Create halo role, VM.

ansible/halo.yml

@@ -0,0 +1,16 @@
+---
+
+- name: init droplet
+  hosts: halo
+  tasks:
+    - debug: msg="Deploying droplet config to cloud server"
+  roles:
+    - { name: droplets, tags: ['init']}
+
+- name: deploy the halo stack
+  hosts: halo
+  remote_user: "{{ remote_user }}"
+  tasks:
+    - debug: msg="Deploying halo stack to cloud server"
+  roles:
+    - { name: halo, tags: ['halo'] }

ansible/inventory/hosts.yml

@@ -12,19 +12,10 @@ all:
       hosts:
         storage.home.jowj.net:
         cloudkey.home.jowj.net:
-    vpn:
-      hosts:
-        vpn.awful.club:
     dev:
       hosts:
         localhost:
           ansible_connection: local
-    onprem_clients:
-      hosts:
-        hydra-ling:
-        lurker-ling:
-        ling-bane:
-        little-lady:
     mediaserver:
       hosts:
         hatchery:
@@ -33,3 +24,7 @@ all:
       hosts:
         larva.home.jowj.net:
           ansible_python_interpreter: /usr/bin/python3
+    halo:
+      hosts:
+        halo.awful.club:
+          ansible_python_interpreter: python3

ansible/roles/halo/readme.org

@@ -0,0 +1,6 @@
+* halo
+halo hosts my shared services for my tailnet. right now thats just
+- smokeping
+- oversearr
+
+

ansible/roles/halo/tasks/main.yml

@@ -0,0 +1,73 @@
+---
+# deploy a halo host
+
+# boot strap server
+- name: Install aptitude using apt
+  apt: name=aptitude state=latest update_cache=yes force_apt_get=yes
+
+- name: Install required system packages for docker install
+  apt: name={{ item }} state=latest update_cache=yes
+  loop: [ 'apt-transport-https', 'ca-certificates', 'software-properties-common']
+
+- name: Add Docker GPG apt Key
+  apt_key:
+    url: https://download.docker.com/linux/debian/gpg
+    state: present
+
+- name: Add Docker Repository
+  apt_repository:
+    repo: deb https://download.docker.com/linux/ubuntu bionic stable
+    state: present
+
+- name: Add tailscale GPG apt Key
+  apt_key:
+    url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg
+    state: present
+
+- name: Add tailscsale Repository
+  apt_repository:
+    repo: deb https://pkgs.tailscale.com/stable/debian bullseye main
+    state: present    
+
+- name: Update apt
+  apt: update_cache=yes
+
+- name: Install required system packages
+  apt: name={{ sys_packages }} state=latest
+
+- name: add 'josiah' to docker group
+  user:
+    name='josiah'
+    groups=docker
+    append=yes
+
+- name: install python packages
+  pip:
+    name: ["jsondiff", "docker"]
+
+# init new swarm, set up 
+- name: Init a new swarm with default parameters
+  docker_swarm:
+    state: present
+    advertise_addr: "100.108.51.49"
+
+- name: ensure the app folders exist
+  file: state=directory path={{ item }} owner=josiah group=josiah mode=0700
+  loop: [ '/home/josiah/apps/smokeping/',  '/home/josiah/apps/smokeping/config/', '/home/josiah/apps/letsencrypt/',  '/home/josiah/apps/smokeping/config/', '/home/josiah/apps/smokeping/data' ]
+
+- name: copy over awful-All config files
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0777
+  with_items:
+    - {src: 'halo-compose.yml', dest: '/home/josiah/apps/halo-compose.yml'}
+    - {src: 'traefik.yml', dest: '/home/josiah/apps/traefik.yml'}
+    - {src: 'Targets', dest: '/home/josiah/apps/smokeping/config/Targets'}    
+
+- name: Deploy halo stack
+  docker_stack:
+    state: present
+    name: halo
+    compose:
+      - /home/josiah/apps/halo-compose.yml

