tobias/infrastructure
1
0
Fork 0
Code Issues 5 Pull Requests Projects Activity

Compare commits

base: tobias:main
Branches Tags
tobias:main
tobias:feature/error-page
..
compare: tobias:feature/error-page
Branches Tags
tobias:main
tobias:feature/error-page

1 Commits
main ... feature/er

Author SHA1 Message Date
Tobias Manske
d86ea6a382
WIP: Errorpage 2022-08-22 23:23:14 +02:00
260 changed files with 3327 additions and 36967 deletions
Show Stats Expand all files Collapse all files

69
.drone.yml
View File

@ -1,69 +0,0 @@
---
kind: pipeline
type: docker
name: Ansible-Playbook
trigger:
branch:
- main
event:
include:
- push
- custom
environment:
ANSIBLE_FORCE_COLOR: true
ANSIBLE_HOME: /drone/src/.ansible
SUMMON_PROVIDER: /drone/src/summon-wrapper
PASSAGE_DIR: /drone/src/.passage/store
PASSAGE_IDENTITIES_FILE: /drone/src/ssh_key
node:
ansible: "true"
steps:
- name: Prepare Secrets
image: registry.tobiasmanske.de/ansible-runner:latest
pull: always
environment:
SSH_KEY:
from_secret: ssh_key
GIT_SSH_COMMAND: ssh -i /drone/src/ssh_key -o StrictHostKeyChecking=no
commands:
- echo $${SSH_KEY} | base64 -d > /drone/src/ssh_key
- chmod 600 /drone/src/ssh_key
- git clone ssh://git@git.tobiasmanske.de:7779/tobias/infrastructure-vault.git $${PASSAGE_DIR}
- name: Prepare Runner
image: registry.tobiasmanske.de/ansible-runner:latest
pull: always
commands:
- cd ansible
- mkdir $ANSIBLE_HOME
- ansible-galaxy install -r requirements.yaml
- summon ansible-playbook --inventory=inventory.yaml runner-pre.yaml
- name: Run Terraform
image: registry.tobiasmanske.de/terraform-runner:latest
pull: always
commands:
- cd tf-stage-1
- summon terraform init -input=false
- summon terraform apply -auto-approve -input=false
- name: Run Ansible
image: registry.tobiasmanske.de/ansible-runner:latest
pull: always
commands:
- cd ansible
- summon ansible-playbook --inventory=inventory.yaml playbook.yaml
- name: Validate Ansible
image: registry.tobiasmanske.de/ansible-runner:latest
pull: always
environment:
ANSIBLE_VAULT_PASSWORD_FILE: "/drone/src/vault_pass"
ANSIBLE_FORCE_COLOR: "true"
commands:
- cd ansible
- ansible-galaxy install -r requirements.yaml
- summon ansible-playbook --check --inventory=inventory.yaml playbook.yaml
image_pull_secrets:
- registry

18
.gitea/issue_template/new_device.md
View File

@ -1,18 +0,0 @@
---
name: "New Machine Onboarding"
about: "✅ Checklist for onboarding a new machine"
title: "Machine: Onboard <hostname>"
ref: "main"
labels:
- onboarding
---
- [ ] Add hostname entries to dns in `tf-stage-1`
- [ ] Add host to ansible inventory
- [ ] Add machine ssh-key to Backup Storagebox
- [ ] `touch /etc/setup_complete` if no restore is needed
- [ ] Update known_hosts `summon ansible-playbook regenerate-known-hosts.yaml`
- [ ] Generate new ansible ssh key `summon ansible-playbook --inventory=inventory.yaml tasks/create_ssh_keys.yaml`
- [ ] Run `summon ansible-playbook --tags setup playbook.yaml`

44
.gitignore vendored
View File

@ -1,44 +0,0 @@
# Created by https://www.toptal.com/developers/gitignore/api/terraform
# Edit at https://www.toptal.com/developers/gitignore?templates=terraform
### Terraform ###
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc
.terraform.lock.hcl
# End of https://www.toptal.com/developers/gitignore/api/terraform
.envrc

3
ansible/.envrc
View File

@ -1,3 +0,0 @@
use nix
#!/usr/bin/env bash
export SUMMON_PROVIDER=$PWD/../summon-wrapper

11
ansible/ansible.cfg
View File

@ -1,11 +0,0 @@
[defaults]
roles_path=roles
template_dir=templates
[vault]
username=ansible
keyname=secrets
[ssh_connection]
pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=1200

2
ansible/group_vars/all/kuma.yaml
View File

@ -1,2 +0,0 @@
---
heartbeat_timer_interval: 300

11
ansible/group_vars/all/main.yaml
View File

@ -1,11 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
30633036313361316363313630616632333931633635326666663935633061346237353362316132
6364663462646639613862393263616661613838303962660a623233386637653363636531383535
37623664636362666136643765633166373030663864613134313862373131646539313533303532
3563666465396463330a613632643431316563383331373932366334386564646335393433366663
36616239373630336430393065316433343536663062383563646235646365376539326636626230
30643033656134613966643163323730353239666264343630613830393630653333643961363765
37396462323539303736333734373332646633633463636162626634656632346165363134643234
38316632323366303166663964663639616638643538626363633564626133366634323439393163
33646462643035613963646131373339333863636231356163356630383133633839373561643835
6264383563386437656563316539393139313137306164343631

3
ansible/group_vars/all/networks.yaml
View File

@ -1,3 +0,0 @@
docker:
internal_networks:
- metrics

34
ansible/group_vars/all/vault.yaml
View File

@ -1,34 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
65653135336239323262613466343039366465353930653632336330396136616465373338313237
6635653631663132663266316664343566313561646663380a363630623637616332626666613731
36336539626365346633346161383135313063323364663763353131323764373731393762333565
3866353164323763390a373139396532393932666434643533626431323838363562353635333333
33646130363435376337633965616137306165303938393134333630616332356662636463376362
37663236653030373332386666393565363234363765386138663365313134323333383033633537
63353162663634613963303666386137643535643632376464623433623234303363633039333038
62653033633561373636356439373730376533373335373032376465396662623730313839393966
63356633303739386265666266313966613835393165396336333538306634363937353036633836
38393163313333623330353361316137336464356665356666646631643762373266626465626332
38353637333039313166353430666138646538363364646334663437336266666430393438363833
39303033313230373835363138363763376163353832356266633666666339646437363062663566
35336539663263336464353964383565633132306136346563626637323933353136623238313364
30316363346437626564633163353533643461396166363238633332306436383231393734666537
35613964626435633061363934626465336131336236636630336161373964656261313765643534
65663235613265353261383338356534643334333763643464633133646561366131373039363834
62363931333464326230616135376165636263346436373930623530306637363235326639383031
32646238366432623430313763616361393935336437336333626638663039663931346261383661
62623937346233343965643837653834363662636436623964626133363238636538336231336465
65343432366162346534396539656539396235333539623238636566366539303164333731383333
66616430643733323764333462373562343163383764613737393864383532303962386238613462
35613764303634663464393139333231333462316537346130333338656663633832316332373134
32363437663163623635313933363963396166636466633230653331613530636636383266373064
35323763343163363535623039323835343731353536303165616235613731303266376436616438
62383065626363343363636433376463303363323034306362393236343765383565373938643639
39326431643463326230363830333631313263663937386134313235623865383937626133656135
63613136636337326632616236663532613466373662353932343366363862303664643337623662
64343966366338373665373037646366613264626466323537333730333337383736613737636339
35373733323838653461613361346439636263353861383666336434636366393635303232326134
63663032383136303031353138376330363839396533393831653733613562633665613830356666
34353337633339656463653063393335336564326230323831343663393464396561623937343531
65663730323035366563663639653366306162613234653764363163623661653461656634353738
39313133323638343862656530306361373862326134653934353334643333343235

7
ansible/host_vars/filehost.unruhig.eu/main.yml
View File

@ -1,7 +0,0 @@
known_hosts:
- filehost.unruhig.eu ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXlm4q3UBK2ChZCujrc9nv45tnntj6E+80UOOzZ6EEFWeUkJ0R+o4z4bnLsWBfFxfwgMDUvFCUCuS7R7xo2pE6vlRhPeD6eTitqNmRMfgmMZLJCdWD5eechg2FNSIht+wB61KEwMBuARXX45nmvIknWiRBK0qAGMLgy46hAx60hf/2uzSuyF6cxQdRqH7TNKZ/06aC7fCo9MCvHbiWvOSKbRx+jYSw8L27DW8WbPTqTGhywidij3nQEjwCFof/IN/hdp7NLpF/8qAoxW9iLWHh7ghESSwHxDF+QC1NjyA1g9QvyX+4p/hzR71wvQ2OVT/R9qx45jJiEi4dVQtsPGbcMzY9gQNbzyzl898cvnp2OuS50kGxuJZaJLMOj2UClbpW+lTrrkKvBZKkAF85v+C6Xcx/waY01eH0PaDBpoo40Y+vS9nWLmnKcvz5iDC6DVL8gUyDxuQj6/qMQuVsr5GL7GnvqIF/jjz6rNqES5Lr88c18ZyWeaupAHNnSgxaGV8=
- filehost.unruhig.eu ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNxa8vbJ70oM2PlEKegPu3/SUO7oXz2lM6PvR74Ad+RYjjAQZr/j3WMpeDn15ugexlYmYoHgxgeT0xA6E/ZAM/0=
- filehost.unruhig.eu ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvXX75sXWRgslMW/Ufq0t0OJQnTFiWPL4yBUBdGIU9k
ssh:
authorized_keys:
- ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNpGyOWzNNTW7e8PBZCRZ8q4JygBKKtOMWng09b3mnNo9GPvb+V7RhnMf0rnGbwp9q89QFjYbZ8ZKqCoBpgtlT4= backup.unruhig.eu_22

17
ansible/host_vars/filehost.unruhig.eu/vault.yaml
View File

@ -1,17 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
36336235613033366466623936373035353462656137303937626535653237646633663035363435
3935323464336235353134623634343539383930653066370a623435326437643362386638623735
64393933303561303833326364613736643632376464383632613964313265356565636237653432
6338326433623539310a393261376134626164316230386533333766336130326236333562636665
65663865653663623838656237376262626139643733356461383539383164653338613636383935
39366133623933366631643938643832373264613031393430623132386166643836616362613333
39326666356434343263383934613238663635613234323264363930396136356461386365666538
38376564386339623462646138646461633732313866306365303463356330316535383137666230
31313132663030626562313437623735376338333061306438343761396637613535373633386536
37303535386566303564343938333037356363383561656462393239323736643331646536626633
34663534653165663930663939363936323630643065306462353261616535666338353962643930
30353439653331613165333137626636363064366164626136643234353030336139336535333132
36373934343431363665643631373336396433383732326539663336366234613364363663323238
34333530366634613933363530373935383831653864633462336465366136613730643932303935
35363935343233383733623233316332653061666262633435346532326365326462366366333966
33366364343330313238

4
ansible/host_vars/host.nc.chaoswg.org/main.yaml
View File

@ -1,4 +0,0 @@
ssh:
authorized_keys:
- ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHrm5yQLJMKOScBDc8ek0nfinzYSvQdN22kSEKRN9/UUlcSDmqFUHpQNtvysCZr4l9WRKxTYDhy3rY8HaMSQaGY= host.nc.chaoswg.org_22

