tobias
/
infrastructure
1
0
Fork 0
Code Issues 5 Pull Requests Projects Activity

Compare commits

base: tobias:main
Branches Tags
tobias:main
tobias:feature/error-page
..
compare: tobias:feature/error-page
Branches Tags
tobias:main
tobias:feature/error-page

1 Commits
main ... feature/er

Author SHA1 Message Date
Tobias Manske d86ea6a382
WIP: Errorpage 2022-08-22 23:23:14 +02:00
258 changed files with 3326 additions and 36944 deletions
Show Stats Expand all files Collapse all files

69
.drone.yml
View File

@ -1,69 +0,0 @@
---
kind: pipeline
type: docker
name: Ansible-Playbook
trigger:
branch:
- main
event:
include:
- push
- custom
environment:
ANSIBLE_FORCE_COLOR: true
ANSIBLE_HOME: /drone/src/.ansible
SUMMON_PROVIDER: /drone/src/summon-wrapper
PASSAGE_DIR: /drone/src/.passage/store
PASSAGE_IDENTITIES_FILE: /drone/src/ssh_key
node:
ansible: "true"
steps:
- name: Prepare Secrets
image: registry.tobiasmanske.de/ansible-runner:latest
pull: always
environment:
SSH_KEY:
from_secret: ssh_key
GIT_SSH_COMMAND: ssh -i /drone/src/ssh_key -o StrictHostKeyChecking=no
commands:
- echo $${SSH_KEY} | base64 -d > /drone/src/ssh_key
- chmod 600 /drone/src/ssh_key
- git clone ssh://git@git.tobiasmanske.de:7779/tobias/infrastructure-vault.git $${PASSAGE_DIR}
- name: Prepare Runner
image: registry.tobiasmanske.de/ansible-runner:latest
pull: always
commands:
- cd ansible
- mkdir $ANSIBLE_HOME
- ansible-galaxy install -r requirements.yaml
- summon ansible-playbook --inventory=inventory.yaml runner-pre.yaml
- name: Run Terraform
image: registry.tobiasmanske.de/terraform-runner:latest
pull: always
commands:
- cd tf-stage-1
- summon terraform init -input=false
- summon terraform apply -auto-approve -input=false
- name: Run Ansible
image: registry.tobiasmanske.de/ansible-runner:latest
pull: always
commands:
- cd ansible
- summon ansible-playbook --inventory=inventory.yaml playbook.yaml
- name: Validate Ansible
image: registry.tobiasmanske.de/ansible-runner:latest
pull: always
environment:
ANSIBLE_VAULT_PASSWORD_FILE: "/drone/src/vault_pass"
ANSIBLE_FORCE_COLOR: "true"
commands:
- cd ansible
- ansible-galaxy install -r requirements.yaml
- summon ansible-playbook --check --inventory=inventory.yaml playbook.yaml
image_pull_secrets:
- registry

18
.gitea/issue_template/new_device.md
View File

@ -1,18 +0,0 @@
---
name: "New Machine Onboarding"
about: "✅ Checklist for onboarding a new machine"
title: "Machine: Onboard <hostname>"
ref: "main"
labels:
- onboarding
---
- [ ] Add hostname entries to dns in `tf-stage-1`
- [ ] Add host to ansible inventory
- [ ] Add machine ssh-key to Backup Storagebox
- [ ] `touch /etc/setup_complete` if no restore is needed
- [ ] Update known_hosts `summon ansible-playbook regenerate-known-hosts.yaml`
- [ ] Generate new ansible ssh key `summon ansible-playbook --inventory=inventory.yaml tasks/create_ssh_keys.yaml`
- [ ] Run `summon ansible-playbook --tags setup playbook.yaml`

44
.gitignore vendored
View File

@ -1,44 +0,0 @@
# Created by https://www.toptal.com/developers/gitignore/api/terraform
# Edit at https://www.toptal.com/developers/gitignore?templates=terraform
### Terraform ###
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc
.terraform.lock.hcl
# End of https://www.toptal.com/developers/gitignore/api/terraform
.envrc

11
ansible/ansible.cfg
View File

@ -1,11 +0,0 @@
[defaults]
roles_path=roles
template_dir=templates
[vault]
username=ansible
keyname=secrets
[ssh_connection]
pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=1200

2
ansible/group_vars/all/kuma.yaml
View File

@ -1,2 +0,0 @@
---
heartbeat_timer_interval: 300

11
ansible/group_vars/all/main.yaml
View File

@ -1,11 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
30633036313361316363313630616632333931633635326666663935633061346237353362316132
6364663462646639613862393263616661613838303962660a623233386637653363636531383535
37623664636362666136643765633166373030663864613134313862373131646539313533303532
3563666465396463330a613632643431316563383331373932366334386564646335393433366663
36616239373630336430393065316433343536663062383563646235646365376539326636626230
30643033656134613966643163323730353239666264343630613830393630653333643961363765
37396462323539303736333734373332646633633463636162626634656632346165363134643234
38316632323366303166663964663639616638643538626363633564626133366634323439393163
33646462643035613963646131373339333863636231356163356630383133633839373561643835
6264383563386437656563316539393139313137306164343631

3
ansible/group_vars/all/networks.yaml
View File

@ -1,3 +0,0 @@
docker:
internal_networks:
- metrics

38
ansible/group_vars/all/vault.yaml
View File

@ -1,38 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
34613833383438313433616164313331333135316336323234613833393833376439373634383635
3739393762373132336237376138313430316534393035660a393135343164356163636435646234
32623662323363636563313532393337376435343562386463663835616161366566643038633430
3835363732363263340a613531393234346461623263646533326465643862373564316666613032
66373136373463303665613334356363376264613536383463323435333036323466303138653136
37633335666664343463336239393137386136306239303536306364616237353937316338396433
30303035626231623361363336663364313463376335373237366465353066343334623233323537
61626263306262373265363165393538393735343933356535666161653762626337656634623235
64373038396530643931383536653066303666313236366163373031303561366331623635666535
62326664343536386566366565633034373762613464326233643633393761336464333532303735
30373037316361633038373934626337616439343636623832616261383734656635323731646537
64303137663532306238306636353635336136653361663038333664356132306162393136326432
31633464376666333263306433366233346163303338646139663238616464633238306535623435
62666164343536643536636366376666303463313339363137343866643430386337323263363833
34356561303437633538323638303130653433313263356131343937653063643161623766646161
66363663643162306237626233613762323737663661393236343534613464393335326133613764
35396438323235373161396537356532383462643463396437363064316665376138633631333339
38326261306338636339316538316663383066313338633335666337303838653536663631323266
65666565316664323636346636316331356533306132386663623833373638393638316361613366
38643335613136326534343261333963353934306361313062666534356339323462386465616137
31343566303164656463373661383031643833613263663131373834383632666536666231313836
36386665353338346564306535396434656134623032303838646637373632376531633031623632
35303336616135333930376633303432373862646437643162623364366261363035333831643265
65373636373131633034336263376438366134616436643863383130333761343731353461363533
39313831626134636261393766396130366536363463336333656633376533356463373966636431
30356463363732323636396365376638643435636464383837353762373665343437663666393130
36633434366238336133313536313138353434636432633562333538633830653163383633383630
61633461356234633831336234303436633330646130663431336431356636656162346238393931
33316432623037653964623935333736623262666430646363346239353863636634363061353939
37393166653634353535663630356362383963656162356539383532656163333664623162363032
63336463616133363165656337613137636534323133316334316166353964343162666235386136
38656234623136653935393461336235323961643336306539303037363061366637653564303431
61356566336230663931613331386333656236323761666462393635366333623835643134343966
34306166383838393736373634393536633631333234373731643737653837663230306130333536
39643837383339633533313761656637393830613633613036373332306632396237326634656666
61383364336438353637323638376134656663333331666562666335633535663363643731323438
3864

7
ansible/host_vars/filehost.unruhig.eu/main.yml
View File

@ -1,7 +0,0 @@
known_hosts:
- filehost.unruhig.eu ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXlm4q3UBK2ChZCujrc9nv45tnntj6E+80UOOzZ6EEFWeUkJ0R+o4z4bnLsWBfFxfwgMDUvFCUCuS7R7xo2pE6vlRhPeD6eTitqNmRMfgmMZLJCdWD5eechg2FNSIht+wB61KEwMBuARXX45nmvIknWiRBK0qAGMLgy46hAx60hf/2uzSuyF6cxQdRqH7TNKZ/06aC7fCo9MCvHbiWvOSKbRx+jYSw8L27DW8WbPTqTGhywidij3nQEjwCFof/IN/hdp7NLpF/8qAoxW9iLWHh7ghESSwHxDF+QC1NjyA1g9QvyX+4p/hzR71wvQ2OVT/R9qx45jJiEi4dVQtsPGbcMzY9gQNbzyzl898cvnp2OuS50kGxuJZaJLMOj2UClbpW+lTrrkKvBZKkAF85v+C6Xcx/waY01eH0PaDBpoo40Y+vS9nWLmnKcvz5iDC6DVL8gUyDxuQj6/qMQuVsr5GL7GnvqIF/jjz6rNqES5Lr88c18ZyWeaupAHNnSgxaGV8=
- filehost.unruhig.eu ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNxa8vbJ70oM2PlEKegPu3/SUO7oXz2lM6PvR74Ad+RYjjAQZr/j3WMpeDn15ugexlYmYoHgxgeT0xA6E/ZAM/0=
- filehost.unruhig.eu ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvXX75sXWRgslMW/Ufq0t0OJQnTFiWPL4yBUBdGIU9k
ssh:
authorized_keys:
- ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNpGyOWzNNTW7e8PBZCRZ8q4JygBKKtOMWng09b3mnNo9GPvb+V7RhnMf0rnGbwp9q89QFjYbZ8ZKqCoBpgtlT4= backup.unruhig.eu_22

17
ansible/host_vars/filehost.unruhig.eu/vault.yaml
View File

@ -1,17 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
36336235613033366466623936373035353462656137303937626535653237646633663035363435
3935323464336235353134623634343539383930653066370a623435326437643362386638623735
64393933303561303833326364613736643632376464383632613964313265356565636237653432
6338326433623539310a393261376134626164316230386533333766336130326236333562636665
65663865653663623838656237376262626139643733356461383539383164653338613636383935
39366133623933366631643938643832373264613031393430623132386166643836616362613333
39326666356434343263383934613238663635613234323264363930396136356461386365666538
38376564386339623462646138646461633732313866306365303463356330316535383137666230
31313132663030626562313437623735376338333061306438343761396637613535373633386536
37303535386566303564343938333037356363383561656462393239323736643331646536626633
34663534653165663930663939363936323630643065306462353261616535666338353962643930
30353439653331613165333137626636363064366164626136643234353030336139336535333132
36373934343431363665643631373336396433383732326539663336366234613364363663323238
34333530366634613933363530373935383831653864633462336465366136613730643932303935
35363935343233383733623233316332653061666262633435346532326365326462366366333966
33366364343330313238

4
ansible/host_vars/host.nc.chaoswg.org/main.yaml
View File

@ -1,4 +0,0 @@
ssh:
authorized_keys:
- ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHrm5yQLJMKOScBDc8ek0nfinzYSvQdN22kSEKRN9/UUlcSDmqFUHpQNtvysCZr4l9WRKxTYDhy3rY8HaMSQaGY= host.nc.chaoswg.org_22

