ryanc/ansible
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Add host_vars and group_vars

Browse Source
This commit is contained in:
Ryan Cavicchioni
2022-08-30 07:41:17 -05:00
parent 20263b7e26
commit 1febcb4d1c
21 changed files with 2495 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

302
group_vars/all/main.yaml Normal file
View File

@ -0,0 +1,302 @@
---
ansible_python_interpreter: /usr/bin/python3
syslogfacility: LOG_LOCAL2
network_nameservers: "{{ dns_servers }}"
network_search: kill0.net
postfix_aliases:
postmaster: root
hostmaster: root
webmaster: root
abuse: root
administrator: root
admin: root
root: sysops@kill0.net
devnull: /dev/null
#firewall_ssh_whitelist:
# - "{{ lookup('dig', 'jump0.kill0.net/A') }}"
# - "{{ lookup('dig', 'jump0.kill0.net/AAAA') }}"
# - 192.168.255.17
# - 2600:3c00:e000:343::11/128
firewall_ipset_mgmt:
- "{{ lookup('dig', 'jump0.kill0.net/A') }}"
- "{{ lookup('dig', 'jump0.kill0.net/AAAA') }}"
firewall_limited_tcp_ports:
- 22
#unattended_upgrades_mailto: sysops@kill0.net
unattended_upgrades_mailto: devnull
unattended_upgrades_automatic_reboot: yes
unattended_upgrades_automatic_reboot_time: '8:00'
unattended_upgrades_reboot_with_users: no
openssh_sshd_config:
PermitRootLogin: prohibit-password
autossh_config:
- name: influx
host: jump0.kill0.net
options:
- -L 127.254.254.1:8086:127.0.0.1:8086
- name: syslog
host: jump0.kill0.net
options:
- -L 127.254.254.1:1514:127.0.0.1:514
user_authorized_keys_hash:
ryan:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGznaofIstAxYsX1MH8xQiZU4aOO4SUw9OlRbyFMfQTx
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKdWuh9fbKNubIWaYGwOcbGNkh1Osifh/22KE5pKlVxfVqTT2MiEY6LlvlqR0UkU0hos5F0aEigK7wsABy0KEP2Z0hlx1IwO89rX1TbeqbNVvFk34+jBFflNhBTwE4fekBc4WyvQ3MtlygUTqUnPiQNMBL6uV3rHfh015C5ZqRHSqT7O/+bIbuLSOLizQPph/EJ7U7ti5gfZb5J8uSLdaK0vCLSIokleht3dE1DxfNq4LaVcNCGfNXHIzhaew7L4IkJ7nSWGRtGD7aHKcPV8PRJCt3Mn1IDXrVwFYx0tmFF4eyJ5h9l7fTiRs8PjJ8zD8BePtAP/LFCrhCS+vYbGJT
# windows 10
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCe1dmofrPBmchiBs1NQxJVEiAyNfd/eG/U6xh8buekKpEYu6vY9oLN3fk1TdIQoq5gl6qVMaT8cRXQkN7zPBHdwpX55ifmM8O5sQJ3Q2Wioi+6W2elVG58kDIaWFUiQLFm3CXUQ43Ec3+SMo2xlr8b7tUUbCc7690TNJx4gB1t+mYQMIv5OBuzRgUJLSclT0Tp5luJgVKVimPKXTqawDPIKwEZHHvJjs1S4irDdIP4OJJHfHmegapXbMexfEEmgt82axlSjywlMDOKCxnJphOSxtzbUGHkdNMM8VBQC/iMEHprmp75LQzgL5tk9cdIe6T8b1XyuD3tdO/xguChBPpV
# work
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICndorpp/6aKlLq2K1YP81r8zA80VGp1qAUeCZtdVhAw rcavicchioni@NMLT072
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCW02T3dkh1Ra9n+Ql86e/C2ZdtwY5if5RZoc2BYwFCcygwP3GUKOrR6c9SW25B3X048+tVdTiOUhqfsqWf6jxCJ5h17lJ2sigMxEZOht0hUQZSgmQgdviYv3WYrqC4hlStumwEgEsJjRl9PP5LnIcdjWWINslaweFdfD7KhTRPlok1T2ycd0wEvsSCVATW32xV4Dpof5HLgLqnNwtK3VKSl7YIQu5i9SimtRDijwPnOkeMoknGjatpOu5VrnOP03GaExqXnjaIaUz++5GhCGEQEKhlcQrBCYlxubH+L4r6bka1S5r1GeeZNL6g+uUVUP5XaG8HcA9vArilmQfDj3xd
rick:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTt13M/kyXmm8ORhefa6b4e0j1XczLu+R/asgTSdvhDCljo1LLtDvXWdUVQCwXxMXw8aPKjskBr+k1KJOFsdfVi65dExHhmaHk4qeGgkSkLNLPaMkKcNv3h+hS7VGmZjsxU0+bwl0b3g6woKEuMjnD5MfCsKIs6TOB5XjoDw8PMC+BsOiafFPeXGL8UA4yBtdNXFk6B4Ev6lZflPvenJXXJjYeePnhXjPaI6cNjSPhByy8mPU0AzWhtq8akbXlOCUrjuq2XoatwVOd1ZWj344PHfav7zmZkYLWOE7AR++ng+4pNxrfeiCxBcgSluKNYkZFac04OX8PSNbvqTWA29GIDlmcomaSJOWslVoVOiWYQ+7wWIb0d2+RgH/6UvVS500NyacOSkSlfI8SyqC5VVb2jjUC+GQ2zW/IMfYlwRutXT3MRgVtuoQ2i/aXizPLsH6iBqKxQDMV48avTNIitN29owOBPpDNsd1o4iy4kdMPrAFmrPBYSA939nOUzPmCCwU=
users_interactive:
- name: ryan
groups:
- users
- sudo
- adm
comment: Ryan Cavicchioni
password: "{{ vault_user_password_hashes['ryan'] }}"
- name: rick
groups:
- users
comment: Rick Elias
password:
users_authorized_keys:
- name: ryan
keys: "{{ user_authorized_keys_hash['ryan'] }}"
- name: rick
keys: "{{ user_authorized_keys_hash['rick'] }}"
- name: root
keys: "{{ user_authorized_keys_hash['ryan'] }}"
telegraf_config_outputs:
influxdb:
urls:
- http://127.254.254.1:8086
telegraf_config_d:
- name: ping
config:
inputs.ping:
- urls:
- 10.255.0.1
count: 10
ipv6: false
binary: ping4
rsyslog_archival_format_enabled: true
rsyslog_outputs:
- name: omfwd
params:
#target: 127.254.254.1
target: 10.255.0.1
#port: 1514
port: 514
protocol: tcp
action.resumeretrycount: -1
queue.type: linkedlist
queue.size: 10000
queue.filename: fwd
queue.saveonshutdown: "on"
keepalive: "on"
sudo_aliases:
host:
- name: minecraft
items:
- mine[[\:digit\:]]*
- name: jumphosts
items:
- jump[[\:digit\:]]*
sudo_rules:
- name: "%sudo"
hosts: ALL
runas:
users: ALL
groups: ALL
tags:
- NOPASSWD
commands: ALL
restic_repos:
- name: b2
repo: "b2:kill0-infra-backup:"
environment:
RESTIC_PASSWORD: "{{ vault_restic_repo_b2_password }}"
B2_ACCOUNT_ID: "{{ vault_restic_repo_b2_account_id }}"
B2_ACCOUNT_KEY: "{{ vault_restic_repo_b2_account_key }}"
restic_jobs:
- name: system
repo: b2
paths:
- /
certs_trusted_ca:
chill9-root-ca: |
subject=C = US, O = chill9, CN = chill9 Root CA
issuer=C = US, O = chill9, CN = chill9 Root CA
notBefore=May 16 17:36:20 2020 GMT
notAfter=May 14 17:36:20 2030 GMT
-----BEGIN CERTIFICATE-----
MIIFOjCCAyKgAwIBAgIQdRhWyOcUQ+uIEypQfJLvqTANBgkqhkiG9w0BAQsFADA3
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
Um9vdCBDQTAeFw0yMDA1MTYxNzM2MjBaFw0zMDA1MTQxNzM2MjBaMDcxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFzAVBgNVBAMMDmNoaWxsOSBSb290IENB
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAswTensn+vA45WGRp3o/5
LX+wh6PTHAGNluLaZRyUNOg+EunnXAvMBF912D587wLAiC1G9FGOn+8JVws2QITX
+U8Y8L2vhnfGQNCQYvqBfJc5PJt3ZZ35to5tdTRJTeVhNWzIA7qOZh8ualFbCDYd
m6K74SlfEbvKzS02pYWN6wCVXtGOPl7VoOtjg8cOUX6u1pZpBKQfzq3lgLS2oMp0
VuBJeUMiki/O8nCC10VCXcZ9q4bsUvWH9lJB/IqlKt+bG9TjO+vigb9eOSfaILkM
d7NMziP5OQXMjv6NwmJQY7N5TiKWdh9h4G3KS41dr2Oeo+A1FcMEP9nkZb1lX3Ft
9Xzw8jJ99SD36mCEiqndvKA66/pcgMCvPAkkDwoSS+Er4LPcNmY2TVN+mIaF1OaS
Dc1EAXUfjnX8mZlclS/AfCg8TIPCc8o6Neg3DECT2j+IC9bgeoLqZLIuzzLNFrG5
aPNhG+24phHqdZvAkdhHWeEh1GS5uMutvV02hF5MrZLz8ou+56feFpUmeuPzQAfR
0Xbz0ot2JdETmcCTcmZBQ+9oP5DIszJt85wCHJ5S5FewUzsXJs1MQue3NLSM5FBS
hhOq+w6Pp64aaGKKyPi1GeZ1m31sM6w1yFVTQsqqy28GSjd/fQu55ESQ1sM0UhIo
DCUBbNPxycJGh9Ivxii1RqMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHFG9UxX+vMe4E0uEZ2LqyldmHkbMA0GCSqG
SIb3DQEBCwUAA4ICAQCC1jksFZp38JTGFIrNJJ6PgI6xXigtD2Z3KstS1cAIJi/P
/3NPu8iTgoyhNiq7a20tojPJGPlumezy3R5twA16UCq8guGFVEEEkJX+wOM0T4p0
jwtcMOeA6GchzS3+u74kk8oIvvw41K5gU2VU/W2axxnejt/HQMAYaMsD/zcNPXrP
oHAgEP5i7G7fX0FXqERnLU9lgbtTTTuszBnZHIdaUKSoK0Oji46y15pEdhxkVB6t
/BiNPAYM1Pc/Hi366eb6yuY8eJCK94QMQBvYpIjNwThAKclFh8n62KF6gXqj7Hcu
UQr1Z55KOuAlAM7fIBsqL4G2Ihs8yBeJe4YZrkdBqBzpJwOYNj7IsUnxgXYQpkVQ
u5coTbrB8w4Mw8ak+L2McMAYhG5FIndy9GAFEEanrmyiHJW96MHqTD1xY9TyvdN/
Kt/lsYt0W/y6jknv7hU9uP4X/xkZk8z1D+m4jZHRQpnUPL1eSOUPSJ0t+68GQUVJ
NJFmTx/qv1/9lXNy40jecX6sO4ZPLoQydMjwRmSerxki7MP4gxGNuBEpOvoj+ABM
MBlD7BhUn5++BZQOLUU+JYr5kNi0WmFFN1v2SpoMyDydTgA+cJsS/TiOeMrY9Szs
ZEFa3PSiA1fP03SRKC9tqjc7d6vQU0fE93wzcUCgyyf5mln6NV7cxOfDJNO8gA==
-----END CERTIFICATE-----
openvpn_config:
client:
client:
remote: vpn-jump0.kill0.net 1194
ca: "{{ openvpn_etc_path }}/client/ca.pem"
cert: "{{ openvpn_etc_path }}/client/cert.pem"
key: "{{ openvpn_etc_path }}/client/key.pem"
tls-auth: "{{ openvpn_etc_path }}/client/ta.key 1"
verb: 3
dev: tun
teleport_service_state: stopped
teleport_service_enabled: false
firewall_teleport_node_enabled: false
teleport_roles: [ node ]
teleport_config:
teleport:
auth_token: "{{ vault_teleport_static_token }}"
ca_pin: sha256:4ef484a5949aadedf983bc1f1d43f6f31356ca37f9608267424ddc0d9b68e010
auth_servers:
- "jump0.kill0.net:3025"
firewall_ipset_node_exporter:
- "{{ lookup('dig', 'jump0.kill0.net./A') }}"
- "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
- 10.255.0.1
firewall_ipset_blackbox_exporter:
- "{{ lookup('dig', 'jump0.kill0.net./A') }}"
- "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
- 10.255.0.1
firewall_ipset_mtail:
- "{{ lookup('dig', 'jump0.kill0.net./A') }}"
- "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
- 10.255.0.1
node_exporter_du_directories:
- /var/log/syslog
- /var/spool/rsyslog
wireguard_iptables:
wg0:
input: true
wireguard_network_prefix: 10.255.0
wireguard_peers:
wg0:
- public_key: 1ipGUnK8XDbIoBIEF440BhwLUe0yHa5l3kZZc4eFxV8=
endpoint: "{{ lookup('dig', 'jump0.kill0.net./A') }}:{{ wireguard_port }}"
allowed_ips: "{{ hostvars['jump0.kill0.net'].wireguard_interfaces.wg0.address }}"
supervisor_unix_http_server_socket_chown: root:node_exporter
supervisor_unix_http_server_socket_chmod: "0770"
firewall_ipset_loki:
- 10.255.0.1
promtail_clients:
- url: http://10.255.0.1:3100/loki/api/v1/push
promtail_scrape_configs:
- job_name: system
static_configs:
- targets:
- localhost
labels:
job: syslog
__path__: "/var/log/syslog/{{ ansible_hostname }}/**/*.log"
- job_name: nginx
static_configs:
- targets:
- localhost
labels:
job: nginx
host: "{{ ansible_hostname }}"
__path__: /var/log/nginx/*.log
pipeline_stages:
- match:
selector: '{job="nginx"}'
stages:
- regex:
expression: '^(?P<remote_addr>[^ ]+) - (?P<remote_user>[^ ]*) \[(?P<time_local>.*)\] "(?P<method>[^ ]*) (?P<request>[^ ]*) (?P<protocol>[^ ]*)" (?P<status>[\d]+) (?P<body_bytes_sent>[\d]+) "(?P<http_referer>[^"]*)" "(?P<http_user_agent>[^"]*)"?'
- metrics:
nginx_requests_total:
type: Counter
description: requests in nginx access logs
source: method
config:
action: inc
- labels:
#remote_addr:
#remote_user:
#time_local:
method:
#request:
#protocol:
status:
body_bytes_sent:
#http_referer:
#http_user_agent:
loki_service_enabled: false
loki_service_state: stopped
promtail_service_enabled: false
promtail_service_state: stopped
influxdb_service_enabled: false
influxdb_service_state: stopped
influxdb_package_state: absent
telegraf_service_enabled: false
telegraf_service_state: stopped
telegraf_package_state: absent

323
group_vars/all/vault.yaml Normal file
View File

@ -0,0 +1,323 @@
$ANSIBLE_VAULT;1.1;AES256
31363530386439333137346232326666303761646639326334383230336365393138366637383338
3332303562323030643037313965376134363230333830320a376362633836626639633966616230
65633065373336373735326163666438353135393435383861663665336433623038336531393437
6231326664383462380a303832613736376236646631376461363965383166626366616439653465
38386132383562623430363138373630343030643930396532393834623833383934363936666236
32366663373031646162336364313662356339353739353135613762623236313063336562643163
65323231323739396630343935353763366166396535393031653130326632653839343332326161
62636364303566343764363131643935633365643337383536663334373063323135396130653033
65333434346439366636633566333866333361323439366437366264343230666365346263333734
66663639666165336136636661333533373733336334626266316165386430653564636461306261
39643961383366623335353337373562623433353238333338326637633862616465333562666530
36636133303037643361666265633162393965396534303732643966383537383734643737316335
65363266623034386162653364633962386635373435643864346637303938303731323537353439
38633564643837393836326337303838636263626234306165323661333562356235396665323265
61306464653835653038336437666166666361366134663738333133373737313034653336366561
38663138633131336233613363333233636435653236393361343763646239613466386330376265
31353238623436333461383833356465343134386565396161356438646438363332306164353235
38633834393938336134656235396437316262633830623233383366343133643066323363626666
63656338653564653262333039353732386434616261393437303436363061623465653438623731
63333762363865363930356134396439356665646364633362356531363730316339633162336266
61396433323036633631646635636262366134346632633535363937316436646439326138316363
66633538643165303661393738333739396530303138306133613333393461396363303463373636
61633066333765346436613034383766346633373839613638346432396166306631386364643537
38333331323930656563613130663438386664626637373537653966333261663233633033383736
36356665323165383862643032376565643134396361633835393632643834663566663336656664
31353736313638643935643065613438326465393538616462616338646637326361653435653066
65353537333338666634313863643732363763643366656132373163646438346363336233363662
37633137346362623739343562326661373266663339616164346533353935643432326339303761
37323231323833656165353561333565623237656238383332653665643766313234333739383133
30626164363338653938643135643034393231386634386237336264323135393161343432616563
38646530646536663030336166383261663134663230656565623739666636366166313364353734
30663639383938373439356530316666633030383832666335636433633136663530373861333936
66303636636439333762616365306437386139633937346537383365333235656165633537326563
39393330336362336565653830623462616539336164656563333563643539383538623432646563
36353239643962346232636233356132303762396462303731623932306435633132333065336531
65623462653163666165613937316531343561363730326439643164616364656166613438346433
65353934303433363965656262666634326436346330366462343131623334383936613362656630
36323434613435646131623466303265633831616539623438626634343938336532633866666362
36343930336664363262616330633930313232353866653236313864643531306436666464303563
37643063396137656663343165343162363835376439396362626432376437393931396138616263
62333061663761383135333862346636663534616632656231323438663230626636643565363066
32323337396663366532353764353931343837633465613037376433636531343765313466633338
65653862303835643330396634613934303135343532323334366632313637373665633336393236
34643064343761373231303465643230393264356432383764613561366337356135313738353836
62653162376533613462613236386432353765633230333634316530616133363331626436306237
32393261653465376234313035666234393461613166383030386138373738346531666132383732
37363365383066643463656630396263326561643330373565653035336365373564613033313539
61666433333535613961666633366334306463333038356663613436343765303438303932613766
37663361656630383930326563356530343366633633303765366261353035346566303366303064
39636334656165653735623761326464323737323733613666313839316334386630356565383132
66613963326161666136303262633338343137373336643735666634323338656161623839363431
35326531343430346632636464386235643236326635306562623339636132383334393038616565
62376435623565633138623466363230613861366437613230373464373762383135633431376533
33626166303835653733366534363762396163326534323663373363356631336230363362393466
30306534626134306534653361663939653736373165633762663464656635623134326335636465
32313439646462373937316237613834613538396634393339666530666534376164366339326334
37336362626536656433306466323739303665643139386637316536656536386163336461346439
30323136663830643866306135663931626438396638353237343532373639303630316133613730
66623939656635656535623539663661326666313664666235643336666338356565613537353635
32626464633532393135653735653237326231363762626466646366393266333039313437306437
34626438376461373537303137666639346533313634396337303165663234643665393737313262
64306563333062383832396333663134633736616366633961373230333635363639363039313662
30323737323166373066336331383839383964323561363836633861376137306161646164636366
36346133653965333539386232303930663435353131323337363863336466313666613430343436
64386537643763303132343062323938323530333839613365363031613037643362656334313137
32393337643732613837373564333930623566316333636166666132653339613337646335393963
33353461623133303566306533333539326162653764623731396463323364653930393534373539
65623833623938366638303461393364636333303839346635366662626661656633303034626265
36373834333934663830656438306539393532316239666534393265306334303263623835356664
34333836383463646362653266353864346133336562633762393763336462353734353636323030
62316135316538623130663838316238343630653964373531613939653832323430646464313764
33336438386231376539623061656335656430303038326431633061393436643966333932323266
31613730343361636339303233303266306363306537633630656433396462326336616339306536
35376661306566373330306264326164636135323938663634326336343832363566303436373138
30396630613635636666393738333036303437366232303732643837393233653539306131363731
36393963343335386336653930396432626231343334653036653762663066333435656464373234
33646637633832386361343331343231313537373765356166313762623066383638313034393731
37663831643466666566613361636661373734623761323733336333366562386430656138636138
35373135663765333733663531353136376563313932303164636234303030653337653738333461
38383363656534353562333065613862343536376231383264373539663936386364333637356535
63343736376431333338613766643033323862663336333164343130626333373336346134326635
35663939323438633136323862626634613332663030666637613662646563333766663238383930
32323163343637336462383366386239623030636233353531656533303833353332643337646461
64633965643834326234643837623165353635373364623630626535653339396639643937363261
62353561653237323036343431363632643539316461303338346266373166623435343133613465
30323230373139346132663066333739316437306532613534306533656161653665393534353062
36326537616536666336646664666564353564383939386435326334333932363331653962636532
32636133386339306638396438326132653636353733633735303063613537623961326164396266
64313336376435353665616439366262303166316632623761383061316664636565313933663436
30393938356361613562643835626138646462623737643738343463643862363136373665323631
39326233373838623638363034613835393838393362653938666662356633643363353963336461
63313932633062376336653238333263623331643735623134383364353536353866626166303338
64303039353364623837373139323838366432663838623530353939366363633738323461323763
37613037636436396232336437633039343838313534376136323836393162613932633430623064
62383466343033633739613738326661653931376562376137613138616630373536623734646637
61356632363430316337363839643237346466316464356439636530373466626166613032303536
64383238323236653838363137393761343138333837376332643138393161336263313664333838
63633662633465326636343132653464383731336133323863313162336632616430363734393865
62643730613862633166366139303865316364366461616466303366626637393734343336653864
30393631643463396435653664346332643665373932376333353439356564316337376430323064
62343736633439636361623066336663646261393432646331356632643638666163623639356137
63343132643066353031643961666131396431633036656136313536393164313062323139623263
31626434396631383361346330303437326165396163333633353761623433643639356365353965
37363533663934336534646339383735623431633032613761383066383230646530616639336636
33356633643936633834353962636538393534633266626237323436656330343235333732346464
62303061306662316139643666393861356130386237613836626136346238306332643433323031
66656631386636653831653933306236623531373036313237636365313666616564653637383930
63653336353838386465646562373636613032373636393866343565623866356130353562663637
33646438633438383337326333666561663665353637376463333863643531316432383462336231
35383731303232643064366563623735626266643336303563326133333866383261366366653164
37313737393636383832393463346235343637643632393735616462396464356362396336373465
63643265326661323766633534303832616466656662613163376233303536363037343662306336
30366265666166343138623739623161326433653465663466383162343161323037336265336634
62343833616330336364396139336539643137346334303634666130633831346432636631393336
62333862363161363063626134386436656337386165383364353930383338373665613635383336
62376133316563646366373666363539383732343961626164343530613866373735653165333538
61383363633561313766626461356537313066346537653233653166396635623533626636363232
66366264363030363065376563376561613866343733363330336138353238306134393363373036
38346633646238623837393565616435616531653631373465336131663531656266383139353161
62336639303936343230643832303565653665386365393637353132323331303436616635353538
62373234323062656566383538363564326532663037663662336237353039616635376665633230
35633832323538336364633365656665653464383930313533613033663066373137646561313162
30386364636339396435356563346335336664303833623630363065383764643333636333643838
36373732636165393362313430646635666138393134313332303335336638373232376234636363
30616562356134633061613663643163306532633765353734326438313861326462303966613564
35333935393032396130636139643437613961303438353338616438393231303834386638316630
34343537356439363338646539396563666139353565393731333535336231373339306536343131
61343664666365643734633834366132636662386530633830656231346162656462303563333732
65336233646362333266303634376539393031316436373133333538653236326439313234653439
35383038316164623761393130633132373533346231383433313537303339386463313766336631
36616337363136353531656235613330336366353330393738636366666235666230643662636365
37363131383338666137363531623161663930353032326439343936653636333265633463613037
36666636303661663937366161393436386130653363306539616631623633323838356337356538
39373537376464306636393961636130333565623865666630653937623235353838366132366534
33346337366461383234623432343662383732346130363439613966363064333964376236303162
30623430383064333639613139383737373939363439633537333135623336346162376264336237
36373537373437396364323264653434623738393638396636643930303461323738363532396364
36386462343064633664633264393264633063373334306133303034613130313530616231336533
38343634386565646331353664333636353363643465646332346236633832326139386333613635
38373264313730633336353730636136386437343834646464633932653138353330643231616535
62333365393361353035613465633334643535366431643461316333626535383766333431613462
30313939343733383938343930313261316362306430653737663463636136626466306339313566
36313330656663653066386566303163623830306635626238343630306536643435393231363835
32336537343634303364316638666239343432633366643937643236393930656664333163326139
30313132346331366630663430613461636239666661306631616636363061323435613735626633
32383366613965643236643163626466306165303666306261656161656561393535353836323338
66643237386138643231383434346135323164313265623132623934376138326536616161306161
30623163623035666535616364613065633236373832383235656162303865386131643261666365
34363237663161343363613534333963643934643531323335643163376435316633623139663237
32366331396438633439626638616461626333666561623536643537336265346665323737393831
31366230356366386265336135373464666233623637396265643636613062626463376265373237
31396139623439333531303564373062626130616561333363356138633530613136623765633663
61633433646361316464643532356166356130626535623861663962663439313639646334643439
34626462616561366138613436623031366265316232373065363736616136323134643261316335
63356432313265643138366361303931343631643337393963313765623734656130373532373961
33316630393564346661376566373437356138336565633566323133376136386438653964356331
34633832383062656237373664303637356431613332353834373630373562346135303837623466
61313035623536656537346666663036623566373535353562386130303064356636326631353432
36666230383162623230383064623861383936326632343835313835303566353061323130663338
31396330613531356364623666643733353666333331373935323230666438313538326533316364
33636662366465346539343963643461316434363939653237326134363935373430663433633461
32313961393736373363663239306336363962623737336538346135643064623135363263666634
35336363633565353831666230613434353864656130316135653765356664616630313036303039
39383062373033616537646237663233363335353863393733646465333430323564396137626230
36333965353362373337323633366162633339343062333162643739363937636135363663646232
33613636366138333233393132316534633334623462656436616235636237366566336536376637
65643934613136653938626338376137646539386663646466653865336432386638383136646339
63653036623338646539376366346639386236303730303061656534373431303838613535663033
62303139613233613262636263323632396362613961323930616564313635393935636636663062
38333361616435626438313332386265393866353633326465626466646236353733643161626131
33663632626130396338303236656537353665653132353133323361393330633562313433633939
62646165313033363635663739623130383034333234353335613262306339656362336137396630
62633763623032336435383035303132643531663862333636303764353336643337353336333962
34396339653966383637333534303732646330383431383936346363363337653863656335623962
35326330333965623864386262306335353838383166633531373037636134386537323562343331
64363532616265333363643636303466363838376464336262386131646365656636333761303836
36373937643635663535313763363965303963363162393465643863653562383464346265303636
61316335333064313335316430303635653030373564393261623532306232333139313735646631
38613665303232313339663865303765393335643063393133666335613431376461663265323931
65613365663134643663303261356534653765613266303562376433386333646666396230306536
62613265616563393132363339336234633732373864353231316436663666383133306664653165
31323937373334633439306466313330376432323166646662613239343436373230626235393736
64613638626237643133323362383631623065373232623363363061643666396633393730366533
33313434653964333762373939663664656636326165623938363430306361373434386134656666
33336230376237646236376535343432343465633166643736623339373436663835303165313363
37666538356633336431343833313438653534353065303336323830623165633962346435633032
38313930366438313665353438323163356561393635666431366362646436313434363866396137
36646565653065643231396430643865386165333038306435323764393264653936333762396531
65383932643464343766613438336437626162366434643336396639636632656434396362636662
66613565636236356661326131656561336564653966316362623632316263343630393136353436
62646238646565313066643530313237353731326138613963656634633539363466313438303038
62383464346166656230343863616264306366656439613038623434643330343930343439393063
62346262626361653530393434633834383332383732623562613138643034643437643137366363
39303439373561323831363463613231343530643730633764363132623466363536333563343962
37353364363265333066313133643762633462326462346365666366383736313862376365353334
62643234336430346132306132623365366639373562383466326365343735396337643535613332
30653032336134623039333730613838666639373731616533376233643134356139373565303538
34373732373133663561646137313662653764376637313235356632666661346162373333626438
31656563356239373635653764336131386462363066633537643239356439636330383336373632
65666163633264396333336665323930393966353438616564653035326565333064393166383837
32643733626265666638306139353665373735656435353935353265663862333365333062353261
37653130326565373765343035386463383263306630386434623131313239393463386437323937
32333163373233336363633430353463623938613434643465376134393436333633356639383337
62663335326130653035333561633664363461313038383262343330393066323165633631656561
37633834343930623238343330373863323033396333343830366635396139306462313566376431
37376437363365386461303763333732333632616533623561633930616332326264623061643734
61336333656365343534643365356363316362313230313366613363333638336236333463386163
39393061343932646633333062393764363238643838383833316434303364643039303662636134
36303636333562336130303865616331386561393964666431303936646136356231363364653766
35373064313363623632353232616563656561613434373232653163386437343736656330393838
66613164646366653563383266633337653865613166666337636630643230363539376436336362
36316431623136313137346664613333303066333337616335636631616361653866653331386531
63613931666334373033633364316338393566313235616138356338353864666561663633373832
39393030646230323032626562613333616566333665633636393537346139333036396338313961
39303965343461383661363765303534343836346665616436626334646362666138636232643163
32313336373735363237306337343637303365306563373433323834346133623837373737663761
63316331333835303064343061303238666336653735353033356661323332613031396434346536
38323931386364633565666231373061306438666331343536353065376437366639323663633762
33353233363764366666333335646239653362393637663863336261626335333237653261623136
30646137663531343531393431653735663933376365646166646134303537303235306533636462
64376363363764326162666363363934363462643936323134326231636232643933623666336230
37316134623963643666393966326636363838353933383361643465356239346539343739386339
65303665333062303832393965363936373835356338326533656631326331663437386433303831
33636339316462613165373238386634343261333464643636656130333236633733346537363733
31363530383538616438323930353339383638643034646339363332356161306130633739643764
65616535623863373632376539303161666363313133313739303936363635666538376635376539
35663031663363376630666633383166393632636662333636326663623838663861623962393866
32666161666531326535383364343865386333336432613038643537356331323763653631623063
37373138333232363365313666353931356639326231633263333138626330396462386162356531
38646336616266653437663137316438353963323231313937633137663730363236366630353866
62323063343261393434333832623830623934386566303135386662363630326237653430663231
31306162396262626636323539383662383735616134356236643832333266646635613163646364
37326635666332383536393434653932363430363137643466393631303066356539626137633032
62623431313534323836373935646665393239393262383563323530316465623436313862666236
34656366316237313565336235323932306234646634653538393362666630386632356361323839
31356534343436643966393161376436323363376166623962636531623330393834353834366662
63646230376432376632326231363766383938666332626239633236376661363562313661346530
37346262626436646436326137363438653237383030623032623435383537383463386461326232
39313363353066323239353939356365303232323435313637346538366562333766386165653233
34646331346265306631386264633564383466313230363962653537626334336164626439653030
62343632666465373033306466356361643830386264316537376130356635363236663732343738
36343934383764386138356238616134623364356662393262346566313735353439386330333963
30666332396266376636303837616566303937303732343431343532373436613439383634316434
33353363393664663535653062633665666662306166393234333230623737313836326263653130
32313664323033653463326332356435373963323763396665643364356563636366323462333332
33343935316462616136326136636364353664346264613431353838653731306636373962316539
37383766366132343861626532633732343665656532653765393230336535633661643432326566
62373834343664343039326630323539363634633866353437373739313862383035623236613032
35383265663465663137353761623833343931326434636533333265383465313365646330653131
66373631363630616564613431636336613030336461663339363930656333393166303063613562
35396430663036313237363130393763343861383738323664323838316365623139306532333833
65366233326638623833326230396463663864663233666565393333613166373130323666653139
31306262306234373033313936626331303161316430383534646632343034366534643636613862
30303739326164623430663130636130663066373230353937346631346662316134376433383738
66346139623437326531383766336338346336636336316363666439666463666537376563633266
37386231613730326536333136303735333664656461653830343130323266343164313131376338
38306662343132653833313530363731393233633938666534326161666534613266336335336434
65376165383737666466356133623764363961303234316531353639316332303264656666306635
37313766383363323138663038373536316461303235373834376430383162373465356463613464
62353063393333633635613566633536356131386563316130353566363363366437323631616166
61333238363732373030336538663466353136663839303664336664653036376564313962323462
65343431363962343631626139363762353831326162636164356562386361646538326137373631
65613561316366363166363339313562396436346439376661636561373737363765663134366330
39653232386561333264646666396164383361653634313338666335303937373435623466396238
35663734363934303265343765356533386230383566656539393363333463363566306635386430
64373533333637383035363337636331643061303165663364623431333665323862313539383063
62396634633463656566666230373832396330646230316235343031346339383239656464386363
34663536663664373538383161363535306363313538343065643335326436386433363838313261
34353536663162356262316264363062663763323038363538656361626538656432646535666563
63356562383332313162353265316631303137306338636531663938646633616239303266373633
32303765393962303336336639383933373635363137303130643830396663303165643465386133
62323032383534616565363637323464306131346363306233353933646538646233626130633431
61666337326537386661303061383966616432623434316630613534626138383837303433326433
38653939383732376266303731373264396331646437613430356236643938613434653263613063
63386535663336633139646365393963656364303966396532323632366630656362313937633539
62396366633530633135646431313837373631336361343065646239303636373563396666313931
65363735653761656365323861316265663032373364363634643930656266323034396132613030
31373665356539383437393830356531346162393162393139333762303038353130343136643266
37353864643031616661643730623766613965626638376631636665343539336435363537363532
35303034373239333237643763396564393862656139633533313432306431356565356534613837
36383164396133353437363534343965643961346535663638366236303165616563633163363338
65626564333230363332643863333233303565653166356131303735613266646562663863316565
62653838303933626232663635316137366533353230633066633464646262313562666263353866
66363434376237653262663938393361396437633864666261303936383436646330316639383233
31313164633133333837356665666632306538313165353062646532373930383138346131386636
30346261323562613262633535326236313961383532646166346636353864323565623739616262
35616562363333376364626630383761333361653637393234373962616639343132346233336230
39623331356331636436346134383935353138316364323030613030393561376631316539343732
36616330376661623266333535633430343838613236633763393031303932386230373838323339
38373036313932313136623739393132323161323662346333303338633163636631313961303665
34616636346566303839623637633734663832636263346165363230333938633463633733646339
65343431313833306561383635653833623139623637393537386630333564346438353731653736
37343665656638663864303139383262643063316162616564303834666636346534653066613162
39376264323462656232626339346564366430373031323835303965646534636461313437326236
66336433393463316137343561366631666163356630616531663037396264613562383937633564
34646164373133383736363537333432396264383166623464333631333939356132373239333266
35333837303862656530353636346561333938316361353635306132323133653235373265613338
38353839653731666338626438393466313034663931656261613166663938646664666661663766
36333037636261306439653133376564646564616339656566346364373831353139663034643133
65613835396265613837373738306238633161323234313963383063666364323932623433653465
34663930616266633161666262326464306132333534373763626433336265323662666563363735
64643635396366386262393637626435613934616530623537396338643133353565316263666535
66656534623862643336636366653036623337386535356138616662373330613731666237306166
37336432653538646266323638306638336638653661623734383565616633636332613339646632
66623066346166303034633332343264616434616664663336653662343535353032633931373461
36333436363834633262383138333263373036396462316563336539363362316461333930396132
34633162306630323536653632316231306164663366646439653863623437373537393330656632
65633163623662346464393038363636656331623465356135323663343636376234353466306535
36346532633233363761316137376165313866643633646631646436336565326530373236386138
63636264636532303035373539623661303639373462346565343433306465393930336666363962
32386164623731646664366234383138633231376562646537323337636534623066643937623766
63303366353261306539303337363638633263663839326530333332386234623437343639393362
32343637626630616138376431313264356131393034313162303466396434303663613361393766
33333732333134326366396532633530653739343866633862636636303865643663303131653964
61633566313766646237613732326330323132363661343363363164663664336461363861633630
37663266666262393434363838316432356633643130323633353132396432373066626635323937
38343463323766373165333966313562613261633434376131643261346661353665373032376631
64366134333762356564653961393535336263633836346666633132623765626364346563666330
34363262666239393238636431386336373337313931386632656362363734373634306532373937
35396266666335356361666264316363613934303462316431306561303231616135316461313765
30393061626232363139373661363735346631306433323064343535666632663362383661316436
3061313735313834393466373963633731643936663739323438

14
group_vars/git_servers/main.yaml Normal file
View File

@ -0,0 +1,14 @@
---
firewall_allowed_tcp_ports:
- 80
- 443
gitea_domain: git.kill0.net
restic_jobs:
- name: system
repo: b2
paths:
- /
hooks:
- gitea.sh

353
group_vars/jump_servers/main.yaml Normal file
View File

@ -0,0 +1,353 @@
---
firewall_allowed_tcp_ports:
- 443
- 80
firewall_allowed_udp_ports:
- 1194
firewall_ipset_syslog:
- 10.255.0.0/24
autossh_authorized_keys:
- key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvKqDI6VUYFgMUC54pVr5U8CX+Xl2ewV7PIYkTiQ70o
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDrte7/aVUhovxsFTF9olsO6V3TiHStlF5XFN1u8uKmYmJ9jfvosOLPAv4KHvVDuOww79JPUXrsSkemC/AM9tlHycBf4+4R8q9o7aL0MNzB1ZaiBCvgx+Wn54QgktM/V7e4yl4LCtjxbscspYCJFtqjWuC85c4d8p7Gwq3t7+wbO3TGZAx1ETdqKjhecTCJpjlvUIYDZlCkXMtmhB52ntTu9/GBXD5mAdTCqyq5aTAxGbt56LCmM0Z2qjAxVWRdJK93C2dQ4OPzWnvc2IWR2EazOLDep8jSz4XOzUlfQCeKfFsEvUJZJi7BtcgVKBvL+e8SmwZNG+SdCmFFJxoXVmat
autossh_config: []
rsyslog_inputs:
- name: imtcp
params:
port: 514
- name: imudp
params:
port: 514
- name: imrelp
params:
port: 2514
rsyslog_outputs: []
telegraf_config_d:
- name: ping
config:
inputs.ping:
- urls:
- ping-home.kill0.net
interface: eth0
count: 10
ipv6: false
binary: ping4
- urls:
- ping6-home.kill0.net
interface: eth0
count: 10
ipv6: true
name_override: ping6
binary: ping6
- urls:
- 10.255.0.1
count: 10
ipv6: false
binary: ping4
openvpn_ip_forward: 1
openvpn_config:
server:
port: 1194
proto: udp
dev: tun
server: 10.8.0.0 255.255.255.0
ifconfig-pool-persist: /var/log/openvpn/ipp.txt
keepalive: 10 120
cipher: AES-256-CBC
persist-key:
persist-tun:
tun-ipv6:
status: /var/log/openvpn/openvpn-status.log
verb: 3
explicit-exit-notify: 1
ca: "{{ openvpn_etc_path }}/server/ca.pem"
cert: "{{ openvpn_etc_path }}/server/cert.pem"
key: "{{ openvpn_etc_path }}/server/key.pem"
dh: "{{ openvpn_etc_path }}/server/dh.pem"
tls-auth: "{{ openvpn_etc_path }}/server/ta.key 0"
client-config-dir: "{{ openvpn_etc_path }}/server/ccd"
route:
- 172.16.0.0 255.255.0.0
- 192.168.255.0 255.255.255.0
- 10.8.0.0 255.255.255.0
push:
- route 10.8.0.0 255.255.255.0
openvpn_dh_params:
server:
dh.pem: |
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAwmTargQ4ki0rYdoPifubzjBWklJXYzsQUU2TbGvuP0ug2weMOA4D
XSmlyJFUmSsSEUxDCG5PXcIdvNHISTX2PiUqf3OhCGghxIbAQwbCdqqs/VnZYt0C
P/M5DJD4hsF8OTrdDG9b5mK3XmB40o9K3xkptfQvoN1ecjhRQ+zgNZcnkOfd0XFB
myPPSBy/9fK6e6N1SnGN7Ao7AJ3VFLpT77hHaW6wZ+hOxWlmjroIlT5FRyvtEATE
2N697E6kWV+1jfyfd8ocu+QfnFbccshJY88OhZ4xddHquFhKMT68TCg43nefQCk7
tnJAVcpUfS6AqhwZRysWNRJfG/NiPsMxIwIBAg==
-----END DH PARAMETERS-----
openvpn_certificates:
server:
cert.pem: |
subject=C = US, CN = jump0.kill0.net
issuer=C = US, O = chill9, CN = chill9 Sub CA
notBefore=May 18 01:58:38 2020 GMT
notAfter=May 18 01:58:38 2021 GMT
X509v3 Subject Alternative Name:
DNS:jump0.kill0.net, DNS:vpn-jump0.kill0.net
-----BEGIN CERTIFICATE-----
MIIGPzCCBCegAwIBAgIQc/QIYhesJteIltoVW79aOzANBgkqhkiG9w0BAQsFADA2
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRYwFAYDVQQDDA1jaGlsbDkg
U3ViIENBMB4XDTIwMDUxODAxNTgzOFoXDTIxMDUxODAxNTgzOFowJzELMAkGA1UE
BhMCVVMxGDAWBgNVBAMMD2p1bXAwLmtpbGwwLm5ldDCCAiIwDQYJKoZIhvcNAQEB
BQADggIPADCCAgoCggIBAOsnQorA2CsepW3m/Sv+7H4ngosGHw/t9LfxAdx+og7t
LNAZ/CIvO4bSjfkRQtCF3+FX7dXPAgkzL0RgDDRD3e3tt54Vo/solxBfHHhkHaWf
JifN8icpkMWukc0pzY+H3XW28rWDYdrBmCkHGoebnf51BcoIJ5mVBMgOE3E86Kih
615NhXg5pF58+Myz5xFdaTOmoj4J0F1ccZGwJWJrkh2YdMGUHH3YSRASP5N2P5Pb
mJ0pLo7C3MH3tZ6Nl8K+RUvtwXCBouthkbs0e02HsQFuLEv2f32NMZU7OUB9Vi8N
wxUQ0I/2t3T3BaNxFLlEAzjqAzZr5pwOpSasBTbxsglWaYou8DhIwLEUOUzIh/xN
kd+9EVymZ2yqYOlWaPvCmgmhZPeqipd3WAPdtHiYxWfgG0obtVh3qH+JI4P0u7Tu
Mb8+TcL3tAfyJDkmY7qepdd3zVj0ldcIQ9k9DRu76WE11aXjSl9YYSBvTuHPN6sd
3c+oJ5Ew74hI3AtDf5M6FsqTTdTgkNiqV+f7IRr2+4yip5o4Ez6YZCSSjeUHN9AJ
DqVhO3Ar7/vVcq0eFVvUTWVuQD+52sNvCeWh9Skayar2Yw51+gAlh4UGJTR+21jp
cnOk4+FT6VOCN/4nmJ9NkwZCCEmj76ygnJ1Ldovc9S8ijf/K103axwweXK9jU3FT
AgMBAAGjggFWMIIBUjBtBggrBgEFBQcBAQRhMF8wLgYIKwYBBQUHMAKGImh0dHA6
Ly9zdWItY2Eua2lsbDAubmV0L3N1Yi1jYS5jcnQwLQYIKwYBBQUHMAGGIWh0dHA6
Ly9vY3NwLnN1Yi1jYS5raWxsMC5uZXQ6OTA4MTAfBgNVHSMEGDAWgBSThtPAfR0F
GyRrzaVVpnRPYVvpJTAMBgNVHRMBAf8EAjAAMDMGA1UdHwQsMCowKKAmoCSGImh0
dHA6Ly9zdWItY2Eua2lsbDAubmV0L3N1Yi1jYS5jcmwwHQYDVR0lBBYwFAYIKwYB
BQUHAwIGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQUvXkDkHzz
QVyDDrfckIPVGVmKjGgwLwYDVR0RBCgwJoIPanVtcDAua2lsbDAubmV0ghN2cG4t
anVtcDAua2lsbDAubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQBNhV+pSeuYyo7bL4KU
4u4Q5tqfnqAz67skUhL+T3D5unA3WLg/SlUYUM1qfPolej4J+sFf6HWJrsXeayhR
kcork3NlHTjxB9G3aVvG63FJHr0zB9t5whnyepGsmF8lxwK47pXz9CCYEKcsSByD
eSBiibCqBaxj4N72yFIuIq5QN4AkXUM+WzIVlC98OqKB/IDtzcTRTBmWmIJIWHuC
hr3Emz8s1RNhpsLBlfP2CqsI+RXxGYNS+6VEGnNLRdm+oqa/jTdTyuPQ6TMmNOfx
b9JYr41j7Ps0451NzSyWoyxYc8sg58X/t3cPmsx4mgW4qlo9q72kkkKAkiO600C6
pKKcyFVj4i8VakrUOGRf/jWB76X08ub67pShXYW3ItqPP39zZJ6KvFYCOldVyltJ
/yP18KtFOnkPJ2VxZD+O3MlHA1RILhach3gCICS/VSaJHuPs4dFaiQrc9MxTkzt0
QikPvNgkprOIj1BU+VtBIM5eInyfFDVM+hRvp7zOoPQRUqwCn6iBkcgYhTD/cgPh
45BsmsOC5Z9NfNlpEzE0u6ObZFcwAp9fg9mPeU/wbW1M8JgcWXjGN37D6gT6cVGk
oKUidap16UL6NLgFlIcMSZcfMM0oI2JZyaOCLGvdKmZibpx237SrAnFLYXBJx9Ny
cjkBmYeslLjtUPqu9OrqjuiiLw==
-----END CERTIFICATE-----
subject=C = US, O = chill9, CN = chill9 Sub CA
issuer=C = US, O = chill9, CN = chill9 Root CA
notBefore=May 17 01:19:29 2020 GMT
notAfter=May 15 01:19:29 2030 GMT
-----BEGIN CERTIFICATE-----
MIIGnjCCBIagAwIBAgIQdRhWyOcUQ+uIEypQfJLvqjANBgkqhkiG9w0BAQsFADA3
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
Um9vdCBDQTAeFw0yMDA1MTcwMTE5MjlaFw0zMDA1MTUwMTE5MjlaMDYxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFjAUBgNVBAMMDWNoaWxsOSBTdWIgQ0Ew
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsP549Xs/Dzfw3HHGhDlIT
dFun9cqsCmyaXJSMOFZqZSyGJg4WASJRW797lnQlsOfLk7x8fR7I1CkWF9x3KDVi
A9MvJTlFgdYGF27LNGP7zo3ZNB99oA+NtHhoIhclprzT4qmHSk6tz31uJV42jNBH
km3m4wqH3NlqOqWbkw8nC9yF0/qCz1UyG/wSIQr3UpN5c96WWE3Bt6rKW7vEZ//i
t4nDzRV+pttv5O/L5DQdhG01NKD0XxH0q8SocdTPIsDO0ZUQwVFYcxJYB0pPab8V
Uk4+bzb8hN+mO2vyO5DK01efiNVfMZ7NDxQXvU6cMs4c+S/BtC9PWO0hR0hJm/hw
vg1RdhyfOVATVfviiEG8YQdl8sIHk3qYGdGJyrZHIOlssgnKdeGlLHbYXtHPFAk/
gvZMtR2t0VKXVQR03Yz5llF9okKCAbmHmntLFcM5hHJxEl0phqbLLcBh+130Qb7q
K/CRSHnPfzL04KW9cw5b0cNOn728M5Fj2Q8IQvY5m0NYDbaZf0qF34OyixtGIE8n
dJupLDSp6KkHlrIfedpgNwi16y5cy4Uw/aTCGcIO/WZZO6Q59R+xlobw8VQc4V/i
pqSiQK0wEuDtq9uw7r+GV9BDoxfmbHygeKFV+Ee9UXQ/FMPhItSQTMlFhrci6U75
e+iOnmh3AkldPZ3Z6TpfsQIDAQABo4IBpTCCAaEwcAYIKwYBBQUHAQEEZDBiMDAG
CCsGAQUFBzAChiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQvcm9vdC1jYS5jcnQw
LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3QtY2Eua2lsbDAubmV0OjkwODAw
HwYDVR0jBBgwFoAUcUb1TFf68x7gTS4RnYurKV2YeRswEgYDVR0TAQH/BAgwBgEB
/wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQv
cm9vdC1jYS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1Ud
DwEB/wQEAwIBBjBzBgNVHR4EbDBqoDYwC4IJa2lsbDAubmV0MAuCCWtpbGwwLmNv
bTAMggpjaGlsbDkubmV0MAyCCmNoaWxsOS5jb22hMDAKhwgAAAAAAAAAADAihyAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdBgNVHQ4EFgQUk4bTwH0d
BRska82lVaZ0T2Fb6SUwDQYJKoZIhvcNAQELBQADggIBAENgGWgn3geR6Ciz9YsE
x4594ew+JJ9uiiPoHSUxw95NuVa2WpB1/UZoL93lm3sEqqzR6FYEeP5JWuvlrw4Q
TJpzXBo/0Ik5BX2eTcW1HlhXxHV0HnzjKd8eldxDsY78ve46d9DfHLYk4zdn7OVj
TLVokJvbL9jEIOfH2OJu8Ow+5jNmKQzmv4aNmG9RHoqDkgBmRgbrWJkhZ9xVqSb4
jKBDsNovLkkW2Xm0RxJVc9B3sE15aDq06UeT1BfCXL7xH1ABjX5tV4LegJUsaTlU
EMOyXYdxoEnqKw/f7Qns/lsq6Gzbx+RDXnShBPsrJX/TTcqc/KETu1z6zwxnb4PO
uwK1VHUcOB27hA6STfe9HqiJwdSSQG1aFmk+nCN0IqeC7oXS8z27Lbjzx182osAZ
F7oLtdctWav9sAo03M3MLapdgzM66weNzdfw7z6vsxE6qxB+4U95IplVAaWCqFfr
USrr4BmYi6yD9xbGT8f0diQ7DsA0ki8QPpZD6bzlUoO5pZ+qv49wFh+1wb4gjEYi
ReBLvIHjVYL1GPSR1vrCzP+/i0Rhc+8sHgC2lpuUj4E2swBBuHhUsgSpaCcvV5ID
qCBR4ak3EYuWzKYJCakhauIW8G7QDhO1XuPKqOk93qRpwZveUFMQjDa2xDEElxZJ
utoYQ7uVeeWbAD+clJpc2kky
-----END CERTIFICATE-----
ca.pem: |
subject=C = US, O = chill9, CN = chill9 Sub CA
issuer=C = US, O = chill9, CN = chill9 Root CA
notBefore=May 17 01:19:29 2020 GMT
notAfter=May 15 01:19:29 2030 GMT
-----BEGIN CERTIFICATE-----
MIIGnjCCBIagAwIBAgIQdRhWyOcUQ+uIEypQfJLvqjANBgkqhkiG9w0BAQsFADA3
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
Um9vdCBDQTAeFw0yMDA1MTcwMTE5MjlaFw0zMDA1MTUwMTE5MjlaMDYxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFjAUBgNVBAMMDWNoaWxsOSBTdWIgQ0Ew
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsP549Xs/Dzfw3HHGhDlIT
dFun9cqsCmyaXJSMOFZqZSyGJg4WASJRW797lnQlsOfLk7x8fR7I1CkWF9x3KDVi
A9MvJTlFgdYGF27LNGP7zo3ZNB99oA+NtHhoIhclprzT4qmHSk6tz31uJV42jNBH
km3m4wqH3NlqOqWbkw8nC9yF0/qCz1UyG/wSIQr3UpN5c96WWE3Bt6rKW7vEZ//i
t4nDzRV+pttv5O/L5DQdhG01NKD0XxH0q8SocdTPIsDO0ZUQwVFYcxJYB0pPab8V
Uk4+bzb8hN+mO2vyO5DK01efiNVfMZ7NDxQXvU6cMs4c+S/BtC9PWO0hR0hJm/hw
vg1RdhyfOVATVfviiEG8YQdl8sIHk3qYGdGJyrZHIOlssgnKdeGlLHbYXtHPFAk/
gvZMtR2t0VKXVQR03Yz5llF9okKCAbmHmntLFcM5hHJxEl0phqbLLcBh+130Qb7q
K/CRSHnPfzL04KW9cw5b0cNOn728M5Fj2Q8IQvY5m0NYDbaZf0qF34OyixtGIE8n
dJupLDSp6KkHlrIfedpgNwi16y5cy4Uw/aTCGcIO/WZZO6Q59R+xlobw8VQc4V/i
pqSiQK0wEuDtq9uw7r+GV9BDoxfmbHygeKFV+Ee9UXQ/FMPhItSQTMlFhrci6U75
e+iOnmh3AkldPZ3Z6TpfsQIDAQABo4IBpTCCAaEwcAYIKwYBBQUHAQEEZDBiMDAG
CCsGAQUFBzAChiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQvcm9vdC1jYS5jcnQw
LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3QtY2Eua2lsbDAubmV0OjkwODAw
HwYDVR0jBBgwFoAUcUb1TFf68x7gTS4RnYurKV2YeRswEgYDVR0TAQH/BAgwBgEB
/wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQv
cm9vdC1jYS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1Ud
DwEB/wQEAwIBBjBzBgNVHR4EbDBqoDYwC4IJa2lsbDAubmV0MAuCCWtpbGwwLmNv
bTAMggpjaGlsbDkubmV0MAyCCmNoaWxsOS5jb22hMDAKhwgAAAAAAAAAADAihyAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdBgNVHQ4EFgQUk4bTwH0d
BRska82lVaZ0T2Fb6SUwDQYJKoZIhvcNAQELBQADggIBAENgGWgn3geR6Ciz9YsE
x4594ew+JJ9uiiPoHSUxw95NuVa2WpB1/UZoL93lm3sEqqzR6FYEeP5JWuvlrw4Q
TJpzXBo/0Ik5BX2eTcW1HlhXxHV0HnzjKd8eldxDsY78ve46d9DfHLYk4zdn7OVj
TLVokJvbL9jEIOfH2OJu8Ow+5jNmKQzmv4aNmG9RHoqDkgBmRgbrWJkhZ9xVqSb4
jKBDsNovLkkW2Xm0RxJVc9B3sE15aDq06UeT1BfCXL7xH1ABjX5tV4LegJUsaTlU
EMOyXYdxoEnqKw/f7Qns/lsq6Gzbx+RDXnShBPsrJX/TTcqc/KETu1z6zwxnb4PO
uwK1VHUcOB27hA6STfe9HqiJwdSSQG1aFmk+nCN0IqeC7oXS8z27Lbjzx182osAZ
F7oLtdctWav9sAo03M3MLapdgzM66weNzdfw7z6vsxE6qxB+4U95IplVAaWCqFfr
USrr4BmYi6yD9xbGT8f0diQ7DsA0ki8QPpZD6bzlUoO5pZ+qv49wFh+1wb4gjEYi
ReBLvIHjVYL1GPSR1vrCzP+/i0Rhc+8sHgC2lpuUj4E2swBBuHhUsgSpaCcvV5ID
qCBR4ak3EYuWzKYJCakhauIW8G7QDhO1XuPKqOk93qRpwZveUFMQjDa2xDEElxZJ
utoYQ7uVeeWbAD+clJpc2kky
-----END CERTIFICATE-----
subject=C = US, O = chill9, CN = chill9 Root CA
issuer=C = US, O = chill9, CN = chill9 Root CA
notBefore=May 16 17:36:20 2020 GMT
notAfter=May 14 17:36:20 2030 GMT
-----BEGIN CERTIFICATE-----
MIIFOjCCAyKgAwIBAgIQdRhWyOcUQ+uIEypQfJLvqTANBgkqhkiG9w0BAQsFADA3
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
Um9vdCBDQTAeFw0yMDA1MTYxNzM2MjBaFw0zMDA1MTQxNzM2MjBaMDcxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFzAVBgNVBAMMDmNoaWxsOSBSb290IENB
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAswTensn+vA45WGRp3o/5
LX+wh6PTHAGNluLaZRyUNOg+EunnXAvMBF912D587wLAiC1G9FGOn+8JVws2QITX
+U8Y8L2vhnfGQNCQYvqBfJc5PJt3ZZ35to5tdTRJTeVhNWzIA7qOZh8ualFbCDYd
m6K74SlfEbvKzS02pYWN6wCVXtGOPl7VoOtjg8cOUX6u1pZpBKQfzq3lgLS2oMp0
VuBJeUMiki/O8nCC10VCXcZ9q4bsUvWH9lJB/IqlKt+bG9TjO+vigb9eOSfaILkM
d7NMziP5OQXMjv6NwmJQY7N5TiKWdh9h4G3KS41dr2Oeo+A1FcMEP9nkZb1lX3Ft
9Xzw8jJ99SD36mCEiqndvKA66/pcgMCvPAkkDwoSS+Er4LPcNmY2TVN+mIaF1OaS
Dc1EAXUfjnX8mZlclS/AfCg8TIPCc8o6Neg3DECT2j+IC9bgeoLqZLIuzzLNFrG5
aPNhG+24phHqdZvAkdhHWeEh1GS5uMutvV02hF5MrZLz8ou+56feFpUmeuPzQAfR
0Xbz0ot2JdETmcCTcmZBQ+9oP5DIszJt85wCHJ5S5FewUzsXJs1MQue3NLSM5FBS
hhOq+w6Pp64aaGKKyPi1GeZ1m31sM6w1yFVTQsqqy28GSjd/fQu55ESQ1sM0UhIo
DCUBbNPxycJGh9Ivxii1RqMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHFG9UxX+vMe4E0uEZ2LqyldmHkbMA0GCSqG
SIb3DQEBCwUAA4ICAQCC1jksFZp38JTGFIrNJJ6PgI6xXigtD2Z3KstS1cAIJi/P
/3NPu8iTgoyhNiq7a20tojPJGPlumezy3R5twA16UCq8guGFVEEEkJX+wOM0T4p0
jwtcMOeA6GchzS3+u74kk8oIvvw41K5gU2VU/W2axxnejt/HQMAYaMsD/zcNPXrP
oHAgEP5i7G7fX0FXqERnLU9lgbtTTTuszBnZHIdaUKSoK0Oji46y15pEdhxkVB6t
/BiNPAYM1Pc/Hi366eb6yuY8eJCK94QMQBvYpIjNwThAKclFh8n62KF6gXqj7Hcu
UQr1Z55KOuAlAM7fIBsqL4G2Ihs8yBeJe4YZrkdBqBzpJwOYNj7IsUnxgXYQpkVQ
u5coTbrB8w4Mw8ak+L2McMAYhG5FIndy9GAFEEanrmyiHJW96MHqTD1xY9TyvdN/
Kt/lsYt0W/y6jknv7hU9uP4X/xkZk8z1D+m4jZHRQpnUPL1eSOUPSJ0t+68GQUVJ
NJFmTx/qv1/9lXNy40jecX6sO4ZPLoQydMjwRmSerxki7MP4gxGNuBEpOvoj+ABM
MBlD7BhUn5++BZQOLUU+JYr5kNi0WmFFN1v2SpoMyDydTgA+cJsS/TiOeMrY9Szs
ZEFa3PSiA1fP03SRKC9tqjc7d6vQU0fE93wzcUCgyyf5mln6NV7cxOfDJNO8gA==
-----END CERTIFICATE-----
openvpn_ccd:
server:
fw0:
ifconfig-push: 10.8.0.16 10.8.0.1
iroute:
- 172.16.0.0 255.255.0.0
- 192.168.255.0 255.255.255.0
mine0:
ifconfig-push: 10.8.0.17 10.8.0.1
push:
- route 172.16.0.0 255.255.0.0
"Ryan Cavicchioni":
ifconfig-push: 10.8.0.200 10.8.0.1
firewall_teleport_node_enabled: false
firewall_teleport_proxy_enabled: false
firewall_teleport_auth_enabled: false
teleport_service_state: stopped
teleport_service_enabled: true
teleport_roles: [ auth, node, proxy ]
teleport_config:
auth_service:
cluster_name: main
enabled: true
tokens:
- "node:{{ vault_teleport_static_token }}"
- "trusted_cluster:{{ vault_teleport_trusted_cluster_static_token }}"
teleport:
auth_token: "{{ vault_teleport_static_token }}"
ca_pin: sha256:4ef484a5949aadedf983bc1f1d43f6f31356ca37f9608267424ddc0d9b68e010
auth_servers:
- "jump0.kill0.net:3025"
proxy_service:
enabled: "yes"
https_key_file: /etc/letsencrypt/live/jump0.kill0.net/privkey.pem
https_cert_file: /etc/letsencrypt/live/jump0.kill0.net/fullchain.pem
wireguard_iptables:
wg0:
input: true
wg1:
forward: true
nat:
source: 192.168.255.0/24
out_iface: eth0
dns: true
wireguard_peers:
wg0:
- comment: mine0.kill0.net
public_key: Cm9yZNczjghAh4hV4fSvy3rsmuLsQFZk+ET5CoWxVnI=
#endpoint: "{{ lookup('dig', 'mine0.kill0.net./A') }}:{{ wireguard_port }}"
endpoint: "mine0.kill0.net:{{ wireguard_port }}"
allowed_ips: "{{ hostvars['mine0.kill0.net'].wireguard_interfaces.wg0.address }}"
- comment: vpn-home.kill0.net
public_key: j5AgKWcXx8we7QVkt6//oQWsGfXj+5IJKt9mx0EpTW0=
endpoint: "vpn-home.kill0.net:{{ wireguard_port }}"
allowed_ips: 172.16.0.0/16, 10.255.0.2/32
wg1:
- comment: pixel-2
public_key: GzQOU0x1POvkY4+6smBGkE/B1XytoVxIJa6zGX8j6Bc=
allowed_ips:
- 192.168.255.16/32
- 2600:3c00:e000:343::10/128
- comment: work laptop
public_key: TRT1SRQd3mFJDJK9tdglqsydXJmkzyrNdUOm4nr7M3k=
allowed_ips:
- 192.168.255.17/32
- 2600:3c00:e000:343::11/128
- comment: home workstation
public_key: ISvgu8zZWjmKyKrJi2mbqoJg2mrvIjPbQRs0Sp+dLzc=
allowed_ips:
- 192.168.255.18/32
- 2600:3c00:e000:343::12/128
- comment: rick
public_key: oFJcRhs7tQ4vPHTjbKwwWirpjx9T9ng7PFj3+iAVYWo=
allowed_ips:
- 192.168.255.32/32
- 2600:3c00:e000:343::20/128
unbound_interfaces:
- 127.0.0.1
- 192.168.255.1
- ::1
- 2600:3c00:e000:343::1
unbound_access_control:
- 127.0.0.1 allow
- 192.168.255.0/24 allow
- ::1 allow
- 2600:3c00:e000:343::/64 allow

223
group_vars/jump_servers/vault.yaml Normal file
View File

@ -0,0 +1,223 @@
$ANSIBLE_VAULT;1.1;AES256
36396137393836323465386631643461656431316666376562623633383965393863383866663764
3664343734343065343236303365373962333162306564620a623362326163393766343735653061
64393932383066323264636530613036353637343231666439346234663430326366396532663765
3536663666643838360a316462376363613562373965653536333763386635343362393938386331
39663266616365383166393232646530656135373234646166393365343233666635393430313136
66616361636638323430343334643230623331623334343162333335353265333436326239626664
30623039333737383531663738616337396136353836383537343337316565623562393235303566
63656234663765313062666435313431633861646137313330386633383062656335336639633631
31386561376365623634666231643134663230643736376662356361313464666638363961366437
61323033386661356561653961623333353637613439666437333164643532343863333434613061
63646432396333303965663730623061333065653432326136333337633862393339363130373138
36366163316635383336316537393761633962336138643139386638373134313635336666303765
62316531336165323965343232636339313462633536623139303865663862376364363261363865
31353064646338646662386639343462386639393162363334363937363337613963313135663365
66343365363232623564613035303139663937356430336537346564643134313763393462323638
30616462363661623466663162333834323937623335316261646533316137613564316532653165
33343133376538643961656364656666346533316336626464663939313137643461303232666162
32353131353864373738396335613763366639633837653636386139393862616364613265313935
62353134303733393836666337393530643465343333373230346133396163623332336131323730
39383264303935343763343033303864316433613334633137333031626563393233663932376434
66303638643232376633636331613234316339666630393534333136306639616662613361663031
31316630323338383061346333633063393261353463623039633063633132623730303161663531
65353030303763336639636265663333333639306432306662386232303439626235663433376437
37336461376662663035373336663937333132383964396561626337626632303064656365313633
61663630316163323163383436636636313333353437646330346532656236626562663332323636
65303430663133363464323262313531376531303739613364336262393965376533343136323034
65376461326362313732323730353137663036393835333939353962643338326162306163626536
37316262623265633363356435316632653466636137303131303664636433376236613237376339
36616639643232356330393134333364303137633736633764346233636330386232316566366435
30613261613936343738303763623966653936323661383164613933333633653339363535306138
32326466306634633965666466393435656432336163663130666266363230653730396665623531
36643364306537306663303537333063363565386337663061623661343838303638393965373165
38613939613061376161626163336164656237356164303562376137633135613738386331323262
30373539633630646339323930373737346136633465616535643439643134306430653062383664
61313138376138373961376561303162616438663263653561363339396132393834373566663436
62356331323465616134656237356434633830666231646434363664623139373737393830616338
36353066613464353739336462623966356330653534366332663735663937306462393233383939
36363066633563393463303363653631646464323937613234333835306139373462366661643961
30316462636638353531336266633061663933316266303335623837376239633835663265336338
39313334396565653262613736616536646461656438373839316337363963663135353261353133
32373366366236353663393065306338373961636432353533386436666532313637306433373236
38383037663037643763383465313862336334326637346338383235663061316232613365656266
31616136373135323039313633373538353761663439323839313365313462663063373339623530
61313731303861333631613464343232303763316462643935626366346130366531313631626630
39636630663866336161623835666261366337376239653139613230616231353636616266663238
31653466363530346262326630353661366635616162313733323032633736653362306665363565
31653731343465373736646338383830393735643736646266323965356336393939366537386566
35613561333834653834626233396133323337303439643432373931616237613439343665343061
39666661353532326435373332393739356636636433623163383337663165613834393864303533
32356336366336353261653235663666633335626331663964636263656136366232373838613962
37393464376137663630333334363234393464313062353366656435646633653265616265383535
61333061303633623065666366643037333139356465343932376664333163623532626331336139
33373732613264636331623964393336383665613264343131613138386362386362343539346234
30336237356436623262393139363538306530356530353237666339386565613931303131666262
30363866393061663437633532356238383530363066623862393531366530613731393137343434
33386434613632383066636638356161323837653630363830336233653830343261303933616565
65313334633838663264623032656131646331613539666436343334663061313837353030626161
63303362666662356235343065373231646334656565316564626234363431346664373036303333
39343363346365323237356365323062313630323736323737643432353262366534653131313033
63383638333334333361383461626361333766343861653538343562326366623332626131613136
62643537636233383263656564306430386333346432353434623433373638366536393438333434
37656539303736633938316462366230613131633936363034386639623330653535326264333861
35616537623461316662636166613530373963316236393938363932616566333430613366626363
66383139323565353830303466356233353066316663653732303534383765346636653132363130
32303563353232616537613966663836623832383335646331616364353336313363313234323362
66616136636533346339363563623734623239626230636565623338363861393338613337623530
64626363343533303333626234326666623136333332323532383662663635633538313433303835
34623134386631376639623639313164393033616664346338633033656630623436633130373665
38356635396238613633333738326233663933666562356630613063303230353462653264393531
31303736633030663761376134366631646130363139623465653661366335363830633566333237
33376631343334376435386135653330343832353339313931323434303265343361336231643638
66623539313162643337353432393865626538633265633363353830306663393233333962313636
33333565356536376464653131376633353363316663336563323230326537613165353134366365
61363030326334656139353938613531643864316434383266353633373735326562306239323961
37336638663837333738313230316236346262326135346536343331356234313130353661383464
35376236346366373363326138383430323132626663303138353938383263643665393839363162
31366166613037383166313264373035663066336138623535313035303533613132613436313136
66393764333732356333363462333366346363613262316130636235353361313731383839653563
63383134643262636262666237356233393430336163613135623264633336396139646231363562
34393031663961643562396234666437356665356331633834396637336264653265353065306233
30393461313663313564373236663362353435393535306465353136613730333866636639633161
30666566393266616134636264366666356438616632336661393639366635356262653832353633
32623466303835633065613936373063626432326463336163303838613836646332643035653933
63363630663161373039653330633631643638313036633537323364373739363736656231636535
35396466373666353361366535366334313538313639663131336662386166316162326331373838
34386232653930383133613164393435346661643466343762343463376537633036393366656164
34366465613839623533363235343737333565326165633634386230323938646166643737333261
64333139663463666432346461613033616539643463323263343563303361373539303834353434
61306635323463383238633738303830646263663036396566336534623237636234303566643533
39663462663063386137326630353164633561653936343665326665306665326238303230346436
31633138303236666362306162663036386334623339656565353730643630396263363738306139
64323230616164303638643263396432646438356534313433633536656432333738303038323266
31643965383036326134653030333932323231313363336263656534303839346631636230323032
61303033383932626238353466353631326633633565343065306561396636393835373966383032
61363061653662373731313862326461373133343930393963343062623663633033323865323565
62633736623365613631326464373662393861663737623836666532353339363232363630333662
65333265386561336337353838353238316466336162393738623034376339653864393733643837
38313763656431323261366634386331366262653838613036646633326464383565353136356566
32313131313466613266643435663933646132646339353239343535363333393535346565383331
32326566383337323662663438316639366139386433316639633463333661396337393837646435
66313637653939626536326332306139393438333137323532316130636439313066383633396335
38373062353930623661306339653234336135396233383965303861363535616633366666656562
37336331316534656465613536313364346633393066323839393833393864363234356330663264
65336263613861383837373533646430666539316638323966623761373633666437306432386235
66353531303533323662613565363065356236383939623237363835616262326536373962343538
30316631656465313264393932626232346637356531336536613561383434663934643432613164
33313833613532613365393637323262346437343933353138623765626665656663306263393862
39303865316537643063363665626465356631653534393462353830653931636563653333323733
31343864333630366566613731366333323631313337636236653662613832626464626333363537
33303762363332306266323538323366383863383033616563376231303937316163396638663162
64386664313863636535366331646238626437353664313731346633353738343733626263666230
30616161333061393061366430656330613737333133656637656664316265616365313436373939
65653564326165303761326236343436326363383538613734303539363363316135653630666138
38663333323863363163353838653765353937313166316230323961376136326438653866346665
34306561356536663363666162643362316139313438323632366136366461663230613563613434
37333838663239356236343731313430363232623633626364336664613839393036393566656366
61616332666262336231363262333832613937313330373231383830343130323966333261353661
34633661363731613430393262373839333863393730613730323866623837363936333039383535
36353763313565633037393032386135376537343430363535376238376131653935366434346431
33353338323935613638306234353963653438323031643735613035613335393834343961373037
37653131333336353230636136633431333463316137333636363338333230656131346633326162
33303635613033333730663162623965343230303533393065306539666439656361306634646662
38616234326637393364303731303566363661633462393836633237353139616634373933356462
66303864333133643238313061386538313430636231653265336463633437396134626238386365
38646135363764373837376534386132616139396238373765316633336135396462646230396233
38393432373736343236646364313037633032666631313462356164656465333837383037353038
39343962646236363633323465636638656266323966393635373163323330613937656266326636
64633666323061623266643939366630396237643731343531623031663363663963376336316334
31323836366665386336313139613836353764343066633231306433363538393438366162376537
38306436346662336262623832323964663138383262393262396366656465343731373135663562
63316230366236376238346639613034656662623166306536303031313930343938363363626333
35353837326134646535626164663762306431306464323230663763616465636435643064393830
65663439343166376163346137666431653731313738623630623263643133353439363730623230
34303265383164623530366334343066316361313533323831343833623634326661366532313265
64333034636663383437666238346434313761366262626231666163373433343230623662653762
37363234623932636536356565313062633131313334623364333262336561616334643534316666
38623032376432616339343939646638303630326235316163363530326238306335656630336462
36313234643064333737613661393164306263353438666334646164346430333665396665386436
32643136323431303063306135363131373966343666616163326466656233386532383930343764
34313536643663623031326236663866396165656539313461313933343035306336643631363261
65333934333231373435376134643237343237636230386465663832363665333334316663303761
32616133386637303437376639316261643938383563636433633035353138343137623838313466
65643835643562303234373137323037643165393738366262633638323939653233666163646630
31613863393832336663326266306430663864323031383161663762636535636238363663343066
38306533663931623537363964323733666563663765656331306236353436646566343766313039
37646334643839326531326132633433653030376437373734643038653732346335653161323932
36616533346437373665636166313337353136616466383237396266373131353136313535323666
63373034613961643531643936633566383231336166323762316539373334323134636332383232
36383336656538386631393665336661393432373339323432636565613963656232623034656635
63376161306631326632636232653831643636396365303762323661366166353539343939313561
39616233643564656538303764366365326338303436303261656433313766373766383638333634
66346464623565366530663163666339333636363463336564393034373564633565623535646136
37613133346565363230653666356631343037636638343832663866613461333061313464373736
37323563663634373931396232626436626533323566323463346535353362333262633764366664
30373337666366313866656362613562656239653565613035323936383861663931616266313637
31636631326630393834346237613965396534323366313039643566343133363537393632663264
66366265623962353164336463373031323262323936383163613834643433616333306661613430
62366464353464326636656234336433656633376636366139343338373161303965333637626661
30336337343936356131303237393264363232653033363163363036376163336639353961343563
35346336666335636266373861626465633733613032393438616434313735316132313665663635
34326438316632346666636265633035383336336462656331353737623066313765373366396636
37383366303764386566316261316232663163616234663966396665313138303839646262306338
63363365333735626165373735333631363761663735356635386139393739313764623531326561
61663936363437376261613266633163326366333730323063633436643037663631303537656363
66633334623064643239336439613735333431363631333435373532316230623065316332336438
37346336366466366335653562646265613033656466306632646566626666323337353336366366
62346163383439363933633763376639386132313333616261346234343439653533333462663436
65353165313865313635383538633432613565343136383665303064636434313135383236636436
30626538303437623837343663396464666232393139656335613739356165616136316263323337
38386537326132386264363066333730653863353430643633656533663262613963633231383533
65623032356131313936623931333234303532626533316636633763393631313139326562616530
37343965373835393564613630373632666437393738666633636536366135316336333565336538
61636635633861353561353063666433343837313733653837653239393061313732373930323339
33653965346230616336323766363434643030633166313562366561363963396663626239343834
34663933373832666635643961613461643331346564323431343365343439626135613638343866
65333732653366343032373833623566613865323539666463623163623937343338386632646330
34393865333864343666376265353062383966653839316263376434636531366561316433373835
63343264383465336439356565313130373736376532376538336533323134666565346261353435
62343534313866343331346439303164633539336537613130353364353430323361383938323137
38353862663730343234333566643936356562383632313238303166646438646435623765373362
66323339656466653235346661353266383339616364613562656233653935653739323262353661
35356338363035373066323238323364336438643839313435313163383935316163396335303231
36303133636539316661396664376639653265376266366432326633323734313165356537656337
61633835303735366332336134613733336534646531393265633437373862316262663066393262
61646663363239633430363165346534386639383562316161363532396266613837346230323663
33623539633637666362346332323833316165643436353332363038343436666536336461636130
37383839393866386139343565373164626639326530666662323230373030333938393531326435
61306436623362373363623135336139343162393236326463666664323465646436366561323331
30396663643765396234346265353831623634343963393234306532613336353732373630363830
31613561353464306363316136383463396361353933313239643732353335656232636230323539
64316163316461666564353637626532363966313332353362383936643661363066353734666631
62363562613362333436313534326135393665663930376535646562646635326236363163626632
31376334336265323737326138373532323363393937303635373663653862393730646532616637
34643235636165343063633836623936666564313566303861356332636130393635353438613637
64303430653061356533373235336661363139643537633337386164303236613934313566643431
65393664333233326565653634656566393738366566613137383436366638656561376135626364
38303633343737633464356134616331366266613164386439346338373036666337386632376638
62316566646539633961353865636165313966663339336436316165323966326561363166613134
32373764333839313338353162326363373430393031333038646631333836323237643537376462
33623836396536343335333665366561363737333864363963383836353234633739626466316561
63346638316365363364316530656563343537326534353137396433646333626666313735366331
31373465303032306636373437393366316639393065336336306130346234313038316539353037
36333164306566313539633464373132643234306335633361386637393231306566333832386566
35356661633535306531623961346635613730653566663536393234373839613961626632313837
62363062346534623961373266363561326666316161643366386133323163636532363437623266
38646464366463353162376635313764353338616439633566633862636238643265663465396161
65333238623833346631653264336430656539623561353135353363326139323234376333346436
31633365613730663133656532653937373334386335643138663666626230343339663232656336
36613931623233303164646630363966353730643531356130643265363332386333313132343433
37653233336337373533313839393365623532376439656537326439663864326639636462613830
38323832333865613139336632363534616639313566303131326339353934396534336261333839
63303730363732613037386265663132326264613435666138633639303761623361623836616163
62663263376231383036663062376333656362303666383962333762653066396339393231636533
37386538636635366463663434653564656664316230653836646639333736316434356339393435
39656564333330393436336135656262363862353263613664643063633365336161366664353765
36356232613234386265396436346130353763636538346636663234633237663133323066316563
31636237643538376632663462626363386234306334303062343530306161306265633031366161
63393830656333633864376335623231653230396635616331666236666661643330356135343931
35356335323332346361666538343065643565333133393137323536363438326563313531336336
39613330653331356436326437653936386531663037336539643165316131663435363766326435
37316466666166303262383265653833633437313732363632636235363037326561353032623134
6239663434363939386230356530333036656637303161626465

33
group_vars/linode.yaml Normal file
View File

@ -0,0 +1,33 @@
---
#dns_servers:
# - 173.255.199.5
# - 66.228.53.5
# - 96.126.122.5
# - 96.126.124.5
# - 96.126.127.5
# - 198.58.107.5
# - 198.58.111.5
# - 23.239.24.5
# - 72.14.179.5
# - 72.14.188.5
# - 2600:3c00::5
# - 2600:3c00::6
# - 2600:3c00::7
# - 2600:3c00::8
# - 2600:3c00::9
# - 2600:3c00::b
# - 2600:3c00::c
dns_servers:
- 127.0.0.1
- ::1
timezone: Etc/UTC
#vm_guest_qemu_agent_package_state: absent
vm_guest_qemu_agent_service_state: stopped
vm_guest_qemu_agent_service_enabled: false
#vm_guest_spice_agent_package_state: absent
vm_guest_spice_agent_service_state: stopped
vm_guest_spice_agent_service_enabled: false

142
group_vars/minecraft_servers/main.yaml Normal file
View File

@ -0,0 +1,142 @@
---
node_exporter_machine_roles:
- minecraft
firewall_allowed_tcp_ports:
- 25565
- 8123
firewall_minecraft_enabled: true
minecraft_worlds:
- name: vanilla
- name: skyblock
port: 25566
state: stopped
enabled: no
minecraft_ops:
- uuid: ce962d5b-590a-46b8-8372-f3254ca52a57
name: chill9
level: 4
bypassesPlayerLimit: true
- uuid: cfb8c434-98da-460a-91e5-2321fa8bdc5e
name: totums
level: 3
bypassesPlayerLimit: true
minecraft_whitelist:
- uuid: ce962d5b-590a-46b8-8372-f3254ca52a57
name: rcavicchioni
- uuid: cfb8c434-98da-460a-91e5-2321fa8bdc5e
name: totums
- uuid: 70f36187-6e2e-4c24-9dd6-1addc477760a
name: Vandic
#firewall_ipset_bogons: []
users_authorized_keys:
- name: ryan
keys: "{{ user_authorized_keys_hash['ryan'] }}"
- name: root
keys: "{{ user_authorized_keys_hash['ryan'] }}"
rclone_config:
- name: mine0-b2
type: b2
account: "{{ vault_rclone_minecraft_b2_account }}"
key: "{{ vault_rclone_minecraft_b2_key }}"
rclone_cron:
- name: minecraft-rclone
hour: 10
minute: 0
job: "rclone --config {{ rclone_config_path }}/mine0-b2.conf copy --skip-links {{ minecraft_backup_path }} mine0-b2:kill0-minecraft-backup"
state: absent
restic_jobs:
- name: system
repo: b2
paths:
- /
exclude:
- /opt/minecraft
- /var/opt/minecraft
- /var/opt/craftbukkit
- name: minecraft
repo: b2
paths:
- /var/opt/minecraft
hooks:
- minecraft.sh
cron:
hour: 11
minute: 0
- name: craftbukkit
repo: b2
paths:
- /var/opt/craftbukkit
hooks:
- craftbukkit.sh
cron:
hour: 11
minute: 0
state: absent
minecraft_discord_config:
webhook_id: "{{ vault_minecraft_discord_webhook_id }}"
webhook_token: "{{ vault_minecraft_discord_webhook_token }}"
craftbukkit_discord_config:
webhook_id: "{{ vault_craftbukkit_discord_webhook_id }}"
webhook_token: "{{ vault_craftbukkit_discord_webhook_token }}"
craftbukkit_port: 25565
craftbukkit_service_state: stopped
craftbukkit_service_enabled: no
minecraft_port: 25566
minecraft_service_state: started
minecraft_service_enabled: yes
telegraf_config_d:
- name: filecount
config:
inputs.filecount:
- directories:
- /var/opt/craftbukkit
- /var/opt/craftbukkit/world
- /var/opt/craftbukkit/world_nether
- /var/opt/craftbukkit/world_the_end
- /var/opt/minecraft
- /var/opt/minecraft/world
- /var/opt/minecraft/world/DIM1
- /var/opt/minecraft/world/DIM-1
- name: craftbukkit
config:
inputs.procstat:
- systemd_unit: craftbukkit.service
- name: ping
config:
inputs.ping:
- urls:
- 10.255.0.1
count: 10
ipv6: false
binary: ping4
minecraft_config:
white-list: true
enforce-whitelist: true
server-port: 25565
motd: chill9's world
node_exporter_du_directories:
- /var/log/syslog
- /var/spool/rsyslog
- /var/opt/minecraft/world
minecraft_java_xms: 2g
minecraft_java_xmx: 2g
# vim:ft=yaml.ansible:

30
group_vars/minecraft_servers/vault.yaml Normal file
View File

@ -0,0 +1,30 @@
$ANSIBLE_VAULT;1.1;AES256
31636365373462663962383861643161353262323632303936643232393865663838663563333834
3462313431356236353765386634396464633864343462330a616231393633326461666535663034
33373639343662396336616239396133626166663838633537303563616532633661363238333331
6463393063323334310a363762336431376238656137373934623661353665336265373630623735
35323230656662313737626438333862653938393133386532353531376161663730313830343136
39643565623339626436313037323630376335623066383136376437386331633166636437393030
31303462623336643437623965643236356163373164346533663263623338353866646437616261
37633164353231353061383739366534643231306465633162353461333536396263393831616637
39303866643661333737333735636465373562306334653533343732656233353661333634663230
35616564303333353866636538343538396137333636383762613739616633353430386564643939
33353133613032336434353038663266376264656336346537363065326430643635636338383432
31326263333863346136373131663666323363343830653366616139393237393537626137363165
33366339396130653463356561646464356264623363663239613833353033383464346134636237
38356261313839623739376563613161313534346434393066356165636464313938353439383762
39623436366262366463326639646337343637303837626636613361613565383464623361316331
39633733663535323336616638336234323531656332373531356435363363656566663034613330
61326565326361393033396130353137313965363539323533396537383734333162346365636138
35623366316565343032646366333962636635613230623331393736363933323965623830323464
31636137623064616534346431333538333231393837313830343962613738363261636364626165
33313939383532623935643363616465613561353866623138366664643064373635386635613538
66356465376432336564303462313435383365663231626361336364633132623039383130663365
33333731356465646332623834663530396536336335343462343738383862633734666436353662
32663366663264623134393536396439633764353937303733393332633135623233653065623761
61323830323662623939386265303263356662643464613363343230636531343537333561646239
64316630393466373066646262653332373038376561363166396436313737386165656563376265
35353563656430616265326261656237383532643261633034363437386637633838333638313534
36623337663330303465353061376136656161373465323131373636613933373838623466313965
36333465386363363437653739323733633032396437376262656133643639653161643335386463
3330

419
group_vars/monitor_servers/main.yaml Normal file
View File

@ -0,0 +1,419 @@
---
node_exporter_machine_roles:
- monitor
- stats
prometheus_web_external_url: https://monitor.kill0.net/prometheus
alertmanager_web_external_url: https://monitor.kill0.net/alertmanager
prometheus_web_route_prefix: /
alertmanager_web_route_prefix: /
prometheus_config:
global:
scrape_interval: 15s
external_labels:
cluster: 1
region: dallas
provider: linode
replica: A
alerting:
alertmanagers:
- static_configs:
- targets:
- localhost:9093
scrape_configs:
- job_name: prometheus
scrape_interval: 5s
static_configs:
- targets:
- localhost:9090
- job_name: alertmanager
scrape_interval: 5s
static_configs:
- targets:
- localhost:9093
- job_name: pushgateway
scrape_interval: 5s
static_configs:
- targets:
- jump0.kill0.net:9091
- job_name: node
scrape_interval: 5s
static_configs:
- targets:
- jump0.kill0.net:9100
- mine0.kill0.net:9100
relabel_configs:
- source_labels: [__address__]
target_label: instance
regex: (.+):\d+
replacement: $1
- job_name: mtail
scrape_interval: 5s
static_configs:
- targets:
- jump0.kill0.net:3903
- mine0.kill0.net:3903
relabel_configs:
- source_labels: [__address__]
target_label: instance
regex: (.+):\d+
replacement: $1
- job_name: blackbox
scrape_interval: 5s
static_configs:
- targets:
- jump0.kill0.net:9115
- mine0.kill0.net:9115
- job_name: blackbox-icmp4
metrics_path: /probe
params:
module:
- icmpv4
static_configs:
- targets:
- dns.google
- vpn-home.kill0.net
- ping-home.kill0.net
- 10.255.0.16
- vpn1-sch.corp.nmi.com
- vpn-chi.ops.nmi.com
- vpn-ash.ops.nmi.com
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115 # The blackbox exporter's real hostname:port.
- job_name: blackbox-icmp6
metrics_path: /probe
params:
module:
- icmpv6
static_configs:
- targets:
- dns.google
- ping-home.kill0.net
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115 # The blackbox exporter's real hostname:port.
- job_name: blackbox-tcp4
metrics_path: /probe
params:
module:
- tcp_connect4
static_configs:
- targets:
- mine0.kill0.net:25565
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115 # The blackbox exporter's real hostname:port.
- job_name: blackbox-tcp6
metrics_path: /probe
params:
module:
- tcp_connect6
static_configs:
- targets:
- mine0.kill0.net:25565
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115 # The blackbox exporter's real hostname:port.
- job_name: blackbox-http
metrics_path: /probe
params:
module:
- http_2xx
static_configs:
- targets:
- https://cavi.cc
- https://git.kill0.net
- https://stats.kill0.net
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115 # The blackbox exporter's real hostname:port.
- job_name: thanos-sidecar
scrape_interval: 5s
static_configs:
- targets:
- "localhost:10902"
- job_name: thanos-query
scrape_interval: 5s
static_configs:
- targets:
- "localhost:10904"
- job_name: thanos-store
scrape_interval: 5s
static_configs:
- targets:
- "localhost:10902"
- job_name: thanos-compact
scrape_interval: 5s
static_configs:
- targets:
- "localhost:10912"
rule_files:
- rules.yaml
prometheus_rules_config:
groups:
- name: alertmanager.rules
rules:
- alert: PrometheusAlertmanagerJobMissing
expr: absent(up{job="alertmanager"})
for: 0m
labels:
severity: warning
annotations:
summary: "{% raw %} Prometheus AlertManager job missing (instance {{ $labels.instance }}){% endraw %}"
description: "{% raw %}A Prometheus AlertManager job has disappeared\n VALUE = {{ $value }}\n LABELS = {{ $labels }}{% endraw %}"
- alert: PrometheusAlertmanagerE2eDeadManSwitch
expr: vector(1)
for: 0m
labels:
severity: critical
annotations:
summary: "{% raw %}Prometheus AlertManager E2E dead man switch (instance {{ $labels.instance }}){% endraw %}"
description: "{% raw %}Prometheus DeadManSwitch is an always-firing alert. It's used as an end-to-end test of Prometheus through the Alertmanager.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}{% endraw %}"
- name: node.rules
rules:
- record: is_dst
expr: |
(vector(0) and (month() < 3 or month() > 11))
or
(vector(1) and (month() > 3 and month() < 11))
or
(vector(1) and month() == 3 and (day_of_month() - day_of_week()) >= 8 and absent(day_of_week() == 0 and day_of_month() >= 8 and day_of_month() <= 14))
or
(vector(1) and month() == 11 and (day_of_month() - day_of_week()) <= 0)
or
(vector(1) and month() == 3 and day_of_month() >= 8 and day_of_month() <= 14 and day_of_week() == 0 and hour() >= 8)
or
(vector(1) and month() == 11 and day_of_month() >= 1 and day_of_month() <= 7 and day_of_week() == 0 and hour() < 7)
or
vector(0)
- record: america_chicago_time
expr: time() - ((6 * 3600) - (3600 * is_dst))
- record: america_chicago_hour
expr: hour(america_chicago_time)
- alert: InstanceDown
expr: up{job="node"} == 0
for: 1m
- alert: ThanosServiceDown
expr: up{job=~"thanos.+"} == 0
labels:
severity: critical
- alert: FileSystemUsage
expr: ((node_filesystem_size_bytes{mountpoint!~"fuse.lxcfs|tmpfs"} - node_filesystem_free_bytes) / node_filesystem_size_bytes) > 0.80
for: 1m
- alert: FileSystemReadOnly
expr: node_filesystem_readonly{fstype!~"fuse.lxcfs|tmpfs"} == 1
- alert: RebootRequired
expr: node_reboot_required > 0
for: 15m
- alert: AptUpgradesPending
expr: apt_upgrades_pending > 0
for: 1d
- alert: ResticSystemJobLastRun
expr: (time() - node_restic_last_run_time{restic_job="system"}) > 7200
for: 2h
- alert: ResticMinecraftJobLastRun
expr: (time() - node_restic_last_run_time{restic_job=~"minecraft"}) > 86400
for: 2h
- alert: MinecraftUnitInactive
expr: node_systemd_unit_state{name="minecraft.service",state="inactive"} == 1
for: 15m
- alert: GiteaUnitInactive
expr: node_systemd_unit_state{name="gitea.service",state="inactive"} == 1
for: 15m
- alert: MaintenanceMode
expr: maintenance_mode == 1
for: 1m
#- alert: QuietHours
# expr: america_chicago_hour >= 22 or america_chicago_hour < 10
# for: 1m
- name: blackbox.rules
rules:
- alert: ServiceDown
expr: probe_success{job!~"blackbox-icmp[0-9]"} == 0
for: 1m
- alert: PingDown
expr: probe_success{job=~"blackbox-icmp[0-9]"} == 0
for: 15s
- alert: CertExpiry
expr: ((probe_ssl_earliest_cert_expiry{job="blackbox-http"} - time()) / 86400) < 30
for: 15s
labels:
severity: warning
annotations:
# summary: Certificates expiring in < 30 days
summary: "{% raw %}Blackbox SSL certificate will expire soon (instance {{ $labels.instance }}){% endraw %}"
description: "{% raw %}SSL certificate expires in 30 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}{% endraw %}"
- alert: CertExpiry
expr: ((probe_ssl_earliest_cert_expiry{job="blackbox-http"} - time()) / 86400) < 14
for: 15s
labels:
severity: critical
annotations:
# summary: Certificates expiring in < 14 days
summary: "{% raw %}Blackbox SSL certificate will expire soon (instance {{ $labels.instance }}){% endraw %}"
description: "{% raw %}SSL certificate expires in 14 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}{% endraw %}"
blackbox_exporter_config:
modules:
icmpv4:
prober: icmp
timeout: 5s
icmp:
preferred_ip_protocol: ip4
icmpv6:
prober: icmp
timeout: 5s
icmp:
preferred_ip_protocol: ip6
tcp_connect4:
prober: tcp
timeout: 5s
tcp:
preferred_ip_protocol: ip4
tcp_connect6:
prober: tcp
timeout: 5s
tcp:
preferred_ip_protocol: ip6
http_2xx:
prober: http
timeout: 5s
http:
method: GET
# route:
# receiver: pushover-receiver
# mute_time_intervals:
# - quiet_hours
# routes:
# - receiver: blackhole
# match:
# alertname: MaintenanceMode
# #- receiver: blackhole
# # match:
# # alertname: QuietHours
# receivers:
# - name: blackhole
# - name: pushover-receiver
# pushover_configs:
# - token: "{{ vault_pushover_token }}"
# user_key: "{{ vault_pushover_user_key }}"
# inhibit_rules:
# - source_match:
# alertname: MaintenanceMode
# #- source_match:
# # alertname: QuietHours
# time_intervals:
# - name: quiet_hours
# times:
# - start_time: 03:00
# end_time: 15:00
alertmanager_config:
inhibit_rules:
- source_match:
alertname: MaintenanceMode
receivers:
- name: blackhole
- name: pushover-receiver
pushover_configs:
- token: agwd6wv7xveakykb8e5rz7rw3eg2v3
user_key: 28G1x3lT4oUtlck50R1H3e6j8kDHjb
route:
receiver: pushover-receiver
routes:
- match:
alertname: MaintenanceMode
receiver: blackhole
- match:
alertname: PrometheusAlertmanagerE2eDeadManSwitch
receiver: blackhole
- receiver: pushover-receiver
mute_time_intervals:
- quiet_hours
time_intervals:
- name: quiet_hours
time_intervals:
- times:
- start_time: "03:00"
end_time: "15:00"
node_exporter_du_directories:
- /var/log/syslog
- /var/spool/rsyslog
- /var/lib/influxdb
- /var/lib/prometheus
- /var/lib/loki
firewall_ipset_loki:
- 10.255.0.0/24
karma_config:
alertmanager:
interval: 60s
servers:
- name: local
uri: http://localhost:9093
timeout: 10s
proxy: true
readonly: false
healthcheck:
filters:
dms:
- alertname=PrometheusAlertmanagerE2eDeadManSwitch
grid:
sorting:
order: label
reverse: false
label: cluster
customValues:
labels:
severity:
critical: 1
warning: 2
info: 3
auto:
order:
- severity
labels:
color:
custom:
severity:
- value: info
color: "#87c4e0"
- value: warning
color: "#ffae42"
- value: critical
color: "#ff220c"
alertAcknowledgement:
enabled: true
#duration: 15m0s
#author: karma
#comment: ACK! This alert was acknowledged using karma on %NOW%
thanos_bucket_config: "{{ vault_thanos_bucket_config }}"
kthxbye_listen: :8081

57
group_vars/name_servers/main.yaml Normal file
View File

@ -0,0 +1,57 @@
---
nsd_linode_xfr:
- "{{ lookup('dig', 'axfr1.linode.com.') }}"
- "{{ lookup('dig', 'axfr2.linode.com.') }}"
- "{{ lookup('dig', 'axfr3.linode.com.') }}"
- "{{ lookup('dig', 'axfr4.linode.com.') }}"
- "{{ lookup('dig', 'axfr5.linode.com.') }}"
- "{{ lookup('dig', 'axfr1.linode.com./AAAA') }}"
- "{{ lookup('dig', 'axfr2.linode.com./AAAA') }}"
- "{{ lookup('dig', 'axfr3.linode.com./AAAA') }}"
- "{{ lookup('dig', 'axfr4.linode.com./AAAA') }}"
- "{{ lookup('dig', 'axfr5.linode.com./AAAA') }}"
nsd_provide_xfr:
- "{{ lookup('dig', 'axfr1.linode.com.') }} NOKEY"
- "{{ lookup('dig', 'axfr2.linode.com.') }} NOKEY"
- "{{ lookup('dig', 'axfr3.linode.com.') }} NOKEY"
- "{{ lookup('dig', 'axfr4.linode.com.') }} NOKEY"
- "{{ lookup('dig', 'axfr5.linode.com.') }} NOKEY"
- "{{ lookup('dig', 'axfr1.linode.com./AAAA') }} NOKEY"
- "{{ lookup('dig', 'axfr2.linode.com./AAAA') }} NOKEY"
- "{{ lookup('dig', 'axfr3.linode.com./AAAA') }} NOKEY"
- "{{ lookup('dig', 'axfr4.linode.com./AAAA') }} NOKEY"
- "{{ lookup('dig', 'axfr5.linode.com./AAAA') }} NOKEY"
firewall_dns_whitelist: "{{ nsd_linode_xfr }}"
firewall_ipset_dns: "{{ nsd_linode_xfr }}"
nsd_zones:
- name: cavi.cc
zonefile: cavi.cc.zone
provide-xfr: "{{ nsd_provide_xfr }}"
notify: "{{ nsd_provide_xfr }}"
- name: kill0.net
zonefile: kill0.net.zone
provide-xfr: "{{ nsd_provide_xfr }}"
notify: "{{ nsd_provide_xfr }}"
- name: kill0.com
zonefile: kill0.com.zone
provide-xfr: "{{ nsd_provide_xfr }}"
notify: "{{ nsd_provide_xfr }}"
- name: chill9.com
zonefile: chill9.com.zone
provide-xfr: "{{ nsd_provide_xfr }}"
notify: "{{ nsd_provide_xfr }}"
- name: chill9.net
zonefile: chill9.net.zone
provide-xfr: "{{ nsd_provide_xfr }}"
notify: "{{ nsd_provide_xfr }}"
- name: confabulator.net
zonefile: confabulator.net.zone
provide-xfr: "{{ nsd_provide_xfr }}"
notify: "{{ nsd_provide_xfr }}"
- name: ctrl-v.org
zonefile: ctrl-v.org.zone
provide-xfr: "{{ nsd_provide_xfr }}"
notify: "{{ nsd_provide_xfr }}"

29
group_vars/rabbitmq_servers/main.yaml Normal file
View File

@ -0,0 +1,29 @@
---
keepalived_vrrp_scripts:
chk_rabbitmq:
script: rabbitmq-diagnostics -q check_running
interval: 15
weight: -2
# script: /usr/bin/systemctl is-active --quiet rabbitmq-server
# interval: 2
# weight: -4
# chk_amqp_port:
# script: </dev/tcp/127.0.0.1/5672
# interval: 1
# weight: -2
keepalived_vrrp_instances:
VI_1:
state: BACKUP
interface: eth0
virtual_router_id: 51
authentication:
auth_type: PASS
auth_pass: asdf
unicast_peer: |
{{ groups['rabbitmq_servers'] | map('extract', hostvars, ['ansible_eth0', 'ipv4', 'address']) | difference([ansible_default_ipv4.address])| list }}
virtual_ipaddress:
- 10.100.100.20/24
track_script:
- chk_rabbitmq
- chk_amqp_port

68
group_vars/stats_servers/main.yaml Normal file
View File

@ -0,0 +1,68 @@
---
grafana_package_version:
grafana_package_name: "grafana{{grafana_package_version}}"
grafana_package_state: present
grafana_service_name: grafana-server.service
grafana_service_state: started
grafana_service_enabled: yes
grafana_etc_path: /etc/grafana
grafana_config_path: "{{ grafana_etc_path }}/grafana.ini"
grafana_provisioning_path: /etc/grafana/provisioning
grafana_domain: "stats.{{ ansible_domain }}"
grafana_port: 3002
grafana_user: grafana
grafana_group: grafana
grafana_config:
server:
domain: "{{ grafana_domain }}"
root_url: "https://{{ grafana_domain }}"
http_addr: localhost
http_port: "{{ grafana_port }}"
grafana_ssl_enabled: yes
grafana_ssl_certificate: "/etc/letsencrypt/live/{{ grafana_domain }}/fullchain.pem"
grafana_ssl_certificate_key: "/etc/letsencrypt/live/{{ grafana_domain }}/privkey.pem"
#grafana_ssl_dhparam: "/etc/letsencrypt/ssl-dhparams.pem"
grafana_datasources:
apiVersion: 1
datasources:
- name: influxdb
type: influxdb
access: proxy
url: http://localhost:8086
database: telegraf
isDefault: yes
version: 1
grafana_dashboards:
apiVersion: 1
providers:
- name: ansible
folder: Built-in
type: file
options:
path: /var/lib/grafana/dashboards
grafana_dashboard_files:
- connectivity.json
- home-networking.json
- iptables.json
- nginx.json
- processes.json
- switching.json
- system.json
- ups.json
firewall_ipset_influxdb:
- 172.16.100.16
- 10.255.0.17
telegraf_config_outputs:
influxdb:
urls:
- http://localhost:8086