Compare commits
No commits in common. "b02da06c973aa449ec522ed6808dcc8d9dfad990" and "b685c1027e2e6537d9b654208d32809479dc4f8b" have entirely different histories.
b02da06c97
...
b685c1027e
18
files/nsd/zones/cavi.cc.zone
Normal file
18
files/nsd/zones/cavi.cc.zone
Normal file
@ -0,0 +1,18 @@
|
||||
; cavi.cc [320470]
|
||||
$TTL 86400
|
||||
@ IN SOA ns1.linode.com. hostmaster.kill0.net. 2022020501 14400 14400 1209600 86400
|
||||
@ NS ns1.linode.com.
|
||||
@ NS ns2.linode.com.
|
||||
@ NS ns3.linode.com.
|
||||
@ NS ns4.linode.com.
|
||||
@ NS ns5.linode.com.
|
||||
@ MX 10 in1-smtp.messagingengine.com.
|
||||
@ MX 20 in2-smtp.messagingengine.com.
|
||||
@ TXT "v=spf1 include:spf.messagingengine.com -all"
|
||||
default._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY8s2MeBFqZIwItrdDo4J0N0AIoNtf7Ui6jtyIqqs2if2D1h3Ee37McBxZhJ79TX3TZyXci/G0+DZm/F9w2Ye703JNmgjSo6V1fx3MMZicohnTwYs3yQScdWNjJ8ML6SEJtveIjIws2CQ4/Y8J3f6ilWh2OAUrRIAg2u/BV5odgwIDAQAB"
|
||||
mesmtp._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUDHvhiTIEgdxTfvcrL1znWbMBWC10L8enkWJmatLs1vGkEQkNbaK55aO3wDwuVZq9f2KmcEUA/GRUOJQy3XGu1xgPjVmR6Hqbx4ygjoAcMm8UfNc7UA8deKV8qCGEF2ag82n9LpDYcEQSehC/kE4bbUFaZk3FMUdTwMu5vB0vVQIDAQAB"
|
||||
_dmarc TXT "v=DMARC1; p=reject; adkim=s; aspf=s"
|
||||
@ A 45.33.21.121
|
||||
@ AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
||||
www A 45.33.21.121
|
||||
www AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
12
files/nsd/zones/chill9.com.zone
Normal file
12
files/nsd/zones/chill9.com.zone
Normal file
@ -0,0 +1,12 @@
|
||||
; chill9.com [726945]
|
||||
$TTL 86400
|
||||
@ IN SOA ns1.linode.com. hostmaster.kill0.net. 2022051201 14400 14400 1209600 86400
|
||||
@ NS ns1.linode.com.
|
||||
@ NS ns2.linode.com.
|
||||
@ NS ns3.linode.com.
|
||||
@ NS ns4.linode.com.
|
||||
@ NS ns5.linode.com.
|
||||
@ A 45.33.21.121
|
||||
@ AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
||||
www A 45.33.21.121
|
||||
www AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
12
files/nsd/zones/chill9.net.zone
Normal file
12
files/nsd/zones/chill9.net.zone
Normal file
@ -0,0 +1,12 @@
|
||||
; chill9.net [726945]
|
||||
$TTL 86400
|
||||
@ IN SOA ns1.linode.com. hostmaster.kill0.net. 2022051201 14400 14400 1209600 86400
|
||||
@ NS ns1.linode.com.
|
||||
@ NS ns2.linode.com.
|
||||
@ NS ns3.linode.com.
|
||||
@ NS ns4.linode.com.
|
||||
@ NS ns5.linode.com.
|
||||
@ A 45.33.21.121
|
||||
@ AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
||||
www A 45.33.21.121
|
||||
www AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
12
files/nsd/zones/confabulator.net.zone
Normal file
12
files/nsd/zones/confabulator.net.zone
Normal file
@ -0,0 +1,12 @@
|
||||
; confabulator.net [307550]
|
||||
$TTL 86400
|
||||
@ IN SOA ns1.linode.com. hostmaster.kill0.net. 2022051201 14400 14400 1209600 86400
|
||||
@ NS ns1.linode.com.
|
||||
@ NS ns2.linode.com.
|
||||
@ NS ns3.linode.com.
|
||||
@ NS ns4.linode.com.
|
||||
@ NS ns5.linode.com.
|
||||
@ A 45.33.21.121
|
||||
@ AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
||||
www A 45.33.21.121
|
||||
www AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
16
files/nsd/zones/ctrl-v.org.zone
Normal file
16
files/nsd/zones/ctrl-v.org.zone
Normal file
@ -0,0 +1,16 @@
|
||||
; ctrl-v.org [687762]
|
||||
$TTL 86400
|
||||
@ IN SOA ns1.linode.com. hostmaster.kill0.net. 2022051201 14400 14400 1209600 86400
|
||||
@ NS ns1.linode.com.
|
||||
@ NS ns2.linode.com.
|
||||
@ NS ns3.linode.com.
|
||||
@ NS ns4.linode.com.
|
||||
@ NS ns5.linode.com.
|
||||
@ MX 10 in1-smtp.messagingengine.com.
|
||||
@ MX 20 in2-smtp.messagingengine.com.
|
||||
@ TXT "v=spf1 include:spf.messagingengine.com include:mailgun.org -all"
|
||||
mesmtp._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ihB/cUM+FkgYv5MPoZQQQLLFfu77bPYgQv64g1xjNw0c3jmHMKjQ51zW5lbvu/DAwKxtZqHjnruyvcLzRGcWzeV8udk88l+DuskTbIAYn0U5tU0fzTRwiARz4flik+JQtA0P+jvK5jCjmmEHpz6QUa+UN6rZKpz1jB3SgXXbpwIDAQAB"
|
||||
@ A 45.33.21.121
|
||||
@ AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
||||
www A 45.33.21.121
|
||||
www AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
12
files/nsd/zones/kill0.com.zone
Normal file
12
files/nsd/zones/kill0.com.zone
Normal file
@ -0,0 +1,12 @@
|
||||
; kill0.com [726945]
|
||||
$TTL 86400
|
||||
@ IN SOA ns1.linode.com. hostmaster.kill0.net. 2022051201 14400 14400 1209600 86400
|
||||
@ NS ns1.linode.com.
|
||||
@ NS ns2.linode.com.
|
||||
@ NS ns3.linode.com.
|
||||
@ NS ns4.linode.com.
|
||||
@ NS ns5.linode.com.
|
||||
@ A 45.33.21.121
|
||||
@ AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
||||
www A 45.33.21.121
|
||||
www AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
27
files/nsd/zones/kill0.net.zone
Normal file
27
files/nsd/zones/kill0.net.zone
Normal file
@ -0,0 +1,27 @@
|
||||
; kill0.net [726944]
|
||||
$TTL 86400
|
||||
@ SOA ns1.linode.com. hostmaster.kill0.net. 2022053101 14400 14400 1209600 86400
|
||||
@ NS ns1.linode.com.
|
||||
@ NS ns2.linode.com.
|
||||
@ NS ns3.linode.com.
|
||||
@ NS ns4.linode.com.
|
||||
@ NS ns5.linode.com.
|
||||
@ MX 10 in1-smtp.messagingengine.com.
|
||||
@ MX 20 in2-smtp.messagingengine.com.
|
||||
@ TXT "v=spf1 include:mailgun.org ~all"
|
||||
mailo._domainkey TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7bl1IcQTV0h6yK7wAsuLqj6LjlTxL1ktnGMdeC+J0hlDOHQPey7XEjL9Hj1Ye55Fu1cyBNx7eYn/mLZgiuGu9MccbgIyzRasP1DHG2mQ9omi8z7igesKtRaasyJ4EM6oM3BNSmDneVcInxOUa+6E9fJCesT+X3Flf8XEvuV3gowIDAQAB"
|
||||
jump0 A 45.33.21.121
|
||||
jump1 A 198.58.98.26
|
||||
mine0 A 173.255.193.88
|
||||
vpn-home 300 A 98.52.91.99
|
||||
vpn-jump0 A 45.33.21.121
|
||||
jump0 AAAA 2600:3c00::f03c:92ff:feb0:e05c
|
||||
jump1 AAAA 2600:3c00::f03c:93ff:feac:0daf
|
||||
mine0 AAAA 2600:3c00::f03c:92ff:fe70:d8d1
|
||||
git CNAME jump0.kill0.net.
|
||||
monitor CNAME jump0.kill0.net.
|
||||
ping CNAME jump0.kill0.net.
|
||||
stats CNAME jump0.kill0.net.
|
||||
dl CNAME jump0.kill0.net.
|
||||
ping-home 300 A 98.52.91.99
|
||||
ping-home 300 AAAA 2001:558:6033:96:4ea:10a5:9c40:3d9f
|
@ -169,11 +169,6 @@ prometheus_config:
|
||||
static_configs:
|
||||
- targets:
|
||||
- "localhost:10912"
|
||||
- job_name: grafana
|
||||
scrape_interval: 5s
|
||||
static_configs:
|
||||
- targets:
|
||||
- "localhost:3002"
|
||||
rule_files:
|
||||
- rules.yaml
|
||||
|
||||
|
57
group_vars/name_servers/main.yaml
Normal file
57
group_vars/name_servers/main.yaml
Normal file
@ -0,0 +1,57 @@
|
||||
---
|
||||
nsd_linode_xfr:
|
||||
- "{{ lookup('dig', 'axfr1.linode.com.') }}"
|
||||
- "{{ lookup('dig', 'axfr2.linode.com.') }}"
|
||||
- "{{ lookup('dig', 'axfr3.linode.com.') }}"
|
||||
- "{{ lookup('dig', 'axfr4.linode.com.') }}"
|
||||
- "{{ lookup('dig', 'axfr5.linode.com.') }}"
|
||||
- "{{ lookup('dig', 'axfr1.linode.com./AAAA') }}"
|
||||
- "{{ lookup('dig', 'axfr2.linode.com./AAAA') }}"
|
||||
- "{{ lookup('dig', 'axfr3.linode.com./AAAA') }}"
|
||||
- "{{ lookup('dig', 'axfr4.linode.com./AAAA') }}"
|
||||
- "{{ lookup('dig', 'axfr5.linode.com./AAAA') }}"
|
||||
|
||||
nsd_provide_xfr:
|
||||
- "{{ lookup('dig', 'axfr1.linode.com.') }} NOKEY"
|
||||
- "{{ lookup('dig', 'axfr2.linode.com.') }} NOKEY"
|
||||
- "{{ lookup('dig', 'axfr3.linode.com.') }} NOKEY"
|
||||
- "{{ lookup('dig', 'axfr4.linode.com.') }} NOKEY"
|
||||
- "{{ lookup('dig', 'axfr5.linode.com.') }} NOKEY"
|
||||
- "{{ lookup('dig', 'axfr1.linode.com./AAAA') }} NOKEY"
|
||||
- "{{ lookup('dig', 'axfr2.linode.com./AAAA') }} NOKEY"
|
||||
- "{{ lookup('dig', 'axfr3.linode.com./AAAA') }} NOKEY"
|
||||
- "{{ lookup('dig', 'axfr4.linode.com./AAAA') }} NOKEY"
|
||||
- "{{ lookup('dig', 'axfr5.linode.com./AAAA') }} NOKEY"
|
||||
|
||||
firewall_dns_whitelist: "{{ nsd_linode_xfr }}"
|
||||
firewall_ipset_dns: "{{ nsd_linode_xfr }}"
|
||||
|
||||
nsd_zones:
|
||||
- name: cavi.cc
|
||||
zonefile: cavi.cc.zone
|
||||
provide-xfr: "{{ nsd_provide_xfr }}"
|
||||
notify: "{{ nsd_provide_xfr }}"
|
||||
- name: kill0.net
|
||||
zonefile: kill0.net.zone
|
||||
provide-xfr: "{{ nsd_provide_xfr }}"
|
||||
notify: "{{ nsd_provide_xfr }}"
|
||||
- name: kill0.com
|
||||
zonefile: kill0.com.zone
|
||||
provide-xfr: "{{ nsd_provide_xfr }}"
|
||||
notify: "{{ nsd_provide_xfr }}"
|
||||
- name: chill9.com
|
||||
zonefile: chill9.com.zone
|
||||
provide-xfr: "{{ nsd_provide_xfr }}"
|
||||
notify: "{{ nsd_provide_xfr }}"
|
||||
- name: chill9.net
|
||||
zonefile: chill9.net.zone
|
||||
provide-xfr: "{{ nsd_provide_xfr }}"
|
||||
notify: "{{ nsd_provide_xfr }}"
|
||||
- name: confabulator.net
|
||||
zonefile: confabulator.net.zone
|
||||
provide-xfr: "{{ nsd_provide_xfr }}"
|
||||
notify: "{{ nsd_provide_xfr }}"
|
||||
- name: ctrl-v.org
|
||||
zonefile: ctrl-v.org.zone
|
||||
provide-xfr: "{{ nsd_provide_xfr }}"
|
||||
notify: "{{ nsd_provide_xfr }}"
|
@ -21,6 +21,9 @@ all:
|
||||
monitor_servers:
|
||||
hosts:
|
||||
jump0.kill0.net
|
||||
name_servers:
|
||||
hosts:
|
||||
jump0.kill0.net
|
||||
linode:
|
||||
hosts:
|
||||
mine0.kill0.net:
|
||||
|
@ -3,13 +3,13 @@
|
||||
become: true
|
||||
roles:
|
||||
- common
|
||||
- network
|
||||
- util
|
||||
- sudo
|
||||
- hostsfile
|
||||
- certs
|
||||
- rsyslog
|
||||
- users
|
||||
- network
|
||||
- dns
|
||||
- firewall
|
||||
- openssh
|
||||
@ -42,6 +42,7 @@
|
||||
roles:
|
||||
- nginx
|
||||
- certbot
|
||||
- influxdb
|
||||
- grafana
|
||||
- hosts: monitor_servers
|
||||
become: true
|
||||
@ -64,5 +65,9 @@
|
||||
tags:
|
||||
- thanos
|
||||
- monitoring
|
||||
- hosts: name_servers
|
||||
become: true
|
||||
roles:
|
||||
- nsd
|
||||
|
||||
# vim:ft=yaml.ansible:
|
||||
|
4
roles/certbot/tasks/Ubuntu.yaml
Normal file
4
roles/certbot/tasks/Ubuntu.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
- name: configure ppa
|
||||
apt_repository:
|
||||
repo: "ppa:certbot/certbot"
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
# common_cron_service_name: cron.service
|
||||
# common_timezone: Etc/UTC
|
||||
# common_locale: C.UTF-8
|
||||
# common_apt_update_cache: true
|
||||
# common_apt_cache_valid_time: 3600
|
||||
cron_service_name: cron
|
||||
|
||||
timezone: UTC
|
||||
|
||||
# vim:ft=yaml.ansible:
|
||||
|
@ -1,5 +1,8 @@
|
||||
---
|
||||
- name: restart cron
|
||||
ansible.builtin.service:
|
||||
name: "{{ common_cron_service_name | default('cron.service') }}"
|
||||
service:
|
||||
name: "{{ cron_service_name }}"
|
||||
state: restarted
|
||||
when: cron_service_name is defined
|
||||
|
||||
# vim:ft=yaml.ansible:
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: run apt-get update
|
||||
ansible.builtin.apt:
|
||||
update_cache: "{{ common_apt_update_cache | default(true) }}"
|
||||
cache_valid_time: "{{ common_apt_cache_valid_time | default(3600) }}"
|
||||
apt:
|
||||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
changed_when: false
|
||||
|
@ -24,17 +24,12 @@
|
||||
- tasks
|
||||
|
||||
- name: set hostname
|
||||
ansible.builtin.hostname:
|
||||
name: "{{ common_hostname | default(inventory_hostname) }}"
|
||||
hostname:
|
||||
name: "{{ hostname | default(inventory_hostname) }}"
|
||||
|
||||
- name: configure system timezone
|
||||
ansible.builtin.timezone:
|
||||
name: "{{ common_timezone | default('Etc/UTC') }}"
|
||||
timezone:
|
||||
name: "{{ timezone }}"
|
||||
notify: restart cron
|
||||
|
||||
- name: configure system locale
|
||||
ansible.builtin.command:
|
||||
cmd: "localectl set-locale {{ common_locale | default('C.UTF-8') }}"
|
||||
when: ansible_facts.env.LANG != (common_locale | default('C.UTF-8'))
|
||||
|
||||
# vim:ft=yaml.ansible:
|
||||
|
@ -1,130 +0,0 @@
|
||||
---
|
||||
lego_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
|
||||
lego_go_arch: "{{ lego_go_arch_map[ansible_architecture] | default('amd64') }}"
|
||||
|
||||
lego_version: 4.16.1
|
||||
# curl -L -s https://github.com/go-acme/lego/releases/download/v4.14.2/lego_4.14.2_checksums.txt | awk '{ printf "%s: sha256:%s\n", $2, $1 }' | sort
|
||||
lego_checksums:
|
||||
lego_v4.16.1_darwin_amd64.tar.gz: sha256:2555ae9c3976bb6d3d783819c7012572fecbd309330a5010dd1f9882332fa349
|
||||
lego_v4.16.1_darwin_arm64.tar.gz: sha256:609789c72a9c8e7f4f5916aa08440a299f63c75fee14f42e61904cda01f0736f
|
||||
lego_v4.16.1_freebsd_386.tar.gz: sha256:41408e99b9f1fb823e53d53feb15cd0cb929ad3cd093b9010c7af7ba71077e55
|
||||
lego_v4.16.1_freebsd_amd64.tar.gz: sha256:9353c009c4801d7646b3c99803a77aa0f2a041f802c8794d16ba4b31af4a8dfb
|
||||
lego_v4.16.1_freebsd_arm64.tar.gz: sha256:c39a98c8401a0fe506ac206ae5ef5e167d1dcd9e7f6bb27def954089c0f99839
|
||||
lego_v4.16.1_freebsd_armv5.tar.gz: sha256:b96b88a84aa51e77da8d4b92f6920b1890ae47c53e59c477d7b3b556b1273446
|
||||
lego_v4.16.1_freebsd_armv6.tar.gz: sha256:ea41ff383adcf98ff70a65e6da49c7c82d16071f3057e44e1c41b2fe34543f19
|
||||
lego_v4.16.1_freebsd_armv7.tar.gz: sha256:6e883cb6c12a7bb703018e85623bf2c548eebfd01047bda75820264bb8ff85f2
|
||||
lego_v4.16.1_linux_386.tar.gz: sha256:3eb2e75cc474b0a0b9a990ddd9c70e7c9631a150487d8434e03a295cfd4b0caa
|
||||
lego_v4.16.1_linux_amd64.tar.gz: sha256:e9826f955337c1fd825d21b073168692711985e25db013ff6b00e9a55a9644b4
|
||||
lego_v4.16.1_linux_arm64.tar.gz: sha256:0669037c2bcff11d0599765c63f186dfc98397b6a827f5cb2e48e9e69c12626c
|
||||
lego_v4.16.1_linux_armv5.tar.gz: sha256:33ff82f3aff43825b0fca7f173825c6cc6b02d9e5607dec147ba172e62c883c9
|
||||
lego_v4.16.1_linux_armv6.tar.gz: sha256:3532a986667fe4ba42366fe09a5487c273c168779f803d878b4cc990d29c5c94
|
||||
lego_v4.16.1_linux_armv7.tar.gz: sha256:b9727c1282a320c22d9fbdbdb59e35810c8b7f94d1382bfa87d564429a89629e
|
||||
lego_v4.16.1_linux_mips64_hardfloat.tar.gz: sha256:055914fab0e26432590fccb54e400e1c0b1ad8d9932f0d418ed9ee7857765eed
|
||||
lego_v4.16.1_linux_mips64_softfloat.tar.gz: sha256:6d79cde9f3f7598276e9f82d2c0fe94b541b35112c0d03797cae4bd9de289d78
|
||||
lego_v4.16.1_linux_mips64le_hardfloat.tar.gz: sha256:5a2421aed70c009d746eff8ffb8a1429dbfdda9c60d08790b53b88d7d4e0b270
|
||||
lego_v4.16.1_linux_mips64le_softfloat.tar.gz: sha256:c1e8afedc29d18e7cb6da4d42c77d41b11041f58637e453be1ac70f65dfba0bc
|
||||
lego_v4.16.1_linux_mips_hardfloat.tar.gz: sha256:07bcd8f03dda24e7db4ef0be065680a8db2d1ec7b217aea2c4ee7f6a6d731928
|
||||
lego_v4.16.1_linux_mips_softfloat.tar.gz: sha256:0367bd328a9355b0191ae0f1b77a20e6a7f6c84a0a65d0a7e4a5f240e7737ed4
|
||||
lego_v4.16.1_linux_mipsle_hardfloat.tar.gz: sha256:49c6117c24e351921e9fdfc0fa01dc7dd007001602b4743f2854b85dde7dd410
|
||||
lego_v4.16.1_linux_mipsle_softfloat.tar.gz: sha256:e5771a43504deab162291c957c1cf549e287c15f645712c08e56f08e5ed97d4c
|
||||
lego_v4.16.1_openbsd_386.tar.gz: sha256:7aaa14b081b8c2d18717c463b6ecea434c963366c82ad9824bcf61750b130c73
|
||||
lego_v4.16.1_openbsd_amd64.tar.gz: sha256:4249afea73a1f8cdec964a0471e841103d6575f6d8549005ec2c06efa063d0fe
|
||||
lego_v4.16.1_openbsd_arm64.tar.gz: sha256:4e94b6714bfed91c06e7365da1da36624126b323dc2c0fdabe7fd3fb155f7cb5
|
||||
lego_v4.16.1_solaris_amd64.tar.gz: sha256:e9d33547a2671636bf02148677bd790996fb94688b0a055393675c645de150ec
|
||||
lego_v4.16.1_windows_386.zip: sha256:980e5d8e6afb700f28c9b9ab539141c45fbd556e12c5b3deb114d7db056d7f0f
|
||||
lego_v4.16.1_windows_amd64.zip: sha256:2716e8cc14facd60d804f849c1aeff6bb31bfa09719905d8f65ec801ead628ca
|
||||
lego_v4.16.1_windows_arm64.zip: sha256:28179af7c79f01e8347dcaab65fba5b70abd36dcd0a2bcc2d6803cb177f2b72c
|
||||
lego_v4.16.1_windows_armv5.zip: sha256:4017c2f1cbd8c838377e6816daccabc96d063b44749407c68e985af7f04fff6c
