Compare commits

..

42 Commits

Author SHA1 Message Date
fba7d30a40 Update grafana matrix forwarder link 2024-11-21 23:54:42 -06:00
b58a23e87a Use more up-to-date synapse upstream 2024-11-11 22:01:21 -06:00
505c20c2b0 Allow flight 2024-10-29 17:25:04 -05:00
a18ec49e20 WE SWAPPA DA PACK AGAIN 2024-10-29 16:55:36 -05:00
0940535d2a We're switching the mods up again 2024-10-28 22:46:24 -05:00
424d5cd75c New Minecraft pack! 2024-10-28 19:43:35 -05:00
537f2c9824 Disable Satisfucktory 2024-10-28 19:42:19 -05:00
a40a30eec4 Reenable satisfactory updates 2024-10-15 15:44:10 -05:00
7d2afdfaef Add docker network to satisfucktory 2024-10-15 11:30:06 -05:00
ef036fca76 Remove nagios shit from autoreboot 2024-10-15 11:29:40 -05:00
b53ce3efaa Add Satisfactory server sftp 2024-10-11 13:04:00 -05:00
63fc4417db Update keepalive on nextcloud 2024-10-01 17:57:51 -05:00
4c4108ab0a Add Satisfactory back into the mix! 1.0 lesgooooo! 2024-09-11 18:42:40 -05:00
658888bda8 Add prom metrics for plain http 2024-09-04 01:56:37 -05:00
5651f6f50a Decom music/lidarr 2024-09-03 22:41:40 -05:00
07ab0b472e Decom Navidrome, too 2024-09-03 22:41:21 -05:00
9a39b79895 Decom Lidarr, too 2024-09-03 22:36:35 -05:00
ee40990c51 Press F for minceraft 2024-09-03 22:32:39 -05:00
fc23453e5a Remove backups for desktop 2024-08-21 22:43:36 -05:00
1e037bf3bc Nevermind flatpak is just stupid 2024-08-21 22:41:48 -05:00
c8aca49ff6 Nevermind I'm just stupid 2024-08-21 22:39:56 -05:00
61c37b4650 Disable unmojang because apparently its keys are fukt 2024-08-21 22:38:45 -05:00
ec77cdbc46 Polish up flatpaks 2024-08-21 22:35:20 -05:00
7bc017e583 And screen, too 2024-08-21 22:25:48 -05:00
ba37a7b4fa Remove awscli from rpm-ostree hosts 2024-08-21 22:23:21 -05:00
bc8dd6d2bd Remove cadvisor from coreos boxen as it doesn't play nice with toolbx 2024-08-19 21:14:04 -05:00
391e424199 Add some (admittedly crusty) support for podman for Prometheus monitoring 2024-08-18 01:07:24 -05:00
f23d6ed738 Remove monitoring script requirements from nagios boxen 2024-08-18 00:48:57 -05:00
a0d1ae0a4a Remove nagios bullshit 2024-08-18 00:48:17 -05:00
760af8dabe Fix up music stuffs 2024-08-11 11:08:23 -05:00
7a72280c6e Disable nagios CI job too 2024-08-10 23:00:25 -05:00
74a6a1ce96 Disable fucking nagios 2024-08-10 22:59:55 -05:00
227f0a5df5 Add navidrome too 2024-08-10 22:42:06 -05:00
db36aa7eae Add Lidarr back into the mix 2024-08-10 22:30:17 -05:00
85c039e4dc Switch over to Ely.by
FUCK YOU MOJANG
2024-07-18 22:00:25 -05:00
702a4c5f4c Add restart-policy to containers that need it
oopsie
2024-07-17 00:21:36 -05:00
68e8f35064 Add old magic pack back in 2024-07-10 20:30:46 -05:00
b250ce9dc8 Enable automatic retries for backups within a short duration
This should help alleviate some of the problems I've been having with Backblaze's accessibility during peak backup hours
2024-07-10 13:14:07 -05:00
142e589f84 Remove direwolf20 pack
o7
2024-07-10 13:09:42 -05:00
9dda82edb3 Add commented-out code for minecraft-createfarming 2024-07-10 13:08:03 -05:00
a6b8c7ef64 Remove minecraft vanilla 2024-07-10 13:07:26 -05:00
b19602f205 Add a bunch of cool envvars to the MC server 2024-07-10 13:06:31 -05:00
27 changed files with 317 additions and 266 deletions