421
ansible/host_vars/host.nc.chaoswg.org/vault.yaml
View File

@ -1,421 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
65393036616464626639333161343232393964353137663236393732366661303363613363386162
3630616534663334306637636161373661656239363961660a646137303939323465353334396534
38346331306136393832653138373438623264303261633762646531383961643836373465356464
6262333763643766300a363763353564653165313431613633393336623539636634336133306661
32323764396239396630383533626336643638396632393337613634353831313336613532616561
62363465306133636566373433313332306561636231383965346165346439393634393038636662
39336535363262396538376664663239653838343465313465643334366431303631323166313738
66303230386137343661343161643166643935636664306233316166353561323631643463623664
63316533653431653732623238336233303937656263663039656634613861313836613363643636
30396336373037653031393432333033373132386236383438336364303930343533636632313735
37613436393035396536313334653966313439393234643863303137386466313866323033393464
39343862333535646162613539323936386430306461346337393262306234626162353438313334
66303536616137613036386331626234313136646336373536343862623364633266353963353566
36363238373666646362376239396536623264633461353637393765336438323364386463636362
33383365626239373435663565346431316331366332383261346138323239363364666631383633
33633035623530376137363832373230643965356338633334316232613033386634326566333539
36366539373034613133326562636137306237613232303665633839363530636633636562323135
63643862636361666463313865626438633631613236346563663034376363626565333230643930
66363464653536373930633431616263383662393539303861626666613163343861343566313830
32306535343962306232363138343839386430623032643364323233393837623538616335653039
62343730666134613362656466316261613161653137363861353163653232333865663365396533
38313764343537326233376634626261636632613831353833613463613738653766653535663439
37383665393462376234343866623431373065613266313933653365316230363232623362306463
39613937636338633632333264343365323431656662626565396165336164356437643430333039
34623866316639633138653566613832386166303837633764623538336161313861666231313438
31366336646265653063333866663164633332343264653564306138383562633730643765646563
33666133356663646135376661343065326133396665363032333134393562363864653434633231
37313266333032323237313762373537386234346463303538346361323231383261383763616333
34383366326239653631613937663037636465633230323138386163306332323732346362646565
33336137616562373930633335396532313761393331306336356339616663333537303961373461
61373636626466306330326638376237383431626538616432376338643162393535333862303232
30363233633230653664373865653439383234323661303930666631313935653561623637643534
66616363353234346162613032333462343763396565616331623362336235343337613863613461
37343735366465643039616565313566626262346365633339626363636263663266613665343130
39353837353535643435346631616362306430653534363662383537656236383766386135393938
31316561383736333439303732316161613663376263386330643035626334303738313330666637
61393662333633633035363735656138633536313961343833373566373234613334626561346331
34303333306233636335333366363936383633626538366661303066633961346237376133323031
35333038663961373561316162616233366131373134353534643162666238636662383930383834
64316135376132666539656639303066343735313364666466653534386336613033363134633037
31343165643463663334316335303437343833333233306564613035616237653664363638313431
33333164353134643031653131626437363333393664323563343632343562623966646233313831
62353336333732643731313062646664343966646362616233313461326435386534643138306138
63653137393739303438363332353862313563613237633734326539323864316261363762343932
37393030376161313364626432393131306136666139303166303538663464363038363362376134
37333832396162333266333238346561663764383761653065396130366534653838303165306436
33633239393330323765313033303635303833343736333364373536356631313462643231376464
39353164326163323238333738326235613766356337373936656664666364323836326166616562
32303565356465356130323439373435666339313930343366303430623039656138643262633831
34396463313565666536626332613530626235663837373766366139636662663139643839613364
64666464306433383561626364343562643532633936393230373137663666316531336236393330
65343639383835646463663466623032336339366462353732313835323437323736633436376332
32323934323462323438366434643937653630626637393734613635613166393761353133646335
38303636346661663063636331323737306566343662653762373761303839663632656539383633
63303161383837653139356237613761656636313861303536393363323662306561303130343964
31653732326237303364643464313234383536376335396130336462656338386562353730653962
66616130363162346662623462343964623465303765653666653463336466623737656530393164
65323865323635653563353130346132633636346466366366656233306636323836326161313836
31643865303839393439326633353465313636373061393963356330366432336461636561396137
31613165643837376138616334343363333362616339326636633031633630643364393535316362
31373336303765616161656165646231613838643837653037633733653763346664306566343362
62646236636439363662326639346231373764303332393762666237346130343962626336323762
33343738333361356438383063653830396163363232343862313363653130366539666362653236
31653030353365633766386238336132393838623233646635373436343038363265616432306630
36366462666639616265356233333430643065663431346539373636316238306339373262343130
61363531383139316432663432653830376534336334643661363432373137613735346336316334
35383162366130663061623261366563613438626161663031373163626339363936343364376564
34653033653834393264663130373065343638363838303331333030393563633963346630636433
64666239663964646163626537323038323165303066643663396432323664633462313736663638
35663439646136356233663936306536373963366462396331633737653065373032303530623064
37323336346661353535636538623666663530383266306464386165613366366137623430633931
39353062396335313733363766663236393737623564366364313038323839343637613530393738
61383037306135306262333435623339626237316436626237303864353061363436323433613163
38623965313261616366386465633466396239366234393637343734396136636630353062333262
31353265306134393865663365636135343639383164663033363435313037346138616265356135
36613664623336303031313531396136643334666638353965376233333934366463653833633265
39636363306431326332623566623131613866386463643835643363623834363231373765383532
64666331393635666135306432393937313539613264656134323066376434623531613730356566
30636135623837626331376238353937343665613161346439396663666530343163633763613833
34303863313365343765616630316362326639323830663030356561616263633062343338356335
61313865393039663164353235653233393438663366653035353831663536353663356139303438
62353037626435313231633861383633366161306530616536356134303239343436633535346230
37363939373438363864336236323337656433333234623933646236623735616132643566666535
33343938323036653038633462313663366133333536663636656262626138393762383865326536
63626266643834656164356361356332336638613364633363663735653037333566343336323635
35643135666131376636346236303630336332623465396566663337636539633565383839633365
32653838333531303863376636333861666134613466326166626263363436363038656664313533
35333863613737623532313264636562363861313465666532636363633636376233643735373662
38353865383262633731613531383764333733643566323566393838623761353939633732663363
62393765383539376439363233376465313636336664613431626238333561376562313962343836
31653235353334353037653437343463343833396266386138656162373338303833326662623235
65393339653630663866663366313264643133326234343031666364343039306561333731613637
31333564313531666539326634313035386464653866663831316634356366373632643966366166
65643938386665333431353335303231303433396534343730656235333937643261363030303535
30623235303536353364306539633436346437376166306264616234656562353830333739613330
63633862383336316633643031613662626165363437653638623034656630343262646538663530
35323437363939306233303563643533633462666634383639633261613665626435626634646565
30393138363232303239333430643733643035613561656534363036306338356539666234323139
35616631306531633266623138383533313539323237633634326135386236643735653237666366
64373230626462646239376239303030303862623537613562666235373563366337376539653635
30616465363261653664383162396362306164393264373736383830363132633533353162653034
65343261323138643630653163633836626234306633663033313532306237373832353636313562
65366162613637666162663564616430383631366333666232323036646166656463666533393764
38383730646331633032393737306637656363666239613166333534353230326664643465633035
39393438343834356461653139396166336239636166336161353931336135653166636166313439
39623366636639303364376564656231333365333964386566363535613537613861623762306136
32643833616237303633633964373731393133653565343831623835346239383532353434623131
63663832343937643266373766316432623334313739393337363565303936633864373664633465
66336361366335646463383164353135386338656630356636353136343739323530663039636263
31613030393832303165373865323536636233366231373737373536633238303337333764373835
62373831313534303731333237323036303266646136383532626466623165356234646637383636
61626663633465373161353330343261646163346561353861316633663236346539353133353366
35313139326464323631303863656133643665653934363139386362346437366139313132356334
39653731636665653838613064326439383830333436626234366166373637393739623137373264
38656630636333306363613763326166343634663161333162396138666661636333393832616435
39623538396339336437376363346463363061616633356537653438633033643061353465346132
64646234653033356162393933333933373064306238393334393564326433353565353066383433
64386436363238653561363031303735386366656639373835326137373436323537356665666231
34356663353062636165306232313235663634653932653465386537643031366237646436626639
36376339313635323534343031656263333365323164346363353637306131393739373066313335
30626666376236363334643765656639383661323131393661303632623131366439653866333833
39373562663639306161383166316165343130613561656234313333303632356161623261333530
38366535623635313934613237653637336231313533303036386461313739623166343564366464
34323639643366633836616133393630386530333330346638366265303234313133633261643362
30343736613933366635333734353863616461313262653731363730343966396538653232336330
31666132303933633464646562653466393661323363656339636563633430643734303439363065
39623638643663323366386561633732653937636431363038316234616537363030396362396331
38343662353466373065666264616564396636396330346337633634363131323666363032626566
61663030346530356435643338633162326230366631333863636332346636306638383932383365
36313839636235323264653733383438383030623330626235643232343432333237633634393262
62326564396663333134326132613537636333383931383533656134373863316665353266323862
32363265363433663637333861626331333137306630353263356563346239316362656134653663
38346137373965393537633835313662653531343966326461653830373166336534623764306564
35393733373664303465303935623963396233656336363762616566383137373564623063636265
62353734353139616365363161626265613036623865643034383362313733613439363337336430
35666333343232636530373237616537383165316366353162613661666335623337663564633261
65313033343865363034663763616533623065353164376561333239353839396663313739656432
64656465323865393935303163663236663363393336303763636165323035386632363732353465
34623731636535626237643765313232336161336265396539343861643131346165613638613438
31326364393065626538346465396264303738353566366538663963653331376633643865666261
38646466643137373436386335383733616532343263633163326135356133323437363637393638
65633633303136636237666236633632306265366465383266356333386633626566316438313162
63376637636639306438626431613637323561633137316362383735386563656462663130646563
39663338633166353061376466313032336339336135353165343138333338303231666165396632
64353062306131396337623664653462366466363561333637346463313937366634653237343039
32623530383966323331636464333936643537623764383031343933363263316631386362356365
62666530346463373363653133363937343030623233666262623933376439333135386532343063
38323236353563323863376132646532363163643535313634626566386130396434326239376432
36623266306134303437636565306137376437663831313866643261383865303035373535646565
64623730636139663637373239653533353262363661376336643464666661353563306638356563
31313064343734323734363037396161336564306133326338366166326665303062383539353435
36346137393136313937656133643039353866366461656130393266653432313061373938306232
31393332373331663238616335343738633962613535323639306435616666373164326665623964
34383632633135656362333965343536376365333732653734643932323764303932373934313537
34373064396564343832626332313438376164306330366532323733323930393939633634616264
33636234396631363864353661383539653961363334333633376132666434326336623034366535
65376632343437313965336562356631366163656263663365626237643438326338386635326466
65663537306337353866646137333166653735633961656137363333643963613730356633333364
63303263343339373364383265376633653835333737346434346238386631326632616164323335
32393631626535623930633930643263313935663765656563646230393761356663393636393938
38633562363737326532623937373835646131656437373065383166323535376433373836343639
33363335613231323233356164653930393737636261616131346638653037313266386332393330
39366433333566623861306134666332306634626638633434396232386561623231633033653836
61623237343039613234343438333730393637636462393038666137343735323066303536616530
36623337613831346463313964633735373033666539316239396264663266636463623037313335
61653134646231326163636632343863653961373665343166623065363232396165666564386162
63323032653361646366343432376338383637326666356538343266613535636261383062323234
38323362623539356635363731626663663034626539666239643335323130633136306665663666
32613736326462326536346661373465346135373234323861396237343862303232373537336537
34393737643433386338326135616432666566636166386563663937343232633738323531353732
39353661333065373334653461313036363262306438633939353663343962353462323631353031
63333034346366306261653137363762353433613231656163343966613634633737386639323365
33316531353531323463333738313733353064616564613363383532623861626661386634313966
30316235316238666463626335643938353835356236323164613033343365323533313365376565
34336236353532373061363036303239343965643235633336626463313539393039626562626332
65363237656633383064353363386265346239353238623834343038636432306330366462376337
31313632623063346136346365373563363139346139356635306264316663356433633431346533
61636363656366353361646332643932386630383834646233313430653161663763303761393636
38633462666437336134376335353230393964346633343263343030383463396134373930316436
30663830326163613230653331333534333233633631663532343336636637653164303931366338
63656561306262613661336261393966666536393266333564666535316637653863376336326161
62333764653462353937396335633764393766316338303961646130353061393161653231323235
33303762393266613264323134373536633032366235346634663932313236336235353164393461
35343166626438353164333061333331656133306530366538346464376136303632353437326462
39336631333461643036653133353833346164663637303962336433323939386364323562333432
61656533343934393862643261616235333030313637613063626331336133333230303165373138
64396264616432346663643736316463396662356566373833663564393030663532343263363231
37616438663635373263303763363263363539393339663134353937353031633061323938323633
39343165363837353036636239343565363930333861643634366330623739386461376234323837
63366430346264373765306638353061323435366638306464636130626365373965316663646261
62396265643365623162396565626535353661383434343163636339616465646638393930373239
39623864336361353165623833366133396637346564626433636166396366376239633937336534
33383734306638333437666233326236393931633334646535326531303363613431656161373336
34653839383332383065393630653737373231323963373633353832396164393766333265646261
34376532646265356564643866613166383261366466643262363832363036623563363830313430
33636333336266353966343035343861363033326566633264643262303637353362323934616364
35353535313238366564653632666431396266643538383435393265333764356539623330383238
61306433396639373438393731326639623138623661356634353232393935336636313631363835
30326165643663356430373666316261376339353663373161613739396161653330366339643463
30396266646561313435313331643830363334383365363061323463306164636638636139336533
63616566343463363039613030636462613161333764353237396330346534326165646262393464
33663237323662333237383535623139333133653333663332346133636230643863666135396563
61643337393439376564623766363632393766633263376362363537356132613039613339363231
63666436316439313432636463356235373161323337653234366233616434646566636466653961
66623062366130376335336161386462653034643637643264353636333934653935313663396364
35396438396532303461383234636133656139623063636534653737653264333733346332343966
62633764313939393934316464653762326433303336356263343461626538336536316562393261
38343361623930383137373239326263616366393262616264656536373831623839383431313635
34393534666434353764363061303938643238336530313366366363646665643334373735363436
39313637666562383538646336663435326337646164306631656533353766363037353633666632
66376235306136643334363236316164643735343837353761393331623836613965643739343035
36663531646534393333366133386631623265623462353432316133303238356463373338666631
35396261323539333631303436333433366431353637373965383965653561626635616237303033
63613839643763363466666564373061666630326330613538646365363365313534393632373635
33616262343937656663636361376433373432336235393132313061396336636461303939663339
30346534393533343536343237336636336633313333613966346665333734636461653030623164
35613138343237336437646131376132333130333466643137643765383964333466363430316330
38383762313961656462343132666339313862326631353237636162373433363137633864623365
31363536383130656662613937656630623930393139653865323862653032363135303235386461
37613234653534613866616164653335613665326361363663356666383532653634633466306330
38303533323566653136323535313162313161616465303933636639616262376238613736643430
37626134363662646266356561363033663030373766323561353166663066656133623537376631
34616262343736623933366130643065363736663535393334616266613632656530346237346461
37306238343836313734353665653538333162353065633530643762643937666662336562643838
36383531623439633939633465323332613762363536663936623666346135646634623064373335
36633232386633306462363438646564356332356338666365393537306632323665623166633063
33383766336262373939313832373562303164303733663362653865623065333830646236663164
66316365336434313532373865396431663036326335326566653533323031353735613266653132
34323961663733336535366530316162346566643639316136316536616462313037623263626432
31316533633334343839353763666432313037383662663065323335313534613866646665646339
61633366346664316337653365653565313365313838363030653438386533343233363738323032
37643037636430383835393732636230633136393764313237326334353862333662353665636430
35643837656437623663656133666335656530343330663839356565663766343731383265313062
36633736653964336234623530306163363237643465616463323362653436306463326235333766
62303337333633306361393231396233393839386664623665636563626664653437316136303735
33373337373462656133326261626136333038303136343230366665346233363130303365613830
31356635633033396239336265316232623930353662656337346664396236633861663431323862
65643365356166613634383064383338363366383934353837353062393862653430373863613562
63663236643637613131376636383937653038356435353639373032393032313866343737363963
65393664363331656366666536336439303438643636303563316432346634333265616631373934
33363238313265333465363038333632653039383263633666343935303433643133646461333733
37653166393431376336383333383035666537356636393537323530633534336563633831653938
32633361363263663039653363626364336638613539613330636238626163386137303364633363
66643563633733373066313536376435356338623832313262386130376337393131303439396566
63313563653366383866636134383938336666376365613431646665393561643965613933623830
61656230396439373133306536366231393139613834623138653636663366313335653563663530
32623131626330353838666630326634653238633366323031306334346666663235653130313261
37316162323332663734356236613664623032373935613436653265653435353930373762653836
30313939653662383639623838353863313138313334353337393162393263346165396261313266
66366137383165386437316236616361383262636562626437613934386561616231386236373831
31653735396536336639623333633461356530623162343865393939616135333133333838633034
30383932303134396439636339613336656439343834616536346365376436303763336335333266
34646633363230326564646665653666393139303432633762636662373264393836653637623532
30323032643938346565306639373766326666333437363163343064333330613564316463356536
34663663356534316533623739363530633164343563663461666466303833623635306639663535
61316665363963653864333937343739336466623939303030383136646265643634383430323036
34636534346666346566393934636434663735383737373964313530633433326431316637376636
63623333303937616339333462343366313835326161383335613034313539383837363835663465
66356665323037653565393763623538356633663565353230616338623339383633313162666564
30373731356639376539613438636133303064653866653039636366393736393531613264313264
62353166353866313539656236353461356164353737343530643737373434333336316364393038
37343063303862613434373630646161373933363663653066343163636638323461393530376463
66393431643031386333343238393634653962386466643063633463356561303163663362643332
39663039353962663835666435656236313931613931313964646663383731323139646436336637
65303735346133623933326139353731336233393034343763313335373138656531333337656664
63636639663761343565333064393061356637313734373061353833396366353463353032643561
36383531396231343338366364303637313137396666376333656437663631626466366461383362
62363766393531356631623737323539656139653161646338663835303735356130353337656164
30643038643537656166386631353166636362653832373362616636336130663534623836396439
37656533303635613065353832326636306261353565613461303730396161323634323533633234
38623564626431326261313731303636363861386139666162393037346463653966313932643265
37333338393461663135336332633364383964303431346532336332663235653062616362303564
35663539336431626564353565636363303161643438643837656264343836393130333162313862
62313536666461343766313930376531663362626364326230396565323130366238396436323431
61646339383239363834613163326461303232336534386434633938666231656261376263383437
31393835396537646462623030306637626663336666663434366631313437383763363831643962
62333433313038353334633365316263336233323836313162643764656366323762323066643363
65323239316237653863363631633838343939666235623438306466363632333638306530616330
30303561343233373264323430616131616363363938363365636634373861373737663630633632
38616334623938656337366237346665316666633832313264633533383534303538633733346534
64356638383932663639343131653465633335326337663532356436306666303632363430623333
35363933613336626634323261346536396562313066656166613138393733383236346333666531
31303035396161346266363763363439343764363031343836353263666663633932643561316364
62393632646132363632343231356339303939373833313030613837363536323263653866396532
61346464613835333434316362306633333636643139616538386432666231623663373239306437
36343834643461393234356266636363656462613139636563343766323533626562336262616562
61353164373466633266343335346630656630363362326434623838626339383130613237383737
62613363643536666636626337386334393830346632623132656566613238396335656332343065
35386331623331323535656631386134376239313861346664653734623366383663663530333633
62653037383465313662353339663132653837313562393639376166316165363736303635323438
65366632396266386561633139623666396333666634363663363134663965373836666134623130
61306532663235646334323961313261613631396638353035636635366365653565313030613565
33376637313339633064383732633638616134393536376262396466356563666236643232643066
31643631323665366266363263303231313066663838313538396536656566306262353263393063
61353434333363333630366135653536343733636432323133366361313236353033373130653434
64663964386164643934316130353438653561613263353835323463376332383765633137363536
38626130353664616331353536356636346635643764613230356435643535363163626238656566
64623933343261396465356136646336346538656134343134663436653037663564373533613432
30316132363033313461616535323462643164646338646564363536326162616362306563663666
37303930386666643134633138346238313737623463643339383632643636396631663833636534
38626163636361643930346161393132303133346532653231316533626336386135663531336166
37616336663362613838363964643638356131396135666261303065323863333061323839666433
61356166363638353339306433333735353032306431366462323764326233636437356231373763
38616361663632653364663739336665656532323439356235626631343662626133336332633331
35383864396437323762373937363763623936346465383636393164613161373865333532373738
32323062323130626136313434656534303139656136363661333139393037323362666332613930
30363261613761303961383465326637633463336633666630653036333165666262306131656338
37383764663462613862373433323733616166626132316435373262656433363462656432303639
66323239333031653736646465316434653638316336393731353466336338346466333161323034
61336261666534616663303264343665353163633838633636653139346139616466333530306565
31303631613233366363323231653835633030326532623633333238323434346637393064376462
38373163383431613662643233393332656537326334373962356330616262303461366165366166
32663739623165393861333232373061666439353231376361623837663466653865386136636236
63346130303732643733633362613163366135656434383838303830313963636136373763393234
30653161643262353439613132643866373263663966326338386137333533613630383165323832
34616138363863633037613731356135333738383332383931373862353430663838666230656437
36363234376563376566613136666434346438303761323737386163376233366133323236343331
31353630323430366533623232343162396462356161663531616634386639653137346634346632
38383235333363326439646638393839386162636436306663616564323264333664313039333864
30363337323561396131613263376432346138383063346232306235636564643162616638373461
66356463303332353636613131336432303137393331353663363061636437636162353462363430
38313538313430386165323139623365313862663763656634613233326339343433666339666362
66646637656434393230353466303436316465333737393236383531653161326666656536616638
34646338373462373064636234623936353134303432333133393765623165656332353562316239
33313639616261306564313861626334346664383565636433396339383165636464643638373330
36323738366635323266616661336235653731393331396166356430373161346633393937386637
61636133333632353064303961346531386231316632653234333862626462366431653336386234
62323930326466343862336133386561656635323636356634653761626465303262343962306161
36643232363662613664366530646562613764636334326231393965646266633039643462653266
66626161656438313938653863633234313938653061366235613766333533346363366633613561
33306665306663393464363938616530636330383939336133363330353563633935356334343934
62386233666633643539643230353235313162353765356362363564373736343834646231336266
38613533666262636633643163326636396632656233656535393461643161646461346133333039
33626464333232336666323866666533346430646635356166366430313638333062343563626461
32303365623262666366346630343434306636646161386662353466663662356462383638386232
66323037396635656463386164633464333930393734663362303465616638386238623234613663
36363330356435636365383363363233396462383561306538393333653065363634356566323262
35356165666639613062663362643136633263313636653562363564306531363664333062333033
35613465633663336362663637346463653765663463366662623337663530633637623739643036
32303633336639313661303233303162366439643933356238306361643732633165623265386662
61316631623063666138633866646235373232616634643834366462393431393435393138333161
36633033653439386131333963386466333138623435306464336137656664613634353639653861
33616231316464343662623231346137643064353861343763336562666639643531623933663962
31343364616533613966666431616434336335336339313435636131646365633833373363393864
30343030303365393537393839303933383738333934373336666436623964373237663535323662
34663863306432383732663365633838663463366234336539313230646636616130376463356136
38383865336533313734663361363130333666663230383938336636313166626236303433393639
39656236356665623439343130343566666337366638363361616435376162663461343337663164
36393037333162343134336362323030393638376132636638373764303533333861313833313932
38623933376632353432643361303739336465383039643832386534386336616261663565656465
30343561653266653831616635613166633830383131633734353230643637393839333130306637
65343862396232663635383861323232303537396562326537666638393330396534633834363665
38653234383838643565663063316138643632393064333765663431366538333365303231643738
62353433636131643634326437623966666364656562613261346337653133333337363636643666
38376530613139393965613135646435623362373935613239323039396630346332636135623535
30613861353662366362326536313139636131313139613339383431366561373036393763373433
63626666633335353762303636333666623035323134386433326335393831356234343333393161
35343765616333303463613762623964386138383361383330383031353865343363353534643831
38613530306465383332646632383964663734623034663435383433333561383134373833396665
64313833373338366539656437343039313063643635626633306236386235376438353735356466
64633564303861663266316231653562366662363932313666313964313734363135396235306538
39636130643438303133303863366132333733666333626337373863343537313034343161393761
36353036666533343735643236666464626136663439346265316431386534363863613433353537
65663464383264343934376532396462373934393262356536633531313136353934313365316566
62336530303862313061393763323038373637616232336337646661353762303132376465633762
63363731616236323763363932326138636137306437666165316337346138613033303365386661
32386466616463373531373464323365633866306438396131396134356630313562336636646532
36663939326237623365383264653566383032383933643965386434386237306337313261646531
36303238326361396165663537386239383934353066333032356431383935626235633862316163
38633565326561383132386264623661306563313936626134623830343265346239376231626636
37623566363864376337303161366665343665666334646364663638666464346131313931626237
35313964626337313961376234343530623239666438356162373234366261623031656237643430
64323834323534646461613762643965316334396534363834613337326436326333623862633563
65663165343432306131633837336536613632323735313135353563383165303863326635663963
32623365313431623366343535313463356536666332643733383032653138393466656639363235
64313365303765323065653733363537646233326534303434323931323730363963663631356563
33343332306333373362313562616562336234663931623062333133303561393763383965363236
33633833346534383739373966376364356132313234666261353734326331366439623936326661
36383034633662373462323961353235636361633639626165346133353730623339376332633235
39396131666339373835373938643636396264386536316336353133373163623666343732333836
30343835313836616262336464336663336232656433653564386666633666636363313939333838
34373436393530383061656435666135333661333834633637313433616138373965373936303235
65363863393136323239303432663335623465306561646666633433383831363864376237333333
39663639643938353666613531363638353661396331356564653335353535313930613930346330
37613263353664646238373363383166333764333036336566306631313435616134643865316435
62363336653331333361666566353138373762343734663365626335393336653862636164383064
63616262656239623235643139303537643363386561323538343432346637353865363235633061
36363136396235393436303066643436353332613636323937373636306235353533663335613332
36393730616132626433313063363063656438366465306630303030633564646634633739316335
66633738343362316335386238383562653634333437373035646563326534386465633463326539
36313565636261613264333334333963333561306163306131353965346264643439353462623832
34653933333933633537653561326465366462376464643465666261306266306265323664333937
61623262643634666430633336633033616534316531663236633139626630333131356234343336
31313263623037303366386534313031376638373664323164383362323136366533343632333235
64316364346532336263323766353564633261653838343130333462313530363635323466373437
38336466666631333037346537663465373731343232626237616637333436343034336632303465
37363834356537623937323639396131353762623961353631323539376535663731663961326635
31396138316261396130363831636638356162353363636132306238623364326634616166653339
38373334386135386361316436356366623932643164633532653738346634323665353931653238
36316563343234636362393339386365653535623837643638316534316261303732323862653030
37373330316432363266646632373661663230626463613166636131623931363961333161393931
33376364313236376137633638316465363661336264343137393863363161393463653163383636
33356663323131653431643739336130356534323133323030376532373934383837303365616533
32376432623861663937663165393138616463336233343062636532656237353238666130333064
33653334643432343836656532326163663939376535613131653163646266326439383935623031
31373733363265363738313465386138663332643464663736313631323532346566626363336233
64663036626336623034353366363037346136326662633933383263653531616636666435396164
34643532353237323838323862316161373864356664313738326432666130343234313663343066
38666165373432383362626635623865383562643036316664613163373735376365373363633930
61303961353061313365363564303336336338373566636563613639643934333864303131383132
63653765323462303936353063643030356262653637313935633561613038333063636536386163
33313139636438373839303332306539363135396336656632636532373137633965343031313532
30363136613536616261643764633637643965653231326633323861383464616664303566663561
33303931356237623636633931326266313536356465333631343733623735366165333630323633
35663361383534316265633261653837336638383162626338653366343337653730396434613236
63613634613166633839393162636334366165303639333837393165633766393930663833393333
36353035663036633936386538306461333637346633663730353030366336666433613065623037
37633434343761373931393963613531313638316362613362306532343562653736373161353434
32643635353462653835643239623863623266396237373437646237623362386365663331336665
62653139346537303736

50
ansible/host_vars/host.nc.chaoswg.org/wireguard-peers.yaml
View File

@ -1,50 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
34636239613366316164616562343261323862646561386161366366316530333633613131633630
3834613539343265376530633065306430316164626132660a373730613137373133656365323230
66636135356264326634373862376565393833356330326439633138613333333439386564646366
3761663161653862660a663638623635616138316332643730656263633565393734656534326265
37616462313536393832656461626663353933383530656466326364376163633138633935616430
34303536616138636131656662376236336232393466383362636363356134633138613839633038
65316665653631653739376266636261356161326266326364666563356637653666303333336433
31663238626665323961333734626133316530383262303766356438346237643765393138366439
36313332353534366666656332373434303438376336313438643733303634373731363062653366
61316462326335633262313331386336383238383536313134626361636338316236613138643032
62663962343435323039313663363364323433303637643835363137373133366139636663316139
64636564643332353537346162613661656463623930616530353731326236373934316565323233
66353536336632623135323062336364313231326433396538313837363035343566316566373062
38363731363832313939666137653561666334306663383134323161376437326536653439353634
31613861383833613933623564613335386433363530386535636661376638666434313931633963
66616239323137663732636365656639643262663462613033373165636633303661633239306166
31633965646438636165626361356666396532616161363263306666393731336434356130633838
63396466623230333332623765386438386634636137356638646439313366353061306430396664
32356138636465303538343638613937366662373230386561396632383636636665313364633432
34393165316330633430643035313536626263303831393935313037303438633035393738663339
66663933363266623931393064613830393531623235343162633735303163623232393034623130
62343136643138366365386263626635663337656538663465303930623166323131643631613036
62306334646366363732663139366466326231383435383362373665393264383565306466353230
61376164376635336636306563353366313662613463383466393166326434653333343763373961
34323330346664626139373666316133303035623561633731336232656561653566383335303132
35616238306231636531363438646361343334306434376338633962313163393165333665343861
61376334613433643438623563366564313065663762663437366262316632386337316430396636
36636236666266323137373163316135383439653834653532653330316635656435383664343662
63373666643031323861623536663266653431666632643437643464643066346263393262313130
38643861613665373435333838333838306234616139373431393835623364653464626164653436
36643963303438653337613739316338376236363139326562393266306331386433356461323734
30343838343666653736303238316332343962613433343262306232336238303135306666303364
65393936666564653031323035366162393835373466316666323934356262396639366664363962
39623930613137393861353938343838633532343939633763666238393239356632383038653535
31353331356561646330303734633536313034316239366432656631623033363339616630306664
31346366303266303237343937373132363862623838646535623264323831326566666662383039
32363834373063633434613038643064623433373534356539336533656333613038313863313732
63653237663363383031333431356162346137356564653961356139643761323364626133393362
34626630316165376636346563363639366166666565353638636166393234373964346462376533
33373532333632336661323863333065663731303637333638653461303235363661643835623434
39376633343439396438393461636136653265396330323435343766613861323034346134623537
31636535633832376336323162336266656164343839313131646533323631326264626330643132
63336430383765336131313932306465663439353039616165343032333230393461666461313365
37356162613631663761303562663132363938346137376164643532353037663635643430613062
30313039613434316636323330343235396534376631646237326235383534393435663835376339
62383161303030663065383863633536346235613864636565393538633731353439633262373433
62383432393435363961313263316630326632393937376538363731316239383833323766616466
32353539376137356162376236353830363036653062653935666431303339326435396235646431
37616136363136393331373833343264326130396532376639656434613063353633

4
ansible/host_vars/infra.unruhig.eu/main.yaml
View File

@ -1,4 +0,0 @@
ssh:
authorized_keys:
- ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD/pWrMOC24gEe75cvMUiOxLN1yixAyhd9uhKw2/tGn0MsqeVtiNtbHqb0vVFUPISDqKK5SxGsqYkikyTAfZSKI= infra.unruhig.eu_22

21
ansible/host_vars/infra.unruhig.eu/metrics.yaml
View File

@ -1,21 +0,0 @@
metrics:
additional_scrape_rules:
- job_name: minio-job
bearer_token: "{{ prometheus.scrape.s3.bearer_token }}"
metrics_path: /minio/v2/metrics/cluster
scheme: https
static_configs:
- targets: [s3.tobiasmanske.de]
- job_name: drone-job
bearer_token: "{{ prometheus.scrape.drone.bearer_token }}"
scheme: https
static_configs:
- targets: [drone.tobiasmanske.de]
- job_name: 'uptime-kuma-job'
scrape_interval: 30s
scheme: https
static_configs:
- targets: [status.tobiasmanske.de]
basic_auth:
username: "{{ prometheus.scrape.kuma.user }}"
password: "{{ prometheus.scrape.kuma.password }}"

