tobias/infrastructure
1
0
Fork 0
Code Issues 5 Pull Requests Projects Activity

Add Infrastructure Meta host

Browse Source
This commit is contained in:
Tobias Manske
2023-09-12 03:29:04 +02:00
parent 550a50326a
commit a8ef28e446
4 changed files with 203 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
coreos-config/host_vars/infra.unruhig.eu/vault.yaml Normal file
View File

@@ -0,0 +1,66 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
38306662306636613961303238393334386466346265633632306361386138306638313261356132
3133323365333632333339386539333633303334326335630a386164396663356330313364386563
61323330356232303239303130626434383362383938663235613465393661363536663635633336
3339346665386233610a626637643834666338313333323434383061633235663532643665656334
32303834353566323461643235363761303663663165653264653265623061623033636339323330
62323265393636636566303038663936343863616565323832346136663462336666323962396533
66376435313237653931623835353561636231623166376637336166376537623932613936636630
32636265336563316332663466663436396233323434656330333966303662363266656466313230
63353166653266316138666464376633643438393761336636373864633132643739636136633336
39613161383230333036633037383434333132346232623032303735356638323436366230363739
63376332376531336264623361313831386333656437653865396137623331646432316630646433
62383938663561316236366534663234393063393063663235323065653266383363353963363564
38636262326534386133363432353363383436623432613539666135356336626664623232343132
37333864656463393237646434333036336362323233323164393962313064633539393636643433
33616431616538393163663434336633326463663334666261633264613761663863613132666433
62346463303561323862383564646237303932663136366435666161376632656136336163636464
32333164333232383065353363373936393964323836636332373532373432336138653039356136
35333939346661303130643564326337626363633333623065663134343936393139613466656636
65663832383365656265393234633638656165313638636161373238663861336331323265616561
65386462326432373039393233613635646262623061393431626531623763663039303837353636
34623030393130646135663836663866396162663732383233323535626564373464316435653736
62366466656463346363363939386336363435613837383939383231333837346335343130666664
38613264353030646232306532333538316334666231633062636664623733626536366564663735
63393631333261313761613837306364633161373036316130633861383163626266383132363065
62626436333763386634626461383439623636633262336435386435643530383532336363393862
65356164383631343332346537393236363239356665383037343366626563386432373834323936
32323731393231386239623131306634353138633735663937313138343966393438313031306665
30363236376563636136633162666238373637323065653430376631353962373963646639366131
63356333366264626431323463663834326662613632316264353966346361663164643933353834
38343264313537663333313365333933316436343566666238393032663434343435633132363164
34666335393936383134653738653631386138366432623735616263303261323631316137316530
66356462336261333437623133366231383737643461343335373762356136336331386564303735
65343538616261396139313636373864376330353863346634656665396637646132326533353238
32643661373035643638393932376132306163396130613761626535303838346364386466646436
61663731393638643832653364313631303963333138393063623961366432633432633266333465
61353733616664306663373866663837623038393139633465623862303337363636666164363337
61386635343861616437356539643930646437343234353331323334653236656135313163383263
61383637626534653437373237316236343831633633303834646666306664396466613433653161
64616238646431396536626439396531613965626333346634633832613330396166353339353161
34616266376162326466656464336264313433663764633761656164643535396266636231653339
65366233643863633631323962356264353539653532336230623961333362663163393834376161
66636163336133313861373765343962386361396264656632323030626431316335313763366339
39353032336166346138616135633238376262343064613530393639316463336433636162373863
37323232343865663664363763633564353739376631306165343032363736366265333263356637
32636434303535373532303138626166666334633935363766356439396664343165666532636163
39376161313966393839323734333463613635313665306339613336323061386635396330363435
65353065316164393231663136353263613737343661333563646532396539623862373265313834
64613830363063663134326534313938323265376338626330373530316431616530306231653635
33306663663933356232313933383436386134666636383364653366366330303938623563383638
31643066313035306533386364326637663038316538386363313263306430353530343962393365
34616237383230623966363039653432323333353233636131666136343234336237383730363161
31656163336534616330333462616230393961366634303039326237373563333461353535653536
66336537663638623966383862633139396239653233643962376631373537323661313531656434
35623064333963396632306336343434356365396661376135386166363739313536373633636664
63666430356361303365356134383836303633633263653861343237316266623934343866353863
33663437656463353363316230363166356633623532386630623535303335646135646163633635
32626231323737643862656633616239323262373334623163363430623861653233343964646466
66316536623465366531353264643030613135323332633132626663663566376539616563636438
37333139303630313834383235313863363362393966353262376637346132396330373239333830
33623630666364656335373137646462623432656436323430616261643237376361643661303335
66663037393666383339616434343437653333343661326435346662653530343630383664396537
34353037656461613864393237643036653665633633386462626230656637636665336233313935
34653365343433643466336636613932373532306338343532636335356236356263323535346339
32303064336432396631353334663365613330623933326265393031383232663063353533303639
3230

