Compare commits
No commits in common. 'master' and 'networking' have entirely different histories.
master
...
networking
@ -1,18 +0,0 @@
|
||||
[submodule "roles/matrix-bridge-discord"]
|
||||
path = roles/matrix-bridge-discord
|
||||
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-discord.git
|
||||
[submodule "roles/matrix-bridge-facebook"]
|
||||
path = roles/matrix-bridge-facebook
|
||||
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-facebook.git
|
||||
[submodule "roles/matrix-bridge-signal"]
|
||||
path = roles/matrix-bridge-signal
|
||||
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-signal.git
|
||||
[submodule "roles/matrix-bridge-instagram"]
|
||||
path = roles/matrix-bridge-instagram
|
||||
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-instagram.git
|
||||
[submodule "roles/postgre"]
|
||||
path = roles/postgre
|
||||
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/postgre.git
|
||||
[submodule "roles/matrix-bridge-telegram"]
|
||||
path = roles/matrix-bridge-telegram
|
||||
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-telegram.git
|
@ -1,40 +0,0 @@
|
||||
# My todo list
|
||||
|
||||
Stuff that I should do but will probably never do.
|
||||
|
||||
## Polish the user role
|
||||
|
||||
The role is fine, but could use some default filter, like for the shell value.
|
||||
|
||||
Also, the variables are messy.
|
||||
|
||||
Also, a more atomique gestion of the users would be great.
|
||||
|
||||
## Create a role "generate certificate"
|
||||
|
||||
Curently, reverse_proxt_http and similare roles implement certbot themselves, and there is a role
|
||||
for generating self signed certificate.
|
||||
|
||||
It would be better to manage certbot in a role, to allow off-wan machine to use reverse_proxy_http with self signed certificates for instance.
|
||||
|
||||
Bonus point if the role chose whether to use certbot or a self-signed certificate (but the dependencie gestion could begin to get tricky :/ )
|
||||
|
||||
## Proxmox setup
|
||||
|
||||
setup:
|
||||
|
||||
- x509 for clickodrom
|
||||
- bind the clickodrom to a specific interface
|
||||
- remove the "please pay us" message
|
||||
- remove the enterprise apt repo
|
||||
|
||||
## VM setup
|
||||
|
||||
- create a VM from template using cloud init
|
||||
- add VM to dynamic inventory
|
||||
- use the cloud init account to connect to the new VM
|
||||
- setup the VM
|
||||
- disable cloud init
|
||||
- remove cloud init account and change the connenction variable for the vm
|
||||
|
||||
good luck
|
@ -1,14 +0,0 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: matrix
|
||||
roles:
|
||||
- synapse
|
||||
- matrix-bridge-discord
|
||||
- matrix-bridge-facebook
|
||||
- matrix-bridge-signal
|
||||
- matrix-bridge-instagram
|
||||
- matrix-bridge-telegram
|
||||
|
||||
- hosts: proxy
|
||||
roles:
|
||||
- rp_synapse
|
@ -1,12 +0,0 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts: prometheus_servers
|
||||
roles:
|
||||
- prometheus
|
||||
- prometheus-alert-manager
|
||||
- grafana
|
||||
- prometheus-blackbox-exporter
|
||||
|
||||
- hosts: all, !tests,
|
||||
roles:
|
||||
- prometheus-node-exporter
|
@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
|
||||
- hosts: all, !tests, !no_user
|
||||
- hosts: all, !tests
|
||||
roles:
|
||||
- create_users
|
||||
- base_totp
|
||||
|
@ -1,57 +0,0 @@
|
||||
---
|
||||
ca_passphrase: "{{ vault_ca_passphrase }}"
|
||||
ca_key: "{{ vault_ca_key }}"
|
||||
ca_cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFhzCCA2+gAwIBAgIUP+ptXLNUBVsZm5oYpynQd5mhB60wDQYJKoZIhvcNAQEL
|
||||
BQAwUzELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3RhdGUxFTATBgNVBAoM
|
||||
DFBhaW5zLVBlcmR1czEYMBYGA1UEAwwPQ0EgUGFpbnMtUGVyZHVzMB4XDTIxMDky
|
||||
MTE0NDUxNloXDTMxMDkxOTE0NDUxNlowUzELMAkGA1UEBhMCRlIxEzARBgNVBAgM
|
||||
ClNvbWUtU3RhdGUxFTATBgNVBAoMDFBhaW5zLVBlcmR1czEYMBYGA1UEAwwPQ0Eg
|
||||
UGFpbnMtUGVyZHVzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4jG+
|
||||
8N5YN91KghYjYTOBQ+lRYJ45X5S9mfcwwf8OIMGe+NyNkXx2GX4uYpZOitYOApI4
|
||||
rGnAjhll7tdZevzfdqpUDCYUDT6iR4BzL32k22mIN+iW6zQPaZetOU7VIA9V5TsM
|
||||
WbDsftqh6fj3N4SwVMpHiuiajMkX8CIELxoXDAJULvwyreWOONlwDMObtVCHBIhM
|
||||
uf1Jbx2DfRNS/w6lbHPCrZefMCea1FrSaotOANXxNgQfptX3fLZbhH5RiZQLDU8k
|
||||
ZChAUoW9hE4+uiSOUMd2hl9XgCWHcGEMcKyWG+/lx8UUw3Zl+oOrfb+IWo5IByVZ
|
||||
8nV5aiTMCuRlcTcMHUuedRaPcWfl5ZaEOVzhYXIYM4Oa8ShqXuWqW0WZ8oIhI2ya
|
||||
hTE03mIPV1nX3ucE9GsDZpnrj7t+qd8etiZXFGVihKEqVFfhzKRsPh4wgUKH/gwG
|
||||
AJshPA9NyJ0JpzUaWQ2acUjo3Hg9WPSTaMb46FS7hUdZUcZZiwSq9JjHDNAUKjNY
|
||||
zudKjTyqJXkqwhNvMfKWFIGYjldvZgQXzuT8XmSHYSKuLfH9Ko28FX0Aujye1TTH
|
||||
MPljXruyO04Q7NUg/jqtxdsWRpH/qCt12PmRuIiXsNCAeLjSuc75H+AOPbNudJLT
|
||||
w2AUTkfn3mw/XTwEBfemHAo6GAdtCDKo6GxBqvcCAwEAAaNTMFEwHQYDVR0OBBYE
|
||||
FIh4sxxlmesmbVKPWKo81BXMFVqVMB8GA1UdIwQYMBaAFIh4sxxlmesmbVKPWKo8
|
||||
1BXMFVqVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAKipx6Nu
|
||||
QwnYmwYPd3kUVBOj9ia0PVeE4LoUSRapzRTF2HilSIo9Sa7qD1HVxbWrghUPLjW/
|
||||
Ru04k82hxvAm26gc1XeqIBzpgZmxwF0QibCeuj1vDXsndACXVHd6Atvnl0rW4bEI
|
||||
pVCqerXNu0T4STk2V/xNqndGMRp/vZX67BlyHAHD4el957R9RYlyxW6fADrHDKqk
|
||||
tC1eTeQtEi5W7v9X3dNGdtFS+exDrYpUTHPDwM81u25oCGUFGsH3RlG7LUEQ5mYW
|
||||
SsJ3EKpIkMxSZB3/GqttCIHi+yEMtwDDL3dN8UnVaTkRjVNQxraOUwe66QByGqnJ
|
||||
9YeQNpUfZxWFW/GW2fBAvD/RaLrLZ4ywhUze38ks4jsLnAIduawjQ8GlNg9i2MqD
|
||||
zvDat41LWSCDjRUOfCp7fc9lMlI5blTafozrAddMV8YUs3bQ6XD0H31pP59jb7nc
|
||||
5kmwqH6RivbFZZYBquQVujiiI7d+9m+X9OfTZJTCpRPCGYZcLuqH7txyPhixxrZd
|
||||
a8lWJ+5jHOdncV/ZWSB5JnjKbaMMEPcaTo3puEPt/yl74CR7UOJXr5oM0bVFKjas
|
||||
90hY5U+jPAcneCk2oc44R4NWuQ7qbsjPRfcxxi27DoLbhlmPp9jQwYQEqmdflcZ0
|
||||
zCTEq81KO2mAbJgTc/ahhcvAV/huJ5d8c9R1
|
||||
-----END CERTIFICATE-----
|
||||
crl_distribution_points:
|
||||
- full_name: "URI:https://ca.deso-palaiseau.fr/revocations.crl"
|
||||
reasons:
|
||||
- key_compromise
|
||||
- ca_compromise
|
||||
- affiliation_changed
|
||||
- superseded
|
||||
- cessation_of_operation
|
||||
- certificate_hold
|
||||
- privilege_withdrawn
|
||||
- aa_compromise
|
||||
- full_name: "URI:https://ca-pains-perdus.intra/revocations.crl"
|
||||
reasons:
|
||||
- key_compromise
|
||||
- ca_compromise
|
||||
- affiliation_changed
|
||||
- superseded
|
||||
- cessation_of_operation
|
||||
- certificate_hold
|
||||
- privilege_withdrawn
|
||||
- aa_compromise
|
@ -1,65 +0,0 @@
|
||||
---
|
||||
matrix_server_name: pains-perdus.fr
|
||||
matrix_local_server_name: synapse.pp.intra
|
||||
matrix_enable_registration: False
|
||||
synapse_postgre_user_pwd: "{{ vault_synapse_postgre_user_pwd }}"
|
||||
matrix_max_upload_size: 50M
|
||||
matrix_registration_shared_secret: "{{ vault_matrix_registration_shared_secret }}"
|
||||
matrix_macaroon_secret: "{{ vault_matrix_macaroon_secret }}"
|
||||
matrix_form_secret: "{{ vault_matrix_form_secret }}"
|
||||
|
||||
matrix_apps_services:
|
||||
- discord
|
||||
- facebook
|
||||
- signal
|
||||
- instagram
|
||||
- telegram
|
||||
|
||||
# bridge discord
|
||||
matrix_bridge_discord_postgre_user_pwd: "{{ vault_matrix_bridge_discord_postgre_user_pwd }}"
|
||||
matrix_bridge_discord_client_ID: "{{ vault_matrix_bridge_discord_client_ID }}"
|
||||
matrix_bridge_discord_botToken: "{{ vault_matrix_bridge_discord_botToken }}"
|
||||
|
||||
# bridge facebook
|
||||
matrix_bridge_facebook_postgre_user_pwd: "{{ vault_matrix_bridge_facebook_postgre_user_pwd }}"
|
||||
# Those values are generated by the bridge the first time the bridge is launched.
|
||||
# we copied the values generated from our test config
|
||||
matrix_bridge_facebook_integration_manager_shared_secret: "{{ vault_matrix_bridge_facebook_integration_manager_shared_secret }}"
|
||||
# matrix_bridge_facebook_as_token: "{{ vault_matrix_bridge_facebook_as_token }}"
|
||||
# matrix_bridge_facebook_hs_token: "{{ vault_matrix_bridge_facebook_hs_token }}"
|
||||
matrix_bridge_facebook_admins:
|
||||
- g33kex
|
||||
- histausse
|
||||
matrix_bridge_facebook_allowed_external_user:
|
||||
- '@dorianx:matrix.rezel.net'
|
||||
|
||||
# bridge signal
|
||||
matrix_bridge_signal_postgre_user_pwd: "{{ vault_matrix_bridge_signal_postgre_user_pwd }}"
|
||||
matrix_bridge_signal_admins:
|
||||
- g33kex
|
||||
- histausse
|
||||
matrix_bridge_signal_allowed_external_user:
|
||||
- '@dorianx:matrix.rezel.net'
|
||||
|
||||
# bridge instagram
|
||||
matrix_bridge_instagram_postgre_user_pwd: "{{ vault_matrix_bridge_instagram_postgre_user_pwd }}"
|
||||
matrix_bridge_instagram_admins:
|
||||
- g33kex
|
||||
- histausse
|
||||
matrix_bridge_instagram_allowed_external_user:
|
||||
- '@dorianx:matrix.rezel.net'
|
||||
|
||||
# bridge telegram
|
||||
matrix_bridge_telegram_postgre_user_pwd: "{{ vault_matrix_bridge_telegram_postgre_user_pwd }}"
|
||||
matrix_bridge_telegram_admins:
|
||||
- g33kex
|
||||
- histausse
|
||||
matrix_bridge_telegram_allowed_external_user:
|
||||
- '@dorianx:matrix.rezel.net'
|
||||
matrix_bridge_telegram_api_id: "{{ vault_matrix_bridge_telegram_api_id }}"
|
||||
matrix_bridge_telegram_api_hash: "{{ vault_matrix_bridge_telegram_api_hash }}"
|
||||
matrix_bridge_telegram_bot_token: "{{ vault_matrix_bridge_telegram_bot_token }}"
|
||||
|
||||
# Not configured for now
|
||||
matrix_stats_endpoint: https://127.0.0.1/report-usage-stats/push
|
||||
|
@ -1,9 +0,0 @@
|
||||
---
|
||||
|
||||
reverse_proxy_sites:
|
||||
- {from: wiki.pains-perdus.fr, to: "https://azerty.fil.sand.auro.re:2443"}
|
||||
- {from: hindley.pains-perdus.fr, to: "http://127.0.0.1:5000"}
|
||||
- {from: "{{ grafana_domain_name }}", to: "http://127.0.0.1:3000"}
|
||||
|
||||
sharing_sites:
|
||||
- {from: share.deso-palaiseau.fr, folder: "/home/histausse/www", user: histausse, group: histausse}
|
@ -1,305 +1,21 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
66396364626137653230336236313132366334386632383339303335333062323833373534643931
|
||||
3035323936343830646136386237623565303262616366320a303665383565613936323763383538
|
||||
32373832626130636665313664356636623339353266656433366563366439363764386136616537
|
||||
6230376436363463620a663761633130383262353661313461343839656361356238376433396639
|
||||
36643034376539383136633937613031343862653739396536346130303164346465356530323564
|
||||
38396130343031343862383237383566333661623466353538343462343565373765316132666430
|
||||
32393635623834343566303932343734653566326231303531346662303436653437663034333865
|
||||
65666230623861393161353339336663616131393830333136373366626233363966613064656630
|
||||
65663362636566323263353838393932343036613337383533393838636338393738303835666538
|
||||
34373266393237326465613064656231616562626531353937653565346634646162653038356566
|
||||
37643364336562643439616464636536353335666162623831313035663039386637323639623035
|
||||
66653538646665306130393934333732346366366439396637313932366463343935303264613033
|
||||
64633162373062373534643938646633306332303064356662366163366366326561656266636234
|
||||
36613630346162353061313532386330653939373663616534653263306339633139653935663565
|
||||
31316237373766653865326632306232346234613237643038613334353737323930636365303562
|
||||
63333261646638633031313032386239383938386439376333613762346237313463643663336133
|
||||
36353833333661323632633461333064313263323937613263356264366539313036366637646138
|
||||
63373761626566613732623365643065626234643032323263623965316464343734386532333165
|
||||
37626561616334396561333930326461393863346139663738393536626135386463366366396336
|
||||
36306538373331616562373263653636643938643031386435633234666561353164386463323339
|
||||
63353761653538663264333762613731336333656139313434613563343061386462643535346533
|
||||
65366263383735306336386430636338396561346236333837336465323866333933333337626235
|
||||
39653030326430663332636263333938326536356366643734346362643430336366623164633330
|
||||
65383838383830306133626461643632656637336264666638383636376565666231373331393834
|
||||
38663939633137363236303632616638646238313431653262346437313237356263616530656339
|
||||
34336634386133383434623739326234313339333265636364373963343334363836313934653565
|
||||
64336132376336323063663765643365336366303732666137376631323231343631656439383666
|
||||
36383535316232636434653238313738653166633836303461376232333933316332326462656432
|
||||
39313166396234613162623361343037383131663465383438356438663130306138356266656561
|
||||
37306232653730653962656336373634643937333633623361343132393964623739623161373233
|
||||
35373461303833343666623261616534323435663634363639316466613761616533646531616635
|
||||
37663038396537343361393635343264613635666564343065313930376365393361363934643234
|
||||
34663830386664613062626465633666616430646566633435303837623536646466616337376162
|
||||
39376431643738336163653333333638663564356237393630636537306564333531336330333039
|
||||
61386261316335323866353637626536363939346564373333633561323361396264373034353063
|
||||
33613835393064393363326263623964353131326566353938623431396566663961633863313465
|
||||
37373264343331333839356538346436336561656435643434353532626539333538343261616336
|
||||
66623432653930633334363266316339373830643631316432303633633337666537373039323037
|
||||
62316333356438346364663734613863316334636365316565336561626563373266386636366164
|
||||
62346536313965643661356433383538646532633234313137353035633732356366643934663661
|
||||
63373735323138356565613131373938613338653061383734643633636363353438373533313765
|
||||
65393665616139343137643565626437373033363737633061386362376332353739313861623339
|
||||
66333538666563636264303239353535306166656530346363396338373963653536333066383035
|
||||
39633938353932303164306236626564306235326237646238393461306464386536616463376132
|
||||
38666237376533353965656131373639353533333532396430616165383037303266653033633432
|
||||
36666535616633333736653033386263616434343361383066663163363936386435626130303836
|
||||
66623833323735643435653261323437386338663137653633663261336434636234623232356664
|
||||
39376338303433303534636632376136656366633165616638623934666362666638653730343564
|
||||
38303566653464383231633464306139306635386136336634643732623237643961643636333761
|
||||
66326136633434346262343364633732303831323337663566613833646537346237643761616236
|
||||
36373966356330333233336330663063663966633337373835656334326330326630353261666437
|
||||
65316362643165353166656330313839623562633562373161356561663163636437633133323131
|
||||
30373462336532353063663164303837653332383565663436383436396265373966653036316661
|
||||
62663534383061656363643439633032383735376237653832616563383865613733356633323633
|
||||
65326631353265383433346130636364656533333736653834333661623733333966666638326437
|
||||
37353833663432613133336566663337313833323334393065303633396464613333393663643732
|
||||
39666235353664323036306531306462653161613937313633623333306663333834303763623362
