Add dooris (2.0)

This commit is contained in:
Stefan Bethke 2025-05-29 17:42:59 +02:00
parent 9c44edece2
commit 7526d1c6a1
7 changed files with 340 additions and 11 deletions

View file

@ -162,6 +162,21 @@ creation_rules:
- *admin_gpg_c6ristian
- *admin_gpg_lilly
- *admin_gpg_langoor
- path_regex: inventories/z9/host_vars/dooris.*
key_groups:
- pgp:
- *admin_gpg_djerun
- *admin_gpg_stb
- *admin_gpg_jtbx
- *admin_gpg_yuri
- *admin_gpg_june
- *admin_gpg_haegar
- *admin_gpg_dario
- *admin_gpg_echtnurich
- *admin_gpg_max
- *admin_gpg_c6ristian
- *admin_gpg_lilly
- *admin_gpg_langoor
- key_groups:
- pgp:
- *admin_gpg_djerun

View file

@ -2,7 +2,7 @@
Because we're using the `community.sops.sops` vars plugin, the SOPS-encrypted secrets get stored in the inventory.
1. Add a new creation rule for the hosts `host_vars` file.
1. Add a new creation rule for the hosts `host_vars` file in the sops config at `.sops.yaml`.
It should probably hold all admin keys.
You can use existing creation rules as a reference.
2. Create a SOPS secrets file in the `host_vars` subdirectory of the relevant inventory.

View file

@ -0,0 +1,232 @@
secret__dooris_client_secret: ENC[AES256_GCM,data:v85gIBNH4s4j36crJ+Pb2lu2cdZpwz0xndHzBKZNGKg=,iv:Rlt6R7JMcHTAAVPiTtFaxqsWD8G5B9Ab3yqItYdFR+E=,tag:dlMHaxTMx3LgOzCsTLUdzw==,type:str]
secret__dooris_ccujack_password: ENC[AES256_GCM,data:bHeftSA7eC1cSydBRumksRgw2v0=,iv:X/pfsvQPZREifGjHDGx8mVk2TDrlrRVb6MiAr01wI9o=,tag:ti//x7eDbheMG6Hsn2KBlg==,type:str]
sops:
lastmodified: "2025-05-29T13:28:08Z"
mac: ENC[AES256_GCM,data:SkqMlgJBdM+CMLE/um7m8V0ni04Xi3S9GovNsADrws6VbSWTX+50oc6HtWl+Kj2XugLfp2XpVnlzggCiq3fePsdt1af2+ZfSCue1d+dexjo5Q/gvE/olKlmn6aj5qiosUsLgu7v2bCOIb9m9WiEhlQLKx1wGiqVNQDabiLOJV6E=,iv:NUUOcXtbg+xMHqthipKpRAWLTXda8rup4aCbbP8sVEg=,tag:wyh+hrZreOyT7uQQrghb7w==,type:str]
pgp:
- created_at: "2025-05-29T13:09:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxK/JaB2/SdtARAAjrmnSy9HYxao+iAaOWEmTX/irINxrrA3Un+Nhna8W5ri
zokFzeCpto1iraFy2UMh6xQE1b2SEmFvGv+mCdwnPcYRR0PJ6vIulGr+sNURUe+O
fEgPJgXWxR+1FT8/Ko+9P28TlcSHSdy6bemLtQmi2wNJjkexLoiX9QB0B287I9GQ
5wx/xW3uzA/wTheAtP1OhuLqQn5ADvzYovKFy71JIBWyxu0zVozUYi5AYKq9t3qP
eyeh4ZYbUgfD6pVF1rXuf3sr6y4TjW9XN9EmYzN1+/qcL287S0LWTAGzS0xgkvKR
QM2xIPU+MfX278G5ISxcqirbXGWpm8+WXn7wDUcpPeenffbvyL1FIqOb8QkJBYVM
Q4XxjrvTT7rTdz6u2Z8y6BuK03R6dXtqwMQ+Jn8ovrTEAr2nk57vLkOlLSoPH5qp
O//1fHSD7Rm4VPwSRahwJQ5gQ1orvpZ7wj27DrUCvG16zqtdYLvXIa8CG7Kr28dh
EpuKHD4vQJTrY6SXUfLYEYeTBjGnT0tl8kgQnffbnB46pS5ekDdE7w+S9QSzPgXt
e058viX1qAVCy1xPeyj38kRJBtHX0sgE8T50AbkKBG3+H9RY4NOIRKsPkfL3D/9K
luPXcAM8Qbmu0T99ZpyQuLFg0RosJaMNlcL+MLpqOGAU3Jj0TfYQzy+s1Vm0+lLU
ZgEJAhCUkAKxLkbSVKdt8bK8fb6Wxs245XPUZZpnnwtF2psGOgCU4JbQu2e6Uu+H
W/cLSXth85OKfrsypO5AAyDhcNw5K/63jHsOq1MUlv7qKxqS28LgmLxvH+fkTlX2
yy2c6b4rgQ==
=i7G7
-----END PGP MESSAGE-----
fp: EF643F59E008414882232C78FFA8331EEB7D6B70
- created_at: "2025-05-29T13:09:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA6EyPtWBEI+2AQ//UxDv3k98prigd9KUtFZsiDGlY9Vw7YDlYdUQx6kjxHnF
JfO6LvXrnpkVwYQ6Nbda5ugKm+1b+wvMO0w0xcLFJ1BTKW3prvm51ect8UiOgetx
go/tnUl2R42gu8D9Czge4/bQJO1pdzeDF71gSQju2k/sYGcTP2QCsxdbQziziKy2
vMcnBCMSJFTkDjDYlCsAzDJ3Axb/1NFYdOiAeAr0V9P5SHZAxoAw6w8NgbgyUggB
Nrh9pwvUMHa7mT6TWR0wTYlseoGAGWBhDaIZOn3SW/yupJMFqOOMy7iEchnRdIPb
4d5RKlaZxWHDeD8yMQBHmNE9hzi+lbVyCtP2ozFGhYvyrHvOQ/H/NsPT6aW6XCEj
PCVTmmWUX3ZUjOoyFtJvWI8QJWicnqYm3hZg+Q1N19MTfmSBjvP5unqu3yLJIBuR
S5olb3F9dAdMaHHtfEaXdX1jftqlupS6KenCDss+aTSIrAllM970CILNduvvEvrG
u9cIofQs0G8B4qy1SYAdMT0psh/e/lzUb2qFKy6OWnWU9Q+DEclCsjYQQYdOaFEg
Mf2diWFTsD2tVlZk3inQ5LYLb0HgOEPgOBcpz0VGqdTerCx7bN6va1cZN+TOEwzw
w28WTYEabeH13x8L2QB1hBxuyZjKb5nBBNncV5lR77o4VGeacxxxzriMD27HCavS
XAGX+omwzhH9M70XmTHANNTxuB3GM6zz0y9tHWtr6HZ9yZwHKTfRGOOmSL8+m6k2
k3gHVlcdzac7L1VExaWTdGATzvL1CxRo6F+DPPpz5Tg7872IfGR2PZ4gB7ko
=AJfS
-----END PGP MESSAGE-----
fp: F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
- created_at: "2025-05-29T13:09:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAz5uSgHG2iMJARAAvQPy/OBTDUzdnp3SEaAva0GcJLol10vbsCKyT4KLlW3d
ByrqmPzRov/CZ8SOs8lTvqgp7qWOH60c1wwCrJTZ9WNQNfQ0C0fjl/KKhsFKelHE
JZVGfwz7cKV90ZrGFhUZF5koiT9Wetzc+kQ4SQo6xrMOjWVtwbFjJ8NjH7Se+URK
8VbEp+dMU5ilql9rmOzx/74vmr+z4p8/LCFJmOjPbwuEFUFIO53+ytrD9JV2LbOh
W3T0kBn3kqWDnVbI+sclwc09d6C6d3cb/MppHDDggH4TMnS6coEU8On8xEsAvHco
+XH1Cdu6nYlfqF+k5G+fEfP7Rk8NE/wWJ1bX7J+gcCABvl+Y2/5TYJQvvDrEngPa
VfFujgqq+b9EvIznfYVgPqiJq222hZzesZXZGc8T4TpP3szo7GRL9d8Ivg63Y3Nz
ty7eRb/WmBnkfVa8CamjmR7Gqt5LOVSXfZksK3kXXVAtLrZ0fQIll9ug3EELCo9D
cbhhud2JLXoJZNlYh6fBlKMRWJWjIbxEETx9S8FgFIUegOyLu6ydlqAYAQTnYa/1
kWmuwQB3xjgiY3+9Ji7BO5e7ZlRIhs837brJfZ0bbJneTGO5IRI8gpdjt+D79XlK
72yG/7zlrNi/xbWdUtT1D6PIwq5KTltMt9D3Kp0iZF9WvzQ1hVl/lXWaI7LtaU/S
XAHVfQzc4HoskbWHsOdlQNAOks4J4eBRFkVxmWbVXgeiWJ+ATPf29PQR9Jbqlzum
AZuIGvoXqS41oy5+mOgmtKY1pKMH/cGjfXYzi9HJmQnjEt9IR+hgUx16A+tG
=PedT
-----END PGP MESSAGE-----
fp: 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
- created_at: "2025-05-29T13:09:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAw5vwmoEJHQ1ARAAnxFIPa1QdjcBu4yUulTP5ptMhXObVnLMLK6SmKiq/rmG
SD/M9fWNuROi8NodJd0TJN1L/osSSMuD9aqV0SkZPnt7NM4yood5k0N9sTDZAr0u
KRYccvv+gJACRyalZL9v4t5/YZU5uexJ0ciBSnuNk3ds0nm3Ln1Iz4BMBMR2KTiT
f2PvZMIE2PP0v0oGDYPIOSPqfoXjjUFyqp/3HI+l+bzORNT2yzl/062e3h1m7zVA
TA7zWLDVcZFA/Aa3+LACKaz45V5Lj7gUXkgJ7R+d/qg963OYTUbLSiNTgtgqnLLa
DJmc3RDcuOeHaG2AY8l/r+cf3s2TH0J6bLIAZVEBSvBvXD1wMY4nCjubUEd3nUp8
5GT8WyQ6f8aB8Ay4rytdtOWu8NuMIwDpT3ksT0W4XI22EeHJv66vTSvV4pfcoiSe
cdrCChfRGCpiWW52tJZ4HjkhXW61a86Vt/khhok/h8T6SWADRn3aHj52s+qNtigf
scYEmBFUA2GSmTB3gHCjwWckVGgpFmXPYaI4LE50vU2nndxkxHx17GQjSLS+9Pt2
iTVVOqJu+mlfiXqfO7LS/NzaIDlMcYr8/JVA+hTRM0cUN6HgzC5s/486JoPbU9BX
o5i+NhNyhY5E8H4VXK48fvNUGHjpJLqC/InVM1wguxYxeHbI4YYqZkFtO/oIxwnS
XAGsRHOkwxoDL2QNQpFeJ5oeXG5WccCLbIBiuQJYh8GGE0fnIOakx5SyU0A1+TVN
Kr/n3tJosVGNCtfFvjKxYtUSxqf7yu1VeoPyD9o52XevAfE0OtEIcQ+Nyy2Z
=R48r
-----END PGP MESSAGE-----
fp: 87AB00D45D37C9E9167B5A5A333448678B60E505
- created_at: "2025-05-29T13:09:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA4HMJd/cQYrVARAAxMZNf/eTAZvHArZJDJ67u7conjEEL0BHNmY0Tq2v2vFH
SDbPrecIRGVK6eY4eQDm3OKt14pa93qPZxaGZAZCKCVDNb2lpXSvoT05sUi29X3k
9yDDKnXsWM0zK7U9/WPeLlVVT9zKzRixlRKHJWD0567lVXmAIq3xI4/QxkVIaH/r
9+2oISxoXnz1c3JTNwdNEoA85m+nTi1Rd44T1QuTH0fj7i1VwWgK92TMQ2V92NnY
k8JdQQmCNXoC4BeEdo4v2nCUPWxBHC3ti2Yh4BFsik9iv3WeDe5RGLwdQwrI65pd
L6C1Sp+Q0CDZuaavheC/p6pplUDAml57EFEovQSgpm+ye5j9LO0dUxdeBG2krVoi
3Rzz+DAI2C/zAXm3FHak+UnlVsQ0D6fF8qaiozwc8FDxSJZGbUE2hywuMuosNSUE
iPxT4XW+cWCqQOTLAAbyHSS4bAcc8Q26vw9OpQ5J65JanRUgxSfKOHGJr1bNJTVx
RPs6y/KPdxArzlxmXcJ+U4OBDMQQTMZ8ntsdQgMqqYZy1IUQKQQg4+X+Wj3C9AWY
sAdgY9bLdQTo5+zP+vkY22+QGIqs6piY4e4qj772Rue65LyF5qUpe0jkNyA7NzhK
uaCingCMAyt8IMMRjGJcI6uru43QgUBYpaAWc9hBbNQ5ASHp4bbj3WemJt1k7XPS
XAEO2UMCisCNfCsKsqE/uKi/zQ0xtugh2XrTUG42xnFS4t24DVJJEC0+aXAtyvNk
B2FYqlaHnqCNyifLR2r6CGO/PysTGIBvfDwNHcfD9TylONdKOLr91s4UV2W6
=rUnM
-----END PGP MESSAGE-----
fp: 91213ABAA73B0B73D3C02B5B4E5F372D17BBE67C
- created_at: "2025-05-29T13:09:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAxjNhCKPP69fAQ//VPjP2gKLowb22MawLvWyvEBvPqY5snNBNHMUaNxd/e4J
XaX8Z98AYn9rSL8uzGOk4e62uNZsOCRoK+v5gwM3p4Y4qzVjFYAD4pRBYsdHEEEk
5hu8nrB2KdHCFocWWgW5IdTXalITX5nb4MpwZkd2pg8Nnm2VRGmGmPUVcY4cA+m4
vhwe1ExWiUmfEditK347VJib+T2nNdsrCPDzFpo9MzUhOh0k7xLlIhgCHNkF91xX
Fmlkw/lUqIOvZlfQ4YyH/e/am6803w9bP1iAtSc1KVFK8M0+ETnYgLniWlQ22UKX
bp9bRovhhoTIwz24DZYEKFyAJ1X/ovD1hl1RhAjGniGHNnGOUQrLyFVNdJS//3as
4Ag0WbQDiOg6AdUFPq1LIPnSxHquwFc4zQNE/9FjbFL+H+bena8fXyeQYy303/j/
ZXyTjkui1jVdEb5XEF24kIe6E7eBnyYD4h4gNVf1FF4r0vbRxdoKSxHG4ebiwPWd
o9eSkCXl8hJj0b9fC9EC+G9xtxVyc+Oyimft8UueMDnneenzGrFo0uDgJryRECKn
uAs/RpHz7af8JAkm5Bb0s5oCRpG0NZoEX71jSjcS602gT9tA1ySA/iNKbCXzmmKw
brWfOwvjotEgZJAhnUfQ4dPcu0lNoGVWbcgwBOrIj556CtdWH82Qm8igi30DhuXS
XAFstOs9MB0KTkS5SoqnRKGQYL7nB+JAN5cUCYgxyIsKdOA2a+i/Hez56Nqlaat4
RauajOum1aFl68PgCFDHMJOYIaC8dOTo5n4xnNhMNtcrdApKifsAuqDP+sh5
=V9/6
-----END PGP MESSAGE-----
fp: F38C9D4228FC6F674E322D9C3326D914EB9B8F55
- created_at: "2025-05-29T13:09:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA1Hthzn+T1OoAQ//XU4i+oehBWqZYgbJufjf9hg6pkPegnYoOMO439OA79Uu
axlWSHcTB6+vRC/o3e5LW3p5R5ANb64OOGyDeW5PeH6C2+b6/xlqyPAU233tNbmv
sQX1H/4BJjuWmM+tmpjP9H1K8rWmw+6+xvVVbOFudkYyyJtNupOrUtkQIep92Kve
rrgAlOXE02+3rqIl678s1R53wjIeovFd4XNxbO8LGWVELGgvREjJrUooYuqT1DYo
unVtK/W9WFzXv2hCzXiiFLfg5HJCpUq61jiKexEDYRdMqRAHBNQim556vN2RghCD
TH2B85GH57UKMIMCQB0XXekCEM1f/P9FBjulnhwZPOU5J41pmeHL3NB6Jo3GDXSO
U1pK8NOE44dyVCIw6GB5ZPSmB+pKITu7Rhet5pFUQvEkbzbvh2ckiclL8viK/Rq9
ntPJ/NNb4IjVs/tBtmnAM1gXvoTSc3FGH8TTDow1RTpyqixx8xao+5PE9+zKL4Wu
aRe6NMa5xVWexCM2kQ3dLPPypO1yAodlB+a611ocQc2JHsKyxhIuS4VIJeJ1TWc/
pdPW0JbgiPR1D3xvbLy89SOANFFug3WZzqjsl/BKxs8g2NA+dWYgbzUq5axrcIWd
j8F4gNa36BmvnTwA/UEkq30wNfaEucYrSoT4vdeT9rlhXuna1/iBHg8mCxQotxPS
XAGSQDissUfuC6QmJoUY7o1eGlr/yC11zghiJQRwi8/czQnnnukv2BMQL3UMBcvq
9by5gFOjpytXGsk94VLzsD/jg5AeQqpFU8UJwr/XAPaPaaBo1RemYQf68O8E
=3RuY
-----END PGP MESSAGE-----
fp: 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
- created_at: "2025-05-29T13:09:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA46L6MuPqfJqAQ//ZOAZkk8v70befbmw0wVTgb7VQam9XpcvJ8y19A+bMIDV
R464pWEoBxSh+pvj0QoG2U40YX9Loc/VbAydlWrPFCGajxxkqkOxn1sbI5QfvYnw
efGIxWaTUQYH5miWWh2ZeES49wVqosplCP4VAq1F7B//9e5i5YiKcF2s1agMIgp7
nSnQrekNgP409CQPsYYuUGq18eiH5lz1waXBkqK9aQnTMB6dh8tf/xnLzQsdwliK
dgITB93MMYZ64CYQmhTspBsqB/eFEjZCvnn43Y2+vwwzRz8p4NlpM/U+N3xdBy97
tmhKdNWl1zzmoqp7k8gTnJlSJibXuOJOMK7lXT3/eKfOp5tFauvHCwqq6TroE4Q/
yqBonz7RWmBtLlqIUs0C8sqq8sCmtOFI4o04zcV/IGA98KeNa3ZkfkO/fPhnO9D9
bwzWMrdgpQwb3lzNM0/WbNBfIjdloviDa7I2Pgrc1LM8UcFVMsCmk2eqImD74YIn
eyNkIY6FMJhrVapuYShTf0sKn8bDWxi+VYZxPGbObTe2t52/z/6XP2tnSSZ5rn2H
zn68Its9dGhZ9ILkEDBuBh3/4cJwKs94MwhOIlPwgWIl98Sr6NUricSmNMV4B/Ku
DXlPfVxbxqJhzvIFG7pADm5HbFyWgFl9QpVfomJoacsQSTE3KPPe/2SKzG2l5aPS
XAFFzACeI/226BzPJGQ12BBFPfMKcQB3Rfg20Y60s4E28AFWGhQUI5BNNLkhEELu
JiKiSt/baYpehzEDCbKAnk1xCVldeV5WfyaOako1PaApXxjKb68cdyKJtZ8+
=D3tP
-----END PGP MESSAGE-----
fp: 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
- created_at: "2025-05-29T13:09:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA4EEKdYEzV0pAQ/9HbqjtdZC+8Al972EhHn0985LiD8o398dKO4lgufq5gKd
E4EhSEr1OmeEdSvTFDo2C3UFKrhoX6mU+GG9yZfRX0R6FJUJJP2xr7F1gkL4icXb
BBbHu7MDTLzVM8oP2/y6dwzZL507t1AhcTXAzSoY7jkvjSYzLukocZfFhJ94QPQS
T+k6pjVEgDJDJ5sHWw9zfW79Wo0Sl8hpSPVOkV02VV9EmDH+9kXj8u5ZT92/3zWN
HVUGWKDDIerpGHurwDEr1B8Ql1Tk+UgPjcErt3TlKOkUaIIwcN3STP4B1XaFxhjt
u1XrFVrqI9jFYCtgt/Mf1mfEfhf18bclQjTqswxY3HUqG23T1EClu57mJsofcS3H
bqF+1Mv798C2jFz6ht31LDJllI95pCnwuxbL3Z0tm2u0oj2us9WodERIWVEwcisD
hK5Shhv03T2X1OJmAPPAoSQhYIVKBdwkautTF+J2jPRUXulzgLVG7MLowTzbX/c+
dT4uZ/ZKM3SWVmrwN5AOcGG8PVNtkt7/Dd8uDLeNNlK9QXJK5nfxDnhlRRpOmbDA
fRnS9tLPmY+T1knwKbMO8k918FqEhjdAHdEr+C5YbEiupUY+0KpoCqaf04cWlI8W
Ei0dhZ4OrBKiIZIY5i12BXcskgjsXPRNLqkN/fYqVyR+5VjM07kSOsnpgfinF+DS
XAHL+cPJCA+k7jnyrDDxjqETeEwf0gTgWMCSWQecULBV1UPh6AjNARsKAAOrr8BJ
nynWrpIAHfsb4CP5FfYl/CnydhJB3GHfBtElrUS17v4hhl656IXMyXMeGgKz
=l5zk
-----END PGP MESSAGE-----
fp: 9DFA033E3DAEBAD7FDD71B056C7AAA54BE05F7BA
- created_at: "2025-05-29T13:09:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQrf1tCqiJxoSAQdAR8zTJ9Cb4meMl7X9r47AeKuyWkK3ck+s3WfwPSv6qzQw
RCWHumJZKT8+ZhZkyfHbcvNvx5q23cPngLdJ2GDpXfkl5imFJUdrfpxJvCvBJl/n
0lwBsBFzr+gLGVuPodabHjiAx22Fc3tjEigHTBpV2fclmM97oJDBk6vx10vWIgv6
yWWlGWo25LvlrGc9hNX5UzCTBUwkDs3cmV2r7O/wzDEgyqs82/lzm+hnDtHcsg==
=zBp8
-----END PGP MESSAGE-----
fp: B71138A6A8964A3C3B8899857B4F70C356765BAB
- created_at: "2025-05-29T13:09:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DzAGzViGx4qcSAQdAQpzleW1vX2SXQXVn6NgWQTmlMfWm3RW4OUpdxByKlkEw
lADSS3szOdQWtQ8TWUAFhDbakJ6vLgUgvNV163Onxrn9GFJXylfdSSspE+8Z6Vws
0lYBY2g09YqA1WBhBorJAF0GZk8j+SDhLXs4YVcGbxDYr4pFbSqsJQ6M5k0Kv5W3
MjxvKJVl0qxhhv+FF8kLicwX9avCarpSrgH8dSNH8926ZEyAm6g9JQ==
=7bUV
-----END PGP MESSAGE-----
fp: D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
- created_at: "2025-05-29T13:09:43Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA2pVdGTIrZI+ARAA2McI7djN679I+L/8DY9L5j+hYHdu78KkfB/HTAWtI88L
rHathJG/yW4Vao+x/SYyhcRLY9oWblqIgausLAPLQpTN8M+2ZsVS2Q0J+OWhIsfy
889cGno22s561YU4mrutREn+XC/QL3T01bHJw7QWCQcGQ9rD6ACTkipxmDr9aLEB
AQRFCPGxKPdj5R4ZwABR/5kXAwtYtkdDIxE9Ckx9Ex8AGb0mX+4EL14Mi/uCmmZT
+h0geY7DDu6O5EP5zn2y/jT4T1vWc5N1xsHZlL6qgFA2Bdx58UQaVVBtrGos6S82
eIbgz1F/LtteYnAdjfeWUK6FdRh4FA5oyyVb82MzrwWk77vj2eLOhY3X6UywB4EP
HoVkgUxeKaKV620RO+nCV80ZTy+rqJrq2a/MpZGD9Ra+hKOkCt0mElayCG091mlz
tygLXwgt5ID9m3V1mJQ0f4GK6w5s+t8pK/TByXM1eToqlDsyFM/iAwbmDoehSe/r
2Dq3fuB7f3Mqxnit8xfMRK/HGV1yDFwco2y6CggU1rhwl8gm56Pd90AEx3J+gkzP
Y6hQ5lldcHlpb2oSdI+C7UjJKySuEui2FvAYRgf2u/edcCUvrYR9zHqmanS9NCR2
+ZCgfBHoQRPWOWzuDKo5RFmheghhYDtqpp1BUHjpR+0B27h1sWeqECMzAvnLOfLU
ZgEJAhCr45YwxmaISlsPR5Z8Dr5G4sXuuciiIX7qJnDiQZBZcaPDMIUjheb69GbX
aMW5suQMmVlCPfaqJtKrBmtpSuF0DvDALuBIQIOUD60AUewlZq4OnOabdDo4nsIZ
Oo1AY3Jhcg==
=SuqK
-----END PGP MESSAGE-----
fp: 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
unencrypted_suffix: _unencrypted
version: 3.10.2

View file

@ -0,0 +1,15 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/dooris/docker_compose/compose.yaml.j2') }}"
docker_compose__configuration_files: [ ]
certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains:
- "dooris.ccchh.net"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
certbot__http_01_port: 80
nginx__version_spec: ""
nginx__configurations:
- name: dooris.ccchh.net
content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/dooris.ccchh.net.conf') }}"

View file

@ -1,29 +1,40 @@
all:
hosts:
light:
ansible_host: light.z9.ccchh.net
ansible_user: chaos
authoritative-dns:
ansible_host: authoritative-dns.z9.ccchh.net
ansible_user: chaos
dooris:
ansible_host: 10.31.208.201
ansible_user: chaos
light:
ansible_host: light.z9.ccchh.net
ansible_user: chaos
thinkcccore0:
ansible_host: thinkcccore0.z9.ccchh.net
certbot_hosts:
hosts:
dooris:
docker_compose_hosts:
hosts:
dooris:
foobazdmx_hosts:
hosts:
light:
hypervisors:
hosts:
thinkcccore0:
infrastructure_authorized_keys_hosts:
hosts:
dooris:
light:
authoritative-dns:
nginx_hosts:
hosts:
dooris:
light:
ola_hosts:
hosts:
light:
foobazdmx_hosts:
hosts:
light:
infrastructure_authorized_keys_hosts:
hosts:
light:
authoritative-dns:
proxmox_vm_template_hosts:
hosts:
thinkcccore0:

View file

@ -0,0 +1,22 @@
---
services:
dooris:
image: git.hamburg.ccc.de/ccchh/hmdooris/hmdooris:latest
environment:
HMDOORIS_ALLOWED_IPS: "2a07:c481:1:c8::/64 2a01:170:118b::/56"
HMDOORIS_CCUJACK_CERTIFICATE_PATH: false
HMDOORIS_CCUJACK_PASSWORD: "{{ secret__dooris_ccujack_password }}"
HMDOORIS_CCUJACK_URL: https://hmdooris-ccu.ccchh.net:2122
HMDOORIS_CCUJACK_USERNAME: dooris
HMDOORIS_CLIENT_ID: dooris
HMDOORIS_CLIENT_SECRET: "{{ secret__dooris_client_secret }}"
HMDOORIS_DISCOVERY_URL: https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration
HMDOORIS_LISTEN: '0.0.0.0:3000'
HMDOORIS_REQUIRES_GROUP: intern
HMDOORIS_URL: https://dooris.ccchh.net
PYTHONWARNINGS: "ignore:Unverified HTTPS request"
#DEBUG: true
ports:
- "127.0.0.1:3000:3000"
restart: unless-stopped

View file

@ -0,0 +1,34 @@
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
listen [::]:443 ssl http2;
server_name dooris.ccchh.net;
ssl_certificate /etc/letsencrypt/live/dooris.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dooris.ccchh.net/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/dooris.ccchh.net/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 443;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
# Hide the X-Forwarded header.
proxy_hide_header X-Forwarded;
# Assume we are the only Reverse Proxy (well using Proxy Protocol, but that
# is transparent).
# Also provide "_hidden" for by, since it's not relevant.
proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
proxy_intercept_errors off;
location / {
proxy_pass http://127.0.0.1:3000/;
}
}