|
||||
lego_v4.16.1_windows_armv6.zip: sha256:099992c58012440f693206ab0ea23dd1794f4093fd2ad62b744d6a08e3749efd
|
||||
lego_v4.16.1_windows_armv7.zip: sha256:4b9557137c5d24996c3b44c223edf9495f0ea7df7f9a2d5da5f3dbc8f8ec8b50
|
||||
|
||||
lego_github_rel_path: go-acme/lego
|
||||
lego_github_project_url: "https://github.com/{{ lego_github_rel_path }}"
|
||||
lego_release_file: "lego_v{{ lego_version }}_{{ ansible_system | lower }}_{{ lego_go_arch }}.tar.gz"
|
||||
lego_release_url: "{{ lego_github_project_url }}/releases/download/v{{ lego_version }}/{{ lego_release_file }}"
|
||||
lego_download_path: "/tmp/{{ lego_release_file }}"
|
||||
|
||||
lego_opt_dir_path: "/opt/lego-{{ lego_version }}"
|
||||
|
||||
lego_unarchive_dest_path: /tmp/
|
||||
lego_extracted_path: "/tmp"
|
||||
lego_binaries:
|
||||
- lego
|
||||
|
||||
lego_user_name: lego
|
||||
lego_user_shell: /usr/sbin/nologin
|
||||
lego_user_home: "{{ lego_var_dir_path }}"
|
||||
lego_group_name: lego
|
||||
|
||||
lego_bin_dir_path: /usr/local/bin
|
||||
lego_bin_path: "{{ lego_bin_dir_path }}/lego"
|
||||
|
||||
lego_etc_dir_path: /etc/lego
|
||||
lego_etc_dir_path_owner: "{{ lego_user_name }}"
|
||||
lego_etc_dir_path_group: "{{ lego_group_name }}"
|
||||
lego_etc_dir_path_mode: ugo=rx
|
||||
lego_etc_dir_path_state: directory
|
||||
|
||||
lego_var_dir_path: /var/lib/lego
|
||||
lego_var_dir_path_owner: "{{ lego_user_name }}"
|
||||
lego_var_dir_path_group: "{{ lego_group_name }}"
|
||||
lego_var_dir_path_mode: u=rwx,go=rx
|
||||
lego_var_dir_path_state: directory
|
||||
|
||||
lego_bin_args:
|
||||
- --accept-tos
|
||||
- --domains %i
|
||||
- --domains www.%i
|
||||
|
||||
lego_environ:
|
||||
LEGO_PATH: "{{ lego_var_dir_path }}"
|
||||
|
||||
lego_bin_user_args: []
|
||||
lego_user_environ: {}
|
||||
lego_credential_files: []
|
||||
|
||||
lego_service_name: lego@.service
|
||||
lego_service_enabled: true
|
||||
lego_service_state: started
|
||||
|
||||
lego_timer_name: lego@.timer
|
||||
lego_timer_enabled: true
|
||||
lego_timer_state: started
|
||||
|
||||
lego_service_template_src: "{{ lego_service_name }}.j2"
|
||||
lego_service_template_dest: "/etc/systemd/system/{{ lego_service_name }}"
|
||||
lego_service_template_owner: root
|
||||
lego_service_template_group: root
|
||||
lego_service_template_mode: ugo=r
|
||||
|
||||
lego_timer_template_src: "{{ lego_timer_name }}.j2"
|
||||
lego_timer_template_dest: "/etc/systemd/system/{{ lego_timer_name }}"
|
||||
lego_timer_template_owner: root
|
||||
lego_timer_template_group: root
|
||||
lego_timer_template_mode: ugo=r
|
||||
|
||||
lego_systemd_service_d_dir_path: /etc/systemd/system/lego@.service.d
|
||||
lego_systemd_service_d_dir_path_owner: root
|
||||
lego_systemd_service_d_dir_path_group: root
|
||||
lego_systemd_service_d_dir_path_mode: ugo=rx
|
||||
lego_systemd_service_d_dir_path_state: directory
|
||||
|
||||
lego_systemd_service_d_template_src: "environ.conf.j2"
|
||||
lego_systemd_service_d_template_dest: "{{ lego_systemd_service_d_dir_path }}/environ.conf"
|
||||
lego_systemd_service_d_template_path_owner: root
|
||||
lego_systemd_service_d_template_path_group: root
|
||||
lego_systemd_service_d_template_path_mode: u=r,go=
|
||||
|
||||
lego_credential_file_owner: "{{ lego_user_name }}"
|
||||
lego_credential_file_group: "{{ lego_group_name }}"
|
||||
lego_credential_file_mode: u=r,go=
|
||||
|
||||
# lego_domains:
|
||||
# - name: example.com
|
||||
# # not required
|
||||
# enabled: true
|
||||
# # not required
|
||||
# state: started
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- name: restart lego
|
||||
systemd:
|
||||
name: "{{ lego_service_name }}"
|
||||
daemon_reload: true
|
@ -1,98 +0,0 @@
|
||||
---
|
||||
- name: create group
|
||||
ansible.builtin.group:
|
||||
name: "{{ lego_group_name }}"
|
||||
system: true
|
||||
|
||||
- name: create user
|
||||
ansible.builtin.user:
|
||||
name: "{{ lego_user_name }}"
|
||||
shell: "{{ lego_user_shell }}"
|
||||
home: "{{ lego_user_home }}"
|
||||
system: true
|
||||
group: "{{ lego_group_name }}"
|
||||
|
||||
- name: create var path
|
||||
ansible.builtin.file:
|
||||
path: "{{ lego_var_dir_path }}"
|
||||
owner: "{{ lego_var_dir_path_owner }}"
|
||||
group: "{{ lego_var_dir_path_group }}"
|
||||
mode: "{{ lego_var_dir_path_mode }}"
|
||||
state: "{{ lego_var_dir_path_state }}"
|
||||
|
||||
- name: create etc path
|
||||
ansible.builtin.file:
|
||||
path: "{{ lego_etc_dir_path }}"
|
||||
owner: "{{ lego_etc_dir_path_owner }}"
|
||||
group: "{{ lego_etc_dir_path_group }}"
|
||||
mode: "{{ lego_etc_dir_path_mode }}"
|
||||
state: "{{ lego_etc_dir_path_state }}"
|
||||
|
||||
- name: "create {{ lego_systemd_service_d_dir_path }}"
|
||||
ansible.builtin.file:
|
||||
path: "{{ lego_systemd_service_d_dir_path }}"
|
||||
owner: "{{ lego_systemd_service_d_dir_path_owner }}"
|
||||
group: "{{ lego_systemd_service_d_dir_path_group }}"
|
||||
mode: "{{ lego_systemd_service_d_dir_path_mode }}"
|
||||
state: "{{ lego_systemd_service_d_dir_path_state }}"
|
||||
|
||||
- name: "create {{ lego_systemd_service_d_template_dest }}"
|
||||
ansible.builtin.template:
|
||||
src: "{{ lego_systemd_service_d_template_src }}"
|
||||
dest: "{{ lego_systemd_service_d_template_dest }}"
|
||||
owner: "{{ lego_systemd_service_d_template_path_owner }}"
|
||||
group: "{{ lego_systemd_service_d_template_path_group }}"
|
||||
mode: "{{ lego_systemd_service_d_template_path_mode }}"
|
||||
notify:
|
||||
- restart lego
|
||||
|
||||
- name: create credential files
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ lego_etc_dir_path }}/{{ item.name }}"
|
||||
owner: "{{ item.owner | default(lego_credential_file_owner) }}"
|
||||
group: "{{ item.group | default(lego_credential_file_group) }}"
|
||||
mode: "{{ item.mode | default(lego_credential_file_mode) }}"
|
||||
content: "{{ item.content }}"
|
||||
loop: "{{ lego_credential_files | default([]) }}"
|
||||
no_log: true
|
||||
|
||||
#- name: configure
|
||||
# ansible.builtin.template:
|
||||
# src: "{{ lego_config_file_template_src }}"
|
||||
# dest: "{{ lego_config_file_template_dest }}"
|
||||
# owner: "{{ lego_config_file_template_owner }}"
|
||||
# group: "{{ lego_config_file_template_group }}"
|
||||
# mode: "{{ lego_config_file_template_mode }}"
|
||||
# notify:
|
||||
# - restart lego
|
||||
#
|
||||
- name: configure systemd unit
|
||||
ansible.builtin.template:
|
||||
src: "{{ lego_service_template_src }}"
|
||||
dest: "{{ lego_service_template_dest }}"
|
||||
owner: "{{ lego_service_template_owner }}"
|
||||
group: "{{ lego_service_template_group }}"
|
||||
mode: "{{ lego_service_template_mode }}"
|
||||
notify:
|
||||
- restart lego
|
||||
|
||||
- name: configure timer
|
||||
ansible.builtin.template:
|
||||
src: "{{ lego_timer_template_src }}"
|
||||
dest: "{{ lego_timer_template_dest }}"
|
||||
owner: "{{ lego_timer_template_owner }}"
|
||||
group: "{{ lego_timer_template_group }}"
|
||||
mode: "{{ lego_timer_template_mode }}"
|
||||
#
|
||||
#- name: manage service
|
||||
# ansible.builtin.service:
|
||||
# name: "{{ lego_service_name }}"
|
||||
# enabled: "{{ lego_service_enabled | default(true) }}"
|
||||
# state: "{{ lego_service_state | default('started') }}"
|
||||
|
||||
- name: manage timers
|
||||
ansible.builtin.systemd:
|
||||
name: "lego@{{ item.name }}.timer"
|
||||
enabled: "{{ item.enabled | default(true) }}"
|
||||
state: "{{ item.state | default('started') }}"
|
||||
loop: "{{ lego_domains | default([]) }}"
|
@ -1,56 +0,0 @@
|
||||
---
|
||||
- name: determine install status
|
||||
ansible.builtin.stat:
|
||||
path: "{{ lego_opt_dir_path }}/lego"
|
||||
register: st
|
||||
|
||||
- name: create opt path
|
||||
ansible.builtin.file:
|
||||
path: "{{ lego_opt_dir_path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
state: directory
|
||||
|
||||
- block:
|
||||
- name: download
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ lego_release_url }}"
|
||||
dest: "{{ lego_download_path }}"
|
||||
checksum: "{{ lego_checksums[lego_release_file] }}"
|
||||
register: dl
|
||||
until: dl is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: extract
|
||||
ansible.builtin.unarchive:
|
||||
src: "{{ lego_download_path }}"
|
||||
dest: "{{ lego_unarchive_dest_path }}"
|
||||
remote_src: true
|
||||
|
||||
- name: install
|
||||
ansible.builtin.copy:
|
||||
src: "{{ lego_extracted_path }}/{{ item }}"
|
||||
dest: "{{ lego_opt_dir_path }}/{{ item }}"
|
||||
remote_src: true
|
||||
loop: "{{ lego_binaries }}"
|
||||
when: not st.stat.exists
|
||||
|
||||
- name: permissions
|
||||
ansible.builtin.file:
|
||||
path: "{{ lego_opt_dir_path }}/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
loop: "{{ lego_binaries }}"
|
||||
|
||||
- name: symlink
|
||||
ansible.builtin.file:
|
||||
src: "{{ lego_opt_dir_path }}/{{ item }}"
|
||||
dest: "/usr/local/bin/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
state: link
|
||||
loop: "{{ lego_binaries }}"
|
@ -1,28 +0,0 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- ansible.builtin.include_tasks: install.yaml
|
||||
|
||||
- ansible.builtin.include_tasks: configure.yaml
|
@ -1,8 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
[Service]
|
||||
{% if lego_user_environ is defined %}
|
||||
{% for k, v in lego_user_environ.items() %}
|
||||