|
||||
34613362396331383636626237376433303966626463633364353265356637653533623538653630
|
||||
35393766306639633431373530363633306635663666373137653932663963363939616134643366
|
||||
37363436336535663861336463653639653536303634363661666335666633306530633934363466
|
||||
31386437363765633938633966343535386335323735623739656131623232393238316161353634
|
||||
38633338643937623663346561383239313933613330626166636334333838333531666233356233
|
||||
65343439373233353463663462333036376362643066613762303963383065633337326139353638
|
||||
39373461386664313935393463313231353833663133663930323435353332373562396638343138
|
||||
33636465626238663534313765363333326561386164346139396432336431376234383238333530
|
||||
66356535353966633132626161343661643465633730633164666465366332623061386261383164
|
||||
39313433663237633166343033353063613733383130636237393063623962613938373164653630
|
||||
66343031613439316434666364366662373838626164653637636232643737376637633863616330
|
||||
30326233323137323865643262363837353162363634333336353465373264336337383066323939
|
||||
35336462336462613634363831343266336364646334386239373832653863323832303766643435
|
||||
34356339653964373532326138303132616530663362303664633861373931373061393566313765
|
||||
66343937343532386162346431623166366262623163306633393933663266616135663961643436
|
||||
37653663303337623662393761336632356534663430316264343437653763656635323437646637
|
||||
38393661306362313064613434396331613366373037613464356565373461393663636138633532
|
||||
64343561346463316532366361646438323731383963646337623165383663666266316139656166
|
||||
37336463633834636435343761613837666635653166326163346539626139613562396439306130
|
||||
33363230626633346138303538373439626161623163626135643665613932666535343532303036
|
||||
35373431343635393665616366643332643035623133613666396234353338623636663762636336
|
||||
35346431303536613962323861336539396333346234393763396438383539383036333636353637
|
||||
39646333383633326238393164333835393237623734383537376230353264346237353866333264
|
||||
38643231343536356339373531633165393334353365336261656665336230373266633938343134
|
||||
37646266383438633835323233306363643765653833666363376338356265663831636431646637
|
||||
39633532353130396635383965643531363564373766323064616165376134613834303666306231
|
||||
38643366333166633238626335313463623935373233353236393663353561383763636131383862
|
||||
34623536343664623962326237326532643830636533636361666432333261363530373464356233
|
||||
64373865653035613363373832653163326165363061623531373337663765653937303036656663
|
||||
66636463346139663962393431633162303664313031306331323865313739323661303538336238
|
||||
65313639663663393962396333666438633432323533613064313765353362326532613834373136
|
||||
65326265646136613030353862326233646331396238343634323534626136376136356561316635
|
||||
66333662666437613339396563323531396261366138323938303834393865633439313965613463
|
||||
38343961646664626663346464393061396234356237663339323462623864663864383939353862
|
||||
34313266373138346235626236303433613062306332343638663538356431663930303863306461
|
||||
63386262333663393262623364343864376437616237313537343839656632363436613933376438
|
||||
65346137313732316639353937336162313661386536383339633938613763336532353634373935
|
||||
64393635366435666639346537386661383362623565623365636136316363336337663738356463
|
||||
32333466363366336337653739313166396435323434376662356165643662353332306431383839
|
||||
61613331313164336537313037393166356537656530616336663138316532323164346266353831
|
||||
65666238306135346235376237376561333063373163633433386461383834633762646431396462
|
||||
65313637623266646332336332363139376265363037383533613763373734313664343835396335
|
||||
35323230326463356333653833326561306236336238373539653938653933636239626661376436
|
||||
35303639643832343364393439386631616632313830363461326665303162383839653762366630
|
||||
34656330393539636564346461316638396230323566376431636236306632616331323132623962
|
||||
35666466326136633166323466666361326137306335353565326232373363323965373261636235
|
||||
32363935323865303630383836303964326138393632333234643261386361393961336161636664
|
||||
36393163343634633033396561313535663534623936323564373430396238356635356231386365
|
||||
64313331633231336361613333313532626439393562356430386238396430393861396136633339
|
||||
34303962343336356331663530613031636361333836646132316131343839623235356561633266
|
||||
31343733353631653266353631376161613632373063323765663932646633653964366563363531
|
||||
31313363393136643036366531333138353135666235303335393531353833313231386364393934
|
||||
63653566616235303835393136646562626562353830653663386564366633343061613034383634
|
||||
33363238303661313034636562356235393861356563333039313136396232343964613437356232
|
||||
36346239303732333462613838653232326234353737633236396165616433656531393332663433
|
||||
62366161373231646235656562323765653662343161383031613461643138303462386236666339
|
||||
33623037366431353462346534636565393234626434613134343135343466623662386537386535
|
||||
62306533386532353962626532613839346236303963646265333235336363653037373961663236
|
||||
34366162353466373265643765356236313732353830303934376538343833343065363562356362
|
||||
61623364386366396366353037393434626530326231623165376337306261373164343030383533
|
||||
39353633656332363130326361636233363739333662663362366534396331353330343633313130
|
||||
61326266343235396461353637333630333133326339303431376234356433623631316132633632
|
||||
34653365623632613630306134643666373961623137393135393163383666326232633933393630
|
||||
34666430316266326638613537373337386138383261643564313564666663666664363363323463
|
||||
38366633346563343964653561316533323965366662663965623661613735366333313133663730
|
||||
63626432306132356138623762366432613064326138646238643766313737653531653530663337
|
||||
62393136356331636131303163313236386436663261613935353532666534386265313964656235
|
||||
62633135643630313032666134393638663136373162646365343163353432333232613733346539
|
||||
36666664613461343831373733393231303962356461383632303539633862633630636331613236
|
||||
65376464363235326338366262323535646636316438356161316333663134613865326465626639
|
||||
34633834376130663235316563333936633036623031326232636436363563633432323930383636
|
||||
36383538333162623836306339613236623632353063366332636366376231353132663163623737
|
||||
66373563663166666235313364383761383730346233363466623133386530313265383962333130
|
||||
61313064316264613466626131616162376563346363323639303630343361613230333434613836
|
||||
39303065626232393663626562376239356531613931323530323666353734396132613461643133
|
||||
66356564626666303836326262666466623431373933303435616461653837383765393363623635
|
||||
63386335313835366139633761613539366539356536663763396530356230353138633833316337
|
||||
62343434323330393439656236626336323439333063376131643964376631376564306339323066
|
||||
39666433663438306266393430303538316435336238383934323439323261373936326666623539
|
||||
39633035313633313563663366666231383865333032333162386365633163366635393766366162
|
||||
35663334303061303862346337376435616337663130633864383439653764366262323539666433
|
||||
61306432626635323730373964353338323030656437656364663035336531353537653839623133
|
||||
66363934333866356635383930383036326638326534333164383034613730383861303439383632
|
||||
30343434623834366162366564356131356139363432353864646535623537656137383166303262
|
||||
33313433303561333932333832383465366633336262386163363137353731393135636632323931
|
||||
37373233663336333332326238323338373639346333663366383966653337623132653537356632
|
||||
66366462336133613735666631366661643432333037383536303736333432663338623165653834
|
||||
36383930303664313432363433333130396236343332303561373261353561303331356333393330
|
||||
38613037383038376335313836363337313633346539626532383132323766613838303237333766
|
||||
62623235343232663566616233653764323132613634316263373330356635396232656264346333
|
||||
31333339336630373934353130353464373962656264613938366132646665646531646633646536
|
||||
37373639393030303161373032373638656566316666393239326338353164626434393235366264
|
||||
63343864646336376538323235313333363531303563316634373338393137656663323132333533
|
||||
35343062373534376531383531313835303738376439636630336161303539346363633064383435
|
||||
38656434666239396539353338396662343035626333633862323739366136393063646431363531
|
||||
33643566343736616665666361633961336163306632383632616264636165366165396132303237
|
||||
32643436613034623062616463623038313061356364303235656439323430366430623339386339
|
||||
66383130323530333963666431306130633565353833336464626331313030616239336138343035
|
||||
31343833613631666461313631336565376264333336353561386233626234623730323561373134
|
||||
61616236333962386231343532323464646235633530333062343663373830656130636665623865
|
||||
36643633323539376165616238646139336365316532643565656266353539366433366330323330
|
||||
62663735396233386463653437616639313331623736613562343236613564306139336233656263
|
||||
65646534643762336435323232373062306434393463623662323963333232373631373530353237
|
||||
35373131356538646462303961663862656533643162383436303361306639643134383436343739
|
||||
66393238663837353164333662653933353530376433633930663336373634383036393637663934
|
||||
39336337313264366135386464363061356664303638333866303562316664336636333566623366
|
||||
32306639303963336233386365373562366466303930303931643266373235343366336163303930
|
||||
30386337393966633135326164646532376637636265663762326562336565383935613062323462
|
||||
62353536663936633837316363653366356231323664363439393866393133336261346134333863
|
||||
64643832306236666636333939326531346163346335356636643566333362643533333034643739
|
||||
36373736353464653531316262636231343963376633653239633037336133373130643762626461
|
||||
35346637653434656339323861316233303863393263373638353664326430303731643439613430
|
||||
65313161336137656536346435356132343835326636616164366266373561323864386366366432
|
||||
66613039663836626161643336316432343436333130383935306638393564303838373938313930
|
||||
37393633343562646461653339626135303262626434343132303462353662323066633639346433
|
||||
64336239663733613234333738633730306337313936343865323030626566323066306266336334
|
||||
33393332373163353130623132633264656137386163373662613965343162646433653263393566
|
||||
39356464393962636233306462323730333837656363643164376438363565303138666564656633
|
||||
33343933313138386539303837306365373639373464306537663439376637303134626262656264
|
||||
64336663663238376231323030306438616434626466616566303135363333366564346636323562
|
||||
32343765353931663261633338356161383734303764356465616136643862393266343031353534
|
||||
37393030656663613764323831353839616466633664623530663962666466383562663464353334
|
||||
37376435363230366362633939613764383863653438303933633962653937643332633063353937
|
||||
36613434306634623362643233313164333832663639653066313137336565333138363864306363
|
||||
31643366393733316236353263316537396336656139643435373365313965383235376166353862
|
||||
62363438613163626564383966343331316338343835656236303565303631313733353265396537
|
||||
38316463633931633431653837633134383563366133373362326664323731326363326137326232
|
||||
30373536386435353236313330373537303239313538303361396330663837383166393536383966
|
||||
34313466623333623466326365643664383737363363623731316565353366373864636135656333
|
||||
64633132613138313564336337383338656639666330313939376234343839386438636433373832
|
||||
37653366633238663266383565346564396135356163326566313665343339346333323765336631
|
||||
35643762313662636662376331336139373866373437623631363636326135346536363765613936
|
||||
32306166306135313638643633353131643939366465346233636639663961303563643162366133
|
||||
32316634383963653038613037366266346634323361313337666262343432386239326337326334
|
||||
65653461626264353564323161656631373865666433353139363639393338376661353064353966
|
||||
33663064613665326564333737303733633433333735303461613933353435303461333033623433
|
||||
62356236323735653338333861656435616661386339303439653531643065643030393536663963
|
||||
64613730343036353636616462633365326661333038383264616336633839346466393665393465
|
||||
30316465323466633234376466383538613539313239353937353531316462636463316238356634
|
||||
38346439363033336363396165376162633536363361386564633362623864316339623233313235
|
||||
36646161323832346332386261623837663135646237343864333564653533623835333834343333
|
||||
33333739633130386131316537386636363234333466623730303061336136633330646361366632
|
||||
37386336623862373561386663353063616635326131663535313337623232376164316631346436
|
||||
65656536313761653739623130313766366662613630396337373034323562343633333234373031
|
||||
63383861656461336333303436353739646461623333616236333962356564623566363031353334
|
||||
38636165646632346633353766393230343736313966333564313730353262636135633164393334
|
||||
32373063393964656365333164623165326532643633313563643337653062363566393636653934
|
||||
63383533326337393762343462313732323561316532303137336133616634373339633864306334
|
||||
64333032356531313763313838353730633939393536383165376130663163643339393439616163
|
||||
35363162313063663765616332613834306134393731633662306130656464336132303130303165
|
||||
32303261333162303438366436653963326162626334613030653038343834336232333733643461
|
||||
62326632373832623863333536613339373539396533393639326463633837306439383439643437
|
||||
61326261373064313733636566316631343132656663376234323339383464363537643266383238
|
||||
63353366383664653837326637376537616266346161653038306331353938373230386131333032
|
||||
36653461633134373034656534623262383335626539623939313936396136376565643332353230
|
||||
62643633323835376563653337306631376664336464646234666336626532356562613864626464
|
||||
64323135373835613239613830616134303561363630623435346562633466323462643839303536
|
||||
62303634386563313565663837393761666532303834623063343431343364363338663838313961
|
||||
39643431366661333465313066643939356336643264613133653738666438653630353239386465
|
||||
32363739663566616431623665363763613531346134343933333963623033313762346438343937
|
||||
31306262353364353434663231656538376262393235346432383936663065316165376364326134
|
||||
61396563636462396438623262343537636131636339636566393138666565356438333562613461
|
||||
64313139326365393439366138623366646435333132326638656438396161386139393036656439
|
||||
32646535663564663462343862366666386633623730336333346335666436623866613564636665
|
||||
64316230343332306266303831373139353934353633323032646135376632303631616533663534
|
||||
31656539353538653539306331373233333337653864323433393038636232373439326462336337
|
||||
65356565633835333939373736383134373963396132306638323664363639663262393232383335
|
||||
30386231353535643139363536653065326663353665353932376533363634373164333061326634