418
ansible/host_vars/host.nc.chaoswg.org/vault.yaml
View File

@ -1,418 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
35363566626539663638343063313962633435333461363562623237663535353331613334343161
6264363235383562363262356139323936326336616438310a383137366164613339376137366265
32623464313765626636666134333665396661383432653533646665646562623135346136373864
6536323039383238630a353566643435326166346265316530383036653064626364643739306233
35633831653039363039333964663534643061653130663634616231613639653736313363306330
36306136653532393838306531333866656536646136663565316630373963643366666462303933
61316435336233383435366664303331396164363239326432616662343336303736366361353963
34363532373831353365373539363630353735333233633238313532333266313335643938643638
64386231356437646630386133323730656238303364653366653138373337383036613333343630
34346330303163386230343033303238303334343461333039616335303035306238623463646635
63663565393666633162633238646166633561363265336162346437363661343431323734343932
32653338663061653265626332366338383065613736306561306462316435303234363264656534
64643864306335313531633235363366346232313437353162663364323365383263336235353666
62386232653831633765346633393332376538643239306164336534656332366234393538386564
35313930353362336165613335643465656138626430393464313765313534303634633739656232
66643535663336613865373339663664343166633534326434306162366635386366663230373464
62303937393435633237373239666231643930626432663361346166356533366530303234373561
61636132316362633136353062663231663738313265376532643631633162613264333963623235
61393661623232396463326666653231363030656565336565346334336138633165323064343564
35303831303262343831363466646265376231616237666266393537356365383466303662336336
38323633376261633431386662646664386161613463343962313134303537306439396363373230
34613935383165643163386135383830653562303264626331326136316464383938626532623730
30363562633335343735623230633132303162323264323932663831396431333830353137396132
30333736343639366335393763623739393233343065646237396630643634663066383866323737
61613836363461633833363562323335623132353035343539613630356334396463386137663739
35653065613031653766326235666334303965306434363330366262353539326365336131666362
33313164653838303565346335643136323734633231343131623534653633653261353063633862
63353139383562643731343462396635326537666636303337313038313862373639643036623333
62323439633438613961396631363332353761653563313037326132303634633036633136346238
64653566663936616236383534363966313133396237376130656332396562656564353032326331
36336238366636336237663737373637306132643462336337383034383533666362333636663737
38323262346334326339353937386164656332366264313832326463616235343535393631643530
38373332613561656562383263386662316439363362343763663139623161353163383035373339
66383730306231323334646666623432643032343531363862353762636265373232333431306134
62623334646438383337323762623338383537343733616666376238333239393364303764656561
31366632663535623936646161363063316263643835346336376538383734383733613762336466
34643132333432393432376235396666663934376566396338396164636533316434346135626163
39316565393139356439323538383164323835343633646637386137653931396238356666313535
34396365616235313533313730366463323235326134313837363465363237333934663934393130
39303163383862646633623236303361393537666239396230323164356139646262396536303437
37336237333265626163626635303331653365613735373364633961616130616537376330353566
62383437383465336338326130653163323465616232613331316566623130646466363163373031
63333261343264333338616633613663316661393831383338386237633839613765653630386638
33623665663739666634316238353735363231336165376438383966613661323132306562396464
32363131306137303536326131643434326535656631613735323736653533373839666134336463
31663939613236326564303939653431653931663134643436333962636331363064643939333239
37353539396563333266396233306231336630363534343034306134336533313035326636363264
39346361356366383037383765336636633531616538363639383232636536313561666333373863
35356633656638383430303364663962306230386163623261656131366438376131613930326533
38383231646162333937393832323231356461616237656534306266353263333561323566363933
36663063316436326566646233643762396332383366383565633438383663643832626533666235
30346532613833333761613437386564393635656537313166643865636437333436393337663335
38643065386632626163376565626164653235633337323364633837613665393866653230313734
64636563333137636436616464323839633133363137303734386261323034313437373238653535
37373361663765333434316565626532383338303736626239366535616635313639663834653931
33356139616265613262343730346664363034646133653333366666343333373339346663353262
39626532386232393533376232613964316636316237616363303632386538363038643033373361
65323339343333663863323262353336643934353438363965343665633432323832666139653430
38383334653031343063393463643834663064343265626566373662393163363330383237663333
39393236643638396633383439306365623639646130666337353765656337643832616363313432
63343066333863663734363866363965376536396530633966316535643237653363383965363339
61646263386661343733616637363164323038646538653136666232386363653735343539323434
66613263646332386264323431326462303862303561393831666363333037393232343761306662
64303837393363353538303564353465333330306432643934313233336131653931343538623763
33303163663530386136323632376238303232343238396666353663383261616337383033336138
62303233393261396339383462376336623866643664636233313138313964376266343535346666
62323765343663623264326234366431616633316139386234623963393166303936343732326166
35623661656461306236323231666138316161613534343863633039653837623935333063353738
66373834343233336463373832653836326565333731363133356333363636653261313731393732
64613730626464313736376133333465323464363536643736353063633966363536653437656533
64333464643339343637343634386630623961373565306630373038633866343365323833623962
65666330633539323739373636623238346237643732663736623330353038303830396666656261
30356531376235643661393566333033653238633639353935643535313134316562343536336639
38303463383037303431383764323238323463646430366233323433363535336234616566363531
32306636353136326335643865393462663465633634356437663865383765396135383038656234
66336336353864373231353032313236323034633534376362323461636263363436313430323133
66613564636137306266376566633930353036623161613530313563336432373038343265313733
32656332373733326636333936383235353535363636653335313766663536613162303564613437
34663366373636636465623562633339376334306232656630643635376136396131616533303466
39353531326536393663306338306630336534623935666564333730393330373330653532313230
38393230333964623763316266353932316535376633666237373339653433303762653835336439
36316563366638396437343964663433623531343061313439363630623933636538323034643832
65643632623332393733383166313563636266356233383639323830303661363161333261383630
65353237376139653839323438343965313735353436336561623065646466343139656339373163
66303064383062323266623634386263653765353166633261353666323430346330363739613038
64303837393533663633623837356438636166646435343035396633366238663661336565643065
65353230323731623534316364313464616335663266663263326266373162623561383530653963
64313664333839363565303030316666333365333335373339313032303462653531386136643966
32373537373763363361316435626463393433333563633735353562356435353937303364396136
30383339613238306237646566383232373432613336653762303934666231626432613933653966
31396436356166653261663330633036633963613433373436383433666632663231643935396262
65633266613261626234393934333837613033366338383839623231663366373231306337373336
65373132663964613334376332316466363032383536623239386164313532656530663266346162
35333063373137363536663761616133646162353139313364386235323537393462373562613962
38353630653436633030616664633462393039363665623362616663356234336266306261343230
62323864376334376161346437376536653532346265633066306536346439373834656465626661
32393837363161386435636538666265616365333366363834366634333239376463623736643163
36346135643937386566356362336566313165383630353634353133623137663332393261356462
65613564666666343163386663613262653161633165376165366465373532383736333165396662
33376133343332353839313139323363383134636331386239656661366536653434316362346235
36666439333661303266333934363332383235366165613561333239343233363065313538363334
36633530666230376532626466656432383436636636383035663838366331363362336139646664
33346230383939306161396263346661333165333866353635633233323934313435386563363363
31343765656336626335303636346366613265366138623331663735383739396338313337306538
36656337663033623330646538303436623466313233343330303262376433333833653865363634
39376438613531343332316466633465613439646631323061383230633564316331346137376665
61663962343134386438376137393031656563303634336566303635356238383936366133656361
39323834316432303232323833623738356462313537623739333539393331303463303336613235
33366132343435333832323864343137663361353839633239623738316261333366663630646134
61376431376637356664376465663136666461393934333161343461373634356532326165396430
30393933383063373963366562616439656535353565396635656432613163306239323036383263
31363237393730323466386238646165326530643131636436303262363432656135633633656435
36323861393531336534373364326262366465656433633163323233616230333263393835643230
63313039353566663463393334653939383937633539306435666636616339376164653737336531
62303430633532323266336633656437666163653561343566396565393533656637373064333833
36666430663862353837623662333236313463313937323732366535383664393261363765343837
33373037313531343337646134356466393964623935386430356239336565316166363730616532
36666631353439656138393162303764323737633966333665653634353433373434653439353865
36323536363431303361646363646463643336316530643961343034643230653635613133316437
34333036373039633937656562623631656363376661623536623438373839663066663730623933
62356132373637333534636532616337383931626431366539383466396562303733363537356331
38393765653638306537363264336233363134663462396530643262643965333432626437366633
38333135653464643832323263323139663063333433356465383039386561616661666338646131
35653730393030326431653432313135393132313061613664323433373331623265303230353163
31616630623936643732316135333838343131636565393234663033613163316138336436393262
63333963393537626230376562383237633736333337643063383632343236343633313336336338
37343638666534616164323638646539393166373736363566323161393463326233383832643266
39336639386230373166386638613935656163336538663030313738353735346262653437643762
63306166386662356265326637306139373532343666343239373130643537396438613465663466
36303435393033326563626665646665303831633266313364643534303366366266366439356166
63333262643637643165343632663666663739306230346336346364376161323461633163383865
62613036643063383237616433383830383932623931633337373436636461373362333962343432
38333236306330323566386661373961656338663561303833383136653363363737303966393937
30396138633363613964343832653830653066373334303836346535643633663334323738333535
66396234613530666431353963633638373238303037613566383562376665663138623263643161
37363235366332663038323638623262336331653066343635366162613037323061393865366466
38353466356366373362366630373535323733333930343061363363623439373063363261613237
62326531353736303432313136353732396336383436623861346134666132393265346632613361
36346361356332363966356465373962636435323939386661643934343466313430386162373132
32646336336662626338323334633462653861336262316633663731646365636266613664366165
64333233633534303434326638373866353661633330623261363366343363666562376331633735
39333464653031623865316436616366653263333938306335373062306563353138366663376564
37653161376332373234313761333261623665306436386362386566393566306537663934663465
32636634373966313536623430343335386666396536383838643931366664616435313266373338
32666134663132336466356463643938393137626439323863653135646430303265393462313066
34613430653135646330316535316439626331326662616237616539343262666431396335616665
30393039326661633737303734383538663261616462636437653464663333663235383761323831
30623435636662316662643537613632343138343435386161613866383031646261303635343431
38366265356338626431346230306635303837303833613365643638356363303533363837323462
32333232313130376132303235636432356432343339653635396530653236343636373261343661
39383239313137333065366137636137363930313932623030616336363463616464663833613534
63626165316433303333376566633463646464633063396637663631323038386461303962633465
30353230663132653035663837383832646239646539636361326165336131303631396539363935
38356130646463633238613734626261323032333264383631656465313361366663643636623238
37623038303739626235613365316162613065356538366531366662636132383265343764373661
63356137623365343337643937663933373164613866353765626364316338376136316439636461
39346132383165356638383638663938346363636364626566373962396562386539393762316131
39376264323463343238363432316163643935333430386333313633353434613561313736386337
66643532376465356462323032383237353562386162613465656234383938336439393763646133
36613766333032306464646431656566363464356161383162383639333139666237363163393033
31313265653766323563393937653862323639386639316465396334386163656663616464336431
62393830626632326663626461663530373163623430316332306138363433613463666462373162
32323066346365653162636430303937333865376166626434633165643633373237383264316164
62653931636630626635323434346336616530356333303735646232353461653539666361343439
39346564353761326163386466356461616439333061623034373831653534636466323438313662
35633239376232643830633139316531386164333034353266633232613136333364643033313264
38653935626530313238626462643462666164303861613266663166373539303432396337393934
31646232643538636432613763383335393739623832336633663733613938303461306234356566
65356438343865643166356464636333633634366430316664323430646431363532656561366431
30663531373638343936393164393137303335356661663835336638376666353039396565353164
30613462636663316138393363353631393362613638626535663435666330626161383464666533
64633335656237353239363633653530653862393837636366353731653033363365643039633463
61376431626461616664313737353538396562326566626461623930373861303161353434626634
30623631363132636566353437343964376535663461326662303330626562313738636163613131
37303731633966386434363736356634663165313163346335356362643336616435363261653937
65626536396533386262386563626366393930376437306333663165643034623461633936663264
37386365303730613965326138646132356234636661343765383030396561333965656162616566
63343637353265376631663266313766353135326465663561323761336663623538306265366564
38616563313636383630376638323239303666306238353861363863626134626434383864376265
36383832333031376665366232393338343838656562303866616664616362613765393234383130
62333065396639646239313832323365643935653235333935383464643736356162336332633363
34333330373833326432373665633634616532396434653630306163623762396338386162353931
39636531363833616234636565313132353164353930653465363831363634313135363430613035
39613438633665366264366265316538613239353036346231643234323837623335373432373730
62373061633361323362373233626564333135303436646363396661323130336565373630653732
37363730663737346234316530383532326537616131643234383030623366326336333733663062
35366630386233366333656463643531373937316463383462626662633963396662633338363166
65616438326132336438356666633938626365616361636465636433623664363933656337346161
38316462366536353966326637323663343533393061323463303231396664333061343064363964
37626336323863343761636561383333636162343935613832613662653865343061393033373039
62613064613135323637396633303964356136396535333638383165653532656363656362663034
38373139626365396165336562383363656431393336653130613531633032623036653365393037
64343532343537353866636430343162643562373438636666663234306437666266323763336230
38396565373161393832366630343063323637656433336431616532333161336562353138653764
66333433303539373831656632643166663136613263356266363037383737643836663565386634
30326334396632353131633533386461656166633066636235663566313035333337373961383161
34346331363738653265313763383137643363633361313963353961353333373837366235663666
37663163363833666461613562323039343361343163323131303365663634353536356365333264
32626162316665373436313632386636656439653562353238386436363830313731383337306464
35303135636335643764666465373637323034336566343431303030663565326162326231383464
66303330316266336662656234303234393136366665656130656131386139336139313630386432
38666364613837386565663733626363313665663865623165313834666466636261646236333732
38303366646537613663363362663461653363306130353862363732666363323261356662653763
36333938653763636561646464656566336335343465666562323066646330343037363563343434
63643032613932383637323036653864656166336630666430623835353332653731393662653136
34333339346636636537643765353235373737643636386663383362326561343831643661343439
37633364396166303533386235323234653737313430666435343039366235393537663033656634
34346533323562336264323436626435623637383161313737646561376161633439323661343662
37613238666464333563363230643631323666323330643235623330383462373265373933633531
61643634333133376539313166623762626139303865653665333330353765363934613038363530
38626665383732303336326237353365633164373238633732663933636662646531383435366238
63613538323539336362653835363939393037353066303330323365613135396630623132313433
63653161353035383335666436613463636133366433366666313732633965396236323533313963
33626633336163373436613034663333663762386263373438303662333031316138333861333132
65623239313634333035613833363263623834303639343538663262313232623263353165303963
61303137656465643234616234313734313663303537306265323265656634653136343537313433
64396566353363636434393938333566323238336562646632383137343638386564626663663733
63383765353965666633383934373135303134366661633164616337343639613261646661353461
63393933353238623961633230366538343233333632383834363237636261333764626531356265
38646335646234386532653038646438346437656637333739373137363861626462306461393239
63336532393638363061663337373463336539363730636332643838623133653931643433373136
31343335373662663865393863633433356163663139616563393365656662336161363938623265
66393731663234356665353636336465353464383066353663633736326464353034616366666265
33643530383133313436326166323138613866356361386632373862313632323735313733346231
39393831346463373534363565613361363661633666666631633731373935316561613030373130
31333539386361336661393537663066383962663139376266376433393762316161313661656332
30366265343435323132356233306231393265656464333237616534623331363335623132343366
66633463643830666536633738363036343932393036383162303261356139356633343363623739
36383330323962313937666131636364306461653763626433363831633562316335306630626236
34346536383037663835373761346139666336656465366362633138333631326331313830656563
31653765636239343561653137323032303634623362633564636262383665663436666234396436
62633765643637363434316536326338663463346661343762356233613163633631663038323033
63636665363766663163326663316331613232636238623330643234636239313035656565366132
63323434616537383633653763316237643032363038316533313766343530653335383935656134
36343033316136653738376233393834383561356462393765636639353333346465373539393462
36393638656130653037353765336332633030373536653135663138393463626335366562346366
37663737396237656232643630393566366365613839663830386631323664393138316234366262
64623337396636323163303638636635643061353530633764343831623536643163316230386338
31373831633232326336663763633165653265646239343838343838396535396631323535376163
35653262366432363363653966343665383139356435633462346263323966316235646639303336
36643039343035393965386661393761353335373434373931636365386430363764306339393436
64356636653934313135643865393737393238623730626533323266373039316535613538383165
64373337633362366231333932373633656231363331333335383564373337303864336431393938
63613637666664363735393365353663383862376531373433353237613861323339343465376331
36383038623134623835396532356537323063353934656435633631646138643633626232386433
34316538616238643735323864623934363732336238623965316535353934383430323036333235
34373938326534626535336433383066656335323430613735346365643130383932323333343931
66306233346366303664303266373735353264636433356564663935623563666663366135306535
39313361303365643764613064303063333436626561636432636333666638353161313734643865
33343734323064363634633430343339643262326565323133376635323463346135313861333232
39623935316136616239353264353663343431306239646161633439633839336239393430363438
36376335333633343838353763363635636136643037396539613638623938303164623634336537
34323630333635303937313334356633333636626265306636646437663664663936636437373030
34393731333335303663393135393861386130646234333061613034656233323032326530353730
33656366326666343230663561663033326337616330376636633963346533613839376439366664
63356232663866616362323065323364373663386462396530663537366332636634316434613765
61393865613965386331643339663735316165303761336232393837393034303361643466653237
31343334663133363562353135306334616236353961326335663766366162346565393262353031
62346565313935376239613865376431356432303437623038656234623836633463333331376366
31326235396166313031646164363231653662636463613164396266326239303435613463396361
63653639316538653662336236393432313531316663333633386262636562356531336338326466
62303737313765356566666433666464663065646338393930656439393163646532666331393239
37666263353534623465346463376439653665393530326539663331626134333637313461633365
38643035373665363032613830343630663765653037656534656131613333393763363736336630
63383163643765343735663934613230636363616535353761663861323230343564623434316132
35373063626365646332386535376466643932663336633062326136666565306330353031316463
30343030333664636635303638343864636333373662313330373138326330663135343538373932
31613364663130353263353465643264613534633061623363376361623336313463306662373132
33313561663637373139366233613738373336303533343530396238633832363538323530313435
37623162636362313366353563346334663764373137613638613036653531333733323932663532
33356630353666636138303461616434396139623838316130396138653638303334613962366334
37386563393461326436356638303462376536343464383338313234626531613962663731333562
65393266656565666139313465393836313037356338376161313337616663623232366163633134
66356662313065326364313130356331393233653336383936373530626465616237656332323833
66303331346538373063373132393639313765353766366464393037323333663830316134356435
33616538343764633861303531646161343734343939356166623337363331333032323133346332
32356236326634343931633536393865313633353735343434623262396331393162373733353630
30663365356631396436623833613537643830643363373533313832636266613435636166316264
38393464323263333339363338383233353061303239393263663262646531363535313562363831
63323633636430623337656335356635613339353534303663363066643332633637626538356662
64646561366531343836353662353365323363353132646531616430363937396333646139313564
32306362636665336337613063626166336336643536383935323436326534343161303664613661
37376262393465343631653639663339613238366136393437346230306539663231346633333836
36633361346132336230353239353337613863333837343836336539656330383263323037666364
39643133626139383632383433386133613563643633356665663032343161333361633034356236
64333031663130656633363436393136343539376239383834633330646433336633636239393166
36346563623038616539373330363461323865666365383936313333333932326632393665376565
66353433373666353533636563343633316563333163333537316638376463656366623831616436
65303135663364383237363632663562373563393735643631353336316632373231326431343637
65346535303563656666353066306330396134343535663966303965343232316339393933363731
36356235633864393032393138643538313835323730306462333564666166663335636463333766
63643439393962373063316531326631346564643132373937666335363166353435366339623438
39353464346538646436306665653538636265616533356163366631623162386531643265366266
66383239373836336664376431393765383462623334386634656338393330383264383037643032
34396661353834346133306430333163623636363736663131303664373033353161336138363637
31313663373534613531376231373737323739343435393530373966303232646364323831646461
35656635636364313231343231396262373530653831663737333036313634366262303338323165
36633233396161653339383162633036663735653439323138306666376135653162336339636438
31636236303537346137376266366532613338653038653861356139323335653866303966316634
31383538633930303939623535373131623631373266613762313438323437336666343564653164
66643430303762646563386363356636366439396261326637306137653531333730373030646434
66383931643961613136613739343066333035623731363632306338393939626562336633363332
35613261303530653964363032653837323536373137656665646365626635636437653266316433
33336539303761306635383363373733613463643436353730313563373765363261366263366634
30376237653865366366396266306566383063356566653963646362646339626238313834353733
66323439373862353964393633316264633635323039393631333237356261393062633161646663
63343763373836613036396666376262363165636337646337313032373437333561303933616566
63393631343130396261633231643330396335373963646563393964376439336362306634636563
38313864363361303533313738633139643663363166633632376638326535356264363832386436
66326366636434343530646137346235373636323330633032326137653364643634366239626664
61323130613966343966623564346464643066613933626565323036653861306538303733313664
34616339663364383735656639303562303536616334346362613739626132336635326364373935
66386335646438623533383538636435356231616534643930646461616261306265343563633262
37396436373830303638623032623863393731336566356165326430626461343231343538656338
66613530386165343033346163353863326333393333356564386636396232623961363037333937
30386666656235373664313665633530366434366466323735336630383438343331393763656434
66653133356465353939366538316662326262333863373233396135323464363763313735623665
37356237636365396266653766326535396162653165326362363134316263313462323933313763
35333933313331613938323130623965633932346134356262313930333563656136316336653438
39393766353338323035306534646539613039333764636437613534623265333832333231366366
61396130623231666632623363626430666636373234303030396439333665343165313032636135
36336338323438313134333965306662333363613734336337393661626632343239333364666534
33313366633036386563306538633762643866633739393535663630303663343038666666383666
61376139393065316166613032343063643037323363646165343663646635343736366164616537
36613336663461316531653136633639363832376464666563323264663664383763366635316431
39393736306163323830643163613762373134303664653765356532663637383834386535336231
30353532346239333433386537396462626634306639643863613365636433626561656539353662
64366333633938643464636231313130303035393439366638386139373537386433373334306636
34613838623732346266333463346161666631336366656532386463333539346137613463386330
39363662333466396563623162313837346563623166343865373734666137386664376633306439
38386363313931393366633937356133323430653138323238663236363235643831653835363966
37326264363361653837323665646436316464333563383538393661626665356261666631383733
32356362323137636362323131316634653733356333316336353063636463373139613338353237
32346466343232366338616561643163613337356238326237663866396561303335656538366561
61346166323962353435656265613038656131303539346132646139386339653437346461616663
61643634646434343131656139336532653433316333626661613161613762336438343861383331
65353238626436343636663666636333396463636538303664393137643033363461373363383738
32613434333239376439323666626363613937373739393130363166353664363436386435323661
37363438353966653833326132646565613734336234396662663566396561366334376231353830
65393465393539333162383332663230323437323930623762636239383431333433353862303335
64633463663239363230386438393965663636333735626532373031393637626665363265653962
38633231613037306130336162343939616266623430343536663038656238356435643230356563
34346631376464326264663764356363626431313961303230396432653332303863393761386164
33396237643461346437653432376135646562613139636530386132396537343235383634666135
65383565643739666536373737616133313163393362393762656635663334373532623965393835
65396233346237343832336665366465643834333837373834313963333332323734323130666463
61663437633836353664626336363639656362343533343538613031373032343762636435303632
37373435623633376262643336316431613830393266393363343332636439393938333433633362
61323133633539636630656631613336393136306661363738346339633534613837303735396138
33346137356134303362343863643264323565306561326438336235616432363232373235653565
30316262653765363534336131656262376365663738643631346630353164646438363935616563
33316338643238653265376363656533383262613061343965373862366439646534383866663331
65376435366539396439653632316361636335323661306262386232353733373762663633396638
64333661393438663938613631343565333437623963313032346134393738653434383561643066
39663331613864656434626166366530363534353037623134333930383930383630626664346634
64623034623335343061646239363163396461306331653539393163393537623233393230636439
34643936303764393564363263373934363866343062623733313435643761303465393232613266
33316561386238306334303565333435303539353230636563343162333661353464386632666635
32616631306334633736346166623437646430383761346638616635363034306535336665613163
62353761383639356337653262323339363866616635623734343232626533393638353461336333
37333962313031346332393832366435383533393066656637646338386430633335346464353863
66353066643561613935613331666261396165646332356130343438336664623132636536306539
35343630336464313638643332363462623138323933646231383963353135653866373061366462
63373164386530373938393066343331303662333266666133636464313063633233393665623835
66306634623238616438613835386338653935323762653936666130653637396435346532373866
65303337376562303364313365343733343739663937313333356561373764636435663934653338
32333737626639306262623935303563303438383430306236666661643031306230383262373032
34383065303037393137363235653038626566653930353733396461333339666230666532303162
32616234613739616265653665313232323236666266613965346136663134373437633463323362
61373761326635313862643831643363616465653333306465336530623135663639343565383064
32383231663735323739353937333165333031383039323438343964633832333234333332366661
62323935383338626131316334643933666666636263383837323637356631376134643266336331
35326163646639616362633236353261653466323363393864653138656534383631366133333138
62383435636365633530313936366462373136623262336439373962623465336637336161653561
64396561336233326232656538363936656637326438313866353537313435653062393662363638
38626138636239396665343435363939393962343035386338653166636366653433323266343533
36366564353037313766316639376663363538343264333266323064313234646662366438633732
62323934373039613338353330373235346461393463663832643366303461363738303632623336
64666362613736653635616266613333333439653235393464383462623661666631336332386663
63613435353865393166366430653464316439643363643030336164613064346265393136626263
33326133353631346237353962633539383439346531613035616239656665336463366366386237
35333231373061323234326337353461323236356636343332616563343663666165306139363163
61366465333734386137623739303832366465343064626131373431326561643464646633313835
62383464336165653861346462393332393133373465323062383063633339383831383764666232
66306566666431613631636366373266346466326139303539363737643662643931323739356230
33623331666638346539396137383532633035373761346336393933333966356633383533333463
65316231353838623138656338626230346163633432376238396433386134353963396538383962
37633438666262386539346633666334323966353133653534336333316464366163346537313133
34366133393834636565646665633566646337373063313532373035393236626430623332656261
64323763616463313231333934636664666139373436353239643032313835373633666634626635
34633431633233646534386261666632306430356336666632656362383332636463363730336234
35383031663232626562626464323665633634623664363032333932333832636164663561313965
64326639643038613633303834353863663333326536613036663434356239633662663933376635
36303131326430623666366363393132393662396231653337323133333161623338373561663632
62636266316664643333626637386535313130376336636630393363313831333566653562353939
32626337626531353435646462313161663033663263393436613266383662373539666465366637
35613862636538633432353330313536356265313964303133623639653938396462616263383731
36346536613536633038326363306465396266303333356262386130656234333631663738363439
61613033306233343931373262303339333432336331366237373164363363353838626263373865
37623966343864313836363437323530633461643831383238316132323032306336343833663861
32663363626330313862366261626463366365666335643532303436336130373061373737346261
61313937383762633463623337313562383039313165643436336465353261346639346466336163
31313037306264663462316535623333376264643662373634353335303766346233313738323964
62366439393066336136373437663666353765623663376261623730323639363732626264376563
37656162666265303335363231626364623630373664356330653132316461376231623033653565
32386138303264346430373838373764613835363161666362616630353264393632646432323639
34366264636266633832623037353364666336656561323661333061623131356237363362393030
39336134346564313263396333636366666538643961623835656638323439386539653237383630
35656365633363386461383038383931633166373266663864636133323536326561643335393938
32363438656630646134306237393233376634613263303762383034616137333833373337343330
63323062303562343836613939326230363835663636643531616530396636363438653762643566
61623034396665373437363631393566363638393462643337643733653034623536653462393861
33616235316666646563623139636336363661356433663132316134346131613931623630366431
39616162333965363264336662303664333638646631323633326432626434396636376338303163
37373436656239346539383134643638623738373835323335363034393434653335313461306365
32653037626162326135346437633039613334373430633662343231336335326663313362393839
3661

59
ansible/host_vars/host.nc.chaoswg.org/wireguard-peers.yaml
View File

@ -1,59 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
32353562343735616233303364363161306331663637303632363534333933653164363238623164
6461653239666330336666356462656232663033366666370a633938353466313937376361633537
36653764393235393135393638383661613732396162303633376361616430386334626535393935
3534363530343635630a333531313565646639663135396535343736353932373334623837396134
66383633303533646537616364346137623265616137616266373939393163623537373635343763
37326232363530323561336562386465623135626661636139653837343334666230616561323966
33623864386436326437323737666365663637353761663433383439393238623030393865623633
34323031643739613765386261333533653462383432313532643065313063333563386666393165
35366565363561366239363733386436303763626362373632353964303361313132353030346366
31333834306631643563653366613038396133356630316536613537376639626362616163666363
65616538623233626631393362626638396661653337373433373839353066343164646230303464
31373061616132643665373334376535313562353732663065303966343638356330353738653038
37623634373563306664323765653365316131316261333438623332363830336662383030646666
64326133633339316462323563623939306163353665613964393335323439626336353762363265
66663133373033323734303230396463623230663162363438653065303462323339313930386331
32626431313337623737353532386435376262613632353439656265333964633365323335613338
64316534613963626339663336303766393066636562323233323837383330633639666634646466
39333738313234383761636234336439323164376637653032316237613239336165373962353931
65623662613030653335336433396665353466316561333039383937323065383162613635386264
38623333386631343938383064323136616435643062356130376364643832393335313662353861
38623866363639353765663265366266346330633363396139626639373437306463653331663337
66306435663165366463623831663663623137373463316664666463616663623432323134333164
36396463326664333832336531376638633832363431383032633738643435323732316561313139
66303166363662376566393261363064356131313630303861363138613835366331363932356130
64383131373435323062626138393766303134653836353939613230623232346236656331323435
66363030303334373633363063653033306663343234646533333164343534666635336432306334
66376137353064373865636663303532303836616138313536373239373462613438623334336566
39643531366332306162346536313139393037643063383532306566356165396636393436626664
35383962636339316434663062396262613862363533623534623236633363646265323633393533
63656231616437656436336261616464363565356666653131336433343162323432653237663764
61343736333737376535663230616530303631663064323036643963386430316630333861376564
36373435313532356462353339633839653161393862356636353262666366343764623066616264
64643730346236333236303735626164326662376432613534353331316261343332373062363838
37376365383336666633353833316137383036323736393437373763663465663330666265303933
30326661343162306639346439386666303363343633633532666634383537376131333234633062
34376635346231343162393866326338656333643233366331343430373038326237613635646561
65316632343837646332633166333537646539376362346632653164323735623732303365663334
35393933316461363663633434373565323131616435313331306232653663343235663531373935
63343064393865396161653832626133343638623739343837346239366637383363393035316332
65356161636461343366356236643531373066623331313132326232343864393861326162333133
33646466376463346136623064373066393536376134353132626366363034323336346561636565
61303363383563653433376464363238336339346430306330656131653164663632656338353636
35376132393665663631613464313237333466303663373762373136363737313239393838326261
66666363363338646435326163363134646639616539386665303735623864313633623634303632
33656166653264636436373637373835653636343364386234336133353432643639663261663263
37633938313265363238633733353734393735613232613634336334316530626638633233616463
33393036366664313162323037343665363765346535666561653034636131326337323637366365
35626233323338663165373737316133623365623431356566393635376163646365356338636536
63653635373066323532313133336538666661326333626632386165323836643138373939646237
30636333663165306233303239333837313638666336613437336161346165316234393836306239
66316336333632313961343662393762613063616163663066313938303761356666623038663732
66393337386166306133663939333730396362306639636534663731303461343864343365333663
62366231613935306638343936313265643935376135313235303161373665353033363636373430
63643634316162636331386538323165306161383736373239366138323537393261393330376166
64616137656434666432323536396636343739383065393162653638366634326630343134343539
33656434383032623430383632323530356439623132393062623463396636653336636435313262
34656139373838336635636562333063613464383431313737643436333736393530393237373838
6137343965336430346665333437363937343762316539316631

4
ansible/host_vars/infra.unruhig.eu/main.yaml
View File

@ -1,4 +0,0 @@
ssh:
authorized_keys:
- ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD/pWrMOC24gEe75cvMUiOxLN1yixAyhd9uhKw2/tGn0MsqeVtiNtbHqb0vVFUPISDqKK5SxGsqYkikyTAfZSKI= infra.unruhig.eu_22

21
ansible/host_vars/infra.unruhig.eu/metrics.yaml
View File

@ -1,21 +0,0 @@
metrics:
additional_scrape_rules:
- job_name: minio-job
bearer_token: "{{ prometheus.scrape.s3.bearer_token }}"
metrics_path: /minio/v2/metrics/cluster
scheme: https
static_configs:
- targets: [s3.tobiasmanske.de]
- job_name: drone-job
bearer_token: "{{ prometheus.scrape.drone.bearer_token }}"
scheme: https
static_configs:
- targets: [drone.tobiasmanske.de]
- job_name: 'uptime-kuma-job'
scrape_interval: 30s
scheme: https
static_configs:
- targets: [status.tobiasmanske.de]
basic_auth:
username: "{{ prometheus.scrape.kuma.user }}"
password: "{{ prometheus.scrape.kuma.password }}"

