Compare commits
1 Commits
Author | SHA1 | Date | |
---|---|---|---|
a0815b3100 |
@ -81,6 +81,11 @@ Common:
|
|||||||
stage: play-main
|
stage: play-main
|
||||||
script:
|
script:
|
||||||
- ansible-playbook --skip-tags no-auto playbooks/site_common.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file ~/.vault_pass
|
- ansible-playbook --skip-tags no-auto playbooks/site_common.yml --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file ~/.vault_pass
|
||||||
|
Nagios:
|
||||||
|
stage: play-main
|
||||||
|
retry: 1
|
||||||
|
script:
|
||||||
|
- ansible-playbook -l vm-general-1.ashburn.mgmt.desu.ltd playbooks/prod_web.yml --tags nagios --ssh-common-args='-o ProxyCommand="ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"' --vault-password-file ~/.vault_pass
|
||||||
|
|
||||||
# CLEANUP
|
# CLEANUP
|
||||||
Cleanup:
|
Cleanup:
|
||||||
|
@ -50,7 +50,29 @@ backup_s3_aws_secret_access_key: !vault |
|
|||||||
3635616437373236650a353661343131303332376161316664333833393833373830623130666633
|
3635616437373236650a353661343131303332376161316664333833393833373830623130666633
|
||||||
66356130646434653039363863346630363931383832353637636131626530616434
|
66356130646434653039363863346630363931383832353637636131626530616434
|
||||||
backup_s3_aws_endpoint_url: "https://s3.us-east-005.backblazeb2.com"
|
backup_s3_aws_endpoint_url: "https://s3.us-east-005.backblazeb2.com"
|
||||||
|
backup_kopia_bucket_name: desultd-kopia
|
||||||
|
backup_kopia_access_key_id: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
34633366656134376166636164643233353461396263313237653032353764613737393865373763
|
||||||
|
6665633239396333633132323936343030346362333734640a356631373230383663383530333434
|
||||||
|
32386639393135373236373263363365366163346234643135363766666666373938373135653663
|
||||||
|
3836623735393563610a613332623965633032356266643638386230323965366233353930313239
|
||||||
|
38666562326232353165323934303966643630383235393830613939616330333839
|
||||||
|
backup_kopia_secret_access_key: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
31373662326464396136346663626635363332303862613466316236333431636136373038666531
|
||||||
|
6630616565613431323464373862373963356335643435360a353665356163313635393137363330
|
||||||
|
66383531326535653066386432646464346161336363373334313064303261616238613564396439
|
||||||
|
6439333432653862370a303461346438623263636364633437356432613831366462666666303633
|
||||||
|
63643862643033376363353836616137366432336339383931363837353161373036
|
||||||
|
backup_kopia_password: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
34306564393161336162633833356464373065643633343935373566316465373939663838343537
|
||||||
|
3831343963666432323538636665663733353435636337340a633738306463646133643730333032
|
||||||
|
33303962306136636163623930306238666633333738373435636366666339623562323531323732
|
||||||
|
3330633238386336330a346431383233383533303131323736306636353033356538303264383963
|
||||||
|
37306461613834643063383965356664326265383431336332303333636365316163363437343634
|
||||||
|
6439613537396535656361616365386261336139366133393637
|
||||||
|
|
||||||
# For zerotier
|
# For zerotier
|
||||||
zerotier_personal_network_id: !vault |
|
zerotier_personal_network_id: !vault |
|
||||||
|
@ -21,3 +21,9 @@
|
|||||||
- hosts: dsk-ryzen-1.ws.mgmt.desu.ltd
|
- hosts: dsk-ryzen-1.ws.mgmt.desu.ltd
|
||||||
roles:
|
roles:
|
||||||
- role: desktop
|
- role: desktop
|
||||||
|
- role: backup
|
||||||
|
vars:
|
||||||
|
backup_s3backup_tar_args_extra: h
|
||||||
|
backup_s3backup_list_extra:
|
||||||
|
- /home/salt/.backup/
|
||||||
|
tags: [ backup ]
|
@ -109,10 +109,6 @@
|
|||||||
- record: prometheus.desu.ltd
|
- record: prometheus.desu.ltd
|
||||||
value: vm-general-1.ashburn.mgmt.desu.ltd
|
value: vm-general-1.ashburn.mgmt.desu.ltd
|
||||||
# Public media stuff
|
# Public media stuff
|
||||||
- record: music.desu.ltd
|
|
||||||
value: vm-general-1.ashburn.mgmt.desu.ltd
|
|
||||||
- record: lidarr.media.desu.ltd
|
|
||||||
value: vm-general-1.ashburn.mgmt.desu.ltd
|
|
||||||
- record: prowlarr.media.desu.ltd
|
- record: prowlarr.media.desu.ltd
|
||||||
value: vm-general-1.ashburn.mgmt.desu.ltd
|
value: vm-general-1.ashburn.mgmt.desu.ltd
|
||||||
- record: sonarr.media.desu.ltd
|
- record: sonarr.media.desu.ltd
|
||||||
|
@ -8,7 +8,6 @@
|
|||||||
ansible.builtin.docker_container:
|
ansible.builtin.docker_container:
|
||||||
name: prometheus-psql-exporter
|
name: prometheus-psql-exporter
|
||||||
image: quay.io/prometheuscommunity/postgres-exporter
|
image: quay.io/prometheuscommunity/postgres-exporter
|
||||||
restart_policy: unless-stopped
|
|
||||||
env:
|
env:
|
||||||
DATA_SOURCE_URI: "10.0.0.2:5432/postgres"
|
DATA_SOURCE_URI: "10.0.0.2:5432/postgres"
|
||||||
DATA_SOURCE_USER: "nagios"
|
DATA_SOURCE_USER: "nagios"
