Compare commits
3 Commits
871765bad5
...
dd1517e85a
Author | SHA1 | Date |
---|---|---|
josiah | dd1517e85a | 1 year ago |
josiah | 72af7f731a | 1 year ago |
josiah | c75284c871 | 1 year ago |
@ -1,8 +0,0 @@
|
||||
---
|
||||
|
||||
- name: generate ios client config
|
||||
hosts: dev #localhost
|
||||
tasks:
|
||||
- debug: msg="generate phone config"
|
||||
roles:
|
||||
- { name: wg_vpn }
|
@ -1,8 +0,0 @@
|
||||
---
|
||||
|
||||
- name: cloud wg config
|
||||
hosts: vpn
|
||||
tasks:
|
||||
- debug: msg="Deploying wg to cloud server"
|
||||
roles:
|
||||
- { name: wg_vpn, tags: ['wg_vpn'] }
|
@ -0,0 +1,16 @@
|
||||
---
|
||||
|
||||
- name: init droplet
|
||||
hosts: halo
|
||||
tasks:
|
||||
- debug: msg="Deploying droplet config to cloud server"
|
||||
roles:
|
||||
- { name: droplets, tags: ['init']}
|
||||
|
||||
- name: deploy the halo stack
|
||||
hosts: halo
|
||||
remote_user: "{{ remote_user }}"
|
||||
tasks:
|
||||
- debug: msg="Deploying halo stack to cloud server"
|
||||
roles:
|
||||
- { name: halo, tags: ['halo'] }
|
@ -0,0 +1,48 @@
|
||||
---
|
||||
|
||||
- name: Make sure we have a 'sudo' group
|
||||
group:
|
||||
name: sudo
|
||||
state: present
|
||||
|
||||
- name: Allow sudo group to have passwordless sudo
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^%sudo'
|
||||
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
|
||||
validate: '/usr/sbin/visudo -cf %s'
|
||||
|
||||
- name: Create a new regular user with sudo privileges
|
||||
user:
|
||||
name: "{{ create_user }}"
|
||||
state: present
|
||||
groups: sudo
|
||||
append: true
|
||||
create_home: true
|
||||
shell: /bin/bash
|
||||
|
||||
- name: Set authorized key for remote user
|
||||
authorized_key:
|
||||
user: "{{ create_user }}"
|
||||
state: present
|
||||
key: "{{ copy_local_key }}"
|
||||
|
||||
|
||||
# - name: Disable password authentication for root
|
||||
# lineinfile:
|
||||
# path: /etc/ssh/sshd_config
|
||||
# state: present
|
||||
# regexp: '^#?PermitRootLogin'
|
||||
# line: 'PermitRootLogin no'
|
||||
|
||||
- name: Update apt
|
||||
apt: update_cache=yes
|
||||
|
||||
- name: Install required system packages
|
||||
apt: name={{ sys_packages }} state=latest
|
||||
|
||||
- name: Restart sshd
|
||||
service:
|
||||
name: sshd.service
|
||||
state: restarted
|
@ -1,55 +0,0 @@
|
||||
- hosts: vpn
|
||||
remote_user: root
|
||||
gather_facts: false
|
||||
vars:
|
||||
create_user: josiah
|
||||
copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/digitalocean.pub') }}"
|
||||
sys_packages: [ 'curl', 'vim', 'git', 'fail2ban', 'mosh', 'dnsutils' ]
|
||||
|
||||
tasks:
|
||||
- name: Make sure we have a 'sudo' group
|
||||
group:
|
||||
name: sudo
|
||||
state: present
|
||||
|
||||
- name: Allow sudo group to have passwordless sudo
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^%sudo'
|
||||
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
|
||||
validate: '/usr/sbin/visudo -cf %s'
|
||||
|
||||
- name: Create a new regular user with sudo privileges
|
||||
user:
|
||||
name: "{{ create_user }}"
|
||||
state: present
|
||||
groups: sudo
|
||||
append: true
|
||||
create_home: true
|
||||
shell: /bin/bash
|
||||
|
||||
- name: Set authorized key for remote user
|
||||
authorized_key:
|
||||
user: "{{ create_user }}"
|
||||
state: present
|
||||
key: "{{ copy_local_key }}"
|
||||
|
||||
|
||||
- name: Disable password authentication for root
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
