Commit Graph

681 Commits

Author SHA1 Message Date
0d16877d93 Disable libreddit
I have no interest in maintaining a tool that I don't use
that attracts DMCA notices.

Fuck that.
2022-03-24 11:49:37 -05:00
5d2c207be6 Append permissions to NFS mountpoint on workstations
This fixes a lint error
2022-03-07 10:50:18 -06:00
28b34833ab Rework GitLab pipelines 2022-03-07 10:46:02 -06:00
d27554bffb Give the Nagios bullshit it's own play I guess 2022-03-04 21:29:24 -06:00
068966fec2 Reorganize and correct Ubuntu platforms 2022-02-23 21:21:19 -06:00
6707ce48bd Add automatic DNS configuration
I am amazeballs
2022-02-23 17:30:10 -06:00
2d07432a45 Remove Scanner configuration 2022-02-23 16:02:33 -06:00
4114012363 Fix incorrect Netbox media mount 2022-02-21 19:49:49 -06:00
5c7e43dd27 Bump reboot timeout
APPARENTLY
2022-02-21 19:11:29 -06:00
9caef14ee7 Exclude loopback disks in check_disk
Apparently we just now encountered an issue with those that Snap caused. Thanks, Snap.
2022-02-18 19:16:01 -06:00
3dfd06cbdb Disable a ton of fact gathering -- I anticipate this will fail at CI 2022-02-15 15:19:34 -06:00
8652b1a290 Alter gulagbot DB connection settings 2022-02-14 00:45:32 -06:00
07aee85a22 Remove references to NFS over management IP
Except on desktops, because they're supposed to do that
2022-02-13 18:29:42 -06:00
797abf0a52 Alter permission schemes across hosts to account for ZT changes 2022-02-13 13:41:20 -06:00
ba6eae9d97 Add avahi to the management network 2022-02-13 13:03:41 -06:00
f86d065005 Add ZT management-only network 2022-02-13 11:05:25 -06:00
5efeaa18e9 Polish up checks 2022-02-13 10:11:45 -06:00
eeb1afb31b Revert "Lock gulagbot to 4.1.8"
This reverts commit 4be2e313fd.
2022-02-11 13:57:31 -06:00
4be2e313fd Lock gulagbot to 4.1.8
Awaiting resolution of some bugs
2022-02-10 23:52:36 -06:00
d48f04dbe0 Update Forge to 36.2.26
This fixes a bug with Forge with a missing class on latest Java
2022-02-09 17:16:49 -06:00
750f7cad15 Change some Stalin settings 2022-02-04 23:04:36 -06:00
cd805fa79f Purge mainline from framework laptop 2022-02-03 13:28:54 -06:00
0ed99bec3e Re-add mem_sleep_default to lap-fw-diy-1's kernel params
This reverts commit f345e64b79.

Apparently my issue was with the out-of-tree kernel, not this particular
configuration. After some testing, I don't need the new kernel anyway.
2022-02-03 13:25:44 -06:00
6c5bea19f1 Add snd-hda-intel args to kernel cmdline
I encountered a bug with the new kernels which appears to have caused my audio to dip out.
2022-02-03 10:29:18 -06:00
f345e64b79 Revert "Add mem_sleep_default to lap-fw-diy-1's kernel params"
This reverts commit 3c632ce64c.

I'm experirencing serious issues with this mode of sleep, so disabling
it for now.
2022-02-03 08:58:27 -06:00
0963554422 Add mainline kernel update utility
>=5.14 is required for the Framework to function fully. Since this is just one machine, I'm okay with not completely automating this process.
2022-02-03 08:10:00 -06:00
50add7b8b9 Disable i915.enable_psr= (Re-enable PSR)
This comes in tandem with the next commit, which adds a utility for using the mainline kernel
2022-02-03 08:09:30 -06:00
3c632ce64c Add mem_sleep_default to lap-fw-diy-1's kernel params
Apparently, it doesn't suspend to ram at the hardware level by default, which is strange and dumb.