|
||||||
|
@ -29,8 +29,6 @@
|
|||||||
- web/nextcloud.yml
|
- web/nextcloud.yml
|
||||||
- web/synapse.yml
|
- web/synapse.yml
|
||||||
# Backend web services
|
# Backend web services
|
||||||
- web/lidarr.yml
|
|
||||||
- web/navidrome.yml
|
|
||||||
- web/prowlarr.yml
|
- web/prowlarr.yml
|
||||||
- web/radarr.yml
|
- web/radarr.yml
|
||||||
- web/sonarr.yml
|
- web/sonarr.yml
|
||||||
@ -39,10 +37,8 @@
|
|||||||
# Games
|
# Games
|
||||||
- game/factorio.yml
|
- game/factorio.yml
|
||||||
- game/minecraft-createfarming.yml
|
- game/minecraft-createfarming.yml
|
||||||
- game/minecraft-magicpack.yml
|
- game/minecraft-direwolf20.yml
|
||||||
- game/minecraft-weedie.yml
|
|
||||||
- game/zomboid.yml
|
- game/zomboid.yml
|
||||||
- game/satisfactory.yml
|
|
||||||
tags: [ always ]
|
tags: [ always ]
|
||||||
roles:
|
roles:
|
||||||
- role: backup
|
- role: backup
|
||||||
@ -51,9 +47,7 @@
|
|||||||
- /app/gitea/gitea
|
- /app/gitea/gitea
|
||||||
- /data
|
- /data
|
||||||
backup_s3backup_exclude_list_extra:
|
backup_s3backup_exclude_list_extra:
|
||||||
- /data/minecraft/magicpack/backups
|
|
||||||
- /data/minecraft/direwolf20/backups
|
- /data/minecraft/direwolf20/backups
|
||||||
- /data/minecraft/weedie/backups
|
|
||||||
- /data/shared/media
|
- /data/shared/media
|
||||||
- /data/shared/downloads
|
- /data/shared/downloads
|
||||||
- /data/zomboid/ZomboidDedicatedServer/steamapps/workshop
|
- /data/zomboid/ZomboidDedicatedServer/steamapps/workshop
|
||||||
@ -117,12 +111,12 @@
|
|||||||
pass: http://element:80
|
pass: http://element:80
|
||||||
directives:
|
directives:
|
||||||
- "client_max_body_size 0"
|
- "client_max_body_size 0"
|
||||||
|
- name: nagios.desu.ltd
|
||||||
|
proxy_pass: http://nagios:80
|
||||||
- name: nc.desu.ltd
|
- name: nc.desu.ltd
|
||||||
directives:
|
directives:
|
||||||
- "add_header Strict-Transport-Security \"max-age=31536000\""
|
- "add_header Strict-Transport-Security \"max-age=31536000\""
|
||||||
- "client_max_body_size 0"
|
- "client_max_body_size 0"
|
||||||
- "keepalive_requests 99999"
|
|
||||||
- "keepalive_timeout 600"
|
|
||||||
proxy_pass: http://nextcloud:80
|
proxy_pass: http://nextcloud:80
|
||||||
locations:
|
locations:
|
||||||
- location: "^~ /.well-known"
|
- location: "^~ /.well-known"
|
||||||
|
@ -3,11 +3,34 @@
|
|||||||
---
|
---
|
||||||
- hosts: tags_autoreboot
|
- hosts: tags_autoreboot
|
||||||
gather_facts: no
|
gather_facts: no
|
||||||
|
module_defaults:
|
||||||
|
nagios:
|
||||||
|
author: Ansible
|
||||||
|
action: downtime
|
||||||
|
cmdfile: /data/nagios/var/rw/nagios.cmd
|
||||||
|
comment: "Ansible tags_autoreboot task"
|
||||||
|
host: "{{ inventory_hostname }}"
|
||||||
|
minutes: 10
|
||||||
serial: 1
|
serial: 1
|
||||||
tasks:
|
tasks:
|
||||||
- name: check for reboot-required
|
- name: check for reboot-required
|
||||||
ansible.builtin.stat: path=/var/run/reboot-required
|
ansible.builtin.stat: path=/var/run/reboot-required
|
||||||
register: s
|
register: s
|
||||||
- name: reboot
|
- name: reboot
|
||||||
ansible.builtin.reboot: reboot_timeout=600
|
block:
|
||||||
|
- name: attempt to schedule downtime
|
||||||
|
block:
|
||||||
|
- name: register nagios host downtime
|
||||||
|
nagios:
|
||||||
|
service: host
|
||||||
|
delegate_to: vm-general-1.ashburn.mgmt.desu.ltd
|
||||||
|
- name: register nagios service downtime
|
||||||
|
nagios:
|
||||||
|
service: all
|
||||||
|
delegate_to: vm-general-1.ashburn.mgmt.desu.ltd
|
||||||
|
rescue:
|
||||||
|
- name: notify of failure to reboot
|
||||||
|
ansible.builtin.debug: msg="Miscellaneous failure when scheduling downtime"
|
||||||
|
- name: reboot
|
||||||
|
ansible.builtin.reboot: reboot_timeout=600
|
||||||
when: s.stat.exists
|
when: s.stat.exists
|
||||||
|
@ -2,65 +2,67 @@
|
|||||||
# vim:ft=ansible:
|
# vim:ft=ansible:
|
||||||
---
|
---
|
||||||
- hosts: tags_nagios
|
- hosts: tags_nagios
|
||||||
gather_facts: yes
|
gather_facts: no
|
||||||
|
roles:
|
||||||
|
- role: git
|
||||||
|
vars:
|
||||||
|
git_repos:
|
||||||
|
- repo: https://git.desu.ltd/salt/monitoring-scripts
|
||||||
|
dest: /usr/local/bin/monitoring-scripts
|
||||||
|
tags: [ nagios, git ]
|
||||||
tasks:
|
tasks:
|
||||||
|
- name: assure nagios plugin packages
|
||||||
|
ansible.builtin.apt: name=monitoring-plugins,nagios-plugins-contrib
|
||||||
|
tags: [ nagios ]
|
||||||
- name: assure nagios user
|
- name: assure nagios user
|
||||||
ansible.builtin.user: name=nagios-checker state=absent remove=yes
|
ansible.builtin.user: name=nagios-checker state=present system=yes
|
||||||
|
tags: [ nagios ]
|
||||||
|
- name: assure nagios user ssh key
|
||||||
|
authorized_key:
|
||||||
|
user: nagios-checker
|
||||||
|
state: present
|
||||||
|
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNavw28C0mKIQVRLQDW2aoovliU1XCGaenDhIMwumK/ Nagios monitoring"