state: present
|
||||
regexp: '^#?PermitRootLogin'
|
||||
line: 'PermitRootLogin no'
|
||||
|
||||
- name: Update apt
|
||||
apt: update_cache=yes
|
||||
|
||||
- name: Install required system packages
|
||||
apt: name={{ sys_packages }} state=latest
|
||||
|
||||
- name: Restart sshd
|
||||
service:
|
||||
name: sshd.service
|
||||
state: restarted
|
@ -0,0 +1,3 @@
|
||||
create_user: josiah
|
||||
copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/digitalocean.pub') }}"
|
||||
sys_packages: [ 'curl', 'vim', 'git', 'fail2ban', 'mosh', 'dnsutils' ]
|
@ -0,0 +1,6 @@
|
||||
* halo
|
||||
halo hosts my shared services for my tailnet. right now thats just
|
||||
- smokeping
|
||||
- oversearr
|
||||
|
||||
|
@ -0,0 +1,73 @@
|
||||
---
|
||||
# deploy a halo host
|
||||
|
||||
# boot strap server
|
||||
- name: Install aptitude using apt
|
||||
apt: name=aptitude state=latest update_cache=yes force_apt_get=yes
|
||||
|
||||
- name: Install required system packages for docker install
|
||||
apt: name={{ item }} state=latest update_cache=yes
|
||||
loop: [ 'apt-transport-https', 'ca-certificates', 'software-properties-common']
|
||||
|
||||
- name: Add Docker GPG apt Key
|
||||
apt_key:
|
||||
url: https://download.docker.com/linux/debian/gpg
|
||||
state: present
|
||||
|
||||
- name: Add Docker Repository
|
||||
apt_repository:
|
||||
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
||||
state: present
|
||||
|
||||
- name: Add tailscale GPG apt Key
|
||||
apt_key:
|
||||
url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg
|
||||
state: present
|
||||
|
||||
- name: Add tailscsale Repository
|
||||
apt_repository:
|
||||
repo: deb https://pkgs.tailscale.com/stable/debian bullseye main
|
||||
state: present
|
||||
|
||||
- name: Update apt
|
||||
apt: update_cache=yes
|
||||
|
||||
- name: Install required system packages
|
||||
apt: name={{ sys_packages }} state=latest
|
||||
|
||||
- name: add 'josiah' to docker group
|
||||
user:
|
||||
name='josiah'
|
||||
groups=docker
|
||||
append=yes
|
||||
|
||||
- name: install python packages
|
||||
pip:
|
||||
name: ["jsondiff", "docker"]
|
||||
|
||||
# init new swarm, set up
|
||||
- name: Init a new swarm with default parameters
|
||||
docker_swarm:
|
||||
state: present
|
||||
advertise_addr: "100.108.51.49"
|
||||
|
||||
- name: ensure the app folders exist
|
||||
file: state=directory path={{ item }} owner=josiah group=josiah mode=0700
|
||||
loop: [ '/home/josiah/apps/smokeping/', '/home/josiah/apps/smokeping/config/', '/home/josiah/apps/letsencrypt/', '/home/josiah/apps/smokeping/config/', '/home/josiah/apps/smokeping/data' ]
|
||||
|
||||
- name: copy over awful-All config files
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
mode: 0777
|
||||
with_items:
|
||||
- {src: 'halo-compose.yml', dest: '/home/josiah/apps/halo-compose.yml'}
|
||||
- {src: 'traefik.yml', dest: '/home/josiah/apps/traefik.yml'}
|
||||
- {src: 'Targets', dest: '/home/josiah/apps/smokeping/config/Targets'}
|
||||
|
||||
- name: Deploy halo stack
|
||||
docker_stack:
|
||||
state: present
|
||||
name: halo
|
||||
compose:
|
||||
- /home/josiah/apps/halo-compose.yml
|
@ -0,0 +1,213 @@
|
||||
*** Targets ***
|
||||
|
||||
probe = FPing
|
||||
|
||||
menu = Top
|
||||
title = work Latency Grapher
|
||||
remark = Welcome to the SmokePing website of WORKS Company. \
|
||||
Here you will learn all about the latency of our network.
