aboutsummaryrefslogtreecommitdiff
path: root/ansible
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2022-02-13 19:25:17 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2022-02-13 19:25:17 +0100
commit4b559395d6aa97925a2926bf88fd6015ad7e1b66 (patch)
treebacaed2dfb42ff9abb280d40f2a08b91cad07197 /ansible
parent51ffd253f00df48aefeee65f3d8723259418f353 (diff)
downloadinfra-4b559395d6aa97925a2926bf88fd6015ad7e1b66.tar.gz
infra-4b559395d6aa97925a2926bf88fd6015ad7e1b66.tar.bz2
infra-4b559395d6aa97925a2926bf88fd6015ad7e1b66.tar.xz
infra-4b559395d6aa97925a2926bf88fd6015ad7e1b66.zip
wip
Diffstat (limited to 'ansible')
-rw-r--r--ansible/ansible.cfg3
-rw-r--r--ansible/group_vars/all/linode-dns.yml33
-rw-r--r--ansible/inventory4
-rw-r--r--ansible/plays/files/wireguard/vs0/vimscore-4.pub1
-rw-r--r--ansible/plays/ops-agent.yml1
-rw-r--r--ansible/plays/templates/ops-agent/docker-compose.yml2
-rw-r--r--ansible/plays/templates/ops-agent/telegraf.conf7
-rw-r--r--ansible/plays/wireguard-vs0.yml12
-rw-r--r--ansible/roles/dovecot/tasks/main.yml2
9 files changed, 42 insertions, 23 deletions
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index e7dde87..1904149 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -7,6 +7,3 @@ stdout_callback = debug
vault_password_file = ./.vault-password
roles_path = roles:thirdparty
retry_files_enabled = False
-
-strategy_plugins = env/lib/python3.9/site-packages/ansible_mitogen/plugins/strategy
-strategy = mitogen_linear
diff --git a/ansible/group_vars/all/linode-dns.yml b/ansible/group_vars/all/linode-dns.yml
index 8f4d14d..30fc1c9 100644
--- a/ansible/group_vars/all/linode-dns.yml
+++ b/ansible/group_vars/all/linode-dns.yml
@@ -1,17 +1,18 @@
$ANSIBLE_VAULT;1.1;AES256
-32613137363737323032353466633435666631323539363839633637666636326337363665326666
-3436386634663232663533303063313430633061323737350a383137343930626439613835376465
-63306535373732363137393461353164333261633735646639363030343961643832633839613765
-3630313535616264660a316437326231656332313833343663383662623438666463613537363436
-31646663356231373036663335633361353633333134336664303230366664396432623763616531
-37643962383431663333616338303239343535303563303238363232323963643866653166373366
-33333535636163306666663539656236363439323936383831326336386134333963623861316263
-34313334363135373262663864333339376639333832363433636232626535316562663239656139
-39323266663062623461343062333436343262633736373830323733653561623336333535343136
-33643137323035376233636638366439366535383364333635643464323036613238653237666239
-34396661633233626265663965653666653333666365636331623062613034633164333437386534
-64373733386232303739646132613435666430313730626661636263613461393661613338626333
-61363032616339626330376533626461363231323833663131636661366465623063316537353731
-38376432393735656537313039623135653032343631333761666639633563636535616437393163
-31626433323061373338636162666334363937623339643364663263316535303336623338363337
-37626330626338353733
+38656532373534383936376437386438333231313236316363316637353563646635306265343664
+6565653036363461353665663636363831613065386561360a316534316564303462393062303465
+31306332313734313762653834363062636233353862626633393039666266366465363134656362
+6639373862343832390a356665666334343430663863353663623934613463376235303932366138
+31613832333130396662343438646232323465363736666564303065306634363336313536346537
+36363866323636623432366636306138386632396430386631393062383530316533313930386433
+32663766653739646661633335316164393939373864313734356337323832323537353637353532
+35663838376137626433353665653165383533653132383164386633376531373438313337386561
+33366465623264666630626430346131393561383266623235616333323139633733363238316438
+66356630636638363861396430656661626466356463623061636433306139613936383061636438
+61396432313739333232323266323636373966393765646362646634663066636166643835616139
+30663934343538383062613539323134646634623865353064353761376162353364646266363539
+33333439626231653437336439303539303665633731356430306563376164373330653539653132
+38303932303962313061626530353164306131356365313561333536613339353433353466616665
+32666131313162663633656637663634333738393363343937356564643732306162303936303839