|
||||
33343330626136363465313132363563326666323335383239376133633161623033386231616332
|
||||
66636566353337356433333266336565646133346637386366353239623937626431633039663734
|
||||
31656466383362666333393165306561323164313164363030393639363435656262643461613033
|
||||
30303466623230643330313164663535663836363536353238663136373133356663323062336438
|
||||
33393935353161633536356134363064646235323339663730383464636134636433353062353537
|
||||
30613135626264366566623339613037383636353334363530653732626165323738643461613337
|
||||
35383138323336616563333965643630353836383032363034623963373733626232353365643536
|
||||
32303761613033353563333531396630646261343966393662336661313336626662306538636633
|
||||
30346430653736346636646264633936353562313537323863363462316561333865353563363630
|
||||
37326336363234313933363333396336626436343936623535316665366437656637386539303862
|
||||
34336330316430626563623331656464313663633432396263346564376532306364353566363664
|
||||
61653131643837633639356533376163643465326166636436646165336635323838386265316264
|
||||
38393433346262626365303261303533653931366531303565623165376661323834333535376364
|
||||
30633034346635663262653835326131396165306632663161366138376631366364356162626338
|
||||
65666465336365313535376637313365653632346432393937326334633861313562323564663638
|
||||
36623462653539356339623666643234363361656639313133313635306362373738636264646531
|
||||
32313063393731373666373266326661623562633935656233383339383161316564393130643932
|
||||
39336163306462336638646138626236396237363939323461633330633762616561343432613937
|
||||
66636663623063333333376666646334306662303561656231333365626164366336653237396236
|
||||
63323531333139646336393033633731653437313230376465616663623734623339623238313863
|
||||
35366639613930303166393739393163313635663063326432323434333363613930653937653136
|
||||
65663766616465383736333164346533643236326561323335653331623931326130616236306462
|
||||
63336434326464613335356333666237303261326432396361376534326566346435376461613933
|
||||
39313537323939373264333064356166386339356131396466376437323638313366336336653766
|
||||
63613365303032373939326463383463303136396239333236303437326331636637356133353135
|
||||
63666430386631626139626664376264333833386437316563383830666135663431383162383366
|
||||
33343463633462333263613965383034666336396564376635313666343434346366376434313830
|
||||
38613638656439343465363261653737333362316433353964653530366562613137303231633464
|
||||
33656364363032396566353830656634613434636561633063643261396334613935343133653830
|
||||
37386634653166636561646163623964313465616163343661646464313036356435636338313237
|
||||
39323266623861366562323238316666613237353236363235333436303333653561316635373233
|
||||
61323233346330643431333866623861656632376164616533653765393866623432363130653331
|
||||
36323937393138616162326438323463363438633437303665313630643432353633316337613537
|
||||
33623130303738623763383936653333386631333135616637393731346665626634633238326537
|
||||
36336539306166333062313465653630393134363936616237643866313264306531363163616136
|
||||
30616166643439643034616562646464316662666539653439626461636537333639383636643630
|
||||
38353266303831396630653261643536376633633430616365303866366132343062306539346530
|
||||
65353836313464333833623364326661356164313963383462623138306534613934373366646535
|
||||
38646630363564343865613035383130666663373333643530643237323030643432633139646239
|
||||
61623136663139343866636663313731633530363033666536666137303861643339306331313233
|
||||
30633665306333653734383731396663396433353862326162643463326365363565303634396661
|
||||
36663832626636333936336131383236323538306131613237393835663235313636373330633164
|
||||
32383331636561386164373964373664643436663830623361393965656265646137666263666632
|
||||
33653736363232373838653235343665663465333562653861646436633061393430333133613735
|
||||
33343238373633383966366365383333373263343139646533356439333763663462343263383631
|
||||
35663666656562383230333065376439643132313734316166313430386661313234396164356338
|
||||
39653265306637376239343537626237323332313234373862393862653265386266323161316135
|
||||
64353139613530323264326639333464333366323437633932363334633635343436353462343130
|
||||
32623337663533666334323965656435636561333865303461326163653061316137306339626136
|
||||
64363166623962346366353732633865373037636563373338333061303263636363393632633337
|
||||
61633833646466626663613063663131323139663263356663356538623536313230623361363332
|
||||
35343630353637376636663762323564323033393834336261333838326332333966383266333363
|
||||
66626436323566623866333462333832323536363465373265333830353265306263343731343662
|
||||
37663036356330353537333434313165313662303038326335653761343432383639663365613334
|
||||
63376239373638343432616665336437373266376463623330393238396138393734633934626661
|
||||
34333164643330313531346636636432656230633264396130636338613564306337353337653030
|
||||
39623466373732336435343738383539663833356233666165616638356436373231656661613138
|
||||
31353062393463383035323962633330393733346237666366363939333437396163353433336638
|
||||
65393433613337373935353338613630666539303231633139376235376162373932646338333436
|
||||
65663363613831363538336233616666393836316237653432343137376262636632646234363230
|
||||
39373133333931393963363339376166623563633733363137363361653463333066666465613432
|
||||
39316662613734636462393936613338346361323438396634313234393335323462666632653938
|
||||
65626464393733666431366161653238373266646266376463633366336332303133633738343165
|
||||
32616239653230646565316463373139373933323365366430663463653631343837376232613666
|
||||
63336134316536353962396430326166306339656137333765306233336234393233646136633833
|
||||
31623861303530313739666636373138353339393434396335646535613932343666643261383639
|
||||
39386135356463663335616466633137623035376639623635613765303732326232303937366262
|
||||
34326464336666613566333562316164333339303636613265323538373263363866333932656532
|
||||
33306163343437343861363861666533393462373561303562386135306133363664313638336163
|
||||
61666239636535326634393437656536333034313139383961353062326138373463323361613533
|
||||
61376264616361393262306237336363386237383665383839373637346535663639323065636135
|
||||
33363436383031373232323936653163383535633436623936653766666231343838656533643532
|
||||
64623961613837363362393563353438656631666336653861666233636437363632376365363630
|
||||
66636536343365653761353235353435383132366464306432323434386135356631653538306134
|
||||
65616630323833373732323535633932633563386233353062333739393562353338663663343734
|
||||
62616333366630303833313131313633346539316163633665633438323237396533636232396661
|
||||
63333432636166646433366138356263343535613334623538396335303739356135313566353265
|
||||
34313936393436356334396139643863383561616130376466643533336363323163386437636138
|
||||
34663961313534646439
|
||||
64373461313566643538663463386532303131323131373136353632363237656239373334636234
|
||||
3136333432376236626131336538616236386530376330380a323835363139333632623161313731
|
||||
31383163363835626662316332356566643936663338626136376564326139336433313139343239
|
||||
6136633637613739630a666130383230613461623237363965623038633630623033653734623630
|
||||
31663864323464326333373364663465393134346635613565636234623834633730326530663135
|
||||
32313439333732323764373765633663643938306136666231326130346266373161356361333930
|
||||
36613264383665346630636161343239306436626430626561396266306130353862333131633664
|
||||
38366236343136663931666333346237363565366563353539396338343565306431353565616135
|
||||
37336466626261633764623638633536383966663433633764356436353838343961346238613065
|
||||
64663964373239616330356265343338356434303831396461633061393739326230396139643761
|
||||
65393462323131346164396136366438323639393230326362303430656335343164306339616439
|
||||
32356537366433663830643639666333383964373837313763343736626534306365613231633936
|
||||
63313962633134366131643263306337343433633130626537313434356466613136326639616531
|
||||
35633466623131613030643036643430613634346564313431363464326235643366313031306538
|
||||
63666139366234393831313232636239666136323536626565366366353737626537613463326234
|
||||
64613036616261646165373963306161326339393339353733666533353331316132306437653863
|
||||
64386566616665386634343234323235386465396537616435333364356632626636353339353037
|
||||
39386432323062393435313963613165633365666639353864303666303337613538653534316133
|
||||
66383038633931333034336532333333356234313564393061636332666566383262383461346266
|
||||
35303261626433663137
|
||||
|
@ -1,36 +1,33 @@
|
||||
$ANSIBLE_VAULT;1.2;AES256;vpn_vault
|
||||
63336164323763623961373136616238363832356135343764343966356631333766396265653566
|
||||
6139626665393664343961363966363339346636376431340a343730653565383265616365386366
|
||||
32333533666333373663373037653731666361343737356261636532303562663063343633346537
|
||||
3337643137653839320a346236613362393636363935373162643237343831333535393461633963
|
||||
37343039383931613031663733666538383735383064356532373232633661386237366433396236
|
||||
63666134376463313637643061623934653666353364353235323431633930373663636137313462
|
||||
30666263386237303563393936373566386563386631656162303634306466656663666330313937
|
||||
32313431343536666437626130646231333237343734303538363639383933633661323565353661
|
||||
32343065383433623730346664643361306539623937656331333764346336396231656465373561
|
||||
33343034303263303833373936383936366131663962613961666161303134316134316635626639
|
||||
36666334393961306662626162393433643961646339323934653335613933383131633635623763
|
||||
34656538336434303339613032623432613239303239373937643361306535383137643239646134
|
||||
33336461613034303362353837313362643934666239363036333432373631336162646330333532
|
||||
36303332306333623765653838373361353435646366323462383237343134643736376230353434
|
||||
35333738313030636339363538656130643163353238666638383830316665646438366164636138
|
||||
30643031336164323862633135313630666561656335626464336162386564306261396532396238
|
||||
36666139386236663736613936633964363166343765626366323566613733353233313862646165
|
||||
33373264633763386166373739313136343362383864343866323231373536633130633032616334
|
||||
30383930333130646636666134363661316236323937373861343333333833616633346161323965
|
||||
31343966396635626465613630333732353335373264646464373764363433393439656635636430
|
||||
31303930333731656339633032366166386265653632633638323932626161623966613761636236
|
||||
61303134663931636139336436313637333739626336643838663861626539323336393239643131
|
||||
37383665326332393663323166643338353135363831306561623639643663326364343639316665
|
||||
38343337323633353066653666366238633932393836396338336261663331656565653532613438
|
||||
36323462326431333235376566343134663734373534663834316133333236636166386439633766
|
||||
31323931363066343334363764356630383764346332353162316461333762613366663130393831
|
||||
36633430383131326335333130303832666430366134393462616163326239383538616531373166
|
||||
37383130616339343832313335636364623434636434393430383566376433363565626336303064
|
||||
63376234613835666338373662373735386561643431633037336231643033393563316363613131
|
||||
61656232363035333635636464656465613763613032376666623238613362343032613465313331
|
||||
62353035313862323631653766393463383565336535616630383839376135393037363038343639
|
||||
39646531666130626638666535623533373766386531343236313962636539373233363462363032
|
||||
61373938373139376236633062353063643037333062363464383638333635643331616465643533
|
||||
34646238663731616635313131313438376536633862346165666631326632623534306666396264
|
||||
636139633664356536626239303631643864
|
||||
30346337663561363430646532656462396163656462643563336266636539386362376634616662
|
||||
3333666632613436396464663333396465303132613337300a363166623334386161316639393333
|
||||
66616565336266383435353039373835356364653230353964633839386433343032623436656431
|
||||
3731613630616366340a376130363939643331393835633939656361313466346531313333383865
|
||||
62636635333463346330383961663761656632343735313665626261363431376535636138333332
|
||||
63323663316332353539346665343532666137326365633732366233653663343963306663663134
|
||||
66353737616635646264306266366666656539613031373735323034356639643662383132653731
|
||||
35393039356634623564666237386230393033616363353238383838313032366234383431623930
|
||||
63663236656263663431633030623930326665343566333939306636373833396433393164386466
|
||||
33613561343432356337633861373134306238623732393036396365643930356534636538336232
|
||||
31386334353638633237613565343263366665346565616231633036393731316530366630633731
|
||||
37376536653930303832656436366161323665653636393539343463306438613563323966376632
|
||||
64306664363638636333326635393233363238613766353631646464353835626139343932633537
|
||||
66613836656637376665366561343965366662366562383763653232643930636164393632333339
|
||||
37656633343264346631663033386530623937343932373436616663613436366132343863336538
|
||||
64656265313431626665363564343632313364383430643730643930323933373335623539313262
|
||||
39386165363433616565303064323031633861373666613938376232316161333335613137343365
|
||||
65306664626432326235643533633533356130316531656636613837393237343131626230636333
|
||||
37623639636332386465613532376533653462643737636462326461333834383239366637656461
|
||||
33343232666536636132356432313839376565376538356364363161366537653966356563356363
|
||||
62303734333262316639613363653537373564306265303534306430363366666566323264313331
|
||||
66326665393535306338626230646230633035363562396432396363323439336464353366323639
|
||||
39353463323762356235656464346135373236353033613938636333656433653233393063373762
|
||||
32653439346535383966303538303635393539336465373463303566383263333730643065383132
|
||||
66353861643839653535663238393465396164383262326234353561343232396562383836353639
|
||||
65333437653463653231633331626136316634303031383566343963326236303039633432316261
|
||||
33626465386562303962306562646338636439383638663861353665363732353163303330633837
|
||||
37623934356635386137343661653438643365656661656538366130333036643636613161336436
|
||||
66393365313565376339353165373764656531396662663630613833323964653337386130383635
|
||||
37613865383330303430383561373565336662333038396539363661636566333864326133323962
|
||||
63303934386430343962666162323361306431383936353832613534663638623663653136303631
|
||||
33306566313633656238
|
||||
|
@ -1,8 +1,12 @@
|
||||
---
|
||||
|
||||
reverse_proxy_sites:
|
||||
- {from: wiki.pains-perdus.fr, to: "https://azerty.fil.sand.auro.re:2443"}
|
||||
- {from: hindley.pains-perdus.fr, to: "http://127.0.0.1:5000"}
|
||||
- {from: gitea.deso-palaiseau.fr, to: "https://azerty.fil.sand.auro.re:8443"}