|
||||||
tags: [ nagios ]
|
tags: [ nagios ]
|
||||||
- name: assure nagios user sudo rule file
|
- name: assure nagios user sudo rule file
|
||||||
ansible.builtin.file: path=/etc/sudoers.d/50-nagios-checker state=absent
|
ansible.builtin.file: path=/etc/sudoers.d/50-nagios-checker mode=0750 owner=root group=root state=touch modification_time=preserve access_time=preserve
|
||||||
tags: [ nagios, sudo ]
|
tags: [ nagios, sudo ]
|
||||||
- name: assure prometheus containers for docker hosts
|
- name: assure nagios user sudo rules
|
||||||
block:
|
ansible.builtin.lineinfile:
|
||||||
- name: assure prometheus node exporter
|
path: /etc/sudoers.d/50-nagios-checker
|
||||||
# https://github.com/prometheus/node_exporter
|
line: "nagios-checker ALL = (root) NOPASSWD: {{ item }}"
|
||||||
ansible.builtin.docker_container:
|
with_items:
|
||||||
name: prometheus-node-exporter
|
- /usr/lib/nagios/plugins/check_disk
|
||||||
image: quay.io/prometheus/node-exporter:latest
|
- /usr/local/bin/monitoring-scripts/check_docker
|
||||||
restart_policy: unless-stopped
|
- /usr/local/bin/monitoring-scripts/check_temp
|
||||||
command:
|
tags: [ nagios, sudo ]
|
||||||
- '--path.rootfs=/host'
|
- name: assure prometheus node exporter
|
||||||
- '--collector.interrupts'
|
# https://github.com/prometheus/node_exporter
|
||||||
- '--collector.processes'
|
ansible.builtin.docker_container:
|
||||||
network_mode: host
|
name: prometheus-node-exporter
|
||||||
pid_mode: host
|
image: quay.io/prometheus/node-exporter:latest
|
||||||
volumes:
|
command:
|
||||||
- /:/host:ro,rslave
|
- '--path.rootfs=/host'
|
||||||
tags: [ prometheus ]
|
- '--collector.interrupts'
|
||||||
- name: assure prometheus cadvisor exporter
|
- '--collector.processes'
|
||||||
ansible.builtin.docker_container:
|
network_mode: host
|
||||||
name: prometheus-cadvisor-exporter
|
pid_mode: host
|
||||||
image: gcr.io/cadvisor/cadvisor:latest
|
volumes:
|
||||||
restart_policy: unless-stopped
|
- /:/host:ro,rslave
|
||||||
ports:
|
tags: [ prometheus ]
|
||||||
- 9101:8080/tcp
|
- name: assure prometheus cadvisor exporter
|
||||||
volumes:
|
ansible.builtin.docker_container:
|
||||||
- /:/rootfs:ro
|
name: prometheus-cadvisor-exporter
|
||||||
- /var/run:/var/run:ro
|
image: gcr.io/cadvisor/cadvisor:latest
|
||||||
- /sys:/sys:ro
|
ports:
|
||||||
- /var/lib/docker:/var/lib/docker:ro
|
- 9101:8080/tcp
|
||||||
- /dev/disk:/dev/disk:ro
|
volumes:
|
||||||
devices:
|
- /:/rootfs:ro
|
||||||
- /dev/kmsg
|
- /var/run:/var/run:ro
|
||||||
when: ansible_pkg_mgr != "atomic_container"
|
- /sys:/sys:ro
|
||||||
- name: assure prometheus containers for coreos
|
- /var/lib/docker:/var/lib/docker:ro
|
||||||
block:
|
- /dev/disk:/dev/disk:ro
|
||||||
- name: assure prometheus node exporter
|
devices:
|
||||||
# https://github.com/prometheus/node_exporter
|
- /dev/kmsg
|
||||||
containers.podman.podman_container:
|
|
||||||
name: prometheus-node-exporter
|
|
||||||
image: quay.io/prometheus/node-exporter:latest
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
command:
|
|
||||||
- '--path.rootfs=/host'
|
|
||||||
- '--collector.interrupts'
|
|
||||||
- '--collector.processes'
|
|
||||||
network_mode: host
|
|
||||||
pid_mode: host
|
|
||||||
volumes:
|
|
||||||
- /:/host:ro,rslave
|
|
||||||
tags: [ prometheus ]
|
|
||||||
when: ansible_pkg_mgr == "atomic_container"
|
|
||||||
- hosts: all
|
- hosts: all
|
||||||
gather_facts: no
|
gather_facts: no
|
||||||
tasks:
|
tasks:
|
||||||
|
@ -2,28 +2,16 @@
|
|||||||
- name: docker deploy minecraft - create farming and delights
|
- name: docker deploy minecraft - create farming and delights
|
||||||
docker_container:
|
docker_container:
|
||||||
name: minecraft-createfarming
|
name: minecraft-createfarming
|
||||||
state: absent
|
state: started
|
||||||
image: itzg/minecraft-server:latest
|
image: itzg/minecraft-server:latest
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
pull: yes
|
||||||
env:
|
env:
|
||||||
# Common envvars
|
|
||||||
EULA: "true"
|
EULA: "true"
|
||||||
OPS: "VintageSalt"
|
|
||||||
SNOOPER_ENABLED: "false"
|
|
||||||
SPAWN_PROTECTION: "0"
|
|
||||||
USE_AIKAR_FLAGS: "true"
|
|
||||||
RCON_CMDS_STARTUP: |-
|
|
||||||
scoreboard objectives add Deaths deathCount
|
|
||||||
#scoreboard objectives add Health health {"text":"❤","color":"red"}
|
|
||||||
RCON_CMDS_ON_CONNECT: |-
|
|
||||||
scoreboard objectives setdisplay list Deaths
|
|
||||||
#scoreboard objectives setdisplay belowName Health
|
|
||||||
# Pack-specific stuff
|
|
||||||
MODRINTH_PROJECT: "https://modrinth.com/modpack/create-farmersdelight/version/1.0.0"
|
MODRINTH_PROJECT: "https://modrinth.com/modpack/create-farmersdelight/version/1.0.0"
|
||||||
MOTD: "Create Farming and Delights! Spinny trains!"
|
|
||||||
TYPE: "MODRINTH"
|
TYPE: "MODRINTH"
|
||||||
VERSION: "1.20.1"
|
VERSION: "1.20.1"
|
||||||
MAX_MEMORY: "6G"
|
MAX_MEMORY: "6G"
|
||||||
#VIEW_DISTANCE: "10"
|
|
||||||
ports:
|
ports:
|
||||||
- "25565:25565/tcp"
|
- "25565:25565/tcp"
|
||||||
- "25565:25565/udp"
|
- "25565:25565/udp"
|
||||||
|
34
playbooks/tasks/game/minecraft-direwolf20.yml
Normal file
34
playbooks/tasks/game/minecraft-direwolf20.yml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
- name: docker deploy minecraft - direwolf20
|
||||||
|
docker_container:
|
||||||
|
name: minecraft-direwolf20
|
||||||
|
state: absent
|
||||||
|
image: itzg/minecraft-server:latest
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
pull: yes
|
||||||
|
env:
|
||||||
|
EULA: "true"
|
||||||
|
GENERIC_PACK: "/modpacks/1.20.1-direwolf20/Da Bois.zip"
|
||||||
|
TYPE: "NEOFORGE"
|
||||||
|
VERSION: "1.20.1"
|
||||||
|
FORGE_VERSION: "47.1.105"
|
||||||
|
MEMORY: "8G"
|
||||||
|
MOTD: "Tannerite Dog Edition\\n#abolishtheatf"
|
||||||
|
OPS: "VintageSalt"
|
||||||
|
RCON_CMDS_STARTUP: |-
|
||||||
|
scoreboard objectives add Deaths deathCount
|
||||||
|
scoreboard objectives add Health health {"text":"❤","color":"red"}
|
||||||
|
RCON_CMDS_ON_CONNECT: |-
|
||||||
|
scoreboard objectives setdisplay list Deaths
|
||||||
|
scoreboard objectives setdisplay belowName Health
|
||||||
|
SNOOPER_ENABLED: "false"
|
||||||
|
SPAWN_PROTECTION: "0"
|
||||||
|
USE_AIKAR_FLAGS: "true"
|
||||||
|
VIEW_DISTANCE: "10"
|
||||||
|
ports:
|
||||||
|
- "25567:25565/tcp"
|
||||||
|
- "25567:25565/udp"
|
||||||
|
volumes:
|
||||||
|
- /data/srv/packs:/modpacks
|
||||||
|
- /data/minecraft/direwolf20:/data
|
||||||
|
tags: [ docker, minecraft, direwolf20 ]
|
@ -1,50 +0,0 @@
|
|||||||
# vim:ft=ansible:
|
|
||||||
- name: docker deploy minecraft - magicpack
|
|
||||||
docker_container:
|
|
||||||
name: minecraft-magicpack
|
|
||||||
state: absent
|
|
||||||
image: itzg/minecraft-server:java8
|
|
||||||
env:
|
|
||||||
# Common envvars
|
|
||||||
EULA: "true"
|
|
||||||
OPS: "VintageSalt"
|
|
||||||
SNOOPER_ENABLED: "false"
|
|
||||||
SPAWN_PROTECTION: "0"
|
|
||||||
USE_AIKAR_FLAGS: "true"