85
ansible/host_vars/infra.unruhig.eu/vault.yaml
View File

@ -1,85 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
37646239383161613330383037643836616464613635376538333738646164653535343365646637
3265333661656565653135653837666462623364346665310a653033613838643633313062343334
39343866623636386235343731643637656332306132303065393231643935643234306630343833
6562626632333534630a306661353739336266336661646132333862663231306135353564323762
62613433653737356564323538626666656434613966346631613934396238626531616631383433
39326532316439663632333331613135316134353531646362653432333734313534343037663433
39333566336265356532396434623836366166363961346439373635363334636133643831373132
64353939313135343338386638633136333931353839316236346634616430383263366137663565
36303733306163363332613964343162613337386263613032663539623430666639323062646565
61646463393338383934663665363837626532326630383930353236613161356230346162393031
39643531663565633666333032306235323038363234346264656239336535393539306439643833
33363035393864616664363463656361366365316230663031383037376139623039303361313131
34386361393930373430323961303039653561323430356139393434643763346563306266623366
36333265643738656362616363333638396139373137383366303263613031383237353435326562
34633839316335613766306134343333373032353635383964663336656134646634613164366465
66326533613363383337616437666333376133386231326336653934663233613333343464306238
30386338303730383836663262373239656438313361373331343364623231356134643631323565
31336464333838356265323938623133636536313736376136663330346630663837613937336436
33386639383465363333343566646337633236393130326439323536393830323331393862616361
36346162363166646537666666383464633165373263326532623061613065373030313439623039
30646632333964323330396464383535303261613237353535613438336163323235333534313434
31346233346335336230653337363337653763643535373532396362316131653665386539636432
30663735616136316639633333303732336239393435653239336133383362613061306537623063
31653634653233346634353136653763333833613337633530363338643336666463373465306434
66363939313434333364323931663766393564353663666262363037323761653339316637386532
39663538333664663139663262376137623765373931393833313130626135366436396636303062
36623362343432633462373733373235353034373335356534653965393131613831636237666163
65653463633961386266313534343833666136366235343639636561393534373830393434353363
31363536616664373935346331633335643536313432346133356637363566633564633963313639
62326439643333663362633739343465316431616234663233353066623861653165343461663830
37316464653138386135656662663465333932306263396235626434356666373762356264336534
66303664383630333064383363313864346234643639623037363437306638363937636162633362
30313263376262636164363064626538386161653964663130326134636166633735633966386332
61643566373233326362323034366537623830353463306363643866636439616430306362363863
35306530666266623734653235313835323536343837396631393134343835303464393335653639
39613530326562323764646662643439383639353661666231336433326564663463323638666639
63333434353364656264303361636234623266326364346230613033343433376639356537643530
30373631663165623035396139346165306335663263636434626336316265356535393034633832
35653264313331396434636131396531613833643331643235306130373132643636376638663432
32646539316138313234613536653538373638623330316236356431346461663034343932386536
32383334633238373465636164653766323132386337653861396362353937353963636136373136
66316331323132616337393438363636653561393432663238363764633938623531616538613865
61346563643966623362366131313635656336326363346231373636323930623563646137303861
39393064393965643638653462343631613466616366663232353864373236316438626135643537
64363862393839356664336632623765656264366630383836323233333836626637653461386163
66393263346539356363643566323366343631393139613864383764656465613033633038333661
64336636383737313163306363333634633966356439333432636635393064306231663533646139
65343637616532323366326239356263343432626238366333316238633366663734386332613631
63336466326163663338393363626635306436653166363239393263333731366261313963383466
38626665356463633439653932303033386464363862393439376635393961323530333566663263
65613333303036303764636131323630303737336561373733663930323863393566313665613231
32613962313935323432626230613334363163623836383135653931346132363538383632633031
31346566383364333062646334346433336235623636326436343230666537383635383332613963
63393366646266356130653339623439326230366234306235643332383261633739353039333039
35336165383061303863623031313033623865346366366235363262326266383033613961373933
33623832383934386563653662363461303939363533336561623430643865656232353731633263
33656432386165326566656432663665633461306365633164303061373264383532626361666437
62643533323136326539653263393663303365666532663262636165646561383333376336383332
30653161313336393033363061343633346230393337393966343134323436623537383532346361
61623661653132633234626631363430333837656633396365613834616635626139383731323837
38346533353061363766633634346231373339656463376634366533643861343161633435633138
39356165386635326535626161303462303939383461313834396333633565353634643362343539
64653530303663663032353138383934373837306437643962333339363366353966333437383932
30363934346638356565306365386335336530616532306465373163353562363235623937333832
62663963306663306462373838636436366661333565303736393731636562663332326363656636
39353161616134623433646539366664363935313866383163316665646236666237393762393563
62633062646536633437666362363531646234326666386561613863633934663462643634333362
65336431623836323334393934613133653262626134373838356238373031613737613965613761
34643539373230396362633761626339356362613730383831316565393030623930616364313430
35653935616662306130633263356165336130336363366532393735343137643831636462616334
65343437396566346263346463326361303862623164346365346132633936303230323838303361
62303663363834633635626331343531373639613763363537333539653631636462616437656135
34333633633565306663666338646339326564663936373963353465313065633434613435376261
30313963336664313465323036643035386463646561373235646134303930333961393639353639
35376135363235623730663932313337366564346636333464623234346237346162356262333764
62626563393261373838353663343430663763383365303766343665333231343861373534383739
37353437383966376664383438323430316237626232376134656134346362316335396331346531
63343933396636393332303636613133396162643132643765646664373438653732316633366338
65653963333633303963623362353739313635663266643236666334323262616531356165363330
66633131343461623231663832643138663563326264313036306438613837336333656361373166
62666261626430393830396636376434376233636639666432316165346237383261626530623539
63353530643065373734613664333239636433343262366637376130373130663766656563643931
38393334343836386533643839643232386165636566646434616662336334366263633835376564
38626339383631336638

3
ansible/host_vars/mon1.hel1.chaoswg.org/main.yaml
View File

@ -1,3 +0,0 @@
ssh:
authorized_keys:
- ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKMeX2lqjaVHJicNohQLi64Bk6Oo9PMm6UaoULL7G+sMGsZthWryjoIB9hwgBJPbhDXBpO3rNn6wwWumAUXWEsE= mon1.hel1.chaoswg.org_22

24
ansible/host_vars/mon1.hel1.chaoswg.org/vault.yaml
View File

@ -1,24 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
32366236633933396537643061353531643566663930626366343333643234653363653336613138
6563306263656136333235353164383562323237613763650a393734356261393330306539373562
62633332643737333137316433316363333338666538303636636461626161303638383465646565
3564643732376137640a386131646339326633333633366162613064646432636630393035373562
33373537653866333661633634356361663366336236313932636630623539316130356431303530
38636534616264366235316638346437356162303331303763306437363438663632353730653236
30333065306261383664636563336631383263376135356663363633626130326265336261316632
31393635613264386463306265303137366330656339386363393061356434393162336237373737
38626331336138313636333363653264376463326238383335613964333438303835353239303135
38343837613562316463313366363931373134306635356465313532623663613666353935336234
30323063633664653835356138313363333736323265396434313632333832316163303063373465
63376136643337666166633732656532333235366636633739653665336637363436333433636164
34623539353839376232363564336633666433353262366637623930663865623966343762643530
37346433376662613966633436663833643065646632373135363663396564626136343635613333
61633739646230633630373364343232646533653239346632663130353833343464633862343136
30623337633766383530383333626331333839363532363734613333333763636264313539383939
34323438373530653235666235633037393965353738373365633566313830623761663265363337
34343030373065393765333038343865626161373134623837643037306230306435313834636634
30323033343236396234386338623930353065346134343564653439306535313934616135346533
37353363323732326333616165636331396234646564303738343265366465336563383333626432
37623165663435313033383665353030363031373833653266356638353734313536626366373863
61393937623165613563366138393533666166663266323864626537363066666338363261336265
393938326530663531363535333061666332

4
ansible/host_vars/thonkpad.ka.chaoswg.org/main.yaml
View File

@ -1,4 +0,0 @@
ssh:
authorized_keys:
- ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKmN5g3jN6tsA8qcEaLTPzFp5c/p65wjAo31nUO5TtT7TDUDCvU68yi11HuZc9mhK7v3e2ZgCEnua/0g8lCyCoE= 192.168.0.73_22

2
ansible/host_vars/thonkpad.ka.chaoswg.org/override.yaml
View File

@ -1,2 +0,0 @@
---
heartbeat_timer_interval: 60

42
ansible/host_vars/thonkpad.ka.chaoswg.org/vault.yaml
View File

@ -1,42 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
30343065306563343765353231366539356463646634363230643639616338663138376666343962
6164333837646563356334613035383365636337393362350a343334643838303562363932336263
33363432393565623631356331343063333332663937343639343739666130646262623364353237
6366346434366236370a393063356266333430326362643932303130633635363732623361323736
63386266333362653530333262383064366462313938646362386338643661343165363839636536
62613561363637346538323062643664303932666566393537616539353730306164623535313636
32656230663861363635633839643731326363393838636263313665313466313833363638346566
33386566346564363963363166326564613366393531366135633430616634323261386263376565
63663962653039623434643136393564336631613433613433636632623938306365376639326338
38393465393764666636373430323736303235363238393038353632646365373536313566333238
32616631666263353132333439653334643737336633663164356337363732366534366537343532
30383531303663656263353461343166616139306634396432653032313366356265326664666339
39393432343734336565303034636435623336646639373438363363613538643435653230326630
32393362376164646335613166643632323861313834386630613932666166303438346461646564
37646362316662373231666332666530353537376239633664316561363332313565633361393464
65623635623166613430396638613061613737303739343266643663626134303361633561376135
32336339356462353864646664633632306338353230663532303963636238636266383137393063
37663064666539653362376662356265626630636230393230306565313264663961653135363238
39623436646138656565383662653037623835333631323836343262353830323764663266396634
62636536653833653932613661373438356138643334363034656339626365613761333764333732
34303538313134666238663732393933613537383661636463336538393035626438323039353661
36663939303366386136643335356131643032313934363361373563313965383734613632373631
38333961613838313863333436356263363432326366353266623266616561323666383931343362
32616265643133653532383732393739343366366532343461636338333463336466363331303931
30373833363037643637343662313737383565363164323235306335303938363937626466643066
62336261373865383234626463333535383662306330306663353438343061383761393165306231
33303434303734623564616331646166376432343035393231306136343762653038656434653436
66626639616139666133373063626237616133626334326530636162333930336539613336316330
62653964353633376164646664376234336535633765616634663266636464393464653435393538
34363865363338616336363561306461363532363131366534663366353463383134666239393230
65653864643562333962323832363732616434343736376561643361666138343330653337313266
31363339356536313832383162643035663538656463373133346265353437323634346539383933
64613539333566333262656566643935323138393266656361316131623566663164333138656437
34363830356431666531343938643934373562643232653239373837363336633030666631656361
36393765333463643365663938636134666664653763663264613032386135356266636236623035
64326239343730326639363133653666643534326362303339373733643164623634613633613138
61313130613434336463363739623430626638323939306462316235663963313233633833313734
66333461613766343130393539613332353131643730623466623365643237653865363262333734
64623164663366326538386331343162336433393466386133323537623536636461613732323734
39613639306562326366336634376263633062386163333964396532326666643539613739313365
31343132313837646235313764396130653764623838396635626462626531303732

15
ansible/host_vars/thonkpad.ka.chaoswg.org/wireguard-peers.yaml
View File

@ -1,15 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
32643663326666316663626638303839353966356532333066313561656234393139656333346438
3961633439383530323266323933303866656362306363630a333034666135303430363435656231
30353630643162326664383232613161376137653638396363343735306336656432623766386638
3832333632353536320a383365363037343161623364303837666238306336376463346236396566
34323666383935363737656632666532383435626132313534393437383162663232623534336664
64383839656561333064346536376561333666356535366232383636663665666464336462636161
32363964613332353735336164646363643430656330653635616663656263353837313232633838
36666165613530653832313538306434643862313161663662323434343236306666656634393261
31303039343363323638333434383765633362353365666264646564323436386335663435363635
35336162346635333062613639663434666339343662656465326439656533646262396436326631
66303539363365323133336633373431353065613935616638343831326435623832616136313731
30663863656465396139303931366565326362303036303761326132383164393361623664386566
35316335383036393539386663343638366262666139373232636561383135333963313365386566
6162666432623037666433636663643262316264323061363961

61
ansible/inventory.yaml
View File

@ -1,61 +0,0 @@
---
all:
hosts:
host.nc.chaoswg.org:
ansible_user: core
network_interface: ens3
network_ipv6_addr: "2a03:4000:4f:9f2::1"
wg_addr: 10.1.0.1
mon1.hel1.chaoswg.org:
ansible_user: core
network_interface: ens3
network_ipv6_addr: "2a03:4000:65:f3b::1"
wg_addr: 10.1.0.2
thonkpad.ka.chaoswg.org:
ansible_user: core
network_interface: ens3
wg_addr: 10.1.0.3
infra.unruhig.eu:
ansible_user: core
network_interface: ens3
network_ipv6_addr: "2a03:4000:9:176::1"
wg_addr: 10.1.0.4
filehost.unruhig.eu:
ansible_user: core
network_interface: ens3
network_ipv6_addr: "2a03:4000:56:e17::1"
wg_addr: 10.1.0.5
# localhost:
# ansible_interpreter_python: ./ENV/bin/python
# ansible_connection: local
vars:
service_base: "{{ playbook_dir }}/services"
wg_keepalive: 30
ansible_ssh_extra_args: "-o UserKnownHostsFile=./known_hosts"
ansible_ssh_private_key_file: "{{ lookup('ansible.builtin.env', 'SSH_KEY_' ~ inventory_hostname | mandatory | regex_replace('[^A-Za-z0-9]', '_')) }}"
children:
unprovisioned:
hosts:
# host.nc.chaoswg.org: null
prometheus:
hosts:
host.nc.chaoswg.org: null
thonkpad.ka.chaoswg.org: null
infra.unruhig.eu: null
filehost.unruhig.eu: null
mon1.hel1.chaoswg.org: null
backup:
hosts:
host.nc.chaoswg.org: null
thonkpad.ka.chaoswg.org: null
mon1.hel1.chaoswg.org: null
infra.unruhig.eu: null
monitoring:
hosts:
mon1.hel1.chaoswg.org: null
network_config:
hosts:
host.nc.chaoswg.org: null
mon1.hel1.chaoswg.org: null
infra.unruhig.eu: null
filehost.unruhig.eu: null

15
ansible/known_hosts
View File

@ -1,15 +0,0 @@
filehost.unruhig.eu ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNxa8vbJ70oM2PlEKegPu3/SUO7oXz2lM6PvR74Ad+RYjjAQZr/j3WMpeDn15ugexlYmYoHgxgeT0xA6E/ZAM/0=
filehost.unruhig.eu ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvXX75sXWRgslMW/Ufq0t0OJQnTFiWPL4yBUBdGIU9k
filehost.unruhig.eu ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXlm4q3UBK2ChZCujrc9nv45tnntj6E+80UOOzZ6EEFWeUkJ0R+o4z4bnLsWBfFxfwgMDUvFCUCuS7R7xo2pE6vlRhPeD6eTitqNmRMfgmMZLJCdWD5eechg2FNSIht+wB61KEwMBuARXX45nmvIknWiRBK0qAGMLgy46hAx60hf/2uzSuyF6cxQdRqH7TNKZ/06aC7fCo9MCvHbiWvOSKbRx+jYSw8L27DW8WbPTqTGhywidij3nQEjwCFof/IN/hdp7NLpF/8qAoxW9iLWHh7ghESSwHxDF+QC1NjyA1g9QvyX+4p/hzR71wvQ2OVT/R9qx45jJiEi4dVQtsPGbcMzY9gQNbzyzl898cvnp2OuS50kGxuJZaJLMOj2UClbpW+lTrrkKvBZKkAF85v+C6Xcx/waY01eH0PaDBpoo40Y+vS9nWLmnKcvz5iDC6DVL8gUyDxuQj6/qMQuVsr5GL7GnvqIF/jjz6rNqES5Lr88c18ZyWeaupAHNnSgxaGV8=
host.nc.chaoswg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE+xbsYUu5fNjUZuJMER9VMx7aPCPCVcZvBpnNjxySRrkUSOgLV6n2IYj+aTfrxT3sCJFzkXzNS8R25Fyqw53WE=
host.nc.chaoswg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfZWpJz8JiM6F5zXcUg9K7OsCx0UbrK4z9sijpmUn3F
host.nc.chaoswg.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiVZ57grUnL7JNyUTlU2LVVCS5cfC4dasBGvdQDlN36VNGxo3HDzu9ppichlXUO2KNT5J86sgh6o9KeAmu/mqIasNm2JQC+FIRc1xKQU1xufLVHm9LZqUfk18olHm8tTIxE3yOpcPYJRRlBe+l66OYary9huJfQZPvHik5umQ4fWg+l1VBd8p6IMOQHNA8AyGlb/VKg79c1Qk9fxzKxqkSAc0LCIwrNPSQNF8BzjiBXaw1AuHwvPDmMFjb3cFv4I8GwNSH/A1xRHXg2ymqE818A9eXim/RHDHNiyEf7HPC0kuT95x5ii9pd8WRqa5GXULSHMz1vajAMtgfnGawz8pvY+MnfOFqF2i5WLcaPSqK9IdFst6lFp2ThBCAijW2Wa8o8gQeazr3twhC9Dd5C3+HkNq2MpEYM8ck0yZUFhAkRPUc3laX+8y9KsiqDMbfg1aErEbrezlSb6h19oWVAhFy+d8xVUX53a/9C9uF3P8hFwy4o76lTHVwmB8rTD8DXT8=
infra.unruhig.eu ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGpspDDbmZt71/g8R4K+jn3A4n7z+8lO3unv8Pm8xLKhr3mDD0MErbRrP/ucYtsBRauMc+IOmBsDtM2Ayp/0zio=
infra.unruhig.eu ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dLUAnoazcq9Tl2zeLP0Ed8QlMs6226raruQhP/0y8
infra.unruhig.eu ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0cOVaDYrycZ89VpBoysO2f5ihYGpz4Fxw2tpOSW16JztwGA7mksI9sSJUus69RtsFwgzxW9XNfKA1V63yVc5lE2f8PJg4zTTLtHRJk6V6mjWgIKQV6Ro9lxVW1g+bxVnRmkC2JC7OPE/k4qQcVKF7JMsCD8oG6uV4ghGaisDBifmixyGAwtsJ+Ev9M92HvWLvRRVLgMXozLgWfJUZJvz4p/xgKqrfS1WmjCRRqQT+FeI3BqWoA6l1jgY5xa/qeie5SYEClEp3K30wfI9bLBCSZiKYOHBnhrWtPcNw8z0G2pdLIbWpH6nM78nZ60UiK5yHjbR4XcxDxaZ695SKolyOjDazkt8yjuLM2kz//C+Tj/+1/rrUkEn8bT6zdJmmFzz++d+o6sYAPczcsmc40rs9+DHp7lFcgv7/RSVryXkdK71plhb4Uj/xpf2VlriiUe8+FzxMHu8NH5B3NlZAKLyhEQVPIHxsY0/7MjKdF2igGNgJZ7UA8BNYfTZ+9+Wx7cs=
mon1.hel1.chaoswg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFGUIZFzyXd6QAA4Xn+SikYIdfZ+c2R4aFXCY6/Gh2oZGjpq4xtHLw7AFyadnC1UGVNNINNJY1FLfgbavIkeh6M=
mon1.hel1.chaoswg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsSgW6MyvR0YJWn61UZLG8hgj/ewvlRqiHIZDAkYDtV
mon1.hel1.chaoswg.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCl6bzWEhtuyKLLOUjRv0mxkmzpnjGzzdkc2DFZU+ueiMG4cTxCpwO5cXOST8RXC5WU49HtEpW0ZX4oCWxdEKhFeUXpij1Ins9Hvx31nHMot7sTLa745QcR0feQGYFl9DXfK1OADvstzWBL4n/UO70psK2Ir6aoBV1CM18w2Gk+DVSh5coLsMRczPczzG08ALIvhWa/1l3ObX7tULjs2y5Pf0F6Ukns8wcfxarUfUihdgnRwHdyc4yxaLHBvizAs3bl1G7zXdOh4SMOjw219J1ORbO/+n9fTSwhs78jU0IQCSZgI86Tp+EaLk+6RmA9SIGhI0+s3qk6UfwqMFM6VPxbiCUMbUeAhGcOo8UD3PMlLeTHWBwADHl2ee/mUmXBUh6Smyr9YlpbSCfcTNgXX2enkByidIgy+tEhJzaTub9vFRt8q0nj7fEimqQ63NecMzMZXPTGxnCma5Y3/TSLeBPE1aUNLGea6MFwUevCamdn9qB/KTAmMoyRTRR8pREsdfs=
thonkpad.ka.chaoswg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDq68XLq1mlFsHDfa1mlpNJZ83wCR3ZO5C/fkNe+kVwG9apKmGdCaAWZs9n1MKe08maSLf5Dx01B+m79+l9KrKQ=
thonkpad.ka.chaoswg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY8bK8R5aUnXr/8vxZ6NSznTNGcTu4iQJJo5GYVXflR
thonkpad.ka.chaoswg.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8b0SqPTmmJYJEcGYMjeeyEZlEjjQTIj+XKZ3Sonbb6xT32SedabIJ8k+xw+yeRjDOhBnx1wl7KrfBhZqZ18qGbB3214d7QmgylWpC5KkQV89ow0c24JI2zSLfC3kMYbGvSSwch+ql8rLUBXGRczzMYuh9kWrXhkK9vF7821/pxBSsO4XD/9fZwEa/VfpakuFJUU0bmFGgi/OmlHf80U08B0LHlg/IYdM+3JemwWbx1swx7ylXwDUWGjyK5mxYR2SEBbwnHuCoanj8SW9xwPLfUOT9t5+IADtFya7J3o0cDAk+6ZjJOZcdtmY6WO1hR/K82aFnecAV4mjr8+fx/GpnbGCt8Jpv88bdhG7LWxzKESrZDbQDiZ2z4itkkq5fbOGeXeUrFuff8Vva/VtsUoLPToS6bctgVqZ2slbI+6J6YJXPE4LzUa57NRj2qyXSbr+q5q9URfrkOmFDwaBq5jLiFcDEDOS7UpAjoN5A1rAkxN7v+uP3gwYainkbx2+7DrM=

31
ansible/playbook.yaml
View File

@ -1,31 +0,0 @@
---
- name: Wait for hosts to be ready
hosts: all
gather_facts: false
tasks:
- name: Wait for system to become reachable
wait_for_connection:
timeout: 300
sleep: 10
- name: gather facts
ansible.builtin.setup:
gather_subset: all
- name: Common
ansible.builtin.import_playbook: plays/common.yaml
- name: host.nc.chaoswg.org
ansible.builtin.import_playbook: plays/vps.yaml
- name: mon1.hel1.chaoswg.org
ansible.builtin.import_playbook: plays/monitoring.yaml
- name: thonkpad.ka.chaoswg.org
ansible.builtin.import_playbook: plays/thonkpad.yaml
- name: infra.unruhig.eu
ansible.builtin.import_playbook: plays/infra.yaml
- name: filehost.unruhig.eu
ansible.builtin.import_playbook: plays/filehost.yaml
- name: grp_prometheus
ansible.builtin.import_playbook: plays/grp_prometheus.yaml
...

