From 4b559395d6aa97925a2926bf88fd6015ad7e1b66 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Sun, 13 Feb 2022 19:25:17 +0100
Subject: wip

---
 ansible/ansible.cfg                                |  3 --
 ansible/group_vars/all/linode-dns.yml              | 33 +++++++++++-----------
 ansible/inventory                                  |  4 +--
 ansible/plays/files/wireguard/vs0/vimscore-4.pub   |  1 +
 ansible/plays/ops-agent.yml                        |  1 +
 .../plays/templates/ops-agent/docker-compose.yml   |  2 +-
 ansible/plays/templates/ops-agent/telegraf.conf    |  7 +++++
 ansible/plays/wireguard-vs0.yml                    | 12 ++++++++
 ansible/roles/dovecot/tasks/main.yml               |  2 +-
 bin/terraform                                      |  4 +--
 10 files changed, 44 insertions(+), 25 deletions(-)
 create mode 100644 ansible/plays/files/wireguard/vs0/vimscore-4.pub

diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index e7dde87..1904149 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -7,6 +7,3 @@ stdout_callback = debug
 vault_password_file = ./.vault-password
 roles_path = roles:thirdparty
 retry_files_enabled = False
-
-strategy_plugins = env/lib/python3.9/site-packages/ansible_mitogen/plugins/strategy
-strategy = mitogen_linear
diff --git a/ansible/group_vars/all/linode-dns.yml b/ansible/group_vars/all/linode-dns.yml
index 8f4d14d..30fc1c9 100644
--- a/ansible/group_vars/all/linode-dns.yml
+++ b/ansible/group_vars/all/linode-dns.yml
@@ -1,17 +1,18 @@
 $ANSIBLE_VAULT;1.1;AES256
-32613137363737323032353466633435666631323539363839633637666636326337363665326666
-3436386634663232663533303063313430633061323737350a383137343930626439613835376465
-63306535373732363137393461353164333261633735646639363030343961643832633839613765
-3630313535616264660a316437326231656332313833343663383662623438666463613537363436
-31646663356231373036663335633361353633333134336664303230366664396432623763616531
-37643962383431663333616338303239343535303563303238363232323963643866653166373366
-33333535636163306666663539656236363439323936383831326336386134333963623861316263
-34313334363135373262663864333339376639333832363433636232626535316562663239656139
-39323266663062623461343062333436343262633736373830323733653561623336333535343136
-33643137323035376233636638366439366535383364333635643464323036613238653237666239
-34396661633233626265663965653666653333666365636331623062613034633164333437386534
-64373733386232303739646132613435666430313730626661636263613461393661613338626333
-61363032616339626330376533626461363231323833663131636661366465623063316537353731
-38376432393735656537313039623135653032343631333761666639633563636535616437393163
-31626433323061373338636162666334363937623339643364663263316535303336623338363337
-37626330626338353733
+38656532373534383936376437386438333231313236316363316637353563646635306265343664
+6565653036363461353665663636363831613065386561360a316534316564303462393062303465
+31306332313734313762653834363062636233353862626633393039666266366465363134656362
+6639373862343832390a356665666334343430663863353663623934613463376235303932366138
+31613832333130396662343438646232323465363736666564303065306634363336313536346537
+36363866323636623432366636306138386632396430386631393062383530316533313930386433
+32663766653739646661633335316164393939373864313734356337323832323537353637353532
+35663838376137626433353665653165383533653132383164386633376531373438313337386561
+33366465623264666630626430346131393561383266623235616333323139633733363238316438
+66356630636638363861396430656661626466356463623061636433306139613936383061636438
+61396432313739333232323266323636373966393765646362646634663066636166643835616139
+30663934343538383062613539323134646634623865353064353761376162353364646266363539
+33333439626231653437336439303539303665633731356430306563376164373330653539653132
+38303932303962313061626530353164306131356365313561333536613339353433353466616665
+32666131313162663633656637663634333738393363343937356564643732306162303936303839
+32393339653663653834383966316439616363646533613266646432646464353966323266643331
+33353162323039626630383461363335336632663539326133643430313462616565
diff --git a/ansible/inventory b/ansible/inventory
index 5b24dca..a903558 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -4,14 +4,14 @@ all:
       ansible_host: knot.vpn.trygvis.io
       ansible_python_interpreter: /usr/bin/python3
     hash:
-      ansible_host: hash.vpn.trygvis.io
+      ansible_host: hash.trygvis.io
     numquam:
       ansible_host: numquam.trygvis.io
     birgitte:
       ansible_host: birgitte.vpn.trygvis.io
       ansible_python_interpreter: /usr/bin/python3
     arius:
-      ansible_host: arius.trygvis.io
+      ansible_host: arius.vpn.trygvis.io
       ansible_python_interpreter: /usr/bin/python3
     mw:
       ansible_host: 2a01:7e00:e000:272:2ff:aaff:fe7e:46b4
diff --git a/ansible/plays/files/wireguard/vs0/vimscore-4.pub b/ansible/plays/files/wireguard/vs0/vimscore-4.pub
new file mode 100644
index 0000000..de3f379
--- /dev/null
+++ b/ansible/plays/files/wireguard/vs0/vimscore-4.pub
@@ -0,0 +1 @@
+3BtUW/vKuCt1fMX/kUJ32Dx5spVJQBtk4NQyfQVp0RA=
diff --git a/ansible/plays/ops-agent.yml b/ansible/plays/ops-agent.yml
index cb16e6d..f4e52bc 100644
--- a/ansible/plays/ops-agent.yml
+++ b/ansible/plays/ops-agent.yml
@@ -3,6 +3,7 @@
     - birgitte
     - hash
     - malabaricus
+    - knot
   tasks:
 # Generate template telegraf.conf
 #   docker run --rm telegraf:1.14 bash
diff --git a/ansible/plays/templates/ops-agent/docker-compose.yml b/ansible/plays/templates/ops-agent/docker-compose.yml
index c3a2b8a..57cab7b 100644
--- a/ansible/plays/templates/ops-agent/docker-compose.yml
+++ b/ansible/plays/templates/ops-agent/docker-compose.yml
@@ -1,7 +1,7 @@
 version: "3"
 services:
   telegraf:
-    image: telegraf:1.15
+    image: telegraf:1.17
     privileged: true
     network_mode: host
     volumes:
diff --git a/ansible/plays/templates/ops-agent/telegraf.conf b/ansible/plays/templates/ops-agent/telegraf.conf
index a408ef6..4dd6422 100644
--- a/ansible/plays/templates/ops-agent/telegraf.conf
+++ b/ansible/plays/templates/ops-agent/telegraf.conf
@@ -27,7 +27,9 @@
 [[inputs.processes]]
 [[inputs.swap]]
 [[inputs.system]]
+{% if false %}
 [[inputs.docker]]
+{% endif %}
 