View File

@ -81,11 +81,6 @@ Common:
stage: play-main
script:
- ansible-playbook --skip-tags no-auto playbooks/site_common.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file ~/.vault_pass
Nagios:
stage: play-main
retry: 1
script:
- ansible-playbook -l vm-general-1.ashburn.mgmt.desu.ltd playbooks/prod_web.yml --tags nagios --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file ~/.vault_pass
# CLEANUP
Cleanup:

View File

@ -50,29 +50,7 @@ backup_s3_aws_secret_access_key: !vault |
3635616437373236650a353661343131303332376161316664333833393833373830623130666633
66356130646434653039363863346630363931383832353637636131626530616434
backup_s3_aws_endpoint_url: "https://s3.us-east-005.backblazeb2.com"
backup_kopia_bucket_name: desultd-kopia
backup_kopia_access_key_id: !vault |
$ANSIBLE_VAULT;1.1;AES256
34633366656134376166636164643233353461396263313237653032353764613737393865373763
6665633239396333633132323936343030346362333734640a356631373230383663383530333434
32386639393135373236373263363365366163346234643135363766666666373938373135653663
3836623735393563610a613332623965633032356266643638386230323965366233353930313239
38666562326232353165323934303966643630383235393830613939616330333839
backup_kopia_secret_access_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
31373662326464396136346663626635363332303862613466316236333431636136373038666531
6630616565613431323464373862373963356335643435360a353665356163313635393137363330
66383531326535653066386432646464346161336363373334313064303261616238613564396439
6439333432653862370a303461346438623263636364633437356432613831366462666666303633
63643862643033376363353836616137366432336339383931363837353161373036
backup_kopia_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
34306564393161336162633833356464373065643633343935373566316465373939663838343537
3831343963666432323538636665663733353435636337340a633738306463646133643730333032
33303962306136636163623930306238666633333738373435636366666339623562323531323732
3330633238386336330a346431383233383533303131323736306636353033356538303264383963
37306461613834643063383965356664326265383431336332303333636365316163363437343634
6439613537396535656361616365386261336139366133393637
# For zerotier
zerotier_personal_network_id: !vault |

View File

@ -21,9 +21,3 @@
- hosts: dsk-ryzen-1.ws.mgmt.desu.ltd
roles:
- role: desktop
- role: backup
vars:
backup_s3backup_tar_args_extra: h
backup_s3backup_list_extra:
- /home/salt/.backup/
tags: [ backup ]

View File

@ -109,6 +109,10 @@
- record: prometheus.desu.ltd
value: vm-general-1.ashburn.mgmt.desu.ltd
# Public media stuff
- record: music.desu.ltd
value: vm-general-1.ashburn.mgmt.desu.ltd
- record: lidarr.media.desu.ltd
value: vm-general-1.ashburn.mgmt.desu.ltd
- record: prowlarr.media.desu.ltd
value: vm-general-1.ashburn.mgmt.desu.ltd
- record: sonarr.media.desu.ltd

View File

@ -8,6 +8,7 @@
ansible.builtin.docker_container:
name: prometheus-psql-exporter
image: quay.io/prometheuscommunity/postgres-exporter
restart_policy: unless-stopped
env:
DATA_SOURCE_URI: "10.0.0.2:5432/postgres"
DATA_SOURCE_USER: "nagios"