330
ansible/plays/common.yaml
View File

@ -1,330 +0,0 @@
- name: Setup SSH Config
hosts: all
become: true
become_user: root
tags:
- setup_ssh
- setup
tasks:
- name: Authorized_keys dir present
ansible.builtin.file:
state: directory
path: /etc/ssh/authorized_keys
owner: root
group: root
mode: '0755'
- name: Obtain Machine Pubkey
delegate_to: localhost
become: false
changed_when: false
register: pubkey
ansible.builtin.command:
cmd: "ssh-keygen -y -f {{ ansible_ssh_private_key_file }}"
- name: Deploy SSH-Keys
vars:
machine_key: "{{ pubkey.stdout }}"
ansible.builtin.template:
src: "authorized_keys.j2"
dest: "/etc/ssh/authorized_keys/{{ ansible_user }}"
owner: root
group: root
mode: '0644'
- name: Ensure authorized_keys ownership
ansible.builtin.file:
state: directory
path: /etc/ssh/authorized_keys
owner: root
group: root
mode: "u=rwX,g=rX,o=rX"
recurse: true
- name: Configure sshd
ansible.builtin.template:
src: 'sshd_config.j2'
dest: '/etc/ssh/sshd_config.d/99-override.conf'
owner: root
group: root
mode: '0600'
- name: Remove Keys Config
ansible.builtin.file:
state: absent
path: /etc/ssh/ssh_config.d/40-ssh-key-dir.conf
- name: Setup Networks
hosts: network_config
become: true
become_user: root
tasks:
- name: Setup wired interface
ansible.builtin.template:
src: "connection.nmconnection.j2"
dest: "/etc/NetworkManager/system-connections/Wired Connection 1.nmconnection"
owner: root
group: root
mode: '0600'
notify: Restart Network
- name: Setup DNS
ansible.builtin.lineinfile:
path: /etc/systemd/resolved.conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
notify: Restart systemd-resolved
loop:
- regexp: "^DNS="
line: "DNS=1.1.1.1"
- regexp: "^FallbackDNS="
line: "FallbackDNS=8.8.8.8"
handlers:
- name: Restart Network
ansible.builtin.systemd:
name: NetworkManager.service
state: restarted
- name: Restart systemd-resolved
ansible.builtin.systemd:
name: systemd-resolved.service
state: restarted
- name: Backup
hosts: backup
become: true
become_user: root
vars:
repo_path: "/var/home/backup/storagebox/{{ inventory_hostname }}"
password: "{{ backup.password }}"
pushkey: "{{ backup.pushkey }}"
tasks:
- name: Install backup script
vars:
repo: "ssh://{{ common.backup.user }}@{{ common.backup.url }}{{ repo_path }}"
ansible.builtin.template:
src: backup.sh.j2
dest: /root/backup.sh
mode: '0700'
owner: root
- name: Generate SSH directory
ansible.builtin.file:
path: /root/.ssh
owner: root
state: directory
mode: '0700'
- name: Generate SSH Key
community.crypto.openssh_keypair:
path: /root/.ssh/borgbackup
type: ed25519
owner: root
mode: '0600'
register: keypair
- name: Register SSH Key with backup server
become: true
become_user: root
delegate_to: filehost.unruhig.eu
ansible.builtin.lineinfile:
path: /etc/ssh/authorized_keys/backup
state: present
search_string: "{{ keypair.public_key }}"
line: 'command="borg serve --append-only --restrict-to-repository {{ repo_path }}",restrict {{ keypair.public_key }}'
- name: Add Known Hosts entries
ansible.builtin.known_hosts:
path: "/root/.ssh/known_hosts"
name: "filehost.unruhig.eu"
key: "{{ item }}"
loop: "{{ hostvars['filehost.unruhig.eu']['known_hosts'] }}"
- name: Restore from Backup
hosts: backup
become: true
become_user: root
gather_facts: true
vars:
repo_path: "/var/home/backup/storagebox/{{ inventory_hostname }}"
password: "{{ backup.password }}"
pushkey: "{{ backup.pushkey }}"
tasks:
- name: Check if restore is needed
ansible.builtin.stat:
path: "/etc/setup_complete"
register: setup_complete
- block:
- name: Install restore script
vars:
repo: "ssh://{{ common.backup.user }}@{{ common.backup.url }}{{ repo_path }}"
ansible.builtin.template:
src: restore.sh.j2
dest: /root/restore.sh
mode: '0700'
owner: root
- name: Stop and mask backup service
become: true
become_user: root
ansible.builtin.systemd:
name: "borgbackup.service"
state: stopped
masked: true
- name: Restore from Borg
become: true
become_user: root
ansible.builtin.command:
chdir: /
cmd: bash /root/restore.sh
- name: Remove script from host
ansible.builtin.file:
path: /root/restore.sh
state: absent
- name: Mark setup as complete
ansible.builtin.file:
path: "/etc/setup_complete"
state: touch
owner: root
group: root
mode: 0600
- name: Unmask backup service
become: true
become_user: root
ansible.builtin.systemd:
name: "borgbackup.service"
state: stopped
masked: false
when: not setup_complete.stat.exists
- name: Setup Registry credentials
hosts: all
tasks:
- ansible.builtin.file:
path: /home/core/.docker
owner: core
state: directory
mode: '0700'
- ansible.builtin.template:
src: docker-config.json.j2
dest: /home/core/.docker/config.json
mode: '0600'
owner: core
- name: Setup Docker Config
hosts: all
become: true
become_user: root
tasks:
- ansible.builtin.file:
path: /etc/docker
owner: root
state: directory
mode: '0700'
- name: Template Config
ansible.builtin.template:
src: "docker-daemon.json.j2"
dest: /etc/docker/daemon.json
owner: root
group: root
mode: '0600'
notify: Restart Docker
- name: Check if sysconfig exists
ansible.builtin.stat:
path: /etc/sysconfig/docker
register: sysconfig
- name: Remove ulimits from sysconfig
ansible.builtin.lineinfile:
path: /etc/sysconfig/docker
search_string: '--default-ulimit nofile='
state: absent
when: sysconfig.stat.exists
notify: Restart Docker
- name: Remove log-driver from sysconfig
ansible.builtin.lineinfile:
path: /etc/sysconfig/docker
search_string: '--log-driver='
state: absent
when: sysconfig.stat.exists
notify: Restart Docker
- name: Restart Docker if necessary
meta: flush_handlers
handlers:
- name: Restart Docker
ansible.builtin.systemd:
state: restarted
name: docker.service
- name: Setup internal networks
hosts: all
tasks:
- name: Setup network
community.docker.docker_network:
name: "{{ item }}"
internal: true
loop: "{{ docker.internal_networks | default([]) }}"
- name: Setup Push Monitoring
hosts: all
tags:
- never
- setup_monitoring
- setup
tasks:
- name: Login to Kuma
delegate_to: localhost
check_mode: false
lucasheld.uptime_kuma.login:
api_url: "{{ kuma.api_url }}"
api_username: "{{ kuma.api_username }}"
api_password: "{{ kuma.api_password }}"
register: kumalogin
- name: Create Kuma Monitor
delegate_to: localhost
check_mode: false
lucasheld.uptime_kuma.monitor:
api_url: "{{ kuma.api_url }}"
api_token: "{{ kumalogin.token }}"
name: "{{ inventory_hostname }}"
description: "Managed by Ansible"
type: push
interval: "{{ heartbeat_timer_interval|mandatory + 30 }}"
maxretries: 2
notification_names:
- "Kuma Statusmonitor"
state: present
- name: Obtain Kuma Push Token
delegate_to: localhost
check_mode: false
lucasheld.uptime_kuma.monitor_info:
api_url: "{{ kuma.api_url }}"
api_token: "{{ kumalogin.token }}"
name: "{{ inventory_hostname }}"
register: monitor
- name: Check if user is lingering
stat:
path: "/var/lib/systemd/linger/{{ ansible_user }}"
register: user_lingering
- name: Enable lingering for user if needed
command: "loginctl enable-linger {{ ansible_user }}"
when:
- not user_lingering.stat.exists
- name: Create systemd config dir
file:
state: directory
path: "/home/{{ ansible_user }}/.config/systemd/user"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: '0755'
- name: Copy Push Monitor Service and Timer
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/home/{{ ansible_user }}/.config/systemd/user/{{ item }}"
mode: '0600'
owner: "{{ ansible_user }}"
vars:
monitor_url: "{{ kuma.api_url }}/api/push/{{ monitor.monitors[0].pushToken }}?status=up&msg=OK"
loop:
- heartbeat.service
- heartbeat.timer
- name: Enable timer
ansible.builtin.systemd:
scope: user
name: heartbeat.timer
state: started
enabled: true
masked: false
daemon_reload: true
- name: Setup Infrastructure Wireguard
tags:
- never
- setup
- setup_wireguard
- setup_vpn
ansible.builtin.import_playbook: vpn.yaml
# vim: ft=yaml.ansible

41
ansible/plays/docker.yaml
View File

@ -1,41 +0,0 @@
- name: Migrate to docker compose v2
hosts: all
become: true
become_user: root
pre_tasks:
- name: Find deployed projects
ansible.builtin.find:
paths: /home/core/compose
recurse: no
file_type: directory
register: find_challenges
- name: Register Projects Fact
ansible.builtin.set_fact:
deployed_challenges: "{{ find_challenges.files | map(attribute='path') | map('basename') }}"
- name: Undeploy
include_tasks: undeploy.yaml
loop: "{{ deployed_challenges | mandatory }}"
loop_control:
loop_var: item
label: "{{ item }}"
tasks:
- name: Install Repo
copy:
dest: /etc/yum.repos.d/docker-ce.repo
src: docker.repo
owner: root
group: root
mode: '0644'
- name: Remove legacy versions
command: "rpm-ostree override remove --reboot docker containerd runc"
async: true
poll: 0
ignore_errors: true
- name: Wait for host
ansible.builtin.wait_for_connection:
delay: 90
- name: Install new docker versions
command: "rpm-ostree install -A -y --idempotent docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-buildx-plugin"
- name: Redeploy
ansible.builtin.import_playbook: ../playbook.yaml

78
ansible/plays/filehost.yaml
View File

@ -1,78 +0,0 @@
- name: Setup Users
hosts: filehost.unruhig.eu
gather_facts: false
tasks:
- name: Create user [backup]
become: true
ansible.builtin.user:
name: backup
comment: Used for receiving borg backups
shell: /bin/bash
create_home: true
state: present
generate_ssh_key: true
ssh_key_type: "ed25519"
ssh_key_file: ".ssh/storagebox"
- name: Create mount directory
become: true
become_user: backup
ansible.builtin.file:
path: "/home/backup/storagebox"
state: directory
owner: backup
group: backup
mode: '0700'
- name: Create user [files]
become: true
ansible.builtin.user:
name: files
comment: Used for providing access to files
shell: /bin/bash
create_home: true
state: present
generate_ssh_key: true
ssh_key_type: "ed25519"
ssh_key_file: ".ssh/storagebox"
- name: Create mount directory
become: true
become_user: files
ansible.builtin.file:
path: "/home/files/data"
state: directory
owner: files
group: files
mode: '0700'
- name: Setup mounts
hosts: filehost.unruhig.eu
become: true
become_user: root
pre_tasks:
- name: Info user [backup]
become: true
ansible.builtin.user:
name: backup
state: present
register: user_backup
- name: Info user [files]
become: true
ansible.builtin.user:
name: files
state: present
register: user_files
roles:
- role: ansible_systemd_mounts
mounts:
backup:
share: "//{{ backup.cifs.host }}/{{ backup.cifs.user }}"
mount: "{{ user_backup.home }}/storagebox"
type: "cifs"
options: "_netdev,iocharset=utf8,seal,x-systemd.automount,username={{ backup.cifs.user }},password={{ backup.cifs.password }},uid={{ user_backup.uid }},gid={{ user_backup.group }}"
automount: true
files:
share: "//{{ files.cifs.host }}/{{ files.cifs.user }}"
mount: "{{ user_files.home }}/data"
type: "cifs"
options: "_netdev,iocharset=utf8,seal,x-systemd.automount,username={{ files.cifs.user }},password={{ files.cifs.password }},uid={{ user_files.uid }},gid={{ user_files.group }}"
automount: true
# vim: ft=yaml.ansible

6
ansible/plays/files/docker.repo
View File

@ -1,6 +0,0 @@
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg

8
ansible/plays/grp_prometheus.yaml
View File

@ -1,8 +0,0 @@
- name: Deploy Metrics exporter
hosts: prometheus
vars:
state: running
roles:
- {role: compose_project, service: metric-export}
# vim: ft=yaml.ansible

16
ansible/plays/infra.yaml
View File

@ -1,16 +0,0 @@
- name: Setup Infra Meta Host
hosts: infra.unruhig.eu
gather_facts: false
vars:
state: running
base_domain: "tobiasmanske.de"
roles:
- {role: compose_project, service: traefik}
- {role: compose_project, service: keycloak}
# - {role: compose_project, service: db} # database used for terraform state
# - {role: compose_project, service: monitoring-stack} # mimir, loki, grafana
- {role: compose_project, service: pantalaimon}
- {role: compose_project, service: watchtower}
- {role: compose_project, service: vaultwarden}
# vim: ft=yaml.ansible

30
ansible/plays/monitoring.yaml
View File

@ -1,30 +0,0 @@
- name: Base Setup Monitoring
hosts: mon1.hel1.chaoswg.org
vars:
state: running
roles:
- {role: compose_project, service: traefik}
- {role: compose_project, service: pantalaimon}
- {role: compose_project, service: watchtower}
- name: Setup Monitoring Kuma 1
hosts: mon1.hel1.chaoswg.org
vars:
state: running
roles:
- role: compose_project
service: kuma
vars:
service_name: "tobias"
urls:
- "status.tobiasmanske.de"
- "monitor.chaoswg.org"
- name: Setup Monitoring Kuma 2
hosts: mon1.hel1.chaoswg.org
vars:
state: running
roles:
- role: compose_project
service: kuma
vars:
service_name: "istannen"
urls: ["monitor.ialistannen.de"]

1
ansible/plays/services/ba-gitlab-runner/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=gitlab-ba

39
ansible/plays/services/ba-gitlab-runner/docker-compose.yaml
View File

@ -1,39 +0,0 @@
---
version: "3.4"
services:
dind:
image: docker:dind
restart: unless-stopped
privileged: true
volumes:
- /lib/modules:/lib/modules:ro
environment:
DOCKER_TLS_CERTDIR: ""
networks:
- backend
- default
runner:
image: gitlab/gitlab-runner:alpine
restart: unless-stopped
depends_on:
- dind
networks:
- default
- backend
volumes:
- runner_cfg:/etc/gitlab-runner:z
environment:
- DOCKER_HOST=tcp://dind:2375
- CI_SERVER_URL={{ ba_gitlab_runner.server }}
- REGISTRATION_TOKEN={{ ba_gitlab_runner.token }}
volumes:
runner_cfg:
networks:
backend:
internal: true
...

14
ansible/plays/services/caddy/Caddyfile
View File

@ -1,14 +0,0 @@
{
auto_https off
}
{% for rule in redirect.hosts %}
http://{{ rule.from }} {
{% if rule.keepUri %}
redir https://{{ rule.to }}{uri}
{% else %}
redir https://{{ rule.to }}
{% endif %}
}
{% endfor %}

1
ansible/plays/services/diun/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=diun

19
ansible/plays/services/diun/diun.yml
View File

@ -1,19 +0,0 @@
watch:
workers: 20
schedule: "0 */6 * * *"
firstCheckNotif: false
notif:
matrix:
homeserverURL: http://pantalaimon:8008
user: "{{ diun.matrix.user }}"
password: "{{ diun.matrix.password }}"
roomID: "{{ diun.matrix.roomID }}"
msgType: notice
templateBody: |
{% raw %}Docker tag {{ if .Entry.Image.HubLink }}[**{{ .Entry.Image }}**]({{ .Entry.Image.HubLink }}){{ else }}**{{ .Entry.Image }}**{{ end }} which you subscribed to through {{ .Entry.Provider }} provider {{ if (eq .Entry.Status "new") }}is available{{ else }}has been updated{{ end }} on {{ .Entry.Image.Domain }} registry.
{{ if and (eq .Entry.Status "new") (eq .Entry.Image "docker.io/jitsi/web") }}See https://github.com/jitsi/docker-jitsi-meet/releases/tag/{{ .Entry.Image.Tag }}{{ end }}{% endraw %}
providers:
file:
filename: /watch.yml

29
ansible/plays/services/diun/docker-compose.yaml
View File

@ -1,29 +0,0 @@
---
version: "3.4"
services:
diun:
image: crazymax/diun:latest
container_name: diun
command: serve
volumes:
- "data:/data"
- "./diun.yml:/diun.yml:ro,Z"
- "./watch.yml:/watch.yml:ro,Z"
environment:
- "TZ=Europe/Berlin"
- "LOG_LEVEL=info"
- "LOG_JSON=false"
restart: always
networks:
- default
- pantalaimon
volumes:
data:
networks:
pantalaimon:
external: true
...

6
ansible/plays/services/diun/watch.yml
View File

@ -1,6 +0,0 @@
- name: docker.io/jitsi/web
watch_repo: true
notify_on:
- new
include_tags:
- ^stable-\d+

1
ansible/plays/services/filestash/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=filestash

21
ansible/plays/services/filestash/docker-compose.yaml
View File

@ -1,21 +0,0 @@
version: "3.4"
services:
filestash:
container_name: filestash
image: machines/filestash:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.filestash.rule=Host(`stash.unruhig.eu`)"
- "traefik.http.routers.filestash.entryPoints=websecure"
- "traefik.http.services.filestash.loadbalancer.server.port=8334"
environment:
- "APPLICATION_URL=https://stash.unruhig.eu"
volumes:
- data:/app/data/state/
networks:
- default
volumes:
data:

1
ansible/plays/services/gitea-runner/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=gitea-runner

44
ansible/plays/services/gitea-runner/docker-compose.yaml
View File

@ -1,44 +0,0 @@
---
version: '3.9'
services:
dind:
image: docker:dind
restart: unless-stopped
privileged: true
volumes:
- /lib/modules:/lib/modules:ro
environment:
DOCKER_TLS_CERTDIR: ""
command:
- '--tls=false' # Do not force TLS; note that this service is NOT exposed to the internet
networks:
- backend
- default
drone_runner:
image: drone/drone-runner-docker:1
restart: always
environment:
- "DOCKER_HOST=tcp://dind:2375"
- "DRONE_LIMIT_MEM=8192000000"
- "DRONE_RPC_SECRET={{ gitea.drone.rpc_secret }}"
- "DRONE_RPC_HOST=drone.tobiasmanske.de"
- "DRONE_RPC_PROTO=https"
- "DRONE_RUNNER_CAPACITY={{ gitea.drone.runner_capacity }}"
- "DRONE_RUNNER_NAME={{ gitea.drone.runner_name }}"
{% if gitea.drone.runner_labels is defined %}
- "DRONE_RUNNER_LABELS={{ gitea.drone.runner_labels | join(',') }}"
{% endif %}
- "DRONE_RUNNER_CLONE_IMAGE=drone/git:linux-amd64"
- "DRONE_RUNNER_VOLUMES=/etc/hosts:/etc/hosts"
depends_on:
- dind
networks:
- backend
- default
networks:
backend:
internal: true
...

1
ansible/plays/services/gotosocial/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=gotosocial

69
ansible/plays/services/gotosocial/docker-compose.yaml
View File

@ -1,69 +0,0 @@
{% import 'macro/postgres.j2' as pg with context %}
---
version: '3'
services:
gotosocial:
image: superseriousbusiness/gotosocial:latest
restart: unless-stopped
user: "1000:1000"
depends_on:
db:
condition: service_healthy
environment:
GTS_LOG_LEVEL: "info"
GTS_HOST: "social.unruhig.eu"
GTS_ACCOUNT_DOMAIN: "unruhig.eu"
GTS_DB_TYPE: "postgres"
GTS_DB_ADDRESS: "db"
GTS_DB_PORT: "5432"
GTS_DB_DATABASE: "{{ gotosocial.db.user }}"
GTS_DB_USER: "{{ gotosocial.db.user }}"
GTS_DB_PASSWORD: "{{ gotosocial.db.password }}"
GTS_TRUSTED_PROXIES: "127.0.0.1/32,10.254.0.0/17,fd64:2::/104,::1"
GTS_INSTANCE_LANGUAGES: "de,en-gb"
GTS_LETSENCRYPT_ENABLED: "false"
GTS_METRICS_ENABLED: "true"
GTS_LANDING_PAGE_USER: "admin"
# STORAGE
GTS_STORAGE_BACKEND: "s3"
GTS_STORAGE_S3_ENDPOINT: "{{ gotosocial.s3.endpoint }}"
GTS_STORAGE_S3_BUCKET: "{{ gotosocial.s3.bucket }}"
GTS_STORAGE_S3_ACCESS_KEY: "{{ gotosocial.s3.access_key }}"
GTS_STORAGE_S3_SECRET_KEY: "{{ gotosocial.s3.secret_key | mandatory }}"
# OPENID CONNECT
GTS_OIDC_ENABLED: "true"
GTS_OIDC_IDP_NAME: "KeyCloak"
GTS_OIDC_ISSUER: "{{ gotosocial.oidc.issuer }}"
GTS_OIDC_CLIENT_ID: "{{ gotosocial.oidc.client_id }}"
GTS_OIDC_CLIENT_SECRET: "{{ gotosocial.oidc.client_secret }}"
GTS_OIDC_ADMIN_GROUPS: "gotosocial-admin,service-admin"
GTS_OIDC_SCOPES: "openid,email,profile"
# GTS_ACCOUNTS_REGISTRATION_OPEN: "false"
TZ: "Europe/Berlin"
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.gotosocial.rule=(Host(`social.unruhig.eu`) || (Host(`unruhig.eu`) && Path(`/.well-known/{a:(webfinger|nodeinfo|host-meta)}`)))"
- "traefik.http.routers.gotosocial.entryPoints=websecure"
- "traefik.http.services.gotosocial.loadbalancer.server.port=8080"
- "traefik.http.routers.gotosocial.middlewares=deny-metrics@file"
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
networks:
- backend
- default
- metrics
{{ pg.postgres("db", gotosocial.db.user, gotosocial.db.password, gotosocial.db.user, ["backend"]) }}
volumes:
db_data:
networks:
backend:
internal: true
metrics:
external: true
postgres:
internal: true
...