85
ansible/host_vars/infra.unruhig.eu/vault.yaml
View File

@ -1,85 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
37646239383161613330383037643836616464613635376538333738646164653535343365646637
3265333661656565653135653837666462623364346665310a653033613838643633313062343334
39343866623636386235343731643637656332306132303065393231643935643234306630343833
6562626632333534630a306661353739336266336661646132333862663231306135353564323762
62613433653737356564323538626666656434613966346631613934396238626531616631383433
39326532316439663632333331613135316134353531646362653432333734313534343037663433
39333566336265356532396434623836366166363961346439373635363334636133643831373132
64353939313135343338386638633136333931353839316236346634616430383263366137663565
36303733306163363332613964343162613337386263613032663539623430666639323062646565
61646463393338383934663665363837626532326630383930353236613161356230346162393031
39643531663565633666333032306235323038363234346264656239336535393539306439643833
33363035393864616664363463656361366365316230663031383037376139623039303361313131
34386361393930373430323961303039653561323430356139393434643763346563306266623366
36333265643738656362616363333638396139373137383366303263613031383237353435326562
34633839316335613766306134343333373032353635383964663336656134646634613164366465
66326533613363383337616437666333376133386231326336653934663233613333343464306238
30386338303730383836663262373239656438313361373331343364623231356134643631323565
31336464333838356265323938623133636536313736376136663330346630663837613937336436
33386639383465363333343566646337633236393130326439323536393830323331393862616361
36346162363166646537666666383464633165373263326532623061613065373030313439623039
30646632333964323330396464383535303261613237353535613438336163323235333534313434
31346233346335336230653337363337653763643535373532396362316131653665386539636432
30663735616136316639633333303732336239393435653239336133383362613061306537623063
31653634653233346634353136653763333833613337633530363338643336666463373465306434
66363939313434333364323931663766393564353663666262363037323761653339316637386532
39663538333664663139663262376137623765373931393833313130626135366436396636303062
36623362343432633462373733373235353034373335356534653965393131613831636237666163
65653463633961386266313534343833666136366235343639636561393534373830393434353363
31363536616664373935346331633335643536313432346133356637363566633564633963313639
62326439643333663362633739343465316431616234663233353066623861653165343461663830
37316464653138386135656662663465333932306263396235626434356666373762356264336534
66303664383630333064383363313864346234643639623037363437306638363937636162633362
30313263376262636164363064626538386161653964663130326134636166633735633966386332
61643566373233326362323034366537623830353463306363643866636439616430306362363863
35306530666266623734653235313835323536343837396631393134343835303464393335653639
39613530326562323764646662643439383639353661666231336433326564663463323638666639
63333434353364656264303361636234623266326364346230613033343433376639356537643530
30373631663165623035396139346165306335663263636434626336316265356535393034633832
35653264313331396434636131396531613833643331643235306130373132643636376638663432
32646539316138313234613536653538373638623330316236356431346461663034343932386536
32383334633238373465636164653766323132386337653861396362353937353963636136373136
66316331323132616337393438363636653561393432663238363764633938623531616538613865
61346563643966623362366131313635656336326363346231373636323930623563646137303861
39393064393965643638653462343631613466616366663232353864373236316438626135643537
64363862393839356664336632623765656264366630383836323233333836626637653461386163
66393263346539356363643566323366343631393139613864383764656465613033633038333661
64336636383737313163306363333634633966356439333432636635393064306231663533646139
65343637616532323366326239356263343432626238366333316238633366663734386332613631
63336466326163663338393363626635306436653166363239393263333731366261313963383466
38626665356463633439653932303033386464363862393439376635393961323530333566663263
65613333303036303764636131323630303737336561373733663930323863393566313665613231
32613962313935323432626230613334363163623836383135653931346132363538383632633031
31346566383364333062646334346433336235623636326436343230666537383635383332613963
63393366646266356130653339623439326230366234306235643332383261633739353039333039
35336165383061303863623031313033623865346366366235363262326266383033613961373933
33623832383934386563653662363461303939363533336561623430643865656232353731633263
33656432386165326566656432663665633461306365633164303061373264383532626361666437
62643533323136326539653263393663303365666532663262636165646561383333376336383332
30653161313336393033363061343633346230393337393966343134323436623537383532346361
61623661653132633234626631363430333837656633396365613834616635626139383731323837
38346533353061363766633634346231373339656463376634366533643861343161633435633138
39356165386635326535626161303462303939383461313834396333633565353634643362343539
64653530303663663032353138383934373837306437643962333339363366353966333437383932
30363934346638356565306365386335336530616532306465373163353562363235623937333832
62663963306663306462373838636436366661333565303736393731636562663332326363656636
39353161616134623433646539366664363935313866383163316665646236666237393762393563
62633062646536633437666362363531646234326666386561613863633934663462643634333362
65336431623836323334393934613133653262626134373838356238373031613737613965613761
34643539373230396362633761626339356362613730383831316565393030623930616364313430
35653935616662306130633263356165336130336363366532393735343137643831636462616334
65343437396566346263346463326361303862623164346365346132633936303230323838303361
62303663363834633635626331343531373639613763363537333539653631636462616437656135
34333633633565306663666338646339326564663936373963353465313065633434613435376261
30313963336664313465323036643035386463646561373235646134303930333961393639353639
35376135363235623730663932313337366564346636333464623234346237346162356262333764
62626563393261373838353663343430663763383365303766343665333231343861373534383739
37353437383966376664383438323430316237626232376134656134346362316335396331346531
63343933396636393332303636613133396162643132643765646664373438653732316633366338
65653963333633303963623362353739313635663266643236666334323262616531356165363330
66633131343461623231663832643138663563326264313036306438613837336333656361373166
62666261626430393830396636376434376233636639666432316165346237383261626530623539
63353530643065373734613664333239636433343262366637376130373130663766656563643931
38393334343836386533643839643232386165636566646434616662336334366263633835376564
38626339383631336638

3
ansible/host_vars/mon1.hel1.chaoswg.org/main.yaml
View File

@ -1,3 +0,0 @@
ssh:
authorized_keys:
- ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKMeX2lqjaVHJicNohQLi64Bk6Oo9PMm6UaoULL7G+sMGsZthWryjoIB9hwgBJPbhDXBpO3rNn6wwWumAUXWEsE= mon1.hel1.chaoswg.org_22

24
ansible/host_vars/mon1.hel1.chaoswg.org/vault.yaml
View File

@ -1,24 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
32366236633933396537643061353531643566663930626366343333643234653363653336613138
6563306263656136333235353164383562323237613763650a393734356261393330306539373562
62633332643737333137316433316363333338666538303636636461626161303638383465646565
3564643732376137640a386131646339326633333633366162613064646432636630393035373562
33373537653866333661633634356361663366336236313932636630623539316130356431303530
38636534616264366235316638346437356162303331303763306437363438663632353730653236
30333065306261383664636563336631383263376135356663363633626130326265336261316632
31393635613264386463306265303137366330656339386363393061356434393162336237373737
38626331336138313636333363653264376463326238383335613964333438303835353239303135
38343837613562316463313366363931373134306635356465313532623663613666353935336234
30323063633664653835356138313363333736323265396434313632333832316163303063373465
63376136643337666166633732656532333235366636633739653665336637363436333433636164
34623539353839376232363564336633666433353262366637623930663865623966343762643530
37346433376662613966633436663833643065646632373135363663396564626136343635613333
61633739646230633630373364343232646533653239346632663130353833343464633862343136
30623337633766383530383333626331333839363532363734613333333763636264313539383939
34323438373530653235666235633037393965353738373365633566313830623761663265363337
34343030373065393765333038343865626161373134623837643037306230306435313834636634
30323033343236396234386338623930353065346134343564653439306535313934616135346533
37353363323732326333616165636331396234646564303738343265366465336563383333626432
37623165663435313033383665353030363031373833653266356638353734313536626366373863
61393937623165613563366138393533666166663266323864626537363066666338363261336265
393938326530663531363535333061666332

15
ansible/host_vars/thonkpad.ka.chaoswg.org/main.yaml
View File

@ -1,15 +0,0 @@
ssh:
authorized_keys:
- ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKmN5g3jN6tsA8qcEaLTPzFp5c/p65wjAo31nUO5TtT7TDUDCvU68yi11HuZc9mhK7v3e2ZgCEnua/0g8lCyCoE= 192.168.0.73_22
metrics:
additional_scrape_rules:
- job_name: opnsense
honor_timestamps: true
scrape_interval: 30s
scrape_timeout: 10s
metrics_path: /metrics
scheme: http
static_configs:
- targets:
- 192.168.1.1:9100

2
ansible/host_vars/thonkpad.ka.chaoswg.org/override.yaml
View File

@ -1,2 +0,0 @@
---
heartbeat_timer_interval: 60

42
ansible/host_vars/thonkpad.ka.chaoswg.org/vault.yaml
View File

@ -1,42 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
30343065306563343765353231366539356463646634363230643639616338663138376666343962
6164333837646563356334613035383365636337393362350a343334643838303562363932336263
33363432393565623631356331343063333332663937343639343739666130646262623364353237
6366346434366236370a393063356266333430326362643932303130633635363732623361323736
63386266333362653530333262383064366462313938646362386338643661343165363839636536
62613561363637346538323062643664303932666566393537616539353730306164623535313636
32656230663861363635633839643731326363393838636263313665313466313833363638346566
33386566346564363963363166326564613366393531366135633430616634323261386263376565
63663962653039623434643136393564336631613433613433636632623938306365376639326338
38393465393764666636373430323736303235363238393038353632646365373536313566333238
32616631666263353132333439653334643737336633663164356337363732366534366537343532
30383531303663656263353461343166616139306634396432653032313366356265326664666339
39393432343734336565303034636435623336646639373438363363613538643435653230326630
32393362376164646335613166643632323861313834386630613932666166303438346461646564
37646362316662373231666332666530353537376239633664316561363332313565633361393464
65623635623166613430396638613061613737303739343266643663626134303361633561376135
32336339356462353864646664633632306338353230663532303963636238636266383137393063
37663064666539653362376662356265626630636230393230306565313264663961653135363238
39623436646138656565383662653037623835333631323836343262353830323764663266396634
62636536653833653932613661373438356138643334363034656339626365613761333764333732
34303538313134666238663732393933613537383661636463336538393035626438323039353661
36663939303366386136643335356131643032313934363361373563313965383734613632373631
38333961613838313863333436356263363432326366353266623266616561323666383931343362
32616265643133653532383732393739343366366532343461636338333463336466363331303931
30373833363037643637343662313737383565363164323235306335303938363937626466643066
62336261373865383234626463333535383662306330306663353438343061383761393165306231
33303434303734623564616331646166376432343035393231306136343762653038656434653436
66626639616139666133373063626237616133626334326530636162333930336539613336316330
62653964353633376164646664376234336535633765616634663266636464393464653435393538
34363865363338616336363561306461363532363131366534663366353463383134666239393230
65653864643562333962323832363732616434343736376561643361666138343330653337313266
31363339356536313832383162643035663538656463373133346265353437323634346539383933
64613539333566333262656566643935323138393266656361316131623566663164333138656437
34363830356431666531343938643934373562643232653239373837363336633030666631656361
36393765333463643365663938636134666664653763663264613032386135356266636236623035
64326239343730326639363133653666643534326362303339373733643164623634613633613138
61313130613434336463363739623430626638323939306462316235663963313233633833313734
66333461613766343130393539613332353131643730623466623365643237653865363262333734
64623164663366326538386331343162336433393466386133323537623536636461613732323734
39613639306562326366336634376263633062386163333964396532326666643539613739313365
31343132313837646235313764396130653764623838396635626462626531303732

15
ansible/host_vars/thonkpad.ka.chaoswg.org/wireguard-peers.yaml
View File

@ -1,15 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
32643663326666316663626638303839353966356532333066313561656234393139656333346438
3961633439383530323266323933303866656362306363630a333034666135303430363435656231
30353630643162326664383232613161376137653638396363343735306336656432623766386638
3832333632353536320a383365363037343161623364303837666238306336376463346236396566
34323666383935363737656632666532383435626132313534393437383162663232623534336664
64383839656561333064346536376561333666356535366232383636663665666464336462636161
32363964613332353735336164646363643430656330653635616663656263353837313232633838
36666165613530653832313538306434643862313161663662323434343236306666656634393261
31303039343363323638333434383765633362353365666264646564323436386335663435363635
35336162346635333062613639663434666339343662656465326439656533646262396436326631
66303539363365323133336633373431353065613935616638343831326435623832616136313731
30663863656465396139303931366565326362303036303761326132383164393361623664386566
35316335383036393539386663343638366262666139373232636561383135333963313365386566
6162666432623037666433636663643262316264323061363961

61
ansible/inventory.yaml
View File

@ -1,61 +0,0 @@
---
all:
hosts:
host.nc.chaoswg.org:
ansible_user: core
network_interface: ens3
network_ipv6_addr: "2a03:4000:4f:9f2::1"
wg_addr: 10.1.0.1
mon1.hel1.chaoswg.org:
ansible_user: core
network_interface: ens3
network_ipv6_addr: "2a03:4000:65:f3b::1"
wg_addr: 10.1.0.2
thonkpad.ka.chaoswg.org:
ansible_user: core
network_interface: ens3
wg_addr: 10.1.0.3
infra.unruhig.eu:
ansible_user: core
network_interface: ens3
network_ipv6_addr: "2a03:4000:9:176::1"
wg_addr: 10.1.0.4
filehost.unruhig.eu:
ansible_user: core
network_interface: ens3
network_ipv6_addr: "2a03:4000:56:e17::1"
wg_addr: 10.1.0.5
# localhost:
# ansible_interpreter_python: ./ENV/bin/python
# ansible_connection: local
vars:
service_base: "{{ playbook_dir }}/services"
wg_keepalive: 30
ansible_ssh_extra_args: "-o UserKnownHostsFile=./known_hosts"
ansible_ssh_private_key_file: "{{ lookup('ansible.builtin.env', 'SSH_KEY_' ~ inventory_hostname | mandatory | regex_replace('[^A-Za-z0-9]', '_')) }}"
children:
unprovisioned:
hosts:
# host.nc.chaoswg.org: null
prometheus:
hosts:
host.nc.chaoswg.org: null
thonkpad.ka.chaoswg.org: null
infra.unruhig.eu: null
filehost.unruhig.eu: null
mon1.hel1.chaoswg.org: null
backup:
hosts:
host.nc.chaoswg.org: null
thonkpad.ka.chaoswg.org: null
mon1.hel1.chaoswg.org: null
infra.unruhig.eu: null
monitoring:
hosts:
mon1.hel1.chaoswg.org: null
network_config:
hosts:
host.nc.chaoswg.org: null
mon1.hel1.chaoswg.org: null
infra.unruhig.eu: null
filehost.unruhig.eu: null

15
ansible/known_hosts
View File

@ -1,15 +0,0 @@
filehost.unruhig.eu ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNxa8vbJ70oM2PlEKegPu3/SUO7oXz2lM6PvR74Ad+RYjjAQZr/j3WMpeDn15ugexlYmYoHgxgeT0xA6E/ZAM/0=
filehost.unruhig.eu ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvXX75sXWRgslMW/Ufq0t0OJQnTFiWPL4yBUBdGIU9k
filehost.unruhig.eu ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXlm4q3UBK2ChZCujrc9nv45tnntj6E+80UOOzZ6EEFWeUkJ0R+o4z4bnLsWBfFxfwgMDUvFCUCuS7R7xo2pE6vlRhPeD6eTitqNmRMfgmMZLJCdWD5eechg2FNSIht+wB61KEwMBuARXX45nmvIknWiRBK0qAGMLgy46hAx60hf/2uzSuyF6cxQdRqH7TNKZ/06aC7fCo9MCvHbiWvOSKbRx+jYSw8L27DW8WbPTqTGhywidij3nQEjwCFof/IN/hdp7NLpF/8qAoxW9iLWHh7ghESSwHxDF+QC1NjyA1g9QvyX+4p/hzR71wvQ2OVT/R9qx45jJiEi4dVQtsPGbcMzY9gQNbzyzl898cvnp2OuS50kGxuJZaJLMOj2UClbpW+lTrrkKvBZKkAF85v+C6Xcx/waY01eH0PaDBpoo40Y+vS9nWLmnKcvz5iDC6DVL8gUyDxuQj6/qMQuVsr5GL7GnvqIF/jjz6rNqES5Lr88c18ZyWeaupAHNnSgxaGV8=
host.nc.chaoswg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE+xbsYUu5fNjUZuJMER9VMx7aPCPCVcZvBpnNjxySRrkUSOgLV6n2IYj+aTfrxT3sCJFzkXzNS8R25Fyqw53WE=
host.nc.chaoswg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfZWpJz8JiM6F5zXcUg9K7OsCx0UbrK4z9sijpmUn3F
host.nc.chaoswg.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiVZ57grUnL7JNyUTlU2LVVCS5cfC4dasBGvdQDlN36VNGxo3HDzu9ppichlXUO2KNT5J86sgh6o9KeAmu/mqIasNm2JQC+FIRc1xKQU1xufLVHm9LZqUfk18olHm8tTIxE3yOpcPYJRRlBe+l66OYary9huJfQZPvHik5umQ4fWg+l1VBd8p6IMOQHNA8AyGlb/VKg79c1Qk9fxzKxqkSAc0LCIwrNPSQNF8BzjiBXaw1AuHwvPDmMFjb3cFv4I8GwNSH/A1xRHXg2ymqE818A9eXim/RHDHNiyEf7HPC0kuT95x5ii9pd8WRqa5GXULSHMz1vajAMtgfnGawz8pvY+MnfOFqF2i5WLcaPSqK9IdFst6lFp2ThBCAijW2Wa8o8gQeazr3twhC9Dd5C3+HkNq2MpEYM8ck0yZUFhAkRPUc3laX+8y9KsiqDMbfg1aErEbrezlSb6h19oWVAhFy+d8xVUX53a/9C9uF3P8hFwy4o76lTHVwmB8rTD8DXT8=
infra.unruhig.eu ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGpspDDbmZt71/g8R4K+jn3A4n7z+8lO3unv8Pm8xLKhr3mDD0MErbRrP/ucYtsBRauMc+IOmBsDtM2Ayp/0zio=
infra.unruhig.eu ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8dLUAnoazcq9Tl2zeLP0Ed8QlMs6226raruQhP/0y8
infra.unruhig.eu ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0cOVaDYrycZ89VpBoysO2f5ihYGpz4Fxw2tpOSW16JztwGA7mksI9sSJUus69RtsFwgzxW9XNfKA1V63yVc5lE2f8PJg4zTTLtHRJk6V6mjWgIKQV6Ro9lxVW1g+bxVnRmkC2JC7OPE/k4qQcVKF7JMsCD8oG6uV4ghGaisDBifmixyGAwtsJ+Ev9M92HvWLvRRVLgMXozLgWfJUZJvz4p/xgKqrfS1WmjCRRqQT+FeI3BqWoA6l1jgY5xa/qeie5SYEClEp3K30wfI9bLBCSZiKYOHBnhrWtPcNw8z0G2pdLIbWpH6nM78nZ60UiK5yHjbR4XcxDxaZ695SKolyOjDazkt8yjuLM2kz//C+Tj/+1/rrUkEn8bT6zdJmmFzz++d+o6sYAPczcsmc40rs9+DHp7lFcgv7/RSVryXkdK71plhb4Uj/xpf2VlriiUe8+FzxMHu8NH5B3NlZAKLyhEQVPIHxsY0/7MjKdF2igGNgJZ7UA8BNYfTZ+9+Wx7cs=
mon1.hel1.chaoswg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFGUIZFzyXd6QAA4Xn+SikYIdfZ+c2R4aFXCY6/Gh2oZGjpq4xtHLw7AFyadnC1UGVNNINNJY1FLfgbavIkeh6M=
mon1.hel1.chaoswg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsSgW6MyvR0YJWn61UZLG8hgj/ewvlRqiHIZDAkYDtV
mon1.hel1.chaoswg.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCl6bzWEhtuyKLLOUjRv0mxkmzpnjGzzdkc2DFZU+ueiMG4cTxCpwO5cXOST8RXC5WU49HtEpW0ZX4oCWxdEKhFeUXpij1Ins9Hvx31nHMot7sTLa745QcR0feQGYFl9DXfK1OADvstzWBL4n/UO70psK2Ir6aoBV1CM18w2Gk+DVSh5coLsMRczPczzG08ALIvhWa/1l3ObX7tULjs2y5Pf0F6Ukns8wcfxarUfUihdgnRwHdyc4yxaLHBvizAs3bl1G7zXdOh4SMOjw219J1ORbO/+n9fTSwhs78jU0IQCSZgI86Tp+EaLk+6RmA9SIGhI0+s3qk6UfwqMFM6VPxbiCUMbUeAhGcOo8UD3PMlLeTHWBwADHl2ee/mUmXBUh6Smyr9YlpbSCfcTNgXX2enkByidIgy+tEhJzaTub9vFRt8q0nj7fEimqQ63NecMzMZXPTGxnCma5Y3/TSLeBPE1aUNLGea6MFwUevCamdn9qB/KTAmMoyRTRR8pREsdfs=
thonkpad.ka.chaoswg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDq68XLq1mlFsHDfa1mlpNJZ83wCR3ZO5C/fkNe+kVwG9apKmGdCaAWZs9n1MKe08maSLf5Dx01B+m79+l9KrKQ=
thonkpad.ka.chaoswg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY8bK8R5aUnXr/8vxZ6NSznTNGcTu4iQJJo5GYVXflR
thonkpad.ka.chaoswg.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8b0SqPTmmJYJEcGYMjeeyEZlEjjQTIj+XKZ3Sonbb6xT32SedabIJ8k+xw+yeRjDOhBnx1wl7KrfBhZqZ18qGbB3214d7QmgylWpC5KkQV89ow0c24JI2zSLfC3kMYbGvSSwch+ql8rLUBXGRczzMYuh9kWrXhkK9vF7821/pxBSsO4XD/9fZwEa/VfpakuFJUU0bmFGgi/OmlHf80U08B0LHlg/IYdM+3JemwWbx1swx7ylXwDUWGjyK5mxYR2SEBbwnHuCoanj8SW9xwPLfUOT9t5+IADtFya7J3o0cDAk+6ZjJOZcdtmY6WO1hR/K82aFnecAV4mjr8+fx/GpnbGCt8Jpv88bdhG7LWxzKESrZDbQDiZ2z4itkkq5fbOGeXeUrFuff8Vva/VtsUoLPToS6bctgVqZ2slbI+6J6YJXPE4LzUa57NRj2qyXSbr+q5q9URfrkOmFDwaBq5jLiFcDEDOS7UpAjoN5A1rAkxN7v+uP3gwYainkbx2+7DrM=

31
ansible/playbook.yaml
View File

@ -1,31 +0,0 @@
---
- name: Wait for hosts to be ready
hosts: all
gather_facts: false
tasks:
- name: Wait for system to become reachable
wait_for_connection:
timeout: 300
sleep: 10
- name: gather facts
ansible.builtin.setup:
gather_subset: all
- name: Common
ansible.builtin.import_playbook: plays/common.yaml
- name: host.nc.chaoswg.org
ansible.builtin.import_playbook: plays/vps.yaml
- name: mon1.hel1.chaoswg.org
ansible.builtin.import_playbook: plays/monitoring.yaml
- name: thonkpad.ka.chaoswg.org
ansible.builtin.import_playbook: plays/thonkpad.yaml
- name: infra.unruhig.eu
ansible.builtin.import_playbook: plays/infra.yaml
- name: filehost.unruhig.eu
ansible.builtin.import_playbook: plays/filehost.yaml
- name: grp_prometheus
ansible.builtin.import_playbook: plays/grp_prometheus.yaml
...