+32393339653663653834383966316439616363646533613266646432646464353966323266643331
+33353162323039626630383461363335336632663539326133643430313462616565
diff --git a/ansible/inventory b/ansible/inventory
index 5b24dca..a903558 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -4,14 +4,14 @@ all:
ansible_host: knot.vpn.trygvis.io
ansible_python_interpreter: /usr/bin/python3
hash:
- ansible_host: hash.vpn.trygvis.io
+ ansible_host: hash.trygvis.io
numquam:
ansible_host: numquam.trygvis.io
birgitte:
ansible_host: birgitte.vpn.trygvis.io
ansible_python_interpreter: /usr/bin/python3
arius:
- ansible_host: arius.trygvis.io
+ ansible_host: arius.vpn.trygvis.io
ansible_python_interpreter: /usr/bin/python3
mw:
ansible_host: 2a01:7e00:e000:272:2ff:aaff:fe7e:46b4
diff --git a/ansible/plays/files/wireguard/vs0/vimscore-4.pub b/ansible/plays/files/wireguard/vs0/vimscore-4.pub
new file mode 100644
index 0000000..de3f379
--- /dev/null
+++ b/ansible/plays/files/wireguard/vs0/vimscore-4.pub
@@ -0,0 +1 @@
+3BtUW/vKuCt1fMX/kUJ32Dx5spVJQBtk4NQyfQVp0RA=
diff --git a/ansible/plays/ops-agent.yml b/ansible/plays/ops-agent.yml
index cb16e6d..f4e52bc 100644
--- a/ansible/plays/ops-agent.yml
+++ b/ansible/plays/ops-agent.yml
@@ -3,6 +3,7 @@
- birgitte
- hash
- malabaricus
+ - knot
tasks:
# Generate template telegraf.conf
# docker run --rm telegraf:1.14 bash
diff --git a/ansible/plays/templates/ops-agent/docker-compose.yml b/ansible/plays/templates/ops-agent/docker-compose.yml
index c3a2b8a..57cab7b 100644
--- a/ansible/plays/templates/ops-agent/docker-compose.yml
+++ b/ansible/plays/templates/ops-agent/docker-compose.yml
@@ -1,7 +1,7 @@
version: "3"
services:
telegraf:
- image: telegraf:1.15
+ image: telegraf:1.17
privileged: true
network_mode: host
volumes:
diff --git a/ansible/plays/templates/ops-agent/telegraf.conf b/ansible/plays/templates/ops-agent/telegraf.conf
index a408ef6..4dd6422 100644
--- a/ansible/plays/templates/ops-agent/telegraf.conf
+++ b/ansible/plays/templates/ops-agent/telegraf.conf
@@ -27,7 +27,9 @@
[[inputs.processes]]
[[inputs.swap]]
[[inputs.system]]
+{% if false %}
[[inputs.docker]]
+{% endif %}
{% if telegraf_sensors_enable|default(false) %}
[[inputs.sensors]]
@@ -45,6 +47,11 @@ devices = [
{% endif %}
{% endif %}
+[[inputs.net]]
+[[inputs.netstat]]
+[[inputs.interrupts]]
+[[inputs.linux_sysctl_fs]]
+
[[outputs.influxdb]]
urls = ["$INFLUX_URL"]
skip_database_creation = false
diff --git a/ansible/plays/wireguard-vs0.yml b/ansible/plays/wireguard-vs0.yml
index a9a108b..904f8ed 100644
--- a/ansible/plays/wireguard-vs0.yml
+++ b/ansible/plays/wireguard-vs0.yml
@@ -21,6 +21,10 @@
address: 192.168.137.3/24
network: 10.137.3.0
prefix: 24
+ vimscore-4:
+ address: 192.168.137.4/24
+ network: 10.137.4.0
+ prefix: 24
arius:
address: 192.168.137.103/24
network: 10.137.103.0
@@ -44,6 +48,9 @@
- gateway: "{{ networks['vimscore-3'].address }}"
network: "{{ networks['vimscore-3'].network }}/{{ networks['vimscore-3'].prefix }}"
state: "{{ 'absent' if ansible_hostname == 'vimscore-3' else 'present' }}"
+ - gateway: "{{ networks['vimscore-4'].address }}"
+ network: "{{ networks['vimscore-4'].network }}/{{ networks['vimscore-4'].prefix }}"
+ state: "{{ 'absent' if ansible_hostname == 'vimscore-4' else 'present' }}"
- gateway: "{{ networks['arius'].address }}"
network: "{{ networks['arius'].network }}/{{ networks['arius'].prefix }}"
state: "{{ 'absent' if ansible_hostname == 'arius' else 'present' }}"
@@ -71,6 +78,11 @@
allowed_ips:
- "{{ networks['vimscore-3'].address | ipaddr('address') }}/32"
- "{{ networks['vimscore-3'].network }}/{{ networks['vimscore-3'].prefix }}"
+ vimscore-4:
+ endpoint: vimscore-4.vimscore.com
+ allowed_ips:
+ - "{{ networks['vimscore-4'].address | ipaddr('address') }}/32"
+ - "{{ networks['vimscore-4'].network }}/{{ networks['vimscore-4'].prefix }}"
arius:
allowed_ips:
- "{{ networks['arius'].address | ipaddr('address') }}/32"
diff --git a/ansible/roles/dovecot/tasks/main.yml b/ansible/roles/dovecot/tasks/main.yml
index 1ee3b8d..fdc874c 100644
--- a/ansible/roles/dovecot/tasks/main.yml
+++ b/ansible/roles/dovecot/tasks/main.yml
@@ -11,7 +11,7 @@
- update-passwords
become: yes
with_dict: "{{ dovecot__passwords }}"
- no_log: yes
+# no_log: yes
htpasswd:
path: /etc/dovecot/users
name: "{{ item.key }}"