blallo/my-ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Init

Browse Source
This commit is contained in:
sfigato 2021-02-23 19:12:00 +01:00
commit de354f699d
Signed by: blallo
GPG Key ID: 0CBE577C9B72DC3F
44 changed files with 1239 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.ansible-vault-password

4
ansible.cfg Normal file
View File

@ -0,0 +1,4 @@
[defaults]
interpreter_python = /usr/bin/python3
ansible_python_interpreter = /usr/bin/python3
roles_path = ./roles/:~/.ansible/roles:/etc/ansible/roles

26
inventories/cave/athena.yml Normal file
View File

@ -0,0 +1,26 @@
---
all:
children:
docker_hosts:
hosts:
athena.cave:
zsh_chic:
hosts:
athena.cave:
zsh_chic:
users:
- {username: root, home: /root, group: root, starship: true}
dev_box:
hosts:
athena.cave:
dev_box:
users:
- {username: leo, home: /home/leo, group: leo, antibody: true, term: xterm-256color}
- {username: omar, home: /home/omar, group: omar, antibody: true}
- {username: peppe, home: /home/peppe, group: peppe, antibody: true}
- {username: fra, home: /home/fra, group: fra, antibody: true}
- {username: tom, home: /home/tom, group: tom, antibody: true}
- {username: rick, home: /home/rick, group: rick, antibody: true}
- {username: simo, home: /home/simo, group: simo, antibody: true}
- {username: busi, home: /home/busi, group: busi, antibody: true}

85
inventories/cave/cave.yml Normal file
View File

@ -0,0 +1,85 @@
---
all:
children:
sendmail:
hosts:
minos.cave:
sendmail:
version: "0.6"
configuration:
- "{{ sendmail_users.unit_failure }}"
srv.cave:
sendmail:
version: "0.6"
configuration:
- "{{ sendmail_users.unit_failure }}"
mercury.cave:
sendmail:
version: "0.6"
configuration:
- "{{ sendmail_users.unit_failure }}"
- name: copione
from: copione@troubles.ga
to_list: [blallo@troubles.ga]
server:
address: charon.troubles.ga
port: 587
user: copione@troubles.ga
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
63353835613866326330653837636562333739373132393432636238386564373135643662663535
3230316533633832303261623662336237623565643733610a323439363332623936653030653537
39373266653766326138303030366437666664663733343865653965623863353764616335346333
3162376234653138380a636330666264373532346466326337313431356566346639663439373330
66363066366361663636633566653134303239656430613963323335636539373436
- name: los
from: los@troubles.ga
to_list: [blallo@troubles.ga]
server:
address: charon.troubles.ga
port: 587
user: los@troubles.ga
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
64353065363430346432666263323064353862336139613963323735613130333965623038633435
3832313733343464303835646339656161383737303730610a613139653264306234363765613062
65663738323663656462633531626339383166646633636562363461346638343933363235633863
6564626635356230390a346538633861323136326637313230376639393761643337356263373832
66306635626533396366306164376434383735663966623062626562643764613930
docker_hosts:
hosts:
mercury.cave:
drone_server:
hosts:
mercury.cave:
aosp_factory:
hosts:
mercury.cave:
gateway:
hosts:
minos.cave:
torrent_server:
hosts:
srv.cave:
mysql:
hosts:
srv.cave:
zsh_chic:
hosts:
mercury.cave:
srv.cave:
minos.cave:
vars:
zsh_chic:
users: "{{ default_user }}"
syncthing:
hosts:
srv.cave:

10
inventories/cave/group_vars/all/config.yml Normal file
View File

@ -0,0 +1,10 @@
---
ansible_python_interpreter: /usr/bin/python3
default_user:
- {username: root, home: /root, group: root, starship: true}
sendmail:
version: "0.6"
cockpit_disable_tls: yes

5
inventories/cave/group_vars/all/dns.yml Normal file
View File

@ -0,0 +1,5 @@
---
dns:
- 192.168.122.1
- 8.8.8.8
- 1.1.1.1

41
inventories/cave/group_vars/all/drone_server.yml Normal file
View File

@ -0,0 +1,41 @@
---
drone_version: "latest"
drone_host_port: "8080"
drone_server_enable: "true"
drone_server_host: "drone.troubles.io"
drone_server_proto: "https"
drone_rpc_server: "http://192.168.122.10:8080"
drone_rpc_secret: "03a50202f21473a2772bc897b6409999"
drone_gitea_server: "https://git.abbiamoundominio.org"
drone_gitea_client_id: "ca105ddd-913d-459e-a115-40d44d447e55"
drone_gitea_client_secret: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
66343634393066323733346161373066353661636332343462373865656462363035356439373963
6434643362363832313765353631386533643931623335650a663062663166353139393966353035
36386235323563666566333234376130316539663931653665663039633738376536613135316234
6231336330353763360a313561393933656663383832643765636162303765303631376232633662
35356335323436623337616564613936636133636164646430306231386461303863303532376432
3565383732393536643431303135353732336233623964333335
drone_gitea_skip_verify: "false"
drone_gitea_debug: "false"
drone_agent_enable: "true"
drone_user_create: "username:blallo,admin:true"
# drone_logs_trace: "true"
# drone_logs_debug: "true"
drone_database_driver: "postgres"
drone_postgres_backup_dir: "/var/dronepg"
drone_postgres_user: "drone"
drone_postgres_db: "drone"
drone_database_datasource: "postgres://drone:fd5a3f4dec0d6c9d154591f6d9b3d6d1@192.168.122.10:5432/drone?sslmode=disable"
drone_postgres_password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
65373439316431306463363363323535326137373637653262346238393761643964373436636661
6662343030383665336239616431363436313731613838630a343130353333356437306261353961
37656264313036666137643061376338333766666366633061326136313966656634636261333832
3266646561346261650a373439613339303032326333626662303638656263316439303139343763
30626638356433343363663866393937333935383039623235636165393262633263383566386263
3666393432663864656438613030653532303564326562393336