330
ansible/plays/common.yaml
View File

@ -1,330 +0,0 @@
- name: Setup SSH Config
hosts: all
become: true
become_user: root
tags:
- setup_ssh
- setup
tasks:
- name: Authorized_keys dir present
ansible.builtin.file:
state: directory
path: /etc/ssh/authorized_keys
owner: root
group: root
mode: '0755'
- name: Obtain Machine Pubkey
delegate_to: localhost
become: false
changed_when: false
register: pubkey
ansible.builtin.command:
cmd: "ssh-keygen -y -f {{ ansible_ssh_private_key_file }}"
- name: Deploy SSH-Keys
vars:
machine_key: "{{ pubkey.stdout }}"
ansible.builtin.template:
src: "authorized_keys.j2"
dest: "/etc/ssh/authorized_keys/{{ ansible_user }}"
owner: root
group: root
mode: '0644'
- name: Ensure authorized_keys ownership
ansible.builtin.file:
state: directory
path: /etc/ssh/authorized_keys
owner: root
group: root
mode: "u=rwX,g=rX,o=rX"
recurse: true
- name: Configure sshd
ansible.builtin.template:
src: 'sshd_config.j2'
dest: '/etc/ssh/sshd_config.d/99-override.conf'
owner: root
group: root
mode: '0600'
- name: Remove Keys Config
ansible.builtin.file:
state: absent
path: /etc/ssh/ssh_config.d/40-ssh-key-dir.conf
- name: Setup Networks
hosts: network_config
become: true
become_user: root
tasks:
- name: Setup wired interface
ansible.builtin.template:
src: "connection.nmconnection.j2"
dest: "/etc/NetworkManager/system-connections/Wired Connection 1.nmconnection"
owner: root
group: root
mode: '0600'
notify: Restart Network
- name: Setup DNS
ansible.builtin.lineinfile:
path: /etc/systemd/resolved.conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
notify: Restart systemd-resolved
loop:
- regexp: "^DNS="
line: "DNS=1.1.1.1"
- regexp: "^FallbackDNS="
line: "FallbackDNS=8.8.8.8"
handlers:
- name: Restart Network
ansible.builtin.systemd:
name: NetworkManager.service
state: restarted
- name: Restart systemd-resolved
ansible.builtin.systemd:
name: systemd-resolved.service
state: restarted
- name: Backup
hosts: backup
become: true
become_user: root
vars:
repo_path: "/var/home/backup/storagebox/{{ inventory_hostname }}"
password: "{{ backup.password }}"
pushkey: "{{ backup.pushkey }}"
tasks:
- name: Install backup script
vars:
repo: "ssh://{{ common.backup.user }}@{{ common.backup.url }}{{ repo_path }}"
ansible.builtin.template:
src: backup.sh.j2
dest: /root/backup.sh
mode: '0700'
owner: root
- name: Generate SSH directory
ansible.builtin.file:
path: /root/.ssh
owner: root
state: directory
mode: '0700'
- name: Generate SSH Key
community.crypto.openssh_keypair:
path: /root/.ssh/borgbackup
type: ed25519
owner: root
mode: '0600'
register: keypair
- name: Register SSH Key with backup server
become: true
become_user: root
delegate_to: filehost.unruhig.eu
ansible.builtin.lineinfile:
path: /etc/ssh/authorized_keys/backup
state: present
search_string: "{{ keypair.public_key }}"
line: 'command="borg serve --append-only --restrict-to-repository {{ repo_path }}",restrict {{ keypair.public_key }}'
- name: Add Known Hosts entries
ansible.builtin.known_hosts:
path: "/root/.ssh/known_hosts"
name: "filehost.unruhig.eu"
key: "{{ item }}"
loop: "{{ hostvars['filehost.unruhig.eu']['known_hosts'] }}"
- name: Restore from Backup
hosts: backup
become: true
become_user: root
gather_facts: true
vars:
repo_path: "/var/home/backup/storagebox/{{ inventory_hostname }}"
password: "{{ backup.password }}"
pushkey: "{{ backup.pushkey }}"
tasks:
- name: Check if restore is needed
ansible.builtin.stat:
path: "/etc/setup_complete"
register: setup_complete
- block:
- name: Install restore script
vars:
repo: "ssh://{{ common.backup.user }}@{{ common.backup.url }}{{ repo_path }}"
ansible.builtin.template:
src: restore.sh.j2
dest: /root/restore.sh
mode: '0700'
owner: root
- name: Stop and mask backup service
become: true
become_user: root
ansible.builtin.systemd:
name: "borgbackup.service"
state: stopped
masked: true
- name: Restore from Borg
become: true
become_user: root
ansible.builtin.command:
chdir: /
cmd: bash /root/restore.sh
- name: Remove script from host
ansible.builtin.file:
path: /root/restore.sh
state: absent
- name: Mark setup as complete
ansible.builtin.file:
path: "/etc/setup_complete"
state: touch
owner: root
group: root
mode: 0600
- name: Unmask backup service
become: true
become_user: root
ansible.builtin.systemd:
name: "borgbackup.service"
state: stopped
masked: false
when: not setup_complete.stat.exists
- name: Setup Registry credentials
hosts: all
tasks:
- ansible.builtin.file:
path: /home/core/.docker
owner: core
state: directory
mode: '0700'
- ansible.builtin.template:
src: docker-config.json.j2
dest: /home/core/.docker/config.json
mode: '0600'
owner: core
- name: Setup Docker Config
hosts: all
become: true
become_user: root
tasks:
- ansible.builtin.file:
path: /etc/docker
owner: root
state: directory
mode: '0700'
- name: Template Config
ansible.builtin.template:
src: "docker-daemon.json.j2"
dest: /etc/docker/daemon.json
owner: root
group: root
mode: '0600'
notify: Restart Docker
- name: Check if sysconfig exists
ansible.builtin.stat:
path: /etc/sysconfig/docker
register: sysconfig
- name: Remove ulimits from sysconfig
ansible.builtin.lineinfile:
path: /etc/sysconfig/docker
search_string: '--default-ulimit nofile='
state: absent
when: sysconfig.stat.exists
notify: Restart Docker
- name: Remove log-driver from sysconfig
ansible.builtin.lineinfile:
path: /etc/sysconfig/docker
search_string: '--log-driver='
state: absent
when: sysconfig.stat.exists
notify: Restart Docker
- name: Restart Docker if necessary
meta: flush_handlers
handlers:
- name: Restart Docker
ansible.builtin.systemd:
state: restarted
name: docker.service
- name: Setup internal networks
hosts: all
tasks:
- name: Setup network
community.docker.docker_network:
name: "{{ item }}"
internal: true
loop: "{{ docker.internal_networks | default([]) }}"
- name: Setup Push Monitoring
hosts: all
tags:
- never
- setup_monitoring
- setup
tasks:
- name: Login to Kuma
delegate_to: localhost
check_mode: false
lucasheld.uptime_kuma.login:
api_url: "{{ kuma.api_url }}"
api_username: "{{ kuma.api_username }}"
api_password: "{{ kuma.api_password }}"
register: kumalogin
- name: Create Kuma Monitor
delegate_to: localhost
check_mode: false
lucasheld.uptime_kuma.monitor:
api_url: "{{ kuma.api_url }}"
api_token: "{{ kumalogin.token }}"
name: "{{ inventory_hostname }}"
description: "Managed by Ansible"
type: push
interval: "{{ heartbeat_timer_interval|mandatory + 30 }}"
maxretries: 2
notification_names:
- "Kuma Statusmonitor"
state: present
- name: Obtain Kuma Push Token
delegate_to: localhost
check_mode: false
lucasheld.uptime_kuma.monitor_info:
api_url: "{{ kuma.api_url }}"
api_token: "{{ kumalogin.token }}"
name: "{{ inventory_hostname }}"
register: monitor
- name: Check if user is lingering
stat:
path: "/var/lib/systemd/linger/{{ ansible_user }}"
register: user_lingering
- name: Enable lingering for user if needed
command: "loginctl enable-linger {{ ansible_user }}"
when:
- not user_lingering.stat.exists
- name: Create systemd config dir
file:
state: directory
path: "/home/{{ ansible_user }}/.config/systemd/user"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: '0755'
- name: Copy Push Monitor Service and Timer
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/home/{{ ansible_user }}/.config/systemd/user/{{ item }}"
mode: '0600'
owner: "{{ ansible_user }}"
vars:
monitor_url: "{{ kuma.api_url }}/api/push/{{ monitor.monitors[0].pushToken }}?status=up&msg=OK"
loop:
- heartbeat.service
- heartbeat.timer
- name: Enable timer
ansible.builtin.systemd:
scope: user
name: heartbeat.timer
state: started
enabled: true
masked: false
daemon_reload: true
- name: Setup Infrastructure Wireguard
tags:
- never
- setup
- setup_wireguard
- setup_vpn
ansible.builtin.import_playbook: vpn.yaml
# vim: ft=yaml.ansible

41
ansible/plays/docker.yaml
View File

@ -1,41 +0,0 @@
- name: Migrate to docker compose v2
hosts: all
become: true
become_user: root
pre_tasks:
- name: Find deployed projects
ansible.builtin.find:
paths: /home/core/compose
recurse: no
file_type: directory
register: find_challenges
- name: Register Projects Fact
ansible.builtin.set_fact:
deployed_challenges: "{{ find_challenges.files | map(attribute='path') | map('basename') }}"
- name: Undeploy
include_tasks: undeploy.yaml
loop: "{{ deployed_challenges | mandatory }}"
loop_control:
loop_var: item
label: "{{ item }}"
tasks:
- name: Install Repo
copy:
dest: /etc/yum.repos.d/docker-ce.repo
src: docker.repo
owner: root
group: root
mode: '0644'
- name: Remove legacy versions
command: "rpm-ostree override remove --reboot docker containerd runc"
async: true
poll: 0
ignore_errors: true
- name: Wait for host
ansible.builtin.wait_for_connection:
delay: 90
- name: Install new docker versions
command: "rpm-ostree install -A -y --idempotent docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-buildx-plugin"
- name: Redeploy
ansible.builtin.import_playbook: ../playbook.yaml

78
ansible/plays/filehost.yaml
View File

@ -1,78 +0,0 @@
- name: Setup Users
hosts: filehost.unruhig.eu
gather_facts: false
tasks:
- name: Create user [backup]
become: true
ansible.builtin.user:
name: backup
comment: Used for receiving borg backups
shell: /bin/bash
create_home: true
state: present
generate_ssh_key: true
ssh_key_type: "ed25519"
ssh_key_file: ".ssh/storagebox"
- name: Create mount directory
become: true
become_user: backup
ansible.builtin.file:
path: "/home/backup/storagebox"
state: directory
owner: backup
group: backup
mode: '0700'
- name: Create user [files]
become: true
ansible.builtin.user:
name: files
comment: Used for providing access to files
shell: /bin/bash
create_home: true
state: present
generate_ssh_key: true
ssh_key_type: "ed25519"
ssh_key_file: ".ssh/storagebox"
- name: Create mount directory
become: true
become_user: files
ansible.builtin.file:
path: "/home/files/data"
state: directory
owner: files
group: files
mode: '0700'
- name: Setup mounts
hosts: filehost.unruhig.eu
become: true
become_user: root
pre_tasks:
- name: Info user [backup]
become: true
ansible.builtin.user:
name: backup
state: present
register: user_backup
- name: Info user [files]
become: true
ansible.builtin.user:
name: files
state: present
register: user_files
roles:
- role: ansible_systemd_mounts
mounts:
backup:
share: "//{{ backup.cifs.host }}/{{ backup.cifs.user }}"
mount: "{{ user_backup.home }}/storagebox"
type: "cifs"
options: "_netdev,iocharset=utf8,seal,x-systemd.automount,username={{ backup.cifs.user }},password={{ backup.cifs.password }},uid={{ user_backup.uid }},gid={{ user_backup.group }}"
automount: true
files:
share: "//{{ files.cifs.host }}/{{ files.cifs.user }}"
mount: "{{ user_files.home }}/data"
type: "cifs"
options: "_netdev,iocharset=utf8,seal,x-systemd.automount,username={{ files.cifs.user }},password={{ files.cifs.password }},uid={{ user_files.uid }},gid={{ user_files.group }}"
automount: true
# vim: ft=yaml.ansible

6
ansible/plays/files/docker.repo
View File

@ -1,6 +0,0 @@
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg

8
ansible/plays/grp_prometheus.yaml
View File

@ -1,8 +0,0 @@
- name: Deploy Metrics exporter
hosts: prometheus
vars:
state: running
roles:
- {role: compose_project, service: metric-export}
# vim: ft=yaml.ansible

16
ansible/plays/infra.yaml
View File

@ -1,16 +0,0 @@
- name: Setup Infra Meta Host
hosts: infra.unruhig.eu
gather_facts: false
vars:
state: running
base_domain: "tobiasmanske.de"
roles:
- {role: compose_project, service: traefik}
- {role: compose_project, service: keycloak}
# - {role: compose_project, service: db} # database used for terraform state
# - {role: compose_project, service: monitoring-stack} # mimir, loki, grafana
- {role: compose_project, service: pantalaimon}
- {role: compose_project, service: watchtower}
- {role: compose_project, service: vaultwarden}
# vim: ft=yaml.ansible

30
ansible/plays/monitoring.yaml
View File

@ -1,30 +0,0 @@
- name: Base Setup Monitoring
hosts: mon1.hel1.chaoswg.org
vars:
state: running
roles:
- {role: compose_project, service: traefik}
- {role: compose_project, service: pantalaimon}
- {role: compose_project, service: watchtower}
- name: Setup Monitoring Kuma 1
hosts: mon1.hel1.chaoswg.org
vars:
state: running
roles:
- role: compose_project
service: kuma
vars:
service_name: "tobias"
urls:
- "status.tobiasmanske.de"
- "monitor.chaoswg.org"
- name: Setup Monitoring Kuma 2
hosts: mon1.hel1.chaoswg.org
vars:
state: running
roles:
- role: compose_project
service: kuma
vars:
service_name: "istannen"
urls: ["monitor.ialistannen.de"]

1
ansible/plays/services/ba-gitlab-runner/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=gitlab-ba

39
ansible/plays/services/ba-gitlab-runner/docker-compose.yaml
View File

@ -1,39 +0,0 @@
---
version: "3.4"
services:
dind:
image: docker:dind
restart: unless-stopped
privileged: true
volumes:
- /lib/modules:/lib/modules:ro
environment:
DOCKER_TLS_CERTDIR: ""
networks:
- backend
- default
runner:
image: gitlab/gitlab-runner:alpine
restart: unless-stopped
depends_on:
- dind
networks:
- default
- backend
volumes:
- runner_cfg:/etc/gitlab-runner:z
environment:
- DOCKER_HOST=tcp://dind:2375
- CI_SERVER_URL={{ ba_gitlab_runner.server }}
- REGISTRATION_TOKEN={{ ba_gitlab_runner.token }}
volumes:
runner_cfg:
networks:
backend:
internal: true
...

14
ansible/plays/services/caddy/Caddyfile
View File

@ -1,14 +0,0 @@
{
auto_https off
}
{% for rule in redirect.hosts %}
http://{{ rule.from }} {
{% if rule.keepUri %}
redir https://{{ rule.to }}{uri}
{% else %}
redir https://{{ rule.to }}
{% endif %}
}
{% endfor %}

1
ansible/plays/services/diun/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=diun

19
ansible/plays/services/diun/diun.yml
View File

@ -1,19 +0,0 @@
watch:
workers: 20
schedule: "0 */6 * * *"
firstCheckNotif: false
notif:
matrix:
homeserverURL: http://pantalaimon:8008
user: "{{ diun.matrix.user }}"
password: "{{ diun.matrix.password }}"
roomID: "{{ diun.matrix.roomID }}"
msgType: notice
templateBody: |
{% raw %}Docker tag {{ if .Entry.Image.HubLink }}[**{{ .Entry.Image }}**]({{ .Entry.Image.HubLink }}){{ else }}**{{ .Entry.Image }}**{{ end }} which you subscribed to through {{ .Entry.Provider }} provider {{ if (eq .Entry.Status "new") }}is available{{ else }}has been updated{{ end }} on {{ .Entry.Image.Domain }} registry.
{{ if and (eq .Entry.Status "new") (eq .Entry.Image "docker.io/jitsi/web") }}See https://github.com/jitsi/docker-jitsi-meet/releases/tag/{{ .Entry.Image.Tag }}{{ end }}{% endraw %}
providers:
file:
filename: /watch.yml

29
ansible/plays/services/diun/docker-compose.yaml
View File

@ -1,29 +0,0 @@
---
version: "3.4"
services:
diun:
image: crazymax/diun:latest
container_name: diun
command: serve
volumes:
- "data:/data"
- "./diun.yml:/diun.yml:ro,Z"
- "./watch.yml:/watch.yml:ro,Z"
environment:
- "TZ=Europe/Berlin"
- "LOG_LEVEL=info"
- "LOG_JSON=false"
restart: always
networks:
- default
- pantalaimon
volumes:
data:
networks:
pantalaimon:
external: true
...

6
ansible/plays/services/diun/watch.yml
View File

@ -1,6 +0,0 @@
- name: docker.io/jitsi/web
watch_repo: true
notify_on:
- new
include_tags:
- ^stable-\d+

1
ansible/plays/services/filestash/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=filestash

21
ansible/plays/services/filestash/docker-compose.yaml
View File

@ -1,21 +0,0 @@
version: "3.4"
services:
filestash:
container_name: filestash
image: machines/filestash:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.filestash.rule=Host(`stash.unruhig.eu`)"
- "traefik.http.routers.filestash.entryPoints=websecure"
- "traefik.http.services.filestash.loadbalancer.server.port=8334"
environment:
- "APPLICATION_URL=https://stash.unruhig.eu"
volumes:
- data:/app/data/state/
networks:
- default
volumes:
data:

1
ansible/plays/services/gitea-runner/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=gitea-runner

44
ansible/plays/services/gitea-runner/docker-compose.yaml
View File

@ -1,44 +0,0 @@
---
version: '3.9'
services:
dind:
image: docker:dind
restart: unless-stopped
privileged: true
volumes:
- /lib/modules:/lib/modules:ro
environment:
DOCKER_TLS_CERTDIR: ""
command:
- '--tls=false' # Do not force TLS; note that this service is NOT exposed to the internet
networks:
- backend
- default
drone_runner:
image: drone/drone-runner-docker:1
restart: always
environment:
- "DOCKER_HOST=tcp://dind:2375"
- "DRONE_LIMIT_MEM=8192000000"
- "DRONE_RPC_SECRET={{ gitea.drone.rpc_secret }}"
- "DRONE_RPC_HOST=drone.tobiasmanske.de"
- "DRONE_RPC_PROTO=https"
- "DRONE_RUNNER_CAPACITY={{ gitea.drone.runner_capacity }}"
- "DRONE_RUNNER_NAME={{ gitea.drone.runner_name }}"
{% if gitea.drone.runner_labels is defined %}
- "DRONE_RUNNER_LABELS={{ gitea.drone.runner_labels | join(',') }}"
{% endif %}
- "DRONE_RUNNER_CLONE_IMAGE=drone/git:linux-amd64"
- "DRONE_RUNNER_VOLUMES=/etc/hosts:/etc/hosts"
depends_on:
- dind
networks:
- backend
- default
networks:
backend:
internal: true
...

1
ansible/plays/services/gotosocial/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=gotosocial

69
ansible/plays/services/gotosocial/docker-compose.yaml
View File

@ -1,69 +0,0 @@
{% import 'macro/postgres.j2' as pg with context %}
---
version: '3'
services:
gotosocial:
image: superseriousbusiness/gotosocial:latest
restart: unless-stopped
user: "1000:1000"
depends_on:
db:
condition: service_healthy
environment:
GTS_LOG_LEVEL: "info"
GTS_HOST: "social.unruhig.eu"
GTS_ACCOUNT_DOMAIN: "unruhig.eu"
GTS_DB_TYPE: "postgres"
GTS_DB_ADDRESS: "db"
GTS_DB_PORT: "5432"
GTS_DB_DATABASE: "{{ gotosocial.db.user }}"
GTS_DB_USER: "{{ gotosocial.db.user }}"
GTS_DB_PASSWORD: "{{ gotosocial.db.password }}"
GTS_TRUSTED_PROXIES: "127.0.0.1/32,10.254.0.0/17,fd64:2::/104,::1"
GTS_INSTANCE_LANGUAGES: "de,en-gb"
GTS_LETSENCRYPT_ENABLED: "false"
GTS_METRICS_ENABLED: "true"
GTS_LANDING_PAGE_USER: "admin"
# STORAGE
GTS_STORAGE_BACKEND: "s3"
GTS_STORAGE_S3_ENDPOINT: "{{ gotosocial.s3.endpoint }}"
GTS_STORAGE_S3_BUCKET: "{{ gotosocial.s3.bucket }}"
GTS_STORAGE_S3_ACCESS_KEY: "{{ gotosocial.s3.access_key }}"
GTS_STORAGE_S3_SECRET_KEY: "{{ gotosocial.s3.secret_key | mandatory }}"
# OPENID CONNECT
GTS_OIDC_ENABLED: "true"
GTS_OIDC_IDP_NAME: "KeyCloak"
GTS_OIDC_ISSUER: "{{ gotosocial.oidc.issuer }}"
GTS_OIDC_CLIENT_ID: "{{ gotosocial.oidc.client_id }}"
GTS_OIDC_CLIENT_SECRET: "{{ gotosocial.oidc.client_secret }}"
GTS_OIDC_ADMIN_GROUPS: "gotosocial-admin,service-admin"
GTS_OIDC_SCOPES: "openid,email,profile"
# GTS_ACCOUNTS_REGISTRATION_OPEN: "false"
TZ: "Europe/Berlin"
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.gotosocial.rule=(Host(`social.unruhig.eu`) || (Host(`unruhig.eu`) && Path(`/.well-known/{a:(webfinger|nodeinfo|host-meta)}`)))"
- "traefik.http.routers.gotosocial.entryPoints=websecure"
- "traefik.http.services.gotosocial.loadbalancer.server.port=8080"
- "traefik.http.routers.gotosocial.middlewares=deny-metrics@file"
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
networks:
- backend
- default
- metrics
{{ pg.postgres("db", gotosocial.db.user, gotosocial.db.password, gotosocial.db.user, ["backend"]) }}
volumes:
db_data:
networks:
backend:
internal: true
metrics:
external: true
postgres:
internal: true
...

1
ansible/plays/services/grafana/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=grafana

48
ansible/plays/services/grafana/docker-compose.yaml
View File

@ -1,48 +0,0 @@
version: "3.4"
services:
grafana:
image: grafana/grafana:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.grafana.rule=Host(`grafana.tobiasmanske.de`)"
- "traefik.http.routers.grafana.entryPoints=websecure"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
environment:
- "GF_SERVER_ROOT_URL=https://grafana.tobiasmanske.de"
- "GF_SECURITY_ADMIN_USER={{ grafana.admin.user }}"
- "GF_SECURITY_ADMIN_PASSWORD={{ grafana.admin.password }}"
- "GF_AUTH_GENERIC_OAUTH_NAME=Keycloak"
- "GF_AUTH_GENERIC_OAUTH_ENABLED=true"
- "GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true"
- "GF_AUTH_GENERIC_OAUTH_CLIENT_ID={{ grafana.oidc.client_id }}"
- "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET={{ grafana.oidc.client_secret }}"
- "GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile offline_access roles"
- "GF_AUTH_GENERIC_OAUTH_GROUP_ATTRIBUTE_PATH=groups"
- "GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email"
- "GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username"
- "GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name"
- "GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/auth"
- "GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/token"
- "GF_AUTH_GENERIC_OAUTH_API_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/userinfo"
- "GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(resource_access.grafana.roles[*], 'serveradmin') && 'GrafanaAdmin' || contains(resource_access.grafana.roles[*], 'admin') && 'Admin' || contains(resource_access.grafana.roles[*], 'editor') && 'Editor' || contains(resource_access.grafana.roles[*], 'viewer') && 'Viewer' || 'None'"
- "GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN=true"
volumes:
- data:/var/lib/grafana
- ./grafana-ds.yml:/etc/grafana/provisioning/datasources/datasource.yml:ro,Z
- ./grafana-db.yml:/etc/grafana/provisioning/dashboards/datasource.yml:ro,Z
- ./grafana-dashboards:/var/lib/grafana/dashboards:ro,Z
networks:
- default
- metrics
volumes:
data:
networks:
backend:
internal: true
metrics:
external: true
postgres:
internal: true

1313
ansible/plays/services/grafana/grafana-dashboards/cadvisor.json
View File

File diff suppressed because it is too large Load Diff

602
ansible/plays/services/grafana/grafana-dashboards/droneci.json
View File

@ -1,602 +0,0 @@
{% raw %}
{
"__inputs": [
{
"name": "DS_PROMETHEUS",
"label": "Prometheus",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__elements": {},
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "10.0.3"
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "1.0.0"
},
{
"type": "panel",
"id": "stat",
"name": "Stat",
"version": ""
},
{
"type": "panel",
"id": "timeseries",
"name": "Time series",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"description": "Dashboard for Drone CI",
"editable": true,
"fiscalYearStartMonth": 0,
"gnetId": 16720,
"graphTooltip": 2,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 4,
"x": 0,
"y": 0
},
"id": 2,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"expr": "sum(drone_build_count) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"refId": "A"
}
],
"title": "Total Builds",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 4,
"x": 4,
"y": 0
},
"id": 4,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"expr": "sum(drone_repo_count) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"refId": "A"
}
],
"title": "Activated Repos",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 4,
"x": 8,
"y": 0
},
"id": 7,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "none",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_user_count) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"range": true,
"refId": "A"
}
],
"title": "Total Users",
"type": "stat"
},
{
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 4
},
"id": 10,
"title": "Metrics",
"type": "row"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"decimals": 0,
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 10,
"w": 12,
"x": 0,
"y": 5
},
"id": 6,
"links": [],
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "9.0.7",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_running_builds) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "running builds",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_pending_builds) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "pending builds",
"range": true,
"refId": "B"
}
],
"title": "Builds",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"decimals": 0,
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 10,
"w": 12,
"x": 12,
"y": 5
},
"id": 8,
"links": [],
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "9.0.7",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_running_jobs) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "running jobs",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "code",
"expr": "sum(drone_pending_jobs) by (application_name)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "pending jobs",
"range": true,
"refId": "B"
}
],
"title": "Jobs",
"type": "timeseries"
}
],
"refresh": "1m",
"schemaVersion": 38,
"style": "dark",
"tags": [
"drone",
"drone-ci",
"ci/cd"
],
"templating": {
"list": [
{
"current": {
"selected": true,
"text": "Prometheus",
"value": "Prometheus"
},
"hide": 0,
"includeAll": false,
"label": "datasource",
"multi": false,
"name": "DS_PROMETHEUS",
"options": [],
"query": "prometheus",
"queryValue": "",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
}
]
},
"time": {
"from": "now-12h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Drone CI",
"uid": "IT4-bnNik",
"version": 2,
"weekStart": ""
}
{% endraw %}