|
|
||||||
#
|
|
||||||
# This enables the use of Ely.by as an auth and skin server
|
|
||||||
# Comment this and the above line out if you'd like to use Mojang's
|
|
||||||
# https://docs.ely.by/en/authlib-injector.html
|
|
||||||
#
|
|
||||||
# All players should register on Ely.by in order for this to work.
|
|
||||||
# They should also use Fjord Launcher by Unmojang:
|
|
||||||
# https://github.com/unmojang/FjordLauncher
|
|
||||||
#
|
|
||||||
JVM_OPTS: "-javaagent:/authlib-injector.jar=ely.by"
|
|
||||||
RCON_CMDS_STARTUP: |-
|
|
||||||
scoreboard objectives add Deaths deathCount
|
|
||||||
#scoreboard objectives add Health health {"text":"❤","color":"red"}
|
|
||||||
RCON_CMDS_ON_CONNECT: |-
|
|
||||||
scoreboard objectives setdisplay list Deaths
|
|
||||||
#scoreboard objectives setdisplay belowName Health
|
|
||||||
# Pack-specific stuff
|
|
||||||
MODRINTH_PROJECT: "https://srv.9iron.club/files/packs/1.7.10-magicpack/server.mrpack"
|
|
||||||
MOTD: "It's ya boy, uh, skrunkly modpack"
|
|
||||||
TYPE: "MODRINTH"
|
|
||||||
VERSION: "1.7.10"
|
|
||||||
MAX_MEMORY: "6G"
|
|
||||||
#VIEW_DISTANCE: "10"
|
|
||||||
ports:
|
|
||||||
- "25565:25565/tcp"
|
|
||||||
- "25565:25565/udp"
|
|
||||||
- "24454:24454/udp"
|
|
||||||
# Prometheus exporter for Forge
|
|
||||||
# https://www.curseforge.com/minecraft/mc-mods/prometheus-exporter
|
|
||||||
- "19565:19565/tcp"
|
|
||||||
# Prometheus exporter for Fabric
|
|
||||||
# https://modrinth.com/mod/fabricexporter
|
|
||||||
#- "19565:25585/tcp"
|
|
||||||
volumes:
|
|
||||||
- /data/minecraft/magicpack:/data
|
|
||||||
- /data/minecraft/authlib-injector-1.2.5.jar:/authlib-injector.jar
|
|
||||||
tags: [ docker, minecraft, magicpack ]
|
|
33
playbooks/tasks/game/minecraft-vanilla.yml
Normal file
33
playbooks/tasks/game/minecraft-vanilla.yml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
- name: docker deploy minecraft - vanilla
|
||||||
|
docker_container:
|
||||||
|
name: minecraft-vanilla
|
||||||
|
state: absent
|
||||||
|
image: itzg/minecraft-server:latest
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
pull: yes
|
||||||
|
env:
|
||||||
|
DIFFICULTY: "normal"
|
||||||
|
ENABLE_COMMAND_BLOCK: "true"
|
||||||
|
EULA: "true"
|
||||||
|
MAX_PLAYERS: "8"
|
||||||
|
MODRINTH_PROJECT: "https://modrinth.com/modpack/adrenaserver"
|
||||||
|
MOTD: "Tannerite Dog Edition\\n#abolishtheatf"
|
||||||
|
OPS: "VintageSalt"
|
||||||
|
RCON_CMDS_STARTUP: |-
|
||||||
|
scoreboard objectives add Deaths deathCount
|
||||||
|
scoreboard objectives add Health health {"text":"❤","color":"red"}
|
||||||
|
RCON_CMDS_ON_CONNECT: |-
|
||||||
|
scoreboard objectives setdisplay list Deaths
|
||||||
|
scoreboard objectives setdisplay belowName Health
|
||||||
|
SNOOPER_ENABLED: "false"
|
||||||
|
SPAWN_PROTECTION: "0"
|
||||||
|
TYPE: "MODRINTH"
|
||||||
|
USE_AIKAR_FLAGS: "true"
|
||||||
|
VIEW_DISTANCE: "12"
|
||||||
|
ports:
|
||||||
|
- "26565:25565/tcp"
|
||||||
|
- "26565:25565/udp"
|
||||||
|
volumes:
|
||||||
|
- /data/minecraft/vanilla:/data
|
||||||
|
tags: [ docker, minecraft ]
|
@ -1,44 +0,0 @@
|
|||||||
# vim:ft=ansible:
|
|
||||||
- name: docker deploy minecraft - weediewack next gen pack
|
|
||||||
docker_container:
|
|
||||||
name: minecraft-weedie
|
|
||||||
state: started
|
|
||||||
image: itzg/minecraft-server:latest
|
|
||||||
env:
|
|
||||||
# Common envvars
|
|
||||||
EULA: "true"
|
|
||||||
OPS: "VintageSalt"
|
|
||||||
SNOOPER_ENABLED: "false"
|
|
||||||
SPAWN_PROTECTION: "0"
|
|
||||||
USE_AIKAR_FLAGS: "true"
|
|
||||||
ALLOW_FLIGHT: "true"
|
|
||||||
RCON_CMDS_STARTUP: |-
|
|
||||||
scoreboard objectives add Deaths deathCount
|
|
||||||
scoreboard objectives add Health health {"text":"❤","color":"red"}
|
|
||||||
RCON_CMDS_ON_CONNECT: |-
|
|
||||||
scoreboard objectives setdisplay list Deaths
|
|
||||||
scoreboard objectives setdisplay belowName Health
|
|
||||||
# Pack-specific stuff
|
|
||||||
TYPE: "Forge"
|
|
||||||
MOTD: "We're doing it a-fucking-gain!"
|
|
||||||
VERSION: "1.20.1"
|
|
||||||
FORGE_VERSION: "47.3.11"
|
|
||||||
MAX_MEMORY: "8G"
|
|
||||||
#GENERIC_PACKS: "Server Files 1.3.7"
|
|
||||||
#GENERIC_PACKS_PREFIX: "https://mediafilez.forgecdn.net/files/5832/451/"
|
|
||||||
#GENERIC_PACKS_SUFFIX: ".zip"
|
|
||||||
#SKIP_GENERIC_PACK_UPDATE_CHECK: "true"
|
|
||||||
#VIEW_DISTANCE: "10"
|
|
||||||
ports:
|
|
||||||
- "25565:25565/tcp"
|
|
||||||
- "25565:25565/udp"
|
|
||||||
- "24454:24454/udp"
|
|
||||||
# Prometheus exporter for Forge
|
|
||||||
# https://www.curseforge.com/minecraft/mc-mods/prometheus-exporter
|
|
||||||
- "19566:19565/tcp"
|
|
||||||
# Prometheus exporter for Fabric
|
|
||||||
# https://modrinth.com/mod/fabricexporter
|
|
||||||
#- "19565:25585/tcp"
|
|
||||||
volumes:
|
|
||||||
- /data/minecraft/weedie:/data
|
|
||||||
tags: [ docker, minecraft, weedie ]
|
|
@ -1,47 +0,0 @@
|
|||||||
# vim:ft=ansible:
|
|
||||||
- name: ensure docker network
|
|
||||||
docker_network: name=satisfactory
|
|
||||||
tags: [ satisfactory, docker, network ]
|
|
||||||
- name: docker deploy satisfactory
|
|
||||||
docker_container:
|
|
||||||
name: satisfactory
|
|
||||||
state: absent
|
|
||||||
image: wolveix/satisfactory-server:latest
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
pull: yes
|
|
||||||
networks:
|
|
||||||
- name: satisfactory
|
|
||||||
aliases: [ "gameserver" ]
|
|
||||||
env:
|
|
||||||
MAXPLAYERS: "8"
|
|
||||||
# We have this turned on for modding's sake
|
|
||||||
#SKIPUPDATE: "true"
|
|
||||||
ports:
|
|
||||||
- '7777:7777/udp'
|
|
||||||
- '7777:7777/tcp'
|
|
||||||
volumes:
|
|
||||||
- /data/satisfactory/config:/config
|
|
||||||
tags: [ docker, satisfactory ]
|
|
||||||
- name: docker deploy satisfactory sftp
|
|
||||||
docker_container:
|
|
||||||
name: satisfactory-sftp
|
|
||||||
state: started
|
|
||||||
image: atmoz/sftp
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
pull: yes
|
|
||||||
ulimits:
|
|
||||||
- 'nofile:262144:262144'
|
|
||||||
ports:
|
|
||||||
- '7776:22/tcp'
|
|
||||||
volumes:
|
|
||||||
- /data/satisfactory/config:/home/servermgr/game
|
|
||||||
command: 'servermgr:{{ server_password }}:1000'
|
|
||||||
vars:
|
|
||||||
server_password: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
33336138656461646462323661363336623235333861663730373535656331623230313334353239
|
|
||||||
6535623833343237626161383833663435643262376133320a616634613764396661316332373339
|
|
||||||
33633662366666623931643635313162366339306539666632643437396637616632633432326631
|
|
||||||
3038333932623638390a386362653463306338326436396230633562313466336464663764643461
|
|
||||||
3134
|
|
||||||
tags: [ docker, satisfactory, sidecar, sftp ]
|
|
@ -31,7 +31,7 @@
|
|||||||
- name: docker deploy grafana matrix bridge
|
- name: docker deploy grafana matrix bridge
|
||||||
docker_container:
|
docker_container:
|
||||||
name: grafana-matrix-bridge
|
name: grafana-matrix-bridge
|
||||||
image: registry.gitlab.com/hctrdev/grafana-matrix-forwarder:latest
|
image: registry.gitlab.com/hectorjsmith/grafana-matrix-forwarder:latest
|
||||||
env:
|
env:
|
||||||
GMF_MATRIX_USER: "@grafana:desu.ltd"
|
GMF_MATRIX_USER: "@grafana:desu.ltd"
|
||||||
GMF_MATRIX_PASSWORD: "{{ secret_grafana_matrix_token }}"
|
GMF_MATRIX_PASSWORD: "{{ secret_grafana_matrix_token }}"
|
||||||
|
@ -2,7 +2,6 @@
|
|||||||
- name: docker deploy lidarr
|
- name: docker deploy lidarr
|
||||||
docker_container:
|
docker_container:
|
||||||
name: lidarr
|
name: lidarr
|
||||||
state: absent
|
|
||||||
image: linuxserver/lidarr:latest
|
image: linuxserver/lidarr:latest
|
||||||
networks:
|
networks:
|
||||||
- name: web
|
- name: web
|
||||||
@ -10,10 +9,7 @@
|
|||||||
env:
|
env:
|
||||||
TZ: "America/Chicago"
|
TZ: "America/Chicago"
|
||||||
volumes:
|
volumes:
|
||||||
# https://github.com/RandomNinjaAtk/arr-scripts?tab=readme-ov-file
|
|
||||||
- /data/lidarr/config:/config
|
- /data/lidarr/config:/config
|
||||||
- /data/lidarr/custom-services.d:/custom-services.d
|
|
||||||
- /data/lidarr/custom-cont-init.d:/custom-cont-init.d
|
|
||||||
- /data/shared/downloads:/data
|
- /data/shared/downloads:/data
|
||||||
- /data/shared/media/music:/music
|
- /data/shared/media/music:/music
|
||||||
tags: [ docker, lidarr ]
|
tags: [ docker, lidarr ]
|
||||||
|
@ -1,18 +0,0 @@
|
|||||||
# vim:ft=ansible:
|
|
||||||
- name: docker deploy navidrome
|
|
||||||
docker_container:
|
|
||||||
name: navidrome
|
|
||||||
state: absent
|
|
||||||
image: deluan/navidrome:latest
|
|
||||||
user: 911:911
|
|
||||||
env:
|
|
||||||
ND_BASEURL: "https://music.desu.ltd"
|
|
||||||
ND_PROMETHEUS_ENABLED: "true"
|
|
||||||
ND_LOGLEVEL: "info"
|
|
||||||
networks:
|
|
||||||
- name: web
|
|
||||||
aliases: [ "navidrome" ]
|
|
||||||
volumes:
|
|
||||||
- /data/navidrome/data:/data
|
|
||||||
- /data/shared/media/music:/music:ro
|
