diff options
Diffstat (limited to 'inventory')
29 files changed, 71 insertions, 55 deletions
diff --git a/inventory/group_vars/promzone-chaos-at-home/vars.yml b/inventory/group_vars/promzone-chaos-at-home/vars.yml index 7969d26f..752bada7 100644 --- a/inventory/group_vars/promzone-chaos-at-home/vars.yml +++ b/inventory/group_vars/promzone-chaos-at-home/vars.yml @@ -14,9 +14,9 @@ prometheus_exporter_smokeping_version: 0.8.1 prometheus_exporter_bind_version: 0.7.0 prometheus_exporter_chrony_version: 0.10.1 prometheus_exporter_chrony_disable_dns_lookups: yes -prometheus_exporter_mosquitto_version: 0.7.2 +prometheus_exporter_mosquitto_version: 0.7.3 -prometheus_server_version: 2.53.2 +prometheus_server_version: 2.54.1 prometheus_alertmanager_version: 0.27.0 prometheus_server: ch-mon diff --git a/inventory/group_vars/promzone-elevate-festival/vars.yml b/inventory/group_vars/promzone-elevate-festival/vars.yml index 8cb3ebbb..398f1511 100644 --- a/inventory/group_vars/promzone-elevate-festival/vars.yml +++ b/inventory/group_vars/promzone-elevate-festival/vars.yml @@ -13,7 +13,7 @@ prometheus_exporter_nut_version: 3.1.1 prometheus_exporter_chrony_version: 0.10.1 prometheus_exporter_chrony_disable_dns_lookups: yes -prometheus_server_version: 2.53.2 +prometheus_server_version: 2.54.1 prometheus_alertmanager_version: 0.27.0 prometheus_server: ele-calypso diff --git a/inventory/host_vars/ch-apps/vars.yml b/inventory/host_vars/ch-apps/vars.yml index a3f34992..57a7e485 100644 --- a/inventory/host_vars/ch-apps/vars.yml +++ b/inventory/host_vars/ch-apps/vars.yml @@ -141,7 +141,7 @@ kubelet_storage: quota: 10G 'syncoid:sync': 'false' -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ch-companion-raspi.yml b/inventory/host_vars/ch-companion-raspi.yml index d8134f27..d82f5b8e 100644 --- a/inventory/host_vars/ch-companion-raspi.yml +++ b/inventory/host_vars/ch-companion-raspi.yml @@ -29,7 +29,7 @@ docker_pkg_provider: docker-com docker_plugins: - buildx -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ch-dione.yml b/inventory/host_vars/ch-dione.yml index 8534d2fb..1782ceea 100644 --- a/inventory/host_vars/ch-dione.yml +++ b/inventory/host_vars/ch-dione.yml @@ -49,7 +49,7 @@ kubelet_storage: size: 5G fs: ext4 -# kubernetes_version: 1.30.3 +# kubernetes_version: 1.30.4 # kubernetes_container_runtime: docker # kubernetes_standalone_max_pods: 42 # kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ch-equinox-t450s.yml b/inventory/host_vars/ch-equinox-t450s.yml index b34d1ae6..869bcac8 100644 --- a/inventory/host_vars/ch-equinox-t450s.yml +++ b/inventory/host_vars/ch-equinox-t450s.yml @@ -262,6 +262,8 @@ ws_base_extra_packages: - texlive-lang-german - texlive-latex-extra - tlp + - tor + - tor-geoipdb - torbrowser-launcher - totem - unrar @@ -296,9 +298,6 @@ ws_base_extra_packages: - grype # needs apt-repo/ansible - ansible - ### needs apt-repo/tor-project -> https://gitlab.torproject.org/tpo/core/tor/-/issues/40946 - ##- tor - ##- tor-geoipdb # needs apt-repo/kubernetes - kubectl # needs apt-repo/element diff --git a/inventory/host_vars/ch-equinox-ws.yml b/inventory/host_vars/ch-equinox-ws.yml index 8c55d382..70faf7be 100644 --- a/inventory/host_vars/ch-equinox-ws.yml +++ b/inventory/host_vars/ch-equinox-ws.yml @@ -26,7 +26,7 @@ network: nameservers: "{{ network_zones.lan.dns }}" domain: "{{ host_domain }}" primary: &_network_primary_ - name: enp9s0 + name: enp11s0 address: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets[inventory_hostname]) }}" gateway: "{{ network_zones.lan.gateway }}" interfaces: @@ -264,6 +264,8 @@ ws_base_extra_packages: - texlive - texlive-lang-german - texlive-latex-extra + - tor + - tor-geoipdb - torbrowser-launcher - totem - unrar @@ -297,9 +299,6 @@ ws_base_extra_packages: - grype # needs apt-repo/ansible - ansible - ### needs apt-repo/tor-project -> https://gitlab.torproject.org/tpo/core/tor/-/issues/40946 - ##- tor - ##- tor-geoipdb # needs apt-repo/kubernetes - kubectl # needs apt-repo/element diff --git a/inventory/host_vars/ch-helene.yml b/inventory/host_vars/ch-helene.yml index 61d4f7ef..52b3a3f9 100644 --- a/inventory/host_vars/ch-helene.yml +++ b/inventory/host_vars/ch-helene.yml @@ -49,7 +49,7 @@ kubelet_storage: size: 5G fs: ext4 -# kubernetes_version: 1.30.3 +# kubernetes_version: 1.30.4 # kubernetes_container_runtime: docker # kubernetes_standalone_max_pods: 42 # kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ch-mimas.yml b/inventory/host_vars/ch-mimas.yml index bc09509d..d2ad251b 100644 --- a/inventory/host_vars/ch-mimas.yml +++ b/inventory/host_vars/ch-mimas.yml @@ -63,7 +63,7 @@ wireguard_p2p_peers: - pub_key: "9pUDet+les5aI9UnHHVgyw95hNBxlAX8DBCxTjigpEI=" endpoint: host: "{{ network_zones.magenta.prefix | ansible.utils.ipaddr(network_zones.magenta.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" - port: 51820 + port: 5182 allowed_ips: - "{{ network_zones.remote.prefix }}" - "{{ network_zones.svc.prefix }}" diff --git a/inventory/host_vars/mz-ap.yml b/inventory/host_vars/ch-mz-ap.yml index 044f41f9..044f41f9 100644 --- a/inventory/host_vars/mz-ap.yml +++ b/inventory/host_vars/ch-mz-ap.yml diff --git a/inventory/host_vars/mz-router.yml b/inventory/host_vars/ch-mz-router.yml index 254aaf02..c798623b 100644 --- a/inventory/host_vars/mz-router.yml +++ b/inventory/host_vars/ch-mz-router.yml @@ -1,10 +1,4 @@ --- -## TOOD: -# After router upgrades run this command to generate a new dyndns ssh key -# $ dropbearkey -t ed25519 -f /etc/dyndns/id_ed25519 -# Then replace the key at the dyndns server (/var/lib/dyndns/.ssh/authorized_keys) -# after that run the dyndns update script manually to accept the ssh host-key - openwrt_arch: ath79 openwrt_target: generic openwrt_profile: tplink_tl-wdr4300-v1 diff --git a/inventory/host_vars/ch-pan.yml b/inventory/host_vars/ch-pan.yml index 29ec85ae..2b7fc39b 100644 --- a/inventory/host_vars/ch-pan.yml +++ b/inventory/host_vars/ch-pan.yml @@ -58,7 +58,7 @@ wireguard_p2p_peers: - pub_key: "9pUDet+les5aI9UnHHVgyw95hNBxlAX8DBCxTjigpEI=" endpoint: host: "{{ network_zones.magenta.prefix | ansible.utils.ipaddr(network_zones.magenta.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" - port: 51820 + port: 5182 allowed_ips: - "{{ network_zones.remote.prefix }}" - "{{ network_zones.svc.prefix }}" @@ -88,7 +88,7 @@ dyndns: - "dyn.schaaas.at. 7200 IN AAAA 2a02:3e0:407::19" - "captive.schaaas.at. 7200 IN CNAME dyn.schaaas.at." clients: - mz-router: mzl + ch-mz-router: mzl ch-equinox-t450s: equinox ele-media: elemedia diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml index 3f31bcbe..aaa46bb2 100644 --- a/inventory/host_vars/ch-router.yml +++ b/inventory/host_vars/ch-router.yml @@ -185,7 +185,7 @@ openwrt_mixin: ip protocol icmp accept ip6 nexthdr ipv6-icmp accept tcp dport { {{ ansible_port }} } accept - udp dport { openvpn, 51820 } accept + udp dport { openvpn, 5182 } accept } chain input_openvpn { @@ -368,7 +368,7 @@ openwrt_uci: options: proto: wireguard private_key: "{{ vault_wireguard_remote_private_key }}" - listen_port: 51820 + listen_port: 5182 addresses: - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets[inventory_hostname]) }}" nohostroute: 1 @@ -404,8 +404,8 @@ openwrt_uci: options: enabled: '1' interface: 'eth1' - download: '147000' - upload: '20000' + download: '510000' + upload: '72000' qdisc: 'cake' script: 'piece_of_cake.qos' qdisc_advanced: '0' diff --git a/inventory/host_vars/ele-calypso.yml b/inventory/host_vars/ele-calypso.yml index 90e92097..8da4c4af 100644 --- a/inventory/host_vars/ele-calypso.yml +++ b/inventory/host_vars/ele-calypso.yml @@ -74,7 +74,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-companion-raspi.yml b/inventory/host_vars/ele-companion-raspi.yml index 7d130639..b25acb27 100644 --- a/inventory/host_vars/ele-companion-raspi.yml +++ b/inventory/host_vars/ele-companion-raspi.yml @@ -29,7 +29,7 @@ docker_pkg_provider: docker-com docker_plugins: - buildx -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-coturn.yml b/inventory/host_vars/ele-coturn.yml index f966ac9e..1cbc2767 100644 --- a/inventory/host_vars/ele-coturn.yml +++ b/inventory/host_vars/ele-coturn.yml @@ -27,7 +27,7 @@ acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 diff --git a/inventory/host_vars/ele-helene.yml b/inventory/host_vars/ele-helene.yml index 6eef576d..76f7978c 100644 --- a/inventory/host_vars/ele-helene.yml +++ b/inventory/host_vars/ele-helene.yml @@ -92,7 +92,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-jitsi.yml b/inventory/host_vars/ele-jitsi.yml index ea446019..4fe526c0 100644 --- a/inventory/host_vars/ele-jitsi.yml +++ b/inventory/host_vars/ele-jitsi.yml @@ -32,7 +32,7 @@ acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-media.yml b/inventory/host_vars/ele-media.yml index e97e1671..d0fe5e2f 100644 --- a/inventory/host_vars/ele-media.yml +++ b/inventory/host_vars/ele-media.yml @@ -73,7 +73,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-thetys.yml b/inventory/host_vars/ele-thetys.yml index 2911be57..8d00359e 100644 --- a/inventory/host_vars/ele-thetys.yml +++ b/inventory/host_vars/ele-thetys.yml @@ -77,7 +77,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/glt-jitsi.yml b/inventory/host_vars/glt-jitsi.yml index 2e36c347..69e51909 100644 --- a/inventory/host_vars/glt-jitsi.yml +++ b/inventory/host_vars/glt-jitsi.yml @@ -27,7 +27,7 @@ acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/s2-thetys.yml b/inventory/host_vars/s2-thetys.yml index 5f2897c9..8f03e497 100644 --- a/inventory/host_vars/s2-thetys.yml +++ b/inventory/host_vars/s2-thetys.yml @@ -53,7 +53,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/sk-cloudio/collabora.yml b/inventory/host_vars/sk-cloudio/collabora.yml index 93cab2eb..5910da27 100644 --- a/inventory/host_vars/sk-cloudio/collabora.yml +++ b/inventory/host_vars/sk-cloudio/collabora.yml @@ -1,11 +1,17 @@ --- -collabora_code_base_path: /srv/storage/collabora/code - collabora_code_instances: o.skillz.biz: - version: 23.05.6.4.1 + version: 24.04.6.2.1 port: 8200 - hostname: o.skillz.biz + storage: + type: directory + dest: /srv/storage/collabora/code/o.skillz.biz + publish: + zone: "{{ apps_publish_zone__sk_cloudio }}" + hostnames: + - o.skillz.biz + tls: + certificate_provider: acmetool admin: username: admin password: "{{ vault_collabora_code_admin_passwords['o.skillz.biz'] }}" diff --git a/inventory/host_vars/sk-cloudio/nextcloud.yml b/inventory/host_vars/sk-cloudio/nextcloud.yml index df947c89..3c5e5ae0 100644 --- a/inventory/host_vars/sk-cloudio/nextcloud.yml +++ b/inventory/host_vars/sk-cloudio/nextcloud.yml @@ -96,8 +96,6 @@ nextcloud_instances: # new: true version: 29.0.3 port: 8105 - hostnames: - - wolke.elev8.at storage: type: zfs parent: "{{ _nextcloud_zfs_base_ }}" @@ -110,3 +108,9 @@ nextcloud_instances: type: mariadb version: 10.11.5 password: "{{ vault_nextcloud_database_passwords['wolke.elev8.at'] }}" + publish: + zone: "{{ apps_publish_zone__sk_cloudio }}" + hostnames: + - wolke.elev8.at + tls: + certificate_provider: acmetool diff --git a/inventory/host_vars/sk-cloudio/onlyoffice.yml b/inventory/host_vars/sk-cloudio/onlyoffice.yml index 11f82abe..d8d3da82 100644 --- a/inventory/host_vars/sk-cloudio/onlyoffice.yml +++ b/inventory/host_vars/sk-cloudio/onlyoffice.yml @@ -1,20 +1,30 @@ --- -onlyoffice_zfs: +_onlyoffice_zfs_base_: pool: storage name: onlyoffice properties: compression: lz4 - quota: 5G onlyoffice_instances: office.elev8.at: - version: 8.1.0.1 + version: 8.1.1.2 port: 8600 - hostname: office.elev8.at jwt_secret: "{{ vault_onlyoffice_jwt_secrets['office.elev8.at'] }}" + storage: + type: zfs + parent: "{{ _onlyoffice_zfs_base_ }}" + name: office.elev8.at + properties: + quota: 5G database: - version: 12.19 + version: 12.20 password: "{{ vault_onlyoffice_database_passwords['office.elev8.at'] }}" amqp: - version: 3.13.4 + version: 3.13.7 password: "{{ vault_onlyoffice_amqp_passwords['office.elev8.at'] }}" + publish: + zone: "{{ apps_publish_zone__sk_cloudio }}" + hostnames: + - office.elev8.at + tls: + certificate_provider: acmetool diff --git a/inventory/host_vars/sk-cloudio/vars.yml b/inventory/host_vars/sk-cloudio/vars.yml index 8c57def9..be136e82 100644 --- a/inventory/host_vars/sk-cloudio/vars.yml +++ b/inventory/host_vars/sk-cloudio/vars.yml @@ -84,6 +84,8 @@ zfs_sanoid_modules: docker_pkg_provider: docker-com +docker_plugins: + - buildx docker_storage: type: zfs diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml index 0c45dfcb..d728464d 100644 --- a/inventory/host_vars/sk-testvm.yml +++ b/inventory/host_vars/sk-testvm.yml @@ -56,7 +56,7 @@ kubelet_storage: size: 1G fs: ext4 -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 diff --git a/inventory/host_vars/sk-tomnext-nc.yml b/inventory/host_vars/sk-tomnext-nc.yml index 1ace246f..01cf6e8c 100644 --- a/inventory/host_vars/sk-tomnext-nc.yml +++ b/inventory/host_vars/sk-tomnext-nc.yml @@ -88,7 +88,7 @@ kubelet_storage: properties: quota: 15G -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 15 kubernetes_standalone_cni_variant: with-portmap @@ -148,13 +148,15 @@ nextcloud_instances: && docker-php-ext-enable smbclient \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* -collabora_code_base_path: /srv/storage/collabora/code collabora_code_instances: o.tomwaitz.eu: version: 23.05.6.4.1 port: 8200 hostname: o.tomwaitz.eu + storage: + type: directory + dest: /srv/storage/collabora/code/o.tomwaitz.eu admin: username: admin password: "{{ vault_collabora_code_admin_passwords['o.tomwaitz.eu'] }}" diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 60f41c10..f4c61e2a 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -71,8 +71,8 @@ chaos-at-home-sensors chaos-at-home-ups [chaos-at-home_mz] -mz-router ansible_host=chmz-router -mz-ap ansible_host=chmz-ap +ch-mz-router host_name=mz-router +ch-mz-ap host_name=mz-ap [chaos-at-home_mur-at] ch-atlas host_name=atlas @@ -328,8 +328,8 @@ ch-testvm-openwrt ch-installsmb ch-gw-c3voc ch-raspi-openwrt -mz-ap -mz-router +ch-mz-ap +ch-mz-router ele-router-hmtsaal ele-router-orpheum ele-router-emc |