View File

@ -29,6 +29,8 @@
- web/nextcloud.yml
- web/synapse.yml
# Backend web services
- web/lidarr.yml
- web/navidrome.yml
- web/prowlarr.yml
- web/radarr.yml
- web/sonarr.yml
@ -37,8 +39,10 @@
# Games
- game/factorio.yml
- game/minecraft-createfarming.yml
- game/minecraft-direwolf20.yml
- game/minecraft-magicpack.yml
- game/minecraft-weedie.yml
- game/zomboid.yml
- game/satisfactory.yml
tags: [ always ]
roles:
- role: backup
@ -47,7 +51,9 @@
- /app/gitea/gitea
- /data
backup_s3backup_exclude_list_extra:
- /data/minecraft/magicpack/backups
- /data/minecraft/direwolf20/backups
- /data/minecraft/weedie/backups
- /data/shared/media
- /data/shared/downloads
- /data/zomboid/ZomboidDedicatedServer/steamapps/workshop
@ -111,12 +117,12 @@
pass: http://element:80
directives:
- "client_max_body_size 0"
- name: nagios.desu.ltd
proxy_pass: http://nagios:80
- name: nc.desu.ltd
directives:
- "add_header Strict-Transport-Security \"max-age=31536000\""
- "client_max_body_size 0"
- "keepalive_requests 99999"
- "keepalive_timeout 600"
proxy_pass: http://nextcloud:80
locations:
- location: "^~ /.well-known"

View File

@ -3,34 +3,11 @@
---
- hosts: tags_autoreboot
gather_facts: no
module_defaults:
nagios:
author: Ansible
action: downtime
cmdfile: /data/nagios/var/rw/nagios.cmd
comment: "Ansible tags_autoreboot task"
host: "{{ inventory_hostname }}"
minutes: 10
serial: 1
tasks:
- name: check for reboot-required
ansible.builtin.stat: path=/var/run/reboot-required
register: s
- name: reboot
block:
- name: attempt to schedule downtime
block:
- name: register nagios host downtime
nagios:
service: host
delegate_to: vm-general-1.ashburn.mgmt.desu.ltd
- name: register nagios service downtime
nagios:
service: all
delegate_to: vm-general-1.ashburn.mgmt.desu.ltd
rescue:
- name: notify of failure to reboot
ansible.builtin.debug: msg="Miscellaneous failure when scheduling downtime"
- name: reboot
ansible.builtin.reboot: reboot_timeout=600
ansible.builtin.reboot: reboot_timeout=600
when: s.stat.exists

