Compare commits
8 commits
main
...
lint_and_c
Author | SHA1 | Date | |
---|---|---|---|
June | 99887e6d0f | ||
June | d3d37e2e4c | ||
June | cf5e6c4e1a | ||
June | bb24e6fd5a | ||
June | 4ff826e508 | ||
June | 4060dbbe21 | ||
June | a6453711d8 | ||
June | 6dcf254a24 |
6
.ansible-lint
Normal file
6
.ansible-lint
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
skip_list:
|
||||||
|
- "yaml[line-length]"
|
||||||
|
- "name[casing]"
|
||||||
|
|
||||||
|
exclude_paths:
|
||||||
|
- .forgejo/
|
15
.editorconfig
Normal file
15
.editorconfig
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
root = true
|
||||||
|
|
||||||
|
[*]
|
||||||
|
end_of_line = lf
|
||||||
|
insert_final_newline = true
|
||||||
|
trim_trailing_whitespace = true
|
||||||
|
indent_style = space
|
||||||
|
charset = utf-8
|
||||||
|
|
||||||
|
[*.md]
|
||||||
|
indent_size = 2
|
||||||
|
trim_trailing_whitespace = false
|
||||||
|
|
||||||
|
[*.yaml]
|
||||||
|
indent_size = 2
|
19
.forgejo/workflows/lint.yaml
Normal file
19
.forgejo/workflows/lint.yaml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
# Links & Resources:
|
||||||
|
# https://github.com/ansible/ansible-lint?tab=readme-ov-file#using-ansible-lint-as-a-github-action
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
push:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
ansible-lint:
|
||||||
|
name: Ansible Lint
|
||||||
|
runs-on: docker
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: miau
|
||||||
|
run: |
|
||||||
|
apt update
|
||||||
|
- name: Run ansible-lint
|
||||||
|
uses: https://github.com/ansible/ansible-lint@main
|
||||||
|
with:
|
||||||
|
setup_python: "false"
|
6
.yamllint.yaml
Normal file
6
.yamllint.yaml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
rules:
|
||||||
|
brackets:
|
||||||
|
min-spaces-inside: 1
|
||||||
|
max-spaces-inside: 1
|
||||||
|
min-spaces-inside-empty: 1
|
||||||
|
max-spaces-inside-empty: 1
|
|
@ -1,5 +1,5 @@
|
||||||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/ccchoir/compose.yaml.j2') }}"
|
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/ccchoir/compose.yaml.j2') }}"
|
||||||
docker_compose__configuration_files: []
|
docker_compose__configuration_files: [ ]
|
||||||
|
|
||||||
certbot__version_spec: ""
|
certbot__version_spec: ""
|
||||||
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/pad/compose.yaml.j2') }}"
|
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/pad/compose.yaml.j2') }}"
|
||||||
docker_compose__configuration_files: []
|
docker_compose__configuration_files: [ ]
|
||||||
|
|
||||||
certbot__version_spec: ""
|
certbot__version_spec: ""
|
||||||
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/pretalx/compose.yaml.j2') }}"
|
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/pretalx/compose.yaml.j2') }}"
|
||||||
docker_compose__configuration_files: []
|
docker_compose__configuration_files: [ ]
|
||||||
|
|
||||||
certbot__version_spec: ""
|
certbot__version_spec: ""
|
||||||
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/zammad/compose.yaml.j2') }}"
|
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/zammad/compose.yaml.j2') }}"
|
||||||
docker_compose__configuration_files: []
|
docker_compose__configuration_files: [ ]
|
||||||
|
|
||||||
certbot__version_spec: ""
|
certbot__version_spec: ""
|
||||||
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
apiVersion: 1
|
apiVersion: 1
|
||||||
|
|
||||||
datasources:
|
datasources:
|
||||||
- name: Prometheus
|
- name: Prometheus
|
||||||
type: prometheus
|
type: prometheus
|
||||||
url: http://prometheus:9090
|
url: http://prometheus:9090
|
||||||
isDefault: true
|
isDefault: true
|
||||||
access: proxy
|
access: proxy
|
||||||
editable: true
|
editable: true
|
||||||
|
|
||||||
|
|
|
@ -15,21 +15,21 @@ rule_files:
|
||||||
- "/etc/prometheus/rules/*.rules.yaml"
|
- "/etc/prometheus/rules/*.rules.yaml"
|
||||||
|
|
||||||
scrape_configs:
|
scrape_configs:
|
||||||
- job_name: prometheus
|
- job_name: prometheus
|
||||||
honor_timestamps: true
|
honor_timestamps: true
|
||||||
metrics_path: /metrics
|
metrics_path: /metrics
|
||||||
scheme: http
|
scheme: http
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets:
|
- targets:
|
||||||
- localhost:9090
|
- localhost:9090
|
||||||
- job_name: alertmanager
|
- job_name: alertmanager
|
||||||
honor_timestamps: true
|
honor_timestamps: true
|
||||||
metrics_path: /metrics
|
metrics_path: /metrics
|
||||||
scheme: http
|
scheme: http
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets:
|
- targets:
|
||||||
- alertmanager:9093
|
- alertmanager:9093
|
||||||
- job_name: c3lingo
|
- job_name: c3lingo
|
||||||
honor_timestamps: true
|
honor_timestamps: true
|
||||||
scrape_interval: 5s
|
scrape_interval: 5s
|
||||||
scrape_timeout: 1s
|
scrape_timeout: 1s
|
||||||
|
@ -38,7 +38,7 @@ scrape_configs:
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets:
|
- targets:
|
||||||
- mumble.c3lingo.org:443
|
- mumble.c3lingo.org:443
|
||||||
- job_name: mumble
|
- job_name: mumble
|
||||||
honor_timestamps: true
|
honor_timestamps: true
|
||||||
scrape_interval: 5s
|
scrape_interval: 5s
|
||||||
scrape_timeout: 1s
|
scrape_timeout: 1s
|
||||||
|
@ -47,14 +47,14 @@ scrape_configs:
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets:
|
- targets:
|
||||||
- mumble.hamburg.ccc.de:443
|
- mumble.hamburg.ccc.de:443
|
||||||
- job_name: opnsense-ccchh
|
- job_name: opnsense-ccchh
|
||||||
honor_timestamps: true
|
honor_timestamps: true
|
||||||
metrics_path: /metrics
|
metrics_path: /metrics
|
||||||
scheme: http
|
scheme: http
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets:
|
- targets:
|
||||||
- 185.161.129.132:9100
|
- 185.161.129.132:9100
|
||||||
- job_name: jitsi
|
- job_name: jitsi
|
||||||
honor_timestamps: true
|
honor_timestamps: true
|
||||||
scrape_interval: 5s
|
scrape_interval: 5s
|
||||||
scrape_timeout: 1s
|
scrape_timeout: 1s
|
||||||
|
@ -63,23 +63,23 @@ scrape_configs:
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets:
|
- targets:
|
||||||
- jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge
|
- jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge
|
||||||
- job_name: 'pve'
|
- job_name: 'pve'
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets:
|
- targets:
|
||||||
- 212.12.48.126 # chaosknoten
|
- 212.12.48.126 # chaosknoten
|
||||||
metrics_path: /pve
|
metrics_path: /pve
|
||||||
params:
|
params:
|
||||||
module: [default]
|
module: [ default ]
|
||||||
cluster: ['1']
|
cluster: [ '1' ]
|
||||||
node: ['1']
|
node: [ '1' ]
|
||||||
relabel_configs:
|
relabel_configs:
|
||||||
- source_labels: [__address__]
|
- source_labels: [ __address__ ]
|
||||||
target_label: __param_target
|
target_label: __param_target
|
||||||
- source_labels: [__param_target]
|
- source_labels: [ __param_target ]
|
||||||
target_label: instance
|
target_label: instance
|
||||||
- target_label: __address__
|
- target_label: __address__
|
||||||
replacement: pve-exporter:9221
|
replacement: pve-exporter:9221
|
||||||
- job_name: hosts
|
- job_name: hosts
|
||||||
static_configs:
|
static_configs:
|
||||||
# Wieske Chaosknoten VMs
|
# Wieske Chaosknoten VMs
|
||||||
- labels:
|
- labels:
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Links & Resources:
|
# Links & Resources:
|
||||||
# - https://samber.github.io/awesome-prometheus-alerts/rules
|
# - https://samber.github.io/awesome-prometheus-alerts/rules
|
||||||
groups:
|
groups:
|
||||||
- name: node-exporter
|
- name: node-exporter
|
||||||
rules:
|
rules:
|
||||||
- alert: HostOutOfMemory
|
- alert: HostOutOfMemory
|
||||||
expr: (node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes * 100 < 10) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
expr: (node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes * 100 < 10) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
||||||
|
@ -362,7 +362,7 @@ groups:
|
||||||
annotations:
|
annotations:
|
||||||
summary: Host requires reboot (instance {{ $labels.instance }})
|
summary: Host requires reboot (instance {{ $labels.instance }})
|
||||||
description: "{{ $labels.instance }} requires a reboot.\n VALUE = {{ $value }}"
|
description: "{{ $labels.instance }} requires a reboot.\n VALUE = {{ $value }}"
|
||||||
- name: prometheus
|
- name: prometheus
|
||||||
rules:
|
rules:
|
||||||
- alert: PrometheusJobMissing
|
- alert: PrometheusJobMissing
|
||||||
expr: absent(up{job="prometheus"})
|
expr: absent(up{job="prometheus"})
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
force: true
|
force: true
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
src: sshd_config.j2
|
src: sshd_config.j2
|
||||||
|
|
|
@ -4,4 +4,3 @@
|
||||||
user: chaos
|
user: chaos
|
||||||
exclusive: true
|
exclusive: true
|
||||||
key: https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys
|
key: https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys
|
||||||
|
|
|
@ -17,4 +17,4 @@ dependencies:
|
||||||
- role: docker_compose
|
- role: docker_compose
|
||||||
vars:
|
vars:
|
||||||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'compose.yaml.j2') }}"
|
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'compose.yaml.j2') }}"
|
||||||
docker_compose__configuration_files: []
|
docker_compose__configuration_files: [ ]
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
nginx__deploy_redirect_conf: true
|
nginx__deploy_redirect_conf: true
|
||||||
nginx__deploy_tls_conf: true
|
nginx__deploy_tls_conf: true
|
||||||
nginx__configurations: []
|
nginx__configurations: [ ]
|
||||||
nginx__use_custom_nginx_conf: false
|
nginx__use_custom_nginx_conf: false
|
||||||
nginx__custom_nginx_conf: ""
|
nginx__custom_nginx_conf: ""
|
||||||
|
|
|
@ -7,11 +7,11 @@
|
||||||
when: nginx__use_custom_nginx_conf
|
when: nginx__use_custom_nginx_conf
|
||||||
block:
|
block:
|
||||||
- name: when no `nginx.conf.ansiblesave` is present, save the current `nginx.conf`
|
- name: when no `nginx.conf.ansiblesave` is present, save the current `nginx.conf`
|
||||||
when: nginx__nginx_conf_ansiblesave_stat_result.stat.exists == false
|
when: not nginx__nginx_conf_ansiblesave_stat_result.stat.exists
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
force: true
|
force: true
|
||||||
dest: /etc/nginx/nginx.conf.ansiblesave
|
dest: /etc/nginx/nginx.conf.ansiblesave
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
remote_src: true
|
remote_src: true
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: "{{ nginx__custom_nginx_conf }}"
|
content: "{{ nginx__custom_nginx_conf }}"
|
||||||
dest: "/etc/nginx/nginx.conf"
|
dest: "/etc/nginx/nginx.conf"
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
become: true
|
become: true
|
||||||
|
@ -36,7 +36,7 @@
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
force: true
|
force: true
|
||||||
dest: /etc/nginx/nginx.conf
|
dest: /etc/nginx/nginx.conf
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
remote_src: true
|
remote_src: true
|
||||||
|
@ -55,7 +55,7 @@
|
||||||
ansible.builtin.get_url:
|
ansible.builtin.get_url:
|
||||||
force: true
|
force: true
|
||||||
dest: /etc/nginx-mozilla-dhparam
|
dest: /etc/nginx-mozilla-dhparam
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
url: https://ssl-config.mozilla.org/ffdhe2048.txt
|
url: https://ssl-config.mozilla.org/ffdhe2048.txt
|
||||||
become: true
|
become: true
|
||||||
notify: Restart `nginx.service`
|
notify: Restart `nginx.service`
|
||||||
|
@ -71,7 +71,7 @@
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
force: true
|
force: true
|
||||||
dest: /etc/nginx/conf.d/tls.conf
|
dest: /etc/nginx/conf.d/tls.conf
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
src: tls.conf
|
src: tls.conf
|
||||||
|
@ -89,7 +89,7 @@
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
force: true
|
force: true
|
||||||
dest: /etc/nginx/conf.d/redirect.conf
|
dest: /etc/nginx/conf.d/redirect.conf
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
src: redirect.conf
|
src: redirect.conf
|
||||||
|
@ -104,7 +104,7 @@
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: "{{ item.content }}"
|
content: "{{ item.content }}"
|
||||||
dest: "/etc/nginx/conf.d/{{ item.name }}.conf"
|
dest: "/etc/nginx/conf.d/{{ item.name }}.conf"
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
become: true
|
become: true
|
||||||
|
|
Loading…
Reference in a new issue