From b90a0f8dfdcfc045bdfef50ce0e91bbd056f3d47 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 3 Apr 2024 20:18:22 +0200 Subject: cleanup old linuxtage stuff and add new glt-jitsi --- _graveyard_/files/glt/stream-stats.go | 185 +++++++++++++++++++++ .../inventory/group_vars/glt-live-misc/vars.yml | 15 ++ .../inventory/group_vars/glt-live-r3/vars.yml | 3 + .../inventory/group_vars/glt-live/network.yml | 78 +++++++++ _graveyard_/inventory/group_vars/glt-live/vars.yml | 13 ++ _graveyard_/inventory/host_vars/glt-calypso.yml | 77 +++++++++ _graveyard_/inventory/host_vars/glt-coturn.yml | 56 +++++++ _graveyard_/inventory/host_vars/glt-gw-r3.yml | 147 ++++++++++++++++ _graveyard_/inventory/host_vars/glt-gw-tug.yml | 177 ++++++++++++++++++++ _graveyard_/inventory/host_vars/glt-meet1.yml | 65 ++++++++ _graveyard_/inventory/host_vars/glt-meet2.yml | 65 ++++++++ _graveyard_/inventory/host_vars/glt-stream.yml | 8 + _graveyard_/inventory/host_vars/glt-tsdatacop.yml | 70 ++++++++ _graveyard_/inventory/hosts.ini | 49 ++++++ _graveyard_/spreadspace/glt-calypso.yml | 44 +++++ _graveyard_/spreadspace/glt-coturn.yml | 15 ++ _graveyard_/spreadspace/glt-meet1.yml | 15 ++ _graveyard_/spreadspace/glt-meet2.yml | 15 ++ _graveyard_/spreadspace/glt-stream.yml | 148 +++++++++++++++++ _graveyard_/spreadspace/glt-tsdatacop.yml | 43 +++++ _graveyard_/spreadspace/group_vars/glt-live.yml | 20 +++ _graveyard_/spreadspace/host_vars/glt-coturn.yml | 13 ++ _graveyard_/spreadspace/host_vars/glt-meet1.yml | 18 ++ _graveyard_/spreadspace/host_vars/glt-meet2.yml | 18 ++ 24 files changed, 1357 insertions(+) create mode 100644 _graveyard_/files/glt/stream-stats.go create mode 100644 _graveyard_/inventory/group_vars/glt-live-misc/vars.yml create mode 100644 _graveyard_/inventory/group_vars/glt-live-r3/vars.yml create mode 100644 _graveyard_/inventory/group_vars/glt-live/network.yml create mode 100644 _graveyard_/inventory/group_vars/glt-live/vars.yml create mode 100644 _graveyard_/inventory/host_vars/glt-calypso.yml create mode 100644 _graveyard_/inventory/host_vars/glt-coturn.yml create mode 100644 _graveyard_/inventory/host_vars/glt-gw-r3.yml create mode 100644 _graveyard_/inventory/host_vars/glt-gw-tug.yml create mode 100644 _graveyard_/inventory/host_vars/glt-meet1.yml create mode 100644 _graveyard_/inventory/host_vars/glt-meet2.yml create mode 100644 _graveyard_/inventory/host_vars/glt-stream.yml create mode 100644 _graveyard_/inventory/host_vars/glt-tsdatacop.yml create mode 100644 _graveyard_/spreadspace/glt-calypso.yml create mode 100644 _graveyard_/spreadspace/glt-coturn.yml create mode 100644 _graveyard_/spreadspace/glt-meet1.yml create mode 100644 _graveyard_/spreadspace/glt-meet2.yml create mode 100644 _graveyard_/spreadspace/glt-stream.yml create mode 100644 _graveyard_/spreadspace/glt-tsdatacop.yml create mode 100644 _graveyard_/spreadspace/group_vars/glt-live.yml create mode 100644 _graveyard_/spreadspace/host_vars/glt-coturn.yml create mode 100644 _graveyard_/spreadspace/host_vars/glt-meet1.yml create mode 100644 _graveyard_/spreadspace/host_vars/glt-meet2.yml (limited to '_graveyard_') diff --git a/_graveyard_/files/glt/stream-stats.go b/_graveyard_/files/glt/stream-stats.go new file mode 100644 index 00000000..6920b513 --- /dev/null +++ b/_graveyard_/files/glt/stream-stats.go @@ -0,0 +1,185 @@ +package main + +import ( + "crypto/sha256" + "encoding/json" + "fmt" + "io/ioutil" + "log" + "net/http" + "os" + "strconv" + "sync" + "time" +) + +type LatestRequests map[string]bool + +var last5min LatestRequests +var lMutex = &sync.Mutex{} + +const dateFormat = time.RFC3339 + +func init() { + last5min = make(LatestRequests) +} + +// find the next timestamp (i.e. time when minute is 4 mod 5 and second is 0) +func nextTimestamp() time.Time { + now := time.Now() + if now.Minute()%5 == 4 && now.Second() == 0 { + return now.Add(5 * 60 * time.Second) + } + + minDiff := 5 + switch now.Minute() % 5 { + case 0: + minDiff = 4 + case 1: + minDiff = 3 + case 2: + minDiff = 2 + case 3: + minDiff = 1 + case 4: + minDiff = 5 + } + return now.Add(-time.Duration(now.Second()) * time.Second).Add(time.Duration(minDiff) * 60 * time.Second) +} + +// find the previous timestamp +func previousTimestamp() time.Time { + now := time.Now() + if now.Minute()%5 == 4 && now.Second() == 0 { + return now.Add(-5 * 60 * time.Second) + } + + minDiff := (now.Minute() % 5) + 1 + return now.Add(-time.Duration(now.Second()) * time.Second).Add(-time.Duration(minDiff) * 60 * time.Second) +} + +// writeToFile writes the 5min result to the file by appending data +func writeToFile() { + filePath := os.Args[2] + timestamp := time.Now().Add(-5 * 60 * time.Second) + db := make(map[string]uint32) + + // collect new count and erase data from 5-minutes data structure + lMutex.Lock() + latestCount := len(last5min) + last5min = make(LatestRequests) + lMutex.Unlock() + + // read in existing data + content, err := ioutil.ReadFile(filePath) + if err == nil { + srcData := make(map[string]uint32) + err = json.Unmarshal(content, &srcData) + if err != nil { + fmt.Fprintf(os.Stderr, "failed to unmarshal file '%s': %s\n", filePath, err.Error()) + return + } + + // copy data over to database + for k, v := range srcData { + db[k] = v + } + } + + // update database with latest count + db[timestamp.Format(dateFormat)] = uint32(latestCount) + + // write to file + dump, _ := json.MarshalIndent(db, "", " ") + err = ioutil.WriteFile(filePath, dump, 0644) + if err != nil { + fmt.Fprintf(os.Stderr, "error while writing file '%s': %s\n", filePath, err.Error()) + } +} + +// handle a request to / +func handle(w http.ResponseWriter, r *http.Request) { + w.Header().Add("Content-type", "text/plain; charset=utf-8") + _, err := w.Write([]byte("request counter\nby meisterluk\nroutes: {/req, /list}\n")) + if err != nil { + fmt.Fprintln(os.Stderr, err) + } +} + +// handle a request to /req +// increments the counter within 5min plus one unless this client was already registered +func handleRequest(w http.ResponseWriter, r *http.Request) { + // generate a key which detects trivial double requests + var ident string + ident = r.Header.Get("User-Agent") + ident += r.Header.Get("X-Forwarded-For") + //ident += time.Now().Format(dateFormat) // add this line to register every request for debugging + h := sha256.New() + key := string(h.Sum([]byte(ident))) + + // register this client for counting + lMutex.Lock() + last5min[key] = true + defer lMutex.Unlock() + + w.Write([]byte("request registered\n")) +} + +func handleList(w http.ResponseWriter, r *http.Request) { + w.Header().Add("Content-type", "text/plain; charset=utf-8") + srcFile := os.Args[2] + db := make(map[string]uint32) + + // add entry for current data + db[previousTimestamp().Format(dateFormat)] = uint32(len(last5min)) + + // read file + for { + content, err := ioutil.ReadFile(srcFile) + if err != nil { + fmt.Fprintln(os.Stderr, err) + break + } + srcDB := make(map[string]uint32) + err = json.Unmarshal(content, &srcDB) + if err != nil { + fmt.Fprintln(os.Stderr, err) + break + } + + // copy data into db + for k, v := range srcDB { + db[k] = v + } + break // for loop used only for control flow + } + + // print data + for timestamp, count := range db { + w.Write([]byte(timestamp + "\t" + strconv.Itoa(int(count)) + "\n")) + } +} + +func main() { + if len(os.Args) != 3 { + fmt.Fprintln(os.Stderr, "usage: ./req-counter ") + os.Exit(1) + } + + http.HandleFunc("/", handle) + http.HandleFunc("/req", handleRequest) + http.HandleFunc("/list", handleList) + + go func() { + for { + now := time.Now() + time.Sleep(nextTimestamp().Sub(now)) + + writeToFile() + fmt.Fprintf(os.Stderr, "File '%s' written.\n", os.Args[2]) + } + }() + + fmt.Println("listening on " + os.Args[1]) + log.Fatal(http.ListenAndServe(os.Args[1], nil)) +} diff --git a/_graveyard_/inventory/group_vars/glt-live-misc/vars.yml b/_graveyard_/inventory/group_vars/glt-live-misc/vars.yml new file mode 100644 index 00000000..4f1862b5 --- /dev/null +++ b/_graveyard_/inventory/group_vars/glt-live-misc/vars.yml @@ -0,0 +1,15 @@ +--- +install: + cloud: + credentials: + token: "{{ vault_hcloud_api_token }}" + + +apt_repo_provider: hetzner + +ssh_keys_root_extra: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/tPDEC1q6YIhKKYK3ioN+flmB2ACw0X7rew144g71jeD1/ZXt2JaPJND8TiGAITtM7jOAc6EVHCjpRrA71+tOu119T/0ewRDTTg1B+X7/MgiXtV7OaG0SuxULrzHv2oH0XWX750EKqdRN56uw2WKkyHQafKgPULIYcRKuj2NbUxh3jnbwA3yaPZ47I+nSRUuLLPr87eoaeJB0LYvK0DfDoe5jlwds8lp20jbY5SVYlPH+tqRo//hiYWbEUL5h3aFqOlphXp3eTnK1uUfWoII6IEudMfj7+ajn17CDd9THMNyIN7EdyZ7Lum9sIMjU1JGbT+xW1t6VVx0pGY2zmTt6XTVYrGmc/T/yD+aQZHKtaiRrvZiL5Izl5gkrvXgFmjgebMlLm6adplqK239PoyjgVjxBiZbKwsEq+YmNrCWImwoJ7d1j52Z0CqIcWF6DrXbT0nAFuIYayVjBSMvf2/dnan6NhYPxj+yfAUVUkhza5jtVW6woIgJlZ5Zi3rXmXDE= emergency@glt + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHB2GxQrL18sfbdgTvaimYR/F94UtZ3BMA8cNQyTzT8h martin@adelmann + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvzYsE/QAjqvmNU1MoYzd9FTe+xmNadvosoQHyyXYh5qBQYI5AfCpeZmkHgSrdUOiA4Z6BOW5RvDjbHQlQK2D3I1uuCSGIt830t4btbuffCw+6HpnZ9Q7Q/1GKLaUH+qdHISoNmt+3eFUPr3Xg5CK3fJ8zfCxjagHxn7AVXPBqJK5fRYtmXLNVo8NaoTe3o3YhChD7sR1FlzZhFIeqVHFJxvwFYtYbXfwsJI43oQON+oxHCIRodJDrUwsqBXIeqxJGBi/UjTHLaxBpy89oi5kZjPhmZDu3vyJpcEn9vkVpwKgKK110Zya2F07CXLTE/6VoetwAYeWDBiZiXfbLI7SPr1PZ+wkd8UX/evdEhJhh3ySW9Gi3n2AzCz8tUJPJvDxqr+KpiI138dYLAyuLoRK4I2MbvO/5/zAqByZP10Ru3MLunHrNsiI/pSu4bvOnwM8F71w9fkTuv5jOeIJo5YHupJZsl7LfcRwokxFMhJ2bk5fiJFvDeHkCKfnlq/dq7zk= lukas@regular + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5dIGN5o3LKThsA/hnTqazsVW5UNuGxia6Kheq40UChnfiF0+XaNRgXZYWO9HvKO0Cer9srZy9Ok1YirQBHAujRZmvnk3il7cbxepD+j2+oPaL57mevYD5lBzVqoqANCaTaq5if7aQEwGOqgz1HFtU44ElgAEjamwFfAOG3WPckOjGmqnSGQrS7+tZg/Z8S7d1zjbUJvXbvwehMpFz8pun2E1FhFrDWmmP4bA4GXGMAZvXDQ5bLeb4uspUI2N8oAFGvf5SxXLiZx2VmOf6ZIVS4FZqweR6wI0C8RBJuvAtzThZgaCY3kIrQKxD+eYYgBJB+mMYySoUQBFHaBW967v5T+2uR9oxD8l21lb39E3R6fhn3YM4BTv67GR2B1fvryu7Wz5u5wMW6dOptpVoyVaYbQAUcb0wRhzZzDjoL7xH+dYio6rs4BjtpWjspi0tRtN/L7H59qvZLxzK/VsBj82t2fXylE+/LnZQ+yNvcqHteJS+VH4LxTNOzqlaaRJ0GYs= ansible@glt + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCdm5WCNt0ul9R7B8ndbuh8aw+OWXDEx0jjXI2Ep8TcjXlo7b2NScunqZHA9WkLNNi8f46N1c2UYm7LVrLFs1mWaaVPeM0jzBHPXCVJPJDMiWPfdxsIQqKM+q09kVlGGNGQvEeVYVLPg+K2t/sEdPgjb7/UhOblurQhQewWvvypReVLhPU5K8/ZCh/uXHmBxmp0kcm0UhIJ73tjdpIoeseQgA7FjA/h1lKKakChu3kqGHL0FJmH9ZcMfPkYUziQ6hv583PrU03vq5Q3J+tyXR3ytY1yqTUntnkHHE6e2Q3zfFWZcrhgUG6UOch2exv1vH2c1yBL3EYecZ/1s2gx/7QX0rrP2byMRorvnAY06rIQ5HXBJrUMEPsiTM16EfLHC1CsolsKTEQ+2DrrqSCACJmO+La8QunqA6l0G2SnRCW6I/A3RATzP6V2bUuJpBnS3hVfP5Q11xO+8zfu/58i3S3EaMNsUc8GwxJ9L6sjTO3W2LQ1UsG2fECPm9Ghec6iJyM= spel@lspe.organsible diff --git a/_graveyard_/inventory/group_vars/glt-live-r3/vars.yml b/_graveyard_/inventory/group_vars/glt-live-r3/vars.yml new file mode 100644 index 00000000..8c360f8d --- /dev/null +++ b/_graveyard_/inventory/group_vars/glt-live-r3/vars.yml @@ -0,0 +1,3 @@ +--- +apt_repo_provider: anexia +#apt_repo_provider: ffgraz diff --git a/_graveyard_/inventory/group_vars/glt-live/network.yml b/_graveyard_/inventory/group_vars/glt-live/network.yml new file mode 100644 index 00000000..e78ddd2d --- /dev/null +++ b/_graveyard_/inventory/group_vars/glt-live/network.yml @@ -0,0 +1,78 @@ +--- +network_zones: + r3_lan: + description: "realraum LAN, Internetuplink via Magenta" + vlan: 127 + prefix: 192.168.127.0/24 + gateway: 192.168.127.254 + dns: + - 192.168.127.254 + dhcp: + start: 1 + limit: 149 + offsets: + # Saal 1 + glt-s1mod: 150 + glt-s1slide: 151 + glt-s1speak1: 152 + glt-s1speak2: 153 + glt-s1info: 154 + glt-dione: 155 + glt-calypso: 156 + glt-s1atemctl: 157 + glt-s1atem: 158 + glt-s1switch: 159 + # Saal 2 + glt-s2mod: 160 + glt-s2slide: 161 + glt-s2speak: 162 + glt-s2info: 163 + glt-helene: 165 + glt-telesto: 166 + glt-s2atemctl: 167 + glt-s2atem: 168 + glt-s2switch: 169 + # Saal 3 + glt-s3mod: 170 + glt-s3slide: 171 + glt-s3speak: 172 + glt-s3info: 173 + glt-tsdatacop: 175 + glt-thetys: 176 + glt-s3atemctl: 177 + glt-s3atem: 178 + glt-s3switch: 179 + # misc + equinox-t450s: 190 + spel: 191 + glt-gw-r3: 199 + + r3_ff: + description: "realraum Funkfeuer Subnet, Internetuplink via Funkfeuer and mur.at" + vlan: 255 + prefix: 10.12.240.240/28 + gateway: 10.12.240.247 + dns: + - 10.12.0.10 + offsets: + glt-gw-r3: 8 + + murat_transfer: + description: "transfer network for upstream via mur.at" + prefix: 172.31.255.240/28 + offsets: + ele-tub: 1 + ff-10g: 2 + ele-mur: 14 + + tug_lan: + description: "glt@tug LAN, Internetuplink via TUG and ACOnet" + prefix: 192.168.27.0/24 + gateway: 192.168.27.254 + dns: + - 192.168.27.254 + dhcp: + start: 1 + limit: 199 + offsets: + glt-gw-tug: 254 diff --git a/_graveyard_/inventory/group_vars/glt-live/vars.yml b/_graveyard_/inventory/group_vars/glt-live/vars.yml new file mode 100644 index 00000000..65287b3a --- /dev/null +++ b/_graveyard_/inventory/group_vars/glt-live/vars.yml @@ -0,0 +1,13 @@ +--- +zsh_banner: linuxtage + +ssh_users_root: + - equinox + - spel + +acme_account_email: equinox@spreadspace.org +acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" + +apt_repo_blackmagic_auth: + username: "glt" + password: "{{ vault_apt_repo_blackmagic_auth.password }}" diff --git a/_graveyard_/inventory/host_vars/glt-calypso.yml b/_graveyard_/inventory/host_vars/glt-calypso.yml new file mode 100644 index 00000000..afa7766c --- /dev/null +++ b/_graveyard_/inventory/host_vars/glt-calypso.yml @@ -0,0 +1,77 @@ +--- +system_lvm_volume_size_root: 3G + +install: + efi: true + disks: + primary: /dev/disk/by-id/ata-OCZ-VERTEX2_OCZ-5328NA52AN84G246 + kernel_cmdline: + - "consoleblank=0" + - "nomodeset" + +network: + nameservers: "{{ network_zones.r3_lan.dns }}" + domain: "{{ host_domain }}" + primary: &_network_primary_ + name: eno1 + address: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets[inventory_hostname]) }}" + gateway: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets['glt-gw-r3']) | ansible.utils.ipaddr('address') }}" + interfaces: + - *_network_primary_ + + +apt_repo_components: + - main + - contrib ## for zfs + - non-free-firmware ## for microcode updates + +spreadspace_apt_repo_components: + - container + +zfs_arc_size: + min: 1GB + max: 2GB + +zfs_pools: + storage: + mountpoint: /srv/storage + create_vdevs: mirror /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720805 /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720811 + + +blackmagic_desktopvideo_version: 12.5a15 +blackmagic_desktopvideo_include_gui: yes + + +docker_pkg_provider: docker-com +docker_storage: + type: lvm + vg: "{{ host_name }}" + lv: docker + size: 15G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 10G + fs: ext4 + +kubernetes_version: 1.29.2 +kubernetes_container_runtime: docker +kubernetes_standalone_max_pods: 42 +kubernetes_standalone_cni_variant: with-portmap + + +recorder_storage: + type: zfs + pool: storage + name: recorder +recorder_base_path: /srv/storage/recorder +recorder_inst_name: feed-glt21s1 +recorder_ffmpeg_image_version: bookworm-decklink12.5-2024-02-18.33 +recorder_input: ['-f', 'decklink', '-video_input', 'sdi', '-format_code', 'Hp25', '-channels', '2', '-i', 'DeckLink SDI (1)'] +recorder_video_filter_common: "colorspace=iall=bt709:irange=tv:all=bt709:range=tv" + +recorder_segment_time: 3600 +recorder_segment_clocktime_offset: 3300 diff --git a/_graveyard_/inventory/host_vars/glt-coturn.yml b/_graveyard_/inventory/host_vars/glt-coturn.yml new file mode 100644 index 00000000..6dc0f5c4 --- /dev/null +++ b/_graveyard_/inventory/host_vars/glt-coturn.yml @@ -0,0 +1,56 @@ +--- +docker_storage: + type: lvm + vg: "{{ host_name }}" + lv: docker + size: 5G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 5G + fs: ext4 + + +spreadspace_apt_repo_components: + - container + +acme_client: acmetool + + +kubernetes_version: 1.29.2 +kubernetes_container_runtime: docker +kubernetes_standalone_max_pods: 100 +kubernetes_standalone_pod_cidr: 192.168.255.0/24 +kubernetes_standalone_cni_variant: with-portmap + + +coturn_version: 4.6.2-r4 +coturn_realm: linuxtage.at +coturn_hostnames: + - cdn13.linuxtage.at + +coturn_auth_secret: "{{ vault_coturn_auth_secret }}" +coturn_listening_port: 3478 +coturn_tls_listening_port: 443 +coturn_install_nginx_vhost: no +coturn_tls: + certificate_provider: "{{ acme_client }}" + + +mumble_version: v1.4.287-4 +mumble_instance: linuxtage.at +mumble_hostnames: + - mumble.linuxtage.at +mumble_tls: + certificate_provider: "{{ acme_client }}" + +mumble_superuser_password: "{{ vault_mumble_superuser_password }}" + +mumble_config_options: + bonjour: false + sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5" + welcometext: "Willkommen im Mumble der Grazer Linuxtage
Intercom für Helfer und Orga während der GLT21" + rememberchannel: true diff --git a/_graveyard_/inventory/host_vars/glt-gw-r3.yml b/_graveyard_/inventory/host_vars/glt-gw-r3.yml new file mode 100644 index 00000000..d5d8538e --- /dev/null +++ b/_graveyard_/inventory/host_vars/glt-gw-r3.yml @@ -0,0 +1,147 @@ +--- +openwrt_arch: x86 +openwrt_target: geode +openwrt_profile: generic +openwrt_output_image_suffixes: + - "{{ openwrt_profile }}-ext4-combined.img.gz" + +openwrt_packages_remove: + - ppp + - ppp-mod-pppoe + - firewall + - dnsmasq + - odhcpd-ipv6only +openwrt_packages_add: + - kmod-ipt-nat + - kmod-ipt-conntrack + - haveged + - htop + - ip + - less + - nano + - tcpdump-mini + - iperf + - iperf3 + - mtr + - iptraf-ng + + +openwrt_mixin: + /etc/dropbear/authorized_keys: + content: "{{ ssh_keys_root | join('\n') }}\n" + + /etc/htoprc: + file: "{{ global_files_dir }}/common/htoprc" + + /etc/rc.d/S22network-fw: + link: "../init.d/network-fw" + + /etc/rc.d/K92network-fw: + link: "../init.d/network-fw" + + /etc/init.d/network-fw: + mode: "0755" + content: | + #!/bin/sh /etc/rc.common + + START=22 + STOP=91 + + start() { + WAN_IF=$(uci get network.wan.device) + LAN_IF=$(uci get network.lan.device) + LAN_IP=$(uci get network.lan.ipaddr) + LAN_MASK=$(uci get network.lan.netmask) + + iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT + + ### external incoming + iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT + iptables -A INPUT -i "$WAN_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT + iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + + ### internal + iptables -A INPUT -i "$LAN_IF" -p udp --dport 67 --sport 68 -j ACCEPT + iptables -A INPUT -i "$LAN_IF" -p udp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT + iptables -A INPUT -i "$LAN_IF" -p tcp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT + + iptables -A INPUT -i "$LAN_IF" -p icmp -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT + iptables -A INPUT -i "$LAN_IF" -p tcp --dport {{ ansible_port }} -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT + iptables -A INPUT -i "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + + iptables -A FORWARD -i "$LAN_IF" -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j ACCEPT + iptables -A FORWARD -i "$WAN_IF" -o "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j MASQUERADE + + ### default policies + iptables -P INPUT DROP + iptables -P FORWARD DROP + } + + stop() { + iptables -P INPUT ACCEPT + iptables -F INPUT + iptables -P FORWARD ACCEPT + iptables -F FORWARD + iptables -t nat -F POSTROUTING + } + +openwrt_uci: + system: + - name: system + options: + hostname: '{{ host_name }}' + timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' + ttylogin: '0' + log_size: '64' + urandom_seed: '0' + + - name: timeserver 'ntp' + options: + enabled: '1' + enable_server: '0' + server: + - '0.lede.pool.ntp.org' + - '1.lede.pool.ntp.org' + - '2.lede.pool.ntp.org' + - '3.lede.pool.ntp.org' + + dropbear: + - name: dropbear + options: + PasswordAuth: 'off' + RootPasswordAuth: 'off' + Port: '{{ ansible_port }}' + + network: + - name: globals 'globals' + options: + ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48" + + - name: interface 'loopback' + options: + device: lo + proto: static + ipaddr: 127.0.0.1 + netmask: 255.0.0.0 + + - name: interface 'wan' + options: + device: eth0 + proto: static + ipaddr: "{{ network_zones.r3_ff.prefix | ansible.utils.ipaddr(network_zones.r3_ff.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" + netmask: "{{ network_zones.r3_ff.prefix | ansible.utils.ipaddr('netmask') }}" + gateway: "{{ network_zones.r3_ff.gateway }}" + dns: "{{ network_zones.r3_ff.dns }}" + + - name: interface 'lan' + options: + device: eth1 + proto: static + ipaddr: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" + netmask: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr('netmask') }}" + + - name: interface 'unused' + options: + device: eth2 + proto: none diff --git a/_graveyard_/inventory/host_vars/glt-gw-tug.yml b/_graveyard_/inventory/host_vars/glt-gw-tug.yml new file mode 100644 index 00000000..5e1d0a45 --- /dev/null +++ b/_graveyard_/inventory/host_vars/glt-gw-tug.yml @@ -0,0 +1,177 @@ +--- +openwrt_arch: x86 +openwrt_target: 64 +openwrt_profile: generic +openwrt_output_image_suffixes: + - "{{ openwrt_profile }}-ext4-combined.img.gz" + +openwrt_packages_remove: + - ppp + - ppp-mod-pppoe + - firewall +openwrt_packages_add: + - kmod-ipt-nat + - kmod-ipt-conntrack + - haveged + - htop + - ip + - less + - nano + - tcpdump-mini + - iperf + - iperf3 + - mtr + - iptraf-ng + + +openwrt_mixin: + /etc/dropbear/authorized_keys: + content: "{{ ssh_keys_root | join('\n') }}\n" + + /etc/htoprc: + file: "{{ global_files_dir }}/common/htoprc" + + /etc/rc.d/S22network-fw: + link: "../init.d/network-fw" + + /etc/rc.d/K92network-fw: + link: "../init.d/network-fw" + + /etc/init.d/network-fw: + mode: "0755" + content: | + #!/bin/sh /etc/rc.common + + START=22 + STOP=91 + + start() { + WAN_IF=$(uci get network.wan.device) + LAN_IF="br-lan" + LAN_IP=$(uci get network.lan.ipaddr) + LAN_MASK=$(uci get network.lan.netmask) + + iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT + + ### external incoming + iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT + iptables -A INPUT -i "$WAN_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT + iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + + ### internal + iptables -A INPUT -i "$LAN_IF" -p udp --dport 67 --sport 68 -j ACCEPT + iptables -A INPUT -i "$LAN_IF" -p udp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT + iptables -A INPUT -i "$LAN_IF" -p tcp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT + + iptables -A INPUT -i "$LAN_IF" -p icmp -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT + iptables -A INPUT -i "$LAN_IF" -p tcp --dport {{ ansible_port }} -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT + iptables -A INPUT -i "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + + iptables -A FORWARD -i "$LAN_IF" -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j ACCEPT + iptables -A FORWARD -i "$WAN_IF" -o "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j MASQUERADE + + ### default policies + iptables -P INPUT DROP + iptables -P FORWARD DROP + } + + stop() { + iptables -P INPUT ACCEPT + iptables -F INPUT + iptables -P FORWARD ACCEPT + iptables -F FORWARD + iptables -t nat -F POSTROUTING + } + +openwrt_uci: + system: + - name: system + options: + hostname: '{{ host_name }}' + timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' + ttylogin: '0' + log_size: '64' + urandom_seed: '0' + + - name: timeserver 'ntp' + options: + enabled: '1' + enable_server: '0' + server: + - '0.lede.pool.ntp.org' + - '1.lede.pool.ntp.org' + - '2.lede.pool.ntp.org' + - '3.lede.pool.ntp.org' + + dropbear: + - name: dropbear + options: + PasswordAuth: 'off' + RootPasswordAuth: 'off' + Port: '{{ ansible_port }}' + + dhcp: + - name: dnsmasq + options: + domainneeded: '1' + boguspriv: '0' + filterwin2k: '0' + localise_queries: '1' + rebind_protection: '0' + rebind_localhost: '1' + local: '/lan/' + domain: 'lan' + expandhosts: '1' + nonegcache: '0' + authoritative: '1' + readethers: '1' + leasefile: '/tmp/dhcp.leases' + resolvfile: '/tmp/resolv.conf.auto' + localservice: '1' + + - name: odhcpd 'odhcpd' + options: + maindhcp: '0' + leasefile: '/tmp/hosts/odhcpd' + leasetrigger: '/usr/sbin/odhcpd-update' + + - name: dhcp 'wan' + options: + interface: 'wan' + ignore: '1' + + - name: dhcp 'lan' + options: + interface: 'lan' + start: "{{ network_zones.tug_lan.dhcp.start }}" + limit: "{{ network_zones.tug_lan.dhcp.limit }}" + leasetime: "{{ network_zones.tug_lan.dhcp.leasetime | default('12h') }}" + dhcpv6: 'disabled' + ra: 'disabled' + + network: + - name: globals 'globals' + options: + ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48" + + - name: interface 'loopback' + options: + device: lo + proto: static + ipaddr: 127.0.0.1 + netmask: 255.0.0.0 + + - name: interface 'lan' + options: + type: bridge + device: "eth0 eth1 eth2 eth3 eth4" + proto: static + ipaddr: "{{ network_zones.tug_lan.prefix | ansible.utils.ipaddr(network_zones.tug_lan.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" + netmask: "{{ network_zones.tug_lan.prefix | ansible.utils.ipaddr('netmask') }}" + + - name: interface 'wan' + options: + device: eth5 + proto: dhcp + macaddr: 00:11:22:33:44:55 diff --git a/_graveyard_/inventory/host_vars/glt-meet1.yml b/_graveyard_/inventory/host_vars/glt-meet1.yml new file mode 100644 index 00000000..a7d619c8 --- /dev/null +++ b/_graveyard_/inventory/host_vars/glt-meet1.yml @@ -0,0 +1,65 @@ +--- +docker_storage: + type: lvm + vg: "{{ host_name }}" + lv: docker + size: 5G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 5G + fs: ext4 + + +spreadspace_apt_repo_components: + - container + +acme_client: acmetool + + +kubernetes_version: 1.29.2 +kubernetes_container_runtime: docker +kubernetes_standalone_max_pods: 100 +kubernetes_standalone_cni_variant: with-portmap + + +jitsi_meet_base_path: /srv/jitsi/meet + +jitsi_meet_version: stable-9258 +jitsi_meet_hostname: meet1.linuxtage.at + +jitsi_meet_p2p_enable: no +jitsi_meet_require_display_name: yes + +jitsi_meet_resolution: + default: + width: 1920 + height: 1080 + min: + width: 1280 + height: 720 + +jitsi_meet_jvb_config_extra: | + videobridge { + cc { + trust-bwe = false + onstage-preferred-framerate = 25 + } + } + +jitsi_meet_secrets: "{{ vault_jitsi_meet_secrets }}" + +jitsi_meet_auth: + enable_guests: yes + users: + operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}" + +jitsi_meet_streamui: + http_port: "{{ jitsi_meet_http_port + 1 }}" +# http_auth: +# operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}" + image_tag: latest + default_control_room: glt diff --git a/_graveyard_/inventory/host_vars/glt-meet2.yml b/_graveyard_/inventory/host_vars/glt-meet2.yml new file mode 100644 index 00000000..b194b9f6 --- /dev/null +++ b/_graveyard_/inventory/host_vars/glt-meet2.yml @@ -0,0 +1,65 @@ +--- +docker_storage: + type: lvm + vg: "{{ host_name }}" + lv: docker + size: 5G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 5G + fs: ext4 + + +spreadspace_apt_repo_components: + - container + +acme_client: acmetool + + +kubernetes_version: 1.29.2 +kubernetes_container_runtime: docker +kubernetes_standalone_max_pods: 100 +kubernetes_standalone_cni_variant: with-portmap + + +jitsi_meet_base_path: /srv/jitsi/meet + +jitsi_meet_version: stable-9258 +jitsi_meet_hostname: meet2.linuxtage.at + +jitsi_meet_p2p_enable: no +jitsi_meet_require_display_name: yes + +jitsi_meet_resolution: + default: + width: 1920 + height: 1080 + min: + width: 1280 + height: 720 + +jitsi_meet_jvb_config_extra: | + videobridge { + cc { + trust-bwe = false + onstage-preferred-framerate = 25 + } + } + +jitsi_meet_secrets: "{{ vault_jitsi_meet_secrets }}" + +jitsi_meet_auth: + enable_guests: yes + users: + operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}" + +jitsi_meet_streamui: + http_port: "{{ jitsi_meet_http_port + 1 }}" +# http_auth: +# operator: "{{ vault_jitsi_meet_auth_user_passwords['operator'] }}" + image_tag: latest + default_control_room: glt diff --git a/_graveyard_/inventory/host_vars/glt-stream.yml b/_graveyard_/inventory/host_vars/glt-stream.yml new file mode 100644 index 00000000..db9292da --- /dev/null +++ b/_graveyard_/inventory/host_vars/glt-stream.yml @@ -0,0 +1,8 @@ +--- +lvm_volumes: + system/www: + vg: "{{ host_name }}" + lv: www + size: 10G + fs: ext4 + dest: /srv/www diff --git a/_graveyard_/inventory/host_vars/glt-tsdatacop.yml b/_graveyard_/inventory/host_vars/glt-tsdatacop.yml new file mode 100644 index 00000000..c78513a6 --- /dev/null +++ b/_graveyard_/inventory/host_vars/glt-tsdatacop.yml @@ -0,0 +1,70 @@ +--- +system_lvm_volume_size_root: 3G + +install: + efi: false + disks: + primary: /dev/disk/by-id/ata-WDC_WDS120G2G0A-00JH30_200854446208 + kernel_cmdline: + - "consoleblank=0" + +network: + nameservers: "{{ network_zones.r3_lan.dns }}" + domain: "{{ host_domain }}" + primary: &_network_primary_ + name: eno1 + address: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets[inventory_hostname]) }}" + gateway: "{{ network_zones.r3_lan.prefix | ansible.utils.ipaddr(network_zones.r3_lan.offsets['glt-gw-r3']) | ansible.utils.ipaddr('address') }}" + interfaces: + - *_network_primary_ + + +spreadspace_apt_repo_components: + - container + + +lvm_groups: + storage: + pvs: + - /dev/disk/by-id/ata-WDC_WD5000AAJS-00TKA0_WD-WCAPW2771922-part1 + + +blackmagic_desktopvideo_version: 12.5a15 +blackmagic_desktopvideo_include_gui: yes + + +docker_pkg_provider: docker-com +docker_storage: + type: lvm + vg: "{{ host_name }}" + lv: docker + size: 15G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 10G + fs: ext4 + +kubernetes_version: 1.29.2 +kubernetes_container_runtime: docker +kubernetes_standalone_max_pods: 42 +kubernetes_standalone_cni_variant: with-portmap + + +recorder_storage: + type: lvm + vg: storage + lv: recorder + size: 400G + fs: ext4 +recorder_base_path: /srv/recorder +recorder_inst_name: feed-glt21s3 +recorder_ffmpeg_image_version: bookworm-decklink12.5-2024-02-18.33 +recorder_input: ['-f', 'decklink', '-video_input', 'sdi', '-format_code', 'Hp25', '-channels', '2', '-i', 'DeckLink Mini Recorder'] +recorder_video_filter_common: "colorspace=iall=bt709:irange=tv:all=bt709:range=tv" + +recorder_segment_time: 3600 +recorder_segment_clocktime_offset: 3300 diff --git a/_graveyard_/inventory/hosts.ini b/_graveyard_/inventory/hosts.ini index a0381990..bf8ab79e 100644 --- a/_graveyard_/inventory/hosts.ini +++ b/_graveyard_/inventory/hosts.ini @@ -28,6 +28,34 @@ r3-cccamp19-av host_name=av ############################### # environment: spreadspace +[glt-live:vars] +host_domain=linuxtage.at +env_group=spreadspace + +[glt-live:children] +glt-live-misc +glt-live-r3 +glt-live-tug + +[glt-live-misc] +glt-coturn host_name=cdn13 +glt-meet1 host_name=meet1 +glt-meet2 host_name=meet2 +glt-stream host_name=stream + +[glt-live-r3] +glt-gw-r3 host_name=gw-r3 +#glt-dione host_name=dione +#glt-helene host_name=helene +glt-calypso host_name=calypso +#glt-telesto host_name=telesto +glt-tsdatacop host_name=tsdatacop +#glt-thetys host_name=thetys + +[glt-live-tug] +glt-gw-tug host_name=gw-tug + + [lendwirbel-live:vars] host_domain=lndwrbl.live env_group=spreadspace @@ -77,6 +105,11 @@ ele-laptop host_name=elevatop ############################### # host categories +## OS +[openwrt] +glt-gw-r3 +glt-gw-tug + [dellos6] r3-cccamp19-sw0 @@ -118,6 +151,12 @@ lw-master sgg-icecast +[hcloud] +glt-coturn +glt-meet1 +glt-meet2 +glt-stream + [hcloud:children] lendwirbel-live-dist lendwirbel-live-xx @@ -128,6 +167,16 @@ k8s-lwl [standalone-kubelet] lw-thetys sgg-icecast +glt-coturn +glt-meet1 +glt-meet2 +glt-dione +glt-helene +glt-calypso +glt-telesto +glt-tsdatacop +glt-thetys + ### Kubernetes Cluster: lendwirbel-live [k8s-lwl-encoder] diff --git a/_graveyard_/spreadspace/glt-calypso.yml b/_graveyard_/spreadspace/glt-calypso.yml new file mode 100644 index 00000000..07dd2eb2 --- /dev/null +++ b/_graveyard_/spreadspace/glt-calypso.yml @@ -0,0 +1,44 @@ +--- +- name: Basic Setup + hosts: glt-calypso + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp + - role: core/cpu-microcode + - role: storage/zfs/base + - role: apt-repo/spreadspace + - role: streaming/blackmagic/desktopvideo + - role: kubernetes/base + - role: kubernetes/standalone/base + - role: streaming/recorder + post_tasks: + - name: install lm-sensors and i7z + apt: + name: + - lm-sensors + - i7z + + - name: load modules for lm-sensors + vars: + sensors_modules: + - coretemp + - w83627ehf + block: + - name: load special modules for lm-sensors + loop: "{{ sensors_modules }}" + modprobe: + name: "{{ item }}" + state: present + + - name: make sure sensor modules are loaded on reboot + copy: + content: | + # Ansible managed + + {% for module in sensors_modules %} + {{ module }} + {% endfor %} + dest: /etc/modules-load.d/sensors.conf diff --git a/_graveyard_/spreadspace/glt-coturn.yml b/_graveyard_/spreadspace/glt-coturn.yml new file mode 100644 index 00000000..91641cd5 --- /dev/null +++ b/_graveyard_/spreadspace/glt-coturn.yml @@ -0,0 +1,15 @@ +--- +- name: Basic Setup + hosts: glt-coturn + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp + - role: apt-repo/spreadspace + - role: kubernetes/base + - role: kubernetes/standalone/base + - role: x509/acmetool/base + - role: apps/coturn + - role: apps/mumble diff --git a/_graveyard_/spreadspace/glt-meet1.yml b/_graveyard_/spreadspace/glt-meet1.yml new file mode 100644 index 00000000..b2447cd8 --- /dev/null +++ b/_graveyard_/spreadspace/glt-meet1.yml @@ -0,0 +1,15 @@ +--- +- name: Basic Setup + hosts: glt-meet1 + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp + - role: apt-repo/spreadspace + - role: kubernetes/base + - role: kubernetes/standalone/base + - role: x509/acmetool/base + - role: nginx/base + - role: apps/jitsi/meet diff --git a/_graveyard_/spreadspace/glt-meet2.yml b/_graveyard_/spreadspace/glt-meet2.yml new file mode 100644 index 00000000..f91dd3a8 --- /dev/null +++ b/_graveyard_/spreadspace/glt-meet2.yml @@ -0,0 +1,15 @@ +--- +- name: Basic Setup + hosts: glt-meet2 + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp + - role: apt-repo/spreadspace + - role: kubernetes/base + - role: kubernetes/standalone/base + - role: x509/acmetool/base + - role: nginx/base + - role: apps/jitsi/meet diff --git a/_graveyard_/spreadspace/glt-stream.yml b/_graveyard_/spreadspace/glt-stream.yml new file mode 100644 index 00000000..c76904ab --- /dev/null +++ b/_graveyard_/spreadspace/glt-stream.yml @@ -0,0 +1,148 @@ +--- +- name: Basic Setup + hosts: glt-stream + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp + - role: apt-repo/spreadspace + - role: x509/acmetool/base + - role: nginx/base + - name: storage/lvm/base + post_tasks: + - name: create base directory for static www content + file: + path: /srv/www/stream + state: directory + + - name: configure default vhost stream.linuxtage.at + vars: + nginx_vhost: + default: yes + name: stream + template: generic + tls: + certificate_provider: acmetool + hostnames: + - stream.linuxtage.at + extra_directives: |- + add_header Access-Control-Allow-Headers "origin,range,accept-encoding,referer"; + add_header Access-Control-Allow-Methods "GET,HEAD,OPTIONS"; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Expose-Headers "Server,range,Content-Length,Content-Range,Date"; + + {% for room_id in [1,2,3] %} + location /stats/saal{{ room_id }}/ { + include snippets/proxy-nobuff.conf; + proxy_set_header Host $host; + include snippets/proxy-forward-headers.conf; + proxy_pass http://127.0.0.1:{{ 4200 + room_id }}/; + } + {% endfor %} + locations: + '/': + root: /srv/www/stream + index: index.html + '/preped': + root: /srv/www/stream + autoindex: {} + include_role: + name: nginx/vhost + + - name: install golang + apt: + name: go + state: present + + - name: create base directory for stats + file: + path: /srv/www/stats + state: directory + + - name: add user for stats + user: + name: stats + system: yes + home: /srv/www/stats + + - name: create data and gocache directories for stats + loop: + - data + - .gocache + file: + path: "/srv/www/stats/{{ item }}" + state: directory + group: stats + mode: 0775 + + - name: install stats collector script + copy: + src: "{{ global_files_dir }}/glt/stream-stats.go" + dest: /srv/www/stats/stream-stats.go + + - name: install start script for collector + copy: + content: | + #!/bin/bash + ROOM=$1 + case "$ROOM" in + saal1) + PORT=4201 + ;; + saal2) + PORT=4202 + ;; + saal3) + PORT=4203 + ;; + *) + echo "unknown room" + exit 1 + ;; + esac + exec /usr/bin/go run /srv/www/stats/stream-stats.go 127.0.0.1:$PORT /srv/www/stats/data/glt21-$ROOM.json + dest: /srv/www/stats/run.sh + mode: 0755 + + - name: install systemd unit for stats collector + copy: + content: | + [Unit] + Description=GLT21 Stream Stats Collector (%I) + + [Service] + Type=simple + User=stats + Environment="GOCACHE=/srv/www/stats/.gocache" + ExecStart=/srv/www/stats/run.sh %i + Restart=always + RestartSecs=1s + StartLimitBurst=10 + StartLimitIntervalSec=5s + NoNewPrivileges=yes + PrivateTmp=yes + PrivateDevices=yes + ProtectSystem=strict + ReadWritePaths=/srv/www/stats/data /srv/www/stats/.gocache + ProtectHome=yes + ProtectKernelTunables=yes + ProtectControlGroups=yes + RestrictRealtime=yes + RestrictAddressFamilies=AF_INET + + [Install] + WantedBy=multi-user.target + dest: /etc/systemd/system/stream-stats@.service + + - name: make sure stats collector service units are enabled and started + loop: + - saal1 + - saal2 + - saal3 + systemd: + name: "stream-stats@{{ item }}.service" + daemon_reload: yes + enabled: yes + state: started diff --git a/_graveyard_/spreadspace/glt-tsdatacop.yml b/_graveyard_/spreadspace/glt-tsdatacop.yml new file mode 100644 index 00000000..82c363ab --- /dev/null +++ b/_graveyard_/spreadspace/glt-tsdatacop.yml @@ -0,0 +1,43 @@ +--- +- name: Basic Setup + hosts: glt-tsdatacop + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp + - role: core/cpu-microcode + - role: storage/lvm/base + - role: apt-repo/spreadspace + - role: streaming/blackmagic/desktopvideo + - role: kubernetes/base + - role: kubernetes/standalone/base + - role: streaming/recorder + post_tasks: + - name: install lm-sensors and i7z + apt: + name: + - lm-sensors + - i7z + + - name: load modules for lm-sensors + vars: + sensors_modules: + - coretemp + block: + - name: load special modules for lm-sensors + loop: "{{ sensors_modules }}" + modprobe: + name: "{{ item }}" + state: present + + - name: make sure sensor modules are loaded on reboot + copy: + content: | + # Ansible managed + + {% for module in sensors_modules %} + {{ module }} + {% endfor %} + dest: /etc/modules-load.d/sensors.conf diff --git a/_graveyard_/spreadspace/group_vars/glt-live.yml b/_graveyard_/spreadspace/group_vars/glt-live.yml new file mode 100644 index 00000000..c3acc3db --- /dev/null +++ b/_graveyard_/spreadspace/group_vars/glt-live.yml @@ -0,0 +1,20 @@ +$ANSIBLE_VAULT;1.2;AES256;spreadspace +38636362363330663663313064613361323466333236656166303266343666626135313830363065 +6231383766616637626564666265386464343437666434660a393130616566306364623134313138 +61333064663033393063323335616265386164383233666434326137646236346334386439656265 +6565653465383364300a396639353965313365616261346166336565333762376634376463366264 +38343064336635333364353064653731376362616236653732376365336565303163663434373862 +39376530393839653965336134623633656161373531383439613936656338633332623564643862 +38626638326632643265633134343162653064323564356365343535386664333133316537336337 +31326166643535306439333838653264636265356432636336303165376533393763643966656266 +33613465303931376335333763613034636236393762353139336433383434333965336336626361 +32396464353837353332653031336165343063303634653531323838653766386363336234626530 +39316532343738623336373265616239653139643135613338643466663839383432636533346632 +62636164343730646633633534373038663536323163333835653862343463376464303135386330 +36373539303136663264306136333538636666633238653334366539653737333536616363646666 +61336630383763633634363539393238396635653963373162656436346430323762303138313437 +65616235346430353036333934646236363438666663353632343238313335343533653432626137 +36646135666636376665643030636135646236353333613761613533366533623661373234323766 +31366230373331363038326134323634333536316339613632313365356635363061396666373632 +62623133653562376562373035656363363961306264336438383564653839353636316232343966 +663135326231386530636236633835663562 diff --git a/_graveyard_/spreadspace/host_vars/glt-coturn.yml b/_graveyard_/spreadspace/host_vars/glt-coturn.yml new file mode 100644 index 00000000..8db669d5 --- /dev/null +++ b/_graveyard_/spreadspace/host_vars/glt-coturn.yml @@ -0,0 +1,13 @@ +$ANSIBLE_VAULT;1.2;AES256;spreadspace +34643737663831333765666266333265633032346535306135383838643031633362343338393334 +6362383337353530346563316630313437313138633763370a613938353666646462316332353065 +66653436613537666465633263626632386263633734663330373430323865613733396463343363 +3837626238356534300a316361623361303430623863376661636233383436366131316338376230 +31326533353032666437643533633631333935643037636231333264386135646436383163663435 +33343838353534663932643630396236363636393131383539663536363738363539363238343965 +65633362636466623865366431623132366462386232653665393231646465323662663464356232 +30396239643238313734623461323366303961343463623433663133333761323933653534623037 +37313366636130366230343365393064396163313761626566366530613665306132656364623237 +65333239386435346465663234653339633930323766636631393134306235613636623339626638 +62313739346630343538366265336232646438306432353133393465333934376363653338373537 +66376330366533353937 diff --git a/_graveyard_/spreadspace/host_vars/glt-meet1.yml b/_graveyard_/spreadspace/host_vars/glt-meet1.yml new file mode 100644 index 00000000..27359daf --- /dev/null +++ b/_graveyard_/spreadspace/host_vars/glt-meet1.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.2;AES256;spreadspace +37653436633131353132383533623834613061323731356639366330303961333434303162366130 +6566653037323333396333653663656230663066393531640a313764303365623038346430646238 +32333030613535373734303030633130626439616533613932353831383630313432646564323065 +3864393963666636630a626432373633636330636136656561366133303239363932626239373036 +61623336663032376331646131363937646261333065313263303536383339376232666162636335 +64666263326236336634343962663931353638363764383336303966343533343964636566646661 +63643262616234623565333966663437366332373763326339643963366132313936643836353362 +35326332373664366366313931366433353661353232646334656539636334376134383231653865 +65383632373264623666663933313261393330613465333861373237303964316431373434306364 +37373032646164383038346431383166306364343363313964633137353438303230343133323038 +35343633333038366136663237346465666631373062633534623163656564356632333938356163 +37353036333663383764343561623634363966346237663463393165363035383061323738653134 +37306638343065313033646431373661313965663562666438373536313630356661356561346130 +34306363333237316138303036633539373562626461343133663331643161396364386166626239 +63313165363634316661666634363532643161373962336139663731326666616131376562386534 +34343339376665633437303936313664663431643962333234323262653236646564666633313738 +61613434363536303061343330636534373037656433306437633663386362616535 diff --git a/_graveyard_/spreadspace/host_vars/glt-meet2.yml b/_graveyard_/spreadspace/host_vars/glt-meet2.yml new file mode 100644 index 00000000..96f9f897 --- /dev/null +++ b/_graveyard_/spreadspace/host_vars/glt-meet2.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.2;AES256;spreadspace +63653634373839386431343362316530613563303631396333343630376435646562356561303135 +6133316465333138663739383532663430313937343932660a643532316462656539663239346231 +66643032363066353331313630633933613736323865376565363562663030656434306362393065 +6639633038623864390a323762626461316661323839303866656236303461343432643939313030 +32666664356235383437326562653962373035656132383364633566303364306233653136333161 +34363562343930353632653163383663313736343538663463316265323564643936306138313133 +35316135653438656266633430383163623634393734633133393463393333663133613739656662 +66356133343934666462623365376161613961333766636366663138353139663131636137613634 +66356433643234303466363034333263613665633365623135343364653563383663313066623638 +63623732643438366661616535643238323439366338626235633835346538333939616666636664 +34653831313563623963333661646336396664306530353766393532383165363563646633646230 +62363936343961313263623636333430663365373739616462343761616366393032396138353833 +31613564653139366330303438326662306361383963346133316130303936653162363036613565 +32363231633065306231663562613038313566626233323932343431643137316164333831336539 +32393030623162636266326639316362633139633330656462393130316232366631323161323238 +33663535343264663336616563393837396533366632373965616666353135653937396164343963 +64336364353137396534353836336630636639303530356630376565323566336564 -- cgit v1.2.3