|
||||||
tags: [ docker, navidrome ]
|
|
@ -2,7 +2,7 @@
|
|||||||
- name: docker deploy synapse
|
- name: docker deploy synapse
|
||||||
docker_container:
|
docker_container:
|
||||||
name: synapse
|
name: synapse
|
||||||
image: matrixdotorg/synapse:latest
|
image: ghcr.io/element-hq/synapse:latest
|
||||||
env:
|
env:
|
||||||
TZ: "America/Chicago"
|
TZ: "America/Chicago"
|
||||||
SYNAPSE_SERVER_NAME: matrix.desu.ltd
|
SYNAPSE_SERVER_NAME: matrix.desu.ltd
|
||||||
|
@ -14,3 +14,50 @@
|
|||||||
notify: restart backup timer
|
notify: restart backup timer
|
||||||
- name: enable timer
|
- name: enable timer
|
||||||
ansible.builtin.systemd: name=backup.timer state=started enabled=yes daemon_reload=yes
|
ansible.builtin.systemd: name=backup.timer state=started enabled=yes daemon_reload=yes
|
||||||
|
- name: deploy kopia
|
||||||
|
block:
|
||||||
|
- name: ensure kopia dirs
|
||||||
|
ansible.builtin.file:
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0750"
|
||||||
|
path: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- /data/kopia/config
|
||||||
|
- /data/kopia/cache
|
||||||
|
- /data/kopia/logs
|
||||||
|
- name: template out password file
|
||||||
|
copy:
|
||||||
|
content: "{{ backup_kopia_password }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0600"
|
||||||
|
dest: /data/kopia/config/repository.config.kopia-password
|
||||||
|
- name: template out configuration file
|
||||||
|
template:
|
||||||
|
src: repository.config.j2
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0600"
|
||||||
|
dest: /data/kopia/config/repository.config
|
||||||
|
- name: deploy kopia
|
||||||
|
community.docker.docker_container:
|
||||||
|
name: kopia
|
||||||
|
image: kopia/kopia:latest
|
||||||
|
env:
|
||||||
|
KOPIA_PASSWORD: "{{ backup_kopia_password }}"
|
||||||
|
command:
|
||||||
|
- "repository"
|
||||||
|
- "connect"
|
||||||
|
- "from-config"
|
||||||
|
- "--file"
|
||||||
|
- "/app/config/repository.config"
|
||||||
|
volumes:
|
||||||
|
- /data/kopia/config:/app/config
|
||||||
|
- /data/kopia/cache:/app/cache
|
||||||
|
- /data/kopia/logs:/app/logs
|
||||||
|
# Shared tmp so Kopia can dump restorable backups to the host
|
||||||
|
- /tmp:/tmp:shared
|
||||||
|
# And a RO mount for the host so it can be backed up
|
||||||
|
- /:/host:ro,rslave
|
||||||
|
@ -3,15 +3,11 @@
|
|||||||
Description=Nightly backup service
|
Description=Nightly backup service
|
||||||
After=network-online.target
|
After=network-online.target
|
||||||
Wants=network-online.target
|
Wants=network-online.target
|
||||||
StartLimitInterval=600
|
|
||||||
StartLimitBurst=5
|
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
MemoryMax=256M
|
MemoryMax=256M
|
||||||
ExecStart=/opt/backup.sh
|
ExecStart=/opt/backup.sh
|
||||||
Restart=on-failure
|
|
||||||
RestartSec=5
|
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
21
roles/backup/templates/repository.config.j2
Normal file
21
roles/backup/templates/repository.config.j2
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
{
|
||||||
|
"storage": {
|
||||||
|
"type": "b2",
|
||||||
|
"config": {
|
||||||
|
"bucket": "desultd-kopia",
|
||||||
|
"keyID": "{{ backup_kopia_access_key_id }}",
|
||||||
|
"key": "{{ backup_kopia_secret_access_key }}"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"caching": {
|
||||||
|
"cacheDirectory": "/app/cache/cachedir",
|
||||||
|
"maxCacheSize": 5242880000,
|
||||||
|
"maxMetadataCacheSize": 5242880000,
|
||||||
|
"maxListCacheDuration": 30
|
||||||
|
},
|
||||||
|
"hostname": "{{ inventory_hostname }}",
|
||||||
|
"username": "salt",
|
||||||
|
"description": "Desu LTD Backups",
|
||||||
|
"enableActions": false,
|
||||||
|
"formatBlobCacheDuration": 900000000000
|
||||||
|
}
|
@ -44,8 +44,10 @@
|
|||||||
- name: configure rpm-ostree packages
|
- name: configure rpm-ostree packages
|
||||||
community.general.rpm_ostree_pkg:
|
community.general.rpm_ostree_pkg:
|
||||||
name:
|
name:
|
||||||
|
- awscli
|
||||||
- htop
|
- htop
|
||||||
- ibm-plex-fonts-all
|
- ibm-plex-fonts-all
|
||||||
- ncdu
|
- ncdu
|
||||||
|
- screen
|
||||||
- vim
|
- vim
|
||||||
when: ansible_os_family == "RedHat" and ansible_pkg_mgr == "atomic_container"
|
when: ansible_os_family == "RedHat" and ansible_pkg_mgr == "atomic_container"
|
||||||
|
@ -153,31 +153,17 @@ desktop_flatpak_remotes:
|
|||||||
url: "https://dl.flathub.org/repo/flathub.flatpakrepo"
|
url: "https://dl.flathub.org/repo/flathub.flatpakrepo"
|
||||||
- name: flathub-beta
|
- name: flathub-beta
|
||||||
url: "https://flathub.org/beta-repo/flathub-beta.flatpakrepo"
|
url: "https://flathub.org/beta-repo/flathub-beta.flatpakrepo"
|
||||||
# - name: unmojang
|
|
||||||
# url: "https://unmojang.github.io/unmojang-flatpak/index.flatpakrepo"
|
|
||||||
desktop_flatpak_remotes_extra: []
|
desktop_flatpak_remotes_extra: []
|
||||||
|
|
||||||
desktop_flatpak_packages:
|
desktop_flatpak_packages:
|
||||||
- remote: flathub
|
- remote: flathub
|
||||||
packages:
|
packages:
|
||||||
- com.github.KRTirtho.Spotube
|
- com.discordapp.Discord
|
||||||
- com.github.Matoking.protontricks
|
- com.obsproject.Studio
|
||||||
- com.github.tchx84.Flatseal
|
|
||||||
- com.nextcloud.desktopclient.nextcloud
|
|
||||||
- com.valvesoftware.Steam
|
|
||||||
- dev.vencord.Vesktop
|
|
||||||
- im.riot.Riot
|
|
||||||
- io.freetubeapp.FreeTube
|
|
||||||
- io.kopia.KopiaUI
|
|
||||||
- io.mpv.Mpv
|
|
||||||
- net.minetest.Minetest
|
- net.minetest.Minetest
|
||||||
- org.DolphinEmu.dolphin-emu
|
- org.DolphinEmu.dolphin-emu
|
||||||
- org.gnucash.GnuCash
|
|
||||||
- org.mozilla.firefox
|
- org.mozilla.firefox
|
||||||
- org.mozilla.Thunderbird
|
- remote: flathub-beta
|
||||||
- org.openscad.OpenSCAD
|
packages:
|
||||||
- org.qbittorrent.qBittorrent
|
- net.lutris.Lutris
|
||||||
# - remote: unmojang
|
|
||||||
# packages:
|
|
||||||
# - org.unmojang.FjordLauncher
|
|
||||||
desktop_flatpak_packages_extra: []
|
desktop_flatpak_packages_extra: []
|
||||||
|
@ -29,7 +29,7 @@
|
|||||||
when: ansible_pkg_mgr == "apt"
|
when: ansible_pkg_mgr == "apt"
|
||||||
- name: configure pip3 packages
|
- name: configure pip3 packages
|
||||||
ansible.builtin.pip: executable=/usr/bin/pip3 state=latest name="{{ desktop_pip3_packages + desktop_pip3_packages_extra }}"
|
ansible.builtin.pip: executable=/usr/bin/pip3 state=latest name="{{ desktop_pip3_packages + desktop_pip3_packages_extra }}"
|
||||||
when: ansible_pkg_mgr == "apt"
|
when: ansible_os_family != "Gentoo"
|
||||||
- name: configure flatpak
|
- name: configure flatpak
|
||||||
block:
|
block:
|
||||||
- name: configure flatpak remotes
|
- name: configure flatpak remotes
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
image: manios/nagios:latest
|
image: manios/nagios:latest
|
||||||
pull: yes
|
pull: yes
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
state: absent
|
state: started
|
||||||
env:
|
env:
|
||||||
NAGIOSADMIN_USER: admin
|
NAGIOSADMIN_USER: admin
|
||||||
NAGIOSADMIN_PASS: "{{ nagios_admin_pass }}"
|
NAGIOSADMIN_PASS: "{{ nagios_admin_pass }}"
|
||||||
|
@ -24,7 +24,6 @@
|
|||||||
community.docker.docker_container:
|
community.docker.docker_container:
|
||||||
name: prometheus
|
name: prometheus
|
||||||
image: prom/prometheus:latest
|
image: prom/prometheus:latest
|
||||||
restart_policy: unless-stopped
|
|
||||||
user: 5476:5476
|
user: 5476:5476
|
||||||
env:
|
env:
|
||||||
TZ: "America/Chicago"
|
TZ: "America/Chicago"
|
||||||
@ -56,7 +55,6 @@
|
|||||||
community.docker.docker_container:
|
community.docker.docker_container:
|
||||||
name: prometheus-blackbox
|
name: prometheus-blackbox
|
||||||
image: quay.io/prometheus/blackbox-exporter:latest
|
image: quay.io/prometheus/blackbox-exporter:latest
|
||||||
restart_policy: unless-stopped
|
|
||||||
user: 5476:5476
|
user: 5476:5476
|
||||||
command:
|
command:
|
||||||
- '--config.file=/config/blackbox.yml'
|
- '--config.file=/config/blackbox.yml'
|
||||||
|
@ -83,46 +83,6 @@ scrape_configs:
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
# This job takes in information from Netbox on the generic "prom-metrics" tag
|
|
||||||
# It's useful for all sorts of stuff
|
|
||||||
- job_name: "generic"
|
|
||||||
scheme: "https"
|
|
||||||
static_configs:
|
|
||||||
- targets:
|
|
||||||
{% for host in groups['tags_nagios'] %}
|
|
||||||
{% set vars = hostvars[host] %}
|
|
||||||
{% for service in vars.services %}
|
|
||||||
{% for tag in service.tags %}
|
|
||||||
{# #}
|
|
||||||
{% if tag.slug == "prom-metrics" %}
|
|
||||||
{% for port in service.ports %}
|
|
||||||
- "{{ service.name }}:{{ port }}"
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{# #}
|
|
||||||
{% endfor %}
|
|
||||||
{% endfor %}
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
# This one does the same thing but for HTTP-only clients
|
|
||||||
- job_name: "generic-http"
|
|
||||||
scheme: "http"
|
|
||||||
static_configs:
|
|
||||||
- targets:
|
|
||||||
{% for host in groups['tags_nagios'] %}
|
|
||||||
{% set vars = hostvars[host] %}
|
|
||||||
{% for service in vars.services %}
|
|
||||||
{% for tag in service.tags %}
|
|
||||||
{# #}
|
|
||||||
{% if tag.slug == "prom-metrics-http" %}
|
|
||||||
{% for port in service.ports %}
|
|
||||||
- "{{ service.name }}:{{ port }}"
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
{# #}
|
|
||||||
{% endfor %}
|
|
||||||
{% endfor %}
|
|
||||||
{% endfor %}
|
|
||||||
# These two jobs are included for every node in our inventory
|
# These two jobs are included for every node in our inventory
|
||||||
- job_name: "node-exporter"
|
- job_name: "node-exporter"
|
||||||
static_configs:
|
static_configs:
|
||||||
|
Loading…
Reference in New Issue
Block a user