ryanc/ansible
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Compare commits

base: ryanc:b45f8cf5dd9d52de21f034baa114681fb299a69f
Branches Tags
ryanc:master
..
compare: ryanc:93cbf7eb4c0add1655d8c3b4ecc335f8395203ed
Branches Tags
ryanc:master

1 Commits
b45f8cf5dd ... 93cbf7eb4c

Author SHA1 Message Date
Ryan Cavicchioni
93cbf7eb4c Replace certbot with lego 2024-04-14 17:54:33 -05:00
29 changed files with 1049 additions and 1611 deletions
Show Stats Expand all files Collapse all files

164
group_vars/all/main.yaml
View File

@ -102,17 +102,17 @@ rsyslog_archival_format_enabled: true
rsyslog_outputs: rsyslog_outputs:
- name: omfwd - name: omfwd
params: params:
target: 169.254.0.1 #target: 127.254.254.1
target: 10.255.0.1
#port: 1514
port: 514 port: 514
protocol: tcp protocol: tcp
action.resumeretrycount: -1 action.resumeretrycount: -1
queue.type: linkedlist queue.type: linkedlist
queue.size: 1000000 queue.size: 10000
queue.filename: fwd queue.filename: fwd
queue.saveonshutdown: "on" queue.saveonshutdown: "on"
keepalive: "on" keepalive: "on"
template: RSYSLOG_SyslogProtocol23Format
tcp_framing: octet-counted
sudo_aliases: sudo_aliases:
host: host:
@ -210,17 +210,17 @@ teleport_config:
firewall_ipset_node_exporter: firewall_ipset_node_exporter:
- "{{ lookup('dig', 'jump0.kill0.net./A') }}" - "{{ lookup('dig', 'jump0.kill0.net./A') }}"
- "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}" - "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
- 169.254.0.1 - 10.255.0.1
firewall_ipset_blackbox_exporter: firewall_ipset_blackbox_exporter:
- "{{ lookup('dig', 'jump0.kill0.net./A') }}" - "{{ lookup('dig', 'jump0.kill0.net./A') }}"
- "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}" - "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
- 169.254.0.1 - 10.255.0.1
firewall_ipset_mtail: firewall_ipset_mtail:
- "{{ lookup('dig', 'jump0.kill0.net./A') }}" - "{{ lookup('dig', 'jump0.kill0.net./A') }}"
- "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}" - "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
- 169.254.0.1 - 10.255.0.1
node_exporter_du_directories: node_exporter_du_directories:
- /var/log/syslog - /var/log/syslog
@ -230,7 +230,7 @@ wireguard_iptables:
wg0: wg0:
input: true input: true
wireguard_network_prefix: 169.254.0 wireguard_network_prefix: 10.255.0
wireguard_peers: wireguard_peers:
wg0: wg0:
- public_key: 1ipGUnK8XDbIoBIEF440BhwLUe0yHa5l3kZZc4eFxV8= - public_key: 1ipGUnK8XDbIoBIEF440BhwLUe0yHa5l3kZZc4eFxV8=
@ -241,125 +241,57 @@ supervisor_unix_http_server_socket_chown: root:node_exporter
supervisor_unix_http_server_socket_chmod: "0770" supervisor_unix_http_server_socket_chmod: "0770"
firewall_ipset_loki: firewall_ipset_loki:
- 169.254.0.0/24 - 10.255.0.1
firewall_ipset_promtail:
- "{{ lookup('dig', 'jump0.kill0.net./A') }}"
- "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
- 169.264.0.0/24
promtail_clients: promtail_clients:
- url: http://169.254.0.1:3100/loki/api/v1/push - url: http://10.255.0.1:3100/loki/api/v1/push
external_labels:
region: dallas
provider: linode
promtail_scrape_configs: promtail_scrape_configs:
- job_name: journal - job_name: system
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: systemd-journal
relabel_configs:
- source_labels:
- __journal__systemd_unit
target_label: systemd_unit
- source_labels:
- __journal_unit
target_label: unit
- source_labels:
- __journal_priority_keyword
target_label: priority
- source_labels:
- __journal_syslog_identifier
target_label: syslog_identifier
pipeline_stages:
- match:
selector: '{systemd_unit=~"(alertmanager|blackbox_exporter|grafana|karma|kthxbye|loki|mimir|node_exporter|prometheus|promtail|pushgateway|thanos).+"}'
stages:
- logfmt:
mapping:
level:
ts:
- timestamp:
source: ts
format: RFC3339Nano
- timestamp:
source: t
format: RFC3339Nano
- labels:
priority: level
- job_name: nginx-access
static_configs: static_configs:
- targets: - targets:
- localhost - localhost
labels:
job: nginx-access
__path__: /var/log/nginx/*.access.log
pipeline_stages:
- match:
selector: '{job="nginx-access"}'
stages:
- regex:
expression: ^(?P<hostname>[0-9A-Za-z\.:-]+) (?P<remote_addr>[0-9A-Za-z\.:-]+) (?P<remote_logname>[0-9A-Za-z-]+) (?P<remote_username>[0-9A-Za-z-]+) \[(?P<timestamp>\d{2}\/\w{3}\/\d{4}:\d{2}:\d{2}:\d{2} (\+|-)\d{4})\] "(?P<request_method>[A-Z]+) (?P<URI>\S+) (?P<http_version>HTTP\/[0-9\.]+)" (?P<request_status>\d{3})
- timestamp:
source: timestamp
format: "02/Jan/2006:15:04:05 -0700"
- labels:
hostname:
method: request_method
status: request_status
version: http_version
- job_name: nginx-error
static_configs:
- targets:
- localhost
labels:
job: nginx-error
__path__: /var/log/nginx/*.error.log
pipeline_stages:
- match:
selector: '{job="nginx-error"}'
stages:
- regex:
expression: '^(?P<timestamp>\d{4}\/\d{2}\/\d{2} \d{2}:\d{2}:\d{2}) \[(?P<priority>\w+)\] (?P<pid>\d+)\#(?P<tid>\d+): (?:\*(?P<cid>\d+))?'
- labels:
priority:
- timestamp:
source: timestamp
format: "2023/08/16 02:43:32"
- regex:
expression: 'host: "(?P<hostname>[0-9A-Za-z\.:-]+)"'
- labels:
hostname:
- job_name: syslog
syslog:
listen_address: 0.0.0.0:1514
listen_protocol: tcp
idle_timeout: 60s
label_structured_data: true
labels: labels:
job: syslog job: syslog
__path__: "/var/log/syslog/{{ ansible_hostname }}/**/*.log"
- job_name: nginx
static_configs:
- targets:
- localhost
labels:
job: nginx
host: "{{ ansible_hostname }}"
__path__: /var/log/nginx/*.log
pipeline_stages: pipeline_stages:
- match: - match:
selector: '{host=~"ap0|coresw0|fw0|power0|172\\."}' selector: '{job="nginx"}'
stages: stages:
- static_labels: - regex:
region: home expression: '^(?P<remote_addr>[^ ]+) - (?P<remote_user>[^ ]*) \[(?P<time_local>.*)\] "(?P<method>[^ ]*) (?P<request>[^ ]*) (?P<protocol>[^ ]*)" (?P<status>[\d]+) (?P<body_bytes_sent>[\d]+) "(?P<http_referer>[^"]*)" "(?P<http_user_agent>[^"]*)"?'
provider: home - metrics:
nginx_requests_total:
type: Counter
description: requests in nginx access logs
source: method
config:
action: inc
- labels:
#remote_addr:
#remote_user:
#time_local:
method:
#request:
#protocol:
status:
body_bytes_sent:
#http_referer:
#http_user_agent:
relabel_configs: loki_service_enabled: false
- source_labels: loki_service_state: stopped
- __syslog_message_hostname
target_label: host promtail_service_enabled: false
- source_labels: promtail_service_state: stopped
- __syslog_message_severity
target_label: priority
- source_labels:
- __syslog_message_app_name
target_label: syslog_identifier
influxdb_service_enabled: false influxdb_service_enabled: false
influxdb_service_state: stopped influxdb_service_state: stopped
@ -368,7 +300,3 @@ influxdb_package_state: absent
telegraf_service_enabled: false telegraf_service_enabled: false
telegraf_service_state: stopped telegraf_service_state: stopped
telegraf_package_state: absent telegraf_package_state: absent
lego_credential_files:
- name: credentials.json
content: "{{ vault_lego_gcp_service_account | string }}"