|
||||
|
||||
+ HomeNet
|
||||
menu = HomeNet
|
||||
title = HomeNet
|
||||
|
||||
++ hatchery
|
||||
menu = hatchery
|
||||
title = hatchery
|
||||
host = hatchery.home.jowj.net
|
||||
|
||||
++ hoyden
|
||||
menu = hoyden
|
||||
title = hoyden
|
||||
host = 192.168.1.20
|
||||
|
||||
++ synology-as-1
|
||||
menu = syn-nas
|
||||
title = syn-nas
|
||||
host = storage.home.jowj.net
|
||||
|
||||
++ sainthood
|
||||
menu = sainthood
|
||||
title = sainthood
|
||||
host = sainthood.home.jowj.net
|
||||
|
||||
+ Services
|
||||
menu = Services
|
||||
title = Services
|
||||
|
||||
++ sonarr
|
||||
menu = sonarr
|
||||
title = sonarr
|
||||
host = sonarr.services.jowj.net
|
||||
|
||||
++ readarr
|
||||
menu = readarr
|
||||
title = readarr
|
||||
host = readarr.services.jowj.net
|
||||
|
||||
++ lidarr
|
||||
menu = lidarr
|
||||
title = lidarr
|
||||
host = lidarr.services.jowj.net
|
||||
|
||||
++ radarr
|
||||
menu = radarr
|
||||
title = radarr
|
||||
host = radarr.services.jowj.net
|
||||
|
||||
++ sabnzb
|
||||
menu = sabnzbd
|
||||
title = sabnzbd
|
||||
host = sab.services.jowj.net
|
||||
|
||||
+ AwfulNet
|
||||
menu = AwfulNet
|
||||
title = AwfulNet
|
||||
|
||||
++ matrix
|
||||
menu = matrix
|
||||
title = matrix.awful.club
|
||||
host = matrix.awful.club
|
||||
|
||||
++ awful1
|
||||
menu = awful1
|
||||
title = awful1
|
||||
host = awful-1.awful.club
|
||||
|
||||
|
||||
+ InternetSites
|
||||
|
||||
menu = Internet Sites
|
||||
title = Internet Sites
|
||||
|
||||
++ GoogleSearch
|
||||
menu = Google
|
||||
title = google.com
|
||||
host = google.com
|
||||
|
||||
++ GoogleSearchIpv6
|
||||
menu = Google
|
||||
probe = FPing6
|
||||
title = ipv6.google.com
|
||||
host = ipv6.google.com
|
||||
|
||||
++ linuxserverio
|
||||
menu = linuxserver.io
|
||||
title = linuxserver.io
|
||||
host = linuxserver.io
|
||||
|
||||
+ USA
|
||||
|
||||
menu = North America
|
||||
title = North American Connectivity
|
||||
|
||||
++ MIT
|
||||
|
||||
menu = MIT
|
||||
title = Massachusetts Institute of Technology Webserver
|
||||
host = web.mit.edu
|
||||
|
||||
++ OSUOSL
|
||||
|
||||
menu = Oregon State University Open Source Lab
|
||||
title = Oregon State University Open Source Lab
|
||||
host = osuosl.org
|
||||
|
||||
+ DNS
|
||||
menu = DNS
|
||||
title = DNS
|
||||
|
||||
++ GoogleDNS1
|
||||
menu = Google DNS 1
|
||||
title = Google DNS 8.8.8.8
|
||||
host = 8.8.8.8
|
||||
|
||||
++ GoogleDNS2
|
||||
menu = Google DNS 2
|
||||
title = Google DNS 8.8.4.4
|
||||
host = 8.8.4.4
|
||||
|
||||
++ OpenDNS1
|
||||
menu = OpenDNS1
|
||||
title = OpenDNS1
|
||||
host = 208.67.222.222
|
||||
|
||||
++ OpenDNS2
|
||||
menu = OpenDNS2
|
||||
title = OpenDNS2
|
||||
host = 208.67.220.220
|
||||
|
||||
++ CloudflareDNS1
|
||||
menu = Cloudflare DNS 1
|
||||
title = Cloudflare DNS 1.1.1.1
|
||||
host = 1.1.1.1
|
||||
|
||||
++ CloudflareDNS2
|
||||
menu = Cloudflare DNS 2
|
||||
title = Cloudflare DNS 1.0.0.1
|
||||
host = 1.0.0.1
|
||||
|
||||
++ L3-1
|
||||
menu = Level3 DNS 1
|
||||
title = Level3 DNS 4.2.2.1
|
||||
host = 4.2.2.1
|
||||
|
||||
++ L3-2
|
||||
menu = Level3 DNS 2
|
||||
title = Level3 DNS 4.2.2.2
|
||||
host = 4.2.2.2
|
||||
|
||||
++ Quad9
|
||||
menu = Quad9
|
||||
title = Quad9 DNS 9.9.9.9
|
||||
host = 9.9.9.9
|
||||
|
||||
+ DNSProbes
|
||||
menu = DNS Probes
|
||||
title = DNS Probes
|
||||
probe = DNS
|
||||
|
||||
++ GoogleDNS1
|
||||
menu = Google DNS 1
|
||||
title = Google DNS 8.8.8.8
|
||||
host = 8.8.8.8
|
||||
|
||||
++ GoogleDNS2
|
||||
menu = Google DNS 2
|
||||
title = Google DNS 8.8.4.4
|
||||
