ryanc/ansible
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Compare commits

base: ryanc:a459473252cfa840c17091f6e617478b835dca4a
Branches Tags
ryanc:master
...
compare: ryanc:master
Branches Tags
ryanc:master

230 Commits
a459473252 ... master

Author SHA1 Message Date
Ryan Cavicchioni
b45f8cf5dd Add role for ufw 2024-04-14 18:32:50 -05:00
Ryan Cavicchioni
7caf443b35 Add draft roles for cloudflared and tailscale 2024-04-14 18:31:59 -05:00
Ryan Cavicchioni
db1ee687a7 Add vault for monitor_servers 2024-04-14 18:31:11 -05:00
Ryan Cavicchioni
e7c9f4fa05 docker: add handlers 2024-04-14 18:30:40 -05:00
Ryan Cavicchioni
22ab3586a1 lego: add configuration 2024-04-14 18:30:16 -05:00
Ryan Cavicchioni
f4585ad0ee promtail: add configuration 2024-04-14 18:30:05 -05:00
Ryan Cavicchioni
e3549cf829 mimir: add configuration 2024-04-14 18:30:05 -05:00
Ryan Cavicchioni
04948c36b9 loki: add configuration 2024-04-14 18:30:05 -05:00
Ryan Cavicchioni
6ee8d3372a alertmanager: configure receiver secrets 2024-04-14 18:30:05 -05:00
Ryan Cavicchioni
00ce1a8a26 Tweak rsyslog queuing 2024-04-14 18:10:35 -05:00
Ryan Cavicchioni
78835bce49 Change DNS servers 2024-04-14 18:09:13 -05:00
Ryan Cavicchioni
20db9d5088 wireguard: Use different subnet 2024-04-14 18:09:13 -05:00
Ryan Cavicchioni
55c45c6f3d Replace certbot with lego 2024-04-14 18:09:13 -05:00
Ryan Cavicchioni
cb60bcb5f8 nginx: refactor role 2024-04-14 17:53:26 -05:00
Ryan Cavicchioni
7ca9b6dc8c wireguard: support 'Table' and 'PersistentKeepalive' 2024-04-14 17:52:35 -05:00
Ryan Cavicchioni
0addb1e6a0 unattended-updates: enable normal updates 2024-04-14 17:52:03 -05:00
Ryan Cavicchioni
9acc10b73f rsyslog: use variables for paths 2024-04-14 17:51:22 -05:00
Ryan Cavicchioni
01314cb137 prometheus: enable file discovery 2024-04-14 17:50:31 -05:00
Ryan Cavicchioni
1982782284 minecraft: update minecraft server 2024-04-14 17:49:36 -05:00
Ryan Cavicchioni
05b1e8da07 loki: flesh out role 2024-04-14 17:48:46 -05:00
Ryan Cavicchioni
45ddb507ef mtail: remove dead code 2024-04-14 17:47:55 -05:00
Ryan Cavicchioni
1cce3fc642 nftables: add more rules 2024-04-14 17:46:42 -05:00
Ryan Cavicchioni
7168a89e53 Fix typos in Promtail systemd unit 2024-04-14 17:45:59 -05:00
Ryan Cavicchioni
4e338917dc iptables: open ports for promtail syslog 2024-04-14 17:45:16 -05:00
Ryan Cavicchioni
f79cdc1e59 Update http2 syntax 2024-04-14 17:34:54 -05:00
Ryan Cavicchioni
4a7f888994 Refactor certbot role 2024-04-14 17:29:18 -05:00
Ryan Cavicchioni
8b24c9fad9 Fix pixz package name 2024-04-14 17:28:36 -05:00
Ryan Cavicchioni
77ecf4ccbe Use tags 2024-04-14 17:26:32 -05:00
Ryan Cavicchioni
de53d99b5e Manager restic updates 2024-04-14 17:25:38 -05:00
Ryan Cavicchioni
907d7a9c63 Add role for snmp_exporter 2024-04-14 17:23:51 -05:00
Ryan Cavicchioni
6108475fbd Refactor netplan 2024-04-14 17:23:27 -05:00
Ryan Cavicchioni
db8c7f4f63 Secrets 2024-04-14 17:19:01 -05:00
Ryan Cavicchioni
02c1899ee0 Remove unused host_vars 2024-04-14 17:16:43 -05:00
Ryan Cavicchioni
b02da06c97 Add roles for lego, logcli, mimir, process_exporter, smokeping_prober, and vector 2024-04-14 17:13:06 -05:00
Ryan Cavicchioni
ce692e4560 Add nftables role 2022-09-04 08:59:28 -05:00
Ryan Cavicchioni
42ba49c865 common: refactor 2022-09-01 17:12:52 -05:00
Ryan Cavicchioni
4b581b8a78 restic: remove tidy job 2022-09-01 16:42:00 -05:00
Ryan Cavicchioni
132b6d800a Remove Python 2 packages 2022-09-01 16:41:35 -05:00
Ryan Cavicchioni
2483542b98 prometheus: scrape Grafana stats 2022-09-01 16:40:12 -05:00
Ryan Cavicchioni
dae13299e0 Remove DNS zones 2022-09-01 16:39:51 -05:00
Ryan Cavicchioni
36a2d3542c Remove name server roles 2022-09-01 16:39:28 -05:00
Ryan Cavicchioni
3fc613fe2b grafana: add default.yaml 2022-09-01 16:37:15 -05:00
Ryan Cavicchioni
b685c1027e Add test drone.yml
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone Build is failing
Details
2022-09-01 09:16:08 -05:00
Ryan Cavicchioni
98b34e6c5c grafana: add new Prometheus based system dashboard 2022-08-31 21:09:23 -05:00
Ryan Cavicchioni
d5ec01ecba grafana: sync dashboards from the controller 2022-08-31 20:50:09 -05:00
Ryan Cavicchioni
2fc6ae1073 grafana: add some path variables 2022-08-31 20:49:50 -05:00
Ryan Cavicchioni
c512dc2b0c grafana: remove old InfluxDB based dashboards 2022-08-31 20:43:23 -05:00
Ryan Cavicchioni
f234071bbf grafana: restart when anything is deployed to a provisioning path 2022-08-31 16:20:55 -05:00
Ryan Cavicchioni
85e4fc9056 grafana: Move my configuration out of the defaults 2022-08-31 16:20:23 -05:00
Ryan Cavicchioni
28216483dc Fix yamllint error 2022-08-31 13:32:20 -05:00
Ryan Cavicchioni
79699ed2c6 yamllint: disable line-length check 2022-08-31 13:31:19 -05:00
Ryan Cavicchioni
7789ad779e Fix a lot of yamllint errors 2022-08-31 13:30:59 -05:00
Ryan Cavicchioni
52eece85e4 Fix more network role lint errors 2022-08-31 13:16:45 -05:00
Ryan Cavicchioni
20dd1f1018 Fix grafana role lint errors 2022-08-31 13:03:18 -05:00
Ryan Cavicchioni
bbde030a57 ansible-lint: skip name[casing] 2022-08-31 13:02:39 -05:00
Ryan Cavicchioni
e7602bd910 Refactor network role 2022-08-31 12:39:41 -05:00
Ryan Cavicchioni
71d1da1cf1 Simply network role 
The role only supports netplan now
 2022-08-30 23:27:03 -05:00
Ryan Cavicchioni
221578a0d1 Use OpenJDK 18 for minecraft 2022-08-30 22:37:30 -05:00
Ryan Cavicchioni
e323abe694 Remove unused roles from main playbook 2022-08-30 22:37:00 -05:00
Ryan Cavicchioni
cb5971876f Run restic prune before backup 2022-08-30 22:36:26 -05:00
Ryan Cavicchioni
0338a60747 Add some empty default.yaml files 2022-08-30 22:35:19 -05:00
Ryan Cavicchioni
08441c5f5c Use FQCN for IP utils 2022-08-30 22:30:13 -05:00
Ryan Cavicchioni
cd66cef7ad Fix deprecated includes 2022-08-30 22:19:06 -05:00
Ryan Cavicchioni
6705256abc Add workstation lab playbook 2022-08-30 07:52:01 -05:00
Ryan Cavicchioni
0e6490bbd2 add dl role 2022-08-30 07:51:55 -05:00
Ryan Cavicchioni
0760ae4c2c add wireguard role 2022-08-30 07:51:47 -05:00
Ryan Cavicchioni
2b6b7aca79 add vault role 2022-08-30 07:51:35 -05:00
Ryan Cavicchioni
4c64613a90 add thanos role 2022-08-30 07:51:26 -05:00
Ryan Cavicchioni
04dfdbd399 add swap role 2022-08-30 07:51:17 -05:00
Ryan Cavicchioni
49be68b4db add supervisor role 2022-08-30 07:51:10 -05:00
Ryan Cavicchioni
3a14992832 add rabbitmq role 2022-08-30 07:50:44 -05:00
Ryan Cavicchioni
a948debbf8 add promtail role 2022-08-30 07:50:35 -05:00
Ryan Cavicchioni
eae4e0120c add pushgateway role 2022-08-30 07:50:07 -05:00
Ryan Cavicchioni
749934f9e1 add prometheus role 2022-08-30 07:49:57 -05:00
Ryan Cavicchioni
ec17840809 add podman role 2022-08-30 07:49:41 -05:00
Ryan Cavicchioni
d55f62893d add openvpn role 2022-08-30 07:49:30 -05:00
Ryan Cavicchioni
5b55cc1a16 add nomad role 2022-08-30 07:49:09 -05:00
Ryan Cavicchioni
d5fd90a9e9 add node_exporter role 2022-08-30 07:49:00 -05:00
Ryan Cavicchioni
3e982b9729 add mysql role 2022-08-30 07:48:38 -05:00
Ryan Cavicchioni
523d6f3b32 add mtail role 2022-08-30 07:48:26 -05:00
Ryan Cavicchioni
341583bbe1 add loki role 2022-08-30 07:48:13 -05:00
Ryan Cavicchioni
4a497c211a add kthxbye role 2022-08-30 07:48:06 -05:00
Ryan Cavicchioni
72254bd72e add keepalived role 2022-08-30 07:47:54 -05:00
Ryan Cavicchioni
4541bab1bc add karma role 2022-08-30 07:46:29 -05:00
Ryan Cavicchioni
8122bd25d7 add docker role 2022-08-30 07:46:19 -05:00
Ryan Cavicchioni
149fff70a3 add crio role 2022-08-30 07:46:03 -05:00
Ryan Cavicchioni
789541a90f add consul role 2022-08-30 07:45:41 -05:00
Ryan Cavicchioni
4d07232525 add blackbox_exporter role 2022-08-30 07:45:26 -05:00
Ryan Cavicchioni
8e899da042 add alertmanager role 2022-08-30 07:45:14 -05:00
Ryan Cavicchioni
bceedf79f4 Add ansible.cfg 2022-08-30 07:41:56 -05:00
Ryan Cavicchioni
1febcb4d1c Add host_vars and group_vars 2022-08-30 07:41:17 -05:00
Ryan Cavicchioni
20263b7e26 Add NSD DNS zones 2022-08-30 07:33:11 -05:00
Ryan Cavicchioni
154a71d6fe Add update and reboot playbooks 2022-08-30 07:29:39 -05:00
Ryan Cavicchioni
375f8a0055 grafana: don't use autossh anymore 2022-08-30 07:28:25 -05:00
Ryan Cavicchioni
2b1025c0b0 Add lots of hosts to the inventory 2022-08-30 07:27:16 -05:00
Ryan Cavicchioni
bc4e75b53f add lots of roles to playbook 2022-08-30 07:26:27 -05:00
Ryan Cavicchioni
e202f3e380 apt refresh should not register a change 2022-08-30 07:25:17 -05:00
Ryan Cavicchioni
399f5541c6 unbound: configure as a forwarded that accepts connections 2022-08-30 07:24:18 -05:00
Ryan Cavicchioni
621ae59e63 Use ipsets for the firewall 2022-08-30 07:22:53 -05:00
Ryan Cavicchioni
2fdf1d7a25 gitea: enable HTTP/2 in nginx 2022-08-30 07:13:41 -05:00
Ryan Cavicchioni
aac3f53d95 gitea: fix bugs with auto upgrade 2022-08-30 07:13:25 -05:00
Ryan Cavicchioni
37ec31b97d gitea: open up registration 2022-08-30 07:13:05 -05:00
Ryan Cavicchioni
59c5347ffb grafana: enable HTTP/2 in nginx 2022-08-30 07:09:23 -05:00
Ryan Cavicchioni
1b42645bd3 grafana: override systemd configuration that is not compatible with Ubuntu 18 2022-08-30 07:08:39 -05:00
Ryan Cavicchioni
34c493de3e minecraft 1.19 2022-08-30 07:07:40 -05:00
Ryan Cavicchioni
ba68ceec5a influxdb: do not start the service is the package is absent 2022-08-30 07:04:56 -05:00
Ryan Cavicchioni
8938feba0c minecraft: add more events to Discord bot 2022-08-30 06:57:54 -05:00
Ryan Cavicchioni
30247b26c3 nginx: add vhost support to role 2022-08-30 06:54:38 -05:00
Ryan Cavicchioni
29c2b9b4df restic: only keep two days of gitea backups 2022-08-30 06:51:19 -05:00
Ryan Cavicchioni
68508d8c95 restic: disable restic tidy cycle for now 2022-08-30 06:50:56 -05:00
Ryan Cavicchioni
006ccf93f1 restic 0.14.0 2022-08-30 06:50:06 -05:00
Ryan Cavicchioni
58e403a0a0 rsyslog: use file date for compression cycle 2022-08-30 06:49:11 -05:00
Ryan Cavicchioni
be9fd29f90 rsyslog: enable RELP 2022-08-30 06:48:21 -05:00
Ryan Cavicchioni
ec00bf3d76 telegraf: don't start the service if the package is absent 2022-08-30 06:46:16 -05:00
Ryan Cavicchioni
3a149f6a4c telegraf: Don't monitor LIMIT_SSH 2022-08-30 06:45:55 -05:00
Ryan Cavicchioni
ebfcf3301e Fix bug in unattended-upgrades 2022-08-30 06:44:56 -05:00
Ryan Cavicchioni
54e81e8755 Add ack 2022-08-30 06:43:19 -05:00
Ryan Cavicchioni
f827c47bce Add zstd 2022-08-30 06:43:07 -05:00
Ryan Cavicchioni
94bebc734b Add hping3 2022-08-30 06:42:57 -05:00
Ryan Cavicchioni
ff53a59ae6 Add neovim 2022-08-30 06:42:45 -05:00
Ryan Cavicchioni
97b05b9419 Add web browsers 2022-08-30 06:42:19 -05:00
Ryan Cavicchioni
cc4a5748fa Move Gitea configuration steps 2020-10-12 16:41:26 -05:00
Ryan Cavicchioni
5ee4391bc3 Gitea's site is bandwidth limited, use Github 2020-10-12 15:29:30 -05:00
Ryan Cavicchioni
e07d285733 Reorder gitea pre checks 2020-10-12 15:29:06 -05:00
Ryan Cavicchioni
294c1263f6 Refactor gitea role to install the latest version 2020-10-11 21:40:15 -05:00
Ryan Cavicchioni
008779232b Add more utils 2020-10-10 11:01:00 -05:00
Ryan Cavicchioni
3347935780 Add /var/log/syslog/ clean up cron job 2020-10-10 11:00:32 -05:00
Ryan Cavicchioni
e9113856ea Build minecraft server.properties from Ansible variable 2020-10-10 10:59:45 -05:00
Ryan Cavicchioni
c87dd6cb3e Add Prometheus metrics to restic-job script 2020-10-10 10:55:23 -05:00
Ryan Cavicchioni
6a55359d28 Fix inaccurate counter in restic-job script 2020-10-10 10:54:25 -05:00
Ryan Cavicchioni
838d9b00dd Fix grafana apt sources list file path 2020-10-10 10:51:04 -05:00
Ryan Cavicchioni
06cdf0c610 go 1.15.2 2020-10-10 10:50:10 -05:00
Ryan Cavicchioni
93d7895bea Allow 127.0.0.0/8 to connect to NTP on chrony 2020-10-10 10:48:38 -05:00
Ryan Cavicchioni
32c79b486a rate limit login pages for grafana and gitea 2020-09-20 22:45:35 -05:00
Ryan Cavicchioni
dadbca219e use upstream nginx package 2020-09-20 22:44:45 -05:00
Ryan Cavicchioni
66312d4a90 Syslog firewall rules 2020-09-20 22:41:51 -05:00
Ryan Cavicchioni
63c737518b InfluxDB rules 2020-09-20 22:41:25 -05:00
Ryan Cavicchioni
fef33bc4a9 whitespace 2020-09-20 22:40:39 -05:00
Ryan Cavicchioni
c7d8b074cf DNS firewall rules 2020-09-20 22:40:03 -05:00
Ryan Cavicchioni
9e0ada65f2 teleport firewall rules 2020-09-20 22:35:20 -05:00
Ryan Cavicchioni
036cdd6e57 syslog clean up 2020-09-20 22:24:49 -05:00
Ryan Cavicchioni
198730b50e install iperf 2020-09-20 22:24:15 -05:00
Ryan Cavicchioni
73d17efdff minecraft 1.16.3 2020-09-20 22:23:21 -05:00
Ryan Cavicchioni
1e3cc26560 craftbukkit 1.16.1 2020-08-22 10:03:20 -05:00
Ryan Cavicchioni
73a1e1fafc add teleport role 2020-08-22 10:02:43 -05:00
Ryan Cavicchioni
ba8f63cda4 fix restic locking 2020-08-22 10:01:56 -05:00
Ryan Cavicchioni
8a5ddd5273 minecraft 1.16.2 2020-08-22 10:01:25 -05:00
Ryan Cavicchioni
cfe9012e32 remove minecraft multi-instance support 2020-08-22 10:00:13 -05:00
Ryan Cavicchioni
302b6525f6 fix certbot verification path 2020-08-22 09:59:26 -05:00
Ryan Cavicchioni
4f2e05439e enable flux 2020-08-22 09:57:58 -05:00
Ryan Cavicchioni
c1da21773f add fun commands 2020-08-22 09:57:45 -05:00
Ryan Cavicchioni
98f98bab16 gitea 1.12.2 2020-08-22 09:57:45 -05:00
Ryan Cavicchioni
277a1bc569 uncommitted grafana code 2020-06-12 16:32:02 -05:00
Ryan Cavicchioni
91d2fcbf27 spiped removal 2020-06-12 16:30:06 -05:00
Ryan Cavicchioni
3a43d5ec60 restart craftbukkit if jar changes 2020-06-12 16:29:32 -05:00
Ryan Cavicchioni
00d74fc10f autossh removal 2020-06-12 16:29:02 -05:00
Ryan Cavicchioni
ca5e9bd44e add certs role 2020-05-23 16:41:09 -05:00
Ryan Cavicchioni
6d2c7249bf add playbook 2020-05-23 16:40:49 -05:00
Ryan Cavicchioni
dae3c475fb whitespace fix 2020-05-23 16:40:00 -05:00
Ryan Cavicchioni
3c222eee69 gitea 1.11.5 2020-05-23 16:39:37 -05:00
Ryan Cavicchioni
94cbb6d917 add more minecraft message regex captures 2020-05-23 16:39:37 -05:00
Ryan Cavicchioni
ca2eeaf2e7 disable craftbukkit max tick 2020-05-09 11:00:59 -05:00
Ryan Cavicchioni
e41d3c6b7b add lava death regex 2020-05-09 11:00:39 -05:00
Ryan Cavicchioni
e75481b2f5 fix warning regarding null byte 2020-05-09 11:00:06 -05:00
Ryan Cavicchioni
1cc7ba9fb1 use lock files to prevent restic jobs from stacking 2020-04-22 21:39:16 -05:00
Ryan Cavicchioni
92bc6f43c8 add craftbukkit restic hook 2020-04-20 22:30:18 -05:00
Ryan Cavicchioni
5e85d23c6c add more standard tools 2020-04-20 22:30:18 -05:00
Ryan Cavicchioni
b2f56598fa get restic path from environment 2020-04-20 22:30:18 -05:00
Ryan Cavicchioni
e08ed9a2ec add restic self-update 2020-04-20 22:28:21 -05:00
Ryan Cavicchioni
7b242c65a6 fix upgrade bug 2020-04-20 22:26:41 -05:00
Ryan Cavicchioni
8dae1331f7 go 1.14.2 2020-04-20 22:26:35 -05:00
Ryan Cavicchioni
f81634f0d5 gitea 1.11.4 2020-04-20 22:25:47 -05:00
Ryan Cavicchioni
acae6acb07 add craftbukkit role 2020-04-20 22:25:07 -05:00
Ryan Cavicchioni
81daf417d8 fix issues with restic minecraft hook 2020-01-28 00:06:49 -06:00
Ryan Cavicchioni
4dd6380c0b disable/enable minecraft instances 2020-01-26 15:18:17 -06:00
Ryan Cavicchioni
22dbc01a3c gitea 1.10.2 2020-01-26 15:16:18 -06:00
Ryan Cavicchioni
3880c8d4f2 add Google DNS ping panel for home network 2020-01-23 20:50:06 -06:00
Ryan Cavicchioni
75188b008e install serveral system tools 
refs #4
 2020-01-23 08:03:35 -06:00
Ryan Cavicchioni
05a67e2db4 keep 5 days of syslog files uncompressed 2020-01-23 08:03:08 -06:00
Ryan Cavicchioni
11898e4ee7 support for multiple instances of minecraft in restic minecraft hook 2020-01-23 08:01:58 -06:00
Ryan Cavicchioni
5b65beff27 don't register change when checking restic repo 2020-01-23 08:01:23 -06:00
Ryan Cavicchioni
befad13cb5 add spiped role 2020-01-23 08:00:57 -06:00
Ryan Cavicchioni
c63271c8b5 add basic go role 2020-01-23 07:59:32 -06:00
Ryan Cavicchioni
b769ea477b minecraft multi-instance support 2020-01-22 20:16:31 -06:00
Ryan Cavicchioni
2b1ba0d6fc upgrade minecraft 2020-01-22 20:16:00 -06:00
Ryan Cavicchioni
831655600c add mbuffer, socat, spipe and pv 
closes #2
 2020-01-15 20:42:28 -06:00
Ryan Cavicchioni
eec3fd39b7 add grafana dashboards 2020-01-12 18:36:30 -06:00
Ryan Cavicchioni
4fc6c1ab78 add telegraf.d support 2020-01-05 16:46:26 -06:00
Ryan Cavicchioni
b39e213bc3 add lua, add python packages 2020-01-01 11:20:31 -06:00
Ryan Cavicchioni
ced9d028f8 fix error in rsyslog configuration 
umask is not supported in an action
 2020-01-01 11:19:44 -06:00
Ryan Cavicchioni
3b5c2242d1 add iptables whitelist for DNS 2020-01-01 11:19:19 -06:00
Ryan Cavicchioni
f7273def95 add gitea backup directory 2020-01-01 11:18:26 -06:00
Ryan Cavicchioni
2b4fdbc661 add nsd role 2020-01-01 11:17:43 -06:00
Ryan Cavicchioni
2da2a1affc Add simple Discord bot to notify of Minecraft events 2019-12-30 19:53:35 -06:00
Ryan Cavicchioni
d8ffc99fdd add restic hook for gitea 2019-12-27 00:05:28 -06:00
Ryan Cavicchioni
91bd92045e restic script fixes 2019-12-27 00:04:59 -06:00
Ryan Cavicchioni
27e305a6ec add p7zip and unzip 2019-12-27 00:03:29 -06:00
Ryan Cavicchioni
e44e06594e fix order of restic job hooks 2019-12-25 17:23:36 -06:00
Ryan Cavicchioni
07a5dd96b2 update rclone 2019-12-23 11:56:32 -06:00
Ryan Cavicchioni
3349430416 Add minecraft restic hook 2019-12-23 11:32:19 -06:00
Ryan Cavicchioni
52d9dc0f57 restic should log to syslog 2019-12-23 11:30:21 -06:00
Ryan Cavicchioni
d86b692e4f add pre/post hooks to restic scripts 2019-12-23 11:30:07 -06:00
Ryan Cavicchioni
55ba448f13 fix restic sleep bugs 2019-12-23 11:29:36 -06:00
Ryan Cavicchioni
55676661db add more standard utils 2019-12-18 22:09:35 -06:00
Ryan Cavicchioni
8ab9c36366 add more restic helper scripts 2019-12-18 22:09:05 -06:00
Ryan Cavicchioni
0eb5699a8d enable remote syslog 2019-12-18 22:08:03 -06:00
Ryan Cavicchioni
0ff318ae00 update minecraft server 2019-12-18 22:07:13 -06:00
Ryan Cavicchioni
4a7cd07ac9 add restic wrapper scripts 2019-12-15 20:52:36 -06:00
Ryan Cavicchioni
95b7f4115c add restic role 2019-12-15 00:40:49 -06:00
Ryan Cavicchioni
818a7aaefd add utils role 2019-12-13 21:48:59 -06:00
Ryan Cavicchioni
93d140015b gitea 1.10.1 2019-12-10 21:59:45 -06:00
Ryan Cavicchioni
0e9c3a402b Update minecraft server to 1.15 2019-12-10 20:42:43 -06:00
Ryan Cavicchioni
6e49a596e7 Remove unused autossh environment variables 2019-12-03 20:55:54 -06:00
Ryan Cavicchioni
576c5c6f17 Fix /var/log/syslog directory ownership 2019-12-03 20:41:50 -06:00
Ryan Cavicchioni
962a6542be Support unattended-upgrades rebooting the system based on logged in users 2019-12-03 20:32:18 -06:00
Ryan Cavicchioni
54a6e007b6 Fix grafana port 2019-12-03 20:19:45 -06:00
Ryan Cavicchioni
aaa3d221e1 Disable autossh built-in monitoring 2019-12-03 20:18:54 -06:00
Ryan Cavicchioni
4f85a73714 Set gitea RuntimeDirectory 2019-12-03 20:18:11 -06:00
Ryan Cavicchioni
8b3ecdbb9c Set autossh systemd RuntimeDirectory 2019-12-03 20:17:37 -06:00
Ryan Cavicchioni
25bde1105f Add tmpfiles.d override for file permissions 
The permissions for /var/log/syslog were being reset on boot
 2019-12-03 20:14:59 -06:00
Ryan Cavicchioni
02919f87fc Fix typos 2019-12-03 20:14:33 -06:00
Ryan Cavicchioni
3bb250084a Fix formatting error 2019-12-03 20:14:07 -06:00
Ryan Cavicchioni
ccdf6fab93 Add InfluxDB role 2019-12-01 20:40:40 -06:00
Ryan Cavicchioni
c13ce7cb4d Add grafana role 2019-12-01 20:40:29 -06:00
Ryan Cavicchioni
e13a935f80 Add autossh role 2019-12-01 20:40:12 -06:00
Ryan Cavicchioni
f99c956212 Fix certbot command 2019-12-01 13:45:19 -06:00
Ryan Cavicchioni
8488dc650a Allow gitea role to use UNIX socket 2019-12-01 13:44:49 -06:00
Ryan Cavicchioni
6936849797 Fix Minecraft backup script wording 2019-11-29 15:05:35 -06:00
Ryan Cavicchioni
c255787630 Add backup completion message 2019-11-29 15:02:40 -06:00
Ryan Cavicchioni
3e5f948a00 Add log levels to Minecraft backup script 2019-11-29 15:00:53 -06:00
489 changed files with 44437 additions and 738 deletions
Expand all files Collapse all files

2
.ansible-lint Normal file
View File

@ -0,0 +1,2 @@
skip_list:
- name[casing]

12
.drone.yml Normal file
View File

@ -0,0 +1,12 @@
---
kind: pipeline
name: default
steps:
- name: lint
image: python
commands:
- pip install yamllint
- pip install ansible-lint
- yamllint .
- ansible-lint .

