From 562d174484f41bef84eeb3a41f757e01f570b126 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 5 Dec 2022 01:04:27 +0100 Subject: add ch-atlas and sk-2019vm to backup list for ch-epimetheus --- inventory/host_vars/ch-atlas.yml | 4 +++ inventory/host_vars/ch-epimetheus.yml | 20 +++++++++++ inventory/host_vars/ch-testvm-prometheus.yml | 50 ++++++++++++++++++++++++++++ inventory/host_vars/sk-2019vm.yml | 5 +++ 4 files changed, 79 insertions(+) (limited to 'inventory/host_vars') diff --git a/inventory/host_vars/ch-atlas.yml b/inventory/host_vars/ch-atlas.yml index de2383e7..6039f0d9 100644 --- a/inventory/host_vars/ch-atlas.yml +++ b/inventory/host_vars/ch-atlas.yml @@ -25,6 +25,10 @@ network: - 502 +ssh_keys_root_extra: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZK9NBainiE0+A8pT8dbwlNZ0k0AZVhLTzUSo3YtKJt ZFS Backup syncoid@epimetheus + + apt_repo_components: - main - contrib ## for zfs diff --git a/inventory/host_vars/ch-epimetheus.yml b/inventory/host_vars/ch-epimetheus.yml index a4e233fa..f6a6af77 100644 --- a/inventory/host_vars/ch-epimetheus.yml +++ b/inventory/host_vars/ch-epimetheus.yml @@ -149,6 +149,26 @@ zfs_syncoid_sources: storage: recursive: yes skip_parent: yes + 'ch-atlas': + ssh_hostname: "{{ hostvars['ch-atlas'].vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(hostvars['ch-atlas'].vm_host.network.bridges.public.offsets['ch-atlas']) | ansible.utils.ipaddr('address') }}" + ssh_port: "{{ hostvars['ch-atlas'].ansible_port }}" + report_prometheus_textfile_path: "/var/lib/prometheus-node-exporter/textfile-collector" + periodic: + schedule: "*-*-* 00,06,12,18:05:00" + timeout: 5h + paths: + ssd/vm: + recursive: yes + skip_parent: yes + 'sk-2019vm': + ssh_hostname: "{{ hostvars['sk-2019vm'].external_ip }}" + ssh_port: "{{ hostvars['sk-2019vm'].ansible_port }}" + paths: + #storage/mas: {} + storage/streamstats: {} + storage/vm: + recursive: yes + skip_parent: yes 'ch-equinox-t450s': ssh_hostname: 192.168.28.139 ssh_port: 222 diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml index f95366b0..2eaa0f90 100644 --- a/inventory/host_vars/ch-testvm-prometheus.yml +++ b/inventory/host_vars/ch-testvm-prometheus.yml @@ -33,3 +33,53 @@ network: gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}" interfaces: - *_network_primary_ + + + + +postfix_base_mynetworks: + - "127.0.0.0/8" + - "[::ffff:127.0.0.0]/104" + - "[::1]/128" + - "{{ network_zones.svc.prefix }}" + - "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['bigmama']) | ansible.utils.ipaddr('address') }}/32" + - "{{ network_zones.legacy.prefix }}" ## TODO: remove once all mail sending hosts are moved out of legacy + +postfix_base_mydestination: + - "$myhostname" + - "{{ host_name }}.{{ host_domain }}" + - "localhost" + - mailrelay.helsinki.at + +postfix_base_inet_interfaces: + - "all" + + +postfix_relay_hostname: mailrelay.helsinki.at + +postfix_relay_sender_canonical_maps: + rewrite_helsinki_subdomains: + type: regexp + content: | + /^(.+)@(.+)\.helsinki\.at$/i ${1}%${2}@helsinki.at + +postfix_relay_local_header_rewrite_clients: + - "permit_inet_interfaces" + - "permit_mynetworks" + +postfix_relay_tls: + acme: yes + acme_challenge_nginx_is_default_server: yes + +postfix_relay_auth_saslauthd: + mechanism: ldap + ldap_options: + auth_method: fastbind + servers: ldap://ldap.helsinki.at + start_tls: yes + tls_check_peer: yes + tls_cacert_file: "{{ global_files_dir }}/common/ldapscert.pem" + filter: "uid=%u,ou=People,dc=helsinki,dc=at" + +postfix_relay_allowed_sender_domains: + - helsinki.at diff --git a/inventory/host_vars/sk-2019vm.yml b/inventory/host_vars/sk-2019vm.yml index 39d280bc..97957fe6 100644 --- a/inventory/host_vars/sk-2019vm.yml +++ b/inventory/host_vars/sk-2019vm.yml @@ -21,11 +21,16 @@ network: - name: br-public address: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) }}" +external_ip: "94.130.129.165" + base_intel_nic_stability_fix: true ssh_users_root: - equinox - dan +ssh_keys_root_extra: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZK9NBainiE0+A8pT8dbwlNZ0k0AZVhLTzUSo3YtKJt ZFS Backup syncoid@epimetheus + apt_repo_components: - main - contrib ## for zfs -- cgit v1.2.3