7
coreos-config/inventory.yaml
View File

@@ -11,6 +11,11 @@ all:
ansible_host: 192.168.0.73
ansible_user: core
network_interface: ens3
infra.unruhig.eu:
ansible_user: core
network_interface: ens3
network_ipv6_addr: "2a03:4000:9:176::1"
wg_addr: 10.1.0.4
vars:
service_base: "{{ playbook_dir }}/services"
children:
@@ -22,6 +27,7 @@ all:
host.nc.chaoswg.org: null
thonkpad.ka.chaoswg.org: null
mon1.hel1.chaoswg.org: null
infra.unruhig.eu: null
monitoring:
hosts:
mon1.hel1.chaoswg.org: null
@@ -29,3 +35,4 @@ all:
hosts:
host.nc.chaoswg.org: null
mon1.hel1.chaoswg.org: null
infra.unruhig.eu: null

15
coreos-config/plays/infra.yaml Normal file
View File

@@ -0,0 +1,15 @@
- name: Setup Infra Meta Host
hosts: infra.unruhig.eu
gather_facts: false
vars:
state: running
base_domain: "tobiasmanske.de"
roles:
- {role: compose_project, service: traefik}
- {role: compose_project, service: keycloak}
# - {role: compose_project, service: db} # database used for terraform state
# - {role: compose_project, service: monitoring-stack} # mimir, loki, grafana
- {role: compose_project, service: pantalaimon}
- {role: compose_project, service: watchtower}
# vim: ft=yaml.ansible

115
restore-tests/butane/infra.unruhig.eu Normal file
View File

@@ -0,0 +1,115 @@
---
variant: fcos
version: 1.4.0
systemd:
units:
# Installing vim as a layered package with rpm-ostree
- name: rpm-ostree-install-pkg.service
enabled: true
contents: |
[Unit]
Description=Layer packages with rpm-ostree
Wants=network-online.target
After=network-online.target
# We run before `zincati.service` to avoid conflicting rpm-ostree
# transactions.
Before=zincati.service
# Otherwise vagrant will try to run the playbook before we got python
Before=sshd.service
ConditionPathExists=!/var/lib/%N.stamp
[Service]
Type=oneshot
RemainAfterExit=yes
# `--allow-inactive` ensures that rpm-ostree does not return an error
# if the package is already installed. This is useful if the package is
# added to the root image in a future Fedora CoreOS release as it will
# prevent the service from failing.
ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim python docker-compose borgbackup btop iftop iotop
ExecStart=/bin/touch /var/lib/%N.stamp
[Install]
WantedBy=multi-user.target
# Make sure docker is actually starting without a call to the socket.
- name: docker.service
enabled: true
- name: borgbackup.service
contents: |
[Unit]
Description=Run Backup of /var/lib/docker
[Service]
ExecStart=/usr/bin/bash /root/backup.sh
[Install]
WantedBy=multi-user.target
- name: borgbackup.timer
enabled: true
contents: |
[Unit]
Description=Daily backup
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target
storage:
disks:
- device: /dev/disk/by-id/coreos-boot-disk
wipe_table: false
partitions:
- number: 4
label: root
size_mib: 8192
resize: true
- label: swap
size_mib: 3072
- label: var # not specifying "number", so this will go after the root partition
size_mib: 0 # means "use the rest of the space on the disk"
filesystems:
- path: /var
device: /dev/disk/by-partlabel/var
format: xfs
wipe_filesystem: true # preserve /var on reinstall (this is the default, but be explicit)
with_mount_unit: true # mount this filesystem in the real root
- device: /dev/disk/by-partlabel/swap
format: swap
wipe_filesystem: true # preserve /var on reinstall (this is the default, but be explicit)
with_mount_unit: true # mount this filesystem in the real root
files:
# Set vim as default editor
# We use `zz-` as prefix to make sure this is processed last in order to
# override any previously set defaults.
- path: /etc/profile.d/zz-default-editor.sh
overwrite: true
contents:
inline: |
export EDITOR=vim
- path: /etc/hostname
mode: 0644
contents:
inline: infra.unruhig.eu
- path: /etc/zincati/config.d/55-updates-strategy.toml
contents:
inline: |
[updates]
strategy = "periodic"
[[updates.periodic.window]]
days = [ "Wed", "Mon" ]
start_time = "12:00"
length_minutes = 60
links:
- path: /etc/localtime
target: /usr/share/zoneinfo/Europe/Berlin
passwd:
users:
- name: core
groups:
- docker
ssh_authorized_keys:
- cert-authority,principals="rad4day,rad4day@chaoswg.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUN/Ik3CqhsVLGEkl2rJLUhC0AXFmVp6BgETaqgVKq5 user-ca@chaoswg.org
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhzs4vCOhy3yH2TF2bO5Qalt2P4WG4nDYTLarPKFrdM ansible@provisioner
...
# vim: ft=yaml.butane