5
.yamllint Normal file
View File

@ -0,0 +1,5 @@
---
extends: default
rules:
line-length: disable

3
ansible.cfg
View File

@ -1,7 +1,8 @@
[defaults]
nocows=1
syslog_facility=LOG_LOCAL2
ask_vault_pass=True
[ssh_connection]
pipelining=True
scp_if_ssh = True

0
files/grafana/dashboards/.gitkeep Normal file
View File

2232
files/grafana/dashboards/system.json Normal file
View File

File diff suppressed because it is too large Load Diff

374
group_vars/all/main.yaml Normal file
View File

@ -0,0 +1,374 @@
---
ansible_python_interpreter: /usr/bin/python3
syslogfacility: LOG_LOCAL2
network_nameservers: "{{ dns_servers }}"
network_search: kill0.net
postfix_aliases:
postmaster: root
hostmaster: root
webmaster: root
abuse: root
administrator: root
admin: root
root: sysops@kill0.net
devnull: /dev/null
#firewall_ssh_whitelist:
# - "{{ lookup('dig', 'jump0.kill0.net/A') }}"
# - "{{ lookup('dig', 'jump0.kill0.net/AAAA') }}"
# - 192.168.255.17
# - 2600:3c00:e000:343::11/128
firewall_ipset_mgmt:
- "{{ lookup('dig', 'jump0.kill0.net/A') }}"
- "{{ lookup('dig', 'jump0.kill0.net/AAAA') }}"
firewall_limited_tcp_ports:
- 22
#unattended_upgrades_mailto: sysops@kill0.net
unattended_upgrades_mailto: devnull
unattended_upgrades_automatic_reboot: yes
unattended_upgrades_automatic_reboot_time: '8:00'
unattended_upgrades_reboot_with_users: no
openssh_sshd_config:
PermitRootLogin: prohibit-password
autossh_config:
- name: influx
host: jump0.kill0.net
options:
- -L 127.254.254.1:8086:127.0.0.1:8086
- name: syslog
host: jump0.kill0.net
options:
- -L 127.254.254.1:1514:127.0.0.1:514
user_authorized_keys_hash:
ryan:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGznaofIstAxYsX1MH8xQiZU4aOO4SUw9OlRbyFMfQTx
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKdWuh9fbKNubIWaYGwOcbGNkh1Osifh/22KE5pKlVxfVqTT2MiEY6LlvlqR0UkU0hos5F0aEigK7wsABy0KEP2Z0hlx1IwO89rX1TbeqbNVvFk34+jBFflNhBTwE4fekBc4WyvQ3MtlygUTqUnPiQNMBL6uV3rHfh015C5ZqRHSqT7O/+bIbuLSOLizQPph/EJ7U7ti5gfZb5J8uSLdaK0vCLSIokleht3dE1DxfNq4LaVcNCGfNXHIzhaew7L4IkJ7nSWGRtGD7aHKcPV8PRJCt3Mn1IDXrVwFYx0tmFF4eyJ5h9l7fTiRs8PjJ8zD8BePtAP/LFCrhCS+vYbGJT
# windows 10
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCe1dmofrPBmchiBs1NQxJVEiAyNfd/eG/U6xh8buekKpEYu6vY9oLN3fk1TdIQoq5gl6qVMaT8cRXQkN7zPBHdwpX55ifmM8O5sQJ3Q2Wioi+6W2elVG58kDIaWFUiQLFm3CXUQ43Ec3+SMo2xlr8b7tUUbCc7690TNJx4gB1t+mYQMIv5OBuzRgUJLSclT0Tp5luJgVKVimPKXTqawDPIKwEZHHvJjs1S4irDdIP4OJJHfHmegapXbMexfEEmgt82axlSjywlMDOKCxnJphOSxtzbUGHkdNMM8VBQC/iMEHprmp75LQzgL5tk9cdIe6T8b1XyuD3tdO/xguChBPpV
# work
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICndorpp/6aKlLq2K1YP81r8zA80VGp1qAUeCZtdVhAw rcavicchioni@NMLT072
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCW02T3dkh1Ra9n+Ql86e/C2ZdtwY5if5RZoc2BYwFCcygwP3GUKOrR6c9SW25B3X048+tVdTiOUhqfsqWf6jxCJ5h17lJ2sigMxEZOht0hUQZSgmQgdviYv3WYrqC4hlStumwEgEsJjRl9PP5LnIcdjWWINslaweFdfD7KhTRPlok1T2ycd0wEvsSCVATW32xV4Dpof5HLgLqnNwtK3VKSl7YIQu5i9SimtRDijwPnOkeMoknGjatpOu5VrnOP03GaExqXnjaIaUz++5GhCGEQEKhlcQrBCYlxubH+L4r6bka1S5r1GeeZNL6g+uUVUP5XaG8HcA9vArilmQfDj3xd
rick:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTt13M/kyXmm8ORhefa6b4e0j1XczLu+R/asgTSdvhDCljo1LLtDvXWdUVQCwXxMXw8aPKjskBr+k1KJOFsdfVi65dExHhmaHk4qeGgkSkLNLPaMkKcNv3h+hS7VGmZjsxU0+bwl0b3g6woKEuMjnD5MfCsKIs6TOB5XjoDw8PMC+BsOiafFPeXGL8UA4yBtdNXFk6B4Ev6lZflPvenJXXJjYeePnhXjPaI6cNjSPhByy8mPU0AzWhtq8akbXlOCUrjuq2XoatwVOd1ZWj344PHfav7zmZkYLWOE7AR++ng+4pNxrfeiCxBcgSluKNYkZFac04OX8PSNbvqTWA29GIDlmcomaSJOWslVoVOiWYQ+7wWIb0d2+RgH/6UvVS500NyacOSkSlfI8SyqC5VVb2jjUC+GQ2zW/IMfYlwRutXT3MRgVtuoQ2i/aXizPLsH6iBqKxQDMV48avTNIitN29owOBPpDNsd1o4iy4kdMPrAFmrPBYSA939nOUzPmCCwU=
users_interactive:
- name: ryan
groups:
- users
- sudo
- adm
comment: Ryan Cavicchioni
password: "{{ vault_user_password_hashes['ryan'] }}"
- name: rick
groups:
- users
comment: Rick Elias
password:
users_authorized_keys:
- name: ryan
keys: "{{ user_authorized_keys_hash['ryan'] }}"
- name: rick
keys: "{{ user_authorized_keys_hash['rick'] }}"
- name: root
keys: "{{ user_authorized_keys_hash['ryan'] }}"
telegraf_config_outputs:
influxdb:
urls:
- http://127.254.254.1:8086
telegraf_config_d:
- name: ping
config:
inputs.ping:
- urls:
- 10.255.0.1
count: 10
ipv6: false
binary: ping4
rsyslog_archival_format_enabled: true
rsyslog_outputs:
- name: omfwd
params:
target: 169.254.0.1
port: 514
protocol: tcp
action.resumeretrycount: -1
queue.type: linkedlist
queue.size: 1000000
queue.filename: fwd
queue.saveonshutdown: "on"
keepalive: "on"
template: RSYSLOG_SyslogProtocol23Format
tcp_framing: octet-counted
sudo_aliases:
host:
- name: minecraft
items:
- mine[[\:digit\:]]*
- name: jumphosts
items:
- jump[[\:digit\:]]*
sudo_rules:
- name: "%sudo"
hosts: ALL
runas:
users: ALL
groups: ALL
tags:
- NOPASSWD
commands: ALL
restic_repos:
- name: b2
repo: "b2:kill0-infra-backup:/{{ inventory_hostname_short }}"
environment:
RESTIC_PASSWORD: "{{ vault_restic_repo_b2_password }}"
B2_ACCOUNT_ID: "{{ vault_restic_repo_b2_account_id }}"
B2_ACCOUNT_KEY: "{{ vault_restic_repo_b2_account_key }}"
restic_jobs:
- name: system
repo: b2
paths:
- /
certs_trusted_ca:
chill9-root-ca: |
subject=C = US, O = chill9, CN = chill9 Root CA
issuer=C = US, O = chill9, CN = chill9 Root CA
notBefore=May 16 17:36:20 2020 GMT
notAfter=May 14 17:36:20 2030 GMT
-----BEGIN CERTIFICATE-----
MIIFOjCCAyKgAwIBAgIQdRhWyOcUQ+uIEypQfJLvqTANBgkqhkiG9w0BAQsFADA3
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
Um9vdCBDQTAeFw0yMDA1MTYxNzM2MjBaFw0zMDA1MTQxNzM2MjBaMDcxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFzAVBgNVBAMMDmNoaWxsOSBSb290IENB
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAswTensn+vA45WGRp3o/5
LX+wh6PTHAGNluLaZRyUNOg+EunnXAvMBF912D587wLAiC1G9FGOn+8JVws2QITX
+U8Y8L2vhnfGQNCQYvqBfJc5PJt3ZZ35to5tdTRJTeVhNWzIA7qOZh8ualFbCDYd
m6K74SlfEbvKzS02pYWN6wCVXtGOPl7VoOtjg8cOUX6u1pZpBKQfzq3lgLS2oMp0
VuBJeUMiki/O8nCC10VCXcZ9q4bsUvWH9lJB/IqlKt+bG9TjO+vigb9eOSfaILkM
d7NMziP5OQXMjv6NwmJQY7N5TiKWdh9h4G3KS41dr2Oeo+A1FcMEP9nkZb1lX3Ft
9Xzw8jJ99SD36mCEiqndvKA66/pcgMCvPAkkDwoSS+Er4LPcNmY2TVN+mIaF1OaS
Dc1EAXUfjnX8mZlclS/AfCg8TIPCc8o6Neg3DECT2j+IC9bgeoLqZLIuzzLNFrG5
aPNhG+24phHqdZvAkdhHWeEh1GS5uMutvV02hF5MrZLz8ou+56feFpUmeuPzQAfR
0Xbz0ot2JdETmcCTcmZBQ+9oP5DIszJt85wCHJ5S5FewUzsXJs1MQue3NLSM5FBS
hhOq+w6Pp64aaGKKyPi1GeZ1m31sM6w1yFVTQsqqy28GSjd/fQu55ESQ1sM0UhIo
DCUBbNPxycJGh9Ivxii1RqMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHFG9UxX+vMe4E0uEZ2LqyldmHkbMA0GCSqG
SIb3DQEBCwUAA4ICAQCC1jksFZp38JTGFIrNJJ6PgI6xXigtD2Z3KstS1cAIJi/P
/3NPu8iTgoyhNiq7a20tojPJGPlumezy3R5twA16UCq8guGFVEEEkJX+wOM0T4p0
jwtcMOeA6GchzS3+u74kk8oIvvw41K5gU2VU/W2axxnejt/HQMAYaMsD/zcNPXrP
oHAgEP5i7G7fX0FXqERnLU9lgbtTTTuszBnZHIdaUKSoK0Oji46y15pEdhxkVB6t
/BiNPAYM1Pc/Hi366eb6yuY8eJCK94QMQBvYpIjNwThAKclFh8n62KF6gXqj7Hcu
UQr1Z55KOuAlAM7fIBsqL4G2Ihs8yBeJe4YZrkdBqBzpJwOYNj7IsUnxgXYQpkVQ
u5coTbrB8w4Mw8ak+L2McMAYhG5FIndy9GAFEEanrmyiHJW96MHqTD1xY9TyvdN/
Kt/lsYt0W/y6jknv7hU9uP4X/xkZk8z1D+m4jZHRQpnUPL1eSOUPSJ0t+68GQUVJ
NJFmTx/qv1/9lXNy40jecX6sO4ZPLoQydMjwRmSerxki7MP4gxGNuBEpOvoj+ABM
MBlD7BhUn5++BZQOLUU+JYr5kNi0WmFFN1v2SpoMyDydTgA+cJsS/TiOeMrY9Szs
ZEFa3PSiA1fP03SRKC9tqjc7d6vQU0fE93wzcUCgyyf5mln6NV7cxOfDJNO8gA==
-----END CERTIFICATE-----
openvpn_config:
client:
client:
remote: vpn-jump0.kill0.net 1194
ca: "{{ openvpn_etc_path }}/client/ca.pem"
cert: "{{ openvpn_etc_path }}/client/cert.pem"
key: "{{ openvpn_etc_path }}/client/key.pem"
tls-auth: "{{ openvpn_etc_path }}/client/ta.key 1"
verb: 3
dev: tun
teleport_service_state: stopped
teleport_service_enabled: false
firewall_teleport_node_enabled: false
teleport_roles: [ node ]
teleport_config:
teleport:
auth_token: "{{ vault_teleport_static_token }}"
ca_pin: sha256:4ef484a5949aadedf983bc1f1d43f6f31356ca37f9608267424ddc0d9b68e010
auth_servers:
- "jump0.kill0.net:3025"
firewall_ipset_node_exporter:
- "{{ lookup('dig', 'jump0.kill0.net./A') }}"
- "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
- 169.254.0.1
firewall_ipset_blackbox_exporter:
- "{{ lookup('dig', 'jump0.kill0.net./A') }}"
- "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
- 169.254.0.1
firewall_ipset_mtail:
- "{{ lookup('dig', 'jump0.kill0.net./A') }}"
- "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
- 169.254.0.1
node_exporter_du_directories:
- /var/log/syslog
- /var/spool/rsyslog
wireguard_iptables:
wg0:
input: true
wireguard_network_prefix: 169.254.0
wireguard_peers:
wg0:
- public_key: 1ipGUnK8XDbIoBIEF440BhwLUe0yHa5l3kZZc4eFxV8=
endpoint: "{{ lookup('dig', 'jump0.kill0.net./A') }}:{{ wireguard_port }}"
allowed_ips: "{{ hostvars['jump0.kill0.net'].wireguard_interfaces.wg0.address }}"
supervisor_unix_http_server_socket_chown: root:node_exporter
supervisor_unix_http_server_socket_chmod: "0770"
firewall_ipset_loki:
- 169.254.0.0/24
firewall_ipset_promtail:
- "{{ lookup('dig', 'jump0.kill0.net./A') }}"
- "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
- 169.264.0.0/24
promtail_clients:
- url: http://169.254.0.1:3100/loki/api/v1/push
external_labels:
region: dallas
provider: linode
promtail_scrape_configs:
- job_name: journal
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: systemd-journal
relabel_configs:
- source_labels:
- __journal__systemd_unit
target_label: systemd_unit
- source_labels:
- __journal_unit
target_label: unit
- source_labels:
- __journal_priority_keyword
target_label: priority
- source_labels:
- __journal_syslog_identifier
target_label: syslog_identifier
pipeline_stages:
- match:
selector: '{systemd_unit=~"(alertmanager|blackbox_exporter|grafana|karma|kthxbye|loki|mimir|node_exporter|prometheus|promtail|pushgateway|thanos).+"}'
stages:
- logfmt:
mapping:
level:
ts:
- timestamp:
source: ts
format: RFC3339Nano
- timestamp:
source: t
format: RFC3339Nano
- labels:
priority: level
- job_name: nginx-access
static_configs:
- targets:
- localhost
labels:
job: nginx-access
__path__: /var/log/nginx/*.access.log
pipeline_stages:
- match:
selector: '{job="nginx-access"}'
stages:
- regex:
expression: ^(?P<hostname>[0-9A-Za-z\.:-]+) (?P<remote_addr>[0-9A-Za-z\.:-]+) (?P<remote_logname>[0-9A-Za-z-]+) (?P<remote_username>[0-9A-Za-z-]+) \[(?P<timestamp>\d{2}\/\w{3}\/\d{4}:\d{2}:\d{2}:\d{2} (\+|-)\d{4})\] "(?P<request_method>[A-Z]+) (?P<URI>\S+) (?P<http_version>HTTP\/[0-9\.]+)" (?P<request_status>\d{3})
- timestamp:
source: timestamp
format: "02/Jan/2006:15:04:05 -0700"
- labels:
hostname:
method: request_method
status: request_status
version: http_version
- job_name: nginx-error
static_configs:
- targets:
- localhost
labels:
job: nginx-error
__path__: /var/log/nginx/*.error.log
pipeline_stages:
- match:
selector: '{job="nginx-error"}'
stages:
- regex:
expression: '^(?P<timestamp>\d{4}\/\d{2}\/\d{2} \d{2}:\d{2}:\d{2}) \[(?P<priority>\w+)\] (?P<pid>\d+)\#(?P<tid>\d+): (?:\*(?P<cid>\d+))?'
- labels:
priority:
- timestamp:
source: timestamp
format: "2023/08/16 02:43:32"
- regex:
expression: 'host: "(?P<hostname>[0-9A-Za-z\.:-]+)"'
- labels:
hostname:
- job_name: syslog
syslog:
listen_address: 0.0.0.0:1514
listen_protocol: tcp
idle_timeout: 60s
label_structured_data: true
labels:
job: syslog
pipeline_stages:
- match:
selector: '{host=~"ap0|coresw0|fw0|power0|172\\."}'
stages:
- static_labels:
region: home
provider: home
relabel_configs:
- source_labels:
- __syslog_message_hostname
target_label: host
- source_labels:
- __syslog_message_severity
target_label: priority
- source_labels:
- __syslog_message_app_name
target_label: syslog_identifier
influxdb_service_enabled: false
influxdb_service_state: stopped
influxdb_package_state: absent
telegraf_service_enabled: false
telegraf_service_state: stopped
telegraf_package_state: absent
lego_credential_files:
- name: credentials.json
content: "{{ vault_lego_gcp_service_account | string }}"

706
group_vars/all/vault.yaml Normal file
View File

@ -0,0 +1,706 @@
$ANSIBLE_VAULT;1.1;AES256
32383832393631326334666436656235313230613033343036613034353034303763613733353830
6463316335353839616265643938653337393639386332330a316363336538393435343731626537
61353835373861653132353763373166623139316164363333663163326664356262393930613663
3163326266373162370a346562333166386239616330623161656538633336326138633934376431
35616336313531373538663332333830386664356238386566633235383162663065656534303133
66663138363130316634353534326133633736636362376638343463316132613734383339643232
64363065653031656661386461663832653364313533656137636430653030626130313638343266
61303964626439336164333732633436303634323432313639326232343539303465393532383865
65626362363839383563323835303131366339316335363261313865303136636536323661633562
32343938333761626162613433303364386466306463613566373637326565313232636630336638
36653039626136303962396366656131373263663034663631313133333330343666616135383463
63333464363530306366353033326263663737633661333938623833663565333936616132303864
35316437666538353137313735653663353061386335633930336665373330343536376639363535
64626639353836363130613665356361343331373532333930663439336433636464316566303630
35626435356165643635343438666635363935396239356262613664396461386465396139636134
33363332303837356634353466326236316564326532636337333933316134653139643637626530
34346461613862626166313538333638326438633637366464643535366663643337333162623565
36663561653663616335343236383963623335326137373638643135636638333063323166623034
31363266646335633662336432353433316162393066396135313363393738373864636266376339
33353337636337383738623837633061353635376332623861666666633465376263633834333461
39653237663136326339383663343862623038643630386338623534653832623639653361336430
30386463343464666561386666643664343235366232643836643132626335326237353136326163
35323230386131396334626230396662626436363361623030326135326133393138333835346661
39393164346538323663623136643035653939646463643035356666336232626163303165393633
39393135656161653834656664626637653530653737366338326636613663333862376263663764
32373330656630643262313833376565366461383437306638306232343031633965356438653361
61346239323138336531653037383734366565656264336336656165343332363934363933346165
37343363306561616534396265613766396536346134366466613263383639656633643539323230
63383731393339343265633732333530323238613238383836376430613130633132666538393261
38303637633932353563366437376466356237323063346466643436653834633061383763396661
65343336343031643939373033663363623838323737363839373339353936303466393437336130
36336633316336663532656265646535386231616337333961306236303466373563656136303965
62633965323361356638646565623363363563353031626439646361313738313436626136346365
64616638356266376365383732666563663938623536356561613134353864373330376636386162
39373935636665336237346330373562663661323833383731393161613631636336646436356639
31333162306338313632373336333261666631396138373062613261666534383439383762383264
63396630336237663262633137363937666165303332363432333537356631663662646662363633
63363365663637343438373635313031656565386164653632393137346631666239393932343232
64333336616636333765393636353065363263303534393462653461326564366162363531363135
31643862613530303063343637616637396365653333373361653261643833303466383138333262
64666265633337653363343836643862613638636131626462333430313230396164313761346433
61343238396163303038643135366361643832333965666336623365333165396438346635373861
35386562366535316330643362616362333137303033626564323264616664323139326337323536
66336631343638623966313237636130316138343830353131356237653364613165363933343234
38643665366233663165666563306133366263633661653361666133333866623339363135346230
32346566373834336665363865323430363736333835633562623861396539343236393337626265
64313239643865363834646333373634613133643733383764343236333161636166383065336536
62336362393633373561663832636433363561616164386465616432343964313032383030336364
35643566336164396433646431616561653361666132663633613739346565653163343664303932
38636336353130343333346465316633313966303761656233396331663930613531643231386434
64376666303131643636663163613062313333313734646634663162633139306238343737643066
66653331646637373861326230636433323966636133386436653263363564343166376265626266
66346535336236636563373631396135386366396139623866313166333036386533343361326334
30366662613963363565303636383831326633303932346136386632393835356561626361643438
61616531353766663733303532623263613265633662316166656530356233376135303335663338
62613332396366373933336661326630663931393336623333643838623339373562366334663833
66323363663437316661353461636431653736366538363137643362303437663333663035623432
33343130343239646336656237363463313133303734616237313362363061633837616238353737
62363037346133316534623438396561626639333961356531623162633966323866333238636530
30346237646633343539653533343632636663356335316538636262393030326263373733386539
39356165623035613730313132316134373166663063613966363734613134336337653162643139
36323836623735306463343035363365633937616563346538393135646364613439626165633061
32316165306534383764353464393335656262636330303131636432646131373165393266346432
31626665376363633831613266663338366236316239333831613232636661666666626237376632
65626664633037633638366533363833333064313639626530313935393664396563303961396238
33366231363136663961323131383562666233613834323037303134366365356566396262313031
33663035363435343563363465623764306136353137353366313232663431623863363966393137
62323162343036346262346431636633663761643538336230636438313436633265396437326563
34616135663261653631373032333638376365643931316538303132303038373730663630616637
31373263313732626139363364393337386536333166366535623734393837653633393864613435
38306463653930343636646365313433333530396664616438656135353337393761646335616530
37353237373534633363363732326161306335326433373238336138656531646339663930663861
61383462343735613864383935393865306337383166393463316236623066646139613131626631
35633332343132656239316231643665346362393866326134646534666130323934393661343833
34333234393036616662333632653039393636393334306133656566626139303863303937326539
65626232393537363836656263336364366538626432653137656630353634303836306235623762
66313962653362343966616133306562613962306463383637313865336334316137636662656139
64653338633236333762353863613263313833643236346361316533343235343234373732373165
64636264363066303436636137373863636530366361346465356162333233623962313961313232
33366264333533343965336261623031643061646631633065366263343865653663663131346663
32613434653035333130626562313036653730323733656333323231623537633531326137353661
37343831663738386230663062363536306162353732376463306235386164306264326433393636
61653835303532626138323362653532346263306432616265373363633537396635613766313539
38323934646236663362333533383637393831633837633466613462306263303234613830303132
31303462333361313765636164383437303637653365383861376139306337343230333938643934
35376263383038316239336439373631656635336333323336636165616433333139306566306232
33623338393563333133616630626562636165656365383164376663653431353165343837613233
39646233653765333435373836336666613837383665383938386661633764633332666431633638
37366131333635373134343965333035323161303863306134393437316262316465363233646233
66316364313536643633373061646561613835373634303764666562663533613936393736653631
38333139656636366363636535316463303339386266316365313236316430383262333764373134
34653338633732393538376261623031633338643136346236343861393631386633646533393266
62373465333734373232383465343036666137386537396538313334303033656265356333303933
64326563343836363931663861623365356465306433376536336539613336333038653766376433
39316138373662633863653636353361386466346433353132626165373562306165336233663363
33316230373735623963393061623962353432356264343936613936373163653832393131633665
34333737643364623334386661393663353137333637616533346562313633363935383633353939
38376234653632316434383433303936646136386363386265343932616136323032366339626664
63633038373064646566383530346166623539303832363238306161373631653137623462653937
65346364623632346335343564366339623764313032336164343138376239346262306432663036
33306236303464646638383066333136366264396332373835653061633030396233626532333734
61613138376230316464326339323235633333313339356436623161376437356332353633656537
66393264383138383734306463323764306434343735346164633839303864376234363130393635
31663165313330636130666532313730373763323332633239373434386436336565376337626439
39616637613363376563336137316363343165366363336535363231346164636664346266306364
30326136363135393433366464383936313338343738633062326338373435306436626630363164
62663133373833323365366532363430306434643435303263636132373837636331363339393433
36366433633236613635633636326138303332346636646439366564393962386334306533356566
36646165393139393939313064303536376262306238363963323236303938346564346436306532
31656361656232323637353836343663316262626334666138643532633363346239363665346665
35383135623832376561626235353633343562656664323637646635383937373065393066393664
65323938656161306261653864396335326237393764663264343836613532316465383032376361
65663934363264666439373538386639326539623565376565633637323364653362336338353436
38306234666266643036376261376337363563303839643530376430646261356333386261666334
65326333313131356236303430303061396437663233626430386665323839633739393734393434
37323937396337636264363031326233393734396132616138306436323762623332366330643666
64373634383135396330633131643261363136656136343932633630333731323435353233656434
32336430643835323935396461633633663831376231306361363666303063303662383362326237
64346366613230373431366637623465383963643133346437306434373832333033303830316432
65653339353263623830653236613437313233653063306163613063313465623264333333653338
38363438616639386230393630383935376430653334316638366661366462393963623436643333
36343939373762396634336364313664363838303130393365653436323134346337646136623737
35623866646433646438343737613331623539383865333433646462636566613331313939613864
34366438346235363838396161303233353861623933343239336361663532353032393335393665
63663138343831343034656239383164633738653566393934616564626131643531646135396630
63623936613663626635336264393339633761373430383830386665653462336330656164623663
39613237643431616461643461333733303436666130306637306232393738343166393835346533
63323136373965363461316439353261663633373261316631616630373039373639356364366633
32613339663461613335326564613633393332313932363636643263356165356634373430326630
32343434393530383861303862623134336666363935376131663835633634356531316133363637
37666435663766343630616337643736343238663866336562383562353433373334376266626361
64613630343832316535663433636565323238623638646432306136386666633365643930653334
62303862653462656363616663666263376533353533376632376565393664373538383335376433
36303661343263616634653465626339373130323335313437663035613537343462633636356565
33353065336133636266653665613830333762663639666335666666343964346262353966386636
35623137626463623838373037303136323162386362323737353239323263313038633261333062
62363130303031616166333563326431353163393535373334623562343331306665353331346135
61363531343031343632323034323430313361626230643331363038666466366236333764376134
39636231333265623435313166336636313436326337373131303133393630386533643830356538
31353662643163636139653164653537323432396430373837656362653937323636373764373462
31613335633964363739353061386562336338396564336233666438343232343333313533666664
65316334333632643734363133623166363932343066323361393730653835633833353935313533
39386464623465623331636563376538396332353134333134343562626265666465656238313432
64396539646335633736303663343034336632366363393539303537646131393130623735333838
30363138633564613431303765393733333235613537393836373234636561353338666230356632
36323533626538646165303665343263366635336130613837653161333834383835613935383335
61346530316363346532333362356632383535636664646432623538386136653163643033623730
37386666643031656166386138333335336437383065376437333966613031666261653830653632
63663834313964623337313865326361663337316234656633663633363766613037303430386233
61336532616634356434353334333262663531663136373164613236303365376461383262383964
35626133353434626236613032613932663335663834613666353562303136363032363735663431
62336130653035323830633161373236656635333031396638336634353562643232346138363065
31663030666232363435363261383361343964313662653139383833383234383136313361343962
36636663376531643764623236643863333634383562336631303835306531616366313335303935
63386538393439396566616333383636656435616433313235333731336265353965346362653532
31306566626364353261666539353639326137616266326539623762613239366432653538313431
66366637306331636137336139393034356461386131356133383339363234333165343163636461
63363531326437356261646234343065326136626332346138326331316433623365323361333737
32623731323463666433376136326637363838636536396664633738643363383432316663646365
35356435656330396335313232386662613164373161383538303035653562306164356234386662
30643731363565343336376234396565316130316533643735323535656466353062373333623835
62653864643437383833383465643163363932346435356337656231653035626237353363636536
65373535616262343666303339323831336232313965393632643435373463663664623636623863
62633565633136343762393734396633633465653133323035326561356663336361666466636234
31363434363831656365343733663932623631396263636638643038643137636630666230636438
31626665653533363734333963356237343432643233623665663562363337326162316631303937
39353930326135666561666331356138346362353235373266393538666665346663373938353337
37376566613064303262323561303462363430313464326330303632613365663231323362623133
32333466336539303166326131373037393035616437653264393838383964306363346133613039
64613834383635653633303630363165613832386164356635303162303361343932373839343239
34383965643836363762363833636530366432336638353139383131336663366362626637323330
31346536313464343432373239393034653763333238353162306465643433303565323365666530
63303464393761303862616331363564663864306264386335336433373936343232353862363537
64366637313739353238346130376165616236326333646137376632363163623238656163636463
31633738366239653365383237363138336539346431613231643366373264363662653361633964
32346239393538346439356435306236656132636561613337663231393530316435303639643233
65393062346138396164323633333930653965306334626365633235333265666362366535343331
30336162666362333032356433316439666637666330393861333165613730613138626539353834
34343531303231333833613835386637313335333661313137373034646666366233333061336365
31663533613762313036613534393766653861313439653535643839353361616237653834643237
37393432363565633261373435313330613237383963616164363665363635376363653737646535
62623936306464626337353933353835626562363838613038393064633361616364393532383331
61383731366463643833363633303864363738663530353037316238323131633939636533613965
66666334363963393862323234326363396461616634643631313865313466366565616562376135
63326139306334373166303465303665653734383461616364646665366231343632613637616636
39323534363131336333646631373439373666343035623664646230653064653236653932373732
61613235396432343435326532613535663138383763313136356431323630346332336336313830
39666139303638656162616161633634623031313436393166303761623463393363393966643635
32636536306361386236386238633563656230353162663731633832353164306162643764313535
37326163383366643336633135623137623636383837666236393236633538343636336236386461
36363430356366613238326639336161613765633732613966636661643532643632623136306536
64646564623437343438366239356166663632663262306639636265653462646134333537353130
30616536353434383633353934306463636634376639386462613633653938376562383636343962
38363063393265386636636463336236653236326566656562323763656134313735356163316665
61336436636635643738363631616339373064323834343864376235653765633163653739393333
65666636393339383238613436316633646665663839376338366161613238616433653532363231
39303934346164363933396335656333663935336538353535633562326234656465393430636439
34346130373136366466343166626463303436373037313734373837623134303964313132616535
37376164353533356232343938666161333931663662323336353639636161346266373163336231
39613239653835636464323231396331616165303566373766616461303662353335383763326332
37376637353963376361376430323461373934663065623732656333393838346164626433343864
35376662393234616635643961616462636135666237633265386134373530333732663736396335
33396131336335363230343062616462303761306538353661323466353636663336373335353831
32646436376635336131396561326636393262656334623663633434353062303730663762633366
31336332333865636332313832663366353136376562356466336536663133333634353365326233
61376264333463656265356662376132393966656337666630306537636531333662396662643765
32613832633130643937626366656333333430376136313262396536633461323261393036626161
38376235616666316338346161363963326432343934303564623566616137663838383336386638
33353565393464373139643834333733343633343265396664636638353333623238633039653336
61306262383631656337396438373138663566613133313365633964623664396631653934383338
31373638316134313035323137303266616330353165363162376663663535613963623862653630
35393531653962623133373866323335336136313131643862633266383762393730333437643932
39653234313932363765663762653136343832316331313733366563353736306137393837396333
39356564303864316666663136356363326330613436383662633761636266363439363835356533
34396163353239363734663838663364666537333365636462383462373139623734333761653461
38303064613139383965633339666430313435656133623039623336363536393061666265346435
63306365653035313062313237343433326162303834336533373433643230353634333238353232
62343838616535656330623435646361343239336334386536393330316631323438656137633438
66663861363931616235636133343263623838363236613461306661633539653037613565653066
61336433653361653334616538646533366537336263333962646331666439373363376239353061
62363730333133343161386131613162393136376566323733346538626330646464346430363030
64373833383466643831383531636661343335333531316336383761633230663262343166366534
35383865373833616138303238393861626463643261343731663665643530643539306362303362
62633838653039383338363033623636323230313164373166396633316366393930643031386539
37623263353231636131343066333661646264353634653565636666313436613766323238623462
35343035356338366563386139653762613033353365623761303938306132373362396263363963
35616132383430636662396139323538336334643264626361646465313063316436643438616631
31663236666236336663313136646533366639303236366266323465666161383661333534653733
31626161353566663832343966383066393636616433376166636338386462343238666434393639
31363438636135303661663434313961356634306639656266623163396363646531376632326231
31613232643230323062663661313035393638656331386366323135336633346161373962643738
32346538633935646130333933396666613264633162643133306362613564386465613933656135
35376639656332333836346363313531393230646166373830383933663364373537613634383131
65653831356533633438666565326235313066333261303366633564356362313261383330376565
33633866353061663633346233333930613434343466663534613530383338393061646236373061
30363535623532613539356164303661393731336138373534623733626462363962633836633431
38366637386366633766633039626664343263363739626661336139336236363736383162316562
33313635623465633237626565336661633235363863613239643062616234306434343231396533
36336566643064383866393136316438633334373639393766623435386333616634633733386638
66313733656139343266346363383163633830643933656163346136396366653565386263393736
31653832363039313163366366363064633664636563376566353630353165353966656630333864
36363863653737393933663137356632653331326364666132333265653734653164393030353431
37663638343433306463356139343232636266323231666636353932313566376163383261326164
61363734303031626337353434323534643831323531346138613536633965376265376663323930
35376239333664333736373030666433623731623266376630386536316266363435323138373761
39303330663230376461646531323037353334343462323631333564386338343035623264636165
63343264326161303031613736633264326366343839343135633366393765303231366539323736
31306334303939666639633030396439313938366232373036393662316430383538656634396566
32366232393065376364306466346134383266323033383738373030386263656561663838363038
37343363656137323430613538623136343335313263636231653031386166386162646439356432
36323736393137633863303439373631613832396364303762633431633436653337616436343431
36313333616531393735363964316334383861666231323532616435316466633462303530373764
64336463306138343564656365653333666165313161353836333539383731663462656235656263
66626664643466653362636237313132306333636232653739396634396361333130366564663063
38353634323664363931316333336566613237663730646333613664306237653062646264643532
66306632303264366361653264373830303935353366656238613830316263346633356262643030
66353033623364643637396338666138343330313338656433663330633234643131626531313163
33343862313430306636343935653464653139376634373266646130623932663639356639343637
37393835666566633865666430633866383031366263613061663936323933653934306231356338
32333864343635653563306265313030613463343561356265363337636136343561383537343138
39643666356531353933633962356539393162663830303366633438393939616263316163646432
65363530383139626137626563376633343837623761663134623331376235343239633062393337
62393265393838346336623865656565333463643732313831363562646430613931393237383930
33396661613839623664396161323538613763346536616435363136613662303161386430633335
34613366343835613235366136383838376161356362353738333131333639306566636535623037
31323636356663333833643636313532653230333261616464363963373762643534306132626131
32306566373364323732626261353164376539613164353133613965316666633364353865336130
62663162323964663734653063323435656163323863333736616230346437306164393838613462
65653662363762383535393164643262313062346638636164626363663338616536333462323563
34353235383237383739653336393762386436636136646231303763386134643439386139336634
36643738363233326237316664356233373933313039333630336435616338643131343232353830
34323261393833336333613130643065393130383663363964626266626662313166343361663538
30626566393331376663343963656638646338376161323433393933623462653561613566353261
35363734366236393662663061323031333638326230626331343364336664616664626235386137
35373433343534333930353432306434616232633961623537346433636533643639306130333039
39343161646233653539346436313834636231376338373565653538343762663231343539643730
39636364333039356630643261323663626137303237333364666631336263623661636561336139
31343062303135393164383561333166623461326630373231323966323731343738663837653739
37646462313361666338356162643035323530366266613531653639646633383531613463346165
61333438373338653535623365633463393061343738303432313434663636313339323537633564
64303865303137393237376663346532313864346162616164643261313565373832626261393861
35323334666638353635643765386266366136353963623864323736313337316366316238386434
33613638333732643336323430396166373632623834333965366263353431323039303935333130
65326330323536376533643564366362363665333437636462353637313634326634636333653030
39653437666561346136346366353766306430356665623965626434373732363664363565326461
32623061643731643236646362393364313938636161636466353939653735396463343533396661
65393532333136613330346537343637383465643065663433376530633362613861383061633564
62663434633836663539323736326264626335663462303037303263636331306132613966326466
63363961646537353362326466346266343732373561366565393461383138356130623931636337
38383064316639383439653833333631326664313861656131393638323061646336326534316233
65666364306236626161313163616364633630353830663863663131616636636432653133656461
31366137363065656134343734383136613833653764646138613361333131376435633334346666
36346137353766383362333138613964666430363038353936663666333438346530613137643435
32366139363061623438336331613164343865306130323739363733323335386333303638396233
38643761656665303738626137373639336136306634643734363237616133626163663163306337
63623366393461306165326537626632386166616363363538656336346535386166646131396638
63613530656364336633333562613339656161386437323334363365303064643637663736633864
32306465306563326561393133323639366262393864303735333564666665626630373562616166
62383533383734623065643062613964663339393362353137613237653766653032623735386137
35316665333338656438343537363531353565616133326637616233393934356133663264623834
33373338623966643436643934323464376337663932623962653037316563396439356266346132
34353264383161346265323661376133666330323935393466616330646536346166323461653430
63346433346264333038376165343038363961643864393031613538316261633336333638366566
34363439323733323364616362396138383237316238643634633564323831313438633337333738
65313033646532666437323038396238613664333337616163613432353433306232393032613665
65353532663133633066343063336431386135386264613262373235663032643933636466333737
66333731386364613831613939393131613764396266653162616231306263656366333763393232
32363939383737626466353734353133386537343037616637383636653966666230613163663563
34643639313834346266633233343363656663303831316166343734623438656333656235636266
64363235623939623139333866623534656362386462306434656263633664643331656661333761
32646361623762333264633036313937343963636533343262316630343362626435346666366461
31333762393063333635343363633535383666633836633333623863663233633732373638366239
31666333396364626666323836386331626135353836303635336466393364363836356366316439
39303833613339336437663232313937663133366466633562306233336161643863633237366630
64663166613135303033653965336236633936386665336337336465383139303765663430313463
32623562356661333239313739643961323963353138626164666466653266306539383731366565
35633865613731633239333034353036326661383337316235366435646363313765363637303932
34366466326261636563643461656238353430623965316635346131366630653235386361343433
62316165646639323763653036313566353736613438366538323963636333386639623965373463
34353534316336303238356235333934356134326666656437646634376564376532656265333938
39653033356363373366623535666665333462336136663134383331336463653662303362373263
38663934316164376135653233633866376334643664316261663461333333313164303836643537
36396464653662666238353464646530643430313132383462623831616265333465363635353565
62366233323435346138373763636137636366376465666631373764656365613537353466393237
33623337383833343939653961323436383734346637363962363032313135363736646138363065
39613630636530396237323366653066316334656162363737383364306230343263343034666363
66343237663037333830346164326336643834666261363736653036653665646633386330343466
33373131646335366565353439393535383865383861613465383339663334613337363937323961
37323365613565373435386539333365666437366263366265313934343538306363326636303462
38623564306564623565653939396435663164643532613530383630666430633863633933396534
64383961613861636330393765376136326563386434643366383366326466323437626635346466
62313466626463363564303462396362373632323463386334313966306134653663653036613335
34386133383565313561343536336233393164336337353433386439663166393432353662633865
61343165396137666437346164383236363164666331346565366166373830326262653935663939
32336337393138326132393938336264376166316237383838396632666166383139323066626434
35613335356664363064623165383633343562386234303132303737306337363065346665623336
36613435333738626331313163313633656432353431393030646235393261646638373538373832
37643730356533393330616366363164306338343365346530363962353937346538616465636337
34363863393638373131623965316537663966353434353264373865376333343438313136373639
31353261313536386662626363373938343038613437646261353564616464653864316534613639
33363362396561363735303939316663613538336435393730613538666637613231303837393436
30616439346261396262613666626165636634333362656532373563343861333932646434393961
64386332363238383362616464653732373137303436383961363134626135366265316161633964
63346566633065343061346164666133306561346365356435373437656333336166313733323230
64623833336565346662383062383761623134623764643039323937373631373631333835626236
31393837353039363438343864343535613339313662633761373962613336616566646262653033
63383139306231333630323933656134316131393432643331373036303838663764393130316566
39313038653662653161316532633162333433626263393538356362663630643766633164366161
34313736373263303136653865613237386561343365663763363836323764326263656162383839
62656539396136666236386436363031303130313637636265303231626163343066396637616264
33663033336636313832626466666437346664346236326434316363633936383965303930386238
32613662346162313661383664363836613462646239653136396133366165653539396564623065
62313734326464656432353534376564653136386265316466323865623131643339653538626165
39376263633938623764363461626437666463383736356663626162336638363539326166313365
37623436643838633938363362323034343238313762366435313135333534386537653661663338
64646330383063653462646239306138633433316366396131626431366333633838333030303837
34333831383531336161303838633733396138383031363433306535633238383939386332316362
63366562306265636466376138636231333439363530363264613033346430633634343263633865
61326533343631666131393262326435656466323961613064616134383764333739353465633134
63623762616262343166346131666663303362383564313862363363613132376334626665386533
36613762643630373565393432656339343665333933656365396462396339313538366163306636
37363534313534636264663063386461323139663333303435643261626135306338393131663536
63633234306430353130616439363838363563666135376235363366326539663137343339393237
36656663333536613032393463643662353230613531663933383363626233386138623832386164
32383162383061613630373831383832643036316530326663326564353833353035363538653837
36353634623061636138353434626463313565613939393566623131363937353461333835323534
34333234623234653535396666343430353637663465353461376232616361636466346237626461
32333535623134353961363362313463386439323638626636313335333539303535343732633431
37646237643864623939653664646636613832393436346538363834346364643164396439633839
62303265303864396262353564386135353938646430336338613531326162306439623465623166
62393439376561663035363366396535623931353066386233383233396432396566313632326135
39326162636134623338616230616630326234353333656538356663643339363563653233613730
33386461363930666563383064623134343139363934303065313238663531383632633936623032
32636230376332613966383532626137303639663332633763663262323262303261386366633330
32393438666463303931326465636230396238643461616139373338366662386432323561626538
36666265366136616531346632386634316665333061346337373363396465653863333133373863
65313335313662326665616164353535633764663933653937366636666238343334363265353465
35346665636462323766636462623765653334333433656566633162633039333862336536613134
62633532383338353735663231313865333365383861313738393061353463616238333462306564
33373065666339316436653636623233383830366361663137656166663364336661383663316530
61626339386266376535623531343234303665663964366531616638663132623863633934656631
64383334333862666365313566656430303537373035323437333264303734613836306265666562
62383864323137356437323535653664653839346438663835303536376337383130326137393430
66386532376534663761393931333663643863333866353830653464303761633931353734356535
37363433346332313637663633343064636337363438666333303066633061663161376164353432
39326537353131356231656664663534306661333561356232343066666563666265363430316433
61376337316661393534336130326339363465396664623663306364383632633662666437653265
34346135393231633466326230353934393366376265393131383133343761366637636132356366
33373935326265333836633931396438333461646334393938323938646531373362663639653939
65643861636362363030643065653733313166353665353063393231393033323262663463303137
63636336323935633061616163656231386430346364343961393032323935343963366263336136
34356166623964366132386131636533643430333833663732623937613336613962643462663564
31356461383166356537663337393836376537343661326261386166323235633664323235363464
33613030366562343737356232636538356263663832386366306262656335393634616238663131
32336534613833656264646132373762373937363961333336656566326563353764316533356435
39303534386632336434343133366465336239306364363566313030666635633464336232633334
63306666346464343265633965376237393338643064366666373234643435646236346165313131
37626433333032663161316164643562613863316333333138656631663463373061346636653639
35396364636334383761356266353861373732636637373534646534663536303731626263636666
31323638393834346235633565313362343837383765383064343632356636633035353662346266
61383765366161353138343561353030376463363463366436633766333265353964633831613534
62386265303731636436356261663539646534656134306563346664383038663632353261616139
66616437333138613734306338346531316562653966343061633739633130386338623934393263
61643437633565396565633733376666386134626437656430323465323938313738306433366430
32366666303132393430646636376363323138323335326533393538633439326330616531623364
62363731363263353166346230326664643230626435646238646137613033396435643466346366
64316261653035303435643165333066623935303333373262313731383335366664303636316432
36396136373033333864653861633531356365616336353434376363303234313738636133363932
61323462363739356166326261383339643866313334303530346264356462353830373538636336
38393764313765386639306363333239383139373039393035323764643538396639386531393663
30356133613465326464326331663632316333393030373366653539383665633337353239363737
65663432326239663830626231363339616636663238336630383438326431346361663432303239
65353662396365343639633536386262636262666234343535386562373637643835303937666665
62323232333564613364313163646163633137613461333266306637636538643134323064653333
64623166626236343034646231633439633632316439336565356363656235303332623333323139
37326139643736653236616436636537396337303061333635353331306132653738353639626565
34643665316665303232353630623662663137353562386462393234653366383233353165353633
39306533303364666332373465393165363936333132636261333064323839643536313333376634
63623466623266313436346338363839353663376632343062396564333436353133306334383761
35333362393866663731663261356334623234656536663662626563326434316132376164623939
36613031303930393261623262346566343433653236333630353463363566626162623833646663
39353838366233393532643936633965643163373365666437646338353665656165393430323632
34663730663864363962636137643532656339646431326266656161323135623136353961353731
31343730613435623335623937636662353962313163343631383363366662623331356165313139
64386531346138333961396365316565393531643863366130633666333639326434366565336636
33396136623137643266383731303930643838656261633165656631383832373637396235313538
32656461636534363963646162353362336362653030306465643761313863626631393436613632
63386232303631633232366663396361326336663362613331373363356333376563366135376536
38376431653734343636366336373730343630653166306366303732353035303233643030303439
31353263623763396337323038656539313535613433313566376631633238383939313164613662
61313739326463646130643066643331663930313535313432616264336163643365653132396263
65336537336438323035353566623039366562326364366566646230663833653535633863646634
32653661613439303162613638323234656263653834376433333239346130353663383437616437
61356439363136326664643337653438376661656636333837616338633931386639653131373232
31626566373931613930613435393339326539336233313339623533366537333463616664343132
39353161653938313635313532373863636162653365643632633263633031633162303839623166
30313462336637303338336361633162343730313534623235346566323063373539313364343865
62353862303336303866333333313664313761333261303233663530383962353036616664333932
65353630326335613365346235633434633665356234386133373761353461666532343732613734
64663736623264653434636438343162343138393635306534366162326362633862316438336234
39393862343462383739643737666335623038343461376331376432613762663865333130356339
33393439623163306466353435376364313464313932623135333830363937636361303262653537
31626136313162326638633337363338303365646365393633373563393032623039633662383131
35643831633239646438356632666231306232323864623632633335363361653136343638346135
31323335313533623935653965616137373436376530386338373130656561346232386438653032
63633733656236336531346138623564653763333633653634323566303034386563633039626565
66376232376434343533303930326665636132306532353130343365353064623133313232336364
37643038666631363663313431376430393439323436363432323663626464656639333039306638
31303830666661313236333937333064663165623363643837383362306166623962356231666430
31666662303464343765313234326437353162643832663533653034376336633837363532623163
37363636343461666234313661643433303733376366366265656463386435616232663238396662
39663739366335343734626335666534366366333435326236393461383533343834353664373037
38386636333130643836373235663461373865323361396533306238643962643535313261333165
31613834613963393935313339333466326464666632363065646161663563346366366335623861
62393964346364303631333765373861386531643037656166393833333963633164356239613735
32633965396531656564396138383366313465393163643233633162366536306362623765653165
66663336353639353133366539343237323930643565626363633532613462613361626661386662
34376264343664333530633831396439636461383234373330653637653761333661313437353165
30633038393362633436643831616432663136643166316636313064373762663366303332386666
64303633653833613364646535363530633430356163653934396430313633313164646236616464
63633664653165353535636137326162666261366432376130306538336638623439656438343662
62393035383933646635636336636563653133353566623936353162623064373162383461653037
63666665373063306662393762383265646337383630663732613834663235613365633264326437
33393636393636343933376264646432376132393436643961343333653566353137626630656338
66613038306338383532663765333764383839316564613130383662636337363939653266373735
61616362336237396364396535366334323761363764633734333764383262353035383933323263
31326666653438626566653136386535336432353166373730363231393635356638333163353937
31396235306337623239623931613466326132336634366561653739313238333961623133346662
33643034663566393265636233326134323432626465616566656365643239373939626463303039
37646133616536333235373064646536303039376364306235373832653864356565666630373439
65363666333139333432383462656138396533653631303863613637343935383235643062646530
35306366366435643034383562666566326133643062323962313265653232663639613930306138
62393463336439383933653637343737376531303339623836393231316361376264373633663466
35666236623938393834613838373364656636396630343464343639613466633561633734636664
33383764306532353731653637316565633064376630643562383538626366323761363537623736
61383938663034643031646636313261373961323138313638633265356433653735323662633831
66666664663631653064643466313037666266623963363163303163626133653861323234613365
34666634386661313335306366396664613231356134653162636330663735643366646632373261
36663335353739626464386533313065303437626166636430343332396637326435343065656536
62646166653865346539363534393432356139303565333463366363626264343232366530353865
61336438313666626166613630356262386364373261633132366237636363636661383162346465
38393232666633646163343638623365643737313735343861633631313263633036313937663464
65353062626635316533323565646233663432656165383863323665656434336161396339663735
39353031353563623165323432656663373131376564616435366531323834376161316632386138
35393564366535653862643863366237303464643337363939346532623239643737633033663164
34313539616664313463303933373562616230643634393432326337323235616434633236306362
32663264313366323963623032636565663639643763323162363235663837646234306630303633
33336562633262633562633539353430303261613231323539653531633832656465616262396263
33333537366534613630616330383064643231343164353862656663616166336232396339393736
63313865396531333435623435653066353166633538336339316262386631353362646234663764
61633266383265313736623539373766306564303762363564663339313933653930656538663435
30363266633261663931303033316336326533613064633262353535666337346665346539646336
30373730323663333335663166353164386533386564363164346463333938663362386132626363
64653066393561303238363065663434616637323838336132373730363731346433323265363833
63633363336336376663653962353363316336396235623833376530643633633435633365333262
62393134653735623336353436646464353335343363356466323662313863356636613131643137
62306635393039663035636633393637376339303065336136333832646235376435393564333837
66613066653038656433363462613463623536313536383365626565306536303264663438356237
39653431643866653131636233323439393932333339373666316630663632643465323234323861
33643235336163303331633265346539323162386136376636633633353064363738623838336530
61333137373665323337303037653065383362373863313734303835383161383762346235656639
64333333326433376230323932323335343161633166366534316236303932366637343330343961
39303732363133303561306461363139306334653636383064643831663963313462343339353166
30633336323963663435613937633462303366623937363137656165653063643330303435333062
62373262396239393738656132373663366431383963316261623363333134663362343435326334
30383231326136333333613462393631613563356333356261653764616232336137366536393561
31373865336439633962313632366330623436346330386138306165393434646364613531323665
30643636313233323738393535326239643936383637343735393239353636373065616362386336
66643064383037643230343832363763656533396533396134623264623830656239656638666638
65643163343565636462343263303138333061373336636633316132383965633135653831633633
32393638396235646538363363353061366137363135623963323731323136393932306437336637
65363966306262353664653830616262623732613431353436333965653536363136363866396538
31383635363134623530393366343933663163316465363439616237613564353239383135393063
62393839306236643431653734363164363435653235646635636466633036626266643230393538
39373033643032313462303437613032343636363466303535313337333238356164633366623561
38616332326365366139333565386331316561383038303830663830623830363039623962353137
38633165323865386264613931353431386439333063356437383433313265666161653738363339
61643830613739316166353562336134376366383661633931383764343733656332333637356536
30393736663535666634326431316232363965383036626137363463653162343032633133616264
30353639386661303762653563623133663735616339316435333164376531353732623162363431
64356535323962616261623661353838303761646139366362313435653162396238343630313636
35626234613637616530656139663465336366623930396434366634626336626564663866613561
31653432363030363239313334396234303164346266623464326630356664653366653432383736
61393663313230653936393637343463626562366533656435383561613839303466613132356239
37613238646364393031343631656361363333306662363132313331353939633264323362316262
39616133633331656466653563323931376631613663386364643661303835663261653637653664
62633465363536333365396432383432353036623235346633363534363361326639343864633930
35333565633531303235633861326537633633326236303932396536613664343238656562613835
65626432313335343763326531376530386462393631656366313832356435386234353732393431
63323831633436346239363738336334326463633339393236396437386462623963356263376365
66376439343466356564373039393437313163303435643766626133396464373334623836313431
38643662343931336535623430383764633233663133646564393632336135336238356431393636
66333861363935353362333033396533303033653239633639643930393963383038373061396431
32653738306262613839633134343266626361643034383839313265613465303761613336396339
37643862623364393632653436613533363761323133666639303564373638393833343865616665
36303366633965663237363531393931633734343439663138376465636536373033353731393862
66633733353331373831653732613433323134643735363937396664316662633030383530383264
65643361306632353162326433653335373130353430633532666536303836323539353136636664
62386434623339623033386364393936396430376236616635656162343037653361356264363464
31633735346663313630383564396463663630353861396635323038613037393636343034353161
36656537616263663731306261663036356432343465343837346431656462336430336165386333
65356532616464613830356534313734613733313031646363646137383533336436643830663834
34666530376238366132373166313834396264626331393530303064303333396361363331623666
39396230356264623237636334306434376137386133653338323562616236623433373835666337
64643533383966333338666630633638666133633665343536613433353766623038363066636463
32326339313433623135303965383461363639636235623061333961376261306635613130363464
30353531623736363832626466323761663964353932346336383737653131666331663763373935
38353063346139343433323038313335623861333338636232313432663430646132366235623333
30313936333066303362316263646537636266663936366238306363623732396630643436653664
62383764383262646365363338386333333165333433656265323036353262396538666565393466
64373664646438383434653534646334366562313635663366303061353931346163646665623235
33626438393864333433666565396535633063303230336630663433636266376466393630383233
39383563633966616131656532643362303363643164386339303830396334376439656339343064
62656162613235356361616564323938303161316638633530373234393638383834633961646233
64383139633239636231336233373139306462613761396631376465356665663836386538346337
62376334316535616332336362393435346636656566333039343162356461343437643863333633
35643333333133303334366532326530613863623963363965396633616131353133626665626337
63613165616333643631363437386535396161363065623132623233383739306465626264383263
38663663666632386530376532326131653035356131303639393636363038616235666234346239
38663638326438623539353938643837366664663036353735613438333733376465346535363530
39383533363639363139313564343733353734373030323538653238346231313831346435353861
37393337643738383866333739656532336661346162643262303439646232326432313636633538
34626362393461346361313666633566373735363930363439653031643164376430643062616239
63303234666361393661666462343661653362313565383861306363303062653637663232386365
62333938656465636137333637356664666239393935376432346331626537336461343737333932
33356236636565336631356666303262666536306338316635376231393463353761396630396136
33366463313032313431333731323539653461366464376434366464343334646431643764643561
38613166343264343637316336333037633730376266343338663730613832316533363235363439
31313663303334393361343338343034393237373666363764653835363065646230666234313939
62343636366235646366656463303738663465323736356666373836613939373163396436356435
37316438343336333235363930613031343430643466636531353430653039353539646265663961
33383636646264616131316664393534373337373737646335303736303537323837313036336336
35336265613862613335636233353963633534623664653861383265666464623034656332623034
30363330383764656230373035646463633363343961306139353638333666616162626432396335
35626630663862343361623366633065303336363230313839343663386432356236323061633734
39373561313633336539333839346139343135633465653632386266303265363464373266353135
33656231343762346663626131663365646530386136613265333131373662356634323162313261
30613633643938313239633562383430636232323437316331646264353635366335646139313735
36343232653563653534313932356436666239373439316463643662356363373862323334326663
34326430663036626538663162623566313966353530306562353638636231636539626165313566
30336261666563626166656539366365353965616566373861636639386134323931663264656530
62383563646163323066646564653463633839363133393265303730333236373638383032353037
65383561313133643437323761653730636632663430653336636139316639643762346337316438
33633935333532663266356437646164633534626532323739333430613962306638396436663530
33313662353761393962383065643036336634356464303437323661636537396463663838393138
32393432336465343661323063666439303236323137383030666163356536393337633033313161
64623437376130656635623334383564376164373432373839373530303733313638316630636366
31333832636461323663363665393038373462366339656439633261613663313162633765336539
32653162353835303231656166336431653634613633393731336363663037386633303763653663
37393831336630646132663463613163656461633835653238316431643965663763643637363237
61643232363734666632383262313930646338626635373737656634613039663936653437333733
37326662616265393063393162616435383439613163653030383632373833613638393063613766
62613037316466323735636131623334396634363561313232373531343761363466643430383836
37653638303166333032343232343737396632326166663966653637313065626466633131313636
35343230616237366563356430336636373864313765303133396130636439336466353964633766
65333631343837313361616164386133366165336464333236336266313332373038363065313762
31336462613263633462316632356465633362336666393436643665333130313138366433613963
62376130396434373139333761383034326631323932396433383839613666326362336534303763
65386632306562386334326437386666666530343037663862356137333764373561313536333033
30363635376131333433333630373638646566393766646333333630633139333863363731373166
36396131326664323130613534666663616431666234363662313230316135343430313930353336
65636137663864386639643535323137313033306133623033316338646631623338626637353064
64313134376165363765353635316465336138353833363661633764616436663436373335616661
36343239366166346330663838643136313534303533653630383838363965343837623564333462
62363835363837613261356361386464356233636265366235323932376633613664353338366533
66303738666532303630643434613263656632383038653439656661316665616535386164373064
34336538623232613331353536633465303638336263326165323064316433366166306365393134
38613166653539303761383763306339646666366361626233653231636466373331373531393633
64626163643865383262623231656637346564316434343537343962643832646564383137656339
66316262666431663066646635393561653130333838366361323432313663356364626632653563
33623636393966343961656638326433643236306633656534363435373036356135316663343366
66313337323131623862373562316266356639383131666633643263343566393132613837613332
34373561333065373064393932393937663838373661353764613830393831386561313962326231
37306338323463376635383832343139373137326632363063656435386235313535623738636333
62626263316138313631653664383831326266373330343665666566623534383134316339356233
39393232333764346337343333623531623561326438363364303232376639636339373734383366
34353237366335313331633663376365333363366539333864363166386636363833633535666663
38373631373733663939633161383461376663316235636561323961336564366166346566373233
37653334366530346235316538313663663332636438383835363032666534633433353438323066
63306131306233346335633963313337613439626163346335313238616638346264616236313561
38376430323636373935376138396361626339393664363666356434656633633738343834393834
35306335336633396665306666633863343337303130646439633362666637333063396262396139
36383065383734656131616462326364323832626438366165303833663261336235333136663266
30353766613163376164633262336430626231363232363766656333373330383835386539613337
64363231623230373431343930303364356132373737323632383731323837326635633762346130
35626563366237666231323033666633376239663534386262613562356435323830663334643761
36333330386665353565373032343937313132373835646261333838323564323635356466653339
61616130613937363232646166333739303737623264393138663136633665343334616136393063
39643638663639616366353435363735316462626439616139623636363466323763306639353064
65356462343537633361326561386339613639373266623438366338396630353739336363386565
30333863346264316266396338636437336361383634353335356530656265333464343636366431
37393761663561343566633361383932626331366233643664313362646463613730326633616137
31373839663764636338353135386462613933386533666631323535643439386637643662323935
66343338346534383830383665636465303264663938336237666263343935366361646535363134
33316231316437633534313232363366623264393861326565323032343639666331373634313232
66353830396536356337316461383564643738663064663738363030333737623331363132346639
31313637386463393939383864656263396239376161643137373638663861373938383134386437
61373530386631343331303931663739346638363630306634386334356237656534636338323261
33383734333937653436373161363662366464303932646361376466393438663866663436653534
31613131616631653664666331653165376164393336373330343534326432396361343534376235
65383535626461663037626534643263653366643163633263326330353365646235393966313333
30303138393131623233313835633663323061626461326433636136613662616661303239643861
31316232333265336365333836323866643035616566636634393961303564383563306533383666
31363433653631326439343232616533343630326164323466396332626663323133613163363238
39616432393038333366383736376632386165356631643334306335643764613035316362656432
64613964323439396337366339636336366563653234653765393037636633353666616164373066
63653833303035626534323363383164353064663861653961623634393834393361376134316132
37393866333666353732366162353861613963346261616137323034323166663335623836643931
66306630346430633134353132323066613366326635623136363565393166366234393138666633
39353461633261396561383965313536303738316463383565626533636531326531346332376230
39333335633466666463376536336134643738616534326563326337663534376665333664613462
38383637333236636233366663343134623533323633633736646461306165363263643434326136
34313535336134346564383236313831323337313539306535613735363930636361373063313030
63353937323664636637313064313464356632623166366664336233336533333536643338643461
34616362303439356632373031326164386137646535343766353135653737666432346238616266
31313436626266306436653061393463396234316533333463326664306365316630663836646264
30633834393739356339333363373535353036376231643164343339613237616563383162643030
65636139303736363362643537643533356238386666633133643763636631363333346139356338
62366133653731376663383834623765626333636436633462363231636632656639663736313663
31656464326164336365646563313638323330353562376532623463383363363135636163666234
31306439356233626331656632383931626430316663386136386530326332666131386333393862
30656262396435633338363661633563383433353434643036393266663231646530373961343763
61383566333965313633363731343063306633353061376261313937363639336261306332326264
32316665343035666234373430643565326266653465386534393061396532646563366635623736
31346666613039396362656230346532376664396336373632376532316162363532623336396261
34646465643662376536636264663834313864373266303261663962393130643038393139353934
30333536666536663839336435326439396564653032613639323266653131633266633264343164
39623430646130303332666231373338656366306235363765623432396466643162626637623664
35643036316631333238613434303339313566656438633531346263636232643236306466663238
32303334653039623532306366633666663666646330653833646362366430373364363963393066
65316661306463376665663338663665363132373430613662653035333437383463346639383338
61653630373231396166373334653463323336396562326236646330313265343830343966623033
31663763346232396239613033646637613437323638383335653435343964613932373665316662
62353964323461313366363861373238663364653961653239616539386564306534343230653636
32303931643835353063333338343132363930646663373562623161613830386330353064636661
66653630303161386238313463363337393633313063343161613732303233316462386262653939
38613036626431633734323136333264646337333630643038396263396634376334646464653139
39376263393739343331326566313465623865623366643039656162653830313533376361303361
34343566363038313233353433323061343661306662303161343638353631353633373635663562
63313533613962333539383763626466636264386163326564653636383365613030366363643838
35373965333034353738633761316433373762633038633930346438393838366637366565613035
63303866313938343637336662373161613364343833303039363262343465626136393030613664
38323836613830643164313732303239643933653361366663356230316162653637386532316332
61336133353365626535383264343336393566383362623337316264333631343839313864333039
34623831363663303038336534353131643036383138633862646466656436366436646464313763
30333462363139393634613335653530663636336431653566633830623665326465626634316561
33363838656337393766656665373762376639313666363730636232643063666364323433323134
39393235333835356264363861356637383664356165316261366161363062353636323238653934
62383332656233383666333434373763666462343632373930333337623265313738336262303431
35303538346234306138626337313134356365666333346464653462656166363665363566616164
66646530333937303738613639633234336430643337303036336138363363363662313730383435
65616561363963306638393431663737636631326235616234316261313738396339383433376236
61636164626462333766323339666631663338313064613334313033373833346536316261393432
63373235306631393063346433346639373434636231313631656233303866643064643363613433
66613737373165633532326261663538636238643936396666633736346538303431316562646561
62313764313030303238326664336431636437353537353632386166363235386338353130396436
34393564663635303131333363323037656161343762613733356566323832366462653665653864
63386330636135386435393664353664336237316632373666396437663739613366623133336663
34623132316638376335326632363133623935343630333463363036303133306661663935616437
39303939366535306337356130623634373233313962663938323061316631393866393365343232
35636334616162363965373535646131323665376538313935376431623938623337656230623938
39653662326334366337653234616665326437636139343335376262656535396530623233396537
32653630313832613634303238353334343563346361653933383062366433303365346166656330
62366666313131323034663562313932653135316130353465623131623134643839666538383962
3366

14
group_vars/git_servers/main.yaml Normal file
View File

@ -0,0 +1,14 @@
---
firewall_allowed_tcp_ports:
- 80
- 443
gitea_domain: git.kill0.net
restic_jobs:
- name: system
repo: b2
paths:
- /
hooks:
- gitea.sh