47
inventories/cave/group_vars/all/fdroid.yml Normal file
View File

@ -0,0 +1,47 @@
---
fdroid_server:
base_name: "repo.troubles.io"
icon: blallo-icon.png
repo_name: "Blallo F-Droid Repo"
repo_description: |
Blallo APKs repo. Private repo, no apk is guaranteed to work. Beware!
archive_older: 3
archive_name: "Blallo F-Droid Archive Repo"
archive_description: |
Blallo APKs archive repo. Private repo, no apk is guaranteed to work. Beware!
repo_keyalias: key0
keystore: blallo.jks
keystorepass: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
36383763653261383362336632613434386633633535393536303562316534666630666136393431
3765666331333037356463313839393065333234343966330a353365376264616631633365646566
66323730353031366166356331356564336464326239356239323466346664353666313464653131
3039356266336336360a633464383134643363376638656130343162376339643839356133346430
3563
keypass: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
31323338376230393333613430646633656164333962306666656165616563356635383266333364
3136313061333431393634623737663833653639373233390a653366376165346463366234356338
32333861663562383037636365333562343965353064653632323262623465666563346131633531
6138616265643133630a336535376136303566613532366432373332323939633535366539356633
3862
keydname: "CN=Blallo, OU=Blallica R&D, O=Blallica"
apps:
- app_java_name: org.mozilla.fenix.nightly
author_name: "Mozilla"
categories: ["Blallo", "Internet"]
issue_tracker_url: "https://github.com/mozilla-mobile/fenix/issues"
app_name: "Firefox Nightly"
source_code_url: "https://git.abbiamoundominio.org/blallo/fenix"
summary: "Mozilla Firefox, nightly version (blallo build)"
website_url: "https://git.abbiamoundominio.org/blallo/fenix"
build_src_path: /var/builds/fenix
- app_java_name: org.thoughtcrime.securesms
author_name: "Open Whisper Systems"
categories: ["Blallo", "Chat"]
issue_tracker_url: "https://github.com/signalapp/Signal-Android/issues"
app_name: "Signal"
source_code_url: "https://git.abbiamoundominio.org/blallo/Signal-Android"
summary: "Signal, Private Communication (blallo build)"
website_url: "https://signal.org"
build_src_path: /var/builds/signal

285
inventories/cave/group_vars/all/gateway.yml Normal file
View File

@ -0,0 +1,285 @@
---
public_address: 15.161.166.194
gateway:
proxied_services:
- domain_name: sync.troubles.io
internal_ip: 192.168.122.11
internal_port: 8384
cert_email: blallo@troubles.ga
redirect_to_https: yes
- domain_name: drone.troubles.io
internal_ip: 192.168.122.10
internal_port: 8080
cert_email: blallo@troubles.ga
redirect_to_https: yes
- domain_name: bt.troubles.io
internal_ip: 192.168.122.11
internal_port: 8081
cert_email: blallo@troubles.ga
redirect_to_https: no
websockets:
path: /service
internal_ip: 192.168.122.11
internal_port: 8412
- domain_name: flix.troubles.io
internal_ip: 192.168.122.11
internal_port: 8080
redirect_to_https: no
http_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
- domain_name: repo.troubles.io
internal_ip: 192.168.122.10
internal_port: 8081
cert_email: blallo@troubles.ga
redirect_to_https: yes
- domain_name: minos.cockpit.troubles.io
internal_ip: 127.0.0.1
internal_port: 9090
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
websockets:
path: /cockpit/socket
internal_ip: 127.0.0.1
internal_port: 9090
- domain_name: srv.cockpit.troubles.io
internal_ip: 192.168.122.11
internal_port: 9090
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
websockets:
path: /cockpit/socket
internal_ip: 192.168.122.11
internal_port: 9090
- domain_name: mercury.cockpit.troubles.io
internal_ip: 192.168.122.10
internal_port: 9090
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
websockets:
path: /cockpit/socket
internal_ip: 192.168.122.10
internal_port: 9090
- domain_name: athena.cockpit.troubles.io
internal_ip: 192.168.122.254
internal_port: 9090
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
websockets:
path: /cockpit/socket
internal_ip: 192.168.122.254
internal_port: 9090
- domain_name: stakhanov.cockpit.troubles.io
internal_ip: 192.168.122.1
internal_port: 9090
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
websockets:
path: /cockpit/socket
internal_ip: 192.168.122.1
internal_port: 9090
- domain_name: proro.ga
internal_ip: 192.168.122.254
internal_port: 230
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
- domain_name: los.troubles.io
internal_ip: 192.168.122.10
internal_port: 8082
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_custom_locations:
- rule: /builds/
conf_lines:
- "proxy_pass http://192.168.122.10:8083"
- "proxy_set_header Host $remote_addr"
- "proxy_set_header X-Forwarded-Proto $scheme"
- "proxy_set_header X-Forwarded-Port $server_port"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
- rule: /builds.json
conf_lines:
- "proxy_pass http://192.168.122.10:8083"
- "proxy_set_header Host $remote_addr"
- "proxy_set_header X-Forwarded-Proto $scheme"
- "proxy_set_header X-Forwarded-Port $server_port"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
https_custom_configurations:
- "rewrite ^/builds$ /builds/ permanent"
- domain_name: cam.troubles.io
internal_ip: 192.168.1.8
internal_port: 8080
cert_email: blallo@troubles.ga
redirect_to_https: yes
password_protect: yes
password_file: /etc/nginx/.cam.troubles.io-htpasswd
username: leo
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
65636138313034316234643236313733343361623337356464643937666439633535343930343166
3935646261386666343535303734666166336562353539310a643733653163666333636531366139
63343764616135306661646433346435376334636431303033363364313930613864373834343036
6636376437643466380a363633323731663430386237623632383164643161643934636331633338
66333538353864326162313234616262633831663638396564386337343235336661
https_custom_locations:
- rule: /0/
conf_lines:
- "proxy_pass http://192.168.1.8:8081/0/stream"
- "proxy_set_header Host $remote_addr"
- "proxy_set_header X-Forwarded-Proto $scheme"
- "proxy_set_header X-Forwarded-Port $server_port"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
firewall:
home_iface: enp0s0
public_iface: internet
vm_iface: eth0
forwarded_ports:
- zone: home
from:
port: 16493
addr: 192.168.1.20
proto: "tcp"
to:
port: 16493
addr: 192.168.122.11
- zone: home
from:
port: 16309
addr: 192.168.1.20
proto: "udp"
to:
port: 16309
addr: 192.168.122.11
- zone: home
from:
port: 16362
addr: 192.168.1.20
proto: "udp"
to:
port: 16362
addr: 192.168.122.11
- zone: home
from:
port: 445
addr: 192.168.1.20
proto: "tcp"
to:
port: 445
addr: 192.168.122.11
- zone: home
from:
port: 139
addr: 192.168.1.20
proto: "tcp"
to:
port: 139
addr: 192.168.122.11
- zone: home
from:
port: 138
addr: 192.168.1.20
proto: "udp"
to:
port: 138
addr: 192.168.122.11
- zone: home
from:
port: 137
addr: 192.168.1.20
proto: "udp"
to:
port: 137
addr: 192.168.122.11
- zone: home
from:
port: 22000
addr: 192.168.1.20
proto: "tcp"
to:
port: 22000
addr: 192.168.122.11
- zone: public
from:
port: 31337
addr: "{{ public_address }}"
proto: "tcp"
to:
port: 22
addr: 192.168.122.254
- zone: public
from:
port: 22000
addr: "{{ public_address }}"
proto: "tcp"
to:
port: 22000
addr: 192.168.122.11
- zone: public
from:
port: 21027
addr: "{{ public_address }}"
proto: "udp"
to:
port: 21027
addr: 192.168.122.11
ivacy:
username: ivacy0d8560848
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
30633462393336626266333038653734303835656533303139326330633864313765643839323266
6239396539393265623837343530363962303664323639630a313563313464663134613166393131
38653731636562346363656466366464366139303935643866373431633631663063353633326337
3433613030373832390a353830626531353161383133643765343362393563383565386136643736
6465
vpn:
name: internet
this_ip: 10.255.255.2
listen_port: 10666
private_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
37393062623161343361356130626630393065616162646535366265386363643063343261326462
3030383034383638386233393434346132323238633565660a393231623939626532643435363136
31653734636337633738376561316137303861373339323131326632316539646262626138323764
3064346233613934390a396663393236323733323930363162613937623064643637303839333339
35383638313137353966663531326432623661336165303036353162393135656362633037386639
3531323065623833336435323561393066333166396536653333
endpoint:
url: 15.161.228.33
this_ip: 10.255.255.1
port: 21212
public_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
34323535393334613237396532333836383734626538393066386630613838663236633832336330
6333653838326438313634633966336431383066646633340a383930306430363662306161633966
34623333613935613434323631383961386266643765386164333965643661356333363834373565
3633343833306164660a313164353466343032643937633934653830386234323361343433626635
30653132636230346338323332386363343266316666643137613239366263336238643535353162
3565643330643833383531343937323839626434646565346439

8
inventories/cave/group_vars/all/lineage_builder.yml Normal file
View File

@ -0,0 +1,8 @@
---
lineage_builder:
app_version: "0.1"
base_name: los.troubles.io
builds_path: /var/builds/los/enchilada/
builds_json_path: /var/builds/los/enchilada/builds.json
builder_path: /var/lineage_builder
timer: " *-*-* 2:00:00"

18
inventories/cave/group_vars/all/sendmail_users.yml Normal file
View File

@ -0,0 +1,18 @@
---
sendmail_users:
unit_failure:
name: unit_failure
from: memento@troubles.ga
to_list:
- blallo@troubles.ga
server:
address: charon.troubles.ga
port: 587
user: memento@troubles.ga
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
61646263303237376334663331626165616238393962333436333437313031643633316631353432
6362656437373261303233333332373237343839333134360a646137636539623862643233316435
62623937623635393435653034643630343864633731333932623863643564373461323936666138
6632386265623934340a396334653630666133303063383031303931336332663966336461313335
64346334666165373930373063353530346639613532336330656239393734376662

14
inventories/cave/group_vars/all/syncthing.yml Normal file
View File

@ -0,0 +1,14 @@
---
syncthing:
home: /var/syncthing
dir: /syncthing
user: leo
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
30636561643939376139313864366565663462336562353639616531313636663039363834623635
3634663439366465643765313166376162363864386139350a346538343764656336383366336332
31663734666535346262656361386662663837346630323430386662333637393162623932653561
3836353833326638310a356230323465386465643634643630386535313165376334366436613861
32336464366363666533306662323264393830373565623632326564643736346366383862643538
66643539613134313639653938363231363033306139326363393165633461653662373166383431
333761303561656137376133313561656337

73
inventories/cave/group_vars/all/torrent_server.yml Normal file
View File

@ -0,0 +1,73 @@
---
torrent_server:
db_root_password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
61626139623664616138383431623134636435353765376632653537316663313965663439313532
3534393362643365363739356338316536393234313335390a326339643162343364306463343331
32653234343865333936383265363837633236393934666437366433393337633161393633303630
6264323235386264360a383336356634623837366665353061613038633464393861396466376264
37356434343837386461393932613831353063366133666239636130386534303562
public_url: bt.troubles.io
synapse:
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
64653435623931623366353937393331383637323936663832636463326262666134386463336661
6564346332373932366239613734656137633065666361640a383662356535623864306364306564
66616333396636316236646631356263303838663639656135656339326633343034393765353637
3265653739623664620a323464323364386232313337306334396332643737346364376462303933
37646166343061653338386231653037663065613433353430653939646438386561
max_dl: 10
rpc_port: 8412
peer_tcp_port: 16493
dht_udp_port: 16309
trackers_udp_port: 16362
release_url: https://github.com/Luminarys/synapse/releases/download/1.0/synapse
syncli_release_url: https://github.com/Luminarys/synapse/releases/download/1.0/sycli
receptor:
release_url: https://git.abbiamoundominio.org/blallo/receptor/releases/download/1.0.1/receptor-1.0.1.tar.gz
streama:
release_url: https://github.com/streamaserver/streama/releases/download/v1.8.0-beta/streama-1.8.0.jar
db_password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
37323136363866323533383032653930346264643966613532363766623438643030626331333831
6337613264663130323062653338636232353131656334380a313862323966343262396135373230
30306562376130643635393636316635313338386235316261373132623438633962326237313433
3238353861313861630a386437646230363235303831656638613963333435646330663434313939
38663533356462343731346262333964396363663436666335616438633338323161
samba:
workgroup: "TROUBLES"
log:
file: /var/log/samba.log
shares:
- name: pirate_cave
path: /opt/synapse/download
read_only: yes
writeable: no
browseable: yes
valid_users: ["leo"]
users:
- name: leo
uid: 1024
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
33326662626234363936666238313665663561356334363364633234366338346230636631626534
3239633834656134343461653638356535366237363231350a656632626332326164373563666464
37633838646637306362306534653363613562383039636336373339363639353332346132313562
3338363934643135610a326662353061613931643933396532383639613863613264353666383139
36666330383363326332643532653138366364373739626664666165626430643533
openvpn:
outserver: Netherlands-Amsterdam-UDP
username: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
30306534326433323466306263333637343736323264306363623938613233316232326636613830
3864396136313830333166393438343165356437663465330a353965383938326434633933383564
32333130383361373931656463343536613438623166663563333161353333386338353264313564
6430343034326139330a616332663632343561653438613235363337323833363537386536633435
63653065396437323939666261383862623964303337306464613738356161666662
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
39393761393739636461386466323532366130386634633538373238323535333233353332613838
6632653839396463386662623366323164373961356435620a316435643932626437353063336262
36333962323034346163653636306664613431383862313331626466306364393137613066333465
3530383465623839320a633035363636643137663765326264373938396333383737623238303465
66633332633531633233396636623232646139616261653866383532333065633863

11
inventories/cave/servipi.yml Normal file
View File

@ -0,0 +1,11 @@
---
all:
hosts:
servipi.cave:
ansible_host: 192.168.1.8
zsh_chic:
users:
- {username: root, home: /root, group: root, antibody: true, term: xterm-256color}
zsh_chic_arch: armhf
tor_node_services:
- {name: ssh, local_port: 22, public_port: 22}

27
inventories/cave/stakhanov.yml Normal file
View File

@ -0,0 +1,27 @@
---
all:
hosts:
stakhanov.cave:
cockpit_disable_tls: yes
zsh_chic:
users:
- {username: root, home: /root, group: root, starship: true}
- {username: blallo, home: /home/blallo, group: blallo, antibody: true, term: xterm-256color}
sendmail:
version: "0.6"
configuration:
- name: unit_failure
from: memento@troubles.ga
to_list:
- blallo@troubles.ga
server:
address: charon.troubles.ga
port: 587
user: memento@troubles.ga
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
62633866623631363965356565333833343734383963393233393135303737376231643330383835
3132643964616161373931316139623762386536373166310a653735363234643363643861383565
66646135393761323333363765376132623361303337316261373861656234666339386531363631
6532636239663961390a383235343462353036373230303333396465326563303331616633623765
39613839346364333962316639306635376563623634346163376638316463663730

