6 files changed, 232 insertions, 0 deletions
diff --git a/ansible/plays/templates/danneri/systemd-networkd/enp1s0.network b/ansible/plays/templates/danneri/systemd-networkd/enp1s0.network
new file mode 100644
index 0000000..b38116c
--- /dev/null
+++ b/ansible/plays/templates/danneri/systemd-networkd/enp1s0.network
@@ -0,0 +1,8 @@
+[Match] 
+Name=enp1s0
+
+[Network]
+DHCP=ipv4
+
+[IPv6AcceptRA]
+Token=static:{{ ipam6.networks.lhn2_dn42.hosts.danneri }}
diff --git a/ansible/plays/templates/lhn2pi/systemd/network/10-eth0.network b/ansible/plays/templates/lhn2pi/systemd/network/10-eth0.network
new file mode 100644
index 0000000..853556d
--- /dev/null
+++ b/ansible/plays/templates/lhn2pi/systemd/network/10-eth0.network
@@ -0,0 +1,11 @@
+[Match]
+Name=eth0
+
+[Network]
+DHCP=ipv4
+Address={{ ipam6.networks.lhn2_dn42.hosts.lhn2pi }}
+# IPv6Forwarding=yes # needs newer systemd
+
+# Disables the automatic activation of DHCPv6 from RA packets
+[IPv6AcceptRA]
+DHCPv6Client=no
diff --git a/ansible/plays/templates/otelcol-contrib/config.yaml b/ansible/plays/templates/otelcol-contrib/config.yaml
new file mode 100644
index 0000000..671dbaa
--- /dev/null
+++ b/ansible/plays/templates/otelcol-contrib/config.yaml
@@ -0,0 +1,65 @@
+receivers:
+  journald:
+    priority: debug
+
+exporters:
+  debug:
+    verbosity: detailed
+
+  nop:
+
+  otlphttp/hash:
+    endpoint: https://loki.trygvis.io/otlp
+
+extensions:
+  file_storage/journald:
+
+processors:
+  batch: {}
+
+  transform/severity_parse:
+    log_statements:
+      - context: log
+        statements:
+          - set(resource.attributes["service.namespace"], "systemd")
+          - set(resource.attributes["service.name"], body["_SYSTEMD_UNIT"])
+          - set(resource.attributes["systemd_unit"], body["_SYSTEMD_UNIT"])
+          - set(resource.attributes["systemd_slice"], body["_SYSTEMD_SLICE"])
+          - set(resource.attributes["node"], body["_HOSTNAME"])
+
+          - set(severity_number, SEVERITY_NUMBER_TRACE) where body["PRIORITY"] == "7"
+          - set(severity_text, "debug") where body["PRIORITY"] == "7"
+          - set(severity_number, SEVERITY_NUMBER_DEBUG) where body["PRIORITY"] == "6"
+          - set(severity_text, "info") where body["PRIORITY"] == "6"
+          - set(severity_number, SEVERITY_NUMBER_INFO) where body["PRIORITY"] == "5"
+          - set(severity_text, "notice") where body["PRIORITY"] == "5"
+          - set(severity_number, SEVERITY_NUMBER_WARN) where body["PRIORITY"] == "4"
+          - set(severity_text, "warning") where body["PRIORITY"] == "4"
+          - set(severity_number, SEVERITY_NUMBER_ERROR) where body["PRIORITY"] == "3"
+          - set(severity_text, "err") where body["PRIORITY"] == "3"
+          - set(severity_number, SEVERITY_NUMBER_FATAL) where body["PRIORITY"] == "2"
+          - set(severity_text, "crit") where body["PRIORITY"] == "2"
+          - set(severity_number, SEVERITY_NUMBER_FATAL) where body["PRIORITY"] == "1"
+          - set(severity_text, "alert") where body["PRIORITY"] == "1"
+          - set(severity_number, SEVERITY_NUMBER_FATAL) where body["PRIORITY"] == "0"
+          - set(severity_text, "emerg") where body["PRIORITY"] == "0"
+
+          - set(body, body["MESSAGE"])
+
+service:
+#  telemetry:
+#    logs:
+#      level: debug
+  extensions:
+    - file_storage/journald
+  pipelines:
+    logs:
+      receivers:
+        - journald
+      processors: 
+        - transform/severity_parse
+        - batch
+      exporters:
+#        - debug
+#        - nop
+        - otlphttp/hash
diff --git a/ansible/plays/templates/roa-server/docker-compose.yml b/ansible/plays/templates/roa-server/docker-compose.yml
new file mode 100644
index 0000000..c11933c
--- /dev/null
+++ b/ansible/plays/templates/roa-server/docker-compose.yml
@@ -0,0 +1,14 @@
+version: "3"
+services:
+  stayrtr:
+    image: rpki/stayrtr:latest # no tagged images are available :(
+    volumes:
+      - /etc/docker-service/roa-server/id_ecdsa:/id_ecdsa:ro
+    ports:
+      - 8022:8022
+    command:
+      - -bind=
+      - -ssh.bind=:8022
+      - -ssh.key=/id_ecdsa
+      - -checktime=false
+      - -cache=https://dn42.burble.com/roa/dn42_roa_46.json
diff --git a/ansible/plays/templates/traefik-proxy.toml.j2 b/ansible/plays/templates/traefik-proxy.toml.j2
new file mode 100644
index 0000000..d538664
--- /dev/null
+++ b/ansible/plays/templates/traefik-proxy.toml.j2
@@ -0,0 +1,126 @@
+[global]
+  checkNewVersion = true
+  sendAnonymousUsage = false
+
+################################################################
+# Entrypoints configuration
+################################################################
+
+[entryPoints]
+#  [entryPoints.web]
+#    address = ":80"
+
+  [entryPoints.websecure]
+    address = ":443"
+
+    [entryPoints.websecure.http.tls]
+      certResolver = "linode"
+
+[log]
+
+  # Log level
+  #
+  # Optional
+  # Default: "ERROR"
+  #
+  level = "DEBUG"
+
+  # Sets the filepath for the traefik log. If not specified, stdout will be used.
+  # Intermediate directories are created if necessary.
+  #
+  # Optional
+  # Default: os.Stdout
+  #
+  # filePath = "log/traefik.log"
+
+  # Format is either "json" or "common".
+  #
+  # Optional
+  # Default: "common"
+  #
+  # format = "json"
+
+################################################################
+# Access logs configuration
+################################################################
+
+# Enable access logs
+# By default it will write to stdout and produce logs in the textual
+# Common Log Format (CLF), extended with additional fields.
+#
+# Optional
+#
+# [accessLog]
+
+  # Sets the file path for the access log. If not specified, stdout will be used.
+  # Intermediate directories are created if necessary.
+  #
+  # Optional
+  # Default: os.Stdout
+  #
+  # filePath = "/path/to/log/log.txt"
+
+  # Format is either "json" or "common".
+  #
+  # Optional
+  # Default: "common"
+  #
+  # format = "json"
+
+################################################################
+# API and dashboard configuration
+################################################################
+
+# Enable API and dashboard
+[api]
+
+  # Enable the API in insecure mode
+  #
+  # Optional
+  # Default: false
+  #
+  # insecure = true
+
+  # Enabled Dashboard
+  #
+  # Optional
+  # Default: true
+  #
+  # dashboard = false
+
+################################################################
+# Ping configuration
+################################################################
+
+# Enable ping
+[ping]
+
+  # Name of the related entry point
+  #
+  # Optional
+  # Default: "traefik"
+  #
+  # entryPoint = "traefik"
+
+
+[certificatesResolvers.linode.acme]
+  email = "root@trygvis.io"
+  storage = "acme.json"
+  [certificatesResolvers.linode.acme.dnsChallenge]
+    provider = "linode"
+    delayBeforeCheck = 1
+
+[http]
+[http.routers]
+  [http.routers.junk]
+  rule = "Host(`junk.dn42.trygvis.io`)"
+  service = "netbox"
+
+  [http.routers.junk.tls]
+    certResolver = "linode"
+
+  [http.services]
+    # Define how to reach an existing service on our infrastructure
+    [http.services.netbox.loadBalancer]
+      [[http.services.netbox.loadBalancer.servers]]
+        url = "http://[fdb1:4242:3538:2005:be24:11ff:febb:5c7f]:8080"
diff --git a/ansible/plays/templates/unifi/systemd-networkd/enp1s0.network b/ansible/plays/templates/unifi/systemd-networkd/enp1s0.network
new file mode 100644
index 0000000..251bf45
--- /dev/null
+++ b/ansible/plays/templates/unifi/systemd-networkd/enp1s0.network
@@ -0,0 +1,8 @@
+[Match] 
+Name=enp1s0
+
+[Network]
+DHCP=ipv4
+
+[IPv6AcceptRA]
+Token=static:{{ ipam6.networks.lhn2_dn42.hosts.unifi }}