host = 8.8.4.4
|
||||
|
||||
++ OpenDNS1
|
||||
menu = OpenDNS1
|
||||
title = OpenDNS1
|
||||
host = 208.67.222.222
|
||||
|
||||
++ OpenDNS2
|
||||
menu = OpenDNS2
|
||||
title = OpenDNS2
|
||||
host = 208.67.220.220
|
||||
|
||||
++ CloudflareDNS1
|
||||
menu = Cloudflare DNS 1
|
||||
title = Cloudflare DNS 1.1.1.1
|
||||
host = 1.1.1.1
|
||||
|
||||
++ CloudflareDNS2
|
||||
menu = Cloudflare DNS 2
|
||||
title = Cloudflare DNS 1.0.0.1
|
||||
host = 1.0.0.1
|
||||
|
||||
++ L3-1
|
||||
menu = Level3 DNS 1
|
||||
title = Level3 DNS 4.2.2.1
|
||||
host = 4.2.2.1
|
||||
|
||||
++ L3-2
|
||||
menu = Level3 DNS 2
|
||||
title = Level3 DNS 4.2.2.2
|
||||
host = 4.2.2.2
|
||||
|
||||
++ Quad9
|
||||
menu = Quad9
|
||||
title = Quad9 DNS 9.9.9.9
|
||||
host = 9.9.9.9
|
@ -0,0 +1,54 @@
|
||||
version: '3'
|
||||
|
||||
networks:
|
||||
gitea:
|
||||
external: false
|
||||
pubnet:
|
||||
external: false
|
||||
|
||||
volumes:
|
||||
traefik_acme:
|
||||
traefik_logs:
|
||||
|
||||
services:
|
||||
traefik:
|
||||
image: "traefik:v2.2"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
environment:
|
||||
DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}"
|
||||
networks:
|
||||
pubnet:
|
||||
volumes:
|
||||
- "/home/josiah/apps/letsencrypt/:/letsencrypt"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
- "/home/josiah/apps/traefik.yml:/etc/traefik/traefik.yml"
|
||||
- traefik_logs:/log
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.edge.rule=hostregexp(`{host:.+}`)"
|
||||
- "traefik.http.routers.edge.entrypoints=web"
|
||||
- "traefik.http.routers.edge.middlewares=redirect-to-https"
|
||||
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||
|
||||
smokeping:
|
||||
image: lscr.io/linuxserver/smokeping:latest
|
||||
networks:
|
||||
pubnet:
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=America/Chicago
|
||||
volumes:
|
||||
- /home/josiah/apps/smokeping/config/:/config
|
||||
- /home/josiah/apps/smokeping/data:/data
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
# global rules
|
||||
- "traefik.enable=true"
|
||||
# the web ui
|
||||
- "traefik.http.routers.freshrss.rule=Host(`monitor.awful.club`)"
|
||||
- "traefik.http.routers.freshrss.entrypoints=websecure"
|
||||
- "traefik.http.routers.freshrss.tls=true"
|
||||
- "traefik.http.routers.freshrss.tls.certresolver=awful-letsencrypt"
|
@ -0,0 +1,37 @@
|
||||
# defaultEntryPoints must be at the top
|
||||
# because it should not be in any table below
|
||||
defaultEntryPoints: ["http", "https"]
|
||||
|
||||
global:
|
||||
checkNewVersion: true
|
||||
sendAnonymousUsage: true
|
||||
api:
|
||||
dashboard: false
|
||||
debug: true
|
||||
insecure: false
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
websecure:
|
||||
address: ":443"
|
||||
|
||||
providers:
|
||||
docker:
|
||||
watch: true
|
||||
swarmMode: false
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
exposedbydefault: false
|
||||
certificatesResolvers:
|
||||
awful-letsencrypt:
|
||||
acme:
|
||||
email: "admin@awful.club"
|
||||
storage: "/letsencrypt/acme.json"
|
||||
# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
dnsChallenge:
|
||||
provider: "digitalocean"
|
||||
log:
|
||||
filePath: "/log/traefik.log"
|
||||
level: DEBUG
|
||||
accessLog:
|
||||
filePath: "/log/access.log"
|
||||
bufferingSize: 100
|
@ -0,0 +1 @@
|
||||
sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip', 'docker', 'ca-certificates', 'curl', 'gnupg', 'lsb-release', 'docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-compose-plugin', 'tailscale']
|
Loading…
Reference in new issue