diff options
Diffstat (limited to 'inventory')
31 files changed, 251 insertions, 234 deletions
diff --git a/inventory/group_vars/promzone-chaos-at-home/vars.yml b/inventory/group_vars/promzone-chaos-at-home/vars.yml index 7969d26f..752bada7 100644 --- a/inventory/group_vars/promzone-chaos-at-home/vars.yml +++ b/inventory/group_vars/promzone-chaos-at-home/vars.yml @@ -14,9 +14,9 @@ prometheus_exporter_smokeping_version: 0.8.1 prometheus_exporter_bind_version: 0.7.0 prometheus_exporter_chrony_version: 0.10.1 prometheus_exporter_chrony_disable_dns_lookups: yes -prometheus_exporter_mosquitto_version: 0.7.2 +prometheus_exporter_mosquitto_version: 0.7.3 -prometheus_server_version: 2.53.2 +prometheus_server_version: 2.54.1 prometheus_alertmanager_version: 0.27.0 prometheus_server: ch-mon diff --git a/inventory/group_vars/promzone-elevate-festival/vars.yml b/inventory/group_vars/promzone-elevate-festival/vars.yml index 8cb3ebbb..398f1511 100644 --- a/inventory/group_vars/promzone-elevate-festival/vars.yml +++ b/inventory/group_vars/promzone-elevate-festival/vars.yml @@ -13,7 +13,7 @@ prometheus_exporter_nut_version: 3.1.1 prometheus_exporter_chrony_version: 0.10.1 prometheus_exporter_chrony_disable_dns_lookups: yes -prometheus_server_version: 2.53.2 +prometheus_server_version: 2.54.1 prometheus_alertmanager_version: 0.27.0 prometheus_server: ele-calypso diff --git a/inventory/host_vars/ch-apps/vars.yml b/inventory/host_vars/ch-apps/vars.yml index a3f34992..57a7e485 100644 --- a/inventory/host_vars/ch-apps/vars.yml +++ b/inventory/host_vars/ch-apps/vars.yml @@ -141,7 +141,7 @@ kubelet_storage: quota: 10G 'syncoid:sync': 'false' -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ch-companion-raspi.yml b/inventory/host_vars/ch-companion-raspi.yml index d8134f27..d82f5b8e 100644 --- a/inventory/host_vars/ch-companion-raspi.yml +++ b/inventory/host_vars/ch-companion-raspi.yml @@ -29,7 +29,7 @@ docker_pkg_provider: docker-com docker_plugins: - buildx -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ch-dione.yml b/inventory/host_vars/ch-dione.yml index 8534d2fb..1782ceea 100644 --- a/inventory/host_vars/ch-dione.yml +++ b/inventory/host_vars/ch-dione.yml @@ -49,7 +49,7 @@ kubelet_storage: size: 5G fs: ext4 -# kubernetes_version: 1.30.3 +# kubernetes_version: 1.30.4 # kubernetes_container_runtime: docker # kubernetes_standalone_max_pods: 42 # kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ch-equinox-t450s.yml b/inventory/host_vars/ch-equinox-t450s.yml index b34d1ae6..869bcac8 100644 --- a/inventory/host_vars/ch-equinox-t450s.yml +++ b/inventory/host_vars/ch-equinox-t450s.yml @@ -262,6 +262,8 @@ ws_base_extra_packages: - texlive-lang-german - texlive-latex-extra - tlp + - tor + - tor-geoipdb - torbrowser-launcher - totem - unrar @@ -296,9 +298,6 @@ ws_base_extra_packages: - grype # needs apt-repo/ansible - ansible - ### needs apt-repo/tor-project -> https://gitlab.torproject.org/tpo/core/tor/-/issues/40946 - ##- tor - ##- tor-geoipdb # needs apt-repo/kubernetes - kubectl # needs apt-repo/element diff --git a/inventory/host_vars/ch-equinox-ws.yml b/inventory/host_vars/ch-equinox-ws.yml index 8c55d382..70faf7be 100644 --- a/inventory/host_vars/ch-equinox-ws.yml +++ b/inventory/host_vars/ch-equinox-ws.yml @@ -26,7 +26,7 @@ network: nameservers: "{{ network_zones.lan.dns }}" domain: "{{ host_domain }}" primary: &_network_primary_ - name: enp9s0 + name: enp11s0 address: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets[inventory_hostname]) }}" gateway: "{{ network_zones.lan.gateway }}" interfaces: @@ -264,6 +264,8 @@ ws_base_extra_packages: - texlive - texlive-lang-german - texlive-latex-extra + - tor + - tor-geoipdb - torbrowser-launcher - totem - unrar @@ -297,9 +299,6 @@ ws_base_extra_packages: - grype # needs apt-repo/ansible - ansible - ### needs apt-repo/tor-project -> https://gitlab.torproject.org/tpo/core/tor/-/issues/40946 - ##- tor - ##- tor-geoipdb # needs apt-repo/kubernetes - kubectl # needs apt-repo/element diff --git a/inventory/host_vars/ch-helene.yml b/inventory/host_vars/ch-helene.yml index 61d4f7ef..52b3a3f9 100644 --- a/inventory/host_vars/ch-helene.yml +++ b/inventory/host_vars/ch-helene.yml @@ -49,7 +49,7 @@ kubelet_storage: size: 5G fs: ext4 -# kubernetes_version: 1.30.3 +# kubernetes_version: 1.30.4 # kubernetes_container_runtime: docker # kubernetes_standalone_max_pods: 42 # kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ch-mimas.yml b/inventory/host_vars/ch-mimas.yml index bc09509d..d2ad251b 100644 --- a/inventory/host_vars/ch-mimas.yml +++ b/inventory/host_vars/ch-mimas.yml @@ -63,7 +63,7 @@ wireguard_p2p_peers: - pub_key: "9pUDet+les5aI9UnHHVgyw95hNBxlAX8DBCxTjigpEI=" endpoint: host: "{{ network_zones.magenta.prefix | ansible.utils.ipaddr(network_zones.magenta.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" - port: 51820 + port: 5182 allowed_ips: - "{{ network_zones.remote.prefix }}" - "{{ network_zones.svc.prefix }}" diff --git a/inventory/host_vars/mz-ap.yml b/inventory/host_vars/ch-mz-ap.yml index 044f41f9..044f41f9 100644 --- a/inventory/host_vars/mz-ap.yml +++ b/inventory/host_vars/ch-mz-ap.yml diff --git a/inventory/host_vars/mz-router.yml b/inventory/host_vars/ch-mz-router.yml index 254aaf02..c798623b 100644 --- a/inventory/host_vars/mz-router.yml +++ b/inventory/host_vars/ch-mz-router.yml @@ -1,10 +1,4 @@ --- -## TOOD: -# After router upgrades run this command to generate a new dyndns ssh key -# $ dropbearkey -t ed25519 -f /etc/dyndns/id_ed25519 -# Then replace the key at the dyndns server (/var/lib/dyndns/.ssh/authorized_keys) -# after that run the dyndns update script manually to accept the ssh host-key - openwrt_arch: ath79 openwrt_target: generic openwrt_profile: tplink_tl-wdr4300-v1 diff --git a/inventory/host_vars/ch-pan.yml b/inventory/host_vars/ch-pan.yml index 29ec85ae..2b7fc39b 100644 --- a/inventory/host_vars/ch-pan.yml +++ b/inventory/host_vars/ch-pan.yml @@ -58,7 +58,7 @@ wireguard_p2p_peers: - pub_key: "9pUDet+les5aI9UnHHVgyw95hNBxlAX8DBCxTjigpEI=" endpoint: host: "{{ network_zones.magenta.prefix | ansible.utils.ipaddr(network_zones.magenta.