diff options
Diffstat (limited to 'inventory/host_vars')
-rw-r--r-- | inventory/host_vars/glt-calypso.yml | 77 | ||||
-rw-r--r-- | inventory/host_vars/glt-coturn.yml | 56 | ||||
-rw-r--r-- | inventory/host_vars/glt-gw-r3.yml | 147 | ||||
-rw-r--r-- | inventory/host_vars/glt-gw-tug.yml | 177 | ||||
-rw-r--r-- | inventory/host_vars/glt-jitsi.yml (renamed from inventory/host_vars/glt-meet1.yml) | 16 | ||||
-rw-r--r-- | inventory/host_vars/glt-meet2.yml | 65 | ||||
-rw-r--r-- | inventory/host_vars/glt-stream.yml | 8 | ||||
-rw-r--r-- | inventory/host_vars/glt-tsdatacop.yml | 70 |
8 files changed, 12 insertions, 604 deletions
diff --git a/inventory/host_vars/glt-calypso.yml b/inventory/host_vars/glt-calypso.yml deleted file mode 100644 index afa7766c..00000000 --- a/inventory/host_vars/glt-calypso.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -system_lvm_volume_size_root: 3G - -install: - efi: true - disks: - primary: /dev/disk/by-id/ata-OCZ-VERTEX2_OCZ-5328NA52AN84G246 - kernel_cmdline: - - "consoleblank=0" - - "nomodeset" - -network: - nameservers: "{{ network_zones.r3_lan.dns }}" - domain: "{{ host_domain }}" - primary: &_network_primary_ - name: eno1 - address: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets[inventory_hostname]) }}" - gateway: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets['glt-gw-r3']) | ansible.utils.ipaddr('address') }}" - interfaces: - - *_network_primary_ - - -apt_repo_components: - - main - - contrib ## for zfs - - non-free-firmware ## for microcode updates - -spreadspace_apt_repo_components: - - container - -zfs_arc_size: - min: 1GB - max: 2GB - -zfs_pools: - storage: - mountpoint: /srv/storage - create_vdevs: mirror /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720805 /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720811 - - -blackmagic_desktopvideo_version: 12.5a15 -blackmagic_desktopvideo_include_gui: yes - - -docker_pkg_provider: docker-com -docker_storage: - type: lvm - vg: "{{ host_name }}" - lv: docker - size: 15G - fs: ext4 - -kubelet_storage: - type: lvm - vg: "{{ host_name }}" - lv: kubelet - size: 10G - fs: ext4 - -kubernetes_version: 1.29.2 -kubernetes_container_runtime: docker -kubernetes_standalone_max_pods: 42 -kubernetes_standalone_cni_variant: with-portmap - - -recorder_storage: - type: zfs - pool: storage - name: recorder -recorder_base_path: /srv/storage/recorder -recorder_inst_name: feed-glt21s1 -recorder_ffmpeg_image_version: bookworm-decklink12.5-2024-02-18.33 -recorder_input: ['-f', 'decklink', '-video_input', 'sdi', '-format_code', 'Hp25', '-channels', '2', '-i', 'DeckLink SDI (1)'] -recorder_video_filter_common: "colorspace=iall=bt709:irange=tv:all=bt709:range=tv" - -recorder_segment_time: 3600 -recorder_segment_clocktime_offset: 3300 diff --git a/inventory/host_vars/glt-coturn.yml b/inventory/host_vars/glt-coturn.yml deleted file mode 100644 index 6dc0f5c4..00000000 --- a/inventory/host_vars/glt-coturn.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -docker_storage: - type: lvm - vg: "{{ host_name }}" - lv: docker - size: 5G - fs: ext4 - -kubelet_storage: - type: lvm - vg: "{{ host_name }}" - lv: kubelet - size: 5G - fs: ext4 - - -spreadspace_apt_repo_components: - - container - -acme_client: acmetool - - -kubernetes_version: 1.29.2 -kubernetes_container_runtime: docker -kubernetes_standalone_max_pods: 100 -kubernetes_standalone_pod_cidr: 192.168.255.0/24 -kubernetes_standalone_cni_variant: with-portmap - - -coturn_version: 4.6.2-r4 -coturn_realm: linuxtage.at -coturn_hostnames: - - cdn13.linuxtage.at - -coturn_auth_secret: "{{ vault_coturn_auth_secret }}" -coturn_listening_port: 3478 -coturn_tls_listening_port: 443 -coturn_install_nginx_vhost: no -coturn_tls: - certificate_provider: "{{ acme_client }}" - - -mumble_version: v1.4.287-4 -mumble_instance: linuxtage.at -mumble_hostnames: - - mumble.linuxtage.at -mumble_tls: - certificate_provider: "{{ acme_client }}" - -mumble_superuser_password: "{{ vault_mumble_superuser_password }}" - -mumble_config_options: - bonjour: false - sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5" - welcometext: "Willkommen im Mumble der Grazer Linuxtage <br>Intercom für Helfer und Orga während der GLT21" - rememberchannel: true diff --git a/inventory/host_vars/glt-gw-r3.yml b/inventory/host_vars/glt-gw-r3.yml deleted file mode 100644 index d5d8538e..00000000 --- a/inventory/host_vars/glt-gw-r3.yml +++ /dev/null @@ -1,147 +0,0 @@ ---- -openwrt_arch: x86 -openwrt_target: geode -openwrt_profile: generic -openwrt_output_image_suffixes: - - "{{ openwrt_profile }}-ext4-combined.img.gz" - -openwrt_packages_remove: - - ppp - - ppp-mod-pppoe - - firewall - - dnsmasq - - odhcpd-ipv6only -openwrt_packages_add: - - kmod-ipt-nat - - kmod-ipt-conntrack - - haveged - - htop - - ip - - less - - nano - - tcpdump-mini - - iperf - - iperf3 - - mtr - - iptraf-ng - - -openwrt_mixin: - /etc/dropbear/authorized_keys: - content: "{{ ssh_keys_root | join('\n') }}\n" - - /etc/htoprc: - file: "{{ global_files_dir }}/common/htoprc" - - /etc/rc.d/S22network-fw: - link: "../init.d/network-fw" - - /etc/rc.d/K92network-fw: - link: "../init.d/network-fw" - - /etc/init.d/network-fw: - mode: "0755" - content: | - #!/bin/sh /etc/rc.common - - START=22 - STOP=91 - - start() { - WAN_IF=$(uci get network.wan.device) - LAN_IF=$(uci get network.lan.device) - LAN_IP=$(uci get network.lan.ipaddr) - LAN_MASK=$(uci get network.lan.netmask) - - iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT - - ### external incoming - iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT - iptables -A INPUT -i "$WAN_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT - iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - ### internal - iptables -A INPUT -i "$LAN_IF" -p udp --dport 67 --sport 68 -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -p udp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -p tcp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - - iptables -A INPUT -i "$LAN_IF" -p icmp -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -p tcp --dport {{ ansible_port }} -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - iptables -A FORWARD -i "$LAN_IF" -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A FORWARD -i "$WAN_IF" -o "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j MASQUERADE - - ### default policies - iptables -P INPUT DROP - iptables -P FORWARD DROP - } - - stop() { - iptables -P INPUT ACCEPT - iptables -F INPUT - iptables -P FORWARD ACCEPT - iptables -F FORWARD - iptables -t nat -F POSTROUTING - } - -openwrt_uci: - system: - - name: system - options: - hostname: '{{ host_name }}' - timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' - ttylogin: '0' - log_size: '64' - urandom_seed: '0' - - - name: timeserver 'ntp' - options: - enabled: '1' - enable_server: '0' - server: - - '0.lede.pool.ntp.org' - - '1.lede.pool.ntp.org' - - '2.lede.pool.ntp.org' - - '3.lede.pool.ntp.org' - - dropbear: - - name: dropbear - options: - PasswordAuth: 'off' - RootPasswordAuth: 'off' - Port: '{{ ansible_port }}' - - network: - - name: globals 'globals' - options: - ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48" - - - name: interface 'loopback' - options: - device: lo - proto: static - ipaddr: 127.0.0.1 - netmask: 255.0.0.0 - - - name: interface 'wan' - options: - device: eth0 - proto: static - ipaddr: "{{ network_zones.r3_ff.prefix | ansible.utils.ipaddr(network_zones.r3_ff.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" - netmask: "{{ network_zones.r3_ff.prefix | ansible.utils.ipaddr('netmask') }}" - gateway: "{{ network_zones.r3_ff.gateway }}" - dns: "{{ network_zones.r3_ff.dns }}" - - - name: interface 'lan' - options: - device: eth1 - proto: static - ipaddr: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" - netmask: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr('netmask') }}" - - - name: interface 'unused' - options: - device: eth2 - proto: none diff --git a/inventory/host_vars/glt-gw-tug.yml b/inventory/host_vars/glt-gw-tug.yml deleted file mode 100644 index 5e1d0a45..00000000 --- a/inventory/host_vars/glt-gw-tug.yml +++ /dev/null @@ -1,177 +0,0 @@ ---- -openwrt_arch: x86 -openwrt_target: 64 -openwrt_profile: generic -openwrt_output_image_suffixes: - - "{{ openwrt_profile }}-ext4-combined.img.gz" - -openwrt_packages_remove: - - ppp - - ppp-mod-pppoe - - firewall -openwrt_packages_add: - - kmod-ipt-nat - - kmod-ipt-conntrack - - haveged - - htop - - ip - - less - - nano - - tcpdump-mini - - iperf - - iperf3 - - mtr - - iptraf-ng - - -openwrt_mixin: - /etc/dropbear/authorized_keys: - content: "{{ ssh_keys_root | join('\n') }}\n" - - /etc/htoprc: - file: "{{ global_files_dir }}/common/htoprc" - - /etc/rc.d/S22network-fw: - link: "../init.d/network-fw" - - /etc/rc.d/K92network-fw: - link: "../init.d/network-fw" - - /etc/init.d/network-fw: - mode: "0755" - content: | - #!/bin/sh /etc/rc.common - - START=22 - STOP=91 - - start() { - WAN_IF=$(uci get network.wan.device) - LAN_IF="br-lan" - LAN_IP=$(uci get network.lan.ipaddr) - LAN_MASK=$(uci get network.lan.netmask) - - iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT - - ### external incoming - iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT - iptables -A INPUT -i "$WAN_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT - iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - ### internal - iptables -A INPUT -i "$LAN_IF" -p udp --dport 67 --sport 68 -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -p udp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -p tcp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - - iptables -A INPUT -i "$LAN_IF" -p icmp -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -p tcp --dport {{ ansible_port }} -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A INPUT -i "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - iptables -A FORWARD -i "$LAN_IF" -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j ACCEPT - iptables -A FORWARD -i "$WAN_IF" -o "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j MASQUERADE - - ### default policies - iptables -P INPUT DROP - iptables -P FORWARD DROP - } - - stop() { - iptables -P INPUT ACCEPT - iptables -F INPUT - iptables -P FORWARD ACCEPT - iptables -F FORWARD - iptables -t nat -F POSTROUTING - } - -openwrt_uci: - system: - - name: system - options: - hostname: '{{ host_name }}' - timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' - ttylogin: '0' - log_size: '64' - urandom_seed: '0' - - - name: timeserver 'ntp' - options: - enabled: '1' - enable_server: '0' - server: - - '0.lede.pool.ntp.org' - - '1.lede.pool.ntp.org' - - '2.lede.pool.ntp.org' - - '3.lede.pool.ntp.org' - - dropbear: - - name: dropbear - options: - PasswordAuth: 'off' - RootPasswordAuth: 'off' - Port: '{{ ansible_port }}' - - dhcp: - - name: dnsmasq - options: - domainneeded: '1' - boguspriv: '0' - filterwin2k: '0' - localise_queries: '1' - rebind_protection: '0' - rebind_localhost: '1' - local: '/lan/' - domain: 'lan' - expandhosts: '1' - nonegcache: '0' - authoritative: '1' - readethers: '1' - leasefile: '/tmp/dhcp.leases' - resolvfile: '/tmp/resolv.conf.auto' - localservice: '1' - - - name: odhcpd 'odhcpd' - options: - maindhcp: '0' - leasefile: '/tmp/hosts/odhcpd' - leasetrigger: '/usr/sbin/odhcpd-update' - - - name: dhcp 'wan' - options: - interface: 'wan' - ignore: '1' - - - name: dhcp 'lan' - options: - interface: 'lan' - start: "{{ network_zones.tug_lan.dhcp.start }}" - limit: "{{ network_zones.tug_lan.dhcp.limit }}" - leasetime: "{{ network_zones.tug_lan.dhcp.leasetime | default('12h') }}" - dhcpv6: 'disabled' - ra: 'disabled' - - network: - - name: globals 'globals' - options: - ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48" - - - name: interface 'loopback' - options: - device: lo - proto: static - ipaddr: 127.0.0.1 - netmask: 255.0.0.0 - - - name: interface 'lan' - options: - type: bridge - device: "eth0 eth1 eth2 eth3 eth4" - proto: static - ipaddr: "{{ network_zones.tug_lan.prefix | ansible.utils.ipaddr(network_zones.tug_lan.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" - netmask: "{{ network_zones.tug_lan.prefix | ansible.utils.ipaddr('netmask') }}" - - - name: interface 'wan' - options: - device: eth5 - proto: dhcp - macaddr: 00:11:22:33:44:55 diff --git a/inventory/host_vars/glt-meet1.yml b/inventory/host_vars/glt-jitsi.yml index a7d619c8..4242da92 100644 --- a/inventory/host_vars/glt-meet1.yml +++ b/inventory/host_vars/glt-jitsi.yml @@ -1,4 +1,10 @@ --- +install: + cloud: + credentials: + token: "{{ vault_hcloud_api_token }}" + + docker_storage: type: lvm vg: "{{ host_name }}" @@ -16,11 +22,13 @@ kubelet_storage: spreadspace_apt_repo_components: - container + - prometheus +acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -kubernetes_version: 1.29.2 +kubernetes_version: 1.29.3 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_cni_variant: with-portmap @@ -28,8 +36,8 @@ kubernetes_standalone_cni_variant: with-portmap jitsi_meet_base_path: /srv/jitsi/meet -jitsi_meet_version: stable-9258 -jitsi_meet_hostname: meet1.linuxtage.at +jitsi_meet_version: stable-9364-1 +jitsi_meet_hostname: glt-jitsi.spreadspace.org jitsi_meet_p2p_enable: no jitsi_meet_require_display_name: yes @@ -62,4 +70,4 @@ jitsi_meet_streamui: # http_auth: # operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}" image_tag: latest - default_control_room: glt + default_control_room: ohro0tum diff --git a/inventory/host_vars/glt-meet2.yml b/inventory/host_vars/glt-meet2.yml deleted file mode 100644 index b194b9f6..00000000 --- a/inventory/host_vars/glt-meet2.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -docker_storage: - type: lvm - vg: "{{ host_name }}" - lv: docker - size: 5G - fs: ext4 - -kubelet_storage: - type: lvm - vg: "{{ host_name }}" - lv: kubelet - size: 5G - fs: ext4 - - -spreadspace_apt_repo_components: - - container - -acme_client: acmetool - - -kubernetes_version: 1.29.2 -kubernetes_container_runtime: docker -kubernetes_standalone_max_pods: 100 -kubernetes_standalone_cni_variant: with-portmap - - -jitsi_meet_base_path: /srv/jitsi/meet - -jitsi_meet_version: stable-9258 -jitsi_meet_hostname: meet2.linuxtage.at - -jitsi_meet_p2p_enable: no -jitsi_meet_require_display_name: yes - -jitsi_meet_resolution: - default: - width: 1920 - height: 1080 - min: - width: 1280 - height: 720 - -jitsi_meet_jvb_config_extra: | - videobridge { - cc { - trust-bwe = false - onstage-preferred-framerate = 25 - } - } - -jitsi_meet_secrets: "{{ vault_jitsi_meet_secrets }}" - -jitsi_meet_auth: - enable_guests: yes - users: - operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}" - -jitsi_meet_streamui: - http_port: "{{ jitsi_meet_http_port + 1 }}" -# http_auth: -# operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}" - image_tag: latest - default_control_room: glt diff --git a/inventory/host_vars/glt-stream.yml b/inventory/host_vars/glt-stream.yml deleted file mode 100644 index db9292da..00000000 --- a/inventory/host_vars/glt-stream.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -lvm_volumes: - system/www: - vg: "{{ host_name }}" - lv: www - size: 10G - fs: ext4 - dest: /srv/www diff --git a/inventory/host_vars/glt-tsdatacop.yml b/inventory/host_vars/glt-tsdatacop.yml deleted file mode 100644 index c78513a6..00000000 --- a/inventory/host_vars/glt-tsdatacop.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -system_lvm_volume_size_root: 3G - -install: - efi: false - disks: - primary: /dev/disk/by-id/ata-WDC_WDS120G2G0A-00JH30_200854446208 - kernel_cmdline: - - "consoleblank=0" - -network: - nameservers: "{{ network_zones.r3_lan.dns }}" - domain: "{{ host_domain }}" - primary: &_network_primary_ - name: eno1 - address: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets[inventory_hostname]) }}" - gateway: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets['glt-gw-r3']) | ansible.utils.ipaddr('address') }}" - interfaces: - - *_network_primary_ - - -spreadspace_apt_repo_components: - - container - - -lvm_groups: - storage: - pvs: - - /dev/disk/by-id/ata-WDC_WD5000AAJS-00TKA0_WD-WCAPW2771922-part1 - - -blackmagic_desktopvideo_version: 12.5a15 -blackmagic_desktopvideo_include_gui: yes - - -docker_pkg_provider: docker-com -docker_storage: - type: lvm - vg: "{{ host_name }}" - lv: docker - size: 15G - fs: ext4 - -kubelet_storage: - type: lvm - vg: "{{ host_name }}" - lv: kubelet - size: 10G - fs: ext4 - -kubernetes_version: 1.29.2 -kubernetes_container_runtime: docker -kubernetes_standalone_max_pods: 42 -kubernetes_standalone_cni_variant: with-portmap - - -recorder_storage: - type: lvm - vg: storage - lv: recorder - size: 400G - fs: ext4 -recorder_base_path: /srv/recorder -recorder_inst_name: feed-glt21s3 -recorder_ffmpeg_image_version: bookworm-decklink12.5-2024-02-18.33 -recorder_input: ['-f', 'decklink', '-video_input', 'sdi', '-format_code', 'Hp25', '-channels', '2', '-i', 'DeckLink Mini Recorder'] -recorder_video_filter_common: "colorspace=iall=bt709:irange=tv:all=bt709:range=tv" - -recorder_segment_time: 3600 -recorder_segment_clocktime_offset: 3300 |