2022-02-03 07:57:21 -06:00
46a567c46a Make memory checks a lot tighter
Alright look, I design my systems with 10% overhead, not 20%
2022-02-02 07:41:22 -06:00
714e78b4d7 Test an older version of the E6 pack with a different set of performance mods
I've heard Performant is mostly placebo, and we're finally at a point where we can thoroughly test and see how it runs compared to the suite of performance mods shipped by the pack normally.
2022-01-29 21:17:28 -06:00
c49d4cefad Provision a new mc serber 2022-01-28 18:37:07 -06:00
aef8f31c87 Change Nagios Matrix channel 2022-01-27 14:31:58 -06:00
662d94a948 Fix incorrect group for Zerotier checks 2022-01-24 18:07:53 -06:00
3810b96a38 Rework Zerotier role to allow for arbitrary adds and deletes 2022-01-23 17:17:43 -06:00
53ffaf52c4 Reorganize playbooks to modularize Zerotier enrollment 2022-01-23 16:37:56 -06:00
964d3228e2 Add some more correct settings for jenkins 2022-01-23 08:47:26 -06:00
c8793cc240 Recalibrate Stalin to be less... totalitarian 2022-01-22 19:30:35 -06:00
5e9c137b34 Decom peertube, add jenkins 2022-01-22 09:48:47 -06:00
380781b1eb Re-enable NFS mountpoint for desktops 2022-01-21 22:24:03 -06:00
269a7ec784 Enroll key for lap-fw-diy-1, give lap-s76-lemp9-1 some nicer Grub configs for dualboot 2022-01-21 17:18:56 -06:00
1a4f59b71a Add a new laptop, rebase zerotier repo 2022-01-21 16:55:10 -06:00
e4805658dc Spin up a Terraria server 2022-01-12 15:14:30 -06:00
8984f71aee Upgrade Netbox 2022-01-12 14:23:26 -06:00
fe00d12377 Add some opt-in docker checks 2022-01-11 18:30:27 -06:00
fb465a666e Add temperature sensors to Pis 2022-01-11 00:16:54 -06:00
4a1c5ea8e1 Use new-style checks for the temperature command 2022-01-11 00:00:31 -06:00
0140784111 Add hostgroup for device types 2022-01-10 23:54:03 -06:00
8517e842b2 Add checks for the R720's thermal monitors, also add those thermal monitors 2022-01-10 22:14:07 -06:00
8a3f13a939 Give ansible play check a bit more wiggle room, missing a single day isn't that bad 2022-01-09 11:32:16 -06:00
c59781b47e Define a timeperiod for Nagios and assign it to our matrix notify user 2022-01-04 18:00:55 -06:00
e0b385a1c5 Fix accidentally removing a ton of checks from each host 2022-01-03 13:18:14 -06:00
e2d738ba40 Enroll vm-scan-1 in backups 2021-12-30 10:37:50 -06:00
9662bb0ff8 Ensure we actually add our new user to sudoers 2021-12-30 10:12:44 -06:00
111f1cdef6 Configure a scanner user on all machines 2021-12-30 10:04:31 -06:00
1cff8a6aa8 Deploy GVM to a box at home 2021-12-30 09:34:45 -06:00
ed64fc0a9a Backup etc on desktops 2021-12-30 07:48:15 -06:00
db78f7eaf6 Separate HOSTALIAS from SERVICEDESC more properly on Nagios 2021-12-26 22:56:03 -06:00
8612eec85e Create an Ansible contactgroup in Nagios and tie it to all alerts, enroll our Matrix user in that group 2021-12-24 16:56:06 -06:00
1791c40465 Working on Matrix integration for Nagios 2021-12-24 16:47:21 -06:00
c6c57fce6c Change alert destination email address 2021-12-24 15:36:18 -06:00
09f33966ac Disable memory checks for machines running ZFS
I give up. I'll circle back on this later
2021-12-24 15:32:53 -06:00
aa493348d3 Add another Minecraft server and some related checks 2021-12-24 14:53:09 -06:00
22863e66e7 Upgrade Nextcloud 22 -> 23 2021-12-24 12:16:44 -06:00
d7c3f97797 Set up ddclient 2021-12-21 11:16:40 -06:00
5e7b8bb881 Add a Minecraft server *at home* 2021-12-20 17:24:11 -06:00
9b64cf8a00 Modularize sanitization cronjobs 2021-12-16 08:11:17 -06:00
6b218b02f9 Add a cronjob to Syncthing to clean up :Zone.Identifier files 2021-12-16 07:44:01 -06:00
911d236c84 Implement a sanitize rule for syncthing 2021-12-15 22:19:05 -06:00
060aa14df3 Fix incorrect dir for cp2077 screenshots 2021-12-15 21:12:24 -06:00
e93124e556 Add more directories to sort out, make the jobs run in parallel at 5AM 2021-12-15 21:10:20 -06:00
58196e3f24 Genericize that cronjob syntax for future endeavors 2021-12-15 20:56:45 -06:00
640e2e0efe Add a cronjob for a specific bug I'm working around with Syncthing 2021-12-15 20:41:14 -06:00
5031833f39 Remove Package Updates check
It's just pointless noise to be honest, it's way too loud. Perhaps a proper patch management solution would be in order?
2021-12-15 20:06:12 -06:00
72697a3953 Move check_disk to those restricted checks, also exclude AppImage loopback mounts 2021-12-15 19:57:20 -06:00
54a4f1539b Add some sudo rules to nagios-checker so it can start doing restricted checks 2021-12-15 19:57:08 -06:00
4b626dc6be Implement communication with Nagios when rebooting boxes
One step closer to that full automation goal
2021-12-15 19:32:19 -06:00
000d711d7a Update gulagbot DB IP 2021-12-12 09:54:15 -06:00
31018efeb1 Expose Jellyfin over 192.168.* 2021-12-11 21:50:20 -06:00
e0ce07c4dc Restart Jellyfin unless stopped 2021-12-11 16:01:21 -06:00
9aab2d6557 Tune the transaction limits for that check we just added 2021-12-09 16:23:59 -06:00
273d83be64 Add a check for old, uncommited PostgreSQL transactions
Sometimes reading the blogs of developers whose software you use is worth it
2021-12-09 16:17:49 -06:00
fcffd834a0 Move Nagios into its own role
It was getting way too big
2021-12-08 21:34:32 -06:00
a71071b321 Spin up a SL server 2021-12-01 22:34:46 -06:00
386b190130 Add vm-desktop-1 to list of workstations 2021-12-01 07:31:38 -06:00
e85d81ef38 Drop logs for lr.cowfee.moe 2021-11-30 14:11:27 -06:00
558709ce6f Deploy libreddit 2021-11-29 23:33:56 -06:00
fab7be68c5 Tune thresholds for monitoring the age of ansible-last-run 2021-11-29 22:15:09 -06:00
1952f72c89 Add a check for the last ansible run on a given machine 2021-11-25 16:41:17 -06:00
5b12eb5af2 Add a cleanup task to touch a file upon completion of site.yml
This playbook *should* assure that we have a file we can use for checking when the last full play was. It being in a playbook at the tail end of site.yml is paramount, since site.yml dying will cause alarms to be set off.
2021-11-25 16:19:01 -06:00
ce37a7fec3 Rename a bunch of minecraft tasks to prevent ambiguity 2021-11-25 13:30:21 -06:00
6c4b1c701b Fix some unquoted number variables causing the gulagbot task to fail 2021-11-25 13:20:23 -06:00
84cd7888f1 Shut down hexxit2 2021-11-25 13:19:45 -06:00
12f33d9ffc Put Syncthing behind an ingress container 2021-11-24 10:43:29 -06:00
3d9ec54467 Nevermind, guess we scope it out even *higher* 2021-11-24 07:43:18 -06:00
733d1006be Adjust mountpoint for NFS to allow for access to higher dirs like syncthing 2021-11-24 07:41:05 -06:00
811d0bd2d2 Add some params for a new version of gulagbot 2021-11-22 14:12:13 -06:00
decd4b452b Add transaction logging to home DB 2021-11-21 19:57:33 -06:00
1c4bf65db4 Add a test DB for gulagbot 2021-11-21 17:01:58 -06:00
d67bc370ac Split nagios-checkhttp into nagios-checkhttp{,s} 2021-11-21 13:59:05 -06:00
7976630ad7 Add a box for Syncthing 2021-11-20 18:29:31 -06:00
ee5f8ffe92 Make a box to move Stalin back home where he belongs 2021-11-19 20:38:20 -06:00
cff68a2a73 Reorganize Jellyfin to reflect usage of Nvidia Container Toolkit, configure hw accel 2021-11-18 19:16:30 -06:00
05a7f19bfe Update backup dirs for PMX to reflect some PCIe passthrough stuff I'm doing 2021-11-18 16:51:32 -06:00
9680705689 Update NFS mounts for desktops 2021-11-15 11:07:11 -06:00
bca5c1993d Add a bunch of unit checks for Proxmox boxes 2021-11-11 14:00:25 -06:00
5794379da4 Add some backup configuration for PMX hosts 2021-11-11 13:54:11 -06:00
77084ebc49 Reorganize media dirs, add jellyfin to vm-media-1 2021-11-11 00:23:53 -06:00
b0b71abf6a Reorganize NFS mounts so that they don't contain SQLite DBs 2021-11-10 19:29:06 -06:00
57b1cf03ca Set nfs to rw on local connections 2021-11-10 19:14:02 -06:00
7f7a0fd2ba Run setup tasks before roles on vm-media-1 2021-11-10 19:11:10 -06:00
f3b12234c0 Start reorganizing to have pi-media-1 split into vms 2021-11-09 20:53:59 -06:00
cb6581b708 Add home db playbook 2021-11-08 16:44:04 -06:00
8c213fe693 Ensure hexxit2 backups aren't getting tarred in 2021-11-08 10:04:15 -06:00
c5d39db270 Actually implement device roles in Nagios 2021-11-07 08:55:05 -06:00
f250936fe9 Disable some relatively standard checks on hypervisors, since they're special 2021-11-07 08:38:27 -06:00
f07cb9e35c Disable docker checks for machines that don't have docker 2021-11-07 08:36:16 -06:00
4efb757c43 Download Hexxit from 9iron 2021-11-07 07:52:33 -06:00
f53726c68a Add lag goggles to hexxy 2021-11-06 16:25:44 -05:00
0edbac0520 Fix typo on no-docker tag 2021-11-06 15:56:35 -05:00
635c8c1bf4 Move motd configuration to Ubuntu machines and only Ubuntu machines 2021-11-06 15:53:57 -05:00
ea2e98e6ae Add Hexxit server, removing the tmod one 2021-11-06 14:24:57 -05:00
cec0a5c3f8 Add Ardour to desktops 2021-10-25 19:37:40 -05:00
7bbc291cf8 Edit hostnames on workstations to reflect their actual ones 2021-10-25 19:10:25 -05:00
003b13fa84 Update Gulagbot to latest 2021-10-20 12:29:53 -05:00
7e7030c613 Fix syntax on cronjob (hopefully) 2021-10-17 11:08:31 -05:00
7b624d431a Change backup cronjob up a bit for Terraria 2021-10-17 10:53:51 -05:00
07647e5ee6 Add check to devices to ensure they can ping themselves over DNS 2021-10-15 19:17:48 -05:00
fd55782766 Overhaul DNS names for machines 2021-10-15 19:03:55 -05:00
ba228984c1 Add local backups for Terraria Fargo 2021-10-14 22:57:24 -05:00
ed1c59662c Deploy a new box with Fargo 2021-10-13 12:24:27 -05:00
e5441bcc2e Update to Nextcloud 22 2021-10-12 15:59:30 -05:00
b15fdd96f5 Install imagemagick on Nextcloud to make a big warning triangle go away 2021-10-12 15:29:06 -05:00
5bc39e7f48 Fix being unable to access said share 2021-10-07 10:40:31 -05:00
cf60d672b7 Add Samba to pi-media-1
[that was easy]
2021-10-07 10:39:20 -05:00
4f07856028 Modularize contact definitions 2021-10-06 15:30:12 -05:00
37c55b9cb2 Change templating behavior of certain sections of the Nagios config 2021-10-06 15:13:55 -05:00
309bfd8694 Stop notifying on warnings for package updates 2021-10-06 15:12:41 -05:00
e85104c9fd Add DNS resolution check 2021-10-05 10:28:06 -05:00
bc1b927298 Use check_packages to check for package updates on Debian systems 2021-10-05 10:16:22 -05:00
c9808bb171 Revert "Add stale library check"
This reverts commit 0beef5617b.
2021-10-03 23:54:32 -05:00
0beef5617b Add stale library check 2021-10-03 22:39:43 -05:00
1e1946d8e0 Add memory checks to hosts 2021-10-03 22:26:37 -05:00
da3f0a24f4 Add CPU Utilization check, nerf CPU Load check 2021-10-03 15:50:25 -05:00
bfab992eb8 Add check for unapplied package updates 2021-10-03 15:47:28 -05:00
3e20928e14 Add health endpoint to exposed endpoints on matrix.desu.ltd 2021-10-03 11:51:34 -05:00
7669234df9 Allow the addition of custom checks based on config_context, add roles to hostgroups 2021-10-03 11:48:53 -05:00
18655b7d62 Bump thresholds for PSQL connection check 2021-10-03 11:04:09 -05:00
42e2a3bd22 Fix client URL for Matrix being completely wrong. I guess. 2021-10-02 22:57:10 -05:00
c12d37cad2 Work on putting Element in place 2021-10-02 22:50:25 -05:00
7337fb49ed Narrow down the pass locations for Matrix to just server endpoints 2021-10-02 22:11:10 -05:00
e05d4a379b Add basic Synapse server configuration 2021-10-02 22:03:22 -05:00
aceba8407b Add DB configuration for Synapse 2021-10-02 22:03:05 -05:00
d06fc65af9 Correct errors in nginx configuration 2021-10-02 21:53:44 -05:00
e6b2c8b0a6 Configure web1.desu.ltd for Matrix delegation
Big things a comin
2021-10-02 21:46:32 -05:00
a7aa38a8e9 Add automatic reboots to main playbook 2021-10-01 09:10:02 -05:00
90da5ad3b1 Hardlock gulagbot to 2.4.0
I BROKE IT
AAA
2021-09-29 20:16:45 -05:00
2baffca0f5 Add configuration for Home Assistant 2021-09-27 17:18:30 -05:00
27bb55bf22 Convert pi-media-1 to ingress role 2021-09-27 15:12:20 -05:00
9039a75d3c Add note to replace Nagios with naemon(?) 2021-09-26 10:40:35 -05:00
1c1c8e41ae Null-mount nsca on Nagios image
God DAMN the log spam from this thing I'm not using is fucking ridiculous
2021-09-26 10:27:33 -05:00
427014f2ae Sanitize tag hostgroups in nagios with the tag- prefix
Stumbled across an issue where I can't have a Netbox tag that's just 'ansible'
2021-09-26 10:23:46 -05:00
0c8aa0a90f Add test DB for gulagbot on Linode 2021-09-26 08:03:37 -05:00
7779db30ad Use ansible_managed where possible 2021-09-24 20:48:41 -05:00
87f9c6ceb3 Rename swap checks to be agnostic of underlying tech 2021-09-24 13:25:21 -05:00
fb006b0cd3 Add playbook and Netbox tag to run the ansible role on a host 2021-09-24 13:03:21 -05:00
8ecc7bfbb6 Modularize Netbox into several containers with workers n stuff 2021-09-23 22:09:38 -05:00
8d59a1b201 Rework mounts for netbox container 2021-09-23 21:39:10 -05:00
81988a50fd Remove defunct deb link for raspberry pi imager 2021-09-23 21:32:36 -05:00
fdeb143a56 Apply mitigation for netbox-community/netbox-docker#586, update Netbox 2021-09-21 14:49:34 -05:00
f7b5c475d5 Add device_roles_bastion play 2021-09-19 21:49:15 -05:00
fe5eb5c14d Convert role invocations to use the full namespace of the role 2021-09-18 16:10:54 -05:00
68eb7e5422 Pin Netbox to 3.0.1 since apparently the container's broken 2021-09-18 08:52:05 -05:00
6382a81f47 Remove some extraneous backup locations on web1 2021-09-18 07:27:59 -05:00
31a2371fa1 Simplify task includes 2021-09-18 07:23:03 -05:00
9b79068380 Allow for the definition of a singular proxy_pass on ingress_servers to simplify configuration 2021-09-18 07:19:26 -05:00
60bfe91947 Add role for ingress controller, move configuration into it and its data structures 2021-09-18 00:04:05 -05:00
37150bf7d1 Remove polkit.service check
Apparently it's completely normal behavior for this service to be not running on a fresh boot
2021-09-14 19:40:53 -05:00
0f1fbf4fea Allow 30 second timeouts on check_by_ssh 2021-09-14 17:26:47 -05:00
ac702380b1 Add git to the tags for monitoring-scripts 2021-09-14 17:22:50 -05:00
b4f564cade Fix mountpoints and NFS exports for media 2021-09-13 13:59:27 -05:00
3f3c7b8392 Decom the K8s cluster, roll all its jobs into one singular machine 2021-09-13 13:50:22 -05:00
e49ebc583f Upgrade Netbox to 3.0 2021-09-12 15:07:31 -05:00
e405d7bf79 Add some directives to make Nextcloud stop throwing 413s 2021-09-11 10:36:22 -05:00
3f8ecbd8f5 Fix my borked pgsql connection pooling check 2021-09-07 17:08:18 -05:00
4bf02aedd3 Add even more checks for zerotier and psql 2021-09-07 16:11:11 -05:00
3cf9b94cea Add a quick service check for postgresql 2021-09-07 15:29:26 -05:00
b349015913 Add a ton more checks for things 2021-09-07 15:00:43 -05:00
92f26b7a0c Add check for atd 2021-09-07 14:55:00 -05:00
c362effe2a Remove NRPE 2021-09-07 14:33:45 -05:00
bad192e93e Refactor Nagios checks into check_by_ssh instead of NRPE
I was never particularly fond of having a random one-off daemon doing my RCE. Sure, it offers some protection, but limiting my exposure to the open internet is far more ideal.

I have tremendously more trust in the OpenSSH project than I do in Nagios. And for that reason, I'll be deprecating NRPE and shredding config files once these plays clean up
2021-09-07 14:27:23 -05:00
b38bb4bf62 Fix improper tagging on NRPE role 2021-09-07 13:41:21 -05:00
1ca062d6ea Modularize declaration of Nagios commands 2021-09-07 13:37:06 -05:00
2a7d343ef1 Move SSH check into YAML declaration of services 2021-09-07 13:29:19 -05:00
8e845b5f4e Modularize out all our service checks
I want them in DATA STRUCTURES God dammit. Get them out of the config file.
2021-09-06 19:43:54 -05:00
d3e51301bb Remove deprecated SNMP service checks 2021-09-06 19:23:54 -05:00
fc2b3cb7b3 Rename Nagios config to more appropriately reflect its role 2021-09-06 19:13:15 -05:00
360238fdd4 Ensure we're on a version of Netbox with secrets support
*sigh*
Guess I gotta set up a vault or something now.
2021-09-01 19:25:31 -05:00
c299e505cf Add Nextcloud auto app update cronjob 2021-08-29 23:55:56 -05:00
4bea6c2168 Add _netdev to args for pi-storage-1 mount 2021-08-29 16:43:55 -05:00
a6a8cd8590 Figure out how custom_apps works with Nextcloud 2021-08-28 11:01:44 -05:00