1
ansible/plays/services/grafana/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=grafana

48
ansible/plays/services/grafana/docker-compose.yaml
View File

@ -1,48 +0,0 @@
version: "3.4"
services:
grafana:
image: grafana/grafana:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.grafana.rule=Host(`grafana.tobiasmanske.de`)"
- "traefik.http.routers.grafana.entryPoints=websecure"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
environment:
- "GF_SERVER_ROOT_URL=https://grafana.tobiasmanske.de"
- "GF_SECURITY_ADMIN_USER={{ grafana.admin.user }}"
- "GF_SECURITY_ADMIN_PASSWORD={{ grafana.admin.password }}"
- "GF_AUTH_GENERIC_OAUTH_NAME=Keycloak"
- "GF_AUTH_GENERIC_OAUTH_ENABLED=true"
- "GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true"
- "GF_AUTH_GENERIC_OAUTH_CLIENT_ID={{ grafana.oidc.client_id }}"
- "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET={{ grafana.oidc.client_secret }}"
- "GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile offline_access roles"
- "GF_AUTH_GENERIC_OAUTH_GROUP_ATTRIBUTE_PATH=groups"
- "GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email"
- "GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username"
- "GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name"
- "GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/auth"
- "GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/token"
- "GF_AUTH_GENERIC_OAUTH_API_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/userinfo"
- "GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(resource_access.grafana.roles[*], 'serveradmin') && 'GrafanaAdmin' || contains(resource_access.grafana.roles[*], 'admin') && 'Admin' || contains(resource_access.grafana.roles[*], 'editor') && 'Editor' || contains(resource_access.grafana.roles[*], 'viewer') && 'Viewer' || 'None'"
- "GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN=true"
volumes:
- data:/var/lib/grafana
- ./grafana-ds.yml:/etc/grafana/provisioning/datasources/datasource.yml:ro,Z
- ./grafana-db.yml:/etc/grafana/provisioning/dashboards/datasource.yml:ro,Z
- ./grafana-dashboards:/var/lib/grafana/dashboards:ro,Z
networks:
- default
- metrics
volumes:
data:
networks:
backend:
internal: true
metrics:
external: true
postgres:
internal: true

1313
ansible/plays/services/grafana/grafana-dashboards/cadvisor.json
View File

File diff suppressed because it is too large Load Diff

602
ansible/plays/services/grafana/grafana-dashboards/droneci.json
View File

@ -1,602 +0,0 @@
{% raw %}
{
"__inputs": [
{
"name": "DS_PROMETHEUS",
"label": "Prometheus",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__elements": {},
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "10.0.3"
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "1.0.0"
},
{
"type": "panel",
"id": "stat",
"name": "Stat",
"version": ""
},
{
"type": "panel",
"id": "timeseries",
"name": "Time series",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"description": "Dashboard for Drone CI",
"editable": true,
"fiscalYearStartMonth": 0,
"gnetId": 16720,
"graphTooltip": 2,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 4,
"x": 0,
"y": 0
},
"id": 2,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"expr": "sum(drone_build_count) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"refId": "A"
}
],
"title": "Total Builds",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 4,
"x": 4,
"y": 0
},
"id": 4,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"expr": "sum(drone_repo_count) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"refId": "A"
}
],
"title": "Activated Repos",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 4,
"x": 8,
"y": 0
},
"id": 7,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_user_count) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"range": true,
"refId": "A"
}
],
"title": "Total Users",
"type": "stat"
},
{
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 4
},
"id": 10,
"title": "Metrics",
"type": "row"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"decimals": 0,
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 10,
"w": 12,
"x": 0,
"y": 5
},
"id": 6,
"links": [],
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "9.0.7",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_running_builds) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "running builds",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_pending_builds) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "pending builds",
"range": true,
"refId": "B"
}
],
"title": "Builds",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"decimals": 0,
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 10,
"w": 12,
"x": 12,
"y": 5
},
"id": 8,
"links": [],
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "9.0.7",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_running_jobs) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "running jobs",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_pending_jobs) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "pending jobs",
"range": true,
"refId": "B"
}
],
"title": "Jobs",
"type": "timeseries"
}
],
"refresh": "1m",
"schemaVersion": 38,
"style": "dark",
"tags": [
"drone",
"drone-ci",
"ci/cd"
],
"templating": {
"list": [
{
"current": {
"selected": true,
"text": "Prometheus",
"value": "Prometheus"
},
"hide": 0,
"includeAll": false,
"label": "datasource",
"multi": false,
"name": "DS_PROMETHEUS",
"options": [],
"query": "prometheus",
"queryValue": "",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
}
]
},
"time": {
"from": "now-12h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Drone CI",
"uid": "IT4-bnNik",
"version": 2,
"weekStart": ""
}
{% endraw %}

4506
ansible/plays/services/grafana/grafana-dashboards/hedgedoc.json
View File

File diff suppressed because it is too large Load Diff

440
ansible/plays/services/grafana/grafana-dashboards/kuma.json
View File

@ -1,440 +0,0 @@
{% raw %}
{
"__inputs": [
{
"name": "DS_PROMETHEUS",
"label": "Prometheus",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__elements": {},
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "10.0.3"
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "1.0.0"
},
{
"type": "panel",
"id": "stat",
"name": "Stat",
"version": ""
},
{
"type": "panel",
"id": "timeseries",
"name": "Time series",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"description": "A dashboard to show the data from the excellent Uptime Kuma project!",
"editable": true,
"fiscalYearStartMonth": 0,
"gnetId": 14847,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"0": {
"color": "red",
"index": 0,
"text": "DOWN"
},
"1": {
"color": "green",
"index": 1,
"text": "UP"
}
},
"type": "value"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 17,
"w": 24,
"x": 0,
"y": 0
},
"id": 4,
"options": {
"colorMode": "background",
"graphMode": "area",
"justifyMode": "center",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "monitor_status ",
"interval": "",
"legendFormat": "{{ monitor_name }}",
"refId": "A"
}
],
"title": "Site Status",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "red",
"value": null
},
{
"color": "#EAB839",
"value": 30
},
{
"color": "green",
"value": 60
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 13,
"x": 0,
"y": 17
},
"id": 6,
"options": {
"colorMode": "background",
"graphMode": "area",
"justifyMode": "center",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "monitor_cert_days_remaining",
"interval": "",
"legendFormat": "{{ monitor_name }}",
"refId": "A"
}
],
"title": "TLS Certificate Remaining Days",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"0": {
"color": "red",
"index": 0,
"text": "EXPIRED"
},
"1": {
"color": "green",
"index": 1,
"text": "VALID"
}
},
"type": "value"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "red",
"value": null
},
{
"color": "green",
"value": 1
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 11,
"x": 13,
"y": 17
},
"id": 5,
"options": {
"colorMode": "background",
"graphMode": "area",
"justifyMode": "center",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "monitor_cert_is_valid",
"interval": "",
"legendFormat": "{{ monitor_name }}",
"refId": "A"
}
],
"title": "TLS Certificate Status",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "ms"
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 26
},
"id": 2,
"options": {
"legend": {
"calcs": [
"max",
"min",
"lastNotNull"
],
"displayMode": "table",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "sum(monitor_response_time{}) by (monitor_name)",
"interval": "",
"legendFormat": "{{ monitor_name }}",
"refId": "A"
}
],
"title": "Response Times",
"type": "timeseries"
}
],
"refresh": "30s",
"revision": 1,
"schemaVersion": 38,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"current": {
"selected": false,
"text": "Prometheus",
"value": "Prometheus"
},
"hide": 0,
"includeAll": false,
"multi": false,
"name": "DS_PROMETHEUS",
"options": [],
"query": "prometheus",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
}
]
},
"time": {
"from": "now-5m",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Uptime Kuma",
"uid": "CN8E-vZ7k",
"version": 4,
"weekStart": ""
}
{% endraw %}

1565
ansible/plays/services/grafana/grafana-dashboards/miniflux.json
View File

File diff suppressed because it is too large Load Diff

3214
ansible/plays/services/grafana/grafana-dashboards/minio.json
View File

File diff suppressed because it is too large Load Diff

1598
ansible/plays/services/grafana/grafana-dashboards/prometheus-stats.json
View File

File diff suppressed because it is too large Load Diff

562
ansible/plays/services/grafana/grafana-dashboards/smokeping.json
View File

@ -1,562 +0,0 @@
{% raw %}
{
"__inputs": [
{
"name": "DS_MIMIR_NETCUP",
"label": "Mimir Netcup",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__elements": {},
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "10.2.3"
},
{
"type": "panel",
"id": "heatmap",
"name": "Heatmap",
"version": ""
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "1.0.0"
},
{
"type": "panel",
"id": "timeseries",
"name": "Time series",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"description": "Smoke Ping using https://github.com/SuperQ/smokeping_prober\r\nwith \r\nlatency heatmap\r\nlatency graph\r\npacket loss gragh\r\n",
"editable": true,
"fiscalYearStartMonth": 0,
"gnetId": 11335,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"cards": {},
"color": {
"cardColor": "#FF9830",
"colorScale": "sqrt",
"colorScheme": "interpolateOranges",
"exponent": 0.5,
"mode": "opacity"
},
"dataFormat": "tsbuckets",
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"fieldConfig": {
"defaults": {
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"scaleDistribution": {
"type": "linear"
}
}
},
"overrides": []
},
"gridPos": {
"h": 10,
"w": 12,
"x": 0,
"y": 0
},
"heatmap": {},
"hideZeroBuckets": false,
"highlightCards": true,
"id": 2,
"legend": {
"show": false
},
"links": [],
"options": {
"calculate": false,
"calculation": {},
"cellGap": 2,
"cellValues": {},
"color": {
"exponent": 0.5,
"fill": "#FF9830",
"mode": "opacity",
"reverse": false,
"scale": "exponential",
"scheme": "Oranges",
"steps": 128
},
"exemplars": {
"color": "rgba(255,0,255,0.7)"
},
"filterValues": {
"le": 1e-9
},
"legend": {
"show": true
},
"rowsFrame": {
"layout": "auto"
},
"showValue": "never",
"tooltip": {
"show": true,
"showColorScale": false,
"yHistogram": false
},
"yAxis": {
"axisPlacement": "right",
"decimals": 0,
"min": "0",
"reverse": false,
"unit": "s"
}
},
"pluginVersion": "10.2.3",
"reverseYBuckets": false,
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"editorMode": "code",
"expr": "sum(rate(smokeping_response_duration_seconds_bucket{host=\"$target\", __tenant_id__=\"$source\"}[1m])) by (le)",
"format": "heatmap",
"intervalFactor": 1,
"legendFormat": "{{le}}",
"range": true,
"refId": "A"
}
],
"title": "Smoke Ping - $target",
"tooltip": {
"show": true,
"showHistogram": false
},
"transparent": true,
"type": "heatmap",
"xAxis": {
"show": true
},
"yAxis": {
"decimals": 0,
"format": "s",
"logBase": 1,
"min": "0",
"show": true
},
"yBucketBound": "auto"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "Loss %",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percentunit"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Count"
},
"properties": [
{
"id": "custom.fillOpacity",
"value": 0
},
{
"id": "unit",
"value": "none"
},
{
"id": "decimals",
"value": 0
},
{
"id": "custom.axisLabel",
"value": "Loss Packet"
},
{
"id": "custom.lineStyle",
"value": {
"dash": [
10,
10
],
"fill": "dash"
}
}
]
}
]
},
"gridPos": {
"h": 10,
"w": 12,
"x": 12,
"y": 0
},
"id": 4,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "10.2.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"editorMode": "code",
"expr": "(smokeping_requests_total{host=\"$target\", __tenant_id__=\"$source\"} - smokeping_response_duration_seconds_count{host=\"$target\", __tenant_id__=\"$source\"})/smokeping_requests_total{host=\"$target\", __tenant_id__=\"$source\"} ",
"legendFormat": "Percentage",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"editorMode": "code",
"expr": "(smokeping_requests_total{host=\"$target\", __tenant_id__=\"$source\"} - smokeping_response_duration_seconds_count{host=\"$target\", __tenant_id__=\"$source\"})",
"legendFormat": "Count",
"range": true,
"refId": "B"
}
],
"title": "Packet Loss - $target",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "s"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Count"
},
"properties": [
{
"id": "custom.fillOpacity",
"value": 0
},
{
"id": "unit",
"value": "none"
},
{
"id": "decimals",
"value": 0
},
{
"id": "custom.axisPlacement",
"value": "hidden"
},
{
"id": "custom.axisLabel",
"value": "Loss Packet"
},
{
"id": "custom.lineStyle",
"value": {
"dash": [
10,
10
],
"fill": "dash"
}
}
]
}
]
},
"gridPos": {
"h": 10,
"w": 24,
"x": 0,
"y": 10
},
"id": 5,
"options": {
"legend": {
"calcs": [
"mean",
"lastNotNull",
"max",
"min"
],
"displayMode": "table",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "10.2.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"editorMode": "code",
"expr": "smokeping_response_duration_seconds_sum{host=\"$target\", __tenant_id__=\"$source\"} / smokeping_response_duration_seconds_count{host=\"$target\", __tenant_id__=\"$source\"}",
"legendFormat": "{{host}}",
"range": true,
"refId": "A"
}
],
"title": "Latency - $target",
"transparent": true,
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 39,
"tags": [],
"templating": {
"list": [
{
"current": {},
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"definition": "label_values(smokeping_response_duration_seconds_bucket, host)",
"hide": 0,
"includeAll": false,
"multi": false,
"name": "target",
"options": [],
"query": "label_values(smokeping_response_duration_seconds_bucket, host)",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"current": {},
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"definition": "label_values(__tenant_id__)",
"description": "Host to query from",
"hide": 0,
"includeAll": false,
"label": "Host",
"multi": false,
"name": "source",
"options": [],
"query": {
"qryType": 1,
"query": "label_values(__tenant_id__)",
"refId": "PrometheusVariableQueryEditor-VariableQuery"
},
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"type": "query"
}
]
},
"time": {
"from": "now-30m",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Smoke Ping",
"uid": "i5aRaLaik",
"version": 4,
"weekStart": ""
}
{% endraw %}

12765
ansible/plays/services/grafana/grafana-dashboards/synapse.json
View File

File diff suppressed because it is too large Load Diff

1445
ansible/plays/services/grafana/grafana-dashboards/traefik2.json
View File

File diff suppressed because it is too large Load Diff

12
ansible/plays/services/grafana/grafana-db.yml
View File

@ -1,12 +0,0 @@
apiVersion: 1
providers:
- name: "Dashboard provider"
orgId: 1
type: file
disableDeletion: false
updateIntervalSeconds: 10
allowUiUpdates: true
options:
path: /var/lib/grafana/dashboards
foldersFromFilesStructure: true

28
ansible/plays/services/grafana/grafana-ds.yml
View File

@ -1,28 +0,0 @@
apiVersion: 1
datasources:
- name: Mimir Netcup
type: prometheus
basicAuth: true
basicAuthUser: {{ common.mimir.username }}
jsonData:
httpHeaderName1: "X-Scope-OrgID"
secureJsonData:
basicAuthPassword: {{ common.mimir.password }}
httpHeaderValue1: "{{ groups['prometheus']|map('extract', hostvars, 'inventory_hostname')|join('|')|replace('.','-') }}"
url: https://{{ common.mimir.host }}/prometheus
isDefault: false
access: proxy
editable: true
- name: Loki
type: loki
access: proxy
orgId: 1
url: https://{{ common.loki.host }}
basicAuth: true
basicAuthUser: {{ common.loki.username }}
secureJsonData:
basicAuthPassword: {{ common.loki.password }}
isDefault: false
version: 1
editable: true

3
ansible/plays/services/jellyfin/.env
View File

@ -1,3 +0,0 @@
COMPOSE_PROJECT_NAME=jellyfin
UID=64001
GID=64001

25
ansible/plays/services/jellyfin/docker-compose.yaml
View File

@ -1,25 +0,0 @@
---
version: "3.4"
services:
jellyfin:
image: jellyfin/jellyfin:latest
user: "$UID:$GID"
ports:
- "8096:8096/tcp"
restart: always
volumes:
- "library:/media"
- "cache:/cache"
- "config:/config"
volumes:
library:
driver: local
driver_opts:
type: cifs
device: "{{ jellyfin.cifs.address }}"
o: "username={{ jellyfin.cifs.username }},password={{ jellyfin.cifs.password }},vers=3.0,uid=$UID,gid=$GID"
cache:
config:
...

1
ansible/plays/services/keycloak/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=keycloak

43
ansible/plays/services/keycloak/docker-compose.yaml
View File

@ -1,43 +0,0 @@
{% import 'macro/postgres.j2' as pg with context %}
---
version: '3.9'
services:
keycloak:
image: registry.tobiasmanske.de/keycloak:main
command: start
depends_on:
pg:
condition: service_healthy
environment:
- "KC_DB=postgres"
- "KC_DB_URL_HOST=pg"
- "KC_DB_URL_DATABASE={{ auth.db.name }}"
- "KC_DB_USERNAME={{ auth.db.user }}"
- "KC_DB_PASSWORD={{ auth.db.password }}"
- "KEYCLOAK_ADMIN={{ auth.keycloak.user }}"
- "KEYCLOAK_ADMIN_PASSWORD={{ auth.keycloak.password }}"
- "KC_PROXY=edge"
- "KC_HOSTNAME=auth.tobiasmanske.de"
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.keycloak.rule=Host(`auth.tobiasmanske.de`)"
- "traefik.http.routers.keycloak.entryPoints=websecure"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
restart: always
networks:
- backend
- default # keycloak needs to talk to social logins
{{ pg.postgres("pg", auth.db.user, auth.db.password, auth.db.name, ["backend"]) }}
networks:
postgres:
internal: true
backend:
internal: true
volumes:
pg_data:
...

1
ansible/plays/services/kuma/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=kuma-{{ service_name|default("kuma") }}

26
ansible/plays/services/kuma/docker-compose.yaml
View File

@ -1,26 +0,0 @@
{% set _name = service_name|default("kuma") %}
{% set _urls = urls|default(kuma.urls)|mandatory %}
---
services:
kuma:
image: louislam/uptime-kuma:latest
restart: unless-stopped
volumes:
- data:/app/data
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.kuma-{{ _name }}.rule={{ _urls | map('regex_replace', '^(.*)$', 'Host(`\\1`)') | join(' || ') }}"
- "traefik.http.routers.kuma-{{ _name }}.entryPoints=websecure"
- "traefik.http.services.kuma-{{ _name }}.loadbalancer.server.port=3001"
networks:
- default
- pantalaimon
volumes:
data:
networks:
pantalaimon:
external: true
...

1
ansible/plays/services/linktree/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=linktree

14
ansible/plays/services/linktree/docker-compose.yaml
View File

@ -1,14 +0,0 @@
---
version: "3.4"
services:
unruhig.eu:
image: registry.tobiasmanske.de/unruhig.eu:latest
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.unruhigeu.rule=(Host(`unruhig.eu`) || Host(`www.unruhig.eu`))"
- "traefik.http.routers.unruhigeu.entryPoints=websecure"
- "traefik.http.services.unruhigeu.loadbalancer.server.port=80"
restart: always
...

1
ansible/plays/services/loki/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=loki

28
ansible/plays/services/loki/docker-compose.yaml
View File

@ -1,28 +0,0 @@
version: "3.4"
services:
loki:
image: grafana/loki:latest
restart: unless-stopped
command: -config.file=/etc/loki/loki.yaml
volumes:
- ./loki.yml:/etc/loki/loki.yaml:ro,Z
- loki_data:/loki
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.loki.rule=Host(`loki.tobiasmanske.de`)"
- "traefik.http.middlewares.loki-auth.basicauth.users={{ common.loki.username }}:{{ common.loki.password_hash | mandatory }}"
- "traefik.http.routers.loki.entryPoints=websecure"
- "traefik.http.services.loki.loadbalancer.server.port=3100"
- "traefik.http.routers.loki.middlewares=loki-auth"
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=3100"
networks:
- metrics
- default
volumes:
loki_data:
networks:
metrics:
external: true

51
ansible/plays/services/loki/loki.yml
View File

@ -1,51 +0,0 @@
auth_enabled: false
server:
http_listen_port: 3100
grpc_listen_port: 9096
query_range:
results_cache:
cache:
embedded_cache:
enabled: true
max_size_mb: 100
schema_config:
configs:
- from: 2020-10-24
store: boltdb-shipper
object_store: aws
schema: v11
index:
prefix: index_
period: 24h
common:
path_prefix: /loki
storage:
s3:
endpoint: s3.tobiasmanske.de
bucketnames: loki-data
access_key_id: "{{ loki.s3.access_key }}"
secret_access_key: "{{ loki.s3.secret_key }}"
s3forcepathstyle: true
replication_factor: 1
ring:
kvstore:
store: inmemory
compactor:
working_directory: /loki/compactor
shared_store: s3
storage_config:
boltdb_shipper:
active_index_directory: /loki/active
cache_location: /loki/cache
cache_ttl: 24h
resync_interval: 5s
shared_store: s3
aws:
s3: "s3://{{ loki.s3.access_key }}:{{ loki.s3.secret_key }}@s3.tobiasmanske.de.:443/loki-data"
s3forcepathstyle: true

1
ansible/plays/services/matrix/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=matrix

15
ansible/plays/services/matrix/Caddyfile
View File

@ -1,15 +0,0 @@
{
auto_https off
}
http://{{ matrix.baseurl }} {
header {
Content-Type application/json
Access-Control-Allow-Origin *
}
respond /.well-known/matrix/client "{\"m.homeserver\": {\"base_url\": \"https://synapse.{{ matrix.baseurl }}\"}, \"org.matrix.msc3575.proxy\": { \"url\": \"https://syncv3.{{ matrix.baseurl }}\" } }" 200
respond /.well-known/matrix/server "{\"m.server\": \"synapse.{{ matrix.baseurl }}:443\"}" 200
respond /.well-known/matrix/support "{\"admins\":[{\"matrix_id\":\"@tobi:{{ matrix.baseurl }}\",\"email_address\":\"matrix@{{ matrix.baseurl }}\",\"role\":\"admin\"}]}" 200
respond 404
}

12
ansible/plays/services/matrix/cinny-config.json
View File

@ -1,12 +0,0 @@
{
"defaultHomeserver": 0,
"homeserverList": [
"unruhig.eu",
"entropia.de",
"matrix.org",
"archlinux.org",
"kit.edu",
"mozilla.org"
],
"allowCustomHomeservers": true
}

207
ansible/plays/services/matrix/docker-compose.yaml
View File

@ -1,207 +0,0 @@
{% import 'macro/postgres.j2' as pg with context %}
---
version: '3.9'
services:
synapse:
image: registry.tobiasmanske.de/matrixdotorg/synapse:latest
user: "1000:1000"
# Since synapse does not retry to connect to the database, restart upon
# failure
restart: unless-stopped
# See the readme for a full documentation of the environment settings
# NOTE: You must edit homeserver.yaml to use postgres, it defaults to sqlite
environment:
- SYNAPSE_CONFIG_DIR=/config
- SYNAPSE_CONFIG_PATH=/config/homeserver.yaml
- TZ=Europe/Berlin
ulimits:
nofile:
soft: 10000
hard: 40000
volumes:
- synapse_data:/data
- ./synapse-config:/config:ro,Z
- ./mautrix-telegram/registration.yaml:/data/reg-mautrix-tg.yaml:ro,Z
- ./mautrix-slack/registration.yaml:/data/reg-mautrix-slack.yaml:ro,Z
- ./mautrix-signal/registration.yaml:/data/reg-mautrix-signal.yaml:ro,Z
depends_on:
- db
- redis
networks:
- default
- backend
- metrics
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.http-synapse.rule=Host(`synapse.{{ matrix.baseurl }}`)"
- "traefik.http.routers.http-synapse.entryPoints=websecure"
- "traefik.http.routers.http-synapse.service=matrix-synapse"
- "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix.baseurl }}`) && PathPrefix(`/_{path:(matrix|synapse)}/`)"
- "traefik.http.routers.matrix-synapse.entryPoints=websecure"
- "traefik.http.routers.matrix-synapse.service=matrix-synapse"
- "traefik.http.services.matrix-synapse.loadbalancer.server.port=8008"
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=9091"
- "prometheus-scrape.metrics_path=/_synapse/metrics"
{{ pg.postgres("db", matrix.db.user, matrix.db.password, matrix.db.database, ["backend"] ) }}
caddy:
image: caddy:2
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro,z
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.matrix-well-known.rule=Host(`{{ matrix.baseurl }}`) && PathPrefix(`/.well-known/matrix/`)"
- "traefik.http.routers.matrix-well-known.entrypoints=websecure"
- "traefik.http.services.matrix-well-known.loadbalancer.server.port=80"
cinny:
image: ghcr.io/cinnyapp/cinny:latest
# image: registry.tobiasmanske.de/cinnyapp/cinny:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.matrix-cinny.rule=Host(`cinny.{{ matrix.baseurl }}`)"
- "traefik.http.routers.matrix-cinny.entryPoints=websecure"
- "traefik.http.services.matrix-cinny.loadbalancer.server.port=80"
volumes:
- ./cinny-config.json:/app/config.json:ro,Z
networks:
- default
redis:
image: redis:latest
restart: unless-stopped
networks:
- backend
### SLIDING SYNC
{{ pg.postgres("db-syncv3", matrix.syncv3.user, matrix.syncv3.password, matrix.syncv3.database, ["syncv3"] ) }}
syncv3-proxy:
image: ghcr.io/matrix-org/sliding-sync:latest
restart: always
environment:
- "SYNCV3_SERVER=https://synapse.{{ matrix.baseurl }}"
- "SYNCV3_SECRET={{ matrix.syncv3.secret }}"
- "SYNCV3_BINDADDR=:8008"
- "SYNCV3_PROM=:2112"
- "SYNCV3_DB=user={{ matrix.syncv3.user }} dbname={{ matrix.syncv3.database }} sslmode=disable host=db-syncv3 password='{{ matrix.syncv3.password }}'"
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.matrix-syncv3-proxy.rule=Host(`syncv3.{{ matrix.baseurl }}`)"
- "traefik.http.routers.matrix-syncv3-proxy.entrypoints=websecure"
- "traefik.http.services.matrix-syncv3-proxy.loadbalancer.server.port=8008"
- "prometheus-scrape.enabled=false"
- "prometheus-scrape.port=2112"
networks:
- syncv3
- default
### BRIDGES
#### Telegram
mautrix-telegram:
image: dock.mau.dev/mautrix/telegram:latest
user: "1000:1000"
restart: unless-stopped
environment:
- "MAUTRIX_DIRECT_STARTUP=1"
volumes:
- bridge_tg_data:/data
- ./mautrix-telegram/config.yaml:/data/config.yaml:ro,Z
- ./mautrix-telegram/registration.yaml:/data/registration.yaml:ro,Z
networks:
- backend
- default # Needs to contact UFOs in the sky
depends_on:
- db-bridge-tg
- synapse
{{ pg.postgres("db-bridge-tg", matrix.bridge.tg.dbuser, matrix.bridge.tg.dbpass, matrix.bridge.tg.dbname, ["backend"] ) }}
#### SLACK
mautrix-slack:
image: dock.mau.dev/mautrix/slack:latest
environment:
- "UID=1000"
- "GID=1000"
restart: unless-stopped
volumes:
- bridge_slack_data:/data
- ./mautrix-slack/config.yaml:/data/config.yaml:ro,Z
- ./mautrix-slack/registration.yaml:/data/registration.yaml:ro,Z
networks:
- backend
- default # Needs to contact UFOs in the sky
depends_on:
- db-bridge-slack
- synapse
{{ pg.postgres("db-bridge-slack", matrix.bridge.slack.dbuser, matrix.bridge.slack.dbpass, matrix.bridge.slack.dbname, ["backend"] ) }}
#### SIGNAL
mautrix-signal:
image: dock.mau.dev/mautrix/signal:latest
restart: unless-stopped
environment:
- "MAUTRIX_DIRECT_STARTUP=1"
- "UID=1000"
networks:
- default
- backend
volumes:
- bridge_signal_data:/data
- signald_data:/signald
- ./mautrix-signal/config.yaml:/data/config.yaml:ro,Z
- ./mautrix-signal/registration.yaml:/data/registration.yaml:ro,Z
depends_on:
- signald
- db-bridge-signal
signald:
image: docker.io/signald/signald:latest
restart: unless-stopped
networks:
- default
- backend
volumes:
- signald_data:/signald
{{ pg.postgres("db-bridge-signal", matrix.bridge.signal.dbuser, matrix.bridge.signal.dbpass, matrix.bridge.signal.dbname, ["backend"] ) }}
networks:
default:
enable_ipv6: true
postgres:
internal: true
backend:
internal: true
syncv3:
internal: true
metrics:
external: true
volumes:
bridge_signal_data:
bridge_slack_data:
bridge_tg_data:
db-bridge-signal_data:
db-bridge-slack_data:
db-bridge-tg_data:
db-syncv3_data:
db_data:
signald_data:
synapse_data:
...