4506
ansible/plays/services/grafana/grafana-dashboards/hedgedoc.json
View File

File diff suppressed because it is too large Load Diff

440
ansible/plays/services/grafana/grafana-dashboards/kuma.json
View File

@ -1,440 +0,0 @@
{% raw %}
{
"__inputs": [
{
"name": "DS_PROMETHEUS",
"label": "Prometheus",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__elements": {},
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "10.0.3"
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "1.0.0"
},
{
"type": "panel",
"id": "stat",
"name": "Stat",
"version": ""
},
{
"type": "panel",
"id": "timeseries",
"name": "Time series",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"description": "A dashboard to show the data from the excellent Uptime Kuma project!",
"editable": true,
"fiscalYearStartMonth": 0,
"gnetId": 14847,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"0": {
"color": "red",
"index": 0,
"text": "DOWN"
},
"1": {
"color": "green",
"index": 1,
"text": "UP"
}
},
"type": "value"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 17,
"w": 24,
"x": 0,
"y": 0
},
"id": 4,
"options": {
"colorMode": "background",
"graphMode": "area",
"justifyMode": "center",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "monitor_status ",
"interval": "",
"legendFormat": "{{ monitor_name }}",
"refId": "A"
}
],
"title": "Site Status",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "red",
"value": null
},
{
"color": "#EAB839",
"value": 30
},
{
"color": "green",
"value": 60
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 13,
"x": 0,
"y": 17
},
"id": 6,
"options": {
"colorMode": "background",
"graphMode": "area",
"justifyMode": "center",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "monitor_cert_days_remaining",
"interval": "",
"legendFormat": "{{ monitor_name }}",
"refId": "A"
}
],
"title": "TLS Certificate Remaining Days",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [
{
"options": {
"0": {
"color": "red",
"index": 0,
"text": "EXPIRED"
},
"1": {
"color": "green",
"index": 1,
"text": "VALID"
}
},
"type": "value"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "red",
"value": null
},
{
"color": "green",
"value": 1
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 11,
"x": 13,
"y": 17
},
"id": 5,
"options": {
"colorMode": "background",
"graphMode": "area",
"justifyMode": "center",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "10.0.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "monitor_cert_is_valid",
"interval": "",
"legendFormat": "{{ monitor_name }}",
"refId": "A"
}
],
"title": "TLS Certificate Status",
"type": "stat"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "ms"
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 26
},
"id": 2,
"options": {
"legend": {
"calcs": [
"max",
"min",
"lastNotNull"
],
"displayMode": "table",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "sum(monitor_response_time{}) by (monitor_name)",
"interval": "",
"legendFormat": "{{ monitor_name }}",
"refId": "A"
}
],
"title": "Response Times",
"type": "timeseries"
}
],
"refresh": "30s",
"revision": 1,
"schemaVersion": 38,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"current": {
"selected": false,
"text": "Prometheus",
"value": "Prometheus"
},
"hide": 0,
"includeAll": false,
"multi": false,
"name": "DS_PROMETHEUS",
"options": [],
"query": "prometheus",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
}
]
},
"time": {
"from": "now-5m",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Uptime Kuma",
"uid": "CN8E-vZ7k",
"version": 4,
"weekStart": ""
}
{% endraw %}

1565
ansible/plays/services/grafana/grafana-dashboards/miniflux.json
View File

File diff suppressed because it is too large Load Diff

3214
ansible/plays/services/grafana/grafana-dashboards/minio.json
View File

File diff suppressed because it is too large Load Diff

1598
ansible/plays/services/grafana/grafana-dashboards/prometheus-stats.json
View File

File diff suppressed because it is too large Load Diff

562
ansible/plays/services/grafana/grafana-dashboards/smokeping.json
View File

@ -1,562 +0,0 @@
{% raw %}
{
"__inputs": [
{
"name": "DS_MIMIR_NETCUP",
"label": "Mimir Netcup",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__elements": {},
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "10.2.3"
},
{
"type": "panel",
"id": "heatmap",
"name": "Heatmap",
"version": ""
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "1.0.0"
},
{
"type": "panel",
"id": "timeseries",
"name": "Time series",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"description": "Smoke Ping using https://github.com/SuperQ/smokeping_prober\r\nwith \r\nlatency heatmap\r\nlatency graph\r\npacket loss gragh\r\n",
"editable": true,
"fiscalYearStartMonth": 0,
"gnetId": 11335,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"cards": {},
"color": {
"cardColor": "#FF9830",
"colorScale": "sqrt",
"colorScheme": "interpolateOranges",
"exponent": 0.5,
"mode": "opacity"
},
"dataFormat": "tsbuckets",
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"fieldConfig": {
"defaults": {
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"scaleDistribution": {
"type": "linear"
}
}
},
"overrides": []
},
"gridPos": {
"h": 10,
"w": 12,
"x": 0,
"y": 0
},
"heatmap": {},
"hideZeroBuckets": false,
"highlightCards": true,
"id": 2,
"legend": {
"show": false
},
"links": [],
"options": {
"calculate": false,
"calculation": {},
"cellGap": 2,
"cellValues": {},
"color": {
"exponent": 0.5,
"fill": "#FF9830",
"mode": "opacity",
"reverse": false,
"scale": "exponential",
"scheme": "Oranges",
"steps": 128
},
"exemplars": {
"color": "rgba(255,0,255,0.7)"
},
"filterValues": {
"le": 1e-9
},
"legend": {
"show": true
},
"rowsFrame": {
"layout": "auto"
},
"showValue": "never",
"tooltip": {
"show": true,
"showColorScale": false,
"yHistogram": false
},
"yAxis": {
"axisPlacement": "right",
"decimals": 0,
"min": "0",
"reverse": false,
"unit": "s"
}
},
"pluginVersion": "10.2.3",
"reverseYBuckets": false,
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"editorMode": "code",
"expr": "sum(rate(smokeping_response_duration_seconds_bucket{host=\"$target\", __tenant_id__=\"$source\"}[1m])) by (le)",
"format": "heatmap",
"intervalFactor": 1,
"legendFormat": "{{le}}",
"range": true,
"refId": "A"
}
],
"title": "Smoke Ping - $target",
"tooltip": {
"show": true,
"showHistogram": false
},
"transparent": true,
"type": "heatmap",
"xAxis": {
"show": true
},
"yAxis": {
"decimals": 0,
"format": "s",
"logBase": 1,
"min": "0",
"show": true
},
"yBucketBound": "auto"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "Loss %",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percentunit"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Count"
},
"properties": [
{
"id": "custom.fillOpacity",
"value": 0
},
{
"id": "unit",
"value": "none"
},
{
"id": "decimals",
"value": 0
},
{
"id": "custom.axisLabel",
"value": "Loss Packet"
},
{
"id": "custom.lineStyle",
"value": {
"dash": [
10,
10
],
"fill": "dash"
}
}
]
}
]
},
"gridPos": {
"h": 10,
"w": 12,
"x": 12,
"y": 0
},
"id": 4,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "10.2.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"editorMode": "code",
"expr": "(smokeping_requests_total{host=\"$target\", __tenant_id__=\"$source\"} - smokeping_response_duration_seconds_count{host=\"$target\", __tenant_id__=\"$source\"})/smokeping_requests_total{host=\"$target\", __tenant_id__=\"$source\"} ",
"legendFormat": "Percentage",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"editorMode": "code",
"expr": "(smokeping_requests_total{host=\"$target\", __tenant_id__=\"$source\"} - smokeping_response_duration_seconds_count{host=\"$target\", __tenant_id__=\"$source\"})",
"legendFormat": "Count",
"range": true,
"refId": "B"
}
],
"title": "Packet Loss - $target",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "s"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Count"
},
"properties": [
{
"id": "custom.fillOpacity",
"value": 0
},
{
"id": "unit",
"value": "none"
},
{
"id": "decimals",
"value": 0
},
{
"id": "custom.axisPlacement",
"value": "hidden"
},
{
"id": "custom.axisLabel",
"value": "Loss Packet"
},
{
"id": "custom.lineStyle",
"value": {
"dash": [
10,
10
],
"fill": "dash"
}
}
]
}
]
},
"gridPos": {
"h": 10,
"w": 24,
"x": 0,
"y": 10
},
"id": 5,
"options": {
"legend": {
"calcs": [
"mean",
"lastNotNull",
"max",
"min"
],
"displayMode": "table",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "10.2.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"editorMode": "code",
"expr": "smokeping_response_duration_seconds_sum{host=\"$target\", __tenant_id__=\"$source\"} / smokeping_response_duration_seconds_count{host=\"$target\", __tenant_id__=\"$source\"}",
"legendFormat": "{{host}}",
"range": true,
"refId": "A"
}
],
"title": "Latency - $target",
"transparent": true,
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 39,
"tags": [],
"templating": {
"list": [
{
"current": {},
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"definition": "label_values(smokeping_response_duration_seconds_bucket, host)",
"hide": 0,
"includeAll": false,
"multi": false,
"name": "target",
"options": [],
"query": "label_values(smokeping_response_duration_seconds_bucket, host)",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"current": {},
"datasource": {
"type": "prometheus",
"uid": "${DS_MIMIR_NETCUP}"
},
"definition": "label_values(__tenant_id__)",
"description": "Host to query from",
"hide": 0,
"includeAll": false,
"label": "Host",
"multi": false,
"name": "source",
"options": [],
"query": {
"qryType": 1,
"query": "label_values(__tenant_id__)",
"refId": "PrometheusVariableQueryEditor-VariableQuery"
},
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"type": "query"
}
]
},
"time": {
"from": "now-30m",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Smoke Ping",
"uid": "i5aRaLaik",
"version": 4,
"weekStart": ""
}
{% endraw %}

12765
ansible/plays/services/grafana/grafana-dashboards/synapse.json
View File

File diff suppressed because it is too large Load Diff

1445
ansible/plays/services/grafana/grafana-dashboards/traefik2.json
View File

File diff suppressed because it is too large Load Diff

12
ansible/plays/services/grafana/grafana-db.yml
View File

@ -1,12 +0,0 @@
apiVersion: 1
providers:
- name: "Dashboard provider"
orgId: 1
type: file
disableDeletion: false
updateIntervalSeconds: 10
allowUiUpdates: true
options:
path: /var/lib/grafana/dashboards
foldersFromFilesStructure: true

28
ansible/plays/services/grafana/grafana-ds.yml
View File

@ -1,28 +0,0 @@
apiVersion: 1
datasources:
- name: Mimir Netcup
type: prometheus
basicAuth: true
basicAuthUser: {{ common.mimir.username }}
jsonData:
httpHeaderName1: "X-Scope-OrgID"
secureJsonData:
basicAuthPassword: {{ common.mimir.password }}
httpHeaderValue1: "{{ groups['prometheus']|map('extract', hostvars, 'inventory_hostname')|join('|')|replace('.','-') }}"
url: https://{{ common.mimir.host }}/prometheus
isDefault: false
access: proxy
editable: true
- name: Loki
type: loki
access: proxy
orgId: 1
url: https://{{ common.loki.host }}
basicAuth: true
basicAuthUser: {{ common.loki.username }}
secureJsonData:
basicAuthPassword: {{ common.loki.password }}
isDefault: false
version: 1
editable: true

3
ansible/plays/services/jellyfin/.env
View File

@ -1,3 +0,0 @@
COMPOSE_PROJECT_NAME=jellyfin
UID=64001
GID=64001

25
ansible/plays/services/jellyfin/docker-compose.yaml
View File

@ -1,25 +0,0 @@
---
version: "3.4"
services:
jellyfin:
image: jellyfin/jellyfin:latest
user: "$UID:$GID"
ports:
- "8096:8096/tcp"
restart: always
volumes:
- "library:/media"
- "cache:/cache"
- "config:/config"
volumes:
library:
driver: local
driver_opts:
type: cifs
device: "{{ jellyfin.cifs.address }}"
o: "username={{ jellyfin.cifs.username }},password={{ jellyfin.cifs.password }},vers=3.0,uid=$UID,gid=$GID"
cache:
config:
...

1
ansible/plays/services/keycloak/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=keycloak

43
ansible/plays/services/keycloak/docker-compose.yaml
View File

@ -1,43 +0,0 @@
{% import 'macro/postgres.j2' as pg with context %}
---
version: '3.9'
services:
keycloak:
image: registry.tobiasmanske.de/keycloak:main
command: start
depends_on:
pg:
condition: service_healthy
environment:
- "KC_DB=postgres"
- "KC_DB_URL_HOST=pg"
- "KC_DB_URL_DATABASE={{ auth.db.name }}"
- "KC_DB_USERNAME={{ auth.db.user }}"
- "KC_DB_PASSWORD={{ auth.db.password }}"
- "KEYCLOAK_ADMIN={{ auth.keycloak.user }}"
- "KEYCLOAK_ADMIN_PASSWORD={{ auth.keycloak.password }}"
- "KC_PROXY=edge"
- "KC_HOSTNAME=auth.tobiasmanske.de"
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.keycloak.rule=Host(`auth.tobiasmanske.de`)"
- "traefik.http.routers.keycloak.entryPoints=websecure"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
restart: always
networks:
- backend
- default # keycloak needs to talk to social logins
{{ pg.postgres("pg", auth.db.user, auth.db.password, auth.db.name, ["backend"]) }}
networks:
postgres:
internal: true
backend:
internal: true
volumes:
pg_data:
...

1
ansible/plays/services/kuma/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=kuma-{{ service_name|default("kuma") }}

26
ansible/plays/services/kuma/docker-compose.yaml
View File

@ -1,26 +0,0 @@
{% set _name = service_name|default("kuma") %}
{% set _urls = urls|default(kuma.urls)|mandatory %}
---
services:
kuma:
image: louislam/uptime-kuma:latest
restart: unless-stopped
volumes:
- data:/app/data
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.kuma-{{ _name }}.rule={{ _urls | map('regex_replace', '^(.*)$', 'Host(`\\1`)') | join(' || ') }}"
- "traefik.http.routers.kuma-{{ _name }}.entryPoints=websecure"
- "traefik.http.services.kuma-{{ _name }}.loadbalancer.server.port=3001"
networks:
- default
- pantalaimon
volumes:
data:
networks:
pantalaimon:
external: true
...

1
ansible/plays/services/linktree/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=linktree

14
ansible/plays/services/linktree/docker-compose.yaml
View File

@ -1,14 +0,0 @@
---
version: "3.4"
services:
unruhig.eu:
image: registry.tobiasmanske.de/unruhig.eu:latest
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.unruhigeu.rule=(Host(`unruhig.eu`) || Host(`www.unruhig.eu`))"
- "traefik.http.routers.unruhigeu.entryPoints=websecure"
- "traefik.http.services.unruhigeu.loadbalancer.server.port=80"
restart: always
...

1
ansible/plays/services/loki/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=loki

28
ansible/plays/services/loki/docker-compose.yaml
View File

@ -1,28 +0,0 @@
version: "3.4"
services:
loki:
image: grafana/loki:latest
restart: unless-stopped
command: -config.file=/etc/loki/loki.yaml
volumes:
- ./loki.yml:/etc/loki/loki.yaml:ro,Z
- loki_data:/loki
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.loki.rule=Host(`loki.tobiasmanske.de`)"
- "traefik.http.middlewares.loki-auth.basicauth.users={{ common.loki.username }}:{{ common.loki.password_hash | mandatory }}"
- "traefik.http.routers.loki.entryPoints=websecure"
- "traefik.http.services.loki.loadbalancer.server.port=3100"
- "traefik.http.routers.loki.middlewares=loki-auth"
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=3100"
networks:
- metrics
- default
volumes:
loki_data:
networks:
metrics:
external: true

51
ansible/plays/services/loki/loki.yml
View File

@ -1,51 +0,0 @@
auth_enabled: false
server:
http_listen_port: 3100
grpc_listen_port: 9096
query_range:
results_cache:
cache:
embedded_cache:
enabled: true
max_size_mb: 100
schema_config:
configs:
- from: 2020-10-24
store: boltdb-shipper
object_store: aws
schema: v11
index:
prefix: index_
period: 24h
common:
path_prefix: /loki
storage:
s3:
endpoint: s3.tobiasmanske.de
bucketnames: loki-data
access_key_id: "{{ loki.s3.access_key }}"
secret_access_key: "{{ loki.s3.secret_key }}"
s3forcepathstyle: true
replication_factor: 1
ring:
kvstore:
store: inmemory
compactor:
working_directory: /loki/compactor
shared_store: s3
storage_config:
boltdb_shipper:
active_index_directory: /loki/active
cache_location: /loki/cache
cache_ttl: 24h
resync_interval: 5s
shared_store: s3
aws:
s3: "s3://{{ loki.s3.access_key }}:{{ loki.s3.secret_key }}@s3.tobiasmanske.de.:443/loki-data"
s3forcepathstyle: true

1
ansible/plays/services/matrix/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=matrix

15
ansible/plays/services/matrix/Caddyfile
View File

@ -1,15 +0,0 @@
{
auto_https off
}
http://{{ matrix.baseurl }} {
header {
Content-Type application/json
Access-Control-Allow-Origin *
}
respond /.well-known/matrix/client "{\"m.homeserver\": {\"base_url\": \"https://synapse.{{ matrix.baseurl }}\"}, \"org.matrix.msc3575.proxy\": { \"url\": \"https://syncv3.{{ matrix.baseurl }}\" } }" 200
respond /.well-known/matrix/server "{\"m.server\": \"synapse.{{ matrix.baseurl }}:443\"}" 200
respond /.well-known/matrix/support "{\"admins\":[{\"matrix_id\":\"@tobi:{{ matrix.baseurl }}\",\"email_address\":\"matrix@{{ matrix.baseurl }}\",\"role\":\"admin\"}]}" 200
respond 404
}

12
ansible/plays/services/matrix/cinny-config.json
View File

@ -1,12 +0,0 @@
{
"defaultHomeserver": 0,
"homeserverList": [
"unruhig.eu",
"entropia.de",
"matrix.org",
"archlinux.org",
"kit.edu",
"mozilla.org"
],
"allowCustomHomeservers": true
}

207
ansible/plays/services/matrix/docker-compose.yaml
View File

@ -1,207 +0,0 @@
{% import 'macro/postgres.j2' as pg with context %}
---
version: '3.9'
services:
synapse:
image: registry.tobiasmanske.de/matrixdotorg/synapse:latest
user: "1000:1000"
# Since synapse does not retry to connect to the database, restart upon
# failure
restart: unless-stopped
# See the readme for a full documentation of the environment settings
# NOTE: You must edit homeserver.yaml to use postgres, it defaults to sqlite
environment:
- SYNAPSE_CONFIG_DIR=/config
- SYNAPSE_CONFIG_PATH=/config/homeserver.yaml
- TZ=Europe/Berlin
ulimits:
nofile:
soft: 10000
hard: 40000
volumes:
- synapse_data:/data
- ./synapse-config:/config:ro,Z
- ./mautrix-telegram/registration.yaml:/data/reg-mautrix-tg.yaml:ro,Z
- ./mautrix-slack/registration.yaml:/data/reg-mautrix-slack.yaml:ro,Z
- ./mautrix-signal/registration.yaml:/data/reg-mautrix-signal.yaml:ro,Z
depends_on:
- db
- redis
networks:
- default
- backend
- metrics
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.http-synapse.rule=Host(`synapse.{{ matrix.baseurl }}`)"
- "traefik.http.routers.http-synapse.entryPoints=websecure"
- "traefik.http.routers.http-synapse.service=matrix-synapse"
- "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix.baseurl }}`) && PathPrefix(`/_{path:(matrix|synapse)}/`)"
- "traefik.http.routers.matrix-synapse.entryPoints=websecure"
- "traefik.http.routers.matrix-synapse.service=matrix-synapse"
- "traefik.http.services.matrix-synapse.loadbalancer.server.port=8008"
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=9091"
- "prometheus-scrape.metrics_path=/_synapse/metrics"
{{ pg.postgres("db", matrix.db.user, matrix.db.password, matrix.db.database, ["backend"] ) }}
caddy:
image: caddy:2
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro,z
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.matrix-well-known.rule=Host(`{{ matrix.baseurl }}`) && PathPrefix(`/.well-known/matrix/`)"
- "traefik.http.routers.matrix-well-known.entrypoints=websecure"
- "traefik.http.services.matrix-well-known.loadbalancer.server.port=80"
cinny:
image: ghcr.io/cinnyapp/cinny:latest
# image: registry.tobiasmanske.de/cinnyapp/cinny:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.matrix-cinny.rule=Host(`cinny.{{ matrix.baseurl }}`)"
- "traefik.http.routers.matrix-cinny.entryPoints=websecure"
- "traefik.http.services.matrix-cinny.loadbalancer.server.port=80"
volumes:
- ./cinny-config.json:/app/config.json:ro,Z
networks:
- default
redis:
image: redis:latest
restart: unless-stopped
networks:
- backend
### SLIDING SYNC
{{ pg.postgres("db-syncv3", matrix.syncv3.user, matrix.syncv3.password, matrix.syncv3.database, ["syncv3"] ) }}
syncv3-proxy:
image: ghcr.io/matrix-org/sliding-sync:latest
restart: always
environment:
- "SYNCV3_SERVER=https://synapse.{{ matrix.baseurl }}"
- "SYNCV3_SECRET={{ matrix.syncv3.secret }}"
- "SYNCV3_BINDADDR=:8008"
- "SYNCV3_PROM=:2112"
- "SYNCV3_DB=user={{ matrix.syncv3.user }} dbname={{ matrix.syncv3.database }} sslmode=disable host=db-syncv3 password='{{ matrix.syncv3.password }}'"
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.matrix-syncv3-proxy.rule=Host(`syncv3.{{ matrix.baseurl }}`)"
- "traefik.http.routers.matrix-syncv3-proxy.entrypoints=websecure"
- "traefik.http.services.matrix-syncv3-proxy.loadbalancer.server.port=8008"
- "prometheus-scrape.enabled=false"
- "prometheus-scrape.port=2112"
networks:
- syncv3
- default
### BRIDGES
#### Telegram
mautrix-telegram:
image: dock.mau.dev/mautrix/telegram:latest
user: "1000:1000"
restart: unless-stopped
environment:
- "MAUTRIX_DIRECT_STARTUP=1"
volumes:
- bridge_tg_data:/data
- ./mautrix-telegram/config.yaml:/data/config.yaml:ro,Z
- ./mautrix-telegram/registration.yaml:/data/registration.yaml:ro,Z
networks:
- backend
- default # Needs to contact UFOs in the sky
depends_on:
- db-bridge-tg
- synapse
{{ pg.postgres("db-bridge-tg", matrix.bridge.tg.dbuser, matrix.bridge.tg.dbpass, matrix.bridge.tg.dbname, ["backend"] ) }}
#### SLACK
mautrix-slack:
image: dock.mau.dev/mautrix/slack:latest
environment:
- "UID=1000"
- "GID=1000"
restart: unless-stopped
volumes:
- bridge_slack_data:/data
- ./mautrix-slack/config.yaml:/data/config.yaml:ro,Z
- ./mautrix-slack/registration.yaml:/data/registration.yaml:ro,Z
networks:
- backend
- default # Needs to contact UFOs in the sky
depends_on:
- db-bridge-slack
- synapse
{{ pg.postgres("db-bridge-slack", matrix.bridge.slack.dbuser, matrix.bridge.slack.dbpass, matrix.bridge.slack.dbname, ["backend"] ) }}
#### SIGNAL
mautrix-signal:
image: dock.mau.dev/mautrix/signal:latest
restart: unless-stopped
environment:
- "MAUTRIX_DIRECT_STARTUP=1"
- "UID=1000"
networks:
- default
- backend
volumes:
- bridge_signal_data:/data
- signald_data:/signald
- ./mautrix-signal/config.yaml:/data/config.yaml:ro,Z
- ./mautrix-signal/registration.yaml:/data/registration.yaml:ro,Z
depends_on:
- signald
- db-bridge-signal
signald:
image: docker.io/signald/signald:latest
restart: unless-stopped
networks:
- default
- backend
volumes:
- signald_data:/signald
{{ pg.postgres("db-bridge-signal", matrix.bridge.signal.dbuser, matrix.bridge.signal.dbpass, matrix.bridge.signal.dbname, ["backend"] ) }}
networks:
default:
enable_ipv6: true
postgres:
internal: true
backend:
internal: true
syncv3:
internal: true
metrics:
external: true
volumes:
bridge_signal_data:
bridge_slack_data:
bridge_tg_data:
db-bridge-signal_data:
db-bridge-slack_data:
db-bridge-tg_data:
db-syncv3_data:
db_data:
signald_data:
synapse_data:
...

306
ansible/plays/services/matrix/mautrix-signal/config.yaml
View File

@ -1,306 +0,0 @@
# Homeserver details
# {% set config = matrix.bridge.signal %}
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://synapse.{{ matrix.baseurl }}
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{ matrix.baseurl }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# Number of retries for all HTTP requests if the homeserver isn't reachable.
http_retry_count: 4
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint:
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint:
# Maximum number of simultaneous HTTP connections to the homeserver.
connection_limit: 100
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a media repo that supports MSC2246.
async_media: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://mautrix-signal:29328
# When using https:// the TLS certificate and key files for the address.
tls_cert: false
tls_key: false
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29328
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://{{ config.dbuser }}:{{ config.dbpass }}@db-bridge-signal/{{ config.dbname }}?sslmode=disable
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
# Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
database_opts:
min_size: 1
max_size: 10
id: signal
# Username of the appservice bot.
bot_username: signalbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Signal bridge bot
bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ config.as_token }}"
hs_token: "{{ config.hs_token }}"
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-signal.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
signal:
# Path to signald unix socket
socket_path: /signald/signald.sock
# Directory for temp files when sending files to Signal. This should be an
# absolute path that signald can read. For attachments in the other direction,
# make sure signald is configured to use an absolute path as the data directory.
outgoing_attachment_dir: /signald/attachments
# Directory where signald stores avatars for groups.
avatar_dir: /signald/avatars
# Directory where signald stores auth data. Used to delete data when logging out.
data_dir: /signald/data
# Whether or not unknown signald accounts should be deleted when the bridge is started.
# When this is enabled, any UserInUse errors should be resolved by restarting the bridge.
delete_unknown_accounts_on_start: false
# Whether or not message attachments should be removed from disk after they're bridged.
remove_file_after_handling: true
# Whether or not users can register a primary device
registration_enabled: true
# Whether or not to enable disappearing messages in groups. If enabled, then the expiration
# time of the messages will be determined by the first users to read the message, rather
# than individually. If the bridge has a single user, this can be turned on safely.
enable_disappearing_messages_in_groups: false
# Bridge config
bridge:
# {% raw %}
# Localpart template of MXIDs for Signal users.
# {userid} is replaced with the UUID of the Signal user.
username_template: "signal_{{.}}"
# Displayname template for Signal users.
# {displayname} is replaced with the displayname of the Signal user, which is the first
# available variable in displayname_preference. The variables in displayname_preference
# can also be used here directly.
# FIXME: ContactName is not save for multi-user instances.
displayname_template: '{{or .ProfileName .ContactName .PhoneNumber "Unknown User"}} (Signal)'
# {% endraw %}
autocreate_group_portal: true
# Whether or not to create portals for all contacts on login/connect.
autocreate_contact_portal: false
# Whether or not to make portals of Signal groups in which joining via invite link does
# not need to be approved by an administrator publicly joinable on Matrix.
public_portals: false
# Whether or not to use /sync to get read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: false
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
double_puppet_server_map:
{{ matrix.baseurl }}: https://{{ matrix.baseurl }}
login_shared_secret_map:
{{ matrix.baseurl }}: {{ matrix.authenticator.shared_secret }}
federate_rooms: false
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: true
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: true
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: true
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This will be implicitly enabled if encryption.default is true.
private_chat_portal_meta: "default"
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Signal. This let's you check manually whether the bridge is receiving your
# messages.
# Note that this is not related to Signal delivery receipts.
delivery_receipts: true
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# Interval at which to resync contacts (in seconds).
periodic_sync: 0
# Should leaving the room on Matrix make the user leave on Signal?
bridge_matrix_leave: false
# Should the bridge auto-create a group chat on Signal when a ghost is invited to a room?
# Requires the user to have sufficient power level and double puppeting enabled.
create_group_on_invite: true
hacky_contact_name_mixup_detection: false
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: false
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: disabled
# Segment API key to enable analytics tracking for web server
# endpoints. Set to null to disable.
# Currently the only events are login start, QR code scan, and login
# success/failure.
segment_key:
# Optional user_id to use when sending Segment events. If null, defaults to using mxID.
segment_user_id:
# The prefix for commands. Only required in non-management rooms.
command_prefix: '!signal'
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: Hello, I'm a Signal bridge bot.
# Sent when joining a management room and the user is already logged in.
welcome_connected: Use `help` for help.
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: Use `help` for help or `link` to log in.
# Optional extra text sent when joining a management room.
additional_help: ''
# Send each message separately (for readability in some clients)
management_room_multiple_messages: false
# Permissions for using the bridge.
# Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands.
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'*': relay
{{ matrix.baseurl }}: user
'@tobi:{{ matrix.baseurl }}': admin
relay:
# Whether relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
# The formats to use when sending messages to Signal via a relay user.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content
message_formats:
m.text: '$sender_displayname: $message'
m.notice: '$sender_displayname: $message'
m.emote: '* $sender_displayname $message'
m.file: $sender_displayname sent a file
m.image: $sender_displayname sent an image
m.audio: $sender_displayname sent an audio file
m.video: $sender_displayname sent a video
m.location: $sender_displayname sent a location
relaybot: '@relaybot:example.com'
# Whether or not invites from non-logged-in users should be relayed
invite: true
# Format for generating URLs from location messages for sending to Signal
# Google Maps: 'https://www.google.com/maps/place/{lat},{long}'
# OpenStreetMap: 'https://www.openstreetmap.org/?mlat={lat}&mlon={long}'
location_format: https://www.google.com/maps/place/{lat},{long}
logging:
min_level: debug
writers:
- type: stdout
format: json

31
ansible/plays/services/matrix/mautrix-signal/registration.yaml
View File

@ -1,31 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
31353638336331613430353931626330366132643736326566343536343666643965333163313831
3062336363343836666163393763326332623730623930620a333666373365306536636264613732
64373937373062303332306166393833656239333862343836626364613639633762376138383964
3033623639636530320a613233643736383637396131636434306435346637353966393639363239
30336461616464303031386164393433373831353435333466323166643436626234623262633237
30373830366430636230633962643439363666363031633936313934616332306437623138373535
65343062336461663861376664383138636333353338666231623436666366303431363438323632
31313739376439323665386130323338363930366361646361383831643337653963353639353738
36383866313262616135633231623964663266643030343561363735323039376338373165356366
30643738313331333733343739366435383936373135666433666663353039316331366463623362
38343430663432396332623662633533396433366564656263393735663839666566376139656261
65323664616463626430653734393433626231386230633664653264373034633731633239363135
35333366333039623764386330613130373263316436316266303461626463373939336134363039
62653363613064373731616137333663333334636336623363343034383263656631653864336439
65623762666538383766393939303832373566623666383761623234636638303566336438616136
33333939323061333431656435383731326633323135313839343761613231623537356333636336
65323063653239623166313938386133366565313336643161323564386338363839393434616535
63373038383334633238303336386261343639393537333735383439346164633962343033633533
64353138373161323639613434653939326265336239366364336630666634356439303564653833
31333765303030376330396261376161636563306133363137313435376133373363653031356333
62663737646165626366363230663262346563633236366238646339303763383161663033356232
34343434363833386330636535663333356364633332616431613431386534336133386638333034
35633363333366306435656137303866636232323765313164363636636366653364326332613233
32643866663032313431663463666364326633376332323335336131376131663865616232653065
34633338333237636336333062646561376331363138346132386430633462666634646462656431
65373562323539636165313038643839623132643539346539343338346366366362323230653935
34323834393961376234343564383635623865303765663439316535396263363265626265613761
33343034343666663834363133663734343838623132666561393862623136613035656434626233
31666434656535393536623461393630346262643331336364353932326337376132333631616635
3963306630613238323633666264316462393063383639656333

233
ansible/plays/services/matrix/mautrix-slack/config.yaml
View File

@ -1,233 +0,0 @@
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://synapse.{{ matrix.baseurl }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix.baseurl }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's slack connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://mautrix-slack:29335
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29335
# Database config.
database:
# The database type. "sqlite3" and "postgres" are supported.
type: postgres
# The database URI.
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://{{ matrix.bridge.slack.dbuser }}:{{ matrix.bridge.slack.dbpass }}@db-bridge-slack/{{ matrix.bridge.slack.dbname }}?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: slack
# Appservice bot details.
bot:
# Username of the appservice bot.
username: slackbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: Slack bridge bot
avatar: mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix.bridge.slack.as_token }}"
hs_token: "{{ matrix.bridge.slack.hs_token }}"
# Bridge config
bridge:
{% raw %}
# Localpart template of MXIDs for Slack users.
# {{.}} is replaced with the internal ID of the Slack user.
username_template: slack_{{.}}
# Displayname template for Slack users.
# TODO: document variables
displayname_template: '{{if not .DisplayName}}{{.RealName}}{{else}}{{.DisplayName}}{{end}} (Slack)'
bot_displayname_template: '{{.Name}} (bot)'
channel_name_template: '#{{.Name}}'
{% endraw %}
portal_message_buffer: 128
# Should the bridge send a read receipt from the bridge bot when a message has been sent to Slack?
delivery_receipts: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
sync_with_custom_puppets: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
private_chat_portal_meta: always
federate_rooms: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{ matrix.baseurl }}: https://{{ matrix.baseurl }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{ matrix.baseurl }}: "{{ matrix.authenticator.shared_secret }}"
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
# This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
# If the message is older than this when it reaches the bridge, the message won't be handled at all.
error_after: 10s
# Drop messages after this timeout. They may still go through if the message got sent to the servers.
# This is counted from the time the bridge starts handling the message.
deadline: 60s
# The prefix for commands. Only required in non-management rooms.
command_prefix: '!slack'
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Slack bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help, or `login-token` or `login-password` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
backfill:
# Allow backfilling at all? Requires MSC2716 support on homeserver.
enable: false
# If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Slack.
# Set to -1 to let any chat be unread.
unread_hours_threshold: 720
# Number of messages to immediately backfill when creating a portal.
immediate_messages: 10
# Settings for incremental backfill of history.
incremental:
# Maximum number of messages to backfill per batch.
messages_per_batch: 100
# The number of seconds to wait after backfilling the batch of messages.
post_batch_delay: 20
# The maximum number of messages to backfill per portal, split by the chat type.
# If set to -1, all messages in the chat will eventually be backfilled.
max_messages:
# Channels
channel: -1
# Group direct messages
group_dm: -1
# 1:1 direct messages
dm: -1
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: true
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: true
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: true
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Slack account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"*": relay
"{{ matrix.baseurl }}": user
"@tobi:{{ matrix.baseurl }}": admin
{% raw %}
logging:
directory: ./logs
file_name_format: '{{.Date}}-{{.Index}}.log'
file_date_format: "2006-01-02"
file_mode: 384
timestamp_format: Jan _2, 2006 15:04:05
print_level: debug
print_json: false
file_json: false
{% endraw %}

26
ansible/plays/services/matrix/mautrix-slack/registration.yaml
View File

@ -1,26 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
63643764313434366534636536373233613163353932353332353034386638623463323265356366
3033666637643563393537636263366338643736303663620a376138656235653238386131623864
33356331386265613436626337356436373439376434633135626339373931346166313834323938
3833636339306137360a383230386236333632613037363139356230663563333266353030616133
39343037343234386465646433613465646363343237346432373934623431336163303233323263
65356133373264323664663238306266336332353632643533373038653938623939353931613964
33383638653061313961363033343435316130666337393034356664653933626466623734643239
63663864316464343631313533653931376561303830366665333635613666346139623937373663
65393234326533623364626666353763396437386330386563333432306566316161626561363836
62613630623864323163616639396233393031373734373332383064626562623563363266383065
61613738323034313431333333656530346566333165363430333962373930363736396265636663
65646632356265633665633930343231636138366364653038336563333234326139333437643063
39653437303565343739306237653832616265323138643234313731343339353161333363366538
35373864666436306438303037363766373532633533666335303137346337633265613630653637
39356237663665333533363030653735333535653861353866363362343830366562383661666137
37623436336531363230356233656235666238663537616437353636353732643639386534616561
30656264316535636437653032343634643036363838626234303837393935393430323537643231
64363534313033396362326530663430373661613362346364356262386433663731313866363438
30653966343436656430326434646337386230333432383861333635326431346332663332313437
35636162323834616437383563353932333137653639616532363162663365393437386333613439
35343937333034303934623962653132323837643430303230383163393833316233636233643736
33666530653033613762313364653734633765326432613032386535333335633834633430356165
64396132386133326464376163326236373131316266343634306163313235616236383239366639
38373235643763616236356266663534356230643131653130323338393262616337346635633835
39386236643562653738383037376334303138623966316637386464386139613431

593
ansible/plays/services/matrix/mautrix-telegram/config.yaml
View File

@ -1,593 +0,0 @@
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://synapse.{{ matrix.baseurl }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix.baseurl }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# Number of retries for all HTTP requests if the homeserver isn't reachable.
http_retry_count: 4
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's Telegram connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a media repo that supports MSC2246.
async_media: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://mautrix-telegram:29317
# When using https:// the TLS certificate and key files for the address.
tls_cert: false
tls_key: false
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29317
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://{{ matrix.bridge.tg.dbuser }}:{{ matrix.bridge.tg.dbpass }}@db-bridge-tg/{{ matrix.bridge.tg.dbname }}
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
# Additionally, SQLite supports init_commands as an array of SQL queries to run on connect (e.g. to set PRAGMAs).
database_opts:
min_size: 1
max_size: 10
# Public part of web server for out-of-Matrix interaction with the bridge.
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
# the HS database.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: false
# The prefix to use in the public-facing endpoints.
prefix: /public
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://example.com/public
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: false
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The unique ID of this appservice.
id: telegram
# Username of the appservice bot.
bot_username: telegrambot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Telegram bridge bot
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix.bridge.tg.as_token }}"
hs_token: "{{ matrix.bridge.tg.hs_token }}"
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-telegram.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
# Bridge config
bridge:
# Localpart template of MXIDs for Telegram users.
# {userid} is replaced with the user ID of the Telegram user.
username_template: "telegram_{userid}"
# Localpart template of room aliases for Telegram portal rooms.
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
alias_template: "telegram_{groupname}"
# Displayname template for Telegram users.
# {displayname} is replaced with the display name of the Telegram user.
displayname_template: "{displayname} (Telegram)"
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
# ID is used.
#
# If the bridge is working properly, a phone number or an username should always be known, but
# the other one can very well be empty.
#
# Valid keys:
# "full name" (First and/or last name)
# "full name reversed" (Last and/or first name)
# "first name"
# "last name"
# "username"
# "phone number"
displayname_preference:
- full name
- username
- phone number
# Maximum length of displayname
displayname_max_length: 100
# Remove avatars from Telegram ghost users when removed on Telegram. This is disabled by default
# as there's no way to determine whether an avatar is removed or just hidden from some users. If
# you're on a single-user instance, this should be safe to enable.
allow_avatar_remove: false
# Maximum number of members to sync per portal when starting up. Other members will be
# synced when they send messages. The maximum is 10000, after which the Telegram server
# will not send any more members.
# -1 means no limit (which means it's limited to 10000 by the server)
max_initial_member_sync: 100
# Maximum number of participants in chats to bridge. Only applies when the portal is being created.
# If there are more members when trying to create a room, the room creation will be cancelled.
# -1 means no limit (which means all chats can be bridged)
max_member_count: -1
# Whether or not to sync the member list in channels.
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
# list regardless of this setting.
sync_channel_members: true
# Whether or not to skip deleted members when syncing members.
skip_deleted_members: true
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
# their Telegram account at startup.
startup_sync: true
# Number of most recently active dialogs to check when syncing chats.
# Set to 0 to remove limit.
sync_update_limit: 0
# Number of most recently active dialogs to create portals for when syncing chats.
# Set to 0 to remove limit.
sync_create_limit: 15
# Should all chats be scheduled to be created later?
# This is best used in combination with MSC2716 infinite backfill.
sync_deferred_create_all: false
# Whether or not to sync and create portals for direct chats at startup.
sync_direct_chats: true
# The maximum number of simultaneous Telegram deletions to handle.
# A large number of simultaneous redactions could put strain on your homeserver.
max_telegram_delete: 10
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
# at startup and when creating a bridge.
sync_matrix_state: true
# Allow logging in within Matrix. If false, users can only log in using login-qr or the
# out-of-Matrix login website (see appservice.public config section)
allow_matrix_login: true
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
public_portals: false
# Whether or not to use /sync to get presence, read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: false
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{ matrix.baseurl }}: https://{{ matrix.baseurl }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{ matrix.baseurl }}: {{ matrix.authenticator.shared_secret }}
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Whether or not the !tg join command should do a HTTP request
# to resolve redirects in invite links.
invite_link_resolve: false
# Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
# This is currently not supported in most clients.
caption_in_message: false
# Maximum size of image in megabytes before sending to Telegram as a document.
image_as_file_size: 10
# Maximum number of pixels in an image before sending to Telegram as a document. Defaults to 4096x4096 = 16777216.
image_as_file_pixels: 16777216
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
# streaming from/to Matrix and using many connections for Telegram.
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
# This option uses internal Telethon implementation details and may break with minor updates.
parallel_file_transfer: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: false
# Should the bridge send all unicode reactions as custom emoji reactions to Telegram?
# By default, the bridge only uses custom emojis for unicode emojis that aren't allowed in reactions.
always_custom_emoji_reaction: true
# Settings for converting animated stickers.
animated_sticker:
# Format to which animated stickers should be converted.
# disable - No conversion, send as-is (gzipped lottie)
# png - converts to non-animated png (fastest),
# gif - converts to animated gif
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
# webp - converts to animated webp, requires ffmpeg executable with webp codec/container support
target: gif
# Should video stickers be converted to the specified format as well?
convert_from_webm: false
# Arguments for converter. All converters take width and height.
args:
width: 256
height: 256
fps: 25 # only for webm, webp and gif (2, 5, 10, 20 or 25 recommended)
# Settings for converting animated emoji.
# Same as animated_sticker, but webm is not supported as the target
# (because inline images can only contain images, not videos).
animated_emoji:
target: webp
args:
width: 64
height: 64
fps: 25
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: true
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: true
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: true
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from Telegram to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This will be implicitly enabled if encryption.default is true.
private_chat_portal_meta: false
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Telegram.
delivery_receipts: false
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# When using double puppeting, should muted chats be muted in Matrix?
mute_bridging: false
# When using double puppeting, should pinned chats be moved to a specific tag in Matrix?
# The favorites tag is `m.favourite`.
pinned_tag: "m.favorite"
# Same as above for archived chats, the low priority tag is `m.lowpriority`.
archive_tag: "m.lowpriority"
# Whether or not mute status and tags should only be bridged when the portal room is created.
tag_only_on_create: true
# Should leaving the room on Matrix make the user leave on Telegram?
bridge_matrix_leave: true
# Should the user be kicked out of all portals when logging out of the bridge?
kick_on_logout: false
# Should the "* user joined Telegram" notice always be marked as read automatically?
always_read_joined_telegram_notice: true
# Should the bridge auto-create a group chat on Telegram when a ghost is invited to a room?
# Requires the user to have sufficient power level and double puppeting enabled.
create_group_on_invite: true
# Settings for backfilling messages from Telegram.
backfill:
# Allow backfilling at all?
enable: true
# Use MSC2716 for backfilling?
#
# This requires a server with MSC2716 support, which is currently an experimental feature in Synapse.
# It can be enabled by setting experimental_features -> msc2716_enabled to true in homeserver.yaml.
msc2716: false
# Use double puppets for backfilling?
#
# If using MSC2716, the double puppets must be in the appservice's user ID namespace
# (because the bridge can't use the double puppet access token with batch sending).
#
# Even without MSC2716, bridging old messages with correct timestamps requires the double
# puppets to be in an appservice namespace, or the server to be modified to allow
# overriding timestamps anyway.
double_puppet_backfill: false
# Whether or not to enable backfilling in normal groups.
# Normal groups have numerous technical problems in Telegram, and backfilling normal groups
# will likely cause problems if there are multiple Matrix users in the group.
normal_groups: false
# If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Telegram.
# Set to -1 to let any chat be unread.
unread_hours_threshold: 720
# Forward backfilling limits. These apply to both MSC2716 and legacy backfill.
#
# Using a negative initial limit is not recommended, as it would try to backfill everything in a single batch.
# MSC2716 and the incremental settings are meant for backfilling everything incrementally rather than at once.
forward:
# Number of messages to backfill immediately after creating a portal.
initial_limit: 10
# Number of messages to backfill when syncing chats.
sync_limit: 100
# Settings for incremental backfill of history. These only apply when using MSC2716.
incremental:
# Maximum number of messages to backfill per batch.
messages_per_batch: 100
# The number of seconds to wait after backfilling the batch of messages.
post_batch_delay: 20
# The maximum number of batches to backfill per portal, split by the chat type.
# If set to -1, all messages in the chat will eventually be backfilled.
max_batches:
# Direct chats
user: -1
# Normal groups. Note that the normal_groups option above must be enabled
# for these to be backfilled.
normal_group: -1
# Supergroups
supergroup: 10
# Broadcast channels
channel: -1
# Overrides for base power levels.
initial_power_level_overrides:
user: {}
group: {}
# Whether to bridge Telegram bot messages as m.notices or m.texts.
bot_messages_as_notices: true
bridge_notices:
# Whether or not Matrix bot messages (type m.notice) should be bridged.
default: false
# List of user IDs for whom the previous flag is flipped.
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
# notices from users listed here will be bridged.
exceptions: []
# An array of possible values for the $distinguisher variable in message formats.
# Each user gets one of the values here, based on a hash of their user ID.
# If the array is empty, the $distinguisher variable will also be empty.
relay_user_distinguishers: ["\U0001F7E6", "\U0001F7E3", "\U0001F7E9", "⭕️", "\U0001F536", "⬛️", "\U0001F535", "\U0001F7E2"]
# The formats to use when sending messages to Telegram via the relay bot.
# Text msgtypes (m.text, m.notice and m.emote) support HTML, media msgtypes don't.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $distinguisher - A random string from the options in the relay_user_distinguishers array.
# $message - The message content
message_formats:
m.text: "$distinguisher <b>$sender_displayname</b>: $message"
m.notice: "$distinguisher <b>$sender_displayname</b>: $message"
m.emote: "* $distinguisher <b>$sender_displayname</b> $message"
m.file: "$distinguisher <b>$sender_displayname</b> sent a file: $message"
m.image: "$distinguisher <b>$sender_displayname</b> sent an image: $message"
m.audio: "$distinguisher <b>$sender_displayname</b> sent an audio file: $message"
m.video: "$distinguisher <b>$sender_displayname</b> sent a video: $message"
m.location: "$distinguisher <b>$sender_displayname</b> sent a location: $message"
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
# Telegram user info is available in the following variables:
# $displayname - Telegram displayname
# $username - Telegram username (may not exist)
# $mention - Telegram @username or displayname mention (depending on which exists)
emote_format: "* $mention $formatted_body"
# The formats to use when sending state events to Telegram via the relay bot.
#
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
# In name_change events, `$prev_displayname` is the previous displayname.
#
# Set format to an empty string to disable the messages for that event.
state_event_formats:
join: "$distinguisher <b>$displayname</b> joined the room."
leave: "$distinguisher <b>$displayname</b> left the room."
name_change: "$distinguisher <b>$prev_displayname</b> changed their name to $distinguisher <b>$displayname</b>"
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
# `filter-mode` management commands.
#
# Filters do not affect direct chats.
# An empty blacklist will essentially disable the filter.
filter:
# Filter mode to use. Either "blacklist" or "whitelist".
# If the mode is "blacklist", the listed chats will never be bridged.
# If the mode is "whitelist", only the listed chats can be bridged.
mode: blacklist
# The list of group/channel IDs to filter.
list: []
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!tg"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Telegram bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# Send each message separately (for readability in some clients)
management_room_multiple_messages: false
# Permissions for using the bridge.
# Permitted values:
# relaybot - Only use the bridge via the relaybot, no access to commands.
# user - Relaybot level + access to commands to create bridges.
# puppeting - User level + logging in with a Telegram account.
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
# admin - Full access to use the bridge and some extra administration commands.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"*": "relaybot"
"{{ matrix.baseurl }}": "full"
"@tobi:{{ matrix.baseurl }}": "admin"
# Options related to the message relay Telegram bot.
relaybot:
private_chat:
# List of users to invite to the portal when someone starts a private chat with the bot.
# If empty, private chats with the bot won't create a portal.
invite: []
# Whether or not to bridge state change messages in relaybot private chats.
state_changes: true
# When private_chat_invite is empty, this message is sent to users /starting the
# relaybot. Telegram's "markdown" is supported.
message: This is a Matrix bridge relaybot and does not support direct chats
# List of users to invite to all group chat portals created by the bridge.
group_chat_invite: []
# Whether or not the relaybot should not bridge events in unbridged group chats.
# If false, portals will be created when the relaybot receives messages, just like normal
# users. This behavior is usually not desirable, as it interferes with manually bridging
# the chat to another room.
ignore_unbridged_group_chat: true
# Whether or not to allow creating portals from Telegram.
authless_portals: true
# Whether or not to allow Telegram group admins to use the bot commands.
whitelist_group_admins: true
# Whether or not to ignore incoming events sent by the relay bot.
ignore_own_incoming_events: true
# List of usernames/user IDs who are also allowed to use the bot commands.
whitelist:
- myusername
- 12345678
# Telegram config
telegram:
# Get your own API keys at https://my.telegram.org/apps
api_id: {{ matrix.bridge.tg.api_id }}
api_hash: {{ matrix.bridge.tg.api_hash }}
# (Optional) Create your own bot at https://t.me/BotFather
bot_token: disabled
# Should the bridge request missed updates from Telegram when restarting?
catch_up: true
# Should incoming updates be handled sequentially to make sure order is preserved on Matrix?
sequential_updates: true
exit_on_update_error: false
# Telethon connection options.
connection:
# The timeout in seconds to be used when connecting.
timeout: 120
# How many times the reconnection should retry, either on the initial connection or when
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
# this is not recommended, since the program can get stuck in an infinite loop.
retries: 5
# The delay in seconds to sleep between automatic reconnections.
retry_delay: 1
# The threshold below which the library should automatically sleep on flood wait errors
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
# the error instead. Values larger than a day (86400) will be changed to a day.
flood_sleep_threshold: 60
# How many times a request should be retried. Request are retried when Telegram is having
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
# there's a migrate error. May take a negative or null value for infinite retries, but this
# is not recommended, since some requests can always trigger a call fail (such as searching
# for messages).
request_retries: 5
# Device info sent to Telegram.
device_info:
# "auto" = OS name+version.
device_model: mautrix-telegram
# "auto" = Telethon version.
system_version: auto
# "auto" = mautrix-telegram version.
app_version: auto
lang_code: en
system_lang_code: en
# Custom server to connect to.
server:
# Set to true to use these server settings. If false, will automatically
# use production server assigned by Telegram. Set to false in production.
enabled: false
# The DC ID to connect to.
dc: 2
# The IP to connect to.
ip: 149.154.167.40
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
port: 80
# Telethon proxy configuration.
# You must install PySocks from pip for proxies to work.
proxy:
# Allowed types: disabled, socks4, socks5, http, mtproxy
type: disabled
# Proxy IP address and port.
address: 127.0.0.1
port: 1080
# Whether or not to perform DNS resolving remotely. Only for socks/http proxies.
rdns: true
# Proxy authentication (optional). Put MTProxy secret in password field.
username: ""
password: ""
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_telegram.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
telethon:
level: INFO
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

31
ansible/plays/services/matrix/mautrix-telegram/registration.yaml
View File

@ -1,31 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
31303639303562306630323132376333316332636534613834326662396237396634313233646364
6335353833616135373439633136356339333737363437660a316634366334376339656466646437
39323131363163393931356331306434613035626239356631303032646664303838386635613930
6232663031663765370a653936623761313937383233313739313166353335346465363265613762
35643335646637343534373966626632336363646231353732643831346563356464386133393166
32613134656431656561316335656463653462656166373433386633666338633132663032633461
66376265633233323662313930323737316166613262383434626264353462386236636139383835
33613830316361373434623435376162653930616631323764653539306235363530326165353037
32303432356630376363613839313831363537363735613833306163616130336631386337366234
33373633306161653163333635366637313266346634656633376237346566663461353962376239
34386237373565313362383532363931333337366336316363663734343333386663653466396139
36633735356561346531376337346635383666376635346361333162376339333839306632666562
63363761623136643031653030666437306361396232383738366533396561373932323563363566
38306333393662333634613139643930626664666139363039333735363538396339373634356365
66633637316432323762353964313237396338613834336532636164333564363839353061336636
63316163626334353231386463313535313866336431613234353533636533343662653933393132
37353065333431366662363530333863646131313737336538396332396238656239366531366337
63633563636531616664313930626266323266613466656636636361653731623666636333666164
39356535363939653232326633383837666262643834326137646363393935613132366663396364
30666266366163316563613665356535633766626335343762333765643837373034646633336432
64373366313962333563336535346436346536386633343366336535363236306338343832373763
36663663353533383939323234333535316162303033313833616533373237613335303662393032
66316163343938383330663133613333346535393264636264366533343938653730316163366363
66373866316264656361613935383334323133636164366630333264343931663461333138656131
31353631393336323166663765613461356437306234653263393030316564363431353566316531
35336665633133386134656361323063303531336263643764353666636364343537363136666632
66333033373766336230393131343434666536653061353032663264636565636361336138653931
34303233613637633165303431626361623132363530666238386336383463656136383965343563
63616131376239356163353464333864363164363666646435353038323565386536326639366565
3134646366666134646665366533396466366233343666613761

126
ansible/plays/services/matrix/synapse-config/homeserver.yaml
View File

@ -1,126 +0,0 @@
# Configuration file for Synapse.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
#
# For more information on how to configure Synapse, including a complete accounting of
# each option, go to docs/usage/configuration/config_documentation.md or
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
server_name: "{{ matrix.baseurl }}"
pid_file: /data/homeserver.pid
enable_metrics: true
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
- port: 9091
tls: false
type: metrics
database:
name: psycopg2
args:
user: {{ matrix.db.user }}
password: {{ matrix.db.password }}
database: {{ matrix.db.database }}
host: db
cp_min: 5
cp_max: 10
log_config: "/config/tobiasmanske.de.log.config"
media_store_path: /data/media_store
report_stats: true
macaroon_secret_key: "{{ matrix.secrets.macaroon }}"
form_secret: "{{ matrix.secrets.form }}"
signing_key_path: "/config/tobiasmanske.de.signing.key"
trusted_key_servers:
- server_name: "matrix.org"
oidc_providers:
- idp_id: keycloak
idp_name: "KeyCloak"
issuer: "{{ matrix.oidc.issuer }}"
client_id: "{{ matrix.oidc.client_id }}"
client_secret: "{{ matrix.oidc.client_secret }}"
scopes: ["openid", "profile"]
user_mapping_provider:
config:
{% raw %}
localpart_template: "{{ user.mx_localpart }}"
display_name_template: "{{ user.name }}"
{% endraw %}
backchannel_logout_enabled: true # Optional
enable_registration: true
registration_requires_token: true
registration_shared_secret: "{{ matrix.secrets.registration }}"
password_config:
enabled: true
redis:
enabled: true
host: redis
port: 6379
app_service_config_files:
- /data/reg-mautrix-tg.yaml
- /data/reg-mautrix-slack.yaml
- /data/reg-mautrix-signal.yaml
rc_message:
per_second: 100
burst_count: 100
rc_joins:
local:
per_second: 100
burst_count: 100
rc_login:
address:
per_second: 1000
burst_count: 1000
server_notices:
system_mxid_localpart: "server"
system_mxid_display_name: "Server Notices"
system_mxid_avatar_url: "mxc://unruhig.eu/khyOCChmyYSOsIFIbUWGGEWq"
room_name: "Server Notices"
modules:
- module: shared_secret_authenticator.SharedSecretAuthProvider
config:
shared_secret: "{{ matrix.authenticator.shared_secret }}"
# By default, only login requests of type `com.devture.shared_secret_auth` are supported.
# Below, we explicitly enable support for the old `m.login.password` login type,
# which was used in v1 of matrix-synapse-shared-secret-auth and still widely supported by external software.
# If you don't need such legacy support, consider setting this to `false` or omitting it entirely.
m_login_password_support_enabled: true
# By default, only login requests of type `com.devture.shared_secret_auth` are supported.
# Advertising support for such an authentication type causes a problem with Element, however.
# See: https://github.com/vector-im/element-web/issues/19605
#
# Uncomment the line below to disable `com.devture.shared_secret_auth` support.
# You will then need to:
# - have `m_login_password_support_enabled: true` to enable the `m.login.password` login type
# - authenticate using `m.login.password` requests, instead of ``com.devture.shared_secret_auth` requests
# com_devture_shared_secret_auth_support_enabled: false
media_storage_providers:
- module: s3_storage_provider.S3StorageProviderBackend
store_local: True
store_remote: True
store_synchronous: True
config:
bucket: "{{ matrix.storage.s3.bucket }}"
# All of the below options are optional, for use with non-AWS S3-like
# services, or to specify access tokens here instead of some external method.
endpoint_url: "{{ matrix.storage.s3.endpoint_url }}"
access_key_id: "{{ matrix.storage.s3.access_key_id }}"
secret_access_key: "{{ matrix.storage.s3.secret_access_key }}"
# vim:ft=yaml

32
ansible/plays/services/matrix/synapse-config/tobiasmanske.de.log.config
View File

@ -1,32 +0,0 @@
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
root:
level: WARNING
handlers: [console]
disable_existing_loggers: false

8
ansible/plays/services/matrix/synapse-config/tobiasmanske.de.signing.key
View File

@ -1,8 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
64326434386632376335333966336365333663393130323464333266383639383264616662623333
6437306539633766376336663263393038306162333234340a383237386331636366616266316265
39626638623562623835633035643231656263653437346266333264643830323062353930356462
3936633165633434320a656463656536383539346138383630343137383861613538323735393131
61383237626533316433633866396434663230633239396661333831653531363732646561656164
35353264613364613832653536333632356132666434616134316339383934616264323261366366
633838383264646531663039343639383036

1
ansible/plays/services/maubot/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=maubot

11
ansible/plays/services/maubot/docker-compose.yaml
View File

@ -1,11 +0,0 @@
services:
maubot:
image: dock.mau.dev/maubot/maubot:latest
restart: unless-stopped
ports:
- "{{ maubot.port }}:29316"
volumes:
- data:/data:z
volumes:
data:

1
ansible/plays/services/metric-export/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=metrics

121
ansible/plays/services/metric-export/docker-compose.yaml
View File

@ -1,121 +0,0 @@
version: "3.4"
services:
prometheus:
image: prom/prometheus:latest
restart: unless-stopped
command:
- '--config.file=/etc/prometheus/prometheus.yml'
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml:ro,Z
- prom_data:/prometheus
- label_discovery:/label_discovery:ro
labels:
- "traefik.enable=false"
depends_on:
- prometheus-docker-sd
- cadvisor
- node-exporter
extra_hosts:
- host.docker.internal:host-gateway
networks:
- default # send
- backend
- metrics
prometheus-docker-sd:
image: registry.tobiasmanske.de/prometheus-docker-sd:latest
restart: unless-stopped
privileged: true
networks:
- backend
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro,Z
- label_discovery:/prometheus-docker-sd:rw
logging: # this service generates a HUGE amout of logs.
driver: "none"
node-exporter:
image: quay.io/prometheus/node-exporter:latest
container_name: "{{ inventory_hostname | replace('.', '-') }}-node-exporter"
privileged: true
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=9100"
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
- /:/host:ro,rslave
- /run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro
command:
- '--path.rootfs=/host'
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- '--collector.filesystem.ignored-mount-points'
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
- '--collector.systemd'
networks:
- backend
restart: unless-stopped
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
container_name: "{{ inventory_hostname | replace('.', '-') }}-cadvisor"
privileged: true
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
command:
- "-docker_only=true"
- "-housekeeping_interval=10s"
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
networks:
- backend
restart: unless-stopped
smokeping_prober:
image: quay.io/superq/smokeping-prober@sha256:25d07dfc1d7e47d7bf8305c7c813a030fc6b03959da596ab93f40ae4d49b63a1 # latest @ 2024-01-10
restart: unless-stopped
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=9374"
command:
- "-i" # interval
- "5s"
- "google.com"
- "ipv6.google.com"
- "discord.com"
- "wikipedia.com"
- "vodafone.de" # HURR DURR aber das sind ja alles US unternehmen das liegt nicht an uns hurr durr oder so
promtail:
image: grafana/promtail:latest
security_opt:
- label:disable
restart: unless-stopped
volumes:
- ./promtail.yml:/etc/promtail/config.yml:ro
- /var/log:/var/log:ro
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- /var/run/docker.sock:/var/run/docker.sock
command: -config.file=/etc/promtail/config.yml
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
networks:
- default # send
- backend
- metrics
volumes:
prom_data:
label_discovery:
networks:
backend:
internal: true
metrics:
external: true

33
ansible/plays/services/metric-export/prometheus.yml
View File

@ -1,33 +0,0 @@
global:
scrape_interval: 15s
scrape_timeout: 10s
evaluation_interval: 15s
scrape_configs:
- job_name: prometheus
honor_timestamps: true
scrape_interval: 15s
scrape_timeout: 10s
metrics_path: /metrics
scheme: http
static_configs:
- targets:
- localhost:9090
- job_name: 'service_discovery'
metric_relabel_configs:
- source_labels:
- "container_name"
target_label: "instance"
action: replace
file_sd_configs:
- files:
- /label_discovery/docker-targets.json
{% if metrics.additional_scrape_rules is defined %}
{{ metrics.additional_scrape_rules | to_nice_yaml}}
{% endif %}
remote_write:
- url: https://{{ common.mimir.host | mandatory }}/api/v1/push
headers:
X-Scope-OrgID: "{{ inventory_hostname | replace('.', '-') }}"
basic_auth:
username: "{{ common.mimir.username | mandatory }}"
password: "{{ common.mimir.password | mandatory }}"

28
ansible/plays/services/metric-export/promtail.yml
View File

@ -1,28 +0,0 @@
positions:
filename: /positions.yaml
server:
http_listen_port: 8080
clients:
- url: https://{{ common.loki.host | mandatory }}/loki/api/v1/push
tenant_id: "{{ inventory_hostname | replace('.', '-') }}"
basic_auth:
username: "{{ common.loki.username | mandatory }}"
password: "{{ common.loki.password | mandatory }}"
scrape_configs:
- job_name: flog_scrape
docker_sd_configs:
- host: unix:///var/run/docker.sock
refresh_interval: 5s
# filters:
# - name: label
# values: ["logging=promtail"]
relabel_configs:
- source_labels: ['__meta_docker_container_name']
regex: '/(.*)'
target_label: 'container'
- source_labels: ['__meta_docker_container_log_stream']
target_label: 'logstream'
- source_labels: ['__meta_docker_container_label_logging_jobname']
target_label: 'job'

1
ansible/plays/services/mimir/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=mimir

50
ansible/plays/services/mimir/alertmanager.yml
View File

@ -1,50 +0,0 @@
global:
resolve_timeout: 5m
route:
group_by: ['alertname']
group_wait: 5s
group_interval: 5m
repeat_interval: 1h
receiver: 'matrix-monitoring'
routes:
- receiver: 'hcio'
repeat_interval: 1h
matchers:
- alertname="PrometheusAlertmanagerE2eDeadManSwitch"
- receiver: 'email'
group_interval: 1m
matchers:
- job="matrix_synapse_1"
- receiver: 'matrix-monitoring'
group_wait: 30s
group_interval: 1h
matchers:
- alertname="PrometheusAllTargetsMissing"
- receiver: 'matrix-monitoring'
group_wait: 30s
group_interval: 1h
matchers:
- alertname="PrometheusTargetMissing"
receivers:
- name: 'email'
email_configs:
- to: '{{ mimir.alertmanager.smtp.target }}'
from: '"Alertmanager" <{{ mimir.alertmanager.smtp.username }}>'
smarthost: 'mxe8cf.netcup.net:587'
auth_username: '{{ mimir.alertmanager.smtp.username }}'
auth_identity: '{{ mimir.alertmanager.smtp.username }}'
auth_password: '{{ mimir.alertmanager.smtp.password }}'
- name: 'hcio'
email_configs:
- to: '{{ mimir.alertmanager.hcio.mail }}'
from: '"Alertmanager" <{{ mimir.alertmanager.smtp.username }}>'
smarthost: 'mxe8cf.netcup.net:587'
auth_username: '{{ mimir.alertmanager.smtp.username }}'
auth_identity: '{{ mimir.alertmanager.smtp.username }}'
auth_password: '{{ mimir.alertmanager.smtp.password }}'
- name: 'matrix-monitoring'
webhook_configs:
- url: 'http://alertmanager-matrix:3000/alerts?secret={{ mimir.alertmanager.matrix.alertmanager_token }}'

87
ansible/plays/services/mimir/docker-compose.yaml
View File

@ -1,87 +0,0 @@
services:
mimir:
image: grafana/mimir:latest
restart: unless-stopped
volumes:
- data:/mimir
- ./mimir.yml:/etc/mimir-config/mimir.yaml:ro,Z
{% for tenant in groups['prometheus']|map('extract', hostvars, 'inventory_hostname') %}
- ./rules:/data/rules/{{ tenant|replace('.', '-') }}:ro,Z
{% endfor %}
entrypoint:
- /bin/mimir
- -config.file=/etc/mimir-config/mimir.yaml
- -validation.max-label-names-per-series=60
- -tenant-federation.enabled=true
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.mimir.rule=Host(`mimir.tobiasmanske.de`)"
- "traefik.http.middlewares.mimir-auth.basicauth.users={{ common.mimir.username }}:{{ common.mimir.password_hash | mandatory }}"
- "traefik.http.routers.mimir.entryPoints=websecure"
- "traefik.http.services.mimir.loadbalancer.server.port=8080"
- "traefik.http.routers.mimir.middlewares=mimir-auth"
networks:
- backend
- metrics
- default
alertmanager:
image: prom/alertmanager:latest
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.alertmanager.rule=Host(`alertmanager.tobiasmanske.de`)"
- "traefik.http.routers.alertmanager.entryPoints=websecure"
- "traefik.http.services.alertmanager.loadbalancer.server.port=9093"
- "traefik.http.routers.alertmanager.middlewares=oauth@file"
volumes:
- ./alertmanager.yml:/etc/alertmanager/config.yml:ro,Z
- alertmanager_data:/data
networks:
- alertmanager
- backend
- metrics
- default
restart: unless-stopped
command:
- '--config.file=/etc/alertmanager/config.yml'
- '--web.external-url=https://alertmanager.tobiasmanske.de'
- '--storage.path=/data'
alertmanager-matrix:
image: jaywink/matrix-alertmanager:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.alertmanager-matrix.rule=Host(`alertmanager.tobiasmanske.de`) && PathPrefix(`/matrix/`)"
- "traefik.http.routers.alertmanager-matrix.middlewares=matrix-strip"
- "traefik.http.middlewares.matrix-strip.stripprefix.prefixes=/matrix"
- "traefik.http.middlewares.matrix-strip.stripprefix.forceslash=false"
- "traefik.http.routers.alertmanager-matrix.entryPoints=websecure"
- "traefik.http.services.alertmanager-matrix.loadbalancer.server.port=3000"
environment:
- APP_PORT=3000
- APP_ALERTMANAGER_SECRET={{ mimir.alertmanager.matrix.alertmanager_token | mandatory }}
- MATRIX_HOMESERVER_URL=http://pantalaimon:8008
- MATRIX_ROOMS={{ mimir.alertmanager.matrix.rooms | join('|') }}
- MATRIX_TOKEN={{ mimir.alertmanager.matrix.matrix_token }}
- MATRIX_USER=@alertmanager:{{ matrix.baseurl }}
- MENTION_ROOM=1
networks:
- alertmanager
- pantalaimon
volumes:
data:
alertmanager_data:
networks:
pantalaimon:
external: true
backend:
internal: true
metrics:
external: true
alertmanager:

54
ansible/plays/services/mimir/mimir.yml
View File

@ -1,54 +0,0 @@
# Do not use this configuration in production.
# It is for demonstration purposes only.
# Run Mimir in single process mode, with all components running in 1 process.
target: all
# ,alertmanager,overrides-exporter
# Configure Mimir to use Minio as object storage backend.
common:
storage:
backend: s3
s3:
endpoint: s3.tobiasmanske.de
access_key_id: "{{ mimir.s3.access_key }}"
secret_access_key: "{{ mimir.s3.secret_key }}"
bucket_name: mimir
# Blocks storage requires a prefix when using a common object storage bucket.
blocks_storage:
s3:
bucket_name: mimir-blocks
tsdb:
dir: /mimir/tsdb
flush_blocks_on_shutdown: true
ingester:
ring:
replication_factor: 1
store_gateway:
sharding_ring:
replication_factor: 1
ruler:
rule_path: /tmp/ruler
alertmanager_url: http://alertmanager:9093/
tenant_federation:
enabled: true
ring:
# Quickly detect unhealthy rulers to speed up the tutorial.
heartbeat_period: 2s
heartbeat_timeout: 10s
ruler_storage:
backend: local
local:
directory: /data/rules
#
# alertmanager:
# data_dir: /data/alertmanager
# fallback_config_file: /etc/alertmanager-fallback-config.yaml
# external_url: http://localhost:9009/alertmanager
server:
log_level: warn

54
ansible/plays/services/mimir/rules/cadvisor.yaml
View File

@ -1,54 +0,0 @@
# {% raw %}
groups:
- name: GoogleCadvisor
rules:
# - alert: ContainerKilled
# expr: 'time() - container_last_seen > 60'
# for: 0m
# labels:
# severity: warning
# annotations:
# summary: Container killed (instance {{ $labels.instance }})
# description: "A container has disappeared\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: ContainerAbsent
# expr: 'absent(container_last_seen)'
# for: 5m
# labels:
# severity: warning
# annotations:
# summary: Container absent (instance {{ $labels.instance }})
# description: "A container is absent for 5 min\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: ContainerCpuUsage
expr: '(sum(rate(container_cpu_usage_seconds_total{name!=""}[3m])) BY (instance, name) * 100) > 80'
for: 2m
labels:
severity: warning
annotations:
summary: Container CPU usage (instance {{ $labels.instance }})
description: "Container CPU usage is above 80%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: ContainerMemoryUsage
expr: '(sum(container_memory_working_set_bytes{name!=""}) BY (instance, name) / sum(container_spec_memory_limit_bytes > 0) BY (instance, name) * 100) > 80'
for: 2m
labels:
severity: warning
annotations:
summary: Container Memory usage (instance {{ $labels.instance }})
description: "Container Memory usage is above 80%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: ContainerVolumeUsage
# expr: '(1 - (sum(container_fs_inodes_free{name!=""}) BY (instance) / sum(container_fs_inodes_total) BY (instance))) * 100 > 80'
# for: 2m
# labels:
# severity: warning
# annotations:
# summary: Container Volume usage (instance {{ $labels.instance }})
# description: "Container Volume usage is above 80%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: ContainerHighThrottleRate
expr: 'rate(container_cpu_cfs_throttled_seconds_total[3m]) > 1'
for: 2m
labels:
severity: warning
annotations:
summary: Container high throttle rate (instance {{ $labels.instance }})
description: "Container is being throttled\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# {% endraw %}

303
ansible/plays/services/mimir/rules/node.yaml
View File

@ -1,303 +0,0 @@
# {% raw %}
groups:
- name: NodeExporter
rules:
- alert: HostOutOfMemory
expr: 'node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes * 100 < 10'
for: 2m
labels:
severity: warning
annotations:
summary: Host out of memory (instance {{ $labels.instance }})
description: "Node memory is filling up (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostMemoryUnderMemoryPressure
expr: 'rate(node_vmstat_pgmajfault[1m]) > 1000 unless on() hour()>=0 <=3'
for: 2m
labels:
severity: warning
annotations:
summary: Host memory under memory pressure (instance {{ $labels.instance }})
description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostMemoryIsUnderUtilized
# expr: '100 - (rate(node_memory_MemAvailable_bytes[30m]) / node_memory_MemTotal_bytes * 100) < 20'
# for: 1w
# labels:
# severity: info
# annotations:
# summary: Host Memory is under utilized (instance {{ $labels.instance }})
# description: "Node memory is < 20% for 1 week. Consider reducing memory space.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualNetworkThroughputIn
expr: 'sum by (instance) (rate(node_network_receive_bytes_total[2m])) / 1024 / 1024 > 100'
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual network throughput in (instance {{ $labels.instance }})
description: "Host network interfaces are probably receiving too much data (> 100 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualNetworkThroughputOut
expr: 'sum by (instance) (rate(node_network_transmit_bytes_total[2m])) / 1024 / 1024 > 100'
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual network throughput out (instance {{ $labels.instance }})
description: "Host network interfaces are probably sending too much data (> 100 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskReadRate
expr: 'sum by (instance) (rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50'
for: 5m
labels:
severity: warning
annotations:
summary: Host unusual disk read rate (instance {{ $labels.instance }})
description: "Disk is probably reading too much data (> 50 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskWriteRate
expr: 'sum by (instance) (rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50'
for: 2m
labels:
severity: warning
annotations:
summary: Host unusual disk write rate (instance {{ $labels.instance }})
description: "Disk is probably writing too much data (> 50 MB/s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostOutOfDiskSpace
expr: '(node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host out of disk space (instance {{ $labels.instance }})
description: "Disk is almost full (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostDiskWillFillIn24Hours
expr: '(node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) predict_linear(node_filesystem_avail_bytes{fstype!~"tmpfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host disk will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of space within the next 24 hours at current write rate\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostOutOfInodes
expr: 'node_filesystem_files_free / node_filesystem_files * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host out of inodes (instance {{ $labels.instance }})
description: "Disk is almost running out of available inodes (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostInodesWillFillIn24Hours
expr: 'node_filesystem_files_free / node_filesystem_files * 100 < 10 and predict_linear(node_filesystem_files_free[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host inodes will fill in 24 hours (instance {{ $labels.instance }})
description: "Filesystem is predicted to run out of inodes within the next 24 hours at current write rate\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskReadLatency
expr: 'rate(node_disk_read_time_seconds_total[1m]) / rate(node_disk_reads_completed_total[1m]) > 0.1 and rate(node_disk_reads_completed_total[1m]) > 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host unusual disk read latency (instance {{ $labels.instance }})
description: "Disk latency is growing (read operations > 100ms)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostUnusualDiskWriteLatency
expr: 'rate(node_disk_write_time_seconds_total[1m]) / rate(node_disk_writes_completed_total[1m]) > 0.1 and rate(node_disk_writes_completed_total[1m]) > 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host unusual disk write latency (instance {{ $labels.instance }})
description: "Disk latency is growing (write operations > 100ms)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostHighCpuLoad
expr: '(100 - (avg by(instance) (rate(node_cpu_seconds_total{mode="idle"}[2m])) * 100)) > 80 unless on() hour()>=0 <=3'
for: 2m
labels:
severity: warning
annotations:
summary: Host high CPU load (instance {{ $labels.instance }})
description: "CPU load is > 80%\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostCpuIsUnderUtilized
# expr: '100 - (rate(node_cpu_seconds_total{mode="idle"}[30m]) * 100) < 20'
# for: 1w
# labels:
# severity: info
# annotations:
# summary: Host CPU is under utilized (instance {{ $labels.instance }})
# description: "CPU load is < 20% for 1 week. Consider reducing the number of CPUs.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostCpuStealNoisyNeighbor
expr: 'avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10'
for: 0m
labels:
severity: warning
annotations:
summary: Host CPU steal noisy neighbor (instance {{ $labels.instance }})
description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostCpuHighIowait
# expr: 'avg by (instance) (rate(node_cpu_seconds_total{mode="iowait"}[5m])) * 100 > 15'
# for: 0m
# labels:
# severity: warning
# annotations:
# summary: Host CPU high iowait (instance {{ $labels.instance }})
# description: "CPU iowait > 15%. A high iowait means that you are disk or network bound.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostUnusualDiskIo
# expr: 'rate(node_disk_io_time_seconds_total[1m]) > 0.5'
# for: 5m
# labels:
# severity: warning
# annotations:
# summary: Host unusual disk IO (instance {{ $labels.instance }})
# description: "Time spent in IO is too high on {{ $labels.instance }}. Check storage for issues.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: HostContextSwitching
# expr: '(rate(node_context_switches_total[5m])) / (count without(cpu, mode) (node_cpu_seconds_total{mode="idle"})) > 1000'
# for: 0m
# labels:
# severity: warning
# annotations:
# summary: Host context switching (instance {{ $labels.instance }})
# description: "Context switching is growing on node (> 1000 / s)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostSwapIsFillingUp
expr: '(1 - (node_memory_SwapFree_bytes / node_memory_SwapTotal_bytes)) * 100 > 80'
for: 2m
labels:
severity: warning
annotations:
summary: Host swap is filling up (instance {{ $labels.instance }})
description: "Swap is filling up (>80%)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostSystemdServiceCrashed
expr: 'node_systemd_unit_state{state="failed"} == 1'
for: 0m
labels:
severity: warning
annotations:
summary: Host systemd service crashed (instance {{ $labels.instance }})
description: "systemd service crashed\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostPhysicalComponentTooHot
expr: 'node_hwmon_temp_celsius * ignoring(label) group_left(instance, job, node, sensor) node_hwmon_sensor_label{label!="tctl"} > 75'
for: 5m
labels:
severity: warning
annotations:
summary: Host physical component too hot (instance {{ $labels.instance }})
description: "Physical hardware component too hot\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNodeOvertemperatureAlarm
expr: 'node_hwmon_temp_crit_alarm_celsius == 1'
for: 0m
labels:
severity: critical
annotations:
summary: Host node overtemperature alarm (instance {{ $labels.instance }})
description: "Physical node temperature alarm triggered\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostRaidArrayGotInactive
expr: 'node_md_state{state="inactive"} > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Host RAID array got inactive (instance {{ $labels.instance }})
description: "RAID array {{ $labels.device }} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostRaidDiskFailure
expr: 'node_md_disks{state="failed"} > 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host RAID disk failure (instance {{ $labels.instance }})
description: "At least one device in RAID array on {{ $labels.instance }} failed. Array {{ $labels.md_device }} needs attention and possibly a disk swap\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostKernelVersionDeviations
expr: 'count(sum(label_replace(node_uname_info, "kernel", "$1", "release", "([0-9]+.[0-9]+.[0-9]+).*")) by (kernel)) > 1'
for: 6h
labels:
severity: warning
annotations:
summary: Host kernel version deviations (instance {{ $labels.instance }})
description: "Different kernel versions are running\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostOomKillDetected
expr: 'increase(node_vmstat_oom_kill[1m]) > 0'
for: 0m
labels:
severity: warning
annotations:
summary: Host OOM kill detected (instance {{ $labels.instance }})
description: "OOM kill detected\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostEdacCorrectableErrorsDetected
expr: 'increase(node_edac_correctable_errors_total[1m]) > 0'
for: 0m
labels:
severity: info
annotations:
summary: Host EDAC Correctable Errors detected (instance {{ $labels.instance }})
description: "Host {{ $labels.instance }} has had {{ printf \"%.0f\" $value }} correctable memory errors reported by EDAC in the last 5 minutes.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostEdacUncorrectableErrorsDetected
expr: 'node_edac_uncorrectable_errors_total > 0'
for: 0m
labels:
severity: warning
annotations:
summary: Host EDAC Uncorrectable Errors detected (instance {{ $labels.instance }})
description: "Host {{ $labels.instance }} has had {{ printf \"%.0f\" $value }} uncorrectable memory errors reported by EDAC in the last 5 minutes.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNetworkReceiveErrors
expr: 'rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01'
for: 2m
labels:
severity: warning
annotations:
summary: Host Network Receive Errors (instance {{ $labels.instance }})
description: "Host {{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf \"%.0f\" $value }} receive errors in the last two minutes.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNetworkTransmitErrors
expr: 'rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01'
for: 2m
labels:
severity: warning
annotations:
summary: Host Network Transmit Errors (instance {{ $labels.instance }})
description: "Host {{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf \"%.0f\" $value }} transmit errors in the last two minutes.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNetworkInterfaceSaturated
expr: '(rate(node_network_receive_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m]) + rate(node_network_transmit_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m])) / node_network_speed_bytes{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"} > 0.8 < 10000'
for: 1m
labels:
severity: warning
annotations:
summary: Host Network Interface Saturated (instance {{ $labels.instance }})
description: "The network interface \"{{ $labels.device }}\" on \"{{ $labels.instance }}\" is getting overloaded.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostNetworkBondDegraded
expr: '(node_bonding_active - node_bonding_slaves) != 0'
for: 2m
labels:
severity: warning
annotations:
summary: Host Network Bond Degraded (instance {{ $labels.instance }})
description: "Bond \"{{ $labels.device }}\" degraded on \"{{ $labels.instance }}\".\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostConntrackLimit
expr: 'node_nf_conntrack_entries / node_nf_conntrack_entries_limit > 0.8'
for: 5m
labels:
severity: warning
annotations:
summary: Host conntrack limit (instance {{ $labels.instance }})
description: "The number of conntrack is approaching limit\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostClockSkew
expr: '(node_timex_offset_seconds > 0.05 and deriv(node_timex_offset_seconds[5m]) >= 0) or (node_timex_offset_seconds < -0.05 and deriv(node_timex_offset_seconds[5m]) <= 0)'
for: 2m
labels:
severity: warning
annotations:
summary: Host clock skew (instance {{ $labels.instance }})
description: "Clock skew detected. Clock is out of sync. Ensure NTP is configured correctly on this host.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostClockNotSynchronising
expr: 'min_over_time(node_timex_sync_status[1m]) == 0 and node_timex_maxerror_seconds >= 16'
for: 2m
labels:
severity: warning
annotations:
summary: Host clock not synchronising (instance {{ $labels.instance }})
description: "Clock not synchronising. Ensure NTP is configured on this host.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: HostRequiresReboot
expr: 'node_reboot_required > 0'
for: 4h
labels:
severity: info
annotations:
summary: Host requires reboot (instance {{ $labels.instance }})
description: "{{ $labels.instance }} requires a reboot.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# {% endraw %}

231
ansible/plays/services/mimir/rules/prometheus.yaml
View File

@ -1,231 +0,0 @@
# {% raw %}
groups:
- name: EmbeddedExporter
rules:
- alert: PrometheusJobMissing
expr: 'absent(up{job="prometheus"})'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus job missing (instance {{ $labels.instance }})
description: "A Prometheus job has disappeared\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTargetMissing
expr: 'up == 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus target missing (instance {{ $labels.instance }})
description: "A Prometheus target has disappeared. An exporter might be crashed.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAllTargetsMissing
expr: 'sum by (job) (up) == 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus all targets missing (instance {{ $labels.instance }})
description: "A Prometheus job does not have living target anymore.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTargetMissingWithWarmupTime
expr: 'sum by (instance, job) ((up == 0) * on (instance) group_right(job) (node_time_seconds - node_boot_time_seconds > 600))'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus target missing with warmup time (instance {{ $labels.instance }})
description: "Allow a job time to start up (10 minutes) before alerting that it's down.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusConfigurationReloadFailure
expr: 'prometheus_config_last_reload_successful != 1'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus configuration reload failure (instance {{ $labels.instance }})
description: "Prometheus configuration reload error\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTooManyRestarts
expr: 'changes(process_start_time_seconds{job=~"prometheus|pushgateway|alertmanager"}[15m]) > 2'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus too many restarts (instance {{ $labels.instance }})
description: "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: PrometheusAlertmanagerJobMissing
# expr: 'absent(up{job="alertmanager"})'
# for: 0m
# labels:
# severity: warning
# annotations:
# summary: Prometheus AlertManager job missing (instance {{ $labels.instance }})
# description: "A Prometheus AlertManager job has disappeared\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAlertmanagerConfigurationReloadFailure
expr: 'alertmanager_config_last_reload_successful != 1'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus AlertManager configuration reload failure (instance {{ $labels.instance }})
description: "AlertManager configuration reload error\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAlertmanagerConfigNotSynced
expr: 'count(count_values("config_hash", alertmanager_config_hash)) > 1'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus AlertManager config not synced (instance {{ $labels.instance }})
description: "Configurations of AlertManager cluster instances are out of sync\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAlertmanagerE2eDeadManSwitch
expr: 'vector(1)'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus AlertManager E2E dead man switch (instance {{ $labels.instance }})
description: "Prometheus DeadManSwitch is an always-firing alert. It's used as an end-to-end test of Prometheus through the Alertmanager.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: PrometheusNotConnectedToAlertmanager
# expr: 'prometheus_notifications_alertmanagers_discovered < 1'
# for: 0m
# labels:
# severity: critical
# annotations:
# summary: Prometheus not connected to alertmanager (instance {{ $labels.instance }})
# description: "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusRuleEvaluationFailures
expr: 'increase(prometheus_rule_evaluation_failures_total[3m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus rule evaluation failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTemplateTextExpansionFailures
expr: 'increase(prometheus_template_text_expansion_failures_total[3m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus template text expansion failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusRuleEvaluationSlow
expr: 'prometheus_rule_group_last_duration_seconds > prometheus_rule_group_interval_seconds'
for: 5m
labels:
severity: warning
annotations:
summary: Prometheus rule evaluation slow (instance {{ $labels.instance }})
description: "Prometheus rule evaluation took more time than the scheduled interval. It indicates a slower storage backend access or too complex query.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusNotificationsBacklog
expr: 'min_over_time(prometheus_notifications_queue_length[10m]) > 0'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus notifications backlog (instance {{ $labels.instance }})
description: "The Prometheus notification queue has not been empty for 10 minutes\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusAlertmanagerNotificationFailing
expr: 'rate(alertmanager_notifications_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus AlertManager notification failing (instance {{ $labels.instance }})
description: "Alertmanager is failing sending notifications\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# - alert: PrometheusTargetEmpty
# expr: 'prometheus_sd_discovered_targets == 0'
# for: 0m
# labels:
# severity: critical
# annotations:
# summary: Prometheus target empty (instance {{ $labels.instance }})
# description: "Prometheus has no target in service discovery\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTargetScrapingSlow
expr: 'prometheus_target_interval_length_seconds{quantile="0.9"} / on (interval, instance, job) prometheus_target_interval_length_seconds{quantile="0.5"} > 1.05'
for: 5m
labels:
severity: warning
annotations:
summary: Prometheus target scraping slow (instance {{ $labels.instance }})
description: "Prometheus is scraping exporters slowly since it exceeded the requested interval time. Your Prometheus server is under-provisioned.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusLargeScrape
expr: 'increase(prometheus_target_scrapes_exceeded_sample_limit_total[10m]) > 10'
for: 5m
labels:
severity: warning
annotations:
summary: Prometheus large scrape (instance {{ $labels.instance }})
description: "Prometheus has many scrapes that exceed the sample limit\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTargetScrapeDuplicate
expr: 'increase(prometheus_target_scrapes_sample_duplicate_timestamp_total[5m]) > 0'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus target scrape duplicate (instance {{ $labels.instance }})
description: "Prometheus has many samples rejected due to duplicate timestamps but different values\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbCheckpointCreationFailures
expr: 'increase(prometheus_tsdb_checkpoint_creations_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB checkpoint creation failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} checkpoint creation failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbCheckpointDeletionFailures
expr: 'increase(prometheus_tsdb_checkpoint_deletions_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB checkpoint deletion failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} checkpoint deletion failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbCompactionsFailed
expr: 'increase(prometheus_tsdb_compactions_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB compactions failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB compactions failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbHeadTruncationsFailed
expr: 'increase(prometheus_tsdb_head_truncations_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB head truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB head truncation failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbReloadFailures
expr: 'increase(prometheus_tsdb_reloads_failures_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB reload failures (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB reload failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbWalCorruptions
expr: 'increase(prometheus_tsdb_wal_corruptions_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB WAL corruptions (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL corruptions\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTsdbWalTruncationsFailed
expr: 'increase(prometheus_tsdb_wal_truncations_failed_total[1m]) > 0'
for: 0m
labels:
severity: critical
annotations:
summary: Prometheus TSDB WAL truncations failed (instance {{ $labels.instance }})
description: "Prometheus encountered {{ $value }} TSDB WAL truncation failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: PrometheusTimeserieCardinality
expr: 'label_replace(count by(__name__) ({__name__=~".+"}), "name", "$1", "__name__", "(.+)") > 10000'
for: 0m
labels:
severity: warning
annotations:
summary: Prometheus timeserie cardinality (instance {{ $labels.instance }})
description: "The \"{{ $labels.name }}\" timeserie cardinality is getting very high: {{ $value }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
# {% endraw %}

57
ansible/plays/services/miniflux/docker-compose.yaml
View File

@ -1,57 +0,0 @@
{% import 'macro/postgres.j2' as pg with context %}
---
version: '3'
services:
miniflux:
image: miniflux/miniflux:latest
restart: unless-stopped
depends_on:
db:
condition: service_healthy
environment:
- FETCH_YOUTUBE_WATCH_TIME=1
- DATABASE_URL=postgres://{{ miniflux.db.user }}:{{ miniflux.db.password }}@db/{{ miniflux.db.name }}?sslmode=disable
- RUN_MIGRATIONS=1
- CREATE_ADMIN=1
- ADMIN_USERNAME={{ miniflux.admin.user }}
- ADMIN_PASSWORD={{ miniflux.admin.password }}
- BASE_URL=https://rss.tobiasmanske.de
- CLEANUP_ARCHIVE_READ_DAYS=-1
- OAUTH2_CLIENT_ID={{ miniflux.oauth.client_id }}
- OAUTH2_CLIENT_SECRET={{ miniflux.oauth.client_secret }}
- OAUTH2_OIDC_DISCOVERY_ENDPOINT={{ miniflux.oauth.discovery_endpoint }}
- OAUTH2_PROVIDER=oidc
- OAUTH2_REDIRECT_URL={{ miniflux.oauth.redirect_url }}
- OAUTH2_USER_CREATION=1
- METRICS_COLLECTOR=1
- METRICS_ALLOWED_NETWORKS=0.0.0.0/0
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.miniflux.rule=Host(`rss.tobiasmanske.de`)"
- "traefik.http.routers.miniflux.entryPoints=websecure"
- "traefik.http.routers.miniflux.middlewares=deny-metrics@file"
- "traefik.http.services.miniflux.loadbalancer.server.port=8080"
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=8080"
networks:
- backend
- pantalaimon
- default
- metrics
{{ pg.postgres("db", miniflux.db.user, miniflux.db.password, miniflux.db.user, ["backend"], version="13") }}
volumes:
db_data:
networks:
backend:
internal: true
pantalaimon:
external: true
metrics:
external: true
postgres:
internal: true
...

3
ansible/plays/services/minio/.env
View File

@ -1,3 +0,0 @@
COMPOSE_PROJECT_NAME=minio
MINIO_URL=s3.tobiasmanske.de
DASHBOARD_URL=minio.tobiasmanske.de

41
ansible/plays/services/minio/docker-compose.yaml
View File

@ -1,41 +0,0 @@
---
version: "3.9"
services:
minio:
image: minio/minio:latest
restart: always
ulimits:
nofile:
soft: 4096
hard: 16000
environment:
- "MINIO_ROOT_USER={{ minio.user | mandatory }}"
- "MINIO_ROOT_PASSWORD={{ minio.password | mandatory }}"
- "MINIO_SERVER_URL=https://${MINIO_URL}"
- "MINIO_BROWSER_REDIRECT_URL=https://${DASHBOARD_URL}"
- "MINIO_KMS_SECRET_KEY=kms-key:{{ lookup('env', 'MINIO_KMS_SECRET_KEY') }}"
volumes:
- data:/data
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.minio.rule=Host(`${MINIO_URL}`)||Host(`s3.unruhig.eu`)"
- "traefik.http.routers.minio.entryPoints=websecure"
- "traefik.http.services.minio.loadbalancer.server.port=9000"
- "traefik.http.routers.minio.service=minio"
- "traefik.http.routers.minio-dashboard.rule=Host(`${DASHBOARD_URL}`)"
- "traefik.http.routers.minio-dashboard.entryPoints=websecure"
- "traefik.http.services.minio-dashboard.loadbalancer.server.port=9001"
- "traefik.http.routers.minio-dashboard.service=minio-dashboard"
command: "server /data --console-address ':9001' --anonymous"
# healthcheck:
# test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
# interval: 30s
# timeout: 20s
# retries: 3
volumes:
data:
...

Some files were not shown because too many files have changed in this diff Show More