CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 1 Wiki Activity Actions

ntfy
Some checks failed
/ Ansible Lint (push) Failing after 2m3s
Details

Browse source
This commit is contained in:
chris 2025-06-02 00:29:02 +02:00
commit 6824bf5e4f
Signed by: c6ristian
SSH key fingerprint: SHA256:B3m+yzpaxGXSEcDBpPHfvza/DNC0wuX+CKMeGq8wgak
9 changed files with 370 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.sops.yaml
View file

@ -162,6 +162,21 @@ creation_rules:
- *admin_gpg_c6ristian
- *admin_gpg_lilly
- *admin_gpg_langoor
- path_regex: inventories/chaosknoten/host_vars/ntfy.*
key_groups:
- pgp:
- *admin_gpg_djerun
- *admin_gpg_stb
- *admin_gpg_jtbx
- *admin_gpg_yuri
- *admin_gpg_june
- *admin_gpg_haegar
- *admin_gpg_dario
- *admin_gpg_echtnurich
- *admin_gpg_max
- *admin_gpg_c6ristian
- *admin_gpg_lilly
- *admin_gpg_langoor
- path_regex: inventories/z9/host_vars/dooris.*
key_groups:
- pgp:

232
inventories/chaosknoten/host_vars/ntfy.sops.yaml Normal file
View file

@ -0,0 +1,232 @@
ntfy:
user:
admin: ENC[AES256_GCM,data:kwGLrQXBiqKRoHkStGzYiC0fbcGgQHdZrrk9NyZtcZcI4nrKTGx1sxrHOMI=,iv:ACrBFMOP6rkfshOgB+a32TFWH1OKhQaoHcYgwHx+tao=,tag:2QTWmH/vAzIWAjaOHOkrXg==,type:str]
fuxnoc: ENC[AES256_GCM,data:HVqo1GLaZfDi3ZfAxEJBudFZ+KooBaXk7fr6SsDBZr8=,iv:KziV5OXAtMABqWDPsTRdHM+Ibatp8p5UDoOBUdznx7Y=,tag:kmwSzjaJFBheQcs7181+Jw==,type:str]
sops:
lastmodified: "2025-06-01T21:43:36Z"
mac: ENC[AES256_GCM,data:Ssv3QazPopQFN+6ZpoUuaDgVacFmv+VovkptUAybv3ia+03EQOTO5c6FtQf7o2n3M8J839LtOC6WDb34/0WK7aJZkrmnFAuqanJVjlQy5QUHvhSyhHO8/MQwPYnr2hVKHnVyHdKr9KJFilCCu2oP062a+U3eT8BVIeFGyVOqi9s=,iv:q4F5q5Q+6mtzzyYfqH1thNe2nV0eoS7fdoMUxKPNMz0=,tag:1cMSMILpcgFE84nOv+fSNQ==,type:str]
pgp:
- created_at: "2025-06-01T21:41:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtAQ/+Irbhincv0agRseJ3U03cW+YNHa4suynF5eSew3BsnY6h
+EevEAN2uz4JIRVSmXjBeNFPv3VtN1h5kxzmWXNHmZwFH4nNR+0w9a7zfUEa2E2W
2THwlZFZIPVgxRZIA1ntr88a97Bxy+M+gJDuazOq77YvNCAWLi46Iim4MxuHGqsT
jTJ6uSe039gKiKQapeS8PpXPNTfs0ORq+OHkN1NWtJ/FbePZquqfPYfdG3csLJIB
2O0To8jX5qKYZi9Z8Vx1EUMB2C0rT7tcteBAKs2KqYq5peWAK0JJefAuDbL0Fdb3
GOXnRcXKopLlLkCI8P9JZ60oW0HyyjaeuF2dvoErdqGSZEhH/RSkfYnTPoM3x03+
XwH6qBVFVlj3y9IRUJt9FAt634CHnFpTKGEZ7gEiNHazrIUiqF0VOEzI8zHELVdq
Yrx3daWBJLhMJAkv1Tgk4S0OSeK5BbJDa+UhjVgkbBjOJEvT0J0CXzaR6JVJqKNm
3mGBJtc7CVBMQGX7RQZ4r6J3a1vhElMycNZCy+4hTYZ9+KCtY1wPRjleYDfgoK0E
8WnsZ06phqEmmSThzB7bbCpf/5SQcxoWWUpdV22poHOEc/W0XoCy7zYXsoM2r7hP
JW6k/MTznJD3QnI0kOrfS44T51xkdapBUz9lFsh07nRKhi9TJJB8JXxNbCnbMhnS
XgF8vGN8Qulz2ljp6IM+LhoMPADm3hrQtEkJrXQxz1dpkZE4XHUk/tvgsDx8Kxco
z7/LzohXg/4MrvKtA8q4sl9oOMpv4B0H9pSMzdURk2vmgd96U4egiYpjXwqwBnY=
=3Fho
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-06-01T21:41:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ//Rh8YA6DUIBi6mjhixAd2eNCLPlQ5w/hRj991Q9uVCaBR
55JWyQQBbondn/1MEVb2PlaHH22+HPAbv4p33FD4pbimz5W0taBw3T6CmDdx1V+E
UmitZIRNdoirbe4ChFToUjZ31RQbS5pdxW3ATSJKn1pmR1/g5sBq5SThenm1nwvU
ahV71QfUrs7oqJAYHqmPIipbR1PP1QSVfyDNGUx6gIYxWS7dQPtcNkVhS1fdCl8b
Utg1MW/pCqQuw9nRsI+2rSEtYfYqiap5Mv31Ihznfvu/cH+uyeBeT8Xmr4/9qmvA
5WXJA/0qwd3S2+l6vcxBFgyoj9yFAYorTU200OBa1HBZGjQY+V9h9I4amYrj2SRC
1wgsNgFxuhUQaEDhPlD8kdSts8QY/ApYwJyHnpCW1FuzgMPY2w6CfDjr0Hv4JCtw
/Iuy5zbh3cNbgV8jlVn3J4v3yMtEZnsh7rEb+EbPuZmpTuZ8AIG+NqIiW/SBfELW
qSHN/Iv1zIl0BmcV2qAKfrsox4QIOESM/77ISrwOLQoPd01qefNsTp8PExtt+yzn
9MXNv0CHmpDA6u1ruIpub969T04tHu3oekZpM327glpCf5SoKVo+fYmEwB8IhIkW
NcNaQIeZ1P8jSjHM6XUAUfOHzzRMy0jqQVaz9kD/kHXCMfCJT5KfvKeSaJhCy7/S
XgEtCHT6VloJ2X9VxL695k5ugfyTsDYYDgteKuSD68cPbj2MnYS8uKD3VQh9/I/d
5OJN8fsvpkpQIltUh3DeCgRv7AF03Zdou7amrTl5MEaNBZxX5mBJrA/qOw3XAWg=
=mRNR
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-06-01T21:41:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJAQ//RXqm63AC3eWRV1cNDulWgCqZzThW1f/4o4xelGYxLQe0
cJuSqJmZoHsAItQ1GBIhyd/a+lcNt6Ym100RLlL6f5nPnHyk2pJNv/dPOpbs1b8b
+ulq2QBQEvvrzukmzXcqMGrjvJrzINB7U2L1uPBe0CTircMUR5J444LgOHC3VGnt
twBBgI5NQFcoZLADt8j73KEjfYzPJeaqHudhgU59h+cgPz+6N/v1fkG0vSQuzBuw
Tm+fk52t5X5qLWLyqrLtb4W8LdYN9D9TieRRlzjunYL8mISJikCQfpHroJkJWDjH
k4gaeVErauCOJWQ6Gp6aiYBtMehsHCh/8stGcnOgtyBpPh7o9FTTGcVR6j+qpijL
QYsjYfaH5aOU4JoUO5vq8wsBiVcOsP65CqeVFFLlvAVqZxPNzq3iBkBaWECLBfYy
QtIFRnRRznZQvTR0hjC0cw7vOpBGNwAcqnjPv9hQLPzdZyU2ViJjhwq/16alER9V
N2xFl6eKt/Mau5ZlX62lbq9eJLmR2Bqb+sL4rdMfRfl259kvGilBkCM7SMfkWnOq
z0do1+9FRzo8IC57WvYemzAS/pBfFH8o0Ey+PRSys03WC4YPW9XDnjSpRKEPpO8u
DbdhuKoVb19tAERzpZZKN2Rzuv68IpQ1vhEEP1BbsApoS0vlYIxcPSAVmSC1o7vS
XgE7yntjkVO+C8ciByubK1DGHZ/G5eXB/zkYQKj1w+bAmTJQ26DtHJa5/o7cXkk+
Ja3Qrc5Yp+W5MIV70+FHsDXNarpXSJbSPNf4nPKWsdFZGkauHks0o58T6D74LqQ=
=wHLh
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-06-01T21:41:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1AQ/+OAK/CpxVtW9HoLP1wJR589/JMdqJZqOxkySgAlm+z6RY
4knRz/0f5wdHSQyuvAYnq/M1K9BsBD34dFiqyvdTa0+G+bJUIkHDLkSTqM8IvGMb
48sCbGwW4Ghmxn5mjK3MwuGbGKxVujJWqwaRmOp6lgtRJdpKReFD68vtwTHa2qhh
ixnABbOTyN08Bf9pJ9cgoAQaVOcSja0E+yuPRlHUvM2hjbGNndbaiTtfq1hFn5qJ
VoakC+u6tcKEp31Y4plN1NTRf/ywZ8oMmT4TIf3kvFGwx/XKx2miIB9cUSMw/ojU
GrGNXjh4vfEaT0iIRtZ+H8FfuGnjFkU6qodLEIKlVmng8MU7ETGLErHjyNEJf2JT
OMnaajJxq8jXaY2SDoHsKETMgON1uwDDKW6NOBhaK+fW79W6z27uGnsN055vMTpV
kh1YJixyI3wIkr6bbfNHBdr6C8Tb4sY20zghvkQYBA2xCZSLOT0a5lX7GBTUp0uY
+hgxdfyQJi0P+4QPam28/b18lOZ25LC69YX8AtczQ4vHhIM+jQ+bzoNSoMpwcSm4
vZSSmMB0tX8W5O6yo6A/XLoktzyuzvMfZ2v3/6LbIWK0FKJzy5G9A9/xwnbCRulB
BJf+xzfwWt92pW7n3yVgjO+o48J1c2b71qAaMtukhPLNFSozgHlqv4vy5BD72pnS
XgGNEavqMxIRuRQtyDeeV0W5gdGCY/XUAjYxh4Ly51XJVCL1yZptYiFaWMuYEB3F
G3unTkE+YedYk2g/Wt4pR9lcgRLW4zRlOCtzwiE6JbAkp5NsQ6Tn/Q0UD1sTRsw=
=Y1YG
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-06-01T21:41:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA4HMJd/cQYrVARAAxtzsDYAMwB8WAUx0U3RnEkBHEeyMqNvLCgzz0oU73B0v
eUWzHUYrTYMyYxRMKO8vqKULBPhYOKbns0hzL8s6YjCnT08XwNXtYiuKm90FVQcz
4ARslyObb+0ayyfx9dd9+6aFCgyftgAZpctWCEWPhBLUIsKcsd/q+Q5hSNfhwp+1
IAfruNkBaCFD95A3apfsVd3E/clzXBXcNa9d2k7Te3LCduhD5Su9QUgqDvf5Je8o
WS1+Q8gih/+xTNR0avBfAZuSq24cqKyPg49KNRvfWq7drEZYYfUOdIMOJVZiBuRJ
y4HjNGgX+NIl/BDu4SpFQVFhDmv+kgIM0JxXF6p3Ap4hZAYicWRnn0StVJ5kaB6O
7l58NTu9aX7eLR4W2NuYLTwmssnA/hJd8i42YSYYD05siQIKICxkaLSTVztqf1vS
N4RNNZNle6gkBvceRkb+8FgzPmLL8BFPkUiAFJOr5BDShbXwN/UocBgVKIRsuQah
mIJ5uu++9oy5jaR/eeff5QcRxtpCasi/86qW9igCSOqKuHWOMz0RWJCRaJmhWY/m
5gvz0nNCqbnPOXwvbNiuAmFmhmhYs8AvEvqMPJR3DHUSy5U1Bqpx+Oeu4qK16alr
HxjnyyEoGLkTSfk22vN7wQZD+loQJlL9U8swQmZD+Y3pyPInCYrZotOwMBo6XazS
XgFRaZJlP0gC3tN83H0b1oC0eXBMagmEVkyhxMBwXCrGxl9BrcF7KGxP5GU7uqGm
nV0GU1UIJZAS2qrdf456Ou01E/5QbpTHac25/W7ZlPOhibqWbT9wV+ICYZfSMU0=
=07bf
-----END PGP MESSAGE-----
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
- created_at: "2025-06-01T21:41:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fAQ/5AcTObI2/IVj3lxv7G+p65eqtuexRmMCn/dsLOR3MBLkB
Pw6JFRUIsRAgDlpD0YI7CrqB3pisej5LemUmvB9vK9H+6IALSB5eKEMd/6MXiqlV
HDUw/pmZUP+X16GAsXDwvMNT1RQQuEnigTzaIo8ydDWdsgAMOs7JZ7KcF/k62x1k
UCqCnEZhxyKopNOtbLuVhpW8R1DnRIenm8v3tB85neVTXPBRcG8fJ5y3zqRwpIPX
pXUT2QI1fD6P+djMNJPFPcQdf1zz1xj02OuQQnKX68qh/VW4QJSF5e0firXSZ37n
dpsfQ7ROU6PfnvcXFZTPoR6b8oUgo7TxwOy4ERPqXbuM1UZm5zr0hj42IYQz1AZm
LlcB/AIs2MJDXgv7B2aLryZQGipBMmsASNbqyTVU+cA7f0km3hyta83RZsOw6MsX
wQjTQhx/lnCx3/dOJevEwBE6YgybKJAVIqscNAagAFuCtlbq5RjVYKRA3nRBGgjK
hDFQ0yWWl2UHYC4aIl05SIsoL2KVXEzIT1qayy4sGR/L3YmUx1OcZLiBZOvCRBYw
v/DX/Poz7C9g2jEPC9SV7IHXF7J1SI6aTOWcxrqpXVY45vbIW2qLQC/uJz3GTOaR
Om361FwXnJAYeCjOxIZXSlBy6JLEgBSjA+F9dDtwuTz3Bay1IhdNJ3Z55zzVI5rS
XgGJHreDweUIhIhoGBMiEuKb+d6UCQ9F6oiBulvO3zYTpqJNM2U10xllF5MEztWe
96Bai8OAPTkIR5UT2cpjodlye7+SvAabxvnUDdUqoL6+2jMtECUD5/VRzLEkrfU=
=w6pZ
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-06-01T21:41:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ/+Mj7CiCY2fpytnZIrwXUaSSTvEl4TkuJrgN10NXdhEiuB
MsIubs9q/dGvG+GLBTNIuRJzzQespRC0z7t38ylGNMvaLODUGpy7XvfDF6aiSzCG
hrGcWGPwWue2HnoyPBy4ObaZq+aB7FrGrNgxVS5p5sd7ovj/UKDu75G3DNXuQ9C6
AYgzETIGU6wtnJvp0EhqHQTaJ88dus+kiGpLVhMxDfGPhCAwOQ/2SYwI8R/uJTEh
qTCkNOYms5vV+DVGXCO1kfgqeQjgRj5vnMq0+2m3Twvfrj+EVNnRh2jrJbYypqRA
6rtRGUFQFrr7b0rugaB+H3FIRffjrFy56rnW6iMwwcvbsEpAx3K56hm347d+vH+8
AcuaD955skQ8WnopbBYzLHmajRZZgK74JwY4bmEILeg1s0+gZy7xTRWsYQQZfvTR
45Cq4wVR88QDNG23vVscABZIeV9WocSiCGlayo+LN+dOZdGpkhjnq76Qw/jfzd9A
h5UvMVsnHcvJMw1zo73cbdHlI6IS5oCuTLsVy/w62Ts6oTD2KsQSMyZ1E8QYQts5
ugZ7T1mRcHaB5LE8+hSIRi4Ck01gZUtApAdIXGwu76bSgspGfvINqOmuWpOd8+K4
uqXW0Wu5yEfYE+ypAmUY6sxfilXOV89PmJcIv56imZNEEnr9aK+u7rjqfX+41izS
XgHJhO78PVLoawWZ5x4tSw/Tjd3qabdr5dx4bQriUW1ghRJEt+X/2uDvYyMEQaxH
mM2c4FHpM/IyG3Td89JpHcbwVxktAm0fwjVswdILyyIz4bzht8+QsJHN+msL9OQ=
=xDlD
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-06-01T21:41:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ//XakvJ2IaEP1Ynaw0qYQYOEyIiQp8SJk9KReYHDpDNuqP
emdLwZDZSVP/QqpnPC0diJkZaTM7yaSYxRmiXTnFd0r8bEYLCL1A6GBFXIFlh+8M
PgOff8TRbUrLmgEtyrkv1PMjf8rX0A4iSPiuNFFL3ew7m/MBkITiPYq+8YcE8yTz
vgtNyuYfi59TbKai2fcas4IX3bF0HeGrhAkys0aa2iFlH/lJj4yd7NqTAsOsDbO4
1eplhf+IM8Rv0WND3UZCBNk29Em7S4yllFJpH4E9xS9noWqTEyMQ1qXeoq04BSry
dQ0evD1d7+gLacmV5+HQo5p80OhMSgYqrClGUJBO6eNsfE/hSc24MDjAB3rs6xFb
wGvzMWekWqosN0eXmU8Iy38bFeT8CWbAvCA9BJomwfDMbgE6MOjNo4PURZYQ0EMf
oMSRcTku3vTVidOumQS2a9qanNQW1dLTVigQvHnByNTRjPxneo3IZFIvqBqYdt1e
UbEDbjlDBQzqLt1vPEHSoX7FlMT49HZUY49yLwp/VMUGrDscApdLYqLRp9gbgf1Q
gHkh60sGLUQgUQZ65L1BRJgIm3NFhkJAtONQnJq2iY5f/1ZPHlAQVqrBN9a7Hp01
efrdHCvNMDvoIZXTpC+y7cnvnmN4fGXaXA3Z1dJsmai36Ak83hgtMhC7s75FMtXS
XgGlZQUDAnkpily0mS/ZQ4IMLW2yzcBH1BkHsuHEmFWij344+6f1TlrhObMuFD+V
2E+A3Uux4SSl2RbpIfEcvZptVeVB17wutOuHrVXrn1sOm2+cT/k+Ousrrfrm4v0=
=j38o
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-06-01T21:41:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA4EEKdYEzV0pAQ/9EYMqHVt60BlFDSZXR+J0/hfnxutbvta0CPkAUslJIQS5
XiPcUeptVEmyLUz66bw17m1R4j4miDW8o+3JVQH3oU4YYQPUFHcY/kkSVU8yuWp5
e8KkSkVTOcUaAyiPNTY7YswOjWcHKs3B81eSJBAKGiS2y2SakK78fZMan5x6vUJd
s4O57hxZPrRXrps08zEiTC+uI8/Wl+5VvoSfllOAqwaohJpEOzt2A74aBz3cit9T
yBwHb8nhaZ17RYZ8DJtGyeekMlgM7vj6IGWUbxb38C+kJlY/15MDIKKWEApZ2/m2
VXwUR0aJcqD/oLFOnQO/fKTQM6QGnrgAQFF8Z6X2pZqIU9W6vxNHTGEzt6cn3igS
0Wvp0hRQEkfyYx94xPGm36/GM4Zqhz+W2YRo+z121/OO5PWBtMxLUT39/PKBDROw
BU/QLPl+l2nnLg80KQqcUw60HUXZIpR1p6KEQrmK7+jrDPIx45S1NI1RmNiMEv6y
h35boU1/0YymYKkt6nFyz/GvqD4qviCLimz6/21a606TaIx8LqZaLmZ3YdXk7yqD
XcHweJ1EBbhHkLYYCZsG4tNfJj9hBgVimOjjiCnr0lkzxKAPGdVghmPdwFLlYXIO
V+tAi9KKPK6SRdVBuCpzHZyg6JLiFGmUsmL/piSY5hXrvv8p4oQp/TI4S4Yblv7S
XgHt0Xy2jfYFUPedR0BMta5TqvaNjDh1qxAZepzbWRwiDjHiQ4gsAvjytUmiceIf
KJDhKQqUuaNYt7cBsNF9PgtSkD/ZuF4oTRFVqM6tr/JroxjSrGjg39T6lNtGo8o=
=v83W
-----END PGP MESSAGE-----
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
- created_at: "2025-06-01T21:41:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdASHcTIysPla95JELBmv3+guJ1Ehx4VGq/zp8NFcU/nG8w
+o04dzI96ZV58cNGG0GZOpoq83q0XbspKpnzMnJyNtlbsMpVXhVZgrneUYY4EwnB
0l4BNnrT5pIFX8+6dP7EytxWU2s1UTppVYgwELpWnWItZk+W0EgiK5f3V+x28nh6
psaXJSFsGOJaBJsitMv/GDyyOu7y+PKSKooY12GujdK4cgu5SZbzeq3iYcKAyQ8a
=TEyd
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-06-01T21:41:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdA/Y9Zxvac8WQmVo0KgX7LTs9c8GgtxOEMMUJ8QxP7RREw
NHIIMCpoidBtkB0RrLvObu23W4HO8/j4zrKV3dBmi3Z/6cdxbLMp3Kl6OK68UcCS
0lgBLF455STDbzpSuZA7fMgeexxpB6rctYJt1EbVZ4Gq5CMdXEilccr+wsAqA19N
NFrV1QL5nlk9/qxU6X4DUaLcJP3/MAUga3ODsBq/5goVMjyQddDpprQZ
=p6Oh
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-06-01T21:41:02Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+AQ//YkQT0gnE4CS9iPm7kB9H6zQ6655S3vspQ/ftbVkjDgbG
XUlCIZOqBWcY2M+JDCSHknUsj44F8Y3COlC8c2nSKO9sFDheaDPiSMqtJxXjbuee
gdpbvc9pjsnIdWP2HDgOTsAtX+/qjh4OACWVjqaJI6H+mDA2EaOpt/cp00G41v7e
XwTbvGgeW0nwxwPSS1UzHr5oVjwBlKdZXVqjuZT3tzi+YzqbSfQ1uWwWpS8flVDL
yCPTaD9OpYPq16ztNJoviF6+6eyTwQVfmJHq/3DlZrmhIIcd0wsx6HOt2g4RjW4d
T1mAuHkGkAbxcEU5TiHzIBMCAEHEH2s4TCs7VtdG2pdjm/Fq7oz2aIsVdwI7dg/k
wbOGoWDvbY8YqiWD1o6RDyhDySCkuewwsi58UTDFTC7V7CJWnTapMLcqenoNOzUJ
E+aM/kH8zHdTXpqpOeYwtKWX4FqE6UHYJkWhI7F4KzhyQ57N+98PRoPEfXoukjjb
JsBWBuJg0pwNrz7aRurCMvYpW29AXuL8WbceUxwZgB0P6ztGKdnU8NLhOZj2DkE/
OLz28t9HtpbAfOZ1cxMrNp0log0hJFXD7g4cRX2F/zWuVKuWn0vUvhQot2GuAuw8
DRG0DJGSQEHhyNjtNuLufGR6FETeC2CNnpeXxXZhqik1kXwSB/AompaKZbjJGb3S
XgHkuxjOS/a9iREdy+vW/evtGnh1uMUa5/phMU3VGKiCp5ozfuwaQ5gvVMrE80b9
loGh0l/S66CyIOO1eXBlqkH5FxsMcvVAHB1u8uEZ3T9Y9yh0ontnc3LDWUpPxls=
=2DaK
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.10.2

16
inventories/chaosknoten/host_vars/ntfy.yaml Normal file
View file

@ -0,0 +1,16 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2') }}"
docker_compose__configuration_files:
- name: server.yml
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/ntfy/docker_compose/server.yaml') }}"
certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains:
- "ntfy.hamburg.ccc.de"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
nginx__configurations:
- name: ntfy.hamburg.ccc.de
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf') }}"

9
inventories/chaosknoten/hosts.yaml
View file

@ -59,6 +59,10 @@ all:
ansible_host: zammad-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
ntfy:
ansible_host: 172.31.17.149
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
hypervisors:
hosts:
chaosknoten:
@ -79,6 +83,7 @@ base_config_hosts:
tickets:
wiki:
zammad:
ntfy:
docker_compose_hosts:
hosts:
ccchoir:
@ -90,6 +95,7 @@ docker_compose_hosts:
pad:
pretalx:
zammad:
ntfy:
nextcloud_hosts:
hosts:
cloud:
@ -109,6 +115,7 @@ nginx_hosts:
public-reverse-proxy:
wiki:
zammad:
ntfy:
public_reverse_proxy_hosts:
hosts:
public-reverse-proxy:
@ -127,6 +134,7 @@ certbot_hosts:
pretalx:
wiki:
zammad:
ntfy:
prometheus_node_exporter_hosts:
hosts:
ccchoir:
@ -154,6 +162,7 @@ infrastructure_authorized_keys_hosts:
public-reverse-proxy:
wiki:
zammad:
ntfy:
wiki_hosts:
hosts:
eh22-wiki:

23
resources/chaosknoten/ntfy/docker_compose/compose.yaml.j2 Normal file
View file

@ -0,0 +1,23 @@
---
services:
ntfy:
image: binwiederhier/ntfy
container_name: ntfy
command:
- serve
volumes:
- ntfy_cache:/var/cache/ntfy
- ntfy_var:/var/lib/ntfy
- ./configs/server.yml:/etc/ntfy/server.yml
ports:
- 2586:2586
healthcheck: # optional: remember to adapt the host:port to your environment
test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:2586/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
interval: 60s
timeout: 10s
retries: 3
start_period: 40s
restart: unless-stopped
volumes:
ntfy_cache: {}
ntfy_var: {}

9
resources/chaosknoten/ntfy/docker_compose/server.yaml Normal file
View file

@ -0,0 +1,9 @@
base-url: "https://ntfy.hamburg.ccc.de"
default-host: "https://ntfy.hamburg.ccc.de"
listen-http: ":2586"
behind-proxy: true
keepalive-interval: "45s"
cache-file: "/var/cache/ntfy/cache.db"
attachment-cache-dir: "/var/cache/ntfy/attachments"
auth-default-access: "deny-all"
auth-file: "/var/lib/ntfy/user.db"

64
resources/chaosknoten/ntfy/nginx/ntfy.hamburg.ccc.de.conf Normal file
View file

@ -0,0 +1,64 @@
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
# Listen on a custom port for the proxy protocol.
listen 8443 ssl proxy_protocol;
http2 on;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
server_name ntfy.hamburg.ccc.de;
ssl_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ntfy.hamburg.ccc.de/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/ntfy.hamburg.ccc.de/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 443;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Upgrade $http_upgrade;
location / {
proxy_pass http://127.0.0.1:2586;
proxy_buffering off;
proxy_request_buffering off;
proxy_redirect off;
client_max_body_size 0; # Stream request body to backend
}
location /settings {
allow ::1/128;
allow 127.0.0.1/32;
# Wieske
allow 172.31.17.128/25;
allow 212.12.51.128/28;
allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
allow 2a00:14b0:4200:3000::/64; #Bei Wieske
allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
# Z9
allow 185.161.129.132/32; # z9
allow 2a07:c480:0:100::/56;
allow 2a07:c481:1::/48;
proxy_pass http://127.0.0.1:2586;
proxy_buffering off;
proxy_request_buffering off;
proxy_redirect off;
client_max_body_size 0; # Stream request body to backend
}
}

1
resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
View file

@ -70,6 +70,7 @@ map $host $upstream_acme_challenge_host {
design.hamburg.ccc.de 172.31.17.162:31820;
hydra.hamburg.ccc.de 172.31.17.163:31820;
cfp.eh22.easterhegg.eu 172.31.17.157:31820;
ntfy.hamburg.ccc.de 172.31.17.149:31820;
default "";
}

1
resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
View file

@ -88,6 +88,7 @@ stream {
design.hamburg.ccc.de 172.31.17.162:8443;
hydra.hamburg.ccc.de 172.31.17.163:8443;
cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443;
ntfy.hamburg.ccc.de 172.31.17.149:8443;
}
server {