Configuring local machine.
This commit is contained in:
parent
f5e1301663
commit
db7c59cc70
|
@ -156,3 +156,6 @@ url = https://code.gouv.fr/feed/feed.xml
|
||||||
[feed.krebsonsecurity]
|
[feed.krebsonsecurity]
|
||||||
url = https://krebsonsecurity.com/
|
url = https://krebsonsecurity.com/
|
||||||
|
|
||||||
|
[feed.ycombinator]
|
||||||
|
url = https://hnrss.org/newest?points=300
|
||||||
|
|
||||||
|
|
|
@ -12,12 +12,7 @@ all:
|
||||||
mdk.fr:
|
mdk.fr:
|
||||||
ansible_host: 51.15.187.166
|
ansible_host: 51.15.187.166
|
||||||
online_server: sd-131717
|
online_server: sd-131717
|
||||||
grid:
|
silence:
|
||||||
hosts:
|
hosts:
|
||||||
bar.local:
|
silence:
|
||||||
ada.local:
|
ansible_host: 192.168.1.210
|
||||||
windhowl.local:
|
|
||||||
boole.local:
|
|
||||||
church.local:
|
|
||||||
alan.local:
|
|
||||||
shannon.local:
|
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
user: mdk
|
user: mdk
|
||||||
name: "rss2email"
|
name: "rss2email"
|
||||||
minute: "0"
|
minute: "0"
|
||||||
hour: "6,18"
|
hour: "6,12,18"
|
||||||
job: "/usr/bin/r2e run"
|
job: "/usr/bin/r2e run"
|
||||||
|
|
||||||
- name: Configure rss2email
|
- name: Configure rss2email
|
||||||
|
|
|
@ -0,0 +1,172 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- hosts: silence
|
||||||
|
tasks:
|
||||||
|
- name: requirements
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- smokeping
|
||||||
|
- infinoted
|
||||||
|
- nginx
|
||||||
|
- libnginx-mod-http-fancyindex
|
||||||
|
- go-sendxmpp
|
||||||
|
- syncthing
|
||||||
|
- rsync
|
||||||
|
- transmission-daemon
|
||||||
|
|
||||||
|
- name: Setup nftables
|
||||||
|
notify: restart nftables
|
||||||
|
copy:
|
||||||
|
dest: /etc/nftables.conf
|
||||||
|
content: |
|
||||||
|
#!/usr/sbin/nft -f
|
||||||
|
|
||||||
|
table inet filter
|
||||||
|
flush table inet filter
|
||||||
|
|
||||||
|
table inet filter {
|
||||||
|
chain input {
|
||||||
|
type filter hook input priority 0;
|
||||||
|
iif lo accept
|
||||||
|
ct state established,related accept
|
||||||
|
icmp type echo-request counter accept
|
||||||
|
icmpv6 type echo-request counter accept
|
||||||
|
ip saddr 192.168.1.0/24 accept
|
||||||
|
ip6 saddr 2a01:e0a:15:ac20::/64 accept
|
||||||
|
|
||||||
|
udp dport 51413 accept comment "transmission"
|
||||||
|
tcp dport 51413 accept comment "transmission"
|
||||||
|
|
||||||
|
# accept neighbour discovery otherwise ipv6 connectivity breaks:
|
||||||
|
icmpv6 type {nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert} accept
|
||||||
|
|
||||||
|
tcp dport {ssh, http, https} ct state new accept
|
||||||
|
|
||||||
|
counter drop
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
- name: Infinoted user
|
||||||
|
user:
|
||||||
|
name: infinoted
|
||||||
|
shell: /usr/bin/false
|
||||||
|
|
||||||
|
- name: Make infinoted files directory
|
||||||
|
file:
|
||||||
|
path: /home/infinoted/files/
|
||||||
|
state: directory
|
||||||
|
owner: infinoted
|
||||||
|
mode: 0700
|
||||||
|
|
||||||
|
- name: Setup infinoted
|
||||||
|
notify: restart infinoted
|
||||||
|
copy:
|
||||||
|
dest: /etc/xdg/infinoted.conf
|
||||||
|
content: |
|
||||||
|
[infinoted]
|
||||||
|
key-file=/home/infinoted/infinoted-key.pem
|
||||||
|
certificate-file=/home/infinoted/infinoted-cert.pem
|
||||||
|
security-policy=require-tls
|
||||||
|
plugins=note-text;autosave
|
||||||
|
root-directory=/home/infinoted/files/
|
||||||
|
|
||||||
|
[autosave]
|
||||||
|
interval=10
|
||||||
|
|
||||||
|
- name: Setup infinoted service
|
||||||
|
notify: restart infinoted
|
||||||
|
copy:
|
||||||
|
dest: /etc/systemd/system/infinoted.service
|
||||||
|
content: |
|
||||||
|
[Unit]
|
||||||
|
Description=Infinoted
|
||||||
|
Wants=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
# Needs to run `infinoted --create-certificate --create-key` (and kill it) manually first.
|
||||||
|
ExecStart=/usr/bin/infinoted
|
||||||
|
Restart=always
|
||||||
|
RestartSec=60
|
||||||
|
User=infinoted
|
||||||
|
StartLimitIntervalSec=0
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
||||||
|
- name: Setup nginx
|
||||||
|
notify: reload nginx
|
||||||
|
copy:
|
||||||
|
dest: /etc/nginx/conf.d/silence.conf
|
||||||
|
content: |
|
||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream grafana {
|
||||||
|
server localhost:3000;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
server_name silence;
|
||||||
|
|
||||||
|
location /c-dans-l-air/ {
|
||||||
|
alias /srv/www/c-dans-l-air/;
|
||||||
|
fancyindex on;
|
||||||
|
fancyindex_default_sort date_desc;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /smokeping/smokeping.cgi {
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
root /usr/lib;
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/smokeping.cgi;
|
||||||
|
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ^~ /smokeping/ {
|
||||||
|
alias /usr/share/smokeping/www/;
|
||||||
|
index smokeping.cgi;
|
||||||
|
gzip off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /grafana/ {
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_pass http://grafana;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api/live/ {
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_pass http://grafana;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /transmission {
|
||||||
|
proxy_pass http://127.0.0.1:9091;
|
||||||
|
proxy_pass_header X-Transmission-Session-Id;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
- name: reload nginx
|
||||||
|
systemd:
|
||||||
|
name: nginx
|
||||||
|
state: reloaded
|
||||||
|
|
||||||
|
- name: restart nftables
|
||||||
|
systemd:
|
||||||
|
name: nftables
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: restart infinoted
|
||||||
|
systemd:
|
||||||
|
name: infinoted
|
||||||
|
state: restarted
|
20
wcg.yml
20
wcg.yml
|
@ -1,20 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- hosts: grid
|
|
||||||
tasks:
|
|
||||||
- name: Update and upgrade apt packages
|
|
||||||
apt:
|
|
||||||
upgrade: full
|
|
||||||
update_cache: yes
|
|
||||||
cache_valid_time: 86400
|
|
||||||
|
|
||||||
- name: Install boinc
|
|
||||||
apt: name=boinc-client state=present
|
|
||||||
|
|
||||||
- name: Get client state
|
|
||||||
command: cat /var/lib/boinc-client/client_state.xml
|
|
||||||
register: client_state
|
|
||||||
|
|
||||||
- name: Configure boinc
|
|
||||||
when: '"sizeof" not in client_state.stdout'
|
|
||||||
command: "boinccmd --project_attach http://www.worldcommunitygrid.org/ {{ wcg_auth }}"
|
|
Loading…
Reference in New Issue