359
group_vars/jump_servers/main.yaml Normal file
View File

@ -0,0 +1,359 @@
---
firewall_allowed_tcp_ports:
- 443
- 80
firewall_allowed_udp_ports:
- 1194
firewall_ipset_syslog:
- 169.254.0.0/24
autossh_authorized_keys:
- key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvKqDI6VUYFgMUC54pVr5U8CX+Xl2ewV7PIYkTiQ70o
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDrte7/aVUhovxsFTF9olsO6V3TiHStlF5XFN1u8uKmYmJ9jfvosOLPAv4KHvVDuOww79JPUXrsSkemC/AM9tlHycBf4+4R8q9o7aL0MNzB1ZaiBCvgx+Wn54QgktM/V7e4yl4LCtjxbscspYCJFtqjWuC85c4d8p7Gwq3t7+wbO3TGZAx1ETdqKjhecTCJpjlvUIYDZlCkXMtmhB52ntTu9/GBXD5mAdTCqyq5aTAxGbt56LCmM0Z2qjAxVWRdJK93C2dQ4OPzWnvc2IWR2EazOLDep8jSz4XOzUlfQCeKfFsEvUJZJi7BtcgVKBvL+e8SmwZNG+SdCmFFJxoXVmat
autossh_config: []
rsyslog_inputs:
- name: imtcp
params:
port: 514
- name: imudp
params:
port: 514
- name: imrelp
params:
port: 2514
rsyslog_outputs: []
telegraf_config_d:
- name: ping
config:
inputs.ping:
- urls:
- ping-home.kill0.net
interface: eth0
count: 10
ipv6: false
binary: ping4
- urls:
- ping6-home.kill0.net
interface: eth0
count: 10
ipv6: true
name_override: ping6
binary: ping6
- urls:
- 169.254.0.1
count: 10
ipv6: false
binary: ping4
openvpn_ip_forward: 1
openvpn_config:
server:
port: 1194
proto: udp
dev: tun
server: 10.8.0.0 255.255.255.0
ifconfig-pool-persist: /var/log/openvpn/ipp.txt
keepalive: 10 120
cipher: AES-256-CBC
persist-key:
persist-tun:
tun-ipv6:
status: /var/log/openvpn/openvpn-status.log
verb: 3
explicit-exit-notify: 1
ca: "{{ openvpn_etc_path }}/server/ca.pem"
cert: "{{ openvpn_etc_path }}/server/cert.pem"
key: "{{ openvpn_etc_path }}/server/key.pem"
dh: "{{ openvpn_etc_path }}/server/dh.pem"
tls-auth: "{{ openvpn_etc_path }}/server/ta.key 0"
client-config-dir: "{{ openvpn_etc_path }}/server/ccd"
route:
- 172.16.0.0 255.255.0.0
- 192.168.255.0 255.255.255.0
- 10.8.0.0 255.255.255.0
push:
- route 10.8.0.0 255.255.255.0
openvpn_dh_params:
server:
dh.pem: |
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAwmTargQ4ki0rYdoPifubzjBWklJXYzsQUU2TbGvuP0ug2weMOA4D
XSmlyJFUmSsSEUxDCG5PXcIdvNHISTX2PiUqf3OhCGghxIbAQwbCdqqs/VnZYt0C
P/M5DJD4hsF8OTrdDG9b5mK3XmB40o9K3xkptfQvoN1ecjhRQ+zgNZcnkOfd0XFB
myPPSBy/9fK6e6N1SnGN7Ao7AJ3VFLpT77hHaW6wZ+hOxWlmjroIlT5FRyvtEATE
2N697E6kWV+1jfyfd8ocu+QfnFbccshJY88OhZ4xddHquFhKMT68TCg43nefQCk7
tnJAVcpUfS6AqhwZRysWNRJfG/NiPsMxIwIBAg==
-----END DH PARAMETERS-----
openvpn_certificates:
server:
cert.pem: |
subject=C = US, CN = jump0.kill0.net
issuer=C = US, O = chill9, CN = chill9 Sub CA
notBefore=May 18 01:58:38 2020 GMT
notAfter=May 18 01:58:38 2021 GMT
X509v3 Subject Alternative Name:
DNS:jump0.kill0.net, DNS:vpn-jump0.kill0.net
-----BEGIN CERTIFICATE-----
MIIGPzCCBCegAwIBAgIQc/QIYhesJteIltoVW79aOzANBgkqhkiG9w0BAQsFADA2
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRYwFAYDVQQDDA1jaGlsbDkg
U3ViIENBMB4XDTIwMDUxODAxNTgzOFoXDTIxMDUxODAxNTgzOFowJzELMAkGA1UE
BhMCVVMxGDAWBgNVBAMMD2p1bXAwLmtpbGwwLm5ldDCCAiIwDQYJKoZIhvcNAQEB
BQADggIPADCCAgoCggIBAOsnQorA2CsepW3m/Sv+7H4ngosGHw/t9LfxAdx+og7t
LNAZ/CIvO4bSjfkRQtCF3+FX7dXPAgkzL0RgDDRD3e3tt54Vo/solxBfHHhkHaWf
JifN8icpkMWukc0pzY+H3XW28rWDYdrBmCkHGoebnf51BcoIJ5mVBMgOE3E86Kih
615NhXg5pF58+Myz5xFdaTOmoj4J0F1ccZGwJWJrkh2YdMGUHH3YSRASP5N2P5Pb
mJ0pLo7C3MH3tZ6Nl8K+RUvtwXCBouthkbs0e02HsQFuLEv2f32NMZU7OUB9Vi8N
wxUQ0I/2t3T3BaNxFLlEAzjqAzZr5pwOpSasBTbxsglWaYou8DhIwLEUOUzIh/xN
kd+9EVymZ2yqYOlWaPvCmgmhZPeqipd3WAPdtHiYxWfgG0obtVh3qH+JI4P0u7Tu
Mb8+TcL3tAfyJDkmY7qepdd3zVj0ldcIQ9k9DRu76WE11aXjSl9YYSBvTuHPN6sd
3c+oJ5Ew74hI3AtDf5M6FsqTTdTgkNiqV+f7IRr2+4yip5o4Ez6YZCSSjeUHN9AJ
DqVhO3Ar7/vVcq0eFVvUTWVuQD+52sNvCeWh9Skayar2Yw51+gAlh4UGJTR+21jp
cnOk4+FT6VOCN/4nmJ9NkwZCCEmj76ygnJ1Ldovc9S8ijf/K103axwweXK9jU3FT
AgMBAAGjggFWMIIBUjBtBggrBgEFBQcBAQRhMF8wLgYIKwYBBQUHMAKGImh0dHA6
Ly9zdWItY2Eua2lsbDAubmV0L3N1Yi1jYS5jcnQwLQYIKwYBBQUHMAGGIWh0dHA6
Ly9vY3NwLnN1Yi1jYS5raWxsMC5uZXQ6OTA4MTAfBgNVHSMEGDAWgBSThtPAfR0F
GyRrzaVVpnRPYVvpJTAMBgNVHRMBAf8EAjAAMDMGA1UdHwQsMCowKKAmoCSGImh0
dHA6Ly9zdWItY2Eua2lsbDAubmV0L3N1Yi1jYS5jcmwwHQYDVR0lBBYwFAYIKwYB
BQUHAwIGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQUvXkDkHzz
QVyDDrfckIPVGVmKjGgwLwYDVR0RBCgwJoIPanVtcDAua2lsbDAubmV0ghN2cG4t
anVtcDAua2lsbDAubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQBNhV+pSeuYyo7bL4KU
4u4Q5tqfnqAz67skUhL+T3D5unA3WLg/SlUYUM1qfPolej4J+sFf6HWJrsXeayhR
kcork3NlHTjxB9G3aVvG63FJHr0zB9t5whnyepGsmF8lxwK47pXz9CCYEKcsSByD
eSBiibCqBaxj4N72yFIuIq5QN4AkXUM+WzIVlC98OqKB/IDtzcTRTBmWmIJIWHuC
hr3Emz8s1RNhpsLBlfP2CqsI+RXxGYNS+6VEGnNLRdm+oqa/jTdTyuPQ6TMmNOfx
b9JYr41j7Ps0451NzSyWoyxYc8sg58X/t3cPmsx4mgW4qlo9q72kkkKAkiO600C6
pKKcyFVj4i8VakrUOGRf/jWB76X08ub67pShXYW3ItqPP39zZJ6KvFYCOldVyltJ
/yP18KtFOnkPJ2VxZD+O3MlHA1RILhach3gCICS/VSaJHuPs4dFaiQrc9MxTkzt0
QikPvNgkprOIj1BU+VtBIM5eInyfFDVM+hRvp7zOoPQRUqwCn6iBkcgYhTD/cgPh
45BsmsOC5Z9NfNlpEzE0u6ObZFcwAp9fg9mPeU/wbW1M8JgcWXjGN37D6gT6cVGk
oKUidap16UL6NLgFlIcMSZcfMM0oI2JZyaOCLGvdKmZibpx237SrAnFLYXBJx9Ny
cjkBmYeslLjtUPqu9OrqjuiiLw==
-----END CERTIFICATE-----
subject=C = US, O = chill9, CN = chill9 Sub CA
issuer=C = US, O = chill9, CN = chill9 Root CA
notBefore=May 17 01:19:29 2020 GMT
notAfter=May 15 01:19:29 2030 GMT
-----BEGIN CERTIFICATE-----
MIIGnjCCBIagAwIBAgIQdRhWyOcUQ+uIEypQfJLvqjANBgkqhkiG9w0BAQsFADA3
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
Um9vdCBDQTAeFw0yMDA1MTcwMTE5MjlaFw0zMDA1MTUwMTE5MjlaMDYxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFjAUBgNVBAMMDWNoaWxsOSBTdWIgQ0Ew
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsP549Xs/Dzfw3HHGhDlIT
dFun9cqsCmyaXJSMOFZqZSyGJg4WASJRW797lnQlsOfLk7x8fR7I1CkWF9x3KDVi
A9MvJTlFgdYGF27LNGP7zo3ZNB99oA+NtHhoIhclprzT4qmHSk6tz31uJV42jNBH
km3m4wqH3NlqOqWbkw8nC9yF0/qCz1UyG/wSIQr3UpN5c96WWE3Bt6rKW7vEZ//i
t4nDzRV+pttv5O/L5DQdhG01NKD0XxH0q8SocdTPIsDO0ZUQwVFYcxJYB0pPab8V
Uk4+bzb8hN+mO2vyO5DK01efiNVfMZ7NDxQXvU6cMs4c+S/BtC9PWO0hR0hJm/hw
vg1RdhyfOVATVfviiEG8YQdl8sIHk3qYGdGJyrZHIOlssgnKdeGlLHbYXtHPFAk/
gvZMtR2t0VKXVQR03Yz5llF9okKCAbmHmntLFcM5hHJxEl0phqbLLcBh+130Qb7q
K/CRSHnPfzL04KW9cw5b0cNOn728M5Fj2Q8IQvY5m0NYDbaZf0qF34OyixtGIE8n
dJupLDSp6KkHlrIfedpgNwi16y5cy4Uw/aTCGcIO/WZZO6Q59R+xlobw8VQc4V/i
pqSiQK0wEuDtq9uw7r+GV9BDoxfmbHygeKFV+Ee9UXQ/FMPhItSQTMlFhrci6U75
e+iOnmh3AkldPZ3Z6TpfsQIDAQABo4IBpTCCAaEwcAYIKwYBBQUHAQEEZDBiMDAG
CCsGAQUFBzAChiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQvcm9vdC1jYS5jcnQw
LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3QtY2Eua2lsbDAubmV0OjkwODAw
HwYDVR0jBBgwFoAUcUb1TFf68x7gTS4RnYurKV2YeRswEgYDVR0TAQH/BAgwBgEB
/wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQv
cm9vdC1jYS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1Ud
DwEB/wQEAwIBBjBzBgNVHR4EbDBqoDYwC4IJa2lsbDAubmV0MAuCCWtpbGwwLmNv
bTAMggpjaGlsbDkubmV0MAyCCmNoaWxsOS5jb22hMDAKhwgAAAAAAAAAADAihyAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdBgNVHQ4EFgQUk4bTwH0d
BRska82lVaZ0T2Fb6SUwDQYJKoZIhvcNAQELBQADggIBAENgGWgn3geR6Ciz9YsE
x4594ew+JJ9uiiPoHSUxw95NuVa2WpB1/UZoL93lm3sEqqzR6FYEeP5JWuvlrw4Q
TJpzXBo/0Ik5BX2eTcW1HlhXxHV0HnzjKd8eldxDsY78ve46d9DfHLYk4zdn7OVj
TLVokJvbL9jEIOfH2OJu8Ow+5jNmKQzmv4aNmG9RHoqDkgBmRgbrWJkhZ9xVqSb4
jKBDsNovLkkW2Xm0RxJVc9B3sE15aDq06UeT1BfCXL7xH1ABjX5tV4LegJUsaTlU
EMOyXYdxoEnqKw/f7Qns/lsq6Gzbx+RDXnShBPsrJX/TTcqc/KETu1z6zwxnb4PO
uwK1VHUcOB27hA6STfe9HqiJwdSSQG1aFmk+nCN0IqeC7oXS8z27Lbjzx182osAZ
F7oLtdctWav9sAo03M3MLapdgzM66weNzdfw7z6vsxE6qxB+4U95IplVAaWCqFfr
USrr4BmYi6yD9xbGT8f0diQ7DsA0ki8QPpZD6bzlUoO5pZ+qv49wFh+1wb4gjEYi
ReBLvIHjVYL1GPSR1vrCzP+/i0Rhc+8sHgC2lpuUj4E2swBBuHhUsgSpaCcvV5ID
qCBR4ak3EYuWzKYJCakhauIW8G7QDhO1XuPKqOk93qRpwZveUFMQjDa2xDEElxZJ
utoYQ7uVeeWbAD+clJpc2kky
-----END CERTIFICATE-----
ca.pem: |
subject=C = US, O = chill9, CN = chill9 Sub CA
issuer=C = US, O = chill9, CN = chill9 Root CA
notBefore=May 17 01:19:29 2020 GMT
notAfter=May 15 01:19:29 2030 GMT
-----BEGIN CERTIFICATE-----
MIIGnjCCBIagAwIBAgIQdRhWyOcUQ+uIEypQfJLvqjANBgkqhkiG9w0BAQsFADA3
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
Um9vdCBDQTAeFw0yMDA1MTcwMTE5MjlaFw0zMDA1MTUwMTE5MjlaMDYxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFjAUBgNVBAMMDWNoaWxsOSBTdWIgQ0Ew
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsP549Xs/Dzfw3HHGhDlIT
dFun9cqsCmyaXJSMOFZqZSyGJg4WASJRW797lnQlsOfLk7x8fR7I1CkWF9x3KDVi
A9MvJTlFgdYGF27LNGP7zo3ZNB99oA+NtHhoIhclprzT4qmHSk6tz31uJV42jNBH
km3m4wqH3NlqOqWbkw8nC9yF0/qCz1UyG/wSIQr3UpN5c96WWE3Bt6rKW7vEZ//i
t4nDzRV+pttv5O/L5DQdhG01NKD0XxH0q8SocdTPIsDO0ZUQwVFYcxJYB0pPab8V
Uk4+bzb8hN+mO2vyO5DK01efiNVfMZ7NDxQXvU6cMs4c+S/BtC9PWO0hR0hJm/hw
vg1RdhyfOVATVfviiEG8YQdl8sIHk3qYGdGJyrZHIOlssgnKdeGlLHbYXtHPFAk/
gvZMtR2t0VKXVQR03Yz5llF9okKCAbmHmntLFcM5hHJxEl0phqbLLcBh+130Qb7q
K/CRSHnPfzL04KW9cw5b0cNOn728M5Fj2Q8IQvY5m0NYDbaZf0qF34OyixtGIE8n
dJupLDSp6KkHlrIfedpgNwi16y5cy4Uw/aTCGcIO/WZZO6Q59R+xlobw8VQc4V/i
pqSiQK0wEuDtq9uw7r+GV9BDoxfmbHygeKFV+Ee9UXQ/FMPhItSQTMlFhrci6U75
e+iOnmh3AkldPZ3Z6TpfsQIDAQABo4IBpTCCAaEwcAYIKwYBBQUHAQEEZDBiMDAG
CCsGAQUFBzAChiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQvcm9vdC1jYS5jcnQw
LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3QtY2Eua2lsbDAubmV0OjkwODAw
HwYDVR0jBBgwFoAUcUb1TFf68x7gTS4RnYurKV2YeRswEgYDVR0TAQH/BAgwBgEB
/wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQv
cm9vdC1jYS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1Ud
DwEB/wQEAwIBBjBzBgNVHR4EbDBqoDYwC4IJa2lsbDAubmV0MAuCCWtpbGwwLmNv
bTAMggpjaGlsbDkubmV0MAyCCmNoaWxsOS5jb22hMDAKhwgAAAAAAAAAADAihyAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdBgNVHQ4EFgQUk4bTwH0d
BRska82lVaZ0T2Fb6SUwDQYJKoZIhvcNAQELBQADggIBAENgGWgn3geR6Ciz9YsE
x4594ew+JJ9uiiPoHSUxw95NuVa2WpB1/UZoL93lm3sEqqzR6FYEeP5JWuvlrw4Q
TJpzXBo/0Ik5BX2eTcW1HlhXxHV0HnzjKd8eldxDsY78ve46d9DfHLYk4zdn7OVj
TLVokJvbL9jEIOfH2OJu8Ow+5jNmKQzmv4aNmG9RHoqDkgBmRgbrWJkhZ9xVqSb4
jKBDsNovLkkW2Xm0RxJVc9B3sE15aDq06UeT1BfCXL7xH1ABjX5tV4LegJUsaTlU
EMOyXYdxoEnqKw/f7Qns/lsq6Gzbx+RDXnShBPsrJX/TTcqc/KETu1z6zwxnb4PO
uwK1VHUcOB27hA6STfe9HqiJwdSSQG1aFmk+nCN0IqeC7oXS8z27Lbjzx182osAZ
F7oLtdctWav9sAo03M3MLapdgzM66weNzdfw7z6vsxE6qxB+4U95IplVAaWCqFfr
USrr4BmYi6yD9xbGT8f0diQ7DsA0ki8QPpZD6bzlUoO5pZ+qv49wFh+1wb4gjEYi
ReBLvIHjVYL1GPSR1vrCzP+/i0Rhc+8sHgC2lpuUj4E2swBBuHhUsgSpaCcvV5ID
qCBR4ak3EYuWzKYJCakhauIW8G7QDhO1XuPKqOk93qRpwZveUFMQjDa2xDEElxZJ
utoYQ7uVeeWbAD+clJpc2kky
-----END CERTIFICATE-----
subject=C = US, O = chill9, CN = chill9 Root CA
issuer=C = US, O = chill9, CN = chill9 Root CA
notBefore=May 16 17:36:20 2020 GMT
notAfter=May 14 17:36:20 2030 GMT
-----BEGIN CERTIFICATE-----
MIIFOjCCAyKgAwIBAgIQdRhWyOcUQ+uIEypQfJLvqTANBgkqhkiG9w0BAQsFADA3
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
Um9vdCBDQTAeFw0yMDA1MTYxNzM2MjBaFw0zMDA1MTQxNzM2MjBaMDcxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFzAVBgNVBAMMDmNoaWxsOSBSb290IENB
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAswTensn+vA45WGRp3o/5
LX+wh6PTHAGNluLaZRyUNOg+EunnXAvMBF912D587wLAiC1G9FGOn+8JVws2QITX
+U8Y8L2vhnfGQNCQYvqBfJc5PJt3ZZ35to5tdTRJTeVhNWzIA7qOZh8ualFbCDYd
m6K74SlfEbvKzS02pYWN6wCVXtGOPl7VoOtjg8cOUX6u1pZpBKQfzq3lgLS2oMp0
VuBJeUMiki/O8nCC10VCXcZ9q4bsUvWH9lJB/IqlKt+bG9TjO+vigb9eOSfaILkM
d7NMziP5OQXMjv6NwmJQY7N5TiKWdh9h4G3KS41dr2Oeo+A1FcMEP9nkZb1lX3Ft
9Xzw8jJ99SD36mCEiqndvKA66/pcgMCvPAkkDwoSS+Er4LPcNmY2TVN+mIaF1OaS
Dc1EAXUfjnX8mZlclS/AfCg8TIPCc8o6Neg3DECT2j+IC9bgeoLqZLIuzzLNFrG5
aPNhG+24phHqdZvAkdhHWeEh1GS5uMutvV02hF5MrZLz8ou+56feFpUmeuPzQAfR
0Xbz0ot2JdETmcCTcmZBQ+9oP5DIszJt85wCHJ5S5FewUzsXJs1MQue3NLSM5FBS
hhOq+w6Pp64aaGKKyPi1GeZ1m31sM6w1yFVTQsqqy28GSjd/fQu55ESQ1sM0UhIo
DCUBbNPxycJGh9Ivxii1RqMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHFG9UxX+vMe4E0uEZ2LqyldmHkbMA0GCSqG
SIb3DQEBCwUAA4ICAQCC1jksFZp38JTGFIrNJJ6PgI6xXigtD2Z3KstS1cAIJi/P
/3NPu8iTgoyhNiq7a20tojPJGPlumezy3R5twA16UCq8guGFVEEEkJX+wOM0T4p0
jwtcMOeA6GchzS3+u74kk8oIvvw41K5gU2VU/W2axxnejt/HQMAYaMsD/zcNPXrP
oHAgEP5i7G7fX0FXqERnLU9lgbtTTTuszBnZHIdaUKSoK0Oji46y15pEdhxkVB6t
/BiNPAYM1Pc/Hi366eb6yuY8eJCK94QMQBvYpIjNwThAKclFh8n62KF6gXqj7Hcu
UQr1Z55KOuAlAM7fIBsqL4G2Ihs8yBeJe4YZrkdBqBzpJwOYNj7IsUnxgXYQpkVQ
u5coTbrB8w4Mw8ak+L2McMAYhG5FIndy9GAFEEanrmyiHJW96MHqTD1xY9TyvdN/
Kt/lsYt0W/y6jknv7hU9uP4X/xkZk8z1D+m4jZHRQpnUPL1eSOUPSJ0t+68GQUVJ
NJFmTx/qv1/9lXNy40jecX6sO4ZPLoQydMjwRmSerxki7MP4gxGNuBEpOvoj+ABM
MBlD7BhUn5++BZQOLUU+JYr5kNi0WmFFN1v2SpoMyDydTgA+cJsS/TiOeMrY9Szs
ZEFa3PSiA1fP03SRKC9tqjc7d6vQU0fE93wzcUCgyyf5mln6NV7cxOfDJNO8gA==
-----END CERTIFICATE-----
openvpn_ccd:
server:
fw0:
ifconfig-push: 10.8.0.16 10.8.0.1
iroute:
- 172.16.0.0 255.255.0.0
- 192.168.255.0 255.255.255.0
mine0:
ifconfig-push: 10.8.0.17 10.8.0.1
push:
- route 172.16.0.0 255.255.0.0
"Ryan Cavicchioni":
ifconfig-push: 10.8.0.200 10.8.0.1
firewall_teleport_node_enabled: false
firewall_teleport_proxy_enabled: false
firewall_teleport_auth_enabled: false
teleport_service_state: stopped
teleport_service_enabled: true
teleport_roles: [ auth, node, proxy ]
teleport_config:
auth_service:
cluster_name: main
enabled: true
tokens:
- "node:{{ vault_teleport_static_token }}"
- "trusted_cluster:{{ vault_teleport_trusted_cluster_static_token }}"
teleport:
auth_token: "{{ vault_teleport_static_token }}"
ca_pin: sha256:4ef484a5949aadedf983bc1f1d43f6f31356ca37f9608267424ddc0d9b68e010
auth_servers:
- "jump0.kill0.net:3025"
proxy_service:
enabled: "yes"
https_key_file: /etc/letsencrypt/live/jump0.kill0.net/privkey.pem
https_cert_file: /etc/letsencrypt/live/jump0.kill0.net/fullchain.pem
wireguard_iptables:
wg0:
input: true
wg1:
forward: true
nat:
source: 192.168.255.0/24
out_iface: eth0
dns: true
wireguard_peers:
wg0:
- comment: mine0.kill0.net
public_key: Cm9yZNczjghAh4hV4fSvy3rsmuLsQFZk+ET5CoWxVnI=
endpoint: "mine0.kill0.net:{{ wireguard_port }}"
allowed_ips:
- 169.254.0.2/32
- fc00::ffff:169.254.0.2/128
- comment: vpn-home.kill0.net
allowed_ips:
- 172.16.0.0/16
- 169.254.0.16/32
- fc00::ffff:169.254.0.16/128
endpoint: "vpn-home.kill0.net:{{ wireguard_port }}"
persistent_keepalive: 25
preshared_key: "{{ vault_wireguard_preshared_key.home }}"
public_key: fUSQ7Uxkxij/0p+SIRekb6moqW0t/qdFaP2HsjRsNRs=
- comment: retropie
allowed_ips:
- 172.31.0.0/16
- 169.254.0.17/32
- fc00::ffff:169.254.0.17/128
persistent_keepalive: 25
preshared_key: "{{ vault_wireguard_preshared_key.retropie }}"
public_key: lLvracXkf8HNfgKpJkzei9ys58aAs4DT3Z3bjNRFsQY=
wg1:
- comment: pixel
public_key: zCDfH5Eqv0oRNWC8TtrkGby3+BAtiQtXxbsmA/lZtXQ=
allowed_ips:
- 192.168.255.16/24
- fc01::ffff:192.168.255.16/128
- 2600:3c00:e000:343::ffff:192.168.255.16/128
- comment: work laptop
public_key: TRT1SRQd3mFJDJK9tdglqsydXJmkzyrNdUOm4nr7M3k=
allowed_ips:
- 192.168.255.17/24
- fc01::ffff:192.168.255.17/128
- 2600:3c00:e000:343::ffff:192.168.255.17/128
unbound_interfaces:
- 127.0.0.1
- 192.168.255.1
- ::1
- 2600:3c00:e000:343::ffff:192.168.255.1
unbound_access_control:
- 127.0.0.1 allow
- 192.168.255.0/24 allow
- ::1 allow
- 2600:3c00:e000:343::ffff:192.168.255.0/120 allow

230
group_vars/jump_servers/vault.yaml Normal file
View File

@ -0,0 +1,230 @@
$ANSIBLE_VAULT;1.1;AES256
34326635363163333038303363346632613636306133616266343732323036656335643366646264
3938363837343132633665323362323133663430633165310a303562396164626233653535623336
34646463376565646435616564616235663836663466353234343030353363626131613134643431
6535653237343635300a393162633862323261376530396630643539313162653161396438366236
39633866303562393131636537653932306138643766653632323834373361323938393131656331
64653335393632336533343135313766643361633739613333666461663962343134636263333333
30663966306434323331373136366333623262393962363031353564383133306433306261616631
39323738373163653861653866366139346666333338303435333435663532343466393561616230
31656234376564366533663762366639363134613666363532336463613863363862353839313034
32343938656461643531373535363837663336303137323766663966613136313365333734366233
32613630343034356136313661616532356163336561633562386337613937616535306533623838
31666363336363653436623635303231366364343137343532613263313436356365393330666638
65383161613561343361326431623338356338323164656536306162333764346131623235633664
64666635343765316134653936666137613465363735316562616336636233383439653564316135
61623466373965323437306537313761353832376462396465306532356162643966643534633666
35643066653166313335633737393362353630623639336366323161666232353930396434333630
31353232663837393764653465303133616265636132316430393936323735663136383539336462
37333262373738366266653532393937326163363832356438373635646465646230623738633232
61626530323834383838333861363335613034366661343138336638323432306135356363353330
63396538663731383637333763663763376361313739366266373065303230373135653831643735
62356365653935386130643364393963353335633539663061633838373132633336613664356631
65616639643461666538653334666465393965663862343530656265663032653561343833336563
31653533383665306166393431626161363364346265643631373366316434336234653264666164
32373336326434666561383463383037633338646635636364366563666464346433643064323032
66313065303638636635353864613238346537386131303666386264376561393134613438316239
30623238356663393632326531643732313433383638333866363161656534393134313937383161
65306439393965353461363439336165356562323262633664653231633538386661616238303732
37623964613335393330663862666135666664353134303861653232623730626533616335643539
62396361356465323165366235303362383736386664663935353666613132663762303238346533
38303665333639323336643466353637636364643631613231613164303664336462353831363662
33373865326563653632643131313330663237636135376563336565633162613033356163663333
37383231306333343436366535396463636130353663303830343933623135343661653030643438
36363663656138326435313565383864373036653832663163633236363961303238346234633231
33653235643666353266316463373665633661333262303764346466636639316138656266656235
65353936356230613130373339336631396639303533366239363037626365653262353563643334
63623537663966353332383838653939653062663864396235633232376635383035313961386638
33623062336630653432663234303561663233633566343862303631663337383834393930666537
66376633303034316435366237366464366336313932666337356664323265343533306230343332
32366239643033333635343563353437633439663839613733636339353933613762303733343736
65633937653161623732393137313062393636373461306265373461396538663937623263323630
65626230666636336233303166666664366361366534386466393337373162646262356138636433
32346238643937343865653165326566346531626238643434623765353836653061623064653166
62396531333937393363633835663930323138656365313865373733636135333735656138353030
64313461356232633065613139376134303433613663653733663266376437306337396662353130
39613732666566636434656466343839353634663736636636666231336235396439393961313366
65363130666635663633646663656430386538343931346233396563613339333331663930306132
38363034333434633933303862383965303835343961343562346466393466393165663965343936
62316234663738356361393836363939393962616639306366653934386539373736636233623763
30643165353665313235373366366164343461616238313239313737626465653930366466623164
38653533346335633437653237613436333463373163646261376264376438656131366263353862
38386361346438343036373761383164666465663436363132373662343266666433383663663333
31326434666136623865626635663232333766343538383839303435646439386133613663373736
31373664353630313461363162663866333366613666646337363761333237393635393864373531
33386434386536343033633664373963323937646535373231623836396334373431353964386566
31633065346534323566653734663261353866613635316165336534666134653439613463323031
63656435643132633664393234396230396336326139386632303633393130316566353834376135
31373663326665333164626433303938666366666463643134356236613738636434626665663461
66376665363633393530616365643139313436383137323062383763613931353330643634616236
31323131666536613433396538643364336562366433623437336564663638333136313531623761
35636431383562393237663533333161333933643662666635623965386435356534633832373531
35343132663861313931636530666237353166633031366330643731663561346133373831633137
30633332633362396664333736613630346437353836613237323835313730333033343430323236
64373663653563343838323438396661363839623261663339333062656264323866386536633439
39346532633864633663356431663535343664376265376566653861616434313665616264626230
33316134386630313139343030393435626564353666343734376561616437343032306566303031
32353663653537666137343831633164303934303436356161313661613164666431653037363539
65326366323033366663623736626366613239323033356566383334373434313636336230643639
63646131343636303262626230653633393735323030373531346437396663313162623332316362
34366239326366633961363236313930303435646135366565626564383663306636623034653465
62373539663561366435356538386664373664653239313936623362326636353563343337336632
31333133383562653935656265363136363532653431623830396130636233306563623663333531
38383664366363306662383532656366356266323031613630336338656362643562373034633933
61623865316636643430653562623535643966306265613833396266626564326161383666616263
66663664303431353866613237316539343835366531363166633136633965386532613831346566
35313334356132626337633339363166303637313665303464343635323163383231636238613066
34613462386533326638643764346661346361343166376337353136313361656561396238626538
61666431636661643665323330643239613734663332336638613435653563303835306639316162
39363432643364393036333334643430663763363234666463323231336135343763653063343533
32373862383062346261646331376633316463393365303931303535373137663561396636323633
65626533383337393838323963326361623663386639656264366662326262653161336661306137
64356561623164303465633562393462396166316233633561323565666433376565646534346132
34343862393766346534393662316336393363363937313765663237383961356266656233623432
65383465633830393064393262343133376161646239663166393339643034343635343265636233
64623664653538343961326663626365333533613338366332396437616466326362346463656465
30323233343564396238613038663835353538336163333933373538393766633532653736613165
39343938373535343135656430663263626366346535333833393566363938306430396664623864
39303539373262383438356566663736623364363766396238323730306263373639303262376463
63353066306534313031343933343632613634366565386230636137653530393334373832646339
39396535336466336364666461383639303433383563343236366336316637353032316430646362
65326339383635333666396233323539316664343031613333653133343732303335633131633031
66353338363535323734623332633939343230363761646461356534343030326161353131313963
30323331393133366330653862396265343938623366366164633534653538613461326139353436
32353939633536616663333763393532323765353533633065373064613438383566373264353362
37396137353464376362656662303530343261666530663931383031363830356234393162336131
66313339623064623233393130616532613038623636393035623935346565393061633566663062
65663563356230316665363863373839326464303632333136643136323334663263343561663530
33363763393463373637366462653036336461366264333433393366316438343565656232616133
34333762656562353734383833376234383161396263613534313736346330666237343937313661
65613631323966393666323834323564356437313032633830616163656365353539623031313762
65323266626366666366396161373562633938303361396665663536316236333236383234386432
37666336663362623365343632353734623131346636653539316635336265303137323064313032
33613036343231666232306233623266663466656362316439643263643163616139303939393430
63663332626161336637626433386264613131363933313937373030396262343238343565363161
33666365343534656366366430646639656664656534643831346136643064383931396430383966
36653166353766656262333434303436643339346365613239386630363430613465366632383733
31323737616236633535613030313564656364363234386634383234393639313366323333623764
31353861653964663764633332656133316562373164633433623266623531343663643939633236
64333635303637653337353164326237316262656237636236643335633331303532353531346531
64643765353735333634303936356131613866326335376331393733326633653536333563326530
37353566343236393832653964656262636531376464646433656364353738363762323661646437
33623234343565646539316361663331623133323238393264613566633930346561613533353862
38353336623131366331336535626132636638393337376236396462333839363764653264653837
34326265376538353833343830653431646464643762613661303963363534656465363564366139
35646461616263646365303232396331343532626635303631313934656332393837616264306234
37313966656462353161363661386336636363663437346532326361613864353961366432356237
37386536393866326662343334353237633436383235633636383666613136386465316363393939
32303138643761653735323037346464653635366430356336313966643537646135623938613033
65373835303539383830643838383231363735383938373638663165623966356662396665303032
33646564306334336663636165303633346131373239316564343631306437383462303961626432
63396263653039336134343530653639356466616331306431633635376364613765663464346433
34333332663766383838653535643765383761363261326233643832353334386439396263336363
37336362313062616639663731363038633634383937373034656664626436383735613139393163
62353933336431356633346166356166616632373035363366393231383232353831633061333833
39316538636662333936373731363531663562623931643761353566343662363236356231323934
38343232393932313837323636383763633664643561383936653235303635313532333862633836
36303865366132316337623165396264613565323937316166653566653738343838663932646463
31623361303230343037386133343065633633316265633739643137343939663339656165306534
30346437666261323336613264353231333936633031653235633831396263653139643637663761
32643436396534643766316364666339613732313132356663613736623333653861376331626663
65636136303938376531323431323231363662303462353232613963373764616137333832383033
65633262313662383136646161323231643836313363383333616637353838333361663237373232
36626661313039613632653261636333303731396232346536666563326465393637383366383130
30306139383233343965623064353238316138336139363161616234643865366366336135346430
62393638376539643564343065396539313264396236613032306464346461613832663536373336
61633336616264353265313336353262646234316338626362653236346565646339663733363230
37393562383137336636383765363066636363373632613265653837356564313435303932333062
32393436343733383963336337613662666561336363303632333035346633386339303965333861
39333839613030326163336566623239323261346239353438303337316162353066343031303363
37383564316664336432303834653736346539306562663165313464356631663537383761323836
39363530393461666535306332333632643162663136323337323234353036623835343638333035
39373464633538393339626363633132343831653730376535623232653662613065326463313464
39323037643537626638343238343030386336326235376439313934313438653665643238366463
63393435643638353662333465396331323838313032653736343639373838336664633761323839
33663563366461313964363465373531386561613331373935363430363935363436643139616365
66346635333233313464313034643432383763616235326538363464303366636565393736353230
66356162373862383338346166333030616565643930626261623733626665333135626564623237
62393766313663366537306261613536356264303063383037626636366465653431383838313963
38666536613438333935633966643866623737646335323239613666316634613065323134303630
32313661303735613336373937396532353362306666383664376533643464303332643466383330
32343765633235356134626132383132306463366564323631323530363337343863316238393930
39356334303361306535653565653230336433646564353234633736663636333832353838363161
36623139666432666161313562373232656663646637326562396161633839366133623266356261
35373536623062306664653633343437653361333031303964353436636330353033653964313738
38663534376233383739643665303635613132643139346161633031623333653163343762336639
37363465373366386132393530326163363064383931313231646236313862383562666633366631
38646537643434653137613765653838383234366538653563363237663262323936646137366664
36383032623839316165626663623639363466666366373666326133616266663265383365663666
39316334663862656437303837613638643839343139663765613065323433346138396564376462
30366138316631343434396532313431313762636330653936366161623561643035356434363936
61643762613638316634613365623731333831616664356335613764373865623964623138643939
36623765333933336630666533343462313062623463646335643865356365343535643465373435
36623461336364373631663733613233303865353230363933333338643861313362613935366663
61643037326163613435373264653332386337396239393238313864316235363162396466306539
64643864316230363632313833326136386237366364316436346437643731393930653137373231
65363637316636303438343465366262353832633538343837386637376235663230336530643836
39633362313963643134323734313033336433663066316531303331376463653537336463356364
32316366393464313036666433303031633437653736303935333733373535623732373463643031
31383031626566623239346337616134666436616465396439343736346662336537326265353264
39373666383265323233376234333233346331363364633735323266376133306634373735323265
35636461306361353531663237616239643565633036653230333435646163376433616635393133
64663266383235666461666531616464373233356132333231313637396663366536666264613364
30333639636365626338363837623934616331353735343336656235373335616638363462383032
33396338346231363036613732333466633539393037326664653237643733366665356232336338
64626265633035386164636534613461636236306563316465333537333364333263323061393330
36323130376261373339613931363634386163326263303237393931616435666566393466336465
34396163613731613238613264316430313163666536623337376434393765356438373565626339
35333164333037626262626635316561323435653432613435383439653364633831616233303530
66656130313531316661306565313536653133303664303362643361653364383731363039343532
61396535373630343037376537396431373362643639393633636433326335353230366161656362
63313933393235386664353761613530636332366332383134353936313639306435356462616639
62386564363766306334346637353166376361353634366331326638643735373038626333666361
61623163356532373765633530316635313161346434626538333332613233316630366565346534
62336436333838303732366536626433353135636362333436613763323730396562616361306665
35646634623861396232626533333265343761393632393161363063646663663938363535353531
34636433353237386362313132633732646438643230653438313761386335333731393337346665
39316239626636323435303932613637373231623337353838313337356632336234623434623038
66366435376434366364353737656230393531633636633036333630376133313165333963636432
32353431666532373436316133353439383461353834346439313531333338333764316264343136
32353733363031376337336666636537613032376361343533323362626132396632633533643163
66313862623433636438613230646338653961343861623433623864326163363135633864373231
66313935353164363466356164616363653761623565663032313264656565623864383732376334
31613538623166663736373535363633623937323261386433386436373361623162626361363033
35393063663664373230613635353762333238353937633730623861626236663935333134326132
61343864376639633164333436623563633635343236333664333663653431643664386631376162
39613766393530313938653562333630343765316461326665386664643134643661666539373131
35373565313763336136653035656138313162333965663565353531336362616637363830383462
62343866623838343066653035613031346362303263636436656434303039393434643531666238
31633363373036356336333235363134616362393362636561316265363366386530666465656531
37366431373564656533363534613633393739663666666566303538363139643833323537356163
61396533353536333330343130326663613135393237653438323439623836363162393435646236
36636631366234663536323463303538303434633632316438343935353162316632663939313437
36666538323463643462323234626262333131353238333031346139333535656539363336646332
30353830623536396662313264323637663637353934636532306331323166316535343131336639
32396237313539653030366164343336623463656261616661376638346561646632623434393166
62383033313931653235356236363862393837616365616332653730383833376165323735333632
33303966643462626438303132383233663065353032643362306331663632616535346362643137
33323736393038356362356135363733326263303430633136383137653734363331623331373537
63353833336236626664616265383464633335623861353739623863653866323534343163393466
37666163383465383734643430386437613866616361393561336364346437346164313665363634
32303539613165613631353239666339336639303561303234336135326137613363656335353761
37616537353132353561303730326330386435636165303464616232633531613132623636653432
34353637336338626564353364613962393365333639653133356165343032326430616237396536
63653033326238336363353061303031393064616163656162376362663061643236643232333266
62653761383338323837383361383965323963393935626634333661356661396139356566303830
38313133313564353030643866313366646338376666396435356264373239636666373861363964
31363863393033633063326237666630666631393036656233336238353736343534633238393532
62663335393839613137373863346263396361386235346439323437353531626537313965663262
32636434386238323634616336336464333963633432333932653462666661393933666531303136
34363432386637323136656335306663656232626631663464396565303465323636326431343762
66383339336133636431353538643838663331373736636563626537623361363231633934663931
35366365333036366661363263393062373130383062646332636330326139343266666234323835
31636463633237373532363333306136396437356236303961623133353630653435396462313264
34336239373839663061346461313137393333306534646465366430393164646430613964323638
62666638346130383464633339396364643835323036303039656230343564623663313238326333
30653364613661306539373832616638636563653963353835343265383865306233356438303464
62303761363839316237653036316563303466373763323164316331356263656664393831396130
32636135306166366230353834313330383035383964353031663431613434623331616165613565
34623765663564636463363431643736613433316366393862353433323032616435303334396230
38356266623566356637373561343331366665373964373564616138306531356439

34
group_vars/linode.yaml Normal file
View File

@ -0,0 +1,34 @@
---
#dns_servers:
# - 173.255.199.5
# - 66.228.53.5
# - 96.126.122.5
# - 96.126.124.5
# - 96.126.127.5
# - 198.58.107.5
# - 198.58.111.5
# - 23.239.24.5
# - 72.14.179.5
# - 72.14.188.5
# - 2600:3c00::5
# - 2600:3c00::6
# - 2600:3c00::7
# - 2600:3c00::8
# - 2600:3c00::9
# - 2600:3c00::b
# - 2600:3c00::c
dns_servers:
- 8.8.8.8
- 1.1.1.1
- 9.9.9.9
timezone: Etc/UTC
#vm_guest_qemu_agent_package_state: absent
vm_guest_qemu_agent_service_state: stopped
vm_guest_qemu_agent_service_enabled: false
#vm_guest_spice_agent_package_state: absent
vm_guest_spice_agent_service_state: stopped
vm_guest_spice_agent_service_enabled: false

142
group_vars/minecraft_servers/main.yaml Normal file
View File

@ -0,0 +1,142 @@
---
node_exporter_machine_roles:
- minecraft
firewall_allowed_tcp_ports:
- 25565
- 8123
firewall_minecraft_enabled: true
minecraft_worlds:
- name: vanilla
- name: skyblock
port: 25566
state: stopped
enabled: no
minecraft_ops:
- uuid: ce962d5b-590a-46b8-8372-f3254ca52a57
name: chill9
level: 4
bypassesPlayerLimit: true
- uuid: cfb8c434-98da-460a-91e5-2321fa8bdc5e
name: totums
level: 3
bypassesPlayerLimit: true
minecraft_whitelist:
- uuid: ce962d5b-590a-46b8-8372-f3254ca52a57
name: rcavicchioni
- uuid: cfb8c434-98da-460a-91e5-2321fa8bdc5e
name: totums
- uuid: 70f36187-6e2e-4c24-9dd6-1addc477760a
name: Vandic
#firewall_ipset_bogons: []
users_authorized_keys:
- name: ryan
keys: "{{ user_authorized_keys_hash['ryan'] }}"
- name: root
keys: "{{ user_authorized_keys_hash['ryan'] }}"
rclone_config:
- name: mine0-b2
type: b2
account: "{{ vault_rclone_minecraft_b2_account }}"
key: "{{ vault_rclone_minecraft_b2_key }}"
rclone_cron:
- name: minecraft-rclone
hour: 10
minute: 0
job: "rclone --config {{ rclone_config_path }}/mine0-b2.conf copy --skip-links {{ minecraft_backup_path }} mine0-b2:kill0-minecraft-backup"
state: absent
restic_jobs:
- name: system
repo: b2
paths:
- /
exclude:
- /opt/minecraft
- /var/opt/minecraft
- /var/opt/craftbukkit
- name: minecraft
repo: b2
paths:
- /var/opt/minecraft
hooks:
- minecraft.sh
cron:
hour: 11
minute: 0
- name: craftbukkit
repo: b2
paths:
- /var/opt/craftbukkit
hooks:
- craftbukkit.sh
cron:
hour: 11
minute: 0
state: absent
minecraft_discord_config:
webhook_id: "{{ vault_minecraft_discord_webhook_id }}"
webhook_token: "{{ vault_minecraft_discord_webhook_token }}"
craftbukkit_discord_config:
webhook_id: "{{ vault_craftbukkit_discord_webhook_id }}"
webhook_token: "{{ vault_craftbukkit_discord_webhook_token }}"
craftbukkit_port: 25565
craftbukkit_service_state: stopped
craftbukkit_service_enabled: no
minecraft_port: 25566
minecraft_service_state: started
minecraft_service_enabled: yes
telegraf_config_d:
- name: filecount
config:
inputs.filecount:
- directories:
- /var/opt/craftbukkit
- /var/opt/craftbukkit/world
- /var/opt/craftbukkit/world_nether
- /var/opt/craftbukkit/world_the_end
- /var/opt/minecraft
- /var/opt/minecraft/world
- /var/opt/minecraft/world/DIM1
- /var/opt/minecraft/world/DIM-1
- name: craftbukkit
config:
inputs.procstat:
- systemd_unit: craftbukkit.service
- name: ping
config:
inputs.ping:
- urls:
- 10.255.0.1
count: 10
ipv6: false
binary: ping4
minecraft_config:
white-list: true
enforce-whitelist: true
server-port: 25565
motd: chill9's world
node_exporter_du_directories:
- /var/log/syslog
- /var/spool/rsyslog
- /var/opt/minecraft/world
minecraft_java_xms: 2g
minecraft_java_xmx: 2g
# vim:ft=yaml.ansible:

30
group_vars/minecraft_servers/vault.yaml Normal file
View File

@ -0,0 +1,30 @@
$ANSIBLE_VAULT;1.1;AES256
31636365373462663962383861643161353262323632303936643232393865663838663563333834
3462313431356236353765386634396464633864343462330a616231393633326461666535663034
33373639343662396336616239396133626166663838633537303563616532633661363238333331
6463393063323334310a363762336431376238656137373934623661353665336265373630623735
35323230656662313737626438333862653938393133386532353531376161663730313830343136
39643565623339626436313037323630376335623066383136376437386331633166636437393030
31303462623336643437623965643236356163373164346533663263623338353866646437616261
37633164353231353061383739366534643231306465633162353461333536396263393831616637
39303866643661333737333735636465373562306334653533343732656233353661333634663230
35616564303333353866636538343538396137333636383762613739616633353430386564643939
33353133613032336434353038663266376264656336346537363065326430643635636338383432
31326263333863346136373131663666323363343830653366616139393237393537626137363165
33366339396130653463356561646464356264623363663239613833353033383464346134636237
38356261313839623739376563613161313534346434393066356165636464313938353439383762
39623436366262366463326639646337343637303837626636613361613565383464623361316331
39633733663535323336616638336234323531656332373531356435363363656566663034613330
61326565326361393033396130353137313965363539323533396537383734333162346365636138
35623366316565343032646366333962636635613230623331393736363933323965623830323464
31636137623064616534346431333538333231393837313830343962613738363261636364626165
33313939383532623935643363616465613561353866623138366664643064373635386635613538
66356465376432336564303462313435383365663231626361336364633132623039383130663365
33333731356465646332623834663530396536336335343462343738383862633734666436353662
32663366663264623134393536396439633764353937303733393332633135623233653065623761
61323830323662623939386265303263356662643464613363343230636531343537333561646239
64316630393466373066646262653332373038376561363166396436313737386165656563376265
35353563656430616265326261656237383532643261633034363437386637633838333638313534
36623337663330303465353061376136656161373465323131373636613933373838623466313965
36333465386363363437653739323733633032396437376262656133643639653161643335386463
3330

596
group_vars/monitor_servers/main.yaml Normal file
View File

@ -0,0 +1,596 @@
---
node_exporter_machine_roles:
- monitor
- stats
prometheus_web_external_url: https://monitor.kill0.net/prometheus
alertmanager_web_external_url: https://monitor.kill0.net/alertmanager
prometheus_web_route_prefix: /
alertmanager_web_route_prefix: /
prometheus_file_sd_config_d_files: []
prometheus_config:
global:
scrape_interval: 15s
external_labels:
cluster: 1
region: dallas
provider: linode
replica: A
remote_write:
- url: http://localhost:9009/api/v1/push
headers:
X-Scope-OrgID: kill0-net
alerting:
alertmanagers:
- static_configs:
- targets:
- localhost:9093
scrape_configs:
- job_name: prometheus
scrape_interval: 5s
static_configs:
- targets:
- localhost:9090
- job_name: alertmanager
scrape_interval: 5s
static_configs:
- targets:
- localhost:9093
- job_name: pushgateway
scrape_interval: 5s
static_configs:
- targets:
- jump0.kill0.net:9091
- job_name: node
scrape_interval: 5s
static_configs:
- targets:
- jump0.kill0.net:9100
- mine0.kill0.net:9100
relabel_configs:
- source_labels: [__address__]
target_label: instance
regex: (.+):\d+
replacement: $1
- job_name: mtail
scrape_interval: 5s
static_configs:
- targets:
- jump0.kill0.net:3903
- mine0.kill0.net:3903
relabel_configs:
- source_labels: [__address__]
target_label: instance
regex: (.+):\d+
replacement: $1
- job_name: blackbox
scrape_interval: 5s
static_configs:
- targets:
- jump0.kill0.net:9115
- mine0.kill0.net:9115
- job_name: blackbox-icmp4
metrics_path: /probe
params:
module:
- icmpv4
static_configs:
- targets:
- dns.google
- vpn-home.kill0.net
- ping-home.kill0.net
- 169.254.0.2
- vpn1-sch.corp.nmi.com
- gp-chi.ops.nmi.com
- gp-ash.ops.nmi.com
- 172.16.100.1
- 172.16.100.2
- 172.16.10.16
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115 # The blackbox exporter's real hostname:port.
- job_name: blackbox-icmp6
metrics_path: /probe
params:
module:
- icmpv6
static_configs:
- targets:
- dns.google
- ping-home.kill0.net
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115 # The blackbox exporter's real hostname:port.
- job_name: blackbox-tcp4
metrics_path: /probe
params:
module:
- tcp_connect4
static_configs:
- targets:
- mine0.kill0.net:25565
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115 # The blackbox exporter's real hostname:port.
- job_name: blackbox-tcp6
metrics_path: /probe
params:
module:
- tcp_connect6
static_configs:
- targets:
- mine0.kill0.net:25565
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115 # The blackbox exporter's real hostname:port.
- job_name: blackbox-http
metrics_path: /probe
params:
module:
- http_2xx
static_configs:
- targets:
- https://cavi.cc
- https://git.kill0.net
- https://stats.kill0.net
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115 # The blackbox exporter's real hostname:port.
- job_name: thanos-sidecar
scrape_interval: 5s
static_configs:
- targets:
- "localhost:10902"
- job_name: thanos-query
scrape_interval: 5s
static_configs:
- targets:
- "localhost:10904"
- job_name: thanos-store
scrape_interval: 5s
static_configs:
- targets:
- "localhost:10902"
- job_name: thanos-compact
scrape_interval: 5s
static_configs:
- targets:
- "localhost:10912"
- job_name: grafana
scrape_interval: 5s
static_configs:
- targets:
- "localhost:3002"
# - job_name: process-exporter
# scrape_interval: 5s
# static_configs:
# - targets:
# - "localhost:9256"
- job_name: loki
scrape_interval: 5s
static_configs:
- targets:
- "localhost:3100"
- job_name: promtail
scrape_interval: 5s
static_configs:
- targets:
- jump0.kill0.net:9080
- mine0.kill0.net:9080
- job_name: gitea
scrape_interval: 5s
static_configs:
- targets:
- localhost:3001
- job_name: karma
scrape_interval: 5s
static_configs:
- targets:
- localhost:8080
- job_name: kthxbye
scrape_interval: 5s
static_configs:
- targets:
- localhost:8081
- job_name: smokeping
scrape_interval: 5s
static_configs:
- targets:
- localhost:9374
- job_name: mimir
scrape_interval: 5s
static_configs:
- targets:
- localhost:9009
- &snmp_job
job_name: snmp
static_configs:
- targets:
- 172.16.100.1
- 172.16.100.2
metrics_path: /snmp
params:
auth: [public_v2]
module:
- if_mib
- ip_mib
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9116
- job_name: snmp_exporter
static_configs:
- targets:
- localhost:9116
- <<: *snmp_job
job_name: snmp-long
scrape_interval: 30s
scrape_timeout: 30s
static_configs:
- targets: []
rule_files:
- rules.yaml
prometheus_rules_config:
groups:
- name: alertmanager.rules
rules:
- alert: PrometheusAlertmanagerJobMissing
expr: absent(up{job="alertmanager"})
for: 0m
labels:
severity: warning
annotations:
summary: "{% raw %} Prometheus AlertManager job missing (instance {{ $labels.instance }}){% endraw %}"
description: "{% raw %}A Prometheus AlertManager job has disappeared\n VALUE = {{ $value }}\n LABELS = {{ $labels }}{% endraw %}"
- alert: PrometheusAlertmanagerE2eDeadManSwitch
expr: vector(1)
for: 0m
labels:
severity: critical
annotations:
summary: "{% raw %}Prometheus AlertManager E2E dead man switch (instance {{ $labels.instance }}){% endraw %}"
description: "{% raw %}Prometheus DeadManSwitch is an always-firing alert. It's used as an end-to-end test of Prometheus through the Alertmanager.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}{% endraw %}"
- name: node.rules
rules:
- record: is_dst
expr: |
(vector(0) and (month() < 3 or month() > 11))
or
(vector(1) and (month() > 3 and month() < 11))
or
(vector(1) and month() == 3 and (day_of_month() - day_of_week()) >= 8 and absent(day_of_week() == 0 and day_of_month() >= 8 and day_of_month() <= 14))
or
(vector(1) and month() == 11 and (day_of_month() - day_of_week()) <= 0)
or
(vector(1) and month() == 3 and day_of_month() >= 8 and day_of_month() <= 14 and day_of_week() == 0 and hour() >= 8)
or
(vector(1) and month() == 11 and day_of_month() >= 1 and day_of_month() <= 7 and day_of_week() == 0 and hour() < 7)
or
vector(0)
- record: america_chicago_time
expr: time() - ((6 * 3600) - (3600 * is_dst))
- record: america_chicago_hour
expr: hour(america_chicago_time)
- alert: InstanceDown
expr: up{job="node"} == 0
for: 1m
- alert: ThanosServiceDown
expr: up{job=~"thanos.+"} == 0
labels:
severity: critical
- alert: Down
expr: up == 0
labels:
severity: critical
- alert: FileSystemUsage
expr: ((node_filesystem_size_bytes{mountpoint!~"fuse.lxcfs|tmpfs"} - node_filesystem_free_bytes) / node_filesystem_size_bytes) > 0.80
for: 1m
- alert: FileSystemReadOnly
expr: node_filesystem_readonly{fstype!~"fuse.lxcfs|tmpfs"} == 1
- alert: RebootRequired
expr: node_reboot_required > 0
for: 15m
- alert: AptUpgradesPending
expr: apt_upgrades_pending > 0
for: 1d
- alert: ResticSystemJobLastRun
expr: (time() - node_restic_last_run_time{restic_job="system"}) > 7200
for: 2h
- alert: ResticMinecraftJobLastRun
expr: (time() - node_restic_last_run_time{restic_job=~"minecraft"}) > 86400
for: 2h
- alert: MinecraftUnitInactive
expr: node_systemd_unit_state{name="minecraft.service",state="inactive"} == 1
for: 15m
- alert: GiteaUnitInactive
expr: node_systemd_unit_state{name="gitea.service",state="inactive"} == 1
for: 15m
- alert: MaintenanceMode
expr: maintenance_mode == 1
for: 1m
- name: blackbox.rules
rules:
- alert: ServiceDown
expr: probe_success{job!~"blackbox-icmp[0-9]"} == 0
for: 1m
- alert: PingDown
expr: probe_success{job=~"blackbox-icmp[0-9]"} == 0
for: 15s
- alert: CertExpiry
expr: ((probe_ssl_earliest_cert_expiry{job="blackbox-http"} - time()) / 86400) < 30
for: 15s
labels:
severity: warning
annotations:
# summary: Certificates expiring in < 30 days
summary: "{% raw %}Blackbox SSL certificate will expire soon (instance {{ $labels.instance }}){% endraw %}"
description: "{% raw %}SSL certificate expires in 30 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}{% endraw %}"
- alert: CertExpiry
expr: ((probe_ssl_earliest_cert_expiry{job="blackbox-http"} - time()) / 86400) < 14
for: 15s
labels:
severity: critical
annotations:
# summary: Certificates expiring in < 14 days
summary: "{% raw %}Blackbox SSL certificate will expire soon (instance {{ $labels.instance }}){% endraw %}"
description: "{% raw %}SSL certificate expires in 14 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}{% endraw %}"
- name: snmp.rules
rules:
- alert: PortDown
expr: ifAdminStatus{ifName=~"(Gi|eth).+", ifAlias!~".+laptop|notebook.+"} == 1 and ifOperStatus == 2
for: 1m
- alert: PortFlapping
expr: changes(ifOperStatus{ifName=~"(Gi|eth).+"}[5m]) > 2
blackbox_exporter_config:
modules:
icmpv4:
prober: icmp
timeout: 5s
icmp:
preferred_ip_protocol: ip4
icmpv6:
prober: icmp
timeout: 5s
icmp:
preferred_ip_protocol: ip6
tcp_connect4:
prober: tcp
timeout: 5s
tcp:
preferred_ip_protocol: ip4
tcp_connect6:
prober: tcp
timeout: 5s
tcp:
preferred_ip_protocol: ip6
http_2xx:
prober: http
timeout: 5s
http:
method: GET
alertmanager_config:
inhibit_rules:
- source_match:
alertname: MaintenanceMode
receivers:
- name: blackhole
- name: pushover-receiver
pushover_configs:
- token: "{{ vault_alertmanager_pushover_token }}"
user_key: 28G1x3lT4oUtlck50R1H3e6j8kDHjb
- name: discord
discord_configs:
- webhook_url: "{{ vault_alertmanager_discord_webhook_url }}"
route:
repeat_interval: 24h
receiver: pushover-receiver
routes:
- match:
alertname: MaintenanceMode
receiver: blackhole
- match:
alertname: PrometheusAlertmanagerE2eDeadManSwitch
receiver: blackhole
- receiver: pushover-receiver
mute_time_intervals:
- quiet_hours
continue: true
- receiver: discord
time_intervals:
- name: quiet_hours
time_intervals:
- times:
- start_time: "03:00"
end_time: "15:00"
node_exporter_du_directories:
- /var/log/syslog
- /var/spool/rsyslog
- /var/lib/influxdb
- /var/lib/prometheus
- /var/lib/loki
firewall_ipset_loki:
- 169.254.0.0/24
karma_config:
alertmanager:
interval: 60s
servers:
- name: local
uri: http://localhost:9093
timeout: 10s
proxy: true
readonly: false
healthcheck:
filters:
dms:
- alertname=PrometheusAlertmanagerE2eDeadManSwitch
grid:
sorting:
order: label
reverse: false
label: cluster
customValues:
labels:
severity:
critical: 1
warning: 2
info: 3
auto:
order:
- severity
labels:
color:
custom:
severity:
- value: info
color: "#87c4e0"
- value: warning
color: "#ffae42"
- value: critical
color: "#ff220c"
alertAcknowledgement:
enabled: true
thanos_bucket_config: "{{ vault_thanos_bucket_config }}"
kthxbye_listen: :8081
loki_storage_config:
tsdb_shipper:
active_index_directory: "{{ loki_var_path }}/tsdb-index"
cache_location: "{{ loki_var_path }}/tsdb-cache"
gcs:
bucket_name: kill0-net-loki
service_account: "{{ vault_loki_gcs_service_account | string }}"
loki_schema_config:
configs:
- from: 2023-08-11
index:
period: 24h
prefix: index_
object_store: gcs
schema: v12
store: tsdb
- from: 2024-04-10
index:
period: 24h
prefix: index_
object_store: gcs
schema: v13
store: tsdb
loki_query_scheduler:
max_outstanding_requests_per_tenant: 32768
loki_querier:
max_concurrent: 16
loki_compactor:
working_directory: "{{ loki_var_path }}/retention"
delete_request_store: gcs
compaction_interval: 10m
retention_enabled: true
retention_delete_delay: 2h
retention_delete_worker_count: 150
loki_ruler:
alertmanager_url: http://localhost:9093
storage:
type: gcs
gcs:
bucket_name: kill0-net-loki
service_account: "{{ vault_loki_gcs_service_account | string }}"
ring:
kvstore:
store: inmemory
enable_api: true
rsyslog_d:
- name: loki
priority: 10
content: |
if $hostname == [ "ap0", "coresw0", "fw0", "power0", "172.16.100.1", "172.16.100.2" ] then {
action(
type="omfwd"
target="localhost"
port="1514"
protocol="tcp"
action.resumeretrycount="-1"
queue.type="linkedlist"
queue.size="1000000"
queue.filename="loki-fwd"
queue.saveonshutdown="on"
keepalive="on"
template="RSYSLOG_SyslogProtocol23Format"
tcp_framing="octet-counted"
)
}
smokeping_prober_config:
targets:
- hosts:
- dns.google
- vpn-home.kill0.net
- ping-home.kill0.net
- vpn1-sch.corp.nmi.com
- gp-chi.ops.nmi.com
- gp-ash.ops.nmi.com
- 169.254.0.2
- 172.16.100.1
- 172.16.100.2
- 172.16.10.16
network: ip4
- hosts:
- dns.google
- ping-home.kill0.net
- fc00::ffff:169.255.0.2
- fc00::ffff:169.255.0.16
network: ip6
mimir_common:
storage:
backend: gcs
gcs:
bucket_name: kill0-net-mimir
service_account: "{{ vault_mimir_gcs_service_account | string }}"
mimir_blocks_storage:
storage_prefix: blocks
mimir_alertmanager_storage:
storage_prefix: alertmanager
mimir_ruler_storage:
storage_prefix: ruler

17
group_vars/monitor_servers/vault.yaml Normal file
View File

@ -0,0 +1,17 @@
$ANSIBLE_VAULT;1.1;AES256
35346264373635663161356339313438613932623165613239353162316265333231623434383030
6435323137313638633663356635373464393730663834320a346362633362323864373636346165
37363637663037653932313165653333643833376133383336363930623338333134623562353239
6430363062323865650a363330653031383666386637633333646339393064396330313037363239
30626538373432633031666264646236613936333965366430653031303131626161376633346435
63323165366666663362353661353634636339393930343862336132613466636131343861343835
64633531336139353961626565363434316230393739626531366661653132616566363234393036
35656331383038396665376236373531323931313632656331356235353664636264393664346131
38633038303364373166366633646330393636366134626437376662386235626233633831363062
32636461646661613734353739663934333365313932306363666464656236366634653032303031
34333032373935343366626537386231306666663934326664353432323338353235306231363464
64653561663662363064313436653036613038633033623737666335636331656461653535643864
62376539343761666366333331373164623230663639373231373763653938343535646166303639
31616463316364366130653033643935356461363938386264306162623933336338363365316162
63396436316338306136616265643562353931356239393661333161396537653366643765303031
64323639653263323837

29
group_vars/rabbitmq_servers/main.yaml Normal file
View File

@ -0,0 +1,29 @@
---
keepalived_vrrp_scripts:
chk_rabbitmq:
script: rabbitmq-diagnostics -q check_running
interval: 15
weight: -2
# script: /usr/bin/systemctl is-active --quiet rabbitmq-server
# interval: 2
# weight: -4
# chk_amqp_port:
# script: </dev/tcp/127.0.0.1/5672
# interval: 1
# weight: -2
keepalived_vrrp_instances:
VI_1:
state: BACKUP
interface: eth0
virtual_router_id: 51
authentication:
auth_type: PASS
auth_pass: asdf
unicast_peer: |
{{ groups['rabbitmq_servers'] | map('extract', hostvars, ['ansible_eth0', 'ipv4', 'address']) | difference([ansible_default_ipv4.address])| list }}
virtual_ipaddress:
- 10.100.100.20/24
track_script:
- chk_rabbitmq
- chk_amqp_port

76
group_vars/stats_servers/main.yaml Normal file
View File

@ -0,0 +1,76 @@
---
grafana_package_version:
grafana_package_name: "grafana{{grafana_package_version}}"
grafana_package_state: present
grafana_service_name: grafana-server.service
grafana_service_state: started
grafana_service_enabled: true
grafana_etc_path: /etc/grafana
grafana_config_path: "{{ grafana_etc_path }}/grafana.ini"
grafana_provisioning_path: /etc/grafana/provisioning
grafana_domain: "stats.{{ ansible_domain }}"
grafana_port: 3002
grafana_user: grafana
grafana_group: grafana
grafana_config:
server:
domain: "{{ grafana_domain }}"
root_url: "https://{{ grafana_domain }}"
http_addr: localhost
http_port: "{{ grafana_port }}"
grafana_ssl_enabled: true
grafana_ssl_certificate: "/var/lib/lego/certificates/{{ grafana_domain }}.crt"
grafana_ssl_certificate_key: "/var/lib/lego/certificates/{{ grafana_domain }}.key"
grafana_datasources:
apiVersion: 1
deleteDatasources:
- name: influxdb
orgId: 1
datasources:
- name: Prometheus
type: prometheus
access: proxy
orgId: 1
url: http://localhost:9090
isDefault: true
version: 1
- name: Thanos
type: prometheus
access: proxy
orgId: 1
url: http://localhost:10913
version: 1
grafana_dashboards:
apiVersion: 1
providers:
- name: ansible
folder: Built-in
type: file
options:
path: /var/lib/grafana/dashboards
grafana_dashboard_files:
- connectivity.json
- home-networking.json
- iptables.json
- nginx.json
- processes.json
- switching.json
- system.json
- ups.json
firewall_ipset_influxdb:
- 172.16.100.16
- 10.255.0.17
telegraf_config_outputs:
influxdb:
urls:
- http://localhost:8086

143
host_vars/jump0.kill0.net/all.yaml Normal file
View File

@ -0,0 +1,143 @@
---
certbot_certificates:
- domains:
- monitor.kill0.net
email: rcavicchioni@gmail.com
- domains:
- git.kill0.net
email: rcavicchioni@gmail.com
- domains:
- stats.kill0.net
email: rcavicchioni@gmail.com
- domains:
- jump0.kill0.net
email: rcavicchioni@gmail.com
- domains:
- dl.kill0.net
email: rcavicchioni@gmail.com
- domains:
- cavi.cc
email: rcavicchioni@gmail.com
- domains:
- proxy.kill0.net
email: rcavicchioni@gmail.com
lego_user_environ:
GCE_PROJECT: kill0-net
GCE_SERVICE_ACCOUNT_FILE: "{{ lego_etc_dir_path }}/credentials.json"
lego_bin_user_args:
- --email rcavicchioni@gmail.com
- --dns gcloud
lego_bin_renew_user_args:
- --renew-hook "systemctl reload nginx"
lego_domains:
- name: cavi.cc
- name: dl.kill0.net
- name: git.kill0.net
- name: monitor.kill0.net
- name: proxy.kill0.net
- name: stats.kill0.net
autossh_config: []
wireguard_interfaces:
wg0:
address:
- 169.254.0.1/24
- fc00::ffff:169.254.0.1/64
private_key: "{{ vault_wireguard_private_keys.wg0 }}"
listen_port: 51820
table: 'off'
wg1:
address:
- 192.168.255.1/24
- fc01::ffff:192.168.255.1/128
- 2600:3c00:e000:343::ffff:192.168.255.1/128
private_key: "{{ vault_wireguard_private_keys.wg1 }}"
listen_port: 51821
restic_tidy_enabled: true
nginx_htpasswd_files: "{{ vault_nginx_htpasswd_files }}"
nginx_vhosts:
cavicc:
server:
- server_name: cavi.cc
root: /var/www/cavicc
listen:
- 80
- "[::]:80"
raw: |
location / {
return 301 https://$server_name$request_uri;
}
- server_name: cavi.cc
root: /var/www/cavicc
listen:
- 443 ssl
- "[::]:443 ssl"
ssl_certificate: /var/lib/lego/certificates/cavi.cc.crt
ssl_certificate_key: /var/lib/lego/certificates/cavi.cc.key
# ssl_certificate: /etc/letsencrypt/live/cavi.cc/fullchain.pem
# ssl_certificate_key: /etc/letsencrypt/live/cavi.cc/privkey.pem
raw: |
location / {
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
}
proxy:
upstream:
- name: loki_backend
server:
- localhost:3100
#- name: prometheus_backend
# server:
# - localhost:9090
map:
- name: $http_upgrade
variable: $connection_upgrade
content:
default: upgrade
'': close
server:
- server_name: proxy.kill0.net
root: /var/empty
listen:
- 80
- "[::]:80"
raw: |
location / {
return 301 https://$server_name$request_uri;
}
- server_name: proxy.kill0.net
root: /var/empty
listen:
- 443 ssl
- "[::]:443 ssl"
# ssl_certificate: /etc/letsencrypt/live/proxy.kill0.net/fullchain.pem
# ssl_certificate_key: /etc/letsencrypt/live/proxy.kill0.net/privkey.pem
ssl_certificate: /var/lib/lego/certificates/proxy.kill0.net.crt
ssl_certificate_key: /var/lib/lego/certificates/proxy.kill0.net.key
raw: |
auth_basic "Proxy";
auth_basic_user_file /etc/nginx/proxy.htpasswd;
location / {
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
}
location /loki {
proxy_http_version 1.1;
proxy_pass http://loki_backend;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
}
location /prometheus/ {
proxy_pass http://prometheus_backend/;
}

12
host_vars/jump0.kill0.net/vault.yaml Normal file
View File

@ -0,0 +1,12 @@
$ANSIBLE_VAULT;1.1;AES256
31636532353835333639653466626338653961343335623738346631646264356432626638363566
6332343266313539393332353439666437373536383262380a643366376136666231323665363334
36646636326666346163313961653235343533656333346662376338663564376536306638336236
3864626562383134630a363236626532636138363761636661333065663539376166656665656635
64653365646439313633626235313061646264666436653837343964373465303664323438363633
63363633373065663865343138396134333966333438316664626439303962363039356135363562
66646565323435626639376163396337366433636535376337636135383834346138663138646163
39373361333961386466306464383930336637326465353938313339626538326564623739333534
38363561383566393439353536383134363239653835373138383733363438666261616565346137
62303436353566343832646264383437323762613163616138346134653238303562373336633866
646138316531636237613063633163373966

168
host_vars/mine0.kill0.net/main.yaml Normal file
View File

@ -0,0 +1,168 @@
openvpn_certificates:
client:
cert.pem: |
subject=C = US, CN = mine0
issuer=C = US, O = chill9, CN = chill9 Sub CA
notBefore=May 22 21:05:36 2020 GMT
notAfter=May 22 21:05:36 2021 GMT
-----BEGIN CERTIFICATE-----
MIIF+jCCA+KgAwIBAgIQc/QIYhesJteIltoVW79aPTANBgkqhkiG9w0BAQsFADA2
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRYwFAYDVQQDDA1jaGlsbDkg
U3ViIENBMB4XDTIwMDUyMjIxMDUzNloXDTIxMDUyMjIxMDUzNlowHTELMAkGA1UE
BhMCVVMxDjAMBgNVBAMMBW1pbmUwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEA6Hy3MAmQHNNLFOxs4KWQr6I/m+SLhsGGcLiwp8cxfxpjj6N0S/BuzaaS
rhKwFF0/BwlFzixUVUmLhEpxS+PCtRncPZ42XmnWn60zG1QvUnRh3o9viG0MB/8m
nkWFFn1Xxu5iwQhdGHrltj/f4gx1BmzwKJrsE06dMnmDfrg53r7YlQSbQQXUaCzu
rVc5IsZ60xuHTOke4MpO4qxjYH7BCjl1iPszUUDkOYu5/IbdbKcVq2zGszwRr+wn
v/qnzM8QX2BpHgckK09rxTuLjBXZpHof5HQgx47nkwRMQ/FpJ9VoIMfjJgatCJX1
TEi4KHH6+h7wNX1kuDTBGlZ+Qt6y7dQ6zPBh/1twfnb4G1BNGoY8h1/8rlBUZ7xS
thedf+8xRB4g2VPjvdnPf0S2Dc/9LRdIXNBdEORC7KvViAaa0kHhsnPgUj76/4fD
WN1BPdzc8cyhpim5ujzhMP+7UOORFGYR/PzVAG6/+cR8oJLV+xhSxYQ4mK98m5WI
moz2ByR4H5AJGJDCksRir8UWUlU1cvfaN0LUa32+nwfEYmePivDg9ZqT/pHNP3HM
vAi4CpHDISHDpcEOmvMqBu+WjR6RXsJgIOAWve0ss52RgDmRnLKcEPO0JlSclnYP
aQ7Wd1U8tjSQ0eVFpZTwcSgJa/qlWAPoZKeEu4ZP2f2fOyIt8ikCAwEAAaOCARsw
ggEXMG0GCCsGAQUFBwEBBGEwXzAuBggrBgEFBQcwAoYiaHR0cDovL3N1Yi1jYS5r
aWxsMC5uZXQvc3ViLWNhLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Auc3Vi
LWNhLmtpbGwwLm5ldDo5MDgxMB8GA1UdIwQYMBaAFJOG08B9HQUbJGvNpVWmdE9h
W+klMAwGA1UdEwEB/wQCMAAwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL3N1Yi1j
YS5raWxsMC5uZXQvc3ViLWNhLmNybDATBgNVHSUEDDAKBggrBgEFBQcDAjAOBgNV
HQ8BAf8EBAMCB4AwHQYDVR0OBBYEFJgxGGFAhajXuZjJXBmyUTqcYmMZMA0GCSqG
SIb3DQEBCwUAA4ICAQBV1xYKgGLHg+JuHvKruwV1c0pSvlk5Z+NH0xsras7z1piV
F63/TzBJG5HuE7UXBXuEtG1venO/x6HHDEMYnxetHGwk7FuOuP+T/Nz4htupHe9/
nwITmBjOp6znf4s/3DiJL4z+XSx/HY4GjRt2g5sfDYYYg8sidABJDjKD9Rz5Gdga
gqF7wIZreCpwHzuajoo+AkcrKxzraOxXPkWlKMqJklNGhg28jHu/U99pcH5hw3Eu
gEfuBvYTp5fEGlKXb8U2kBRguaZh2iWxZqqnC6ECybIeMK3Sf+6lMA6VkiZT8Rzi
/BCHCjEJq0PuMFrQk9z9+jGJRst3R9i9OH6MAkaVD695C3TK2xtPo5U5DcMhq5DY
TXbCMkwLBnaPr9vM/XdD9pTlnMiMaPa3ZB/k6ianTADuSdqBZgqR2/h5URUXzyFz
L/rcl90WhTm68K8O6yIKAOMC2udTArvPHbvBMPtTPFoT1sFSn3JIOSiLS5fvGWv+
eyFwTgIJbfCDR/aNxl7u5XZ/RcoOMifYSwEufsZtsEJi8/QvSr//L03Pdhz/kDaK
rVZKRytoGoJM1A1ydMhcFjmwdxB/n6j6Kg8Eve4O7YDVYHOkfbPUM19BVG4snIMl
lKE0IC7wIfa/gHWKxRt/QBaojwQEbViILR2QZ4PXULNVSrNKeRQouZyfbXZdUg==
-----END CERTIFICATE-----
subject=C = US, O = chill9, CN = chill9 Sub CA
issuer=C = US, O = chill9, CN = chill9 Root CA
notBefore=May 17 01:19:29 2020 GMT
notAfter=May 15 01:19:29 2030 GMT
-----BEGIN CERTIFICATE-----
MIIGnjCCBIagAwIBAgIQdRhWyOcUQ+uIEypQfJLvqjANBgkqhkiG9w0BAQsFADA3
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
Um9vdCBDQTAeFw0yMDA1MTcwMTE5MjlaFw0zMDA1MTUwMTE5MjlaMDYxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFjAUBgNVBAMMDWNoaWxsOSBTdWIgQ0Ew
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsP549Xs/Dzfw3HHGhDlIT
dFun9cqsCmyaXJSMOFZqZSyGJg4WASJRW797lnQlsOfLk7x8fR7I1CkWF9x3KDVi
A9MvJTlFgdYGF27LNGP7zo3ZNB99oA+NtHhoIhclprzT4qmHSk6tz31uJV42jNBH
km3m4wqH3NlqOqWbkw8nC9yF0/qCz1UyG/wSIQr3UpN5c96WWE3Bt6rKW7vEZ//i
t4nDzRV+pttv5O/L5DQdhG01NKD0XxH0q8SocdTPIsDO0ZUQwVFYcxJYB0pPab8V
Uk4+bzb8hN+mO2vyO5DK01efiNVfMZ7NDxQXvU6cMs4c+S/BtC9PWO0hR0hJm/hw
vg1RdhyfOVATVfviiEG8YQdl8sIHk3qYGdGJyrZHIOlssgnKdeGlLHbYXtHPFAk/
gvZMtR2t0VKXVQR03Yz5llF9okKCAbmHmntLFcM5hHJxEl0phqbLLcBh+130Qb7q
K/CRSHnPfzL04KW9cw5b0cNOn728M5Fj2Q8IQvY5m0NYDbaZf0qF34OyixtGIE8n
dJupLDSp6KkHlrIfedpgNwi16y5cy4Uw/aTCGcIO/WZZO6Q59R+xlobw8VQc4V/i
pqSiQK0wEuDtq9uw7r+GV9BDoxfmbHygeKFV+Ee9UXQ/FMPhItSQTMlFhrci6U75
e+iOnmh3AkldPZ3Z6TpfsQIDAQABo4IBpTCCAaEwcAYIKwYBBQUHAQEEZDBiMDAG
CCsGAQUFBzAChiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQvcm9vdC1jYS5jcnQw
LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3QtY2Eua2lsbDAubmV0OjkwODAw
HwYDVR0jBBgwFoAUcUb1TFf68x7gTS4RnYurKV2YeRswEgYDVR0TAQH/BAgwBgEB
/wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQv
cm9vdC1jYS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1Ud
DwEB/wQEAwIBBjBzBgNVHR4EbDBqoDYwC4IJa2lsbDAubmV0MAuCCWtpbGwwLmNv
bTAMggpjaGlsbDkubmV0MAyCCmNoaWxsOS5jb22hMDAKhwgAAAAAAAAAADAihyAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdBgNVHQ4EFgQUk4bTwH0d
BRska82lVaZ0T2Fb6SUwDQYJKoZIhvcNAQELBQADggIBAENgGWgn3geR6Ciz9YsE
x4594ew+JJ9uiiPoHSUxw95NuVa2WpB1/UZoL93lm3sEqqzR6FYEeP5JWuvlrw4Q
TJpzXBo/0Ik5BX2eTcW1HlhXxHV0HnzjKd8eldxDsY78ve46d9DfHLYk4zdn7OVj
TLVokJvbL9jEIOfH2OJu8Ow+5jNmKQzmv4aNmG9RHoqDkgBmRgbrWJkhZ9xVqSb4
jKBDsNovLkkW2Xm0RxJVc9B3sE15aDq06UeT1BfCXL7xH1ABjX5tV4LegJUsaTlU
EMOyXYdxoEnqKw/f7Qns/lsq6Gzbx+RDXnShBPsrJX/TTcqc/KETu1z6zwxnb4PO
uwK1VHUcOB27hA6STfe9HqiJwdSSQG1aFmk+nCN0IqeC7oXS8z27Lbjzx182osAZ
F7oLtdctWav9sAo03M3MLapdgzM66weNzdfw7z6vsxE6qxB+4U95IplVAaWCqFfr
USrr4BmYi6yD9xbGT8f0diQ7DsA0ki8QPpZD6bzlUoO5pZ+qv49wFh+1wb4gjEYi
ReBLvIHjVYL1GPSR1vrCzP+/i0Rhc+8sHgC2lpuUj4E2swBBuHhUsgSpaCcvV5ID
qCBR4ak3EYuWzKYJCakhauIW8G7QDhO1XuPKqOk93qRpwZveUFMQjDa2xDEElxZJ
utoYQ7uVeeWbAD+clJpc2kky
-----END CERTIFICATE-----
ca.pem: |
subject=C = US, O = chill9, CN = chill9 Sub CA
issuer=C = US, O = chill9, CN = chill9 Root CA
notBefore=May 17 01:19:29 2020 GMT
notAfter=May 15 01:19:29 2030 GMT
-----BEGIN CERTIFICATE-----
MIIGnjCCBIagAwIBAgIQdRhWyOcUQ+uIEypQfJLvqjANBgkqhkiG9w0BAQsFADA3
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
Um9vdCBDQTAeFw0yMDA1MTcwMTE5MjlaFw0zMDA1MTUwMTE5MjlaMDYxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFjAUBgNVBAMMDWNoaWxsOSBTdWIgQ0Ew
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsP549Xs/Dzfw3HHGhDlIT
dFun9cqsCmyaXJSMOFZqZSyGJg4WASJRW797lnQlsOfLk7x8fR7I1CkWF9x3KDVi
A9MvJTlFgdYGF27LNGP7zo3ZNB99oA+NtHhoIhclprzT4qmHSk6tz31uJV42jNBH
km3m4wqH3NlqOqWbkw8nC9yF0/qCz1UyG/wSIQr3UpN5c96WWE3Bt6rKW7vEZ//i
t4nDzRV+pttv5O/L5DQdhG01NKD0XxH0q8SocdTPIsDO0ZUQwVFYcxJYB0pPab8V
Uk4+bzb8hN+mO2vyO5DK01efiNVfMZ7NDxQXvU6cMs4c+S/BtC9PWO0hR0hJm/hw
vg1RdhyfOVATVfviiEG8YQdl8sIHk3qYGdGJyrZHIOlssgnKdeGlLHbYXtHPFAk/
gvZMtR2t0VKXVQR03Yz5llF9okKCAbmHmntLFcM5hHJxEl0phqbLLcBh+130Qb7q
K/CRSHnPfzL04KW9cw5b0cNOn728M5Fj2Q8IQvY5m0NYDbaZf0qF34OyixtGIE8n
dJupLDSp6KkHlrIfedpgNwi16y5cy4Uw/aTCGcIO/WZZO6Q59R+xlobw8VQc4V/i
pqSiQK0wEuDtq9uw7r+GV9BDoxfmbHygeKFV+Ee9UXQ/FMPhItSQTMlFhrci6U75
e+iOnmh3AkldPZ3Z6TpfsQIDAQABo4IBpTCCAaEwcAYIKwYBBQUHAQEEZDBiMDAG
CCsGAQUFBzAChiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQvcm9vdC1jYS5jcnQw
LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3QtY2Eua2lsbDAubmV0OjkwODAw
HwYDVR0jBBgwFoAUcUb1TFf68x7gTS4RnYurKV2YeRswEgYDVR0TAQH/BAgwBgEB
/wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQv
cm9vdC1jYS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1Ud
DwEB/wQEAwIBBjBzBgNVHR4EbDBqoDYwC4IJa2lsbDAubmV0MAuCCWtpbGwwLmNv
bTAMggpjaGlsbDkubmV0MAyCCmNoaWxsOS5jb22hMDAKhwgAAAAAAAAAADAihyAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdBgNVHQ4EFgQUk4bTwH0d
BRska82lVaZ0T2Fb6SUwDQYJKoZIhvcNAQELBQADggIBAENgGWgn3geR6Ciz9YsE
x4594ew+JJ9uiiPoHSUxw95NuVa2WpB1/UZoL93lm3sEqqzR6FYEeP5JWuvlrw4Q
TJpzXBo/0Ik5BX2eTcW1HlhXxHV0HnzjKd8eldxDsY78ve46d9DfHLYk4zdn7OVj
TLVokJvbL9jEIOfH2OJu8Ow+5jNmKQzmv4aNmG9RHoqDkgBmRgbrWJkhZ9xVqSb4
jKBDsNovLkkW2Xm0RxJVc9B3sE15aDq06UeT1BfCXL7xH1ABjX5tV4LegJUsaTlU
EMOyXYdxoEnqKw/f7Qns/lsq6Gzbx+RDXnShBPsrJX/TTcqc/KETu1z6zwxnb4PO
uwK1VHUcOB27hA6STfe9HqiJwdSSQG1aFmk+nCN0IqeC7oXS8z27Lbjzx182osAZ
F7oLtdctWav9sAo03M3MLapdgzM66weNzdfw7z6vsxE6qxB+4U95IplVAaWCqFfr
USrr4BmYi6yD9xbGT8f0diQ7DsA0ki8QPpZD6bzlUoO5pZ+qv49wFh+1wb4gjEYi
ReBLvIHjVYL1GPSR1vrCzP+/i0Rhc+8sHgC2lpuUj4E2swBBuHhUsgSpaCcvV5ID
qCBR4ak3EYuWzKYJCakhauIW8G7QDhO1XuPKqOk93qRpwZveUFMQjDa2xDEElxZJ
utoYQ7uVeeWbAD+clJpc2kky
-----END CERTIFICATE-----
subject=C = US, O = chill9, CN = chill9 Root CA
issuer=C = US, O = chill9, CN = chill9 Root CA
notBefore=May 16 17:36:20 2020 GMT
notAfter=May 14 17:36:20 2030 GMT
-----BEGIN CERTIFICATE-----
MIIFOjCCAyKgAwIBAgIQdRhWyOcUQ+uIEypQfJLvqTANBgkqhkiG9w0BAQsFADA3
MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
Um9vdCBDQTAeFw0yMDA1MTYxNzM2MjBaFw0zMDA1MTQxNzM2MjBaMDcxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFzAVBgNVBAMMDmNoaWxsOSBSb290IENB
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAswTensn+vA45WGRp3o/5
LX+wh6PTHAGNluLaZRyUNOg+EunnXAvMBF912D587wLAiC1G9FGOn+8JVws2QITX
+U8Y8L2vhnfGQNCQYvqBfJc5PJt3ZZ35to5tdTRJTeVhNWzIA7qOZh8ualFbCDYd
m6K74SlfEbvKzS02pYWN6wCVXtGOPl7VoOtjg8cOUX6u1pZpBKQfzq3lgLS2oMp0
VuBJeUMiki/O8nCC10VCXcZ9q4bsUvWH9lJB/IqlKt+bG9TjO+vigb9eOSfaILkM
d7NMziP5OQXMjv6NwmJQY7N5TiKWdh9h4G3KS41dr2Oeo+A1FcMEP9nkZb1lX3Ft
9Xzw8jJ99SD36mCEiqndvKA66/pcgMCvPAkkDwoSS+Er4LPcNmY2TVN+mIaF1OaS
Dc1EAXUfjnX8mZlclS/AfCg8TIPCc8o6Neg3DECT2j+IC9bgeoLqZLIuzzLNFrG5
aPNhG+24phHqdZvAkdhHWeEh1GS5uMutvV02hF5MrZLz8ou+56feFpUmeuPzQAfR
0Xbz0ot2JdETmcCTcmZBQ+9oP5DIszJt85wCHJ5S5FewUzsXJs1MQue3NLSM5FBS
hhOq+w6Pp64aaGKKyPi1GeZ1m31sM6w1yFVTQsqqy28GSjd/fQu55ESQ1sM0UhIo
DCUBbNPxycJGh9Ivxii1RqMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHFG9UxX+vMe4E0uEZ2LqyldmHkbMA0GCSqG
SIb3DQEBCwUAA4ICAQCC1jksFZp38JTGFIrNJJ6PgI6xXigtD2Z3KstS1cAIJi/P
/3NPu8iTgoyhNiq7a20tojPJGPlumezy3R5twA16UCq8guGFVEEEkJX+wOM0T4p0
jwtcMOeA6GchzS3+u74kk8oIvvw41K5gU2VU/W2axxnejt/HQMAYaMsD/zcNPXrP
oHAgEP5i7G7fX0FXqERnLU9lgbtTTTuszBnZHIdaUKSoK0Oji46y15pEdhxkVB6t
/BiNPAYM1Pc/Hi366eb6yuY8eJCK94QMQBvYpIjNwThAKclFh8n62KF6gXqj7Hcu
UQr1Z55KOuAlAM7fIBsqL4G2Ihs8yBeJe4YZrkdBqBzpJwOYNj7IsUnxgXYQpkVQ
u5coTbrB8w4Mw8ak+L2McMAYhG5FIndy9GAFEEanrmyiHJW96MHqTD1xY9TyvdN/
Kt/lsYt0W/y6jknv7hU9uP4X/xkZk8z1D+m4jZHRQpnUPL1eSOUPSJ0t+68GQUVJ
NJFmTx/qv1/9lXNy40jecX6sO4ZPLoQydMjwRmSerxki7MP4gxGNuBEpOvoj+ABM
MBlD7BhUn5++BZQOLUU+JYr5kNi0WmFFN1v2SpoMyDydTgA+cJsS/TiOeMrY9Szs
ZEFa3PSiA1fP03SRKC9tqjc7d6vQU0fE93wzcUCgyyf5mln6NV7cxOfDJNO8gA==
-----END CERTIFICATE-----
wireguard_interfaces:
wg0:
address:
- 169.254.0.2/24
- fc00::ffff:169.254.0.2/64
private_key: "{{ vault_wireguard_private_keys.wg0 }}"
listen_port: 51820

189
host_vars/mine0.kill0.net/vault.yaml Normal file
View File

@ -0,0 +1,189 @@
$ANSIBLE_VAULT;1.1;AES256
62393037616134373462303762386538343037326532666432666664386461616265346236393165
6532336638376637656132623039616665633866303639370a643466346332363464636134663665
33383432353735303465353665393136313733313764333966313536366337326638313361353963
3232343939393333390a303963363662386566313865396239643137643735366131313934376663
37306334626165333630656137306233366232326535383434636231303239653062303865383834
31396365313336356534316332306265623134333839346432366235366130333461353435346238
63303163623163303263653536333537333635613839356566396533396633303262363061613132
31656136366361366363646632666664373436313834383137323037653931323430386364343931
65363732333436323035656465323335396130613562306436356135373862326232333735393433
66303666663336636661383664373431373433366534643335343139623336623636306561306337
62353939376162373165306665376265323664303534663034666233633734376235616630613939
31666261643564646438303333363735306261353738616537306365613164366436393461613862
39633165376633363731666235333765613563613065653836363532373966306630326236646665
32643461343230393166366334633665643463383935656331353431343764373535366465326239
63343131383230356234393732396232393665303734636230643338373032383731373366633538
33636162306165653365363436303839316465376233383738376237656239396432333038333431
64373039393636316461623439336364636466346533636663616663343264373365323061636238
65633138313930376532393635616165326132316434616232663234373331336630306661383962
35623263663666663665336565376161373735616532363664373936373635643032333162303730
38316166306164323134323039336464383839303566393564343162366239326265356262666465
62653461393366373037386433623362663936353738646633353263663235646666646464663661
30316230643764306236656139643363663532336430366239663663613536316365326437323062
32323937393230316263386234626336653663343636313764653234373137656434343134386332
34376630313462653336376133313338643265613066373363343365316339343234653837633935
34636632366661636633376130336234316134626266303734663039316534303837373239633533
35633331663065663664373331636137666139333537633539353264633638383338653061633737
38363162393832363833343532343634623738326431616162366632323931613163326237653763
35326130393762363634366237653836656361396332376265653431313031353539633437303837
35626335653230386163643061356139373731333630623231656533366166343038626665623933
35303935643964656139323938643438313161366430303861626663393635636333383261643837
61663464663239666537616233383761353866633432343965376364316636616530393733313938
62396631626566396231306230393535653732646331623164333032316261646334383763343063
63643361323834383838303134386635663430363935396135663230633037353161326133313535
64333664336331316662666461383939653666613530666161623035363065313834326437373638
32663838373432653030333961383538393164386663333937636566613036363266613536396330
62303738643065346364633430323838663430666231353135396238653762656234653830373966
30326537303564616130386464653165336338343033396338396538336132386363373662396564
33366135303662663735393337636334313433633865376461343065663466616664343338623430
34393538326333646338313439383666653564656264333562363532636439393934623564313530
64643733333837333039666237366531346233333636386264363261646333393962643736373932
61313262353936393736396139643064656436366565633566353430373630613965373335313762
35636163613563666235353531396333323861326137333136616365333232333234623434656139
35663666323836633430616362353362396534316661363565376264633132623833363333333362
61653839326665353739353165366430306364663031336530393231353166663834363166613136
65653934653866373932303262383434383034663734653139336364323364386231323039643966
33393862356365306266616534656132353262393834613836393764356362303762333831326531
39306363636130636565326433353430373531336236633838633133333233316564306537306235
33663835646434643134303631386262343064613334626662373164663139396161373933626334
37663134356530366436306164366564336363336261363265613732623033323732383962353465
34383530626531666466643164626530366135313566313634363038333335636563643138346437
64313431613635373433353663343236613732636263353761336166333038303232306437613463
39323438386339633566373162653334326162313730323563323930373537333164303562653238
62636434326434663565346138306630643466386435643865656666613835316164663236356432
65316434316161373366303264353561303232633332383564323438356564313530343665346662
36313463323663663962653863326132626236626566313337306534343935666662653437313936
38646164393038356636633336366661363537386161613861393939376134363063643938323564
65383337373936356230626666636639636665323132313736666133313530633737666231636530
62303738313262626332643936303162376563633863303336613539306461613037653535373966
63303635333237623232353838633033316666323330343736313833306664353330616435336235
39353433653462653631393634313039396431333630363934633065313061353631356131656566
32353066663030313536653639613134303238643332646436663666633432333439366130383832
30313335346237343363653330383164303533346538653861323938303133653235376537376433
35643732666364653532346338383562393733346633333138653433383234323166633435336439
63343761386535656435376435326630363733633531633331393565333966626330303939336462
33343766613865333434366535323261313961323762306434626562373561343636366163393731
33343335376636653638376336633939626431343835613538393333363563616164363734316361
39316230376336353531343936383465323463396161333231393533646133653731376561316166
65353238396462633564346462313836613538313864613133356336343161626538356165366438
37353534626133316539313736323037623635663431353330373131383334643966353433383330
38343937363434623339613166353339313466666161346331643631303636373132313332643334
32623437646439633065393464326135636464343765666533396365396266346332383032303861
64376530386637323233393030643539376238616433343065383034356331336436643836666566
65656563653133633665636633626339613937646430393232356161343665653362336464633062
63323130393061353338383763356237313236353539306230373461663261613661373834623130
38326164363231633364306161346339353966653436346166363630303530666263643933383262
33643661326462323337623534316263323637326137383936303934336130343130323165373738
34363137333661666333303963303661313565656135383161306536346631373563653763333738
63656131626434646162366135396132656564306166626366373131653630366434333639336138
61363630313561646661613337666335353437343262333865353562343137363163623733343062
64353162313037356330343735353238396162666333666338343835626164383937623638353138
65623765383838386366373266363236653662376539613236383563643137373336653636623762
61333464633362363338363862333139343661623038396432346665613566303761363037346133
32633437643164373039613231333537306537373037383036656139636534386635613666636333
62373066616336353837643763383435336232646563316365623962646661363962343532356436
39343061633637633334633061646365343234623761303737363533356130333330366432303839
31333931353761646535356534323161666365303535323862326533633135353331346461393764
61316632656138363839643362653132353663336433396464653464616433373339383164363038
37396639646134323163323930353931313737383835363732636236366238366237313833373131
33346533323830343736366435646337333637303433383561663466346139316566633739363032
63316436363438373864363536373663393130313565303538646239363432393266303662386539
36656631373133616130663031333565633337356237313265616163396330316462373233326663
33623937323366323335313030623833626239316463373864346431313235356634653862613966
39343830313535333333343362393938376639626262323262383333663538656437353133303038
31306566623537353533313463333066353561313462373136616464356532313835353834383039
64346563373830373134313662633961353632323366636638346239633639613034643730383231
65666336353230303939643963373934663863343366663864643665383432326538303866396364
33313664313965313732653831303730346535326130396232653061613766336335316433663333
33366365396337323263383764396130343262663362333066356434613561376461646531656164
63303762623737643937383562313732353866616566373061376430333731386461303164366232
35656166343262623437393039383939306234333366626465653734393962376133316532333239
36616635643132643534343062353764363462326261613566323362386435636431333130386166
36623961333066353231383466626633363835656634613863376666313463383939346364636438
64653038366265363264383638333834626132336430386261393462616631343936323361336566
39363135313364303863326662663565306565303732373965353763346631316431303663316166
66306336646633646131373436373037613234643861656332643864353363316564343530316137
35353262626130376637343137356564343662633738346461353033396433653538363835396265
31363636323264353961393639313665373666633865393866333838336233616137363961386237
32616239613863353564333061626436383862333563633136303765383863633634633665623136
62643761636230633037643061386630303936613864346366346363346163663931333365363235
32636133663364376265376334326132333533383830393362366436663062656335396563633566
38366464336136396335366464363630373131363634373764386134383935643632333761343033
34356337623563623539396330643866386537636463643235626465356231373233633430386163
37656561613131613339643665656135363830626333313434656333343832666137323961656165
63333532643463383865663361346661613437646566373735366339393637636130343633396466
34333861633539623731336430376664663332303331363836386465383062396436646533633835
38306538303063643938366231356261353138316534653637623433656639363032326262363238
32643836353962316665323335313838623638663333386136323337656331333734633337626333
37366663373766303061356333623839313734613765326538393365663162353066666135363333
65326530363739356533646337656132616236323261303734373133613361616534663433313636
64343333333163316363373861656639343838643837656135666266623332313437353162636431
37373565613666356637656430643937613138633663303666313630316331636230343339323433
62656238363330393366623332363964333361326638613734383433653833613334656433343536
38656431666361386136313736363661653333623364356336663566356365633764633930656163
39396533633066393337613661306135633232366137303166386639373538336362383161353230
38383261393437366266343635646265323561666437393334373037376533303335663239316363
37383334653361653336323434393034396232303363373835393764366235653334363632313364
37336464363639663565636236613435393036393464306465306431636466306436656238303739
61393839663365353437343235666361623733333762363739646361333863373331613466343165
37633839353231383435326232323232306631646538393937653134663465326165353230326463
33306234626432323137663139623165306165636361333031636665653339323439303532373865
64393439383833316233333536633831313336386664333239633866383833353339353239346266
37663339663737353565363635636137353937306434373438356337626565353736643637333839
36666664633935396161306236613962363263343331326664363666613863396231653635626661
63383836313738613561666566306534626230626334393334656163313239373165633135323338
38333239633131306239323634613633663964383832303336383864353930636333646565633539
32343031366632316163623364636261376364646161393062643137363533306338313465376637
63656337396238376462333665643032643137643132383365613937633938363065636631333036
66313435303131353362313737393636306563623036666234393533653563393835326332666131
65316461393333336461373364356262363732653866353066323864383963356365363638656336
63653062376265616461636332353238323038636337383137343133386138643161653831393831
66643239643262643338666433636636303031643266343562303561376531633533363935386461
30363730626437643966636363636333613139386137633463306462363536333164333934306164
35353538326239303035343231623535613537383139376365623933323237303733363534373732
64333762623531373530656161326566353363323735356666386361616339323232346162316363
63303165323031656539623432383230653861376436373665613434336538653131363937343535
35653265323236303863353033653734616231323333326465393239313035343063396434366231
65646165616465376165383635316163616162653338383137346166316465333935383130323130
61396232623138396333313836386435663462643463363962316461633932376466366633343661
66623461393035626635633865393131663633666361316264396364353064613631316564383063
33623163636436373936393531353135323532626666386465653035396439653138633336313339
62623137643937653939303436383837643336306332353262366564323133333165626230346163
35643161333562306137363938663534643930363263646439383965363739616139333734326262
37623033333466306566356639383638303138343433376434396634323434626137656435346562
35336339363136626630353365303430323330306363353230386162653462623162653564633239
32346665633634383563396131383334643863623531383164613035633763613332633062393932
64656366333132383535333365363161303930333763616636363764306537613965643062346630
30623065303066363737323838336563386661633161306534616136363664336564393430393939
35333833633164383338363536393033613361643562383238363466396631633632643636653234
38346163656266396266393664333633646264333936386531336131356231326262616562356465
64653637336532343634663562396233326163376362316230383662396139303830353763383835
30623364376264303435643334633331343662663439393437663663333238313838636565303663
32326263316364363265646262666638616635663535653135313532663362316637323332336264
37643165333439613562666132613066353564323162303766393331333139636137316632356535
64363737313065333638646431626561646239376661343562373934663834376237633330633665
32343933396338653438313766326231316666626438353636336535633266666265623132333034
65356233623862346438313537343431653465353735313431383433393233643739323237323762
37336139393033383932646336623065326232653434313732666463643731316231643265373263
37656665323831346664613462396161636335346430313438653864643532336637333231376633
33623930333236616236363039646162393030613935646635363333336363643930356362336662
34663739373266306162333637623066383335313839363465656463386261316639363636326135
38303732373838666535643666633564373735356164373236343761376131396265343930643235
38343030383330343462633239623032333865313034613664393136646437633138663862616336
64663465323538333362313539313566373735343634626634663665663133393963366534643630
37343733633438643666613237333335633161326431303933323662386432653137396663343962
39323162313363643432393335383033653039653261356235623137633434306439633434386539
37363663663233343337626639656437313338383736323736656664396431373965613639326338
66303364323266333233663837643665353762633532373731383163346363396439373233376639
35383764343833663164646662613262643236303438393862396330306539313732363465366338
39633738653462633030316466643530666538633437613161663666326164613332386536643931
30636262623633343265623535373062356561393730633130373364643838393962653462333134
30666263306436383436623135626162623163613730376161393161653936303432376237346639
65616437343865633964613761656338323630393332393034643537643033613237393336313836
30643531393038616364373731643962383136366165353764323431633934616538393363313161
62646365646233626262656331666130306534386139333134306532346662343133346536393339
65383263663932636334343862663366343661333136336337633366356161653432343239613133
66643331376262616432653666323065353931663363656266313664346338323336383030646634
39616164366365616238333437633436633366613238626461613661326363356235633064346264
66323761383335636135

66
inventory.yaml
View File

@ -1,7 +1,69 @@
---
pi:
all:
hosts:
pi:
mine0.kill0.net:
jump0.kill0.net:
localhost:
ansible_connection: local
children:
minecraft_servers:
hosts:
mine0.kill0.net:
jump_servers:
hosts:
jump0.kill0.net
git_servers:
hosts:
jump0.kill0.net
stats_servers:
hosts:
jump0.kill0.net
monitor_servers:
hosts:
jump0.kill0.net
linode:
hosts:
mine0.kill0.net:
jump0.kill0.net:
rabbitmq_servers:
hosts:
rmq1:
ansible_host: 10.100.100.16
rmq2:
ansible_host: 10.100.100.17
rmq3:
ansible_host: 10.100.100.18
k8s_servers:
hosts:
k1:
ansible_host: 10.100.100.32
k2:
ansible_host: 10.100.100.33
k3:
ansible_host: 10.100.100.34
nomad_servers:
hosts:
nomad1:
ansible_host: 172.17.10.48
nomad2:
ansible_host: 172.17.10.49
nomad3:
ansible_host: 172.17.10.50
nomad_clients:
hosts:
worker1:
ansible_host: 172.17.10.51
worker2:
ansible_host: 172.17.10.52
worker3:
ansible_host: 172.17.10.53
worker4:
ansible_host: 172.17.10.54
worker5:
ansible_host: 172.17.10.55
nomad:
children:
nomad_servers:
nomad_clients:
# vim:ft=yaml.ansible:

165
playbook.yaml Normal file
View File

@ -0,0 +1,165 @@
---
- hosts: all
become: true
roles:
- common
- role: network
tags:
- network
- netplan
- util
- sudo
- hostsfile
- certs
- role: rsyslog
tags:
- rsyslog
- syslog
- logging
- users
- dns
- role: firewall
tags:
- firewall
- iptables
- openssh
- role: wireguard
tags:
- wireguard
- vpn
- chrony
- unattended-upgrades
- postfix
- restic
- role: node_exporter
tags:
- prometheus
- monitoring
- role: blackbox_exporter
tags:
- prometheus
- monitoring
- role: mtail
tags:
- prometheus
- monitoring
- supervisor
# - vector
- role: promtail
tags:
- promtail
- loki
- logging
- role: cloudflared
tags:
- cloudflared
- zerotrust
- access
- vpn
- hosts: minecraft_servers
become: true
roles:
- minecraft
- hosts: jump_servers
become: true
roles:
- go
- dl
- hosts: git_servers
become: true
roles:
- role: certbot
tags:
- tls
- role: nginx
tags:
- nginx
- role: gitea
tags:
- gitea
- git
- hosts: stats_servers
become: true
roles:
- role: certbot
tags:
- tls
- role: nginx
tags:
- nginx
- role: grafana
tags:
- grafana
- monitoring
- o11y
- hosts: monitor_servers
become: true
roles:
- certbot
- role: nginx
tags:
- nginx
- role: prometheus
tags:
- prometheus
- monitoring
- role: alertmanager
tags:
- prometheus
- monitoring
- role: blackbox_exporter
tags:
- prometheus
- monitoring
- role: pushgateway
tags:
- prometheus
- monitoring
- role: karma
tags:
- prometheus
- monitoring
- role: kthxbye
tags:
- prometheus
- monitoring
- role: thanos
tags:
- prometheus
- thanos
- monitoring
- role: loki
tags:
- loki
- logging
- role: logcli
tags:
- logcli
- loki
- logging
- role: smokeping_prober
tags:
- prometheus
- monitoring
- smokeping
- role: mimir
tags:
- prometheus
- mimir
- monitoring
- role: snmp_exporter
tags:
- prometheus
- snmp_exporter
- monitoring
- role: lego
tags:
- acme
- certificates
- lego
- letsencrypt
- pki
- tls
# vim:ft=yaml.ansible:

9
playbooks/reboot.yaml Normal file
View File

@ -0,0 +1,9 @@
---
- name: reboot all servers
hosts: all
serial: 1
tasks:
- name: Reboot
reboot:
- name: Wait for system to become reachable
wait_for_connection:

18
playbooks/update.yaml Normal file
View File

@ -0,0 +1,18 @@
---
- name: update all servers
become: true
hosts: all
tasks:
- name: Upgrade the OS (apt)
apt:
update_cache: true
upgrade: dist
when: ansible_pkg_mgr == 'apt'
- name: Upgrade the OS (dnf)
dnf:
name: '*'
state: latest
update_cache: yes
update_only: yes
when: ansible_pkg_mgr == 'dnf'

52
roles/alertmanager/defaults/main.yaml Normal file
View File

@ -0,0 +1,52 @@
---
alertmanager_go_arch_map:
i386: '386'
x86_64: 'amd64'
alertmanager_go_arch: "{{ alertmanager_go_arch_map[ansible_architecture] | default('amd64') }}"
alertmanager_service_name: alertmanager.service
alertmanager_service_enabled: true
alertmanager_service_state: started
alertmanager_version_regex: ^alertmanager, version ([\d.]+)
alertmanager_github_project_url: https://github.com/prometheus/alertmanager
alertmanager_release_file: "alertmanager-{{ alertmanager_version }}.{{ ansible_system | lower }}-{{ alertmanager_go_arch }}.tar.gz"
alertmanager_release_url: "{{ alertmanager_github_project_url }}/releases/download/v{{ alertmanager_version }}/{{ alertmanager_release_file }}"
alertmanager_checksum_url: "{{ alertmanager_github_project_url }}/releases/download/v{{ alertmanager_version }}/sha256sums.txt"
alertmanager_download_path: "/tmp/{{ alertmanager_release_file }}"
alertmanager_unarchive_dest_path: /tmp
alertmanager_extracted_path: "{{ alertmanager_download_path | replace('.tar.gz', '') }}"
alertmanager_user: alertmanager
alertmanager_user_state: present
alertmanager_user_shell: /usr/sbin/nologin
alertmanager_group: alertmanager
alertmanager_group_state: "{{ alertmanager_user_state | default('present') }}"
alertmanager_etc_path: /etc/alertmanager
alertmanager_etc_owner: root
alertmanager_etc_group: root
alertmanager_etc_mode: "0755"
alertmanager_var_path: /var/lib/alertmanager
alertmanager_var_owner: "{{ alertmanager_user }}"
alertmanager_var_group: "{{ alertmanager_group }}"
alertmanager_var_mode: "0755"
alertmanager_bin_path: /usr/local/bin
alertmanager_web_listen_address: 0.0.0.0:9093
alertmanager_port: "{{ alertmanager_web_listen_address.split(':')[1] }}"
alertmanager_web_external_url:
alertmanager_web_route_prefix:
alertmanager_cluster_advertise_address: 0.0.0.0:9093
alertmanager_config:
route:
routes:
receiver: dummy
receivers:
- name: dummy

6
roles/alertmanager/handlers/main.yaml Normal file
View File

@ -0,0 +1,6 @@
---
- name: restart alertmanager
systemd:
name: alertmanager.service
daemon_reload: true
state: restarted

56
roles/alertmanager/tasks/configure.yaml Normal file
View File

@ -0,0 +1,56 @@
---
- name: create group
group:
name: "{{ alertmanager_group }}"
system: true
state: "{{ alertmanager_group_state | default('present') }}"
- name: create user
user:
name: "{{ alertmanager_user }}"
system: true
shell: "{{ alertmanager_user_shell }}"
group: "{{ alertmanager_group }}"
createhome: false
home: "{{ alertmanager_var_path }}"
state: "{{ alertmanager_user_state | default('present') }}"
- name: create etc path
file:
path: "{{ alertmanager_etc_path }}"
state: directory
owner: "{{ alertmanager_etc_owner }}"
group: "{{ alertmanager_etc_group }}"
mode: "{{ alertmanager_etc_mode }}"
- name: create var path
file:
path: "{{ alertmanager_var_path }}"
state: directory
owner: "{{ alertmanager_var_owner }}"
group: "{{ alertmanager_var_group }}"
mode: "{{ alertmanager_var_mode }}"
- name: configure
copy:
dest: "{{ alertmanager_etc_path }}/alertmanager.yaml"
content: "{{ (alertmanager_config | default({})) | to_nice_yaml }}"
owner: root
group: root
mode: 0444
notify: restart alertmanager
- name: configure systemd template
template:
src: alertmanager.service.j2
dest: /etc/systemd/system/alertmanager.service
owner: root
group: root
mode: 0444
notify: restart alertmanager
- name: manage service
service:
name: "{{ alertmanager_service_name }}"
enabled: "{{ alertmanager_service_enabled }}"
state: "{{ alertmanager_service_state }}"

0
roles/alertmanager/tasks/default.yaml Normal file
View File

32
roles/alertmanager/tasks/install.yaml Normal file
View File

@ -0,0 +1,32 @@
---
- block:
- name: download tar
get_url:
url: "{{ alertmanager_release_url }}"
dest: "{{ alertmanager_download_path }}"
checksum: "{{ alertmanager_checksum }}"
register: dl
until: dl is success
retries: 5
delay: 10
- name: extract tar
unarchive:
src: "{{ alertmanager_download_path }}"
dest: "{{ alertmanager_unarchive_dest_path }}"
creates: "{{ alertmanager_extracted_path }}/alertmanager"
remote_src: true
- name: install binaries
copy:
src: "{{ alertmanager_extracted_path }}/{{ item }}"
dest: "{{ alertmanager_bin_path }}/{{ item }}"
owner: root
group: root
mode: 0755
remote_src: true
loop:
- alertmanager
- amtool
notify: restart alertmanager
when: alertmanager_version != alertmanager_local_version

30
roles/alertmanager/tasks/main.yaml Normal file
View File

@ -0,0 +1,30 @@
---
- name: gather os specific variables
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- ansible.builtin.include_tasks: pre.yaml
- ansible.builtin.include_tasks: install.yaml
- ansible.builtin.include_tasks: configure.yaml

50
roles/alertmanager/tasks/pre.yaml Normal file
View File

@ -0,0 +1,50 @@
---
- name: determine if installed
stat:
path: "{{ alertmanager_bin_path }}/alertmanager"
register: st
- name: set alertmanager_installed
set_fact:
alertmanager_installed: "{{ st.stat.exists | bool }}"
- block:
- name: determine latest version
uri:
url: https://api.github.com/repos/prometheus/alertmanager/releases/latest
return_content: true
body_format: json
register: _latest_version
until: _latest_version.status == 200
retries: 3
- name: set alertmanager_version
set_fact:
alertmanager_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
- block:
- name: determine installed version
command: "{{ alertmanager_bin_path }}/alertmanager --version"
register: _installed_version_string
changed_when: false
- name: set alertmanager_local_version
set_fact:
alertmanager_local_version: "{{ _installed_version_string.stdout | regex_search(alertmanager_version_regex, '\\1') | first }}"
when: alertmanager_installed
- name: set alertmanager_local_version to 0
set_fact:
alertmanager_local_version: "0"
when: not alertmanager_installed
- block:
- name: get checksums
set_fact:
_checksums: "{{ lookup('url', alertmanager_checksum_url, wantlist=True) }}"
- name: set alertmanager_checksum
set_fact:
alertmanager_checksum: "sha256:{{ item.split(' ') | first }}"
loop: "{{ _checksums }}"
when: "alertmanager_release_file in item"

26
roles/alertmanager/templates/alertmanager.service.j2 Normal file
View File

@ -0,0 +1,26 @@
{{ ansible_managed | comment }}
[Unit]
Description=Alertmanager
After=network-online.target
[Service]
Type=simple
User={{ alertmanager_user }}
Group={{ alertmanager_group }}
ExecStart={{ alertmanager_bin_path }}/alertmanager \
--config.file={{ alertmanager_etc_path }}/alertmanager.yaml \
--storage.path={{ alertmanager_var_path }} \
--cluster.advertise-address={{ alertmanager_cluster_advertise_address }} \
{% if alertmanager_web_external_url %}
--web.external-url={{ alertmanager_web_external_url }} \
{% endif %}
{% if alertmanager_web_route_prefix %}
--web.route-prefix={{ alertmanager_web_route_prefix }} \
{% endif %}
{% if alertmanager_web_listen_address %}
--web.listen-address={{ alertmanager_web_listen_address }} \
{% endif %}
[Install]
WantedBy=multi-user.target

0
roles/alertmanager/vars/default.yaml Normal file
View File

18
roles/autossh/defaults/main.yaml Normal file
View File

@ -0,0 +1,18 @@
---
autossh_package_name: autossh
autossh_package_state: present
autossh_service_name: autossh@.service
autossh_systemd_unit_path: /etc/systemd/system/autossh@.service
autossh_systemd_unit_state: present
autossh_etc_path: /etc/autossh
autossh_run_path: /run/autossh
autossh_user: autossh
autossh_group: autossh
autossh_user_state: present
autossh_user_comment: AutoSSH
autossh_user_home: "/home/{{ autossh_user }}"
autossh_user_password: "!"
autossh_user_shell: /usr/sbin/nologin

20
roles/autossh/handlers/main.yaml Normal file
View File

@ -0,0 +1,20 @@
---
- name: autossh daemon-reload
systemd:
daemon_reload: yes
- name: reload autossh
service:
name: "{{ autossh_service_name }}"
state: reloaded
- name: restart autossh
service:
name: "{{ autossh_service_name }}"
state: restarted
- name: reload autossh instances
service:
name: "autossh@{{ item.name }}.service"
state: restarted
loop: "{{ autossh_config | default([]) }}"

28
roles/autossh/tasks/keys.yaml Normal file
View File

@ -0,0 +1,28 @@
---
- set_fact:
key_path: "{{ autossh_user_home }}/.ssh/{{ item }}"
- name: "install private key ({{ item }})"
copy:
dest: "{{ autossh_user_home }}/.ssh/{{ item }}"
content: "{{ lookup('vars', 'autossh_private_key_' + item) }}"
owner: "{{ autossh_user }}"
group: "{{ autossh_group }}"
mode: 0600
when: lookup('vars', 'autossh_private_key_' + item, default='') | length
- name: "determine if private key exists ({{ item }})"
stat:
path: "{{ key_path }}"
register: priv_key
- name: "determine if public key exists ({{ item }}.pub)"
stat:
path: "{{ key_path }}.pub"
register: pub_key
- name: "derive public key ({{ item }})"
shell: "ssh-keygen -y -f {{ key_path }} > {{ key_path }}.pub"
when:
- not pub_key.stat.exists
- priv_key.stat.exists

100
roles/autossh/tasks/main.yaml Normal file
View File

@ -0,0 +1,100 @@
---
- name: "create {{ autossh_user }} user"
user:
name: "{{ autossh_user }}"
comment: "{{ autossh_user_comment }}"
password: "{{ autossh_user_password }}"
#password_lock: yes
shell: "{{ autossh_user_shell }}"
generate_ssh_key: yes
state: "{{ autossh_user_state }}"
system: yes
skeleton: /dev/null
- name: "manage keys {{ item }}"
ansible.builtin.include_tasks: keys.yaml
loop:
- id_dsa
- id_ecdsa
- id_ed25519
- id_rsa
- name: "create {{ autossh_etc_path }}"
file:
path: "{{ autossh_etc_path }}"
owner: root
group: root
mode: 0755
state: directory
- name: install package
package:
name: "{{ autossh_package_name }}"
state: "{{ autossh_package_state }}"
- name: manage keys "{{ item }}"
ansible.builtin.include_tasks: keys.yaml
loop:
- id_dsa
- id_ecdsa
- id_ed25519
- id_rsa
- name: manage authorized keys
authorized_key:
user: "{{ autossh_user }}"
key: "{{ item.key }}"
comment: "{{ item.comment | default(omit) }}"
state: "{{ item.state | default('present') }}"
loop: "{{ autossh_authorized_keys | default([]) }}"
- name: configure systemd unit
template:
src: autossh.service.j2
dest: "{{ autossh_systemd_unit_path }}"
owner: root
group: root
mode: 0644
notify:
- reload autossh instances
- autossh daemon-reload
when: ansible_service_mgr == 'systemd'
- name: configure autossh tunnels
template:
src: autossh.j2
dest: "{{ autossh_etc_path }}/{{ item.name }}"
owner: root
group: root
mode: 0644
loop: "{{ autossh_config | default([]) }}"
notify: reload autossh instances
- name: manage services
systemd:
name: "autossh@{{ item.name }}.service"
state: "{{ (item.state | default('present') == 'absent') | ternary('stopped', 'started') }}"
enabled: "{{ item.state | default('present') != 'absent' }}"
daemon_reload: true
loop: "{{ autossh_config | default([]) }}"
- name: remove systemd unit
file:
path: "{{ autossh_systemd_unit_path }}"
state: absent
notify:
- autossh daemon-reload
when:
- ansible_service_mgr == 'systemd'
- autossh_systemd_unit_state == "absent"
no_log: true
- name: configure autossh tunnels
file:
path: "{{ autossh_etc_path }}/{{ item.name }}"
state: absent
loop: "{{ autossh_config | default([]) }}"
when:
- ansible_service_mgr == 'systemd'
- item.state is defined
- item.state == "absent"

6
roles/autossh/templates/autossh.j2 Normal file
View File

@ -0,0 +1,6 @@
# {{ ansible_managed }}
AUTOSSH_GATETIME=0
AUTOSSH_PIDFILE={{ autossh_run_path }}/{{ item.name }}.pid
SSH_OPTIONS="{{ item.options | join(' ') }}"
SSH_HOST={{ item.host }}

20
roles/autossh/templates/autossh.service.j2 Normal file
View File

@ -0,0 +1,20 @@
# {{ ansible_managed }}
[Unit]
Description=autossh %I
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User={{ autossh_user }}
EnvironmentFile={{ autossh_etc_path }}/%i
ExecStart=
ExecStart=/usr/bin/autossh -M 0 -C -q -l {{ autossh_user }} -N -o ExitOnForwardFailure=yes -o ServerAliveInterval=15 -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no $SSH_OPTIONS $SSH_HOST
Restart=always
RestartSec=60
RuntimeDirectory=autossh
PIDFile={{ autossh_run_path }}/%i.pid
[Install]
WantedBy=multi-user.target

39
roles/blackbox_exporter/defaults/main.yaml Normal file
View File

@ -0,0 +1,39 @@
blackbox_exporter_go_arch_map:
i386: '386'
x86_64: 'amd64'
blackbox_exporter_go_arch: "{{ blackbox_exporter_go_arch_map[ansible_architecture] | default('amd64') }}"
blackbox_exporter_service_name: blackbox_exporter.service
blackbox_exporter_service_enabled: true
blackbox_exporter_service_state: started
blackbox_exporter_version_regex: ^blackbox_exporter, version ([\d.]+)
blackbox_exporter_release_file: "blackbox_exporter-{{ blackbox_exporter_version }}.{{ ansible_system | lower }}-{{ blackbox_exporter_go_arch }}.tar.gz"
blackbox_exporter_release_url: "https://github.com/prometheus/blackbox_exporter/releases/download/v{{ blackbox_exporter_version }}/{{ blackbox_exporter_release_file }}"
blackbox_exporter_checksum_url: "https://github.com/prometheus/blackbox_exporter/releases/download/v{{ blackbox_exporter_version }}/sha256sums.txt"
blackbox_exporter_download_path: "/tmp/{{ blackbox_exporter_release_file }}"
blackbox_exporter_unarchive_dest_path: /tmp
blackbox_exporter_extracted_path: "{{ blackbox_exporter_download_path | replace('.tar.gz', '') }}"
blackbox_exporter_user: blackbox_exporter
blackbox_exporter_user_state: present
blackbox_exporter_user_shell: /usr/sbin/nologin
blackbox_exporter_group: blackbox_exporter
blackbox_exporter_group_state: "{{ blackbox_exporter_user_state | default('present') }}"
blackbox_exporter_etc_path: /etc/blackbox_exporter
blackbox_exporter_etc_owner: root
blackbox_exporter_etc_group: root
blackbox_exporter_etc_mode: "0755"
blackbox_exporter_var_path: /var/lib/blackbox_exporter
blackbox_exporter_var_owner: "{{ blackbox_exporter_user }}"
blackbox_exporter_var_group: "{{ blackbox_exporter_group }}"
blackbox_exporter_var_mode: "0755"
blackbox_exporter_bin_path: /usr/local/bin
blackbox_exporter_config: {}

6
roles/blackbox_exporter/handlers/main.yaml Normal file
View File

@ -0,0 +1,6 @@
---
- name: restart blackbox_exporter
systemd:
name: blackbox_exporter.service
daemon_reload: true
state: restarted

48
roles/blackbox_exporter/tasks/configure.yaml Normal file
View File

@ -0,0 +1,48 @@
---
- name: create group
group:
name: "{{ blackbox_exporter_group }}"
system: true
state: "{{ blackbox_exporter_group_state | default('present') }}"
- name: create user
user:
name: "{{ blackbox_exporter_user }}"
system: true
shell: "{{ blackbox_exporter_user_shell }}"
group: "{{ blackbox_exporter_group }}"
createhome: false
home: "{{ blackbox_exporter_var_path }}"
state: "{{ blackbox_exporter_user_state | default('present') }}"
- name: create etc path
file:
path: "{{ blackbox_exporter_etc_path }}"
state: directory
owner: "{{ blackbox_exporter_etc_owner }}"
group: "{{ blackbox_exporter_etc_group }}"
mode: "{{ blackbox_exporter_etc_mode }}"
- name: configure
copy:
dest: "{{ blackbox_exporter_etc_path }}/config.yaml"
content: "{{ (blackbox_exporter_config | default({})) | to_nice_yaml }}"
owner: root
group: root
mode: 0444
notify: restart blackbox_exporter
- name: configure systemd template
template:
src: blackbox_exporter.service.j2
dest: /etc/systemd/system/blackbox_exporter.service
owner: root
group: root
mode: 0444
notify: restart blackbox_exporter
- name: manage service
service:
name: "{{ blackbox_exporter_service_name }}"
enabled: "{{ blackbox_exporter_service_enabled }}"
state: "{{ blackbox_exporter_service_state }}"

0
roles/blackbox_exporter/tasks/default.yaml Normal file
View File

31
roles/blackbox_exporter/tasks/install.yaml Normal file
View File

@ -0,0 +1,31 @@
---
- block:
- name: download tar
get_url:
url: "{{ blackbox_exporter_release_url }}"
dest: "{{ blackbox_exporter_download_path }}"
checksum: "{{ blackbox_exporter_checksum }}"
register: dl
until: dl is success
retries: 5
delay: 10
- name: extract tar
unarchive:
src: "{{ blackbox_exporter_download_path }}"
dest: "{{ blackbox_exporter_unarchive_dest_path }}"
creates: "{{ blackbox_exporter_extracted_path }}/blackbox_exporter"
remote_src: true
- name: install binaries
copy:
src: "{{ blackbox_exporter_extracted_path }}/{{ item }}"
dest: "{{ blackbox_exporter_bin_path }}/{{ item }}"
owner: root
group: root
mode: 0755
remote_src: true
loop:
- blackbox_exporter
notify: restart blackbox_exporter
when: blackbox_exporter_version != blackbox_exporter_local_version

30
roles/blackbox_exporter/tasks/main.yaml Normal file
View File

@ -0,0 +1,30 @@
---
- name: gather os specific variables
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- ansible.builtin.include_tasks: pre.yaml
- ansible.builtin.include_tasks: install.yaml
- ansible.builtin.include_tasks: configure.yaml

50
roles/blackbox_exporter/tasks/pre.yaml Normal file
View File

@ -0,0 +1,50 @@
---
- name: determine if installed
stat:
path: "{{ blackbox_exporter_bin_path }}/blackbox_exporter"
register: st
- name: set blackbox_exporter_installed
set_fact:
blackbox_exporter_installed: "{{ st.stat.exists | bool }}"
- block:
- name: determine latest version
uri:
url: https://api.github.com/repos/prometheus/blackbox_exporter/releases/latest
return_content: true
body_format: json
register: _latest_version
until: _latest_version.status == 200
retries: 3
- name: set blackbox_exporter_version
set_fact:
blackbox_exporter_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
- block:
- name: determine installed version
command: "{{ blackbox_exporter_bin_path }}/blackbox_exporter --version"
register: _installed_version_string
changed_when: false
- name: set blackbox_exporter_local_version
set_fact:
blackbox_exporter_local_version: "{{ _installed_version_string.stdout | regex_search(blackbox_exporter_version_regex, '\\1') | first }}"
when: blackbox_exporter_installed
- name: set blackbox_exporter_local_version to 0
set_fact:
blackbox_exporter_local_version: "0"
when: not blackbox_exporter_installed
- block:
- name: get checksums
set_fact:
_checksums: "{{ lookup('url', blackbox_exporter_checksum_url, wantlist=True) }}"
- name: set blackbox_exporter_checksum
set_fact:
blackbox_exporter_checksum: "sha256:{{ item.split(' ') | first }}"
loop: "{{ _checksums }}"
when: "blackbox_exporter_release_file in item"

11
roles/blackbox_exporter/templates/blackbox_exporter.service.j2 Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Blackbox Exporter
[Service]
User=blackbox_exporter
ExecStart={{ blackbox_exporter_bin_path }}/blackbox_exporter \
--config.file={{ blackbox_exporter_etc_path }}/config.yaml
AmbientCapabilities=CAP_NET_RAW
[Install]
WantedBy=multi-user.target

0
roles/blackbox_exporter/vars/default.yaml Normal file
View File

35
roles/certbot/defaults/main.yaml
View File

@ -1,22 +1,35 @@
---
certbot_package_name: certbot
certbot_package_state: present
certbot_package_state: latest
certbot_plugins:
- certbot-dns-cloudflare
- certbot-dns-digitalocean
- certbot-dns-dnsimple
- certbot-dns-dnsmadeeasy
- certbot-dns-gehirn
- certbot-dns-google
- certbot-dns-linode
- certbot-dns-luadns
- certbot-dns-nsone
- certbot-dns-ovh
- certbot-dns-rfc2136
- certbot-dns-route53
- certbot-dns-sakuracloud
certbot_service_name: certbot.service
certbot_bin_path: /usr/local/bin
certbot_path: "{{ certbot_bin_path }}/certbot"
certbot_timer_name: certbot.timer
certbot_timer_state: started
certbot_timer_enabled: yes
certbot_timer_enabled: true
certbot_cron_state: present
certbot_cron_user: root
certbot_cron_file_path: /etc/cron.d/certbot
certbot_cron_env:
path: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
shell: /bin/sh
certbot_cron_command: test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
certbot_cron_hour: "*/12"
certbot_cron_minute: "0"
certbot_etc_path: /etc/letsencrypt
certbot_live_path: "{{ certbot_etc_path }}/live"
certbot_system_timer_on_calender: "*-*-* 00,12:00:00"
certbot_system_timer_randomized_delay_sec: 43200
certbot_credential_path: /root/.secrets/certbot

6
roles/certbot/handlers/main.yaml
View File

@ -1,6 +1,4 @@
---
- name: systemd daemon-reload
systemd:
name: "{{ certbot_service_name }}"
daemon_reload: yes
state: restarted
ansible.builtin.systemd:
daemon_reload: true

4
roles/certbot/tasks/Ubuntu.yaml
View File

@ -1,4 +0,0 @@
---
- name: configure ppa
apt_repository:
repo: "ppa:certbot/certbot"

23
roles/certbot/tasks/configure-linode.yaml Normal file
View File

@ -0,0 +1,23 @@
---
- name: configure linode credentials
ansible.builtin.copy:
dest: "{{ certbot_credential_path }}/linode.ini"
owner: root
group: root
mode: 0600
content: "{{ certbot_dns_linode_credentials }}"
no_log: true
- name: certbot (linode)
ansible.builtin.shell: >
certbot certonly \
--dns-linode \
--dns-linode-credentials "{{ certbot_credential_path }}/linode.ini" \
--quiet \
--agree-tos \
--noninteractive \
--email "{{ item.email }}" \
--domain "{{ item.domains | join(',') }}"
args:
creates: "{{ certbot_live_path }}/{{ item.domains | first }}/cert.pem"
loop: "{{ certbot_certificates | default([]) }}"

0
roles/certbot/tasks/default.yaml Normal file
View File

8
roles/certbot/tasks/issue.yaml
View File

@ -1,9 +1 @@
---
- name: "determine if certificate for {{ item.domains | join(', ') }}"
stat:
path: "/etc/letsencrypt/live/{{ item.domains | first }}/cert.pem"
register: st
- name: "request certificate for {{ item.domains | join(', ') }}"
command: "[[ ! -e certbot certonly --webroot -w {{ certbot_challenge_webroot_path }} --agree-tos --noninteractive --email {{ item.email }} -d {{ item.domains | join(',') }}"
when: not st.stat.exists

96
roles/certbot/tasks/main.yaml
View File

@ -1,8 +1,8 @@
---
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
vars:
possible_files:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
@ -12,9 +12,9 @@
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
vars:
possible_files:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
@ -23,65 +23,51 @@
paths:
- tasks
- name: install certbot modules
package:
- name: install certbot
ansible.builtin.pip:
name: "{{ certbot_package_name }}"
state: "{{ certbot_package_state }}"
- name: configure challenge webroot
file:
path: "{{ certbot_challenge_webroot_path }}"
state: "directory"
- name: install certbot plugins
ansible.builtin.pip:
name: "{{ certbot_plugins }}"
state: latest
- name: create credential path
ansible.builtin.file:
path: "{{ certbot_credential_path }}"
owner: root
group: root
mode: 0755
mode: 0700
state: directory
- name: request certificates
include_tasks: "issue.yaml"
ansible.builtin.include_tasks: "issue.yaml"
loop: "{{ certbot_certificates }}"
- name: configure systemd timer
block:
- name: create systemd timer override directory
file:
path: "/etc/systemd/system/{{ certbot_timer_name }}.d"
owner: root
group: root
mode: 0755
state: directory
- name: include linode tasks
ansible.builtin.include_tasks: configure-linode.yaml
- name: configure systemd timer options
template:
src: certbot.timer.j2
dest: "/etc/systemd/system/{{ certbot_timer_name }}.d/override.conf"
owner: root
group: root
mode: 0644
notify: systemd daemon-reload
- name: enable the timer
systemd:
name: "{{ certbot_timer_name }}"
state: "{{ certbot_timer_state }}"
enabled: "{{ certbot_timer_enabled }}"
when: ansible_service_mgr == "systemd"
- name: configure renewal service
ansible.builtin.template:
src: certbot.service.j2
dest: "/etc/systemd/system/certbot.service"
owner: root
group: root
mode: 0644
notify: systemd daemon-reload
- name: configure cron job
block:
- name: configure env
cron:
name: "{{ item.key | upper }}"
env: yes
job: "{{ item.value }}"
user: "{{ certbot_cron_user }}"
cron_file: "{{ certbot_cron_file_path }}"
state: "{{ certbot_cron_state }}"
loop: "{{ certbot_cron_env | dict2items }}"
- name: create job
cron:
name: certbot
user: "{{ certbot_cron_user }}"
hour: "{{ certbot_cron_hour }}"
minute: "{{ certbot_cron_minute }}"
cron_file: "{{ certbot_cron_file_path }}"
job: "{{ certbot_cron_command }}"
state: "{{ certbot_cron_state }}"
- name: configure renewal timer
ansible.builtin.template:
src: certbot.timer.j2
dest: "/etc/systemd/system/certbot.timer"
owner: root
group: root
mode: 0644
notify: systemd daemon-reload
- name: manage timer
ansible.builtin.systemd:
name: "{{ certbot_timer_name }}"
enabled: "{{ certbot_timer_enabled }}"
state: "{{ certbot_timer_state }}"

14
roles/certbot/templates/certbot.service.j2 Normal file
View File

@ -0,0 +1,14 @@
# {{ ansible_managed }}
[Unit]
Description=Certbot renewal
After=network-online.target
Wants=network-online.target
Wants={{ certbot_timer_name }}
[Service]
Type=oneshot
ExecStart={{ certbot_path }} --quiet renew
[Install]
WantedBy=multi-user.target

7
roles/certbot/templates/certbot.timer.j2
View File

@ -1,5 +1,12 @@
# {{ ansible_managed }}
[Unit]
Description=Certbot renewal
Requires={{ certbot_service_name }}
[Timer]
OnCalendar={{ certbot_system_timer_on_calender }}
RandomizedDelaySec={{ certbot_system_timer_randomized_delay_sec }}
[Install]
WantedBy=timers.target

2
roles/certbot/vars/Debian.yaml
View File

@ -1,2 +1,2 @@
---
certbot_challenge_webroot_path: /var/www/.acme-challenge
certbot_challenge_webroot_path: /var/www/html

2
roles/certs/defaults/main.yaml Normal file
View File

@ -0,0 +1,2 @@
---
certs_trusted_ca: {}

5
roles/certs/handlers/main.yaml Normal file
View File

@ -0,0 +1,5 @@
---
- name: update-ca-certificates
command: update-ca-certificates
# vim:ft=yaml.ansible:

10
roles/certs/tasks/Debian.yaml Normal file
View File

@ -0,0 +1,10 @@
---
- name: add trusted ca certificates
copy:
dest: "{{ certs_trusted_ca_path }}/{{ item.key }}.crt"
content: "{{ item.value }}"
owner: root
group: root
mode: "0644"
loop: "{{ certs_trusted_ca | dict2items }}"
notify: update-ca-certificates

24
roles/certs/tasks/main.yaml Normal file
View File

@ -0,0 +1,24 @@
---
- name: gather os specific variables
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks

2
roles/certs/vars/Debian.yaml Normal file
View File

@ -0,0 +1,2 @@
---
certs_trusted_ca_path: /usr/local/share/ca-certificates

2
roles/chrony/tasks/main.yaml
View File

@ -1,6 +1,6 @@
---
- name: gather OS specific variables
include_vars: "{{ item }}"
ansible.builtin.include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"

2
roles/chrony/templates/chrony.conf.j2
View File

@ -44,3 +44,5 @@ rtcsync
# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
makestep 1 3
allow 127.0.0.0/8

10
roles/cloudflared/defaults/main.yaml Normal file
View File

@ -0,0 +1,10 @@
---
cloudflared_package_name: cloudflared
cloudflared_package_state: present
cloudflared_service_name: cloudflared.service
cloudflared_service_enabled: true
cloudflared_service_state: started
cloudflared_apt_repository_repo: "deb [signed-by=/etc/apt/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared {{ ansible_lsb.codename }} main"
cloudflared_apt_repository_state: present

BIN
roles/cloudflared/files/cloudflare-main.gpg Normal file
View File

Binary file not shown.

14
roles/cloudflared/tasks/Debian.yaml Normal file
View File

@ -0,0 +1,14 @@
---
- name: trust cloudflare apt respository key
ansible.builtin.copy:
src: "cloudflare-main.gpg"
dest: "/etc/apt/keyrings/cloudflare-main.gpg"
owner: root
group: root
mode: 0644
- name: configure cloudflare apt repository
ansible.builtin.apt_repository:
repo: "{{ cloudflared_apt_repository_repo }}"
state: "{{ cloudflared_apt_repository_state | default('present') }}"
filename: cloudflared

5
roles/cloudflared/tasks/install.yaml Normal file
View File

@ -0,0 +1,5 @@
---
- name: install package
ansible.builtin.package:
name: "{{ cloudflared_package_name }}"
state: "{{ cloudflared_package_state | default('present') }}"

28
roles/cloudflared/tasks/main.yaml Normal file
View File

@ -0,0 +1,28 @@
---
- name: gather os specific variables
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- ansible.builtin.include_tasks: install.yaml
# - ansible.builtin.include_tasks: configure.yaml

0
roles/cloudflared/vars/default.yaml Normal file
View File

10
roles/common/defaults/main.yaml
View File

@ -1,6 +1,6 @@
---
cron_service_name: cron
timezone: UTC
# vim:ft=yaml.ansible:
# common_cron_service_name: cron.service
# common_timezone: Etc/UTC
# common_locale: C.UTF-8
# common_apt_update_cache: true
# common_apt_cache_valid_time: 3600

7
roles/common/handlers/main.yaml
View File

@ -1,8 +1,5 @@
---
- name: restart cron
service:
name: "{{ cron_service_name }}"
ansible.builtin.service:
name: "{{ common_cron_service_name | default('cron.service') }}"
state: restarted
when: cron_service_name is defined
# vim:ft=yaml.ansible:

7
roles/common/tasks/Debian.yaml
View File

@ -1,5 +1,6 @@
---
- name: run apt-get update
apt:
update_cache: yes
cache_valid_time: 3600
ansible.builtin.apt:
update_cache: "{{ common_apt_update_cache | default(true) }}"
cache_valid_time: "{{ common_apt_cache_valid_time | default(3600) }}"
changed_when: false

47
roles/common/tasks/main.yaml
View File

@ -1,29 +1,40 @@
---
- name: gather OS specific variables
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
ansible.builtin.include_vars: "{{ lookup('ansible.builtin.first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: run os specific tasks
include: "{{ item }}"
with_first_found:
- "{{ ansible_os_family }}.yaml"
ansible.builtin.include_tasks: "{{ lookup('ansible.builtin.first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- name: set hostname
hostname:
name: "{{ hostname | default(inventory_hostname) }}"
- name: install system utilities
package:
name: "{{ item }}"
state: present
with_items: "{{ sys_utils }}"
ansible.builtin.hostname:
name: "{{ common_hostname | default(inventory_hostname) }}"
- name: configure system timezone
timezone:
name: "{{ timezone }}"
ansible.builtin.timezone:
name: "{{ common_timezone | default('Etc/UTC') }}"
notify: restart cron
- name: configure system locale
ansible.builtin.command:
cmd: "localectl set-locale {{ common_locale | default('C.UTF-8') }}"
when: ansible_facts.env.LANG != (common_locale | default('C.UTF-8'))
# vim:ft=yaml.ansible:

0
roles/common/vars/default.yaml Normal file
View File

10
roles/common/vars/main.yaml
View File

@ -1,10 +0,0 @@
---
sys_utils:
- git
- vim
- tmux
- dnsutils
- ldnsutils
- tcpdump
# vim:ft=yaml.ansible:

21
roles/consul/defaults/main.yaml Normal file
View File

@ -0,0 +1,21 @@
---
consul_package_name: consul
consul_package_state: present
consul_service_name: consul
consul_service_state: started
consul_service_enabled: true
consul_etc_path: /etc/consul.d
consul_config_path: "{{ consul_etc_path }}/consul.hcl"
consul_config_template: consul.hcl.j2
consul_user: consul
consul_group: consul
consul_config_owner: "{{ consul_user }}"
consul_config_group: "{{ consul_group }}"
consul_config_mode: 0644
consul_data_dir: /opt/consul
consul_bind_addr: "{{ ansible_default_ipv4.address }}"
consul_server: false
consul_bootstrap_expect: 1
consul_ui_config_enabled: true
consul_client_addr: 0.0.0.0
consul_unbound_enabled: false

9
roles/consul/files/unbound-consul.conf Normal file
View File

@ -0,0 +1,9 @@
# Ansible managed
server:
do-not-query-localhost: no
domain-insecure: "consul"
stub-zone:
name: "consul"
stub-addr: 127.0.0.1@8600

12
roles/consul/handlers/main.yaml Normal file
View File

@ -0,0 +1,12 @@
---
- name: reload consul
service:
name: "{{ consul_service_name }}"
state: reloaded
when: consul_service_enabled
- name: restart consul
service:
name: "{{ consul_service_name }}"
state: restarted
when: consul_service_enabled

18
roles/consul/tasks/RedHat.yaml Normal file
View File

@ -0,0 +1,18 @@
---
- name: install Hashicorp yum repo
yum_repository:
name: hashicorp
description: Hashicorp Stable - $basearch
baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable
enabled: 1
gpgcheck: 1
gpgkey: https://rpm.releases.hashicorp.com/gpg
- name: install Hashicorp (test) yum repo
yum_repository:
name: hashicorp-test
description: Hashicorp Test - $basearch
baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/test
enabled: 0
gpgcheck: 1
gpgkey: https://rpm.releases.hashicorp.com/gpg

9
roles/consul/tasks/forward-unbound.yaml Normal file
View File

@ -0,0 +1,9 @@
---
- name: configure unbound forwarder
copy:
src: unbound-consul.conf
dest: "{{ unbound_conf_d_path }}/consul.conf"
owner: root
group: root
mode: "0644"
notify: reload unbound

47
roles/consul/tasks/main.yaml Normal file
View File

@ -0,0 +1,47 @@
---
- name: gather os specific variables
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- name: install
package:
name: "{{ consul_package_name | default('consul') }}"
state: "{{ consul_package_state | default('present') }}"
- name: configure
template:
src: "{{ consul_config_template }}"
dest: "{{ consul_config_path }}"
owner: "{{ consul_config_owner }}"
group: "{{ consul_config_group }}"
mode: "{{ consul_config_mode }}"
notify: restart consul
- name: service
service:
name: "{{ consul_service_name | default('consul') }}"
state: "{{ consul_service_state | default('started') }}"
enabled: "{{ consul_service_enabled | default(true) }}"
- ansible.builtin.include_tasks: forward-unbound.yaml
when: consul_unbound_enabled

41
roles/consul/templates/consul.hcl.j2 Normal file
View File

@ -0,0 +1,41 @@
// {{ ansible_managed }}
data_dir = "{{ consul_data_dir }}"
{% if consul_server is defined %}
server = {{ (consul_server | lower) | default(false) }}
{% endif %}
{% if consul_bind_addr is defined %}
bind_addr = "{{ (consul_bind_addr | lower) | default("0.0.0.0") }}"
{% endif %}
{% if consul_server is true and consul_bootstrap_expect is defined %}
bootstrap_expect = {{ consul_bootstrap_expect }}
{% endif %}
{% if consul_retry_join is defined %}
retry_join = [
{%- set comma = joiner(",") -%}
{%- for x in consul_retry_join | default([]) -%}
{{ comma() }}"{{ x }}"
{%- endfor -%} ]
{% endif %}
{% if consul_server_addresses is defined %}
server_addresses = [
{%- set comma = joiner(",") -%}
{%- for x in consul_server_addresses | default([]) -%}
{{ comma() }}"{{ x }}"
{%- endfor -%} ]
{% endif %}
ui_config {
{% if consul_ui_config_enabled is defined %}
enabled = {{ (consul_ui_config_enabled | lower) | default(false) }}
{% endif %}
}
{% if consul_client_addr is defined %}
client_addr = "{{ (consul_client_addr | lower) | default("0.0.0.0") }}"
{% endif %}

0
roles/consul/vars/default.yaml Normal file
View File

22
roles/craftbukkit/defaults/main.yaml Normal file
View File

@ -0,0 +1,22 @@
---
craftbukkit_java_package_name: openjdk-8-jre-headless
craftbukkit_java_package_state: present
craftbukkit_version: 1.16.1
craftbukkit_jar: "craftbukkit-{{ craftbukkit_version }}.jar"
craftbukkit_service_name: craftbukkit.service
craftbukkit_service_state: started
craftbukkit_service_enabled: yes
craftbukkit_port: 25565
craftbukkit_user: craftbukkit
craftbukkit_group: craftbukkit
craftbukkit_opt_path: /opt/craftbukkit
craftbukkit_var_path: /var/opt/craftbukkit
craftbukkit_syslog_facility: local5
craftbukkit_notifier_state: present

121
roles/craftbukkit/files/discord.py Normal file
View File

@ -0,0 +1,121 @@
#!/usr/bin/env python
from __future__ import print_function
import sys
import requests
import re
import argparse
from urlparse import urljoin
PATTERN = re.compile(r"(\S+) (joined|left) the game")
PATTERNS = (
(re.compile(r": (\S+)\[.+logged in"), "{0} joined the game"),
(re.compile(r"(\S+) (joined|left) the game"), "{0} {1} the game"),
(re.compile(r"\[(\S+): Gave (\d+) \[(.+)\] to (\S+)\]"), "{0} gave {1} \"{2}\" to {3}"),
(re.compile(r"(\S+) was (\S+) by (\S+)"), ":skull: {0} was {1} by {2}"),
(re.compile(r"(\S+) tried to swim in lava"), ":skull: {0} tried to swim in lava"),
(re.compile(r"(\S+) fell from a high place"), ":skull: {0} fell from a high place"),
)
def print_err(s):
print(s, file=sys.stderr)
sys.stderr.flush()
def ok():
print("OK")
sys.stdout.flush()
def cli_parse(args):
parser = argparse.ArgumentParser()
opt = parser.add_argument
opt("--config", "-c", dest="config", type=parse_kv_file)
opt("--confirm", action="store_const", dest="confirm", const=True, default=True)
opt("--no-confirm", action="store_const", dest="confirm", const=False)
opt("--verbose", "-v", action="store_true")
opt("--debug", "-d", action="store_true")
cli_args = parser.parse_args(args[1:])
return cli_args, parser
def parse_kv_file(f, mode="r"):
if isinstance(f, str):
f = open(f, mode)
kv = {}
with f:
for line in f:
k, v = line.partition("=")[::2]
kv[k.strip().lower()] = v.strip()
return kv
class DiscordHook:
def __init__(self, hook_id, hook_token):
url_path = "/".join([hook_id, hook_token])
url = urljoin("https://discordapp.com/api/webhooks/", url_path)
self.url = url
def send(self, content):
data = {"content": content}
r = requests.post(self.url, data=data)
r.raise_for_status()
return r
def loop(handler, confirm=True):
if confirm:
ok()
while 1:
try:
line = sys.stdin.readline()
except KeyboardInterrupt:
print_err("\nreceived sigint, exiting")
break
if not line:
break
for pattern, fmt in PATTERNS:
match = pattern.search(line.strip())
if match:
message = fmt.format(*match.groups())
try:
handler.send(message)
except Exception as e:
print_err(e)
continue
if confirm:
ok()
def main(argv):
args, _ = cli_parse(argv)
if args.debug:
print("started with args {0}".format(vars(args)))
webhook_id = args.config.get("webhook_id")
webhook_token = args.config.get("webhook_token")
if webhook_id is None:
raise SystemExit("webhook_id is unset")
if webhook_token is None:
raise SystemExit("webhook_token is unset")
handler = DiscordHook(webhook_id, webhook_token)
return loop(handler, confirm=args.confirm)
raise SystemExit(main(sys.argv))

11
roles/craftbukkit/handlers/main.yaml Normal file
View File

@ -0,0 +1,11 @@
---
- name: craftbukkit daemon-reload
systemd:
name: "{{ craftbukkit_service_name }}"
daemon_reload: yes
state: restarted
- name: restart craftbukkit
service:
name: "{{ craftbukkit_service_name }}"
state: restarted

121
roles/craftbukkit/tasks/main.yaml Normal file
View File

@ -0,0 +1,121 @@
---
- name: create craftbukkit group
group:
name: "{{ craftbukkit_group }}"
gid: "{{ craftbukkit_group_gid | default(omit) }}"
state: "{{ craftbukkit_group_state | default('present') }}"
system: yes
- name: create craftbukkit user
user:
name: "{{ craftbukkit_user }}"
uid: "{{ craftbukkit_user_uid | default(omit) }}"
group: "{{ craftbukkit_group }}"
home: "{{ craftbukkit_var_path }}"
create_home: no
shell: "{{ craftbukkit_shell | default('/usr/sbin/nologin') }}"
state: "{{ craftbukkit_user_state | default('present') }}"
system: yes
- name: install java
package:
name: "{{ craftbukkit_java_package_name }}"
state: "{{ craftbukkit_java_package_state }}"
- name: create craftbukkit installation directory
file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: "0755"
with_items:
- "{{ craftbukkit_opt_path }}"
- "{{ craftbukkit_opt_path }}/bin"
- "{{ craftbukkit_opt_path }}/etc"
- name: create craftbukkit var directory
file:
path: "{{ craftbukkit_var_path }}"
state: directory
owner: "{{ craftbukkit_user }}"
group: "{{ craftbukkit_group }}"
mode: "0755"
- name: "upload {{ craftbukkit_jar }}"
copy:
src: "files/craftbukkit/{{ craftbukkit_jar }}"
dest: "{{ craftbukkit_opt_path }}/bin/{{ craftbukkit_jar }}"
owner: "{{ craftbukkit_user }}"
group: "{{ craftbukkit_group }}"
mode: "0644"
notify: restart craftbukkit
- name: agree to the eula
copy:
content: "eula=true"
dest: "{{ craftbukkit_var_path }}/eula.txt"
owner: "{{ craftbukkit_user }}"
group: "{{ craftbukkit_group }}"
mode: "0644"
- name: configure server.properties
template:
src: server.properties.j2
dest: "{{ craftbukkit_var_path }}/server.properties"
owner: root
group: root
mode: 0644
notify: restart craftbukkit
- name: configure systemd unit
template:
src: craftbukkit.service.j2
dest: /etc/systemd/system/craftbukkit.service
owner: root
group: root
mode: 0644
notify: craftbukkit daemon-reload
- name: manage craftbukkit service
service:
name: "{{ craftbukkit_service_name }}"
state: "{{ craftbukkit_service_state }}"
enabled: "{{ craftbukkit_service_enabled }}"
- name: install discord notifier
copy:
src: discord.py
dest: "{{ craftbukkit_opt_path }}/bin/craftbukkit-discord"
owner: root
group: root
mode: 0755
notify: restart rsyslog
- name: configure discord notifier
copy:
dest: "{{ craftbukkit_opt_path }}/etc/discord.cfg"
owner: syslog
group: syslog
mode: 0600
content: "{% for k, v in craftbukkit_discord_config.items() %}{{ k }}={{ v }}{{ \"\n\" }}{% endfor %}"
notify: restart rsyslog
- name: configure rsyslog program
template:
src: rsyslog/craftbukkit.conf.j2
dest: /etc/rsyslog.d/05-craftbukkit.conf
owner: root
group: root
mode: 0644
notify: restart rsyslog
- name: manage rsyslog configuration
file:
path: "{{ item }}"
state: "{{ (craftbukkit_notifier_state == 'present') | ternary('file', 'absent') }}"
loop:
- /etc/rsyslog.d/05-craftbukkit.conf
- "{{ craftbukkit_opt_path }}/etc/discord.cfg"
- "{{ craftbukkit_opt_path }}/bin/craftbukkit-discord"
notify: restart rsyslog

19
roles/craftbukkit/templates/craftbukkit.service.j2 Normal file
View File

@ -0,0 +1,19 @@
# {{ ansible_managed }}
[Unit]
Description=Craftbukkit server %i
After=network.target
[Service]
ExecStart=/usr/bin/java -Xmx{{ craftbukkit_java_xmx | default('1024M') }} -Xms{{ craftbukkit_java_xms | default('1024M') }} -jar {{ craftbukkit_opt_path }}/bin/{{ craftbukkit_jar }} nogui
SuccessExitStatus=143
Type=simple
User={{ craftbukkit_user }}
Group={{ craftbukkit_group }}
WorkingDirectory={{ craftbukkit_var_path }}/%i
Restart=on-failure
SyslogIdentifier=craftbukkit
SyslogFacility={{ craftbukkit_syslog_facility }}
[Install]
WantedBy=multi-user.target

11
roles/craftbukkit/templates/rsyslog/craftbukkit.conf.j2 Normal file
View File

@ -0,0 +1,11 @@
# {{ ansible_managed }}
module(load="omprog")
if ( $programname == "craftbukkit" ) then {
action(
type="omprog"
binary="{{ craftbukkit_opt_path }}/bin/craftbukkit-discord --config {{ craftbukkit_opt_path }}/etc/discord.cfg"
confirmmessages="on"
)
}

47
roles/craftbukkit/templates/server.properties.j2 Normal file
View File

@ -0,0 +1,47 @@
# {{ ansible_managed }}
spawn-protection=16
max-tick-time=-1
query.port: {{ craftbukkit_port | default(25565) }}
generator-settings=
force-gamemode=false
allow-nether=true
enforce-whitelist: {{ (craftbukkit_config.enfoce_whitelist | default(true)) | ternary('true', 'false') }}
gamemode=survival
broadcast-console-to-ops=true
enable-query=false
player-idle-timeout=0
difficulty=easy
spawn-monsters=true
broadcast-rcon-to-ops=true
op-permission-level=4
pvp=true
snooper-enabled=true
level-type=default
hardcore=false
enable-command-block=false
max-players=20
network-compression-threshold=256
resource-pack-sha1=
max-world-size=29999984
function-permission-level=2
rcon.port=25575
server-port: {{ craftbukkit_port | default(25565) }}
debug=false
server-ip=
spawn-npcs=true
allow-flight=false
level-name=world
view-distance=10
resource-pack=
spawn-animals=true
white-list: {{ (craftbukkit_config.whitelist | default(true)) | ternary('true', 'false') }}
rcon.password=
generate-structures=true
max-build-height=256
online-mode=true
level-seed=
use-native-transport=true
prevent-proxy-connections=false
enable-rcon=false
motd=A Minecraft Server

2
roles/crio/defaults/main.yaml Normal file
View File

@ -0,0 +1,2 @@
---
crio_version: 1.23

0
roles/crio/tasks/default.yaml Normal file
View File

53
roles/crio/tasks/main.yaml Normal file
View File

@ -0,0 +1,53 @@
---
- name: gather os specific variables
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- name: yum repo (devel:kubic:libcontainers:stable)
yum_repository:
name: devel:kubic:libcontainers:stable
description: "Stable Releases of Upstream github.com/containers packages ({{ crio_os }}) type=rpm-md"
baseurl: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ crio_os }}/"
gpgcheck: yes
gpgkey: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ crio_os }}/repodata/repomd.xml.key"
enabled: yes
- name: "yum repo (devel:kubic:libcontainers:stable:cri-o:{{ crio_version }})"
yum_repository:
name: "devel_kubic_libcontainers_stable_cri-o_{{ crio_version }}"
description: "devel:kubic:libcontainers:stable:cri-o:{{ crio_version }} ({{ crio_os }})"
baseurl: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/{{ crio_os }}/"
gpgcheck: yes
gpgkey: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/{{ crio_os }}/repodata/repomd.xml.key"
enabled: yes
- name: install
package:
name: "{{ crio_package_name | default('cri-o') }}"
state: "{{ crio_package_state | default('present') }}"
- name: manage service
service:
name: "{{ crio_service_name | default('crio') }}"
state: "{{ crio_service_state | default('started') }}"
enabled: "{{ crio_service_enabled | default(true) }}"

1
roles/crio/vars/Rocky.yaml Normal file
View File

@ -0,0 +1 @@
crio_os: "CentOS_{{ ansible_distribution_major_version }}"

8
roles/dl/defaults/main.yaml Normal file
View File

@ -0,0 +1,8 @@
---
dl_server_name: dl.kill0.net
dl_server_root: /var/www/dl
dl_access_log: /var/log/nginx/dl.access.log
dl_error_log: /var/log/nginx/dl.error.log
dl_ssl_enabled: false
dl_ssl_certificate: "/var/lib/lego/certificates/{{ dl_server_name }}.crt"
dl_ssl_certificate_key: "/var/lib/lego/certificates/{{ dl_server_name }}.key"

5
roles/dl/handlers/main.yaml Normal file
View File

@ -0,0 +1,5 @@
---
- name: reload nginx
service:
name: nginx
state: reloaded

Some files were not shown because too many files have changed in this diff Show More