CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests Wiki Activity Actions

Compare commits

base: CCCHH:ecbc961b6a54c9128f7b88b5680fd7140cf88013
Branches Tags
CCCHH:main
CCCHH:ansible_pull_notify
CCCHH:feature/add-new-router
CCCHH:router-killing-turing
CCCHH:fux-alerts
CCCHH:move_to_sops
..
compare: CCCHH:61a3ccccea28befa208c3c299229b8b77b3d4c55
Branches Tags
CCCHH:main
CCCHH:ansible_pull_notify
CCCHH:feature/add-new-router
CCCHH:router-killing-turing
CCCHH:fux-alerts
CCCHH:move_to_sops

9 commits
ecbc961b6a ... 61a3ccccea

Author SHA1 Message Date
June
61a3ccccea
 		netbox(host): setup ansible_pull for host and define common config
Some checks failed
/ Ansible Lint (push) Failing after 47s
Details
/ Ansible Lint (pull_request) Failing after 47s
Details 
Define common ansible_pull configuration for chaosknoten inventory hosts
and setup ansible_pull for NetBox host.
 2025-10-13 16:56:18 +02:00
June
434ddfc955
 		ansible_pull(role): introduce ansible_pull role 
Introduce ansible_pull role for setting up automatic ansible_pull runs.
Also add accompanying host group and playbook play.
 2025-10-13 16:56:18 +02:00
June
8cb6ab3d04
 		reboot(role): intro. reboot role, which handles local conns. gracefully 
Also use this role instead of plain ansible.builtin.reboot.
This is in preparation for using ansible_pull as we don't want to have
ansible.builtin.reboot fail local playbook runs.
 2025-10-13 16:56:18 +02:00
June
1322bcec58
 		reverse proxy configuration for element-admin
Some checks failed
/ Ansible Lint (push) Failing after 47s
Details
2025-10-12 20:20:02 +02:00
June
1eaf85501f
 		reverse proxy configuration for matrix authentication service
Some checks failed
/ Ansible Lint (push) Failing after 46s
Details
2025-10-12 05:28:43 +02:00
June
dec68ab994
 		sunders(host): initialize sunders host
Some checks failed
/ Ansible Lint (push) Failing after 53s
Details
2025-10-11 20:52:26 +02:00
c6ristian
2ae8692603
 		grafana: set 2m for DHCP check
Some checks failed
/ Ansible Lint (push) Failing after 49s
Details 
so that service restart dont create a alert
 2025-09-12 13:21:23 +02:00
c6ristian
1355d4d834
 		grafana: make alerts better for fux
Some checks failed
/ Ansible Lint (push) Failing after 46s
Details
2025-09-09 19:30:53 +02:00
Stefan Bethke
592afdced9 add waybackproxy
Some checks failed
/ Ansible Lint (push) Failing after 50s
Details
2025-09-06 11:39:05 +02:00
13 changed files with 85 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
inventories/chaosknoten/host_vars/grafana.yaml
View file

@ -10,6 +10,8 @@ docker_compose__configuration_files:
content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2') }}" content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2') }}"
- name: prometheus_alerts.rules.yaml - name: prometheus_alerts.rules.yaml
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml') }}" content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml') }}"
- name: prometheus_alerts-fux.rules.yaml
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml') }}"
- name: alertmanager_alert_templates.tmpl - name: alertmanager_alert_templates.tmpl
content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl') }}" content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/grafana/docker_compose/alertmanager_alert_templates.tmpl') }}"
- name: loki.yaml - name: loki.yaml

6
inventories/chaosknoten/hosts.yaml
View file

@ -63,6 +63,10 @@ all:
ansible_host: ntfy-intern.hamburg.ccc.de ansible_host: ntfy-intern.hamburg.ccc.de
ansible_user: chaos ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
sunders:
ansible_host: sunders-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
hypervisors: hypervisors:
hosts: hosts:
chaosknoten: chaosknoten:
@ -84,6 +88,7 @@ base_config_hosts:
wiki: wiki:
zammad: zammad:
ntfy: ntfy:
sunders:
docker_compose_hosts: docker_compose_hosts:
hosts: hosts:
ccchoir: ccchoir:
@ -163,6 +168,7 @@ infrastructure_authorized_keys_hosts:
wiki: wiki:
zammad: zammad:
ntfy: ntfy:
sunders:
wiki_hosts: wiki_hosts:
hosts: hosts:
eh22-wiki: eh22-wiki:

7
inventories/z9/host_vars/waybackproxy.yaml Normal file
View file

@ -0,0 +1,7 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/z9/waybackproxy/docker_compose/compose.yaml.j2') }}"
docker_compose__configuration_files: [ ]
nginx__version_spec: ""
nginx__configurations:
- name: waybackproxy.ccchh.net
content: "{{ lookup('ansible.builtin.file', 'resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf') }}"

6
inventories/z9/hosts.yaml
View file

@ -11,6 +11,9 @@ all:
ansible_user: chaos ansible_user: chaos
thinkcccore0: thinkcccore0:
ansible_host: thinkcccore0.z9.ccchh.net ansible_host: thinkcccore0.z9.ccchh.net
waybackproxy:
ansible_host: waybackproxy.ccchh.net
ansible_user: chaos
yate: yate:
ansible_host: yate.ccchh.net ansible_host: yate.ccchh.net
ansible_user: chaos ansible_user: chaos
@ -20,6 +23,7 @@ certbot_hosts:
docker_compose_hosts: docker_compose_hosts:
hosts: hosts:
dooris: dooris:
waybackproxy:
yate: yate:
foobazdmx_hosts: foobazdmx_hosts:
hosts: hosts:
@ -32,11 +36,13 @@ infrastructure_authorized_keys_hosts:
dooris: dooris:
light: light:
authoritative-dns: authoritative-dns:
waybackproxy:
yate: yate:
nginx_hosts: nginx_hosts:
hosts: hosts:
dooris: dooris:
light: light:
waybackproxy:
ola_hosts: ola_hosts:
hosts: hosts:
light: light:

2
resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2
View file

@ -79,7 +79,7 @@ receivers:
- name: "email-fux-critical" - name: "email-fux-critical"
email_configs: email_configs:
- send_resolved: true - send_resolved: true
to: "stb@lassitu.de" to: "stb@lassitu.de,fux@zimdahl.org"
from: "alert-manager@hamburg.ccc.de" from: "alert-manager@hamburg.ccc.de"
smarthost: "cow.hamburg.ccc.de:587" smarthost: "cow.hamburg.ccc.de:587"
auth_username: "alert-manager@hamburg.ccc.de" auth_username: "alert-manager@hamburg.ccc.de"

1
resources/chaosknoten/grafana/docker_compose/compose.yaml.j2
View file

@ -14,6 +14,7 @@ services:
volumes: volumes:
- ./configs/prometheus.yml:/etc/prometheus/prometheus.yml - ./configs/prometheus.yml:/etc/prometheus/prometheus.yml
- ./configs/prometheus_alerts.rules.yaml:/etc/prometheus/rules/alerts.rules.yaml - ./configs/prometheus_alerts.rules.yaml:/etc/prometheus/rules/alerts.rules.yaml
- ./configs/prometheus_alerts-fux.rules.yaml:/etc/prometheus/rules/alerts-fux.rules.yaml
- prom_data:/prometheus - prom_data:/prometheus
alertmanager: alertmanager:

1
resources/chaosknoten/grafana/docker_compose/grafana-datasource.yml
View file

@ -18,4 +18,3 @@ datasources:
httpHeaderName1: "X-Scope-OrgID" httpHeaderName1: "X-Scope-OrgID"
secureJsonData: secureJsonData:
httpHeaderValue1: "chaos" httpHeaderValue1: "chaos"

41
resources/chaosknoten/grafana/docker_compose/prometheus_alerts-fux.rules.yaml Normal file
View file

@ -0,0 +1,41 @@
groups:
- name: Fux-Generic
rules:
- alert: HostJobFlaky
expr: group by(instance, job) (changes(up{org="fux"}[24h]) > 7)
for: 0m
labels:
severity: info
org: fux
annotations:
summary: Job {{ $labels.job }} flaky on (instance {{ $labels.instance }})
description: "The job {{ $labels.job }} on target: {{ $labels.instance }} has been flaky over the last 24 hours."
- name: Fux-SNMP
rules:
- alert: SnmpTargetMissing
expr: up{job=~".*snmp.*", org="fux"} == 0
for: 15m
labels:
severity: critical
org: fux
annotations:
summary: SNMP target missing (instance {{ $labels.instance }})
description: "SNMP target: {{ $labels.instance }} has disappeared for more the 15 min."
- name: Fux-DHCP
rules:
- alert: DhcpFuxSharedFailed
expr: script_success{script="check_dhcp_fux_shared"} == 0
for: 2m
labels:
severity: critical
annotations:
summary: DHCP for Fux Shared stoped working
description: "No DHCP lease for the Fux Shared range was received \n V"
- alert: DhcpFuxAdminFailed
expr: script_success{script_success="check_dhcp_fux_admin"} == 0
for: 2m
labels:
severity: critical
annotations:
summary: DHCP for Fux Admin stoped working
description: "No DHCP lease for the Fux Admin range was received"

4
resources/chaosknoten/grafana/docker_compose/prometheus_alerts.rules.yaml
View file

@ -410,7 +410,7 @@ groups:
summary: Prometheus job missing (instance {{ $labels.instance }}) summary: Prometheus job missing (instance {{ $labels.instance }})
description: "A Prometheus job has disappeared\n VALUE = {{ $value }}" description: "A Prometheus job has disappeared\n VALUE = {{ $value }}"
- alert: PrometheusTargetMissing - alert: PrometheusTargetMissing
expr: up == 0 expr: up{job!~"snmp|noc_room_temp"} == 0
for: 0m for: 0m
labels: labels:
severity: critical severity: critical
@ -418,7 +418,7 @@ groups:
summary: Prometheus target missing (instance {{ $labels.instance }}) summary: Prometheus target missing (instance {{ $labels.instance }})
description: "A Prometheus target has disappeared. An exporter might be crashed.\n VALUE = {{ $value }}" description: "A Prometheus target has disappeared. An exporter might be crashed.\n VALUE = {{ $value }}"
- alert: PrometheusAllTargetsMissing - alert: PrometheusAllTargetsMissing
expr: sum by (job) (up) == 0 expr: sum by (job) (up{job!~"snmp|noc_room_temp"}) == 0
for: 0m for: 0m
labels: labels:
severity: critical severity: critical

2
resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
View file

@ -17,6 +17,8 @@ map $host $upstream_acme_challenge_host {
invite.hamburg.ccc.de 172.31.17.144:31820; invite.hamburg.ccc.de 172.31.17.144:31820;
keycloak-admin.hamburg.ccc.de 172.31.17.144:31820; keycloak-admin.hamburg.ccc.de 172.31.17.144:31820;
matrix.hamburg.ccc.de 172.31.17.150:31820; matrix.hamburg.ccc.de 172.31.17.150:31820;
mas.hamburg.ccc.de 172.31.17.150:31820;
element-admin.hamburg.ccc.de 172.31.17.151:31820;
netbox.hamburg.ccc.de 172.31.17.167:31820; netbox.hamburg.ccc.de 172.31.17.167:31820;
onlyoffice.hamburg.ccc.de 172.31.17.147:31820; onlyoffice.hamburg.ccc.de 172.31.17.147:31820;
pad.hamburg.ccc.de 172.31.17.141:31820; pad.hamburg.ccc.de 172.31.17.141:31820;

2
resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
View file

@ -34,6 +34,8 @@ stream {
staging.hackertours.hamburg.ccc.de 172.31.17.151:8443; staging.hackertours.hamburg.ccc.de 172.31.17.151:8443;
netbox.hamburg.ccc.de 172.31.17.167:8443; netbox.hamburg.ccc.de 172.31.17.167:8443;
matrix.hamburg.ccc.de 172.31.17.150:8443; matrix.hamburg.ccc.de 172.31.17.150:8443;
mas.hamburg.ccc.de 172.31.17.150:8443;
element-admin.hamburg.ccc.de 172.31.17.151:8443;
element.hamburg.ccc.de 172.31.17.151:8443; element.hamburg.ccc.de 172.31.17.151:8443;
branding-resources.hamburg.ccc.de 172.31.17.151:8443; branding-resources.hamburg.ccc.de 172.31.17.151:8443;
www.hamburg.ccc.de 172.31.17.151:8443; www.hamburg.ccc.de 172.31.17.151:8443;

10
resources/z9/waybackproxy/docker_compose/compose.yaml.j2 Normal file
View file

@ -0,0 +1,10 @@
services:
# https://github.com/richardg867/WaybackProxy
waybackproxy:
image: cttynul/waybackproxy:latest
environment:
DATE: 19990101
DATE_TOLERANCE: 730
ports:
- "1999:8888"
restart: unless-stopped

5
resources/z9/waybackproxy/nginx/waybackproxy.ccchh.net.conf Normal file
View file

@ -0,0 +1,5 @@
# TODO: set up caching proxy
# server {
# listen 1999
# }