View File

@ -2,67 +2,65 @@
# vim:ft=ansible:
---
- hosts: tags_nagios
gather_facts: no
roles:
- role: git
vars:
git_repos:
- repo: https://git.desu.ltd/salt/monitoring-scripts
dest: /usr/local/bin/monitoring-scripts
tags: [ nagios, git ]
gather_facts: yes
tasks:
- name: assure nagios plugin packages
ansible.builtin.apt: name=monitoring-plugins,nagios-plugins-contrib
tags: [ nagios ]
- name: assure nagios user
ansible.builtin.user: name=nagios-checker state=present system=yes
tags: [ nagios ]
- name: assure nagios user ssh key
authorized_key:
user: nagios-checker
state: present
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNavw28C0mKIQVRLQDW2aoovliU1XCGaenDhIMwumK/ Nagios monitoring"
ansible.builtin.user: name=nagios-checker state=absent remove=yes
tags: [ nagios ]
- name: assure nagios user sudo rule file
ansible.builtin.file: path=/etc/sudoers.d/50-nagios-checker mode=0750 owner=root group=root state=touch modification_time=preserve access_time=preserve
ansible.builtin.file: path=/etc/sudoers.d/50-nagios-checker state=absent
tags: [ nagios, sudo ]
- name: assure nagios user sudo rules
ansible.builtin.lineinfile:
path: /etc/sudoers.d/50-nagios-checker
line: "nagios-checker ALL = (root) NOPASSWD: {{ item }}"
with_items:
- /usr/lib/nagios/plugins/check_disk
- /usr/local/bin/monitoring-scripts/check_docker
- /usr/local/bin/monitoring-scripts/check_temp
tags: [ nagios, sudo ]
- name: assure prometheus node exporter
# https://github.com/prometheus/node_exporter
ansible.builtin.docker_container:
name: prometheus-node-exporter
image: quay.io/prometheus/node-exporter:latest
command:
- '--path.rootfs=/host'
- '--collector.interrupts'
- '--collector.processes'
network_mode: host
pid_mode: host
volumes:
- /:/host:ro,rslave
tags: [ prometheus ]
- name: assure prometheus cadvisor exporter
ansible.builtin.docker_container:
name: prometheus-cadvisor-exporter
image: gcr.io/cadvisor/cadvisor:latest
ports:
- 9101:8080/tcp
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker:/var/lib/docker:ro
- /dev/disk:/dev/disk:ro
devices:
- /dev/kmsg
- name: assure prometheus containers for docker hosts
block:
- name: assure prometheus node exporter
# https://github.com/prometheus/node_exporter
ansible.builtin.docker_container:
name: prometheus-node-exporter
image: quay.io/prometheus/node-exporter:latest
restart_policy: unless-stopped
command:
- '--path.rootfs=/host'
- '--collector.interrupts'
- '--collector.processes'
network_mode: host
pid_mode: host
volumes:
- /:/host:ro,rslave
tags: [ prometheus ]
- name: assure prometheus cadvisor exporter
ansible.builtin.docker_container:
name: prometheus-cadvisor-exporter
image: gcr.io/cadvisor/cadvisor:latest
restart_policy: unless-stopped
ports:
- 9101:8080/tcp
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker:/var/lib/docker:ro
- /dev/disk:/dev/disk:ro
devices:
- /dev/kmsg
when: ansible_pkg_mgr != "atomic_container"
- name: assure prometheus containers for coreos
block:
- name: assure prometheus node exporter
# https://github.com/prometheus/node_exporter
containers.podman.podman_container:
name: prometheus-node-exporter
image: quay.io/prometheus/node-exporter:latest
restart_policy: unless-stopped
command:
- '--path.rootfs=/host'
- '--collector.interrupts'
- '--collector.processes'
network_mode: host
pid_mode: host
volumes:
- /:/host:ro,rslave
tags: [ prometheus ]
when: ansible_pkg_mgr == "atomic_container"
- hosts: all
gather_facts: no
tasks:

View File

@ -2,16 +2,28 @@
- name: docker deploy minecraft - create farming and delights
docker_container:
name: minecraft-createfarming
state: started
state: absent
image: itzg/minecraft-server:latest
restart_policy: unless-stopped
pull: yes
env:
# Common envvars
EULA: "true"
OPS: "VintageSalt"
SNOOPER_ENABLED: "false"
SPAWN_PROTECTION: "0"
USE_AIKAR_FLAGS: "true"
RCON_CMDS_STARTUP: |-
scoreboard objectives add Deaths deathCount
#scoreboard objectives add Health health {"text":"❤","color":"red"}
RCON_CMDS_ON_CONNECT: |-
scoreboard objectives setdisplay list Deaths
#scoreboard objectives setdisplay belowName Health
# Pack-specific stuff
MODRINTH_PROJECT: "https://modrinth.com/modpack/create-farmersdelight/version/1.0.0"
MOTD: "Create Farming and Delights! Spinny trains!"
TYPE: "MODRINTH"
VERSION: "1.20.1"
MAX_MEMORY: "6G"
#VIEW_DISTANCE: "10"
ports:
- "25565:25565/tcp"
- "25565:25565/udp"

