules are loaded on reboot
+# copy:
+# content: |
+# # Ansible managed
+#
+# {% for module in sensors_modules %}
+# {{ module }}
+# {% endfor %}
+# dest: /etc/modules-load.d/sensors.conf
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 21:12:18 +0000