Add Infrastructure Meta host

coreos-config/host_vars/infra.unruhig.eu/vault.yaml

@@ -0,0 +1,66 @@
+$ANSIBLE_VAULT;1.2;AES256;secrets
+38306662306636613961303238393334386466346265633632306361386138306638313261356132
+3133323365333632333339386539333633303334326335630a386164396663356330313364386563
+61323330356232303239303130626434383362383938663235613465393661363536663635633336
+3339346665386233610a626637643834666338313333323434383061633235663532643665656334
+32303834353566323461643235363761303663663165653264653265623061623033636339323330
+62323265393636636566303038663936343863616565323832346136663462336666323962396533
+66376435313237653931623835353561636231623166376637336166376537623932613936636630
+32636265336563316332663466663436396233323434656330333966303662363266656466313230
+63353166653266316138666464376633643438393761336636373864633132643739636136633336
+39613161383230333036633037383434333132346232623032303735356638323436366230363739
+63376332376531336264623361313831386333656437653865396137623331646432316630646433
+62383938663561316236366534663234393063393063663235323065653266383363353963363564
+38636262326534386133363432353363383436623432613539666135356336626664623232343132
+37333864656463393237646434333036336362323233323164393962313064633539393636643433
+33616431616538393163663434336633326463663334666261633264613761663863613132666433
+62346463303561323862383564646237303932663136366435666161376632656136336163636464
+32333164333232383065353363373936393964323836636332373532373432336138653039356136
+35333939346661303130643564326337626363633333623065663134343936393139613466656636
+65663832383365656265393234633638656165313638636161373238663861336331323265616561
+65386462326432373039393233613635646262623061393431626531623763663039303837353636
+34623030393130646135663836663866396162663732383233323535626564373464316435653736
+62366466656463346363363939386336363435613837383939383231333837346335343130666664
+38613264353030646232306532333538316334666231633062636664623733626536366564663735
+63393631333261313761613837306364633161373036316130633861383163626266383132363065
+62626436333763386634626461383439623636633262336435386435643530383532336363393862
+65356164383631343332346537393236363239356665383037343366626563386432373834323936
+32323731393231386239623131306634353138633735663937313138343966393438313031306665
+30363236376563636136633162666238373637323065653430376631353962373963646639366131
+63356333366264626431323463663834326662613632316264353966346361663164643933353834
+38343264313537663333313365333933316436343566666238393032663434343435633132363164
+34666335393936383134653738653631386138366432623735616263303261323631316137316530
+66356462336261333437623133366231383737643461343335373762356136336331386564303735
+65343538616261396139313636373864376330353863346634656665396637646132326533353238
+32643661373035643638393932376132306163396130613761626535303838346364386466646436
+61663731393638643832653364313631303963333138393063623961366432633432633266333465
+61353733616664306663373866663837623038393139633465623862303337363636666164363337
+61386635343861616437356539643930646437343234353331323334653236656135313163383263
+61383637626534653437373237316236343831633633303834646666306664396466613433653161
+64616238646431396536626439396531613965626333346634633832613330396166353339353161
+34616266376162326466656464336264313433663764633761656164643535396266636231653339
+65366233643863633631323962356264353539653532336230623961333362663163393834376161
+66636163336133313861373765343962386361396264656632323030626431316335313763366339
+39353032336166346138616135633238376262343064613530393639316463336433636162373863
+37323232343865663664363763633564353739376631306165343032363736366265333263356637
+32636434303535373532303138626166666334633935363766356439396664343165666532636163
+39376161313966393839323734333463613635313665306339613336323061386635396330363435
+65353065316164393231663136353263613737343661333563646532396539623862373265313834
+64613830363063663134326534313938323265376338626330373530316431616530306231653635
+33306663663933356232313933383436386134666636383364653366366330303938623563383638
+31643066313035306533386364326637663038316538386363313263306430353530343962393365
+34616237383230623966363039653432323333353233636131666136343234336237383730363161
+31656163336534616330333462616230393961366634303039326237373563333461353535653536
+66336537663638623966383862633139396239653233643962376631373537323661313531656434
+35623064333963396632306336343434356365396661376135386166363739313536373633636664
+63666430356361303365356134383836303633633263653861343237316266623934343866353863
+33663437656463353363316230363166356633623532386630623535303335646135646163633635
+32626231323737643862656633616239323262373334623163363430623861653233343964646466
+66316536623465366531353264643030613135323332633132626663663566376539616563636438
+37333139303630313834383235313863363362393966353262376637346132396330373239333830
+33623630666364656335373137646462623432656436323430616261643237376361643661303335
+66663037393666383339616434343437653333343661326435346662653530343630383664396537
+34353037656461613864393237643036653665633633386462626230656637636665336233313935
+34653365343433643466336636613932373532306338343532636335356236356263323535346339
+32303064336432396631353334663365613330623933326265393031383232663063353533303639
+3230

coreos-config/inventory.yaml

@@ -11,6 +11,11 @@ all:
       ansible_host: 192.168.0.73
       ansible_user: core
       network_interface: ens3
+    infra.unruhig.eu:
+      ansible_user: core
+      network_interface: ens3
+      network_ipv6_addr: "2a03:4000:9:176::1"
+      wg_addr: 10.1.0.4
   vars:
     service_base: "{{ playbook_dir }}/services"
   children:
@@ -22,6 +27,7 @@ all:
         host.nc.chaoswg.org: null
         thonkpad.ka.chaoswg.org: null
         mon1.hel1.chaoswg.org: null
+        infra.unruhig.eu: null
     monitoring:
       hosts:
         mon1.hel1.chaoswg.org: null
@@ -29,3 +35,4 @@ all:
       hosts:
         host.nc.chaoswg.org: null
         mon1.hel1.chaoswg.org: null
+        infra.unruhig.eu: null

coreos-config/plays/infra.yaml

@@ -0,0 +1,15 @@
+- name: Setup Infra Meta Host
+  hosts: infra.unruhig.eu
+  gather_facts: false
+  vars:
+    state: running
+    base_domain: "tobiasmanske.de"
+  roles:
+    - {role: compose_project, service: traefik}
+    - {role: compose_project, service: keycloak}
+    # - {role: compose_project, service: db} # database used for terraform state
+    # - {role: compose_project, service: monitoring-stack} # mimir, loki, grafana
+    - {role: compose_project, service: pantalaimon}
+    - {role: compose_project, service: watchtower}
+
+# vim: ft=yaml.ansible

restore-tests/butane/infra.unruhig.eu

@@ -0,0 +1,115 @@
+---
+variant: fcos
+version: 1.4.0
+systemd:
+  units:
+    # Installing vim as a layered package with rpm-ostree
+    - name: rpm-ostree-install-pkg.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Layer packages with rpm-ostree
+        Wants=network-online.target
+        After=network-online.target
+        # We run before `zincati.service` to avoid conflicting rpm-ostree
+        # transactions.
+        Before=zincati.service
+        # Otherwise vagrant will try to run the playbook before we got python
+        Before=sshd.service
+        ConditionPathExists=!/var/lib/%N.stamp
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        # `--allow-inactive` ensures that rpm-ostree does not return an error
+        # if the package is already installed. This is useful if the package is
+        # added to the root image in a future Fedora CoreOS release as it will
+        # prevent the service from failing.
+        ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim python docker-compose borgbackup btop iftop iotop
+        ExecStart=/bin/touch /var/lib/%N.stamp
+
+        [Install]
+        WantedBy=multi-user.target
+    # Make sure docker is actually starting without a call to the socket.
+    - name: docker.service
+      enabled: true
+    - name: borgbackup.service
+      contents: |
+        [Unit]
+        Description=Run Backup of /var/lib/docker
+
+        [Service]
+        ExecStart=/usr/bin/bash /root/backup.sh
+
+        [Install]
+        WantedBy=multi-user.target
+    - name: borgbackup.timer
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Daily backup
+
+        [Timer]
+        OnCalendar=daily
+        Persistent=true
+
+        [Install]
+        WantedBy=timers.target
+storage:
+  disks:
+    - device: /dev/disk/by-id/coreos-boot-disk
+      wipe_table: false
+      partitions:
+      - number: 4
+        label: root
+        size_mib: 8192
+        resize: true
+      - label: swap
+        size_mib: 3072
+      - label: var  # not specifying "number", so this will go after the root partition
+        size_mib: 0 # means "use the rest of the space on the disk"
+  filesystems:
+    - path: /var
+      device: /dev/disk/by-partlabel/var
+      format: xfs
+      wipe_filesystem: true # preserve /var on reinstall (this is the default, but be explicit)
+      with_mount_unit: true  # mount this filesystem in the real root
+    - device: /dev/disk/by-partlabel/swap
+      format: swap
+      wipe_filesystem: true # preserve /var on reinstall (this is the default, but be explicit)
+      with_mount_unit: true  # mount this filesystem in the real root
+  files:
+    # Set vim as default editor
+    # We use `zz-` as prefix to make sure this is processed last in order to
+    # override any previously set defaults.
+    - path: /etc/profile.d/zz-default-editor.sh
+      overwrite: true
+      contents:
+        inline: |
+          export EDITOR=vim
+    - path: /etc/hostname
+      mode: 0644
+      contents:
+        inline: infra.unruhig.eu
+    - path: /etc/zincati/config.d/55-updates-strategy.toml
+      contents:
+        inline: |
+          [updates]
+          strategy = "periodic"
+          [[updates.periodic.window]]
+          days = [ "Wed", "Mon" ]
+          start_time = "12:00"
+          length_minutes = 60
+  links:
+    - path: /etc/localtime
+      target: /usr/share/zoneinfo/Europe/Berlin
+passwd:
+  users:
+    - name: core
+      groups:
+        - docker
+      ssh_authorized_keys:
+        - cert-authority,principals="rad4day,rad4day@chaoswg.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUN/Ik3CqhsVLGEkl2rJLUhC0AXFmVp6BgETaqgVKq5 user-ca@chaoswg.org
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhzs4vCOhy3yH2TF2bO5Qalt2P4WG4nDYTLarPKFrdM ansible@provisioner
+...
+# vim: ft=yaml.butane