CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 0
Code Issues4 Pull requests1 Wiki Activity Actions

grafana dinge versuchen

Browse source
This commit is contained in:
chris 2025-06-12 19:20:03 +02:00
commit 2cb9dc6dae
Signed by: c6ristian
SSH key fingerprint: SHA256:B3m+yzpaxGXSEcDBpPHfvza/DNC0wuX+CKMeGq8wgak
6 changed files with 20 additions and 9 deletions
inventories/chaosknoten/host_vars
ntfy.sops.yamlntfy.yaml
resources/chaosknoten
grafana
docker_compose
alertmanager.yaml.j2
nginx
loki.hamburg.ccc.de.confmetrics.hamburg.ccc.de.conf
ntfy/docker_compose
server.yaml.j2

5
inventories/chaosknoten/host_vars/ntfy.sops.yaml
View file

@ -1,13 +1,14 @@
secret__loki_chaos: ENC[AES256_GCM,data:LWFTOyER+m021ogmXYBrcr/2fUe3XuZhs5ho0KbM,iv:808LWnSUAPeclhsIgOyR6SutTvJGOu7mrGaVayo7v8M=,tag:f2WCPyUESfMiGDQ4Km5Dyw==,type:str] secret__loki_chaos: ENC[AES256_GCM,data:LWFTOyER+m021ogmXYBrcr/2fUe3XuZhs5ho0KbM,iv:808LWnSUAPeclhsIgOyR6SutTvJGOu7mrGaVayo7v8M=,tag:f2WCPyUESfMiGDQ4Km5Dyw==,type:str]
secret__metrics_chaos: ENC[AES256_GCM,data:lAepzCI4pwkF8KiGYzGnC4dPASdHDn+LfbJTFSvt,iv:EUW+CGeYUqhY4G1kb2bbU16j9iLwABHfRCdn2vac5gY=,tag:IcyscB9lZuZgC04XTxDb5w==,type:str] secret__metrics_chaos: ENC[AES256_GCM,data:lAepzCI4pwkF8KiGYzGnC4dPASdHDn+LfbJTFSvt,iv:EUW+CGeYUqhY4G1kb2bbU16j9iLwABHfRCdn2vac5gY=,tag:IcyscB9lZuZgC04XTxDb5w==,type:str]
secret__ntfy_web_push_private_key: ENC[AES256_GCM,data:YqNEYa1Ln3NFpNoIuBUN1V/WRzod5HAtYueBJYHOwyM59cCaYhQR1S9aQg==,iv:t8bEs5ZAEe6pqbbOb0mpJdfgruX1P9Jd+sbNurGqkng=,tag:Cdy5HKkvb55V6AeRt+MVHg==,type:str]
ntfy: ntfy:
user: user:
admin: ENC[AES256_GCM,data:kwGLrQXBiqKRoHkStGzYiC0fbcGgQHdZrrk9NyZtcZcI4nrKTGx1sxrHOMI=,iv:ACrBFMOP6rkfshOgB+a32TFWH1OKhQaoHcYgwHx+tao=,tag:2QTWmH/vAzIWAjaOHOkrXg==,type:str] admin: ENC[AES256_GCM,data:kwGLrQXBiqKRoHkStGzYiC0fbcGgQHdZrrk9NyZtcZcI4nrKTGx1sxrHOMI=,iv:ACrBFMOP6rkfshOgB+a32TFWH1OKhQaoHcYgwHx+tao=,tag:2QTWmH/vAzIWAjaOHOkrXg==,type:str]
uwrite: ENC[AES256_GCM,data:Jijz+zCPpzSaIEo0xhicKlMhWSewJNJ9GXJGYuohq1E=,iv:gnjEX3N0txcBIkJm5bOs4JfKVsdi5URgoMAmquCMqKQ=,tag:Fip0hA52NeaMODb9XxjInQ==,type:str] uwrite: ENC[AES256_GCM,data:Jijz+zCPpzSaIEo0xhicKlMhWSewJNJ9GXJGYuohq1E=,iv:gnjEX3N0txcBIkJm5bOs4JfKVsdi5URgoMAmquCMqKQ=,tag:Fip0hA52NeaMODb9XxjInQ==,type:str]
uread: ENC[AES256_GCM,data:ZODLyYx15c/rPzKexoLURwA=,iv:WqUrXexY/RBAseUwiLPBVYpA5zqJeYBW8mmcvPvjtyI=,tag:SjB4OaTgIaVKHDe4JjDN3Q==,type:str] uread: ENC[AES256_GCM,data:ZODLyYx15c/rPzKexoLURwA=,iv:WqUrXexY/RBAseUwiLPBVYpA5zqJeYBW8mmcvPvjtyI=,tag:SjB4OaTgIaVKHDe4JjDN3Q==,type:str]
sops: sops:
lastmodified: "2025-06-02T16:34:49Z" lastmodified: "2025-06-12T17:19:27Z"
mac: ENC[AES256_GCM,data:C74LONrD83loeeJpdtwd4qW9tB+hJM5B3/gJ+uNNYh0exBjmXd9bxE17gL0nLxLW8U8iHk5vUDYj55EYtrfL5YABogYKuhBSvibxrjo5ejr0UsO3ecGD6Bd9JIjoW1lv7hIAnEUqy1J25PxklO06gTGjUB61IxDQh2Ner1Cunps=,iv:0ZOZeF7pg4Pi6pD305BlJl7V46BOc5l7Eg0oHYlYK8s=,tag:GtAfyAwqWrZs1IYKhbzN0A==,type:str] mac: ENC[AES256_GCM,data:mlJuYT16bx9nEFw9IRm/Tf1y0HF1aVzx8BXhf0VKWkrBQCyzx/qbjIBXIXl22wzMrz/KCZ/diNRx0Wdq2J2u3n92NQtziiDZKwK+t/zz68+cCZAgktmO0vYc+BJ5GoJPuSmeMwHkaJqt3zYGQNzOJAYK9DPrK2AIbo+O21FgtvM=,iv:c5AmWi89ZLR00LqG+bKnbW3WfmIYsyz0X9A5r91Rar0=,tag:x3vf2WTu7naRdwQbKfrJCA==,type:str]
pgp: pgp:
- created_at: "2025-06-01T21:41:02Z" - created_at: "2025-06-01T21:41:02Z"
enc: |- enc: |-

2
inventories/chaosknoten/host_vars/ntfy.yaml
View file

@ -1,7 +1,7 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2') }}" docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2') }}"
docker_compose__configuration_files: docker_compose__configuration_files:
- name: server.yml - name: server.yml
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml') }}" content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml.j2') }}"
certbot__version_spec: "" certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de certbot__acme_account_email_address: le-admin@hamburg.ccc.de

2
resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
View file

@ -75,7 +75,7 @@ receivers:
- name: "email-fux-critical" - name: "email-fux-critical"
email_configs: email_configs:
- send_resolved: true - send_resolved: true
to: "fux@zimdahl.org,stb@lassitu.de" to: "stb@lassitu.de"
from: "alert-manager@hamburg.ccc.de" from: "alert-manager@hamburg.ccc.de"
smarthost: "cow.hamburg.ccc.de:587" smarthost: "cow.hamburg.ccc.de:587"
auth_username: "alert-manager@hamburg.ccc.de" auth_username: "alert-manager@hamburg.ccc.de"

10
resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
View file

@ -14,11 +14,14 @@ server {
deny all; deny all;
server_name loki.hamburg.ccc.de;
listen [::]:50051 ssl; listen [::]:50051 ssl;
listen 172.31.17.145:50051 ssl; listen 172.31.17.145:50051 ssl;
http2 on; http2 on;
server_name loki.hamburg.ccc.de; client_body_buffer_size 512k;
ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem; ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;
@ -53,11 +56,14 @@ server {
allow 2a07:c481:1::/48; allow 2a07:c481:1::/48;
deny all; deny all;
server_name loki.hamburg.ccc.de;
listen [::]:443 ssl; listen [::]:443 ssl;
listen 172.31.17.145:443 ssl; listen 172.31.17.145:443 ssl;
http2 on; http2 on;
server_name loki.hamburg.ccc.de; client_body_buffer_size 512k;
ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem; ssl_certificate /etc/letsencrypt/live/loki.hamburg.ccc.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/loki.hamburg.ccc.de/privkey.pem;

6
resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
View file

@ -15,13 +15,13 @@ server {
allow 2a07:c481:0:1::/64; allow 2a07:c481:0:1::/64;
deny all; deny all;
server_name metrics.hamburg.ccc.de;
listen [::]:443 ssl; listen [::]:443 ssl;
listen 172.31.17.145:443 ssl; listen 172.31.17.145:443 ssl;
http2 on; http2 on;
server_name metrics.hamburg.ccc.de; client_body_buffer_size 512k;
client_body_buffer_size 32k;
ssl_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/fullchain.pem; ssl_certificate /etc/letsencrypt/live/metrics.hamburg.ccc.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/metrics.hamburg.ccc.de/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/metrics.hamburg.ccc.de/privkey.pem;

4
resources/chaosknoten/ntfy/docker_compose/server.yaml → resources/chaosknoten/ntfy/docker_compose/server.yaml.j2
View file

@ -7,3 +7,7 @@ cache-file: "/var/cache/ntfy/cache.db"
attachment-cache-dir: "/var/cache/ntfy/attachments" attachment-cache-dir: "/var/cache/ntfy/attachments"
auth-default-access: "deny-all" auth-default-access: "deny-all"
auth-file: "/var/lib/ntfy/user.db" auth-file: "/var/lib/ntfy/user.db"
web-push-public-key: "BCx7PqDiVNlOiAHHfSxjbTle_LN4hetwHYi58GJhQxiY33AQ663IaJVro7B28j-1KOqwdzKco3dMMwzBJl9OQ90"
web-push-private-key: {{ secret__ntfy_web_push_private_key }}
web-push-file: "/var/cache/ntfy/webpush.db"
web-push-email-address: "mailto:noc@lists.hamburg.ccc.de"