1401
group_vars/all/vault.yaml
View File

File diff suppressed because it is too large Load Diff

54
group_vars/jump_servers/main.yaml
View File

@ -7,7 +7,7 @@ firewall_allowed_udp_ports:
- 1194 - 1194
firewall_ipset_syslog: firewall_ipset_syslog:
- 169.254.0.0/24 - 10.255.0.0/24
autossh_authorized_keys: autossh_authorized_keys:
- key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvKqDI6VUYFgMUC54pVr5U8CX+Xl2ewV7PIYkTiQ70o - key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvKqDI6VUYFgMUC54pVr5U8CX+Xl2ewV7PIYkTiQ70o
@ -46,7 +46,7 @@ telegraf_config_d:
name_override: ping6 name_override: ping6
binary: ping6 binary: ping6
- urls: - urls:
- 169.254.0.1 - 10.255.0.1
count: 10 count: 10
ipv6: false ipv6: false
binary: ping4 binary: ping4
@ -311,49 +311,43 @@ wireguard_peers:
wg0: wg0:
- comment: mine0.kill0.net - comment: mine0.kill0.net
public_key: Cm9yZNczjghAh4hV4fSvy3rsmuLsQFZk+ET5CoWxVnI= public_key: Cm9yZNczjghAh4hV4fSvy3rsmuLsQFZk+ET5CoWxVnI=
#endpoint: "{{ lookup('dig', 'mine0.kill0.net./A') }}:{{ wireguard_port }}"
endpoint: "mine0.kill0.net:{{ wireguard_port }}" endpoint: "mine0.kill0.net:{{ wireguard_port }}"
allowed_ips: allowed_ips: "{{ hostvars['mine0.kill0.net'].wireguard_interfaces.wg0.address }}"
- 169.254.0.2/32
- fc00::ffff:169.254.0.2/128
- comment: vpn-home.kill0.net - comment: vpn-home.kill0.net
allowed_ips: public_key: j5AgKWcXx8we7QVkt6//oQWsGfXj+5IJKt9mx0EpTW0=
- 172.16.0.0/16
- 169.254.0.16/32
- fc00::ffff:169.254.0.16/128
endpoint: "vpn-home.kill0.net:{{ wireguard_port }}" endpoint: "vpn-home.kill0.net:{{ wireguard_port }}"
persistent_keepalive: 25 allowed_ips: 172.16.0.0/16, 10.255.0.2/32
preshared_key: "{{ vault_wireguard_preshared_key.home }}"
public_key: fUSQ7Uxkxij/0p+SIRekb6moqW0t/qdFaP2HsjRsNRs=
- comment: retropie
allowed_ips:
- 172.31.0.0/16
- 169.254.0.17/32
- fc00::ffff:169.254.0.17/128
persistent_keepalive: 25
preshared_key: "{{ vault_wireguard_preshared_key.retropie }}"
public_key: lLvracXkf8HNfgKpJkzei9ys58aAs4DT3Z3bjNRFsQY=
wg1: wg1:
- comment: pixel - comment: pixel-2
public_key: zCDfH5Eqv0oRNWC8TtrkGby3+BAtiQtXxbsmA/lZtXQ= public_key: GzQOU0x1POvkY4+6smBGkE/B1XytoVxIJa6zGX8j6Bc=
allowed_ips: allowed_ips:
- 192.168.255.16/24 - 192.168.255.16/32
- fc01::ffff:192.168.255.16/128 - 2600:3c00:e000:343::10/128
- 2600:3c00:e000:343::ffff:192.168.255.16/128
- comment: work laptop - comment: work laptop
public_key: TRT1SRQd3mFJDJK9tdglqsydXJmkzyrNdUOm4nr7M3k= public_key: TRT1SRQd3mFJDJK9tdglqsydXJmkzyrNdUOm4nr7M3k=
allowed_ips: allowed_ips:
- 192.168.255.17/24 - 192.168.255.17/32
- fc01::ffff:192.168.255.17/128 - 2600:3c00:e000:343::11/128
- 2600:3c00:e000:343::ffff:192.168.255.17/128 - comment: home workstation
public_key: ISvgu8zZWjmKyKrJi2mbqoJg2mrvIjPbQRs0Sp+dLzc=
allowed_ips:
- 192.168.255.18/32
- 2600:3c00:e000:343::12/128
- comment: rick
public_key: oFJcRhs7tQ4vPHTjbKwwWirpjx9T9ng7PFj3+iAVYWo=
allowed_ips:
- 192.168.255.32/32
- 2600:3c00:e000:343::20/128
unbound_interfaces: unbound_interfaces:
- 127.0.0.1 - 127.0.0.1
- 192.168.255.1 - 192.168.255.1
- ::1 - ::1
- 2600:3c00:e000:343::ffff:192.168.255.1 - 2600:3c00:e000:343::1
unbound_access_control: unbound_access_control:
- 127.0.0.1 allow - 127.0.0.1 allow
- 192.168.255.0/24 allow - 192.168.255.0/24 allow
- ::1 allow - ::1 allow
- 2600:3c00:e000:343::ffff:192.168.255.0/120 allow - 2600:3c00:e000:343::/64 allow