4
inventories/chat/chat.yml Normal file
View File

@ -0,0 +1,4 @@
---
all:
hosts:
matrix.degenerazione.xyz:

5
inventories/chat/group_vars/all/config.yml Normal file
View File

@ -0,0 +1,5 @@
---
ansible_python_interpreter: /usr/bin/python3
default_user:
- {username: root, home: /root, group: root, starship: true}

25
inventories/pikubed/group_vars/all/config.yml Normal file
View File

@ -0,0 +1,25 @@
---
default_user:
- {username: root, home: /root, group: root, antibody: true, powerline: true}
apt_cacher_ng_cacher_ip: 192.168.1.40
gen_tls_generate_certs: true
gen_tls_cert_dir: ~/Documents/coding/playbooks/keep/certs
gen_tls_generate_ca_cert: true
gen_tls_generate_server_cert: true
gen_tls_ca_commonname: Pikubed Kluster
gen_tls_ca_country: EU
gen_tls_ca_state: Italy
gen_tls_ca_locality: Milan
gen_tls_ca_organization: Pikubed
gen_tls_ca_organizationalunit: Pikubed Kluster
gen_tls_ca_email: blallo@troubles.ga
gen_tls_populate_etc_hosts: true
gen_tls_tld: pikubed
ansible_registry_golang_flags: "GOOS=linux GOARCH=arm64"
ansible_registry_filesystem_path: /var/cache/registry
ansible_registry_is_cache: true
ansible_registry_tls_cert_path: /etc/ssl/local/certs/leader.pem
ansible_registry_tls_key_path: /etc/ssl/local/private/leader.key

2
inventories/pikubed/pi2 Normal file
View File

@ -0,0 +1,2 @@
leader
worker1

28
inventories/pikubed/pikubed.old.yml Normal file
View File

@ -0,0 +1,28 @@
---
all:
hosts:
leader:
ansible_host: 192.168.1.40
worker1:
ansible_host: 192.168.1.41
worker2:
ansible_host: 192.168.1.42
worker3:
ansible_host: 192.168.1.43
children:
arm64:
hosts:
worker2:
worker3:
vars:
zsh_chic:
bat_arch: arm64
arm32:
hosts:
leader:
worker1:
vars:
zsh_chic:
bat_arch: armhf

30
inventories/pikubed/pikubed.yml Normal file
View File

@ -0,0 +1,30 @@
---
all:
hosts:
leader:
ansible_host: 192.168.1.40
worker1:
ansible_host: 192.168.1.41
worker2:
ansible_host: 192.168.1.42
worker3:
ansible_host: 192.168.1.43
children:
arm64:
hosts:
leader:
worker1:
worker2:
worker3:
vars:
zsh_chic:
bat_arch: arm64
cacher:
hosts:
leader:
vars:
apt_cacher_ng_is_cacher: true
registry:
hosts:
leader:

4
inventories/sea/group_vars/all/config.yml Normal file
View File

@ -0,0 +1,4 @@
---
zsh_chic:
users:
- {username: root, home: /root, group: root, starship: true}

150
inventories/sea/group_vars/all/dns_server.yml Normal file
View File

@ -0,0 +1,150 @@
---
dns_server:
verbosity: 1
main_zone:
name: troubles.io
soa: demetra.troubles.io
email: postmaster.troubles.ga
records:
- {name: "", type: MX, value: "10 charon"}
- {name: charon, type: A, value: "162.248.163.56"}
- {name: virgil, type: A, value: "162.248.163.209"}
- {name: degenerazione, type: A, value: "176.9.70.210"}
- {name: cave, type: A, value: "15.161.166.194"}
- {name: flix, type: A, value: "192.168.1.21"}
- {name: nextcloud, type: CNAME, value: degenerazione}
- {name: cloud, type: CNAME, value: degenerazione}
- {name: rss, type: CNAME, value: degenerazione}
- {name: quassel, type: CNAME, value: virgil}
- {name: drone, type: CNAME, value: cave}
- {name: "*.cockpit", type: CNAME, value: cave}
- {name: cam, type: CNAME, value: cave}
- {name: bt, type: CNAME, value: cave}
- {name: sync, type: CNAME, value: cave}
- {name: blog, type: CNAME, value: troubles.noblogs.org.}
- {name: chat, type: A, value: "176.9.70.210"}
- {name: matrix.chat, type: A, value: "176.9.70.210"}
- {name: "*.chat", type: CNAME, value: matrix.chat}
- {name: "_matrix._tcp", type: SRV, value: "10 0 8448 matrix.chat"}
- {name: "_matrix-identity._tcp", type: SRV, value: "10 0 443 matrix.chat"}
zones:
- name: troubles.ga
soa: demetra.troubles.ga
email: postmaster.troubles.ga
records:
- {name: "", type: MX, value: "10 charon"}
- {name: demetra, type: A, value: "15.161.228.33"}
- {name: proserpina, type: A, value: "139.64.247.185"}
- {name: persephone, type: A, value: "139.64.247.184"}
- {name: demetra, type: AAAA, value: "2a05:d01a:b6b:e933:4b76:3ec1:3e24:ab81"}
- {name: proserpina, type: AAAA, value: "2607:8880::147:b9"}
- {name: persephone, type: AAAA, value: "2607:8880::147:b8"}
- {name: charon, type: A, value: "162.248.163.56"}
- {name: virgil, type: A, value: "162.248.163.209"}
- {name: degenerazione, type: A, value: "176.9.70.210"}
- {name: cave, type: A, value: "15.161.166.194"}
- {name: flix, type: A, value: "192.168.1.21"}
- {name: nextcloud, type: CNAME, value: degenerazione}
- {name: cloud, type: CNAME, value: degenerazione}
- {name: rss, type: CNAME, value: degenerazione}
- {name: cam, type: CNAME, value: cave}
- {name: blog, type: CNAME, value: troubles.noblogs.org.}
- name: mail._domainkey
type: TXT
value: |
("v=DKIM1; "
"k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXvEQgdPwPXJVIsHqDb0568cPfGck2gzfnOtf"
"Y2a4Fg2ELFyJzEcgbKAPWZqilTdGrK3Z12cY21ASnn5uljDUhQIMprmckPT1rMvwko1oqCBU5qWHOztlW2/"
"k4Cr/1UWjvgY/C1zfZb31mX+LpdCiOdSucmdsVn8D6cMan/VQt4N/xOfFwE2weJIHEsw2c1nHbPck8H/Ay+"
"w/0qhuEoOb1syqEe6a2JcdPbs2KmGGqjJyOQxlFeLWh+ka9aVYarRXguqqX/SOT7ujoLyvomJ0TLbqCXfXo"
"2jfSeTgzBLIDfNHByVMxKj+Hq8fJq+lUHe66WrrsU9Zj4hyVX4uE9+rQIDAQAB")
- {name: _dmarc, type: TXT, value: "v=DMARC1; p=none; rua=mailto:admin@troubles.ga"}
servers:
- name: demetra
hostname: demetra.troubles.io
local_resolver: true
nsd_addr: 127.0.0.1
nsd_port: 5353
star: true
public_ip: "15.161.228.33"
public_ip6: "2a05:d01a:b6b:e933:4b76:3ec1:3e24:ab81"
vpn:
address: 10.13.12.1
net_size: 24
private_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
33363065653930353363633538656637353264343764306136373361666133396462326339613361
3563363061666561653661366539383037373435313565660a303066353535396264366531643662
39646439393636653861393634633239356236613831623961386532616337303634306563633461
6561646562383932610a313462623830393165393764356437663635316238393564323430356136
32623338303164383230393962323939383238323337366137376563303366333062386361316465
3833306261646139363739653865656532613330333933613561
public_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
34323137306430663737643831303262626239623833616435643035656632303539326462373735
3635313331633666656439633035666133623030663837620a323338653931356362653436666231
65366466643461303637303530306133323462386366616635313062316161653639623866343734
3239663930313064640a393962616438353933653339366364653730643139303035353137306239
33613632636165336664316339613537336439376664346534666335663863373330313930333934
6439323064653263336666656637613934396363316234613436
- name: proserpina
hostname: proserpina.troubles.io
local_resolver: true
nsd_addr: 127.0.0.1
nsd_port: 5353
satellite: true
public_ip: "139.64.247.185"
public_ip6: "2607:8880::147:b9"
vpn:
address: 10.13.12.2
net_size: 24
private_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
35623232383937613530336338646663336234383834383466643535303335613739613362396232
3137353339653539393736353532333238306537616137640a653366356434626466653236326332
35316361363735346362363534623434633531373861336664646562613532393830613033653666
3762653730363638640a386665613431633735636363326663333534313538373235333130333336
38303962666136643362633638356265366366363365383761663634303234633037333066666261
3866396237656339343236613565346566376533303931383461
public_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
36653735306637386431626461633433376438306564663230323066626532623239626638616633
6236656366656131616465623935346330636236323538350a356130306433636665396436646234
32626463323665376465393061313234326534343935356431323530353232323764373736376530
3330393765393564300a363662356139356230313834653165373637373833333832626436613164
62613937626561313562373339656438383738333034623637353339373161306335616132666438
3139643030336464633330373333303635366538623062616561
- name: persephone
hostname: persephone.troubles.io
local_resolver: true
nsd_addr: 127.0.0.1
nsd_port: 5353
satellite: true
public_ip: "139.64.247.184"
public_ip6: "2607:8880::147:b8"
vpn:
address: 10.13.12.3
net_size: 24
private_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
61333039343563626630633938396434666466343361346365363561336664333066656637393730
3432656233366666313765376161323932333335633364390a323535333865373161663163646234
62306562376265323039383961333562623563363939333238366166316234363963386561356563
3532343261626639350a626162393335366464346265623438623736646562326262356331366334
33396631363266633932323663393532303730633632366333376564643136636365386436376439
3366616332306333633164653533333738356438373664663561
public_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
38326437616339373537626538343839393636356630623064646561393863663537333630346166
3732663262333464666562386432613834343732633737390a613531353235323933366139356631
65333236333235383235656536663965616535353164316430666466373665353535656137343162
3036356331356230640a613262666636333039653530626233386434363531646431626236393339
39303638613761376163656135313131666166396665366535633532613235666162366163376262
6339323033366436343866636365616165343037623434363131

19
inventories/sea/group_vars/all/sendmail.yml Normal file
View File

@ -0,0 +1,19 @@
---
sendmail:
version: "0.6"
configuration:
- name: unit_failure
from: memento@troubles.ga
to_list:
- blallo@troubles.ga
server:
address: charon.troubles.ga
port: 587
user: memento@troubles.ga
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
34313963353264323662366130303265336136373064643931386563613330653034313137393336
6232386639313139623962376436333663653466373162370a353064363032343738393933333939
38623963356630313536643436663366356138386661326661306561643235336165353730656136
3834326533633630640a353532656435316337663034376666666231386637383336663062623330
34626130613861353734376134363238613961633961666138613565613566613838

29
inventories/sea/group_vars/all/vpn_gateway.yml Normal file
View File

@ -0,0 +1,29 @@
---
vpn_gateway:
name: stakhanov
public_ip: 15.161.166.194
this_ip: 10.255.255.1
local_ip: 172.31.19.139
gateway_ip: 172.31.16.1
net_size: 31
listen_port: 21212
iface: ens6
table: 130
private_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
35363633313163663732356638306165623230346531616135623135643066623834333638343537
6335643438643464633662363836383835656262633565350a663366373738366464356164623962
62373934653762643031623034363231636462313730353065373763636363663564323239613233
6633656666303266330a646566303464363061356535356534663336633632626666366666633731
33363436303766633037396635313938616162393562636631343465656163346438623031633136
6364623766316362613338366663626665346433333263373961
peer:
address: 10.255.255.2
public_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
37646364376337383137623261366332333461346630363332656436323234323566323234616335
3836326430396539303166663831623333393865353330380a323065636665303534363439316266
32666432356339363666306463623033373935333865353538393334376461303034326630336330
6366333230383733320a636332656566316139613737326266323636376633393966303364306263
30326466323366353635323232393039616539303737663337623834623564323239613735333331
3737393961376639666565303135623930653639306563346330

28
inventories/sea/sea.yml Normal file
View File

@ -0,0 +1,28 @@
---
all:
hosts:
demetra:
ansible_host: demetra.sea
proserpina:
ansible_host: proserpina.sea
persephone:
ansible_host: persephone.sea
charon:
ansible_host: charon.sea
virgil:
ansible_host: virgil.sea
children:
dns:
hosts:
demetra:
ansible_host: demetra.sea
proserpina:
ansible_host: proserpina.sea
persephone:
ansible_host: persephone.sea
vpn_gateway:
hosts:
demetra:
ansible_host: demetra.sea

53
inventories/sea/secrets.yml Normal file
View File

@ -0,0 +1,53 @@
demetra.sea:
private_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
33363065653930353363633538656637353264343764306136373361666133396462326339613361
3563363061666561653661366539383037373435313565660a303066353535396264366531643662
39646439393636653861393634633239356236613831623961386532616337303634306563633461
6561646562383932610a313462623830393165393764356437663635316238393564323430356136
32623338303164383230393962323939383238323337366137376563303366333062386361316465
3833306261646139363739653865656532613330333933613561
public_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
34323137306430663737643831303262626239623833616435643035656632303539326462373735
3635313331633666656439633035666133623030663837620a323338653931356362653436666231
65366466643461303637303530306133323462386366616635313062316161653639623866343734
3239663930313064640a393962616438353933653339366364653730643139303035353137306239
33613632636165336664316339613537336439376664346534666335663863373330313930333934
6439323064653263336666656637613934396363316234613436
proserpina.sea:
private_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
35623232383937613530336338646663336234383834383466643535303335613739613362396232
3137353339653539393736353532333238306537616137640a653366356434626466653236326332
35316361363735346362363534623434633531373861336664646562613532393830613033653666
3762653730363638640a386665613431633735636363326663333534313538373235333130333336
38303962666136643362633638356265366366363365383761663634303234633037333066666261
3866396237656339343236613565346566376533303931383461
public_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
36653735306637386431626461633433376438306564663230323066626532623239626638616633
6236656366656131616465623935346330636236323538350a356130306433636665396436646234
32626463323665376465393061313234326534343935356431323530353232323764373736376530
3330393765393564300a363662356139356230313834653165373637373833333832626436613164
62613937626561313562373339656438383738333034623637353339373161306335616132666438
3139643030336464633330373333303635366538623062616561
persephone.sea:
private_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
61333039343563626630633938396434666466343361346365363561336664333066656637393730
3432656233366666313765376161323932333335633364390a323535333865373161663163646234
62306562376265323039383961333562623563363939333238366166316234363963386561356563
3532343261626639350a626162393335366464346265623438623736646562326262356331366334
33396631363266633932323663393532303730633632366333376564643136636365386436376439
3366616332306333633164653533333738356438373664663561
public_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
38326437616339373537626538343839393636356630623064646561393863663537333630346166
3732663262333464666562386432613834343732633737390a613531353235323933366139356631
65333236333235383235656536663965616535353164316430666466373665353535656137343162
3036356331356230640a613262666636333039653530626233386434363531646431626236393339
39303638613761376163656135313131666166396665366535633532613235666162366163376262
6339323033366436343866636365616165343037623434363131

5
playbooks/aosp.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: aosp_factory
roles:
- fdroid-server
- lineage-builder

9
playbooks/base.yml Normal file
View File

@ -0,0 +1,9 @@
---
- hosts: all
roles:
roles:
- role: jnv.unattended-upgrades
unattended_remove_unused_dependencies: true
- role: base
tags: "base"
- role: cockpit

4
playbooks/dns.sea.yml Normal file
View File

@ -0,0 +1,4 @@
---
- hosts: dns
roles:
- dns

4
playbooks/drone.yml Normal file
View File

@ -0,0 +1,4 @@
---
- hosts: mercury.cave
roles:
- ansible-drone

4
playbooks/gateway.yml Normal file
View File

@ -0,0 +1,4 @@
---
- hosts: minos.cave
roles:
- gateway

40
playbooks/playbook.cave.yml Normal file
View File

@ -0,0 +1,40 @@
---
- hosts: all
remote_user: root
roles:
- role: jnv.unattended-upgrades
unattended_remove_unused_dependencies: true
- role: base
tags: "base"
- role: cockpit
- hosts: minos.cave
roles:
- zsh_chic
- gateway
- sendmail
vars:
zsh_chic:
users: "{{ default_user }}"
- hosts: srv.cave
roles:
- role: zsh_chic
tag: shell
- mysql
- role: torrent_server
tag: srv_torrent
- sendmail
- syncthing
vars:
zsh_chic:
users: "{{ default_user }}"
- hosts: mercury.cave
roles:
- zsh_chic
- docker_hosts
- drone_server
- fdroid_server
# - lineage-builder
- sendmail
vars:
zsh_chic:
users: "{{ default_user }}"

10
playbooks/playbook.chat.yml Normal file
View File

@ -0,0 +1,10 @@
---
- hosts: all
remote_user: root
roles:
- role: base
- role: zsh_chic
- role: ansible-role-docker
vars:
zsh_chic:
users: "{{ default_user }}"

4
playbooks/playbook.pikubed.registry.yml Normal file
View File

@ -0,0 +1,4 @@
---
- hosts: registry
roles:
- role: docker-registry

25
playbooks/playbook.pikubed.yml Normal file
View File

@ -0,0 +1,25 @@
---
- hosts: all
remote_user: root
gather_facts: yes
roles:
- role: base
- role: generate-tls-certs
- role: apt_cacher_ng
- hosts: arm64
roles:
- role: zsh_chic
vars:
zsh_chic_arch: arm64
zsh_chic:
users: "{{ default_user }}"
- hosts: arm32
roles:
- role: zsh_chic
vars:
zsh_chic_arch: armhf
zsh_chic:
users: "{{ default_user }}"
- hosts: registry
roles:
- role: docker-registry

17
playbooks/playbook.sea.yml Normal file
View File

@ -0,0 +1,17 @@
---
- hosts: dns
roles:
- dns
- hosts: all
remote_user: root
roles:
- role: jnv.unattended-upgrades
unattended_remove_unused_dependencies: true
- base
- zsh_chic
- sendmail
- hosts: vpn_gateway
roles:
- vpn_gateway

9
playbooks/playbook.servipi.yml Normal file
View File

@ -0,0 +1,9 @@
---
- hosts: all
remote_user: root
gather_facts: yes
roles:
- jnv.debian-backports
- base
- zsh_chic
- tor_node

9
playbooks/playbook.stakhanov.yaml Normal file
View File

@ -0,0 +1,9 @@
---
- hosts: all
remote_user: root
roles:
- role: base
tags: "base"
- role: sendmail
- role: zsh_chic
- role: cockpit

47
playbooks/playbook.yaml Normal file
View File

@ -0,0 +1,47 @@
---
- hosts: all
remote_user: root
roles:
- role: jnv.unattended-upgrades
unattended_remove_unused_dependencies: true
- role: base
tags: base
- role: cockpit
tags: srv_cockpit
- hosts: sendmail
tags: sendmail
roles:
- sendmail
- hosts: docker_hosts
tags: docker
roles:
- ansible-role-docker
- hosts: drone_server
tags: srv_drone
roles:
- ansible-drone
- hosts: gateway
tags: gateway
roles:
- gateway
- hosts: torrent_server
tags: srv_torrent
roles:
- torrent_server
- hosts: dev_box
tags: dev_box
roles:
- dev_box
- hosts: aosp_factory
tags: aosp_builder
roles:
- fdroid-server
# - lineage-builder
- hosts: zsh_chic
tags: shell
roles:
- zsh_chic
- hosts: syncthing
tags: srv_syncthing
roles:
- syncthing

4
playbooks/sendmail.yml Normal file
View File

@ -0,0 +1,4 @@
---
- hosts: sendmail
roles:
- sendmail

4
playbooks/torrent_server.yml Normal file
View File

@ -0,0 +1,4 @@
---
- hosts: torrent_server
roles:
- torrent_server

4
playbooks/vpn_gateway.yml Normal file
View File

@ -0,0 +1,4 @@
---
- hosts: vpn_gateway
roles:
- vpn_gateway

8
playbooks/zsh_chic.yml Normal file
View File

@ -0,0 +1,8 @@
---
- hosts: all
roles:
- role: zsh_chic
vars:
zsh_chic_arch: armhf
zsh_chic:
users: "{{ default_user }}"