 {% if telegraf_sensors_enable|default(false) %}
 [[inputs.sensors]]
@@ -45,6 +47,11 @@ devices = [
 {% endif %}
 {% endif %}
 
+[[inputs.net]]
+[[inputs.netstat]]
+[[inputs.interrupts]]
+[[inputs.linux_sysctl_fs]]
+
 [[outputs.influxdb]]
   urls = ["$INFLUX_URL"]
   skip_database_creation = false
diff --git a/ansible/plays/wireguard-vs0.yml b/ansible/plays/wireguard-vs0.yml
index a9a108b..904f8ed 100644
--- a/ansible/plays/wireguard-vs0.yml
+++ b/ansible/plays/wireguard-vs0.yml
@@ -21,6 +21,10 @@
           address: 192.168.137.3/24
           network: 10.137.3.0
           prefix: 24
+        vimscore-4:
+          address: 192.168.137.4/24
+          network: 10.137.4.0
+          prefix: 24
         arius:
           address: 192.168.137.103/24
           network: 10.137.103.0
@@ -44,6 +48,9 @@
         - gateway: "{{ networks['vimscore-3'].address }}"
           network: "{{ networks['vimscore-3'].network }}/{{ networks['vimscore-3'].prefix }}"
           state: "{{ 'absent' if ansible_hostname == 'vimscore-3' else 'present' }}"
+        - gateway: "{{ networks['vimscore-4'].address }}"
+          network: "{{ networks['vimscore-4'].network }}/{{ networks['vimscore-4'].prefix }}"
+          state: "{{ 'absent' if ansible_hostname == 'vimscore-4' else 'present' }}"
         - gateway: "{{ networks['arius'].address }}"
           network: "{{ networks['arius'].network }}/{{ networks['arius'].prefix }}"
           state: "{{ 'absent' if ansible_hostname == 'arius' else 'present' }}"
@@ -71,6 +78,11 @@
           allowed_ips:
             - "{{ networks['vimscore-3'].address | ipaddr('address') }}/32"
             - "{{ networks['vimscore-3'].network }}/{{ networks['vimscore-3'].prefix }}"
+        vimscore-4:
+          endpoint: vimscore-4.vimscore.com
+          allowed_ips:
+            - "{{ networks['vimscore-4'].address | ipaddr('address') }}/32"
+            - "{{ networks['vimscore-4'].network }}/{{ networks['vimscore-4'].prefix }}"
         arius:
           allowed_ips:
             - "{{ networks['arius'].address | ipaddr('address') }}/32"
diff --git a/ansible/roles/dovecot/tasks/main.yml b/ansible/roles/dovecot/tasks/main.yml
index 1ee3b8d..fdc874c 100644
--- a/ansible/roles/dovecot/tasks/main.yml
+++ b/ansible/roles/dovecot/tasks/main.yml
@@ -11,7 +11,7 @@
     - update-passwords
   become: yes
   with_dict: "{{ dovecot__passwords }}"
-  no_log: yes
+#  no_log: yes
   htpasswd:
     path: /etc/dovecot/users
     name: "{{ item.key }}"
diff --git a/bin/terraform b/bin/terraform
index 967f2c0..ac2d331 100755
--- a/bin/terraform
+++ b/bin/terraform
@@ -4,8 +4,8 @@ set -euo pipefail
 
 basedir=$(dirname "$0")
 
-version=1.0.4
-url=https://releases.hashicorp.com/terraform/${version}/terraform_${version}_linux_amd64.zip
+terraform_version=1.0.7
+terraform_url=https://releases.hashicorp.com/terraform/$terraform_version/terraform_${terraform_version}_linux_amd64.zip
 
 bin="$basedir/.tmp/$version/terraform"
 
-- 
cgit v1.2.3