From b5a95405f7aec03a95abdad0f3b937b367c14c97 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 20 Jul 2022 19:54:18 +0200 Subject: ele-* playbook refactoring and ele-calypso base install --- dan/ele-calypso.yml | 98 +++++++++++++++++++++++++++++++++++++++++++++ dan/ele-coturn.yml | 4 ++ dan/ele-dione.yml | 15 +++---- dan/ele-dolmetsch-raspi.yml | 4 ++ dan/ele-emcplayer.yml | 4 ++ dan/ele-gwhetzner.yml | 4 ++ dan/ele-helene.yml | 95 +++---------------------------------------- dan/ele-hpws-maxi.yml | 4 ++ dan/ele-hpws-mini1.yml | 4 ++ dan/ele-jitsi.yml | 4 ++ dan/ele-laptop.yml | 4 ++ dan/ele-lt.yml | 5 +++ dan/ele-media.yml | 4 ++ dan/ele-mon.yml | 4 ++ dan/ele-telesto.yml | 17 +++++++- dan/ele-thetys.yml | 4 ++ dan/ele-tsdatacop.yml | 4 ++ dan/ele-uhrturm.yml | 4 ++ 18 files changed, 181 insertions(+), 101 deletions(-) create mode 100644 dan/ele-calypso.yml (limited to 'dan') diff --git a/dan/ele-calypso.yml b/dan/ele-calypso.yml new file mode 100644 index 00000000..c6fe0cfa --- /dev/null +++ b/dan/ele-calypso.yml @@ -0,0 +1,98 @@ +--- +- name: Basic Setup + hosts: ele-calypso + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp + - role: core/cpu-microcode + +- name: Payload Setup + hosts: ele-calypso + roles: + - role: apt-repo/spreadspace + - role: streaming/blackmagic/desktopvideo + - role: kubernetes/base + - role: kubernetes/standalone/base + - role: streaming/player + # post_tasks: + # - name: install smstools + # apt: + # name: smstools + # state: present + + # - name: add user for sachet + # user: + # name: sachet + # system: yes + # home: /nonexistent + # create_home: no + # groups: smsd + # append: yes + + # - name: create sachet config directory + # file: + # path: /etc/sachet + # state: directory + + # - name: install sachet config file + # copy: + # dest: /etc/sachet/config.yml + # content: | + # providers: + # smstools: + # outgoing_dir: /var/spool/sms/outgoing + + # receivers: + # - name: equinox + # provider: smstools + # to: + # - '+436644800222' + + # - name: install systemd service unit for sachet + # copy: + # dest: /etc/systemd/system/sachet.service + # content: | + # [Unit] + # Description=Sachet SMS Daemon for Prometheus Alertmanager + + # [Service] + # Restart=on-failure + # User=sachet + # ExecStart=/usr/local/bin/sachet -config /etc/sachet/config.yml + + # # systemd hardening-options + # AmbientCapabilities= + # CapabilityBoundingSet= + # DeviceAllow=/dev/null rw + # DevicePolicy=strict + # LimitMEMLOCK=0 + # LimitNOFILE=8192 + # LockPersonality=true + # MemoryDenyWriteExecute=true + # NoNewPrivileges=true + # PrivateDevices=true + # PrivateTmp=true + # PrivateUsers=true + # ProtectControlGroups=true + # ProtectHome=true + # ProtectKernelModules=true + # ProtectKernelTunables=true + # ProtectSystem=full + # ReadWritePaths=/var/spool/sms/outgoing + # RemoveIPC=true + # RestrictNamespaces=true + # RestrictRealtime=true + # SystemCallArchitectures=native + + # [Install] + # WantedBy=multi-user.target + + # ## TODO: + # ## - configure smstools + # ## - build sachet using this branch: https://github.com/spreadspace/sachet/tree/topic/add-smstools + # ## - copy binary to /usr/local/bin/sachet + # ## - $ systemctl daemon-reload + # ## - $ systemctl enable --now sachet diff --git a/dan/ele-coturn.yml b/dan/ele-coturn.yml index dcb8b417..9438c7b5 100644 --- a/dan/ele-coturn.yml +++ b/dan/ele-coturn.yml @@ -7,6 +7,10 @@ - role: core/sshd/base - role: core/zsh - role: core/ntp + +- name: Payload Setup + hosts: ele-coturn + roles: - role: apt-repo/spreadspace - role: kubernetes/base - role: kubernetes/standalone/base diff --git a/dan/ele-dione.yml b/dan/ele-dione.yml index a6baf4c5..322818ae 100644 --- a/dan/ele-dione.yml +++ b/dan/ele-dione.yml @@ -6,23 +6,18 @@ - role: core/base - role: core/sshd/base - role: core/zsh - - role: core/cpu-microcode - role: core/ntp + - role: core/cpu-microcode + +- name: Payload Setup + hosts: ele-dione + roles: - role: core/admin-users - role: apt-repo/spreadspace - role: nginx/base - role: monitoring/prometheus/exporter - role: streaming/blackmagic/desktopvideo post_tasks: - ## this is needed for local rtmp proxy - # - name: install interface config for guest vlan - # copy: - # content: | - # auto {{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }} - # iface {{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }} inet static - # address {{ network_zones.guest.prefix | ipaddr(network_zones.guest.offsets[inventory_hostname]) | ipaddr('address/prefix') }} - # dest: "/etc/network/interfaces.d/{{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }}" - # - name: prepare storage volume for recordings # vars: # storage_volume: diff --git a/dan/ele-dolmetsch-raspi.yml b/dan/ele-dolmetsch-raspi.yml index f75afcf8..f4008892 100644 --- a/dan/ele-dolmetsch-raspi.yml +++ b/dan/ele-dolmetsch-raspi.yml @@ -6,4 +6,8 @@ - role: core/base - role: core/sshd/base - role: core/zsh + +- name: Payload Setup + hosts: "{{ install_hostname }}" + roles: - role: streaming/dolmetsch-raspi diff --git a/dan/ele-emcplayer.yml b/dan/ele-emcplayer.yml index 03058a03..8654c2af 100644 --- a/dan/ele-emcplayer.yml +++ b/dan/ele-emcplayer.yml @@ -8,6 +8,10 @@ - role: core/zsh - role: core/ntp - role: core/cpu-microcode + +- name: Payload Setup + hosts: "{{ install_hostname }}" + roles: - role: ws/base - role: core/admin-users post_tasks: diff --git a/dan/ele-gwhetzner.yml b/dan/ele-gwhetzner.yml index bcd75bcd..754fae65 100644 --- a/dan/ele-gwhetzner.yml +++ b/dan/ele-gwhetzner.yml @@ -7,6 +7,10 @@ - role: core/sshd/base - role: core/zsh - role: core/ntp + +- name: Payload Setup + hosts: ele-gwhetzner + roles: - role: network/wireguard/base - role: network/wireguard/p2p - role: network/nftables/base diff --git a/dan/ele-helene.yml b/dan/ele-helene.yml index e3913843..fea6a533 100644 --- a/dan/ele-helene.yml +++ b/dan/ele-helene.yml @@ -8,93 +8,10 @@ - role: core/zsh - role: core/ntp - role: core/cpu-microcode - - role: apt-repo/spreadspace - - role: nginx/base - - role: monitoring/prometheus/exporter - - role: vm/host/base - - role: vm/host/network - - role: installer/debian/base - - role: installer/openbsd/base - - role: streaming/blackmagic/desktopvideo - - role: kubernetes/base - - role: kubernetes/standalone/base - - role: streaming/player - # post_tasks: - # - name: install smstools - # apt: - # name: smstools - # state: present - # - name: add user for sachet - # user: - # name: sachet - # system: yes - # home: /nonexistent - # create_home: no - # groups: smsd - # append: yes - - # - name: create sachet config directory - # file: - # path: /etc/sachet - # state: directory - - # - name: install sachet config file - # copy: - # dest: /etc/sachet/config.yml - # content: | - # providers: - # smstools: - # outgoing_dir: /var/spool/sms/outgoing - - # receivers: - # - name: equinox - # provider: smstools - # to: - # - '+436644800222' - - # - name: install systemd service unit for sachet - # copy: - # dest: /etc/systemd/system/sachet.service - # content: | - # [Unit] - # Description=Sachet SMS Daemon for Prometheus Alertmanager - - # [Service] - # Restart=on-failure - # User=sachet - # ExecStart=/usr/local/bin/sachet -config /etc/sachet/config.yml - - # # systemd hardening-options - # AmbientCapabilities= - # CapabilityBoundingSet= - # DeviceAllow=/dev/null rw - # DevicePolicy=strict - # LimitMEMLOCK=0 - # LimitNOFILE=8192 - # LockPersonality=true - # MemoryDenyWriteExecute=true - # NoNewPrivileges=true - # PrivateDevices=true - # PrivateTmp=true - # PrivateUsers=true - # ProtectControlGroups=true - # ProtectHome=true - # ProtectKernelModules=true - # ProtectKernelTunables=true - # ProtectSystem=full - # ReadWritePaths=/var/spool/sms/outgoing - # RemoveIPC=true - # RestrictNamespaces=true - # RestrictRealtime=true - # SystemCallArchitectures=native - - # [Install] - # WantedBy=multi-user.target - - # ## TODO: - # ## - configure smstools - # ## - build sachet using this branch: https://github.com/spreadspace/sachet/tree/topic/add-smstools - # ## - copy binary to /usr/local/bin/sachet - # ## - $ systemctl daemon-reload - # ## - $ systemctl enable --now sachet +- name: Payload Setup + hosts: ele-helene + roles: + # - role: apt-repo/spreadspace + # - role: nginx/base + # - role: monitoring/prometheus/exporter diff --git a/dan/ele-hpws-maxi.yml b/dan/ele-hpws-maxi.yml index 70132f90..a5c67366 100644 --- a/dan/ele-hpws-maxi.yml +++ b/dan/ele-hpws-maxi.yml @@ -8,6 +8,10 @@ - role: core/zsh - role: core/ntp - role: core/cpu-microcode + +- name: Payload Setup + hosts: ele-hpws-maxi + roles: - role: apt-repo/obs-studio - role: apt-repo/spreadspace - role: ws/base diff --git a/dan/ele-hpws-mini1.yml b/dan/ele-hpws-mini1.yml index 8bb1fc72..657ff5d8 100644 --- a/dan/ele-hpws-mini1.yml +++ b/dan/ele-hpws-mini1.yml @@ -8,6 +8,10 @@ - role: core/zsh - role: core/ntp - role: core/cpu-microcode + +- name: Payload Setup + hosts: ele-hpws-mini1 + roles: - role: apt-repo/obs-studio - role: apt-repo/spreadspace - role: ws/base diff --git a/dan/ele-jitsi.yml b/dan/ele-jitsi.yml index 2e63f558..1ac3ef3f 100644 --- a/dan/ele-jitsi.yml +++ b/dan/ele-jitsi.yml @@ -7,6 +7,10 @@ - role: core/sshd/base - role: core/zsh - role: core/ntp + +- name: Payload Setup + hosts: ele-jitsi + roles: - role: apt-repo/spreadspace - role: kubernetes/base - role: kubernetes/standalone/base diff --git a/dan/ele-laptop.yml b/dan/ele-laptop.yml index 097feeec..58b9d9f5 100644 --- a/dan/ele-laptop.yml +++ b/dan/ele-laptop.yml @@ -8,5 +8,9 @@ - role: core/zsh - role: core/ntp - role: core/cpu-microcode + +- name: Payload Setup + hosts: ele-laptop + roles: - role: ws/base - role: core/admin-users diff --git a/dan/ele-lt.yml b/dan/ele-lt.yml index 6749d744..097ee5d1 100644 --- a/dan/ele-lt.yml +++ b/dan/ele-lt.yml @@ -6,6 +6,11 @@ - role: core/base - role: core/sshd/base - role: core/zsh + - role: core/ntp + +- name: Payload Setup + hosts: ele-lt + roles: - role: apt-repo/spreadspace - role: acmetool/base - role: nginx/base diff --git a/dan/ele-media.yml b/dan/ele-media.yml index 65e02c32..c3913273 100644 --- a/dan/ele-media.yml +++ b/dan/ele-media.yml @@ -8,6 +8,10 @@ - role: core/zsh - role: core/ntp - role: core/cpu-microcode + +- name: Payload Setup + hosts: ele-media + roles: - role: core/admin-users - role: storage/zfs/pools - role: apt-repo/spreadspace diff --git a/dan/ele-mon.yml b/dan/ele-mon.yml index 91498205..08a2d283 100644 --- a/dan/ele-mon.yml +++ b/dan/ele-mon.yml @@ -7,6 +7,10 @@ - role: core/sshd/base - role: core/zsh - role: core/ntp + +- name: Payload Setup + hosts: ele-mon + roles: - role: nginx/base - role: apt-repo/spreadspace - role: monitoring/prometheus/ca diff --git a/dan/ele-telesto.yml b/dan/ele-telesto.yml index 9c49295b..a1e877dd 100644 --- a/dan/ele-telesto.yml +++ b/dan/ele-telesto.yml @@ -6,15 +6,28 @@ - role: core/base - role: core/sshd/base - role: core/zsh - - role: core/cpu-microcode - role: core/ntp + - role: core/cpu-microcode + +- name: Payload Setup + hosts: ele-telesto + roles: - role: core/admin-users - role: apt-repo/spreadspace - role: nginx/base - role: monitoring/prometheus/exporter - role: streaming/blackmagic/desktopvideo post_tasks: - - name: install lm-sensors + ## this is needed for local icecast relay + # - name: install interface config for guest vlan + # copy: + # content: | + # auto {{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }} + # iface {{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }} inet static + # address {{ network_zones.guest.prefix | ipaddr(network_zones.guest.offsets[inventory_hostname]) | ipaddr('address/prefix') }} + # dest: "/etc/network/interfaces.d/{{ ansible_default_ipv4.interface }}.{{ network_zones.guest.vlan }}" + + - name: install lm-sensors and i7z apt: name: lm-sensors diff --git a/dan/ele-thetys.yml b/dan/ele-thetys.yml index c11cf01b..46a41b77 100644 --- a/dan/ele-thetys.yml +++ b/dan/ele-thetys.yml @@ -8,6 +8,10 @@ - role: core/zsh - role: core/ntp - role: core/cpu-microcode + +- name: Payload Setup + hosts: ele-thetys + roles: - role: storage/lvm/groups - role: core/admin-users - role: apt-repo/spreadspace diff --git a/dan/ele-tsdatacop.yml b/dan/ele-tsdatacop.yml index 187dc110..d163d82e 100644 --- a/dan/ele-tsdatacop.yml +++ b/dan/ele-tsdatacop.yml @@ -8,6 +8,10 @@ - role: core/zsh - role: core/ntp - role: core/cpu-microcode + +- name: Payload Setup + hosts: ele-tsdatacop + roles: - role: apt-repo/obs-studio - role: apt-repo/spreadspace - role: ws/base diff --git a/dan/ele-uhrturm.yml b/dan/ele-uhrturm.yml index afbe781d..ff5f3332 100644 --- a/dan/ele-uhrturm.yml +++ b/dan/ele-uhrturm.yml @@ -7,6 +7,10 @@ - role: core/sshd/base - role: core/zsh - role: core/cpu-microcode + +- name: Payload Setup + hosts: ele-uhrturm + roles: - role: core/admin-users - role: streaming/blackmagic/desktopvideo - role: apt-repo/spreadspace -- cgit v1.2.3