306
ansible/plays/services/matrix/mautrix-signal/config.yaml
View File

@ -1,306 +0,0 @@
# Homeserver details
# {% set config = matrix.bridge.signal %}
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://synapse.{{ matrix.baseurl }}
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{ matrix.baseurl }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# Number of retries for all HTTP requests if the homeserver isn't reachable.
http_retry_count: 4
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint:
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint:
# Maximum number of simultaneous HTTP connections to the homeserver.
connection_limit: 100
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a media repo that supports MSC2246.
async_media: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://mautrix-signal:29328
# When using https:// the TLS certificate and key files for the address.
tls_cert: false
tls_key: false
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29328
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://{{ config.dbuser }}:{{ config.dbpass }}@db-bridge-signal/{{ config.dbname }}?sslmode=disable
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
# Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
database_opts:
min_size: 1
max_size: 10
id: signal
# Username of the appservice bot.
bot_username: signalbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Signal bridge bot
bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ config.as_token }}"
hs_token: "{{ config.hs_token }}"
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-signal.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
signal:
# Path to signald unix socket
socket_path: /signald/signald.sock
# Directory for temp files when sending files to Signal. This should be an
# absolute path that signald can read. For attachments in the other direction,
# make sure signald is configured to use an absolute path as the data directory.
outgoing_attachment_dir: /signald/attachments
# Directory where signald stores avatars for groups.
avatar_dir: /signald/avatars
# Directory where signald stores auth data. Used to delete data when logging out.
data_dir: /signald/data
# Whether or not unknown signald accounts should be deleted when the bridge is started.
# When this is enabled, any UserInUse errors should be resolved by restarting the bridge.
delete_unknown_accounts_on_start: false
# Whether or not message attachments should be removed from disk after they're bridged.
remove_file_after_handling: true
# Whether or not users can register a primary device
registration_enabled: true
# Whether or not to enable disappearing messages in groups. If enabled, then the expiration
# time of the messages will be determined by the first users to read the message, rather
# than individually. If the bridge has a single user, this can be turned on safely.
enable_disappearing_messages_in_groups: false
# Bridge config
bridge:
# {% raw %}
# Localpart template of MXIDs for Signal users.
# {userid} is replaced with the UUID of the Signal user.
username_template: "signal_{{.}}"
# Displayname template for Signal users.
# {displayname} is replaced with the displayname of the Signal user, which is the first
# available variable in displayname_preference. The variables in displayname_preference
# can also be used here directly.
# FIXME: ContactName is not save for multi-user instances.
displayname_template: '{{or .ProfileName .ContactName .PhoneNumber "Unknown User"}} (Signal)'
# {% endraw %}
autocreate_group_portal: true
# Whether or not to create portals for all contacts on login/connect.
autocreate_contact_portal: false
# Whether or not to make portals of Signal groups in which joining via invite link does
# not need to be approved by an administrator publicly joinable on Matrix.
public_portals: false
# Whether or not to use /sync to get read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: false
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
double_puppet_server_map:
{{ matrix.baseurl }}: https://{{ matrix.baseurl }}
login_shared_secret_map:
{{ matrix.baseurl }}: {{ matrix.authenticator.shared_secret }}
federate_rooms: false
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: true
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: true
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: true
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This will be implicitly enabled if encryption.default is true.
private_chat_portal_meta: "default"
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Signal. This let's you check manually whether the bridge is receiving your
# messages.
# Note that this is not related to Signal delivery receipts.
delivery_receipts: true
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# Interval at which to resync contacts (in seconds).
periodic_sync: 0
# Should leaving the room on Matrix make the user leave on Signal?
bridge_matrix_leave: false
# Should the bridge auto-create a group chat on Signal when a ghost is invited to a room?
# Requires the user to have sufficient power level and double puppeting enabled.
create_group_on_invite: true
hacky_contact_name_mixup_detection: false
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: false
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: disabled
# Segment API key to enable analytics tracking for web server
# endpoints. Set to null to disable.
# Currently the only events are login start, QR code scan, and login
# success/failure.
segment_key:
# Optional user_id to use when sending Segment events. If null, defaults to using mxID.
segment_user_id:
# The prefix for commands. Only required in non-management rooms.
command_prefix: '!signal'
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: Hello, I'm a Signal bridge bot.
# Sent when joining a management room and the user is already logged in.
welcome_connected: Use `help` for help.
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: Use `help` for help or `link` to log in.
# Optional extra text sent when joining a management room.
additional_help: ''
# Send each message separately (for readability in some clients)
management_room_multiple_messages: false
# Permissions for using the bridge.
# Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands.
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'*': relay
{{ matrix.baseurl }}: user
'@tobi:{{ matrix.baseurl }}': admin
relay:
# Whether relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
# The formats to use when sending messages to Signal via a relay user.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content
message_formats:
m.text: '$sender_displayname: $message'
m.notice: '$sender_displayname: $message'
m.emote: '* $sender_displayname $message'
m.file: $sender_displayname sent a file
m.image: $sender_displayname sent an image
m.audio: $sender_displayname sent an audio file
m.video: $sender_displayname sent a video
m.location: $sender_displayname sent a location
relaybot: '@relaybot:example.com'
# Whether or not invites from non-logged-in users should be relayed
invite: true
# Format for generating URLs from location messages for sending to Signal
# Google Maps: 'https://www.google.com/maps/place/{lat},{long}'
# OpenStreetMap: 'https://www.openstreetmap.org/?mlat={lat}&mlon={long}'
location_format: https://www.google.com/maps/place/{lat},{long}
logging:
min_level: debug
writers:
- type: stdout
format: json

31
ansible/plays/services/matrix/mautrix-signal/registration.yaml
View File

@ -1,31 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
31353638336331613430353931626330366132643736326566343536343666643965333163313831
3062336363343836666163393763326332623730623930620a333666373365306536636264613732
64373937373062303332306166393833656239333862343836626364613639633762376138383964
3033623639636530320a613233643736383637396131636434306435346637353966393639363239
30336461616464303031386164393433373831353435333466323166643436626234623262633237
30373830366430636230633962643439363666363031633936313934616332306437623138373535
65343062336461663861376664383138636333353338666231623436666366303431363438323632
31313739376439323665386130323338363930366361646361383831643337653963353639353738
36383866313262616135633231623964663266643030343561363735323039376338373165356366
30643738313331333733343739366435383936373135666433666663353039316331366463623362
38343430663432396332623662633533396433366564656263393735663839666566376139656261
65323664616463626430653734393433626231386230633664653264373034633731633239363135
35333366333039623764386330613130373263316436316266303461626463373939336134363039
62653363613064373731616137333663333334636336623363343034383263656631653864336439
65623762666538383766393939303832373566623666383761623234636638303566336438616136
33333939323061333431656435383731326633323135313839343761613231623537356333636336
65323063653239623166313938386133366565313336643161323564386338363839393434616535
63373038383334633238303336386261343639393537333735383439346164633962343033633533
64353138373161323639613434653939326265336239366364336630666634356439303564653833
31333765303030376330396261376161636563306133363137313435376133373363653031356333
62663737646165626366363230663262346563633236366238646339303763383161663033356232
34343434363833386330636535663333356364633332616431613431386534336133386638333034
35633363333366306435656137303866636232323765313164363636636366653364326332613233
32643866663032313431663463666364326633376332323335336131376131663865616232653065
34633338333237636336333062646561376331363138346132386430633462666634646462656431
65373562323539636165313038643839623132643539346539343338346366366362323230653935
34323834393961376234343564383635623865303765663439316535396263363265626265613761
33343034343666663834363133663734343838623132666561393862623136613035656434626233
31666434656535393536623461393630346262643331336364353932326337376132333631616635
3963306630613238323633666264316462393063383639656333

233
ansible/plays/services/matrix/mautrix-slack/config.yaml
View File

@ -1,233 +0,0 @@
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://synapse.{{ matrix.baseurl }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix.baseurl }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's slack connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://mautrix-slack:29335
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29335
# Database config.
database:
# The database type. "sqlite3" and "postgres" are supported.
type: postgres
# The database URI.
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://{{ matrix.bridge.slack.dbuser }}:{{ matrix.bridge.slack.dbpass }}@db-bridge-slack/{{ matrix.bridge.slack.dbname }}?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: slack
# Appservice bot details.
bot:
# Username of the appservice bot.
username: slackbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: Slack bridge bot
avatar: mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix.bridge.slack.as_token }}"
hs_token: "{{ matrix.bridge.slack.hs_token }}"
# Bridge config
bridge:
{% raw %}
# Localpart template of MXIDs for Slack users.
# {{.}} is replaced with the internal ID of the Slack user.
username_template: slack_{{.}}
# Displayname template for Slack users.
# TODO: document variables
displayname_template: '{{if not .DisplayName}}{{.RealName}}{{else}}{{.DisplayName}}{{end}} (Slack)'
bot_displayname_template: '{{.Name}} (bot)'
channel_name_template: '#{{.Name}}'
{% endraw %}
portal_message_buffer: 128
# Should the bridge send a read receipt from the bridge bot when a message has been sent to Slack?
delivery_receipts: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
sync_with_custom_puppets: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
private_chat_portal_meta: always
federate_rooms: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{ matrix.baseurl }}: https://{{ matrix.baseurl }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{ matrix.baseurl }}: "{{ matrix.authenticator.shared_secret }}"
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
# This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
# If the message is older than this when it reaches the bridge, the message won't be handled at all.
error_after: 10s
# Drop messages after this timeout. They may still go through if the message got sent to the servers.
# This is counted from the time the bridge starts handling the message.
deadline: 60s
# The prefix for commands. Only required in non-management rooms.
command_prefix: '!slack'
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Slack bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help, or `login-token` or `login-password` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
backfill:
# Allow backfilling at all? Requires MSC2716 support on homeserver.
enable: false
# If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Slack.
# Set to -1 to let any chat be unread.
unread_hours_threshold: 720
# Number of messages to immediately backfill when creating a portal.
immediate_messages: 10
# Settings for incremental backfill of history.
incremental:
# Maximum number of messages to backfill per batch.
messages_per_batch: 100
# The number of seconds to wait after backfilling the batch of messages.
post_batch_delay: 20
# The maximum number of messages to backfill per portal, split by the chat type.
# If set to -1, all messages in the chat will eventually be backfilled.
max_messages:
# Channels
channel: -1
# Group direct messages
group_dm: -1
# 1:1 direct messages
dm: -1
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: true
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: true
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: true
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Slack account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"*": relay
"{{ matrix.baseurl }}": user
"@tobi:{{ matrix.baseurl }}": admin
{% raw %}
logging:
directory: ./logs
file_name_format: '{{.Date}}-{{.Index}}.log'
file_date_format: "2006-01-02"
file_mode: 384
timestamp_format: Jan _2, 2006 15:04:05
print_level: debug
print_json: false
file_json: false
{% endraw %}

26
ansible/plays/services/matrix/mautrix-slack/registration.yaml
View File

@ -1,26 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
63643764313434366534636536373233613163353932353332353034386638623463323265356366
3033666637643563393537636263366338643736303663620a376138656235653238386131623864
33356331386265613436626337356436373439376434633135626339373931346166313834323938
3833636339306137360a383230386236333632613037363139356230663563333266353030616133
39343037343234386465646433613465646363343237346432373934623431336163303233323263
65356133373264323664663238306266336332353632643533373038653938623939353931613964
33383638653061313961363033343435316130666337393034356664653933626466623734643239
63663864316464343631313533653931376561303830366665333635613666346139623937373663
65393234326533623364626666353763396437386330386563333432306566316161626561363836
62613630623864323163616639396233393031373734373332383064626562623563363266383065
61613738323034313431333333656530346566333165363430333962373930363736396265636663
65646632356265633665633930343231636138366364653038336563333234326139333437643063
39653437303565343739306237653832616265323138643234313731343339353161333363366538
35373864666436306438303037363766373532633533666335303137346337633265613630653637
39356237663665333533363030653735333535653861353866363362343830366562383661666137
37623436336531363230356233656235666238663537616437353636353732643639386534616561
30656264316535636437653032343634643036363838626234303837393935393430323537643231
64363534313033396362326530663430373661613362346364356262386433663731313866363438
30653966343436656430326434646337386230333432383861333635326431346332663332313437
35636162323834616437383563353932333137653639616532363162663365393437386333613439
35343937333034303934623962653132323837643430303230383163393833316233636233643736
33666530653033613762313364653734633765326432613032386535333335633834633430356165
64396132386133326464376163326236373131316266343634306163313235616236383239366639
38373235643763616236356266663534356230643131653130323338393262616337346635633835
39386236643562653738383037376334303138623966316637386464386139613431

593
ansible/plays/services/matrix/mautrix-telegram/config.yaml
View File

@ -1,593 +0,0 @@
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://synapse.{{ matrix.baseurl }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix.baseurl }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# Number of retries for all HTTP requests if the homeserver isn't reachable.
http_retry_count: 4
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's Telegram connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a media repo that supports MSC2246.
async_media: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://mautrix-telegram:29317
# When using https:// the TLS certificate and key files for the address.
tls_cert: false
tls_key: false
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29317
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://{{ matrix.bridge.tg.dbuser }}:{{ matrix.bridge.tg.dbpass }}@db-bridge-tg/{{ matrix.bridge.tg.dbname }}
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
# Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
database_opts:
min_size: 1
max_size: 10
# Public part of web server for out-of-Matrix interaction with the bridge.
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
# the HS database.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: false
# The prefix to use in the public-facing endpoints.
prefix: /public
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://example.com/public
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: false
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The unique ID of this appservice.
id: telegram
# Username of the appservice bot.
bot_username: telegrambot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Telegram bridge bot
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix.bridge.tg.as_token }}"
hs_token: "{{ matrix.bridge.tg.hs_token }}"
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-telegram.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
# Bridge config
bridge:
# Localpart template of MXIDs for Telegram users.
# {userid} is replaced with the user ID of the Telegram user.
username_template: "telegram_{userid}"
# Localpart template of room aliases for Telegram portal rooms.
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
alias_template: "telegram_{groupname}"
# Displayname template for Telegram users.
# {displayname} is replaced with the display name of the Telegram user.
displayname_template: "{displayname} (Telegram)"
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
# ID is used.
#
# If the bridge is working properly, a phone number or an username should always be known, but
# the other one can very well be empty.
#
# Valid keys:
# "full name" (First and/or last name)
# "full name reversed" (Last and/or first name)
# "first name"
# "last name"
# "username"
# "phone number"
displayname_preference:
- full name
- username
- phone number
# Maximum length of displayname
displayname_max_length: 100
# Remove avatars from Telegram ghost users when removed on Telegram. This is disabled by default
# as there's no way to determine whether an avatar is removed or just hidden from some users. If
# you're on a single-user instance, this should be safe to enable.
allow_avatar_remove: false
# Maximum number of members to sync per portal when starting up. Other members will be
# synced when they send messages. The maximum is 10000, after which the Telegram server
# will not send any more members.
# -1 means no limit (which means it's limited to 10000 by the server)
max_initial_member_sync: 100
# Maximum number of participants in chats to bridge. Only applies when the portal is being created.
# If there are more members when trying to create a room, the room creation will be cancelled.
# -1 means no limit (which means all chats can be bridged)
max_member_count: -1
# Whether or not to sync the member list in channels.
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
# list regardless of this setting.
sync_channel_members: true
# Whether or not to skip deleted members when syncing members.
skip_deleted_members: true
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
# their Telegram account at startup.
startup_sync: true
# Number of most recently active dialogs to check when syncing chats.
# Set to 0 to remove limit.
sync_update_limit: 0
# Number of most recently active dialogs to create portals for when syncing chats.
# Set to 0 to remove limit.
sync_create_limit: 15
# Should all chats be scheduled to be created later?
# This is best used in combination with MSC2716 infinite backfill.
sync_deferred_create_all: false
# Whether or not to sync and create portals for direct chats at startup.
sync_direct_chats: true
# The maximum number of simultaneous Telegram deletions to handle.
# A large number of simultaneous redactions could put strain on your homeserver.
max_telegram_delete: 10
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
# at startup and when creating a bridge.
sync_matrix_state: true
# Allow logging in within Matrix. If false, users can only log in using login-qr or the
# out-of-Matrix login website (see appservice.public config section)
allow_matrix_login: true
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
public_portals: false
# Whether or not to use /sync to get presence, read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: false
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{ matrix.baseurl }}: https://{{ matrix.baseurl }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{ matrix.baseurl }}: {{ matrix.authenticator.shared_secret }}
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Whether or not the !tg join command should do a HTTP request
# to resolve redirects in invite links.
invite_link_resolve: false
# Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
# This is currently not supported in most clients.
caption_in_message: false
# Maximum size of image in megabytes before sending to Telegram as a document.
image_as_file_size: 10
# Maximum number of pixels in an image before sending to Telegram as a document. Defaults to 4096x4096 = 16777216.
image_as_file_pixels: 16777216
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
# streaming from/to Matrix and using many connections for Telegram.
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
# This option uses internal Telethon implementation details and may break with minor updates.
parallel_file_transfer: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: false
# Should the bridge send all unicode reactions as custom emoji reactions to Telegram?
# By default, the bridge only uses custom emojis for unicode emojis that aren't allowed in reactions.
always_custom_emoji_reaction: true
# Settings for converting animated stickers.
animated_sticker:
# Format to which animated stickers should be converted.
# disable - No conversion, send as-is (gzipped lottie)
# png - converts to non-animated png (fastest),
# gif - converts to animated gif
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
# webp - converts to animated webp, requires ffmpeg executable with webp codec/container support
target: gif
# Should video stickers be converted to the specified format as well?
convert_from_webm: false
# Arguments for converter. All converters take width and height.
args:
width: 256
height: 256
fps: 25 # only for webm, webp and gif (2, 5, 10, 20 or 25 recommended)
# Settings for converting animated emoji.
# Same as animated_sticker, but webm is not supported as the target
# (because inline images can only contain images, not videos).
animated_emoji:
target: webp
args:
width: 64
height: 64
fps: 25
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: true
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: true
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: true
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This will be implicitly enabled if encryption.default is true.
private_chat_portal_meta: false
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Telegram.
delivery_receipts: false
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# When using double puppeting, should muted chats be muted in Matrix?
mute_bridging: false
# When using double puppeting, should pinned chats be moved to a specific tag in Matrix?
# The favorites tag is `m.favourite`.
pinned_tag: "m.favorite"
# Same as above for archived chats, the low priority tag is `m.lowpriority`.
archive_tag: "m.lowpriority"
# Whether or not mute status and tags should only be bridged when the portal room is created.
tag_only_on_create: true
# Should leaving the room on Matrix make the user leave on Telegram?
bridge_matrix_leave: true
# Should the user be kicked out of all portals when logging out of the bridge?
kick_on_logout: false
# Should the "* user joined Telegram" notice always be marked as read automatically?
always_read_joined_telegram_notice: true
# Should the bridge auto-create a group chat on Telegram when a ghost is invited to a room?
# Requires the user to have sufficient power level and double puppeting enabled.
create_group_on_invite: true
# Settings for backfilling messages from Telegram.
backfill:
# Allow backfilling at all?
enable: true
# Use MSC2716 for backfilling?
#
# This requires a server with MSC2716 support, which is currently an experimental feature in Synapse.
# It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml.
msc2716: false
# Use double puppets for backfilling?
#
# If using MSC2716, the double puppets must be in the appservice's user ID namespace
# (because the bridge can't use the double puppet access token with batch sending).
#
# Even without MSC2716, bridging old messages with correct timestamps requires the double
# puppets to be in an appservice namespace, or the server to be modified to allow
# overriding timestamps anyway.
double_puppet_backfill: false
# Whether or not to enable backfilling in normal groups.
# Normal groups have numerous technical problems in Telegram, and backfilling normal groups
# will likely cause problems if there are multiple Matrix users in the group.
normal_groups: false
# If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Telegram.
# Set to -1 to let any chat be unread.
unread_hours_threshold: 720
# Forward backfilling limits. These apply to both MSC2716 and legacy backfill.
#
# Using a negative initial limit is not recommended, as it would try to backfill everything in a single batch.
# MSC2716 and the incremental settings are meant for backfilling everything incrementally rather than at once.
forward:
# Number of messages to backfill immediately after creating a portal.
initial_limit: 10
# Number of messages to backfill when syncing chats.
sync_limit: 100
# Settings for incremental backfill of history. These only apply when using MSC2716.
incremental:
# Maximum number of messages to backfill per batch.
messages_per_batch: 100
# The number of seconds to wait after backfilling the batch of messages.
post_batch_delay: 20
# The maximum number of batches to backfill per portal, split by the chat type.
# If set to -1, all messages in the chat will eventually be backfilled.
max_batches:
# Direct chats
user: -1
# Normal groups. Note that the normal_groups option above must be enabled
# for these to be backfilled.
normal_group: -1
# Supergroups
supergroup: 10
# Broadcast channels
channel: -1
# Overrides for base power levels.
initial_power_level_overrides:
user: {}
group: {}
# Whether to bridge Telegram bot messages as m.notices or m.texts.
bot_messages_as_notices: true
bridge_notices:
# Whether or not Matrix bot messages (type m.notice) should be bridged.
default: false
# List of user IDs for whom the previous flag is flipped.
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
# notices from users listed here will be bridged.
exceptions: []
# An array of possible values for the $distinguisher variable in message formats.
# Each user gets one of the values here, based on a hash of their user ID.
# If the array is empty, the $distinguisher variable will also be empty.
relay_user_distinguishers: ["\U0001F7E6", "\U0001F7E3", "\U0001F7E9", "⭕️", "\U0001F536", "⬛️", "\U0001F535", "\U0001F7E2"]
# The formats to use when sending messages to Telegram via the relay bot.
# Text msgtypes (m.text, m.notice and m.emote) support HTML, media msgtypes don't.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $distinguisher - A random string from the options in the relay_user_distinguishers array.
# $message - The message content
message_formats:
m.text: "$distinguisher <b>$sender_displayname</b>: $message"
m.notice: "$distinguisher <b>$sender_displayname</b>: $message"
m.emote: "* $distinguisher <b>$sender_displayname</b> $message"
m.file: "$distinguisher <b>$sender_displayname</b> sent a file: $message"
m.image: "$distinguisher <b>$sender_displayname</b> sent an image: $message"
m.audio: "$distinguisher <b>$sender_displayname</b> sent an audio file: $message"
m.video: "$distinguisher <b>$sender_displayname</b> sent a video: $message"
m.location: "$distinguisher <b>$sender_displayname</b> sent a location: $message"
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
# Telegram user info is available in the following variables:
# $displayname - Telegram displayname
# $username - Telegram username (may not exist)
# $mention - Telegram @username or displayname mention (depending on which exists)
emote_format: "* $mention $formatted_body"
# The formats to use when sending state events to Telegram via the relay bot.
#
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
# In name_change events, `$prev_displayname` is the previous displayname.
#
# Set format to an empty string to disable the messages for that event.
state_event_formats:
join: "$distinguisher <b>$displayname</b> joined the room."
leave: "$distinguisher <b>$displayname</b> left the room."
name_change: "$distinguisher <b>$prev_displayname</b> changed their name to $distinguisher <b>$displayname</b>"
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
# `filter-mode` management commands.
#
# Filters do not affect direct chats.
# An empty blacklist will essentially disable the filter.
filter:
# Filter mode to use. Either "blacklist" or "whitelist".
# If the mode is "blacklist", the listed chats will never be bridged.
# If the mode is "whitelist", only the listed chats can be bridged.
mode: blacklist
# The list of group/channel IDs to filter.
list: []
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!tg"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Telegram bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# Send each message separately (for readability in some clients)
management_room_multiple_messages: false
# Permissions for using the bridge.
# Permitted values:
# relaybot - Only use the bridge via the relaybot, no access to commands.
# user - Relaybot level + access to commands to create bridges.
# puppeting - User level + logging in with a Telegram account.
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
# admin - Full access to use the bridge and some extra administration commands.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"*": "relaybot"
"{{ matrix.baseurl }}": "full"
"@tobi:{{ matrix.baseurl }}": "admin"
# Options related to the message relay Telegram bot.
relaybot:
private_chat:
# List of users to invite to the portal when someone starts a private chat with the bot.
# If empty, private chats with the bot won't create a portal.
invite: []
# Whether or not to bridge state change messages in relaybot private chats.
state_changes: true
# When private_chat_invite is empty, this message is sent to users /starting the
# relaybot. Telegram's "markdown" is supported.
message: This is a Matrix bridge relaybot and does not support direct chats
# List of users to invite to all group chat portals created by the bridge.
group_chat_invite: []
# Whether or not the relaybot should not bridge events in unbridged group chats.
# If false, portals will be created when the relaybot receives messages, just like normal
# users. This behavior is usually not desirable, as it interferes with manually bridging
# the chat to another room.
ignore_unbridged_group_chat: true
# Whether or not to allow creating portals from Telegram.
authless_portals: true
# Whether or not to allow Telegram group admins to use the bot commands.
whitelist_group_admins: true
# Whether or not to ignore incoming events sent by the relay bot.
ignore_own_incoming_events: true
# List of usernames/user IDs who are also allowed to use the bot commands.
whitelist:
- myusername
- 12345678
# Telegram config
telegram:
# Get your own API keys at https://my.telegram.org/apps
api_id: {{ matrix.bridge.tg.api_id }}
api_hash: {{ matrix.bridge.tg.api_hash }}
# (Optional) Create your own bot at https://t.me/BotFather
bot_token: disabled
# Should the bridge request missed updates from Telegram when restarting?
catch_up: true
# Should incoming updates be handled sequentially to make sure order is preserved on Matrix?
sequential_updates: true
exit_on_update_error: false
# Telethon connection options.
connection:
# The timeout in seconds to be used when connecting.
timeout: 120
# How many times the reconnection should retry, either on the initial connection or when
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
# this is not recommended, since the program can get stuck in an infinite loop.
retries: 5
# The delay in seconds to sleep between automatic reconnections.
retry_delay: 1
# The threshold below which the library should automatically sleep on flood wait errors
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
# the error instead. Values larger than a day (86400) will be changed to a day.
flood_sleep_threshold: 60
# How many times a request should be retried. Request are retried when Telegram is having
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
# there's a migrate error. May take a negative or null value for infinite retries, but this
# is not recommended, since some requests can always trigger a call fail (such as searching
# for messages).
request_retries: 5
# Device info sent to Telegram.
device_info:
# "auto" = OS name+version.
device_model: mautrix-telegram
# "auto" = Telethon version.
system_version: auto
# "auto" = mautrix-telegram version.
app_version: auto
lang_code: en
system_lang_code: en
# Custom server to connect to.
server:
# Set to true to use these server settings. If false, will automatically
# use production server assigned by Telegram. Set to false in production.
enabled: false
# The DC ID to connect to.
dc: 2
# The IP to connect to.
ip: 149.154.167.40
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
port: 80
# Telethon proxy configuration.
# You must install PySocks from pip for proxies to work.
proxy:
# Allowed types: disabled, socks4, socks5, http, mtproxy
type: disabled
# Proxy IP address and port.
address: 127.0.0.1
port: 1080
# Whether or not to perform DNS resolving remotely. Only for socks/http proxies.
rdns: true
# Proxy authentication (optional). Put MTProxy secret in password field.
username: ""
password: ""
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_telegram.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
telethon:
level: INFO
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

31
ansible/plays/services/matrix/mautrix-telegram/registration.yaml
View File

@ -1,31 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
31303639303562306630323132376333316332636534613834326662396237396634313233646364
6335353833616135373439633136356339333737363437660a316634366334376339656466646437
39323131363163393931356331306434613035626239356631303032646664303838386635613930
6232663031663765370a653936623761313937383233313739313166353335346465363265613762
35643335646637343534373966626632336363646231353732643831346563356464386133393166
32613134656431656561316335656463653462656166373433386633666338633132663032633461
66376265633233323662313930323737316166613262383434626264353462386236636139383835
33613830316361373434623435376162653930616631323764653539306235363530326165353037
32303432356630376363613839313831363537363735613833306163616130336631386337366234
33373633306161653163333635366637313266346634656633376237346566663461353962376239
34386237373565313362383532363931333337366336316363663734343333386663653466396139
36633735356561346531376337346635383666376635346361333162376339333839306632666562
63363761623136643031653030666437306361396232383738366533396561373932323563363566
38306333393662333634613139643930626664666139363039333735363538396339373634356365
66633637316432323762353964313237396338613834336532636164333564363839353061336636
63316163626334353231386463313535313866336431613234353533636533343662653933393132
37353065333431366662363530333863646131313737336538396332396238656239366531366337
63633563636531616664313930626266323266613466656636636361653731623666636333666164
39356535363939653232326633383837666262643834326137646363393935613132366663396364
30666266366163316563613665356535633766626335343762333765643837373034646633336432
64373366313962333563336535346436346536386633343366336535363236306338343832373763
36663663353533383939323234333535316162303033313833616533373237613335303662393032
66316163343938383330663133613333346535393264636264366533343938653730316163366363
66373866316264656361613935383334323133636164366630333264343931663461333138656131
31353631393336323166663765613461356437306234653263393030316564363431353566316531
35336665633133386134656361323063303531336263643764353666636364343537363136666632
66333033373766336230393131343434666536653061353032663264636565636361336138653931
34303233613637633165303431626361623132363530666238386336383463656136383965343563
63616131376239356163353464333864363164363666646435353038323565386536326639366565
3134646366666134646665366533396466366233343666613761

126
ansible/plays/services/matrix/synapse-config/homeserver.yaml
View File

@ -1,126 +0,0 @@
# Configuration file for Synapse.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
#
# For more information on how to configure Synapse, including a complete accounting of
# each option, go to docs/usage/configuration/config_documentation.md or
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
server_name: "{{ matrix.baseurl }}"
pid_file: /data/homeserver.pid
enable_metrics: true
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
- port: 9091
tls: false
type: metrics
database:
name: psycopg2
args:
user: {{ matrix.db.user }}
password: {{ matrix.db.password }}
database: {{ matrix.db.database }}
host: db
cp_min: 5
cp_max: 10
log_config: "/config/tobiasmanske.de.log.config"
media_store_path: /data/media_store
report_stats: true
macaroon_secret_key: "{{ matrix.secrets.macaroon }}"
form_secret: "{{ matrix.secrets.form }}"
signing_key_path: "/config/tobiasmanske.de.signing.key"
trusted_key_servers:
- server_name: "matrix.org"
oidc_providers:
- idp_id: keycloak
idp_name: "KeyCloak"
issuer: "{{ matrix.oidc.issuer }}"
client_id: "{{ matrix.oidc.client_id }}"
client_secret: "{{ matrix.oidc.client_secret }}"
scopes: ["openid", "profile"]
user_mapping_provider:
config:
{% raw %}
localpart_template: "{{ user.mx_localpart }}"
display_name_template: "{{ user.name }}"
{% endraw %}
backchannel_logout_enabled: true # Optional
enable_registration: true
registration_requires_token: true
registration_shared_secret: "{{ matrix.secrets.registration }}"
password_config:
enabled: true
redis:
enabled: true
host: redis
port: 6379
app_service_config_files:
- /data/reg-mautrix-tg.yaml
- /data/reg-mautrix-slack.yaml
- /data/reg-mautrix-signal.yaml
rc_message:
per_second: 100
burst_count: 100
rc_joins:
local:
per_second: 100
burst_count: 100
rc_login:
address:
per_second: 1000
burst_count: 1000
server_notices:
system_mxid_localpart: "server"
system_mxid_display_name: "Server Notices"
system_mxid_avatar_url: "mxc://unruhig.eu/khyOCChmyYSOsIFIbUWGGEWq"
room_name: "Server Notices"
modules:
- module: shared_secret_authenticator.SharedSecretAuthProvider
config:
shared_secret: "{{ matrix.authenticator.shared_secret }}"
# By default, only login requests of type `com.devture.shared_secret_auth` are supported.
# Below, we explicitly enable support for the old `m.login.password` login type,
# which was used in v1 of matrix-synapse-shared-secret-auth and still widely supported by external software.
# If you don't need such legacy support, consider setting this to `false` or omitting it entirely.
m_login_password_support_enabled: true
# By default, only login requests of type `com.devture.shared_secret_auth` are supported.
# Advertising support for such an authentication type causes a problem with Element, however.
# See: https://github.com/vector-im/element-web/issues/19605
#
# Uncomment the line below to disable `com.devture.shared_secret_auth` support.
# You will then need to:
# - have `m_login_password_support_enabled: true` to enable the `m.login.password` login type
# - authenticate using `m.login.password` requests, instead of ``com.devture.shared_secret_auth` requests
# com_devture_shared_secret_auth_support_enabled: false
media_storage_providers:
- module: s3_storage_provider.S3StorageProviderBackend
store_local: True
store_remote: True
store_synchronous: True
config:
bucket: "{{ matrix.storage.s3.bucket }}"
# All of the below options are optional, for use with non-AWS S3-like
# services, or to specify access tokens here instead of some external method.
endpoint_url: "{{ matrix.storage.s3.endpoint_url }}"
access_key_id: "{{ matrix.storage.s3.access_key_id }}"
secret_access_key: "{{ matrix.storage.s3.secret_access_key }}"
# vim:ft=yaml

32
ansible/plays/services/matrix/synapse-config/tobiasmanske.de.log.config
View File

@ -1,32 +0,0 @@
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
root:
level: WARNING
handlers: [console]
disable_existing_loggers: false

8
ansible/plays/services/matrix/synapse-config/tobiasmanske.de.signing.key
View File

@ -1,8 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
64326434386632376335333966336365333663393130323464333266383639383264616662623333
6437306539633766376336663263393038306162333234340a383237386331636366616266316265
39626638623562623835633035643231656263653437346266333264643830323062353930356462
3936633165633434320a656463656536383539346138383630343137383861613538323735393131
61383237626533316433633866396434663230633239396661333831653531363732646561656164
35353264613364613832653536333632356132666434616134316339383934616264323261366366
633838383264646531663039343639383036

1
ansible/plays/services/maubot/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=maubot

11
ansible/plays/services/maubot/docker-compose.yaml
View File

@ -1,11 +0,0 @@
services:
maubot:
image: dock.mau.dev/maubot/maubot:latest
restart: unless-stopped
ports:
- "{{ maubot.port }}:29316"
volumes:
- data:/data:z
volumes:
data:

1
ansible/plays/services/metric-export/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=metrics

120
ansible/plays/services/metric-export/docker-compose.yaml
View File

@ -1,120 +0,0 @@
version: "3.4"
services:
prometheus:
image: prom/prometheus:latest
restart: unless-stopped
command:
- '--config.file=/etc/prometheus/prometheus.yml'
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml:ro,Z
- prom_data:/prometheus
- label_discovery:/label_discovery:ro
labels:
- "traefik.enable=false"
depends_on:
- prometheus-docker-sd
- cadvisor
- node-exporter
extra_hosts:
- host.docker.internal:host-gateway
networks:
- default # send
- backend
- metrics
prometheus-docker-sd:
image: registry.tobiasmanske.de/prometheus-docker-sd:latest
restart: unless-stopped
privileged: true
networks:
- backend
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro,Z
- label_discovery:/prometheus-docker-sd:rw
logging: # this service generates a HUGE amout of logs.
driver: "none"
node-exporter:
image: quay.io/prometheus/node-exporter:latest
container_name: "{{ inventory_hostname | replace('.', '-') }}-node-exporter"
privileged: true
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=9100"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
- /:/host:ro,rslave
- /run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro
command:
- '--path.rootfs=/host'
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- '--collector.filesystem.ignored-mount-points'
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
- '--collector.systemd'
networks:
- backend
restart: unless-stopped
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
container_name: "{{ inventory_hostname | replace('.', '-') }}-cadvisor"
privileged: true
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
command:
- "-docker_only=true"
- "-housekeeping_interval=10s"
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
networks:
- backend
restart: unless-stopped
smokeping_prober:
image: quay.io/superq/smokeping-prober@sha256:25d07dfc1d7e47d7bf8305c7c813a030fc6b03959da596ab93f40ae4d49b63a1 # latest @ 2024-01-10
restart: unless-stopped
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=9374"
command:
- "-i" # interval
- "5s"
- "google.com"
- "ipv6.google.com"
- "discord.com"
- "wikipedia.com"
promtail:
image: grafana/promtail:latest
security_opt:
- label:disable
restart: unless-stopped
volumes:
- ./promtail.yml:/etc/promtail/config.yml:ro
- /var/log:/var/log:ro
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- /var/run/docker.sock:/var/run/docker.sock
command: -config.file=/etc/promtail/config.yml
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
networks:
- default # send
- backend
- metrics
volumes:
prom_data:
label_discovery:
networks:
backend:
internal: true
metrics:
external: true

33
ansible/plays/services/metric-export/prometheus.yml
View File

@ -1,33 +0,0 @@
global:
scrape_interval: 15s
scrape_timeout: 10s
evaluation_interval: 15s
scrape_configs:
- job_name: prometheus
honor_timestamps: true
scrape_interval: 15s
scrape_timeout: 10s
metrics_path: /metrics
scheme: http
static_configs:
- targets:
- localhost:9090
- job_name: 'service_discovery'
metric_relabel_configs:
- source_labels:
- "container_name"
target_label: "instance"
action: replace
file_sd_configs:
- files:
- /label_discovery/docker-targets.json
{% if metrics.additional_scrape_rules is defined %}
{{ metrics.additional_scrape_rules | to_nice_yaml}}
{% endif %}
remote_write:
- url: https://{{ common.mimir.host | mandatory }}/api/v1/push
headers:
X-Scope-OrgID: "{{ inventory_hostname | replace('.', '-') }}"
basic_auth:
username: "{{ common.mimir.username | mandatory }}"
password: "{{ common.mimir.password | mandatory }}"

28
ansible/plays/services/metric-export/promtail.yml
View File

@ -1,28 +0,0 @@
positions:
filename: /positions.yaml
server:
http_listen_port: 8080
clients:
- url: https://{{ common.loki.host | mandatory }}/loki/api/v1/push
tenant_id: "{{ inventory_hostname | replace('.', '-') }}"
basic_auth:
username: "{{ common.loki.username | mandatory }}"
password: "{{ common.loki.password | mandatory }}"
scrape_configs:
- job_name: flog_scrape
docker_sd_configs:
- host: unix:///var/run/docker.sock
refresh_interval: 5s
# filters:
# - name: label
# values: ["logging=promtail"]
relabel_configs:
- source_labels: ['__meta_docker_container_name']
regex: '/(.*)'
target_label: 'container'
- source_labels: ['__meta_docker_container_log_stream']
target_label: 'logstream'
- source_labels: ['__meta_docker_container_label_logging_jobname']
target_label: 'job'

1
ansible/plays/services/mimir/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=mimir

50
ansible/plays/services/mimir/alertmanager.yml
View File

@ -1,50 +0,0 @@
global:
resolve_timeout: 5m
route:
group_by: ['alertname']
group_wait: 5s
group_interval: 5m
repeat_interval: 1h
receiver: 'matrix-monitoring'
routes:
- receiver: 'hcio'
repeat_interval: 1h
matchers:
- alertname="PrometheusAlertmanagerE2eDeadManSwitch"
- receiver: 'email'
group_interval: 1m
matchers:
- job="matrix_synapse_1"
- receiver: 'matrix-monitoring'
group_wait: 30s
group_interval: 1h
matchers:
- alertname="PrometheusAllTargetsMissing"
- receiver: 'matrix-monitoring'
group_wait: 30s
group_interval: 1h
matchers:
- alertname="PrometheusTargetMissing"
receivers:
- name: 'email'
email_configs:
- to: '{{ mimir.alertmanager.smtp.target }}'
from: '"Alertmanager" <{{ mimir.alertmanager.smtp.username }}>'
smarthost: 'mxe8cf.netcup.net:587'
auth_username: '{{ mimir.alertmanager.smtp.username }}'
auth_identity: '{{ mimir.alertmanager.smtp.username }}'
auth_password: '{{ mimir.alertmanager.smtp.password }}'
- name: 'hcio'
email_configs:
- to: '{{ mimir.alertmanager.hcio.mail }}'
from: '"Alertmanager" <{{ mimir.alertmanager.smtp.username }}>'
smarthost: 'mxe8cf.netcup.net:587'
auth_username: '{{ mimir.alertmanager.smtp.username }}'
auth_identity: '{{ mimir.alertmanager.smtp.username }}'
auth_password: '{{ mimir.alertmanager.smtp.password }}'
- name: 'matrix-monitoring'
webhook_configs:
- url: 'http://alertmanager-matrix:3000/alerts?secret={{ mimir.alertmanager.matrix.alertmanager_token }}'

87
ansible/plays/services/mimir/docker-compose.yaml
View File

@ -1,87 +0,0 @@
services:
mimir:
image: grafana/mimir:latest
restart: unless-stopped
volumes:
- data:/mimir
- ./mimir.yml:/etc/mimir-config/mimir.yaml:ro,Z
{% for tenant in groups['prometheus']|map('extract', hostvars, 'inventory_hostname') %}
- ./rules:/data/rules/{{ tenant|replace('.', '-') }}:ro,Z
{% endfor %}
entrypoint:
- /bin/mimir
- -config.file=/etc/mimir-config/mimir.yaml
- -validation.max-label-names-per-series=60
- -tenant-federation.enabled=true
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.mimir.rule=Host(`mimir.tobiasmanske.de`)"
- "traefik.http.middlewares.mimir-auth.basicauth.users={{ common.mimir.username }}:{{ common.mimir.password_hash | mandatory }}"
- "traefik.http.routers.mimir.entryPoints=websecure"
- "traefik.http.services.mimir.loadbalancer.server.port=8080"
- "traefik.http.routers.mimir.middlewares=mimir-auth"
networks:
- backend
- metrics
- default
alertmanager:
image: prom/alertmanager:latest
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.alertmanager.rule=Host(`alertmanager.tobiasmanske.de`)"
- "traefik.http.routers.alertmanager.entryPoints=websecure"
- "traefik.http.services.alertmanager.loadbalancer.server.port=9093"
- "traefik.http.routers.alertmanager.middlewares=oauth@file"
volumes:
- ./alertmanager.yml:/etc/alertmanager/config.yml:ro,Z
- alertmanager_data:/data
networks:
- alertmanager
- backend
- metrics
- default
restart: unless-stopped
command:
- '--config.file=/etc/alertmanager/config.yml'
- '--web.external-url=https://alertmanager.tobiasmanske.de'
- '--storage.path=/data'
alertmanager-matrix:
image: jaywink/matrix-alertmanager:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.alertmanager-matrix.rule=Host(`alertmanager.tobiasmanske.de`) && PathPrefix(`/matrix/`)"
- "traefik.http.routers.alertmanager-matrix.middlewares=matrix-strip"
- "traefik.http.middlewares.matrix-strip.stripprefix.prefixes=/matrix"
- "traefik.http.middlewares.matrix-strip.stripprefix.forceslash=false"
- "traefik.http.routers.alertmanager-matrix.entryPoints=websecure"
- "traefik.http.services.alertmanager-matrix.loadbalancer.server.port=3000"
environment:
- APP_PORT=3000
- APP_ALERTMANAGER_SECRET={{ mimir.alertmanager.matrix.alertmanager_token | mandatory }}
- MATRIX_HOMESERVER_URL=http://pantalaimon:8008
- MATRIX_ROOMS={{ mimir.alertmanager.matrix.rooms | join('|') }}
- MATRIX_TOKEN={{ mimir.alertmanager.matrix.matrix_token }}
- MATRIX_USER=@alertmanager:{{ matrix.baseurl }}
- MENTION_ROOM=1
networks:
- alertmanager
- pantalaimon
volumes:
data:
alertmanager_data:
networks:
pantalaimon:
external: true
backend:
internal: true
metrics:
external: true
alertmanager:

54
ansible/plays/services/mimir/mimir.yml
View File

@ -1,54 +0,0 @@
# Do not use this configuration in production.
# It is for demonstration purposes only.
# Run Mimir in single process mode, with all components running in 1 process.
target: all
# ,alertmanager,overrides-exporter
# Configure Mimir to use Minio as object storage backend.
common:
storage:
backend: s3
s3:
endpoint: s3.tobiasmanske.de
access_key_id: "{{ mimir.s3.access_key }}"
secret_access_key: "{{ mimir.s3.secret_key }}"
bucket_name: mimir
# Blocks storage requires a prefix when using a common object storage bucket.
blocks_storage:
s3:
bucket_name: mimir-blocks
tsdb:
dir: /mimir/tsdb
flush_blocks_on_shutdown: true
ingester:
ring:
replication_factor: 1
store_gateway:
sharding_ring:
replication_factor: 1
ruler:
rule_path: /tmp/ruler
alertmanager_url: http://alertmanager:9093/
tenant_federation:
enabled: true
ring:
# Quickly detect unhealthy rulers to speed up the tutorial.
heartbeat_period: 2s
heartbeat_timeout: 10s
ruler_storage:
backend: local
local:
directory: /data/rules
#
# alertmanager:
# data_dir: /data/alertmanager
# fallback_config_file: /etc/alertmanager-fallback-config.yaml
# external_url: http://localhost:9009/alertmanager
server:
log_level: warn

54
ansible/plays/services/mimir/rules/cadvisor.yaml
View File

@ -1,54 +0,0 @@
# {% raw %}
groups:
- name: GoogleCadvisor
rules:
# - alert: ContainerKilled
# expr: 'time() - container_last_seen > 60'
# for: 0m
# labels:
# severity: warning
# annotations:
# summary: Container killed (instance {{ $labels.instance }})
# description: "A container has disappeared\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: ContainerAbsent
# expr: 'absent(container_last_seen)'
# for: 5m
# labels:
# severity: warning
# annotations:
# summary: Container absent (instance {{ $labels.instance }})
# description: "A container is absent for 5 min\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: ContainerCpuUsage
expr: '(sum(rate(container_cpu_usage_seconds_total{name!=""}[3m])) BY (instance, name) * 100) > 80'
for: 2m
labels:
severity: warning
annotations:
summary: Container CPU usage (instance {{ $labels.instance }})
description: "Container CPU usage is above 80%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: ContainerMemoryUsage
expr: '(sum(container_memory_working_set_bytes{name!=""}) BY (instance, name) / sum(container_spec_memory_limit_bytes > 0) BY (instance, name) * 100) > 80'
for: 2m
labels:
severity: warning
annotations:
summary: Container Memory usage (instance {{ $labels.instance }})
description: "Container Memory usage is above 80%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: ContainerVolumeUsage
# expr: '(1 - (sum(container_fs_inodes_free{name!=""}) BY (instance) / sum(container_fs_inodes_total) BY (instance))) * 100 > 80'
# for: 2m
# labels:
# severity: warning
# annotations:
# summary: Container Volume usage (instance {{ $labels.instance }})
# description: "Container Volume usage is above 80%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: ContainerHighThrottleRate
expr: 'rate(container_cpu_cfs_throttled_seconds_total[3m]) > 1'
for: 2m
labels:
severity: warning
annotations:
summary: Container high throttle rate (instance {{ $labels.instance }})
description: "Container is being throttled\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# {% endraw %}

303
ansible/plays/services/mimir/rules/node.yaml
View File

@ -1,303 +0,0 @@
# {% raw %}
groups:
- name: NodeExporter
rules:
- alert: HostOutOfMemory
expr: 'node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes * 100 < 10'
for: 2m
labels:
severity: warning
annotations:
summary: Host out of memory (instance {{ $labels.instance }})
description: "Node memory is filling up (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostMemoryUnderMemoryPressure
expr: 'rate(node_vmstat_pgmajfault[1m]) > 1000 unless on() hour()>=0 <=3'
for: 2m
labels:
severity: warning
annotations:
summary: Host memory under memory pressure (instance {{ $labels.instance }})
description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostMemoryIsUnderUtilized
# expr: '100 - (rate(node_memory_MemAvailable_bytes[30m]) / node_memory_MemTotal_bytes * 100) < 20'
# for: 1w
# labels:
# severity: info
# annotations:
# summary: Host Memory is under utilized (instance {{ $labels.instance }})
# description: "Node memory is < 20% for 1 week. Consider reducing memory space.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualNetworkThroughputIn
expr: 'sum by (instance) (rate(node_network_receive_bytes_total[2m])) / 1024 / 1024 > 100'
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual network throughput in (instance {{ $labels.instance }})
description: "Host network interfaces are probably receiving too much data (> 100 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualNetworkThroughputOut
expr: 'sum by (instance) (rate(node_network_transmit_bytes_total[2m])) / 1024 / 1024 > 100'
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual network throughput out (instance {{ $labels.instance }})
description: "Host network interfaces are probably sending too much data (> 100 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskReadRate
expr: 'sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50'
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual disk read rate (instance {{ $labels.instance }})
description: "Disk is probably reading too much data (> 50 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskWriteRate
expr: 'sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50'
for: 2m
labels:
severity: warning
annotations:
summary: Host unusual disk write rate (instance {{ $labels.instance }})
description: "Disk is probably writing too much data (> 50 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostOutOfDiskSpace
expr: '(node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host out of disk space (instance {{ $labels.instance }})
description: "Disk is almost full (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostDiskWillFillIn24Hours
expr: '(node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) predict_linear(node_filesystem_avail_bytes{fstype!~"tmpfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host disk will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of space within the next 24 hours at current write rate\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostOutOfInodes
expr: 'node_filesystem_files_free / node_filesystem_files * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host out of inodes (instance {{ $labels.instance }})
description: "Disk is almost running out of available inodes (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostInodesWillFillIn24Hours
expr: 'node_filesystem_files_free / node_filesystem_files * 100 < 10 and predict_linear(node_filesystem_files_free[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host inodes will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of inodes within the next 24 hours at current write rate\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskReadLatency
expr: 'rate(node_disk_read_time_seconds_total[1m]) / rate(node_disk_reads_completed_total[1m]) > 0.1 and rate(node_disk_reads_completed_total[1m]) > 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host unusual disk read latency (instance {{ $labels.instance }})
description: "Disk latency is growing (read operations > 100ms)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskWriteLatency
expr: 'rate(node_disk_write_time_seconds_total[1m]) / rate(node_disk_writes_completed_total[1m]) > 0.1 and rate(node_disk_writes_completed_total[1m]) > 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host unusual disk write latency (instance {{ $labels.instance }})
description: "Disk latency is growing (write operations > 100ms)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostHighCpuLoad
expr: '(100 - (avg by(instance) (rate(node_cpu_seconds_total{mode="idle"}[2m])) * 100)) > 80 unless on() hour()>=0 <=3'
for: 2m
labels:
severity: warning
annotations:
summary: Host high CPU load (instance {{ $labels.instance }})
description: "CPU load is > 80%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostCpuIsUnderUtilized
# expr: '100 - (rate(node_cpu_seconds_total{mode="idle"}[30m]) * 100) < 20'
# for: 1w
# labels:
# severity: info
# annotations:
# summary: Host CPU is under utilized (instance {{ $labels.instance }})
# description: "CPU load is < 20% for 1 week. Consider reducing the number of CPUs.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostCpuStealNoisyNeighbor
expr: 'avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10'
for: 0m
labels:
severity: warning
annotations:
summary: Host CPU steal noisy neighbor (instance {{ $labels.instance }})
description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostCpuHighIowait
# expr: 'avg by (instance) (rate(node_cpu_seconds_total{mode="iowait"}[5m])) * 100 > 15'
# for: 0m
# labels:
# severity: warning
# annotations:
# summary: Host CPU high iowait (instance {{ $labels.instance }})
# description: "CPU iowait > 15%. A high iowait means that you are disk or network bound.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostUnusualDiskIo
# expr: 'rate(node_disk_io_time_seconds_total[1m]) > 0.5'
# for: 5m
# labels:
# severity: warning
# annotations:
# summary: Host unusual disk IO (instance {{ $labels.instance }})
# description: "Time spent in IO is too high on {{ $labels.instance }}. Check storage for issues.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostContextSwitching
# expr: '(rate(node_context_switches_total[5m])) / (count without(cpu, mode) (node_cpu_seconds_total{mode="idle"})) > 1000'
# for: 0m
# labels:
# severity: warning
# annotations:
# summary: Host context switching (instance {{ $labels.instance }})
# description: "Context switching is growing on node (> 1000 / s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostSwapIsFillingUp
expr: '(1 - (node_memory_SwapFree_bytes / node_memory_SwapTotal_bytes)) * 100 > 80'
for: 2m
labels:
severity: warning
annotations:
summary: Host swap is filling up (instance {{ $labels.instance }})
description: "Swap is filling up (>80%)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostSystemdServiceCrashed
expr: 'node_systemd_unit_state{state="failed"} == 1'
for: 0m
labels:
severity: warning
annotations:
summary: Host systemd service crashed (instance {{ $labels.instance }})
description: "systemd service crashed\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostPhysicalComponentTooHot
expr: 'node_hwmon_temp_celsius * ignoring(label) group_left(instance, job, node, sensor) node_hwmon_sensor_label{label!="tctl"} > 75'
for: 5m
labels:
severity: warning
annotations:
summary: Host physical component too hot (instance {{ $labels.instance }})
description: "Physical hardware component too hot\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNodeOvertemperatureAlarm
expr: 'node_hwmon_temp_crit_alarm_celsius == 1'
for: 0m
labels:
severity: critical
annotations:
summary: Host node overtemperature alarm (instance {{ $labels.instance }})
description: "Physical node temperature alarm triggered\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostRaidArrayGotInactive
expr: 'node_md_state{state="inactive"} > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Host RAID array got inactive (instance {{ $labels.instance }})
description: "RAID array {{ $labels.device }} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostRaidDiskFailure
expr: 'node_md_disks{state="failed"} > 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host RAID disk failure (instance {{ $labels.instance }})
description: "At least one device in RAID array on {{ $labels.instance }} failed. Array {{ $labels.md_device }} needs attention and possibly a disk swap\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostKernelVersionDeviations
expr: 'count(sum(label_replace(node_uname_info, "kernel", "$1", "release", "([0-9]+.[0-9]+.[0-9]+).*")) by (kernel)) > 1'
for: 6h
labels:
severity: warning
annotations:
summary: Host kernel version deviations (instance {{ $labels.instance }})
description: "Different kernel versions are running\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostOomKillDetected
expr: 'increase(node_vmstat_oom_kill[1m]) > 0'
for: 0m
labels:
severity: warning
annotations:
summary: Host OOM kill detected (instance {{ $labels.instance }})
description: "OOM kill detected\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostEdacCorrectableErrorsDetected
expr: 'increase(node_edac_correctable_errors_total[1m]) > 0'
for: 0m
labels:
severity: info
annotations:
summary: Host EDAC Correctable Errors detected (instance {{ $labels.instance }})
description: "Host {{ $labels.instance }} has had {{ printf \"%.0f\" $value }} correctable memory errors reported by EDAC in the last 5 minutes.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostEdacUncorrectableErrorsDetected
expr: 'node_edac_uncorrectable_errors_total > 0'
for: 0m
labels:
severity: warning
annotations:
summary: Host EDAC Uncorrectable Errors detected (instance {{ $labels.instance }})
description: "Host {{ $labels.instance }} has had {{ printf \"%.0f\" $value }} uncorrectable memory errors reported by EDAC in the last 5 minutes.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNetworkReceiveErrors
expr: 'rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01'
for: 2m
labels:
severity: warning
annotations:
summary: Host Network Receive Errors (instance {{ $labels.instance }})
description: "Host {{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf \"%.0f\" $value }} receive errors in the last two minutes.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNetworkTransmitErrors
expr: 'rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01'
for: 2m
labels:
severity: warning
annotations:
summary: Host Network Transmit Errors (instance {{ $labels.instance }})
description: "Host {{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf \"%.0f\" $value }} transmit errors in the last two minutes.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNetworkInterfaceSaturated
expr: '(rate(node_network_receive_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m]) + rate(node_network_transmit_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m])) / node_network_speed_bytes{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"} > 0.8 < 10000'
for: 1m
labels:
severity: warning
annotations:
summary: Host Network Interface Saturated (instance {{ $labels.instance }})
description: "The network interface \"{{ $labels.device }}\" on \"{{ $labels.instance }}\" is getting overloaded.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNetworkBondDegraded
expr: '(node_bonding_active - node_bonding_slaves) != 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host Network Bond Degraded (instance {{ $labels.instance }})
description: "Bond \"{{ $labels.device }}\" degraded on \"{{ $labels.instance }}\".\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostConntrackLimit
expr: 'node_nf_conntrack_entries / node_nf_conntrack_entries_limit > 0.8'
for: 5m
labels:
severity: warning
annotations:
summary: Host conntrack limit (instance {{ $labels.instance }})
description: "The number of conntrack is approaching limit\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostClockSkew
expr: '(node_timex_offset_seconds > 0.05 and deriv(node_timex_offset_seconds[5m]) >= 0) or (node_timex_offset_seconds < -0.05 and deriv(node_timex_offset_seconds[5m]) <= 0)'
for: 2m
labels:
severity: warning
annotations:
summary: Host clock skew (instance {{ $labels.instance }})
description: "Clock skew detected. Clock is out of sync. Ensure NTP is configured correctly on this host.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostClockNotSynchronising
expr: 'min_over_time(node_timex_sync_status[1m]) == 0 and node_timex_maxerror_seconds >= 16'
for: 2m
labels:
severity: warning
annotations:
summary: Host clock not synchronising (instance {{ $labels.instance }})
description: "Clock not synchronising. Ensure NTP is configured on this host.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostRequiresReboot
expr: 'node_reboot_required > 0'
for: 4h
labels:
severity: info
annotations:
summary: Host requires reboot (instance {{ $labels.instance }})
description: "{{ $labels.instance }} requires a reboot.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# {% endraw %}

231
ansible/plays/services/mimir/rules/prometheus.yaml
View File

@ -1,231 +0,0 @@
# {% raw %}
groups:
- name: EmbeddedExporter
rules:
- alert: PrometheusJobMissing
expr: 'absent(up{job="prometheus"})'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus job missing (instance {{ $labels.instance }})
description: "A Prometheus job has disappeared\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTargetMissing
expr: 'up == 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus target missing (instance {{ $labels.instance }})
description: "A Prometheus target has disappeared. An exporter might be crashed.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAllTargetsMissing
expr: 'sum by (job) (up) == 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus all targets missing (instance {{ $labels.instance }})
description: "A Prometheus job does not have living target anymore.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTargetMissingWithWarmupTime
expr: 'sum by (instance, job) ((up == 0) * on (instance) group_right(job) (node_time_seconds - node_boot_time_seconds > 600))'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus target missing with warmup time (instance {{ $labels.instance }})
description: "Allow a job time to start up (10 minutes) before alerting that it's down.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusConfigurationReloadFailure
expr: 'prometheus_config_last_reload_successful != 1'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus configuration reload failure (instance {{ $labels.instance }})
description: "Prometheus configuration reload error\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTooManyRestarts
expr: 'changes(process_start_time_seconds{job=~"prometheus|pushgateway|alertmanager"}[15m]) > 2'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus too many restarts (instance {{ $labels.instance }})
description: "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: PrometheusAlertmanagerJobMissing
# expr: 'absent(up{job="alertmanager"})'
# for: 0m
# labels:
# severity: warning
# annotations:
# summary: Prometheus AlertManager job missing (instance {{ $labels.instance }})
# description: "A Prometheus AlertManager job has disappeared\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAlertmanagerConfigurationReloadFailure
expr: 'alertmanager_config_last_reload_successful != 1'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus AlertManager configuration reload failure (instance {{ $labels.instance }})
description: "AlertManager configuration reload error\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAlertmanagerConfigNotSynced
expr: 'count(count_values("config_hash", alertmanager_config_hash)) > 1'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus AlertManager config not synced (instance {{ $labels.instance }})
description: "Configurations of AlertManager cluster instances are out of sync\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAlertmanagerE2eDeadManSwitch
expr: 'vector(1)'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus AlertManager E2E dead man switch (instance {{ $labels.instance }})
description: "Prometheus DeadManSwitch is an always-firing alert. It's used as an end-to-end test of Prometheus through the Alertmanager.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: PrometheusNotConnectedToAlertmanager
# expr: 'prometheus_notifications_alertmanagers_discovered < 1'
# for: 0m
# labels:
# severity: critical
# annotations:
# summary: Prometheus not connected to alertmanager (instance {{ $labels.instance }})
# description: "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusRuleEvaluationFailures
expr: 'increase(prometheus_rule_evaluation_failures_total[3m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus rule evaluation failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTemplateTextExpansionFailures
expr: 'increase(prometheus_template_text_expansion_failures_total[3m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus template text expansion failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusRuleEvaluationSlow
expr: 'prometheus_rule_group_last_duration_seconds > prometheus_rule_group_interval_seconds'
for: 5m
labels:
severity: warning
annotations:
summary: Prometheus rule evaluation slow (instance {{ $labels.instance }})
description: "Prometheus rule evaluation took more time than the scheduled interval. It indicates a slower storage backend access or too complex query.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusNotificationsBacklog
expr: 'min_over_time(prometheus_notifications_queue_length[10m]) > 0'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus notifications backlog (instance {{ $labels.instance }})
description: "The Prometheus notification queue has not been empty for 10 minutes\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAlertmanagerNotificationFailing
expr: 'rate(alertmanager_notifications_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus AlertManager notification failing (instance {{ $labels.instance }})
description: "Alertmanager is failing sending notifications\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: PrometheusTargetEmpty
# expr: 'prometheus_sd_discovered_targets == 0'
# for: 0m
# labels:
# severity: critical
# annotations:
# summary: Prometheus target empty (instance {{ $labels.instance }})
# description: "Prometheus has no target in service discovery\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTargetScrapingSlow
expr: 'prometheus_target_interval_length_seconds{quantile="0.9"} / on (interval, instance, job) prometheus_target_interval_length_seconds{quantile="0.5"} > 1.05'
for: 5m
labels:
severity: warning
annotations:
summary: Prometheus target scraping slow (instance {{ $labels.instance }})
description: "Prometheus is scraping exporters slowly since it exceeded the requested interval time. Your Prometheus server is under-provisioned.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusLargeScrape
expr: 'increase(prometheus_target_scrapes_exceeded_sample_limit_total[10m]) > 10'
for: 5m
labels:
severity: warning
annotations:
summary: Prometheus large scrape (instance {{ $labels.instance }})
description: "Prometheus has many scrapes that exceed the sample limit\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTargetScrapeDuplicate
expr: 'increase(prometheus_target_scrapes_sample_duplicate_timestamp_total[5m]) > 0'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus target scrape duplicate (instance {{ $labels.instance }})
description: "Prometheus has many samples rejected due to duplicate timestamps but different values\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbCheckpointCreationFailures
expr: 'increase(prometheus_tsdb_checkpoint_creations_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB checkpoint creation failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} checkpoint creation failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbCheckpointDeletionFailures
expr: 'increase(prometheus_tsdb_checkpoint_deletions_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB checkpoint deletion failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} checkpoint deletion failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbCompactionsFailed
expr: 'increase(prometheus_tsdb_compactions_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB compactions failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB compactions failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbHeadTruncationsFailed
expr: 'increase(prometheus_tsdb_head_truncations_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB head truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB head truncation failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbReloadFailures
expr: 'increase(prometheus_tsdb_reloads_failures_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB reload failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB reload failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbWalCorruptions
expr: 'increase(prometheus_tsdb_wal_corruptions_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB WAL corruptions (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL corruptions\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbWalTruncationsFailed
expr: 'increase(prometheus_tsdb_wal_truncations_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB WAL truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL truncation failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTimeserieCardinality
expr: 'label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 10000'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus timeserie cardinality (instance {{ $labels.instance }})
description: "The \"{{ $labels.name }}\" timeserie cardinality is getting very high: {{ $value }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# {% endraw %}

57
ansible/plays/services/miniflux/docker-compose.yaml
View File

@ -1,57 +0,0 @@
{% import 'macro/postgres.j2' as pg with context %}
---
version: '3'
services:
miniflux:
image: miniflux/miniflux:latest
restart: unless-stopped
depends_on:
db:
condition: service_healthy
environment:
- FETCH_YOUTUBE_WATCH_TIME=1
- DATABASE_URL=postgres://{{ miniflux.db.user }}:{{ miniflux.db.password }}@db/{{ miniflux.db.name }}?sslmode=disable
- RUN_MIGRATIONS=1
- CREATE_ADMIN=1
- ADMIN_USERNAME={{ miniflux.admin.user }}
- ADMIN_PASSWORD={{ miniflux.admin.password }}
- BASE_URL=https://rss.tobiasmanske.de
- CLEANUP_ARCHIVE_READ_DAYS=-1
- OAUTH2_CLIENT_ID={{ miniflux.oauth.client_id }}
- OAUTH2_CLIENT_SECRET={{ miniflux.oauth.client_secret }}
- OAUTH2_OIDC_DISCOVERY_ENDPOINT={{ miniflux.oauth.discovery_endpoint }}
- OAUTH2_PROVIDER=oidc
- OAUTH2_REDIRECT_URL={{ miniflux.oauth.redirect_url }}
- OAUTH2_USER_CREATION=1
- METRICS_COLLECTOR=1
- METRICS_ALLOWED_NETWORKS=0.0.0.0/0
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.miniflux.rule=Host(`rss.tobiasmanske.de`)"
- "traefik.http.routers.miniflux.entryPoints=websecure"
- "traefik.http.routers.miniflux.middlewares=deny-metrics@file"
- "traefik.http.services.miniflux.loadbalancer.server.port=8080"
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
networks:
- backend
- pantalaimon
- default
- metrics
{{ pg.postgres("db", miniflux.db.user, miniflux.db.password, miniflux.db.user, ["backend"], version="13") }}
volumes:
db_data:
networks:
backend:
internal: true
pantalaimon:
external: true
metrics:
external: true
postgres:
internal: true
...

3
ansible/plays/services/minio/.env
View File

@ -1,3 +0,0 @@
COMPOSE_PROJECT_NAME=minio
MINIO_URL=s3.tobiasmanske.de
DASHBOARD_URL=minio.tobiasmanske.de

41
ansible/plays/services/minio/docker-compose.yaml
View File

@ -1,41 +0,0 @@
---
version: "3.9"
services:
minio:
image: minio/minio:latest
restart: always
ulimits:
nofile:
soft: 4096
hard: 16000
environment:
- "MINIO_ROOT_USER={{ minio.user | mandatory }}"
- "MINIO_ROOT_PASSWORD={{ minio.password | mandatory }}"
- "MINIO_SERVER_URL=https://${MINIO_URL}"
- "MINIO_BROWSER_REDIRECT_URL=https://${DASHBOARD_URL}"
- "MINIO_KMS_SECRET_KEY=kms-key:{{ lookup('env', 'MINIO_KMS_SECRET_KEY') }}"
volumes:
- data:/data
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.minio.rule=Host(`${MINIO_URL}`)||Host(`s3.unruhig.eu`)"
- "traefik.http.routers.minio.entryPoints=websecure"
- "traefik.http.services.minio.loadbalancer.server.port=9000"
- "traefik.http.routers.minio.service=minio"
- "traefik.http.routers.minio-dashboard.rule=Host(`${DASHBOARD_URL}`)"
- "traefik.http.routers.minio-dashboard.entryPoints=websecure"
- "traefik.http.services.minio-dashboard.loadbalancer.server.port=9001"
- "traefik.http.routers.minio-dashboard.service=minio-dashboard"
command: "server /data --console-address ':9001' --anonymous"
# healthcheck:
# test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
# interval: 30s
# timeout: 20s
# retries: 3
volumes:
data:
...

1
ansible/plays/services/offlineimap/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=offlineimap

Some files were not shown because too many files have changed in this diff Show More