Environment={{ k | upper }}={{ v }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
@ -1,31 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
[Unit]
|
||||
Description=Let's Encrypt client and ACME library written in Go
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
{% if lego_environ is defined %}
|
||||
{% for k, v in lego_environ.items() %}
|
||||
Environment={{ k | upper }}={{ v }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
Type=oneshot
|
||||
User={{ lego_user_name }}
|
||||
ExecStart={{ lego_bin_path }} \
|
||||
{% for arg in lego_bin_args | default([]) + lego_bin_user_args | default([]) %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
renew \
|
||||
{% for arg in lego_bin_renew_user_args | default([]) %}
|
||||
{{ arg }} {% if not loop.last %}\{{ "\n"}}{% endif %}
|
||||
{% if loop.last %}
|
||||
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
WorkingDirectory={{ lego_var_dir_path }}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,11 +0,0 @@
|
||||
[Unit]
|
||||
Description=Certbot renewal
|
||||
Description=Let's Encrypt client and ACME library written in Go
|
||||
Requires={{ lego_service_name }}%i
|
||||
|
||||
[Timer]
|
||||
OnCalendar=*-*-* 00,12:00:00
|
||||
# RandomizedDelaySec=1
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
@ -1,57 +0,0 @@
|
||||
---
|
||||
logcli_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
|
||||
logcli_go_arch: "{{ logcli_go_arch_map[ansible_architecture] | default('amd64') }}"
|
||||
|
||||
logcli_version: 2.9.5
|
||||
logcli_checksums:
|
||||
logcli-darwin-amd64.zip: sha256:b224dc8872167be0c5f07b1c22471b21604419b625b4a6e69b2c7751bc409d98
|
||||
logcli-darwin-arm64.zip: sha256:ad93156ae1132038de7a6b42633bdc59aac1a04e816aeae2796bc6dddddff14a
|
||||
logcli-freebsd-amd64.zip: sha256:952f48394a080b88a100001b9c454e8793071ba4cd8cc95811bd446b4215a9a3
|
||||
logcli-linux-amd64.zip: sha256:a22f7e29bb9ef8f6f70e31926bbffc646b9e36b3265458e199c497b305d21cc2
|
||||
logcli-linux-arm.zip: sha256:0ad5c86191916121acea30d44011d84d33e5ca27497691980de16f1508b209f5
|
||||
logcli-linux-arm64.zip: sha256:06b6a6b961f5004c51eb7922509dbbb189701b1f3925ba1bb2289894fef7861e
|
||||
logcli-windows-amd64.exe.zip: sha256:d1a37c56fa2a1dfa97855d2a26826ba89569d50846a6022be03936423f04e19b
|
||||
loki-canary-darwin-amd64.zip: sha256:9f73e81666397e195ae092c518df32200bab71f72ff778c839abba0283f8f4b3
|
||||
loki-canary-darwin-arm64.zip: sha256:fa3a96bec9b30ec06bf5271182646161ab8056c51b07e00da14ce21d53bbd871
|
||||
loki-canary-freebsd-amd64.zip: sha256:170c0ea9bf6349cce9b9fb5be6b27d0b8477fc57e5a0849ad7c828ba3de79f15
|
||||
loki-canary-linux-amd64.zip: sha256:e4ff7cfb302851b98d4df1dc7793b3fdc7fd9680d2e75fc0484abcd08412f198
|
||||
loki-canary-linux-arm.zip: sha256:02750db39ecba743da3036ca28a3b426c7d068efeee86b875f7870ba8798dca2
|
||||
loki-canary-linux-arm64.zip: sha256:e0c0c31c89cad8ddffbd11f9467778e9b30bdfbdce955fba67871365a07ab3a1
|
||||
loki-canary-windows-amd64.exe.zip: sha256:54564cbd123fbdd1b95fe9882bd916e2e9432b53826a97c04179c48ff0314912
|
||||
loki-darwin-amd64.zip: sha256:b5831c0da363b3b075ddbdaa6e6e1323858b17c0d6c0052908aebaa637bc522c
|
||||
loki-darwin-arm64.zip: sha256:1b73e4867730c252ce0e3720dd42fea5bd7921dd3cda4aa5f3764e43e1495374
|
||||
loki-freebsd-amd64.zip: sha256:c3ac9b0aa16ca494a1537c28fe036440cd701d5273c5c8bbdb47426ecb5a041e
|
||||
loki-linux-amd64.zip: sha256:9d919a55e7a2dbaeab46e777a0589d7e304c71fed011f989143883cbc887e348
|
||||
loki-linux-arm.zip: sha256:104efc28b322523bf5bced67bdcc3746e1f7f872057f6ef54f25ab00ce426b39
|
||||
loki-linux-arm64.zip: sha256:491833bf201c55388b82c3d1f583a9d4426c1b778ed3dc710cd67c8cbbbb67bb
|
||||
loki-windows-amd64.exe.zip: sha256:1acee64bb69bd54ff6549edd2f670d0a3802727d9efced8705c7a712412d8ef7
|
||||
promtail-darwin-amd64.zip: sha256:54032f2781d3acfef7dd7ad12b7f38ec4f5d0eb8ba047ebecb9911a6dd4b6cc6
|
||||
promtail-darwin-arm64.zip: sha256:405ed21efcaa21ae5bbe4b7e16ca888ae8238716c46a176ea9c5e2a7b2b2a633
|
||||
promtail-freebsd-amd64.zip: sha256:5a68f6fa6c7ae96919f13b4fffb188f72f9b16e38f40cf3962b97989c9739a99
|
||||
promtail-linux-amd64.zip: sha256:e444bcff2d6677d284350819d3d1b7b473a1699357689230254fbc602b28dac7
|
||||
promtail-linux-arm.zip: sha256:d0cc7552b8ce69534893040e6518288a6899c4f3acf9d4e7d32335f5f2f6145d
|
||||
promtail-linux-arm64.zip: sha256:b23bd750dc5f6a76d808826ebc9d3c8b3540adb329578b650571a10d2be348b8
|
||||
promtail-windows-386.exe.zip: sha256:a121de0b043db194c65422f863211efe566da3bec338a92f0623dff6f3c435d1
|
||||
promtail-windows-amd64.exe.zip: sha256:d9c4b5bb58d3ece2e4ff78cd7fef65f5fadd7d9fe73ceb2dfa4a2990f944466f
|
||||
|
||||
logcli_github_rel_path: grafana/loki
|
||||
logcli_github_project_url: "https://github.com/{{ logcli_github_rel_path }}"
|
||||
logcli_release_file: "logcli-{{ ansible_system | lower }}-{{ logcli_go_arch }}.zip"
|
||||
logcli_release_url: "{{ logcli_github_project_url }}/releases/download/v{{ logcli_version }}/{{ logcli_release_file }}"
|
||||
logcli_download_path: "/tmp/logcli-{{ logcli_version }}-{{ ansible_system | lower }}-{{ logcli_go_arch }}.zip"
|
||||
|
||||
logcli_opt_path: "/opt/logcli-{{ logcli_version }}"
|
||||
|
||||
logcli_unarchive_dest_path: /tmp/
|
||||
logcli_extracted_path: "/tmp/logcli-{{ ansible_system | lower }}-{{ logcli_go_arch }}"
|
||||
logcli_binaries:
|
||||
- logcli
|
||||
|
||||
logcli_loki_addr: http://localhost:3100
|
||||
|
||||
logcli_profile_d_path: /etc/profile.d/logcli.sh
|
||||
logcli_profile_d_env:
|
||||
LOKI_ADDR: "{{ logcli_loki_addr }}"
|
@ -1,11 +0,0 @@
|
||||
---
|
||||
- name: set logcli environment variables
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ logcli_profile_d_path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
content: |
|
||||
{% for k, v in logcli_profile_d_env.items() %}
|
||||
export {{ k }}="{{ v }}"
|
||||
{% endfor %}
|
@ -1,56 +0,0 @@
|
||||
---
|
||||
- name: determine install status
|
||||
ansible.builtin.stat:
|
||||
path: "{{ logcli_opt_path }}/logcli"
|
||||
register: st
|
||||
|
||||
- name: create opt path
|
||||
ansible.builtin.file:
|
||||
path: "{{ logcli_opt_path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
state: directory
|
||||
|
||||
- block:
|
||||
- name: download
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ logcli_release_url }}"
|
||||
dest: "{{ logcli_download_path }}"
|
||||
checksum: "{{ logcli_checksums[logcli_release_file] }}"
|
||||
register: dl
|
||||
until: dl is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: extract
|
||||
ansible.builtin.unarchive:
|
||||
src: "{{ logcli_download_path }}"
|
||||
dest: "{{ logcli_unarchive_dest_path }}"
|
||||
remote_src: true
|
||||
|
||||
- name: install
|
||||
ansible.builtin.copy:
|
||||
src: "{{ logcli_extracted_path }}"
|
||||
dest: "{{ logcli_opt_path }}/{{ item }}"
|
||||
remote_src: true
|
||||
loop: "{{ logcli_binaries }}"
|
||||
when: not st.stat.exists
|
||||
|
||||
- name: permissions
|
||||
ansible.builtin.file:
|
||||
path: "{{ logcli_opt_path }}/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
loop: "{{ logcli_binaries }}"
|
||||
|
||||
- name: symlink
|
||||
ansible.builtin.file:
|
||||
src: "{{ logcli_opt_path }}/{{ item }}"
|
||||
dest: "/usr/local/bin/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
state: link
|
||||
loop: "{{ logcli_binaries }}"
|
@ -1,28 +0,0 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- ansible.builtin.include_tasks: install.yaml
|
||||
|
||||
- ansible.builtin.include_tasks: configure.yaml
|
@ -1,68 +0,0 @@
|
||||
---
|
||||
mimir_package_name: mimir
|
||||
mimir_package_state: present
|
||||
|
||||
mimir_service_name: mimir.service
|
||||
mimir_service_enabled: true
|
||||
mimir_service_state: started
|
||||
|
||||
mimir_apt_repository_repo: deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main
|
||||
mimir_apt_repository_state: present
|
||||
|
||||
mimir_version_regex: ^mimir, version ([\d.]+)
|
||||
|
||||
mimir_user_name: mimir
|
||||
mimir_user_comment: mimir user
|
||||
mimir_user_state: present
|
||||
mimir_user_shell: /usr/sbin/nologin
|
||||
mimir_user_system: true
|
||||
mimir_user_createhome: false
|
||||
|
||||
mimir_group_name: mimir
|
||||
mimir_group_state: "{{ mimir_user_state | default('present') }}"
|
||||
mimir_group_system: true
|
||||
|
||||
mimir_var_dir_path: /var/lib/mimir
|
||||
mimir_var_dir_owner: "{{ mimir_user_name }}"
|
||||
mimir_var_dir_group: "{{ mimir_group_name }}"
|
||||
mimir_var_dir_mode: "0700"
|
||||
|
||||
mimir_etc_dir_path: /etc/mimir
|
||||
mimir_etc_dir_owner: "{{ mimir_user_name }}"
|
||||
mimir_etc_dir_group: "{{ mimir_group_name }}"
|
||||
mimir_etc_dir_mode: "0755"
|
||||
|
||||
mimir_config_file_path: "{{ mimir_etc_dir_path }}/config.yml"
|
||||
mimir_config_file_path_owner: "{{ mimir_user_name }}"
|
||||
mimir_config_file_path_group: "{{ mimir_group_name }}"
|
||||
mimir_config_file_path_mode: "0755"
|
||||
|
||||
m# imir_common:
|
||||
# {}
|
||||
|
||||
mimir_server:
|
||||
http_listen_port: 9009
|
||||
|
||||
mimir_alertmanager:
|
||||
sharding_ring:
|
||||
replication_factor: 1
|
||||
|
||||
# mimir_compactor:
|
||||
# {}
|
||||
|
||||
# mimir_distributor:
|
||||
# {}
|
||||
|
||||
mimir_ingester:
|
||||
ring:
|
||||
replication_factor: 1
|
||||
|
||||
mimir_store_gateway:
|
||||
sharding_ring:
|
||||
replication_factor: 1
|
||||
|
||||
# mimir_blocks_storage:
|
||||
# {}
|
||||
|
||||
# mimir_ruler_storage:
|
||||
# {}
|
Binary file not shown.
@ -1,6 +0,0 @@
|
||||
---
|
||||
- name: restart mimir
|
||||
systemd:
|
||||
name: "{{ mimir_service_name }}"
|
||||
daemon_reload: true
|
||||
state: restarted
|
@ -1,14 +0,0 @@
|
||||
---
|
||||
- name: trust grafana apt respository key
|
||||
ansible.builtin.copy:
|
||||
src: "grafana.gpg"
|
||||
dest: "/etc/apt/keyrings/grafana.gpg"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: configure grafana apt repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "{{ mimir_apt_repository_repo }}"
|
||||
state: "{{ mimir_apt_repository_state | default('present') }}"
|
||||
filename: grafana
|
@ -1,48 +0,0 @@
|
||||
---
|
||||
- name: create group
|
||||
ansible.builtin.group:
|
||||
name: "{{ mimir_group_name }}"
|
||||
system: "{{ mimir_group_system | default(true) }}"
|
||||
state: "{{ mimir_group_name_state | default('present') }}"
|
||||
|
||||
- name: create user
|
||||
ansible.builtin.user:
|
||||
name: "{{ mimir_user_name }}"
|
||||
comment: "{{ mimir_user_comment }}"
|
||||
system: "{{ mimir_user_system | default(true) }}"
|
||||
shell: "{{ mimir_user_shell | default('/usr/sbin/nologin') }}"
|
||||
group: "{{ mimir_group_name }}"
|
||||
createhome: "{{ mimir_user_createhome | default(false) }}"
|
||||
home: "{{ mimir_var_dir_path }}"
|
||||
state: "{{ mimir_user_state | default('present') }}"
|
||||
|
||||
- name: create etc path
|
||||
ansible.builtin.file:
|
||||
path: "{{ mimir_etc_dir_path }}"
|
||||
state: directory
|
||||
owner: "{{ mimir_etc_dir_owner }}"
|
||||
group: "{{ mimir_etc_dir_group }}"
|
||||
mode: "{{ mimir_etc_dir_mode }}"
|
||||
|
||||
- name: create var path
|
||||
ansible.builtin.file:
|
||||
path: "{{ mimir_var_dir_path }}"
|
||||
state: directory
|
||||
owner: "{{ mimir_var_dir_owner }}"
|
||||
group: "{{ mimir_var_dir_group }}"
|
||||
mode: "{{ mimir_var_dir_mode }}"
|
||||
|
||||
- name: configure
|
||||
template:
|
||||
src: config.yml.j2
|
||||
dest: "{{ mimir_config_file_path }}"
|
||||
owner: "{{ mimir_user_name }}"
|
||||
group: "{{ mimir_group_name }}"
|
||||
mode: 0400
|
||||
notify: restart mimir
|
||||
|
||||
- name: manage service
|
||||
service:
|
||||
name: "{{ mimir_service_name }}"
|
||||
enabled: "{{ mimir_service_enabled }}"
|
||||
state: "{{ mimir_service_state }}"
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- name: install package
|
||||
ansible.builtin.package:
|
||||
name: "{{ mimir_package_name }}"
|
||||
state: "{{ mimir_package_state | default('present') }}"
|
@ -1,28 +0,0 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- ansible.builtin.include_tasks: install.yaml
|
||||
|
||||
- ansible.builtin.include_tasks: configure.yaml
|
@ -1,51 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
---
|
||||
{% if mimir_common is defined %}
|
||||
common:
|
||||
{{ mimir_common | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if mimir_server is defined %}
|
||||
server:
|
||||
{{ mimir_server | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if mimir_alertmanager is defined %}
|
||||
alertmanager:
|
||||
{{ mimir_alertmanager | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if mimir_compactor is defined %}
|
||||
compactor:
|
||||
{{ mimir_compactor | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if mimir_distributor is defined %}
|
||||
distributor:
|
||||
{{ mimir_distributor | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if mimir_ingester is defined %}
|
||||
ingester:
|
||||
{{ mimir_ingester | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if mimir_store_gateway is defined %}
|
||||
store_gateway:
|
||||
{{ mimir_store_gateway | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if mimir_alertmanager_storage is defined %}
|
||||
alertmanager_storage:
|
||||
{{ mimir_alertmanager_storage | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if mimir_blocks_storage is defined %}
|
||||
blocks_storage:
|
||||
{{ mimir_blocks_storage | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||
{% endif -%}
|
||||
|
||||
{% if mimir_ruler_storage is defined %}
|
||||
ruler_storage:
|
||||
{{ mimir_ruler_storage | to_nice_yaml(indent=2) | indent(4, False) }}
|
||||
{% endif -%}
|
@ -1,70 +0,0 @@
|
||||
---
|
||||
# nftables_ufw_package_name: ufw
|
||||
# nftables_ufw_package_state: absent
|
||||
|
||||
# nftables_package_name: nftables
|
||||
# nftables_package_state: present
|
||||
|
||||
# nftables_service_name: nftables
|
||||
# nftables_service_state: started
|
||||
# nftables_service_enabled: true
|
||||
|
||||
# nftables_config_path: /etc/nftables.conf
|
||||
|
||||
nftables_builtin_defines:
|
||||
REQUIRED_ICMPV6_TYPES:
|
||||
- 1-4
|
||||
- 130-136
|
||||
- 141-143
|
||||
- 148-149
|
||||
- 151-153
|
||||
TRACEROUTE_UDP_PORTS: 33434-33534
|
||||
|
||||
nftables_builtin_sets:
|
||||
blackhole4:
|
||||
- type ipv4_addr
|
||||
- flags interval
|
||||
blackhole6:
|
||||
- type ipv6_addr
|
||||
- flags interval
|
||||
tcp_input_accept:
|
||||
- type inet_service
|
||||
- flags interval
|
||||
- elements = { ssh }
|
||||
udp_input_accept:
|
||||
- type inet_service
|
||||
- flags interval
|
||||
|
||||
nftables_input_builtin_rules:
|
||||
- type filter hook input priority filter; policy drop;
|
||||
- ip saddr @blackhole4 drop
|
||||
- ip6 saddr @blackhole6 drop
|
||||
- ct state established,related accept
|
||||
- ct state invalid drop
|
||||
- iifname "lo" accept
|
||||
- icmpv6 type $REQUIRED_ICMPV6_TYPES accept
|
||||
- icmpv6 type echo-request accept
|
||||
- icmp type echo-request accept
|
||||
- tcp dport @tcp_input_accept accept
|
||||
- udp dport @udp_input_accept accept
|
||||
# this should be last because these ports could be allowed
|
||||
- udp dport $TRACEROUTE_UDP_PORTS reject
|
||||
|
||||
nftables_forward_builtin_rules:
|
||||
- type filter hook forward priority filter; policy drop;
|
||||
- ct state { established, related } accept
|
||||
|
||||
nftables_output_builtin_rules:
|
||||
- type filter hook output priority filter; policy accept;
|
||||
- ip daddr @blackhole4 drop
|
||||
- ip6 daddr @blackhole6 drop
|
||||
- ct state { established, related } accept
|
||||
|
||||
# nftables_sets:
|
||||
# {}
|
||||
#
|
||||
# nftables_input_rules:
|
||||
# []
|
||||
#
|
||||
# nftables_output_rules:
|
||||
# []
|
@ -1,10 +0,0 @@
|
||||
---
|
||||
- name: reload nftables
|
||||
ansible.builtin.service:
|
||||
name: "{{ nftables_service_name | default('nftables') }}"
|
||||
state: reloaded
|
||||
|
||||
- name: restart nftables
|
||||
ansible.builtin.service:
|
||||
name: "{{ nftables_service_name | default('nftables') }}"
|
||||
state: restarted
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- name: remove ufw
|
||||
ansible.builtin.package:
|
||||
name: "{{ nftables_ufw_package_name | default('ufw') }}"
|
||||
state: "{{ nftables_ufw_package_state | default('absent') }}"
|
@ -1,16 +0,0 @@
|
||||
---
|
||||
- name: configure rules
|
||||
ansible.builtin.template:
|
||||
src: nftables.conf.j2
|
||||
dest: "{{ nftables_config_path | default('/etc/nftables.conf') }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
notify:
|
||||
- restart nftables
|
||||
|
||||
- name: manage service
|
||||
ansible.builtin.service:
|
||||
name: "{{ nftables_service_name | default('nftables') }}"
|
||||
state: "{{ nftables_service_state | default('started') }}"
|
||||
enabled: "{{ nftables_service_enabled | default(true) }}"
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- name: remove ufw
|
||||
ansible.builtin.package:
|
||||
name: "{{ nftables_package_name | default('nftables') }}"
|
||||
state: "{{ nftables_package_state | default('present') }}"
|
@ -1,28 +0,0 @@
|
||||
---
|
||||
- name: gather OS specific variables
|
||||
ansible.builtin.include_vars: "{{ lookup('ansible.builtin.first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: run os specific tasks
|
||||
ansible.builtin.include_tasks: "{{ lookup('ansible.builtin.first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- include_tasks: install.yaml
|
||||
|
||||
- include_tasks: configure.yaml
|
@ -1,82 +0,0 @@
|
||||
table inet filter {
|
||||
{% if nftables_builtin_defines is mapping %}
|
||||
{% for name, cfg in nftables_builtin_defines.items() %}
|
||||
{% if cfg is string %}
|
||||
define {{ name }} = {{ cfg }}
|
||||
{% elif cfg is sequence %}
|
||||
define {{ name }} = {
|
||||
{% for elem in cfg %}
|
||||
{{ elem }},
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if nftables_defines is mapping %}
|
||||
{% for name, cfg in nftables_defines.items() %}
|
||||
define {{ name }} = {
|
||||
{% for elem in cfg %}
|
||||
{{ elem }},
|
||||
{% endfor %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if nftables_builtin_sets is mapping %}
|
||||
{% for name, cfg in nftables_builtin_sets.items() %}
|
||||
set {{ name }} {
|
||||
{% for elem in cfg %}
|
||||
{{ elem }}
|
||||
{% endfor %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if nftables_sets is mapping %}
|
||||
{% for name, cfg in nftables_sets.items() %}
|
||||
set {{ name }} {
|
||||
{% for elem in cfg %}
|
||||
{{ elem }}
|
||||
{% endfor %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
chain input {
|
||||
{% if nftables_input_builtin_rules is sequence %}
|
||||
{% for rule in nftables_input_builtin_rules %}
|
||||
{{ rule }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if nftables_input_rules is sequence %}
|
||||
{% for rule in nftables_input_rules %}
|
||||
{{ rule }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
chain forward {
|
||||
{% if nftables_forward_builtin_rules is sequence %}
|
||||
{% for rule in nftables_forward_builtin_rules %}
|
||||
{{ rule }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if nftables_forward_rules is sequence %}
|
||||
{% for rule in nftables_forward_rules %}
|
||||
{{ rule }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
chain output {
|
||||
{% if nftables_output_builtin_rules is sequence %}
|
||||
{% for rule in nftables_output_builtin_rules %}
|
||||
{{ rule }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if nftables_output_rules is sequence %}
|
||||
{% for rule in nftables_output_rules %}
|
||||
{{ rule }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
}
|
||||
}
|
@ -28,6 +28,7 @@
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- python-passlib
|
||||
- python3-passlib
|
||||
|
||||
- name: install package
|
||||
|
@ -1,43 +0,0 @@
|
||||
---
|
||||
process_exporter_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
|
||||
process_exporter_go_arch: "{{ process_exporter_go_arch_map[ansible_architecture] | default('amd64') }}"
|
||||
|
||||
process_exporter_service_name: process-exporter.service
|
||||
process_exporter_service_enabled: true
|
||||
process_exporter_service_state: started
|
||||
|
||||
process_exporter_version_regex: (.+)
|
||||
|
||||
process_exporter_checksum_algo: sha256
|
||||
process_exporter_github_rel_path: ncabatoff/process-exporter
|
||||
process_exporter_github_project_url: "https://github.com/{{ process_exporter_github_rel_path }}"
|
||||
process_exporter_release_file: "process-exporter-{{ process_exporter_version }}.{{ ansible_system | lower }}-{{ process_exporter_go_arch }}.tar.gz"
|
||||
process_exporter_release_url: "{{ process_exporter_github_project_url }}/releases/download/v{{ process_exporter_version }}/{{ process_exporter_release_file }}"
|
||||
process_exporter_checksum_url: "{{ process_exporter_github_project_url }}/releases/download/v{{ process_exporter_version }}/checksums.txt"
|
||||
process_exporter_download_path: "/tmp/{{ process_exporter_release_file }}"
|
||||
process_exporter_unarchive_dest_path: /tmp
|
||||
process_exporter_extracted_path: "{{ process_exporter_download_path | replace('.tar.gz', '') }}"
|
||||
process_exporter_binaries:
|
||||
- process-exporter
|
||||
|
||||
process_exporter_user: process-exporter
|
||||
process_exporter_user_state: present
|
||||
process_exporter_user_shell: /usr/sbin/nologin
|
||||
|
||||
process_exporter_group: process-exporter
|
||||
process_exporter_group_state: "{{ process_exporter_user_state | default('present') }}"
|
||||
|
||||
process_exporter_etc_path: /etc/process-exporter
|
||||
process_exporter_etc_owner: root
|
||||
process_exporter_etc_group: root
|
||||
process_exporter_etc_mode: "0755"
|
||||
|
||||
process_exporter_var_path: /var/lib/process-exporter
|
||||
process_exporter_var_owner: "{{ process_exporter_user }}"
|
||||
process_exporter_var_group: "{{ process_exporter_group }}"
|
||||
process_exporter_var_mode: "0755"
|
||||
|
||||
process_exporter_bin_path: /usr/local/bin
|
@ -1,6 +0,0 @@
|
||||
---
|
||||
- name: restart process-exporter
|
||||
systemd:
|
||||
name: "{{ process_exporter_service_name }}"
|
||||
daemon_reload: true
|
||||
state: restarted
|
@ -1,47 +0,0 @@
|
||||
---
|
||||
- name: create group
|
||||
group:
|
||||
name: "{{ process_exporter_group }}"
|
||||
system: true
|
||||
state: "{{ process_exporter_group_state | default('present') }}"
|
||||
|
||||
- name: create user
|
||||
user:
|
||||
name: "{{ process_exporter_user }}"
|
||||
system: true
|
||||
shell: "{{ process_exporter_user_shell }}"
|
||||
group: "{{ process_exporter_group }}"
|
||||
createhome: false
|
||||
home: "{{ process_exporter_var_path }}"
|
||||
state: "{{ process_exporter_user_state | default('present') }}"
|
||||
|
||||
- name: create etc path
|
||||
file:
|
||||
path: "{{ process_exporter_etc_path }}"
|
||||
state: directory
|
||||
owner: "{{ process_exporter_etc_owner }}"
|
||||
group: "{{ process_exporter_etc_group }}"
|
||||
mode: "{{ process_exporter_etc_mode }}"
|
||||
|
||||
- name: create var path
|
||||
file:
|
||||
path: "{{ process_exporter_var_path }}"
|
||||
state: directory
|
||||
owner: "{{ process_exporter_var_owner }}"
|
||||
group: "{{ process_exporter_var_group }}"
|
||||
mode: "{{ process_exporter_var_mode }}"
|
||||
|
||||
- name: configure systemd template
|
||||
template:
|
||||
src: "{{ process_exporter_service_name }}.j2"
|
||||
dest: "/etc/systemd/system/{{ process_exporter_service_name }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify: restart process-exporter
|
||||
|
||||
- name: manage service
|
||||
service:
|
||||
name: "{{ process_exporter_service_name }}"
|
||||
enabled: "{{ process_exporter_service_enabled }}"
|
||||
state: "{{ process_exporter_service_state }}"
|
@ -1,30 +0,0 @@
|
||||
---
|
||||
- block:
|
||||
- name: download tar
|
||||
get_url:
|
||||
url: "{{ process_exporter_release_url }}"
|
||||
dest: "{{ process_exporter_download_path }}"
|
||||
checksum: "{{ process_exporter_checksum }}"
|
||||
register: dl
|
||||
until: dl is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: extract tar
|
||||
unarchive:
|
||||
src: "{{ process_exporter_download_path }}"
|
||||
dest: "{{ process_exporter_unarchive_dest_path }}"
|
||||
creates: "{{ process_exporter_extracted_path }}"
|
||||
remote_src: true
|
||||
|
||||
- name: install binaries
|
||||
copy:
|
||||
src: "{{ process_exporter_extracted_path }}/{{ item }}"
|
||||
dest: "{{ process_exporter_bin_path }}/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
remote_src: true
|
||||
loop: "{{ process_exporter_binaries }}"
|
||||
notify: restart process-exporter
|
||||
when: process_exporter_version != process_exporter_local_version
|
@ -1,30 +0,0 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- ansible.builtin.include_tasks: pre.yaml
|
||||
|
||||
- ansible.builtin.include_tasks: install.yaml
|
||||
|
||||
- ansible.builtin.include_tasks: configure.yaml
|
@ -1,54 +0,0 @@
|
||||
---
|
||||
- name: determine if installed
|
||||
stat:
|
||||
path: "{{ process_exporter_bin_path }}/process-exporter"
|
||||
register: st
|
||||
|
||||
- name: set process_exporter_installed
|
||||
set_fact:
|
||||
process_exporter_installed: "{{ st.stat.exists | bool }}"
|
||||
|
||||
- block:
|
||||
- name: determine latest version
|
||||
uri:
|
||||
url: "https://api.github.com/repos/{{ process_exporter_github_rel_path }}/releases/latest"
|
||||
return_content: true
|
||||
body_format: json
|
||||
register: _latest_version
|
||||
until: _latest_version.status == 200
|
||||
retries: 3
|
||||
|
||||
- name: set process_exporter_version
|
||||
set_fact:
|
||||
process_exporter_version: "{{ _latest_version.json['tag_name'] | regex_replace('^v', '') }}"
|
||||
|
||||
- block:
|
||||
- name: determine installed version
|
||||
command: "{{ process_exporter_bin_path }}/process-exporter --version"
|
||||
register: _installed_version_string
|
||||
changed_when: false
|
||||
|
||||
- name: set process_exporter_local_version
|
||||
set_fact:
|
||||
process_exporter_local_version: "{{ _installed_version_string.stdout | regex_search(process_exporter_version_regex, '\\1') | first }}"
|
||||
rescue:
|
||||
- name: set process_exporter_local_version
|
||||
set_fact:
|
||||
process_exporter_local_version: "{{ _installed_version_string.stderr | regex_search(process_exporter_version_regex, '\\1') | first }}"
|
||||
when: process_exporter_installed
|
||||
|
||||
- name: set process_exporter_local_version to 0
|
||||
set_fact:
|
||||
process_exporter_local_version: "0"
|
||||
when: not process_exporter_installed
|
||||
|
||||
- block:
|
||||
- name: get checksums
|
||||
set_fact:
|
||||
_checksums: "{{ lookup('url', process_exporter_checksum_url, wantlist=True) }}"
|
||||
|
||||
- name: set process_exporter_checksum
|
||||
set_fact:
|
||||
process_exporter_checksum: "{{ process_exporter_checksum_algo }}:{{ item.split(' ') | first }}"
|
||||
loop: "{{ _checksums }}"
|
||||
when: "process_exporter_release_file in item"
|
@ -1,17 +0,0 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
[Unit]
|
||||
Description=process-exporter
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
After=alertmanager.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User={{ process_exporter_user }}
|
||||
Group={{ process_exporter_group }}
|
||||
WorkingDirectory={{ process_exporter_etc_path }}
|
||||
ExecStart={{ process_exporter_bin_path }}/process-exporter \
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -81,6 +81,7 @@
|
||||
group: root
|
||||
mode: 0755
|
||||
loop:
|
||||
- restic-tidy.sh
|
||||
- restic-repo.sh
|
||||
- restic-job.sh
|
||||
|
||||
|
@ -53,3 +53,13 @@
|
||||
state: link
|
||||
force: yes
|
||||
when: restic_repos | count == 1
|
||||
|
||||
- name: create cron
|
||||
cron:
|
||||
name: "restic {{ item.name }} tidy"
|
||||
hour: "0"
|
||||
minute: "{{ 60 | random(seed=inventory_hostname) }}"
|
||||
user: root
|
||||
state: present
|
||||
job: "( {{ restic_bin_path }}/restic-tidy {{ item.name }} | logger --id=$$ -t restic-tidy -p user.info ) 2>&1 | logger --id=$$ -t restic-tidy -p user.err"
|
||||
when: restic_tidy_enabled
|
||||
|
@ -1,100 +0,0 @@
|
||||
---
|
||||
smokeping_prober_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
|
||||
smokeping_prober_go_arch: "{{ smokeping_prober_go_arch_map[ansible_architecture] | default('amd64') }}"
|
||||
|
||||
smokeping_prober_version: 0.7.3
|
||||
smokeping_prober_checksums:
|
||||
smokeping_prober-0.7.3.aix-ppc64.tar.gz: sha256:13df5d0fc4205c30e3e6887324990dd56285a17bfe1fed263d2b87134061a700
|
||||
smokeping_prober-0.7.3.darwin-amd64.tar.gz: sha256:70a4fc89c1277c78541e5157aa418940d7660aa2915fe0fc34d95870b9aab705
|
||||
smokeping_prober-0.7.3.darwin-arm64.tar.gz: sha256:c6ba90ef426dc3a4efcc80a33a30492e22dd2031730ce0d99caa3503dae87df9
|
||||
smokeping_prober-0.7.3.dragonfly-amd64.tar.gz: sha256:723ec9c8841444fa80a398677f7e3d567537570895ce0d6a778e207c8d4679ea
|
||||
smokeping_prober-0.7.3.freebsd-386.tar.gz: sha256:6291caed80438c62ef2603b28f5f767cc90012c3ea8aa0d4bb6ae0b799a4ed6c
|
||||
smokeping_prober-0.7.3.freebsd-amd64.tar.gz: sha256:7d7da04d07b02cc0e10b1f9c5a567c1abdd80effa6f7e830bf6e5e59510057a0
|
||||
smokeping_prober-0.7.3.freebsd-arm64.tar.gz: sha256:33a251ce899a0fbc244b12dd7fdadef6d36294925dd96edf12bb210edfe10010
|
||||
smokeping_prober-0.7.3.freebsd-armv6.tar.gz: sha256:4ffcae8da2609a6d2491ce5ccee982620a7e9a0e70ee1272f0f6ffcc30d62221
|
||||
smokeping_prober-0.7.3.freebsd-armv7.tar.gz: sha256:78986b4a673fae5c5b6f665dc160bb63c996611533faacdebc4b496dea93612e
|
||||
smokeping_prober-0.7.3.illumos-amd64.tar.gz: sha256:603d673b8f33bd0da74349992a4a4f372381a09c7b8fceef81cf409a0c09eea9
|
||||
smokeping_prober-0.7.3.linux-386.tar.gz: sha256:f5234a097d93ebc039b727c8343af2811ea5ef953af9fe53275a333acbfb3fc2
|
||||
smokeping_prober-0.7.3.linux-amd64.tar.gz: sha256:00277fcd494002fbb0e24df398fc9bb06bb7f1406ecc0d2d71b6c0cb63bca872
|
||||
smokeping_prober-0.7.3.linux-arm64.tar.gz: sha256:e93945a630eb58e9e88acd5c404be8b488b1593d2a07d721b8bf48d38471a67d
|
||||
smokeping_prober-0.7.3.linux-armv5.tar.gz: sha256:514d5fdb6f8ccfcc0d5a4d0f98a91324c65bf0f6cfa37f54e5b4c5f30ba489d4
|
||||
smokeping_prober-0.7.3.linux-armv6.tar.gz: sha256:75b4fec3840eaf87b1b46b5d43f84eef2acb3f630e2949caa15ff0f2ed6e4aff
|
||||
smokeping_prober-0.7.3.linux-armv7.tar.gz: sha256:97a1c4c4e8502be192b6196a528647c93b9902ca3c7a855c0078d6be04260bc6
|
||||
smokeping_prober-0.7.3.linux-mips.tar.gz: sha256:019e92d66bf4226d04cf5fadfa059d1c594d4b1cf8e35f3b491b40056e4a3e0a
|
||||
smokeping_prober-0.7.3.linux-mips64.tar.gz: sha256:c054566106f751a01ccc0a1eb43748363d7ef0a6ee1aa9a8d421f487943b7871
|
||||
smokeping_prober-0.7.3.linux-mips64le.tar.gz: sha256:95ef43cba12ee64cfe85ae6a28b9f6df3e800b13a2d121d41e60fce1dcac31eb
|
||||
smokeping_prober-0.7.3.linux-mipsle.tar.gz: sha256:5beb3b1df782a177c1c0cbe3757815b5eabc977bedd95e1584d4512ed55f20df
|
||||
smokeping_prober-0.7.3.linux-ppc64.tar.gz: sha256:dc403d910ee4c9f3e08ecbb6717e9a8caa195b911c48872900c811689e586d23
|
||||
smokeping_prober-0.7.3.linux-ppc64le.tar.gz: sha256:c446660a14b53c9ed771a3d833a411c4929c8dd5b28c021ff36b6a246393c487
|
||||
smokeping_prober-0.7.3.linux-s390x.tar.gz: sha256:9b53921cbe22dad60c6f8bea5ac2f75e1601a5b4e30b75c0e2b5b6c82a5d51de
|
||||
smokeping_prober-0.7.3.netbsd-386.tar.gz: sha256:2cad359f42af0efe743e7ac326a552235e387e9d23c3fb6a753dd0f88a50d2d0
|
||||
smokeping_prober-0.7.3.netbsd-amd64.tar.gz: sha256:e5c646848cc80a2d59c7e09b9fcb1dcffca205ca8e4ba16295ed8bc7b3900aba
|
||||
smokeping_prober-0.7.3.netbsd-arm64.tar.gz: sha256:718f5f4fad07e8dfec1513a269a9899cd5f8d329c30e290bb6ecf3ce74013286
|
||||
smokeping_prober-0.7.3.netbsd-armv6.tar.gz: sha256:20120fb928dcc85a97933737965b9b0abc5b09798ddcb720efc3f51a3abf0f01
|
||||
smokeping_prober-0.7.3.netbsd-armv7.tar.gz: sha256:eae37f6c24cbf19e5a7248f7831b06e22a9f66ecd7d0d016ab217c67759dd3c0
|
||||
smokeping_prober-0.7.3.openbsd-386.tar.gz: sha256:350b48242569594d59a3a7b3df1f10070896a4e1a38c1aa1f6561d522d114622
|
||||
smokeping_prober-0.7.3.openbsd-amd64.tar.gz: sha256:d70f803922b425f4d5af39e261bea8ae7ea17916156126f8ea4b4fc6df139bcd
|
||||
smokeping_prober-0.7.3.openbsd-arm64.tar.gz: sha256:35b43966f399df85601fdfd46d9a87417d3fec2fdd272d7b8ca3f59c17db890b
|
||||
smokeping_prober-0.7.3.openbsd-armv7.tar.gz: sha256:965854e022e67cf0ccd094aff06b37e3b80f0b84e0251a5513c5745e0d98e5e0
|
||||
smokeping_prober-0.7.3.windows-386.tar.gz: sha256:4567ffa0dfdf2bebe0debed67c599379707f8d957e5050e5ad2a86296a4545b1
|
||||
smokeping_prober-0.7.3.windows-386.zip: sha256:45d017e34bb58ea093402a3030a3afd37bddfd524704ea2a2b54e9756d5fd2f3
|
||||
smokeping_prober-0.7.3.windows-amd64.tar.gz: sha256:99d32b77a0c30f70921e842c724573659593069da97fbb6fe51fb9955a4a2a7e
|
||||
smokeping_prober-0.7.3.windows-amd64.zip: sha256:dde0897b180ecd04f2e670d3613e6282ecf5fb457ec08ce8b4cde4a34bc39d69
|
||||
smokeping_prober-0.7.3.windows-arm64.tar.gz: sha256:973a07635285feabb3a9050cb6b4d8706352f10b982130713108f13fd41b15c2
|
||||
smokeping_prober-0.7.3.windows-arm64.zip: sha256:abf7342b029e43777ba82f10ea49b3a8bcb19e5aabbda32c2418628817b17f29
|
||||
|
||||
smokeping_prober_github_rel_path: SuperQ/smokeping_prober
|
||||
smokeping_prober_github_project_url: "https://github.com/{{ smokeping_prober_github_rel_path }}"
|
||||
smokeping_prober_release_file: "smokeping_prober-{{ smokeping_prober_version }}.{{ ansible_system | lower }}-{{ smokeping_prober_go_arch }}.tar.gz"
|
||||
smokeping_prober_release_url: "{{ smokeping_prober_github_project_url }}/releases/download/v{{ smokeping_prober_version }}/{{ smokeping_prober_release_file }}"
|
||||
smokeping_prober_download_path: "/tmp/{{ smokeping_prober_release_file }}"
|
||||
|
||||
smokeping_prober_opt_path: "/opt/smokeping_prober-{{ smokeping_prober_version }}"
|
||||
|
||||
smokeping_prober_unarchive_dest_path: /tmp
|
||||
smokeping_prober_extracted_path: "{{ smokeping_prober_download_path | replace('.tar.gz', '') }}"
|
||||
smokeping_prober_binaries:
|
||||
- smokeping_prober
|
||||
|
||||
smokeping_prober_bin_path: /usr/local/bin/smokeping_prober
|
||||
|
||||
smokeping_prober_var_path: /var/lib/smokeping_prober
|
||||
smokeping_prober_var_path_owner: "{{ smokeping_prober_user }}"
|
||||
smokeping_prober_var_path_group: "{{ smokeping_prober_group }}"
|
||||
smokeping_prober_var_path_mode: 0755
|
||||
smokeping_prober_var_path_state: directory
|
||||
|
||||
smokeping_prober_user: smokeping_prober
|
||||
smokeping_prober_user_shell: /usr/sbin/nologin
|
||||
smokeping_prober_user_home: "{{ smokeping_prober_var_path }}"
|
||||
smokeping_prober_group: smokeping_prober
|
||||
|
||||
smokeping_prober_etc_path: /etc/smokeping_prober
|
||||
smokeping_prober_etc_path_owner: "{{ smokeping_prober_user }}"
|
||||
smokeping_prober_etc_path_group: "{{ smokeping_prober_group }}"
|
||||
smokeping_prober_etc_path_mode: 0755
|
||||
smokeping_prober_etc_path_state: directory
|
||||
|
||||
smokeping_prober_config_path: "{{ smokeping_prober_etc_path }}/config.yaml"
|
||||
smokeping_prober_config_path_owner: "{{ smokeping_prober_user }}"
|
||||
smokeping_prober_config_path_group: "{{ smokeping_prober_group }}"
|
||||
smokeping_prober_config_path_mode: 0444
|
||||
|
||||
smokeping_prober_config:
|
||||
targets:
|
||||
- hosts:
|
||||
- localhost
|
||||
network: ip4
|
||||
- hosts:
|
||||
- localhost
|
||||
network: ip6
|
||||
|
||||
smokeping_prober_args:
|
||||
- "--config.file={{ smokeping_prober_config_path }}"
|
||||
|
||||
smokeping_prober_service_name: smokeping_prober.service
|
||||
smokeping_prober_service_state: started
|
||||
smokeping_prober_service_enabled: true
|
@ -1,6 +0,0 @@
|
||||
---
|
||||
- name: restart smokeping_prober
|
||||
systemd:
|
||||
name: "{{ smokeping_prober_service_name }}"
|
||||
daemon_reload: true
|
||||
state: restarted
|
@ -1,55 +0,0 @@
|
||||
---
|
||||
- name: create group
|
||||
ansible.builtin.group:
|
||||
name: "{{ smokeping_prober_group }}"
|
||||
system: true
|
||||
|
||||
- name: create user
|
||||
ansible.builtin.user:
|
||||
name: "{{ smokeping_prober_user }}"
|
||||
shell: "{{ smokeping_prober_user_shell }}"
|
||||
home: "{{ smokeping_prober_user_home }}"
|
||||
system: true
|
||||
group: "{{ smokeping_prober_group }}"
|
||||
|
||||
- name: create var path
|
||||
ansible.builtin.file:
|
||||
path: "{{ smokeping_prober_var_path }}"
|
||||
owner: "{{ smokeping_prober_var_path_owner }}"
|
||||
group: "{{ smokeping_prober_var_path_group }}"
|
||||
mode: "{{ smokeping_prober_var_path_mode }}"
|
||||
state: "{{ smokeping_prober_var_path_state }}"
|
||||
|
||||
- name: create etc path
|
||||
ansible.builtin.file:
|
||||
path: "{{ smokeping_prober_etc_path }}"
|
||||
owner: "{{ smokeping_prober_etc_path_owner }}"
|
||||
group: "{{ smokeping_prober_etc_path_group }}"
|
||||
mode: "{{ smokeping_prober_etc_path_mode }}"
|
||||
state: "{{ smokeping_prober_etc_path_state }}"
|
||||
|
||||
- name: configure
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ smokeping_prober_config_path }}"
|
||||
owner: "{{ smokeping_prober_config_path_owner }}"
|
||||
group: "{{ smokeping_prober_config_path_group }}"
|
||||
mode: "{{ smokeping_prober_config_path_mode }}"
|
||||
content: "{{ smokeping_prober_config | to_yaml }}"
|
||||
notify:
|
||||
- restart smokeping_prober
|
||||
|
||||
- name: configure systemd unit
|
||||
ansible.builtin.template:
|
||||
src: smokeping_prober.service.j2
|
||||
dest: "/etc/systemd/system/{{ smokeping_prober_service_name }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
notify:
|
||||
- restart smokeping_prober
|
||||
|
||||
- name: manage service
|
||||
ansible.builtin.service:
|
||||
name: "{{ smokeping_prober_service_name }}"
|
||||
enabled: "{{ smokeping_prober_service_enabled | default(true) }}"
|
||||
state: "{{ smokeping_prober_service_state | default('started') }}"
|
@ -1,56 +0,0 @@
|
||||
---
|
||||
- name: determine install status
|
||||
ansible.builtin.stat:
|
||||
path: "{{ smokeping_prober_opt_path }}/smokeping_prober"
|
||||
register: st
|
||||
|
||||
- name: create opt path
|
||||
ansible.builtin.file:
|
||||
path: "{{ smokeping_prober_opt_path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
state: directory
|
||||
|
||||
- block:
|
||||
- name: download
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ smokeping_prober_release_url }}"
|
||||
dest: "{{ smokeping_prober_download_path }}"
|
||||
checksum: "{{ smokeping_prober_checksums[smokeping_prober_release_file] }}"
|
||||
register: dl
|
||||
until: dl is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: extract
|
||||
ansible.builtin.unarchive:
|
||||
src: "{{ smokeping_prober_download_path }}"
|
||||
dest: "{{ smokeping_prober_unarchive_dest_path }}"
|
||||
remote_src: true
|
||||
|
||||
- name: install
|
||||
ansible.builtin.copy:
|
||||
src: "{{ smokeping_prober_extracted_path }}/{{ item }}"
|
||||
dest: "{{ smokeping_prober_opt_path }}/{{ item }}"
|
||||
remote_src: true
|
||||
loop: "{{ smokeping_prober_binaries }}"
|
||||
when: not st.stat.exists
|
||||
|
||||
- name: permissions
|
||||
ansible.builtin.file:
|
||||
path: "{{ smokeping_prober_opt_path }}/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
loop: "{{ smokeping_prober_binaries }}"
|
||||
|
||||
- name: symlink
|
||||
ansible.builtin.file:
|
||||
src: "{{ smokeping_prober_opt_path }}/{{ item }}"
|
||||
dest: "/usr/local/bin/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
state: link
|
||||
loop: "{{ smokeping_prober_binaries }}"
|
@ -1,28 +0,0 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- "default.yaml"
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- ansible.builtin.include_tasks: install.yaml
|
||||
|
||||
- ansible.builtin.include_tasks: configure.yaml
|
@ -1,27 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
[Unit]
|
||||
Description=Smokeping Prober
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User={{ smokeping_prober_user }}
|
||||
ExecStart={{ smokeping_prober_bin_path }} \
|
||||
{% for arg in smokeping_prober_args %}
|
||||
{{ arg }} {% if not loop.last %}\{% endif %}
|
||||
{% if loop.last %}
|
||||
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
WorkingDirectory={{ smokeping_prober_var_path }}
|
||||
|
||||
TimeoutSec = 60
|
||||
Restart=on-failure
|
||||
RestartSec=2
|
||||
|
||||
AmbientCapabilities=CAP_NET_RAW
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -67,7 +67,9 @@ util_packages:
|
||||
interpreters:
|
||||
- lua5.3
|
||||
python:
|
||||
- python-pip
|
||||
- python3-pip
|
||||
- python-requests
|
||||
- python3-requests
|
||||
fun:
|
||||
- cmatrix
|
||||
|
@ -1,34 +0,0 @@
|
||||
---
|
||||
vector_package_name: vector
|
||||
vector_package_state: present
|
||||
|
||||
vector_service_name: vector.service
|
||||
vector_service_state: started
|
||||
vector_service_enabled: true
|
||||
|
||||
vector_user: vector
|
||||
vector_group: vector
|
||||
|
||||
vector_etc_path: /etc/vector
|
||||
|
||||
vector_config_file_mode: 0600
|
||||
|
||||
vector_config:
|
||||
api:
|
||||
enabled: true
|
||||
|
||||
vector_sources:
|
||||
sources:
|
||||
journald:
|
||||
type: journald
|
||||
|
||||
vector_transforms:
|
||||
transforms:
|
||||
{}
|
||||
|
||||
vector_sinks:
|
||||
sinks:
|
||||
blackhole:
|
||||
type: blackhole
|
||||
inputs:
|
||||
- journald
|
@ -1,6 +0,0 @@
|
||||
---
|
||||
- name: restart vector
|
||||
ansible.builtin.systemd:
|
||||
name: "{{ vector_service_name }}"
|
||||
daemon_reload: true
|
||||
state: restarted
|
@ -1,22 +0,0 @@
|
||||
---
|
||||
- name: configure apt repositories
|
||||
block:
|
||||
- name: add repository key
|
||||
ansible.builtin.get_url:
|
||||
url: https://repositories.timber.io/public/vector/gpg.3543DB2D0A2BC4B8.key
|
||||
dest: /etc/apt/keyrings/timber-vector-archive-keyring.asc
|
||||
|
||||
#- name: dearmor GPG key
|
||||
# ansible.builtin.shell: gpg --dearmor /tmp/timber-vector-archive-keyring.asc --output /etc/apt/keyrings/timber-vector-archive-keyring.gpg
|
||||
# args:
|
||||
# creates: /etc/apt/keyrings/timber-vector-archive-keyring.gpg
|
||||
|
||||
- name: add apt repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [signed-by=/etc/apt/keyrings/timber-vector-archive-keyring.asc] https://repositories.timber.io/public/vector/deb/ubuntu {{ ansible_distribution_release }} main"
|
||||
state: present
|
||||
|
||||
- name: add apt source repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb-src [signed-by=/etc/apt/keyrings/timber-vector-archive-keyring.asc] https://repositories.timber.io/public/vector/deb/ubuntu {{ ansible_distribution_release }} main"
|
||||
state: present
|
@ -1,84 +0,0 @@
|
||||
---
|
||||
- name: remove example files
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- "{{ vector_etc_path }}/vector.toml"
|
||||
- "{{ vector_etc_path }}/examples"
|
||||
notify:
|
||||
- restart vector
|
||||
|
||||
- name: configure
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ vector_etc_path }}/vector.yaml"
|
||||
owner: "{{ vector_user }}"
|
||||
group: "{{ vector_group }}"
|
||||
mode: "{{ vector_config_file_mode }}"
|
||||
content: "{{ vector_config | to_yaml }}"
|
||||
notify:
|
||||
- restart vector
|
||||
|
||||
- name: configure sources
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ vector_etc_path }}/sources.yaml"
|
||||
owner: "{{ vector_user }}"
|
||||
group: "{{ vector_group }}"
|
||||
mode: "{{ vector_config_file_mode }}"
|
||||
content: "{{ vector_sources | to_yaml }}"
|
||||
notify:
|
||||
- restart vector
|
||||
|
||||
- name: configure transforms
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ vector_etc_path }}/transforms.yaml"
|
||||
owner: "{{ vector_user }}"
|
||||
group: "{{ vector_group }}"
|
||||
mode: "{{ vector_config_file_mode }}"
|
||||
content: "{{ vector_transforms | to_yaml }}"
|
||||
notify:
|
||||
- restart vector
|
||||
|
||||
- name: configure sinks
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ vector_etc_path }}/sinks.yaml"
|
||||
owner: "{{ vector_user }}"
|
||||
group: "{{ vector_group }}"
|
||||
mode: "{{ vector_config_file_mode }}"
|
||||
content: "{{ vector_sinks | to_yaml }}"
|
||||
notify:
|
||||
- restart vector
|
||||
|
||||
- name: systemd unit overrides
|
||||
block:
|
||||
- name: create /etc/systemd/system/vector.service.d
|
||||
ansible.builtin.file:
|
||||
dest: /etc/systemd/system/vector.service.d
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
state: directory
|
||||
- name: vector systemd unit override
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/systemd/system/vector.service.d/ansible.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
content: |
|
||||
# Ansible managed
|
||||
|
||||
[Service]
|
||||
Environment=VECTOR_CONFIG="{{ vector_etc_path }}/*.yaml"
|
||||
RuntimeDirectory="vector"
|
||||
notify:
|
||||
- restart vector
|
||||
|
||||
- name: flush handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
||||
- name: manage service
|
||||
ansible.builtin.service:
|
||||
name: "{{ vector_service_name }}"
|
||||
state: "{{ vector_service_state }}"
|
||||
enabled: "{{ vector_service_enabled }}"
|
||||
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- name: install package
|
||||
package:
|
||||
name: "{{ vector_package_name }}"
|
||||
state: "{{ vector_package_state }}"
|
@ -1,28 +0,0 @@
|
||||
---
|
||||
- name: gather os specific variables
|
||||
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- default.yaml
|
||||
paths:
|
||||
- vars
|
||||
|
||||
- name: include os specific tasks
|
||||
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
- default.yaml
|
||||
paths:
|
||||
- tasks
|
||||
|
||||
- include_tasks: install.yaml
|
||||
|
||||
- include_tasks: configure.yaml
|
Loading…
Reference in New Issue
Block a user