diff --git a/inventories/chaosknoten/host_vars/ntfy.sops.yaml b/inventories/chaosknoten/host_vars/ntfy.sops.yaml index 2cb9b2a..a92f61c 100644 --- a/inventories/chaosknoten/host_vars/ntfy.sops.yaml +++ b/inventories/chaosknoten/host_vars/ntfy.sops.yaml @@ -1,13 +1,14 @@ secret__loki_chaos: ENC[AES256_GCM,data:LWFTOyER+m021ogmXYBrcr/2fUe3XuZhs5ho0KbM,iv:808LWnSUAPeclhsIgOyR6SutTvJGOu7mrGaVayo7v8M=,tag:f2WCPyUESfMiGDQ4Km5Dyw==,type:str] secret__metrics_chaos: ENC[AES256_GCM,data:lAepzCI4pwkF8KiGYzGnC4dPASdHDn+LfbJTFSvt,iv:EUW+CGeYUqhY4G1kb2bbU16j9iLwABHfRCdn2vac5gY=,tag:IcyscB9lZuZgC04XTxDb5w==,type:str] +secret__ntfy_web_push_private_key: ENC[AES256_GCM,data:YqNEYa1Ln3NFpNoIuBUN1V/WRzod5HAtYueBJYHOwyM59cCaYhQR1S9aQg==,iv:t8bEs5ZAEe6pqbbOb0mpJdfgruX1P9Jd+sbNurGqkng=,tag:Cdy5HKkvb55V6AeRt+MVHg==,type:str] ntfy: user: admin: ENC[AES256_GCM,data:kwGLrQXBiqKRoHkStGzYiC0fbcGgQHdZrrk9NyZtcZcI4nrKTGx1sxrHOMI=,iv:ACrBFMOP6rkfshOgB+a32TFWH1OKhQaoHcYgwHx+tao=,tag:2QTWmH/vAzIWAjaOHOkrXg==,type:str] uwrite: ENC[AES256_GCM,data:Jijz+zCPpzSaIEo0xhicKlMhWSewJNJ9GXJGYuohq1E=,iv:gnjEX3N0txcBIkJm5bOs4JfKVsdi5URgoMAmquCMqKQ=,tag:Fip0hA52NeaMODb9XxjInQ==,type:str] uread: ENC[AES256_GCM,data:ZODLyYx15c/rPzKexoLURwA=,iv:WqUrXexY/RBAseUwiLPBVYpA5zqJeYBW8mmcvPvjtyI=,tag:SjB4OaTgIaVKHDe4JjDN3Q==,type:str] sops: - lastmodified: "2025-06-02T16:34:49Z" - mac: ENC[AES256_GCM,data:C74LONrD83loeeJpdtwd4qW9tB+hJM5B3/gJ+uNNYh0exBjmXd9bxE17gL0nLxLW8U8iHk5vUDYj55EYtrfL5YABogYKuhBSvibxrjo5ejr0UsO3ecGD6Bd9JIjoW1lv7hIAnEUqy1J25PxklO06gTGjUB61IxDQh2Ner1Cunps=,iv:0ZOZeF7pg4Pi6pD305BlJl7V46BOc5l7Eg0oHYlYK8s=,tag:GtAfyAwqWrZs1IYKhbzN0A==,type:str] + lastmodified: "2025-06-12T17:19:27Z" + mac: ENC[AES256_GCM,data:mlJuYT16bx9nEFw9IRm/Tf1y0HF1aVzx8BXhf0VKWkrBQCyzx/qbjIBXIXl22wzMrz/KCZ/diNRx0Wdq2J2u3n92NQtziiDZKwK+t/zz68+cCZAgktmO0vYc+BJ5GoJPuSmeMwHkaJqt3zYGQNzOJAYK9DPrK2AIbo+O21FgtvM=,iv:c5AmWi89ZLR00LqG+bKnbW3WfmIYsyz0X9A5r91Rar0=,tag:x3vf2WTu7naRdwQbKfrJCA==,type:str] pgp: - created_at: "2025-06-01T21:41:02Z" enc: |- diff --git a/inventories/chaosknoten/host_vars/ntfy.yaml b/inventories/chaosknoten/host_vars/ntfy.yaml index 23c208b..9dc1b2b 100644 --- a/inventories/chaosknoten/host_vars/ntfy.yaml +++ b/inventories/chaosknoten/host_vars/ntfy.yaml @@ -1,7 +1,7 @@ docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2') }}" docker_compose__configuration_files: - name: server.yml - content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml') }}" + content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml.j2') }}" certbot__version_spec: "" certbot__acme_account_email_address: le-admin@hamburg.ccc.de diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 index 8d29b43..50cb947 100644 --- a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 @@ -75,7 +75,7 @@ receivers: - name: "email-fux-critical" email_configs: - send_resolved: true - to: "fux@zimdahl.org,stb@lassitu.de" + to: "stb@lassitu.de" from: "alert-manager@hamburg.ccc.de" smarthost: "cow.hamburg.ccc.de:587" auth_username: "alert-manager@hamburg.ccc.de" diff --git a/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf index 4c39fbc..e2bf4a7 100644 --- a/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf +++ b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf @@ -14,11 +14,14 @@ server { deny all; + server_name loki.hamburg.ccc.de; + listen [::]:50051 ssl; listen 172.31.17.145:50051 ssl; + http2 on; - server_name loki.hamburg.ccc.de; + client_body_buffer_size 512k; ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem; @@ -53,11 +56,14 @@ server { allow 2a07:c481:1::/48; deny all; + server_name loki.hamburg.ccc.de; + listen [::]:443 ssl; listen 172.31.17.145:443 ssl; + http2 on; - server_name loki.hamburg.ccc.de; + client_body_buffer_size 512k; ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem; diff --git a/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf index bcfc428..2c52523 100644 --- a/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf +++ b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf @@ -15,13 +15,13 @@ server { allow 2a07:c481:0:1::/64; deny all; + server_name metrics.hamburg.ccc.de; + listen [::]:443 ssl; listen 172.31.17.145:443 ssl; http2 on; - server_name metrics.hamburg.ccc.de; - - client_body_buffer_size 32k; + client_body_buffer_size 512k; ssl_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/metrics.hamburg.ccc.de/privkey.pem; diff --git a/resources/chaosknoten/ntfy/docker_compose/server.yaml b/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2 similarity index 52% rename from resources/chaosknoten/ntfy/docker_compose/server.yaml rename to resources/chaosknoten/ntfy/docker_compose/server.yaml.j2 index a58e931..35b03ff 100644 --- a/resources/chaosknoten/ntfy/docker_compose/server.yaml +++ b/resources/chaosknoten/ntfy/docker_compose/server.yaml.j2 @@ -7,3 +7,7 @@ cache-file: "/var/cache/ntfy/cache.db" attachment-cache-dir: "/var/cache/ntfy/attachments" auth-default-access: "deny-all" auth-file: "/var/lib/ntfy/user.db" +web-push-public-key: "BCx7PqDiVNlOiAHHfSxjbTle_LN4hetwHYi58GJhQxiY33AQ663IaJVro7B28j-1KOqwdzKco3dMMwzBJl9OQ90" +web-push-private-key: {{ secret__ntfy_web_push_private_key }} +web-push-file: "/var/cache/ntfy/webpush.db" +web-push-email-address: "mailto:noc@lists.hamburg.ccc.de"