forked from infra/ansible
Compare commits
1 Commits
Author | SHA1 | Date | |
---|---|---|---|
1effca7820 |
|
@ -44,7 +44,6 @@ icinga_domain: icinga.binary.kitchen
|
|||
icinga_dbname: icinga
|
||||
icinga_dbuser: icinga
|
||||
icinga_dbpass: "{{ vault_icinga_dbpass }}"
|
||||
icinga_server: nabia.binary.kitchen
|
||||
icingaweb_dbname: icingaweb
|
||||
icingaweb_dbuser: icingaweb
|
||||
icingaweb_dbpass: "{{ vault_icingaweb_dbpass }}"
|
||||
|
@ -73,15 +72,12 @@ mail_server: mail.binary-kitchen.de
|
|||
mailman_domain: lists.binary-kitchen.de
|
||||
mail_trusted:
|
||||
- 213.166.246.0/28
|
||||
- 213.166.246.37/32
|
||||
- 213.166.246.45/32
|
||||
- 213.166.246.250/32
|
||||
- 2a02:958:0:f6::/124
|
||||
- 2a02:958:0:f6::37/128
|
||||
- 2a02:958:0:f6::45/128
|
||||
mail_aliases:
|
||||
- "auweg@binary-kitchen.de venti@binary-kitchen.de,anti@binary-kitchen.de,anke@binary-kitchen.de,gruenewald.clemens@gmail.com"
|
||||
- "bbb@binary-kitchen.de timo.schindler@binary-kitchen.de"
|
||||
- "dasfilament@binary-kitchen.de taxx@binary-kitchen.de"
|
||||
- "epvpn@binary-kitchen.de noby@binary-kitchen.de"
|
||||
- "google@binary-kitchen.de vorstand@binary-kitchen.de"
|
||||
|
@ -92,9 +88,8 @@ mail_aliases:
|
|||
- "openhab@binary-kitchen.de noby@binary-kitchen.de"
|
||||
- "orga@ccc-r.de orga@ccc-regensburg.de"
|
||||
- "orga@ccc-regensburg.de anti@binary-kitchen.de"
|
||||
- "paypal@binary-kitchen.de ralf@binary-kitchen.de"
|
||||
- "paypal@binary-kitchen.de timo.schindler@binary-kitchen.de"
|
||||
- "post@makerspace-regensburg.de vorstand@binary-kitchen.de"
|
||||
- "pretix@binary-kitchen.de moepman@binary-kitchen.de"
|
||||
- "root@binary-kitchen.de moepman@binary-kitchen.de,kishi@binary-kitchen.de"
|
||||
- "seife@binary-kitchen.de anke@binary-kitchen.de"
|
||||
- "siebdruck@binary-kitchen.de anke@binary-kitchen.de"
|
||||
|
@ -135,11 +130,13 @@ nslcd_base_group: ou=groups,dc=binary-kitchen,dc=de
|
|||
nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de
|
||||
nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de
|
||||
|
||||
pretix_domain: pretix.events.binary-kitchen.de
|
||||
omm_domain: omm.binary.kitchen
|
||||
|
||||
pretix_domain: pretix.rc3.binary-kitchen.de
|
||||
pretix_dbname: pretix
|
||||
pretix_dbuser: pretix
|
||||
pretix_dbpass: "{{ vault_pretix_dbpass }}"
|
||||
pretix_mail: pretix@binary-kitchen.de
|
||||
pretix_mail: rc3@binary-kitchen.de
|
||||
|
||||
prometheus_pve_user: prometheus@pve
|
||||
prometheus_pve_pass: "{{ vault_prometheus_pve_pass }}"
|
||||
|
|
|
@ -1,102 +1,84 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
34313430623638333161613331623835666163626232326164366136373833633138373733333231
|
||||
6563336334663666373235313064363364646361643033310a663033616232363434306230313765
|
||||
31386338646433393334663031623261353661333565663763363834313264363463383562633934
|
||||
3663623932356635360a306231613431623763663130656634623365643730336564663862336536
|
||||
34663863313364613831656162663663646634636432656539643531326163653363376662393935
|
||||
61343934313135623265646539616136306231633566616534383562393964663565323534386162
|
||||
31646233313339383863313334353031386166653264353831383133633761306539636533656336
|
||||
37643866646538316234633736613136356166613037383638303465663639633432326533653832
|
||||
30313862646132393063393239656561646566336362643466386435613734623632613361323266
|
||||
64316166313635306631396166303132626139386563613231646439356637393662623530353261
|
||||
62326661663064393362653136346262313762376130623461313563613161623838356363306263
|
||||
38376438333632623962646535313239343038383030383736313536303935346236326631616632
|
||||
65376162613630343064356361336535623030316435333036363635623461626330663635653631
|
||||
61313435373839366363613338666630366333383962393734333662646239663237386437373333
|
||||
31373065336139643033643666653737306664626134643937343264646539616264393530343462
|
||||
38366232393832666439383066383738643966363132663832396562646238306638343266353934
|
||||
38396236373830303661336635646137306236386436343033383764666535323834313534346533
|
||||
35333665303534383634303732346164616666643731313839353462343365356338386561613231
|
||||
35333965353736386531356565376434393563653562373261633664623438346638613765303736
|
||||
65336230636539613332616433326335326436333136636566383731306437663438306636363930
|
||||
31376230353230613038636662623432646361383263663532396234656133333237333738666233
|
||||
61613961343963393437393664393265306564373164316265363232303831663331393130356662
|
||||
39313230616463636163386261353431356338353833393161313861643137646166363864313861
|
||||
64306161653565396339656333346235346365373836373633376231333833313034353864656434
|
||||
33623861326664356339336333663365663663353061323037346330653133396235363831623136
|
||||
63343662356235633332373733626232353437373263343038663932636232363030336436616131
|
||||
65376436663962363631386664353531303963313263633261633766326566383262643334646466
|
||||
65363664306332656134633039643135323134616535613834313533626633353066343762646132
|
||||
31353761373366313365373632366661646235333039656231323030366338326264333162646562
|
||||
39343265376234363635306537636464323030316231306564316635656563303565336539326237
|
||||
36393632386564343730616566373535616263383564343866353665373363363333343935346464
|
||||
31646338353235356231353135663062323766663231383730396235373934303465346239303961
|
||||
66646463663762633963336365356431323431383938373839346364303464633031633633663937
|
||||
36646165633661633361313635393134646133363334373863663132376266336233336435356435
|
||||
38303862613564363731313062316533633465353830316436326431656132353431373231646337
|
||||
33343464353039623236643633636239343965643633343966326562343934313664633563613730
|
||||
63313930643936393838636634613331633835656434646163386661663037376330646366656232
|
||||
32623461633935353134343533626266653031666335336236343039363066396337633639363235
|
||||
38626233383461356264616534656537633931663936383330386532363434383833613835613439
|
||||
64306262626539623136376630646439353335623266306139306434663331346237306331666533
|
||||
37363433343433363632336333633065313865626564633134616462393831626237333638333739
|
||||
61623030386235666132666661623462323332393666623539636139326530623233396533373939
|
||||
32396261306661663739333138353335663734316232303661353166376133653934306233343739
|
||||
33353833323739343163396234633264373139346264653933633433393132363966636135393365
|
||||
36363530396166363630643764633436663037666631343535366132373334663938333930396133
|
||||
36303864303961333664653635343935353266396231313964646262363038626561653466646438
|
||||
62306434373136393738303835656130333936663430636139383137633536383131616533613634
|
||||
62343464636332343031326365383964326666636466666636663236633935356635336435313437
|
||||
33626137326238356537353762613164653731326563663239316537646338643131643564663632
|
||||
33353536383265303030343735616530666236343064323337623232396130393366363161356636
|
||||
61333862313432323139313963386538393365373335373139353533356537383739373539646134
|
||||
37623936653933326633643961313530663533326532383133353238303336643432353833393338
|
||||
31633065666336373236386537636536326236636639376465346136326535653764373131636135
|
||||
61393932643639383234396163326633393733616563343637613661326432623461393934653965
|
||||
32643162386238316261633733613366323834393365633430643964666262306339633766613533
|
||||
65366264313431333132303063393564383062346365633133383463376631303933643065613137
|
||||
61383231393339363465363064633862633135326536663163366234623764626439346461303164
|
||||
32373738636533306362333138643832643862656239303464373434303537653336646430356633
|
||||
36626436356231616166666163346539633738623734343031373735346165303664346137343132
|
||||
31663230343934333138656333626339623133323630336266353831653135616363333432616361
|
||||
33613236623538333663366136656563663331366237303763653238336139363163366635646532
|
||||
37316430623433336436376462656331373336303831393333626166346135333737326435353834
|
||||
37636162646438313162303462633830353239623565393331316662616535343138613437653665
|
||||
31316563346234633031653131666531333266306139346566383263303835343532363633373665
|
||||
30336462626434393063343234356633636433356164363163363564383263623364386435383239
|
||||
33323738366534633730666436303433343731306662393863323633653263316138386365376666
|
||||
35316365303361623030383836316436323663646464386231346432396563663133643834383636
|
||||
61326534313237316130393538613834656231303732656163346237643535663239366536636633
|
||||
36306137616664623735613966343264653932363035373336636465323163393539363064386562
|
||||
31626138316163393466323333613530376265386136376330636364363166323061383034623336
|
||||
38643166363864383264373665323238326232376633653565356536376466303834313733613531
|
||||
65333734353036303935333533306334306231373731353463346461353930316562316439356562
|
||||
38336435366335333230323766626134376131323435323735653736336662313962393766383435
|
||||
39323734643037643066363338373332653830393337306633336131663131616164336536393837
|
||||
35383366316130343162663231343763373331613261393566366133346564636334643464373535
|
||||
37633536323531613831656662323263316630623061383930363637346438623735383430366538
|
||||
39303961326461323661346630313636643531303265393461373036306435353863643036623665
|
||||
66333965303032653537613232633162303138343632396134336130333430636666376430323466
|
||||
61323535313463653866666265313765623831376633666534623033643063386231623238656439
|
||||
63323166373764306162613233323466366363666535643339646361306638343762393834343131
|
||||
31393437373733343138306563363032353831616334383631656266346131303161633265343461
|
||||
62343234383936303664643234323665343635626435613766343737396564656137393061666165
|
||||
66313531666562303030323764356632626233333432343461393362303563643661336335366339
|
||||
62346366643835303563646161366434386532363265313531303634336136653062613464376138
|
||||
66336333623565623263363561303537303337623137656430353830353937323265313837333237
|
||||
62343132326665326130376566626661366534353335366532623539303536323762646462306261
|
||||
63383133633462376162316338663765393933663536663239636439643733376434333030616131
|
||||
63326332336563326232346430643534336133376334646635653862333133306135666132353839
|
||||
37336136346464363365633262623630343463343035666161626665663030346533303266313837
|
||||
32323566393630626566393334353832383235626161343532323930656430343739663432333866
|
||||
62663136333637663563366536303437363964666638326134373766313837383431663733383630
|
||||
63336432656239393465353666383131326536643531663337396234396663373432303163653331
|
||||
33626237386237626433653637313835376632613131663235353037336231613134633065323035
|
||||
31366531343131303937663561336262623062313961366233633430323639383332656236363535
|
||||
35353639633366366439666532326539666230323338643931383264306436386634316331393133
|
||||
33393963303734303037353139356436313036343766646131333735356266333434333039363339
|
||||
62396231303137303236626439633331306663313630653437363733656130653863646537316536
|
||||
39346233633436323565363466653862333630633030666136613237333663643339306334613532
|
||||
63343565393632353138616637356339623639373135636334333130323032346536626465323430
|
||||
63383363313338636466316464303039633236343038613734633632633234313837656436663137
|
||||
62643130383463333137363537646233613366653664613137623130333330636362
|
||||
35323963326634353430373361636231303663373264616131356530663738306563303332363762
|
||||
3436613664633530623163353436323035346463623737390a383665663266313338356361626161
|
||||
39643939393939333361663434353237633861303032323730336661633663373636326432663135
|
||||
3430313238313836610a343432396536316462313230656236366363343034383732646163626231
|
||||
30643132316365613664333834356630666336633635373037326162646538333062363237363465
|
||||
30303632303339616166323932303865313766316436623232633335613263323437633331346133
|
||||
64633161383236346536616231333634626466373232366265333062306635663631663565666531
|
||||
30653633643430356164386364386336323162383164663639323430343239333366306161336365
|
||||
39663663343037396566366363353461656330353636306162626639663137666136306235656165
|
||||
66613338623232316336323830303830383364396537633161373032323739316131336431313035
|
||||
63346662366562656638363961613263363134646131623436316463326265646138323238303437
|
||||
31363734376333343961356137373764656534363437316633656665616430323231383563633766
|
||||
30653565373563376664303133653665356264363735333939646339653735633765306261633836
|
||||
31313465323238316263343166646132356333373033616361333532623564336338373838303536
|
||||
65333962636161633038353135303466353839663833626530616635666337346161623635383963
|
||||
66636230393331316239616434613265343139636632396630656630623662306464633162366139
|
||||
35646332623137643130373738336265623930376165343238626233356235613434636564313939
|
||||
34636266383536383936313263373538666165633163396635313365616339303264663566316234
|
||||
65353262313062653061326239363266333637316362366539616136373062313764316330663138
|
||||
64343337356133643163383864343962623237316230343763653838613738393739343131323835
|
||||
38623063626531613764356265376230336530326364643635383438363463333931333461393563
|
||||
37343231366165616666376664653633616332346661383935393435653934336562343531323664
|
||||
38396233306266623361636566663262393336343434383532393336343533653364666264306463
|
||||
66393234376137643761396635626337656465383066303863383535636363336463343234363361
|
||||
61626365633639643237336464653666396131343535636431636438343265663138346631316335
|
||||
63343136656131653039396539323231663730316134306432613034363635343230353361616338
|
||||
34303931343866343831623333386533313733613663363565313666353139356265333461336237
|
||||
34643265623739376565663039343638343839633362303035386562333264333438313835393039
|
||||
39376266643831343561653832353266313461363738663533383935376234636338343734353731
|
||||
36396634316561336363633339653566323134306430373536613763303763653764336237633465
|
||||
39313562373062666566663437386538663733643261656361346364393935613638393464663062
|
||||
31643035356630363630363532353137626431643366383437663437333761613062363663633832
|
||||
30663331333036653362646164313134316136663839386464353731303065376634313138656337
|
||||
34306234303233613136353661643436666538623634323137343861346165333730303430386237
|
||||
39313762313339356430303934343837336230303231613266643231376634333739353366333139
|
||||
39393436366339616166393530313862303961353131646163306633386637376634363534363461
|
||||
31363634653638633334346334613061333234633061343732363330363636656333316366383838
|
||||
39343234616461656432653836623233343965636432616630313037366535366131393033383063
|
||||
31343038646162616666613264363738366434613939333536656534336339326537366435383263
|
||||
66376638376133303136346663386561336239643465376336633665656563666133666165323633
|
||||
30613032343735653231356663333033653436393331653133646162333531613930316635356533
|
||||
38663830383463663366393034656638643136383261373332383636333331396639346361376334
|
||||
32333633316433616664643662636634323038306664663538386330356261323461396264323635
|
||||
66376133666434363932353762663461333861376139323439653431663638343362326166336133
|
||||
37396532306135386661353665356562363135656338333261386437376431363663383662303339
|
||||
30343534393965646231303037366435333238343931393036616364643631333163336331396364
|
||||
39303766363938383831316531303265383236646334616365613732643134366338366438623266
|
||||
61346132623333343933373666363937376332653766313463333132626466373763346330613433
|
||||
37383631656662386164633566376235366465663531383134613139656330313561633030643139
|
||||
31646264316533303638303939656539663936306465656366303761343335383562366238316332
|
||||
36623265383739376332393565386436653934316438313631626333343234656564623335386133
|
||||
64363538396631363538653361373138393637326533386239353532316531376166313265303463
|
||||
66306637383237303236306264373831636636643766383565326230313165356337633662663832
|
||||
39666464646365313536633539366330333938643431633136643166336566343137653066343735
|
||||
38653037346332373139356439656436366339323431626331636538346639303034323231663034
|
||||
36626536343236326439653665323563326431386462666331386163623232333661613437313865
|
||||
65363237643266393866363761316534666537616633393863366562666539633761613465616436
|
||||
30346435363431393261336361333564313537353564333136633866643466353261666430376130
|
||||
66333765306162666361393133636661393766333733363033663739646633303561623662316231
|
||||
61653332346361363565343466363339323064313537343537396637343730653563653734313337
|
||||
38316334376136636365373338313362313836613666643034343964353236313433303330366332
|
||||
66356562643636353465343133323462313465653434383835636535666135363438653833623836
|
||||
32636638313635326537336633656162346166303262386232613366366639326338316638656230
|
||||
65613763353031386537333332363736636236623561323036623864313830316661633362613164
|
||||
64356161376234666535393961376138656632653266306434343335373734663265383537326234
|
||||
35636131303133666366326434323832633865626538333864653236343135383636373437303864
|
||||
38663339666262373063643162343037343537383235326633623165396539633161303862623938
|
||||
32663433396637643765363837316439363863386162316363633136633232643635363166646534
|
||||
61366665356238653764623237613861323139366638633432343137336438316237333030613431
|
||||
37323463636162333231303234383831333138306163643630633335383465313737383832646161
|
||||
33643637373037666562366536383662663737373962373937633839633933323738366236323361
|
||||
63663330346436343232616364353261613635646339333062643038363634623561623163643932
|
||||
65306466363464376336353965633535356437333237666161383465393631333963393030316663
|
||||
62343564383838383938646338383466383533646539336239323064383565333834396535396634
|
||||
30616131643463663235636334613165343133646562656537396334623234383734396131643930
|
||||
66373765333538643661386435666166633438383035663563333339663536663137393162343865
|
||||
39326463316133343331633137363365653366643439613062633665633132633036333337323935
|
||||
31393665623938316230653936353966396539353730353364346434646434616636663563336666
|
||||
32623861363864383430356236396366616361326334656639613061636239306663626435636435
|
||||
36316135633739313364336634376635303131616239666262613230666165636533613935643664
|
||||
35356538613062646635336332613635643135396665376439323331386163356631383531376230
|
||||
36386661326362633833333133356366633264353061356665353131323737303339396333613763
|
||||
386531643264353562356563663961626139
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
|
||||
root_keys_host:
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkXY3fQFMG7LkTBWtBNY7q7RCwb/R4Z8Y96e3pToddfXbtmtVxMZfd6hC+3kGt3NnPYDFmZf/RXblNBPwL/n8bEjA0bmfU60LMjFT0mG99bLU+5CgDxaSf34jzgtzLbHKqeSYxNpXNebbDZRw+cxuDjxJ+lYbc/hNQTy6hqKXUSQ25LAqplKVYbxlPWPxxKnJCvWj2pCdJGj1EK/Y+saafNOhA7uEPNt8HtWWNMhxNi+P9OkkLpYqRM8V0miR7aAYOY+RllMn+H5DIJg2gk319AHhlBDP7NXd/tmWg+bI7xYPDe9Q6gMrV8OnQmuNjWsLNhp8ktwQxpsv71t6ztXLpceIkV9yfDSeBpZG5QnsMOy/ua91S6hmMg4bIEBsqkPUYEwEIDFaV0TrlKeXMkU+ovthZnw0CWgV5KEWDHtuGu8nBBpks/geclh+0yqeFEaacnlTTNEhvCcp7vOsqDJnZSn1L4O6C+u/A4NJGRH7XQMWrXBdeTVIT9KLsdZJsoPIH8BRaw/qOYPY6wZzHcLvrsayUBBiiLDIN1lE/3OV70dKX7F0Q7hyl8o9EoGdEYnGBonWGC58hroiAE4FTVdWLKtHzHSG2AdTWf53sJzGVEh5swm44KD/Dh52bE4YjUxC0b68Twb3/L1QpH8KZNUVEcRNmiRshefMPSXbPv3bNzc= 20170818Tobias@Teubl.de"
|
||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa tom"
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
|
||||
acertmgr_mode: standalone
|
|
@ -4,4 +4,3 @@ grafana_domain: zelle.binary-kitchen.de
|
|||
|
||||
root_keys_host:
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAib/9jl5oDkCF0g9Z2m0chruxA779TmQLy9nYFWq5qwxhCrBwgPBsHjyYJoA9vE6o+MB2Uc76hPNHxrY5WqOp+3L6z7B8I7CDww8gUBcvLXWFeQ8Qq5jjvtJfT6ziIRlEfJBHn7mQEZ6ekuOOraWXSt7EVJPYcTtSz/aqbSHNF6/iYLqK/qJQdrzwKF8aMbJk9+68XE5pPTyk+Ak9wpFtiKA+u1b0JAJr2Z0nZGVpe+QlMkgwysjcJik+ZOFfVRplJQSn7lEnG5tkKxySb3ewaTCmk5nkeV40ETiyXs6DGxw0ImVdsAZ2gjBlCVMUhiCgznREzGmlkSTQSPw7f62edw== venti"
|
||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0Wq37DP89UO6MiJvvRbsXEcEV9d5/JJb7K2R0WHsHa tom"
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
|
||||
root_keys_host:
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMJDyq3veSnK+6hSw+Ml6lvTQTPC6vRFqtDXvPBnOtId8F9+/N0ADcPa5UTesnTkQgSAY7WpSoN5D6clYzdcPR55e5WZwZfMSkX14D7v7mrGxUcE4HshTorfEYv5XBd11Tvu0ruMdxlFQ+VFHkZIF305xgyx32INA3zUfnhzHJlKEdIAy8iSbERUV+X5kB59aep6xSpitCHJtsTT5Ky+EsvAhndKB5hDBuwVVr0+Sg5PypeTQ4zzWFyR6DFBEvyEj6bs/pQff9WxSRIXEuLffXOXdRLGHWqX7PfhWcH9WNH55WT7ZKCMGVuG4kYLkZ633c296ISg9q0eNKn99oHuwvzVg/wV3wndHINE+iUKKJjaRUpDUwd9DftFqMbFGATpf8en6KPs/7bgZUGACIfDO6Uy59V75cntiMFZc+BnnpV2qLVBFFD5ClRBCRdqH5D0px+jpuQFo9EUhggL4jzlj9wQf26zv0E4zSGTqbM1jfO3zcXlxSjg3H3Og2GAO5fCQiodpsqkW9Hby/p4s5l+P97tlVlgapnZlSA/1em4lmYshmRk/9scN8PMSXfW9uhncv9qXqp0ypEqEuNfj5u/1Eu8zmayIA9V23xyPn92LMT6MP2BB1kC7jeAXfXHdKBhTYW6bLQJKMs9nypH6RODK1fb9JlIrB61ZDJ9L5K++o2Q== noby"
|
4
hosts
4
hosts
|
@ -12,9 +12,8 @@ bob.binary.kitchen ansible_host=172.23.2.37
|
|||
bowle.binary.kitchen ansible_host=172.23.2.62
|
||||
salat.binary.kitchen ansible_host=172.23.9.61
|
||||
[auweg]
|
||||
weizen.binary.kitchen ansible_host=172.23.12.61
|
||||
aeron.binary.kitchen ansible_host=172.23.13.3
|
||||
lock-auweg.binary.kitchen ansible_host=172.23.13.12
|
||||
weizen.binary.kitchen ansible_host=172.23.12.61
|
||||
[fan_rz]
|
||||
helium.binary-kitchen.net
|
||||
lithium.binary-kitchen.net
|
||||
|
@ -26,7 +25,6 @@ oxygen.binary-kitchen.net
|
|||
fluorine.binary-kitchen.net
|
||||
neon.binary-kitchen.net
|
||||
sodium.binary-kitchen.net
|
||||
magnesium.binary-kitchen.net
|
||||
krypton.binary-kitchen.net
|
||||
yttrium.binary-kitchen.net
|
||||
zirconium.binary-kitchen.net
|
||||
|
|
|
@ -44,8 +44,3 @@
|
|||
- name: Enable vhosts
|
||||
file: src=/etc/nginx/sites-available/dss dest=/etc/nginx/sites-enabled/dss state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ dss_domain }}"
|
||||
|
|
|
@ -6,6 +6,3 @@ logrotate_excludes:
|
|||
- "/etc/logrotate.d/dbconfig-common"
|
||||
- "/etc/logrotate.d/btmp"
|
||||
- "/etc/logrotate.d/wtmp"
|
||||
|
||||
sshd_password_authentication: "no"
|
||||
sshd_permit_root_login: "prohibit-password"
|
||||
|
|
|
@ -6,9 +6,6 @@
|
|||
- name: Restart journald
|
||||
service: name=systemd-journald state=restarted
|
||||
|
||||
- name: Restart sshd
|
||||
service: name=sshd state=restarted
|
||||
|
||||
- name: update-grub
|
||||
command: update-grub
|
||||
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
name:
|
||||
- apt-transport-https
|
||||
- dnsutils
|
||||
- fdisk
|
||||
- gnupg2
|
||||
- htop
|
||||
- less
|
||||
|
@ -102,12 +101,3 @@
|
|||
regexp: "rotate [0-9]+"
|
||||
replace: "rotate 7"
|
||||
loop: "{{ logrotateconfigpaths }}"
|
||||
|
||||
- name: Configure ssh password login
|
||||
template:
|
||||
src: sshd_config.j2
|
||||
dest: /etc/ssh/sshd_config
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Restart sshd
|
||||
|
|
|
@ -1,123 +0,0 @@
|
|||
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
|
||||
|
||||
# This is the sshd server system-wide configuration file. See
|
||||
# sshd_config(5) for more information.
|
||||
|
||||
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
|
||||
|
||||
# The strategy used for options in the default sshd_config shipped with
|
||||
# OpenSSH is to specify options with their default value where
|
||||
# possible, but leave them commented. Uncommented options override the
|
||||
# default value.
|
||||
|
||||
Include /etc/ssh/sshd_config.d/*.conf
|
||||
|
||||
#Port 22
|
||||
#AddressFamily any
|
||||
#ListenAddress 0.0.0.0
|
||||
#ListenAddress ::
|
||||
|
||||
#HostKey /etc/ssh/ssh_host_rsa_key
|
||||
#HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
#HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
|
||||
# Ciphers and keying
|
||||
#RekeyLimit default none
|
||||
|
||||
# Logging
|
||||
#SyslogFacility AUTH
|
||||
#LogLevel INFO
|
||||
|
||||
# Authentication:
|
||||
|
||||
#LoginGraceTime 2m
|
||||
PermitRootLogin {{ sshd_permit_root_login }}
|
||||
#StrictModes yes
|
||||
#MaxAuthTries 6
|
||||
#MaxSessions 10
|
||||
|
||||
#PubkeyAuthentication yes
|
||||
|
||||
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
|
||||
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
|
||||
|
||||
#AuthorizedPrincipalsFile none
|
||||
|
||||
#AuthorizedKeysCommand none
|
||||
#AuthorizedKeysCommandUser nobody
|
||||
|
||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
||||
#HostbasedAuthentication no
|
||||
# Change to yes if you don't trust ~/.ssh/known_hosts for
|
||||
# HostbasedAuthentication
|
||||
#IgnoreUserKnownHosts no
|
||||
# Don't read the user's ~/.rhosts and ~/.shosts files
|
||||
#IgnoreRhosts yes
|
||||
|
||||
# To disable tunneled clear text passwords, change to no here!
|
||||
PasswordAuthentication {{ sshd_password_authentication }}
|
||||
#PermitEmptyPasswords no
|
||||
|
||||
# Change to yes to enable challenge-response passwords (beware issues with
|
||||
# some PAM modules and threads)
|
||||
ChallengeResponseAuthentication no
|
||||
|
||||
# Kerberos options
|
||||
#KerberosAuthentication no
|
||||
#KerberosOrLocalPasswd yes
|
||||
#KerberosTicketCleanup yes
|
||||
#KerberosGetAFSToken no
|
||||
|
||||
# GSSAPI options
|
||||
#GSSAPIAuthentication no
|
||||
#GSSAPICleanupCredentials yes
|
||||
#GSSAPIStrictAcceptorCheck yes
|
||||
#GSSAPIKeyExchange no
|
||||
|
||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||
# and session processing. If this is enabled, PAM authentication will
|
||||
# be allowed through the ChallengeResponseAuthentication and
|
||||
# PasswordAuthentication. Depending on your PAM configuration,
|
||||
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||
# the setting of "PermitRootLogin without-password".
|
||||
# If you just want the PAM account and session checks to run without
|
||||
# PAM authentication, then enable this but set PasswordAuthentication
|
||||
# and ChallengeResponseAuthentication to 'no'.
|
||||
UsePAM yes
|
||||
|
||||
#AllowAgentForwarding yes
|
||||
#AllowTcpForwarding yes
|
||||
#GatewayPorts no
|
||||
X11Forwarding yes
|
||||
#X11DisplayOffset 10
|
||||
#X11UseLocalhost yes
|
||||
#PermitTTY yes
|
||||
PrintMotd no
|
||||
#PrintLastLog yes
|
||||
#TCPKeepAlive yes
|
||||
#PermitUserEnvironment no
|
||||
#Compression delayed
|
||||
#ClientAliveInterval 0
|
||||
#ClientAliveCountMax 3
|
||||
#UseDNS no
|
||||
#PidFile /var/run/sshd.pid
|
||||
#MaxStartups 10:30:100
|
||||
#PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
#VersionAddendum none
|
||||
|
||||
# no default banner path
|
||||
#Banner none
|
||||
|
||||
# Allow client to pass locale environment variables
|
||||
AcceptEnv LANG LC_*
|
||||
|
||||
# override default of no subsystems
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
|
||||
# Example of overriding settings on a per-user basis
|
||||
#Match User anoncvs
|
||||
# X11Forwarding no
|
||||
# AllowTcpForwarding no
|
||||
# PermitTTY no
|
||||
# ForceCommand cvs server
|
|
@ -1,10 +1,4 @@
|
|||
---
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=yes
|
||||
|
||||
- name: Restart coturn
|
||||
service: name=coturn state=restarted
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /usr/bin/acertmgr
|
||||
|
|
|
@ -3,28 +3,6 @@
|
|||
- name: Install coturn
|
||||
apt: name=coturn
|
||||
|
||||
- name: Create coturn service override directory
|
||||
file: path=/etc/systemd/system/coturn.service.d state=directory
|
||||
|
||||
- name: Configure coturn service override
|
||||
template: src=coturn.override.j2 dest=/etc/systemd/system/coturn.service.d/override.conf
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart coturn
|
||||
|
||||
- name: Create gitea directories
|
||||
file: path={{ item }} state=directory owner=turnserver
|
||||
with_items:
|
||||
- /etc/turnserver
|
||||
- /etc/turnserver/certs
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/turnserver/certs/{{ coturn_realm }}.key -out /etc/turnserver/certs/{{ coturn_realm }}.crt -days 730 -subj "/CN={{ coturn_realm }}" creates=/etc/turnserver/certs/{{ coturn_realm }}.crt
|
||||
|
||||
- name: Configure certificate manager
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ coturn_realm }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure coturn
|
||||
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
||||
with_items:
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
|
||||
{{ coturn_realm }}:
|
||||
- path: /etc/turnserver/certs/{{ coturn_realm }}.key
|
||||
user: turnserver
|
||||
group: turnserver
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service coturn restart'
|
||||
- path: /etc/turnserver/certs/{{ coturn_realm }}.crt
|
||||
user: turnserver
|
||||
group: turnserver
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service coturn restart'
|
|
@ -1,2 +0,0 @@
|
|||
[Service]
