From bbe4cc131a7c9e5e1aa43595060a24163b093851 Mon Sep 17 00:00:00 2001 From: June Date: Sat, 3 May 2025 23:40:03 +0200 Subject: [PATCH] eh22-netbox: remove eh22-netbox as its being decommissioned --- .../chaosknoten/host_vars/eh22-netbox.yaml | 16 ----- inventories/chaosknoten/hosts.yaml | 10 ---- .../eh22-netbox/netbox/configuration.py.j2 | 60 ------------------- .../nginx/netbox.eh22.easterhegg.eu.conf | 48 --------------- .../grafana/docker_compose/prometheus.yml | 1 - .../nginx/acme_challenge.conf | 1 - .../public-reverse-proxy/nginx/nginx.conf | 1 - 7 files changed, 137 deletions(-) delete mode 100644 inventories/chaosknoten/host_vars/eh22-netbox.yaml delete mode 100644 resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 delete mode 100644 resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf diff --git a/inventories/chaosknoten/host_vars/eh22-netbox.yaml b/inventories/chaosknoten/host_vars/eh22-netbox.yaml deleted file mode 100644 index 56ba344..0000000 --- a/inventories/chaosknoten/host_vars/eh22-netbox.yaml +++ /dev/null @@ -1,16 +0,0 @@ -netbox__version: "v4.1.7" -netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}" -netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2') }}" -netbox__custom_pipeline_oidc_group_and_role_mapping: true - -nginx__version_spec: "" -nginx__configurations: - - name: netbox.eh22.easterhegg.eu - content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf') }}" - -certbot__version_spec: "" -certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz -certbot__certificate_domains: - - "netbox.eh22.easterhegg.eu" -certbot__new_cert_commands: - - "systemctl reload nginx.service" diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml index ed0d042..2450ca8 100644 --- a/inventories/chaosknoten/hosts.yaml +++ b/inventories/chaosknoten/hosts.yaml @@ -10,10 +10,6 @@ all: ansible_host: cloud-intern.hamburg.ccc.de ansible_user: chaos ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de - eh22-netbox: - ansible_host: eh22-netbox-intern.hamburg.ccc.de - ansible_user: chaos - ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de eh22-wiki: ansible_host: eh22-wiki-intern.hamburg.ccc.de ansible_user: chaos @@ -70,7 +66,6 @@ base_config_hosts: hosts: ccchoir: cloud: - eh22-netbox: eh22-wiki: grafana: keycloak: @@ -101,7 +96,6 @@ nextcloud_hosts: nginx_hosts: hosts: ccchoir: - eh22-netbox: eh22-wiki: grafana: tickets: @@ -121,7 +115,6 @@ public_reverse_proxy_hosts: certbot_hosts: hosts: ccchoir: - eh22-netbox: eh22-wiki: grafana: tickets: @@ -137,7 +130,6 @@ certbot_hosts: prometheus_node_exporter_hosts: hosts: ccchoir: - eh22-netbox: eh22-wiki: tickets: keycloak: @@ -150,7 +142,6 @@ prometheus_node_exporter_hosts: infrastructure_authorized_keys_hosts: hosts: ccchoir: - eh22-netbox: eh22-wiki: grafana: tickets: @@ -169,7 +160,6 @@ wiki_hosts: wiki: netbox_hosts: hosts: - eh22-netbox: netbox: proxmox_vm_template_hosts: hosts: diff --git a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 b/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 deleted file mode 100644 index 56995ca..0000000 --- a/resources/chaosknoten/eh22-netbox/netbox/configuration.py.j2 +++ /dev/null @@ -1,60 +0,0 @@ -ALLOWED_HOSTS = [ "netbox.eh22.easterhegg.eu" ] -DATABASE = { - "HOST": "localhost", - "NAME": "netbox", - "USER": "netbox", - "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/DATABASE_PASSWORD', create=false, missing='error') }}", -} -REDIS = { - "tasks": { - "HOST": "localhost", - "PORT": 6379, - "USERNAME": "", - "PASSWORD": "", - "DATABASE": 0, - "SSL": False, - }, - "caching": { - "HOST": "localhost", - "PORT": 6379, - "USERNAME": "", - "PASSWORD": "", - "DATABASE": 1, - "SSL": False, - }, -} -SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SECRET_KEY', create=false, missing='error') }}" -SESSION_COOKIE_SECURE = True - -# CCCHH ID (Keycloak) integration. -# https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7 -# https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html -REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2" -SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = ( - "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token" -) -SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = ( - "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth" -) -SOCIAL_AUTH_KEYCLOAK_KEY = "eh22-netbox" -SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB" -SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/eh22-netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}" -# Use custom OIDC group and role mapping pipeline functions added in via -# netbox__custom_pipeline_oidc_group_and_role_mapping. -# The default pipeline this is based on can be found here: -# https://github.com/netbox-community/netbox/blob/main/netbox/netbox/settings.py -SOCIAL_AUTH_PIPELINE = [ - "social_core.pipeline.social_auth.social_details", - "social_core.pipeline.social_auth.social_uid", - "social_core.pipeline.social_auth.social_user", - "social_core.pipeline.user.get_username", - "social_core.pipeline.user.create_user", - "social_core.pipeline.social_auth.associate_user", - "netbox.authentication.user_default_groups_handler", - "social_core.pipeline.social_auth.load_extra_data", - "social_core.pipeline.user.user_details", - # Custom OIDC group and role mapping functions. - "netbox.custom_pipeline_oidc_mapping.add_groups", - "netbox.custom_pipeline_oidc_mapping.remove_groups", - "netbox.custom_pipeline_oidc_mapping.set_roles", -] diff --git a/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf b/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf deleted file mode 100644 index 6c9d458..0000000 --- a/resources/chaosknoten/eh22-netbox/nginx/netbox.eh22.easterhegg.eu.conf +++ /dev/null @@ -1,48 +0,0 @@ -# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration -# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 -server { - # Listen on a custom port for the proxy protocol. - listen 8443 ssl http2 proxy_protocol; - # Make use of the ngx_http_realip_module to set the $remote_addr and - # $remote_port to the client address and client port, when using proxy - # protocol. - # First set our proxy protocol proxy as trusted. - set_real_ip_from 172.31.17.140; - # Then tell the realip_module to get the addreses from the proxy protocol - # header. - real_ip_header proxy_protocol; - - server_name netbox.eh22.easterhegg.eu; - - ssl_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/privkey.pem; - # verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /etc/letsencrypt/live/netbox.eh22.easterhegg.eu/chain.pem; - - # HSTS (ngx_http_headers_module is required) (63072000 seconds) - add_header Strict-Transport-Security "max-age=63072000" always; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Port 443; - # This is https in any case. - proxy_set_header X-Forwarded-Proto https; - # Hide the X-Forwarded header. - proxy_hide_header X-Forwarded; - # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that - # is transparent). - # Also provide "_hidden" for by, since it's not relevant. - proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden"; - - client_max_body_size 25m; - - location /static/ { - alias /opt/netbox/netbox/static/; - } - - location / { - proxy_pass http://127.0.0.1:8001; - } -} diff --git a/resources/chaosknoten/grafana/docker_compose/prometheus.yml b/resources/chaosknoten/grafana/docker_compose/prometheus.yml index 5f6232f..cf7f594 100644 --- a/resources/chaosknoten/grafana/docker_compose/prometheus.yml +++ b/resources/chaosknoten/grafana/docker_compose/prometheus.yml @@ -83,7 +83,6 @@ scrape_configs: - public-web-static-intern.hamburg.ccc.de:9100 - git-intern.hamburg.ccc.de:9100 - forgejo-actions-runner-intern.hamburg.ccc.de:9100 - - eh22-netbox-intern.hamburg.ccc.de:9100 - eh22-wiki-intern.hamburg.ccc.de:9100 - mjolnir-intern.hamburg.ccc.de:9100 - woodpecker-intern.hamburg.ccc.de:9100 diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf index e2b89d9..319347b 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf @@ -72,7 +72,6 @@ map $host $upstream_acme_challenge_host { cfp.eh22.easterhegg.eu 172.31.17.157:31820; hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820; hub-usercontent.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:31820; - netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:31820; default ""; } diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf index 6560b75..e732052 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf @@ -90,7 +90,6 @@ stream { cfp.eh22.easterhegg.eu pretalx-intern.hamburg.ccc.de:8443; hub.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443; hub-usercontent.eh22.easterhegg.eu eh22hub-intern.hamburg.ccc.de:8443; - netbox.eh22.easterhegg.eu eh22-netbox-intern.hamburg.ccc.de:8443; } server {