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" - port: 51820 + port: 5182 allowed_ips: - "{{ network_zones.remote.prefix }}" - "{{ network_zones.svc.prefix }}" @@ -88,7 +88,7 @@ dyndns: - "dyn.schaaas.at. 7200 IN AAAA 2a02:3e0:407::19" - "captive.schaaas.at. 7200 IN CNAME dyn.schaaas.at." clients: - mz-router: mzl + ch-mz-router: mzl ch-equinox-t450s: equinox ele-media: elemedia diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml index 3f31bcbe..aaa46bb2 100644 --- a/inventory/host_vars/ch-router.yml +++ b/inventory/host_vars/ch-router.yml @@ -185,7 +185,7 @@ openwrt_mixin: ip protocol icmp accept ip6 nexthdr ipv6-icmp accept tcp dport { {{ ansible_port }} } accept - udp dport { openvpn, 51820 } accept + udp dport { openvpn, 5182 } accept } chain input_openvpn { @@ -368,7 +368,7 @@ openwrt_uci: options: proto: wireguard private_key: "{{ vault_wireguard_remote_private_key }}" - listen_port: 51820 + listen_port: 5182 addresses: - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets[inventory_hostname]) }}" nohostroute: 1 @@ -404,8 +404,8 @@ openwrt_uci: options: enabled: '1' interface: 'eth1' - download: '147000' - upload: '20000' + download: '510000' + upload: '72000' qdisc: 'cake' script: 'piece_of_cake.qos' qdisc_advanced: '0' diff --git a/inventory/host_vars/ele-calypso.yml b/inventory/host_vars/ele-calypso.yml index 90e92097..8da4c4af 100644 --- a/inventory/host_vars/ele-calypso.yml +++ b/inventory/host_vars/ele-calypso.yml @@ -74,7 +74,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-companion-raspi.yml b/inventory/host_vars/ele-companion-raspi.yml index 7d130639..b25acb27 100644 --- a/inventory/host_vars/ele-companion-raspi.yml +++ b/inventory/host_vars/ele-companion-raspi.yml @@ -29,7 +29,7 @@ docker_pkg_provider: docker-com docker_plugins: - buildx -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-coturn.yml b/inventory/host_vars/ele-coturn.yml index f966ac9e..1cbc2767 100644 --- a/inventory/host_vars/ele-coturn.yml +++ b/inventory/host_vars/ele-coturn.yml @@ -27,7 +27,7 @@ acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 diff --git a/inventory/host_vars/ele-helene.yml b/inventory/host_vars/ele-helene.yml index 6eef576d..76f7978c 100644 --- a/inventory/host_vars/ele-helene.yml +++ b/inventory/host_vars/ele-helene.yml @@ -92,7 +92,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-jitsi.yml b/inventory/host_vars/ele-jitsi.yml index ea446019..4fe526c0 100644 --- a/inventory/host_vars/ele-jitsi.yml +++ b/inventory/host_vars/ele-jitsi.yml @@ -32,7 +32,7 @@ acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-media.yml b/inventory/host_vars/ele-media.yml index e97e1671..d0fe5e2f 100644 --- a/inventory/host_vars/ele-media.yml +++ b/inventory/host_vars/ele-media.yml @@ -73,7 +73,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-thetys.yml b/inventory/host_vars/ele-thetys.yml index 2911be57..8d00359e 100644 --- a/inventory/host_vars/ele-thetys.yml +++ b/inventory/host_vars/ele-thetys.yml @@ -77,7 +77,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/glt-jitsi.yml b/inventory/host_vars/glt-jitsi.yml index 2e36c347..69e51909 100644 --- a/inventory/host_vars/glt-jitsi.yml +++ b/inventory/host_vars/glt-jitsi.yml @@ -27,7 +27,7 @@ acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/s2-thetys.yml b/inventory/host_vars/s2-thetys.yml index 5f2897c9..8f03e497 100644 --- a/inventory/host_vars/s2-thetys.yml +++ b/inventory/host_vars/s2-thetys.yml @@ -53,7 +53,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/sk-cloudio/collabora.yml b/inventory/host_vars/sk-cloudio/collabora.yml index 93cab2eb..5910da27 100644 --- a/inventory/host_vars/sk-cloudio/collabora.yml +++ b/inventory/host_vars/sk-cloudio/collabora.yml @@ -1,11 +1,17 @@ --- -collabora_code_base_path: /srv/storage/collabora/code - collabora_code_instances: o.skillz.biz: - version: 23.05.6.4.1 + version: 24.04.6.2.1 port: 8200 - hostname: o.skillz.biz + storage: + type: directory + dest: /srv/storage/collabora/code/o.skillz.biz + publish: + zone: "{{ apps_publish_zone__sk_cloudio }}" + hostnames: + - o.skillz.biz + tls: + certificate_provider: acmetool admin: username: admin password: "{{ vault_collabora_code_admin_passwords['o.skillz.biz'] }}" diff --git a/inventory/host_vars/sk-cloudio/etherpad.yml b/inventory/host_vars/sk-cloudio/etherpad.yml deleted file mode 100644 index a368be44..00000000 --- a/inventory/host_vars/sk-cloudio/etherpad.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -etherpad_lite_zfs: - pool: storage - name: etherpad-lite - properties: - compression: lz4 - -etherpad_lite_instances: - pad.elevate.at: - version: c65c5f17aa26c9179ce591f44721861ba6f6bec4-elevate - port: 8300 - hostnames: - - pad.elevate.at - zfs_properties: - quota: 5G - settings: - title: Elevate Etherpad - users: - admin: - is_admin: true - password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['admin'] }}" - user: - is_admin: false - password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['user'] }}" - - defaultPadText: "Welcome to the ELEVATE - Etherpad!\n\nThis pad text is synchronized\ - \ as you type, so that everyone viewing this page sees the same text. This allows\ - \ you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http://etherpad.org\n\ - \n IMPORTANT: THIS PAD IS PRIVIDED FOR FREE TO THE PUBLIC! There is no guarantee\ - \ for your data - please take care of backups yourself! This is usually intended\ - \ only for the Elevate Team and it might get access control in the future! If you\ - \ are interested in having a PAD for your project, please get back to dan@elevate.at\ - \ for information. It can be made available!" - favicon: favicon.ico - - maxAge: 21600 - editOnly: false - minify: true - requireSession: false - requireAuthentication: false - requireAuthorization: false - socketTransportProtocols: [xhr-polling, jsonp-polling, htmlfile] - abiword: null - loglevel: INFO - logconfig: - appenders: - - type: console - dbType: "mysql" - dbSettings: - host: "127.0.0.1" - user: "etherpad-lite" - password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}" - database: "etherpad-lite" - charset: "utf8mb4" - database: - type: mariadb - version: 10.4.22 - password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}" diff --git a/inventory/host_vars/sk-cloudio/nextcloud.yml b/inventory/host_vars/sk-cloudio/nextcloud.yml index 13d29815..3c5e5ae0 100644 --- a/inventory/host_vars/sk-cloudio/nextcloud.yml +++ b/inventory/host_vars/sk-cloudio/nextcloud.yml @@ -1,94 +1,116 @@ --- -nextcloud_zfs: +_nextcloud_zfs_base_: pool: storage name: nextcloud - properties: - compression: lz4 nextcloud_instances: - luzesombra.skillz.biz: - # new: true - version: 29.0.4 - port: 8100 - hostnames: - - luzesombra.skillz.biz - zfs_properties: - quota: 200G - redis: - version: 7.2.1 - database: - type: mariadb - version: 11.1.2 - password: "{{ vault_nextcloud_database_passwords['luzesombra.skillz.biz'] }}" - insomnia.skillz.biz: - # new: true - version: 29.0.4 - port: 8101 - hostnames: - - insomnia.skillz.biz - zfs_properties: - quota: 400G - redis: - version: 7.2.1 - database: - type: mariadb - version: 10.11.5 - password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}" - nc.skillz.biz: - # new: true - version: 29.0.4 - port: 8102 - hostnames: - - nc.skillz.biz - zfs_properties: - quota: 200G - redis: - version: 7.2.1 - database: - type: mariadb - version: 10.11.5 - password: "{{ vault_nextcloud_database_passwords['nc.skillz.biz'] }}" - extra_args: - - "--log_bin_trust_function_creators=true" - custom_image: - dockerfile: | - RUN set -x \ - && apt-get update -q \ - && apt-get install -y -q ffmpeg \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - visuals.pixeldada.com: - # new: true - version: 29.0.4 - port: 8103 - hostnames: - - visuals.pixeldada.com - zfs_properties: - quota: 100G - redis: - version: 7.2.4 - database: - type: mariadb - version: 11.3.2 - password: "{{ vault_nextcloud_database_passwords['visuals.pixeldada.com'] }}" - extra_args: - - "--log_bin_trust_function_creators=true" - custom_image: - dockerfile: | - RUN set -x \ - && apt-get update -q \ - && apt-get install -y -q ffmpeg \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +# luzesombra.skillz.biz: +# # new: true +# version: 29.0.4 +# port: 8100 +# hostnames: +# - luzesombra.skillz.biz +# storage: +# type: zfs +# parent: "{{ _nextcloud_zfs_base_ }}" +# name: luzesombra.skillz.biz +# properties: +# quota: 200G +# redis: +# version: 7.2.1 +# database: +# type: mariadb +# version: 11.1.2 +# password: "{{ vault_nextcloud_database_passwords['luzesombra.skillz.biz'] }}" +# insomnia.skillz.biz: +# # new: true +# version: 29.0.4 +# port: 8101 +# hostnames: +# - insomnia.skillz.biz +# storage: +# type: zfs +# parent: "{{ _nextcloud_zfs_base_ }}" +# name: insomnia.skillz.biz +# properties: +# quota: 400G +# redis: +# version: 7.2.1 +# database: +# type: mariadb +# version: 10.11.5 +# password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}" +# nc.skillz.biz: +# # new: true +# version: 29.0.4 +# port: 8102 +# hostnames: +# - nc.skillz.biz +# storage: +# type: zfs +# parent: "{{ _nextcloud_zfs_base_ }}" +# name: nc.skillz.biz +# properties: +# quota: 200G +# redis: +# version: 7.2.1 +# database: +# type: mariadb +# version: 10.11.5 +# password: "{{ vault_nextcloud_database_passwords['nc.skillz.biz'] }}" +# extra_args: +# - "--log_bin_trust_function_creators=true" +# custom_image: +# dockerfile: | +# RUN set -x \ +# && apt-get update -q \ +# && apt-get install -y -q ffmpeg \ +# && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +# visuals.pixeldada.com: +# # new: true +# version: 29.0.4 +# port: 8103 +# hostnames: +# - visuals.pixeldada.com +# storage: +# type: zfs +# parent: "{{ _nextcloud_zfs_base_ }}" +# name: visuals.pixeldada.com +# properties: +# quota: 100G +# redis: +# version: 7.2.4 +# database: +# type: mariadb +# version: 11.3.2 +# password: "{{ vault_nextcloud_database_passwords['visuals.pixeldada.com'] }}" +# extra_args: +# - "--log_bin_trust_function_creators=true" +# custom_image: +# dockerfile: | +# RUN set -x \ +# && apt-get update -q \ +# && apt-get install -y -q ffmpeg \ +# && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* wolke.elev8.at: # new: true version: 29.0.3 port: 8105 - hostnames: - - wolke.elev8.at - zfs_properties: - quota: 10G + storage: + type: zfs + parent: "{{ _nextcloud_zfs_base_ }}" + name: wolke.elev8.at + properties: + quota: 10G redis: version: 7.2.1 database: type: mariadb version: 10.11.5 password: "{{ vault_nextcloud_database_passwords['wolke.elev8.at'] }}" + publish: + zone: "{{ apps_publish_zone__sk_cloudio }}" + hostnames: + - wolke.elev8.at + tls: + certificate_provider: acmetool diff --git a/inventory/host_vars/sk-cloudio/onlyoffice.yml b/inventory/host_vars/sk-cloudio/onlyoffice.yml index 11f82abe..d8d3da82 100644 --- a/inventory/host_vars/sk-cloudio/onlyoffice.yml +++ b/inventory/host_vars/sk-cloudio/onlyoffice.yml @@ -1,20 +1,30 @@ --- -onlyoffice_zfs: +_onlyoffice_zfs_base_: pool: storage name: onlyoffice properties: compression: lz4 - quota: 5G onlyoffice_instances: office.elev8.at: - version: 8.1.0.1 + version: 8.1.1.2 port: 8600 - hostname: office.elev8.at jwt_secret: "{{ vault_onlyoffice_jwt_secrets['office.elev8.at'] }}" + storage: + type: zfs + parent: "{{ _onlyoffice_zfs_base_ }}" + name: office.elev8.at + properties: + quota: 5G database: - version: 12.19 + version: 12.20 password: "{{ vault_onlyoffice_database_passwords['office.elev8.at'] }}" amqp: - version: 3.13.4 + version: 3.13.7 password: "{{ vault_onlyoffice_amqp_passwords['office.elev8.at'] }}" + publish: + zone: "{{ apps_publish_zone__sk_cloudio }}" + hostnames: + - office.elev8.at + tls: + certificate_provider: acmetool diff --git a/inventory/host_vars/sk-cloudio/pigallery2.yml b/inventory/host_vars/sk-cloudio/pigallery2.yml deleted file mode 100644 index 2a7d5c84..00000000 --- a/inventory/host_vars/sk-cloudio/pigallery2.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -pigallery2_zfs: - pool: storage - name: pigallery2 - properties: - compression: lz4 - -pigallery2_instances: - pix.elevate.at: - version: 1.9.3 - port: 8700 - hostname: pix.elevate.at - zfs_properties: - quota: 5G - images_paths: - 2019: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2019/ - 2020: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2020/ - 2021: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2021/ - 2022: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2022/ - 2023: /srv/storage/nextcloud/wolke.elevate.at/nextcloud/data/__groupfolders/1/Editions_from_2014/Fotos_Editions/2023/ diff --git a/inventory/host_vars/sk-cloudio/vars.yml b/inventory/host_vars/sk-cloudio/vars.yml index 058c785f..be136e82 100644 --- a/inventory/host_vars/sk-cloudio/vars.yml +++ b/inventory/host_vars/sk-cloudio/vars.yml @@ -1,19 +1,43 @@ --- -system_lvm_volume_size_root: 3584M +system_lvm_volume_size_root: 4G system_lvm_volume_size_varlog: 5G install: - cloud: - credentials: "{{ vault_hroot_robot_account }}" - server_name: "{{ host_name }}" + vm: + memory: 48G + numcpus: 12 + autostart: True disks: - primary: software-raid - raid: - level: 1 - members: - - /dev/nvme0n1 - - /dev/nvme1n1 - system_lvm: - size: 15G + primary: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0 + scsi: + sda: + type: zfs + name: root + size: 15g + sdb: + type: zfs + name: data + size: 900g + properties: + 'syncoid:sync': 'false' + interfaces: + - bridge: br-public + name: primary0 + +network: + nameservers: "{{ vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: &_network_primary_ + name: primary0 + address: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) }}" + gateway: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ansible.utils.ipaddr('address') }}" + template: overlay + overlay: "{{ (vm_host.network.bridges.public.overlays.default.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.overlays.default.offsets[inventory_hostname])).split('/')[0] }}" + interfaces: + - *_network_primary_ + +external_ip: "{{ network.primary.overlay }}" apt_repo_components: @@ -22,7 +46,6 @@ apt_repo_components: - non-free-firmware spreadspace_apt_repo_components: - - main - container @@ -33,20 +56,23 @@ zfs_arc_size: zfs_pools: storage: mountpoint: /srv/storage - create_vdevs: mirror /dev/nvme0n1p3 /dev/nvme1n1p3 + create_vdevs: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-1 properties: ashift: 12 autotrim: "on" +zfs_volumes: + storage: + nextcloud: + properties: + compression: lz4 + xattr: sa + zfs_sanoid_modules: storage/nextcloud: use_template: production recursive: yes process_children_only: yes - storage/etherpad-lite: - use_template: production - recursive: yes - process_children_only: yes storage/keycloak: use_template: production recursive: yes @@ -58,6 +84,8 @@ zfs_sanoid_modules: docker_pkg_provider: docker-com +docker_plugins: + - buildx docker_storage: type: zfs @@ -73,7 +101,7 @@ kubelet_storage: properties: quota: 20G -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 @@ -94,8 +122,43 @@ postfix_base_inet_protocols: acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" acme_client: acmetool -## TODO: remove once migration of elevate services has been done -ssh_users_root: - - equinox - - dan - - brt + +sk_cloudio_apps_publish_ca_key: "{{ vault_sk_cloudio_apps_publish_ca_key }}" +sk_cloudio_apps_publish_ca_cert: | + -----BEGIN CERTIFICATE----- + MIIE+DCCAuCgAwIBAgIUWYAlW7BhaDHZaWjkVlttP26KVhgwDQYJKoZIhvcNAQEL + BQAwKTEnMCUGA1UEAwweQXBwcyBQdWJsaXNoIENBIGZvciBzay1jbG91ZGlvMCAX + DTI0MDgyNDIwNDEzNloYDzIwNjQwNzA2MjA0MTM2WjApMScwJQYDVQQDDB5BcHBz + IFB1Ymxpc2ggQ0EgZm9yIHNrLWNsb3VkaW8wggIiMA0GCSqGSIb3DQEBAQUAA4IC + DwAwggIKAoICAQDUOVJTgNrqTlD6FXupVLIoMbQ7O9Xj3XmtYGVtF6LUPodbrlTs + 9TRkhWwVSUGokfgRtKOx1Zk13HFadKw92t9zzTVnT62drH9xOPPGitBXyxeCiyzr + Ib98qnDeO9o+9x0cRsg4tvjksfyMV0JtFxOsSJ6diHrGrakk9SIRVk63GYbRSKBQ + wKCeAihFX35oyd3qCmIt6ZuueX5Z2dNdiaXmcrwe0MhBghd4Upqe3BPopGeVzJtY + Bm6Fsq/V2H28g6l3kNU5sPpgPWMpDRuUTjnfe1MFVu51QwmbkxqWhODaH8dClshJ + imACGnRmTxJ5bAqBbT2z3IEdhaEnKKUyN8OYqX3mtmU1/We9d52cLvghtbiRuhrE + 4eK7GRCvc0QqU/hk6eFvfXVd5KI48tB8at9tKP6tWeavlYyfq5G3canmzOTTbxuA + TfpbFrHIwHCk9M3VTIcABMeb38EGoOpaSTTcX3eOT/k97tQJPKFlfl+EF+fhbijN + 1CEdR+6m2BIvcNmGkKl0VH6eVXiAUFKm03Kg1sH0gh4upQKdx+54szF51jsrHcPI + 16oBChS0t+JG1tcvbluVWwLMw1G5nvm302/RxYahNyCniMAUl/eaubTHarTBtK7w + lAYryanwtlbAR/XQZAHBNzhG/2er1nCr6E5Wh+98ID+ElWbmaQ5ale/8OQIDAQAB + oxYwFDASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4ICAQCpTUjN + veOg2dZ/44tg5P5RnZKZFiyYapaaxv3W6cfqpfUhrI8qSuBn9G/UAJAfMszU87rf + OZ1PRZCFuzu+dB7CrmMgvqt0cTRpaxlN9CzZpfpFADlt9NQKYxK4T8IxIZ7ebISl + UNyX08mRXNB3N+Qq1CcTVtwHNLbnwkLttryGJ1tmAwEu4QIHauG7cDXFQuRGP0CE + x+DSdLTcs6hvOYq4OfpX0Zci5zy4SI50DLoT5h94IaIPAL6XBi7n9bj8ZSHqa1ZC + lveyaGguEy53meARTXSCm/jxtpo8xD7pWz4vnYPZuyMGe9rbE77Y8CwWK/RvUdYx + th09ALKw76W59e78RkxKTqBvGmZYw1igY4p8IqcXci65xtO2HiRDHX2jU7AYkgAD + z5Rv+2ZMcOQHOPzxDRXk06+pQUZ3qQ3cU9ASziTSaLITnMVH0VokRNXvSZYxeuwR + yDqb1H4MsV91Sy4UyXmtfXZYouM3/3OwCzxpkgvxdVdQBzssUssLrRcS5UEcJGr8 + 69M2CNHXX1fy0mLKdgqHNPzX9ALnqTHJMV5C5J3Q4RU6Vl2Un3Vg3A3dRKLPkg5P + C69nyBua3CIlx6Z8o2Ik9tJdwCULV6lYLGEfpsJHt627gF893Jexxuo3zI7XWQhb + ucrEkA2qzf0fHzCwFeiACMjssiN1YyevdI4Flw== + -----END CERTIFICATE----- + +apps_publish_zone__sk_cloudio: + name: sk-cloudio + publisher: sk-cloudio + certificate_provider: static-ca + certificate_ca_config: + cert_content: "{{ sk_cloudio_apps_publish_ca_cert }}" + key_content: "{{ sk_cloudio_apps_publish_ca_key }}" diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml index 0c45dfcb..d728464d 100644 --- a/inventory/host_vars/sk-testvm.yml +++ b/inventory/host_vars/sk-testvm.yml @@ -56,7 +56,7 @@ kubelet_storage: size: 1G fs: ext4 -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 diff --git a/inventory/host_vars/sk-tomnext-nc.yml b/inventory/host_vars/sk-tomnext-nc.yml index 1ace246f..01cf6e8c 100644 --- a/inventory/host_vars/sk-tomnext-nc.yml +++ b/inventory/host_vars/sk-tomnext-nc.yml @@ -88,7 +88,7 @@ kubelet_storage: properties: quota: 15G -kubernetes_version: 1.30.3 +kubernetes_version: 1.30.4 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 15 kubernetes_standalone_cni_variant: with-portmap @@ -148,13 +148,15 @@ nextcloud_instances: && docker-php-ext-enable smbclient \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* -collabora_code_base_path: /srv/storage/collabora/code collabora_code_instances: o.tomwaitz.eu: version: 23.05.6.4.1 port: 8200 hostname: o.tomwaitz.eu + storage: + type: directory + dest: /srv/storage/collabora/code/o.tomwaitz.eu admin: username: admin password: "{{ vault_collabora_code_admin_passwords['o.tomwaitz.eu'] }}" diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 60f41c10..f4c61e2a 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -71,8 +71,8 @@ chaos-at-home-sensors chaos-at-home-ups [chaos-at-home_mz] -mz-router ansible_host=chmz-router -mz-ap ansible_host=chmz-ap +ch-mz-router host_name=mz-router +ch-mz-ap host_name=mz-ap [chaos-at-home_mur-at] ch-atlas host_name=atlas @@ -328,8 +328,8 @@ ch-testvm-openwrt ch-installsmb ch-gw-c3voc ch-raspi-openwrt -mz-ap -mz-router +ch-mz-ap +ch-mz-router ele-router-hmtsaal ele-router-orpheum ele-router-emc |