adding services.l3d.ch

+ add new server + update users + update pkgs
2024-09-14 19:53:56 +02:00 · 2024-02-12 22:41:14 +01:00 · 2024-02-12 22:41:14 +01:00 · af56d4ce5b
commit af56d4ce5b
parent d5a6df3767
10 changed files with 113 additions and 11 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -99,7 +99,7 @@
 	url = https://github.com/roles-ansible/ansible_role_ntp.git
  branch = master
 [submodule "roles/do1jlr.etebase"]
-	path = roles/do1jlr.etebase
+	path = roles/l3d.etebase
 	url = https://github.com/roles-ansible/ansible_role_etebase.git
  branch = master
 [submodule "collections/ansible_collections/community/mysql"]
--- a/collections/ansible_collections/grafana/grafana
+++ b/collections/ansible_collections/grafana/grafana
@ -1 +1 @@
-Subproject commit 02ea399c6363d8cf403478436988731e0d704f08
+Subproject commit 163480e3ebea498ac3c97f522aa2b2a634cbbb4f
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -21,3 +21,8 @@ ntp_servers:

 # prometheus.prometeus.node_exporter
 node_exporter_web_listen_address: '127.0.0.1:9100'
+
+# do1jlr.users
+admins:
+  - l3d
+  - ansible
--- a/host_vars/services.l3d.ch/vars.yml
+++ b/host_vars/services.l3d.ch/vars.yml
@ -0,0 +1,60 @@
+---
+users:
+  l3d:
+    - l3d@pinkie.l3d.yt
+    - l3d@mobile.l3d.yt
+    - l3d@backup.l3d.yt
+    - l3d@derpy.l3d.yt
+    - l3d@backup-rsa.l3d.yt
+    - l3d@business.wingcon.com
+  mxusr:
+    - l3d@pinkie.l3d.yt
+    - l3d@mobile.l3d.yt
+    - l3d@backup.l3d.yt
+    - l3d@derpy.l3d.yt
+    - l3d@backup-rsa.l3d.yt
+    - l3d@business.wingcon.com
+
+accounts:
+  - l3d
+  - mxusr
+
+acme_domain_unwant_list: []
+#  - name: 'example.com'
+
+nginx_sites:
+  - name: 'mx.l3d.space'
+    webroot:
+      user: 'mxusr'
+  - name: 'node-exporter.mx.l3d.space'
+  - name: 'nginx-exporter.mx.l3d.space'
+
+# letsencrypt
+acme_notification_email: "{{ _acme_notification_email }}"
+
+# acmetool config
+acme_reload_services:
+  - 'nginx'
+
+# firewall
+fail2ban_destemail: "{{ _fail2ban_destemail }}"
+firewall_allowed_tcp_ports:
+  - "22"
+#  - "25"
+  - "80"
+#  - "143"
+  - "443"
+#  - "465"
+#  - "587"
+#  - "993"
+#  - "4190"
+#  - "42023"
+
+nginx__infrastructure_domain__enabled: false
+
+# l3d.time.ntp
+ntp_statistics: true
+
+# l3d.nginx_exporter
+nginx_exporter_listen_address: '127.0.0.1:9113'
+nginx_exporter_scrape_uri: 'https://node-exporter.mx.l3d.ch/nginx_status'
--- a/host_vars/services.l3d.ch/vault.yml
+++ b/host_vars/services.l3d.ch/vault.yml
@ -0,0 +1,16 @@
+$ANSIBLE_VAULT;1.1;AES256
+63656237376635396638613937623136656236383833663266356330663365303339636139386332
+6530326534316231323333666434353866376461613066640a653333333037396132646637346362
+36383761313731353532666632353561306233663139316532393764396431373036626361663830
+3334373338663333370a343562376530373461663636306135313864626638343631303036616165
+38386166316432663866383865383834383135646530303739383562616439363137623430373732
+34376566616266613664313034306461343863383132633631316135383239343635653034343362
+63656331396135646238623138323438366532636364613865323066623666303531626632393031
+36373163656539376262363962633234393936306438663836383431643461623533363939333566
+66336636353462336338663937303039303734383937393135653737666638633935313335303935
+66323836663634633532616537656533663236663465343862346562396263366335343535396266
+33376362343362643237363664623836346366623539323863323162366364383034393066393930
+62326133653630346132323563636261383631323931333638633233353835636235306334323631
+31386164326435353639396263376439363130663331356364646266336330646466353862656532
+61623839366439343266643833373563393163306466303863333932336566666265613666383063
+393632663233343964353161346639616332
--- a/host_vars/services.l3d.space/vars.yml
+++ b/host_vars/services.l3d.space/vars.yml
@ -1,15 +1,35 @@
 ---
+users:
+  l3d:
+    - l3d@pinkie.l3d.yt
+    - l3d@mobile.l3d.yt
+    - l3d@backup.l3d.yt
+    - l3d@derpy.l3d.yt
+    - l3d@backup-rsa.l3d.yt
+    - l3d@business.wingcon.com
+  mxusr:
+    - l3d@pinkie.l3d.yt
+    - l3d@mobile.l3d.yt
+    - l3d@backup.l3d.yt
+    - l3d@derpy.l3d.yt
+    - l3d@backup-rsa.l3d.yt
+    - l3d@business.wingcon.com
+
+accounts:
+  - l3d
+  - mxusr
+
 acme_domain_unwant_list: []
 #  - name: 'example.com'

 nginx_sites:
-  - name: 'etebase.l3d.ch'
-  - name: 'grafana.l3d.ch'
-  - name: 'www.grafana.l3d.ch'
-  - name: 'i.l3d.ch'
-  - name: 'www.i.l3d.ch'
-  - name: 'node-exporter.services.l3d.space'
-  - name: 'nginx-exporter.services.l3d.space'
+#  - name: 'etebase.l3d.ch'
+#  - name: 'grafana.l3d.ch'
+#  - name: 'www.grafana.l3d.ch'
+#  - name: 'i.l3d.ch'
+#  - name: 'www.i.l3d.ch'
+  - name: 'node-exporter.services.l3d.ch'
+  - name: 'nginx-exporter.services.l3d.ch'

 acme_notification_email: "{{ _acme_notification_email }}"

--- a/hosts.ini
+++ b/hosts.ini
@ -6,6 +6,7 @@ mail01.l3d.space
 mx.l3d.ch

 [services]
+services.l3d.ch
 services.l3d.space

 # [home]
--- a/roles/do1jlr.etebase
+++ b/roles/do1jlr.etebase
@ -1 +0,0 @@
-Subproject commit e230d0fa99553eebdc9e223054984b06a9364458
--- a/roles/l3d.etebase
+++ b/roles/l3d.etebase
@ -0,0 +1 @@
+Subproject commit ffa80c3d5bef119a0958f70444f53cd7b92e2800
--- a/site.yml
+++ b/site.yml
@ -47,7 +47,7 @@
 - name: Deploy services
  hosts: services
  roles:
-    - {role: do1jlr.etebase, tags: [etebase, etesync, calendar, kalender, contacts, kontakte]}
+    - {role: l3d.etebase, tags: [etebase, etesync, calendar, kalender, contacts, kontakte]}
    - {role: grafana.grafana.grafana, tags: [grafana. monitoring]}
    - {role: prometheus.prometheus.prometheus, tags: [monitoring, prometheus]}
    - {role: l3d.homebox, tags: [homebox]}
				`@ -1 +0,0 @@`
				`Subproject commit e230d0fa99553eebdc9e223054984b06a9364458`
				`@ -0,0 +1 @@`
				`Subproject commit ffa80c3d5bef119a0958f70444f53cd7b92e2800`