diff options
Diffstat (limited to 'inventory')
39 files changed, 422 insertions, 298 deletions
diff --git a/inventory/group_vars/accesspoints/vars.yml b/inventory/group_vars/accesspoints/vars.yml index 5545dae7..653c2262 100644 --- a/inventory/group_vars/accesspoints/vars.yml +++ b/inventory/group_vars/accesspoints/vars.yml @@ -148,7 +148,6 @@ openwrt_packages_add: - less - nano - tcpdump-mini - - horst - prometheus-node-exporter-lua - prometheus-node-exporter-lua-netstat - prometheus-node-exporter-lua-openwrt diff --git a/inventory/group_vars/all/users.yml b/inventory/group_vars/all/users.yml index 3fb26b34..0dce7e82 100644 --- a/inventory/group_vars/all/users.yml +++ b/inventory/group_vars/all/users.yml @@ -49,9 +49,6 @@ ssh_key_map: chaos-at-home: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL8afqxWieebpxezBuLj2CIx/iAuTY9ziJt8JCJE0qYh+B2wXe9e+sPaKwz5yyS0X0MoEPHbYuVytxGQfGhdVR57gWWTYq5MBBFEqmu5MexAFKlNxad4TNQQwhs7rnI+lptKJO+rqeG/vaQBgao+61ZVwRR5Zr1zsXEoo5m4VB8VPo3TW0nSb97LdMyUmb1TaqDKJ5hrtrV6YcokXzE8FwHMK15oJsuJC7YUReijol3hGsRVw1H5S1zu4uDz7G32dPVxoLOPgupnf0SxnXdNVfNU50MHHSK68HzBXz4/rE1YLacRPloOhO7xegkWd5KGa09opEbUGzGu/lSXgHuAJpPgloy14cehDhLJ7F7SbXK4QBBtVgV+1CYXG2eJsRHIdkWiTWLuG+QZ4oEFLjQBjWpUYsEiDt9FEtSVCtKH2vBk26ps5yIoSCtYq6POvg9miGgcpQA6HHwh5ekVUaKRGWuMdAIvjvQSlCsFjYkxD1NpCgU1RhyWWTI3xTSKzTxcXiCWWZoBDJVoW46EpSvySsOpxL/hLxJwMR8ouc6cPRZZl3m51824Rv3LdEXNBmn3vnojzIvrOed3sxpD0+7+tbA4J1uTbAxtkOMhK94WXKiUAOD7e5bJYdzajvDD2T9tkj/Mqdo8z3iR2/yjkGMEAeWWVOQEh7QhQS7OFEAKK4fw== equinox@chaos-at-home.org - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBO6D6zd2fJiBiacdHFPQ99XadnS8GPjicYxL5+8Zjjb equinox@chaos-at-home.org - dan: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwjCMiwyz7f0b1b6S5RjGbYXjd+hkTVsNzZ9xIkqqvdF8zCU6qZTqkhem13m6E1aPjALl0iyrmpb8N2pmASD7axUaTMTDd2tktkB3LULBbQCCApMnw5viZc9fm9dLBdbdiYyRtNrpk/b39V+9uViAbRtATBrYS5vV/14gT42WxPhpFiCz6A5JsKpmbBafS9vfexnqLTvKBtYLt+zhuS9eFovMHM5k7Qq4mRdKe+wdMBDeRls2z2G/ZjPrfHAkw2WctFUdSY+YAVzLB0SddVWnbOSZ19tsnzskyHpDD49LWb7wYl0OJ9fhxO02lnxW5Vdpwwwx8I7FVH83fDTQpzfSdr8tMY3F9rvCmi4noiTGDE2AAWqh73unKuydvBomNYX8HbuiJO9eTgwUIRAqsl8vHNU5rA10YF5r2SUqofrBNfINUH8x0NhpLGzNPIlazndaPY1no+XeQRQtgSU1bdDQzmySyyn5g9mlMSTU+jHfzyoK7yqlKE0W/R2ZTOEwr6+uRdFqn+mWmB0Mr20YavjVretseVs1AkmqaVClEO1juwb/CWI//Nd4uboD9zdZwkHmCjLlOmC+GkGrnLValaqQDh8iR8aKiVbaQVffl3ph1pD3BCn79KJy56YySLTbaI4lFDUHherkTdvgyMVmZJZMROzwuX7i4bi04TZ/GKTfDrw== equinox@elevate.at - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICU107TyOHAQjWTq6A05IiazdoOvzmrSOOgvjRiih/z+ equinox@elevate.at spreadspace: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmysXjBidEwJek6hBgaENiyVOwroFi19xRZZw+cYYqi6asDfF6B/h6gYNkJGWo0rD5ZaLdau1O210O5Xu+TfK1e2bZbxuFIj2fguUkat9wN6IQIO2m2Wcf4k/eiTmtAE3dp0l5ThMqfxxE8dj76mOOrUHCfJUIVoATGs4X5TLcGcXroAcZ+DFFoDzjxjFYNmIuUNtXDwXTpPc63SAYmRvW0ZYZlvH1qZ6irLh+GtE1dZ1Q5lQZvp6xUYcjInbpcd5Ko3KbG/In7sNmUCI7iaTwC4DPDTcHFj99Ll1jruAbdaQqe+ClZv55dbQ+92RDF6fsuQBD8FeRz7nYChvCqNPT1KOvcVsDtbW0iJ1PZ05QdE27w23wJj9OE0JWM09P3AH3ttswHaJ+P4s7mSxxK2m6YZcqop3czLlWWoGna0ynd5eV6l/rtvAQUvBOXjKQ5fPQY5d9cF0Z87NBE54HM9a/IKZ2toU2MuYNUpI/DUoAA9ILS4bJm3AUz8wbaC5EiuIhbM6I/u0NANamaQKRrolGNP4ETaQvhABs+S3/NSSBy4DMjtwax2BxyenF6i89vyHPNY+LZzBOn842yUlEGn6Z11MxiE5fhIfMPUclSYi5bQJDf1fvAyAo59/AX8sPqRK+/OCLIgLwdtW6D4OZGXjqrBJe2j/5uZSJEsl6ROyKw== equinox@spreadspace.org - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPFw9I25dUMCMM66lIvt6VeBMhAX7tl4qvb7HxXQd8z equinox@spreadspace.org @@ -64,3 +61,8 @@ ssh_key_map: realraum: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF70nrRNdkB/PnoKp+2nmjRavHIexOsS4IrC7Ah0bnwJ equinox@r3.at + elevate: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwjCMiwyz7f0b1b6S5RjGbYXjd+hkTVsNzZ9xIkqqvdF8zCU6qZTqkhem13m6E1aPjALl0iyrmpb8N2pmASD7axUaTMTDd2tktkB3LULBbQCCApMnw5viZc9fm9dLBdbdiYyRtNrpk/b39V+9uViAbRtATBrYS5vV/14gT42WxPhpFiCz6A5JsKpmbBafS9vfexnqLTvKBtYLt+zhuS9eFovMHM5k7Qq4mRdKe+wdMBDeRls2z2G/ZjPrfHAkw2WctFUdSY+YAVzLB0SddVWnbOSZ19tsnzskyHpDD49LWb7wYl0OJ9fhxO02lnxW5Vdpwwwx8I7FVH83fDTQpzfSdr8tMY3F9rvCmi4noiTGDE2AAWqh73unKuydvBomNYX8HbuiJO9eTgwUIRAqsl8vHNU5rA10YF5r2SUqofrBNfINUH8x0NhpLGzNPIlazndaPY1no+XeQRQtgSU1bdDQzmySyyn5g9mlMSTU+jHfzyoK7yqlKE0W/R2ZTOEwr6+uRdFqn+mWmB0Mr20YavjVretseVs1AkmqaVClEO1juwb/CWI//Nd4uboD9zdZwkHmCjLlOmC+GkGrnLValaqQDh8iR8aKiVbaQVffl3ph1pD3BCn79KJy56YySLTbaI4lFDUHherkTdvgyMVmZJZMROzwuX7i4bi04TZ/GKTfDrw== equinox@elevate.at + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICU107TyOHAQjWTq6A05IiazdoOvzmrSOOgvjRiih/z+ equinox@elevate.at + skillz: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEjFaRBmI3JY12earMMxw7t8t4J4fGya8tb1AXUc/wm equinox@skillz.biz diff --git a/inventory/group_vars/ele-infobeamer/vars.yml b/inventory/group_vars/ele-infobeamer/vars.yml index 9aabdfd8..d2407fce 100644 --- a/inventory/group_vars/ele-infobeamer/vars.yml +++ b/inventory/group_vars/ele-infobeamer/vars.yml @@ -10,7 +10,7 @@ info_beamer_wireless: info_beamer_prefer_wired: true -info_beamer_branding_logo: "{{ global_files_dir }}/dan/elevate/info-beamer/branding.ppm" -info_beamer_branding_background: "{{ global_files_dir }}/dan/elevate/info-beamer/e24-branding.jpg" +info_beamer_branding_logo: "{{ global_files_dir }}/elevate/info-beamer/branding.ppm" +info_beamer_branding_background: "{{ global_files_dir }}/elevate/info-beamer/e24-branding.jpg" info_beamer_device_connect_key: "{{ vault_info_beamer_device_connect_key }}" diff --git a/inventory/group_vars/promzone-chaos-at-home/vars.yml b/inventory/group_vars/promzone-chaos-at-home/vars.yml index e59b972a..752bada7 100644 --- a/inventory/group_vars/promzone-chaos-at-home/vars.yml +++ b/inventory/group_vars/promzone-chaos-at-home/vars.yml @@ -5,7 +5,7 @@ prometheus_exporters_extra: [] prometheus_exporters_default: - node -prometheus_exporter_node_version: 1.8.1 +prometheus_exporter_node_version: 1.8.2 prometheus_exporter_ipmi_version: 1.8.0 prometheus_exporter_ssl_version: 2.4.3 prometheus_exporter_blackbox_version: 0.25.0 @@ -14,9 +14,9 @@ prometheus_exporter_smokeping_version: 0.8.1 prometheus_exporter_bind_version: 0.7.0 prometheus_exporter_chrony_version: 0.10.1 prometheus_exporter_chrony_disable_dns_lookups: yes -prometheus_exporter_mosquitto_version: 0.7.2 +prometheus_exporter_mosquitto_version: 0.7.3 -prometheus_server_version: 2.53.0 +prometheus_server_version: 2.54.1 prometheus_alertmanager_version: 0.27.0 prometheus_server: ch-mon @@ -36,6 +36,7 @@ prometheus_server_jobs: - standalone-kubelet - whawty-nginx-sso - mosquitto + - coredns prometheus_zone_name: chaos@home diff --git a/inventory/group_vars/promzone-elevate-festival/vars.yml b/inventory/group_vars/promzone-elevate-festival/vars.yml index 8e1bf156..398f1511 100644 --- a/inventory/group_vars/promzone-elevate-festival/vars.yml +++ b/inventory/group_vars/promzone-elevate-festival/vars.yml @@ -5,7 +5,7 @@ prometheus_exporters_extra: [] prometheus_exporters_default: - node -prometheus_exporter_node_version: 1.8.1 +prometheus_exporter_node_version: 1.8.2 prometheus_exporter_ipmi_version: 1.8.0 prometheus_exporter_ssl_version: 2.4.3 prometheus_exporter_blackbox_version: 0.25.0 @@ -13,7 +13,7 @@ prometheus_exporter_nut_version: 3.1.1 prometheus_exporter_chrony_version: 0.10.1 prometheus_exporter_chrony_disable_dns_lookups: yes -prometheus_server_version: 2.53.0 +prometheus_server_version: 2.54.1 prometheus_alertmanager_version: 0.27.0 prometheus_server: ele-calypso diff --git a/inventory/group_vars/vmhost-sk-2024/vars.yml b/inventory/group_vars/vmhost-sk-2024/vars.yml new file mode 100644 index 00000000..295e1535 --- /dev/null +++ b/inventory/group_vars/vmhost-sk-2024/vars.yml @@ -0,0 +1,27 @@ +--- +vm_host: + name: sk-2024 + network: + dns: + - 185.12.64.1 + - 185.12.64.2 + bridges: + public: + prefix: 192.168.242.0/24 + offsets: + sk-cloudio: 24 + # sk-??: 31 + sk-2024: 254 + nat: yes + overlays: + default: + prefix: 94.130.242.0/24 + offsets: + sk-cloudio: 24 + # sk-??: 31 + zfs: + default: + pool: storage + name: vm + properties: + compression: lz4 diff --git a/inventory/host_vars/ch-apps/vars.yml b/inventory/host_vars/ch-apps/vars.yml index f39d57f1..57a7e485 100644 --- a/inventory/host_vars/ch-apps/vars.yml +++ b/inventory/host_vars/ch-apps/vars.yml @@ -141,7 +141,7 @@ kubelet_storage: quota: 10G 'syncoid:sync': 'false' -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ch-chromebook.yml b/inventory/host_vars/ch-chromebook.yml index bf93cba1..55bde4b6 100644 --- a/inventory/host_vars/ch-chromebook.yml +++ b/inventory/host_vars/ch-chromebook.yml @@ -1,4 +1,7 @@ --- +## enable this for installation if @ N28 +#apt_repo_provider: chaos-at-home-cache + ubuntu_autoinstall_locale: de_AT ubuntu_autoinstall_keyboard_layout: de ubuntu_autoinstall_keyboard_variant: nodeadkeys diff --git a/inventory/host_vars/ch-companion-raspi.yml b/inventory/host_vars/ch-companion-raspi.yml index 54051960..d82f5b8e 100644 --- a/inventory/host_vars/ch-companion-raspi.yml +++ b/inventory/host_vars/ch-companion-raspi.yml @@ -29,11 +29,10 @@ docker_pkg_provider: docker-com docker_plugins: - buildx -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap -kubernetes_standalone_install_kubeletctl: no companion_storage: diff --git a/inventory/host_vars/ch-dione.yml b/inventory/host_vars/ch-dione.yml index 0357d012..1782ceea 100644 --- a/inventory/host_vars/ch-dione.yml +++ b/inventory/host_vars/ch-dione.yml @@ -49,7 +49,7 @@ kubelet_storage: size: 5G fs: ext4 -# kubernetes_version: 1.30.2 +# kubernetes_version: 1.30.4 # kubernetes_container_runtime: docker # kubernetes_standalone_max_pods: 42 # kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ch-equinox-t450s.yml b/inventory/host_vars/ch-equinox-t450s.yml index 1d0864bd..869bcac8 100644 --- a/inventory/host_vars/ch-equinox-t450s.yml +++ b/inventory/host_vars/ch-equinox-t450s.yml @@ -1,4 +1,10 @@ --- +## enable this for installation if @ N28 +#apt_repo_provider: chaos-at-home-cache +#kubernetes_apt_repo_baseurl: http://apt.chaos-at-home.org/kubernetes +#spreadspace_apt_repo_baseurl: http://apt.chaos-at-home.org/spreadspace + + ubuntu_autoinstall_locale: de_AT ubuntu_autoinstall_keyboard_layout: de ubuntu_autoinstall_keyboard_variant: nodeadkeys @@ -25,7 +31,7 @@ install_dhcp: yes network: domain: "{{ host_domain }}" primary: - name: enx00e04d6a076e + name: enx00e04c025fa4 base_modules_blacklist: "{{ base_modules_blacklist_none }}" @@ -96,7 +102,6 @@ ws_base_extra_packages: - clinfo - cmake - cpu-x - - cura - ddrescueview - debhelper - debmake @@ -112,9 +117,12 @@ ws_base_extra_packages: - doxygen - easytag - elpa-debian-el + - elpa-dockerfile-mode - elpa-go-mode + - elpa-jinja2-mode - elpa-lua-mode - elpa-php-mode + - elpa-py-autopep8 - elpa-rust-mode - elpa-web-mode - elpa-yaml-mode @@ -161,7 +169,6 @@ ws_base_extra_packages: - kpartx - libdbd-mysql-perl - libgpgme11 - - libncurses5 - libusb-dev - libusb-1.0-0-dev - libvirt-clients @@ -218,8 +225,7 @@ ws_base_extra_packages: - python3-sphinx-rtd-theme - python3-toml - python3-xopen - - qemu - - qemu-kvm + - qemu-system - qemu-system-gui - qemu-user-static - qemu-utils @@ -256,6 +262,8 @@ ws_base_extra_packages: - texlive-lang-german - texlive-latex-extra - tlp + - tor + - tor-geoipdb - torbrowser-launcher - totem - unrar @@ -280,26 +288,24 @@ ws_base_extra_packages: - xdg-desktop-portal-gtk - xfce4-goodies - xorriso - - xul-ext-lightning - yamllint - yasm # needs apt-repo/spreadspace - go - info-beamer - #- helm ## TODO: not yet in repo for jammy - k9s - kubeletctl - grype # needs apt-repo/ansible - ansible - # needs apt-repo/tor-project - - tor - - tor-geoipdb # needs apt-repo/kubernetes - kubectl # needs apt-repo/element - element-desktop +ws_base_extra_snaps: + - thunderbird + kubernetes_version: "1.30" @@ -422,3 +428,6 @@ ws_flatpak_apps: - name: org.kicad.KiCad shortcuts: - name: kicad + - name: com.ultimaker.cura + shortcuts: + - name: cura diff --git a/inventory/host_vars/ch-equinox-ws.yml b/inventory/host_vars/ch-equinox-ws.yml index 4ead9282..188a309b 100644 --- a/inventory/host_vars/ch-equinox-ws.yml +++ b/inventory/host_vars/ch-equinox-ws.yml @@ -106,7 +106,6 @@ ws_base_extra_packages: - clinfo - cmake - cpu-x - - cura - ddrescueview - debhelper - debmake @@ -122,9 +121,12 @@ ws_base_extra_packages: - doxygen - easytag - elpa-debian-el + - elpa-dockerfile-mode - elpa-go-mode + - elpa-jinja2-mode - elpa-lua-mode - elpa-php-mode + - elpa-py-autopep8 - elpa-rust-mode - elpa-web-mode - elpa-yaml-mode @@ -168,7 +170,6 @@ ws_base_extra_packages: - kpartx - libdbd-mysql-perl - libgpgme11 - - libncurses5 - libusb-dev - libusb-1.0-0-dev - libvirt-clients @@ -183,7 +184,6 @@ ws_base_extra_packages: - meld - meson - mingw-w64 - - mono-devel - mosh - msmtp-mta - mumble @@ -226,8 +226,7 @@ ws_base_extra_packages: - python3-sphinx-rtd-theme - python3-toml - python3-xopen - - qemu - - qemu-kvm + - qemu-system - qemu-system-gui - qemu-user-static - qemu-utils @@ -252,7 +251,7 @@ ws_base_extra_packages: - spice-client-gtk - sqlite3 - sshfs - - steam + - steam-installer - stlink-tools - stm32flash - stress @@ -265,6 +264,8 @@ ws_base_extra_packages: - texlive - texlive-lang-german - texlive-latex-extra + - tor + - tor-geoipdb - torbrowser-launcher - totem - unrar @@ -288,25 +289,25 @@ ws_base_extra_packages: - xdg-desktop-portal-gtk - xfce4-goodies - xorriso - - xul-ext-lightning - yamllint - yasm # needs apt-repo/spreadspace - go - info-beamer - #- helm ## TODO: not yet in repo for jammy - k9s - kubeletctl - grype # needs apt-repo/ansible - ansible - # needs apt-repo/tor-project - - tor - - tor-geoipdb # needs apt-repo/kubernetes - kubectl # needs apt-repo/element - element-desktop + ## needs apt-repo/qmk + #- qmk + +ws_base_extra_snaps: + - thunderbird kubernetes_version: "1.30" @@ -344,3 +345,6 @@ ws_flatpak_apps: - name: org.kicad.KiCad shortcuts: - name: kicad + - name: com.ultimaker.cura + shortcuts: + - name: cura diff --git a/inventory/host_vars/ch-helene.yml b/inventory/host_vars/ch-helene.yml index b9b7c638..52b3a3f9 100644 --- a/inventory/host_vars/ch-helene.yml +++ b/inventory/host_vars/ch-helene.yml @@ -49,7 +49,7 @@ kubelet_storage: size: 5G fs: ext4 -# kubernetes_version: 1.30.2 +# kubernetes_version: 1.30.4 # kubernetes_container_runtime: docker # kubernetes_standalone_max_pods: 42 # kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ch-iot.yml b/inventory/host_vars/ch-iot.yml index 30bee5d8..8eb72d9c 100644 --- a/inventory/host_vars/ch-iot.yml +++ b/inventory/host_vars/ch-iot.yml @@ -78,6 +78,7 @@ coredns_config: | {{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }} apt.chaos-at-home.org no_reverse } + prometheus 127.0.0.1:9153 } @@ -89,6 +90,7 @@ spreadspace_apt_repo_components: prometheus_exporters_extra: - chrony - mosquitto + - coredns prometheus_job_multitarget_blackbox__probe: ch-mon: diff --git a/inventory/host_vars/ch-mon.yml b/inventory/host_vars/ch-mon.yml index 85b2dd8c..b93dbd05 100644 --- a/inventory/host_vars/ch-mon.yml +++ b/inventory/host_vars/ch-mon.yml @@ -141,6 +141,7 @@ prometheus_server_alertmanager: basic_auth: username: server password: "{{ vault_prometheus_alertmanager_auth_user_passwords['server'] }}" + scrape_instance: "{{ inventory_hostname }}" prometheus_server_web_external_url: "http://mon.chaos-at-home.org/prometheus/" @@ -260,13 +261,13 @@ grafana_datasources: manageAlerts: no grafana_dashboards: - - file: node-full + - file: sys/node-full datasource: "Prometheus" - - file: openwrt + - file: sys/openwrt datasource: "Prometheus" - - file: chrony + - file: sys/ipmi datasource: "Prometheus" - - file: environment-sensors + - file: environment/sensors datasource: "Prometheus" - file: blackbox/ssh datasource: "Prometheus" @@ -274,17 +275,19 @@ grafana_dashboards: datasource: "Prometheus" - file: blackbox/mqtt datasource: "Prometheus" - - file: smokeping + - file: net/chrony datasource: "Prometheus" - - file: bind + - file: net/smokeping datasource: "Prometheus" - - file: ipmi + - file: net/bind datasource: "Prometheus" - - file: standalone-kubelet-overview + - file: net/mosquitto datasource: "Prometheus" - - file: apps/whawty-nginx-sso + - file: net/coredns + datasource: "Prometheus" + - file: apps/standalone-kubelet-overview datasource: "Prometheus" - - file: mosquitto + - file: apps/whawty-nginx-sso datasource: "Prometheus" grafana_admin_password: "{{ vault_grafana_admin_password }}" diff --git a/inventory/host_vars/mz-ap.yml b/inventory/host_vars/ch-mz-ap.yml index 044f41f9..044f41f9 100644 --- a/inventory/host_vars/mz-ap.yml +++ b/inventory/host_vars/ch-mz-ap.yml diff --git a/inventory/host_vars/mz-router.yml b/inventory/host_vars/ch-mz-router.yml index 254aaf02..c798623b 100644 --- a/inventory/host_vars/mz-router.yml +++ b/inventory/host_vars/ch-mz-router.yml @@ -1,10 +1,4 @@ --- -## TOOD: -# After router upgrades run this command to generate a new dyndns ssh key -# $ dropbearkey -t ed25519 -f /etc/dyndns/id_ed25519 -# Then replace the key at the dyndns server (/var/lib/dyndns/.ssh/authorized_keys) -# after that run the dyndns update script manually to accept the ssh host-key - openwrt_arch: ath79 openwrt_target: generic openwrt_profile: tplink_tl-wdr4300-v1 diff --git a/inventory/host_vars/ch-pan.yml b/inventory/host_vars/ch-pan.yml index 29ec85ae..74e630a7 100644 --- a/inventory/host_vars/ch-pan.yml +++ b/inventory/host_vars/ch-pan.yml @@ -88,7 +88,7 @@ dyndns: - "dyn.schaaas.at. 7200 IN AAAA 2a02:3e0:407::19" - "captive.schaaas.at. 7200 IN CNAME dyn.schaaas.at." clients: - mz-router: mzl + ch-mz-router: mzl ch-equinox-t450s: equinox ele-media: elemedia diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml index 3f31bcbe..fa15ac69 100644 --- a/inventory/host_vars/ch-router.yml +++ b/inventory/host_vars/ch-router.yml @@ -404,8 +404,8 @@ openwrt_uci: options: enabled: '1' interface: 'eth1' - download: '147000' - upload: '20000' + download: '510000' + upload: '72000' qdisc: 'cake' script: 'piece_of_cake.qos' qdisc_advanced: '0' diff --git a/inventory/host_vars/ele-calypso.yml b/inventory/host_vars/ele-calypso.yml index 75054533..8da4c4af 100644 --- a/inventory/host_vars/ele-calypso.yml +++ b/inventory/host_vars/ele-calypso.yml @@ -74,7 +74,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap @@ -101,6 +101,7 @@ prometheus_server_storage: prometheus_server_alertmanager: url: "127.0.0.1:9093" path_prefix: "/alertmanager/" + scrape_instance: "{{ inventory_hostname }}" prometheus_server_web_external_url: "http://{{ network.primary.address | ansible.utils.ipaddr('address') }}/prometheus/" @@ -173,19 +174,19 @@ grafana_datasources: manageAlerts: no grafana_dashboards: - - file: node-full + - file: sys/node-full datasource: "Prometheus" - - file: openwrt + - file: sys/openwrt datasource: "Prometheus" - - file: chrony + - file: sys/ipmi datasource: "Prometheus" - - file: blackbox/ssh + - file: net/chrony datasource: "Prometheus" - - file: network-ups-tools + - file: blackbox/ssh datasource: "Prometheus" - - file: ipmi + - file: environment/network-ups-tools datasource: "Prometheus" - - file: standalone-kubelet-overview + - file: apps/standalone-kubelet-overview datasource: "Prometheus" grafana_admin_password: "{{ vault_grafana_admin_password }}" diff --git a/inventory/host_vars/ele-companion-raspi.yml b/inventory/host_vars/ele-companion-raspi.yml index 3f2a6c69..b25acb27 100644 --- a/inventory/host_vars/ele-companion-raspi.yml +++ b/inventory/host_vars/ele-companion-raspi.yml @@ -29,11 +29,10 @@ docker_pkg_provider: docker-com docker_plugins: - buildx -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap -kubernetes_standalone_install_kubeletctl: no companion_storage: diff --git a/inventory/host_vars/ele-coturn.yml b/inventory/host_vars/ele-coturn.yml index 2186b775..1cbc2767 100644 --- a/inventory/host_vars/ele-coturn.yml +++ b/inventory/host_vars/ele-coturn.yml @@ -27,7 +27,7 @@ acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 diff --git a/inventory/host_vars/ele-helene.yml b/inventory/host_vars/ele-helene.yml index 48efb84b..76f7978c 100644 --- a/inventory/host_vars/ele-helene.yml +++ b/inventory/host_vars/ele-helene.yml @@ -92,7 +92,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-jitsi.yml b/inventory/host_vars/ele-jitsi.yml index b242e0bc..4fe526c0 100644 --- a/inventory/host_vars/ele-jitsi.yml +++ b/inventory/host_vars/ele-jitsi.yml @@ -32,7 +32,7 @@ acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-media.yml b/inventory/host_vars/ele-media.yml index dc5beccd..d0fe5e2f 100644 --- a/inventory/host_vars/ele-media.yml +++ b/inventory/host_vars/ele-media.yml @@ -73,7 +73,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-thetys.yml b/inventory/host_vars/ele-thetys.yml index bd72f98a..8d00359e 100644 --- a/inventory/host_vars/ele-thetys.yml +++ b/inventory/host_vars/ele-thetys.yml @@ -77,7 +77,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/glt-jitsi.yml b/inventory/host_vars/glt-jitsi.yml index f54997e4..69e51909 100644 --- a/inventory/host_vars/glt-jitsi.yml +++ b/inventory/host_vars/glt-jitsi.yml @@ -27,7 +27,7 @@ acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/s2-thetys.yml b/inventory/host_vars/s2-thetys.yml index 337b0f5d..8f03e497 100644 --- a/inventory/host_vars/s2-thetys.yml +++ b/inventory/host_vars/s2-thetys.yml @@ -53,7 +53,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/sk-2024.yml b/inventory/host_vars/sk-2024.yml new file mode 100644 index 00000000..338ffeca --- /dev/null +++ b/inventory/host_vars/sk-2024.yml @@ -0,0 +1,63 @@ +--- +system_lvm_volume_size_root: 4G +install: + cloud: + credentials: "{{ vault_hroot_robot_account }}" + disks: + primary: software-raid + raid: + level: 1 + members: + - /dev/nvme0n1 + - /dev/nvme1n1 + system_lvm: + size: 15G + +network: + nameservers: "{{ vm_host.network.dns }}" + domain: "{{ host_domain }}" + interfaces: + - name: br-public + address: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) }}" + +external_ip: "94.130.242.46" + +ssh_users_root: + - equinox + - dan + +apt_repo_components: + - main + - contrib ## for zfs + - non-free-firmware + + +luks_devices: + crypto-nvme0: + passphrase: "{{ vault_luks_devices['crypto-nvme0'].passphrase }}" + device: /dev/disk/by-id/nvme-eui.002538b531b04024-part3 + crypto-nvme1: + passphrase: "{{ vault_luks_devices['crypto-nvme1'].passphrase }}" + device: /dev/disk/by-id/nvme-eui.002538b531b0402c-part3 + + +zfs_arc_size: + min: 2GB + max: 8GB + +zfs_pools: + storage: + mountpoint: /srv/storage + create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 + properties: + ashift: 12 + autotrim: "on" + +zfs_sanoid_modules: + storage/vm: + use_template: production + recursive: yes + process_children_only: yes + storage/vm/sk-cloudio/data: + use_template: ignore + recursive: yes diff --git a/inventory/host_vars/sk-cloudio/bluespice.yml b/inventory/host_vars/sk-cloudio/bluespice.yml deleted file mode 100644 index 30b3f330..00000000 --- a/inventory/host_vars/sk-cloudio/bluespice.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -## bluespice role does not work yet... - -# bluespice_zfs: -# pool: storage -# name: bluespice -# properties: -# compression: lz4 -# quota: 20G - -# bluespice_instances: -# example: -# version: 4.2.4 -# port: 8000 -# hostname: bs.elev8.at -# language: en -# admin: -# username: admin -# password: test -# db_password: secretgeheim diff --git a/inventory/host_vars/sk-cloudio/collabora.yml b/inventory/host_vars/sk-cloudio/collabora.yml index 93cab2eb..5910da27 100644 --- a/inventory/host_vars/sk-cloudio/collabora.yml +++ b/inventory/host_vars/sk-cloudio/collabora.yml @@ -1,11 +1,17 @@ --- -collabora_code_base_path: /srv/storage/collabora/code - collabora_code_instances: o.skillz.biz: - version: 23.05.6.4.1 + version: 24.04.6.2.1 port: 8200 - hostname: o.skillz.biz + storage: + type: directory + dest: /srv/storage/collabora/code/o.skillz.biz + publish: + zone: "{{ apps_publish_zone__sk_cloudio }}" + hostnames: + - o.skillz.biz + tls: + certificate_provider: acmetool admin: username: admin password: "{{ vault_collabora_code_admin_passwords['o.skillz.biz'] }}" diff --git a/inventory/host_vars/sk-cloudio/etherpad.yml b/inventory/host_vars/sk-cloudio/etherpad.yml deleted file mode 100644 index a368be44..00000000 --- a/inventory/host_vars/sk-cloudio/etherpad.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -etherpad_lite_zfs: - pool: storage - name: etherpad-lite - properties: - compression: lz4 - -etherpad_lite_instances: - pad.elevate.at: - version: c65c5f17aa26c9179ce591f44721861ba6f6bec4-elevate - port: 8300 - hostnames: - - pad.elevate.at - zfs_properties: - quota: 5G - settings: - title: Elevate Etherpad - users: - admin: - is_admin: true - password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['admin'] }}" - user: - is_admin: false - password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['user'] }}" - - defaultPadText: "Welcome to the ELEVATE - Etherpad!