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
@ -15,7 +15,7 @@
|
|||
# Note: actually, TLS & DTLS sessions can connect to the
|
||||
# "plain" TCP & UDP port(s), too - if allowed by configuration.
|
||||
#
|
||||
listening-port=443
|
||||
#listening-port=3478
|
||||
|
||||
# TURN listener port for TLS (Default: 5349).
|
||||
# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
|
||||
|
@ -27,7 +27,7 @@ listening-port=443
|
|||
# TLS version 1.0, 1.1 and 1.2.
|
||||
# For secure UDP connections, Coturn supports DTLS version 1.
|
||||
#
|
||||
tls-listening-port=443
|
||||
#tls-listening-port=5349
|
||||
|
||||
# Alternative listening port for UDP and TCP listeners;
|
||||
# default (or zero) value means "listening port plus one".
|
||||
|
@ -125,10 +125,7 @@ tls-listening-port=443
|
|||
#
|
||||
# By default, this value is empty, and no address mapping is used.
|
||||
#
|
||||
external-ip={{ ansible_default_ipv4.address }}
|
||||
{% if ansible_default_ipv6.address is defined %}
|
||||
external-ip={{ ansible_default_ipv6.address }}
|
||||
{% endif %}
|
||||
#external-ip=60.70.80.91
|
||||
#
|
||||
#OR:
|
||||
#
|
||||
|
@ -402,17 +399,17 @@ realm={{ coturn_realm }}
|
|||
# Uncomment if no TCP client listener is desired.
|
||||
# By default TCP client listener is always started.
|
||||
#
|
||||
#no-tcp
|
||||
no-tcp
|
||||
|
||||
# Uncomment if no TLS client listener is desired.
|
||||
# By default TLS client listener is always started.
|
||||
#
|
||||
#no-tls
|
||||
no-tls
|
||||
|
||||
# Uncomment if no DTLS client listener is desired.
|
||||
# By default DTLS client listener is always started.
|
||||
#
|
||||
#no-dtls
|
||||
no-dtls
|
||||
|
||||
# Uncomment if no UDP relay endpoints are allowed.
|
||||
# By default UDP relay endpoints are enabled (like in RFC 5766).
|
||||
|
@ -749,6 +746,6 @@ mobility
|
|||
|
||||
# Do not allow an TLS/DTLS version of protocol
|
||||
#
|
||||
#no-tlsv1
|
||||
#no-tlsv1_1
|
||||
#no-tlsv1_2
|
||||
no-tlsv1
|
||||
no-tlsv1_1
|
||||
no-tlsv1_2
|
||||
|
|
|
@ -106,7 +106,7 @@ subnet 172.23.13.0 netmask 255.255.255.0 {
|
|||
|
||||
# Users Auweg
|
||||
subnet 172.23.14.0 netmask 255.255.255.0 {
|
||||
option routers 172.23.14.1;
|
||||
option routers 172.23.3.1;
|
||||
ddns-domainname "users.binary.kitchen";
|
||||
option domain-search "binary.kitchen", "users.binary.kitchen";
|
||||
pool {
|
||||
|
@ -119,7 +119,7 @@ subnet 172.23.14.0 netmask 255.255.255.0 {
|
|||
|
||||
# MQTT Auweg
|
||||
subnet 172.23.15.0 netmask 255.255.255.0 {
|
||||
option routers 172.23.15.1;
|
||||
option routers 172.23.4.1;
|
||||
pool {
|
||||
{% if dhcpd_failover == true %}
|
||||
failover peer "failover-partner";
|
||||
|
@ -157,23 +157,13 @@ host ap06 {
|
|||
fixed-address ap06.binary.kitchen;
|
||||
}
|
||||
|
||||
host ap11 {
|
||||
hardware ethernet 18:64:72:c6:c2:0c;
|
||||
fixed-address ap11.binary.kitchen;
|
||||
}
|
||||
|
||||
host ap12 {
|
||||
hardware ethernet 18:64:72:c6:c4:98;
|
||||
fixed-address ap12.binary.kitchen;
|
||||
}
|
||||
|
||||
host bowle {
|
||||
hardware ethernet ac:1f:6b:25:16:b6;
|
||||
fixed-address bowle.binary.kitchen;
|
||||
}
|
||||
|
||||
host cannelloni {
|
||||
hardware ethernet b8:27:eb:18:5c:11;
|
||||
hardware ethernet 00:10:f3:15:88:ac;
|
||||
fixed-address cannelloni.binary.kitchen;
|
||||
}
|
||||
|
||||
|
@ -182,6 +172,11 @@ host fusilli {
|
|||
fixed-address fusilli.binary.kitchen;
|
||||
}
|
||||
|
||||
host garlic {
|
||||
hardware ethernet b8:27:eb:56:2b:7c;
|
||||
fixed-address garlic.binary.kitchen;
|
||||
}
|
||||
|
||||
host habdisplay1 {
|
||||
hardware ethernet b8:27:eb:b6:62:be;
|
||||
fixed-address habdisplay1.mqtt.binary.kitchen;
|
||||
|
@ -203,7 +198,7 @@ host lock {
|
|||
}
|
||||
|
||||
host maccaroni {
|
||||
hardware ethernet b8:27:eb:f5:9e:a1;
|
||||
hardware ethernet b8:27:eb:18:5c:11;
|
||||
fixed-address maccaroni.binary.kitchen;
|
||||
}
|
||||
|
||||
|
@ -223,7 +218,7 @@ host mpcnc {
|
|||
}
|
||||
|
||||
host noodlehub {
|
||||
hardware ethernet b8:27:eb:56:2b:7c;
|
||||
hardware ethernet b8:27:eb:eb:e5:88;
|
||||
fixed-address noodlehub.binary.kitchen;
|
||||
}
|
||||
|
||||
|
@ -238,7 +233,7 @@ host pizza {
|
|||
}
|
||||
|
||||
host spaghetti {
|
||||
hardware ethernet b8:27:eb:eb:e5:88;
|
||||
hardware ethernet b8:27:eb:e3:e9:f1;
|
||||
fixed-address spaghetti.binary.kitchen;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
$ORIGIN 23.172.in-addr.arpa. ; base for unqualified names
|
||||
$TTL 1h ; default time-to-live
|
||||
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
|
||||
2022071600; serial
|
||||
2021112701; serial
|
||||
1d; refresh
|
||||
2h; retry
|
||||
4w; expire
|
||||
|
@ -20,11 +20,12 @@ $TTL 1h ; default time-to-live
|
|||
21.1 IN PTR pdu1.binary.kitchen.
|
||||
22.1 IN PTR pdu2.binary.kitchen.
|
||||
23.1 IN PTR pdu3.binary.kitchen.
|
||||
31.1 IN PTR sw-butchery.binary.kitchen.
|
||||
32.1 IN PTR sw-mini.binary.kitchen.
|
||||
33.1 IN PTR sw-rack.binary.kitchen.
|
||||
31.1 IN PTR sw01.binary.kitchen.
|
||||
32.1 IN PTR sw02.binary.kitchen.
|
||||
33.1 IN PTR sw03.binary.kitchen.
|
||||
41.1 IN PTR ap01.binary.kitchen.
|
||||
42.1 IN PTR ap02.binary.kitchen.
|
||||
43.1 IN PTR ap03.binary.kitchen.
|
||||
44.1 IN PTR ap04.binary.kitchen.
|
||||
45.1 IN PTR ap05.binary.kitchen.
|
||||
46.1 IN PTR ap06.binary.kitchen.
|
||||
|
@ -59,6 +60,7 @@ $GENERATE 10-230 $.3 IN PTR dhcp-${0,3,d}-03.binary.kitchen.
|
|||
240.3 IN PTR fusilli.binary.kitchen.
|
||||
241.3 IN PTR klopi.binary.kitchen.
|
||||
242.3 IN PTR mpcnc.binary.kitchen.
|
||||
243.3 IN PTR garlic.binary.kitchen.
|
||||
244.3 IN PTR mirror.binary.kitchen.
|
||||
245.3 IN PTR spaghetti.binary.kitchen.
|
||||
246.3 IN PTR maccaroni.binary.kitchen.
|
||||
|
@ -85,13 +87,10 @@ $GENERATE 10-240 $.4 IN PTR dhcp-${0,3,d}-04.binary.kitchen.
|
|||
$GENERATE 2-254 $.10 IN PTR vpn-${0,3,d}-10.binary.kitchen.
|
||||
; Management Auweg
|
||||
31.12 IN PTR sw-auweg.binary.kitchen.
|
||||
41.12 IN PTR ap11.binary.kitchen.
|
||||
42.12 IN PTR ap12.binary.kitchen.
|
||||
61.12 IN PTR weizen.binary.kitchen.
|
||||
111.12 IN PTR rfp11.binary.kitchen.
|
||||
; Services Auweg
|
||||
3.13 IN PTR aeron.binary.kitchen.
|
||||
12.13 IN PTR lock-auweg.binary.kitchen.
|
||||
; Clients Auweg
|
||||
$GENERATE 10-230 $.14 IN PTR dhcp-${0,3,d}-14.binary.kitchen.
|
||||
; MQTT
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
$ORIGIN binary.kitchen ; base for unqualified names
|
||||
$TTL 1h ; default time-to-live
|
||||
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
|
||||
2022071600; serial
|
||||
2021112701; serial
|
||||
1d; refresh
|
||||
2h; retry
|
||||
4w; expire
|
||||
|
@ -44,11 +44,12 @@ ups1 IN A 172.23.1.11
|
|||
pdu1 IN A 172.23.1.21
|
||||
pdu2 IN A 172.23.1.22
|
||||
pdu3 IN A 172.23.1.23
|
||||
sw-butchery IN A 172.23.1.31
|
||||
sw-mini IN A 172.23.1.32
|
||||
sw-rack IN A 172.23.1.33
|
||||
sw01 IN A 172.23.1.31
|
||||
sw02 IN A 172.23.1.32
|
||||
sw03 IN A 172.23.1.33
|
||||
ap01 IN A 172.23.1.41
|
||||
ap02 IN A 172.23.1.42
|
||||
ap03 IN A 172.23.1.43
|
||||
ap04 IN A 172.23.1.44
|
||||
ap05 IN A 172.23.1.45
|
||||
ap06 IN A 172.23.1.46
|
||||
|
@ -83,6 +84,7 @@ $GENERATE 10-230 dhcp-${0,3,d}-03 IN A 172.23.3.$
|
|||
fusilli IN A 172.23.3.240
|
||||
klopi IN A 172.23.3.241
|
||||
mpcnc IN A 172.23.3.242
|
||||
garlic IN A 172.23.3.243
|
||||
mirror IN A 172.23.3.244
|
||||
spaghetti IN A 172.23.3.245
|
||||
maccaroni IN A 172.23.3.246
|
||||
|
@ -106,13 +108,10 @@ salat-bmc IN A 172.23.9.81
|
|||
; Services RZ
|
||||
; Management Auweg
|
||||
sw-auweg IN A 172.23.12.31
|
||||
ap11 IN A 172.23.12.41
|
||||
ap12 IN A 172.23.12.42
|
||||
weizen IN A 172.23.12.61
|
||||
rfp11 IN A 172.23.12.111
|
||||
; Services Auweg
|
||||
aeron IN A 172.23.13.3
|
||||
lock-auweg IN A 172.23.13.12
|
||||
; Clients Auweg
|
||||
$GENERATE 10-230 dhcp-${0,3,d}-14 IN A 172.23.14.$
|
||||
; MQTT Auweg
|
||||
|
|
|
@ -50,8 +50,3 @@
|
|||
|
||||
- name: Enable drone
|
||||
service: name=drone enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ drone_domain }}"
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
gitea_user: gogs
|
||||
gitea_group: gogs
|
||||
|
||||
gitea_checksum: sha256:bc4a8e1f5d5f64d4be2e50c387de08d07c062aecdba2f742c2f61c20accfcc46
|
||||
gitea_version: 1.17.0
|
||||
gitea_url: https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
|
||||
gitea_checksum: sha256:1b7473b5993e07b33fec58edbc1a90f15f040759ca4647e97317c33d5dfe58be
|
||||
gitea_version: 1.15.6
|
||||
gitea_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
|
||||
|
|
|
@ -50,9 +50,6 @@
|
|||
template: src=certs.j2 dest=/etc/acertmgr/{{ gitea_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure robots.txt for gitea
|
||||
template: src=robots.txt.j2 dest=/opt/gitea/custom/robots.txt owner={{ gitea_user }}
|
||||
|
||||
- name: Configure vhost
|
||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/gitea
|
||||
notify: Restart nginx
|
||||
|
@ -63,8 +60,3 @@
|
|||
|
||||
- name: Enable gitea
|
||||
service: name=gitea enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ gitea_domain }}"
|
||||
|
|
|
@ -43,10 +43,3 @@ LEVEL = warn
|
|||
|
||||
[oauth2]
|
||||
JWT_SECRET = {{ gitea_jwt_secret }}
|
||||
|
||||
[cron]
|
||||
ENABLED = true
|
||||
|
||||
[cron.archive_cleanup]
|
||||
SCHEDULE = @midnight
|
||||
OLDER_THAN = 168h
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
User-agent: *
|
||||
Disallow: /*/*/archive/*.bundle$
|
||||
Disallow: /*/*/archive/*.tar.gz$
|
||||
Disallow: /*/*/archive/*.zip$
|
|
@ -23,10 +23,6 @@ server {
|
|||
ssl_certificate_key /etc/nginx/ssl/{{ gitea_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ gitea_domain }}.crt;
|
||||
|
||||
location /robots.txt {
|
||||
alias /opt/gitea/custom/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
client_max_body_size 1024M;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
|
|
@ -34,8 +34,3 @@
|
|||
|
||||
- name: Start grafana
|
||||
service: name=grafana-server state=started enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ grafana_domain }}"
|
||||
|
|
|
@ -25,8 +25,7 @@ server {
|
|||
|
||||
location / {
|
||||
client_max_body_size 1024M;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://localhost:3000;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
|
||||
hedgedoc_version: 1.9.3
|
||||
hedgedoc_version: 1.8.2
|
||||
hedgedoc_archive: https://github.com/hedgedoc/hedgedoc/archive/{{ hedgedoc_version }}.tar.gz
|
||||
|
|
|
@ -103,8 +103,3 @@
|
|||
|
||||
- name: Start the hedgedoc service
|
||||
service: name=hedgedoc state=started enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ hedgedoc_domain }}"
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
|
||||
icinga_user: nagios
|
||||
icinga_group: nagios
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Restart icinga2
|
||||
service: name=icinga2 state=restarted
|
||||
delegate_to: "{{ icinga_server }}"
|
|
@ -1,17 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Configure monitoring for vhost
|
||||
template:
|
||||
src: http.j2
|
||||
dest: /etc/icinga2/conf.d/hosts/{{ inventory_hostname }}.http_{{ vhost }}
|
||||
owner: "{{ icinga_user }}"
|
||||
group: "{{ icinga_group }}"
|
||||
delegate_to: "{{ icinga_server }}"
|
||||
|
||||
- name: Regenerate hosts.conf
|
||||
assemble:
|
||||
src: /etc/icinga2/conf.d/hosts
|
||||
dest: /etc/icinga2/conf.d/hosts.conf
|
||||
# validate: /usr/sbin/icinga2 daemon -c %s --validate
|
||||
notify: Restart icinga2
|
||||
delegate_to: "{{ icinga_server }}"
|
|
@ -1,13 +0,0 @@
|
|||
|
||||
vars.http_vhosts["{{ vhost }}"] = {
|
||||
http_sni = "true"
|
||||
http_ssl = "true"
|
||||
http_vhost = "{{ vhost }}"
|
||||
}
|
||||
|
||||
vars.http_vhosts["{{ vhost }} cert"] = {
|
||||
http_certificate = "25,15"
|
||||
http_sni = "true"
|
||||
http_ssl = "true"
|
||||
http_vhost = "{{ vhost }}"
|
||||
}
|
|
@ -62,20 +62,9 @@
|
|||
changed_when: "'for these changes to take effect' in features_result.stdout"
|
||||
notify: Restart icinga2
|
||||
|
||||
- name: Ensure directory for host snippets exists
|
||||
file:
|
||||
path: /etc/icinga2/conf.d/hosts
|
||||
state: directory
|
||||
owner: "{{ icinga_user }}"
|
||||
group: "{{ icinga_group }}"
|
||||
|
||||
- name: Prepare host snippets
|
||||
template: src=icinga2/conf.d/hosts.header.j2 dest=/etc/icinga2/conf.d/hosts/{{ item }}.00_header owner={{ icinga_user }} group={{ icinga_group }}
|
||||
loop: "{{ groups['all'] }}"
|
||||
|
||||
- name: Prepare host snippets
|
||||
template: src=icinga2/conf.d/hosts.footer.j2 dest=/etc/icinga2/conf.d/hosts/{{ item }}.zz_footer owner={{ icinga_user }} group={{ icinga_group }}
|
||||
loop: "{{ groups['all'] }}"
|
||||
- name: Configure known hosts for icinga
|
||||
template: src=icinga2/conf.d/hosts.conf.j2 dest=/etc/icinga2/conf.d/hosts.conf owner={{ icinga_user }} group={{ icinga_group }}
|
||||
notify: Restart icinga2
|
||||
|
||||
- name: Create group icingaweb2
|
||||
group: name=icingaweb2 system=yes
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
object Host "{{ item }}" {
|
||||
{% for host in groups['all'] %}
|
||||
object Host "{{ host }}" {
|
||||
/* Import the default host template defined in `templates.conf`. */
|
||||
import "generic-host"
|
||||
|
||||
/* Specify the address attributes for checks e.g. `ssh` or `http`. */
|
||||
address = "{{ item }}"
|
||||
address = "{{ host }}"
|
||||
|
||||
/* Set custom variable `os` for hostgroup assignment in `groups.conf`. */
|
||||
vars.os = "Linux"
|
||||
}
|
||||
{% endfor %}
|
|
@ -1,2 +0,0 @@
|
|||
}
|
||||
|
|
@ -78,8 +78,3 @@
|
|||
|
||||
- name: Start php7.4-fpm
|
||||
service: name=php7.4-fpm state=started enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ librenms_domain }}"
|
||||
|
|
|
@ -1,52 +0,0 @@
|
|||
[uwsgi]
|
||||
# Port on which uwsgi will be listening.
|
||||
uwsgi-socket = /run/mailman3-web/uwsgi.sock
|
||||
|
||||
#Enable threading for python
|
||||
enable-threads = true
|
||||
|
||||
# Move to the directory wher the django files are.
|
||||
chdir = /usr/share/mailman3-web
|
||||
|
||||
# Use the wsgi file provided with the django project.
|
||||
#wsgi-file = wsgi.py
|
||||
mount = /mailman3=wsgi.py
|
||||
manage-script-name = true
|
||||
|
||||
# Setup default number of processes and threads per process.
|
||||
master = true
|
||||
process = 2
|
||||
threads = 2
|
||||
|
||||
# Drop privielges and don't run as root.
|
||||
uid = www-data
|
||||
gid = www-data
|
||||
|
||||
plugins = python3
|
||||
|
||||
# Setup the django_q related worker processes.
|
||||
attach-daemon = python3 manage.py qcluster
|
||||
|
||||
# Setup hyperkitty's cron jobs.
|
||||
#unique-cron = -1 -1 -1 -1 -1 ./manage.py runjobs minutely
|
||||
#unique-cron = -15 -1 -1 -1 -1 ./manage.py runjobs quarter_hourly
|
||||
#unique-cron = 0 -1 -1 -1 -1 ./manage.py runjobs hourly
|
||||
#unique-cron = 0 0 -1 -1 -1 ./manage.py runjobs daily
|
||||
#unique-cron = 0 0 1 -1 -1 ./manage.py runjobs monthly
|
||||
#unique-cron = 0 0 -1 -1 0 ./manage.py runjobs weekly
|
||||
#unique-cron = 0 0 1 1 -1 ./manage.py runjobs yearly
|
||||
|
||||
# Setup the request log.
|
||||
#req-logger = file:/var/log/mailman3/web/mailman-web.log
|
||||
|
||||
# Log cron seperately.
|
||||
#logger = cron file:/var/log/mailman3/web/mailman-web-cron.log
|
||||
#log-route = cron uwsgi-cron
|
||||
|
||||
# Log qcluster commands seperately.
|
||||
#logger = qcluster file:/var/log/mailman3/web/mailman-web-qcluster.log
|
||||
#log-route = qcluster uwsgi-daemons
|
||||
|
||||
# Last log and it logs the rest of the stuff.
|
||||
#logger = file:/var/log/mailman3/web/mailman-web-error.log
|
||||
logto = /var/log/mailman3/web/mailman-web.log
|
|
@ -16,6 +16,8 @@
|
|||
- dovecot-ldap
|
||||
- dovecot-managesieved
|
||||
- dovecot-sieve
|
||||
- fcgiwrap
|
||||
- mailman
|
||||
- mailman3-full
|
||||
- python3-psycopg2
|
||||
- postgresql
|
||||
|
@ -99,6 +101,12 @@
|
|||
file: path=/etc/dovecot/ssl/{{ mail_server }}.key owner=dovecot mode=0400
|
||||
notify: Restart dovecot
|
||||
|
||||
- name: Configure mailman
|
||||
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
||||
with_items:
|
||||
- mailman/mm_cfg.py
|
||||
notify: Restart postfix
|
||||
|
||||
- name: Configure mailman vhost
|
||||
template: src=nginx/vhost.j2 dest=/etc/nginx/sites-available/mailman
|
||||
notify: Restart nginx
|
||||
|
@ -135,18 +143,10 @@
|
|||
template: src=mailman/mailman.cfg.j2 dest=/etc/mailman3/mailman.cfg
|
||||
notify: Restart mailman3
|
||||
|
||||
- name: Configure mailman3 hyperkitty plugin
|
||||
template: src=mailman/mailman-hyperkitty.cfg.j2 dest=/etc/mailman3/mailman-hyperkitty.cfg
|
||||
notify: Restart mailman3
|
||||
|
||||
- name: Configure mailman3-web
|
||||
template: src=mailman/mailman-web.py.j2 dest=/etc/mailman3/mailman-web.py
|
||||
notify: Restart mailman3web
|
||||
|
||||
- name: Configure mailman3-web uwsgi
|
||||
copy: src=mailman/uwsgi.ini dest=/etc/mailman3/uwsgi.ini
|
||||
notify: Restart mailman3web
|
||||
|
||||
- name: Run mailman3-web migration script
|
||||
command:
|
||||
cmd: ./manage.py migrate
|
||||
|
@ -174,6 +174,7 @@
|
|||
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
||||
with_items:
|
||||
- postfix/helo_access
|
||||
- postfix/transport
|
||||
- postfix/virtual-alias
|
||||
notify: Run postmap
|
||||
|
||||
|
|
|
@ -31,7 +31,8 @@ dn = {{ ldap_binddn }}
|
|||
dnpass = {{ ldap_bindpw }}
|
||||
|
||||
# Use SASL binding instead of the simple binding. Note that this changes
|
||||
# ldap_version automatically to be 3 if it's lower.
|
||||
# ldap_version automatically to be 3 if it's lower. Also note that SASL binds
|
||||
# and auth_bind=yes don't work together.
|
||||
#sasl_bind = no
|
||||
# SASL mechanism name to use.
|
||||
#sasl_mech =
|
||||
|
@ -45,7 +46,7 @@ dnpass = {{ ldap_bindpw }}
|
|||
#tls = no
|
||||
# TLS options, currently supported only with OpenLDAP:
|
||||
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
|
||||
#tls_ca_cert_dir =
|
||||
#tls_ca_cert_dir = /etc/ssl/certs
|
||||
#tls_cipher_suite =
|
||||
# TLS cert/key is used only if LDAP server requires a client certificate.
|
||||
#tls_cert_file =
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
# This is the mailman extension configuration file to enable HyperKitty as an
|
||||
# archiver. Remember to add the following lines in the mailman.cfg file:
|
||||
#
|
||||
# [archiver.hyperkitty]
|
||||
# class: mailman_hyperkitty.Archiver
|
||||
# enable: yes
|
||||
# configuration: /etc/mailman3/mailman-hyperkitty.cfg
|
||||
#
|
||||
|
||||
[general]
|
||||
|
||||
# This is your HyperKitty installation, preferably on the localhost. This
|
||||
# address will be used by Mailman to forward incoming emails to HyperKitty
|
||||
# for archiving. It does not need to be publicly available, in fact it's
|
||||
# better if it is not.
|
||||
#base_url: http://localhost/mailman3/hyperkitty/
|
||||
base_url: https://{{ mailman_domain }}/mailman3/hyperkitty/
|
||||
|
||||
# Shared API key, must be the identical to the value in HyperKitty's
|
||||
# settings.
|
||||
api_key: {{ mailman3_archiverkey }}
|
|
@ -16,8 +16,7 @@ ALLOWED_HOSTS = [
|
|||
#"localhost", # Archiving API from Mailman, keep it.
|
||||
# "lists.your-domain.org",
|
||||
# Add here all production URLs you may have.
|
||||
'localhost',
|
||||
'{{ mailman_domain }}'
|
||||
'*'
|
||||
]
|
||||
|
||||
# Mailman API credentials
|
||||
|
@ -25,16 +24,7 @@ MAILMAN_REST_API_URL = 'http://localhost:8001'
|
|||
MAILMAN_REST_API_USER = 'restadmin'
|
||||
MAILMAN_REST_API_PASS = '{{ mailman3_restadminpass }}'
|
||||
MAILMAN_ARCHIVER_KEY = '{{ mailman3_archiverkey }}'
|
||||
MAILMAN_ARCHIVER_FROM = (
|
||||
'127.0.0.1',
|
||||
'::1',
|
||||
{% if hostvars[inventory_hostname]['ansible_default_ipv4']['address'] is defined %}
|
||||
'{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address']}}',
|
||||
{% endif%}
|
||||
{% if hostvars[inventory_hostname]['ansible_default_ipv6']['address'] is defined %}
|
||||
'{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address']}}',
|
||||
{% endif%}
|
||||
)
|
||||
MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
|
||||
|
||||
# Application definition
|
||||
|
||||
|
@ -140,7 +130,7 @@ USE_TZ = True
|
|||
|
||||
|
||||
# Set default domain for email addresses.
|
||||
EMAILNAME = '{{ mail_domain }}'
|
||||
EMAILNAME = 'localhost.local'
|
||||
|
||||
# If you enable internal authentication, this is the address that the emails
|
||||
# will appear to be coming from. Make sure you set a valid domain name,
|
||||
|
@ -199,6 +189,3 @@ SOCIALACCOUNT_PROVIDERS = {
|
|||
COMPRESS_OFFLINE = True
|
||||
|
||||
POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'
|
||||
|
||||
# This is a quick and dirty hack - maybe there is a way to reliably retrieve the right ID?
|
||||
SITE_ID = 2
|
||||
|
|
|
@ -57,8 +57,6 @@ admin_user: restadmin
|
|||
admin_pass: {{ mailman3_restadminpass }}
|
||||
|
||||
[mta]
|
||||
remove_dkim_headers: yes
|
||||
dmarc_mitigate_action: wrap_message
|
||||
incoming: mailman.mta.postfix.LMTP
|
||||
outgoing: mailman.mta.deliver.deliver
|
||||
smtp_host: localhost
|
||||
|
@ -68,8 +66,3 @@ smtp_pass:
|
|||
lmtp_host: 127.0.0.1
|
||||
lmtp_port: 8024
|
||||
configuration: python:mailman.config.postfix
|
||||
|
||||
[archiver.hyperkitty]
|
||||
class: mailman_hyperkitty.Archiver
|
||||
enable: yes
|
||||
configuration: /etc/mailman3/mailman-hyperkitty.cfg
|
||||
|
|
115
roles/mail/templates/mailman/mm_cfg.py.j2
Normal file
115
roles/mail/templates/mailman/mm_cfg.py.j2
Normal file
|
@ -0,0 +1,115 @@
|
|||
# -*- python -*-
|
||||
|
||||
# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
# as published by the Free Software Foundation; either version 2
|
||||
# of the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||||
# 02110-1301 USA
|
||||
|
||||
|
||||
"""This is the module which takes your site-specific settings.
|
||||
|
||||
From a raw distribution it should be copied to mm_cfg.py. If you
|
||||
already have an mm_cfg.py, be careful to add in only the new settings
|
||||
you want. The complete set of distributed defaults, with annotation,
|
||||
are in ./Defaults. In mm_cfg, override only those you want to
|
||||
change, after the
|
||||
|
||||
from Defaults import *
|
||||
|
||||
line (see below).
|
||||
|
||||
Note that these are just default settings - many can be overridden via the
|
||||
admin and user interfaces on a per-list or per-user basis.
|
||||
|
||||
Note also that some of the settings are resolved against the active list
|
||||
setting by using the value as a format string against the
|
||||
list-instance-object's dictionary - see the distributed value of
|
||||
DEFAULT_MSG_FOOTER for an example."""
|
||||
|
||||
|
||||
#######################################################
|
||||
# Here's where we get the distributed defaults. #
|
||||
|
||||
from Defaults import *
|
||||
|
||||
##############################################################
|
||||
# Put YOUR site-specific configuration below, in mm_cfg.py . #
|
||||
# See Defaults.py for explanations of the values. #
|
||||
|
||||
#-------------------------------------------------------------
|
||||
# The name of the list Mailman uses to send password reminders
|
||||
# and similar. Don't change if you want mailman-owner to be
|
||||
# a valid local part.
|
||||
MAILMAN_SITE_LIST = 'mailman'
|
||||
|
||||
#-------------------------------------------------------------
|
||||
# If you change these, you have to configure your http server
|
||||
# accordingly (Alias and ScriptAlias directives in most httpds)
|
||||
#DEFAULT_URL_PATTERN = 'http://%s/cgi-bin/mailman/'
|
||||
DEFAULT_URL_PATTERN = 'https://%s/'
|
||||
IMAGE_LOGOS = '/images/mailman/'
|
||||
|
||||
#-------------------------------------------------------------
|
||||
# Default domain for email addresses of newly created MLs
|
||||
DEFAULT_EMAIL_HOST = '{{ mailman_domain }}'
|
||||
#-------------------------------------------------------------
|
||||
# Default host for web interface of newly created MLs
|
||||
DEFAULT_URL_HOST = '{{ mailman_domain }}'
|
||||
#-------------------------------------------------------------
|
||||
# Required when setting any of its arguments.
|
||||
add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
|
||||
|
||||
#-------------------------------------------------------------
|
||||
# The default language for this server.
|
||||
DEFAULT_SERVER_LANGUAGE = 'en'
|
||||
|
||||
#-------------------------------------------------------------
|
||||
# Iirc this was used in pre 2.1, leave it for now
|
||||
USE_ENVELOPE_SENDER = 0 # Still used?
|
||||
|
||||
#-------------------------------------------------------------
|
||||
# Unset send_reminders on newly created lists
|
||||
DEFAULT_SEND_REMINDERS = 0
|
||||
|
||||
#-------------------------------------------------------------
|
||||
# Uncomment this if you configured your MTA such that it
|
||||
# automatically recognizes newly created lists.
|
||||
# (see /usr/share/doc/mailman/README.Exim4.Debian or
|
||||
# /usr/share/mailman/postfix-to-mailman.py)
|
||||
# MTA=None # Misnomer, suppresses alias output on newlist
|
||||
|
||||
#-------------------------------------------------------------
|
||||
# Uncomment if you use Postfix virtual domains (but not
|
||||
# postfix-to-mailman.py), but be sure to see
|
||||
# /usr/share/doc/mailman/README.Debian first.
|
||||
MTA='Postfix'
|
||||
|
||||
#-------------------------------------------------------------
|
||||
# Uncomment if you want to filter mail with SpamAssassin. For
|
||||
# more information please visit this website:
|
||||
# http://www.jamesh.id.au/articles/mailman-spamassassin/
|
||||
# GLOBAL_PIPELINE.insert(1, 'SpamAssassin')
|
||||
|
||||
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['{{ mailman_domain }}']
|
||||
# alias for postmaster, abuse and mailer-daemon
|
||||
DEB_LISTMASTER = 'postmaster@{{ mail_domain }}'
|
||||
|
||||
# Remove, rename and preserve DKIM headers
|
||||
REMOVE_DKIM_HEADERS = 3
|
||||
# Munge From for DMARC
|
||||
DEFAULT_DMARC_MODERATION_ACTION = 1
|
||||
|
||||
# Note - if you're looking for something that is imported from mm_cfg, but you
|
||||
# didn't find it above, it's probably in /usr/lib/mailman/Mailman/Defaults.py.
|
|
@ -7,7 +7,7 @@ server {
|
|||
|
||||
server_name {{ mailman_domain }};
|
||||
|
||||
root /var/www/html/;
|
||||
root /usr/lib/cgi-bin/mailman/;
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
|
@ -15,27 +15,24 @@ server {
|
|||
}
|
||||
|
||||
location = / {
|
||||
rewrite ^ /mailman3 redirect;
|
||||
rewrite ^ /listinfo permanent;
|
||||
}
|
||||
|
||||
location / {
|
||||
rewrite ^ /mailman3 redirect;
|
||||
root /usr/lib/cgi-bin/mailman;
|
||||
fastcgi_split_path_info (^/[^/]*)(.*)$;
|
||||
fastcgi_pass unix:///var/run/fcgiwrap.socket;
|
||||
include /etc/nginx/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
|
||||
location = /listinfo {
|
||||
rewrite ^ /mailman3 redirect;
|
||||
location /images/mailman {
|
||||
alias /usr/share/images/mailman;
|
||||
}
|
||||
|
||||
location /mailman3/ {
|
||||
include /etc/nginx/uwsgi_params;
|
||||
uwsgi_pass unix:/run/mailman3-web/uwsgi.sock;
|
||||
}
|
||||
|
||||
location /mailman3/static {
|
||||
alias /var/lib/mailman3/web/static;
|
||||
}
|
||||
|
||||
location /mailman3/static/favicon.ico {
|
||||
alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
|
||||
}
|
||||
location /pipermail {
|
||||
alias /var/lib/mailman/archives/public;
|
||||
autoindex on;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -118,10 +118,14 @@ unverified_recipient_reject_reason = Recipient unknown
|
|||
# mailman
|
||||
relay_domains =
|
||||
hash:/var/lib/mailman3/data/postfix_domains
|
||||
{{ mailman_domain }}
|
||||
local_recipient_maps =
|
||||
hash:/var/lib/mailman3/data/postfix_lmtp
|
||||
hash:/var/lib/mailman/data/virtual-mailman
|
||||
transport_maps =
|
||||
hash:/var/lib/mailman3/data/postfix_lmtp
|
||||
hash:/etc/postfix/transport
|
||||
mailman_destination_recipient_limit = 1
|
||||
|
||||
# postsrsd
|
||||
# sender_canonical_maps = tcp:localhost:10001 - > see master.cf
|
||||
|
|
|
@ -131,3 +131,5 @@ bsmtp unix - n n - - pipe
|
|||
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
|
||||
scalemail-backend unix - n n - 2 pipe
|
||||
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
|
||||
mailman unix - n n - - pipe
|
||||
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
|
||||
|
|
1
roles/mail/templates/postfix/transport.j2
Normal file
1
roles/mail/templates/postfix/transport.j2
Normal file
|
@ -0,0 +1 @@
|
|||
{{ mailman_domain }} mailman:
|
|
@ -2,8 +2,5 @@ allow_username_mismatch = true;
|
|||
sign_networks = [127.0.0.1, ::1, {{ mail_trusted | join(", ") }}];
|
||||
check_pubkey = true;
|
||||
try_fallback = false;
|
||||
use_esld = false;
|
||||
allow_hdrfrom_mismatch = true;
|
||||
use_domain = "envelope";
|
||||
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
|
||||
selector_map = "/etc/rspamd/local.d/arc_selectors.map";
|
||||
|
|
|
@ -2,8 +2,5 @@ allow_username_mismatch = true;
|
|||
sign_networks = [127.0.0.1, ::1, {{ mail_trusted | join(", ") }}];
|
||||
check_pubkey = true;
|
||||
try_fallback = false;
|
||||
use_esld = false;
|
||||
allow_hdrfrom_mismatch = true;
|
||||
use_domain = "envelope";
|
||||
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
|
||||
selector_map = "/etc/rspamd/local.d/dkim_selectors.map";
|
||||
|
|
|
@ -9,7 +9,7 @@ localhost_mail {
|
|||
reject = null;
|
||||
greylist = null;
|
||||
"add header" = null;
|
||||
"rewrite subject" = null;
|
||||
spam = null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -46,8 +46,3 @@
|
|||
- name: Enable vhost
|
||||
file: src=/etc/nginx/sites-available/matrix dest=/etc/nginx/sites-enabled/matrix state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ matrix_domain }}"
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -3,11 +3,7 @@
|
|||
# This is a YAML file containing a standard Python logging configuration
|
||||
# dictionary. See [1] for details on the valid settings.
|
||||
#
|
||||
# Synapse also supports structured logging for machine readable logs which can
|
||||
# be ingested by ELK stacks. See [2] for details.
|
||||
#
|
||||
# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
|
||||
# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html
|
||||
|
||||
version: 1
|
||||
|
||||
|
@ -24,31 +20,18 @@ handlers:
|
|||
backupCount: 3 # Does not include the current log file.
|
||||
encoding: utf8
|
||||
|
||||
# Default to buffering writes to log file for efficiency.
|
||||
# WARNING/ERROR logs will still be flushed immediately, but there will be a
|
||||
# delay (of up to `period` seconds, or until the buffer is full with
|
||||
# `capacity` messages) before INFO/DEBUG logs get written.
|
||||
# Default to buffering writes to log file for efficiency. This means that
|
||||
# will be a delay for INFO/DEBUG logs to get written, but WARNING/ERROR
|
||||
# logs will still be flushed immediately.
|
||||
buffer:
|
||||
class: synapse.logging.handlers.PeriodicallyFlushingMemoryHandler
|
||||
class: logging.handlers.MemoryHandler
|
||||
target: file
|
||||
|
||||
# The capacity is the maximum number of log lines that are buffered
|
||||
# before being written to disk. Increasing this will lead to better
|
||||
# The capacity is the number of log lines that are buffered before
|
||||
# being written to disk. Increasing this will lead to better
|
||||
# performance, at the expensive of it taking longer for log lines to
|
||||
# be written to disk.
|
||||
# This parameter is required.
|
||||
capacity: 10
|
||||
|
||||
# Logs with a level at or above the flush level will cause the buffer to
|
||||
# be flushed immediately.
|
||||
# Default value: 40 (ERROR)
|
||||
# Other values: 50 (CRITICAL), 30 (WARNING), 20 (INFO), 10 (DEBUG)
|
||||
flushLevel: 30 # Flush immediately for WARNING logs and higher
|
||||
|
||||
# The period of time, in seconds, between forced flushes.
|
||||
# Messages will not be delayed for longer than this time.
|
||||
# Default value: 5 seconds
|
||||
period: 5
|
||||
flushLevel: 30 # Flush for WARNING logs as well
|
||||
|
||||
# A handler that writes logs to stderr. Unused by default, but can be used
|
||||
# instead of "buffer" and "file" in the logger handlers.
|
||||
|
@ -77,7 +60,7 @@ root:
|
|||
# then write them to a file.
|
||||
#
|
||||
# Replace "buffer" with "console" to log to stderr instead. (Note that you'll
|
||||
# also need to update the configuration for the `twisted` logger above, in
|
||||
# also need to update the configuation for the `twisted` logger above, in
|
||||
# this case.)
|
||||
#
|
||||
handlers: [buffer]
|
||||
|
|
|
@ -2,4 +2,4 @@
|
|||
|
||||
netbox_group: netbox
|
||||
netbox_user: netbox
|
||||
netbox_version: 3.2.5
|
||||
netbox_version: 3.0.10
|
||||
|
|
|
@ -60,7 +60,6 @@
|
|||
dest: "/opt/netbox-{{ netbox_version }}/netbox/netbox/configuration.py"
|
||||
owner: "{{ netbox_user }}"
|
||||
group: "{{ netbox_group }}"
|
||||
notify: Restart netbox
|
||||
|
||||
- name: Configure gunicorn
|
||||
template:
|
||||
|
@ -144,8 +143,3 @@
|
|||
with_items:
|
||||
- netbox
|
||||
- netbox-rq
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ netbox_domain }}"
|
||||
|
|
|
@ -69,13 +69,29 @@ SECRET_KEY = '{{ netbox_secret }}'
|
|||
# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
|
||||
# application errors (assuming correct email settings are provided).
|
||||
ADMINS = [
|
||||
# ('John Doe', 'jdoe@example.com'),
|
||||
# ['John Doe', 'jdoe@example.com'],
|
||||
]
|
||||
|
||||
# Base URL path if accessing NetBox within a directory. For example, if installed at https://example.com/netbox/, set:
|
||||
# URL schemes that are allowed within links in NetBox
|
||||
ALLOWED_URL_SCHEMES = (
|
||||
'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
|
||||
)
|
||||
|
||||
# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
|
||||
# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
|
||||
BANNER_TOP = ''
|
||||
BANNER_BOTTOM = ''
|
||||
|
||||
# Text to include on the login page above the login form. HTML is allowed.
|
||||
BANNER_LOGIN = ''
|
||||
|
||||
# Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set:
|
||||
# BASE_PATH = 'netbox/'
|
||||
BASE_PATH = ''
|
||||
|
||||
# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90)
|
||||
CHANGELOG_RETENTION = 90
|
||||
|
||||
# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
|
||||
# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
|
||||
# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
|
||||
|
@ -87,6 +103,20 @@ CORS_ORIGIN_REGEX_WHITELIST = [
|
|||
# r'^(https?://)?(\w+\.)?example\.com$',
|
||||
]
|
||||
|
||||
# Specify any custom validators here, as a mapping of model to a list of validators classes. Validators should be
|
||||
# instances of or inherit from CustomValidator.
|
||||
# from extras.validators import CustomValidator
|
||||
CUSTOM_VALIDATORS = {
|
||||
# 'dcim.site': [
|
||||
# CustomValidator({
|
||||
# 'name': {
|
||||
# 'min_length': 10,
|
||||
# 'regex': r'\d{3}$',
|
||||
# }
|
||||
# })
|
||||
# ],
|
||||
}
|
||||
|
||||
# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
|
||||
# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
|
||||
# on a production system.
|
||||
|
@ -104,6 +134,10 @@ EMAIL = {
|
|||
'FROM_EMAIL': '',
|
||||
}
|
||||
|
||||
# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
|
||||
# (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True.
|
||||
ENFORCE_GLOBAL_UNIQUE = False
|
||||
|
||||
# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
|
||||
# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
|
||||
EXEMPT_VIEW_PERMISSIONS = [
|
||||
|
@ -112,6 +146,9 @@ EXEMPT_VIEW_PERMISSIONS = [
|
|||
# 'ipam.prefix',
|
||||
]
|
||||
|
||||
# Enable the GraphQL API
|
||||
GRAPHQL_ENABLED = True
|
||||
|
||||
# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
|
||||
# HTTP_PROXIES = {
|
||||
# 'http': 'http://10.10.1.10:3128',
|
||||
|
@ -138,6 +175,17 @@ LOGIN_REQUIRED = True
|
|||
# re-authenticate. (Default: 1209600 [14 days])
|
||||
LOGIN_TIMEOUT = None
|
||||
|
||||
# Setting this to True will display a "maintenance mode" banner at the top of every page.
|
||||
MAINTENANCE_MODE = False
|
||||
|
||||
# The URL to use when mapping physical addresses or GPS coordinates
|
||||
MAPS_URL = 'https://maps.google.com/?q='
|
||||
|
||||
# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
|
||||
# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
|
||||
# all objects by specifying "?limit=0".
|
||||
MAX_PAGE_SIZE = 1000
|
||||
|
||||
# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
|
||||
# the default value of this setting is derived from the installed location.
|
||||
# MEDIA_ROOT = '/opt/netbox/netbox/media'
|
||||
|
@ -155,6 +203,20 @@ LOGIN_TIMEOUT = None
|
|||
# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
|
||||
METRICS_ENABLED = False
|
||||
|
||||
# Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM.
|
||||
NAPALM_USERNAME = ''
|
||||
NAPALM_PASSWORD = ''
|
||||
|
||||
# NAPALM timeout (in seconds). (Default: 30)
|
||||
NAPALM_TIMEOUT = 30
|
||||
|
||||
# NAPALM optional arguments (see https://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
|
||||
# be provided as a dictionary.
|
||||
NAPALM_ARGS = {}
|
||||
|
||||
# Determine how many objects to display per page within a list. (Default: 50)
|
||||
PAGINATE_COUNT = 50
|
||||
|
||||
# Enable installed plugins. Add the name of each plugin to the list.
|
||||
PLUGINS = []
|
||||
|
||||
|
@ -167,6 +229,14 @@ PLUGINS = []
|
|||
# }
|
||||
# }
|
||||
|
||||
# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
|
||||
# prefer IPv4 instead.
|
||||
PREFER_IPV4 = False
|
||||
|
||||
# Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1.
|
||||
RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = 22
|
||||
RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220
|
||||
|
||||
# Remote authentication support
|
||||
REMOTE_AUTH_ENABLED = False
|
||||
REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
|
||||
|
|
|
@ -230,7 +230,7 @@ pm.max_spare_servers = 15
|
|||
; last request memory: 0
|
||||
;
|
||||
; Note: There is a real-time FPM status monitoring sample web page available
|
||||
; It's available in: /usr/share/php/8.1/fpm/status.html
|
||||
; It's available in: /usr/share/php/8.0/fpm/status.html
|
||||
;
|
||||
; Note: The value must start with a leading slash (/). The value can be
|
||||
; anything, but it may not be a good idea to use the .php extension or it
|
||||
|
|
|
@ -3,5 +3,5 @@
|
|||
- name: Restart nginx
|
||||
service: name=nginx state=restarted
|
||||
|
||||
- name: Restart php8.1-fpm
|
||||
service: name=php8.1-fpm state=restarted
|
||||
- name: Restart php8.0-fpm
|
||||
service: name=php8.0-fpm state=restarted
|
||||
|
|
|
@ -15,33 +15,32 @@
|
|||
- name: Install packages
|
||||
apt:
|
||||
name:
|
||||
- php8.1
|
||||
- php8.1-apcu
|
||||
- php8.1-bcmath
|
||||
- php8.1-bz2
|
||||
- php8.1-cli
|
||||
- php8.1-common
|
||||
- php8.1-curl
|
||||
- php8.1-dev
|
||||
- php8.1-fpm
|
||||
- php8.1-gd
|
||||
- php8.1-gmp
|
||||
- php8.1-imagick
|
||||
- php8.1-imap
|
||||
- php8.1-intl
|
||||
- php8.1-ldap
|
||||
- php8.1-mbstring
|
||||
- php8.1-mysql
|
||||
- php8.1-opcache
|
||||
- php8.1-pgsql
|
||||
- php8.1-readline
|
||||
- php8.1-redis
|
||||
- php8.1-soap
|
||||
- php8.1-sqlite3
|
||||
- php8.1-tidy
|
||||
- php8.1-xml
|
||||
- php8.1-xmlrpc
|
||||
- php8.1-zip
|
||||
- php-redis
|
||||
- php8.0
|
||||
- php8.0-apcu
|
||||
- php8.0-bcmath
|
||||
- php8.0-bz2
|
||||
- php8.0-cli
|
||||
- php8.0-common
|
||||
- php8.0-curl
|
||||
- php8.0-dev
|
||||
- php8.0-fpm
|
||||
- php8.0-gd
|
||||
- php8.0-gmp
|
||||
- php8.0-imap
|
||||
- php8.0-intl
|
||||
- php8.0-ldap
|
||||
- php8.0-mbstring
|
||||
- php8.0-mysql
|
||||
- php8.0-opcache
|
||||
- php8.0-pgsql
|
||||
- php8.0-readline
|
||||
- php8.0-soap
|
||||
- php8.0-sqlite3
|
||||
- php8.0-tidy
|
||||
- php8.0-xml
|
||||
- php8.0-xmlrpc
|
||||
- php8.0-zip
|
||||
- postgresql
|
||||
- python3-psycopg2
|
||||
|
||||
|
@ -70,25 +69,20 @@
|
|||
template: src=vhost.j2 dest=/etc/nginx/sites-available/nextcloud
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Configure php8.1-fpm
|
||||
copy: src=www.conf dest=/etc/php/8.1/fpm/pool.d/www.conf
|
||||
notify: Restart php8.1-fpm
|
||||
- name: Configure php8.0-fpm
|
||||
copy: src=www.conf dest=/etc/php/8.0/fpm/pool.d/www.conf
|
||||
notify: Restart php8.0-fpm
|
||||
|
||||
- name: Configure php8.1 opcache
|
||||
copy: src=opcache.ini dest=/etc/php/8.1/mods-available/opcache.ini
|
||||
notify: Restart php8.1-fpm
|
||||
- name: Configure php8.0 opcache
|
||||
copy: src=opcache.ini dest=/etc/php/8.0/mods-available/opcache.ini
|
||||
notify: Restart php8.0-fpm
|
||||
|
||||
- name: Enable vhost
|
||||
file: src=/etc/nginx/sites-available/nextcloud dest=/etc/nginx/sites-enabled/nextcloud state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Start php8.1-fpm
|
||||
service: name=php8.1-fpm state=started enabled=yes
|
||||
- name: Start php8.0-fpm
|
||||
service: name=php8.0-fpm state=started enabled=yes
|
||||
|
||||
- name: Start PostgreSQL
|
||||
service: name=postgresql state=started enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ nextcloud_domain }}"
|
||||
|
|
|
@ -49,7 +49,7 @@ server {
|
|||
index index.php index.html /index.php$request_uri;
|
||||
|
||||
|
||||
location ^~ /browser {
|
||||
location ^~ /loleaflet {
|
||||
proxy_pass http://localhost:9980;
|
||||
proxy_set_header Host $http_host;
|
||||
}
|
||||
|
@ -64,7 +64,7 @@ server {
|
|||
proxy_set_header Host $http_host;
|
||||
}
|
||||
|
||||
location ~ ^/cool/(.*)/ws$ {
|
||||
location ~ ^/lool/(.*)/ws$ {
|
||||
proxy_pass http://localhost:9980;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
@ -72,12 +72,12 @@ server {
|
|||
proxy_read_timeout 36000s;
|
||||
}
|
||||
|
||||
location ~ ^/(c|l)ool {
|
||||
location ~ ^/lool {
|
||||
proxy_pass http://localhost:9980;
|
||||
proxy_set_header Host $http_host;
|
||||
}
|
||||
|
||||
location ^~ /cool/adminws {
|
||||
location ^~ /lool/adminws {
|
||||
proxy_pass http://localhost:9980;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
|
4
roles/omm/defaults/main.yml
Normal file
4
roles/omm/defaults/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
omm_http_port: 8000
|
||||
omm_https_port: 8443
|
10
roles/omm/handlers/main.yml
Normal file
10
roles/omm/handlers/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=yes
|
||||
|
||||
- name: Restart sip-dect-ics
|
||||
service: name=sip-dect-ics state=restarted
|
||||
|
||||
- name: Restart sip-dect-omm
|
||||
service: name=sip-dect-omm state=restarted
|
|
@ -2,3 +2,4 @@
|
|||
|
||||
dependencies:
|
||||
- { role: acertmgr }
|
||||
- { role: nginx, nginx_ssl: True }
|
80
roles/omm/tasks/main.yml
Normal file
80
roles/omm/tasks/main.yml
Normal file
|
@ -0,0 +1,80 @@
|
|||
---
|
||||
|
||||
- name: Install dependencies
|
||||
apt:
|
||||
name:
|
||||
- alien
|
||||
- sysvinit-utils
|
||||
- telnet
|
||||
|
||||
- name: Add i386 architecture
|
||||
command: dpkg --add-architecture i386
|
||||
args:
|
||||
creates: /var/lib/dpkg/arch
|
||||
when: ansible_architecture != 'i386'
|
||||
register: add_i386
|
||||
|
||||
- name: Install 32bit dependencies
|
||||
apt:
|
||||
name:
|
||||
- libstdc++6:i386
|
||||
- zlib1g:i386
|
||||
update_cache: "{{ add_i386.changed }}"
|
||||
|
||||
# TODO check if still needed since we don't use the start-script anymore
|
||||
- name: Create compatibility symlinks
|
||||
file:
|
||||
src: /usr/bin/pidof
|
||||
dest: /sbin/pidof
|
||||
state: link
|
||||
|
||||
# TODO manual steps
|
||||
# alien --target=amd64 /tmp/SIP-DECT-OMM-8.1_SP4_GE30-0.i686.rpm
|
||||
# dpkg -i sip-dect-omm_8.1SP4GE30-1_amd64.deb
|
||||
# alien --target=amd64 /tmp/SIP-DECT-HANDSET-8.1_SP4_GE30-0.i686.rpm
|
||||
# dpkg -i sip-dect-handset_8.1SP4GE30-1_amd64.deb
|
||||
# rm /etc/init.d/sip-dect-omm
|
||||
# rm /etc/sysconfig/SIP-DECT
|
||||
|
||||
- name: Install systemd units
|
||||
template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
|
||||
with_items:
|
||||
- sip-dect-ics
|
||||
- sip-dect-omm
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart sip-dect-ics
|
||||
- Restart sip-dect-omm
|
||||
|
||||
- name: Enable services
|
||||
service: name={{ item }} state=started enabled=yes
|
||||
with_items:
|
||||
- sip-dect-ics
|
||||
- sip-dect-omm
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command:
|
||||
cmd: >
|
||||
openssl req -x509 -nodes -newkey rsa:2048
|
||||
-keyout /etc/nginx/ssl/{{ omm_domain }}.key -out /etc/nginx/ssl/{{ omm_domain }}.crt
|
||||
-days 730 -subj "/CN={{ omm_domain }}"
|
||||
creates: /etc/nginx/ssl/{{ omm_domain }}.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Request nsupdate key for certificate
|
||||
include_role: name=acme-dnskey-generate
|
||||
vars:
|
||||
acme_dnskey_san_domains:
|
||||
- "{{ omm_domain }}"
|
||||
|
||||
- name: Configure certificate manager for omm
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ omm_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure vhost
|
||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/omm
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable vhost
|
||||
file: src=/etc/nginx/sites-available/omm dest=/etc/nginx/sites-enabled/omm state=link
|
||||
notify: Restart nginx
|
18
roles/omm/templates/certs.j2
Normal file
18
roles/omm/templates/certs.j2
Normal file
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
|
||||
{{ omm_domain }}:
|
||||
- mode: dns.nsupdate
|
||||
nsupdate_server: {{ acme_dnskey_server }}
|
||||
nsupdate_keyfile: {{ acme_dnskey_file }}
|
||||
- path: /etc/nginx/ssl/{{ omm_domain }}.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ omm_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service nginx restart'
|
15
roles/omm/templates/sip-dect-ics.service.j2
Normal file
15
roles/omm/templates/sip-dect-ics.service.j2
Normal file
|
@ -0,0 +1,15 @@
|
|||
[Unit]
|
||||
Description=Mitel SIP-DECT ICS (Integrated Conference Server)
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
Requires=sip-dect-omm.service
|
||||
|
||||
[Service]
|
||||
RestartSec=2s
|
||||
Type=forking
|
||||
WorkingDirectory=/opt/SIP-DECT/
|
||||
ExecStart=/opt/SIP-DECT/bin/ics -d
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
14
roles/omm/templates/sip-dect-omm.service.j2
Normal file
14
roles/omm/templates/sip-dect-omm.service.j2
Normal file
|
@ -0,0 +1,14 @@
|
|||
[Unit]
|
||||
Description=Mitel SIP-DECT OMM (Open Mobility Manager)
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
RestartSec=2s
|
||||
Type=forking
|
||||
WorkingDirectory=/opt/SIP-DECT/
|
||||
ExecStart=/opt/SIP-DECT/bin/SIP-DECT -f /opt/SIP-DECT/tmp/omm_conf.txt -http {{ omm_http_port }} -https {{ omm_https_port }} -d
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
30
roles/omm/templates/vhost.j2
Normal file
30
roles/omm/templates/vhost.j2
Normal file
|
@ -0,0 +1,30 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ omm_domain }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://{{ omm_domain }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ omm_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ omm_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ omm_domain }}.crt;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass https://localhost:{{ omm_https_port }};
|
||||
}
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
[pretix]
|
||||
instance_name=Binary Kitchen Event Pretix
|
||||
url=https://{{ pretix_domain }}
|
||||
instance_name=Binary Kitchen RC3 Pretix
|
||||
url=https://pretix.rc3.binary-kitchen.de
|
||||
currency=EUR
|
||||
datadir=/opt/pretix/data
|
||||
trust_x_forwarded_for=on
|
||||
|
|
|
@ -6,20 +6,6 @@
|
|||
- name: Install docker-compose
|
||||
apt: name=docker-compose
|
||||
|
||||
- name: Install git
|
||||
apt: name=git
|
||||
|
||||
- name: Create workadventure group
|
||||
group: name=workadventure
|
||||
|
||||
- name: Create workadventure user
|
||||
user:
|
||||
name: workadventure
|
||||
home: /opt/workadventure
|
||||
shell: /bin/zsh
|
||||
group: workadventure
|
||||
groups: docker
|
||||
|
||||
- name: Install systemd unit
|
||||
template: src=workadventure.service.j2 dest=/lib/systemd/system/workadventure.service
|
||||
notify:
|
||||
|
@ -44,8 +30,3 @@
|
|||
|
||||
- name: Enable workadventure
|
||||
service: name=workadventure enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ workadventure_domain }}"
|
||||
|
|
|
@ -38,7 +38,7 @@ server {
|
|||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
root /opt/workadventure/source/src/front/dist;
|
||||
root /opt/workadventure/source/front/dist;
|
||||
try_files $uri uri/ /index.html?$args;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
Description=WorkAdventure service using docker compose
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
Before=nginx.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
|
@ -16,13 +15,13 @@ TimeoutStartSec=1200
|
|||
WorkingDirectory=/opt/workadventure/source/
|
||||
|
||||
# Make sure no old containers are running
|
||||
ExecStartPre=/usr/bin/docker-compose down -v
|
||||
ExecStartPre=/usr/bin/docker-compose -f docker-compose.bk.yaml down -v
|
||||
|
||||
# Compose up
|
||||
ExecStart=/usr/bin/docker-compose up
|
||||
ExecStart=/usr/bin/docker-compose -f docker-compose.bk.yaml up
|
||||
|
||||
# Compose down, remove containers and volumes
|
||||
ExecStop=/usr/bin/docker-compose down -v
|
||||
ExecStop=/usr/bin/docker-compose -f docker-compose.bk.yaml down -v
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -1,19 +0,0 @@
|
|||
xrdp_apphost
|
||||
============
|
||||
|
||||
Manual installation steps
|
||||
-------------------------
|
||||
|
||||
After the role has applied several manual installation steps have to be applied
|
||||
by a admin user.
|
||||
|
||||
* Estlcam
|
||||
* Login as tsadmin user and execute the following commands
|
||||
$ sudo -u estlcam --preserve-env=DISPLAY /bin/bash
|
||||
$ cd ~
|
||||
$ export WINEPREFIX=~/.wine32
|
||||
$ export WINEARCH=win32
|
||||
$ wineboot
|
||||
$ winetricks dotnet40 gdiplus d3dx9_36
|
||||
$ wget http://www.estlcam.de/downloads/Estlcam_32_11244.exe
|
||||
$ wine Estlcam_32_11243.exe
|
|
@ -1,64 +0,0 @@
|
|||
---
|
||||
|
||||
xrdp_maxsessions: 10
|
||||
xrdp_killdisconnected: true
|
||||
xrdp_policy: UBDC
|
||||
xrdp_ls_title: Binary Kitchen Application Server
|
||||
xrdp_ls_top_window_bg_color: 003377
|
||||
xrdp_ls_bg_color: dedede
|
||||
xrdp_ls_width: 350
|
||||
xrdp_ls_height: 430
|
||||
xrdp_ls_logo_filename: KitchenLogo.bmp
|
||||
xrdp_ls_logo_x_pos: 55
|
||||
xrdp_ls_logo_y_pos: 50
|
||||
xrdp_ls_label_x_pos: 30
|
||||
xrdp_ls_label_width: 65
|
||||
xrdp_ls_input_x_pos: 110
|
||||
xrdp_ls_input_width: 210
|
||||
xrdp_ls_input_y_pos: 220
|
||||
xrdp_ls_btn_ok_x_pos: 142
|
||||
xrdp_ls_btn_ok_y_pos: 370
|
||||
xrdp_ls_btn_cancel_x_pos: 237
|
||||
xrdp_ls_btn_cancel_y_pos: 370
|
||||
|
||||
info_folder_name: "___Files\ older\ than\ 30\ days\ will\ be\ automatically\ deleted"
|
||||
|
||||
xrdp_applications:
|
||||
LightBurn:
|
||||
user: lightburn
|
||||
group: lightburn
|
||||
pass: "{{ vault_xrdp_apphost_lightburn_pass }}"
|
||||
salt: "{{ vault_xrdp_apphost_lightburn_salt }}"
|
||||
git_config_folder: /home/lightburn/.config/LightBurn/
|
||||
|
||||
checksum: sha256:b57a3af710d61c10f8ca66b81f753973d3289fb44ebcfd429fb26db7268b7f14
|
||||
version: 1.2.00
|
||||
|
||||
Estlcam:
|
||||
user: estlcam
|
||||
group: estlcam
|
||||
pass: "{{ vault_xrdp_apphost_estlcam_pass }}"
|
||||
salt: "{{ vault_xrdp_apphost_estlcam_salt }}"
|
||||
git_config_folder: /home/estlcam/.wine32/drive_c/ProgramData/Estlcam/
|
||||
|
||||
Slicer:
|
||||
user: slicer
|
||||
group: slicer
|
||||
pass: "{{ vault_xrdp_apphost_slicer_pass }}"
|
||||
salt: "{{ vault_xrdp_apphost_slicer_salt }}"
|
||||
git_config_folder: /home/slicer/.config/PrusaSlicer/
|
||||
|
||||
checksum: sha256:b36f49a577ab88d568d8165a94ac62e9eb6d9b4dcc46516a82e1a6131fdcea6e
|
||||
version_base: 2.4.2
|
||||
version: 2.4.2+linux-x64-GTK3-202204251120
|
||||
|
||||
lightburn_url: https://github.com/LightBurnSoftware/deployment/releases/download/{{ xrdp_applications.LightBurn.version }}/LightBurn-Linux64-v{{ xrdp_applications.LightBurn.version }}.run
|
||||
lightburn_target: /home/{{ xrdp_applications.LightBurn.user }}/LightBurn-Linux64-v{{ xrdp_applications.LightBurn.version }}.run
|
||||
|
||||
slicer_url: https://github.com/prusa3d/PrusaSlicer/releases/download/version_{{ xrdp_applications.Slicer.version_base }}/PrusaSlicer-{{ xrdp_applications.Slicer.version }}.AppImage
|
||||
slicer_target: /home/{{ xrdp_applications.Slicer.user }}/PrusaSlicer-{{ xrdp_applications.Slicer.version }}.AppImage
|
||||
|
||||
tsadmin_user: tsadmin
|
||||
tsadmin_group: tsadmin
|
||||
tsadmin_pass: "{{ vault_xrdp_apphost_tsadmin_pass }}"
|
||||
tsadmin_salt: "{{ vault_xrdp_apphost_tsadmin_salt }}"
|
Binary file not shown.
Before Width: | Height: | Size: 99 KiB |
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Restart xrdp
|
||||
service: name=xrdp state=restarted
|
||||
|
||||
- name: Install LightBurn
|
||||
shell: "{{ lightburn_target }}"
|
||||
become: yes
|
||||
become_user: "{{ xrdp_applications.LightBurn.user }}"
|
||||
|
||||
- name: Reload smbd
|
||||
service: name=smbd state=reloaded
|
|
@ -1,105 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Install global dependencies
|
||||
apt:
|
||||
name:
|
||||
- git
|
||||
|
||||
- name: Create Application groups
|
||||
group: name={{ item.value.group }}
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create Application users
|
||||
user: name={{ item.value.user }} password={{ item.value.pass | password_hash('sha512', item.value.salt) }} home=/home/{{ item.value.user }} group={{ item.value.group }}
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create Application .xsession
|
||||
template: src={{ item.value.user }}_xsession.j2 dest=/home/{{ item.value.user }}/.xsession
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create Application data directories
|
||||
file: path=/home/{{ item.value.user }}/data state=directory mode=0755 owner={{ item.value.user }} group={{ item.value.group }}
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create info directory
|
||||
file:
|
||||
path: "/home/{{ item.value.user }}/data/{{ info_folder_name }}"
|
||||
state: directory
|
||||
mode: 0444
|
||||
owner: root
|
||||
group: root
|
||||
attributes: '+i'
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create file cleanup cron
|
||||
cron:
|
||||
name: "Delete files older than 30 days"
|
||||
minute: "0"
|
||||
hour: "5"
|
||||
job: "find /home/{{ item.value.user }}/data -type f -mtime +30 ! -name \"{{ info_folder_name }}\" -delete"
|
||||
user: "{{ item.value.user }}"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create directory cleanup cron
|
||||
cron:
|
||||
name: "Delete empty directories"
|
||||
minute: "1"
|
||||
hour: "5"
|
||||
job: "find /home/{{ item.value.user }}/data -type d -empty ! -name \"{{ info_folder_name }}\" -delete"
|
||||
user: "{{ item.value.user }}"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create config directory
|
||||
file:
|
||||
path: "{{ item.value.git_config_folder }}"
|
||||
state: directory
|
||||
become: yes
|
||||
become_user: "{{ item.value.user }}"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create git repo for configs
|
||||
command: git init {{ item.value.git_config_folder }}
|
||||
become: yes
|
||||
become_user: "{{ item.value.user }}"
|
||||
args:
|
||||
creates: "{{ item.value.git_config_folder }}/.git"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Setup git user names
|
||||
git_config:
|
||||
name: user.name
|
||||
scope: global
|
||||
value: "{{ item.value.user }}"
|
||||
become: yes
|
||||
become_user: "{{ item.value.user }}"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Setup git E-Mail
|
||||
git_config:
|
||||
name: user.email
|
||||
scope: global
|
||||
value: "{{ item.value.user }}@{{ inventory_hostname }}"
|
||||
become: yes
|
||||
become_user: "{{ item.value.user }}"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create config git commit cron
|
||||
cron:
|
||||
name: "Add and commit all changes"
|
||||
minute: "5"
|
||||
hour: "5"
|
||||
job: "cd {{ item.value.git_config_folder }} && git add -A && git commit -m 'Commit via cronjob'"
|
||||
user: "{{ item.value.user }}"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Enable contrib repositories
|
||||
apt_repository:
|
||||
repo: deb http://deb.debian.org/debian {{ ansible_distribution_release }} contrib
|
||||
|
||||
- name: Add i386 Architecture
|
||||
command: dpkg --add-architecture i386
|
||||
args:
|
||||
creates: /var/lib/dpkg/arch
|
||||
when: ansible_architecture != 'i386'
|
||||
register: archrc
|
||||
|
||||
- name: Update APT Cache for i386
|
||||
apt:
|
||||
update_cache: true
|
||||
when: archrc is defined and archrc.changed
|
||||
|
||||
- name: Install Estlcam dependencies
|
||||
apt:
|
||||
name:
|
||||
- winetricks
|
||||
- wine32
|
||||
- xfwm4
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Install LightBurn dependencies
|
||||
apt:
|
||||
name:
|
||||
- libpulse-mainloop-glib0
|
||||
- libnss3
|
||||
- libxkbcommon-x11-0
|
||||
|
||||
- name: Download LightBurn binary
|
||||
get_url: url={{ lightburn_url }} dest={{ lightburn_target }} checksum={{ xrdp_applications.LightBurn.checksum }} mode=0755
|
||||
notify: Install LightBurn
|
|
@ -1,35 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Set Default umask for Users
|
||||
lineinfile:
|
||||
dest: '/etc/login.defs'
|
||||
regexp: "UMASK"
|
||||
line: "UMASK 027"
|
||||
state: present
|
||||
|
||||
- include: xrdp.yml
|
||||
- include: app_common.yml
|
||||
- include: samba.yml
|
||||
|
||||
- include: lightburn.yml
|
||||
- include: estlcam.yml
|
||||
- include: slicer.yml
|
||||
|
||||
- name: Create tsadmin group
|
||||
group: name={{ tsadmin_group }}
|
||||
|
||||
- name: Create tsadmin_user
|
||||
user: name={{ tsadmin_user }} password={{ tsadmin_pass | password_hash('sha512', tsadmin_salt) }} home=/home/{{ tsadmin_user }} group={{ tsadmin_group }}
|
||||
|
||||
- name: Allow 'tsadmin_user' group to have passwordless sudo to other users
|
||||
lineinfile:
|
||||
dest: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^{{ tsadmin_user }} ALL=({{ item.value.user }}) NOPASSWD: ALL'
|
||||
line: '{{ tsadmin_user }} ALL=({{ item.value.user }}) NOPASSWD: ALL'
|
||||
validate: visudo -cf %s
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create tsadmin_user .xsession
|
||||
template: src=tsadmin_xsession.j2 dest=/home/{{ tsadmin_user }}/.xsession
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Install samba
|
||||
apt:
|
||||
name:
|
||||
- samba
|
||||
|
||||
- name: Configure samba
|
||||
template:
|
||||
src: smb.conf.j2
|
||||
dest: /etc/samba/smb.conf
|
||||
notify: Reload smbd
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Install Slic3r dependencies
|
||||
apt:
|
||||
name:
|
||||
- libgtk2.0-0
|
||||
|
||||
- name: Download Slic3r binary
|
||||
get_url: url={{ slicer_url }} dest={{ slicer_target }} checksum={{ xrdp_applications.Slicer.checksum }} mode=0755
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Install main dependencies
|
||||
apt:
|
||||
name:
|
||||
- xrdp
|
||||
- libasound2
|
||||
- matchbox-window-manager
|
||||
|
||||
- name: Configure xrdp.ini
|
||||
template: src=xrdp.ini.j2 dest=/etc/xrdp/xrdp.ini
|
||||
notify: Restart xrdp
|
||||
|
||||
- name: Configure sesman.ini
|
||||
template: src=sesman.ini.j2 dest=/etc/xrdp/sesman.ini
|
||||
notify: Restart xrdp
|
||||
|
||||
- name: Create xrdp directory
|
||||
file: path=/usr/local/share/xrdp/ state=directory mode=0755 owner=root group=root
|
||||
|
||||
- name: Copy Binary Kitchen Logo
|
||||
copy: src={{ xrdp_ls_logo_filename }} dest=/usr/local/share/xrdp/{{ xrdp_ls_logo_filename }}
|
||||
notify: Restart xrdp
|
|
@ -1,5 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
export WINEPREFIX=~/.wine32
|
||||
xfwm4 &
|
||||
exec wine "/home/{{ xrdp_applications.Estlcam.user }}/.wine32/drive_c/Program Files/Estlcam11/Estlcam.exe"
|
|
@ -1,4 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
matchbox-window-manager &
|
||||
exec /home/{{ xrdp_applications.LightBurn.user }}/.local/share/LightBurn/LightBurn
|
|
@ -1,115 +0,0 @@
|
|||
{{ ansible_managed | comment(decoration = '; ') }}
|
||||
|
||||
;; See `man 5 sesman.ini` for details
|
||||
|
||||
[Globals]
|
||||
ListenAddress=127.0.0.1
|
||||
ListenPort=3350
|
||||
EnableUserWindowManager=true
|
||||
; Give in relative path to user's home directory
|
||||
UserWindowManager=startwm.sh
|
||||
; Give in full path or relative path to /etc/xrdp
|
||||
DefaultWindowManager=startwm.sh
|
||||
; Give in full path or relative path to /etc/xrdp
|
||||
ReconnectScript=reconnectwm.sh
|
||||
|
||||
[Security]
|
||||
AllowRootLogin=true
|
||||
MaxLoginRetry=4
|
||||
TerminalServerUsers=tsusers
|
||||
TerminalServerAdmins=tsadmins
|
||||
; When AlwaysGroupCheck=false access will be permitted
|
||||
; if the group TerminalServerUsers is not defined.
|
||||
AlwaysGroupCheck=false
|
||||
; When RestrictOutboundClipboard=true clipboard from the
|
||||
; server is not pushed to the client.
|
||||
RestrictOutboundClipboard=false
|
||||
|
||||
[Sessions]
|
||||
;; X11DisplayOffset - x11 display number offset
|
||||
; Type: integer
|
||||
; Default: 10
|
||||
X11DisplayOffset=10
|
||||
|
||||
;; MaxSessions - maximum number of connections to an xrdp server
|
||||
; Type: integer
|
||||
; Default: 0
|
||||
MaxSessions={{ xrdp_maxsessions }}
|
||||
|
||||
;; KillDisconnected - kill disconnected sessions
|
||||
; Type: boolean
|
||||
; Default: false
|
||||
; if 1, true, or yes, kill session after 60 seconds
|
||||
KillDisconnected={{ xrdp_killdisconnected }}
|
||||
|
||||
;; DisconnectedTimeLimit - when to kill idle sessions
|
||||
; Type: integer
|
||||
; Default: 0
|
||||
; if not zero, the seconds before a disconnected session is killed
|
||||
; min 60 seconds
|
||||
DisconnectedTimeLimit=0
|
||||
|
||||
;; IdleTimeLimit (specify in second) - wait before disconnect idle sessions
|
||||
; Type: integer
|
||||
; Default: 0
|
||||
; Set to 0 to disable idle disconnection.
|
||||
IdleTimeLimit=0
|
||||
|
||||
;; Policy - session allocation policy
|
||||
; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
|
||||
; Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize>
|
||||
; "UBD" session per <User,BitPerPixel,DisplaySize>
|
||||
; "UBI" session per <User,BitPerPixel,IPAddr>
|
||||
; "UBC" session per <User,BitPerPixel,Connection>
|
||||
; "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr>
|
||||
; "UBDC" session per <User,BitPerPixel,DisplaySize,Connection>
|
||||
Policy={{ xrdp_policy }}
|
||||
|
||||
[Logging]
|
||||
LogFile=xrdp-sesman.log
|
||||
LogLevel=DEBUG
|
||||
EnableSyslog=1
|
||||
SyslogLevel=DEBUG
|
||||
|
||||
;
|
||||
; Session definitions - startup command-line parameters for each session type
|
||||
;
|
||||
|
||||
[Xorg]
|
||||
; Specify the path of non-suid Xorg executable. It might differ depending
|
||||
; on your distribution and version. The typical path is shown as follows:
|
||||
;
|
||||
; Fedora 26 or later : param=/usr/libexec/Xorg
|
||||
; Debian 9 or later : param=/usr/lib/xorg/Xorg
|
||||
; Ubuntu 16.04 or later : param=/usr/lib/xorg/Xorg
|
||||
; Arch Linux : param=/usr/lib/xorg-server/Xorg
|
||||
; CentOS 7 : param=/usr/bin/Xorg or param=Xorg
|
||||
;
|
||||
param=/usr/lib/xorg/Xorg
|
||||
; Leave the rest paramaters as-is unless you understand what will happen.
|
||||
param=-config
|
||||
param=xrdp/xorg.conf
|
||||
param=-noreset
|
||||
param=-nolisten
|
||||
param=tcp
|
||||
param=-logfile
|
||||
param=.xorgxrdp.%s.log
|
||||
|
||||
[Xvnc]
|
||||
param=Xvnc
|
||||
param=-bs
|
||||
param=-nolisten
|
||||
param=tcp
|
||||
param=-localhost
|
||||
param=-dpi
|
||||
param=96
|
||||
|
||||
[Chansrv]
|
||||
; drive redirection, defaults to xrdp_client if not set
|
||||
FuseMountName=thinclient_drives
|
||||
; this value allows only the user to acess their own mapped drives.
|
||||
; Make this more permissive (e.g. 022) if required.
|
||||
FileUmask=077
|
||||
|
||||
[SessionVariables]
|
||||
PULSE_SCRIPT=/etc/xrdp/pulse/default.pa
|
|
@ -1,4 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
matchbox-window-manager &
|
||||
exec /home/{{ xrdp_applications.Slicer.user }}/PrusaSlicer-{{ xrdp_applications.Slicer.version }}.AppImage
|
|
@ -1,252 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
#
|
||||
# Sample configuration file for the Samba suite for Debian GNU/Linux.
|
||||
#
|
||||
#
|
||||
# This is the main Samba configuration file. You should read the
|
||||
# smb.conf(5) manual page in order to understand the options listed
|
||||
# here. Samba has a huge number of configurable options most of which
|
||||
# are not shown in this example
|
||||
#
|
||||
# Some options that are often worth tuning have been included as
|
||||
# commented-out examples in this file.
|
||||
# - When such options are commented with ";", the proposed setting
|
||||
# differs from the default Samba behaviour
|
||||
# - When commented with "#", the proposed setting is the default
|
||||
# behaviour of Samba but the option is considered important
|
||||
# enough to be mentioned here
|
||||
#
|
||||
# NOTE: Whenever you modify this file you should run the command
|
||||
# "testparm" to check that you have not made any basic syntactic
|
||||
# errors.
|
||||
|
||||
#======================= Global Settings =======================
|
||||
|
||||
[global]
|
||||
|
||||
## Browsing/Identification ###
|
||||
|
||||
# Change this to the workgroup/NT-domain name your Samba server will part of
|
||||
workgroup = WORKGROUP
|
||||
|
||||
#### Networking ####
|
||||
|
||||
# The specific set of interfaces / networks to bind to
|
||||
# This can be either the interface name or an IP address/netmask;
|
||||
# interface names are normally preferred
|
||||
; interfaces = 127.0.0.0/8 eth0
|
||||
|
||||
# Only bind to the named interfaces and/or networks; you must use the
|
||||
# 'interfaces' option above to use this.
|
||||
# It is recommended that you enable this feature if your Samba machine is
|
||||
# not protected by a firewall or is a firewall itself. However, this
|
||||
# option cannot handle dynamic or non-broadcast interfaces correctly.
|
||||
; bind interfaces only = yes
|
||||
|
||||
|
||||
|
||||
#### Debugging/Accounting ####
|
||||
|
||||
# This tells Samba to use a separate log file for each machine
|
||||
# that connects
|
||||
log file = /var/log/samba/log.%m
|
||||
|
||||
# Cap the size of the individual log files (in KiB).
|
||||
max log size = 1000
|
||||
|
||||
# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
|
||||
# Append syslog@1 if you want important messages to be sent to syslog too.
|
||||
logging = file
|
||||
|
||||
# Do something sensible when Samba crashes: mail the admin a backtrace
|
||||
panic action = /usr/share/samba/panic-action %d
|
||||
|
||||
|
||||
####### Authentication #######
|
||||
|
||||
# Server role. Defines in which mode Samba will operate. Possible
|
||||
# values are "standalone server", "member server", "classic primary
|
||||
# domain controller", "classic backup domain controller", "active
|
||||
# directory domain controller".
|
||||
#
|
||||
# Most people will want "standalone server" or "member server".
|
||||
# Running as "active directory domain controller" will require first
|
||||
# running "samba-tool domain provision" to wipe databases and create a
|
||||
# new domain.
|
||||
server role = standalone server
|
||||
|
||||
obey pam restrictions = yes
|
||||
|
||||
# This boolean parameter controls whether Samba attempts to sync the Unix
|
||||
# password with the SMB password when the encrypted SMB password in the
|
||||
# passdb is changed.
|
||||
unix password sync = yes
|
||||
|
||||
# For Unix password sync to work on a Debian GNU/Linux system, the following
|
||||
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
|
||||
# sending the correct chat script for the passwd program in Debian Sarge).
|
||||
passwd program = /usr/bin/passwd %u
|
||||
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
|
||||
|
||||
# This boolean controls whether PAM will be used for password changes
|
||||
# when requested by an SMB client instead of the program listed in
|
||||
# 'passwd program'. The default is 'no'.
|
||||
pam password change = yes
|
||||
|
||||
# This option controls how unsuccessful authentication attempts are mapped
|
||||
# to anonymous connections
|
||||
map to guest = bad user
|
||||
|
||||
########## Domains ###########
|
||||
|
||||
#
|
||||
# The following settings only takes effect if 'server role = classic
|
||||
# primary domain controller', 'server role = classic backup domain controller'
|
||||
# or 'domain logons' is set
|
||||
#
|
||||
|
||||
# It specifies the location of the user's
|
||||
# profile directory from the client point of view) The following
|
||||
# required a [profiles] share to be setup on the samba server (see
|
||||
# below)
|
||||
; logon path = \\%N\profiles\%U
|
||||
# Another common choice is storing the profile in the user's home directory
|
||||
# (this is Samba's default)
|
||||
# logon path = \\%N\%U\profile
|
||||
|
||||
# The following setting only takes effect if 'domain logons' is set
|
||||
# It specifies the location of a user's home directory (from the client
|
||||
# point of view)
|
||||
; logon drive = H:
|
||||
# logon home = \\%N\%U
|
||||
|
||||
# The following setting only takes effect if 'domain logons' is set
|
||||
# It specifies the script to run during logon. The script must be stored
|
||||
# in the [netlogon] share
|
||||
# NOTE: Must be store in 'DOS' file format convention
|
||||
; logon script = logon.cmd
|
||||
|
||||
# This allows Unix users to be created on the domain controller via the SAMR
|
||||
# RPC pipe. The example command creates a user account with a disabled Unix
|
||||
# password; please adapt to your needs
|
||||
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
|
||||
|
||||
# This allows machine accounts to be created on the domain controller via the
|
||||
# SAMR RPC pipe.
|
||||
# The following assumes a "machines" group exists on the system
|
||||
; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
|
||||
|
||||
# This allows Unix groups to be created on the domain controller via the SAMR
|
||||
# RPC pipe.
|
||||
; add group script = /usr/sbin/addgroup --force-badname %g
|
||||
|
||||
############ Misc ############
|
||||
|
||||
# Using the following line enables you to customise your configuration
|
||||
# on a per machine basis. The %m gets replaced with the netbios name
|
||||
# of the machine that is connecting
|
||||
; include = /home/samba/etc/smb.conf.%m
|
||||
|
||||
# Some defaults for winbind (make sure you're not using the ranges
|
||||
# for something else.)
|
||||
; idmap config * : backend = tdb
|
||||
; idmap config * : range = 3000-7999
|
||||
; idmap config YOURDOMAINHERE : backend = tdb
|
||||
; idmap config YOURDOMAINHERE : range = 100000-999999
|
||||
; template shell = /bin/bash
|
||||
|
||||
# Setup usershare options to enable non-root users to share folders
|
||||
# with the net usershare command.
|
||||
|
||||
# Maximum number of usershare. 0 means that usershare is disabled.
|
||||
# usershare max shares = 100
|
||||
|
||||
# Allow users who've been granted usershare privileges to create
|
||||
# public shares, not just authenticated ones
|
||||
usershare allow guests = yes
|
||||
|
||||
#======================= Share Definitions =======================
|
||||
|
||||
;[homes]
|
||||
; comment = Home Directories
|
||||
; browseable = no
|
||||
|
||||
# By default, the home directories are exported read-only. Change the
|
||||
# next parameter to 'no' if you want to be able to write to them.
|
||||
; read only = yes
|
||||
|
||||
# File creation mask is set to 0700 for security reasons. If you want to
|
||||
# create files with group=rw permissions, set next parameter to 0775.
|
||||
; create mask = 0700
|
||||
|
||||
# Directory creation mask is set to 0700 for security reasons. If you want to
|
||||
# create dirs. with group=rw permissions, set next parameter to 0775.
|
||||
; directory mask = 0700
|
||||
|
||||
# By default, \\server\username shares can be connected to by anyone
|
||||
# with access to the samba server.
|
||||
# The following parameter makes sure that only "username" can connect
|
||||
# to \\server\username
|
||||
# This might need tweaking when using external authentication schemes
|
||||
; valid users = %S
|
||||
|
||||
# Un-comment the following and create the netlogon directory for Domain Logons
|
||||
# (you need to configure Samba to act as a domain controller too.)
|
||||
;[netlogon]
|
||||
; comment = Network Logon Service
|
||||
; path = /home/samba/netlogon
|
||||
; guest ok = yes
|
||||
; read only = yes
|
||||
|
||||
# Un-comment the following and create the profiles directory to store
|
||||
# users profiles (see the "logon path" option above)
|
||||
# (you need to configure Samba to act as a domain controller too.)
|
||||
# The path below should be writable by all users so that their
|
||||
# profile directory may be created the first time they log on
|
||||
;[profiles]
|
||||
; comment = Users profiles
|
||||
; path = /home/samba/profiles
|
||||
; guest ok = no
|
||||
; browseable = no
|
||||
; create mask = 0600
|
||||
; directory mask = 0700
|
||||
|
||||
;[printers]
|
||||
; comment = All Printers
|
||||
; browseable = no
|
||||
; path = /var/spool/samba
|
||||
; printable = yes
|
||||
; guest ok = no
|
||||
; read only = yes
|
||||
; create mask = 0700
|
||||
|
||||
# Windows clients look for this share name as a source of downloadable
|
||||
# printer drivers
|
||||
;[print$]
|
||||
; comment = Printer Drivers
|
||||
; path = /var/lib/samba/printers
|
||||
; browseable = yes
|
||||
; read only = yes
|
||||
; guest ok = no
|
||||
# Uncomment to allow remote administration of Windows print drivers.
|
||||
# You may need to replace 'lpadmin' with the name of the group your
|
||||
# admin users are members of.
|
||||
# Please note that you also need to set appropriate Unix permissions
|
||||
# to the drivers directory for these users to have write rights in it
|
||||
; write list = root, @lpadmin
|
||||
|
||||
{% for app, config in xrdp_applications.items() %}
|
||||
# {{ app}} share
|
||||
[{{ app | lower }}]
|
||||
comment = {{ app }} data folder
|
||||
path = /home/{{ config.user }}/data
|
||||
browseable = yes
|
||||
read only = no
|
||||
guest ok = yes
|
||||
create mask = 0600
|
||||
directory mask = 0700
|
||||
force user = {{ config.user }}
|
||||
hide dot files = yes
|
||||
|
||||
{% endfor %}
|
|
@ -1,7 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for app, config in xrdp_applications.items() %}
|
||||
xhost si:localuser:{{ config.user }}
|
||||
{% endfor %}
|
||||
xfwm4 &
|
||||
exec xterm
|
|
@ -1,241 +0,0 @@
|
|||
{{ ansible_managed | comment(decoration = '; ') }}
|
||||
|
||||
[Globals]
|
||||
; xrdp.ini file version number
|
||||
ini_version=1
|
||||
|
||||
; fork a new process for each incoming connection
|
||||
fork=true
|
||||
|
||||
; ports to listen on, number alone means listen on all interfaces
|
||||
; 0.0.0.0 or :: if ipv6 is configured
|
||||
; space between multiple occurrences
|
||||
;
|
||||
; Examples:
|
||||
; port=3389
|
||||
; port=unix://./tmp/xrdp.socket
|
||||
; port=tcp://.:3389 127.0.0.1:3389
|
||||
; port=tcp://:3389 *:3389
|
||||
; port=tcp://<any ipv4 format addr>:3389 192.168.1.1:3389
|
||||
; port=tcp6://.:3389 ::1:3389
|
||||
; port=tcp6://:3389 *:3389
|
||||
; port=tcp6://{<any ipv6 format addr>}:3389 {FC00:0:0:0:0:0:0:1}:3389
|
||||
; port=vsock://<cid>:<port>
|
||||
port=3389
|
||||
|
||||
; 'port' above should be connected to with vsock instead of tcp
|
||||
; use this only with number alone in port above
|
||||
; prefer use vsock://<cid>:<port> above
|
||||
use_vsock=false
|
||||
|
||||
; regulate if the listening socket use socket option tcp_nodelay
|
||||
; no buffering will be performed in the TCP stack
|
||||
tcp_nodelay=true
|
||||
|
||||
; regulate if the listening socket use socket option keepalive
|
||||
; if the network connection disappear without close messages the connection will be closed
|
||||
tcp_keepalive=true
|
||||
|
||||
; set tcp send/recv buffer (for experts)
|
||||
#tcp_send_buffer_bytes=32768
|
||||
#tcp_recv_buffer_bytes=32768
|
||||
|
||||
; security layer can be 'tls', 'rdp' or 'negotiate'
|
||||
; for client compatible layer
|
||||
security_layer=negotiate
|
||||
|
||||
; minimum security level allowed for client for classic RDP encryption
|
||||
; use tls_ciphers to configure TLS encryption
|
||||
; can be 'none', 'low', 'medium', 'high', 'fips'
|
||||
crypt_level=high
|
||||
|
||||
; X.509 certificate and private key
|
||||
; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
|
||||
; note this needs the user xrdp to be a member of the ssl-cert group, do with e.g.
|
||||
;$ sudo adduser xrdp ssl-cert
|
||||
certificate=
|
||||
key_file=
|
||||
|
||||
; set SSL protocols
|
||||
; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
|
||||
ssl_protocols=TLSv1.2, TLSv1.3
|
||||
; set TLS cipher suites
|
||||
#tls_ciphers=HIGH
|
||||
|
||||
; Section name to use for automatic login if the client sends username
|
||||
; and password. If empty, the domain name sent by the client is used.
|
||||
; If empty and no domain name is given, the first suitable section in
|
||||
; this file will be used.
|
||||
autorun=
|
||||
|
||||
allow_channels=true
|
||||
allow_multimon=true
|
||||
bitmap_cache=true
|
||||
bitmap_compression=true
|
||||
bulk_compression=true
|
||||
#hidelogwindow=true
|
||||
max_bpp=32
|
||||
new_cursors=true
|
||||
; fastpath - can be 'input', 'output', 'both', 'none'
|
||||
use_fastpath=both
|
||||
; when true, userid/password *must* be passed on cmd line
|
||||
#require_credentials=true
|
||||
; You can set the PAM error text in a gateway setup (MAX 256 chars)
|
||||
#pamerrortxt=change your password according to policy at http://url
|
||||
|
||||
;
|
||||
; colors used by windows in RGB format
|
||||
;
|
||||
blue=009cb5
|
||||
grey=dedede
|
||||
#black=000000
|
||||
#dark_grey=808080
|
||||
#blue=08246b
|
||||
#dark_blue=08246b
|
||||
#white=ffffff
|
||||
#red=ff0000
|
||||
#green=00ff00
|
||||
#background=626c72
|
||||
|
||||
;
|
||||
; configure login screen
|
||||
;
|
||||
|
||||
; Login Screen Window Title
|
||||
ls_title={{ xrdp_ls_title }}
|
||||
|
||||
; top level window background color in RGB format
|
||||
ls_top_window_bg_color={{ xrdp_ls_top_window_bg_color }}
|
||||
|
||||
; width and height of login screen
|
||||
ls_width={{ xrdp_ls_width }}
|
||||
ls_height={{ xrdp_ls_height }}
|
||||
|
||||
; login screen background color in RGB format
|
||||
ls_bg_color={{ xrdp_ls_bg_color }}
|
||||
|
||||
; optional background image filename (bmp format).
|
||||
#ls_background_image=
|
||||
|
||||
; logo
|
||||
; full path to bmp-file or file in shared folder
|
||||
ls_logo_filename=/usr/local/share/xrdp/{{ xrdp_ls_logo_filename }}
|
||||
ls_logo_x_pos={{ xrdp_ls_logo_x_pos }}
|
||||
ls_logo_y_pos={{ xrdp_ls_logo_y_pos }}
|
||||
|
||||
; for positioning labels such as username, password etc
|
||||
ls_label_x_pos={{ xrdp_ls_label_x_pos }}
|
||||
ls_label_width={{ xrdp_ls_label_width }}
|
||||
|
||||
; for positioning text and combo boxes next to above labels
|
||||
ls_input_x_pos={{ xrdp_ls_input_x_pos }}
|
||||
ls_input_width={{ xrdp_ls_input_width }}
|
||||
|
||||
; y pos for first label and combo box
|
||||
ls_input_y_pos={{ xrdp_ls_input_y_pos }}
|
||||
|
||||
; OK button
|
||||
ls_btn_ok_x_pos={{ xrdp_ls_btn_ok_x_pos }}
|
||||
ls_btn_ok_y_pos={{ xrdp_ls_btn_ok_y_pos }}
|
||||
ls_btn_ok_width=85
|
||||
ls_btn_ok_height=30
|
||||
|
||||
; Cancel button
|
||||
ls_btn_cancel_x_pos={{ xrdp_ls_btn_cancel_x_pos }}
|
||||
ls_btn_cancel_y_pos={{ xrdp_ls_btn_cancel_y_pos }}
|
||||
ls_btn_cancel_width=85
|
||||
ls_btn_cancel_height=30
|
||||
|
||||
[Logging]
|
||||
LogFile=xrdp.log
|
||||
LogLevel=DEBUG
|
||||
EnableSyslog=true
|
||||
SyslogLevel=DEBUG
|
||||
; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug
|
||||
|
||||
[Channels]
|
||||
; Channel names not listed here will be blocked by XRDP.
|
||||
; You can block any channel by setting its value to false.
|
||||
; IMPORTANT! All channels are not supported in all use
|
||||
; cases even if you set all values to true.
|
||||
; You can override these settings on each session type
|
||||
; These settings are only used if allow_channels=true
|
||||
rdpdr=true
|
||||
rdpsnd=true
|
||||
drdynvc=true
|
||||
cliprdr=true
|
||||
rail=true
|
||||
xrdpvr=true
|
||||
tcutils=true
|
||||
|
||||
; for debugging xrdp, in section xrdp1, change port=-1 to this:
|
||||
#port=/tmp/.xrdp/xrdp_display_10
|
||||
|
||||
; for debugging xrdp, add following line to section xrdp1
|
||||
#chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210
|
||||
|
||||
|
||||
;
|
||||
; Session types
|
||||
;
|
||||
|
||||
; Some session types such as Xorg, X11rdp and Xvnc start a display server.
|
||||
; Startup command-line parameters for the display server are configured
|
||||
; in sesman.ini. See and configure also sesman.ini.
|
||||
{% for app, config in xrdp_applications.items() %}
|
||||
[{{ app }}]
|
||||
name={{ app }}
|
||||
lib=libxup.so
|
||||
username={{ config.user }}
|
||||
password={{ config.pass }}
|
||||
ip=127.0.0.1
|
||||
port=-1
|
||||
code=20
|
||||
|
||||
{% endfor %}
|
||||
[Xorg]
|
||||
name=Xorg
|
||||
lib=libxup.so
|
||||
username=ask
|
||||
password=ask
|
||||
ip=127.0.0.1
|
||||
port=-1
|
||||
code=20
|
||||
|
||||
#[Xvnc]
|
||||
#name=Xvnc
|
||||
#lib=libvnc.so
|
||||
#username=ask
|
||||
#password=ask
|
||||
#ip=127.0.0.1
|
||||
#port=-1
|
||||
##xserverbpp=24
|
||||
##delay_ms=2000
|
||||
|
||||
#[vnc-any]
|
||||
#name=vnc-any
|
||||
#lib=libvnc.so
|
||||
#ip=ask
|
||||
#port=ask5900
|
||||
#username=na
|
||||
#password=ask
|
||||
##pamusername=asksame
|
||||
##pampassword=asksame
|
||||
##pamsessionmng=127.0.0.1
|
||||
##delay_ms=2000
|
||||
|
||||
#[neutrinordp-any]
|
||||
#name=neutrinordp-any
|
||||
#lib=libxrdpneutrinordp.so
|
||||
#ip=ask
|
||||
#port=ask3389
|
||||
#username=ask
|
||||
#password=ask
|
||||
|
||||
; You can override the common channel settings for each session type
|
||||
#channel.rdpdr=true
|
||||
#channel.rdpsnd=true
|
||||
#channel.drdynvc=true
|
||||
#channel.cliprdr=true
|
||||
#channel.rail=true
|
||||
#channel.xrdpvr=true
|
14
site.yml
14
site.yml
|
@ -7,7 +7,7 @@
|
|||
- root_keys
|
||||
|
||||
- name: Setup unattended updates
|
||||
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, barium.binary-kitchen.net]
|
||||
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, ruthenium.binary-kitchen.net, barium.binary-kitchen.net]
|
||||
roles:
|
||||
- uau
|
||||
|
||||
|
@ -42,10 +42,10 @@
|
|||
roles:
|
||||
- netbox
|
||||
|
||||
- name: Setup XRDP host
|
||||
hosts: pancake.binary.kitchen
|
||||
- name: Setup SIP-DECT OMM
|
||||
hosts: knoedel.binary.kitchen
|
||||
roles:
|
||||
- xrdp_apphost
|
||||
- omm
|
||||
|
||||
- name: Setup drone runner
|
||||
hosts: bob.binary.kitchen
|
||||
|
@ -103,12 +103,8 @@
|
|||
- name: Setup matrix server
|
||||
hosts: sodium.binary-kitchen.net
|
||||
roles:
|
||||
- matrix
|
||||
|
||||
- name: Setup turn server
|
||||
hosts: magnesium.binary-kitchen.net
|
||||
roles:
|
||||
- coturn
|
||||
- matrix
|
||||
|
||||
- name: Setup jitsi server
|
||||
hosts: zirconium.binary-kitchen.net
|
||||
|
|
Loading…
Reference in New Issue
Block a user