parent
9c44edece2
commit
7526d1c6a1
7 changed files with 340 additions and 11 deletions
15
.sops.yaml
15
.sops.yaml
|
@ -162,6 +162,21 @@ creation_rules:
|
|||
- *admin_gpg_c6ristian
|
||||
- *admin_gpg_lilly
|
||||
- *admin_gpg_langoor
|
||||
- path_regex: inventories/z9/host_vars/dooris.*
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_gpg_djerun
|
||||
- *admin_gpg_stb
|
||||
- *admin_gpg_jtbx
|
||||
- *admin_gpg_yuri
|
||||
- *admin_gpg_june
|
||||
- *admin_gpg_haegar
|
||||
- *admin_gpg_dario
|
||||
- *admin_gpg_echtnurich
|
||||
- *admin_gpg_max
|
||||
- *admin_gpg_c6ristian
|
||||
- *admin_gpg_lilly
|
||||
- *admin_gpg_langoor
|
||||
- key_groups:
|
||||
- pgp:
|
||||
- *admin_gpg_djerun
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Because we're using the `community.sops.sops` vars plugin, the SOPS-encrypted secrets get stored in the inventory.
|
||||
|
||||
1. Add a new creation rule for the hosts `host_vars` file.
|
||||
1. Add a new creation rule for the hosts `host_vars` file in the sops config at `.sops.yaml`.
|
||||
It should probably hold all admin keys.
|
||||
You can use existing creation rules as a reference.
|
||||
2. Create a SOPS secrets file in the `host_vars` subdirectory of the relevant inventory.
|
||||
|
|
232
inventories/z9/host_vars/dooris.sops.yaml
Normal file
232
inventories/z9/host_vars/dooris.sops.yaml
Normal file
|
@ -0,0 +1,232 @@
|
|||
secret__dooris_client_secret: ENC[AES256_GCM,data:v85gIBNH4s4j36crJ+Pb2lu2cdZpwz0xndHzBKZNGKg=,iv:Rlt6R7JMcHTAAVPiTtFaxqsWD8G5B9Ab3yqItYdFR+E=,tag:dlMHaxTMx3LgOzCsTLUdzw==,type:str]
|
||||
secret__dooris_ccujack_password: ENC[AES256_GCM,data:bHeftSA7eC1cSydBRumksRgw2v0=,iv:X/pfsvQPZREifGjHDGx8mVk2TDrlrRVb6MiAr01wI9o=,tag:ti//x7eDbheMG6Hsn2KBlg==,type:str]
|
||||
sops:
|
||||
lastmodified: "2025-05-29T13:28:08Z"
|
||||
mac: ENC[AES256_GCM,data:SkqMlgJBdM+CMLE/um7m8V0ni04Xi3S9GovNsADrws6VbSWTX+50oc6HtWl+Kj2XugLfp2XpVnlzggCiq3fePsdt1af2+ZfSCue1d+dexjo5Q/gvE/olKlmn6aj5qiosUsLgu7v2bCOIb9m9WiEhlQLKx1wGiqVNQDabiLOJV6E=,iv:NUUOcXtbg+xMHqthipKpRAWLTXda8rup4aCbbP8sVEg=,tag:wyh+hrZreOyT7uQQrghb7w==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-05-29T13:09:43Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAxK/JaB2/SdtARAAjrmnSy9HYxao+iAaOWEmTX/irINxrrA3Un+Nhna8W5ri
|
||||
zokFzeCpto1iraFy2UMh6xQE1b2SEmFvGv+mCdwnPcYRR0PJ6vIulGr+sNURUe+O
|
||||
fEgPJgXWxR+1FT8/Ko+9P28TlcSHSdy6bemLtQmi2wNJjkexLoiX9QB0B287I9GQ
|
||||
5wx/xW3uzA/wTheAtP1OhuLqQn5ADvzYovKFy71JIBWyxu0zVozUYi5AYKq9t3qP
|
||||
eyeh4ZYbUgfD6pVF1rXuf3sr6y4TjW9XN9EmYzN1+/qcL287S0LWTAGzS0xgkvKR
|
||||
QM2xIPU+MfX278G5ISxcqirbXGWpm8+WXn7wDUcpPeenffbvyL1FIqOb8QkJBYVM
|
||||
Q4XxjrvTT7rTdz6u2Z8y6BuK03R6dXtqwMQ+Jn8ovrTEAr2nk57vLkOlLSoPH5qp
|
||||
O//1fHSD7Rm4VPwSRahwJQ5gQ1orvpZ7wj27DrUCvG16zqtdYLvXIa8CG7Kr28dh
|
||||
EpuKHD4vQJTrY6SXUfLYEYeTBjGnT0tl8kgQnffbnB46pS5ekDdE7w+S9QSzPgXt
|
||||
e058viX1qAVCy1xPeyj38kRJBtHX0sgE8T50AbkKBG3+H9RY4NOIRKsPkfL3D/9K
|
||||
luPXcAM8Qbmu0T99ZpyQuLFg0RosJaMNlcL+MLpqOGAU3Jj0TfYQzy+s1Vm0+lLU
|
||||
ZgEJAhCUkAKxLkbSVKdt8bK8fb6Wxs245XPUZZpnnwtF2psGOgCU4JbQu2e6Uu+H
|
||||
W/cLSXth85OKfrsypO5AAyDhcNw5K/63jHsOq1MUlv7qKxqS28LgmLxvH+fkTlX2
|
||||
yy2c6b4rgQ==
|
||||
=i7G7
|
||||
-----END PGP MESSAGE-----
|
||||
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
|
||||
- created_at: "2025-05-29T13:09:43Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA6EyPtWBEI+2AQ//UxDv3k98prigd9KUtFZsiDGlY9Vw7YDlYdUQx6kjxHnF
|
||||
JfO6LvXrnpkVwYQ6Nbda5ugKm+1b+wvMO0w0xcLFJ1BTKW3prvm51ect8UiOgetx
|
||||
go/tnUl2R42gu8D9Czge4/bQJO1pdzeDF71gSQju2k/sYGcTP2QCsxdbQziziKy2
|
||||
vMcnBCMSJFTkDjDYlCsAzDJ3Axb/1NFYdOiAeAr0V9P5SHZAxoAw6w8NgbgyUggB
|
||||
Nrh9pwvUMHa7mT6TWR0wTYlseoGAGWBhDaIZOn3SW/yupJMFqOOMy7iEchnRdIPb
|
||||
4d5RKlaZxWHDeD8yMQBHmNE9hzi+lbVyCtP2ozFGhYvyrHvOQ/H/NsPT6aW6XCEj
|
||||
PCVTmmWUX3ZUjOoyFtJvWI8QJWicnqYm3hZg+Q1N19MTfmSBjvP5unqu3yLJIBuR
|
||||
S5olb3F9dAdMaHHtfEaXdX1jftqlupS6KenCDss+aTSIrAllM970CILNduvvEvrG
|
||||
u9cIofQs0G8B4qy1SYAdMT0psh/e/lzUb2qFKy6OWnWU9Q+DEclCsjYQQYdOaFEg
|
||||
Mf2diWFTsD2tVlZk3inQ5LYLb0HgOEPgOBcpz0VGqdTerCx7bN6va1cZN+TOEwzw
|
||||
w28WTYEabeH13x8L2QB1hBxuyZjKb5nBBNncV5lR77o4VGeacxxxzriMD27HCavS
|
||||
XAGX+omwzhH9M70XmTHANNTxuB3GM6zz0y9tHWtr6HZ9yZwHKTfRGOOmSL8+m6k2
|
||||
k3gHVlcdzac7L1VExaWTdGATzvL1CxRo6F+DPPpz5Tg7872IfGR2PZ4gB7ko
|
||||
=AJfS
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
|
||||
- created_at: "2025-05-29T13:09:43Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAz5uSgHG2iMJARAAvQPy/OBTDUzdnp3SEaAva0GcJLol10vbsCKyT4KLlW3d
|
||||
ByrqmPzRov/CZ8SOs8lTvqgp7qWOH60c1wwCrJTZ9WNQNfQ0C0fjl/KKhsFKelHE
|
||||
JZVGfwz7cKV90ZrGFhUZF5koiT9Wetzc+kQ4SQo6xrMOjWVtwbFjJ8NjH7Se+URK
|
||||
8VbEp+dMU5ilql9rmOzx/74vmr+z4p8/LCFJmOjPbwuEFUFIO53+ytrD9JV2LbOh
|
||||
W3T0kBn3kqWDnVbI+sclwc09d6C6d3cb/MppHDDggH4TMnS6coEU8On8xEsAvHco
|
||||
+XH1Cdu6nYlfqF+k5G+fEfP7Rk8NE/wWJ1bX7J+gcCABvl+Y2/5TYJQvvDrEngPa
|
||||
VfFujgqq+b9EvIznfYVgPqiJq222hZzesZXZGc8T4TpP3szo7GRL9d8Ivg63Y3Nz
|
||||
ty7eRb/WmBnkfVa8CamjmR7Gqt5LOVSXfZksK3kXXVAtLrZ0fQIll9ug3EELCo9D
|
||||
cbhhud2JLXoJZNlYh6fBlKMRWJWjIbxEETx9S8FgFIUegOyLu6ydlqAYAQTnYa/1
|
||||
kWmuwQB3xjgiY3+9Ji7BO5e7ZlRIhs837brJfZ0bbJneTGO5IRI8gpdjt+D79XlK
|
||||
72yG/7zlrNi/xbWdUtT1D6PIwq5KTltMt9D3Kp0iZF9WvzQ1hVl/lXWaI7LtaU/S
|
||||
XAHVfQzc4HoskbWHsOdlQNAOks4J4eBRFkVxmWbVXgeiWJ+ATPf29PQR9Jbqlzum
|
||||
AZuIGvoXqS41oy5+mOgmtKY1pKMH/cGjfXYzi9HJmQnjEt9IR+hgUx16A+tG
|
||||
=PedT
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
|
||||
- created_at: "2025-05-29T13:09:43Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAw5vwmoEJHQ1ARAAnxFIPa1QdjcBu4yUulTP5ptMhXObVnLMLK6SmKiq/rmG
|
||||
SD/M9fWNuROi8NodJd0TJN1L/osSSMuD9aqV0SkZPnt7NM4yood5k0N9sTDZAr0u
|
||||
KRYccvv+gJACRyalZL9v4t5/YZU5uexJ0ciBSnuNk3ds0nm3Ln1Iz4BMBMR2KTiT
|
||||
f2PvZMIE2PP0v0oGDYPIOSPqfoXjjUFyqp/3HI+l+bzORNT2yzl/062e3h1m7zVA
|
||||
TA7zWLDVcZFA/Aa3+LACKaz45V5Lj7gUXkgJ7R+d/qg963OYTUbLSiNTgtgqnLLa
|
||||
DJmc3RDcuOeHaG2AY8l/r+cf3s2TH0J6bLIAZVEBSvBvXD1wMY4nCjubUEd3nUp8
|
||||
5GT8WyQ6f8aB8Ay4rytdtOWu8NuMIwDpT3ksT0W4XI22EeHJv66vTSvV4pfcoiSe
|
||||
cdrCChfRGCpiWW52tJZ4HjkhXW61a86Vt/khhok/h8T6SWADRn3aHj52s+qNtigf
|
||||
scYEmBFUA2GSmTB3gHCjwWckVGgpFmXPYaI4LE50vU2nndxkxHx17GQjSLS+9Pt2
|
||||
iTVVOqJu+mlfiXqfO7LS/NzaIDlMcYr8/JVA+hTRM0cUN6HgzC5s/486JoPbU9BX
|
||||
o5i+NhNyhY5E8H4VXK48fvNUGHjpJLqC/InVM1wguxYxeHbI4YYqZkFtO/oIxwnS
|
||||
XAGsRHOkwxoDL2QNQpFeJ5oeXG5WccCLbIBiuQJYh8GGE0fnIOakx5SyU0A1+TVN
|
||||
Kr/n3tJosVGNCtfFvjKxYtUSxqf7yu1VeoPyD9o52XevAfE0OtEIcQ+Nyy2Z
|
||||
=R48r
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
|
||||
- created_at: "2025-05-29T13:09:43Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA4HMJd/cQYrVARAAxMZNf/eTAZvHArZJDJ67u7conjEEL0BHNmY0Tq2v2vFH
|
||||
SDbPrecIRGVK6eY4eQDm3OKt14pa93qPZxaGZAZCKCVDNb2lpXSvoT05sUi29X3k
|
||||
9yDDKnXsWM0zK7U9/WPeLlVVT9zKzRixlRKHJWD0567lVXmAIq3xI4/QxkVIaH/r
|
||||
9+2oISxoXnz1c3JTNwdNEoA85m+nTi1Rd44T1QuTH0fj7i1VwWgK92TMQ2V92NnY
|
||||
k8JdQQmCNXoC4BeEdo4v2nCUPWxBHC3ti2Yh4BFsik9iv3WeDe5RGLwdQwrI65pd
|
||||
L6C1Sp+Q0CDZuaavheC/p6pplUDAml57EFEovQSgpm+ye5j9LO0dUxdeBG2krVoi
|
||||
3Rzz+DAI2C/zAXm3FHak+UnlVsQ0D6fF8qaiozwc8FDxSJZGbUE2hywuMuosNSUE
|
||||
iPxT4XW+cWCqQOTLAAbyHSS4bAcc8Q26vw9OpQ5J65JanRUgxSfKOHGJr1bNJTVx
|
||||
RPs6y/KPdxArzlxmXcJ+U4OBDMQQTMZ8ntsdQgMqqYZy1IUQKQQg4+X+Wj3C9AWY
|
||||
sAdgY9bLdQTo5+zP+vkY22+QGIqs6piY4e4qj772Rue65LyF5qUpe0jkNyA7NzhK
|
||||
uaCingCMAyt8IMMRjGJcI6uru43QgUBYpaAWc9hBbNQ5ASHp4bbj3WemJt1k7XPS
|
||||
XAEO2UMCisCNfCsKsqE/uKi/zQ0xtugh2XrTUG42xnFS4t24DVJJEC0+aXAtyvNk
|
||||
B2FYqlaHnqCNyifLR2r6CGO/PysTGIBvfDwNHcfD9TylONdKOLr91s4UV2W6
|
||||
=rUnM
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
|
||||
- created_at: "2025-05-29T13:09:43Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAxjNhCKPP69fAQ//VPjP2gKLowb22MawLvWyvEBvPqY5snNBNHMUaNxd/e4J
|
||||
XaX8Z98AYn9rSL8uzGOk4e62uNZsOCRoK+v5gwM3p4Y4qzVjFYAD4pRBYsdHEEEk
|
||||
5hu8nrB2KdHCFocWWgW5IdTXalITX5nb4MpwZkd2pg8Nnm2VRGmGmPUVcY4cA+m4
|
||||
vhwe1ExWiUmfEditK347VJib+T2nNdsrCPDzFpo9MzUhOh0k7xLlIhgCHNkF91xX
|
||||
Fmlkw/lUqIOvZlfQ4YyH/e/am6803w9bP1iAtSc1KVFK8M0+ETnYgLniWlQ22UKX
|
||||
bp9bRovhhoTIwz24DZYEKFyAJ1X/ovD1hl1RhAjGniGHNnGOUQrLyFVNdJS//3as
|
||||
4Ag0WbQDiOg6AdUFPq1LIPnSxHquwFc4zQNE/9FjbFL+H+bena8fXyeQYy303/j/
|
||||
ZXyTjkui1jVdEb5XEF24kIe6E7eBnyYD4h4gNVf1FF4r0vbRxdoKSxHG4ebiwPWd
|
||||
o9eSkCXl8hJj0b9fC9EC+G9xtxVyc+Oyimft8UueMDnneenzGrFo0uDgJryRECKn
|
||||
uAs/RpHz7af8JAkm5Bb0s5oCRpG0NZoEX71jSjcS602gT9tA1ySA/iNKbCXzmmKw
|
||||
brWfOwvjotEgZJAhnUfQ4dPcu0lNoGVWbcgwBOrIj556CtdWH82Qm8igi30DhuXS
|
||||
XAFstOs9MB0KTkS5SoqnRKGQYL7nB+JAN5cUCYgxyIsKdOA2a+i/Hez56Nqlaat4
|
||||
RauajOum1aFl68PgCFDHMJOYIaC8dOTo5n4xnNhMNtcrdApKifsAuqDP+sh5
|
||||
=V9/6
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
|
||||
- created_at: "2025-05-29T13:09:43Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA1Hthzn+T1OoAQ//XU4i+oehBWqZYgbJufjf9hg6pkPegnYoOMO439OA79Uu
|
||||
axlWSHcTB6+vRC/o3e5LW3p5R5ANb64OOGyDeW5PeH6C2+b6/xlqyPAU233tNbmv
|
||||
sQX1H/4BJjuWmM+tmpjP9H1K8rWmw+6+xvVVbOFudkYyyJtNupOrUtkQIep92Kve
|
||||
rrgAlOXE02+3rqIl678s1R53wjIeovFd4XNxbO8LGWVELGgvREjJrUooYuqT1DYo
|
||||
unVtK/W9WFzXv2hCzXiiFLfg5HJCpUq61jiKexEDYRdMqRAHBNQim556vN2RghCD
|
||||
TH2B85GH57UKMIMCQB0XXekCEM1f/P9FBjulnhwZPOU5J41pmeHL3NB6Jo3GDXSO
|
||||
U1pK8NOE44dyVCIw6GB5ZPSmB+pKITu7Rhet5pFUQvEkbzbvh2ckiclL8viK/Rq9
|
||||
ntPJ/NNb4IjVs/tBtmnAM1gXvoTSc3FGH8TTDow1RTpyqixx8xao+5PE9+zKL4Wu
|
||||
aRe6NMa5xVWexCM2kQ3dLPPypO1yAodlB+a611ocQc2JHsKyxhIuS4VIJeJ1TWc/
|
||||
pdPW0JbgiPR1D3xvbLy89SOANFFug3WZzqjsl/BKxs8g2NA+dWYgbzUq5axrcIWd
|
||||
j8F4gNa36BmvnTwA/UEkq30wNfaEucYrSoT4vdeT9rlhXuna1/iBHg8mCxQotxPS
|
||||
XAGSQDissUfuC6QmJoUY7o1eGlr/yC11zghiJQRwi8/czQnnnukv2BMQL3UMBcvq
|
||||
9by5gFOjpytXGsk94VLzsD/jg5AeQqpFU8UJwr/XAPaPaaBo1RemYQf68O8E
|
||||
=3RuY
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
|
||||
- created_at: "2025-05-29T13:09:43Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA46L6MuPqfJqAQ//ZOAZkk8v70befbmw0wVTgb7VQam9XpcvJ8y19A+bMIDV
|
||||
R464pWEoBxSh+pvj0QoG2U40YX9Loc/VbAydlWrPFCGajxxkqkOxn1sbI5QfvYnw
|
||||
efGIxWaTUQYH5miWWh2ZeES49wVqosplCP4VAq1F7B//9e5i5YiKcF2s1agMIgp7
|
||||
nSnQrekNgP409CQPsYYuUGq18eiH5lz1waXBkqK9aQnTMB6dh8tf/xnLzQsdwliK
|
||||
dgITB93MMYZ64CYQmhTspBsqB/eFEjZCvnn43Y2+vwwzRz8p4NlpM/U+N3xdBy97
|
||||
tmhKdNWl1zzmoqp7k8gTnJlSJibXuOJOMK7lXT3/eKfOp5tFauvHCwqq6TroE4Q/
|
||||
yqBonz7RWmBtLlqIUs0C8sqq8sCmtOFI4o04zcV/IGA98KeNa3ZkfkO/fPhnO9D9
|
||||
bwzWMrdgpQwb3lzNM0/WbNBfIjdloviDa7I2Pgrc1LM8UcFVMsCmk2eqImD74YIn
|
||||
eyNkIY6FMJhrVapuYShTf0sKn8bDWxi+VYZxPGbObTe2t52/z/6XP2tnSSZ5rn2H
|
||||
zn68Its9dGhZ9ILkEDBuBh3/4cJwKs94MwhOIlPwgWIl98Sr6NUricSmNMV4B/Ku
|
||||
DXlPfVxbxqJhzvIFG7pADm5HbFyWgFl9QpVfomJoacsQSTE3KPPe/2SKzG2l5aPS
|
||||
XAFFzACeI/226BzPJGQ12BBFPfMKcQB3Rfg20Y60s4E28AFWGhQUI5BNNLkhEELu
|
||||
JiKiSt/baYpehzEDCbKAnk1xCVldeV5WfyaOako1PaApXxjKb68cdyKJtZ8+
|
||||
=D3tP
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
|
||||
- created_at: "2025-05-29T13:09:43Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA4EEKdYEzV0pAQ/9HbqjtdZC+8Al972EhHn0985LiD8o398dKO4lgufq5gKd
|
||||
E4EhSEr1OmeEdSvTFDo2C3UFKrhoX6mU+GG9yZfRX0R6FJUJJP2xr7F1gkL4icXb
|
||||
BBbHu7MDTLzVM8oP2/y6dwzZL507t1AhcTXAzSoY7jkvjSYzLukocZfFhJ94QPQS
|
||||
T+k6pjVEgDJDJ5sHWw9zfW79Wo0Sl8hpSPVOkV02VV9EmDH+9kXj8u5ZT92/3zWN
|
||||
HVUGWKDDIerpGHurwDEr1B8Ql1Tk+UgPjcErt3TlKOkUaIIwcN3STP4B1XaFxhjt
|
||||
u1XrFVrqI9jFYCtgt/Mf1mfEfhf18bclQjTqswxY3HUqG23T1EClu57mJsofcS3H
|
||||
bqF+1Mv798C2jFz6ht31LDJllI95pCnwuxbL3Z0tm2u0oj2us9WodERIWVEwcisD
|
||||
hK5Shhv03T2X1OJmAPPAoSQhYIVKBdwkautTF+J2jPRUXulzgLVG7MLowTzbX/c+
|
||||
dT4uZ/ZKM3SWVmrwN5AOcGG8PVNtkt7/Dd8uDLeNNlK9QXJK5nfxDnhlRRpOmbDA
|
||||
fRnS9tLPmY+T1knwKbMO8k918FqEhjdAHdEr+C5YbEiupUY+0KpoCqaf04cWlI8W
|
||||
Ei0dhZ4OrBKiIZIY5i12BXcskgjsXPRNLqkN/fYqVyR+5VjM07kSOsnpgfinF+DS
|
||||
XAHL+cPJCA+k7jnyrDDxjqETeEwf0gTgWMCSWQecULBV1UPh6AjNARsKAAOrr8BJ
|
||||
nynWrpIAHfsb4CP5FfYl/CnydhJB3GHfBtElrUS17v4hhl656IXMyXMeGgKz
|
||||
=l5zk
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
|
||||
- created_at: "2025-05-29T13:09:43Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DQrf1tCqiJxoSAQdAR8zTJ9Cb4meMl7X9r47AeKuyWkK3ck+s3WfwPSv6qzQw
|
||||
RCWHumJZKT8+ZhZkyfHbcvNvx5q23cPngLdJ2GDpXfkl5imFJUdrfpxJvCvBJl/n
|
||||
0lwBsBFzr+gLGVuPodabHjiAx22Fc3tjEigHTBpV2fclmM97oJDBk6vx10vWIgv6
|
||||
yWWlGWo25LvlrGc9hNX5UzCTBUwkDs3cmV2r7O/wzDEgyqs82/lzm+hnDtHcsg==
|
||||
=zBp8
|
||||
-----END PGP MESSAGE-----
|
||||
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
|
||||
- created_at: "2025-05-29T13:09:43Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DzAGzViGx4qcSAQdAQpzleW1vX2SXQXVn6NgWQTmlMfWm3RW4OUpdxByKlkEw
|
||||
lADSS3szOdQWtQ8TWUAFhDbakJ6vLgUgvNV163Onxrn9GFJXylfdSSspE+8Z6Vws
|
||||
0lYBY2g09YqA1WBhBorJAF0GZk8j+SDhLXs4YVcGbxDYr4pFbSqsJQ6M5k0Kv5W3
|
||||
MjxvKJVl0qxhhv+FF8kLicwX9avCarpSrgH8dSNH8926ZEyAm6g9JQ==
|
||||
=7bUV
|
||||
-----END PGP MESSAGE-----
|
||||
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
|
||||
- created_at: "2025-05-29T13:09:43Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA2pVdGTIrZI+ARAA2McI7djN679I+L/8DY9L5j+hYHdu78KkfB/HTAWtI88L
|
||||
rHathJG/yW4Vao+x/SYyhcRLY9oWblqIgausLAPLQpTN8M+2ZsVS2Q0J+OWhIsfy
|
||||
889cGno22s561YU4mrutREn+XC/QL3T01bHJw7QWCQcGQ9rD6ACTkipxmDr9aLEB
|
||||
AQRFCPGxKPdj5R4ZwABR/5kXAwtYtkdDIxE9Ckx9Ex8AGb0mX+4EL14Mi/uCmmZT
|
||||
+h0geY7DDu6O5EP5zn2y/jT4T1vWc5N1xsHZlL6qgFA2Bdx58UQaVVBtrGos6S82
|
||||
eIbgz1F/LtteYnAdjfeWUK6FdRh4FA5oyyVb82MzrwWk77vj2eLOhY3X6UywB4EP
|
||||
HoVkgUxeKaKV620RO+nCV80ZTy+rqJrq2a/MpZGD9Ra+hKOkCt0mElayCG091mlz
|
||||
tygLXwgt5ID9m3V1mJQ0f4GK6w5s+t8pK/TByXM1eToqlDsyFM/iAwbmDoehSe/r
|
||||
2Dq3fuB7f3Mqxnit8xfMRK/HGV1yDFwco2y6CggU1rhwl8gm56Pd90AEx3J+gkzP
|
||||
Y6hQ5lldcHlpb2oSdI+C7UjJKySuEui2FvAYRgf2u/edcCUvrYR9zHqmanS9NCR2
|
||||
+ZCgfBHoQRPWOWzuDKo5RFmheghhYDtqpp1BUHjpR+0B27h1sWeqECMzAvnLOfLU
|
||||
ZgEJAhCr45YwxmaISlsPR5Z8Dr5G4sXuuciiIX7qJnDiQZBZcaPDMIUjheb69GbX
|
||||
aMW5suQMmVlCPfaqJtKrBmtpSuF0DvDALuBIQIOUD60AUewlZq4OnOabdDo4nsIZ
|
||||
Oo1AY3Jhcg==
|
||||
=SuqK
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
15
inventories/z9/host_vars/dooris.yaml
Normal file
15
inventories/z9/host_vars/dooris.yaml
Normal file
|
@ -0,0 +1,15 @@
|
|||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/dooris/docker_compose/compose.yaml.j2') }}"
|
||||
docker_compose__configuration_files: [ ]
|
||||
|
||||
certbot__version_spec: ""
|
||||
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
||||
certbot__certificate_domains:
|
||||
- "dooris.ccchh.net"
|
||||
certbot__new_cert_commands:
|
||||
- "systemctl reload nginx.service"
|
||||
certbot__http_01_port: 80
|
||||
|
||||
nginx__version_spec: ""
|
||||
nginx__configurations:
|
||||
- name: dooris.ccchh.net
|
||||
content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/dooris.ccchh.net.conf') }}"
|
|
@ -1,29 +1,40 @@
|
|||
all:
|
||||
hosts:
|
||||
light:
|
||||
ansible_host: light.z9.ccchh.net
|
||||
ansible_user: chaos
|
||||
authoritative-dns:
|
||||
ansible_host: authoritative-dns.z9.ccchh.net
|
||||
ansible_user: chaos
|
||||
dooris:
|
||||
ansible_host: 10.31.208.201
|
||||
ansible_user: chaos
|
||||
light:
|
||||
ansible_host: light.z9.ccchh.net
|
||||
ansible_user: chaos
|
||||
thinkcccore0:
|
||||
ansible_host: thinkcccore0.z9.ccchh.net
|
||||
certbot_hosts:
|
||||
hosts:
|
||||
dooris:
|
||||
docker_compose_hosts:
|
||||
hosts:
|
||||
dooris:
|
||||
foobazdmx_hosts:
|
||||
hosts:
|
||||
light:
|
||||
hypervisors:
|
||||
hosts:
|
||||
thinkcccore0:
|
||||
infrastructure_authorized_keys_hosts:
|
||||
hosts:
|
||||
dooris:
|
||||
light:
|
||||
authoritative-dns:
|
||||
nginx_hosts:
|
||||
hosts:
|
||||
dooris:
|
||||
light:
|
||||
ola_hosts:
|
||||
hosts:
|
||||
light:
|
||||
foobazdmx_hosts:
|
||||
hosts:
|
||||
light:
|
||||
infrastructure_authorized_keys_hosts:
|
||||
hosts:
|
||||
light:
|
||||
authoritative-dns:
|
||||
proxmox_vm_template_hosts:
|
||||
hosts:
|
||||
thinkcccore0:
|
||||
|
|
22
resources/z9/dooris/docker_compose/compose.yaml.j2
Normal file
22
resources/z9/dooris/docker_compose/compose.yaml.j2
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
|
||||
services:
|
||||
dooris:
|
||||
image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest
|
||||
environment:
|
||||
HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56"
|
||||
HMDOORIS_CCUJACK_CERTIFICATE_PATH: false
|
||||
HMDOORIS_CCUJACK_PASSWORD: "{{ secret__dooris_ccujack_password }}"
|
||||
HMDOORIS_CCUJACK_URL: https://hmdooris-ccu.ccchh.net:2122
|
||||
HMDOORIS_CCUJACK_USERNAME: dooris
|
||||
HMDOORIS_CLIENT_ID: dooris
|
||||
HMDOORIS_CLIENT_SECRET: "{{ secret__dooris_client_secret }}"
|
||||
HMDOORIS_DISCOVERY_URL: https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration
|
||||
HMDOORIS_LISTEN: '0.0.0.0:3000'
|
||||
HMDOORIS_REQUIRES_GROUP: intern
|
||||
HMDOORIS_URL: https://dooris.ccchh.net
|
||||
PYTHONWARNINGS: "ignore:Unverified HTTPS request"
|
||||
#DEBUG: true
|
||||
ports:
|
||||
- "127.0.0.1:3000:3000"
|
||||
restart: unless-stopped
|
34
resources/z9/dooris/nginx/dooris.ccchh.net.conf
Normal file
34
resources/z9/dooris/nginx/dooris.ccchh.net.conf
Normal file
|
@ -0,0 +1,34 @@
|
|||
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
server {
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name dooris.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/dooris.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/dooris.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/dooris.ccchh.net/chain.pem;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Port 443;
|
||||
# This is https in any case.
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
# Hide the X-Forwarded header.
|
||||
proxy_hide_header X-Forwarded;
|
||||
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
|
||||
# is transparent).
|
||||
# Also provide "_hidden" for by, since it's not relevant.
|
||||
proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
|
||||
proxy_intercept_errors off;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3000/;
|
||||
}
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue