From de354f699d205e59bc17fc653ea5f2133c53f4fe Mon Sep 17 00:00:00 2001 From: Blallo Date: Tue, 23 Feb 2021 19:12:00 +0100 Subject: [PATCH] Init --- .gitignore | 1 + ansible.cfg | 4 + inventories/cave/athena.yml | 26 ++ inventories/cave/cave.yml | 85 ++++++ inventories/cave/group_vars/all/config.yml | 10 + inventories/cave/group_vars/all/dns.yml | 5 + .../cave/group_vars/all/drone_server.yml | 41 +++ inventories/cave/group_vars/all/fdroid.yml | 47 +++ inventories/cave/group_vars/all/gateway.yml | 285 ++++++++++++++++++ .../cave/group_vars/all/lineage_builder.yml | 8 + .../cave/group_vars/all/sendmail_users.yml | 18 ++ inventories/cave/group_vars/all/syncthing.yml | 14 + .../cave/group_vars/all/torrent_server.yml | 73 +++++ inventories/cave/servipi.yml | 11 + inventories/cave/stakhanov.yml | 27 ++ inventories/chat/chat.yml | 4 + inventories/chat/group_vars/all/config.yml | 5 + inventories/pikubed/group_vars/all/config.yml | 25 ++ inventories/pikubed/pi2 | 2 + inventories/pikubed/pikubed.old.yml | 28 ++ inventories/pikubed/pikubed.yml | 30 ++ inventories/sea/group_vars/all/config.yml | 4 + inventories/sea/group_vars/all/dns_server.yml | 150 +++++++++ inventories/sea/group_vars/all/sendmail.yml | 19 ++ .../sea/group_vars/all/vpn_gateway.yml | 29 ++ inventories/sea/sea.yml | 28 ++ inventories/sea/secrets.yml | 53 ++++ playbooks/aosp.yml | 5 + playbooks/base.yml | 9 + playbooks/dns.sea.yml | 4 + playbooks/drone.yml | 4 + playbooks/gateway.yml | 4 + playbooks/playbook.cave.yml | 40 +++ playbooks/playbook.chat.yml | 10 + playbooks/playbook.pikubed.registry.yml | 4 + playbooks/playbook.pikubed.yml | 25 ++ playbooks/playbook.sea.yml | 17 ++ playbooks/playbook.servipi.yml | 9 + playbooks/playbook.stakhanov.yaml | 9 + playbooks/playbook.yaml | 47 +++ playbooks/sendmail.yml | 4 + playbooks/torrent_server.yml | 4 + playbooks/vpn_gateway.yml | 4 + playbooks/zsh_chic.yml | 8 + 44 files changed, 1239 insertions(+) create mode 100644 .gitignore create mode 100644 ansible.cfg create mode 100644 inventories/cave/athena.yml create mode 100644 inventories/cave/cave.yml create mode 100644 inventories/cave/group_vars/all/config.yml create mode 100644 inventories/cave/group_vars/all/dns.yml create mode 100644 inventories/cave/group_vars/all/drone_server.yml create mode 100644 inventories/cave/group_vars/all/fdroid.yml create mode 100644 inventories/cave/group_vars/all/gateway.yml create mode 100644 inventories/cave/group_vars/all/lineage_builder.yml create mode 100644 inventories/cave/group_vars/all/sendmail_users.yml create mode 100644 inventories/cave/group_vars/all/syncthing.yml create mode 100644 inventories/cave/group_vars/all/torrent_server.yml create mode 100644 inventories/cave/servipi.yml create mode 100644 inventories/cave/stakhanov.yml create mode 100644 inventories/chat/chat.yml create mode 100644 inventories/chat/group_vars/all/config.yml create mode 100644 inventories/pikubed/group_vars/all/config.yml create mode 100644 inventories/pikubed/pi2 create mode 100644 inventories/pikubed/pikubed.old.yml create mode 100644 inventories/pikubed/pikubed.yml create mode 100644 inventories/sea/group_vars/all/config.yml create mode 100644 inventories/sea/group_vars/all/dns_server.yml create mode 100644 inventories/sea/group_vars/all/sendmail.yml create mode 100644 inventories/sea/group_vars/all/vpn_gateway.yml create mode 100644 inventories/sea/sea.yml create mode 100644 inventories/sea/secrets.yml create mode 100644 playbooks/aosp.yml create mode 100644 playbooks/base.yml create mode 100644 playbooks/dns.sea.yml create mode 100644 playbooks/drone.yml create mode 100644 playbooks/gateway.yml create mode 100644 playbooks/playbook.cave.yml create mode 100644 playbooks/playbook.chat.yml create mode 100644 playbooks/playbook.pikubed.registry.yml create mode 100644 playbooks/playbook.pikubed.yml create mode 100644 playbooks/playbook.sea.yml create mode 100644 playbooks/playbook.servipi.yml create mode 100644 playbooks/playbook.stakhanov.yaml create mode 100644 playbooks/playbook.yaml create mode 100644 playbooks/sendmail.yml create mode 100644 playbooks/torrent_server.yml create mode 100644 playbooks/vpn_gateway.yml create mode 100644 playbooks/zsh_chic.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9802151 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.ansible-vault-password diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..15fefe3 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +interpreter_python = /usr/bin/python3 +ansible_python_interpreter = /usr/bin/python3 +roles_path = ./roles/:~/.ansible/roles:/etc/ansible/roles diff --git a/inventories/cave/athena.yml b/inventories/cave/athena.yml new file mode 100644 index 0000000..81691e5 --- /dev/null +++ b/inventories/cave/athena.yml @@ -0,0 +1,26 @@ +--- +all: + children: + docker_hosts: + hosts: + athena.cave: + zsh_chic: + hosts: + athena.cave: + zsh_chic: + users: + - {username: root, home: /root, group: root, starship: true} + dev_box: + hosts: + athena.cave: + dev_box: + users: + - {username: leo, home: /home/leo, group: leo, antibody: true, term: xterm-256color} + - {username: omar, home: /home/omar, group: omar, antibody: true} + - {username: peppe, home: /home/peppe, group: peppe, antibody: true} + - {username: fra, home: /home/fra, group: fra, antibody: true} + - {username: tom, home: /home/tom, group: tom, antibody: true} + - {username: rick, home: /home/rick, group: rick, antibody: true} + - {username: simo, home: /home/simo, group: simo, antibody: true} + - {username: busi, home: /home/busi, group: busi, antibody: true} + diff --git a/inventories/cave/cave.yml b/inventories/cave/cave.yml new file mode 100644 index 0000000..764f7c6 --- /dev/null +++ b/inventories/cave/cave.yml @@ -0,0 +1,85 @@ +--- +all: + children: + sendmail: + hosts: + minos.cave: + sendmail: + version: "0.6" + configuration: + - "{{ sendmail_users.unit_failure }}" + srv.cave: + sendmail: + version: "0.6" + configuration: + - "{{ sendmail_users.unit_failure }}" + mercury.cave: + sendmail: + version: "0.6" + configuration: + - "{{ sendmail_users.unit_failure }}" + - name: copione + from: copione@troubles.ga + to_list: [blallo@troubles.ga] + server: + address: charon.troubles.ga + port: 587 + user: copione@troubles.ga + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 63353835613866326330653837636562333739373132393432636238386564373135643662663535 + 3230316533633832303261623662336237623565643733610a323439363332623936653030653537 + 39373266653766326138303030366437666664663733343865653965623863353764616335346333 + 3162376234653138380a636330666264373532346466326337313431356566346639663439373330 + 66363066366361663636633566653134303239656430613963323335636539373436 + - name: los + from: los@troubles.ga + to_list: [blallo@troubles.ga] + server: + address: charon.troubles.ga + port: 587 + user: los@troubles.ga + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 64353065363430346432666263323064353862336139613963323735613130333965623038633435 + 3832313733343464303835646339656161383737303730610a613139653264306234363765613062 + 65663738323663656462633531626339383166646633636562363461346638343933363235633863 + 6564626635356230390a346538633861323136326637313230376639393761643337356263373832 + 66306635626533396366306164376434383735663966623062626562643764613930 + + docker_hosts: + hosts: + mercury.cave: + + drone_server: + hosts: + mercury.cave: + + aosp_factory: + hosts: + mercury.cave: + + gateway: + hosts: + minos.cave: + + torrent_server: + hosts: + srv.cave: + + mysql: + hosts: + srv.cave: + + zsh_chic: + hosts: + mercury.cave: + srv.cave: + minos.cave: + vars: + zsh_chic: + users: "{{ default_user }}" + + syncthing: + hosts: + srv.cave: diff --git a/inventories/cave/group_vars/all/config.yml b/inventories/cave/group_vars/all/config.yml new file mode 100644 index 0000000..e98c6b0 --- /dev/null +++ b/inventories/cave/group_vars/all/config.yml @@ -0,0 +1,10 @@ +--- +ansible_python_interpreter: /usr/bin/python3 + +default_user: + - {username: root, home: /root, group: root, starship: true} + +sendmail: + version: "0.6" + +cockpit_disable_tls: yes diff --git a/inventories/cave/group_vars/all/dns.yml b/inventories/cave/group_vars/all/dns.yml new file mode 100644 index 0000000..e6c15f4 --- /dev/null +++ b/inventories/cave/group_vars/all/dns.yml @@ -0,0 +1,5 @@ +--- +dns: + - 192.168.122.1 + - 8.8.8.8 + - 1.1.1.1 diff --git a/inventories/cave/group_vars/all/drone_server.yml b/inventories/cave/group_vars/all/drone_server.yml new file mode 100644 index 0000000..8ca969a --- /dev/null +++ b/inventories/cave/group_vars/all/drone_server.yml @@ -0,0 +1,41 @@ +--- +drone_version: "latest" +drone_host_port: "8080" + +drone_server_enable: "true" +drone_server_host: "drone.troubles.io" +drone_server_proto: "https" +drone_rpc_server: "http://192.168.122.10:8080" +drone_rpc_secret: "03a50202f21473a2772bc897b6409999" +drone_gitea_server: "https://git.abbiamoundominio.org" +drone_gitea_client_id: "ca105ddd-913d-459e-a115-40d44d447e55" +drone_gitea_client_secret: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 66343634393066323733346161373066353661636332343462373865656462363035356439373963 + 6434643362363832313765353631386533643931623335650a663062663166353139393966353035 + 36386235323563666566333234376130316539663931653665663039633738376536613135316234 + 6231336330353763360a313561393933656663383832643765636162303765303631376232633662 + 35356335323436623337616564613936636133636164646430306231386461303863303532376432 + 3565383732393536643431303135353732336233623964333335 +drone_gitea_skip_verify: "false" +drone_gitea_debug: "false" + +drone_agent_enable: "true" +drone_user_create: "username:blallo,admin:true" + +# drone_logs_trace: "true" +# drone_logs_debug: "true" + +drone_database_driver: "postgres" +drone_postgres_backup_dir: "/var/dronepg" +drone_postgres_user: "drone" +drone_postgres_db: "drone" +drone_database_datasource: "postgres://drone:fd5a3f4dec0d6c9d154591f6d9b3d6d1@192.168.122.10:5432/drone?sslmode=disable" +drone_postgres_password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 65373439316431306463363363323535326137373637653262346238393761643964373436636661 + 6662343030383665336239616431363436313731613838630a343130353333356437306261353961 + 37656264313036666137643061376338333766666366633061326136313966656634636261333832 + 3266646561346261650a373439613339303032326333626662303638656263316439303139343763 + 30626638356433343363663866393937333935383039623235636165393262633263383566386263 + 3666393432663864656438613030653532303564326562393336 diff --git a/inventories/cave/group_vars/all/fdroid.yml b/inventories/cave/group_vars/all/fdroid.yml new file mode 100644 index 0000000..8ef14e3 --- /dev/null +++ b/inventories/cave/group_vars/all/fdroid.yml @@ -0,0 +1,47 @@ +--- +fdroid_server: + base_name: "repo.troubles.io" + icon: blallo-icon.png + repo_name: "Blallo F-Droid Repo" + repo_description: | + Blallo APKs repo. Private repo, no apk is guaranteed to work. Beware! + archive_older: 3 + archive_name: "Blallo F-Droid Archive Repo" + archive_description: | + Blallo APKs archive repo. Private repo, no apk is guaranteed to work. Beware! + repo_keyalias: key0 + keystore: blallo.jks + keystorepass: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 36383763653261383362336632613434386633633535393536303562316534666630666136393431 + 3765666331333037356463313839393065333234343966330a353365376264616631633365646566 + 66323730353031366166356331356564336464326239356239323466346664353666313464653131 + 3039356266336336360a633464383134643363376638656130343162376339643839356133346430 + 3563 + keypass: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 31323338376230393333613430646633656164333962306666656165616563356635383266333364 + 3136313061333431393634623737663833653639373233390a653366376165346463366234356338 + 32333861663562383037636365333562343965353064653632323262623465666563346131633531 + 6138616265643133630a336535376136303566613532366432373332323939633535366539356633 + 3862 + keydname: "CN=Blallo, OU=Blallica R&D, O=Blallica" + apps: + - app_java_name: org.mozilla.fenix.nightly + author_name: "Mozilla" + categories: ["Blallo", "Internet"] + issue_tracker_url: "https://github.com/mozilla-mobile/fenix/issues" + app_name: "Firefox Nightly" + source_code_url: "https://git.abbiamoundominio.org/blallo/fenix" + summary: "Mozilla Firefox, nightly version (blallo build)" + website_url: "https://git.abbiamoundominio.org/blallo/fenix" + build_src_path: /var/builds/fenix + - app_java_name: org.thoughtcrime.securesms + author_name: "Open Whisper Systems" + categories: ["Blallo", "Chat"] + issue_tracker_url: "https://github.com/signalapp/Signal-Android/issues" + app_name: "Signal" + source_code_url: "https://git.abbiamoundominio.org/blallo/Signal-Android" + summary: "Signal, Private Communication (blallo build)" + website_url: "https://signal.org" + build_src_path: /var/builds/signal diff --git a/inventories/cave/group_vars/all/gateway.yml b/inventories/cave/group_vars/all/gateway.yml new file mode 100644 index 0000000..f0d9ae5 --- /dev/null +++ b/inventories/cave/group_vars/all/gateway.yml @@ -0,0 +1,285 @@ +--- +public_address: 15.161.166.194 + +gateway: + proxied_services: + - domain_name: sync.troubles.io + internal_ip: 192.168.122.11 + internal_port: 8384 + cert_email: blallo@troubles.ga + redirect_to_https: yes + - domain_name: drone.troubles.io + internal_ip: 192.168.122.10 + internal_port: 8080 + cert_email: blallo@troubles.ga + redirect_to_https: yes + - domain_name: bt.troubles.io + internal_ip: 192.168.122.11 + internal_port: 8081 + cert_email: blallo@troubles.ga + redirect_to_https: no + websockets: + path: /service + internal_ip: 192.168.122.11 + internal_port: 8412 + - domain_name: flix.troubles.io + internal_ip: 192.168.122.11 + internal_port: 8080 + redirect_to_https: no + http_opts: + - proxy_http_version 1.1; + - proxy_set_header Upgrade $http_upgrade; + - proxy_set_header Connection $http_connection; + - domain_name: repo.troubles.io + internal_ip: 192.168.122.10 + internal_port: 8081 + cert_email: blallo@troubles.ga + redirect_to_https: yes + - domain_name: minos.cockpit.troubles.io + internal_ip: 127.0.0.1 + internal_port: 9090 + cert_email: blallo@troubles.ga + redirect_to_https: yes + https_opts: + - proxy_http_version 1.1; + - proxy_set_header Upgrade $http_upgrade; + - proxy_set_header Connection $http_connection; + websockets: + path: /cockpit/socket + internal_ip: 127.0.0.1 + internal_port: 9090 + - domain_name: srv.cockpit.troubles.io + internal_ip: 192.168.122.11 + internal_port: 9090 + cert_email: blallo@troubles.ga + redirect_to_https: yes + https_opts: + - proxy_http_version 1.1; + - proxy_set_header Upgrade $http_upgrade; + - proxy_set_header Connection $http_connection; + websockets: + path: /cockpit/socket + internal_ip: 192.168.122.11 + internal_port: 9090 + - domain_name: mercury.cockpit.troubles.io + internal_ip: 192.168.122.10 + internal_port: 9090 + cert_email: blallo@troubles.ga + redirect_to_https: yes + https_opts: + - proxy_http_version 1.1; + - proxy_set_header Upgrade $http_upgrade; + - proxy_set_header Connection $http_connection; + websockets: + path: /cockpit/socket + internal_ip: 192.168.122.10 + internal_port: 9090 + - domain_name: athena.cockpit.troubles.io + internal_ip: 192.168.122.254 + internal_port: 9090 + cert_email: blallo@troubles.ga + redirect_to_https: yes + https_opts: + - proxy_http_version 1.1; + - proxy_set_header Upgrade $http_upgrade; + - proxy_set_header Connection $http_connection; + websockets: + path: /cockpit/socket + internal_ip: 192.168.122.254 + internal_port: 9090 + - domain_name: stakhanov.cockpit.troubles.io + internal_ip: 192.168.122.1 + internal_port: 9090 + cert_email: blallo@troubles.ga + redirect_to_https: yes + https_opts: + - proxy_http_version 1.1; + - proxy_set_header Upgrade $http_upgrade; + - proxy_set_header Connection $http_connection; + websockets: + path: /cockpit/socket + internal_ip: 192.168.122.1 + internal_port: 9090 + - domain_name: proro.ga + internal_ip: 192.168.122.254 + internal_port: 230 + cert_email: blallo@troubles.ga + redirect_to_https: yes + https_opts: + - proxy_http_version 1.1; + - proxy_set_header Upgrade $http_upgrade; + - proxy_set_header Connection $http_connection; + - domain_name: los.troubles.io + internal_ip: 192.168.122.10 + internal_port: 8082 + cert_email: blallo@troubles.ga + redirect_to_https: yes + https_custom_locations: + - rule: /builds/ + conf_lines: + - "proxy_pass http://192.168.122.10:8083" + - "proxy_set_header Host $remote_addr" + - "proxy_set_header X-Forwarded-Proto $scheme" + - "proxy_set_header X-Forwarded-Port $server_port" + - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" + - rule: /builds.json + conf_lines: + - "proxy_pass http://192.168.122.10:8083" + - "proxy_set_header Host $remote_addr" + - "proxy_set_header X-Forwarded-Proto $scheme" + - "proxy_set_header X-Forwarded-Port $server_port" + - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" + https_custom_configurations: + - "rewrite ^/builds$ /builds/ permanent" + - domain_name: cam.troubles.io + internal_ip: 192.168.1.8 + internal_port: 8080 + cert_email: blallo@troubles.ga + redirect_to_https: yes + password_protect: yes + password_file: /etc/nginx/.cam.troubles.io-htpasswd + username: leo + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 65636138313034316234643236313733343361623337356464643937666439633535343930343166 + 3935646261386666343535303734666166336562353539310a643733653163666333636531366139 + 63343764616135306661646433346435376334636431303033363364313930613864373834343036 + 6636376437643466380a363633323731663430386237623632383164643161643934636331633338 + 66333538353864326162313234616262633831663638396564386337343235336661 + https_custom_locations: + - rule: /0/ + conf_lines: + - "proxy_pass http://192.168.1.8:8081/0/stream" + - "proxy_set_header Host $remote_addr" + - "proxy_set_header X-Forwarded-Proto $scheme" + - "proxy_set_header X-Forwarded-Port $server_port" + - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" + + firewall: + home_iface: enp0s0 + public_iface: internet + vm_iface: eth0 + forwarded_ports: + - zone: home + from: + port: 16493 + addr: 192.168.1.20 + proto: "tcp" + to: + port: 16493 + addr: 192.168.122.11 + - zone: home + from: + port: 16309 + addr: 192.168.1.20 + proto: "udp" + to: + port: 16309 + addr: 192.168.122.11 + - zone: home + from: + port: 16362 + addr: 192.168.1.20 + proto: "udp" + to: + port: 16362 + addr: 192.168.122.11 + - zone: home + from: + port: 445 + addr: 192.168.1.20 + proto: "tcp" + to: + port: 445 + addr: 192.168.122.11 + - zone: home + from: + port: 139 + addr: 192.168.1.20 + proto: "tcp" + to: + port: 139 + addr: 192.168.122.11 + - zone: home + from: + port: 138 + addr: 192.168.1.20 + proto: "udp" + to: + port: 138 + addr: 192.168.122.11 + - zone: home + from: + port: 137 + addr: 192.168.1.20 + proto: "udp" + to: + port: 137 + addr: 192.168.122.11 + - zone: home + from: + port: 22000 + addr: 192.168.1.20 + proto: "tcp" + to: + port: 22000 + addr: 192.168.122.11 + - zone: public + from: + port: 31337 + addr: "{{ public_address }}" + proto: "tcp" + to: + port: 22 + addr: 192.168.122.254 + - zone: public + from: + port: 22000 + addr: "{{ public_address }}" + proto: "tcp" + to: + port: 22000 + addr: 192.168.122.11 + - zone: public + from: + port: 21027 + addr: "{{ public_address }}" + proto: "udp" + to: + port: 21027 + addr: 192.168.122.11 + + ivacy: + username: ivacy0d8560848 + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 30633462393336626266333038653734303835656533303139326330633864313765643839323266 + 6239396539393265623837343530363962303664323639630a313563313464663134613166393131 + 38653731636562346363656466366464366139303935643866373431633631663063353633326337 + 3433613030373832390a353830626531353161383133643765343362393563383565386136643736 + 6465 + + vpn: + name: internet + this_ip: 10.255.255.2 + listen_port: 10666 + private_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 37393062623161343361356130626630393065616162646535366265386363643063343261326462 + 3030383034383638386233393434346132323238633565660a393231623939626532643435363136 + 31653734636337633738376561316137303861373339323131326632316539646262626138323764 + 3064346233613934390a396663393236323733323930363162613937623064643637303839333339 + 35383638313137353966663531326432623661336165303036353162393135656362633037386639 + 3531323065623833336435323561393066333166396536653333 + endpoint: + url: 15.161.228.33 + this_ip: 10.255.255.1 + port: 21212 + public_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 34323535393334613237396532333836383734626538393066386630613838663236633832336330 + 6333653838326438313634633966336431383066646633340a383930306430363662306161633966 + 34623333613935613434323631383961386266643765386164333965643661356333363834373565 + 3633343833306164660a313164353466343032643937633934653830386234323361343433626635 + 30653132636230346338323332386363343266316666643137613239366263336238643535353162 + 3565643330643833383531343937323839626434646565346439 diff --git a/inventories/cave/group_vars/all/lineage_builder.yml b/inventories/cave/group_vars/all/lineage_builder.yml new file mode 100644 index 0000000..6f730d2 --- /dev/null +++ b/inventories/cave/group_vars/all/lineage_builder.yml @@ -0,0 +1,8 @@ +--- +lineage_builder: + app_version: "0.1" + base_name: los.troubles.io + builds_path: /var/builds/los/enchilada/ + builds_json_path: /var/builds/los/enchilada/builds.json + builder_path: /var/lineage_builder + timer: " *-*-* 2:00:00" diff --git a/inventories/cave/group_vars/all/sendmail_users.yml b/inventories/cave/group_vars/all/sendmail_users.yml new file mode 100644 index 0000000..067fc79 --- /dev/null +++ b/inventories/cave/group_vars/all/sendmail_users.yml @@ -0,0 +1,18 @@ +--- +sendmail_users: + unit_failure: + name: unit_failure + from: memento@troubles.ga + to_list: + - blallo@troubles.ga + server: + address: charon.troubles.ga + port: 587 + user: memento@troubles.ga + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 61646263303237376334663331626165616238393962333436333437313031643633316631353432 + 6362656437373261303233333332373237343839333134360a646137636539623862643233316435 + 62623937623635393435653034643630343864633731333932623863643564373461323936666138 + 6632386265623934340a396334653630666133303063383031303931336332663966336461313335 + 64346334666165373930373063353530346639613532336330656239393734376662 diff --git a/inventories/cave/group_vars/all/syncthing.yml b/inventories/cave/group_vars/all/syncthing.yml new file mode 100644 index 0000000..3f87d63 --- /dev/null +++ b/inventories/cave/group_vars/all/syncthing.yml @@ -0,0 +1,14 @@ +--- +syncthing: + home: /var/syncthing + dir: /syncthing + user: leo + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 30636561643939376139313864366565663462336562353639616531313636663039363834623635 + 3634663439366465643765313166376162363864386139350a346538343764656336383366336332 + 31663734666535346262656361386662663837346630323430386662333637393162623932653561 + 3836353833326638310a356230323465386465643634643630386535313165376334366436613861 + 32336464366363666533306662323264393830373565623632326564643736346366383862643538 + 66643539613134313639653938363231363033306139326363393165633461653662373166383431 + 333761303561656137376133313561656337 diff --git a/inventories/cave/group_vars/all/torrent_server.yml b/inventories/cave/group_vars/all/torrent_server.yml new file mode 100644 index 0000000..e51fb4e --- /dev/null +++ b/inventories/cave/group_vars/all/torrent_server.yml @@ -0,0 +1,73 @@ +--- +torrent_server: + db_root_password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 61626139623664616138383431623134636435353765376632653537316663313965663439313532 + 3534393362643365363739356338316536393234313335390a326339643162343364306463343331 + 32653234343865333936383265363837633236393934666437366433393337633161393633303630 + 6264323235386264360a383336356634623837366665353061613038633464393861396466376264 + 37356434343837386461393932613831353063366133666239636130386534303562 + public_url: bt.troubles.io + synapse: + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 64653435623931623366353937393331383637323936663832636463326262666134386463336661 + 6564346332373932366239613734656137633065666361640a383662356535623864306364306564 + 66616333396636316236646631356263303838663639656135656339326633343034393765353637 + 3265653739623664620a323464323364386232313337306334396332643737346364376462303933 + 37646166343061653338386231653037663065613433353430653939646438386561 + max_dl: 10 + rpc_port: 8412 + peer_tcp_port: 16493 + dht_udp_port: 16309 + trackers_udp_port: 16362 + release_url: https://github.com/Luminarys/synapse/releases/download/1.0/synapse + syncli_release_url: https://github.com/Luminarys/synapse/releases/download/1.0/sycli + receptor: + release_url: https://git.abbiamoundominio.org/blallo/receptor/releases/download/1.0.1/receptor-1.0.1.tar.gz + streama: + release_url: https://github.com/streamaserver/streama/releases/download/v1.8.0-beta/streama-1.8.0.jar + db_password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 37323136363866323533383032653930346264643966613532363766623438643030626331333831 + 6337613264663130323062653338636232353131656334380a313862323966343262396135373230 + 30306562376130643635393636316635313338386235316261373132623438633962326237313433 + 3238353861313861630a386437646230363235303831656638613963333435646330663434313939 + 38663533356462343731346262333964396363663436666335616438633338323161 + samba: + workgroup: "TROUBLES" + log: + file: /var/log/samba.log + shares: + - name: pirate_cave + path: /opt/synapse/download + read_only: yes + writeable: no + browseable: yes + valid_users: ["leo"] + users: + - name: leo + uid: 1024 + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 33326662626234363936666238313665663561356334363364633234366338346230636631626534 + 3239633834656134343461653638356535366237363231350a656632626332326164373563666464 + 37633838646637306362306534653363613562383039636336373339363639353332346132313562 + 3338363934643135610a326662353061613931643933396532383639613863613264353666383139 + 36666330383363326332643532653138366364373739626664666165626430643533 + openvpn: + outserver: Netherlands-Amsterdam-UDP + username: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 30306534326433323466306263333637343736323264306363623938613233316232326636613830 + 3864396136313830333166393438343165356437663465330a353965383938326434633933383564 + 32333130383361373931656463343536613438623166663563333161353333386338353264313564 + 6430343034326139330a616332663632343561653438613235363337323833363537386536633435 + 63653065396437323939666261383862623964303337306464613738356161666662 + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 39393761393739636461386466323532366130386634633538373238323535333233353332613838 + 6632653839396463386662623366323164373961356435620a316435643932626437353063336262 + 36333962323034346163653636306664613431383862313331626466306364393137613066333465 + 3530383465623839320a633035363636643137663765326264373938396333383737623238303465 + 66633332633531633233396636623232646139616261653866383532333065633863 diff --git a/inventories/cave/servipi.yml b/inventories/cave/servipi.yml new file mode 100644 index 0000000..1c8d3bb --- /dev/null +++ b/inventories/cave/servipi.yml @@ -0,0 +1,11 @@ +--- +all: + hosts: + servipi.cave: + ansible_host: 192.168.1.8 + zsh_chic: + users: + - {username: root, home: /root, group: root, antibody: true, term: xterm-256color} + zsh_chic_arch: armhf + tor_node_services: + - {name: ssh, local_port: 22, public_port: 22} diff --git a/inventories/cave/stakhanov.yml b/inventories/cave/stakhanov.yml new file mode 100644 index 0000000..94f8ee5 --- /dev/null +++ b/inventories/cave/stakhanov.yml @@ -0,0 +1,27 @@ +--- +all: + hosts: + stakhanov.cave: + cockpit_disable_tls: yes + zsh_chic: + users: + - {username: root, home: /root, group: root, starship: true} + - {username: blallo, home: /home/blallo, group: blallo, antibody: true, term: xterm-256color} + sendmail: + version: "0.6" + configuration: + - name: unit_failure + from: memento@troubles.ga + to_list: + - blallo@troubles.ga + server: + address: charon.troubles.ga + port: 587 + user: memento@troubles.ga + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 62633866623631363965356565333833343734383963393233393135303737376231643330383835 + 3132643964616161373931316139623762386536373166310a653735363234643363643861383565 + 66646135393761323333363765376132623361303337316261373861656234666339386531363631 + 6532636239663961390a383235343462353036373230303333396465326563303331616633623765 + 39613839346364333962316639306635376563623634346163376638316463663730 diff --git a/inventories/chat/chat.yml b/inventories/chat/chat.yml new file mode 100644 index 0000000..989d058 --- /dev/null +++ b/inventories/chat/chat.yml @@ -0,0 +1,4 @@ +--- +all: + hosts: + matrix.degenerazione.xyz: diff --git a/inventories/chat/group_vars/all/config.yml b/inventories/chat/group_vars/all/config.yml new file mode 100644 index 0000000..4b8e995 --- /dev/null +++ b/inventories/chat/group_vars/all/config.yml @@ -0,0 +1,5 @@ +--- +ansible_python_interpreter: /usr/bin/python3 + +default_user: + - {username: root, home: /root, group: root, starship: true} diff --git a/inventories/pikubed/group_vars/all/config.yml b/inventories/pikubed/group_vars/all/config.yml new file mode 100644 index 0000000..7c0878d --- /dev/null +++ b/inventories/pikubed/group_vars/all/config.yml @@ -0,0 +1,25 @@ +--- +default_user: + - {username: root, home: /root, group: root, antibody: true, powerline: true} + +apt_cacher_ng_cacher_ip: 192.168.1.40 + +gen_tls_generate_certs: true +gen_tls_cert_dir: ~/Documents/coding/playbooks/keep/certs +gen_tls_generate_ca_cert: true +gen_tls_generate_server_cert: true +gen_tls_ca_commonname: Pikubed Kluster +gen_tls_ca_country: EU +gen_tls_ca_state: Italy +gen_tls_ca_locality: Milan +gen_tls_ca_organization: Pikubed +gen_tls_ca_organizationalunit: Pikubed Kluster +gen_tls_ca_email: blallo@troubles.ga +gen_tls_populate_etc_hosts: true +gen_tls_tld: pikubed + +ansible_registry_golang_flags: "GOOS=linux GOARCH=arm64" +ansible_registry_filesystem_path: /var/cache/registry +ansible_registry_is_cache: true +ansible_registry_tls_cert_path: /etc/ssl/local/certs/leader.pem +ansible_registry_tls_key_path: /etc/ssl/local/private/leader.key diff --git a/inventories/pikubed/pi2 b/inventories/pikubed/pi2 new file mode 100644 index 0000000..18e813b --- /dev/null +++ b/inventories/pikubed/pi2 @@ -0,0 +1,2 @@ +leader +worker1 diff --git a/inventories/pikubed/pikubed.old.yml b/inventories/pikubed/pikubed.old.yml new file mode 100644 index 0000000..f151e38 --- /dev/null +++ b/inventories/pikubed/pikubed.old.yml @@ -0,0 +1,28 @@ +--- +all: + hosts: + leader: + ansible_host: 192.168.1.40 + worker1: + ansible_host: 192.168.1.41 + worker2: + ansible_host: 192.168.1.42 + worker3: + ansible_host: 192.168.1.43 + + + children: + arm64: + hosts: + worker2: + worker3: + vars: + zsh_chic: + bat_arch: arm64 + arm32: + hosts: + leader: + worker1: + vars: + zsh_chic: + bat_arch: armhf diff --git a/inventories/pikubed/pikubed.yml b/inventories/pikubed/pikubed.yml new file mode 100644 index 0000000..3c6df43 --- /dev/null +++ b/inventories/pikubed/pikubed.yml @@ -0,0 +1,30 @@ +--- +all: + hosts: + leader: + ansible_host: 192.168.1.40 + worker1: + ansible_host: 192.168.1.41 + worker2: + ansible_host: 192.168.1.42 + worker3: + ansible_host: 192.168.1.43 + + children: + arm64: + hosts: + leader: + worker1: + worker2: + worker3: + vars: + zsh_chic: + bat_arch: arm64 + cacher: + hosts: + leader: + vars: + apt_cacher_ng_is_cacher: true + registry: + hosts: + leader: diff --git a/inventories/sea/group_vars/all/config.yml b/inventories/sea/group_vars/all/config.yml new file mode 100644 index 0000000..58166cf --- /dev/null +++ b/inventories/sea/group_vars/all/config.yml @@ -0,0 +1,4 @@ +--- +zsh_chic: + users: + - {username: root, home: /root, group: root, starship: true} diff --git a/inventories/sea/group_vars/all/dns_server.yml b/inventories/sea/group_vars/all/dns_server.yml new file mode 100644 index 0000000..c15a3cf --- /dev/null +++ b/inventories/sea/group_vars/all/dns_server.yml @@ -0,0 +1,150 @@ +--- +dns_server: + verbosity: 1 + main_zone: + name: troubles.io + soa: demetra.troubles.io + email: postmaster.troubles.ga + records: + - {name: "", type: MX, value: "10 charon"} + - {name: charon, type: A, value: "162.248.163.56"} + - {name: virgil, type: A, value: "162.248.163.209"} + - {name: degenerazione, type: A, value: "176.9.70.210"} + - {name: cave, type: A, value: "15.161.166.194"} + - {name: flix, type: A, value: "192.168.1.21"} + - {name: nextcloud, type: CNAME, value: degenerazione} + - {name: cloud, type: CNAME, value: degenerazione} + - {name: rss, type: CNAME, value: degenerazione} + - {name: quassel, type: CNAME, value: virgil} + - {name: drone, type: CNAME, value: cave} + - {name: "*.cockpit", type: CNAME, value: cave} + - {name: cam, type: CNAME, value: cave} + - {name: bt, type: CNAME, value: cave} + - {name: sync, type: CNAME, value: cave} + - {name: blog, type: CNAME, value: troubles.noblogs.org.} + - {name: chat, type: A, value: "176.9.70.210"} + - {name: matrix.chat, type: A, value: "176.9.70.210"} + - {name: "*.chat", type: CNAME, value: matrix.chat} + - {name: "_matrix._tcp", type: SRV, value: "10 0 8448 matrix.chat"} + - {name: "_matrix-identity._tcp", type: SRV, value: "10 0 443 matrix.chat"} + zones: + - name: troubles.ga + soa: demetra.troubles.ga + email: postmaster.troubles.ga + records: + - {name: "", type: MX, value: "10 charon"} + - {name: demetra, type: A, value: "15.161.228.33"} + - {name: proserpina, type: A, value: "139.64.247.185"} + - {name: persephone, type: A, value: "139.64.247.184"} + - {name: demetra, type: AAAA, value: "2a05:d01a:b6b:e933:4b76:3ec1:3e24:ab81"} + - {name: proserpina, type: AAAA, value: "2607:8880::147:b9"} + - {name: persephone, type: AAAA, value: "2607:8880::147:b8"} + - {name: charon, type: A, value: "162.248.163.56"} + - {name: virgil, type: A, value: "162.248.163.209"} + - {name: degenerazione, type: A, value: "176.9.70.210"} + - {name: cave, type: A, value: "15.161.166.194"} + - {name: flix, type: A, value: "192.168.1.21"} + - {name: nextcloud, type: CNAME, value: degenerazione} + - {name: cloud, type: CNAME, value: degenerazione} + - {name: rss, type: CNAME, value: degenerazione} + - {name: cam, type: CNAME, value: cave} + - {name: blog, type: CNAME, value: troubles.noblogs.org.} + - name: mail._domainkey + type: TXT + value: | + ("v=DKIM1; " + "k=rsa; " + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXvEQgdPwPXJVIsHqDb0568cPfGck2gzfnOtf" + "Y2a4Fg2ELFyJzEcgbKAPWZqilTdGrK3Z12cY21ASnn5uljDUhQIMprmckPT1rMvwko1oqCBU5qWHOztlW2/" + "k4Cr/1UWjvgY/C1zfZb31mX+LpdCiOdSucmdsVn8D6cMan/VQt4N/xOfFwE2weJIHEsw2c1nHbPck8H/Ay+" + "w/0qhuEoOb1syqEe6a2JcdPbs2KmGGqjJyOQxlFeLWh+ka9aVYarRXguqqX/SOT7ujoLyvomJ0TLbqCXfXo" + "2jfSeTgzBLIDfNHByVMxKj+Hq8fJq+lUHe66WrrsU9Zj4hyVX4uE9+rQIDAQAB") + - {name: _dmarc, type: TXT, value: "v=DMARC1; p=none; rua=mailto:admin@troubles.ga"} + + servers: + - name: demetra + hostname: demetra.troubles.io + local_resolver: true + nsd_addr: 127.0.0.1 + nsd_port: 5353 + star: true + public_ip: "15.161.228.33" + public_ip6: "2a05:d01a:b6b:e933:4b76:3ec1:3e24:ab81" + vpn: + address: 10.13.12.1 + net_size: 24 + private_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 33363065653930353363633538656637353264343764306136373361666133396462326339613361 + 3563363061666561653661366539383037373435313565660a303066353535396264366531643662 + 39646439393636653861393634633239356236613831623961386532616337303634306563633461 + 6561646562383932610a313462623830393165393764356437663635316238393564323430356136 + 32623338303164383230393962323939383238323337366137376563303366333062386361316465 + 3833306261646139363739653865656532613330333933613561 + + public_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 34323137306430663737643831303262626239623833616435643035656632303539326462373735 + 3635313331633666656439633035666133623030663837620a323338653931356362653436666231 + 65366466643461303637303530306133323462386366616635313062316161653639623866343734 + 3239663930313064640a393962616438353933653339366364653730643139303035353137306239 + 33613632636165336664316339613537336439376664346534666335663863373330313930333934 + 6439323064653263336666656637613934396363316234613436 + + - name: proserpina + hostname: proserpina.troubles.io + local_resolver: true + nsd_addr: 127.0.0.1 + nsd_port: 5353 + satellite: true + public_ip: "139.64.247.185" + public_ip6: "2607:8880::147:b9" + vpn: + address: 10.13.12.2 + net_size: 24 + private_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 35623232383937613530336338646663336234383834383466643535303335613739613362396232 + 3137353339653539393736353532333238306537616137640a653366356434626466653236326332 + 35316361363735346362363534623434633531373861336664646562613532393830613033653666 + 3762653730363638640a386665613431633735636363326663333534313538373235333130333336 + 38303962666136643362633638356265366366363365383761663634303234633037333066666261 + 3866396237656339343236613565346566376533303931383461 + + public_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 36653735306637386431626461633433376438306564663230323066626532623239626638616633 + 6236656366656131616465623935346330636236323538350a356130306433636665396436646234 + 32626463323665376465393061313234326534343935356431323530353232323764373736376530 + 3330393765393564300a363662356139356230313834653165373637373833333832626436613164 + 62613937626561313562373339656438383738333034623637353339373161306335616132666438 + 3139643030336464633330373333303635366538623062616561 + + - name: persephone + hostname: persephone.troubles.io + local_resolver: true + nsd_addr: 127.0.0.1 + nsd_port: 5353 + satellite: true + public_ip: "139.64.247.184" + public_ip6: "2607:8880::147:b8" + vpn: + address: 10.13.12.3 + net_size: 24 + private_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 61333039343563626630633938396434666466343361346365363561336664333066656637393730 + 3432656233366666313765376161323932333335633364390a323535333865373161663163646234 + 62306562376265323039383961333562623563363939333238366166316234363963386561356563 + 3532343261626639350a626162393335366464346265623438623736646562326262356331366334 + 33396631363266633932323663393532303730633632366333376564643136636365386436376439 + 3366616332306333633164653533333738356438373664663561 + + public_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 38326437616339373537626538343839393636356630623064646561393863663537333630346166 + 3732663262333464666562386432613834343732633737390a613531353235323933366139356631 + 65333236333235383235656536663965616535353164316430666466373665353535656137343162 + 3036356331356230640a613262666636333039653530626233386434363531646431626236393339 + 39303638613761376163656135313131666166396665366535633532613235666162366163376262 + 6339323033366436343866636365616165343037623434363131 diff --git a/inventories/sea/group_vars/all/sendmail.yml b/inventories/sea/group_vars/all/sendmail.yml new file mode 100644 index 0000000..f1da569 --- /dev/null +++ b/inventories/sea/group_vars/all/sendmail.yml @@ -0,0 +1,19 @@ +--- +sendmail: + version: "0.6" + configuration: + - name: unit_failure + from: memento@troubles.ga + to_list: + - blallo@troubles.ga + server: + address: charon.troubles.ga + port: 587 + user: memento@troubles.ga + password: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 34313963353264323662366130303265336136373064643931386563613330653034313137393336 + 6232386639313139623962376436333663653466373162370a353064363032343738393933333939 + 38623963356630313536643436663366356138386661326661306561643235336165353730656136 + 3834326533633630640a353532656435316337663034376666666231386637383336663062623330 + 34626130613861353734376134363238613961633961666138613565613566613838 diff --git a/inventories/sea/group_vars/all/vpn_gateway.yml b/inventories/sea/group_vars/all/vpn_gateway.yml new file mode 100644 index 0000000..65c42fa --- /dev/null +++ b/inventories/sea/group_vars/all/vpn_gateway.yml @@ -0,0 +1,29 @@ +--- +vpn_gateway: + name: stakhanov + public_ip: 15.161.166.194 + this_ip: 10.255.255.1 + local_ip: 172.31.19.139 + gateway_ip: 172.31.16.1 + net_size: 31 + listen_port: 21212 + iface: ens6 + table: 130 + private_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 35363633313163663732356638306165623230346531616135623135643066623834333638343537 + 6335643438643464633662363836383835656262633565350a663366373738366464356164623962 + 62373934653762643031623034363231636462313730353065373763636363663564323239613233 + 6633656666303266330a646566303464363061356535356534663336633632626666366666633731 + 33363436303766633037396635313938616162393562636631343465656163346438623031633136 + 6364623766316362613338366663626665346433333263373961 + peer: + address: 10.255.255.2 + public_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;cave + 37646364376337383137623261366332333461346630363332656436323234323566323234616335 + 3836326430396539303166663831623333393865353330380a323065636665303534363439316266 + 32666432356339363666306463623033373935333865353538393334376461303034326630336330 + 6366333230383733320a636332656566316139613737326266323636376633393966303364306263 + 30326466323366353635323232393039616539303737663337623834623564323239613735333331 + 3737393961376639666565303135623930653639306563346330 diff --git a/inventories/sea/sea.yml b/inventories/sea/sea.yml new file mode 100644 index 0000000..2f40ff7 --- /dev/null +++ b/inventories/sea/sea.yml @@ -0,0 +1,28 @@ +--- +all: + hosts: + demetra: + ansible_host: demetra.sea + proserpina: + ansible_host: proserpina.sea + persephone: + ansible_host: persephone.sea + charon: + ansible_host: charon.sea + virgil: + ansible_host: virgil.sea + + children: + dns: + hosts: + demetra: + ansible_host: demetra.sea + proserpina: + ansible_host: proserpina.sea + persephone: + ansible_host: persephone.sea + + vpn_gateway: + hosts: + demetra: + ansible_host: demetra.sea diff --git a/inventories/sea/secrets.yml b/inventories/sea/secrets.yml new file mode 100644 index 0000000..1aecf9f --- /dev/null +++ b/inventories/sea/secrets.yml @@ -0,0 +1,53 @@ +demetra.sea: + private_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 33363065653930353363633538656637353264343764306136373361666133396462326339613361 + 3563363061666561653661366539383037373435313565660a303066353535396264366531643662 + 39646439393636653861393634633239356236613831623961386532616337303634306563633461 + 6561646562383932610a313462623830393165393764356437663635316238393564323430356136 + 32623338303164383230393962323939383238323337366137376563303366333062386361316465 + 3833306261646139363739653865656532613330333933613561 + public_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 34323137306430663737643831303262626239623833616435643035656632303539326462373735 + 3635313331633666656439633035666133623030663837620a323338653931356362653436666231 + 65366466643461303637303530306133323462386366616635313062316161653639623866343734 + 3239663930313064640a393962616438353933653339366364653730643139303035353137306239 + 33613632636165336664316339613537336439376664346534666335663863373330313930333934 + 6439323064653263336666656637613934396363316234613436 + +proserpina.sea: + private_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 35623232383937613530336338646663336234383834383466643535303335613739613362396232 + 3137353339653539393736353532333238306537616137640a653366356434626466653236326332 + 35316361363735346362363534623434633531373861336664646562613532393830613033653666 + 3762653730363638640a386665613431633735636363326663333534313538373235333130333336 + 38303962666136643362633638356265366366363365383761663634303234633037333066666261 + 3866396237656339343236613565346566376533303931383461 + public_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 36653735306637386431626461633433376438306564663230323066626532623239626638616633 + 6236656366656131616465623935346330636236323538350a356130306433636665396436646234 + 32626463323665376465393061313234326534343935356431323530353232323764373736376530 + 3330393765393564300a363662356139356230313834653165373637373833333832626436613164 + 62613937626561313562373339656438383738333034623637353339373161306335616132666438 + 3139643030336464633330373333303635366538623062616561 + +persephone.sea: + private_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 61333039343563626630633938396434666466343361346365363561336664333066656637393730 + 3432656233366666313765376161323932333335633364390a323535333865373161663163646234 + 62306562376265323039383961333562623563363939333238366166316234363963386561356563 + 3532343261626639350a626162393335366464346265623438623736646562326262356331366334 + 33396631363266633932323663393532303730633632366333376564643136636365386436376439 + 3366616332306333633164653533333738356438373664663561 + public_key: !vault | + $ANSIBLE_VAULT;1.2;AES256;sea + 38326437616339373537626538343839393636356630623064646561393863663537333630346166 + 3732663262333464666562386432613834343732633737390a613531353235323933366139356631 + 65333236333235383235656536663965616535353164316430666466373665353535656137343162 + 3036356331356230640a613262666636333039653530626233386434363531646431626236393339 + 39303638613761376163656135313131666166396665366535633532613235666162366163376262 + 6339323033366436343866636365616165343037623434363131 diff --git a/playbooks/aosp.yml b/playbooks/aosp.yml new file mode 100644 index 0000000..2bfe127 --- /dev/null +++ b/playbooks/aosp.yml @@ -0,0 +1,5 @@ +--- +- hosts: aosp_factory + roles: + - fdroid-server + - lineage-builder diff --git a/playbooks/base.yml b/playbooks/base.yml new file mode 100644 index 0000000..b134551 --- /dev/null +++ b/playbooks/base.yml @@ -0,0 +1,9 @@ +--- +- hosts: all + roles: + roles: + - role: jnv.unattended-upgrades + unattended_remove_unused_dependencies: true + - role: base + tags: "base" + - role: cockpit diff --git a/playbooks/dns.sea.yml b/playbooks/dns.sea.yml new file mode 100644 index 0000000..e211891 --- /dev/null +++ b/playbooks/dns.sea.yml @@ -0,0 +1,4 @@ +--- +- hosts: dns + roles: + - dns diff --git a/playbooks/drone.yml b/playbooks/drone.yml new file mode 100644 index 0000000..c2352b4 --- /dev/null +++ b/playbooks/drone.yml @@ -0,0 +1,4 @@ +--- +- hosts: mercury.cave + roles: + - ansible-drone diff --git a/playbooks/gateway.yml b/playbooks/gateway.yml new file mode 100644 index 0000000..3533b97 --- /dev/null +++ b/playbooks/gateway.yml @@ -0,0 +1,4 @@ +--- +- hosts: minos.cave + roles: + - gateway diff --git a/playbooks/playbook.cave.yml b/playbooks/playbook.cave.yml new file mode 100644 index 0000000..5231141 --- /dev/null +++ b/playbooks/playbook.cave.yml @@ -0,0 +1,40 @@ +--- + - hosts: all + remote_user: root + roles: + - role: jnv.unattended-upgrades + unattended_remove_unused_dependencies: true + - role: base + tags: "base" + - role: cockpit + - hosts: minos.cave + roles: + - zsh_chic + - gateway + - sendmail + vars: + zsh_chic: + users: "{{ default_user }}" + - hosts: srv.cave + roles: + - role: zsh_chic + tag: shell + - mysql + - role: torrent_server + tag: srv_torrent + - sendmail + - syncthing + vars: + zsh_chic: + users: "{{ default_user }}" + - hosts: mercury.cave + roles: + - zsh_chic + - docker_hosts + - drone_server + - fdroid_server + # - lineage-builder + - sendmail + vars: + zsh_chic: + users: "{{ default_user }}" diff --git a/playbooks/playbook.chat.yml b/playbooks/playbook.chat.yml new file mode 100644 index 0000000..76c6fb3 --- /dev/null +++ b/playbooks/playbook.chat.yml @@ -0,0 +1,10 @@ +--- +- hosts: all + remote_user: root + roles: + - role: base + - role: zsh_chic + - role: ansible-role-docker + vars: + zsh_chic: + users: "{{ default_user }}" diff --git a/playbooks/playbook.pikubed.registry.yml b/playbooks/playbook.pikubed.registry.yml new file mode 100644 index 0000000..abb5993 --- /dev/null +++ b/playbooks/playbook.pikubed.registry.yml @@ -0,0 +1,4 @@ +--- +- hosts: registry + roles: + - role: docker-registry diff --git a/playbooks/playbook.pikubed.yml b/playbooks/playbook.pikubed.yml new file mode 100644 index 0000000..a2e4a38 --- /dev/null +++ b/playbooks/playbook.pikubed.yml @@ -0,0 +1,25 @@ +--- +- hosts: all + remote_user: root + gather_facts: yes + roles: + - role: base + - role: generate-tls-certs + - role: apt_cacher_ng +- hosts: arm64 + roles: + - role: zsh_chic + vars: + zsh_chic_arch: arm64 + zsh_chic: + users: "{{ default_user }}" +- hosts: arm32 + roles: + - role: zsh_chic + vars: + zsh_chic_arch: armhf + zsh_chic: + users: "{{ default_user }}" +- hosts: registry + roles: + - role: docker-registry diff --git a/playbooks/playbook.sea.yml b/playbooks/playbook.sea.yml new file mode 100644 index 0000000..4e02836 --- /dev/null +++ b/playbooks/playbook.sea.yml @@ -0,0 +1,17 @@ +--- +- hosts: dns + roles: + - dns + +- hosts: all + remote_user: root + roles: + - role: jnv.unattended-upgrades + unattended_remove_unused_dependencies: true + - base + - zsh_chic + - sendmail + +- hosts: vpn_gateway + roles: + - vpn_gateway diff --git a/playbooks/playbook.servipi.yml b/playbooks/playbook.servipi.yml new file mode 100644 index 0000000..8a2568f --- /dev/null +++ b/playbooks/playbook.servipi.yml @@ -0,0 +1,9 @@ +--- +- hosts: all + remote_user: root + gather_facts: yes + roles: + - jnv.debian-backports + - base + - zsh_chic + - tor_node diff --git a/playbooks/playbook.stakhanov.yaml b/playbooks/playbook.stakhanov.yaml new file mode 100644 index 0000000..85cc9a7 --- /dev/null +++ b/playbooks/playbook.stakhanov.yaml @@ -0,0 +1,9 @@ +--- + - hosts: all + remote_user: root + roles: + - role: base + tags: "base" + - role: sendmail + - role: zsh_chic + - role: cockpit diff --git a/playbooks/playbook.yaml b/playbooks/playbook.yaml new file mode 100644 index 0000000..dd69bae --- /dev/null +++ b/playbooks/playbook.yaml @@ -0,0 +1,47 @@ +--- + - hosts: all + remote_user: root + roles: + - role: jnv.unattended-upgrades + unattended_remove_unused_dependencies: true + - role: base + tags: base + - role: cockpit + tags: srv_cockpit + - hosts: sendmail + tags: sendmail + roles: + - sendmail + - hosts: docker_hosts + tags: docker + roles: + - ansible-role-docker + - hosts: drone_server + tags: srv_drone + roles: + - ansible-drone + - hosts: gateway + tags: gateway + roles: + - gateway + - hosts: torrent_server + tags: srv_torrent + roles: + - torrent_server + - hosts: dev_box + tags: dev_box + roles: + - dev_box + - hosts: aosp_factory + tags: aosp_builder + roles: + - fdroid-server + # - lineage-builder + - hosts: zsh_chic + tags: shell + roles: + - zsh_chic + - hosts: syncthing + tags: srv_syncthing + roles: + - syncthing diff --git a/playbooks/sendmail.yml b/playbooks/sendmail.yml new file mode 100644 index 0000000..0dbd87e --- /dev/null +++ b/playbooks/sendmail.yml @@ -0,0 +1,4 @@ +--- +- hosts: sendmail + roles: + - sendmail diff --git a/playbooks/torrent_server.yml b/playbooks/torrent_server.yml new file mode 100644 index 0000000..7ca0fa1 --- /dev/null +++ b/playbooks/torrent_server.yml @@ -0,0 +1,4 @@ +--- +- hosts: torrent_server + roles: + - torrent_server diff --git a/playbooks/vpn_gateway.yml b/playbooks/vpn_gateway.yml new file mode 100644 index 0000000..9ca3935 --- /dev/null +++ b/playbooks/vpn_gateway.yml @@ -0,0 +1,4 @@ +--- +- hosts: vpn_gateway + roles: + - vpn_gateway diff --git a/playbooks/zsh_chic.yml b/playbooks/zsh_chic.yml new file mode 100644 index 0000000..90f6ecd --- /dev/null +++ b/playbooks/zsh_chic.yml @@ -0,0 +1,8 @@ +--- +- hosts: all + roles: + - role: zsh_chic + vars: + zsh_chic_arch: armhf + zsh_chic: + users: "{{ default_user }}"