\n\nThis pad text is synchronized\ - \ as you type, so that everyone viewing this page sees the same text. This allows\ - \ you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http://etherpad.org\n\ - \n IMPORTANT: THIS PAD IS PRIVIDED FOR FREE TO THE PUBLIC! There is no guarantee\ - \ for your data - please take care of backups yourself! This is usually intended\ - \ only for the Elevate Team and it might get access control in the future! If you\ - \ are interested in having a PAD for your project, please get back to dan@elevate.at\ - \ for information. It can be made available!" - favicon: favicon.ico - - maxAge: 21600 - editOnly: false - minify: true - requireSession: false - requireAuthentication: false - requireAuthorization: false - socketTransportProtocols: [xhr-polling, jsonp-polling, htmlfile] - abiword: null - loglevel: INFO - logconfig: - appenders: - - type: console - dbType: "mysql" - dbSettings: - host: "127.0.0.1" - user: "etherpad-lite" - password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}" - database: "etherpad-lite" - charset: "utf8mb4" - database: - type: mariadb - version: 10.4.22 - password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}" diff --git a/inventory/host_vars/sk-cloudio/nextcloud.yml b/inventory/host_vars/sk-cloudio/nextcloud.yml index a0b52cb5..3c5e5ae0 100644 --- a/inventory/host_vars/sk-cloudio/nextcloud.yml +++ b/inventory/host_vars/sk-cloudio/nextcloud.yml @@ -1,94 +1,116 @@ --- -nextcloud_zfs: +_nextcloud_zfs_base_: pool: storage name: nextcloud - properties: - compression: lz4 nextcloud_instances: - luzesombra.skillz.biz: - # new: true - version: 29.0.3 - port: 8100 - hostnames: - - luzesombra.skillz.biz - zfs_properties: - quota: 200G - redis: - version: 7.2.1 - database: - type: mariadb - version: 11.1.2 - password: "{{ vault_nextcloud_database_passwords['luzesombra.skillz.biz'] }}" - insomnia.skillz.biz: - # new: true - version: 29.0.3 - port: 8101 - hostnames: - - insomnia.skillz.biz - zfs_properties: - quota: 400G - redis: - version: 7.2.1 - database: - type: mariadb - version: 10.11.5 - password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}" - nc.skillz.biz: - # new: true - version: 29.0.3 - port: 8102 - hostnames: - - nc.skillz.biz - zfs_properties: - quota: 200G - redis: - version: 7.2.1 - database: - type: mariadb - version: 10.11.5 - password: "{{ vault_nextcloud_database_passwords['nc.skillz.biz'] }}" - extra_args: - - "--log_bin_trust_function_creators=true" - custom_image: - dockerfile: | - RUN set -x \ - && apt-get update -q \ - && apt-get install -y -q ffmpeg \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - visuals.pixeldada.com: - # new: true - version: 29.0.3 - port: 8103 - hostnames: - - visuals.pixeldada.com - zfs_properties: - quota: 100G - redis: - version: 7.2.4 - database: - type: mariadb - version: 11.3.2 - password: "{{ vault_nextcloud_database_passwords['visuals.pixeldada.com'] }}" - extra_args: - - "--log_bin_trust_function_creators=true" - custom_image: - dockerfile: | - RUN set -x \ - && apt-get update -q \ - && apt-get install -y -q ffmpeg \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +# luzesombra.skillz.biz: +# # new: true +# version: 29.0.4 +# port: 8100 +# hostnames: +# - luzesombra.skillz.biz +# storage: +# type: zfs +# parent: "{{ _nextcloud_zfs_base_ }}" +# name: luzesombra.skillz.biz +# properties: +# quota: 200G +# redis: +# version: 7.2.1 +# database: +# type: mariadb +# version: 11.1.2 +# password: "{{ vault_nextcloud_database_passwords['luzesombra.skillz.biz'] }}" +# insomnia.skillz.biz: +# # new: true +# version: 29.0.4 +# port: 8101 +# hostnames: +# - insomnia.skillz.biz +# storage: +# type: zfs +# parent: "{{ _nextcloud_zfs_base_ }}" +# name: insomnia.skillz.biz +# properties: +# quota: 400G +# redis: +# version: 7.2.1 +# database: +# type: mariadb +# version: 10.11.5 +# password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}" +# nc.skillz.biz: +# # new: true +# version: 29.0.4 +# port: 8102 +# hostnames: +# - nc.skillz.biz +# storage: +# type: zfs +# parent: "{{ _nextcloud_zfs_base_ }}" +# name: nc.skillz.biz +# properties: +# quota: 200G +# redis: +# version: 7.2.1 +# database: +# type: mariadb +# version: 10.11.5 +# password: "{{ vault_nextcloud_database_passwords['nc.skillz.biz'] }}" +# extra_args: +# - "--log_bin_trust_function_creators=true" +# custom_image: +# dockerfile: | +# RUN set -x \ +# && apt-get update -q \ +# && apt-get install -y -q ffmpeg \ +# && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +# visuals.pixeldada.com: +# # new: true +# version: 29.0.4 +# port: 8103 +# hostnames: +# - visuals.pixeldada.com +# storage: +# type: zfs +# parent: "{{ _nextcloud_zfs_base_ }}" +# name: visuals.pixeldada.com +# properties: +# quota: 100G +# redis: +# version: 7.2.4 +# database: +# type: mariadb +# version: 11.3.2 +# password: "{{ vault_nextcloud_database_passwords['visuals.pixeldada.com'] }}" +# extra_args: +# - "--log_bin_trust_function_creators=true" +# custom_image: +# dockerfile: | +# RUN set -x \ +# && apt-get update -q \ +# && apt-get install -y -q ffmpeg \ +# && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* wolke.elev8.at: # new: true version: 29.0.3 port: 8105 - hostnames: - - wolke.elev8.at - zfs_properties: - quota: 10G + storage: + type: zfs + parent: "{{ _nextcloud_zfs_base_ }}" + name: wolke.elev8.at + properties: + quota: 10G redis: version: 7.2.1 database: type: mariadb version: 10.11.5 password: "{{ vault_nextcloud_database_passwords['wolke.elev8.at'] }}" + publish: + zone: "{{ apps_publish_zone__sk_cloudio }}" + hostnames: + - wolke.elev8.at + tls: + certificate_provider: acmetool diff --git a/inventory/host_vars/sk-cloudio/onlyoffice.yml b/inventory/host_vars/sk-cloudio/onlyoffice.yml index 11f82abe..d8d3da82 100644 --- a/inventory/host_vars/sk-cloudio/onlyoffice.yml +++ b/inventory/host_vars/sk-cloudio/onlyoffice.yml @@ -1,20 +1,30 @@ --- -onlyoffice_zfs: +_onlyoffice_zfs_base_: pool: storage name: onlyoffice properties: compression: lz4 - quota: 5G onlyoffice_instances: office.elev8.at: - version: 8.1.0.1 + version: 8.1.1.2 port: 8600 - hostname: office.elev8.at jwt_secret: "{{ vault_onlyoffice_jwt_secrets['office.elev8.at'] }}" + storage: + type: zfs + parent: "{{ _onlyoffice_zfs_base_ }}" + name: office.elev8.at + properties: + quota: 5G database: - version: 12.19 + version: 12.20 password: "{{ vault_onlyoffice_database_passwords['office.elev8.at'] }}" amqp: - version: 3.13.4 + version: 3.13.7 password: "{{ vault_onlyoffice_amqp_passwords['office.elev8.at'] }}" + publish: + zone: "{{ apps_publish_zone__sk_cloudio }}" + hostnames: + - office.elev8.at + tls: + certificate_provider: acmetool diff --git a/inventory/host_vars/sk-cloudio/pigallery2.yml b/inventory/host_vars/sk-cloudio/pigallery2.yml deleted file mode 100644 index 2a7d5c84..00000000 --- a/inventory/host_vars/sk-cloudio/pigallery2.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -pigallery2_zfs: - pool: storage - name: pigallery2 - properties: - compression: lz4 - -pigallery2_instances: - pix.elevate.at: - version: 1.9.3 - port: 8700 - hostname: pix.elevate.at - zfs_properties: - quota: 5G - images_paths: - 2019: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2019/ - 2020: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2020/ - 2021: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2021/ - 2022: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2022/ - 2023: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2023/ diff --git a/inventory/host_vars/sk-cloudio/vars.yml b/inventory/host_vars/sk-cloudio/vars.yml index a6306161..8c57def9 100644 --- a/inventory/host_vars/sk-cloudio/vars.yml +++ b/inventory/host_vars/sk-cloudio/vars.yml @@ -1,19 +1,43 @@ --- -system_lvm_volume_size_root: 3584M +system_lvm_volume_size_root: 4G system_lvm_volume_size_varlog: 5G install: - cloud: - credentials: "{{ vault_hroot_robot_account }}" - server_name: "{{ host_name }}" + vm: + memory: 48G + numcpus: 12 + autostart: True disks: - primary: software-raid - raid: - level: 1 - members: - - /dev/nvme0n1 - - /dev/nvme1n1 - system_lvm: - size: 15G + primary: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0 + scsi: + sda: + type: zfs + name: root + size: 15g + sdb: + type: zfs + name: data + size: 900g + properties: + 'syncoid:sync': 'false' + interfaces: + - bridge: br-public + name: primary0 + +network: + nameservers: "{{ vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: &_network_primary_ + name: primary0 + address: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) }}" + gateway: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ansible.utils.ipaddr('address') }}" + template: overlay + overlay: "{{ (vm_host.network.bridges.public.overlays.default.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.overlays.default.offsets[inventory_hostname])).split('/')[0] }}" + interfaces: + - *_network_primary_ + +external_ip: "{{ network.primary.overlay }}" apt_repo_components: @@ -22,7 +46,6 @@ apt_repo_components: - non-free-firmware spreadspace_apt_repo_components: - - main - container @@ -33,20 +56,23 @@ zfs_arc_size: zfs_pools: storage: mountpoint: /srv/storage - create_vdevs: mirror /dev/nvme0n1p3 /dev/nvme1n1p3 + create_vdevs: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-1 properties: ashift: 12 autotrim: "on" +zfs_volumes: + storage: + nextcloud: + properties: + compression: lz4 + xattr: sa + zfs_sanoid_modules: storage/nextcloud: use_template: production recursive: yes process_children_only: yes - storage/etherpad-lite: - use_template: production - recursive: yes - process_children_only: yes storage/keycloak: use_template: production recursive: yes @@ -73,7 +99,7 @@ kubelet_storage: properties: quota: 20G -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 @@ -94,8 +120,43 @@ postfix_base_inet_protocols: acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -## TODO: remove once migration of elevate services has been done -ssh_users_root: - - equinox - - dan - - brt + +sk_cloudio_apps_publish_ca_key: "{{ vault_sk_cloudio_apps_publish_ca_key }}" +sk_cloudio_apps_publish_ca_cert: | + -----BEGIN CERTIFICATE----- + MIIE+DCCAuCgAwIBAgIUWYAlW7BhaDHZaWjkVlttP26KVhgwDQYJKoZIhvcNAQEL + BQAwKTEnMCUGA1UEAwweQXBwcyBQdWJsaXNoIENBIGZvciBzay1jbG91ZGlvMCAX + DTI0MDgyNDIwNDEzNloYDzIwNjQwNzA2MjA0MTM2WjApMScwJQYDVQQDDB5BcHBz + IFB1Ymxpc2ggQ0EgZm9yIHNrLWNsb3VkaW8wggIiMA0GCSqGSIb3DQEBAQUAA4IC + DwAwggIKAoICAQDUOVJTgNrqTlD6FXupVLIoMbQ7O9Xj3XmtYGVtF6LUPodbrlTs + 9TRkhWwVSUGokfgRtKOx1Zk13HFadKw92t9zzTVnT62drH9xOPPGitBXyxeCiyzr + Ib98qnDeO9o+9x0cRsg4tvjksfyMV0JtFxOsSJ6diHrGrakk9SIRVk63GYbRSKBQ + wKCeAihFX35oyd3qCmIt6ZuueX5Z2dNdiaXmcrwe0MhBghd4Upqe3BPopGeVzJtY + Bm6Fsq/V2H28g6l3kNU5sPpgPWMpDRuUTjnfe1MFVu51QwmbkxqWhODaH8dClshJ + imACGnRmTxJ5bAqBbT2z3IEdhaEnKKUyN8OYqX3mtmU1/We9d52cLvghtbiRuhrE + 4eK7GRCvc0QqU/hk6eFvfXVd5KI48tB8at9tKP6tWeavlYyfq5G3canmzOTTbxuA + TfpbFrHIwHCk9M3VTIcABMeb38EGoOpaSTTcX3eOT/k97tQJPKFlfl+EF+fhbijN + 1CEdR+6m2BIvcNmGkKl0VH6eVXiAUFKm03Kg1sH0gh4upQKdx+54szF51jsrHcPI + 16oBChS0t+JG1tcvbluVWwLMw1G5nvm302/RxYahNyCniMAUl/eaubTHarTBtK7w + lAYryanwtlbAR/XQZAHBNzhG/2er1nCr6E5Wh+98ID+ElWbmaQ5ale/8OQIDAQAB + oxYwFDASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4ICAQCpTUjN + veOg2dZ/44tg5P5RnZKZFiyYapaaxv3W6cfqpfUhrI8qSuBn9G/UAJAfMszU87rf + OZ1PRZCFuzu+dB7CrmMgvqt0cTRpaxlN9CzZpfpFADlt9NQKYxK4T8IxIZ7ebISl + UNyX08mRXNB3N+Qq1CcTVtwHNLbnwkLttryGJ1tmAwEu4QIHauG7cDXFQuRGP0CE + x+DSdLTcs6hvOYq4OfpX0Zci5zy4SI50DLoT5h94IaIPAL6XBi7n9bj8ZSHqa1ZC + lveyaGguEy53meARTXSCm/jxtpo8xD7pWz4vnYPZuyMGe9rbE77Y8CwWK/RvUdYx + th09ALKw76W59e78RkxKTqBvGmZYw1igY4p8IqcXci65xtO2HiRDHX2jU7AYkgAD + z5Rv+2ZMcOQHOPzxDRXk06+pQUZ3qQ3cU9ASziTSaLITnMVH0VokRNXvSZYxeuwR + yDqb1H4MsV91Sy4UyXmtfXZYouM3/3OwCzxpkgvxdVdQBzssUssLrRcS5UEcJGr8 + 69M2CNHXX1fy0mLKdgqHNPzX9ALnqTHJMV5C5J3Q4RU6Vl2Un3Vg3A3dRKLPkg5P + C69nyBua3CIlx6Z8o2Ik9tJdwCULV6lYLGEfpsJHt627gF893Jexxuo3zI7XWQhb + ucrEkA2qzf0fHzCwFeiACMjssiN1YyevdI4Flw== + -----END CERTIFICATE----- + +apps_publish_zone__sk_cloudio: + name: sk-cloudio + publisher: sk-cloudio + certificate_provider: static-ca + certificate_ca_config: + cert_content: "{{ sk_cloudio_apps_publish_ca_cert }}" + key_content: "{{ sk_cloudio_apps_publish_ca_key }}" diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml index 860be21d..d728464d 100644 --- a/inventory/host_vars/sk-testvm.yml +++ b/inventory/host_vars/sk-testvm.yml @@ -56,7 +56,7 @@ kubelet_storage: size: 1G fs: ext4 -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 diff --git a/inventory/host_vars/sk-tomnext-nc.yml b/inventory/host_vars/sk-tomnext-nc.yml index e46aee23..01cf6e8c 100644 --- a/inventory/host_vars/sk-tomnext-nc.yml +++ b/inventory/host_vars/sk-tomnext-nc.yml @@ -88,7 +88,7 @@ kubelet_storage: properties: quota: 15G -kubernetes_version: 1.30.2 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 15 kubernetes_standalone_cni_variant: with-portmap @@ -117,7 +117,7 @@ nextcloud_zfs: nextcloud_instances: team.tomwaitz.eu: # new: true - version: 29.0.3 + version: 29.0.4 port: 8100 hostnames: - team.tomwaitz.eu @@ -148,13 +148,15 @@ nextcloud_instances: && docker-php-ext-enable smbclient \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* -collabora_code_base_path: /srv/storage/collabora/code collabora_code_instances: o.tomwaitz.eu: version: 23.05.6.4.1 port: 8200 hostname: o.tomwaitz.eu + storage: + type: directory + dest: /srv/storage/collabora/code/o.tomwaitz.eu admin: username: admin password: "{{ vault_collabora_code_admin_passwords['o.tomwaitz.eu'] }}" diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 01d3eae3..f4c61e2a 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -1,3 +1,4 @@ + [all:vars] ansible_user=root ansible_port=222 @@ -70,8 +71,8 @@ chaos-at-home-sensors chaos-at-home-ups [chaos-at-home_mz] -mz-router ansible_host=chmz-router -mz-ap ansible_host=chmz-ap +ch-mz-router host_name=mz-router +ch-mz-ap host_name=mz-ap [chaos-at-home_mur-at] ch-atlas host_name=atlas @@ -190,15 +191,14 @@ glt-telesto host_name=minion-glt ############################### -# environment: dan +# environment: skillz [skillz:vars] host_domain=skillz.biz -env_group=dan +env_group=skillz [skillz] sk-2019 host_name=2019 -sk-cloudio host_name=cloudio sk-2019vm host_name=2019vm sk-tomnext host_name=tomnext sk-tomnext-nc host_name=tomnext-nc @@ -206,10 +206,16 @@ sk-tomnext-hp host_name=scriptbee host_domain=tomwaitz.eu sk-testvm host_name=testvm sk-torrent host_name=torrent +sk-2024 host_name=2024 +sk-cloudio host_name=cloudio + + +############################### +# environment: elevate [elevate:vars] host_domain=elev8.at -env_group=dan +env_group=elevate [elevate] ele-media host_name=media @@ -283,7 +289,7 @@ ele-infobeamer-default [elevate-mediachannel:vars] host_domain=elev8.at -env_group=dan +env_group=elevate [elevate-mediachannel] ele-emc-ctrl host_name=emc-ctrl @@ -322,8 +328,8 @@ ch-testvm-openwrt ch-installsmb ch-gw-c3voc ch-raspi-openwrt -mz-ap -mz-router +ch-mz-ap +ch-mz-router ele-router-hmtsaal ele-router-orpheum ele-router-emc @@ -444,6 +450,13 @@ sk-tomnext [vmhost-sk-tomnext:children] vmhost-sk-tomnext-guests +[vmhost-sk-2024-guests] +sk-cloudio +[vmhost-sk-2024] +sk-2024 +[vmhost-sk-2024:children] +vmhost-sk-2024-guests + [vmhost-ele-helene-guests] ele-winvm ele-testvm @@ -459,6 +472,7 @@ ch-prometheus ch-atlas sk-2019vm sk-tomnext +sk-2024 ele-helene [kvmguests:children] @@ -467,6 +481,7 @@ vmhost-ch-prometheus-guests vmhost-ch-atlas-guests vmhost-sk-2019vm-guests vmhost-sk-tomnext-guests +vmhost-sk-2024-guests vmhost-ele-helene-guests @@ -536,9 +551,9 @@ ch-apps ## hoster [hroot] sk-2019 -sk-cloudio sk-2019vm sk-tomnext +sk-2024 [hcloud] ch-testvm-hcloud |