View File

@ -1,34 +0,0 @@
# vim:ft=ansible:
- name: docker deploy minecraft - direwolf20
docker_container:
name: minecraft-direwolf20
state: absent
image: itzg/minecraft-server:latest
restart_policy: unless-stopped
pull: yes
env:
EULA: "true"
GENERIC_PACK: "/modpacks/1.20.1-direwolf20/Da Bois.zip"
TYPE: "NEOFORGE"
VERSION: "1.20.1"
FORGE_VERSION: "47.1.105"
MEMORY: "8G"
MOTD: "Tannerite Dog Edition\\n#abolishtheatf"
OPS: "VintageSalt"
RCON_CMDS_STARTUP: |-
scoreboard objectives add Deaths deathCount
scoreboard objectives add Health health {"text":"❤","color":"red"}
RCON_CMDS_ON_CONNECT: |-
scoreboard objectives setdisplay list Deaths
scoreboard objectives setdisplay belowName Health
SNOOPER_ENABLED: "false"
SPAWN_PROTECTION: "0"
USE_AIKAR_FLAGS: "true"
VIEW_DISTANCE: "10"
ports:
- "25567:25565/tcp"
- "25567:25565/udp"
volumes:
- /data/srv/packs:/modpacks
- /data/minecraft/direwolf20:/data
tags: [ docker, minecraft, direwolf20 ]

View File

@ -0,0 +1,50 @@
# vim:ft=ansible:
- name: docker deploy minecraft - magicpack
docker_container:
name: minecraft-magicpack
state: absent
image: itzg/minecraft-server:java8
env:
# Common envvars
EULA: "true"
OPS: "VintageSalt"
SNOOPER_ENABLED: "false"
SPAWN_PROTECTION: "0"
USE_AIKAR_FLAGS: "true"
#
# This enables the use of Ely.by as an auth and skin server
# Comment this and the above line out if you'd like to use Mojang's
# https://docs.ely.by/en/authlib-injector.html
#
# All players should register on Ely.by in order for this to work.
# They should also use Fjord Launcher by Unmojang:
# https://github.com/unmojang/FjordLauncher
#
JVM_OPTS: "-javaagent:/authlib-injector.jar=ely.by"
RCON_CMDS_STARTUP: |-
scoreboard objectives add Deaths deathCount
#scoreboard objectives add Health health {"text":"❤","color":"red"}
RCON_CMDS_ON_CONNECT: |-
scoreboard objectives setdisplay list Deaths
#scoreboard objectives setdisplay belowName Health
# Pack-specific stuff
MODRINTH_PROJECT: "https://srv.9iron.club/files/packs/1.7.10-magicpack/server.mrpack"
MOTD: "It's ya boy, uh, skrunkly modpack"
TYPE: "MODRINTH"
VERSION: "1.7.10"
MAX_MEMORY: "6G"
#VIEW_DISTANCE: "10"
ports:
- "25565:25565/tcp"
- "25565:25565/udp"
- "24454:24454/udp"
# Prometheus exporter for Forge
# https://www.curseforge.com/minecraft/mc-mods/prometheus-exporter
- "19565:19565/tcp"
# Prometheus exporter for Fabric
# https://modrinth.com/mod/fabricexporter
#- "19565:25585/tcp"
volumes:
- /data/minecraft/magicpack:/data
- /data/minecraft/authlib-injector-1.2.5.jar:/authlib-injector.jar
tags: [ docker, minecraft, magicpack ]

View File

@ -1,33 +0,0 @@
# vim:ft=ansible:
- name: docker deploy minecraft - vanilla
docker_container:
name: minecraft-vanilla
state: absent
image: itzg/minecraft-server:latest
restart_policy: unless-stopped
pull: yes
env:
DIFFICULTY: "normal"
ENABLE_COMMAND_BLOCK: "true"
EULA: "true"
MAX_PLAYERS: "8"
MODRINTH_PROJECT: "https://modrinth.com/modpack/adrenaserver"
MOTD: "Tannerite Dog Edition\\n#abolishtheatf"
OPS: "VintageSalt"
RCON_CMDS_STARTUP: |-
scoreboard objectives add Deaths deathCount
scoreboard objectives add Health health {"text":"❤","color":"red"}
RCON_CMDS_ON_CONNECT: |-
scoreboard objectives setdisplay list Deaths
scoreboard objectives setdisplay belowName Health
SNOOPER_ENABLED: "false"
SPAWN_PROTECTION: "0"
TYPE: "MODRINTH"
USE_AIKAR_FLAGS: "true"
VIEW_DISTANCE: "12"
ports:
- "26565:25565/tcp"
- "26565:25565/udp"
volumes:
- /data/minecraft/vanilla:/data
tags: [ docker, minecraft ]

View File

@ -0,0 +1,44 @@
# vim:ft=ansible:
- name: docker deploy minecraft - weediewack next gen pack
docker_container:
name: minecraft-weedie
state: started
image: itzg/minecraft-server:latest
env:
# Common envvars
EULA: "true"
OPS: "VintageSalt"
SNOOPER_ENABLED: "false"
SPAWN_PROTECTION: "0"
USE_AIKAR_FLAGS: "true"
ALLOW_FLIGHT: "true"
RCON_CMDS_STARTUP: |-
scoreboard objectives add Deaths deathCount
scoreboard objectives add Health health {"text":"❤","color":"red"}
RCON_CMDS_ON_CONNECT: |-
scoreboard objectives setdisplay list Deaths
scoreboard objectives setdisplay belowName Health
# Pack-specific stuff
TYPE: "Forge"
MOTD: "We're doing it a-fucking-gain!"
VERSION: "1.20.1"
FORGE_VERSION: "47.3.11"
MAX_MEMORY: "8G"
#GENERIC_PACKS: "Server Files 1.3.7"
#GENERIC_PACKS_PREFIX: "https://mediafilez.forgecdn.net/files/5832/451/"
#GENERIC_PACKS_SUFFIX: ".zip"
#SKIP_GENERIC_PACK_UPDATE_CHECK: "true"
#VIEW_DISTANCE: "10"
ports:
- "25565:25565/tcp"
- "25565:25565/udp"
- "24454:24454/udp"
# Prometheus exporter for Forge
# https://www.curseforge.com/minecraft/mc-mods/prometheus-exporter
- "19566:19565/tcp"
# Prometheus exporter for Fabric
# https://modrinth.com/mod/fabricexporter
#- "19565:25585/tcp"
volumes:
- /data/minecraft/weedie:/data
tags: [ docker, minecraft, weedie ]

View File

@ -0,0 +1,47 @@
# vim:ft=ansible:
- name: ensure docker network
docker_network: name=satisfactory
tags: [ satisfactory, docker, network ]
- name: docker deploy satisfactory
docker_container:
name: satisfactory
state: absent
image: wolveix/satisfactory-server:latest
restart_policy: unless-stopped
pull: yes
networks:
- name: satisfactory
aliases: [ "gameserver" ]
env:
MAXPLAYERS: "8"
# We have this turned on for modding's sake
#SKIPUPDATE: "true"
ports:
- '7777:7777/udp'
- '7777:7777/tcp'
volumes:
- /data/satisfactory/config:/config
tags: [ docker, satisfactory ]
- name: docker deploy satisfactory sftp
docker_container:
name: satisfactory-sftp
state: started
image: atmoz/sftp
restart_policy: unless-stopped
pull: yes
ulimits:
- 'nofile:262144:262144'
ports:
- '7776:22/tcp'
volumes:
- /data/satisfactory/config:/home/servermgr/game
command: 'servermgr:{{ server_password }}:1000'
vars:
server_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
33336138656461646462323661363336623235333861663730373535656331623230313334353239
6535623833343237626161383833663435643262376133320a616634613764396661316332373339
33633662366666623931643635313162366339306539666632643437396637616632633432326631
3038333932623638390a386362653463306338326436396230633562313466336464663764643461
3134
tags: [ docker, satisfactory, sidecar, sftp ]

View File

@ -31,7 +31,7 @@
- name: docker deploy grafana matrix bridge
docker_container:
name: grafana-matrix-bridge
image: registry.gitlab.com/hectorjsmith/grafana-matrix-forwarder:latest
image: registry.gitlab.com/hctrdev/grafana-matrix-forwarder:latest
env:
GMF_MATRIX_USER: "@grafana:desu.ltd"
GMF_MATRIX_PASSWORD: "{{ secret_grafana_matrix_token }}"

View File

@ -2,6 +2,7 @@
- name: docker deploy lidarr
docker_container:
name: lidarr
state: absent
image: linuxserver/lidarr:latest
networks:
- name: web
@ -9,7 +10,10 @@
env:
TZ: "America/Chicago"
volumes:
# https://github.com/RandomNinjaAtk/arr-scripts?tab=readme-ov-file
- /data/lidarr/config:/config
- /data/lidarr/custom-services.d:/custom-services.d
- /data/lidarr/custom-cont-init.d:/custom-cont-init.d
- /data/shared/downloads:/data
- /data/shared/media/music:/music
tags: [ docker, lidarr ]

View File

@ -0,0 +1,18 @@
# vim:ft=ansible:
- name: docker deploy navidrome
docker_container:
name: navidrome
state: absent
image: deluan/navidrome:latest
user: 911:911
env:
ND_BASEURL: "https://music.desu.ltd"
ND_PROMETHEUS_ENABLED: "true"
ND_LOGLEVEL: "info"
networks:
- name: web
aliases: [ "navidrome" ]
volumes:
- /data/navidrome/data:/data
- /data/shared/media/music:/music:ro
tags: [ docker, navidrome ]

View File

@ -2,7 +2,7 @@
- name: docker deploy synapse
docker_container:
name: synapse
image: ghcr.io/element-hq/synapse:latest
image: matrixdotorg/synapse:latest
env:
TZ: "America/Chicago"
SYNAPSE_SERVER_NAME: matrix.desu.ltd

View File

@ -14,50 +14,3 @@
notify: restart backup timer
- name: enable timer
ansible.builtin.systemd: name=backup.timer state=started enabled=yes daemon_reload=yes
- name: deploy kopia
block:
- name: ensure kopia dirs
ansible.builtin.file:
state: directory
owner: root
group: root
mode: "0750"
path: "{{ item }}"
with_items:
- /data/kopia/config
- /data/kopia/cache
- /data/kopia/logs
- name: template out password file
copy:
content: "{{ backup_kopia_password }}"
owner: root
group: root
mode: "0600"
dest: /data/kopia/config/repository.config.kopia-password
- name: template out configuration file
template:
src: repository.config.j2
owner: root
group: root
mode: "0600"
dest: /data/kopia/config/repository.config
- name: deploy kopia
community.docker.docker_container:
name: kopia
image: kopia/kopia:latest
env:
KOPIA_PASSWORD: "{{ backup_kopia_password }}"
command:
- "repository"
- "connect"
- "from-config"
- "--file"
- "/app/config/repository.config"
volumes:
- /data/kopia/config:/app/config
- /data/kopia/cache:/app/cache
- /data/kopia/logs:/app/logs
# Shared tmp so Kopia can dump restorable backups to the host
- /tmp:/tmp:shared
# And a RO mount for the host so it can be backed up
- /:/host:ro,rslave

View File

@ -3,11 +3,15 @@
Description=Nightly backup service
After=network-online.target
Wants=network-online.target
StartLimitInterval=600
StartLimitBurst=5
[Service]
Type=oneshot
MemoryMax=256M
ExecStart=/opt/backup.sh
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target

View File

@ -1,21 +0,0 @@
{
"storage": {
"type": "b2",
"config": {
"bucket": "desultd-kopia",
"keyID": "{{ backup_kopia_access_key_id }}",
"key": "{{ backup_kopia_secret_access_key }}"
}
},
"caching": {
"cacheDirectory": "/app/cache/cachedir",
"maxCacheSize": 5242880000,
"maxMetadataCacheSize": 5242880000,
"maxListCacheDuration": 30
},
"hostname": "{{ inventory_hostname }}",
"username": "salt",
"description": "Desu LTD Backups",
"enableActions": false,
"formatBlobCacheDuration": 900000000000
}

View File

@ -44,10 +44,8 @@
- name: configure rpm-ostree packages
community.general.rpm_ostree_pkg:
name:
- awscli
- htop
- ibm-plex-fonts-all
- ncdu
- screen
- vim
when: ansible_os_family == "RedHat" and ansible_pkg_mgr == "atomic_container"

View File

@ -153,17 +153,31 @@ desktop_flatpak_remotes:
url: "https://dl.flathub.org/repo/flathub.flatpakrepo"
- name: flathub-beta
url: "https://flathub.org/beta-repo/flathub-beta.flatpakrepo"
# - name: unmojang
# url: "https://unmojang.github.io/unmojang-flatpak/index.flatpakrepo"
desktop_flatpak_remotes_extra: []
desktop_flatpak_packages:
- remote: flathub
packages:
- com.discordapp.Discord
- com.obsproject.Studio
- com.github.KRTirtho.Spotube
- com.github.Matoking.protontricks
- com.github.tchx84.Flatseal
- com.nextcloud.desktopclient.nextcloud
- com.valvesoftware.Steam
- dev.vencord.Vesktop
- im.riot.Riot
- io.freetubeapp.FreeTube
- io.kopia.KopiaUI
- io.mpv.Mpv
- net.minetest.Minetest
- org.DolphinEmu.dolphin-emu
- org.gnucash.GnuCash
- org.mozilla.firefox
- remote: flathub-beta
packages:
- net.lutris.Lutris
- org.mozilla.Thunderbird
- org.openscad.OpenSCAD
- org.qbittorrent.qBittorrent
# - remote: unmojang
# packages:
# - org.unmojang.FjordLauncher
desktop_flatpak_packages_extra: []

View File

@ -29,7 +29,7 @@
when: ansible_pkg_mgr == "apt"
- name: configure pip3 packages
ansible.builtin.pip: executable=/usr/bin/pip3 state=latest name="{{ desktop_pip3_packages + desktop_pip3_packages_extra }}"
when: ansible_os_family != "Gentoo"
when: ansible_pkg_mgr == "apt"
- name: configure flatpak
block:
- name: configure flatpak remotes

View File

@ -9,7 +9,7 @@
image: manios/nagios:latest
pull: yes
restart_policy: unless-stopped
state: started
state: absent
env:
NAGIOSADMIN_USER: admin
NAGIOSADMIN_PASS: "{{ nagios_admin_pass }}"

View File

@ -24,6 +24,7 @@
community.docker.docker_container:
name: prometheus
image: prom/prometheus:latest
restart_policy: unless-stopped
user: 5476:5476
env:
TZ: "America/Chicago"
@ -55,6 +56,7 @@
community.docker.docker_container:
name: prometheus-blackbox
image: quay.io/prometheus/blackbox-exporter:latest
restart_policy: unless-stopped
user: 5476:5476
command:
- '--config.file=/config/blackbox.yml'

View File

@ -83,6 +83,46 @@ scrape_configs:
{% endfor %}
{% endfor %}
# This job takes in information from Netbox on the generic "prom-metrics" tag
# It's useful for all sorts of stuff
- job_name: "generic"
scheme: "https"
static_configs:
- targets:
{% for host in groups['tags_nagios'] %}
{% set vars = hostvars[host] %}
{% for service in vars.services %}
{% for tag in service.tags %}
{# #}
{% if tag.slug == "prom-metrics" %}
{% for port in service.ports %}
- "{{ service.name }}:{{ port }}"
{% endfor %}
{% endif %}
{# #}
{% endfor %}
{% endfor %}
{% endfor %}
# This one does the same thing but for HTTP-only clients
- job_name: "generic-http"
scheme: "http"
static_configs:
- targets:
{% for host in groups['tags_nagios'] %}
{% set vars = hostvars[host] %}
{% for service in vars.services %}
{% for tag in service.tags %}
{# #}
{% if tag.slug == "prom-metrics-http" %}
{% for port in service.ports %}
- "{{ service.name }}:{{ port }}"
{% endfor %}
{% endif %}
{# #}
{% endfor %}
{% endfor %}
{% endfor %}
# These two jobs are included for every node in our inventory
- job_name: "node-exporter"
static_configs: