Exodia, obliterate
This commit is contained in:
parent
63a1fa91f0
commit
ad70b4aca0
29
README.md
29
README.md
@ -1,29 +0,0 @@
|
|||||||
# Salt's Ansible Repo
|
|
||||||
|
|
||||||
A collection of Ansible configuration to manage all of my machines.
|
|
||||||
|
|
||||||
## Quickstart
|
|
||||||
|
|
||||||
To quickly get a machine up and running, add it to the inventory and `./provision.yml` it. This ensures a basic, sane running environment from which you can do tuning. Ideally, though, you should have roles.
|
|
||||||
|
|
||||||
## Overview
|
|
||||||
|
|
||||||
The main playbook, `site.yml`, can be separated into more or less two parts:
|
|
||||||
|
|
||||||
* The home machine half, tied together via Zerotier
|
|
||||||
|
|
||||||
* The 9iron half, with public IPs and resolvable names
|
|
||||||
|
|
||||||
See `inventory/hosts.yml` for details on what machines have what roles and what configuration. I try my best to make self-explaning configuration, so everything should mostly make sense on a first read. If you have any questions, hit me up.
|
|
||||||
|
|
||||||
## Style Guide
|
|
||||||
|
|
||||||
* Quote strings when required, quote entire strings if they contain Jinja markup, not just the marked up section (yes I know I violate this in several places)
|
|
||||||
|
|
||||||
* Use `yes` and `no` for booleans
|
|
||||||
|
|
||||||
* Use short form for simple tasks (still working on fixing that up)
|
|
||||||
|
|
||||||
## Your Shit is Trash
|
|
||||||
|
|
||||||
I know. Please file an issue.
|
|
@ -1,12 +0,0 @@
|
|||||||
[defaults]
|
|
||||||
gathering = smart
|
|
||||||
interpreter_python = python3
|
|
||||||
inventory = inventory
|
|
||||||
roles_path = roles
|
|
||||||
# Secrets
|
|
||||||
ask_become_pass = false
|
|
||||||
ask_vault_pass = false
|
|
||||||
# Warnings
|
|
||||||
command_warnings = true
|
|
||||||
#deprecation_warnings = false
|
|
||||||
system_warnings = true
|
|
19
ansible.cfg
19
ansible.cfg
@ -1,19 +0,0 @@
|
|||||||
[defaults]
|
|
||||||
gathering = smart
|
|
||||||
interpreter_python = python3
|
|
||||||
inventory = inventory
|
|
||||||
roles_path = roles
|
|
||||||
# Connection info
|
|
||||||
private_key_file = ~/.ssh/ansible
|
|
||||||
host_key_checking = false
|
|
||||||
# Secrets
|
|
||||||
ask_become_pass = true
|
|
||||||
ask_vault_pass = true
|
|
||||||
# Warnings
|
|
||||||
command_warnings = true
|
|
||||||
#deprecation_warnings = false
|
|
||||||
system_warnings = true
|
|
||||||
|
|
||||||
[ssh_connection]
|
|
||||||
pipelining = true
|
|
||||||
ssh_extra_args =-o ForwardAgent=yes -o StrictHostKeyChecking=no
|
|
@ -1,207 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
|
|
||||||
## BACKEND
|
|
||||||
# ACME
|
|
||||||
acme:
|
|
||||||
#directory: "https://acme-staging-v02.api.letsencrypt.org/directory" # Testing ACME endpoint
|
|
||||||
directory: "https://acme-v02.api.letsencrypt.org/directory"
|
|
||||||
version: 2
|
|
||||||
webroot: /var/www/acme
|
|
||||||
aws:
|
|
||||||
# S3 Backups
|
|
||||||
backup_bucket: "9iron-backups-general"
|
|
||||||
# SES
|
|
||||||
ses:
|
|
||||||
user: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
33643766376336316266373239386466373639633765333332353031373132383061346564633036
|
|
||||||
3337396261333264363562363364336235633831353133380a613164666161313265396261616634
|
|
||||||
38353531306238613735623433663138643231663139363735373537393337636362636534656166
|
|
||||||
3063373930343039320a663063663535633932323739653461336164643035633036663362666161
|
|
||||||
38316564326537303236333266303432326164393435663665363963326363306237
|
|
||||||
pass: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
39306665653635383832623438656364616633643032663365643033316236333939363732363034
|
|
||||||
3566663361653862646636396339343963626561613839620a663731313337613734356261326437
|
|
||||||
31653763346663656165343632336366343562333836396232636431323635333965336137316237
|
|
||||||
3662393364636631310a643935313539353338333233356362623835363631383035666536343634
|
|
||||||
65663937643165613337373837633737653765303764303536386530616363343361326536633935
|
|
||||||
3565626161343562396663353538653136376138373334336435
|
|
||||||
# MySQL
|
|
||||||
mysql:
|
|
||||||
root_password: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
62316565376333396465333931356163343363663063636233653536373033396230626639613964
|
|
||||||
3037613839373833646234626236643430393364643131610a333539373533663434373935376130
|
|
||||||
65323365313465316635646465376665616132653832316362363535366563363863636530313666
|
|
||||||
3036393134386131310a643734363261633166636263343538313533393738323934303137343163
|
|
||||||
39636637643035616236663364663562366133613233313139623937313531343564
|
|
||||||
# PSQL
|
|
||||||
psql:
|
|
||||||
ansible:
|
|
||||||
user: ansible
|
|
||||||
pass: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
30383235373131383466383438653235666365386631356463633265623332643337633830663930
|
|
||||||
3639313565613138373165636264343030323961646539390a356134383764326631326635636139
|
|
||||||
63626263373063343036373266326235363839316662363031356264363365633161326264643766
|
|
||||||
3734386366633861640a643335636330323432626437646337353534653832383337396432636264
|
|
||||||
61356331646133653363353931306630373963316430626266346630646362666237
|
|
||||||
neighbor_block: "172.31.0.0/16"
|
|
||||||
|
|
||||||
## WEBAPPS
|
|
||||||
# Gitea
|
|
||||||
gitea:
|
|
||||||
db:
|
|
||||||
hostname: 172.31.47.215
|
|
||||||
pass: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
62353264353465316661353738666161313036373761666163663733656461316536636334386335
|
|
||||||
6161386630663739363439383237343065333239613134610a383036373735326536386464343164
|
|
||||||
31346337636665356630336234306534646362386663633734353166373761316139313734306630
|
|
||||||
3364306566323666310a323034303434613237643665643637633430353437316339356463646331
|
|
||||||
33353062343164396465326365653561626363343961326363633231303736316436643935646161
|
|
||||||
3933353234613430373930663832643934613233383635613433
|
|
||||||
app_name: "9iron Gitea"
|
|
||||||
disable_registration: "false"
|
|
||||||
url: "git.9iron.club"
|
|
||||||
root: "/var/gitea"
|
|
||||||
efs:
|
|
||||||
name: "9iron-gitea"
|
|
||||||
region: "us-east-2"
|
|
||||||
subnet_id: "subnet-852935ed"
|
|
||||||
security_group: "sg-4f4b692c"
|
|
||||||
admin:
|
|
||||||
user: "salt"
|
|
||||||
email: "rehashedsalt@cock.li"
|
|
||||||
pass: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
35613039646236306236363930353231303331633765303039373736626666666530323433356466
|
|
||||||
3062633166313332643039613561303431613735396339650a376664373137643439303465376365
|
|
||||||
35313266376539366134343562626164616666306338343538663361393964626565303331383234
|
|
||||||
3565646664333966650a323530356664366262653763363439613534303764366436376634373639
|
|
||||||
62303264653836656162366362316461656363353539343632616462626231643632
|
|
||||||
# Grafana
|
|
||||||
grafana:
|
|
||||||
db:
|
|
||||||
hostname: 172.31.47.215
|
|
||||||
pass: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
65376335363732633132326630323161393861323833323631613630343262383137656138356262
|
|
||||||
3730386139393739373738626535376636666135646463350a623331333032346434343465666234
|
|
||||||
38393539623437376133363063633238383031326431653737346564323837343265653431633962
|
|
||||||
6665346237666165330a643635653863356633623535383063366632336437313730626233346664
|
|
||||||
33303465616532313339393634386166363162393661393037323835323035386663
|
|
||||||
url: "monitor.9iron.club"
|
|
||||||
webroot: "/var/www/grafana"
|
|
||||||
config_repo: "https://git.9iron.club/salt/grafana"
|
|
||||||
# Matrix
|
|
||||||
matrix:
|
|
||||||
server_name: "9iron.club"
|
|
||||||
url: "matrix.9iron.club"
|
|
||||||
enable_registration: "true"
|
|
||||||
admin_contact: "mailto:rehashedsalt@cock.li"
|
|
||||||
db_password: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
64663061333130386634323631353435376330636334623334663365633361336563393634333061
|
|
||||||
6531393839336532376465356132646337663339333431340a383030373166653835386239643365
|
|
||||||
31356462653634323162343164633130366664323034373330613764663635326534303935303230
|
|
||||||
6233636463636134640a386436316462643434343739333232613264303635323261616634326562
|
|
||||||
63316265366238383038653034326661633163346462396663346563666134393232
|
|
||||||
# Nextcloud
|
|
||||||
nextcloud:
|
|
||||||
db:
|
|
||||||
hostname: 172.31.47.215
|
|
||||||
pass: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
37633035633563646266346264333636393931323664313166633133653461646333643731636661
|
|
||||||
3966666665396239346662613764353333393038663762340a313236396331623061376462356437
|
|
||||||
66373234633939393034353439393465663131303661393164303335336435653734613064663964
|
|
||||||
3332313764623133630a393731613236373837316437653265636663666261383135636662373566
|
|
||||||
61373135303632336237333836353764646639633735323566346366623766646266
|
|
||||||
efs:
|
|
||||||
name: "9iron-nextcloud"
|
|
||||||
region: "us-east-2"
|
|
||||||
subnet_id: "subnet-852935ed"
|
|
||||||
security_group: "sg-4f4b692c"
|
|
||||||
url: "nc.9iron.club"
|
|
||||||
# Pleroma
|
|
||||||
pleroma:
|
|
||||||
instance:
|
|
||||||
name: Cowfee
|
|
||||||
desc: owo
|
|
||||||
email: rehashedsalt@cock.li
|
|
||||||
notify_email: noreply@cowfee.moe
|
|
||||||
openreg: "true"
|
|
||||||
static_repo: "https://git.9iron.club/salt/pleroma"
|
|
||||||
db:
|
|
||||||
pass: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
34343838386134656236313462653531663839363030333630383332386535356431326436633137
|
|
||||||
3261323632653635383930333131333235373437653733300a363562666264616138623832666137
|
|
||||||
61333039646332343838346633363035343434303036643465353062353062303961383138643564
|
|
||||||
3338393765393733340a626436653666363236643938613466643530326665653764333933393437
|
|
||||||
37613033653864643965323162373366306233626235663461326266376662663634353066386139
|
|
||||||
37636162313364623933396232366239633338363539626637373163333130373665373038363566
|
|
||||||
65646633636638653335356536323334646632366164633532636634376632356166306139393766
|
|
||||||
38633934623639366263
|
|
||||||
secret:
|
|
||||||
key_base: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
36333934336635613533333137636532363937613764353933636566663031316262333837323064
|
|
||||||
6534653062626461633462636335346132353564653038330a326330326235623530393337333063
|
|
||||||
37666666386637633839633737376465366439356461653363396665636137353264363762346461
|
|
||||||
3765616634653234630a623061393834373964653939626564363263383435666366356339663136
|
|
||||||
64613330656434653538363734393831353133316666326338366335383064356165333537383837
|
|
||||||
31633939353565303661626233623064653838636435376239376361663362636164653962383561
|
|
||||||
33366335623038653232613731333730363836653532363834663663343963303763323534343038
|
|
||||||
61666238346239636634
|
|
||||||
signing_salt: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
31306137646362333433313630363538333234643339353530333038393061663132633161356231
|
|
||||||
3662386234633933633762363334333031306564353132380a633339323364633137396636616363
|
|
||||||
64393536353362386336323662316262333763326138616364333237353262323232636335353436
|
|
||||||
3563396435643363620a646337346561393863366361643536356363626334343264343861663131
|
|
||||||
3466
|
|
||||||
# snmpd
|
|
||||||
snmp:
|
|
||||||
location: "us-east-2"
|
|
||||||
contact: "Salt <rehashedsalt@cock.li>"
|
|
||||||
auth_user_pass: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
36373662333533616331623933343364663532326261653636363732323138633836356633623934
|
|
||||||
6561333833343432353561366438313165383163366131630a653163666463356462633966666330
|
|
||||||
38323965303639356635613565633030373836643132336332373730303137376165616163646538
|
|
||||||
3162616233366236350a626130643230323264343938373134653034636232303130623134393531
|
|
||||||
61366330316330646137336161623166343835316432363433373333323232383166
|
|
||||||
priv_user_pass: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
61316538316630333662633665646364356138613730633334653761626636633836363335383965
|
|
||||||
6332303265323236383130383366336662626331613866340a636139366135313134303538613833
|
|
||||||
61383662306163663634333538343733663836633834373462616265366365626533366334383031
|
|
||||||
6265643764656461320a313137326430386532653538346462323463386538303966303830343037
|
|
||||||
63333632656534333334383666666138353435383938623934663766623735656533
|
|
||||||
int_user_pass: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
31616561323762653439346630653231646137626638383930346437323139666163316131333534
|
|
||||||
6463313537316230363735346236323033386562373032330a326261393039663539353738643465
|
|
||||||
36666136663930663463373731663534316232643637623732346331383737643233626235613439
|
|
||||||
3733366462613133620a386336303434303130313636356339633939623638366236346234376566
|
|
||||||
65386530663137393830636134653632623366333837616364396161666464613166
|
|
||||||
|
|
||||||
## VIDYA
|
|
||||||
# tes3mp
|
|
||||||
tes3mp:
|
|
||||||
archive: "https://github.com/TES3MP/openmw-tes3mp/releases/download/0.7.0-alpha/tes3mp-server-GNU+Linux-x86_64-release-0.7.0-alpha-abc4090a0f-01d297f5c6.tar.gz"
|
|
||||||
name: "main"
|
|
||||||
dest: /opt/tes3mp
|
|
||||||
server:
|
|
||||||
name: "9iron TES3MP"
|
|
||||||
maxplayers: 8
|
|
||||||
password: dicks
|
|
||||||
port: 25565
|
|
||||||
master:
|
|
||||||
enabled: "true"
|
|
||||||
host: master.tes3mp.com
|
|
||||||
port: 25561
|
|
@ -1,73 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
all:
|
|
||||||
vars:
|
|
||||||
ansible_pull_repo: "https://git.9iron.club/salt/ansible"
|
|
||||||
ansible_user: ubuntu
|
|
||||||
gitea_api_token: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
39646564383934343237626436363261643265663339616566353563613266396536373164646235
|
|
||||||
3630333032613536373532616363333464653138656164390a386565316164386263363935663264
|
|
||||||
62613737336539653835356634313636643732396330313863393861373664353966363437373338
|
|
||||||
6565336264613334650a613063393662643237333864316332613131386233396562333063646263
|
|
||||||
63636238356266363065656462626536346634646365363135643538316136346566306131626161
|
|
||||||
3166653266383332343332366530343532396435353134373939
|
|
||||||
ssl_protocol: "all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"
|
|
||||||
ssl_cipher_suite: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
|
|
||||||
user_username: salt
|
|
||||||
user_password: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
37666131343936663962386535343939373161343337383436613961303637376136633736353533
|
|
||||||
3366623536646563383563373265313134663464396231370a303033353661336436386561366139
|
|
||||||
30393536393634653566646636366436656435623534626266343632313336336336346131383361
|
|
||||||
3366343932383930350a383637646261373135376138633533306530306339316235353262356135
|
|
||||||
34626466363266616265653064333365663663306330666632343864373335626265323230633331
|
|
||||||
33623431633665353964623437636231623366383733626266353162633762373035376638663936
|
|
||||||
62383065653836366431316461663862393130653761643937376565366435646665313961663534
|
|
||||||
64303363653631653433343361616635373966326433663466636164613062343561333036613937
|
|
||||||
35616666633737356331653632323639373330396433366639326466373639313630
|
|
||||||
children:
|
|
||||||
# Personal home machines
|
|
||||||
home:
|
|
||||||
vars:
|
|
||||||
ansible_user: ansible
|
|
||||||
ansible_pull_time: "*-*-* 03:00:00"
|
|
||||||
aws:
|
|
||||||
backup_bucket: 9iron-backups-home
|
|
||||||
zerotier_network_id: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
35646131343239623265663562343333383362366633386462646465643163353866643633636135
|
|
||||||
6238643231313536323337343663313865323430323437630a353462393830376431376363373232
|
|
||||||
30656433343263653035333637336165323931363966376264353164326135336131646362623734
|
|
||||||
3339633961393864330a616437613534643231366634643362383438316233376334636264303361
|
|
||||||
65313231393433396538663463383731303661633663343066333264303330313133
|
|
||||||
hosts:
|
|
||||||
dsk-cstm-0:
|
|
||||||
ansible_host: 172.23.100.1
|
|
||||||
lap-s76-lemp9-0:
|
|
||||||
ansible_host: 172.23.100.3
|
|
||||||
thefuck:
|
|
||||||
vars:
|
|
||||||
ansible_user: root
|
|
||||||
hosts:
|
|
||||||
game1.thefuck.how:
|
|
||||||
9iron:
|
|
||||||
children:
|
|
||||||
dbservers:
|
|
||||||
vars:
|
|
||||||
hosts:
|
|
||||||
psql1.9iron.club:
|
|
||||||
webservers:
|
|
||||||
hosts:
|
|
||||||
web1.9iron.club:
|
|
||||||
fedi1.9iron.club:
|
|
||||||
gameservers:
|
|
||||||
vars:
|
|
||||||
steam_api_key: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
39616163316634306633623435636633623966306537636639316439343839393231376661666335
|
|
||||||
6136333866633861313566306433393637613364386234360a303832626338373230396665336430
|
|
||||||
33346530626633616161613635656433356434366437383363663165303862316163323263323230
|
|
||||||
3334373531646364620a386165626130386265343235363639346230323930626330343235373662
|
|
||||||
38313431663734343931333462316633643935353038313934663466303834636533616165353961
|
|
||||||
6438356265656532396363323532616437353831613261323037
|
|
@ -1,25 +0,0 @@
|
|||||||
#! /bin/bash
|
|
||||||
#
|
|
||||||
# localhost-deploy.sh
|
|
||||||
# Deploys configs for local machine and only local machine
|
|
||||||
# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
|
|
||||||
#
|
|
||||||
# Distributed under terms of the MIT license.
|
|
||||||
#
|
|
||||||
set -e
|
|
||||||
if ! command -v ansible > /dev/null 2>&1; then
|
|
||||||
printf "Installing Ansible and related packages\n"
|
|
||||||
if command -v apt > /dev/null 2>&1; then
|
|
||||||
printf "Installing via APT\n"
|
|
||||||
sudo apt-get install libffi-dev python3-pip python3-setuptools -y
|
|
||||||
elif command -v apk > /dev/null 2>&1; then
|
|
||||||
printf "Installing via APK\n"
|
|
||||||
sudo apk add gcc musl-dev py3-cryptography py3-pip py3-setuptools
|
|
||||||
else
|
|
||||||
printf "No supported package manager found\nPlease install Ansible manually"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
sudo pip3 install ansible
|
|
||||||
fi
|
|
||||||
ansible-playbook site.yml -l "$HOSTNAME" -e "ansible_user=$USER ansible_connection=local ansible_host=localhost" --ask-become-pass --ask-vault-pass "$@"
|
|
||||||
|
|
@ -1,42 +0,0 @@
|
|||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- hosts: fedi1.9iron.club
|
|
||||||
pre_tasks:
|
|
||||||
- name: Assure cowfee record
|
|
||||||
route53:
|
|
||||||
state: present
|
|
||||||
overwrite: yes
|
|
||||||
zone: cowfee.moe
|
|
||||||
type: A
|
|
||||||
record: "cowfee.moe."
|
|
||||||
ttl: 3600
|
|
||||||
value: [ "{{ ipify_public_ip }}" ]
|
|
||||||
wait: yes
|
|
||||||
become: yes
|
|
||||||
tags: [ common, dns ]
|
|
||||||
roles:
|
|
||||||
- role: base-backups
|
|
||||||
tags: [ backups ]
|
|
||||||
- role: matrix
|
|
||||||
vars:
|
|
||||||
matrix_db_hostname: 172.31.47.215
|
|
||||||
tags: [ fedi, matrix ]
|
|
||||||
- role: pleroma
|
|
||||||
vars:
|
|
||||||
pleroma_url: cowfee.moe
|
|
||||||
pleroma_db_hostname: 172.31.47.215
|
|
||||||
tags: [ web, pleroma ]
|
|
||||||
- role: adam
|
|
||||||
vars:
|
|
||||||
adam_name: lain
|
|
||||||
adam_auth_token: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
33346238356561313736653431666439363835663134303339366536663964333138666530343166
|
|
||||||
6132353938663563316265346630613231616362643937380a616132386464653438343739613937
|
|
||||||
32626230326430396563316363613139306535663832336531636239633364383432373739646436
|
|
||||||
3338376362313539360a383763313439633331313531323232653866633065333933633061326465
|
|
||||||
64343165613961346362353162316530623132633164643461616633633335666232633833313561
|
|
||||||
33306532343963383331623663616161626533633261383238646164663362396261633736636362
|
|
||||||
373764613833343634346333613639626535
|
|
||||||
tags: [ discord, adam ]
|
|
@ -1,8 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
- hosts: psql1.9iron.club
|
|
||||||
roles:
|
|
||||||
- role: base-backups
|
|
||||||
tags: [ backups ]
|
|
||||||
- role: postgresql
|
|
||||||
tags: [ db, psql ]
|
|
@ -1,17 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
|
|
||||||
- hosts: 9iron
|
|
||||||
tasks:
|
|
||||||
- name: Add machine to DNS zone
|
|
||||||
route53:
|
|
||||||
state: present
|
|
||||||
overwrite: yes
|
|
||||||
zone: 9iron.club
|
|
||||||
type: A
|
|
||||||
record: "{{ inventory_hostname }}."
|
|
||||||
ttl: 3600
|
|
||||||
value: [ "{{ ipify_public_ip }}" ]
|
|
||||||
wait: yes
|
|
||||||
become: yes
|
|
||||||
tags: [ common, dns ]
|
|
@ -1,25 +0,0 @@
|
|||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- hosts: gameservers
|
|
||||||
roles:
|
|
||||||
- role: base-backups
|
|
||||||
tags: [ backups ]
|
|
||||||
- hosts: game1.thefuck.how
|
|
||||||
roles:
|
|
||||||
- role: base-backups
|
|
||||||
tags: [ backups ]
|
|
||||||
- role: gitweb
|
|
||||||
vars:
|
|
||||||
gitweb_repo: "https://git.9iron.club/salt/thefuck.how"
|
|
||||||
gitweb_url: "thefuck.how"
|
|
||||||
gitweb_webroot: "/var/www/thefuck.how"
|
|
||||||
tags: [ web, webroot ]
|
|
||||||
- role: minecraft-paper
|
|
||||||
vars:
|
|
||||||
paper_name: "thefuckhow"
|
|
||||||
paper_mc_maxplayers: 16
|
|
||||||
paper_mc_motd: "Brett's new serber"
|
|
||||||
paper_jre_xms: 1024m
|
|
||||||
paper_jre_xmx: 2048m
|
|
||||||
tags: [ gameserver, minecraft, paper ]
|
|
@ -1,52 +0,0 @@
|
|||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- hosts: home
|
|
||||||
roles:
|
|
||||||
- role: base-backups
|
|
||||||
tags: [ backups ]
|
|
||||||
- role: desktop-zerotier
|
|
||||||
tags: [ zerotier ]
|
|
||||||
- role: desktop-common
|
|
||||||
vars:
|
|
||||||
mopidy_spotify_username: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
62383664346563343663636261386261383865393535646465386435663535653036636665393133
|
|
||||||
3732653236663632633863346463346164663938396137370a326535633966343430633464653437
|
|
||||||
36646134393764313338323235356634353433623731336231626238653064633332306533343966
|
|
||||||
3362303836363065610a383362313738346534313435393537343931383465623466336632323632
|
|
||||||
65656663316561333462303761613963383236363532383866313038633232373132
|
|
||||||
mopidy_spotify_password: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
33303165663833663839323230643036363962393164373638333334643663626235353936343861
|
|
||||||
3834633461343533353366373330323264393361323433330a623837613037346633633065613761
|
|
||||||
63303234323734623938373134333932343965336665323939306336323836613130343866343838
|
|
||||||
3633383138646233330a366634303739643237333331613436623737663463316133666230366165
|
|
||||||
36306233336134636532383232303035343533373262373431353966656561633336
|
|
||||||
mopidy_spotify_client_id: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
32366664323864383162663963343438643930356531653064393135383364623162626533613433
|
|
||||||
6462633637396265373238383461623665393730396139320a626537353761323132386131616338
|
|
||||||
62323033666231326363616363343530333239303638626137613237393135613961613362313662
|
|
||||||
6233336234306466640a383834353935636138323837343765373966353365323634343439663435
|
|
||||||
39646138616533656361653765633161616238633335306363383030383832636330356162616264
|
|
||||||
3739646162313739646538306137623231313037386239343563
|
|
||||||
mopidy_spotify_client_secret: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
34666538353333303865623932653237313465653363356665333336343832356530666666343266
|
|
||||||
6637653137643431346562333465323862356465303766630a336531653033393133396238326134
|
|
||||||
32393033643261373764663963353130626331646266363430353536326135663239363539613530
|
|
||||||
6265366565363862610a366561373362656637623863336665336562323838643665323461653937
|
|
||||||
38306234316364306134396138376230626630633733306432626637616239373838646433343761
|
|
||||||
3436643661633766616564663937346232353666386531363438
|
|
||||||
tags: [ desktop ]
|
|
||||||
- role: pulseaudio
|
|
||||||
tags: [ pulse, pulseaudio ]
|
|
||||||
- role: desktop-sddm
|
|
||||||
vars:
|
|
||||||
sddm_theme_name: "breeze"
|
|
||||||
tags: [ sddm, desktop ]
|
|
||||||
- hosts: dsk-cstm-0
|
|
||||||
roles:
|
|
||||||
- role: rgb-kraken
|
|
||||||
tags: [ desktop, kraken, rgb ]
|
|
@ -1,11 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- hosts: phone
|
|
||||||
roles:
|
|
||||||
- role: base-backups
|
|
||||||
tags: [ backups ]
|
|
||||||
- role: desktop-zerotier
|
|
||||||
tags: [ zerotier ]
|
|
||||||
- role: phone-common
|
|
||||||
tags: [ phone, common ]
|
|
@ -1,47 +0,0 @@
|
|||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- hosts: web1.9iron.club
|
|
||||||
roles:
|
|
||||||
- role: base-backups
|
|
||||||
tags: [ backups ]
|
|
||||||
- role: gitea
|
|
||||||
tags: [ web, gitea ]
|
|
||||||
- role: grafana
|
|
||||||
tags: [ web, grafana ]
|
|
||||||
- role: nextcloud
|
|
||||||
tags: [ web, nextcloud ]
|
|
||||||
- role: redirect
|
|
||||||
vars:
|
|
||||||
redirect_from: "9iron.club"
|
|
||||||
redirect_to: "www.9iron.club"
|
|
||||||
redirect_webroot: "/var/www/redirect"
|
|
||||||
tags: [ web, redirect, 9i ]
|
|
||||||
- role: gitweb
|
|
||||||
vars:
|
|
||||||
gitweb_repo: "https://git.9iron.club/salt/www2"
|
|
||||||
gitweb_url: "www.9iron.club"
|
|
||||||
gitweb_webroot: "/var/www/www"
|
|
||||||
tags: [ web, webroot, 9i ]
|
|
||||||
- hosts: web1.9iron.club
|
|
||||||
roles:
|
|
||||||
- role: redirect
|
|
||||||
vars:
|
|
||||||
redirect_from: "otwstudios.org"
|
|
||||||
redirect_to: "www.otwstudios.org"
|
|
||||||
redirect_webroot: "/var/www/redirect"
|
|
||||||
tags: [ web, redirect, otw ]
|
|
||||||
- role: gitweb
|
|
||||||
vars:
|
|
||||||
gitweb_repo: "https://git.9iron.club/KidiroInfiniti/OTW_Site"
|
|
||||||
gitweb_url: "www.otwstudios.org"
|
|
||||||
gitweb_webroot: "/var/www/otwstudios.org"
|
|
||||||
tags: [ web, webroot, otw ]
|
|
||||||
- hosts: web1.9iron.club
|
|
||||||
roles:
|
|
||||||
- role: gitweb
|
|
||||||
vars:
|
|
||||||
gitweb_repo: "https://git.9iron.club/salt/desultd"
|
|
||||||
gitweb_url: "desu.ltd"
|
|
||||||
gitweb_webroot: "/var/www/desultd"
|
|
||||||
tags: [ web, webroot, desu ]
|
|
@ -1,9 +0,0 @@
|
|||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- role: common
|
|
||||||
tags: [ common ]
|
|
||||||
- role: ansible-pull
|
|
||||||
tags: [ ansible, common ]
|
|
15
reboot.yml
15
reboot.yml
@ -1,15 +0,0 @@
|
|||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- hosts: dbservers,webservers,gameservers
|
|
||||||
serial: 1
|
|
||||||
tasks:
|
|
||||||
- name: Check for reboot-required
|
|
||||||
stat:
|
|
||||||
path: "/var/run/reboot-required"
|
|
||||||
register: s
|
|
||||||
- name: Reboot
|
|
||||||
reboot:
|
|
||||||
reboot_timeout: 300
|
|
||||||
when: s.stat.exists
|
|
||||||
become: yes
|
|
@ -1,4 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
adam_name: adam
|
|
||||||
adam_repo: "https://git.9iron.club/salt/adam"
|
|
@ -1,60 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
- name: Set up Adam
|
|
||||||
block:
|
|
||||||
- name: Install required packages
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- libopus0
|
|
||||||
- nodejs
|
|
||||||
- npm
|
|
||||||
- name: Install packages without recommends
|
|
||||||
apt:
|
|
||||||
install_recommends: no
|
|
||||||
name:
|
|
||||||
- ffmpeg
|
|
||||||
- name: Create Adam user
|
|
||||||
user:
|
|
||||||
name: discord-adam
|
|
||||||
- name: Assure data directory
|
|
||||||
file:
|
|
||||||
path: "/var/adam"
|
|
||||||
state: directory
|
|
||||||
# Sticky, SetGID
|
|
||||||
mode: 3775
|
|
||||||
owner: root
|
|
||||||
group: discord-adam
|
|
||||||
- name: Set up bot root
|
|
||||||
block:
|
|
||||||
- name: Create specific data directory
|
|
||||||
file:
|
|
||||||
path: "/var/adam/{{ adam_name }}"
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
- name: Clone bot repo
|
|
||||||
git:
|
|
||||||
repo: "{{ adam_repo }}"
|
|
||||||
dest: "/var/adam/{{ adam_name }}"
|
|
||||||
- name: Initialize NPM modules
|
|
||||||
npm:
|
|
||||||
path: "/var/adam/{{ adam_name }}"
|
|
||||||
- name: Template out authentication token
|
|
||||||
template:
|
|
||||||
src: "auth.json"
|
|
||||||
dest: "/var/adam/{{ adam_name }}/auth.json"
|
|
||||||
mode: "0600"
|
|
||||||
become: yes
|
|
||||||
become_user: discord-adam
|
|
||||||
- name: Set up system configuration
|
|
||||||
block:
|
|
||||||
- name: Template out service
|
|
||||||
template:
|
|
||||||
src: "adam@.service"
|
|
||||||
dest: "/etc/systemd/system/adam@.service"
|
|
||||||
- name: Start and enable service
|
|
||||||
systemd:
|
|
||||||
daemon_reload: yes
|
|
||||||
name: "adam@{{ adam_name }}.service"
|
|
||||||
enabled: yes
|
|
||||||
state: started
|
|
||||||
become: yes
|
|
@ -1,29 +0,0 @@
|
|||||||
#
|
|
||||||
# Licensed under the terms of the MIT license
|
|
||||||
# vim:ft=dosini:
|
|
||||||
#
|
|
||||||
|
|
||||||
[Unit]
|
|
||||||
Description=Adam Bot %i
|
|
||||||
After=network.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
User=discord-adam
|
|
||||||
Group=discord-adam
|
|
||||||
WorkingDirectory=/var/adam/%i
|
|
||||||
PrivateUsers=true
|
|
||||||
ProtectSystem=full
|
|
||||||
ProtectHome=true
|
|
||||||
# Implies MountFlags=slave
|
|
||||||
ProtectKernelTunables=true
|
|
||||||
# Implies NoNewPrivileges=yes
|
|
||||||
ProtectKernelModules=true
|
|
||||||
# Implies MountAPIVFS=yes
|
|
||||||
ProtectControlGroups=true
|
|
||||||
|
|
||||||
ExecStart=/usr/bin/node index.js
|
|
||||||
|
|
||||||
Restart=always
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,3 +0,0 @@
|
|||||||
{
|
|
||||||
"token": "{{ adam_auth_token }}"
|
|
||||||
}
|
|
@ -1,5 +0,0 @@
|
|||||||
# vim:ft=ansible:
|
|
||||||
ansible_pull_boot_delay: "15min"
|
|
||||||
# Use `systemd-analyze calendar` for testing
|
|
||||||
ansible_pull_time: "*-*-* 01:00:00"
|
|
||||||
ansible_pull_playbook: "site.yml"
|
|
@ -1,6 +0,0 @@
|
|||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
31383561303637303735386663306631333063623336643030643634333262336664363461613239
|
|
||||||
6230623439393465656161663432393732633662383833640a373433343236353835363130653937
|
|
||||||
31346233663237383666306536633962613534623735366531666561656335393964316230633161
|
|
||||||
3930636537313364380a376432363431346636363565383734613638316161643036623636656532
|
|
||||||
66333038393738663464343534633766643734393165626538633962376161376262
|
|
@ -1,10 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: restart ansiblepull timer
|
|
||||||
systemd:
|
|
||||||
daemon_reload: yes
|
|
||||||
name: ansible-pull.timer
|
|
||||||
enabled: yes
|
|
||||||
state: restarted
|
|
||||||
become: yes
|
|
@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: no
|
|
||||||
dependencies:
|
|
||||||
- role: ansible
|
|
@ -1,32 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Set up ansible-pull
|
|
||||||
block:
|
|
||||||
- name: Copy Ansible password file
|
|
||||||
copy:
|
|
||||||
src: ansiblevaultpass
|
|
||||||
dest: ~/ansiblevaultpass
|
|
||||||
mode: "0600"
|
|
||||||
become: yes
|
|
||||||
become_user: ansible
|
|
||||||
- name: Configure systemd unit
|
|
||||||
block:
|
|
||||||
- name: Template out services
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
mode: "{{ item.mode }}"
|
|
||||||
loop:
|
|
||||||
- { src: "ansible-pull.service", dest: "/etc/systemd/system/ansible-pull.service", mode: "0644" }
|
|
||||||
- { src: "ansible-pull.timer", dest: "/etc/systemd/system/ansible-pull.timer", mode: "0644" }
|
|
||||||
notify: restart ansiblepull timer
|
|
||||||
- name: Enable timer
|
|
||||||
systemd:
|
|
||||||
daemon_reload: yes
|
|
||||||
name: ansible-pull.timer
|
|
||||||
enabled: yes
|
|
||||||
state: started
|
|
||||||
notify: restart ansiblepull timer
|
|
||||||
when: ansible_service_mgr == "systemd"
|
|
||||||
become: yes
|
|
@ -1,16 +0,0 @@
|
|||||||
# vim:ft=dosini:
|
|
||||||
[Unit]
|
|
||||||
Description=Ansible pull service
|
|
||||||
StartLimitIntervalSec=3600
|
|
||||||
StartLimitBurst=5
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
User=ansible
|
|
||||||
Group=ansible
|
|
||||||
Environment=ANSIBLE_CONFIG=~/ansible-pull-repo/ansible-pull.cfg
|
|
||||||
ExecStart=/usr/local/bin/ansible-pull --accept-host-key -U "{{ ansible_pull_repo }}" -d "~/ansible-pull-repo" --vault-password-file "~/ansiblevaultpass" "{{ ansible_pull_playbook }}"
|
|
||||||
Restart=on-failure
|
|
||||||
RestartSec=90
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,11 +0,0 @@
|
|||||||
# vim:ft=dosini:
|
|
||||||
[Unit]
|
|
||||||
Description=Ansible pull timer
|
|
||||||
|
|
||||||
[Timer]
|
|
||||||
Persistent=true
|
|
||||||
OnBootSec={{ ansible_pull_boot_delay }}
|
|
||||||
OnCalendar={{ ansible_pull_time }}
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=timers.target
|
|
@ -1,135 +0,0 @@
|
|||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
38366663623636336331373931396632616133633538633562353430656338666162393164346436
|
|
||||||
3939356235343431326165373231313930386639333466330a613864636237373735306636383631
|
|
||||||
66363165343164616333636336393561313633613130656664323663356162636265373639336665
|
|
||||||
3564333732373634370a656231613835663436326633346263316630346461316566363462666132
|
|
||||||
39346632316563333633363061336534356336363534613837386332393166383565336635633763
|
|
||||||
30336139326361313763303739393265316535643238663736646361656639373461396433396665
|
|
||||||
63363237303933373265613336616335343038326561346362323636333333313235366361653463
|
|
||||||
39386137356632373032343762303538656130366430643030383234343663366666373162393063
|
|
||||||
32656366313631613235643061366639323930363766363137393737646666383839336264373831
|
|
||||||
64316164613332353430373933633939373933303461663832333663313561643462666234633461
|
|
||||||
31653039323430613731656538343831376632376634336436643461643063643138396131316134
|
|
||||||
66373035326333613035643833363836613437376265373135326362323062633936323435383630
|
|
||||||
39646433356161663831356265346261363137666634646331306130306232343638346264303631
|
|
||||||
32303737643632393937363738623865303735633535316162366464393163653834386432663261
|
|
||||||
64303339343335666532663434353234353066663632633730373530313637666532363863313963
|
|
||||||
31326662633639376462303466646536323965643739636438613132333738373430363534396361
|
|
||||||
37616566303633663362326436666636343762653531313435356163636133643430393139623938
|
|
||||||
38643839373365313966636466393039626139366665346664643930353630613236303761306331
|
|
||||||
34656137643764633132643830666638333938316530613236643232633830643337623432656134
|
|
||||||
66636138326230623336653938323934316339393531393163343637386236613334636362613265
|
|
||||||
30386638636662393431363134353165613965306364373061613634303132336336396265323565
|
|
||||||
34303231356664376464363533626263626130653565653032656264616236656161343039333461
|
|
||||||
32303736383365346138313864633966623963633635313161623565363664303562316338366161
|
|
||||||
61386133663265316464646637336239396339386561306632313235363136316430636635626432
|
|
||||||
36333432623564376134343965653138353331663632346262396432356637623738323333366633
|
|
||||||
35396630386536653232396439663135343934653835643962353039323664383432326463323735
|
|
||||||
38643235643633316338396364393730333235316139353535643534303863356365353630653239
|
|
||||||
30306437383336303530316232666161646363646436666335613763306534356432663933323663
|
|
||||||
63633838633139373336376633643363393730313531353766656139326634613366356666623236
|
|
||||||
38353562653065386662656632373332653162383165666131386132613962643635663864656433
|
|
||||||
63343837363831396166616162353935383935653732346139366637306436386532646330343332
|
|
||||||
39666431616662393036616134666436393366303365336162646539656138636166656633313533
|
|
||||||
39626162346263306235346662343432396635636238383032623066343165366166656537613535
|
|
||||||
63383232303831323064636662366264663666353337373065326561343661396632353532346564
|
|
||||||
63616333363962366364373038336261613833623561636437343564656630663032313562386436
|
|
||||||
62656163636638323764313239336435383930303735623035313136326130373432376139623736
|
|
||||||
65613430353265356233373866653236633832373231333434643238326430356666626461663435
|
|
||||||
65623964313837353665373739613230633932653837643532623463366535323565636562356436
|
|
||||||
61616236366564323765653165323132326238633365353365333366363864636265656437373537
|
|
||||||
62356134343366373335393833666531366462306336396337313966326230393435383562343364
|
|
||||||
34313037393461383930373538653962623964313862326532333739373933303137313662376639
|
|
||||||
31396634323032393131323735333634356133316333383936366366623936643539323539613763
|
|
||||||
34363839353163616338396430643263336163653735656361656362336130653236363437373130
|
|
||||||
36343063306366303037666530616631333834633531363036343461633138393736623334643630
|
|
||||||
35323262323938366561363835616231316364343837383539656638346135663164623334616466
|
|
||||||
64653161313233373563343537326336336465623432636538323037386539343439373137666137
|
|
||||||
62393135316363643161393330656130663737303534356630376334633239346663356561376337
|
|
||||||
64343532313565393330316538376263353839383565643734336637666630663061316163343139
|
|
||||||
39393638356133613266656230313836623435613636336436616337653030376430376263323939
|
|
||||||
66623038383035373365643436353834623038646634636465353735356135643264623534313731
|
|
||||||
34343538356331646432653133386335623336303066663635326262623837663033303461376362
|
|
||||||
31373361353664383361326530333361336562663033303963636135666235626263303538366234
|
|
||||||
63313461666463376361373639336637306132353066393233626333376534356264356335373538
|
|
||||||
31306363613435303062623466303339363931396163373834323738336636656337333938653766
|
|
||||||
64386233663366343434376432303731653937313639376661336462323662373134643332326661
|
|
||||||
37396664363030343362613133393130373730646534616431303730633466353637353264646132
|
|
||||||
36373861613864393366653065353662626434396163663137636135333238313363303266623732
|
|
||||||
61646166666136306133633761373833633332616634333131303534306434366165613933323666
|
|
||||||
61666562626135396434316130303839643331316532663336343731393431643739376565363330
|
|
||||||
33623036613930333338353262643766336134386662336462616562353536616330666330306264
|
|
||||||
30633162636562613562363661653531356134613632633562306338353236393336313132663961
|
|
||||||
34313466383464616639643630376465396164383536666365353139383562386130626562353436
|
|
||||||
31303633623137663238663065363434336663336634363437646363656462333430653464643939
|
|
||||||
66333036646631353138646264386630356563333932633933643337396363343562623766356533
|
|
||||||
38316639353234666336383737383532353963633762313437356262383830643137353262383964
|
|
||||||
30396636626465336331313264666637393030663765393338333061623030633134313438386631
|
|
||||||
36336238386563313037373237366432323937663539663162396166663033626663646461323362
|
|
||||||
64643137613939363164616533366436353631396232663832393231316263646466653966333238
|
|
||||||
66393965623863393433323366366130666364376164336638666331666461316135353338343139
|
|
||||||
39636566393437396333633462396464616131333134613131323964353434613736313736376461
|
|
||||||
37373130626331623362613538353735613963363035656433626134336564303966383462363661
|
|
||||||
34353064643732666264323536316231643833326664386333396536336665316339303562323763
|
|
||||||
35646561613439643066613765623563386331363437353637376434656638373962383865396464
|
|
||||||
65353834356631316438386139316631336262356139663062346131336432333834616231666538
|
|
||||||
32346565343263646461363336353365626532613465623833623036663839613864333961666437
|
|
||||||
32633662626462386366363736323739366434323632373066373435633961623038363061386261
|
|
||||||
36333139636135623131653234346163353366316562653439336233316236386431383163653866
|
|
||||||
38393939646363613132323663643931306135626165626264666262323764336562636166626533
|
|
||||||
30613762353431643635656566656533346330306463353839393035343766656465343132363862
|
|
||||||
38306239663262336338353033303764633935303562643936373732396466616564323532326439
|
|
||||||
36623538363638376232616535363263373664386332623237313834613165393439323936383562
|
|
||||||
63373966643531346337333935393862346437316264656563316539303037343933393639363434
|
|
||||||
66616161626165373661653963323835383437656464383931363236376165633834343039323035
|
|
||||||
62386637373738653639643232636631366532626332356538663166653839303663643332323130
|
|
||||||
63386465323838666437646361653633626635303733626238326237623637623563303465353531
|
|
||||||
66333935333335396634356539313434616538336135306631353961623764376665653365356335
|
|
||||||
30656266313637383534353736346633393432343466666639376330313837353763343438653366
|
|
||||||
38346132336336656365323166303632633661383530626331613739303961386235346139366236
|
|
||||||
30636464336165353436303966633935323835353439363636386661383461363265323937653565
|
|
||||||
65383139613365613337623136626133393461663461613566623134396431613733663137373335
|
|
||||||
31666332393338666235653562356563643033353961386466386562346339653638626261306635
|
|
||||||
34353132353664373332323335646438646433386430313061643737623566613339653131623836
|
|
||||||
62633936626436626133303633366336373838336531336139616564623364626534383834313234
|
|
||||||
37666163623462656434316563363535646236666536396431626132323361343238303834366637
|
|
||||||
33623565313730386264336638306637623931323861333939376165323139376335326566333633
|
|
||||||
65316439613430383230323439613538396630306233356339613662333061643732346531656364
|
|
||||||
65623263336538346561356631386639363939643434343938373264373565613537336465363038
|
|
||||||
66363963626365633338663234643764316530353566376633313732336533333063613232333538
|
|
||||||
66396236313866343038656366633738666463356432613230636361316436666432373636363034
|
|
||||||
63353231346533303361363834333231633131613165366134353763363766613033656333626438
|
|
||||||
30333731383264323732313261336263326562316530663962313739383836326536363030333564
|
|
||||||
39333436396136623161373032643438633431303761333962623832333832366463626533653832
|
|
||||||
64323333306336616363613865393561656636633735616333333736633463396330353665626561
|
|
||||||
38316134626163376466643537336335313131353461316362383865363437643263636339383831
|
|
||||||
65383762663265636663396135386630326333393237356564616237393431633537633762616134
|
|
||||||
34353264346539663038663866386538306662316233353130663332643533623436393937366266
|
|
||||||
65303330633966613038393430303536363730643463663733653237343937336136353233303037
|
|
||||||
65613537656335356533666136366363323535636635323330623664626564656537356363633763
|
|
||||||
31313437363766663338313633663866663563393039363232656638363961336631303464306536
|
|
||||||
36396136346663323038386634343461336666636438323866356339623763656436643833393963
|
|
||||||
66396662366632653831393238396535623939306434396537643930393261336161396239383330
|
|
||||||
62336237396639663837623561383964346633353935366266373030633864393433623734613233
|
|
||||||
35653138303866656465363465313733616363633334663062363436376139633231626564376166
|
|
||||||
34643864333865633832616539333063396264376566666539633936646338623763353032353635
|
|
||||||
34633465613135376234303538636432346336383431343237323661393564306438333830393737
|
|
||||||
38356333363961643735356265613762396663323264336565623762356163626130623366623861
|
|
||||||
31626135613865613866666565663063656632653339333866396537343131636366393131346438
|
|
||||||
66626434656235376265386135333165366162346536623466303437313131336165346238383934
|
|
||||||
35353064663536373162613836383663396661633930616431653764353339613835393762396332
|
|
||||||
32363965653235646130323761316437376631383464306661623963306362343631666538653864
|
|
||||||
30613233336339373739363733346466313764383165643466316239613264393332626133363437
|
|
||||||
36666431613263393730393264326235353239633035653736626233343630623736646230653064
|
|
||||||
35393932396361623239326435356563623033316561373236613136333938363265376561386430
|
|
||||||
36393730353465376663343361306234346564623837363565373733373936623534353639623538
|
|
||||||
62316264613734326638636538653861663637623462306138636532653036343061396363363631
|
|
||||||
61316638653133636561363333363638396439643835363033336666346461356637336233386234
|
|
||||||
32336664376631336662613239353461633566633565623137643536343137373534663031626333
|
|
||||||
64613335656330666465366638373863306439636166346430363033313435626337373764313938
|
|
||||||
35306465656264643463653930303830333262616233333532616138383335626663636365626464
|
|
||||||
65613461633737646235343230346331313435386530383838613930633037356537623039333936
|
|
||||||
61353332386231623237613731363731383738383934613932613031633235663935386536323733
|
|
||||||
31393263353339633462326639306264356562393166366263626537313432366639376531386263
|
|
||||||
31643061303032303363653631323131656436663563363333646162643331376438343437663034
|
|
||||||
6332323532343937323062386135393566323732356533336162
|
|
@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: no
|
|
||||||
dependencies:
|
|
||||||
- role: awscreds
|
|
@ -1,51 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Set up Ansible
|
|
||||||
block:
|
|
||||||
- name: Install Ansible-required packages via apt
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- python3-pip
|
|
||||||
- python3-boto
|
|
||||||
- python3-boto3
|
|
||||||
- python3-botocore
|
|
||||||
- python3-setuptools
|
|
||||||
become: true
|
|
||||||
when: ansible_os_family == "Debian"
|
|
||||||
- name: Install Ansible-required packages via apk
|
|
||||||
apk:
|
|
||||||
name:
|
|
||||||
- gcc
|
|
||||||
- musl-dev
|
|
||||||
- py3-boto
|
|
||||||
- py3-boto3
|
|
||||||
- py3-botocore
|
|
||||||
- py3-cryptography
|
|
||||||
- py3-pip
|
|
||||||
- py3-setuptools
|
|
||||||
when: ansible_distribution == "Alpine"
|
|
||||||
- name: Install Ansible-required packages via pip
|
|
||||||
pip:
|
|
||||||
name: "{{ packages }}"
|
|
||||||
state: latest
|
|
||||||
vars:
|
|
||||||
packages:
|
|
||||||
- ansible
|
|
||||||
- ansible-base
|
|
||||||
- ansible-lint
|
|
||||||
- name: Assure root .ssh directory
|
|
||||||
file:
|
|
||||||
path: ~/.ssh
|
|
||||||
state: directory
|
|
||||||
mode: "0600"
|
|
||||||
- name: Copy Ansible private key
|
|
||||||
copy:
|
|
||||||
src: ansiblekey
|
|
||||||
dest: ~/.ssh/ansible
|
|
||||||
mode: "0600"
|
|
||||||
- name: Clone Ansible repo
|
|
||||||
git:
|
|
||||||
dest: /etc/ansible
|
|
||||||
repo: "{{ ansible_pull_repo }}"
|
|
||||||
become: true
|
|
@ -1,30 +0,0 @@
|
|||||||
# The MariaDB configuration file
|
|
||||||
#
|
|
||||||
# The MariaDB/MySQL tools read configuration files in the following order:
|
|
||||||
# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults,
|
|
||||||
# 2. "/etc/mysql/conf.d/*.cnf" to set global options.
|
|
||||||
# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options.
|
|
||||||
# 4. "~/.my.cnf" to set user-specific options.
|
|
||||||
#
|
|
||||||
# If the same option is defined multiple times, the last one will apply.
|
|
||||||
#
|
|
||||||
# One can use all long options that the program supports.
|
|
||||||
# Run program with --help to get a list of available options and with
|
|
||||||
# --print-defaults to see which it would actually understand and use.
|
|
||||||
|
|
||||||
[mysqld]
|
|
||||||
max_allowed_packet=100M
|
|
||||||
skip-networking
|
|
||||||
innodb_file_format = Barracuda
|
|
||||||
innodb_large_prefix = 1
|
|
||||||
innodb_file_per_table = ON
|
|
||||||
|
|
||||||
#
|
|
||||||
# This group is read both both by the client and the server
|
|
||||||
# use it for options that affect everything
|
|
||||||
#
|
|
||||||
[client-server]
|
|
||||||
|
|
||||||
# Import all .cnf files from configuration directory
|
|
||||||
!includedir /etc/mysql/conf.d/
|
|
||||||
!includedir /etc/mysql/mariadb.conf.d/
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,8 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: restart apache
|
|
||||||
service:
|
|
||||||
name: apache2
|
|
||||||
state: restarted
|
|
||||||
become: yes
|
|
@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: no
|
|
@ -1,72 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Install, configure, and start Apache and PHP
|
|
||||||
block:
|
|
||||||
- name: Install Apache and PHP packages
|
|
||||||
apt:
|
|
||||||
name: "{{ packages }}"
|
|
||||||
vars:
|
|
||||||
packages:
|
|
||||||
- apache2
|
|
||||||
- libapache2-mod-php
|
|
||||||
- php
|
|
||||||
- php-gd
|
|
||||||
- php-json
|
|
||||||
- php-mysql
|
|
||||||
- php-curl
|
|
||||||
- php-mbstring
|
|
||||||
- php-intl
|
|
||||||
- php-xml
|
|
||||||
- php-zip
|
|
||||||
- php-cgi
|
|
||||||
- php-cli
|
|
||||||
- python3-passlib # For htpasswd support
|
|
||||||
- name: Find PHP config directory
|
|
||||||
find:
|
|
||||||
paths: /etc/php
|
|
||||||
patterns: '*'
|
|
||||||
file_type: directory
|
|
||||||
register: phpdirs
|
|
||||||
- name: Debug
|
|
||||||
debug:
|
|
||||||
var: phpdirs.files.0.path
|
|
||||||
- name: Copy configuration
|
|
||||||
copy:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ phpdirs.files.0.path }}/{{ item.dest }}"
|
|
||||||
mode: "{{ item.mode }}"
|
|
||||||
loop:
|
|
||||||
- { src: "php-apache2.ini", dest: "apache2/php.ini", mode: "0644" }
|
|
||||||
- { src: "php-cgi.ini", dest: "cgi/php.ini", mode: "0644" }
|
|
||||||
- name: Disable default website
|
|
||||||
file:
|
|
||||||
# This is a symlink so who cares
|
|
||||||
path: "/etc/apache2/sites-enabled/000-default.conf"
|
|
||||||
state: absent
|
|
||||||
- name: Configure modules
|
|
||||||
block:
|
|
||||||
- name: Disable modules
|
|
||||||
command:
|
|
||||||
argv:
|
|
||||||
- "/usr/sbin/a2dismod"
|
|
||||||
- "{{ item }}"
|
|
||||||
removes: "/etc/apache2/mods-enabled/{{ item }}.load"
|
|
||||||
loop:
|
|
||||||
- mpm_event
|
|
||||||
notify: restart apache
|
|
||||||
- name: Enable modules
|
|
||||||
command:
|
|
||||||
argv:
|
|
||||||
- "/usr/sbin/a2enmod"
|
|
||||||
- "{{ item }}"
|
|
||||||
creates: "/etc/apache2/mods-enabled/{{ item }}.load"
|
|
||||||
loop:
|
|
||||||
- headers
|
|
||||||
- mpm_prefork
|
|
||||||
# Fun fact: this works
|
|
||||||
- php*
|
|
||||||
- rewrite
|
|
||||||
- ssl
|
|
||||||
notify: restart apache
|
|
||||||
become: yes
|
|
@ -1,11 +0,0 @@
|
|||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
38616333383866663466353035306234356565643564383866633038636531616239393365636436
|
|
||||||
6538393064666337616565616636363331333062643235340a613061356630656333626664343038
|
|
||||||
39326661306439343666623339323430333662363864366364363664323833393039303938323035
|
|
||||||
3061396662656435660a366361363138386332633234633832613630643364316130643665343737
|
|
||||||
37303434633839323363376562303966363466323638616265303865343936396465616434666163
|
|
||||||
61666663373333643034363663323465326130393331636463666534343837646466653265343162
|
|
||||||
39343066323764646361323833303334643730633938633436343330626230303462666166356530
|
|
||||||
63623861383436636137623733633839333564363334323034313537616633666436333133396639
|
|
||||||
63666237366535386436343839653939373533656164333865613631386131343565363734333935
|
|
||||||
3861623666613138353061646564393465356532316631616231
|
|
@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: no
|
|
@ -1,15 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Set up AWS credentials for root
|
|
||||||
block:
|
|
||||||
- name: Create .aws directory
|
|
||||||
file:
|
|
||||||
path: ~/.aws
|
|
||||||
state: directory
|
|
||||||
- name: Copy AWS credentials
|
|
||||||
copy:
|
|
||||||
src: awscredentials
|
|
||||||
dest: ~/.aws/credentials
|
|
||||||
mode: "0600"
|
|
||||||
become: true
|
|
@ -1,5 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
backups_outdir: "/opt/backups/out"
|
|
||||||
backups_boot_delay: 1h
|
|
||||||
backups_time: "*-*-* 02:00:00"
|
|
@ -1,10 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: restart backups timer
|
|
||||||
systemd:
|
|
||||||
daemon_reload: yes
|
|
||||||
name: 9iron-backup.timer
|
|
||||||
enabled: yes
|
|
||||||
state: restarted
|
|
||||||
become: yes
|
|
@ -1,6 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
allow_duplicates: no
|
|
||||||
dependencies:
|
|
||||||
- role: awscreds
|
|
@ -1,41 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Set up general backups
|
|
||||||
block:
|
|
||||||
- name: Create backups directories
|
|
||||||
file:
|
|
||||||
state: directory
|
|
||||||
mode: "0700"
|
|
||||||
path: "{{ item }}"
|
|
||||||
loop:
|
|
||||||
- "/opt/backups"
|
|
||||||
- "/opt/backups/modules"
|
|
||||||
- "{{ backups_outdir }}"
|
|
||||||
- name: Create /backups symlink
|
|
||||||
file:
|
|
||||||
state: link
|
|
||||||
path: "/backups"
|
|
||||||
src: "{{ backups_outdir }}"
|
|
||||||
- name: Template out backup script
|
|
||||||
template:
|
|
||||||
src: "backup.sh"
|
|
||||||
dest: "/opt/backups/backup.sh"
|
|
||||||
mode: "0700"
|
|
||||||
- name: Template out services
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
mode: "{{ item.mode }}"
|
|
||||||
loop:
|
|
||||||
- { src: "9iron-backup.service", dest: "/etc/systemd/system/9iron-backup.service", mode: "0644" }
|
|
||||||
- { src: "9iron-backup.timer", dest: "/etc/systemd/system/9iron-backup.timer", mode: "0644" }
|
|
||||||
notify: restart backups timer
|
|
||||||
- name: Enable timer
|
|
||||||
systemd:
|
|
||||||
daemon_reload: yes
|
|
||||||
name: 9iron-backup.timer
|
|
||||||
enabled: yes
|
|
||||||
state: started
|
|
||||||
notify: restart backups timer
|
|
||||||
become: yes
|
|
@ -1,14 +0,0 @@
|
|||||||
# vim:ft=dosini:
|
|
||||||
[Unit]
|
|
||||||
Description=9iron backup service
|
|
||||||
StartLimitIntervalSec=3600
|
|
||||||
StartLimitBurst=5
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
MemoryMax=256M
|
|
||||||
ExecStart=/opt/backups/backup.sh
|
|
||||||
Restart=on-failure
|
|
||||||
RestartSec=90
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,11 +0,0 @@
|
|||||||
# vim:ft=dosini:
|
|
||||||
[Unit]
|
|
||||||
Description=9iron backup timer
|
|
||||||
|
|
||||||
[Timer]
|
|
||||||
Persistent=true
|
|
||||||
OnBootSec={{ backups_boot_delay }}
|
|
||||||
OnCalendar={{ backups_time }}
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=timers.target
|
|
@ -1,65 +0,0 @@
|
|||||||
#! /bin/bash
|
|
||||||
#
|
|
||||||
# backup.sh
|
|
||||||
# General-purpose backup script that accepts subtasks
|
|
||||||
# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
|
|
||||||
#
|
|
||||||
# Distributed under terms of the MIT license.
|
|
||||||
#
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
export BACKUPSDIR="/backups"
|
|
||||||
export OUTDIR="$BACKUPSDIR/out"
|
|
||||||
export MODULESDIR="/opt/backups/modules"
|
|
||||||
export DATE="$(date -Iseconds)"
|
|
||||||
|
|
||||||
# Helper functions
|
|
||||||
log() {
|
|
||||||
[ -z "$1" ] && return 1
|
|
||||||
printf "$(date -Iseconds): $1\n"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Sanity checks
|
|
||||||
if ! [ -d "$MODULESDIR" ]; then
|
|
||||||
log "Unable to find modules directory: $MODULESDIR"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
# Source an RC, if we have it
|
|
||||||
if [ -r "$MODULESDIR/backuprc" ]; then
|
|
||||||
source "$MODULESDIR/backuprc"
|
|
||||||
fi
|
|
||||||
# More sanity checks
|
|
||||||
if ! [ -d "$BACKUPSDIR" ]; then
|
|
||||||
log "Unable to find backups directory: $BACKUPSDIR"
|
|
||||||
exit 2
|
|
||||||
fi
|
|
||||||
# Do the do
|
|
||||||
log "Beginning backups"
|
|
||||||
for file in "$MODULESDIR"/*; do
|
|
||||||
# Just keep going if we don't have any tasks to do
|
|
||||||
[ -f "$file" ] || continue
|
|
||||||
# Execute the module and alert if it fails
|
|
||||||
log "Executing module: $file"
|
|
||||||
(
|
|
||||||
# Define a log function for our module to use
|
|
||||||
log() {
|
|
||||||
[ -z "$1" ] && return 1
|
|
||||||
printf "$(date -Iseconds): $1\n"
|
|
||||||
}
|
|
||||||
source "$file"
|
|
||||||
) || {
|
|
||||||
log "Error executing module: $file"
|
|
||||||
}
|
|
||||||
done
|
|
||||||
# If we have a fancy schmancy bucket, use it
|
|
||||||
s3bucket="{{ aws.backup_bucket }}"
|
|
||||||
if command -v aws > /dev/null 2>&1 && aws s3 ls "s3://$s3bucket" > /dev/null 2>&1; then
|
|
||||||
log "Moving files to S3 bucket $s3bucket"
|
|
||||||
nice -n 10 aws s3 mv "$BACKUPSDIR" "s3://$s3bucket" \
|
|
||||||
--recursive \
|
|
||||||
--only-show-errors \
|
|
||||||
--exclude "*.log" \
|
|
||||||
--storage-class STANDARD
|
|
||||||
fi
|
|
||||||
|
|
@ -1,8 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: restart snmpd
|
|
||||||
systemd:
|
|
||||||
name: snmpd
|
|
||||||
state: restarted
|
|
||||||
become: yes
|
|
@ -1,21 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Install snmpd
|
|
||||||
block:
|
|
||||||
- name: Install snmpd
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- snmpd
|
|
||||||
- name: Template out config
|
|
||||||
template:
|
|
||||||
src: snmpd.conf
|
|
||||||
dest: /etc/snmp/snmpd.conf
|
|
||||||
mode: "0600"
|
|
||||||
notify: restart snmpd
|
|
||||||
- name: Enable snmpd
|
|
||||||
systemd:
|
|
||||||
name: snmpd
|
|
||||||
enabled: yes
|
|
||||||
state: started
|
|
||||||
become: yes
|
|
@ -1,165 +0,0 @@
|
|||||||
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
|
|
||||||
agentAddress udp:161,udp6:[::1]:161
|
|
||||||
|
|
||||||
# Create users
|
|
||||||
createUser authOnlyUser SHA {{ snmp.auth_user_pass }}
|
|
||||||
createUser authPrivUser SHA {{ snmp.priv_user_pass }}
|
|
||||||
createUser internalUser SHA {{ snmp.int_user_pass }}
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
#
|
|
||||||
# ACCESS CONTROL
|
|
||||||
#
|
|
||||||
|
|
||||||
# system + hrSystem groups only
|
|
||||||
view systemonly included .1.3.6.1.2.1.1
|
|
||||||
view systemonly included .1.3.6.1.2.1.25.1
|
|
||||||
|
|
||||||
# Full access from the local host
|
|
||||||
#rocommunity public localhost
|
|
||||||
# Default access to basic system info
|
|
||||||
rocommunity public default -V systemonly
|
|
||||||
# rocommunity6 is for IPv6
|
|
||||||
rocommunity6 public default -V systemonly
|
|
||||||
|
|
||||||
# Full access from an example network
|
|
||||||
# Adjust this network address to match your local
|
|
||||||
# settings, change the community string,
|
|
||||||
# and check the 'agentAddress' setting above
|
|
||||||
#rocommunity secret 10.0.0.0/16
|
|
||||||
|
|
||||||
# Full read-only access for SNMPv3
|
|
||||||
rouser authOnlyUser
|
|
||||||
# Full write access for encrypted requests
|
|
||||||
# Remember to activate the 'createUser' lines above
|
|
||||||
#rwuser authPrivUser priv
|
|
||||||
|
|
||||||
# It's no longer typically necessary to use the full 'com2sec/group/access' configuration
|
|
||||||
# r[ow]user and r[ow]community, together with suitable views, should cover most requirements
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
#
|
|
||||||
# SYSTEM INFORMATION
|
|
||||||
#
|
|
||||||
|
|
||||||
# Note that setting these values here, results in the corresponding MIB objects being 'read-only'
|
|
||||||
# See snmpd.conf(5) for more details
|
|
||||||
sysLocation {{ snmp.location }}
|
|
||||||
sysContact {{ snmp.contact }}
|
|
||||||
# Application + End-to-End layers
|
|
||||||
sysServices 72
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# Process Monitoring
|
|
||||||
#
|
|
||||||
# At least one 'mountd' process
|
|
||||||
proc mountd
|
|
||||||
# No more than 4 'ntalkd' processes - 0 is OK
|
|
||||||
proc ntalkd 4
|
|
||||||
# At least one 'sendmail' process, but no more than 10
|
|
||||||
proc sendmail 10 1
|
|
||||||
|
|
||||||
# Walk the UCD-SNMP-MIB::prTable to see the resulting output
|
|
||||||
# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# Disk Monitoring
|
|
||||||
#
|
|
||||||
# 10MBs required on root disk, 5% free on /var, 10% free on all other disks
|
|
||||||
disk / 10000
|
|
||||||
disk /var 5%
|
|
||||||
includeAllDisks 10%
|
|
||||||
|
|
||||||
# Walk the UCD-SNMP-MIB::dskTable to see the resulting output
|
|
||||||
# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# System Load
|
|
||||||
#
|
|
||||||
# Unacceptable 1-, 5-, and 15-minute load averages
|
|
||||||
load 12 10 5
|
|
||||||
|
|
||||||
# Walk the UCD-SNMP-MIB::laTable to see the resulting output
|
|
||||||
# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
#
|
|
||||||
# ACTIVE MONITORING
|
|
||||||
#
|
|
||||||
|
|
||||||
# send SNMPv1 traps
|
|
||||||
trapsink localhost public
|
|
||||||
# send SNMPv2c traps
|
|
||||||
#trap2sink localhost public
|
|
||||||
# send SNMPv2c INFORMs
|
|
||||||
#informsink localhost public
|
|
||||||
|
|
||||||
# Note that you typically only want *one* of these three lines
|
|
||||||
# Uncommenting two (or all three) will result in multiple copies of each notification.
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# Event MIB - automatically generate alerts
|
|
||||||
#
|
|
||||||
# Remember to activate the 'createUser' lines above
|
|
||||||
iquerySecName internalUser
|
|
||||||
rouser internalUser
|
|
||||||
# generate traps on UCD error conditions
|
|
||||||
defaultMonitors yes
|
|
||||||
# generate traps on linkUp/Down
|
|
||||||
linkUpDownNotifications yes
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
#
|
|
||||||
# EXTENDING THE AGENT
|
|
||||||
#
|
|
||||||
|
|
||||||
#
|
|
||||||
# Arbitrary extension commands
|
|
||||||
#
|
|
||||||
extend test1 /bin/echo Hello, world!
|
|
||||||
extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35
|
|
||||||
#extend-sh test3 /bin/sh /tmp/shtest
|
|
||||||
|
|
||||||
# Note that this last entry requires the script '/tmp/shtest' to be created first,
|
|
||||||
# containing the same three shell commands, before the line is uncommented
|
|
||||||
|
|
||||||
# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table
|
|
||||||
# and nsExtendOutput2Table) to see the resulting output
|
|
||||||
|
|
||||||
# Note that the "extend" directive supercedes the previous "exec" and "sh" directives
|
|
||||||
# However, walking the UCD-SNMP-MIB::extTable should still returns the same output,
|
|
||||||
# as well as the fuller results in the above tables.
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# "Pass-through" MIB extension command
|
|
||||||
#
|
|
||||||
#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest
|
|
||||||
#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl
|
|
||||||
|
|
||||||
# Note that this requires one of the two 'passtest' scripts to be installed first,
|
|
||||||
# before the appropriate line is uncommented.
|
|
||||||
# These scripts can be found in the 'local' directory of the source distribution,
|
|
||||||
# and are not installed automatically.
|
|
||||||
|
|
||||||
# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# AgentX Sub-agents
|
|
||||||
#
|
|
||||||
# Run as an AgentX master agent
|
|
||||||
master agentx
|
|
||||||
# Listen for network connections (from localhost)
|
|
||||||
# rather than the default named socket /var/agentx/master
|
|
||||||
#agentXSocket tcp:localhost:705
|
|
@ -1,4 +0,0 @@
|
|||||||
# vim:ft=ansible:
|
|
||||||
user_username: salt
|
|
||||||
user_shell: /bin/bash
|
|
||||||
user_password: "!"
|
|
@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: no
|
|
@ -1,88 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Assure user
|
|
||||||
user:
|
|
||||||
name: "{{ user_username }}"
|
|
||||||
shell: "{{ user_shell }}"
|
|
||||||
password: "{{ user_password }}"
|
|
||||||
become: yes
|
|
||||||
- name: Add user to sudo
|
|
||||||
user:
|
|
||||||
name: "{{ user_username }}"
|
|
||||||
groups: sudo
|
|
||||||
append: yes
|
|
||||||
become: yes
|
|
||||||
when: ansible_os_family == "Debian"
|
|
||||||
- name: Add user to wheel
|
|
||||||
user:
|
|
||||||
name: "{{ user_username }}"
|
|
||||||
groups: wheel
|
|
||||||
append: yes
|
|
||||||
become: yes
|
|
||||||
when: ansible_os_family != "Debian"
|
|
||||||
- name: Bootstrap user
|
|
||||||
block:
|
|
||||||
- name: Assure .ssh directory
|
|
||||||
file:
|
|
||||||
path: $HOME/.ssh
|
|
||||||
state: directory
|
|
||||||
mode: "0700"
|
|
||||||
- name: Generate keypair
|
|
||||||
openssh_keypair:
|
|
||||||
comment: "{{ user_username }}@{{ inventory_hostname_short }}"
|
|
||||||
path: $HOME/.ssh/id_ed25519
|
|
||||||
mode: "0600"
|
|
||||||
register: keypair
|
|
||||||
- name: Register keypair with Gitea
|
|
||||||
uri:
|
|
||||||
url: "https://git.9iron.club/api/v1/user/keys"
|
|
||||||
method: POST
|
|
||||||
headers:
|
|
||||||
accept: "application/json"
|
|
||||||
Authorization: "token {{ gitea_api_token }}"
|
|
||||||
body_format: json
|
|
||||||
body:
|
|
||||||
key: "{{ keypair.public_key }}"
|
|
||||||
read_only: yes
|
|
||||||
title: "{{ inventory_hostname }}-ed25519"
|
|
||||||
status_code: 201
|
|
||||||
when: keypair is changed
|
|
||||||
- name: Configure authorized hosts
|
|
||||||
authorized_key:
|
|
||||||
user: "{{ user_username }}"
|
|
||||||
manage_dir: yes
|
|
||||||
key: "{{ item.key }}"
|
|
||||||
state: "{{ item.state }}"
|
|
||||||
loop:
|
|
||||||
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc03Q21k7rDuIbZ91dIMOSAM7EpT75YFzOoYL6CfHLZbRDsYTVgUSHYL9lfgGiW9CYL9Gp8QT9eLzIdfgn4e8OMMuoW1jayM9nj6iY3tmWlinuzs535j04Us/aY1Gka+f0qf/vJfRAwO0VN92xmLxW4pQMD/r5DKQ3yppvohnAAPeOhoFeLbEPiBgb1ktNxtQF9GdIOdDIEE+dV0UA07dJskTdJGG9Zbff7VEcQXknhaLdclye+BHlNkRv+MvFu4jPnBNttPiM4TSBgOD88U68M6MsYBJ+2e+7cTiO2DWy9bTtAnhWHD468fdS3S9h62l2lsrGBa5dRpc8RCpPXFo/ salt@dsk-cstm-0", state: present }
|
|
||||||
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyOzdOFNONNhr++/2L3iSN04JsLwYHkapslDMEImI0x4chvdfdA9OkEOZHP5EoMUG6uWL3xZZdQ9Egp931oHDc4W5ylPQ1VtqQ2vcyffCfBTOEaUeEgw2tHBDngMqBgTajMSFvTbaC7JNSIdcGP1KTCCYZ3f8DPjVmG8FAKq1kDnCyI4sXHQswi/AbIBrOsWSW+qjrQdD/jU7T2LPQbU9FB+afinDizhGXUzkmbRkOD5z/YsyrWDfaKhGS4EwJpZbEwT7ocnCaQSa74xYLwUlBONhg3u2wq00mrh7vc2WbeGB7VoCsojPIj5r6KoCKzRBVog2HLQ4W7QqfSW/nXR21 salt@lap-th-e560-0", state: present }
|
|
||||||
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsZVQJr3d5G9nhlAilU8SKK7AInw8bgUTbIof7LEPD16Fg21KKAIcpYqWgw53EwuwFN8KJjDHKQasfnGZ++vIdpaNKB5HAAHapHxMREpwKzDf9Z+phfi2S5rdIodeCz62DVo0DSd4NZGF1q2FGgVTIsnOVLRBiu5xBIP6BElMmAn+afsBHiuN68YVUxqTnwX+brQXcxhG/D0UuNHUgf2VZ95vNktgad03/1g9FbKI4CIVoUazHeavTFzOYewfSzOGo9T6VOxe0Tm/GYjokO+XGtn5LtITFAEjAMEyhUb3JCtmPuof153BaP11ELqURUp1Os5Spxq2nsxGpdSebzty157uf9wFPGnbsSk5ehEE9pQodzCZlrHu85oKFGtwtdYmAvQd8LvrIb+tRFV2LX3AL/H0KdAGOCBvQG0bIAWmosZSzTT0zC1ESA97ncpzP8VYJJtwvhxyJOpsA3udHScQAZllrTjh6S18RJts1GtLv2d7ogFBzRAGn+/dsekX5ghU= salt@lap-s76-lemp9-0", state: present }
|
|
||||||
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgLG6Y+R58AaS8hxrAVtpYRon1JiXG65KoHLR1hr8GtQXAaJuTIzzvD3LJbZ3OxSctZCzfu85SZ+7ex6yHAD0RfPASAGZarHOWSFuTULtIYaz0lGopfmHrVT9yV2df0zhqz3E2FEJaMe1CXkDufJrD3IkPZSTd24NY83hJGWxSM9SbiCqAf+c3DSWWhCC75WXdIfPs6d5CF/pYY6T1kD9AJC4K6JhP3LtieFBGZfpd6EamZ/Y1wvlFbkjV+rLDvYE4BF4WNYcJP1CTEgtOTAbACMqSdQ6544JUVvKNE7J9haOzTK0gYcp05zvgHvgju9TuPizlYEjPgypxNZBPXQisat3KXLenGS4+4gLloFrkZ4f2IfJidLrBd99GAina2OMHsCfQrazhuzvIoXI/5ww+k28GgF264HA8ZNkhPgZf3tbDmSHIZPvshRRvYOfURwiwl9T9xwdoJet5qdPrXk6EmX6f5TUIUdB8eeXcLecQDfvwgbDePdxz02sEw4LymK0= salt@ph-pine-0", state: present }
|
|
||||||
- name: Check for dotfile initialization
|
|
||||||
stat: path=$HOME/.dotfiles
|
|
||||||
register: p
|
|
||||||
- name: Initialize dotfiles
|
|
||||||
block:
|
|
||||||
- name: Clone bootstrap script
|
|
||||||
git:
|
|
||||||
accept_hostkey: yes
|
|
||||||
repo: git@git.9iron.club:salt/bootstrap
|
|
||||||
dest: $HOME/bootstrap
|
|
||||||
depth: 1
|
|
||||||
force: yes
|
|
||||||
- name: Execute bootstrap script
|
|
||||||
shell: "cd && ~/bootstrap/bootstrap.sh > bootstrap.log 2>&1"
|
|
||||||
- name: Disable untracked files on dotfiles
|
|
||||||
git_config:
|
|
||||||
name: status.showUntrackedFiles
|
|
||||||
value: "no"
|
|
||||||
scope: local
|
|
||||||
repo: ~/.dotfiles
|
|
||||||
- name: Remove bootstrap script directory
|
|
||||||
file:
|
|
||||||
path: ~/bootstrap
|
|
||||||
state: absent
|
|
||||||
when: not p.stat.exists
|
|
||||||
become: yes
|
|
||||||
become_user: "{{ user_username }}"
|
|
@ -1,19 +0,0 @@
|
|||||||
# Enable/disable the dynamic MOTD news service
|
|
||||||
# This is a useful way to provide dynamic, informative
|
|
||||||
# information pertinent to the users and administrators
|
|
||||||
# of the local system
|
|
||||||
ENABLED=0
|
|
||||||
|
|
||||||
# Configure the source of dynamic MOTD news
|
|
||||||
# White space separated list of 0 to many news services
|
|
||||||
# For security reasons, these must be https
|
|
||||||
# and have a valid certificate
|
|
||||||
# Canonical runs a service at motd.ubuntu.com, and you
|
|
||||||
# can easily run one too
|
|
||||||
URLS="https://motd.ubuntu.com"
|
|
||||||
|
|
||||||
# Specify the time in seconds, you're willing to wait for
|
|
||||||
# dynamic MOTD news
|
|
||||||
# Note that news messages are fetched in the background by
|
|
||||||
# a systemd timer, so this should never block boot or login
|
|
||||||
WAIT=5
|
|
@ -1,8 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: restart cron
|
|
||||||
service:
|
|
||||||
name: cron
|
|
||||||
state: restarted
|
|
||||||
become: yes
|
|
@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: no
|
|
@ -1,41 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
- name: Configure Ansible system user
|
|
||||||
block:
|
|
||||||
- name: Create Ansible system user
|
|
||||||
user:
|
|
||||||
name: ansible
|
|
||||||
password_lock: yes
|
|
||||||
system: yes
|
|
||||||
become: yes
|
|
||||||
- name: Enroll Ansible user in sudo
|
|
||||||
user:
|
|
||||||
name: ansible
|
|
||||||
groups: sudo
|
|
||||||
when: ansible_os_family == "Debian"
|
|
||||||
- name: Enroll Ansible user in wheel
|
|
||||||
user:
|
|
||||||
name: ansible
|
|
||||||
groups: wheel
|
|
||||||
when: ansible_os_family != "Debian"
|
|
||||||
- name: Ensure perms on Ansible user home
|
|
||||||
file:
|
|
||||||
path: "/home/ansible"
|
|
||||||
mode: "0700"
|
|
||||||
- name: Ensure ownership of Ansible user home
|
|
||||||
file:
|
|
||||||
path: "/home/ansible"
|
|
||||||
owner: ansible
|
|
||||||
group: ansible
|
|
||||||
recurse: yes
|
|
||||||
- name: Add Ansible key to user
|
|
||||||
authorized_key:
|
|
||||||
user: ansible
|
|
||||||
manage_dir: yes
|
|
||||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8pjK7Z6V9IjxRtLB9Xwt5Rujj0iMQqOVExRkmkIzjEcblV/cqtwx4fOijoN9eQlmrjQg05rBWoHJoUiLH5LimU2HPQt9vSDSt/tTXNafhvi3St3nz+GA9yCwAkJfvz2QL/vnU7sfveYC2xmWZC0xjcG4bl8pL2GJgfyh4OnfS9vNRTpn1kAJ/Fl4vRLtRaFx1WzF3/RJUOkesYLegawSRJsaIamJFI5YxHe5VeTnFefVtssgbGrOj19uRDIZkBW/5uWsnNPVwbGUT089qioS11QFJaVOQCgU/E+4lxCHlRfLQ+gnXvaQV3j0JFk/I1bZNlCcNLHc0ZasXIqV+BUaR4au35QkDBjh38DCxesZ775tudXUp7KP6OHCC9i9ncIkum3mE+4K+0KAlS0oevUQdfguXkRQ6q3vydxEgWbBOx3jHi7i5AwvOnJqZRmUnfFp0qfhGfcS2pLEZhUcd0bOM6qAyK1XD5XRzXoVLS9bdHNUwCaIWie0tOYMLLmNooTU= ansible"
|
|
||||||
- name: Add Ansible user sudoers rule
|
|
||||||
template:
|
|
||||||
src: 90-ansible
|
|
||||||
dest: "/etc/sudoers.d/90-ansible"
|
|
||||||
mode: "0440"
|
|
||||||
become: yes
|
|
@ -1,63 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Configure basic system settings
|
|
||||||
block:
|
|
||||||
- name: Install packages
|
|
||||||
include_tasks: packages.yml
|
|
||||||
- name: Copy system configs
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
mode: "{{ item.mode }}"
|
|
||||||
loop:
|
|
||||||
- { src: "hosts", dest: "/etc/hosts", mode: "0644" }
|
|
||||||
- { src: "issue", dest: "/etc/issue", mode: "0644" }
|
|
||||||
- name: Set hostname
|
|
||||||
hostname:
|
|
||||||
name: "{{ inventory_hostname }}"
|
|
||||||
when: ansible_os_family == "Debian"
|
|
||||||
- name: Set hostname for PMOS
|
|
||||||
hostname:
|
|
||||||
name: "{{ inventory_hostname }}"
|
|
||||||
use: alpine
|
|
||||||
when: ansible_distribution == "Alpine"
|
|
||||||
- name: Set timezone
|
|
||||||
timezone:
|
|
||||||
name: "America/Chicago"
|
|
||||||
notify: restart cron
|
|
||||||
when: ansible_os_family == "Debian"
|
|
||||||
- name: Configure MOTD
|
|
||||||
block:
|
|
||||||
- name: Disable MOTD news
|
|
||||||
copy:
|
|
||||||
src: "motd-news"
|
|
||||||
dest: "/etc/default/motd-news"
|
|
||||||
tags: [ motd ]
|
|
||||||
- name: Disable default update-motd tasks
|
|
||||||
file:
|
|
||||||
path: "/etc/update-motd.d/{{ item }}"
|
|
||||||
state: absent
|
|
||||||
loop:
|
|
||||||
- "00-header"
|
|
||||||
- "10-help-text"
|
|
||||||
- "50-landscape-sysinfo"
|
|
||||||
- "50-motd-news"
|
|
||||||
- "80-esm"
|
|
||||||
- "80-livepatch"
|
|
||||||
- "90-updates-available"
|
|
||||||
- "91-release-upgrade"
|
|
||||||
- "92-unattended-upgrades"
|
|
||||||
- "95-hwe-eol"
|
|
||||||
- "97-overlayroot"
|
|
||||||
tags: [ motd ]
|
|
||||||
when: ansible_distribution == "Ubuntu"
|
|
||||||
- name: Add update-motd tasks
|
|
||||||
template:
|
|
||||||
src: 50-ansible-motd.sh
|
|
||||||
dest: /etc/update-motd.d/50-ansible
|
|
||||||
mode: "0755"
|
|
||||||
tags: [ motd ]
|
|
||||||
- name: Configure Ansible user
|
|
||||||
include_tasks: ansibleuser.yml
|
|
||||||
become: yes
|
|
@ -1,58 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Install packages via APT
|
|
||||||
block:
|
|
||||||
- name: Update and upgrade apt packages
|
|
||||||
apt:
|
|
||||||
upgrade: yes
|
|
||||||
update_cache: yes
|
|
||||||
# One day
|
|
||||||
cache_valid_time: 86400
|
|
||||||
- name: Install basic packages
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- acl
|
|
||||||
- apt-file
|
|
||||||
- aptitude
|
|
||||||
- awscli
|
|
||||||
- htop
|
|
||||||
- ncdu
|
|
||||||
- net-tools
|
|
||||||
- openssh-server
|
|
||||||
- pwgen
|
|
||||||
- python3-apt
|
|
||||||
- screen
|
|
||||||
- vim
|
|
||||||
- whois
|
|
||||||
- name: Install basic packages without recommends
|
|
||||||
apt:
|
|
||||||
install_recommends: no
|
|
||||||
name:
|
|
||||||
- smartmontools
|
|
||||||
- name: Remove packages
|
|
||||||
apt:
|
|
||||||
state: absent
|
|
||||||
name:
|
|
||||||
- unattended-upgrades
|
|
||||||
become: yes
|
|
||||||
when: ansible_os_family == "Debian"
|
|
||||||
- name: Install packages via APK
|
|
||||||
block:
|
|
||||||
- name: Update and upgrade packages
|
|
||||||
apk:
|
|
||||||
upgrade: yes
|
|
||||||
update_cache: yes
|
|
||||||
- name: Install basic packages
|
|
||||||
apk:
|
|
||||||
name:
|
|
||||||
- acl
|
|
||||||
- coreutils
|
|
||||||
- gcc
|
|
||||||
- git
|
|
||||||
- htop
|
|
||||||
- ncdu
|
|
||||||
- screen
|
|
||||||
- vim
|
|
||||||
become: yes
|
|
||||||
when: ansible_distribution == "Alpine"
|
|
@ -1,34 +0,0 @@
|
|||||||
#! /bin/sh
|
|
||||||
#
|
|
||||||
# 50-ansible-motd.sh
|
|
||||||
# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
|
|
||||||
#
|
|
||||||
# Distributed under terms of the MIT license.
|
|
||||||
#
|
|
||||||
|
|
||||||
# Service statuses
|
|
||||||
if command -v systemctl > /dev/null 2>&1; then
|
|
||||||
len=20
|
|
||||||
printf "Services:\n"
|
|
||||||
for unit in \
|
|
||||||
9iron-backup \
|
|
||||||
ansible-pull
|
|
||||||
do
|
|
||||||
systemctl status $unit > /dev/null 2>&1
|
|
||||||
case $? in
|
|
||||||
0)
|
|
||||||
printf " * %-${len}.${len}s\e[32mRunning\e[0m\n" $unit
|
|
||||||
;;
|
|
||||||
1|2)
|
|
||||||
printf " * %-${len}.${len}s\e[31mDead\e[0m\n" $unit
|
|
||||||
;;
|
|
||||||
3)
|
|
||||||
printf " * %-${len}.${len}s\e[34mExited\e[0m\n" $unit
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
printf " * %-${len}.${len}s\e[33mUnknown\e[0m\n" "$unit"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
# Managed by Ansible
|
|
||||||
|
|
||||||
ansible ALL=(ALL) NOPASSWD:ALL
|
|
@ -1,11 +0,0 @@
|
|||||||
127.0.0.1 localhost
|
|
||||||
127.0.0.1 {{ inventory_hostname }}
|
|
||||||
127.0.0.1 {{ inventory_hostname_short }}
|
|
||||||
|
|
||||||
# The following lines are desirable for IPv6 capable hosts
|
|
||||||
::1 localhost ip6-localhost ip6-loopback
|
|
||||||
fe00::0 ip6-localnet
|
|
||||||
ff00::0 ip6-mcastprefix
|
|
||||||
ff02::1 ip6-allnodes
|
|
||||||
ff02::2 ip6-allrouters
|
|
||||||
ff02::3 ip6-allhosts
|
|
@ -1,2 +0,0 @@
|
|||||||
[31m{{ ansible_distribution }} {{ ansible_distribution_version }}[0m \l
|
|
||||||
|
|
@ -1,14 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: reload udev
|
|
||||||
command: /usr/bin/udevadm trigger
|
|
||||||
become: yes
|
|
||||||
- name: restart sshd
|
|
||||||
systemd:
|
|
||||||
name: sshd.service
|
|
||||||
state: restarted
|
|
||||||
become: yes
|
|
||||||
- name: regen initramfs
|
|
||||||
command: /usr/sbin/update-initramfs -c -k all
|
|
||||||
become: yes
|
|
@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: no
|
|
@ -1,13 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Install DKMS modules
|
|
||||||
block:
|
|
||||||
- name: Install hid-nintendo
|
|
||||||
include_role:
|
|
||||||
name: dkms
|
|
||||||
vars:
|
|
||||||
dkms_repo: "https://github.com/nicman23/dkms-hid-nintendo"
|
|
||||||
dkms_name: "nintendo-1.0"
|
|
||||||
become: yes
|
|
||||||
tags: [ dkms ]
|
|
@ -1,74 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Configure desktop system
|
|
||||||
block:
|
|
||||||
- name: Create config directories
|
|
||||||
file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
state: directory
|
|
||||||
recurse: yes
|
|
||||||
loop:
|
|
||||||
- "/etc/X11/xorg.conf.d"
|
|
||||||
- name: Nuke some configs
|
|
||||||
file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
state: absent
|
|
||||||
loop:
|
|
||||||
# Works around a bug where this causes failed logins
|
|
||||||
- "/etc/X11/Xsession.d/70im-config_launch"
|
|
||||||
- name: Copy system configs
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
mode: "{{ item.mode }}"
|
|
||||||
loop:
|
|
||||||
- { src: "sshd_config", dest: "/etc/ssh/sshd_config", mode: "0644" }
|
|
||||||
- { src: "nomouseaccel.conf", dest: "/etc/X11/xorg.conf.d/90-mouse-acceleration.conf", mode: "0644" }
|
|
||||||
- { src: "touchpad.conf", dest: "/etc/X11/xorg.conf.d/90-touchpad.conf", mode: "0644" }
|
|
||||||
- { src: "grubconfig", dest: "/etc/default/grub", mode: "0644" }
|
|
||||||
- name: Copy udev rules
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
mode: "{{ item.mode }}"
|
|
||||||
loop:
|
|
||||||
- { src: "g810-led.rules", dest: "/etc/udev/rules.d/50-g810-led.rules", mode: "0644" }
|
|
||||||
- { src: "switch-rcm.rules", dest: "/etc/udev/rules.d/50-switch-rcm.rules", mode: "0644" }
|
|
||||||
notify: reload udev
|
|
||||||
tags: [ udev ]
|
|
||||||
- name: Configure custom kernel modules
|
|
||||||
include_tasks: dkms.yml
|
|
||||||
tags: [ dkms ]
|
|
||||||
- name: Configure SSH
|
|
||||||
include_tasks: sshd.yml
|
|
||||||
- name: Configure system packages
|
|
||||||
include_tasks: packages.yml
|
|
||||||
- name: Configure Mopidy
|
|
||||||
include_tasks: mopidy.yml
|
|
||||||
- name: Set up Plymouth bgrt
|
|
||||||
alternatives:
|
|
||||||
name: default.plymouth
|
|
||||||
path: /usr/share/plymouth/themes/bgrt/bgrt.plymouth
|
|
||||||
notify: regen initramfs
|
|
||||||
- name: Stop services
|
|
||||||
systemd:
|
|
||||||
name: "{{ item }}"
|
|
||||||
enabled: no
|
|
||||||
state: stopped
|
|
||||||
loop:
|
|
||||||
- mopidy.service
|
|
||||||
- motd-news.timer
|
|
||||||
- name: Start services
|
|
||||||
systemd:
|
|
||||||
name: "{{ item }}"
|
|
||||||
enabled: yes
|
|
||||||
state: started
|
|
||||||
loop:
|
|
||||||
- syncthing@salt.service
|
|
||||||
- name: Template out backup module
|
|
||||||
template:
|
|
||||||
src: "backup.sh"
|
|
||||||
dest: "/opt/backups/modules/desktop.sh"
|
|
||||||
mode: "0600"
|
|
||||||
become: yes
|
|
@ -1,46 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Configure system packages
|
|
||||||
block:
|
|
||||||
- name: Add mopidy repo key
|
|
||||||
apt_key:
|
|
||||||
url: "https://apt.mopidy.com/mopidy.gpg"
|
|
||||||
- name: Add repos
|
|
||||||
apt_repository:
|
|
||||||
repo: "{{ item }}"
|
|
||||||
loop:
|
|
||||||
# These repos work for Buster and >=19.10
|
|
||||||
- "deb https://apt.mopidy.com/ buster main contrib non-free"
|
|
||||||
- "deb-src https://apt.mopidy.com/ buster main contrib non-free"
|
|
||||||
- name: Update APT cache
|
|
||||||
apt:
|
|
||||||
update_cache: yes
|
|
||||||
cache_valid_time: 86400
|
|
||||||
- name: Install packages
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- mpc
|
|
||||||
- mopidy
|
|
||||||
- mopidy-mpd
|
|
||||||
- mopidy-spotify
|
|
||||||
- name: Template out config
|
|
||||||
block:
|
|
||||||
- name: Create config directory
|
|
||||||
file:
|
|
||||||
path: "~/.config/mopidy"
|
|
||||||
state: directory
|
|
||||||
mode: "0755"
|
|
||||||
- name: Template out config
|
|
||||||
template:
|
|
||||||
src: mopidy.conf
|
|
||||||
mode: "0600"
|
|
||||||
dest: "~/.config/mopidy/mopidy.conf"
|
|
||||||
become_user: "{{ user_username }}"
|
|
||||||
become: yes
|
|
||||||
- name: Remove MPD
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- mpd
|
|
||||||
state: absent
|
|
||||||
become: yes
|
|
@ -1,245 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Configure system packages
|
|
||||||
block:
|
|
||||||
- name: Enable i386 architecture
|
|
||||||
lineinfile:
|
|
||||||
dest: /var/lib/dpkg/arch
|
|
||||||
line: i386
|
|
||||||
create: yes
|
|
||||||
- name: Add repo keys from keyserver
|
|
||||||
apt_key:
|
|
||||||
keyserver: 'keyserver.ubuntu.com'
|
|
||||||
id: "{{ item }}"
|
|
||||||
loop:
|
|
||||||
- "3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF" # Monodevelop
|
|
||||||
- name: Add repo keys by URL
|
|
||||||
apt_key:
|
|
||||||
url: "{{ item }}"
|
|
||||||
loop:
|
|
||||||
- "https://packagecloud.io/slacktechnologies/slack/gpgkey" # Slack
|
|
||||||
- "https://syncthing.net/release-key.txt" # Syncthing
|
|
||||||
- "https://packages.riot.im/debian/riot-im-archive-keyring.gpg" # Element
|
|
||||||
- "https://download.spotify.com/debian/pubkey.gpg" # Spotify 1
|
|
||||||
- "https://download.spotify.com/debian/pubkey_0D811D58.gpg" # Spotify 2
|
|
||||||
- name: Add repos
|
|
||||||
apt_repository:
|
|
||||||
repo: "{{ item }}"
|
|
||||||
loop:
|
|
||||||
# Debs
|
|
||||||
- "deb https://packagecloud.io/slacktechnologies/slack/debian/ jessie main" # Slack
|
|
||||||
- "deb http://repository.spotify.com stable non-free" # Spotify
|
|
||||||
- "deb https://apt.syncthing.net/ syncthing stable" # Syncthing
|
|
||||||
- "deb https://download.mono-project.com/repo/ubuntu vs-bionic main" # Monodevelop
|
|
||||||
- "deb https://packages.riot.im/debian/ default main" # Element
|
|
||||||
# My PPA
|
|
||||||
#- "ppa:rehashedsalt/personal"
|
|
||||||
# First-party PPAs
|
|
||||||
- "ppa:phoerious/keepassxc" # KeepassXC
|
|
||||||
# Third-party PPAs
|
|
||||||
- "ppa:system76-dev/stable" # Love my lemp9
|
|
||||||
- "ppa:drewwalton19216801/dolphin-master-cosmic" # Because Dolphin doesn't update their shit
|
|
||||||
- "ppa:kgilmer/speed-ricer" # Rice rice rice
|
|
||||||
- "ppa:lutris-team/lutris" # Lutris is kickass
|
|
||||||
- name: Update and upgrade apt packages
|
|
||||||
apt:
|
|
||||||
upgrade: "yes"
|
|
||||||
update_cache: yes
|
|
||||||
# One day
|
|
||||||
cache_valid_time: 86400
|
|
||||||
- name: Install packages
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
# Terminal packages
|
|
||||||
- adb
|
|
||||||
- bison
|
|
||||||
- build-essential
|
|
||||||
- cmake
|
|
||||||
- debhelper
|
|
||||||
- devscripts # Tons of cool shit in here, mostly for packaging tho
|
|
||||||
- dh-make
|
|
||||||
- earlyoom
|
|
||||||
- fastboot
|
|
||||||
- ffmpeg
|
|
||||||
- flex
|
|
||||||
- git
|
|
||||||
- glances # For temperature monitoring, mostly. It's pretty heavy
|
|
||||||
- imagemagick
|
|
||||||
- libinput-tools # Allows for libinput debugging
|
|
||||||
- lua-check # I am good ComputerCraft guy
|
|
||||||
- neofetch # I never use it but whatever I guess
|
|
||||||
- network-manager-openconnect
|
|
||||||
- network-manager-openvpn
|
|
||||||
- network-manager-vpnc # For default route configuration
|
|
||||||
- nmap # For those times when you wanna scan a guy
|
|
||||||
- npm # I'm sorry
|
|
||||||
- openjdk-8-jre # For Minecraft
|
|
||||||
- pbuilder # Deb creation tool that does it all in a container
|
|
||||||
- pwgen
|
|
||||||
- python3-appdirs
|
|
||||||
- python3-eyed3
|
|
||||||
- python3-pip
|
|
||||||
- python3-pyqt5
|
|
||||||
- python3-usb # fuselee-gelee
|
|
||||||
- python3-venv
|
|
||||||
- qt5-default # For Multimc, should be installed on Kubuntu by default regardless
|
|
||||||
- traceroute
|
|
||||||
- tree
|
|
||||||
- units # How many bytes are in a mile?
|
|
||||||
- vagrant
|
|
||||||
- vagrant-libvirt
|
|
||||||
- vim
|
|
||||||
- wamerican # Dictionaries because I have like two scripts that use them
|
|
||||||
- wamerican-large
|
|
||||||
- wamerican-huge
|
|
||||||
- wamerican-insane
|
|
||||||
- wine
|
|
||||||
- wine-binfmt
|
|
||||||
- xz-utils # For Ansible deb support
|
|
||||||
# Fonts
|
|
||||||
- fonts-fork-awesome
|
|
||||||
- fonts-inconsolata
|
|
||||||
- fonts-material-design-icons-iconfont
|
|
||||||
- fonts-noto
|
|
||||||
- fonts-roboto
|
|
||||||
# DE
|
|
||||||
- bspwm
|
|
||||||
- conky-all # Why this is in several packages is beyond me
|
|
||||||
- dunst
|
|
||||||
- hsetroot # Works around a bug with Compton and a gray root window
|
|
||||||
- i3lock # Don't actually use this anymore (wew ksmserver)
|
|
||||||
- ibus
|
|
||||||
- ibus-mozc # Jap
|
|
||||||
- kubuntu-desktop # Sanity
|
|
||||||
- mozc-utils-gui
|
|
||||||
- nitrogen
|
|
||||||
- papirus-icon-theme
|
|
||||||
- pavucontrol-qt
|
|
||||||
- picom
|
|
||||||
- polybar
|
|
||||||
- qt5ct
|
|
||||||
- xbacklight # This works on literally none of my machines but fuck it
|
|
||||||
# Desktop applications
|
|
||||||
- alsa-tools-gui # For reprobing my front jack, I guess??
|
|
||||||
- barrier # FOSS Synergy
|
|
||||||
- cantata # MPD client
|
|
||||||
- chromium-browser
|
|
||||||
- chromium-chromedriver # Because Selenium
|
|
||||||
- clonezilla
|
|
||||||
- dolphin-emu-master
|
|
||||||
- dolphin-plugins
|
|
||||||
- element-desktop
|
|
||||||
- filelight # Sweet disk usage util
|
|
||||||
- filezilla
|
|
||||||
- firefox
|
|
||||||
- g810-led # For Logitech peripherals
|
|
||||||
- gimp
|
|
||||||
- inkscape # I use it for like two things
|
|
||||||
- joy2key # Neat little wrapper to bind joypad keys to keyboard keys
|
|
||||||
- joystick
|
|
||||||
- kcolorchooser
|
|
||||||
- kde-config-plymouth # Realistically not required, but whatever
|
|
||||||
- kdenlive # For the one video I edit a year
|
|
||||||
- kdepim
|
|
||||||
- keepassxc
|
|
||||||
- krita # I don't ever end up using this, maybe I'll pick it up for spritework
|
|
||||||
- libnotify-bin # Used for several of my scripts
|
|
||||||
- libretro-desmume
|
|
||||||
- libretro-mgba
|
|
||||||
- libretro-mupen64plus
|
|
||||||
- libretro-snes9x
|
|
||||||
- lutris
|
|
||||||
- mesa-vulkan-drivers
|
|
||||||
- mono-complete # Initial installation of this package may take an eternity
|
|
||||||
- monodevelop
|
|
||||||
- mpv
|
|
||||||
- mupen64plus-qt
|
|
||||||
- nextcloud-desktop
|
|
||||||
- obs-studio
|
|
||||||
- plymouth-theme-spinner # Gives us the good UEFI logo bootup
|
|
||||||
- pulseeffects # I need to be an echoey boi
|
|
||||||
- q4wine
|
|
||||||
- qbittorrent
|
|
||||||
- rdesktop # CLI RDP client, works real nice
|
|
||||||
- redshift
|
|
||||||
- retroarch
|
|
||||||
- rofi
|
|
||||||
- scrot # For scripted screenshots
|
|
||||||
- slack-desktop
|
|
||||||
- spotify-client
|
|
||||||
- steam-installer
|
|
||||||
- syncthing-gtk
|
|
||||||
- telegram-desktop
|
|
||||||
- torbrowser-launcher # Sometimes it's bugged but it's still nice to have
|
|
||||||
- virt-manager
|
|
||||||
- vulkan-tools
|
|
||||||
- vulkan-utils
|
|
||||||
- winetricks
|
|
||||||
- xdotool
|
|
||||||
- xserver-xephyr
|
|
||||||
- zim
|
|
||||||
# Other architectures, misc
|
|
||||||
- "libgl1-mesa-dri:i386"
|
|
||||||
- "mesa-vulkan-drivers:i386"
|
|
||||||
# Games
|
|
||||||
- minetest
|
|
||||||
- name: Install System76-exclusive packages
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- firmware-manager
|
|
||||||
- kamoso # Camera util
|
|
||||||
- system76-acpi-dkms
|
|
||||||
- system76-dkms
|
|
||||||
- system76-firmware
|
|
||||||
- system76-io-dkms
|
|
||||||
- system76-power
|
|
||||||
when: ansible_system_vendor == "System76"
|
|
||||||
- name: Install Focal-exclusive desktop applications
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- piper # Peripheral LED management
|
|
||||||
when: ansible_distribution_release == "focal"
|
|
||||||
- name: Install packages without recommends
|
|
||||||
apt:
|
|
||||||
install_recommends: no
|
|
||||||
name:
|
|
||||||
- php # Dev stuff
|
|
||||||
- php-xml
|
|
||||||
- name: Install out-of-repo packages
|
|
||||||
apt:
|
|
||||||
deb: "{{ item }}"
|
|
||||||
loop:
|
|
||||||
- "https://dl.discordapp.net/apps/linux/0.0.12/discord-0.0.12.deb"
|
|
||||||
- "https://github.com/MultiMC/MultiMC5/releases/download/0.6.8/multimc_1.4-1.deb"
|
|
||||||
- "https://zoom.us/client/latest/zoom_amd64.deb"
|
|
||||||
# We ignore errors here in case we have a more up-to-date package on the target machine and/or face a URL timeout
|
|
||||||
ignore_errors: yes
|
|
||||||
- name: Install desktop applications through pip3
|
|
||||||
pip:
|
|
||||||
executable: "/usr/bin/pip3"
|
|
||||||
state: latest
|
|
||||||
name:
|
|
||||||
- pmbootstrap
|
|
||||||
- protontricks
|
|
||||||
- youtube-dl
|
|
||||||
# Just in case we have legacy apps floating around
|
|
||||||
- name: Remove Snap applications
|
|
||||||
snap:
|
|
||||||
name:
|
|
||||||
- discord
|
|
||||||
- pixelorama
|
|
||||||
- riot-web
|
|
||||||
- slack
|
|
||||||
- scrcpy
|
|
||||||
- sengi
|
|
||||||
- spotify
|
|
||||||
state: absent
|
|
||||||
- name: Remove desktop applications through APT
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- ktorrent
|
|
||||||
- mpd
|
|
||||||
- thunderbird
|
|
||||||
state: absent
|
|
||||||
become: yes
|
|
@ -1,19 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Configure desktop system
|
|
||||||
block:
|
|
||||||
- name: Copy system configs
|
|
||||||
template:
|
|
||||||
src: sshd_config
|
|
||||||
dest: "/etc/ssh/sshd_config"
|
|
||||||
mode: "0644"
|
|
||||||
notify: restart sshd
|
|
||||||
- name: Start services
|
|
||||||
systemd:
|
|
||||||
name: "{{ item }}"
|
|
||||||
enabled: yes
|
|
||||||
state: started
|
|
||||||
loop:
|
|
||||||
- sshd.service
|
|
||||||
become: yes
|
|
@ -1,8 +0,0 @@
|
|||||||
# Configuration for {{ inventory_hostname }} local Apache
|
|
||||||
# vim:ft=apache:
|
|
||||||
|
|
||||||
# Website configuration
|
|
||||||
<VirtualHost *:80>
|
|
||||||
ServerName localhost
|
|
||||||
DocumentRoot "/var/www/localhost"
|
|
||||||
</VirtualHost>
|
|
@ -1,67 +0,0 @@
|
|||||||
#! /bin/bash
|
|
||||||
#
|
|
||||||
# desktop.sh
|
|
||||||
# Backup script for desktops. Meant to be sourced by our main backup script
|
|
||||||
# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
|
|
||||||
#
|
|
||||||
# Distributed under terms of the MIT license.
|
|
||||||
#
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
export OUTDIR="$BACKUPSDIR/{{ inventory_hostname_short }}"
|
|
||||||
retention=7 # 7-day retention period
|
|
||||||
|
|
||||||
# Sanity checks
|
|
||||||
if [ -z "$BACKUPSDIR" ]; then
|
|
||||||
log "BACKUPSDIR was undefined. Run the main backup script instead of this one."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
if ! [ -d "$OUTDIR" ]; then
|
|
||||||
if ! mkdir "$OUTDIR"; then
|
|
||||||
log "Unable to find or create output directory: $OUTDIR"
|
|
||||||
return 2
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Purge oldest backup if we need to
|
|
||||||
currentbackupcount="$(ls -1 "$OUTDIR" | wc -l)"
|
|
||||||
if (( currentbackupcount >= retention )); then
|
|
||||||
lastbackup="$(find "$OUTDIR" -name \*.tar.gz 2>/dev/null | sort | head -n 1)"
|
|
||||||
if [ -f "$lastbackup" ]; then
|
|
||||||
log "Removing old backup: $lastbackup"
|
|
||||||
rm "$lastbackup"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
# WE MAKE BACKUP NOW SERGEI
|
|
||||||
s3bucket="{{ aws.backup_bucket }}"
|
|
||||||
for dir in /home/*; do
|
|
||||||
username="$(basename -- "$dir")"
|
|
||||||
forcefile="$dir/.backup/force"
|
|
||||||
[ -d "$dir/.backup" ] || continue
|
|
||||||
for file in "$dir/.backup/"*; do [ -e "$file" ] || continue; done
|
|
||||||
tar czhf "$OUTDIR/desktop-$username-{{ inventory_hostname_short }}-$(date -Iseconds).tar.gz" "$dir/.backup/"*
|
|
||||||
# if (( "$(date +%d)" == "1" )) || [ -f "$forcefile" ]; then
|
|
||||||
# log "Detected conditions for monthly dump"
|
|
||||||
# if command -v aws > /dev/null 2>&1 && aws s3 ls "s3://$s3bucket" > /dev/null 2>&1; then
|
|
||||||
# # Time for huge backups piped straight to S3
|
|
||||||
# tar cz \
|
|
||||||
# --exclude "$dir/.ansible" \
|
|
||||||
# --exclude "$dir/.backup" \
|
|
||||||
# --exclude "$dir/.cache" \
|
|
||||||
# --exclude "$dir/.steam" \
|
|
||||||
# --exclude "$dir/Downloads" \
|
|
||||||
# --exclude "$dir/Dropbox" \
|
|
||||||
# --exclude "$dir/Nextcloud" \
|
|
||||||
# --exclude "$dir/snap" \
|
|
||||||
# "$dir/."* \
|
|
||||||
# | aws s3 cp - "s3://$s3bucket/{{ inventory_hostname_short }}/desktop-$username-{{ inventory_hostname_short }}-$(date -Iseconds)-full.tar.gz" \
|
|
||||||
# --only-show-errors \
|
|
||||||
# --storage-class STANDARD_IA
|
|
||||||
# else
|
|
||||||
# log "Could not satisfy requirements for AWS CLI"
|
|
||||||
# fi
|
|
||||||
# [ -f "$forcefile" ] && rm "$forcefile"
|
|
||||||
# fi
|
|
||||||
done
|
|
||||||
|
|
@ -1,22 +0,0 @@
|
|||||||
ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c336", MODE="666" RUN+="/usr/bin/g213-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c330", MODE="666" RUN+="/usr/bin/g410-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c33a", MODE="666" RUN+="/usr/bin/g413-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c33c", MODE="666" RUN+="/usr/bin/g513-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c333", MODE="666" RUN+="/usr/bin/g610-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c338", MODE="666" RUN+="/usr/bin/g610-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c331", MODE="666" RUN+="/usr/bin/g810-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c337", MODE="666" RUN+="/usr/bin/g810-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c32b", MODE="666" RUN+="/usr/bin/g910-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c335", MODE="666" RUN+="/usr/bin/g910-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c339", MODE="666" RUN+="/usr/bin/gpro-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c336", MODE="666" RUN+="/usr/bin/g213-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c330", MODE="666" RUN+="/usr/bin/g410-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c33a", MODE="666" RUN+="/usr/bin/g413-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c33c", MODE="666" RUN+="/usr/bin/g513-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c333", MODE="666" RUN+="/usr/bin/g610-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c338", MODE="666" RUN+="/usr/bin/g610-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c331", MODE="666" RUN+="/usr/bin/g810-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c337", MODE="666" RUN+="/usr/bin/g810-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c32b", MODE="666" RUN+="/usr/bin/g910-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c335", MODE="666" RUN+="/usr/bin/g910-led -p /etc/g810-led/profile"
|
|
||||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c339", MODE="666" RUN+="/usr/bin/gpro-led -p /etc/g810-led/profile"
|
|
@ -1,40 +0,0 @@
|
|||||||
# vim:ft=bash:
|
|
||||||
# If you change this file, run 'update-grub' afterwards to update
|
|
||||||
# /boot/grub/grub.cfg.
|
|
||||||
# For full documentation of the options in this file, see:
|
|
||||||
# info -f grub -n 'Simple configuration'
|
|
||||||
|
|
||||||
GRUB_DEFAULT=0
|
|
||||||
GRUB_HIDDEN_TIMEOUT=0
|
|
||||||
GRUB_HIDDEN_TIMEOUT_QUIET="true"
|
|
||||||
GRUB_TIMEOUT=0
|
|
||||||
GRUB_TIMEOUT_STYLE=hidden
|
|
||||||
GRUB_RECORDFAIL_TIMEOUT=0
|
|
||||||
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
|
|
||||||
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
|
|
||||||
GRUB_CMDLINE_LINUX=""
|
|
||||||
|
|
||||||
# Work around probing for other OSs resetting timeout
|
|
||||||
GRUB_DISABLE_OS_PROBER="true"
|
|
||||||
|
|
||||||
# Uncomment to enable BadRAM filtering, modify to suit your needs
|
|
||||||
# This works with Linux (no patch required) and with any kernel that obtains
|
|
||||||
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
|
|
||||||
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
|
|
||||||
|
|
||||||
# Uncomment to disable graphical terminal (grub-pc only)
|
|
||||||
#GRUB_TERMINAL=console
|
|
||||||
|
|
||||||
# The resolution used on graphical terminal
|
|
||||||
# note that you can use only modes which your graphic card supports via VBE
|
|
||||||
# you can see them in real GRUB with the command `vbeinfo'
|
|
||||||
#GRUB_GFXMODE=640x480
|
|
||||||
|
|
||||||
# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
|
|
||||||
#GRUB_DISABLE_LINUX_UUID=true
|
|
||||||
|
|
||||||
# Uncomment to disable generation of recovery mode menu entries
|
|
||||||
#GRUB_DISABLE_RECOVERY="true"
|
|
||||||
|
|
||||||
# Uncomment to get a beep at grub start
|
|
||||||
#GRUB_INIT_TUNE="480 440 1"
|
|
@ -1,132 +0,0 @@
|
|||||||
# For further information about options in this file see:
|
|
||||||
# http://docs.mopidy.com/
|
|
||||||
#
|
|
||||||
# The initial commented out values reflect the defaults as of:
|
|
||||||
# Mopidy 2.2.3
|
|
||||||
# Mopidy-File 2.2.3
|
|
||||||
# Mopidy-HTTP 2.2.3
|
|
||||||
# Mopidy-Local 2.2.3
|
|
||||||
# Mopidy-M3U 2.2.3
|
|
||||||
# Mopidy-MPD 2.2.3
|
|
||||||
# Mopidy-SoftwareMixer 2.2.3
|
|
||||||
# Mopidy-Stream 2.2.3
|
|
||||||
#
|
|
||||||
# Available options and defaults might have changed since then,
|
|
||||||
# run `mopidy config` to see the current effective config and
|
|
||||||
# `mopidy --version` to check the current version.
|
|
||||||
|
|
||||||
[core]
|
|
||||||
#cache_dir = $XDG_CACHE_DIR/mopidy
|
|
||||||
#config_dir = $XDG_CONFIG_DIR/mopidy
|
|
||||||
#data_dir = $XDG_DATA_DIR/mopidy
|
|
||||||
#max_tracklist_length = 10000
|
|
||||||
#restore_state = false
|
|
||||||
|
|
||||||
[logging]
|
|
||||||
#color = true
|
|
||||||
#console_format = %(levelname)-8s %(message)s
|
|
||||||
#debug_format = %(levelname)-8s %(asctime)s [%(process)d:%(threadName)s] %(name)s\n %(message)s
|
|
||||||
#debug_file = mopidy.log
|
|
||||||
#config_file =
|
|
||||||
|
|
||||||
[audio]
|
|
||||||
#mixer = software
|
|
||||||
mixer_volume = 60
|
|
||||||
#output = autoaudiosink
|
|
||||||
#buffer_time =
|
|
||||||
|
|
||||||
[proxy]
|
|
||||||
#scheme =
|
|
||||||
#hostname =
|
|
||||||
#port =
|
|
||||||
#username =
|
|
||||||
#password =
|
|
||||||
|
|
||||||
[mpd]
|
|
||||||
#enabled = true
|
|
||||||
#hostname = 127.0.0.1
|
|
||||||
#port = 6600
|
|
||||||
#password =
|
|
||||||
#max_connections = 20
|
|
||||||
#connection_timeout = 60
|
|
||||||
#zeroconf = Mopidy MPD server on $hostname
|
|
||||||
#command_blacklist =
|
|
||||||
# listall
|
|
||||||
# listallinfo
|
|
||||||
#default_playlist_scheme = m3u
|
|
||||||
|
|
||||||
[http]
|
|
||||||
enabled = false
|
|
||||||
#hostname = 127.0.0.1
|
|
||||||
#port = 6680
|
|
||||||
#static_dir =
|
|
||||||
#zeroconf = Mopidy HTTP server on $hostname
|
|
||||||
#allowed_origins =
|
|
||||||
#csrf_protection = true
|
|
||||||
|
|
||||||
[stream]
|
|
||||||
#enabled = true
|
|
||||||
#protocols =
|
|
||||||
# http
|
|
||||||
# https
|
|
||||||
# mms
|
|
||||||
# rtmp
|
|
||||||
# rtmps
|
|
||||||
# rtsp
|
|
||||||
#metadata_blacklist =
|
|
||||||
#timeout = 5000
|
|
||||||
|
|
||||||
[m3u]
|
|
||||||
#enabled = true
|
|
||||||
#base_dir = $XDG_MUSIC_DIR
|
|
||||||
#default_encoding = latin-1
|
|
||||||
#default_extension = .m3u8
|
|
||||||
#playlists_dir =
|
|
||||||
|
|
||||||
[softwaremixer]
|
|
||||||
#enabled = true
|
|
||||||
|
|
||||||
[file]
|
|
||||||
#enabled = true
|
|
||||||
#media_dirs =
|
|
||||||
# $XDG_MUSIC_DIR|Music
|
|
||||||
# ~/|Home
|
|
||||||
#excluded_file_extensions =
|
|
||||||
# .directory
|
|
||||||
# .html
|
|
||||||
# .jpeg
|
|
||||||
# .jpg
|
|
||||||
# .log
|
|
||||||
# .nfo
|
|
||||||
# .pdf
|
|
||||||
# .png
|
|
||||||
# .txt
|
|
||||||
# .zip
|
|
||||||
#show_dotfiles = false
|
|
||||||
#follow_symlinks = false
|
|
||||||
#metadata_timeout = 1000
|
|
||||||
|
|
||||||
[local]
|
|
||||||
#enabled = true
|
|
||||||
#library = json
|
|
||||||
#media_dir = $XDG_MUSIC_DIR
|
|
||||||
#scan_timeout = 1000
|
|
||||||
#scan_flush_threshold = 100
|
|
||||||
#scan_follow_symlinks = false
|
|
||||||
#excluded_file_extensions =
|
|
||||||
# .directory
|
|
||||||
# .html
|
|
||||||
# .jpeg
|
|
||||||
# .jpg
|
|
||||||
# .log
|
|
||||||
# .nfo
|
|
||||||
# .pdf
|
|
||||||
# .png
|
|
||||||
# .txt
|
|
||||||
# .zip
|
|
||||||
|
|
||||||
[spotify]
|
|
||||||
username = {{ mopidy_spotify_username }}
|
|
||||||
password = {{ mopidy_spotify_password }}
|
|
||||||
client_id = {{ mopidy_spotify_client_id }}
|
|
||||||
client_secret = {{ mopidy_spotify_client_secret }}
|
|
@ -1,9 +0,0 @@
|
|||||||
# This file managed via Ansible
|
|
||||||
# vim:ft=xf86conf
|
|
||||||
Section "InputClass"
|
|
||||||
Identifier "mouse"
|
|
||||||
MatchIsPointer "yes"
|
|
||||||
# Options
|
|
||||||
Option "AccelProfile" "flat"
|
|
||||||
Option "AccelSpeed" "-1"
|
|
||||||
EndSection
|
|
@ -1,112 +0,0 @@
|
|||||||
# This is the sshd server system-wide configuration file. See
|
|
||||||
# sshd_config(5) for more information.
|
|
||||||
|
|
||||||
#Port 22
|
|
||||||
#AddressFamily any
|
|
||||||
#ListenAddress 0.0.0.0
|
|
||||||
#ListenAddress ::
|
|
||||||
|
|
||||||
#HostKey /etc/ssh/ssh_host_rsa_key
|
|
||||||
#HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
||||||
#HostKey /etc/ssh/ssh_host_ed25519_key
|
|
||||||
|
|
||||||
# Ciphers and keying
|
|
||||||
#RekeyLimit default none
|
|
||||||
|
|
||||||
# Logging
|
|
||||||
#SyslogFacility AUTH
|
|
||||||
#LogLevel INFO
|
|
||||||
|
|
||||||
# Authentication:
|
|
||||||
|
|
||||||
#LoginGraceTime 2m
|
|
||||||
PermitRootLogin no
|
|
||||||
#StrictModes yes
|
|
||||||
#MaxAuthTries 6
|
|
||||||
#MaxSessions 10
|
|
||||||
|
|
||||||
#PubkeyAuthentication yes
|
|
||||||
|
|
||||||
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
|
|
||||||
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
|
|
||||||
|
|
||||||
#AuthorizedPrincipalsFile none
|
|
||||||
|
|
||||||
#AuthorizedKeysCommand none
|
|
||||||
#AuthorizedKeysCommandUser nobody
|
|
||||||
|
|
||||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
|
||||||
#HostbasedAuthentication no
|
|
||||||
# Change to yes if you don't trust ~/.ssh/known_hosts for
|
|
||||||
# HostbasedAuthentication
|
|
||||||
#IgnoreUserKnownHosts no
|
|
||||||
# Don't read the user's ~/.rhosts and ~/.shosts files
|
|
||||||
#IgnoreRhosts yes
|
|
||||||
|
|
||||||
# To disable tunneled clear text passwords, change to no here!
|
|
||||||
PasswordAuthentication no
|
|
||||||
#PermitEmptyPasswords no
|
|
||||||
|
|
||||||
# Change to yes to enable challenge-response passwords (beware issues with
|
|
||||||
# some PAM modules and threads)
|
|
||||||
ChallengeResponseAuthentication no
|
|
||||||
|
|
||||||
# Kerberos options
|
|
||||||
#KerberosAuthentication no
|
|
||||||
#KerberosOrLocalPasswd yes
|
|
||||||
#KerberosTicketCleanup yes
|
|
||||||
#KerberosGetAFSToken no
|
|
||||||
|
|
||||||
# GSSAPI options
|
|
||||||
#GSSAPIAuthentication no
|
|
||||||
#GSSAPICleanupCredentials yes
|
|
||||||
#GSSAPIStrictAcceptorCheck yes
|
|
||||||
#GSSAPIKeyExchange no
|
|
||||||
|
|
||||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
|
||||||
# and session processing. If this is enabled, PAM authentication will
|
|
||||||
# be allowed through the ChallengeResponseAuthentication and
|
|
||||||
# PasswordAuthentication. Depending on your PAM configuration,
|
|
||||||
# PAM authentication via ChallengeResponseAuthentication may bypass
|
|
||||||
# the setting of "PermitRootLogin without-password".
|
|
||||||
# If you just want the PAM account and session checks to run without
|
|
||||||
# PAM authentication, then enable this but set PasswordAuthentication
|
|
||||||
# and ChallengeResponseAuthentication to 'no'.
|
|
||||||
UsePAM yes
|
|
||||||
|
|
||||||
#AllowAgentForwarding yes
|
|
||||||
#AllowTcpForwarding yes
|
|
||||||
#GatewayPorts no
|
|
||||||
X11Forwarding yes
|
|
||||||
#X11DisplayOffset 10
|
|
||||||
#X11UseLocalhost yes
|
|
||||||
#PermitTTY yes
|
|
||||||
PrintMotd no
|
|
||||||
#PrintLastLog yes
|
|
||||||
#TCPKeepAlive yes
|
|
||||||
#PermitUserEnvironment no
|
|
||||||
#Compression delayed
|
|
||||||
#ClientAliveInterval 0
|
|
||||||
#ClientAliveCountMax 3
|
|
||||||
#UseDNS no
|
|
||||||
#PidFile /var/run/sshd.pid
|
|
||||||
#MaxStartups 10:30:100
|
|
||||||
#PermitTunnel no
|
|
||||||
#ChrootDirectory none
|
|
||||||
#VersionAddendum none
|
|
||||||
|
|
||||||
# no default banner path
|
|
||||||
#Banner none
|
|
||||||
|
|
||||||
# Allow client to pass locale environment variables
|
|
||||||
AcceptEnv LANG LC_*
|
|
||||||
|
|
||||||
# override default of no subsystems
|
|
||||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
|
||||||
|
|
||||||
# Example of overriding settings on a per-user basis
|
|
||||||
#Match User anoncvs
|
|
||||||
# X11Forwarding no
|
|
||||||
# AllowTcpForwarding no
|
|
||||||
# PermitTTY no
|
|
||||||
# ForceCommand cvs server
|
|
@ -1 +0,0 @@
|
|||||||
SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev"
|
|
@ -1,12 +0,0 @@
|
|||||||
# This file managed via Ansible
|
|
||||||
# vim:ft=xf86conf
|
|
||||||
Section "InputClass"
|
|
||||||
Identifier "touchpad"
|
|
||||||
MatchIsTouchpad "yes"
|
|
||||||
Driver "libinput"
|
|
||||||
# Options
|
|
||||||
Option "DisableWhileTyping" "yes"
|
|
||||||
Option "Tapping" "yes"
|
|
||||||
Option "TappingButtonMap" "lrm" # 1/2/3-finger taps
|
|
||||||
Option "TappingDrag" "yes"
|
|
||||||
EndSection
|
|
@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: no
|
|
@ -1,43 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Install and configure SDDM
|
|
||||||
block:
|
|
||||||
- name: Install SDDM
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- sddm
|
|
||||||
- name: Create config directory
|
|
||||||
file:
|
|
||||||
path: /etc/sddm.conf.d
|
|
||||||
state: directory
|
|
||||||
- name: Template out config
|
|
||||||
template:
|
|
||||||
src: main.conf
|
|
||||||
dest: /etc/sddm.conf.d/50-ansible.conf
|
|
||||||
mode: "0644"
|
|
||||||
- name: Install theme
|
|
||||||
block:
|
|
||||||
- name: Remove KDE config
|
|
||||||
file:
|
|
||||||
path: /etc/sddm.conf.d/kde_settings.conf
|
|
||||||
state: absent
|
|
||||||
- name: Download theme
|
|
||||||
get_url:
|
|
||||||
url: "{{ sddm_theme }}"
|
|
||||||
dest: "/usr/share/sddm/themes/ansible.zip"
|
|
||||||
register: t
|
|
||||||
- name: Unpack theme
|
|
||||||
unarchive:
|
|
||||||
src: "/usr/share/sddm/themes/ansible.zip"
|
|
||||||
dest: "/usr/share/sddm/themes"
|
|
||||||
remote_src: yes
|
|
||||||
when: t is changed
|
|
||||||
when: sddm_theme is defined
|
|
||||||
- name: Template out theme config
|
|
||||||
template:
|
|
||||||
src: theme.conf
|
|
||||||
dest: /etc/sddm.conf.d/51-ansible-theme.conf
|
|
||||||
mode: "0644"
|
|
||||||
when: sddm_theme_name is defined
|
|
||||||
become: yes
|
|
@ -1,11 +0,0 @@
|
|||||||
# This configuration file managed by Ansible
|
|
||||||
# Make your adjustments in a separate file after this one in the load order
|
|
||||||
# vim:ft=dosini
|
|
||||||
|
|
||||||
[General]
|
|
||||||
Numlock=on
|
|
||||||
|
|
||||||
[Users]
|
|
||||||
MinimumUid=1000
|
|
||||||
MaximumUid=60000
|
|
||||||
HideUsers=ansible
|
|
@ -1,6 +0,0 @@
|
|||||||
# This configuration file managed by Ansible
|
|
||||||
# Make your adjustments in a separate file after this one in the load order
|
|
||||||
# vim:ft=dosini
|
|
||||||
|
|
||||||
[Theme]
|
|
||||||
Current={{ sddm_theme_name }}
|
|
@ -1,9 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: restart zerotier
|
|
||||||
systemd:
|
|
||||||
daemon_reload: yes
|
|
||||||
name: zerotier-one.service
|
|
||||||
state: restarted
|
|
||||||
become: yes
|
|
@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: no
|
|
@ -1,35 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Configure system packages
|
|
||||||
block:
|
|
||||||
- name: Add zerotier repo key
|
|
||||||
apt_key:
|
|
||||||
url: "https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg"
|
|
||||||
- name: Add repos
|
|
||||||
apt_repository:
|
|
||||||
repo: "{{ item }}"
|
|
||||||
loop:
|
|
||||||
# These repos work for Buster and >=19.10
|
|
||||||
- "deb http://download.zerotier.com/debian/buster buster main"
|
|
||||||
- name: Update APT cache
|
|
||||||
apt:
|
|
||||||
update_cache: yes
|
|
||||||
cache_valid_time: 86400
|
|
||||||
- name: Install packages
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- zerotier-one
|
|
||||||
- name: Template out unit
|
|
||||||
template:
|
|
||||||
src: zerotier-one.service
|
|
||||||
dest: /etc/systemd/system/zerotier-one.service
|
|
||||||
notify: restart zerotier
|
|
||||||
- name: Join network
|
|
||||||
command:
|
|
||||||
argv:
|
|
||||||
- "zerotier-cli"
|
|
||||||
- "join"
|
|
||||||
- "{{ zerotier_network_id }}"
|
|
||||||
changed_when: no
|
|
||||||
become: yes
|
|
@ -1,14 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=ZeroTier One
|
|
||||||
After=network.target
|
|
||||||
Wants=network-online.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=/usr/sbin/zerotier-one
|
|
||||||
Restart=always
|
|
||||||
KillMode=process
|
|
||||||
# Issue 738
|
|
||||||
TimeoutStopSec=10
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,9 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: dkms autoinstall
|
|
||||||
command:
|
|
||||||
argv:
|
|
||||||
- /usr/sbin/dkms
|
|
||||||
- autoinstall
|
|
||||||
become: yes
|
|
@ -1,15 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Install DKMS module
|
|
||||||
block:
|
|
||||||
- name: Install packages
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- dkms
|
|
||||||
- name: Clone repository
|
|
||||||
git:
|
|
||||||
repo: "{{ dkms_repo }}"
|
|
||||||
dest: "/usr/src/{{ dkms_name }}"
|
|
||||||
notify: dkms autoinstall
|
|
||||||
become: yes
|
|
@ -1,3 +0,0 @@
|
|||||||
# vim:ft=ansible:
|
|
||||||
dokuwiki_tgz: "https://download.dokuwiki.org/src/dokuwiki/dokuwiki-stable.tgz"
|
|
||||||
dokuwiki_webroot: "/var/www/dokuwiki"
|
|
@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: no
|
|
||||||
dependencies:
|
|
||||||
- role: apache-php
|
|
@ -1,64 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Install, configure, and start Dokuwiki
|
|
||||||
block:
|
|
||||||
- name: Set up Apache
|
|
||||||
block:
|
|
||||||
- name: Create webroot
|
|
||||||
file:
|
|
||||||
path: "{{ dokuwiki_webroot }}"
|
|
||||||
mode: "0755"
|
|
||||||
recurse: yes
|
|
||||||
state: directory
|
|
||||||
- name: Check for existing installation
|
|
||||||
stat:
|
|
||||||
path: "{{ dokuwiki_webroot }}/index.php"
|
|
||||||
register: stat_webroot_index
|
|
||||||
- name: Install Dokuwiki
|
|
||||||
block:
|
|
||||||
- name: Download Dokuwiki
|
|
||||||
get_url:
|
|
||||||
dest: /var/www/dokuwiki.tgz
|
|
||||||
url: "{{ dokuwiki_tgz }}"
|
|
||||||
- name: Extract Dokuwiki
|
|
||||||
unarchive:
|
|
||||||
src: /var/www/dokuwiki.tgz
|
|
||||||
remote_src: yes
|
|
||||||
dest: "{{ dokuwiki_webroot }}"
|
|
||||||
extra_opts: [--strip-components=1]
|
|
||||||
notify: restart apache
|
|
||||||
- name: Chown webroot
|
|
||||||
file:
|
|
||||||
path: "{{ dokuwiki_webroot }}"
|
|
||||||
state: directory
|
|
||||||
recurse: yes
|
|
||||||
owner: www-data
|
|
||||||
group: www-data
|
|
||||||
- name: Cleanup
|
|
||||||
file:
|
|
||||||
path: /var/www/dokuwiki.tgz
|
|
||||||
state: absent
|
|
||||||
when: not stat_webroot_index.stat.exists
|
|
||||||
- name: Copy over virtual host configs
|
|
||||||
template:
|
|
||||||
src: apache2-vhost-ssl.conf
|
|
||||||
dest: "/etc/apache2/sites-available/{{ dokuwiki_url }}.conf"
|
|
||||||
notify: restart apache
|
|
||||||
- name: Enable config
|
|
||||||
command:
|
|
||||||
cmd: "a2ensite {{ dokuwiki_url }}.conf"
|
|
||||||
creates: "/etc/apache2/sites-enabled/{{ dokuwiki_url }}.conf"
|
|
||||||
notify: restart apache
|
|
||||||
- name: Generate certificate
|
|
||||||
include_role:
|
|
||||||
name: https
|
|
||||||
vars:
|
|
||||||
website_url: "{{ dokuwiki_url }}"
|
|
||||||
website_webroot: "{{ dokuwiki_webroot }}"
|
|
||||||
- name: Template out backup module
|
|
||||||
template:
|
|
||||||
src: "backup.sh"
|
|
||||||
dest: "/opt/backups/modules/{{ dokuwiki_url }}.sh"
|
|
||||||
mode: "0600"
|
|
||||||
become: yes
|
|
@ -1,35 +0,0 @@
|
|||||||
# Configuration for {{ dokuwiki_url }}
|
|
||||||
# vim:ft=apache:
|
|
||||||
|
|
||||||
# Accept connections from non-SNI clients
|
|
||||||
SSLStrictSNIVHostCheck off
|
|
||||||
|
|
||||||
# Website configuration
|
|
||||||
<VirtualHost *:80>
|
|
||||||
ServerName {{ dokuwiki_url }}
|
|
||||||
Redirect permanent / https://{{ dokuwiki_url }}
|
|
||||||
</VirtualHost>
|
|
||||||
<VirtualHost *:443>
|
|
||||||
SSLEngine on
|
|
||||||
SSLCertificateFile /etc/pki/cert/crt/{{ dokuwiki_url }}.crt
|
|
||||||
SSLCertificateKeyFile /etc/pki/cert/private/{{ dokuwiki_url }}.key
|
|
||||||
SSLCertificateChainFile /etc/pki/cert/crt/{{ dokuwiki_url}}-fullchain.crt
|
|
||||||
SSLProtocol {{ ssl_protocol }}
|
|
||||||
SSLCipherSuite {{ ssl_cipher_suite }}
|
|
||||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
|
|
||||||
SSLOptions +StdEnvVars
|
|
||||||
</FilesMatch>
|
|
||||||
<Directory /usr/lib/cgi-bin>
|
|
||||||
SSLOptions +StdEnvVars
|
|
||||||
</Directory>
|
|
||||||
ServerName {{ dokuwiki_url }}
|
|
||||||
DocumentRoot {{ dokuwiki_webroot }}
|
|
||||||
<Directory "{{ dokuwiki_webroot }}">
|
|
||||||
Require all granted
|
|
||||||
AllowOverride All
|
|
||||||
Options MultiViews FollowSymlinks
|
|
||||||
</Directory>
|
|
||||||
<IfModule mod_headers.c>
|
|
||||||
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
|
|
||||||
</IfModule>
|
|
||||||
</VirtualHost>
|
|
@ -1,38 +0,0 @@
|
|||||||
#! /bin/bash
|
|
||||||
#
|
|
||||||
# gitea.sh
|
|
||||||
# Backup script for Gitea. Meant to be sourced by our main backup script
|
|
||||||
# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
|
|
||||||
#
|
|
||||||
# Distributed under terms of the MIT license.
|
|
||||||
#
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
export OUTDIR="$BACKUPSDIR/{{ dokuwiki_url }}"
|
|
||||||
retention=7 # 7-day retention period
|
|
||||||
|
|
||||||
# Sanity checks
|
|
||||||
if [ -z "$BACKUPSDIR" ]; then
|
|
||||||
log "BACKUPSDIR was undefined. Run the main backup script instead of this one."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
if ! [ -d "$OUTDIR" ]; then
|
|
||||||
if ! mkdir "$OUTDIR"; then
|
|
||||||
log "Unable to find or create output directory: $OUTDIR"
|
|
||||||
return 2
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Purge oldest backup if we need to
|
|
||||||
currentbackupcount="$(ls -1 "$OUTDIR" | wc -l)"
|
|
||||||
if (( currentbackupcount >= retention )); then
|
|
||||||
lastbackup="$(find "$OUTDIR" -name \*.tar.gz 2>/dev/null | sort | head -n 1)"
|
|
||||||
if [ -f "$lastbackup" ]; then
|
|
||||||
log "Removing old backup: $lastbackup"
|
|
||||||
rm "$lastbackup"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
# WE MAKE BACKUP NOW SERGEI
|
|
||||||
tar czf "$OUTDIR/{{ dokuwiki_url }}-$(date -Iseconds).tar.gz" "{{ dokuwiki_webroot }}"
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
|||||||
# vim:ft=ansible:
|
|
||||||
gitea.root: "/home/git/gitea-repositories"
|
|
||||||
gitea.app_name: "Ansible Gitea"
|
|
||||||
gitea_push_create_user: "true"
|
|
||||||
gitea_push_create_org: "false"
|
|
||||||
gitea.disable_registration: "true"
|
|
||||||
gitea_webroot: "/var/www/gitea"
|
|
@ -1,11 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: restart gitea
|
|
||||||
systemd:
|
|
||||||
daemon_reload: yes
|
|
||||||
name: gitea.service
|
|
||||||
state: restarted
|
|
||||||
become: yes
|
|
||||||
- name: gitea add default user
|
|
||||||
include_tasks: tasks/add_default_user.yml
|
|
@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
allow_duplicates: no
|
|
||||||
dependencies:
|
|
||||||
- role: apache-php
|
|
||||||
- role: redis
|
|
@ -1,32 +0,0 @@
|
|||||||
|
|
||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- block:
|
|
||||||
- name: Create user
|
|
||||||
command:
|
|
||||||
argv:
|
|
||||||
- /usr/local/bin/gitea
|
|
||||||
- admin
|
|
||||||
- create-user
|
|
||||||
- --username
|
|
||||||
- "{{ gitea.admin.user }}"
|
|
||||||
- --password
|
|
||||||
- "{{ gitea.admin.pass }}"
|
|
||||||
- --email
|
|
||||||
- "{{ gitea.admin.email }}"
|
|
||||||
- --config
|
|
||||||
- /etc/gitea/app.ini
|
|
||||||
- name: Promote user to admin
|
|
||||||
command:
|
|
||||||
argv:
|
|
||||||
- /usr/bin/mysql
|
|
||||||
- gitea
|
|
||||||
- -u
|
|
||||||
- gitea
|
|
||||||
- -p
|
|
||||||
- "{{ gitea.mysql_password }}"
|
|
||||||
- -e
|
|
||||||
- 'UPDATE user SET is_admin = 1 WHERE name = "{{ gitea.admin.user }}";'
|
|
||||||
become: yes
|
|
||||||
become_user: git
|
|
@ -1,160 +0,0 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
|
||||||
# vim:ft=ansible:
|
|
||||||
---
|
|
||||||
- name: Set up Gitea
|
|
||||||
block:
|
|
||||||
- name: Set up PostgreSQL
|
|
||||||
block:
|
|
||||||
- name: Create DB user
|
|
||||||
postgresql_user:
|
|
||||||
name: gitea
|
|
||||||
password: "{{ gitea.db.pass }}"
|
|
||||||
login_host: "{{ gitea.db.hostname }}"
|
|
||||||
login_user: "{{ psql.ansible.user }}"
|
|
||||||
login_password: "{{ psql.ansible.pass }}"
|
|
||||||
- name: Create DB
|
|
||||||
postgresql_db:
|
|
||||||
name: gitea
|
|
||||||
owner: gitea
|
|
||||||
encoding: UNICODE
|
|
||||||
login_host: "{{ gitea.db.hostname }}"
|
|
||||||
login_user: "{{ psql.ansible.user }}"
|
|
||||||
login_password: "{{ psql.ansible.pass }}"
|
|
||||||
tags: [ postgresql ]
|
|
||||||
- name: Set up Apache
|
|
||||||
block:
|
|
||||||
- name: Enable modules
|
|
||||||
command:
|
|
||||||
cmd: a2enmod "{{ item }}"
|
|
||||||
creates: "/etc/apache2/mods-enabled/{{ item }}.load"
|
|
||||||
loop:
|
|
||||||
- proxy
|
|
||||||
- proxy_http
|
|
||||||
notify: restart apache
|
|
||||||
- name: Template out vhost
|
|
||||||
template:
|
|
||||||
src: "apache2-vhost-ssl.conf"
|
|
||||||
dest: "/etc/apache2/sites-available/{{ gitea.url }}.conf"
|
|
||||||
notify: restart apache
|
|
||||||
- name: Create webroot
|
|
||||||
file:
|
|
||||||
state: directory
|
|
||||||
path: "{{ gitea_webroot }}"
|
|
||||||
- name: Enable site
|
|
||||||
command:
|
|
||||||
cmd: "a2ensite {{ gitea.url }}.conf"
|
|
||||||
creates: "/etc/apache2/sites-enabled/{{ gitea.url }}.conf"
|
|
||||||
notify: restart apache
|
|
||||||
- name: Generate certificate
|
|
||||||
include_role:
|
|
||||||
name: https
|
|
||||||
vars:
|
|
||||||
website_url: "{{ gitea.url }}"
|
|
||||||
- name: Install git
|
|
||||||
apt:
|
|
||||||
name: git
|
|
||||||
- name: Install Gitea
|
|
||||||
get_url:
|
|
||||||
url: "https://dl.gitea.io/gitea/1.12/gitea-1.12-linux-amd64"
|
|
||||||
dest: "/usr/local/bin/gitea"
|
|
||||||
mode: "0755"
|
|
||||||
notify: restart gitea
|
|
||||||
- name: Create Gitea user
|
|
||||||
user:
|
|
||||||
name: git
|
|
||||||
password: "!"
|
|
||||||
home: "/home/git"
|
|
||||||
shell: "/bin/bash"
|
|
||||||
- name: Create directory structure
|
|
||||||
file:
|
|
||||||
state: directory
|
|
||||||
owner: git
|
|
||||||
group: git
|
|
||||||
mode: "0750"
|
|
||||||
path: "/var/lib/{{ item }}"
|
|
||||||
loop:
|
|
||||||
- "gitea"
|
|
||||||
- "gitea/custom"
|
|
||||||
- "gitea/data"
|
|
||||||
- "gitea/log"
|
|
||||||
- name: Create config directory
|
|
||||||
file:
|
|
||||||
state: directory
|
|
||||||
recurse: yes
|
|
||||||
mode: "0750"
|
|
||||||
owner: "root"
|
|
||||||
group: "git"
|
|
||||||
path: "/etc/gitea"
|
|
||||||
- name: Create repositories directory
|
|
||||||
file:
|
|
||||||
state: directory
|
|
||||||
mode: "0700"
|
|
||||||
owner: git
|
|
||||||
group: git
|
|
||||||
path: "{{ gitea.root }}"
|
|
||||||
- name: Set up EFS mount
|
|
||||||
block:
|
|
||||||
- name: Install required packages
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- nfs-client
|
|
||||||
- name: Create EFS
|
|
||||||
efs:
|
|
||||||
name: "{{ gitea.efs.name }}"
|
|
||||||
encrypt: yes
|
|
||||||
region: "{{ gitea.efs.region }}"
|
|
||||||
targets:
|
|
||||||
- subnet_id: "{{ gitea.efs.subnet_id }}"
|
|
||||||
security_groups: [ "{{ gitea.efs.security_group }}" ]
|
|
||||||
register: efs
|
|
||||||
- name: Mount EFS
|
|
||||||
mount:
|
|
||||||
path: "{{ gitea.root }}"
|
|
||||||
src: "{{ efs.efs.filesystem_address }}"
|
|
||||||
fstype: nfs4
|
|
||||||
opts: "nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport"
|
|
||||||
state: mounted
|
|
||||||
when: gitea.efs.name is defined
|
|
||||||
tags: [ giteaefs ]
|
|
||||||
- name: Check for config
|
|
||||||
stat: path="/etc/gitea/app.ini"
|
|
||||||
register: p
|
|
||||||
- name: Deploy config
|
|
||||||
block:
|
|
||||||
- name: Generate INTERNAL_TOKEN
|
|
||||||
command: /usr/local/bin/gitea generate secret INTERNAL_TOKEN
|
|
||||||
register: gitea_internal_token
|
|
||||||
- name: Generate SECRET_KEY
|
|
||||||
command: /usr/local/bin/gitea generate secret SECRET_KEY
|
|
||||||
register: gitea_secret_key
|
|
||||||
- name: Generate JWT_SECRET
|
|
||||||
command: /usr/local/bin/gitea generate secret JWT_SECRET
|
|
||||||
register: gitea_jwt_secret
|
|
||||||
- name: Generate LFS_JWT_SECRET
|
|
||||||
command: /usr/local/bin/gitea generate secret LFS_JWT_SECRET
|
|
||||||
register: gitea_lfs_jwt_secret
|
|
||||||
- name: Template out app.ini
|
|
||||||
template:
|
|
||||||
src: "app.ini"
|
|
||||||
dest: "/etc/gitea/app.ini"
|
|
||||||
mode: "0640"
|
|
||||||
owner: "root"
|
|
||||||
group: "git"
|
|
||||||
when: not p.stat.exists
|
|
||||||
- name: Template out service
|
|
||||||
template:
|
|
||||||
src: "gitea.service"
|
|
||||||
dest: "/etc/systemd/system/gitea.service"
|
|
||||||
notify: restart gitea
|
|
||||||
- name: Start and enable service
|
|
||||||
systemd:
|
|
||||||
daemon_reload: yes
|
|
||||||
name: "gitea.service"
|
|
||||||
enabled: yes
|
|
||||||
state: "started"
|
|
||||||
- name: Template out backup module
|
|
||||||
template:
|
|
||||||
src: "backup.sh"
|
|
||||||
dest: "/opt/backups/modules/{{ gitea.url }}.sh"
|
|
||||||
mode: "0600"
|
|
||||||
become: yes
|
|
@ -1,37 +0,0 @@
|
|||||||
# Configuration for {{ gitea.url }}
|
|
||||||
# vim:ft=apache:
|
|
||||||
|
|
||||||
# Accept connections from non-SNI clients
|
|
||||||
SSLStrictSNIVHostCheck off
|
|
||||||
# Need this for SSL proxying, apparently
|
|
||||||
SSLProxyEngine on
|
|
||||||
|
|
||||||
# Website configuration
|
|
||||||
<VirtualHost *:80>
|
|
||||||
ServerName {{ gitea.url }}
|
|
||||||
Redirect permanent / https://{{ gitea.url }}
|
|
||||||
</VirtualHost>
|
|
||||||
<VirtualHost *:443>
|
|
||||||
SSLEngine on
|
|
||||||
SSLCertificateFile /etc/pki/cert/crt/{{ gitea.url }}.crt
|
|
||||||
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea.url }}.key
|
|
||||||
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea.url }}-fullchain.crt
|
|
||||||
SSLProtocol {{ ssl_protocol }}
|
|
||||||
SSLCipherSuite {{ ssl_cipher_suite }}
|
|
||||||
ServerName {{ gitea.url }}
|
|
||||||
DocumentRoot {{ gitea_webroot }}
|
|
||||||
<Directory "{{ gitea_webroot }}">
|
|
||||||
Require all granted
|
|
||||||
AllowOverride All
|
|
||||||
Options MultiViews FollowSymlinks
|
|
||||||
</Directory>
|
|
||||||
ProxyPreserveHost On
|
|
||||||
ProxyRequests Off
|
|
||||||
ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
|
|
||||||
ProxyPassReverse / https://127.0.0.1:3000/
|
|
||||||
|
|
||||||
RequestHeader set X_FORWARDED_PROTO 'https'
|
|
||||||
RequestHeader set X-Forwarded-Ssl on
|
|
||||||
# Used for embedding in Nextcloud
|
|
||||||
Header unset X-Frame-Options
|
|
||||||
</VirtualHost>
|
|
@ -1,74 +0,0 @@
|
|||||||
APP_NAME = {{ gitea.app_name }}
|
|
||||||
RUN_USER = git
|
|
||||||
RUN_MODE = prod
|
|
||||||
|
|
||||||
[database]
|
|
||||||
DB_TYPE = postgres
|
|
||||||
HOST = {{ gitea.db.hostname }}:5432
|
|
||||||
NAME = gitea
|
|
||||||
USER = gitea
|
|
||||||
PASSWD = {{ gitea.db.pass }}
|
|
||||||
SSL_MODE = disable
|
|
||||||
CHARSET = utf8
|
|
||||||
PATH = /var/lib/gitea/data/gitea.db
|
|
||||||
|
|
||||||
[log]
|
|
||||||
MODE = file
|
|
||||||
LEVEL = info
|
|
||||||
ROOT_PATH = /var/lib/gitea/log
|
|
||||||
|
|
||||||
[mailer]
|
|
||||||
ENABLED = false
|
|
||||||
|
|
||||||
[oauth2]
|
|
||||||
JWT_SECRET = {{ gitea_jwt_secret.stdout }}
|
|
||||||
|
|
||||||
[openid]
|
|
||||||
ENABLE_OPENID_SIGNIN = true
|
|
||||||
ENABLE_OPENID_SIGNUP = false
|
|
||||||
|
|
||||||
[picture]
|
|
||||||
DISABLE_GRAVATAR = true
|
|
||||||
ENABLE_FEDERATED_AVATAR = false
|
|
||||||
|
|
||||||
[repository]
|
|
||||||
ENABLE_PUSH_CREATE_USER = {{ gitea_push_create_user }}
|
|
||||||
ENABLE_PUSH_CREATE_ORG = {{ gitea_push_create_org }}
|
|
||||||
ROOT = {{ gitea.root }}
|
|
||||||
|
|
||||||
[security]
|
|
||||||
INTERNAL_TOKEN = {{ gitea_internal_token.stdout }}
|
|
||||||
INSTALL_LOCK = true
|
|
||||||
PASSWORD_COMPLEXITY = off
|
|
||||||
SECRET_KEY = {{ gitea_secret_key.stdout }}
|
|
||||||
|
|
||||||
[server]
|
|
||||||
SSH_DOMAIN = {{ gitea.url }}
|
|
||||||
DOMAIN = {{ gitea.url }}
|
|
||||||
HTTP_PORT = 3000
|
|
||||||
ROOT_URL = https://{{ gitea.url }}/
|
|
||||||
DISABLE_SSH = false
|
|
||||||
SSH_PORT = 22
|
|
||||||
LFS_START_SERVER = true
|
|
||||||
LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
|
|
||||||
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret.stdout }}
|
|
||||||
OFFLINE_MODE = true
|
|
||||||
|
|
||||||
[service]
|
|
||||||
REGISTER_EMAIL_CONFIRM = true
|
|
||||||
ENABLE_NOTIFY_MAIL = true
|
|
||||||
DISABLE_REGISTRATION = {{ gitea.disable_registration }}
|
|
||||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
|
||||||
ENABLE_CAPTCHA = false
|
|
||||||
REQUIRE_SIGNIN_VIEW = false
|
|
||||||
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
|
||||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
|
|
||||||
DEFAULT_ENABLE_TIMETRACKING = true
|
|
||||||
NO_REPLY_ADDRESS = bad.company
|
|
||||||
|
|
||||||
[session]
|
|
||||||
PROVIDER = file
|
|
||||||
|
|
||||||
[ui]
|
|
||||||
DEFAULT_THEME = arc-green
|
|
||||||
|
|
@ -1,47 +0,0 @@
|
|||||||
#! /bin/bash
|
|
||||||
#
|
|
||||||
# gitea.sh
|
|
||||||
# Backup script for Gitea. Meant to be sourced by our main backup script
|
|
||||||
# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
|
|
||||||
#
|
|
||||||
# Distributed under terms of the MIT license.
|
|
||||||
#
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
export OUTDIR="$BACKUPSDIR/{{ gitea.url }}"
|
|
||||||
retention=7 # 7-day retention period
|
|
||||||
|
|
||||||
# Sanity checks
|
|
||||||
if [ -z "$BACKUPSDIR" ]; then
|
|
||||||
log "BACKUPSDIR was undefined. Run the main backup script instead of this one."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
if ! [ -d "$OUTDIR" ]; then
|
|
||||||
if ! mkdir "$OUTDIR"; then
|
|
||||||
log "Unable to find or create output directory: $OUTDIR"
|
|
||||||
return 2
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
# Enforce permissions on our output directory since the git user will need them
|
|
||||||
chown root.git "$OUTDIR"
|
|
||||||
chmod 770 "$OUTDIR"
|
|
||||||
|
|
||||||
# Purge oldest backup if we need to
|
|
||||||
currentbackupcount="$(ls -1 "$OUTDIR" | wc -l)"
|
|
||||||
if (( currentbackupcount >= retention )); then
|
|
||||||
lastbackup="$(find "$OUTDIR" -name \*.zip 2>/dev/null | sort | head -n 1)"
|
|
||||||
if [ -f "$lastbackup" ]; then
|
|
||||||
log "Removing old backup: $lastbackup"
|
|
||||||
rm "$lastbackup"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
# WE MAKE BACKUP NOW SERGEI
|
|
||||||
if cd "$OUTDIR"; then
|
|
||||||
log "Initiating gitea dump"
|
|
||||||
su git -c "gitea dump -c /etc/gitea/app.ini"
|
|
||||||
else
|
|
||||||
log "Could not change directory: $OUTDIR"
|
|
||||||
return 3
|
|
||||||
fi
|
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user