diff options
Diffstat (limited to 'inventory/host_vars/sk-cloudio')
-rw-r--r-- | inventory/host_vars/sk-cloudio/bluespice.yml | 20 | ||||
-rw-r--r-- | inventory/host_vars/sk-cloudio/collabora.yml | 14 | ||||
-rw-r--r-- | inventory/host_vars/sk-cloudio/etherpad.yml | 58 | ||||
-rw-r--r-- | inventory/host_vars/sk-cloudio/nextcloud.yml | 180 | ||||
-rw-r--r-- | inventory/host_vars/sk-cloudio/onlyoffice.yml | 22 | ||||
-rw-r--r-- | inventory/host_vars/sk-cloudio/pigallery2.yml | 20 | ||||
-rw-r--r-- | inventory/host_vars/sk-cloudio/vars.yml | 111 |
7 files changed, 214 insertions, 211 deletions
diff --git a/inventory/host_vars/sk-cloudio/bluespice.yml b/inventory/host_vars/sk-cloudio/bluespice.yml deleted file mode 100644 index 30b3f330..00000000 --- a/inventory/host_vars/sk-cloudio/bluespice.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -## bluespice role does not work yet... - -# bluespice_zfs: -# pool: storage -# name: bluespice -# properties: -# compression: lz4 -# quota: 20G - -# bluespice_instances: -# example: -# version: 4.2.4 -# port: 8000 -# hostname: bs.elev8.at -# language: en -# admin: -# username: admin -# password: test -# db_password: secretgeheim diff --git a/inventory/host_vars/sk-cloudio/collabora.yml b/inventory/host_vars/sk-cloudio/collabora.yml index 93cab2eb..5910da27 100644 --- a/inventory/host_vars/sk-cloudio/collabora.yml +++ b/inventory/host_vars/sk-cloudio/collabora.yml @@ -1,11 +1,17 @@ --- -collabora_code_base_path: /srv/storage/collabora/code - collabora_code_instances: o.skillz.biz: - version: 23.05.6.4.1 + version: 24.04.6.2.1 port: 8200 - hostname: o.skillz.biz + storage: + type: directory + dest: /srv/storage/collabora/code/o.skillz.biz + publish: + zone: "{{ apps_publish_zone__sk_cloudio }}" + hostnames: + - o.skillz.biz + tls: + certificate_provider: acmetool admin: username: admin password: "{{ vault_collabora_code_admin_passwords['o.skillz.biz'] }}" diff --git a/inventory/host_vars/sk-cloudio/etherpad.yml b/inventory/host_vars/sk-cloudio/etherpad.yml deleted file mode 100644 index a368be44..00000000 --- a/inventory/host_vars/sk-cloudio/etherpad.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -etherpad_lite_zfs: - pool: storage - name: etherpad-lite - properties: - compression: lz4 - -etherpad_lite_instances: - pad.elevate.at: - version: c65c5f17aa26c9179ce591f44721861ba6f6bec4-elevate - port: 8300 - hostnames: - - pad.elevate.at - zfs_properties: - quota: 5G - settings: - title: Elevate Etherpad - users: - admin: - is_admin: true - password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['admin'] }}" - user: - is_admin: false - password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['user'] }}" - - defaultPadText: "Welcome to the ELEVATE - Etherpad!\n\nThis pad text is synchronized\ - \ as you type, so that everyone viewing this page sees the same text. This allows\ - \ you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http://etherpad.org\n\ - \n IMPORTANT: THIS PAD IS PRIVIDED FOR FREE TO THE PUBLIC! There is no guarantee\ - \ for your data - please take care of backups yourself! This is usually intended\ - \ only for the Elevate Team and it might get access control in the future! If you\ - \ are interested in having a PAD for your project, please get back to dan@elevate.at\ - \ for information. It can be made available!" - favicon: favicon.ico - - maxAge: 21600 - editOnly: false - minify: true - requireSession: false - requireAuthentication: false - requireAuthorization: false - socketTransportProtocols: [xhr-polling, jsonp-polling, htmlfile] - abiword: null - loglevel: INFO - logconfig: - appenders: - - type: console - dbType: "mysql" - dbSettings: - host: "127.0.0.1" - user: "etherpad-lite" - password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}" - database: "etherpad-lite" - charset: "utf8mb4" - database: - type: mariadb - version: 10.4.22 - password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}" diff --git a/inventory/host_vars/sk-cloudio/nextcloud.yml b/inventory/host_vars/sk-cloudio/nextcloud.yml index a0b52cb5..3c5e5ae0 100644 --- a/inventory/host_vars/sk-cloudio/nextcloud.yml +++ b/inventory/host_vars/sk-cloudio/nextcloud.yml @@ -1,94 +1,116 @@ --- -nextcloud_zfs: +_nextcloud_zfs_base_: pool: storage name: nextcloud - properties: - compression: lz4 nextcloud_instances: - luzesombra.skillz.biz: - # new: true - version: 29.0.3 - port: 8100 - hostnames: - - luzesombra.skillz.biz - zfs_properties: - quota: 200G - redis: - version: 7.2.1 - database: - type: mariadb - version: 11.1.2 - password: "{{ vault_nextcloud_database_passwords['luzesombra.skillz.biz'] }}" - insomnia.skillz.biz: - # new: true - version: 29.0.3 - port: 8101 - hostnames: - - insomnia.skillz.biz - zfs_properties: - quota: 400G - redis: - version: 7.2.1 - database: - type: mariadb - version: 10.11.5 - password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}" - nc.skillz.biz: - # new: true - version: 29.0.3 - port: 8102 - hostnames: - - nc.skillz.biz - zfs_properties: - quota: 200G - redis: - version: 7.2.1 - database: - type: mariadb - version: 10.11.5 - password: "{{ vault_nextcloud_database_passwords['nc.skillz.biz'] }}" - extra_args: - - "--log_bin_trust_function_creators=true" - custom_image: - dockerfile: | - RUN set -x \ - && apt-get update -q \ - && apt-get install -y -q ffmpeg \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - visuals.pixeldada.com: - # new: true - version: 29.0.3 - port: 8103 - hostnames: - - visuals.pixeldada.com - zfs_properties: - quota: 100G - redis: - version: 7.2.4 - database: - type: mariadb - version: 11.3.2 - password: "{{ vault_nextcloud_database_passwords['visuals.pixeldada.com'] }}" - extra_args: - - "--log_bin_trust_function_creators=true" - custom_image: - dockerfile: | - RUN set -x \ - && apt-get update -q \ - && apt-get install -y -q ffmpeg \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +# luzesombra.skillz.biz: +# # new: true +# version: 29.0.4 +# port: 8100 +# hostnames: +# - luzesombra.skillz.biz +# storage: +# type: zfs +# parent: "{{ _nextcloud_zfs_base_ }}" +# name: luzesombra.skillz.biz +# properties: +# quota: 200G +# redis: +# version: 7.2.1 +# database: +# type: mariadb +# version: 11.1.2 +# password: "{{ vault_nextcloud_database_passwords['luzesombra.skillz.biz'] }}" +# insomnia.skillz.biz: +# # new: true +# version: 29.0.4 +# port: 8101 +# hostnames: +# - insomnia.skillz.biz +# storage: +# type: zfs +# parent: "{{ _nextcloud_zfs_base_ }}" +# name: insomnia.skillz.biz +# properties: +# quota: 400G +# redis: +# version: 7.2.1 +# database: +# type: mariadb +# version: 10.11.5 +# password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}" +# nc.skillz.biz: +# # new: true +# version: 29.0.4 +# port: 8102 +# hostnames: +# - nc.skillz.biz +# storage: +# type: zfs +# parent: "{{ _nextcloud_zfs_base_ }}" +# name: nc.skillz.biz +# properties: +# quota: 200G +# redis: +# version: 7.2.1 +# database: +# type: mariadb +# version: 10.11.5 +# password: "{{ vault_nextcloud_database_passwords['nc.skillz.biz'] }}" +# extra_args: +# - "--log_bin_trust_function_creators=true" +# custom_image: +# dockerfile: | +# RUN set -x \ +# && apt-get update -q \ +# && apt-get install -y -q ffmpeg \ +# && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +# visuals.pixeldada.com: +# # new: true +# version: 29.0.4 +# port: 8103 +# hostnames: +# - visuals.pixeldada.com +# storage: +# type: zfs +# parent: "{{ _nextcloud_zfs_base_ }}" +# name: visuals.pixeldada.com +# properties: +# quota: 100G +# redis: +# version: 7.2.4 +# database: +# type: mariadb +# version: 11.3.2 +# password: "{{ vault_nextcloud_database_passwords['visuals.pixeldada.com'] }}" +# extra_args: +# - "--log_bin_trust_function_creators=true" +# custom_image: +# dockerfile: | +# RUN set -x \ +# && apt-get update -q \ +# && apt-get install -y -q ffmpeg \ +# && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* wolke.elev8.at: # new: true version: 29.0.3 port: 8105 - hostnames: - - wolke.elev8.at - zfs_properties: - quota: 10G + storage: + type: zfs + parent: "{{ _nextcloud_zfs_base_ }}" + name: wolke.elev8.at + properties: + quota: 10G redis: version: 7.2.1 database: type: mariadb version: 10.11.5 password: "{{ vault_nextcloud_database_passwords['wolke.elev8.at'] }}" + publish: + zone: "{{ apps_publish_zone__sk_cloudio }}" + hostnames: + - wolke.elev8.at + tls: + certificate_provider: acmetool diff --git a/inventory/host_vars/sk-cloudio/onlyoffice.yml b/inventory/host_vars/sk-cloudio/onlyoffice.yml index 026d11ba..d8d3da82 100644 --- a/inventory/host_vars/sk-cloudio/onlyoffice.yml +++ b/inventory/host_vars/sk-cloudio/onlyoffice.yml @@ -1,20 +1,30 @@ --- -onlyoffice_zfs: +_onlyoffice_zfs_base_: pool: storage name: onlyoffice properties: compression: lz4 - quota: 5G onlyoffice_instances: office.elev8.at: - version: 7.5.1.1 + version: 8.1.1.2 port: 8600 - hostname: office.elev8.at jwt_secret: "{{ vault_onlyoffice_jwt_secrets['office.elev8.at'] }}" + storage: + type: zfs + parent: "{{ _onlyoffice_zfs_base_ }}" + name: office.elev8.at + properties: + quota: 5G database: - version: 9.5.25 + version: 12.20 password: "{{ vault_onlyoffice_database_passwords['office.elev8.at'] }}" amqp: - version: 3.11.28 + version: 3.13.7 password: "{{ vault_onlyoffice_amqp_passwords['office.elev8.at'] }}" + publish: + zone: "{{ apps_publish_zone__sk_cloudio }}" + hostnames: + - office.elev8.at + tls: + certificate_provider: acmetool diff --git a/inventory/host_vars/sk-cloudio/pigallery2.yml b/inventory/host_vars/sk-cloudio/pigallery2.yml deleted file mode 100644 index 2a7d5c84..00000000 --- a/inventory/host_vars/sk-cloudio/pigallery2.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -pigallery2_zfs: - pool: storage - name: pigallery2 - properties: - compression: lz4 - -pigallery2_instances: - pix.elevate.at: - version: 1.9.3 - port: 8700 - hostname: pix.elevate.at - zfs_properties: - quota: 5G - images_paths: - 2019: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2019/ - 2020: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2020/ - 2021: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2021/ - 2022: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2022/ - 2023: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2023/ diff --git a/inventory/host_vars/sk-cloudio/vars.yml b/inventory/host_vars/sk-cloudio/vars.yml index a6306161..be136e82 100644 --- a/inventory/host_vars/sk-cloudio/vars.yml +++ b/inventory/host_vars/sk-cloudio/vars.yml @@ -1,19 +1,43 @@ --- -system_lvm_volume_size_root: 3584M +system_lvm_volume_size_root: 4G system_lvm_volume_size_varlog: 5G install: - cloud: - credentials: "{{ vault_hroot_robot_account }}" - server_name: "{{ host_name }}" + vm: + memory: 48G + numcpus: 12 + autostart: True disks: - primary: software-raid - raid: - level: 1 - members: - - /dev/nvme0n1 - - /dev/nvme1n1 - system_lvm: - size: 15G + primary: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0 + scsi: + sda: + type: zfs + name: root + size: 15g + sdb: + type: zfs + name: data + size: 900g + properties: + 'syncoid:sync': 'false' + interfaces: + - bridge: br-public + name: primary0 + +network: + nameservers: "{{ vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: &_network_primary_ + name: primary0 + address: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) }}" + gateway: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ansible.utils.ipaddr('address') }}" + template: overlay + overlay: "{{ (vm_host.network.bridges.public.overlays.default.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.overlays.default.offsets[inventory_hostname])).split('/')[0] }}" + interfaces: + - *_network_primary_ + +external_ip: "{{ network.primary.overlay }}" apt_repo_components: @@ -22,7 +46,6 @@ apt_repo_components: - non-free-firmware spreadspace_apt_repo_components: - - main - container @@ -33,20 +56,23 @@ zfs_arc_size: zfs_pools: storage: mountpoint: /srv/storage - create_vdevs: mirror /dev/nvme0n1p3 /dev/nvme1n1p3 + create_vdevs: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-1 properties: ashift: 12 autotrim: "on" +zfs_volumes: + storage: + nextcloud: + properties: + compression: lz4 + xattr: sa + zfs_sanoid_modules: storage/nextcloud: use_template: production recursive: yes process_children_only: yes - storage/etherpad-lite: - use_template: production - recursive: yes - process_children_only: yes storage/keycloak: use_template: production recursive: yes @@ -58,6 +84,8 @@ zfs_sanoid_modules: docker_pkg_provider: docker-com +docker_plugins: + - buildx docker_storage: type: zfs @@ -73,7 +101,7 @@ kubelet_storage: properties: quota: 20G -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 @@ -94,8 +122,43 @@ postfix_base_inet_protocols: acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -## TODO: remove once migration of elevate services has been done -ssh_users_root: - - equinox - - dan - - brt + +sk_cloudio_apps_publish_ca_key: "{{ vault_sk_cloudio_apps_publish_ca_key }}" +sk_cloudio_apps_publish_ca_cert: | + -----BEGIN CERTIFICATE----- + MIIE+DCCAuCgAwIBAgIUWYAlW7BhaDHZaWjkVlttP26KVhgwDQYJKoZIhvcNAQEL + BQAwKTEnMCUGA1UEAwweQXBwcyBQdWJsaXNoIENBIGZvciBzay1jbG91ZGlvMCAX + DTI0MDgyNDIwNDEzNloYDzIwNjQwNzA2MjA0MTM2WjApMScwJQYDVQQDDB5BcHBz + IFB1Ymxpc2ggQ0EgZm9yIHNrLWNsb3VkaW8wggIiMA0GCSqGSIb3DQEBAQUAA4IC + DwAwggIKAoICAQDUOVJTgNrqTlD6FXupVLIoMbQ7O9Xj3XmtYGVtF6LUPodbrlTs + 9TRkhWwVSUGokfgRtKOx1Zk13HFadKw92t9zzTVnT62drH9xOPPGitBXyxeCiyzr + Ib98qnDeO9o+9x0cRsg4tvjksfyMV0JtFxOsSJ6diHrGrakk9SIRVk63GYbRSKBQ + wKCeAihFX35oyd3qCmIt6ZuueX5Z2dNdiaXmcrwe0MhBghd4Upqe3BPopGeVzJtY + Bm6Fsq/V2H28g6l3kNU5sPpgPWMpDRuUTjnfe1MFVu51QwmbkxqWhODaH8dClshJ + imACGnRmTxJ5bAqBbT2z3IEdhaEnKKUyN8OYqX3mtmU1/We9d52cLvghtbiRuhrE + 4eK7GRCvc0QqU/hk6eFvfXVd5KI48tB8at9tKP6tWeavlYyfq5G3canmzOTTbxuA + TfpbFrHIwHCk9M3VTIcABMeb38EGoOpaSTTcX3eOT/k97tQJPKFlfl+EF+fhbijN + 1CEdR+6m2BIvcNmGkKl0VH6eVXiAUFKm03Kg1sH0gh4upQKdx+54szF51jsrHcPI + 16oBChS0t+JG1tcvbluVWwLMw1G5nvm302/RxYahNyCniMAUl/eaubTHarTBtK7w + lAYryanwtlbAR/XQZAHBNzhG/2er1nCr6E5Wh+98ID+ElWbmaQ5ale/8OQIDAQAB + oxYwFDASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4ICAQCpTUjN + veOg2dZ/44tg5P5RnZKZFiyYapaaxv3W6cfqpfUhrI8qSuBn9G/UAJAfMszU87rf + OZ1PRZCFuzu+dB7CrmMgvqt0cTRpaxlN9CzZpfpFADlt9NQKYxK4T8IxIZ7ebISl + UNyX08mRXNB3N+Qq1CcTVtwHNLbnwkLttryGJ1tmAwEu4QIHauG7cDXFQuRGP0CE + x+DSdLTcs6hvOYq4OfpX0Zci5zy4SI50DLoT5h94IaIPAL6XBi7n9bj8ZSHqa1ZC + lveyaGguEy53meARTXSCm/jxtpo8xD7pWz4vnYPZuyMGe9rbE77Y8CwWK/RvUdYx + th09ALKw76W59e78RkxKTqBvGmZYw1igY4p8IqcXci65xtO2HiRDHX2jU7AYkgAD + z5Rv+2ZMcOQHOPzxDRXk06+pQUZ3qQ3cU9ASziTSaLITnMVH0VokRNXvSZYxeuwR + yDqb1H4MsV91Sy4UyXmtfXZYouM3/3OwCzxpkgvxdVdQBzssUssLrRcS5UEcJGr8 + 69M2CNHXX1fy0mLKdgqHNPzX9ALnqTHJMV5C5J3Q4RU6Vl2Un3Vg3A3dRKLPkg5P + C69nyBua3CIlx6Z8o2Ik9tJdwCULV6lYLGEfpsJHt627gF893Jexxuo3zI7XWQhb + ucrEkA2qzf0fHzCwFeiACMjssiN1YyevdI4Flw== + -----END CERTIFICATE----- + +apps_publish_zone__sk_cloudio: + name: sk-cloudio + publisher: sk-cloudio + certificate_provider: static-ca + certificate_ca_config: + cert_content: "{{ sk_cloudio_apps_publish_ca_cert }}" + key_content: "{{ sk_cloudio_apps_publish_ca_key }}" |