451
group_vars/jump_servers/vault.yaml
View File

@ -1,230 +1,223 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
34326635363163333038303363346632613636306133616266343732323036656335643366646264 36396137393836323465386631643461656431316666376562623633383965393863383866663764
3938363837343132633665323362323133663430633165310a303562396164626233653535623336 3664343734343065343236303365373962333162306564620a623362326163393766343735653061
34646463376565646435616564616235663836663466353234343030353363626131613134643431 64393932383066323264636530613036353637343231666439346234663430326366396532663765
6535653237343635300a393162633862323261376530396630643539313162653161396438366236 3536663666643838360a316462376363613562373965653536333763386635343362393938386331
39633866303562393131636537653932306138643766653632323834373361323938393131656331 39663266616365383166393232646530656135373234646166393365343233666635393430313136
64653335393632336533343135313766643361633739613333666461663962343134636263333333 66616361636638323430343334643230623331623334343162333335353265333436326239626664
30663966306434323331373136366333623262393962363031353564383133306433306261616631 30623039333737383531663738616337396136353836383537343337316565623562393235303566
39323738373163653861653866366139346666333338303435333435663532343466393561616230 63656234663765313062666435313431633861646137313330386633383062656335336639633631
31656234376564366533663762366639363134613666363532336463613863363862353839313034 31386561376365623634666231643134663230643736376662356361313464666638363961366437
32343938656461643531373535363837663336303137323766663966613136313365333734366233 61323033386661356561653961623333353637613439666437333164643532343863333434613061
32613630343034356136313661616532356163336561633562386337613937616535306533623838 63646432396333303965663730623061333065653432326136333337633862393339363130373138
31666363336363653436623635303231366364343137343532613263313436356365393330666638 36366163316635383336316537393761633962336138643139386638373134313635336666303765
65383161613561343361326431623338356338323164656536306162333764346131623235633664 62316531336165323965343232636339313462633536623139303865663862376364363261363865
64666635343765316134653936666137613465363735316562616336636233383439653564316135 31353064646338646662386639343462386639393162363334363937363337613963313135663365
61623466373965323437306537313761353832376462396465306532356162643966643534633666 66343365363232623564613035303139663937356430336537346564643134313763393462323638
35643066653166313335633737393362353630623639336366323161666232353930396434333630 30616462363661623466663162333834323937623335316261646533316137613564316532653165
31353232663837393764653465303133616265636132316430393936323735663136383539336462 33343133376538643961656364656666346533316336626464663939313137643461303232666162
37333262373738366266653532393937326163363832356438373635646465646230623738633232 32353131353864373738396335613763366639633837653636386139393862616364613265313935
61626530323834383838333861363335613034366661343138336638323432306135356363353330 62353134303733393836666337393530643465343333373230346133396163623332336131323730
63396538663731383637333763663763376361313739366266373065303230373135653831643735 39383264303935343763343033303864316433613334633137333031626563393233663932376434
62356365653935386130643364393963353335633539663061633838373132633336613664356631 66303638643232376633636331613234316339666630393534333136306639616662613361663031
65616639643461666538653334666465393965663862343530656265663032653561343833336563 31316630323338383061346333633063393261353463623039633063633132623730303161663531
31653533383665306166393431626161363364346265643631373366316434336234653264666164 65353030303763336639636265663333333639306432306662386232303439626235663433376437
32373336326434666561383463383037633338646635636364366563666464346433643064323032 37336461376662663035373336663937333132383964396561626337626632303064656365313633
66313065303638636635353864613238346537386131303666386264376561393134613438316239 61663630316163323163383436636636313333353437646330346532656236626562663332323636
30623238356663393632326531643732313433383638333866363161656534393134313937383161 65303430663133363464323262313531376531303739613364336262393965376533343136323034
65306439393965353461363439336165356562323262633664653231633538386661616238303732 65376461326362313732323730353137663036393835333939353962643338326162306163626536
37623964613335393330663862666135666664353134303861653232623730626533616335643539 37316262623265633363356435316632653466636137303131303664636433376236613237376339
62396361356465323165366235303362383736386664663935353666613132663762303238346533 36616639643232356330393134333364303137633736633764346233636330386232316566366435
38303665333639323336643466353637636364643631613231613164303664336462353831363662 30613261613936343738303763623966653936323661383164613933333633653339363535306138
33373865326563653632643131313330663237636135376563336565633162613033356163663333 32326466306634633965666466393435656432336163663130666266363230653730396665623531
37383231306333343436366535396463636130353663303830343933623135343661653030643438 36643364306537306663303537333063363565386337663061623661343838303638393965373165
36363663656138326435313565383864373036653832663163633236363961303238346234633231 38613939613061376161626163336164656237356164303562376137633135613738386331323262
33653235643666353266316463373665633661333262303764346466636639316138656266656235 30373539633630646339323930373737346136633465616535643439643134306430653062383664
65353936356230613130373339336631396639303533366239363037626365653262353563643334 61313138376138373961376561303162616438663263653561363339396132393834373566663436
63623537663966353332383838653939653062663864396235633232376635383035313961386638 62356331323465616134656237356434633830666231646434363664623139373737393830616338
33623062336630653432663234303561663233633566343862303631663337383834393930666537 36353066613464353739336462623966356330653534366332663735663937306462393233383939
66376633303034316435366237366464366336313932666337356664323265343533306230343332 36363066633563393463303363653631646464323937613234333835306139373462366661643961
32366239643033333635343563353437633439663839613733636339353933613762303733343736 30316462636638353531336266633061663933316266303335623837376239633835663265336338
65633937653161623732393137313062393636373461306265373461396538663937623263323630 39313334396565653262613736616536646461656438373839316337363963663135353261353133
65626230666636336233303166666664366361366534386466393337373162646262356138636433 32373366366236353663393065306338373961636432353533386436666532313637306433373236
32346238643937343865653165326566346531626238643434623765353836653061623064653166 38383037663037643763383465313862336334326637346338383235663061316232613365656266
62396531333937393363633835663930323138656365313865373733636135333735656138353030 31616136373135323039313633373538353761663439323839313365313462663063373339623530
64313461356232633065613139376134303433613663653733663266376437306337396662353130 61313731303861333631613464343232303763316462643935626366346130366531313631626630
39613732666566636434656466343839353634663736636636666231336235396439393961313366 39636630663866336161623835666261366337376239653139613230616231353636616266663238
65363130666635663633646663656430386538343931346233396563613339333331663930306132 31653466363530346262326630353661366635616162313733323032633736653362306665363565
38363034333434633933303862383965303835343961343562346466393466393165663965343936 31653731343465373736646338383830393735643736646266323965356336393939366537386566
62316234663738356361393836363939393962616639306366653934386539373736636233623763 35613561333834653834626233396133323337303439643432373931616237613439343665343061
30643165353665313235373366366164343461616238313239313737626465653930366466623164 39666661353532326435373332393739356636636433623163383337663165613834393864303533
38653533346335633437653237613436333463373163646261376264376438656131366263353862 32356336366336353261653235663666633335626331663964636263656136366232373838613962
38386361346438343036373761383164666465663436363132373662343266666433383663663333 37393464376137663630333334363234393464313062353366656435646633653265616265383535
31326434666136623865626635663232333766343538383839303435646439386133613663373736 61333061303633623065666366643037333139356465343932376664333163623532626331336139
31373664353630313461363162663866333366613666646337363761333237393635393864373531 33373732613264636331623964393336383665613264343131613138386362386362343539346234
33386434386536343033633664373963323937646535373231623836396334373431353964386566 30336237356436623262393139363538306530356530353237666339386565613931303131666262
31633065346534323566653734663261353866613635316165336534666134653439613463323031 30363866393061663437633532356238383530363066623862393531366530613731393137343434
63656435643132633664393234396230396336326139386632303633393130316566353834376135 33386434613632383066636638356161323837653630363830336233653830343261303933616565
31373663326665333164626433303938666366666463643134356236613738636434626665663461 65313334633838663264623032656131646331613539666436343334663061313837353030626161
66376665363633393530616365643139313436383137323062383763613931353330643634616236 63303362666662356235343065373231646334656565316564626234363431346664373036303333
31323131666536613433396538643364336562366433623437336564663638333136313531623761 39343363346365323237356365323062313630323736323737643432353262366534653131313033
35636431383562393237663533333161333933643662666635623965386435356534633832373531 63383638333334333361383461626361333766343861653538343562326366623332626131613136
35343132663861313931636530666237353166633031366330643731663561346133373831633137 62643537636233383263656564306430386333346432353434623433373638366536393438333434
30633332633362396664333736613630346437353836613237323835313730333033343430323236 37656539303736633938316462366230613131633936363034386639623330653535326264333861
64373663653563343838323438396661363839623261663339333062656264323866386536633439 35616537623461316662636166613530373963316236393938363932616566333430613366626363
39346532633864633663356431663535343664376265376566653861616434313665616264626230 66383139323565353830303466356233353066316663653732303534383765346636653132363130
33316134386630313139343030393435626564353666343734376561616437343032306566303031 32303563353232616537613966663836623832383335646331616364353336313363313234323362
32353663653537666137343831633164303934303436356161313661613164666431653037363539 66616136636533346339363563623734623239626230636565623338363861393338613337623530
65326366323033366663623736626366613239323033356566383334373434313636336230643639 64626363343533303333626234326666623136333332323532383662663635633538313433303835
63646131343636303262626230653633393735323030373531346437396663313162623332316362 34623134386631376639623639313164393033616664346338633033656630623436633130373665
34366239326366633961363236313930303435646135366565626564383663306636623034653465 38356635396238613633333738326233663933666562356630613063303230353462653264393531
62373539663561366435356538386664373664653239313936623362326636353563343337336632 31303736633030663761376134366631646130363139623465653661366335363830633566333237
31333133383562653935656265363136363532653431623830396130636233306563623663333531 33376631343334376435386135653330343832353339313931323434303265343361336231643638
38383664366363306662383532656366356266323031613630336338656362643562373034633933 66623539313162643337353432393865626538633265633363353830306663393233333962313636
61623865316636643430653562623535643966306265613833396266626564326161383666616263 33333565356536376464653131376633353363316663336563323230326537613165353134366365
66663664303431353866613237316539343835366531363166633136633965386532613831346566 61363030326334656139353938613531643864316434383266353633373735326562306239323961
35313334356132626337633339363166303637313665303464343635323163383231636238613066 37336638663837333738313230316236346262326135346536343331356234313130353661383464
34613462386533326638643764346661346361343166376337353136313361656561396238626538 35376236346366373363326138383430323132626663303138353938383263643665393839363162
61666431636661643665323330643239613734663332336638613435653563303835306639316162 31366166613037383166313264373035663066336138623535313035303533613132613436313136
39363432643364393036333334643430663763363234666463323231336135343763653063343533 66393764333732356333363462333366346363613262316130636235353361313731383839653563
32373862383062346261646331376633316463393365303931303535373137663561396636323633 63383134643262636262666237356233393430336163613135623264633336396139646231363562
65626533383337393838323963326361623663386639656264366662326262653161336661306137 34393031663961643562396234666437356665356331633834396637336264653265353065306233
64356561623164303465633562393462396166316233633561323565666433376565646534346132 30393461313663313564373236663362353435393535306465353136613730333866636639633161
34343862393766346534393662316336393363363937313765663237383961356266656233623432 30666566393266616134636264366666356438616632336661393639366635356262653832353633
65383465633830393064393262343133376161646239663166393339643034343635343265636233 32623466303835633065613936373063626432326463336163303838613836646332643035653933
64623664653538343961326663626365333533613338366332396437616466326362346463656465 63363630663161373039653330633631643638313036633537323364373739363736656231636535
30323233343564396238613038663835353538336163333933373538393766633532653736613165 35396466373666353361366535366334313538313639663131336662386166316162326331373838
39343938373535343135656430663263626366346535333833393566363938306430396664623864 34386232653930383133613164393435346661643466343762343463376537633036393366656164
39303539373262383438356566663736623364363766396238323730306263373639303262376463 34366465613839623533363235343737333565326165633634386230323938646166643737333261
63353066306534313031343933343632613634366565386230636137653530393334373832646339 64333139663463666432346461613033616539643463323263343563303361373539303834353434
39396535336466336364666461383639303433383563343236366336316637353032316430646362 61306635323463383238633738303830646263663036396566336534623237636234303566643533
65326339383635333666396233323539316664343031613333653133343732303335633131633031 39663462663063386137326630353164633561653936343665326665306665326238303230346436
66353338363535323734623332633939343230363761646461356534343030326161353131313963 31633138303236666362306162663036386334623339656565353730643630396263363738306139
30323331393133366330653862396265343938623366366164633534653538613461326139353436 64323230616164303638643263396432646438356534313433633536656432333738303038323266
32353939633536616663333763393532323765353533633065373064613438383566373264353362 31643965383036326134653030333932323231313363336263656534303839346631636230323032
37396137353464376362656662303530343261666530663931383031363830356234393162336131 61303033383932626238353466353631326633633565343065306561396636393835373966383032
66313339623064623233393130616532613038623636393035623935346565393061633566663062 61363061653662373731313862326461373133343930393963343062623663633033323865323565
65663563356230316665363863373839326464303632333136643136323334663263343561663530 62633736623365613631326464373662393861663737623836666532353339363232363630333662
33363763393463373637366462653036336461366264333433393366316438343565656232616133 65333265386561336337353838353238316466336162393738623034376339653864393733643837
34333762656562353734383833376234383161396263613534313736346330666237343937313661 38313763656431323261366634386331366262653838613036646633326464383565353136356566
65613631323966393666323834323564356437313032633830616163656365353539623031313762 32313131313466613266643435663933646132646339353239343535363333393535346565383331
65323266626366666366396161373562633938303361396665663536316236333236383234386432 32326566383337323662663438316639366139386433316639633463333661396337393837646435
37666336663362623365343632353734623131346636653539316635336265303137323064313032 66313637653939626536326332306139393438333137323532316130636439313066383633396335
33613036343231666232306233623266663466656362316439643263643163616139303939393430 38373062353930623661306339653234336135396233383965303861363535616633366666656562
63663332626161336637626433386264613131363933313937373030396262343238343565363161 37336331316534656465613536313364346633393066323839393833393864363234356330663264
33666365343534656366366430646639656664656534643831346136643064383931396430383966 65336263613861383837373533646430666539316638323966623761373633666437306432386235
36653166353766656262333434303436643339346365613239386630363430613465366632383733 66353531303533323662613565363065356236383939623237363835616262326536373962343538
31323737616236633535613030313564656364363234386634383234393639313366323333623764 30316631656465313264393932626232346637356531336536613561383434663934643432613164
31353861653964663764633332656133316562373164633433623266623531343663643939633236 33313833613532613365393637323262346437343933353138623765626665656663306263393862
64333635303637653337353164326237316262656237636236643335633331303532353531346531 39303865316537643063363665626465356631653534393462353830653931636563653333323733
64643765353735333634303936356131613866326335376331393733326633653536333563326530 31343864333630366566613731366333323631313337636236653662613832626464626333363537
37353566343236393832653964656262636531376464646433656364353738363762323661646437 33303762363332306266323538323366383863383033616563376231303937316163396638663162
33623234343565646539316361663331623133323238393264613566633930346561613533353862 64386664313863636535366331646238626437353664313731346633353738343733626263666230
38353336623131366331336535626132636638393337376236396462333839363764653264653837 30616161333061393061366430656330613737333133656637656664316265616365313436373939
34326265376538353833343830653431646464643762613661303963363534656465363564366139 65653564326165303761326236343436326363383538613734303539363363316135653630666138
35646461616263646365303232396331343532626635303631313934656332393837616264306234 38663333323863363163353838653765353937313166316230323961376136326438653866346665
37313966656462353161363661386336636363663437346532326361613864353961366432356237 34306561356536663363666162643362316139313438323632366136366461663230613563613434
37386536393866326662343334353237633436383235633636383666613136386465316363393939 37333838663239356236343731313430363232623633626364336664613839393036393566656366
32303138643761653735323037346464653635366430356336313966643537646135623938613033 61616332666262336231363262333832613937313330373231383830343130323966333261353661
65373835303539383830643838383231363735383938373638663165623966356662396665303032 34633661363731613430393262373839333863393730613730323866623837363936333039383535
33646564306334336663636165303633346131373239316564343631306437383462303961626432 36353763313565633037393032386135376537343430363535376238376131653935366434346431
63396263653039336134343530653639356466616331306431633635376364613765663464346433 33353338323935613638306234353963653438323031643735613035613335393834343961373037
34333332663766383838653535643765383761363261326233643832353334386439396263336363 37653131333336353230636136633431333463316137333636363338333230656131346633326162
37336362313062616639663731363038633634383937373034656664626436383735613139393163 33303635613033333730663162623965343230303533393065306539666439656361306634646662
62353933336431356633346166356166616632373035363366393231383232353831633061333833 38616234326637393364303731303566363661633462393836633237353139616634373933356462
39316538636662333936373731363531663562623931643761353566343662363236356231323934 66303864333133643238313061386538313430636231653265336463633437396134626238386365
38343232393932313837323636383763633664643561383936653235303635313532333862633836 38646135363764373837376534386132616139396238373765316633336135396462646230396233
36303865366132316337623165396264613565323937316166653566653738343838663932646463 38393432373736343236646364313037633032666631313462356164656465333837383037353038
31623361303230343037386133343065633633316265633739643137343939663339656165306534 39343962646236363633323465636638656266323966393635373163323330613937656266326636
30346437666261323336613264353231333936633031653235633831396263653139643637663761 64633666323061623266643939366630396237643731343531623031663363663963376336316334
32643436396534643766316364666339613732313132356663613736623333653861376331626663 31323836366665386336313139613836353764343066633231306433363538393438366162376537
65636136303938376531323431323231363662303462353232613963373764616137333832383033 38306436346662336262623832323964663138383262393262396366656465343731373135663562
65633262313662383136646161323231643836313363383333616637353838333361663237373232 63316230366236376238346639613034656662623166306536303031313930343938363363626333
36626661313039613632653261636333303731396232346536666563326465393637383366383130 35353837326134646535626164663762306431306464323230663763616465636435643064393830
30306139383233343965623064353238316138336139363161616234643865366366336135346430 65663439343166376163346137666431653731313738623630623263643133353439363730623230
62393638376539643564343065396539313264396236613032306464346461613832663536373336 34303265383164623530366334343066316361313533323831343833623634326661366532313265
61633336616264353265313336353262646234316338626362653236346565646339663733363230 64333034636663383437666238346434313761366262626231666163373433343230623662653762
37393562383137336636383765363066636363373632613265653837356564313435303932333062 37363234623932636536356565313062633131313334623364333262336561616334643534316666
32393436343733383963336337613662666561336363303632333035346633386339303965333861 38623032376432616339343939646638303630326235316163363530326238306335656630336462
39333839613030326163336566623239323261346239353438303337316162353066343031303363 36313234643064333737613661393164306263353438666334646164346430333665396665386436
37383564316664336432303834653736346539306562663165313464356631663537383761323836 32643136323431303063306135363131373966343666616163326466656233386532383930343764
39363530393461666535306332333632643162663136323337323234353036623835343638333035 34313536643663623031326236663866396165656539313461313933343035306336643631363261
39373464633538393339626363633132343831653730376535623232653662613065326463313464 65333934333231373435376134643237343237636230386465663832363665333334316663303761
39323037643537626638343238343030386336326235376439313934313438653665643238366463 32616133386637303437376639316261643938383563636433633035353138343137623838313466
63393435643638353662333465396331323838313032653736343639373838336664633761323839 65643835643562303234373137323037643165393738366262633638323939653233666163646630
33663563366461313964363465373531386561613331373935363430363935363436643139616365 31613863393832336663326266306430663864323031383161663762636535636238363663343066
66346635333233313464313034643432383763616235326538363464303366636565393736353230 38306533663931623537363964323733666563663765656331306236353436646566343766313039
66356162373862383338346166333030616565643930626261623733626665333135626564623237 37646334643839326531326132633433653030376437373734643038653732346335653161323932
62393766313663366537306261613536356264303063383037626636366465653431383838313963 36616533346437373665636166313337353136616466383237396266373131353136313535323666
38666536613438333935633966643866623737646335323239613666316634613065323134303630 63373034613961643531643936633566383231336166323762316539373334323134636332383232
32313661303735613336373937396532353362306666383664376533643464303332643466383330 36383336656538386631393665336661393432373339323432636565613963656232623034656635
32343765633235356134626132383132306463366564323631323530363337343863316238393930 63376161306631326632636232653831643636396365303762323661366166353539343939313561
39356334303361306535653565653230336433646564353234633736663636333832353838363161 39616233643564656538303764366365326338303436303261656433313766373766383638333634
36623139666432666161313562373232656663646637326562396161633839366133623266356261 66346464623565366530663163666339333636363463336564393034373564633565623535646136
35373536623062306664653633343437653361333031303964353436636330353033653964313738 37613133346565363230653666356631343037636638343832663866613461333061313464373736
38663534376233383739643665303635613132643139346161633031623333653163343762336639 37323563663634373931396232626436626533323566323463346535353362333262633764366664
37363465373366386132393530326163363064383931313231646236313862383562666633366631 30373337666366313866656362613562656239653565613035323936383861663931616266313637
38646537643434653137613765653838383234366538653563363237663262323936646137366664 31636631326630393834346237613965396534323366313039643566343133363537393632663264
36383032623839316165626663623639363466666366373666326133616266663265383365663666 66366265623962353164336463373031323262323936383163613834643433616333306661613430
39316334663862656437303837613638643839343139663765613065323433346138396564376462 62366464353464326636656234336433656633376636366139343338373161303965333637626661
30366138316631343434396532313431313762636330653936366161623561643035356434363936 30336337343936356131303237393264363232653033363163363036376163336639353961343563
61643762613638316634613365623731333831616664356335613764373865623964623138643939 35346336666335636266373861626465633733613032393438616434313735316132313665663635
36623765333933336630666533343462313062623463646335643865356365343535643465373435 34326438316632346666636265633035383336336462656331353737623066313765373366396636
36623461336364373631663733613233303865353230363933333338643861313362613935366663 37383366303764386566316261316232663163616234663966396665313138303839646262306338
61643037326163613435373264653332386337396239393238313864316235363162396466306539 63363365333735626165373735333631363761663735356635386139393739313764623531326561
64643864316230363632313833326136386237366364316436346437643731393930653137373231 61663936363437376261613266633163326366333730323063633436643037663631303537656363
65363637316636303438343465366262353832633538343837386637376235663230336530643836 66633334623064643239336439613735333431363631333435373532316230623065316332336438
39633362313963643134323734313033336433663066316531303331376463653537336463356364 37346336366466366335653562646265613033656466306632646566626666323337353336366366
32316366393464313036666433303031633437653736303935333733373535623732373463643031 62346163383439363933633763376639386132313333616261346234343439653533333462663436
31383031626566623239346337616134666436616465396439343736346662336537326265353264 65353165313865313635383538633432613565343136383665303064636434313135383236636436
39373666383265323233376234333233346331363364633735323266376133306634373735323265 30626538303437623837343663396464666232393139656335613739356165616136316263323337
35636461306361353531663237616239643565633036653230333435646163376433616635393133 38386537326132386264363066333730653863353430643633656533663262613963633231383533
64663266383235666461666531616464373233356132333231313637396663366536666264613364 65623032356131313936623931333234303532626533316636633763393631313139326562616530
30333639636365626338363837623934616331353735343336656235373335616638363462383032 37343965373835393564613630373632666437393738666633636536366135316336333565336538
33396338346231363036613732333466633539393037326664653237643733366665356232336338 61636635633861353561353063666433343837313733653837653239393061313732373930323339
64626265633035386164636534613461636236306563316465333537333364333263323061393330 33653965346230616336323766363434643030633166313562366561363963396663626239343834
36323130376261373339613931363634386163326263303237393931616435666566393466336465 34663933373832666635643961613461643331346564323431343365343439626135613638343866
34396163613731613238613264316430313163666536623337376434393765356438373565626339 65333732653366343032373833623566613865323539666463623163623937343338386632646330
35333164333037626262626635316561323435653432613435383439653364633831616233303530 34393865333864343666376265353062383966653839316263376434636531366561316433373835
66656130313531316661306565313536653133303664303362643361653364383731363039343532 63343264383465336439356565313130373736376532376538336533323134666565346261353435
61396535373630343037376537396431373362643639393633636433326335353230366161656362 62343534313866343331346439303164633539336537613130353364353430323361383938323137
63313933393235386664353761613530636332366332383134353936313639306435356462616639 38353862663730343234333566643936356562383632313238303166646438646435623765373362
62386564363766306334346637353166376361353634366331326638643735373038626333666361 66323339656466653235346661353266383339616364613562656233653935653739323262353661
61623163356532373765633530316635313161346434626538333332613233316630366565346534 35356338363035373066323238323364336438643839313435313163383935316163396335303231
62336436333838303732366536626433353135636362333436613763323730396562616361306665 36303133636539316661396664376639653265376266366432326633323734313165356537656337
35646634623861396232626533333265343761393632393161363063646663663938363535353531 61633835303735366332336134613733336534646531393265633437373862316262663066393262
34636433353237386362313132633732646438643230653438313761386335333731393337346665 61646663363239633430363165346534386639383562316161363532396266613837346230323663
39316239626636323435303932613637373231623337353838313337356632336234623434623038 33623539633637666362346332323833316165643436353332363038343436666536336461636130
66366435376434366364353737656230393531633636633036333630376133313165333963636432 37383839393866386139343565373164626639326530666662323230373030333938393531326435
32353431666532373436316133353439383461353834346439313531333338333764316264343136 61306436623362373363623135336139343162393236326463666664323465646436366561323331
32353733363031376337336666636537613032376361343533323362626132396632633533643163 30396663643765396234346265353831623634343963393234306532613336353732373630363830
66313862623433636438613230646338653961343861623433623864326163363135633864373231 31613561353464306363316136383463396361353933313239643732353335656232636230323539
66313935353164363466356164616363653761623565663032313264656565623864383732376334 64316163316461666564353637626532363966313332353362383936643661363066353734666631
31613538623166663736373535363633623937323261386433386436373361623162626361363033 62363562613362333436313534326135393665663930376535646562646635326236363163626632
35393063663664373230613635353762333238353937633730623861626236663935333134326132 31376334336265323737326138373532323363393937303635373663653862393730646532616637
61343864376639633164333436623563633635343236333664333663653431643664386631376162 34643235636165343063633836623936666564313566303861356332636130393635353438613637
39613766393530313938653562333630343765316461326665386664643134643661666539373131 64303430653061356533373235336661363139643537633337386164303236613934313566643431
35373565313763336136653035656138313162333965663565353531336362616637363830383462 65393664333233326565653634656566393738366566613137383436366638656561376135626364
62343866623838343066653035613031346362303263636436656434303039393434643531666238 38303633343737633464356134616331366266613164386439346338373036666337386632376638
31633363373036356336333235363134616362393362636561316265363366386530666465656531 62316566646539633961353865636165313966663339336436316165323966326561363166613134
37366431373564656533363534613633393739663666666566303538363139643833323537356163 32373764333839313338353162326363373430393031333038646631333836323237643537376462
61396533353536333330343130326663613135393237653438323439623836363162393435646236 33623836396536343335333665366561363737333864363963383836353234633739626466316561
36636631366234663536323463303538303434633632316438343935353162316632663939313437 63346638316365363364316530656563343537326534353137396433646333626666313735366331
36666538323463643462323234626262333131353238333031346139333535656539363336646332 31373465303032306636373437393366316639393065336336306130346234313038316539353037
30353830623536396662313264323637663637353934636532306331323166316535343131336639 36333164306566313539633464373132643234306335633361386637393231306566333832386566
32396237313539653030366164343336623463656261616661376638346561646632623434393166 35356661633535306531623961346635613730653566663536393234373839613961626632313837
62383033313931653235356236363862393837616365616332653730383833376165323735333632 62363062346534623961373266363561326666316161643366386133323163636532363437623266
33303966643462626438303132383233663065353032643362306331663632616535346362643137 38646464366463353162376635313764353338616439633566633862636238643265663465396161
33323736393038356362356135363733326263303430633136383137653734363331623331373537 65333238623833346631653264336430656539623561353135353363326139323234376333346436
63353833336236626664616265383464633335623861353739623863653866323534343163393466 31633365613730663133656532653937373334386335643138663666626230343339663232656336
37666163383465383734643430386437613866616361393561336364346437346164313665363634 36613931623233303164646630363966353730643531356130643265363332386333313132343433
32303539613165613631353239666339336639303561303234336135326137613363656335353761 37653233336337373533313839393365623532376439656537326439663864326639636462613830
37616537353132353561303730326330386435636165303464616232633531613132623636653432 38323832333865613139336632363534616639313566303131326339353934396534336261333839
34353637336338626564353364613962393365333639653133356165343032326430616237396536 63303730363732613037386265663132326264613435666138633639303761623361623836616163
63653033326238336363353061303031393064616163656162376362663061643236643232333266 62663263376231383036663062376333656362303666383962333762653066396339393231636533
62653761383338323837383361383965323963393935626634333661356661396139356566303830 37386538636635366463663434653564656664316230653836646639333736316434356339393435
38313133313564353030643866313366646338376666396435356264373239636666373861363964 39656564333330393436336135656262363862353263613664643063633365336161366664353765
31363863393033633063326237666630666631393036656233336238353736343534633238393532 36356232613234386265396436346130353763636538346636663234633237663133323066316563
62663335393839613137373863346263396361386235346439323437353531626537313965663262 31636237643538376632663462626363386234306334303062343530306161306265633031366161
32636434386238323634616336336464333963633432333932653462666661393933666531303136 63393830656333633864376335623231653230396635616331666236666661643330356135343931
34363432386637323136656335306663656232626631663464396565303465323636326431343762 35356335323332346361666538343065643565333133393137323536363438326563313531336336
66383339336133636431353538643838663331373736636563626537623361363231633934663931 39613330653331356436326437653936386531663037336539643165316131663435363766326435
35366365333036366661363263393062373130383062646332636330326139343266666234323835 37316466666166303262383265653833633437313732363632636235363037326561353032623134
31636463633237373532363333306136396437356236303961623133353630653435396462313264 6239663434363939386230356530333036656637303161626465
34336239373839663061346461313137393333306534646465366430393164646430613964323638
62666638346130383464633339396364643835323036303039656230343564623663313238326333
30653364613661306539373832616638636563653963353835343265383865306233356438303464
62303761363839316237653036316563303466373763323164316331356263656664393831396130
32636135306166366230353834313330383035383964353031663431613434623331616165613565
34623765663564636463363431643736613433316366393862353433323032616435303334396230
38356266623566356637373561343331366665373964373564616138306531356439

5
group_vars/linode.yaml
View File

@ -19,9 +19,8 @@
# - 2600:3c00::c # - 2600:3c00::c
dns_servers: dns_servers:
- 8.8.8.8 - 127.0.0.1
- 1.1.1.1 - ::1
- 9.9.9.9
timezone: Etc/UTC timezone: Etc/UTC

244
group_vars/monitor_servers/main.yaml
View File

@ -8,8 +8,6 @@ alertmanager_web_external_url: https://monitor.kill0.net/alertmanager
prometheus_web_route_prefix: / prometheus_web_route_prefix: /
alertmanager_web_route_prefix: / alertmanager_web_route_prefix: /
prometheus_file_sd_config_d_files: []
prometheus_config: prometheus_config:
global: global:
scrape_interval: 15s scrape_interval: 15s
@ -18,10 +16,6 @@ prometheus_config:
region: dallas region: dallas
provider: linode provider: linode
replica: A replica: A
remote_write:
- url: http://localhost:9009/api/v1/push
headers:
X-Scope-OrgID: kill0-net
alerting: alerting:
alertmanagers: alertmanagers:
- static_configs: - static_configs:
@ -81,13 +75,10 @@ prometheus_config:
- dns.google - dns.google
- vpn-home.kill0.net - vpn-home.kill0.net
- ping-home.kill0.net - ping-home.kill0.net
- 169.254.0.2 - 10.255.0.16
- vpn1-sch.corp.nmi.com - vpn1-sch.corp.nmi.com
- gp-chi.ops.nmi.com - vpn-chi.ops.nmi.com
- gp-ash.ops.nmi.com - vpn-ash.ops.nmi.com
- 172.16.100.1
- 172.16.100.2
- 172.16.10.16
relabel_configs: relabel_configs:
- source_labels: [__address__] - source_labels: [__address__]
target_label: __param_target target_label: __param_target
@ -183,77 +174,6 @@ prometheus_config:
static_configs: static_configs:
- targets: - targets:
- "localhost:3002" - "localhost:3002"
# - job_name: process-exporter
# scrape_interval: 5s
# static_configs:
# - targets:
# - "localhost:9256"
- job_name: loki
scrape_interval: 5s
static_configs:
- targets:
- "localhost:3100"
- job_name: promtail
scrape_interval: 5s
static_configs:
- targets:
- jump0.kill0.net:9080
- mine0.kill0.net:9080
- job_name: gitea
scrape_interval: 5s
static_configs:
- targets:
- localhost:3001
- job_name: karma
scrape_interval: 5s
static_configs:
- targets:
- localhost:8080
- job_name: kthxbye
scrape_interval: 5s
static_configs:
- targets:
- localhost:8081
- job_name: smokeping
scrape_interval: 5s
static_configs:
- targets:
- localhost:9374
- job_name: mimir
scrape_interval: 5s
static_configs:
- targets:
- localhost:9009
- &snmp_job
job_name: snmp
static_configs:
- targets:
- 172.16.100.1
- 172.16.100.2
metrics_path: /snmp
params:
auth: [public_v2]
module:
- if_mib
- ip_mib
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9116
- job_name: snmp_exporter
static_configs:
- targets:
- localhost:9116
- <<: *snmp_job
job_name: snmp-long
scrape_interval: 30s
scrape_timeout: 30s
static_configs:
- targets: []
rule_files: rule_files:
- rules.yaml - rules.yaml
@ -305,10 +225,6 @@ prometheus_rules_config:
expr: up{job=~"thanos.+"} == 0 expr: up{job=~"thanos.+"} == 0
labels: labels:
severity: critical severity: critical
- alert: Down
expr: up == 0
labels:
severity: critical
- alert: FileSystemUsage - alert: FileSystemUsage
expr: ((node_filesystem_size_bytes{mountpoint!~"fuse.lxcfs|tmpfs"} - node_filesystem_free_bytes) / node_filesystem_size_bytes) > 0.80 expr: ((node_filesystem_size_bytes{mountpoint!~"fuse.lxcfs|tmpfs"} - node_filesystem_free_bytes) / node_filesystem_size_bytes) > 0.80
for: 1m for: 1m
@ -361,13 +277,6 @@ prometheus_rules_config:
# summary: Certificates expiring in < 14 days # summary: Certificates expiring in < 14 days
summary: "{% raw %}Blackbox SSL certificate will expire soon (instance {{ $labels.instance }}){% endraw %}" summary: "{% raw %}Blackbox SSL certificate will expire soon (instance {{ $labels.instance }}){% endraw %}"
description: "{% raw %}SSL certificate expires in 14 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}{% endraw %}" description: "{% raw %}SSL certificate expires in 14 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}{% endraw %}"
- name: snmp.rules
rules:
- alert: PortDown
expr: ifAdminStatus{ifName=~"(Gi|eth).+", ifAlias!~".+laptop|notebook.+"} == 1 and ifOperStatus == 2
for: 1m
- alert: PortFlapping
expr: changes(ifOperStatus{ifName=~"(Gi|eth).+"}[5m]) > 2
blackbox_exporter_config: blackbox_exporter_config:
modules: modules:
@ -397,6 +306,34 @@ blackbox_exporter_config:
http: http:
method: GET method: GET
# route:
# receiver: pushover-receiver
# mute_time_intervals:
# - quiet_hours
# routes:
# - receiver: blackhole
# match:
# alertname: MaintenanceMode
# #- receiver: blackhole
# # match:
# # alertname: QuietHours
# receivers:
# - name: blackhole
# - name: pushover-receiver
# pushover_configs:
# - token: "{{ vault_pushover_token }}"
# user_key: "{{ vault_pushover_user_key }}"
# inhibit_rules:
# - source_match:
# alertname: MaintenanceMode
# #- source_match:
# # alertname: QuietHours
# time_intervals:
# - name: quiet_hours
# times:
# - start_time: 03:00
# end_time: 15:00
alertmanager_config: alertmanager_config:
inhibit_rules: inhibit_rules:
- source_match: - source_match:
@ -405,13 +342,9 @@ alertmanager_config:
- name: blackhole - name: blackhole
- name: pushover-receiver - name: pushover-receiver
pushover_configs: pushover_configs:
- token: "{{ vault_alertmanager_pushover_token }}" - token: agwd6wv7xveakykb8e5rz7rw3eg2v3
user_key: 28G1x3lT4oUtlck50R1H3e6j8kDHjb user_key: 28G1x3lT4oUtlck50R1H3e6j8kDHjb
- name: discord
discord_configs:
- webhook_url: "{{ vault_alertmanager_discord_webhook_url }}"
route: route:
repeat_interval: 24h
receiver: pushover-receiver receiver: pushover-receiver
routes: routes:
- match: - match:
@ -423,8 +356,6 @@ alertmanager_config:
- receiver: pushover-receiver - receiver: pushover-receiver
mute_time_intervals: mute_time_intervals:
- quiet_hours - quiet_hours
continue: true
- receiver: discord
time_intervals: time_intervals:
- name: quiet_hours - name: quiet_hours
time_intervals: time_intervals:
@ -440,7 +371,7 @@ node_exporter_du_directories:
- /var/lib/loki - /var/lib/loki
firewall_ipset_loki: firewall_ipset_loki:
- 169.254.0.0/24 - 10.255.0.0/24
karma_config: karma_config:
alertmanager: alertmanager:
@ -485,112 +416,3 @@ karma_config:
thanos_bucket_config: "{{ vault_thanos_bucket_config }}" thanos_bucket_config: "{{ vault_thanos_bucket_config }}"
kthxbye_listen: :8081 kthxbye_listen: :8081
loki_storage_config:
tsdb_shipper:
active_index_directory: "{{ loki_var_path }}/tsdb-index"
cache_location: "{{ loki_var_path }}/tsdb-cache"
gcs:
bucket_name: kill0-net-loki
service_account: "{{ vault_loki_gcs_service_account | string }}"
loki_schema_config:
configs:
- from: 2023-08-11
index:
period: 24h
prefix: index_
object_store: gcs
schema: v12
store: tsdb
- from: 2024-04-10
index:
period: 24h
prefix: index_
object_store: gcs
schema: v13
store: tsdb
loki_query_scheduler:
max_outstanding_requests_per_tenant: 32768
loki_querier:
max_concurrent: 16
loki_compactor:
working_directory: "{{ loki_var_path }}/retention"
delete_request_store: gcs
compaction_interval: 10m
retention_enabled: true
retention_delete_delay: 2h
retention_delete_worker_count: 150
loki_ruler:
alertmanager_url: http://localhost:9093
storage:
type: gcs
gcs:
bucket_name: kill0-net-loki
service_account: "{{ vault_loki_gcs_service_account | string }}"
ring:
kvstore:
store: inmemory
enable_api: true
rsyslog_d:
- name: loki
priority: 10
content: |
if $hostname == [ "ap0", "coresw0", "fw0", "power0", "172.16.100.1", "172.16.100.2" ] then {
action(
type="omfwd"
target="localhost"
port="1514"
protocol="tcp"
action.resumeretrycount="-1"
queue.type="linkedlist"
queue.size="1000000"
queue.filename="loki-fwd"
queue.saveonshutdown="on"
keepalive="on"
template="RSYSLOG_SyslogProtocol23Format"
tcp_framing="octet-counted"
)
}
smokeping_prober_config:
targets:
- hosts:
- dns.google
- vpn-home.kill0.net
- ping-home.kill0.net
- vpn1-sch.corp.nmi.com
- gp-chi.ops.nmi.com
- gp-ash.ops.nmi.com
- 169.254.0.2
- 172.16.100.1
- 172.16.100.2
- 172.16.10.16
network: ip4
- hosts:
- dns.google
- ping-home.kill0.net
- fc00::ffff:169.255.0.2
- fc00::ffff:169.255.0.16
network: ip6
mimir_common:
storage:
backend: gcs
gcs:
bucket_name: kill0-net-mimir
service_account: "{{ vault_mimir_gcs_service_account | string }}"
mimir_blocks_storage:
storage_prefix: blocks
mimir_alertmanager_storage:
storage_prefix: alertmanager
mimir_ruler_storage:
storage_prefix: ruler

17
group_vars/monitor_servers/vault.yaml
View File

@ -1,17 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
35346264373635663161356339313438613932623165613239353162316265333231623434383030
6435323137313638633663356635373464393730663834320a346362633362323864373636346165
37363637663037653932313165653333643833376133383336363930623338333134623562353239
6430363062323865650a363330653031383666386637633333646339393064396330313037363239
30626538373432633031666264646236613936333965366430653031303131626161376633346435
63323165366666663362353661353634636339393930343862336132613466636131343861343835
64633531336139353961626565363434316230393739626531366661653132616566363234393036
35656331383038396665376236373531323931313632656331356235353664636264393664346131
38633038303364373166366633646330393636366134626437376662386235626233633831363062
32636461646661613734353739663934333365313932306363666464656236366634653032303031
34333032373935343366626537386231306666663934326664353432323338353235306231363464
64653561663662363064313436653036613038633033623737666335636331656461653535643864
62376539343761666366333331373164623230663639373231373763653938343535646166303639
31616463316364366130653033643935356461363938386264306162623933336338363365316162
63396436316338306136616265643562353931356239393661333161396537653366643765303031
64323639653263323837

5
group_vars/stats_servers/main.yaml
View File

@ -24,8 +24,9 @@ grafana_config:
http_port: "{{ grafana_port }}" http_port: "{{ grafana_port }}"
grafana_ssl_enabled: true grafana_ssl_enabled: true
grafana_ssl_certificate: "/var/lib/lego/certificates/{{ grafana_domain }}.crt" grafana_ssl_certificate: "/etc/letsencrypt/live/{{ grafana_domain }}/fullchain.pem"
grafana_ssl_certificate_key: "/var/lib/lego/certificates/{{ grafana_domain }}.key" grafana_ssl_certificate_key: "/etc/letsencrypt/live/{{ grafana_domain }}/privkey.pem"
# grafana_ssl_dhparam: "/etc/letsencrypt/ssl-dhparams.pem"
grafana_datasources: grafana_datasources:
apiVersion: 1 apiVersion: 1