|
||||
- {from: openid.deso-palaiseau.fr, to: "https://azerty.fil.sand.auro.re:7443"}
|
||||
|
||||
sharing_sites:
|
||||
- {from: share.deso-palaiseau.fr, folder: "/home/histausse/www", user: histausse, group: histausse}
|
||||
- {from: wiki.deso-palaiseau.fr, folder: "/home/histausse/wiki/public", user: histausse, group: histausse}
|
||||
- {from: authority.deso-palaiseau.fr, folder: "/var/www/authority", user: root, group: root}
|
||||
- {from: authority-info-access.deso-palaiseau.fr, folder: "/var/www/authority_info_access", user: root, group: root}
|
||||
|
@ -0,0 +1,2 @@
|
||||
---
|
||||
ansible_host: "azerty.fil.sand.auro.re"
|
@ -0,0 +1,14 @@
|
||||
---
|
||||
interfaces:
|
||||
enp0s25:
|
||||
ipv4: 10.50.1.221
|
||||
netmaskv4: 16
|
||||
type: static
|
||||
gateway: 10.50.0.254
|
||||
wg0:
|
||||
ipv4: "{{ intranet.subnets.physical.subnets.azerty.ipv4 }}"
|
||||
netmaskv4: "{{ intranet.netmaskv4 }}"
|
||||
type: wireguard
|
||||
|
||||
ipv4_forwarding: false
|
||||
ipv6_forwarding: false
|
@ -0,0 +1,2 @@
|
||||
---
|
||||
ansible_host: "hellman.fil.sand.auro.re"
|
@ -0,0 +1,24 @@
|
||||
---
|
||||
interfaces:
|
||||
enp7s0:
|
||||
type: void
|
||||
vmbr0:
|
||||
ipv4: 10.50.2.17
|
||||
netmaskv4: 16
|
||||
type: static
|
||||
bridge: true
|
||||
gateway: 10.50.0.254
|
||||
interfaces:
|
||||
- enp7s0
|
||||
vmbr1:
|
||||
ipv4: "{{ intranet.subnets.guest_hellman.subnets.hellman.ipv4 }}"
|
||||
netmaskv4: "{{ intranet.subnets.guest_hellman.netmaskv4 }}"
|
||||
type: static
|
||||
bridge: true
|
||||
wg0:
|
||||
ipv4: "{{ intranet.subnets.physical.subnets.hellman.ipv4 }}"
|
||||
netmaskv4: "{{ intranet.netmaskv4 }}"
|
||||
type: wireguard
|
||||
|
||||
ipv4_forwarding: false
|
||||
ipv6_forwarding: false
|
@ -0,0 +1,13 @@
|
||||
---
|
||||
vpn_interfaces:
|
||||
wg0:
|
||||
ip: "{{ interfaces.wg0.ipv4 }}"
|
||||
private_key: "{{ vpn_vault_hellman_key }}"
|
||||
public_key: "+qV1RHAgSigOkrxUKqpGR83bydmlIHrEiw+A7zjbRk4="
|
||||
keepalive: true
|
||||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
@ -1,4 +0,0 @@
|
||||
---
|
||||
#ansible_host: "172.20.1.5"
|
||||
ansible_host: "nyx.ovh"
|
||||
ansible_port: "4502"
|
@ -0,0 +1,14 @@
|
||||
---
|
||||
interfaces:
|
||||
eth0:
|
||||
ipv4: 192.168.0.50
|
||||
netmaskv4: 24
|
||||
type: static
|
||||
gateway: 192.168.0.1
|
||||
wg0:
|
||||
ipv4: "{{ intranet.subnets.physical.subnets.rossum.ipv4 }}"
|
||||
netmaskv4: "{{ intranet.netmaskv4 }}"
|
||||
type: wireguard
|
||||
|
||||
ipv4_forwarding: false
|
||||
ipv6_forwarding: false
|
@ -0,0 +1,13 @@
|
||||
---
|
||||
vpn_interfaces:
|
||||
wg0:
|
||||
ip: "{{ interfaces.wg0.ipv4 }}"
|
||||
private_key: "{{ vpn_vault_rossum_key }}"
|
||||
public_key: "YNEp3V5wsDLxDR29WhzECOCdOxiOuxuAqUUwS3gJWT4="
|
||||
keepalive: true
|
||||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
@ -0,0 +1,2 @@
|
||||
---
|
||||
ansible_host: "vm1"
|
@ -0,0 +1,24 @@
|
||||
---
|
||||
interfaces:
|
||||
enp0s3:
|
||||
type: void
|
||||
br0:
|
||||
ipv4: 10.0.2.5
|
||||
netmaskv4: 24
|
||||
type: static
|
||||
bridge: true
|
||||
gateway: 10.0.2.1
|
||||
interfaces:
|
||||
- enp0s3
|
||||
br1:
|
||||
type: manual
|
||||
bridge: true
|
||||
interfaces:
|
||||
- enp0s3.42
|
||||
wg0:
|
||||
ipv4: "{{ intranet.subnets.test.subnets.vm1.ipv4 }}"
|
||||
netmaskv4: "{{ intranet.netmaskv4 }}"
|
||||
type: wireguard
|
||||
|
||||
ipv4_forwarding: false
|
||||
ipv6_forwarding: false
|
@ -0,0 +1,13 @@
|
||||
---
|
||||
vpn_interfaces:
|
||||
wg0:
|
||||
ip: "{{ interfaces.wg0.ipv4 }}"
|
||||
private_key: "{{ vpn_vault_vm1_key }}"
|
||||
public_key: "uccS/p19vinH/S2GpVarDTYah4oRiSIABue8uEqKzRs="
|
||||
keepalive: true
|
||||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
@ -0,0 +1,2 @@
|
||||
---
|
||||
ansible_host: "vm2"
|
@ -1,13 +1,11 @@
|
||||
---
|
||||
interfaces:
|
||||
ens18:
|
||||
enp0s3:
|
||||
type: dhcp
|
||||
wg0:
|
||||
ipv4: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}"
|
||||
ipv4: "{{ intranet.subnets.test.subnets.vm2.ipv4 }}"
|
||||
netmaskv4: "{{ intranet.netmaskv4 }}"
|
||||
type: wireguard
|
||||
|
||||
ipv4_forwarding: false
|
||||
ipv6_forwarding: false
|
||||
|
||||
lan_address: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}"
|
@ -0,0 +1,13 @@
|
||||
---
|
||||
vpn_interfaces:
|
||||
wg0:
|
||||
ip: "{{ interfaces.wg0.ipv4 }}"
|
||||
private_key: "{{ vpn_vault_vm2_key }}"
|
||||
public_key: "pxsYnL8N3VVVLlkXA8NOkqWsrSMrgdL1vj/VnZfKdRo="
|
||||
keepalive: true
|
||||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
@ -0,0 +1,2 @@
|
||||
---
|
||||
ansible_host: "vm3"
|
@ -0,0 +1,14 @@
|
||||
---
|
||||
interfaces:
|
||||
enp0s3:
|
||||
ipv4: 10.0.2.7
|
||||
netmaskv4: 24
|
||||
type: static
|
||||
gateway: 10.0.2.1
|
||||
wg0:
|
||||
ipv4: "{{ intranet.subnets.test.subnets.vm3.ipv4 }}"
|
||||
netmaskv4: "{{ intranet.netmaskv4 }}"
|
||||
type: wireguard
|
||||
|
||||
ipv4_forwarding: false
|
||||
ipv6_forwarding: false
|
@ -0,0 +1,13 @@
|
||||
---
|
||||
vpn_interfaces:
|
||||
wg0:
|
||||
ip: "{{ interfaces.wg0.ipv4 }}"
|
||||
private_key: "{{ vpn_vault_vm3_key }}"
|
||||
public_key: "Cj3HAjXXr9DcmJoOkQkHvLWujZm8h6tBt2d54g0pqEg="
|
||||
keepalive: true
|
||||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
@ -0,0 +1,2 @@
|
||||
---
|
||||
ansible_host: "vm4"
|
@ -0,0 +1,14 @@
|
||||
---
|
||||
interfaces:
|
||||
enp0s3:
|
||||
ipv4: 10.0.2.8
|
||||
netmaskv4: 24
|
||||
type: static
|
||||
gateway: 10.0.2.1
|
||||
wg0:
|
||||
ipv4: "{{ intranet.subnets.test.subnets.vm4.ipv4 }}"
|
||||
netmaskv4: "{{ intranet.netmaskv4 }}"
|
||||
type: wireguard
|
||||
|
||||
ipv4_forwarding: false
|
||||
ipv6_forwarding: false
|
@ -0,0 +1,13 @@
|
||||
---
|
||||
vpn_interfaces:
|
||||
wg0:
|
||||
ip: "{{ interfaces.wg0.ipv4 }}"
|
||||
private_key: "{{ vpn_vault_vm4_key }}"
|
||||
public_key: "5M84IO6uobYkMPupCI9h9y3iJXVIXAyDY8wkrMPcaRw="
|
||||
keepalive: true
|
||||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
@ -0,0 +1,2 @@
|
||||
---
|
||||
ansible_host: "vm5"
|
@ -0,0 +1,15 @@
|
||||
---
|
||||
interfaces:
|
||||
enp0s3:
|
||||
type: void
|
||||
br0:
|
||||
ipv4: 10.0.2.9
|
||||
netmaskv4: 24
|
||||
type: static
|
||||
bridge: true
|
||||
gateway: 10.0.2.1
|
||||
interfaces:
|
||||
- enp0s3
|
||||
|
||||
ipv4_forwarding: false
|
||||
ipv6_forwarding: false
|
@ -1,167 +0,0 @@
|
||||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
|
||||
This version of the GNU Lesser General Public License incorporates
|
||||
the terms and conditions of version 3 of the GNU General Public
|
||||
License, supplemented by the additional permissions listed below.
|
||||
|
||||
0. Additional Definitions.
|
||||
|
||||
As used herein, "this License" refers to version 3 of the GNU Lesser
|
||||
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
||||
General Public License.
|
||||
|
||||
"The Library" refers to a covered work governed by this License,
|
||||
other than an Application or a Combined Work as defined below.
|
||||
|
||||
An "Application" is any work that makes use of an interface provided
|
||||
by the Library, but which is not otherwise based on the Library.
|
||||
Defining a subclass of a class defined by the Library is deemed a mode
|
||||
of using an interface provided by the Library.
|
||||
|
||||
A "Combined Work" is a work produced by combining or linking an
|
||||
Application with the Library. The particular version of the Library
|
||||
with which the Combined Work was made is also called the "Linked
|
||||
Version".
|
||||
|
||||
The "Minimal Corresponding Source" for a Combined Work means the
|
||||
Corresponding Source for the Combined Work, excluding any source code
|
||||
for portions of the Combined Work that, considered in isolation, are
|
||||
based on the Application, and not on the Linked Version.
|
||||
|
||||
The "Corresponding Application Code" for a Combined Work means the
|
||||
object code and/or source code for the Application, including any data
|
||||
and utility programs needed for reproducing the Combined Work from the
|
||||
Application, but excluding the System Libraries of the Combined Work.
|
||||
|
||||
1. Exception to Section 3 of the GNU GPL.
|
||||
|
||||
You may convey a covered work under sections 3 and 4 of this License
|
||||
without being bound by section 3 of the GNU GPL.
|
||||
|
||||
2. Conveying Modified Versions.
|
||||
|
||||
If you modify a copy of the Library, and, in your modifications, a
|
||||
facility refers to a function or data to be supplied by an Application
|
||||
that uses the facility (other than as an argument passed when the
|
||||
facility is invoked), then you may convey a copy of the modified
|
||||
version:
|
||||
|
||||
a) under this License, provided that you make a good faith effort to
|
||||
ensure that, in the event an Application does not supply the
|
||||
function or data, the facility still operates, and performs
|
||||
whatever part of its purpose remains meaningful, or
|
||||
|
||||
b) under the GNU GPL, with none of the additional permissions of
|
||||
this License applicable to that copy.
|
||||
|
||||
3. Object Code Incorporating Material from Library Header Files.
|
||||
|
||||
The object code form of an Application may incorporate material from
|
||||
a header file that is part of the Library. You may convey such object
|
||||
code under terms of your choice, provided that, if the incorporated
|
||||
material is not limited to numerical parameters, data structure
|
||||
layouts and accessors, or small macros, inline functions and templates
|
||||
(ten or fewer lines in length), you do both of the following:
|
||||
|
||||
a) Give prominent notice with each copy of the object code that the
|
||||
Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the object code with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
4. Combined Works.
|
||||
|
||||
You may convey a Combined Work under terms of your choice that,
|
||||
taken together, effectively do not restrict modification of the
|
||||
portions of the Library contained in the Combined Work and reverse
|
||||
engineering for debugging such modifications, if you also do each of
|
||||
the following:
|
||||
|
||||
a) Give prominent notice with each copy of the Combined Work that
|
||||
the Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
c) For a Combined Work that displays copyright notices during
|
||||
execution, include the copyright notice for the Library among
|
||||
these notices, as well as a reference directing the user to the
|
||||
copies of the GNU GPL and this license document.
|
||||
|
||||
d) Do one of the following:
|
||||
|
||||
0) Convey the Minimal Corresponding Source under the terms of this
|
||||
License, and the Corresponding Application Code in a form
|
||||
suitable for, and under terms that permit, the user to
|
||||
recombine or relink the Application with a modified version of
|
||||
the Linked Version to produce a modified Combined Work, in the
|
||||
manner specified by section 6 of the GNU GPL for conveying
|
||||
Corresponding Source.
|
||||
|
||||
1) Use a suitable shared library mechanism for linking with the
|
||||
Library. A suitable mechanism is one that (a) uses at run time
|
||||
a copy of the Library already present on the user's computer
|
||||
system, and (b) will operate properly with a modified version
|
||||
of the Library that is interface-compatible with the Linked
|
||||
Version.
|
||||
|
||||
e) Provide Installation Information, but only if you would otherwise
|
||||
be required to provide such information under section 6 of the
|
||||
GNU GPL, and only to the extent that such information is
|
||||
necessary to install and execute a modified version of the
|
||||
Combined Work produced by recombining or relinking the
|
||||
Application with a modified version of the Linked Version. (If
|
||||
you use option 4d0, the Installation Information must accompany
|
||||
the Minimal Corresponding Source and Corresponding Application
|
||||
Code. If you use option 4d1, you must provide the Installation
|
||||
Information in the manner specified by section 6 of the GNU GPL
|
||||
for conveying Corresponding Source.)
|
||||
|
||||
5. Combined Libraries.
|
||||
|
||||
You may place library facilities that are a work based on the
|
||||
Library side by side in a single library together with other library
|
||||
facilities that are not Applications and are not covered by this
|
||||
License, and convey such a combined library under terms of your
|
||||
choice, if you do both of the following:
|
||||
|
||||
a) Accompany the combined library with a copy of the same work based
|
||||
on the Library, uncombined with any other library facilities,
|
||||
conveyed under the terms of this License.
|
||||
|
||||
b) Give prominent notice with the combined library that part of it
|
||||
is a work based on the Library, and explaining where to find the
|
||||
accompanying uncombined form of the same work.
|
||||
|
||||
6. Revised Versions of the GNU Lesser General Public License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions
|
||||
of the GNU Lesser General Public License from time to time. Such new
|
||||
versions will be similar in spirit to the present version, but may
|
||||
differ in detail to address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the
|
||||
Library as you received it specifies that a certain numbered version
|
||||
of the GNU Lesser General Public License "or any later version"
|
||||
applies to it, you have the option of following the terms and
|
||||
conditions either of that published version or of any later version
|
||||
published by the Free Software Foundation. If the Library as you
|
||||
received it does not specify a version number of the GNU Lesser
|
||||
General Public License, you may choose any version of the GNU Lesser
|
||||
General Public License ever published by the Free Software Foundation.
|
||||
|
||||
If the Library as you received it specifies that a proxy can decide
|
||||
whether future versions of the GNU Lesser General Public License shall
|
||||
apply, that proxy's public statement of acceptance of any version is
|
||||
permanent authorization for you to choose that version for the
|
||||
Library.
|
||||
|
||||
|
@ -1,9 +0,0 @@
|
||||
# generate-cert
|
||||
|
||||
This role is part of the project [Ansible Hacky PKI](https://gitea.auro.re/histausse/ansible_hacky_pki) licenced under the LGPL 3.
|
||||
|
||||
You can use it to generate certificate and manage de small pki, but keep it mind that this program is distributed **WITHOUT ANY WARRANTY**.
|
||||
In particular, the **security** of the pki generated and the process of generated the pki **is not guaranteed**. If you find any vulnerability,
|
||||
please contact me to see if we can find a patch.
|
||||
|
||||
Copyright 2021 Jean-Marie Mineau <histausse@protonmail.com>
|
@ -1,8 +0,0 @@
|
||||
---
|
||||
key_usage:
|
||||
- digitalSignature
|
||||
- keyEncipherment
|
||||
validity_duration: "+365d"
|
||||
time_before_expiration_for_renewal: "+30d" # need a better name
|
||||
force_renewal: no
|
||||
store_directory: /etc/hackypky
|
@ -1,165 +0,0 @@
|
||||
---
|
||||
- name: Ensure the directories used to store certs exist
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
group: root
|
||||
owner: root
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
loop:
|
||||
- "{{ store_directory }}"
|
||||
- "{{ store_directory }}/crts"
|
||||
- "{{ store_directory }}/keys"
|
||||
|
||||
- name: Ensure the directory containing the cert exist
|
||||
file:
|
||||
path: "{{ directory }}"
|
||||
state: directory
|
||||
|
||||
- name: Test if the key already exist
|
||||
stat:
|
||||
path: "{{ store_directory}}/keys/{{ cname }}.key"
|
||||
register: key_file
|
||||
|
||||
- name: Test if the cert already exist
|
||||
stat:
|
||||
path: "{{ store_directory}}/crts/{{ cname }}.crt"
|
||||
register: cert_file
|
||||
|
||||
- name: Test if we need to renew the certificate
|
||||
openssl_certificate_info:
|
||||
path: "{{ store_directory }}/crts/{{ cname }}.crt"
|
||||
valid_at:
|
||||
renewal: "{{ time_before_expiration_for_renewal }}"
|
||||
register: validity
|
||||
when: cert_file.stat.exists
|
||||
|
||||
- name: Generate the certificate
|
||||
block:
|
||||
- name: Generate private key
|
||||
become: false
|
||||
openssl_privatekey:
|
||||
path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
|
||||
mode: u=rw,g=,o=
|
||||
size: "{{ key_size | default(omit) }}"
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Generate a Certificate Signing Request
|
||||
become: false
|
||||
openssl_csr:
|
||||
path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
|
||||
privatekey_path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
|
||||
common_name: "{{ cname }}"
|
||||
country_name: "{{ country_name | default(omit) }}"
|
||||
locality_name: "{{ locality_name | default(omit) }}"
|
||||
state_or_province_name: "{{ state_or_province_name | default(omit) }}"
|
||||
organization_name: "{{ organization_name | default(omit) }}"
|
||||
organizational_unit_name: "{{ organizational_unit_name | default(omit) }}"
|
||||
email_address: "{{ email_address | default(omit) }}"
|
||||
basic_constraints:
|
||||
- CA:FALSE # syntax?
|
||||
basic_constraints_critical: yes
|
||||
key_usage: "{{ key_usage }}"
|
||||
key_usage_critical: yes
|
||||
subject_alt_name: "{{ subject_alt_name | default(omit) }}"
|
||||
crl_distribution_points: "{{ crl_distribution_points | default(omit) }}"
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Put the CA in a file
|
||||
become: false
|
||||
copy:
|
||||
content: "{{ ca_cert }}"
|
||||
dest: "/tmp/ansible_hacky_pki_ca.crt"
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Put the CA key in a file
|
||||
become: false
|
||||
copy:
|
||||
content: "{{ ca_key }}"
|
||||
dest: "/tmp/ansible_hacky_pki_ca.key"
|
||||
mode: u=rw,g=,o=
|
||||
delegate_to: localhost
|
||||
no_log: yes
|
||||
|
||||
- name: Sign the certificate
|
||||
become: false
|
||||
openssl_certificate:
|
||||
path: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
|
||||
csr_path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
|
||||
ownca_not_after: "{{ validity_duration }}"
|
||||
ownca_path: /tmp/ansible_hacky_pki_ca.crt
|
||||
ownca_privatekey_passphrase: "{{ ca_passphrase }}"
|
||||
ownca_privatekey_path: /tmp/ansible_hacky_pki_ca.key
|
||||
provider: ownca
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Send private key to the server
|
||||
copy:
|
||||
src: "/tmp/ansible_hacky_pki_{{ cname }}.key"
|
||||
dest: "{{ store_directory }}/keys/{{ cname }}.key"
|
||||
owner: "{{ owner | default('root') }}"
|
||||
group: "{{ group | default('root') }}"
|
||||
mode: "{{ key_mode | default('u=rw,g=,o=') }}"
|
||||
no_log: yes
|
||||
|
||||
- name: Send certificate to the server
|
||||
copy:
|
||||
src: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
|
||||
dest: "{{ store_directory }}/crts/{{ cname }}.crt"
|
||||
owner: "{{ owner | default('root') }}"
|
||||
group: "{{ group | default('root') }}"
|
||||
mode: "{{ key_mode | default('u=rw,g=r,o=r') }}"
|
||||
|
||||
# Clean up
|
||||
- name: Remove the local cert key
|
||||
become: false
|
||||
file:
|
||||
path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
|
||||
state: absent
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Remove the CSR
|
||||
become: false
|
||||
file:
|
||||
path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
|
||||
state: absent
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Remove the local certificate
|
||||
become: false
|
||||
file:
|
||||
path: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
|
||||
state: absent
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Remove the CA certificate
|
||||
become: false
|
||||
file:
|
||||
path: /tmp/ansible_hacky_pki_ca.crt
|
||||
state: absent
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Remove the CA key
|
||||
become: false
|
||||
file:
|
||||
path: /tmp/ansible_hacky_pki_ca.key
|
||||
state: absent
|
||||
delegate_to: localhost
|
||||
when: force_renewal or (not key_file.stat.exists) or (not cert_file.stat.exists) or (not validity.valid_at.renewal)
|
||||
|
||||
- name: Create the link to cert
|
||||
file:
|
||||
src: "{{ store_directory }}/crts/{{ cname }}.crt"
|
||||
dest: "{{ directory }}/{{ cname }}.crt"
|
||||
owner: "{{ owner | default('root') }}"
|
||||
group: "{{ group | default('root') }}"
|
||||
state: link
|
||||
|
||||
- name: Create the link to key
|
||||
file:
|
||||
src: "{{ store_directory }}/keys/{{ cname }}.key"
|
||||
dest: "{{ directory }}/{{ cname }}.key"
|
||||
owner: "{{ owner | default('root') }}"
|
||||
group: "{{ group | default('root') }}"
|
||||
state: link
|
||||
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- name: Restart Grafana
|
||||
systemd:
|
||||
name: grafana-server
|
||||
state: restarted
|
@ -1,79 +0,0 @@
|
||||
---
|
||||
- name: Install apt transport https
|
||||
apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
state: latest
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Add Graphana Repo Key
|
||||
apt_key:
|
||||
url: https://packages.grafana.com/gpg.key
|
||||
state: present
|
||||
|
||||
- name: Add Grafana Repository
|
||||
apt_repository:
|
||||
repo: deb https://packages.grafana.com/oss/deb stable main
|
||||
state: present
|
||||
|
||||
- name: Install Grafana
|
||||
apt:
|
||||
name:
|
||||
- grafana
|
||||
state: latest
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Configure Grafana
|
||||
template:
|
||||
src: grafana.ini
|
||||
dest: /etc/grafana/grafana.ini
|
||||
owner: grafana
|
||||
group: grafana
|
||||
mode: u=rw,g=r,o=
|
||||
no_log: true
|
||||
notify: Restart Grafana
|
||||
|
||||
- name: Copy the CA cert
|
||||
copy:
|
||||
content: "{{ ca_cert }}"
|
||||
dest: /etc/grafana/ca.crt
|
||||
notify: Restart prometheus
|
||||
|
||||
- name: Generate certificate
|
||||
include_role:
|
||||
name: generate-cert
|
||||
vars:
|
||||
directory: /etc/grafana/
|
||||
cname: "grafana-{{ lan_address }}"
|
||||
owner: grafana
|
||||
group: grafana
|
||||
key_mode: u=rw,g=,o=
|
||||
subject_alt_name: "IP:{{ lan_address }}"
|
||||
# Need an equivalent to notify here
|
||||
|
||||
## THIS CERT CANNOT BE MONITORED BECAUSE IT IS A CLIENT CERT :'(
|
||||
#- name: Ensured the certificate is monitored
|
||||
# import_tasks: register-cert-to-monitoring.yml
|
||||
# vars:
|
||||
# target: "{{ lan_address }}:<PORT>|grafana-{{ lan_address }}|{{ ansible_facts['nodename'] }}"
|
||||
|
||||
- name: Add Prometheus data source
|
||||
template:
|
||||
src: prometheus_datasource.yaml
|
||||
dest: /etc/grafana/provisioning/datasources/prometheus_datasource.yaml
|
||||
owner: grafana
|
||||
group: grafana
|
||||
mode: u=rw,g=r,o=
|
||||
notify: Restart Grafana
|
||||
|
||||
- name: Enable Grafana
|
||||
systemd:
|
||||
name: grafana-server
|
||||
enabled: true
|
||||
state: started
|
@ -1,23 +0,0 @@
|
||||
---
|
||||
- name: Get the list of targets of the server
|
||||
slurp:
|
||||
src: /etc/prometheus/targets/blackbox-tls-internal-targets.json
|
||||
register: server_tls_targets_file
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
|
||||
- name: Set target variable from file
|
||||
set_fact:
|
||||
server_tls_targets: "{{ server_tls_targets_file['content'] | b64decode | from_json }}"
|
||||
|
||||
- name: Register the endpoint to the prometheus server
|
||||
block:
|
||||
- name: Add the target
|
||||
set_fact:
|
||||
new_server_tls_targets: "[{{ server_tls_targets[0] | combine({'targets': [target]}, list_merge='append_rp') }}]"
|
||||
|
||||
- name: Put the new target list
|
||||
copy:
|
||||
content: "{{ new_server_tls_targets | to_nice_json }}"
|
||||
dest: /etc/prometheus/targets/blackbox-tls-internal-targets.json
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
when: target not in server_tls_targets.0.targets
|
File diff suppressed because it is too large
Load Diff
@ -1,17 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
apiVersion: 1
|
||||
|
||||
datasources:
|
||||
- name: Prometheus
|
||||
type: prometheus
|
||||
# Access mode - proxy (server in the UI) or direct (browser in the UI).
|
||||
access: proxy
|
||||
url: https://{{ lan_address }}:9090
|
||||
jsonData:
|
||||
httpMethod: POST
|
||||
tlsAuth: true
|
||||
tlsAuthWithCACert: true
|
||||
secureJsonData:
|
||||
tlsCACert: $__file{/etc/grafana/ca.crt}
|
||||
tlsClientCert: $__file{/etc/grafana/grafana-{{ lan_address }}.crt}
|
||||
tlsClientKey: $__file{/etc/grafana/grafana-{{ lan_address }}.key}
|
@ -1 +0,0 @@
|
||||
Subproject commit 2358c022895b3ce2f2a08dea41580e4cf84d218f
|
@ -1 +0,0 @@
|
||||
Subproject commit 89fb99ebb7c35ec3c11ecd5e4fbb194817f9cae6
|
@ -1 +0,0 @@
|
||||
Subproject commit 70675bec04af6bf456857c30687c5e57fa5e812a
|
@ -1 +0,0 @@
|
||||
Subproject commit b27360700e82dd14fc42de6bdffc3d80bf3fa975
|
@ -1 +0,0 @@
|
||||
Subproject commit c8e442e4a931acc2220e4406282925c2d4a48954
|
@ -1 +0,0 @@
|
||||
Subproject commit e5ce16268f165be36d4f2f893caf47f9bdb6f332
|
@ -1,10 +0,0 @@
|
||||
---
|
||||
- name: Restart Alertmanager
|
||||
systemd:
|
||||
name: prometheus-alertmanager.service
|
||||
state: restarted
|
||||
|
||||
- name: Restart kassandra
|
||||
systemd:
|
||||
name: kassandra.service
|
||||
state: restarted
|
@ -1,2 +0,0 @@
|
||||
dependencies:
|
||||
- role: install_nginx
|
@ -1,73 +0,0 @@
|
||||
---
|
||||
- name: Install dependencies
|
||||
apt:
|
||||
name:
|
||||
- python3.9
|
||||
- python3.9-venv
|
||||
state: latest
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Create the kassandra user
|
||||
user:
|
||||
name: kassandra
|
||||
home: /opt/kassandra
|
||||
password_lock: yes
|
||||
system: yes
|
||||
|
||||
- name: Install kassandra
|
||||
become: yes
|
||||
become_user: kassandra
|
||||
pip:
|
||||
name:
|
||||
- wheel
|
||||
- "kassandra @ git+https://gitea.auro.re/histausse/kassandra.git"
|
||||
virtualenv: /opt/kassandra
|
||||
virtualenv_command: "python3.9 -m venv"
|
||||
|
||||
- name: Configure kassandra
|
||||
template:
|
||||
src: kassandra-config.yaml
|
||||
dest: /opt/kassandra/config.yaml
|
||||
owner: kassandra
|
||||
group: nogroup
|
||||
mode: '0600'
|
||||
notify: Restart kassandra
|
||||
no_log: true
|
||||
|
||||
- name: Copy the CA cert
|
||||
copy:
|
||||
content: "{{ ca_cert }}"
|
||||
dest: /opt/kassandra/ca.crt
|
||||
notify: Restart kassandra
|
||||
|
||||
- name: Generate certificate
|
||||
include_role:
|
||||
name: generate-cert
|
||||
vars:
|
||||
directory: /opt/kassandra/
|
||||
cname: "kassandra-{{ lan_address }}"
|
||||
owner: kassandra
|
||||
group: nogroup
|
||||
key_mode: u=rw,g=,o=
|
||||
subject_alt_name: "IP:{{ lan_address }}"
|
||||
# Need an equivalent to notify here
|
||||
|
||||
- name: Ensured the certificate is monitored
|
||||
import_tasks: register-cert-to-monitoring.yml
|
||||
vars:
|
||||
target: "{{ lan_address }}:8000|kassandra-{{ lan_address }}|{{ ansible_facts['nodename'] }}"
|
||||
|
||||
- name: Copy the daemon configuration
|
||||
template:
|
||||
src: kassandra.service
|
||||
dest: /etc/systemd/system/kassandra.service
|
||||
notify: Restart kassandra
|
||||
|
||||
- name: Enable the daemon
|
||||
systemd:
|
||||
name: kassandra
|
||||
state: started
|
||||
enabled: yes
|
@ -1,75 +0,0 @@
|
||||
---
|
||||
- name: Install Prometheus Alert Manager
|
||||
apt:
|
||||
name:
|
||||
- prometheus-alertmanager
|
||||
state: latest
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Setup the arguments for alertmanager
|
||||
template:
|
||||
src: prometheus-alertmanager
|
||||
dest: /etc/default/prometheus-alertmanager
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Restart Alertmanager
|
||||
vars:
|
||||
args:
|
||||
- name: web.listen-address
|
||||
value: "127.0.0.1:9093"
|
||||
|
||||
- name: Copy the CA cert
|
||||
copy:
|
||||
content: "{{ ca_cert }}"
|
||||
dest: /etc/prometheus/ca.crt
|
||||
notify:
|
||||
- Restart Alertmanager
|
||||
- Reload nginx
|
||||
|
||||
- name: Generate certificate
|
||||
include_role:
|
||||
name: generate-cert
|
||||
vars:
|
||||
directory: /etc/prometheus/
|
||||
cname: "alertmanager-{{ lan_address }}"
|
||||
owner: prometheus
|
||||
group: prometheus
|
||||
key_mode: u=rw,g=,o=
|
||||
subject_alt_name: "IP:{{ lan_address }}"
|
||||
# Need an equivalent to notify here
|
||||
|
||||
- name: Ensured the certificate is monitored
|
||||
import_tasks: register-cert-to-monitoring.yml
|
||||
vars:
|
||||
target: "{{ lan_address }}:9093|alertmanager-{{ lan_address }}|{{ ansible_facts['nodename'] }}"
|
||||
|
||||
- name: Setup the alertmanager config
|
||||
template:
|
||||
src: alertmanager.yml
|
||||
dest: /etc/prometheus/alertmanager.yml
|
||||
owner: prometheus
|
||||
group: prometheus
|
||||
mode: '0640'
|
||||
notify: Restart Alertmanager
|
||||
|
||||
# Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
|
||||
# Think prometheus, think!
|
||||
- name: Copy the nginx config
|
||||
template:
|
||||
src: atrocious_nginx_stub
|
||||
dest: "/etc/nginx/sites-available/internal-alertmanager"
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Activate the config
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/internal-alertmanager"
|
||||
dest: "/etc/nginx/sites-enabled/internal-alertmanager"
|
||||
state: link
|
||||
force: yes
|
||||
|
||||
- name: Setup the matrix bot
|
||||
import_tasks: kassandra.yml
|
@ -1,23 +0,0 @@
|
||||
---
|
||||
- name: Get the list of targets of the server
|
||||
slurp:
|
||||
src: /etc/prometheus/targets/blackbox-tls-internal-targets.json
|
||||
register: server_tls_targets_file
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
|
||||
- name: Set target variable from file
|
||||
set_fact:
|
||||
server_tls_targets: "{{ server_tls_targets_file['content'] | b64decode | from_json }}"
|
||||
|
||||
- name: Register the endpoint to the prometheus server
|
||||
block:
|
||||
- name: Add the target
|
||||
set_fact:
|
||||
new_server_tls_targets: "[{{ server_tls_targets[0] | combine({'targets': [target]}, list_merge='append_rp') }}]"
|
||||
|
||||
- name: Put the new target list
|
||||
copy:
|
||||
content: "{{ new_server_tls_targets | to_nice_json }}"
|
||||
dest: /etc/prometheus/targets/blackbox-tls-internal-targets.json
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
when: target not in server_tls_targets.0.targets
|
@ -1,32 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
# See https://prometheus.io/docs/alerting/configuration/ for documentation.
|
||||
|
||||
global:
|
||||
# Config used by default by the receivers
|
||||
http_config:
|
||||
tls_config:
|
||||
ca_file: "/etc/prometheus/ca.crt"
|
||||
cert_file: "/etc/prometheus/alertmanager-{{ lan_address }}.crt"
|
||||
key_file: "/etc/prometheus/alertmanager-{{ lan_address }}.key"
|
||||
|
||||
# The directory from which notification templates are read.
|
||||
templates:
|
||||
- "/etc/prometheus/alertmanager_templates/*.tmpl"
|
||||
|
||||
# The root route on which each incoming alert enters.
|
||||
route:
|
||||
repeat_interval: 6h
|
||||
|
||||
# A default receiver
|
||||
receiver: kassandra
|
||||
|
||||
# Inhibition rules allow to mute a set of alerts given that another alert is
|
||||
# firing.
|
||||
# We use this to mute any warning-level notifications if the same alert is
|
||||
# already critical.
|
||||
inhibit_rules:
|
||||
|
||||
receivers:
|
||||
- name: kassandra
|
||||
webhook_configs:
|
||||
- url: "https://{{ lan_address }}:8000/webhook"
|
@ -1,13 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
server {
|
||||
listen {{ lan_address }}:9093 ssl;
|
||||
ssl_certificate /etc/prometheus/alertmanager-{{ lan_address }}.crt;
|
||||
ssl_certificate_key /etc/prometheus/alertmanager-{{ lan_address }}.key;
|
||||
ssl_client_certificate /etc/prometheus/ca.crt;
|
||||
ssl_verify_client on;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:9093;
|
||||
}
|
||||
}
|
@ -1,16 +0,0 @@
|
||||
---
|
||||
{{ ansible_managed | comment }}
|
||||
username: {{ kassandra_username }}
|
||||
homeserver: https://{{ matrix_server_name}}
|
||||
password: {{ kassandra_password }}
|
||||
tls: yes
|
||||
tls_auth: yes
|
||||
host: {{ lan_address }}
|
||||
tls_crt: kassandra-{{ lan_address }}.crt
|
||||
tls_key: kassandra-{{ lan_address }}.key
|
||||
ca_crt: ca.crt
|
||||
alert_rooms:
|
||||
{% for room in alert_rooms %}
|
||||
- "{{ room }}"
|
||||
{% endfor %}
|
||||
...
|
@ -1,12 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
[Unit]
|
||||
Description=Kassandra bot for alertmanager
|
||||
|
||||
[Service]
|
||||
WorkingDirectory=/opt/kassandra
|
||||
ExecStart=/opt/kassandra/bin/kassandra
|
||||
User=kassandra
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,75 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
# Set the command-line arguments to pass to the server.
|
||||
{% if not args %}
|
||||
ARGS=""
|
||||
{% else %}
|
||||
ARGS="\
|
||||
{% for arg in args %}
|
||||
--{{ arg.name }}={{ arg.value }} \
|
||||
{% endfor %}
|
||||
"
|
||||
{% endif %}
|
||||
|
||||
# The alert manager supports the following options:
|
||||
|
||||
# --config.file="/etc/prometheus/alertmanager.yml"
|
||||
# Alertmanager configuration file name.
|
||||
# --storage.path="/var/lib/prometheus/alertmanager/"
|
||||
# Base path for data storage.
|
||||
# --data.retention=120h
|
||||
# How long to keep data for.
|
||||
# --alerts.gc-interval=30m
|
||||
# Interval between alert GC.
|
||||
# --log.level=info
|
||||
# Only log messages with the given severity or above.
|
||||
# --web.external-url=WEB.EXTERNAL-URL
|
||||
# The URL under which Alertmanager is externally reachable (for example,
|
||||
# if Alertmanager is served via a reverse proxy). Used for generating
|
||||
# relative and absolute links back to Alertmanager itself. If the URL has
|
||||
# a path portion, it will be used to prefix all HTTP endpoints served by
|
||||
# Alertmanager. If omitted, relevant URL components will be derived
|
||||
# automatically.
|
||||
# --web.route-prefix=WEB.ROUTE-PREFIX
|
||||
# Prefix for the internal routes of web endpoints. Defaults to path of
|
||||
# --web.external-url.
|
||||
# --web.listen-address=":9093"
|
||||
# Address to listen on for the web interface and API.
|
||||
# --web.ui-path="/usr/share/prometheus/alertmanager/ui/"
|
||||
# Path to static UI directory.
|
||||
# --template.default="/usr/share/prometheus/alertmanager/default.tmpl"
|
||||
# Path to default notification template.
|
||||
# --cluster.listen-address="0.0.0.0:9094"
|
||||
# Listen address for cluster.
|
||||
# --cluster.advertise-address=CLUSTER.ADVERTISE-ADDRESS
|
||||
# Explicit address to advertise in cluster.
|
||||
# --cluster.peer=CLUSTER.PEER ...
|
||||
# Initial peers (may be repeated).
|
||||
# --cluster.peer-timeout=15s
|
||||
# Time to wait between peers to send notifications.
|
||||
# --cluster.gossip-interval=200ms
|
||||
# Interval between sending gossip messages. By lowering this value (more
|
||||
# frequent) gossip messages are propagated across the cluster more
|
||||
# quickly at the expense of increased bandwidth.
|
||||
# --cluster.pushpull-interval=1m0s
|
||||
# Interval for gossip state syncs. Setting this interval lower (more
|
||||
# frequent) will increase convergence speeds across larger clusters at
|
||||
# the expense of increased bandwidth usage.
|
||||
# --cluster.tcp-timeout=10s Timeout for establishing a stream connection
|
||||
# with a remote node for a full state sync, and for stream read and write
|
||||
# operations.
|
||||
# --cluster.probe-timeout=500ms
|
||||
# Timeout to wait for an ack from a probed node before assuming it is
|
||||
# unhealthy. This should be set to 99-percentile of RTT (round-trip time)
|
||||
# on your network.
|
||||
# --cluster.probe-interval=1s
|
||||
# Interval between random node probes. Setting this lower (more frequent)
|
||||
# will cause the cluster to detect failed nodes more quickly at the
|
||||
# expense of increased bandwidth usage.
|
||||
# --cluster.settle-timeout=1m0s
|
||||
# Maximum time to wait for cluster connections to settle before
|
||||
# evaluating notifications.
|
||||
# --cluster.reconnect-interval=10s
|
||||
# Interval between attempting to reconnect to lost peers.
|
||||
# --cluster.reconnect-timeout=6h0m0s
|
||||
# Length of time to attempt to reconnect to a lost peer.
|
@ -1,47 +0,0 @@
|
||||
---
|
||||
groups:
|
||||
- name: BlackBoxAllInstances
|
||||
rules:
|
||||
|
||||
- alert: SiteUp
|
||||
expr: probe_success{job="blackbox http-down"} == 1
|
||||
annotations:
|
||||
title: '{{ $labels.instance }} is UP!'
|
||||
description: '{{ $labels.instance }} is now up!'
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: 'critical'
|
||||
|
||||
- alert: SiteDown
|
||||
expr: probe_success{job="blackbox http-up"} == 0
|
||||
for: 5m
|
||||
annotations:
|
||||
title: '{{ $labels.instance }} is Down'
|
||||
description: >-
|
||||
{{ $labels.instance }} has been down for more than 5 minutes.
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: 'warning'
|
||||
|
||||
- alert: CertExpLess30daysProb
|
||||
expr: (probe_ssl_earliest_cert_expiry{job="blackbox internal tls"}-time()) < 2592000
|
||||
annotations:
|
||||
title: '{{ $labels.cname }} will expire soon'
|
||||
description: >-
|
||||
The certificate {{ $labels.cname }} on {{ $labels.instance }} will expire in
|
||||
{{ $value | humanizeDuration }}, it's time to renew it.
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: 'warning'
|
||||
|
||||
- alert: CertExpLess10daysProb
|
||||
expr: (probe_ssl_earliest_cert_expiry{job="blackbox internal tls"}-time()) < 864000
|
||||
annotations:
|
||||
title: '{{ $labels.cname }} expiracy is imminent!'
|
||||
description: >-
|
||||
The certificate {{ $labels.cname }} on {{ $labels.instance }} will expire in
|
||||
{{ $value | humanizeDuration }}!
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: 'critical'
|
||||
...
|
@ -1,10 +0,0 @@
|
||||
---
|
||||
- name: Restart blackbox-exporter
|
||||
systemd:
|
||||
name: prometheus-blackbox-exporter.service
|
||||
state: restarted
|
||||
|
||||
- name: Restart prometheus
|
||||
systemd:
|
||||
name: prometheus
|
||||
state: restarted
|
@ -1,2 +0,0 @@
|
||||
dependencies:
|
||||
- role: install_nginx
|
@ -1,96 +0,0 @@
|
||||
---
|
||||
- name: Install Prometheus Components
|
||||
apt:
|
||||
name:
|
||||
- prometheus-blackbox-exporter
|
||||
state: latest
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Copy the CA cert
|
||||
copy:
|
||||
content: "{{ ca_cert }}"
|
||||
dest: /etc/prometheus/ca.crt
|
||||
notify:
|
||||
- Restart blackbox-exporter
|
||||
- Reload nginx
|
||||
|
||||
- name: Generate certificate
|
||||
include_role:
|
||||
name: generate-cert
|
||||
vars:
|
||||
directory: /etc/prometheus/
|
||||
cname: "blackbox-{{ lan_address }}"
|
||||
owner: prometheus
|
||||
group: prometheus
|
||||
key_mode: u=rw,g=,o=
|
||||
subject_alt_name: "IP:{{ lan_address }}"
|
||||
# Need an equivalent to notify here
|
||||
|
||||
- name: Ensured the certificate is monitored
|
||||
import_tasks: register-cert-to-monitoring.yml
|
||||
vars:
|
||||
target: "{{ lan_address }}:9115|blackbox-{{ lan_address }}|{{ ansible_facts['nodename'] }}"
|
||||
|
||||
- name: Setup the blackbox config
|
||||
template:
|
||||
src: blackbox.yml
|
||||
dest: /etc/prometheus/blackbox.yml
|
||||
owner: prometheus
|
||||
group: prometheus
|
||||
mode: '0640'
|
||||
notify: Restart blackbox-exporter
|
||||
no_log: true
|
||||
|
||||
#- name: Copy the web-config folder
|
||||
# template:
|
||||
# src: web-config.yaml
|
||||
# dest: /etc/prometheus/web-config-blackbox.yaml
|
||||
# group: prometheus
|
||||
# owner: prometheus
|
||||
# mode: u=rw,g=r,o=r
|
||||
# notify: Restart blackbox-exporter
|
||||
|
||||
- name: Setup the arguments for prometheus
|
||||
template:
|
||||
src: prometheus-blackbox-exporter
|
||||
dest: /etc/default/prometheus-blackbox-exporter
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Restart blackbox-exporter
|
||||
vars:
|
||||
args:
|
||||
- name: web.listen-address
|
||||
value: "127.0.0.1:9115"
|
||||
# value: "{{ lan_address }}:9115"
|
||||
- name: config.file
|
||||
value: /etc/prometheus/blackbox.yml
|
||||
# - name: web.config.file
|
||||
# value: /etc/prometheus/web-config.yaml
|
||||
|
||||
## Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
|
||||
# Think prometheus, think!
|
||||
- name: Copy the nginx config
|
||||
template:
|
||||
src: atrocious_nginx_stub
|
||||
dest: "/etc/nginx/sites-available/internal-blackbox"
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Activate the config
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/internal-blackbox"
|
||||
dest: "/etc/nginx/sites-enabled/internal-blackbox"
|
||||
state: link
|
||||
force: yes
|
||||
|
||||
- name: Add alert rules for node on the prometheus server
|
||||
copy:
|
||||
src: alerts-blackbox.yml
|
||||
dest: /etc/prometheus/alertsblackbox.yml
|
||||
owner: prometheus
|
||||
group: prometheus
|
||||
mode: u=rw,g=r,o=r
|
||||
notify: Restart prometheus
|
@ -1,23 +0,0 @@
|
||||
---
|
||||
- name: Get the list of targets of the server
|
||||
slurp:
|
||||
src: /etc/prometheus/targets/blackbox-tls-internal-targets.json
|
||||
register: server_tls_targets_file
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
|
||||
- name: Set target variable from file
|
||||
set_fact:
|
||||
server_tls_targets: "{{ server_tls_targets_file['content'] | b64decode | from_json }}"
|
||||
|
||||
- name: Register the endpoint to the prometheus server
|
||||
block:
|
||||
- name: Add the target
|
||||
set_fact:
|
||||
new_server_tls_targets: "[{{ server_tls_targets[0] | combine({'targets': [target]}, list_merge='append_rp') }}]"
|
||||
|
||||
- name: Put the new target list
|
||||
copy:
|
||||
content: "{{ new_server_tls_targets | to_nice_json }}"
|
||||
dest: /etc/prometheus/targets/blackbox-tls-internal-targets.json
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
when: target not in server_tls_targets.0.targets
|
@ -1,13 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
server {
|
||||
listen {{ lan_address }}:9115 ssl;
|
||||
ssl_certificate /etc/prometheus/blackbox-{{ lan_address }}.crt;
|
||||
ssl_certificate_key /etc/prometheus/blackbox-{{ lan_address }}.key;
|
||||
ssl_client_certificate /etc/prometheus/ca.crt;
|
||||
ssl_verify_client on;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:9115;
|
||||
}
|
||||
}
|
@ -1,23 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
modules:
|
||||
http_2xx:
|
||||
prober: http
|
||||
http:
|
||||
http_post_2xx:
|
||||
prober: http
|
||||
http:
|
||||
method: POST
|
||||
tcp_connect:
|
||||
prober: tcp
|
||||
icmp:
|
||||
prober: icmp
|
||||
internal_tls_connect:
|
||||
prober: tcp
|
||||
timeout: 10s
|
||||
tcp:
|
||||
tls: true
|
||||
tls_config:
|
||||
ca_file: '/etc/prometheus/ca.crt'
|
||||
cert_file: '/etc/prometheus/blackbox-{{ lan_address }}.crt'
|
||||
key_file: '/etc/prometheus/blackbox-{{ lan_address }}.key'
|
@ -1,21 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
# Set the command-line arguments to pass to the server.
|
||||
{% if not args %}
|
||||
ARGS=""
|
||||
{% else %}
|
||||
ARGS="\
|
||||
{% for arg in args %}
|
||||
--{{ arg.name }}={{ arg.value }} \
|
||||
{% endfor %}
|
||||
"
|
||||
{% endif %}
|
||||
|
||||
# Usage of prometheus-blackbox-exporter:
|
||||
# --config.file="blackbox.yml"
|
||||
# Blackbox exporter configuration file.
|
||||
# --web.listen-address=":9115"
|
||||
# The address to listen on for HTTP requests.
|
||||
# --timeout-offset=0.5 Offset to subtract from timeout in seconds.
|
||||
# --log.level=info Only log messages with the given severity or above.
|
||||
# One of: [debug, info, warn, error]
|
@ -1,6 +0,0 @@
|
||||
[
|
||||
{
|
||||
"targets": [
|
||||
]
|
||||
}
|
||||
]
|
@ -1,7 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
tls_server_config:
|
||||
cert_file: "/etc/prometheus/blackbox-{{ lan_address }}.crt"
|
||||
key_file: "/etc/prometheus/blackbox-{{ lan_address }}.key"
|
||||
client_auth_type: "RequireAndVerifyClientCert"
|
||||
client_ca_file: "/etc/prometheus/ca.crt"
|
@ -1,181 +0,0 @@
|
||||
---
|
||||
groups:
|
||||
- name: NodeAllInstances
|
||||
rules:
|
||||
|
||||
- alert: InstanceDown
|
||||
expr: up{job='node'} == 0
|
||||
for: 5m
|
||||
annotations:
|
||||
title: 'Instance {{ $labels.instance }} down'
|
||||
description: >-
|
||||
{{ $labels.instance }} has been down for more than 5 minutes.
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: critical
|
||||
|
||||
- alert: OutOfDiskSpace
|
||||
expr: (100 - node_filesystem_avail_bytes{} *100 / node_filesystem_size_bytes{}) > 80
|
||||
for: 1m
|
||||
annotations:
|
||||
title: '`{{ $labels.instance }}:{{ $labels.mountpoint }}` is out of space'
|
||||
description: >-
|
||||
Partition `{{ $labels.mountpoint }}` (`{{ $labels.device }}`) of {{ $labels.instance }}
|
||||
uses {{ $value | printf "%.1f" }}% of its capacity.
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: warning
|
||||
|
||||
- alert: OutOfMemory
|
||||
expr: >-
|
||||
(
|
||||
node_memory_MemTotal_bytes
|
||||
- node_memory_MemFree_bytes
|
||||
- node_memory_Cached_bytes
|
||||
- node_memory_Buffers_bytes
|
||||
) / node_memory_MemTotal_bytes * 100 > 80
|
||||
for: 1m
|
||||
annotations:
|
||||
title: '{{ $labels.instance }} is out of memory'
|
||||
description: >-
|
||||
{{ $labels.instance }} uses {{ $value | printf "%.1f" }}% of its memory capacity.
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: warning
|
||||
|
||||
- alert: OutOfInode
|
||||
expr: >-
|
||||
(
|
||||
node_filesystem_files
|
||||
- node_filesystem_files_free
|
||||
) / node_filesystem_files * 100 >= 90
|
||||
for: 5m
|
||||
annotations:
|
||||
title: '`{{ $labels.instance }}:{{ $labels.mountpoint }}` is out of Inodes'
|
||||
description: >-
|
||||
Partition {{ $labels.mountpoint }} ({{ $labels.device }}) of {{ $labels.instance }}
|
||||
uses {{ $value | printf "%.1f" }}% of its Inodes.
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: warning
|
||||
|
||||
- alert: Swapping
|
||||
expr: >-
|
||||
(
|
||||
node_memory_SwapTotal_bytes
|
||||
- node_memory_SwapFree_bytes
|
||||
) / node_memory_SwapTotal_bytes * 100 >= 50
|
||||
for: 5m
|
||||
annotations:
|
||||
title: '{{ $labels.instance }} is using a lot of swap'
|
||||
description: >-
|
||||
{{ $labels.instance }} uses {{ $value | printf "%.1f" }}% of its memory capacity.
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: warning
|
||||
|
||||
- alert: PhysicalComponentTooHot
|
||||
expr: node_hwmon_temp_celsius > 79
|
||||
for: 5m
|
||||
annotations:
|
||||
title: '{{ $labels.instance }} is heating up'
|
||||
description: >-
|
||||
The internal temperature of {{ $labels.instance }} is {{ $value }}°C!
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: critical
|
||||
|
||||
- alert: PhysicalComponentHeatAlarm
|
||||
expr: node_hwmon_temp_crit_alarm_celsius == 1
|
||||
for: 0m
|
||||
annotations:
|
||||
title: 'The temperature alarm of {{ $labels.instance }} is up'
|
||||
description: >-
|
||||
Do something!
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: critical
|
||||
|
||||
- alert: OOMKill
|
||||
expr: increase(node_vmstat_oom_kill[1m]) > 0
|
||||
for: 0m
|
||||
annotations:
|
||||
title: 'The kernel is killing processes'
|
||||
description: >-
|
||||
The kernel killed {{ $value }} proccesses (OOM killer)
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: warning
|
||||
|
||||
- alert: CorrectableErrorDetected
|
||||
expr: increase(node_edac_correctable_errors_total[1m]) > 0
|
||||
for: 0m
|
||||
annotations:
|
||||
title: 'Memory errors have been corrected'
|
||||
description: >-
|
||||
{{ $value | printf "%.1f" }} error(s) have been corrected (EDAC)
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: warning
|
||||
|
||||
- alert: UncorrectableErrorDetected
|
||||
expr: increase(node_edac_uncorrectable_errors_total[1m]) > 0
|
||||
for: 0m
|
||||
annotations:
|
||||
title: 'Memory errors could not be corrected'
|
||||
description: >-
|
||||
{{ $value | printf "%.1f" }} error(s) could not be corrected (EDAC)
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: warning
|
||||
|
||||
- alert: UnhealthyDisk
|
||||
expr: >-
|
||||
(
|
||||
smartmon_device_smart_healthy
|
||||
and on (instance, disk)
|
||||
smartmon_device_info{product!="QEMU HARDDISK"}
|
||||
) < 1
|
||||
for: 10m
|
||||
annotations:
|
||||
title: '`{{ $labels.instance }}:{{ $labels.disk }}` is unhealthy'
|
||||
description: >-
|
||||
Smartools detected that `{{ $labels.disk }}` on {{ $labels.instance }} is unhealthy
|
||||
and will probably need to be changed.
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: critical
|
||||
|
||||
- alert: ServiceFailed
|
||||
expr: node_systemd_unit_state{state="failed"}==1
|
||||
for: 10m
|
||||
annotations:
|
||||
title: '{{ $labels.name }} failed'
|
||||
description: >-
|
||||
The systemd service {{ $labels.name }} failed on {{ $labels.instance }}
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: warning
|
||||
|
||||
- alert: CertExpLess30days
|
||||
expr: (local_x509_expiry_date{job="blackbox internal tls"}-time()) < 2592000
|
||||
annotations:
|
||||
title: '{{ $labels.cname }} will expire soon'
|
||||
description: >-
|
||||
The certificate {{ $labels.cname }} on {{ $labels.instance }} at {{ $labels.file }}
|
||||
will expire in {{ $value | humanizeDuration }}, it's time to renew it.
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: 'warning'
|
||||
|
||||
- alert: CertExpLess10days
|
||||
expr: (local_x509_expiry_date{job="blackbox internal tls"}-time()) < 864000
|
||||
annotations:
|
||||
title: '{{ $labels.cname }} expiracy is imminent!'
|
||||
description: >-
|
||||
The certificate {{ $labels.cname }} on {{ $labels.instance }} at {{ $labels.file }}
|
||||
will expire in {{ $value | humanizeDuration }}, RENEW IT!!!
|
||||
labels:
|
||||
value: "{{ $value }}"
|
||||
severity: 'critical'
|
||||
...
|
@ -1,25 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
sanitize() {
|
||||
while read -r data; do
|
||||
set -- $data
|
||||
printf %q "$1" | sed -e 's/\\ / /g'
|
||||
done
|
||||
}
|
||||
|
||||
print_metric() {
|
||||
while read -r data; do
|
||||
set -- $data
|
||||
if [ -f "$1" ]; then
|
||||
exp_date=`openssl x509 -enddate --noout -in "$1" | sed -e 's/notAfter=//g'`
|
||||
exp_date_unixtime=`date -d "$exp_date" -u +%s`
|
||||
cname=`openssl x509 -subject --noout -in "$1" | sed -e 's/^.*CN = //' | sed -e 's/,.*$//' | sanitize`
|
||||
filename=`realpath "$1" | sanitize`
|
||||
echo "local_x509_expiry_date{cname=\"$cname\",file=\"$filename\"} $exp_date_unixtime"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
echo '# HELP local_x509_expiry_date The cert expiry date in unixtime'
|
||||
echo '# TYPE local_x509_expiry_date gauge'
|
||||
printf '%s\n' "$@" | print_metric
|
@ -1,5 +0,0 @@
|
||||
# The list of certs to monitor
|
||||
ARGS="
|
||||
/etc/letsencrypt/live/**/cert.pem
|
||||
/etc/hackypky/crts/*.crt
|
||||
"
|
@ -1,8 +0,0 @@
|
||||
[Unit]
|
||||
Description=Collect local x509 certificate metrics for prometheus-node-exporter
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
EnvironmentFile=/etc/default/prometheus-node-exporter-local_x509
|
||||
Environment=TMPDIR=/var/lib/prometheus/node-exporter
|
||||
ExecStart=/bin/bash -c "/usr/share/prometheus-node-exporter-collectors/local_x509.sh $ARGS | sponge /var/lib/prometheus/node-exporter/local_x509.prom"
|
@ -1,9 +0,0 @@
|
||||
[Unit]
|
||||
Description=Run local x509 metrics collection every 15 minutes
|
||||
|
||||
[Timer]
|
||||
OnBootSec=0
|
||||
OnUnitActiveSec=15min
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
@ -1,10 +0,0 @@
|
||||
---
|
||||
- name: Restart prometheus-node-exporter
|
||||
systemd:
|
||||
name: prometheus-node-exporter
|
||||
state: restarted
|
||||
- name: Restart appointed_prometheus_server
|
||||
systemd:
|
||||
name: prometheus
|
||||
state: restarted
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
@ -1,69 +0,0 @@
|
||||
---
|
||||
- name: Install moreutils # we need the sponge command
|
||||
apt:
|
||||
name:
|
||||
- moreutils
|
||||
state: latest
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Ensure /usr/share/prometheus-node-exporter exist
|
||||
file:
|
||||
path: /usr/share/prometheus-node-exporter/
|
||||
state: directory
|
||||
group: root
|
||||
owner: root
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
|
||||
# Optionnal, but used with the hacky_pki role
|
||||
- name: Ensure /etc/hackypky/crts/ exist
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
group: root
|
||||
owner: root
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
loop:
|
||||
- /etc/hackypky
|
||||
- /etc/hackypky/crts
|
||||
|
||||
- name: Add the script
|
||||
copy:
|
||||
src: local_x509.sh
|
||||
dest: /usr/share/prometheus-node-exporter-collectors/local_x509.sh
|
||||
group: root
|
||||
owner: root
|
||||
mode: u=rwx,g=,o=
|
||||
|
||||
- name: Add the env file
|
||||
copy:
|
||||
src: prometheus-node-exporter-local_x509
|
||||
dest: /etc/default/prometheus-node-exporter-local_x509
|
||||
group: root
|
||||
owner: root
|
||||
force: no
|
||||
mode: u=rwx,g=r,o=r
|
||||
|
||||
- name: Add the timer
|
||||
copy:
|
||||
src: prometheus-node-exporter-local_x509.timer
|
||||
dest: /lib/systemd/system/prometheus-node-exporter-local_x509.timer
|
||||
group: root
|
||||
owner: root
|
||||
mode: u=rw,g=r,o=r
|
||||
|
||||
- name: Add the service
|
||||
copy:
|
||||
src: prometheus-node-exporter-local_x509.service
|
||||
dest: /lib/systemd/system/prometheus-node-exporter-local_x509.service
|
||||
group: root
|
||||
owner: root
|
||||
mode: u=rw,g=r,o=r
|
||||
|
||||
- name: Enable the timer
|
||||
systemd:
|
||||
name: prometheus-node-exporter-local_x509.timer
|
||||
enabled: true
|
||||
state: started
|
@ -1,130 +0,0 @@
|
||||
---
|
||||
- name: Use a newer version of Node exporter for ubuntu 20.04
|
||||
block:
|
||||
- name: Set the default release
|
||||
lineinfile:
|
||||
path: /etc/apt/apt.conf.d/01-vendor-ubuntu
|
||||
regexp: '^APT::Default-Release '
|
||||
line: "APT::Default-Release \"{{ ansible_facts['lsb']['codename'] }}\";"
|
||||
- name: Pin node exporter
|
||||
copy:
|
||||
dest: /etc/apt/preferences.d/pin-prometheus-node-exporter
|
||||
content: |
|
||||
Package: prometheus-node-exporter
|
||||
Pin: release n={{ ansible_facts['lsb']['codename'] }}
|
||||
Pin-Priority: -10
|
||||
|
||||
Package: prometheus-node-exporter
|
||||
Pin: release n=groovy
|
||||
Pin-Priority: 900
|
||||
- name: Add the repo from groovy
|
||||
apt_repository:
|
||||
repo: deb http://fr.archive.ubuntu.com/ubuntu groovy universe
|
||||
state: present
|
||||
when: ansible_facts['lsb']['id'] == 'Ubuntu' and ansible_facts['lsb']['codename'] == 'focal'
|
||||
|
||||
- name: Install Prometheus Node exporter
|
||||
apt:
|
||||
name:
|
||||
- prometheus-node-exporter
|
||||
- prometheus-node-exporter-collectors
|
||||
state: latest
|
||||
update_cache: true
|
||||
install_recommends: false # Do not install smartmontools
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
|
||||
- name: Install the local_x509 exporter
|
||||
import_tasks: local_x509_collector.yml
|
||||
|
||||
- name: Ensure /etc/node_exporter exist
|
||||
file:
|
||||
path: /etc/node_exporter
|
||||
state: directory
|
||||
group: prometheus
|
||||
owner: prometheus
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
|
||||
- name: Copy the config folder
|
||||
template:
|
||||
src: config.yaml
|
||||
dest: /etc/node_exporter/config.yaml
|
||||
group: prometheus
|
||||
owner: prometheus
|
||||
mode: u=rw,g=r,o=r
|
||||
notify: Restart prometheus-node-exporter
|
||||
|
||||
- name: Copy the CA cert
|
||||
copy:
|
||||
content: "{{ ca_cert }}"
|
||||
dest: /etc/node_exporter/ca.crt
|
||||
notify: Restart prometheus-node-exporter
|
||||
|
||||
- name: Generate certificate
|
||||
include_role:
|
||||
name: generate-cert
|
||||
vars:
|
||||
directory: /etc/node_exporter/
|
||||
cname: "node-exp-{{ lan_address }}"
|
||||
owner: prometheus
|
||||
group: prometheus
|
||||
key_mode: u=rw,g=,o=
|
||||
subject_alt_name: "IP:{{ lan_address }}"
|
||||
# Need an equivalent to notify here
|
||||
|
||||
- name: Ensured the certificate is monitored
|
||||
import_tasks: register-cert-to-monitoring.yml
|
||||
vars:
|
||||
target: "{{ lan_address }}:9100|node-exp-{{ lan_address }}|{{ ansible_facts['nodename'] }}"
|
||||
|
||||
- name: Setup the arguments for node-exporter
|
||||
template:
|
||||
src: prometheus-node-exporter
|
||||
dest: /etc/default/prometheus-node-exporter
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
notify: Restart prometheus-node-exporter
|
||||
vars:
|
||||
args:
|
||||
- name: web.listen-address
|
||||
value: "{{ lan_address }}:9100"
|
||||
- name: web.config
|
||||
value: /etc/node_exporter/config.yaml
|
||||
|
||||
- name: Add the node to the server targets
|
||||
block:
|
||||
- name: Get the list of targets of the server
|
||||
slurp:
|
||||
src: /etc/prometheus/targets/node-targets.json
|
||||
register: server_node_target_file
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
|
||||
- name: Set target variable
|
||||
set_fact:
|
||||
server_node_target: "{{ server_node_target_file['content'] | b64decode | from_json }}"
|
||||
|
||||
- name: Register the node to the prometheus server
|
||||
block:
|
||||
- name: Add the node to the targets
|
||||
set_fact:
|
||||
new_server_node_target: "[{{ server_node_target[0] | combine({'targets': [lan_address + '|' + ansible_facts['nodename']]}, list_merge='append_rp') }}]"
|
||||
|
||||
- name: Put the new target list
|
||||
copy:
|
||||
content: "{{ new_server_node_target | to_nice_json }}"
|
||||
dest: /etc/prometheus/node-targets.json
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
when: (lan_address + '|' + ansible_facts['nodename']) not in server_node_target.0.targets
|
||||
|
||||
- name: Add alert rules for node on the prometheus server
|
||||
copy:
|
||||
src: alerts-node.yml
|
||||
dest: /etc/prometheus/alerts/node.yml
|
||||
owner: prometheus
|
||||
group: prometheus
|
||||
mode: u=rw,g=r,o=r
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
notify: Restart appointed_prometheus_server
|
@ -1,23 +0,0 @@
|
||||
---
|
||||
- name: Get the list of targets of the server
|
||||
slurp:
|
||||
src: /etc/prometheus/targets/blackbox-tls-internal-targets.json
|
||||
register: server_tls_targets_file
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
|
||||
- name: Set target variable from file
|
||||
set_fact:
|
||||
server_tls_targets: "{{ server_tls_targets_file['content'] | b64decode | from_json }}"
|
||||
|
||||
- name: Register the endpoint to the prometheus server
|
||||
block:
|
||||
- name: Add the target
|
||||
set_fact:
|
||||
new_server_tls_targets: "[{{ server_tls_targets[0] | combine({'targets': [target]}, list_merge='append_rp') }}]"
|
||||
|
||||
- name: Put the new target list
|
||||
copy:
|
||||
content: "{{ new_server_tls_targets | to_nice_json }}"
|
||||
dest: /etc/prometheus/targets/blackbox-tls-internal-targets.json
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
when: target not in server_tls_targets.0.targets
|
@ -1,7 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
tls_server_config:
|
||||
cert_file: "/etc/node_exporter/node-exp-{{ lan_address }}.crt"
|
||||
key_file: "/etc/node_exporter/node-exp-{{ lan_address }}.key"
|
||||
client_auth_type: "RequireAndVerifyClientCert"
|
||||
client_ca_file: "/etc/node_exporter/ca.crt"
|
@ -1,138 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
# Set the command-line arguments to pass to the server.
|
||||
# Due to shell scaping, to pass backslashes for regexes, you need to double
|
||||
# them (\\d for \d). If running under systemd, you need to double them again
|
||||
# (\\\\d to mean \d), and escape newlines too.
|
||||
{% if not args %}
|
||||
ARGS=""
|
||||
{% else %}
|
||||
ARGS="\
|
||||
{% for arg in args %}
|
||||
--{{ arg.name }}={{ arg.value }} \
|
||||
{% endfor %}
|
||||
"
|
||||
{% endif %}
|
||||
|
||||
# Prometheus-node-exporter supports the following options:
|
||||
#
|
||||
# --collector.diskstats.ignored-devices="^(ram|loop|fd|(h|s|v|xv)d[a-z]|nvme\\d+n\\d+p)\\d+$"
|
||||
# Regexp of devices to ignore for diskstats.
|
||||
# --collector.filesystem.ignored-mount-points="^/(dev|proc|run|sys|mnt|media|var/lib/docker)($|/)"
|
||||
# Regexp of mount points to ignore for filesystem
|
||||
# collector.
|
||||
# --collector.filesystem.ignored-fs-types="^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$"
|
||||
# Regexp of filesystem types to ignore for
|
||||
# filesystem collector.
|
||||
# --collector.netdev.ignored-devices="^lo$"
|
||||
# Regexp of net devices to ignore for netdev
|
||||
# collector.
|
||||
# --collector.netstat.fields="^(.*_(InErrors|InErrs)|Ip_Forwarding|Ip(6|Ext)_(InOctets|OutOctets)|Icmp6?_(InMsgs|OutMsgs)|TcpExt_(Listen.*|Syncookies.*)|Tcp_(ActiveOpens|PassiveOpens|RetransSegs|CurrEstab)|Udp6?_(InDatagrams|OutDatagrams|NoPorts))$"
|
||||
# Regexp of fields to return for netstat
|
||||
# collector.
|
||||
# --collector.ntp.server="127.0.0.1"
|
||||
# NTP server to use for ntp collector
|
||||
# --collector.ntp.protocol-version=4
|
||||
# NTP protocol version
|
||||
# --collector.ntp.server-is-local
|
||||
# Certify that collector.ntp.server address is the
|
||||
# same local host as this collector.
|
||||
# --collector.ntp.ip-ttl=1 IP TTL to use while sending NTP query
|
||||
# --collector.ntp.max-distance=3.46608s
|
||||
# Max accumulated distance to the root
|
||||
# --collector.ntp.local-offset-tolerance=1ms
|
||||
# Offset between local clock and local ntpd time
|
||||
# to tolerate
|
||||
# --path.procfs="/proc" procfs mountpoint.
|
||||
# --path.sysfs="/sys" sysfs mountpoint.
|
||||
# --collector.qdisc.fixtures=""
|
||||
# test fixtures to use for qdisc collector
|
||||
# end-to-end testing
|
||||
# --collector.runit.servicedir="/etc/service"
|
||||
# Path to runit service directory.
|
||||
# --collector.supervisord.url="http://localhost:9001/RPC2"
|
||||
# XML RPC endpoint.
|
||||
# --collector.systemd.unit-whitelist=".+"
|
||||
# Regexp of systemd units to whitelist. Units must
|
||||
# both match whitelist and not match blacklist to
|
||||
# be included.
|
||||
# --collector.systemd.unit-blacklist=".+(\\.device|\\.scope|\\.slice|\\.target)"
|
||||
# Regexp of systemd units to blacklist. Units must
|
||||
# both match whitelist and not match blacklist to
|
||||
# be included.
|
||||
# --collector.systemd.private
|
||||
# Establish a private, direct connection to
|
||||
# systemd without dbus.
|
||||
# --collector.textfile.directory="/var/lib/prometheus/node-exporter"
|
||||
# Directory to read text files with metrics from.
|
||||
# --collector.vmstat.fields="^(oom_kill|pgpg|pswp|pg.*fault).*"
|
||||
# Regexp of fields to return for vmstat collector.
|
||||
# --collector.wifi.fixtures=""
|
||||
# test fixtures to use for wifi collector metrics
|
||||
# --collector.arp Enable the arp collector (default: enabled).
|
||||
# --collector.bcache Enable the bcache collector (default: enabled).
|
||||
# --collector.bonding Enable the bonding collector (default: enabled).
|
||||
# --collector.buddyinfo Enable the buddyinfo collector (default:
|
||||
# disabled).
|
||||
# --collector.conntrack Enable the conntrack collector (default:
|
||||
# enabled).
|
||||
# --collector.cpu Enable the cpu collector (default: enabled).
|
||||
# --collector.diskstats Enable the diskstats collector (default:
|
||||
# enabled).
|
||||
# --collector.drbd Enable the drbd collector (default: disabled).
|
||||
# --collector.edac Enable the edac collector (default: enabled).
|
||||
# --collector.entropy Enable the entropy collector (default: enabled).
|
||||
# --collector.filefd Enable the filefd collector (default: enabled).
|
||||
# --collector.filesystem Enable the filesystem collector (default:
|
||||
# enabled).
|
||||
# --collector.hwmon Enable the hwmon collector (default: enabled).
|
||||
# --collector.infiniband Enable the infiniband collector (default:
|
||||
# enabled).
|
||||
# --collector.interrupts Enable the interrupts collector (default:
|
||||
# disabled).
|
||||
# --collector.ipvs Enable the ipvs collector (default: enabled).
|
||||
# --collector.ksmd Enable the ksmd collector (default: disabled).
|
||||
# --collector.loadavg Enable the loadavg collector (default: enabled).
|
||||
# --collector.logind Enable the logind collector (default: disabled).
|
||||
# --collector.mdadm Enable the mdadm collector (default: enabled).
|
||||
# --collector.meminfo Enable the meminfo collector (default: enabled).
|
||||
# --collector.meminfo_numa Enable the meminfo_numa collector (default:
|
||||
# disabled).
|
||||
# --collector.mountstats Enable the mountstats collector (default:
|
||||
# disabled).
|
||||
# --collector.netdev Enable the netdev collector (default: enabled).
|
||||
# --collector.netstat Enable the netstat collector (default: enabled).
|
||||
# --collector.nfs Enable the nfs collector (default: enabled).
|
||||
# --collector.nfsd Enable the nfsd collector (default: enabled).
|
||||
# --collector.ntp Enable the ntp collector (default: disabled).
|
||||
# --collector.qdisc Enable the qdisc collector (default: disabled).
|
||||
# --collector.runit Enable the runit collector (default: disabled).
|
||||
# --collector.sockstat Enable the sockstat collector (default:
|
||||
# enabled).
|
||||
# --collector.stat Enable the stat collector (default: enabled).
|
||||
# --collector.supervisord Enable the supervisord collector (default:
|
||||
# disabled).
|
||||
# --collector.systemd Enable the systemd collector (default: enabled).
|
||||
# --collector.tcpstat Enable the tcpstat collector (default:
|
||||
# disabled).
|
||||
# --collector.textfile Enable the textfile collector (default:
|
||||
# enabled).
|
||||
# --collector.time Enable the time collector (default: enabled).
|
||||
# --collector.uname Enable the uname collector (default: enabled).
|
||||
# --collector.vmstat Enable the vmstat collector (default: enabled).
|
||||
# --collector.wifi Enable the wifi collector (default: enabled).
|
||||
# --collector.xfs Enable the xfs collector (default: enabled).
|
||||
# --collector.zfs Enable the zfs collector (default: enabled).
|
||||
# --collector.timex Enable the timex collector (default: enabled).
|
||||
# --web.listen-address=":9100"
|
||||
# Address on which to expose metrics and web
|
||||
# interface.
|
||||
# --web.telemetry-path="/metrics"
|
||||
# Path under which to expose metrics.
|
||||
# --log.level="info" Only log messages with the given severity or
|
||||
# above. Valid levels: [debug, info, warn, error,
|
||||
# fatal]
|
||||
# --log.format="logger:stderr"
|
||||
# Set the log target and format. Example:
|
||||
# "logger:syslog?appname=bob&local=7" or
|
||||
# "logger:stdout?json=true"
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- name: Restart prometheus
|
||||
systemd:
|
||||
name: prometheus
|
||||
state: restarted
|
@ -1,2 +0,0 @@
|
||||
dependencies:
|
||||
- role: install_nginx
|
@ -1,117 +0,0 @@
|
||||
---
|
||||
- name: Install Prometheus Components
|
||||
apt:
|
||||
name:
|
||||
- prometheus
|
||||
- prometheus-pushgateway
|
||||
state: latest
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Ensure the alert folder exist
|
||||
file:
|
||||
path: /etc/prometheus/alerts
|
||||
state: directory
|
||||
group: prometheus
|
||||
owner: prometheus
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
|
||||
- name: Ensure the target folder exist
|
||||
file:
|
||||
path: /etc/prometheus/targets
|
||||
state: directory
|
||||
group: prometheus
|
||||
owner: prometheus
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
|
||||
- name: Copy the CA cert
|
||||
copy:
|
||||
content: "{{ ca_cert }}"
|
||||
dest: /etc/prometheus/ca.crt
|
||||
notify:
|
||||
- Restart prometheus
|
||||
- Reload nginx
|
||||
|
||||
- name: Generate certificate
|
||||
include_role:
|
||||
name: generate-cert
|
||||
vars:
|
||||
directory: /etc/prometheus/
|
||||
cname: "prometheus-{{ lan_address }}"
|
||||
owner: prometheus
|
||||
group: prometheus
|
||||
key_mode: u=rw,g=,o=
|
||||
subject_alt_name: "IP:{{ lan_address }}"
|
||||
# Need an equivalent to notify here
|
||||
|
||||
- name: Ensured the certificate is monitored
|
||||
import_tasks: register-cert-to-monitoring.yml
|
||||
vars:
|
||||
target: "{{ lan_address }}:9090|prometheus-{{ lan_address }}|{{ ansible_facts['nodename'] }}"
|
||||
|
||||
- name: Setup the prometheus config
|
||||
template:
|
||||
src: prometheus.yml
|
||||
dest: /etc/prometheus/prometheus.yml
|
||||
owner: prometheus
|
||||
group: prometheus
|
||||
mode: '0640'
|
||||
notify: Restart prometheus
|
||||
no_log: true
|
||||
|
||||
- name: Add node targets file
|
||||
template:
|
||||
src: node-targets.json
|
||||
dest: "/etc/prometheus/targets/{{ item }}-targets.json"
|
||||
owner: prometheus
|
||||
group: prometheus
|
||||
mode: '0640'
|
||||
force: no
|
||||
notify: Restart prometheus
|
||||
loop:
|
||||
- blackbox-http-down
|
||||
- blackbox-http-up
|
||||
- blackbox-tls-internal
|
||||
- node
|
||||
|
||||
- name: Copy the web-config folder
|
||||
template:
|
||||
src: web-config.yaml
|
||||
dest: /etc/prometheus/web-config.yaml
|
||||
group: prometheus
|
||||
owner: prometheus
|
||||
mode: u=rw,g=r,o=r
|
||||
notify: Restart prometheus
|
||||
|
||||
- name: Setup the arguments for prometheus
|
||||
template:
|
||||
src: prometheus
|
||||
dest: /etc/default/prometheus
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Restart prometheus
|
||||
vars:
|
||||
args:
|
||||
- name: web.listen-address
|
||||
value: "127.0.0.1:9090"
|
||||
# value: "{{ lan_address }}:9090"
|
||||
# - name: web.config.file # Not available before 2.24, and it sucks
|
||||
# value: /etc/prometheus/web-config.yaml
|
||||
|
||||
# Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
|
||||
# Think prometheus, think!
|
||||
- name: Copy the nginx config
|
||||
template:
|
||||
src: atrocious_nginx_stub
|
||||
dest: "/etc/nginx/sites-available/internal-prometheus"
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Activate the config
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/internal-prometheus"
|
||||
dest: "/etc/nginx/sites-enabled/internal-prometheus"
|
||||
state: link
|
||||
force: yes
|
@ -1,23 +0,0 @@
|
||||
---
|
||||
- name: Get the list of targets of the server
|
||||
slurp:
|
||||
src: /etc/prometheus/targets/blackbox-tls-internal-targets.json
|
||||
register: server_tls_targets_file
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
|
||||
- name: Set target variable from file
|
||||
set_fact:
|
||||
server_tls_targets: "{{ server_tls_targets_file['content'] | b64decode | from_json }}"
|
||||
|
||||
- name: Register the endpoint to the prometheus server
|
||||
block:
|
||||
- name: Add the target
|
||||
set_fact:
|
||||
new_server_tls_targets: "[{{ server_tls_targets[0] | combine({'targets': [target]}, list_merge='append_rp') }}]"
|
||||
|
||||
- name: Put the new target list
|
||||
copy:
|
||||
content: "{{ new_server_tls_targets | to_nice_json }}"
|
||||
dest: /etc/prometheus/targets/blackbox-tls-internal-targets.json
|
||||
delegate_to: "{{ appointed_prometheus_server }}"
|
||||
when: target not in server_tls_targets.0.targets
|
@ -1,13 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
server {
|
||||
listen {{ lan_address }}:9090 ssl;
|
||||
ssl_certificate /etc/prometheus/prometheus-{{ lan_address }}.crt;
|
||||
ssl_certificate_key /etc/prometheus/prometheus-{{ lan_address }}.key;
|
||||
ssl_client_certificate /etc/prometheus/ca.crt;
|
||||
ssl_verify_client on;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:9090;
|
||||
}
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue