Configuring local machine.
This commit is contained in:
parent
f5e1301663
commit
db7c59cc70
GPG Key ID:
0EFC1AC1006886F8
|
|
@ -156,3 +156,6 @@ url = https://code.gouv.fr/feed/feed.xml
|
|||
[feed.krebsonsecurity]
|
||||
url = https://krebsonsecurity.com/
|
||||
|
||||
[feed.ycombinator]
|
||||
url = https://hnrss.org/newest?points=300
|
||||
|
||||
|
|
|
|||
|
|
@ -12,12 +12,7 @@ all:
|
|||
mdk.fr:
|
||||
ansible_host: 51.15.187.166
|
||||
online_server: sd-131717
|
||||
grid:
|
||||
silence:
|
||||
hosts:
|
||||
bar.local:
|
||||
ada.local:
|
||||
windhowl.local:
|
||||
boole.local:
|
||||
church.local:
|
||||
alan.local:
|
||||
shannon.local:
|
||||
silence:
|
||||
ansible_host: 192.168.1.210
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
user: mdk
|
||||
name: "rss2email"
|
||||
minute: "0"
|
||||
hour: "6,18"
|
||||
hour: "6,12,18"
|
||||
job: "/usr/bin/r2e run"
|
||||
|
||||
- name: Configure rss2email
|
||||
|
|
|
|||
|
|
@ -0,0 +1,172 @@
|
|||
---
|
||||
|
||||
- hosts: silence
|
||||
tasks:
|
||||
- name: requirements
|
||||
apt:
|
||||
name:
|
||||
- smokeping
|
||||
- infinoted
|
||||
- nginx
|
||||
- libnginx-mod-http-fancyindex
|
||||
- go-sendxmpp
|
||||
- syncthing
|
||||
- rsync
|
||||
- transmission-daemon
|
||||
|
||||
- name: Setup nftables
|
||||
notify: restart nftables
|
||||
copy:
|
||||
dest: /etc/nftables.conf
|
||||
content: |
|
||||
#!/usr/sbin/nft -f
|
||||
|
||||
table inet filter
|
||||
flush table inet filter
|
||||
|
||||
table inet filter {
|
||||
chain input {
|
||||
type filter hook input priority 0;
|
||||
iif lo accept
|
||||
ct state established,related accept
|
||||
icmp type echo-request counter accept
|
||||
icmpv6 type echo-request counter accept
|
||||
ip saddr 192.168.1.0/24 accept
|
||||
ip6 saddr 2a01:e0a:15:ac20::/64 accept
|
||||
|
||||
udp dport 51413 accept comment "transmission"
|
||||
tcp dport 51413 accept comment "transmission"
|
||||
|
||||
# accept neighbour discovery otherwise ipv6 connectivity breaks:
|
||||
icmpv6 type {nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert} accept
|
||||
|
||||
tcp dport {ssh, http, https} ct state new accept
|
||||
|
||||
counter drop
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
- name: Infinoted user
|
||||
user:
|
||||
name: infinoted
|
||||
shell: /usr/bin/false
|
||||
|
||||
- name: Make infinoted files directory
|
||||
file:
|
||||
path: /home/infinoted/files/
|
||||
state: directory
|
||||
owner: infinoted
|
||||
mode: 0700
|
||||
|
||||
- name: Setup infinoted
|
||||
notify: restart infinoted
|
||||
copy:
|
||||
dest: /etc/xdg/infinoted.conf
|
||||
content: |
|
||||
[infinoted]
|
||||
key-file=/home/infinoted/infinoted-key.pem
|
||||
certificate-file=/home/infinoted/infinoted-cert.pem
|
||||
security-policy=require-tls
|
||||
plugins=note-text;autosave
|
||||
root-directory=/home/infinoted/files/
|
||||
|
||||
[autosave]
|
||||
interval=10
|
||||
|
||||
- name: Setup infinoted service
|
||||
notify: restart infinoted
|
||||
copy:
|
||||
dest: /etc/systemd/system/infinoted.service
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Infinoted
|
||||
Wants=network.target
|
||||
|
||||
[Service]
|
||||
# Needs to run `infinoted --create-certificate --create-key` (and kill it) manually first.
|
||||
ExecStart=/usr/bin/infinoted
|
||||
Restart=always
|
||||
RestartSec=60
|
||||
User=infinoted
|
||||
StartLimitIntervalSec=0
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- name: Setup nginx
|
||||
notify: reload nginx
|
||||
copy:
|
||||
dest: /etc/nginx/conf.d/silence.conf
|
||||
content: |
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
upstream grafana {
|
||||
server localhost:3000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name silence;
|
||||
|
||||
location /c-dans-l-air/ {
|
||||
alias /srv/www/c-dans-l-air/;
|
||||
fancyindex on;
|
||||
fancyindex_default_sort date_desc;
|
||||
}
|
||||
|
||||
location /smokeping/smokeping.cgi {
|
||||
fastcgi_intercept_errors on;
|
||||
root /usr/lib;
|
||||
include /etc/nginx/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/smokeping.cgi;
|
||||
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
||||
}
|
||||
|
||||
location ^~ /smokeping/ {
|
||||
alias /usr/share/smokeping/www/;
|
||||
index smokeping.cgi;
|
||||
gzip off;
|
||||
}
|
||||
|
||||
location /grafana/ {
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_pass http://grafana;
|
||||
}
|
||||
|
||||
location /api/live/ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_pass http://grafana;
|
||||
}
|
||||
|
||||
location /transmission {
|
||||
proxy_pass http://127.0.0.1:9091;
|
||||
proxy_pass_header X-Transmission-Session-Id;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
|
||||
handlers:
|
||||
- name: reload nginx
|
||||
systemd:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: restart nftables
|
||||
systemd:
|
||||
name: nftables
|
||||
state: restarted
|
||||
|
||||
- name: restart infinoted
|
||||
systemd:
|
||||
name: infinoted
|
||||
state: restarted
|
||||
20
wcg.yml
20
wcg.yml
|
|
@ -1,20 +0,0 @@
|
|||
---
|
||||
|
||||
- hosts: grid
|
||||
tasks:
|
||||
- name: Update and upgrade apt packages
|
||||
apt:
|
||||
upgrade: full
|
||||
update_cache: yes
|
||||
cache_valid_time: 86400
|
||||
|
||||
- name: Install boinc
|
||||
apt: name=boinc-client state=present
|
||||
|
||||
- name: Get client state
|
||||
command: cat /var/lib/boinc-client/client_state.xml
|
||||
register: client_state
|
||||
|
||||
- name: Configure boinc
|
||||
when: '"sizeof" not in client_state.stdout'
|
||||
command: "boinccmd --project_attach http://www.worldcommunitygrid.org/ {{ wcg_auth }}"
|
||||
Loading…
Reference in New Issue