100
host_vars/jump0.kill0.net/all.yaml
View File

@ -18,54 +18,25 @@ certbot_certificates:
- domains: - domains:
- cavi.cc - cavi.cc
email: rcavicchioni@gmail.com email: rcavicchioni@gmail.com
- domains:
- proxy.kill0.net
email: rcavicchioni@gmail.com
lego_user_environ:
GCE_PROJECT: kill0-net
GCE_SERVICE_ACCOUNT_FILE: "{{ lego_etc_dir_path }}/credentials.json"
lego_bin_user_args:
- --email rcavicchioni@gmail.com
- --dns gcloud
lego_bin_renew_user_args:
- --renew-hook "systemctl reload nginx"
lego_domains:
- name: cavi.cc
- name: dl.kill0.net
- name: git.kill0.net
- name: monitor.kill0.net
- name: proxy.kill0.net
- name: stats.kill0.net
autossh_config: [] autossh_config: []
wireguard_interfaces: wireguard_interfaces:
wg0: wg0:
address: address: 10.255.0.1/32
- 169.254.0.1/24
- fc00::ffff:169.254.0.1/64
private_key: "{{ vault_wireguard_private_keys.wg0 }}" private_key: "{{ vault_wireguard_private_keys.wg0 }}"
listen_port: 51820 listen_port: 51820
table: 'off'
wg1: wg1:
address: address:
- 192.168.255.1/24 - 192.168.255.1/24
- fc01::ffff:192.168.255.1/128 - 2600:3c00:e000:343::1/128
- 2600:3c00:e000:343::ffff:192.168.255.1/128
private_key: "{{ vault_wireguard_private_keys.wg1 }}" private_key: "{{ vault_wireguard_private_keys.wg1 }}"
listen_port: 51821 listen_port: 51821
restic_tidy_enabled: true restic_tidy_enabled: true
nginx_htpasswd_files: "{{ vault_nginx_htpasswd_files }}"
nginx_vhosts: nginx_vhosts:
cavicc: cavicc:
server:
- server_name: cavi.cc - server_name: cavi.cc
root: /var/www/cavicc root: /var/www/cavicc
listen: listen:
@ -78,66 +49,7 @@ nginx_vhosts:
- server_name: cavi.cc - server_name: cavi.cc
root: /var/www/cavicc root: /var/www/cavicc
listen: listen:
- 443 ssl - 443 ssl http2
- "[::]:443 ssl" - "[::]:443 ssl http2"
ssl_certificate: /var/lib/lego/certificates/cavi.cc.crt ssl_certificate: /etc/letsencrypt/live/cavi.cc/fullchain.pem
ssl_certificate_key: /var/lib/lego/certificates/cavi.cc.key ssl_certificate_key: /etc/letsencrypt/live/cavi.cc/privkey.pem
# ssl_certificate: /etc/letsencrypt/live/cavi.cc/fullchain.pem
# ssl_certificate_key: /etc/letsencrypt/live/cavi.cc/privkey.pem
raw: |
location / {
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
}
proxy:
upstream:
- name: loki_backend
server:
- localhost:3100
#- name: prometheus_backend
# server:
# - localhost:9090
map:
- name: $http_upgrade
variable: $connection_upgrade
content:
default: upgrade
'': close
server:
- server_name: proxy.kill0.net
root: /var/empty
listen:
- 80
- "[::]:80"
raw: |
location / {
return 301 https://$server_name$request_uri;
}
- server_name: proxy.kill0.net
root: /var/empty
listen:
- 443 ssl
- "[::]:443 ssl"
# ssl_certificate: /etc/letsencrypt/live/proxy.kill0.net/fullchain.pem
# ssl_certificate_key: /etc/letsencrypt/live/proxy.kill0.net/privkey.pem
ssl_certificate: /var/lib/lego/certificates/proxy.kill0.net.crt
ssl_certificate_key: /var/lib/lego/certificates/proxy.kill0.net.key
raw: |
auth_basic "Proxy";
auth_basic_user_file /etc/nginx/proxy.htpasswd;
location / {
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
}
location /loki {
proxy_http_version 1.1;
proxy_pass http://loki_backend;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
}
location /prometheus/ {
proxy_pass http://prometheus_backend/;
}

4
host_vars/mine0.kill0.net/main.yaml
View File

@ -161,8 +161,6 @@ openvpn_certificates:
wireguard_interfaces: wireguard_interfaces:
wg0: wg0:
address: address: 10.255.0.16/32
- 169.254.0.2/24
- fc00::ffff:169.254.0.2/64
private_key: "{{ vault_wireguard_private_keys.wg0 }}" private_key: "{{ vault_wireguard_private_keys.wg0 }}"
listen_port: 51820 listen_port: 51820

10
roles/cloudflared/defaults/main.yaml
View File

@ -1,10 +0,0 @@
---
cloudflared_package_name: cloudflared
cloudflared_package_state: present
cloudflared_service_name: cloudflared.service
cloudflared_service_enabled: true
cloudflared_service_state: started
cloudflared_apt_repository_repo: "deb [signed-by=/etc/apt/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared {{ ansible_lsb.codename }} main"
cloudflared_apt_repository_state: present

BIN
roles/cloudflared/files/cloudflare-main.gpg
View File

Binary file not shown.

14
roles/cloudflared/tasks/Debian.yaml
View File

@ -1,14 +0,0 @@
---
- name: trust cloudflare apt respository key
ansible.builtin.copy:
src: "cloudflare-main.gpg"
dest: "/etc/apt/keyrings/cloudflare-main.gpg"
owner: root
group: root
mode: 0644
- name: configure cloudflare apt repository
ansible.builtin.apt_repository:
repo: "{{ cloudflared_apt_repository_repo }}"
state: "{{ cloudflared_apt_repository_state | default('present') }}"
filename: cloudflared

5
roles/cloudflared/tasks/install.yaml
View File

@ -1,5 +0,0 @@
---
- name: install package
ansible.builtin.package:
name: "{{ cloudflared_package_name }}"
state: "{{ cloudflared_package_state | default('present') }}"

28
roles/cloudflared/tasks/main.yaml
View File

@ -1,28 +0,0 @@
---
- name: gather os specific variables
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- ansible.builtin.include_tasks: install.yaml
# - ansible.builtin.include_tasks: configure.yaml

0
roles/cloudflared/vars/default.yaml
View File

12
roles/docker/handlers/main.yaml
View File

@ -1,12 +0,0 @@
---
- name: reload docker
ansible.builtin.service:
name: "{{ docker_service_name | default('docker') }}"
state: reloaded
- name: restart docker
ansible.builtin.service:
name: "{{ docker_service_name | default('docker') }}"
state: restarted
listen:
- restart nftables

10
roles/tailscale/defaults/main.yaml
View File

@ -1,10 +0,0 @@
---
# tailscale_package_name: tailscale
# tailscale_package_state: present
# tailscale_service_name: tailscaled
# tailscale_service_state: started
# tailscale_service_enabled: true
tailscale_up_args:
[]

13
roles/tailscale/tasks/Debian.yaml
View File

@ -1,13 +0,0 @@
---
- name: add tailscale repo
block:
- name: install apt key
ansible.builtin.get_url:
url: "https://pkgs.tailscale.com/stable/{{ ansible_distribution | lower }}/{{ ansible_distribution_release | lower }}.noarmor.gpg"
dest: /etc/apt/trusted.gpg.d/tailscale-archive-keyring.gpg
- name: install apt repo
ansible.builtin.apt_repository:
repo: "deb [signed-by=/etc/apt/trusted.gpg.d/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }} main"
state: present
filename: tailscale

11
roles/tailscale/tasks/configure.yaml
View File

@ -1,11 +0,0 @@
---
- name: manage service
ansible.builtin.service:
name: "{{ tailscale_service_name | default('tailscaled') }}"
state: "{{ tailscale_service_state | default('started') }}"
enabled: "{{ tailscale_service_enabled | default(true) }}"
- name: tailscale up
ansible.builtin.shell:
cmd: "tailscale up {{ tailscale_up_args | join(' ') }} --authkey {{ tailscale_authkey }}"
no_log: true

0
roles/tailscale/tasks/default.yaml
View File

5
roles/tailscale/tasks/install.yaml
View File

@ -1,5 +0,0 @@
---
- name: install
ansible.builtin.package:
name: "{{ tailscale_package_name | default('tailscale') }}"
state: "{{ tailscale_package_state | default('present') }}"

31
roles/tailscale/tasks/main.yaml
View File

@ -1,31 +0,0 @@
---
- name: gather OS specific variables
ansible.builtin.include_vars: "{{ lookup('ansible.builtin.first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: run os specific tasks
ansible.builtin.include_tasks: "{{ lookup('ansible.builtin.first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- debug:
var: ansible_facts
- include_tasks: install.yaml
- include_tasks: configure.yaml

0
roles/tailscale/vars/default.yaml
View File

6
roles/ufw/defaults/main.yaml
View File

@ -1,6 +0,0 @@
---
# ufw_state: enabled
# ufw_policy: allow
ufw_rules:
- port: ssh
rule: allow

12
roles/ufw/tasks/configure.yaml
View File

@ -1,12 +0,0 @@
---
- name: set ufw state
community.general.ufw:
state: "{{ ufw_state | default('enabled') }}"
policy: "{{ ufw_policy | default('allow') }}"
- name: configure rules
community.general.ufw:
port: "{{ item.port | default(omit) }}"
proto: "{{ item.proto | default(omit) }}"
rule: "{{ item.rule | default(omit) }}"
loop: "{{ ufw_rules | default([]) }}"

0
roles/ufw/tasks/default.yaml
View File

26
roles/ufw/tasks/main.yaml
View File

@ -1,26 +0,0 @@
---
- name: gather OS specific variables
ansible.builtin.include_vars: "{{ lookup('ansible.builtin.first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: run os specific tasks
ansible.builtin.include_tasks: "{{ lookup('ansible.builtin.first_found', params) }}"
vars:
params:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- include_tasks: configure.yaml

0
roles/ufw/vars/default.yaml
View File