ansible/roles/halo/templates/Targets

@@ -0,0 +1,213 @@
+*** Targets ***
+
+probe = FPing
+
+menu = Top
+title = work Latency Grapher
+remark = Welcome to the SmokePing website of WORKS Company. \
+         Here you will learn all about the latency of our network.
+
++ HomeNet 
+menu = HomeNet
+title = HomeNet
+
+++ hatchery
+menu = hatchery
+title = hatchery
+host = hatchery.home.jowj.net
+
+++ hoyden
+menu = hoyden
+title = hoyden
+host = 192.168.1.20
+
+++ synology-as-1
+menu = syn-nas
+title = syn-nas 
+host = storage.home.jowj.net
+
+++ sainthood
+menu = sainthood
+title = sainthood
+host = sainthood.home.jowj.net
+
++ Services
+menu = Services
+title = Services
+
+++ sonarr
+menu = sonarr
+title = sonarr
+host = sonarr.services.jowj.net
+
+++ readarr
+menu = readarr
+title = readarr
+host = readarr.services.jowj.net
+
+++ lidarr
+menu = lidarr
+title = lidarr
+host = lidarr.services.jowj.net
+
+++ radarr
+menu = radarr
+title = radarr
+host = radarr.services.jowj.net
+
+++ sabnzb
+menu = sabnzbd
+title = sabnzbd
+host = sab.services.jowj.net
+
++ AwfulNet
+menu = AwfulNet
+title = AwfulNet
+
+++ matrix
+menu = matrix
+title = matrix.awful.club
+host = matrix.awful.club
+
+++ awful1
+menu = awful1
+title = awful1
+host = awful-1.awful.club
+
+
++ InternetSites
+
+menu = Internet Sites
+title = Internet Sites
+
+++ GoogleSearch
+menu = Google
+title = google.com
+host = google.com
+
+++ GoogleSearchIpv6
+menu = Google
+probe = FPing6
+title = ipv6.google.com
+host = ipv6.google.com
+
+++ linuxserverio
+menu = linuxserver.io
+title = linuxserver.io
+host = linuxserver.io
+
++ USA
+
+menu = North America
+title = North American Connectivity
+
+++ MIT
+
+menu = MIT
+title = Massachusetts Institute of Technology Webserver
+host = web.mit.edu
+
+++ OSUOSL
+
+menu = Oregon State University Open Source Lab
+title = Oregon State University Open Source Lab
+host = osuosl.org
+
++ DNS
+menu = DNS
+title = DNS
+
+++ GoogleDNS1
+menu = Google DNS 1
+title = Google DNS 8.8.8.8
+host = 8.8.8.8
+
+++ GoogleDNS2
+menu = Google DNS 2
+title = Google DNS 8.8.4.4
+host = 8.8.4.4
+
+++ OpenDNS1
+menu = OpenDNS1
+title = OpenDNS1
+host = 208.67.222.222
+
+++ OpenDNS2
+menu = OpenDNS2
+title = OpenDNS2
+host = 208.67.220.220
+
+++ CloudflareDNS1
+menu = Cloudflare DNS 1
+title = Cloudflare DNS 1.1.1.1
+host = 1.1.1.1
+
+++ CloudflareDNS2
+menu = Cloudflare DNS 2
+title = Cloudflare DNS 1.0.0.1
+host = 1.0.0.1
+
+++ L3-1
+menu = Level3 DNS 1
+title = Level3 DNS 4.2.2.1
+host = 4.2.2.1
+
+++ L3-2
+menu = Level3 DNS 2
+title = Level3 DNS 4.2.2.2
+host = 4.2.2.2
+
+++ Quad9
+menu = Quad9
+title = Quad9 DNS 9.9.9.9
+host = 9.9.9.9
+
++ DNSProbes
+menu = DNS Probes
+title = DNS Probes
+probe = DNS
+
+++ GoogleDNS1
+menu = Google DNS 1
+title = Google DNS 8.8.8.8
+host = 8.8.8.8
+
+++ GoogleDNS2
+menu = Google DNS 2
+title = Google DNS 8.8.4.4
+host = 8.8.4.4
+
+++ OpenDNS1
+menu = OpenDNS1
+title = OpenDNS1
+host = 208.67.222.222
+
+++ OpenDNS2
+menu = OpenDNS2
+title = OpenDNS2
+host = 208.67.220.220
+
+++ CloudflareDNS1
+menu = Cloudflare DNS 1
+title = Cloudflare DNS 1.1.1.1
+host = 1.1.1.1
+
+++ CloudflareDNS2
+menu = Cloudflare DNS 2
+title = Cloudflare DNS 1.0.0.1
+host = 1.0.0.1
+
+++ L3-1
+menu = Level3 DNS 1
+title = Level3 DNS 4.2.2.1
+host = 4.2.2.1
+
+++ L3-2
+menu = Level3 DNS 2
+title = Level3 DNS 4.2.2.2
+host = 4.2.2.2
+
+++ Quad9
+menu = Quad9
+title = Quad9 DNS 9.9.9.9
+host = 9.9.9.9

ansible/roles/halo/templates/halo-compose.yml

@@ -0,0 +1,54 @@
+version: '3'
+
+networks:
+  gitea:
+    external: false
+  pubnet:
+    external: false
+
+volumes:
+  traefik_acme:
+  traefik_logs:
+    
+services:      
+  traefik:
+    image: "traefik:v2.2"
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}"
+    networks:
+      pubnet:
+    volumes:
+      - "/home/josiah/apps/letsencrypt/:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "/home/josiah/apps/traefik.yml:/etc/traefik/traefik.yml"
+      - traefik_logs:/log
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.edge.rule=hostregexp(`{host:.+}`)"      
+      - "traefik.http.routers.edge.entrypoints=web"
+      - "traefik.http.routers.edge.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+  smokeping:
+    image: lscr.io/linuxserver/smokeping:latest
+    networks:
+      pubnet:
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/Chicago
+    volumes:
+      - /home/josiah/apps/smokeping/config/:/config
+      - /home/josiah/apps/smokeping/data:/data
+    restart: unless-stopped
+    labels:
+      # global rules
+      - "traefik.enable=true"
+      # the web ui
+      - "traefik.http.routers.freshrss.rule=Host(`monitor.awful.club`)"      
+      - "traefik.http.routers.freshrss.entrypoints=websecure"
+      - "traefik.http.routers.freshrss.tls=true"      
+      - "traefik.http.routers.freshrss.tls.certresolver=awful-letsencrypt"      

ansible/roles/halo/templates/traefik.yml

@@ -0,0 +1,37 @@
+# defaultEntryPoints must be at the top
+# because it should not be in any table below
+defaultEntryPoints: ["http", "https"]
+
+global:
+  checkNewVersion: true
+  sendAnonymousUsage: true
+api:
+  dashboard: false
+  debug: true
+  insecure: false
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+
+providers:
+  docker:
+    watch: true
+    swarmMode: false
+    endpoint: "unix:///var/run/docker.sock"
+    exposedbydefault: false
+certificatesResolvers:
+  awful-letsencrypt:
+    acme:
+      email: "admin@awful.club"
+      storage: "/letsencrypt/acme.json"
+      # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      dnsChallenge:
+        provider: "digitalocean"
+log:
+  filePath: "/log/traefik.log"
+  level: DEBUG
+accessLog:
+  filePath: "/log/access.log"
+  bufferingSize: 100

ansible/roles/halo/vars/main.yml

@@ -0,0 +1 @@
+sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip', 'docker', 'ca-certificates', 'curl', 'gnupg', 'lsb-release', 'docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-compose-plugin', 'tailscale']