diff --git a/ansible/10_monitoring.yml b/ansible/10_monitoring.yml index 06dd019..98f7600 100644 --- a/ansible/10_monitoring.yml +++ b/ansible/10_monitoring.yml @@ -10,6 +10,7 @@ cache_valid_time: 86400 roles: + - role: roles/init - role: roles/fluent_bit - role: roles/grafana_loki - role: roles/prometheus_server diff --git a/ansible/15_postgresql.yml b/ansible/15_postgresql.yml index 6224246..468a119 100644 --- a/ansible/15_postgresql.yml +++ b/ansible/15_postgresql.yml @@ -10,6 +10,7 @@ cache_valid_time: 86400 roles: + - role: roles/init - role: roles/fluent_bit - role: roles/prometheus_node_exporter - role: roles/postgresql diff --git a/ansible/21_searxng.yml b/ansible/21_searxng.yml index ac2af3f..8ccba4f 100644 --- a/ansible/21_searxng.yml +++ b/ansible/21_searxng.yml @@ -10,6 +10,7 @@ cache_valid_time: 86400 roles: + - role: roles/init - role: roles/fluent_bit - role: roles/prometheus_node_exporter - role: roles/searxng diff --git a/ansible/30_load_balancer.yml b/ansible/30_load_balancer.yml index c786a46..b4c25c7 100644 --- a/ansible/30_load_balancer.yml +++ b/ansible/30_load_balancer.yml @@ -13,6 +13,7 @@ name: roles/nginx roles: + - role: roles/init - role: roles/fluent_bit - role: roles/prometheus_node_exporter - role: roles/prometheus_nginx_exporter diff --git a/ansible/inventories/dev/group_vars/load_balancers.yml b/ansible/inventories/dev/group_vars/load_balancers.yml index e9cc6c8..0a937cd 100644 --- a/ansible/inventories/dev/group_vars/load_balancers.yml +++ b/ansible/inventories/dev/group_vars/load_balancers.yml @@ -1,5 +1,27 @@ --- +users: + - name: admin + password_hash: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30623138653735643561343061356531373430393662383764633038383238383837626636393432 + 3138653539356430306266663864343563616332656131310a343632323363653665646363366437 + 66643430626437333461656231303339656435346261336238313036306431396333643965666631 + 3665393163623266320a373838313538626438623330393533353931336331623464613664633430 + 32303734396634376431383936643431313561303864343930393363623130663236666636353637 + 63613237383666656263316661333031643032323266636464313839653065316138343035346161 + 64313037336666353136383462333832373031623637636630326330313832333265386632343139 + 30306638356434376635346637346134653064613236326333656566383137353166393063333563 + 32623638343263313463313062303465626439356461613235656661623364656138 + ssh_public_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0" + opendoas_settings: "permit persist admin as root" + - name: ansible + password_hash: "" + ssh_public_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0" + opendoas_settings: "permit nopass ansible" + nginx_settings: server_tokens: false gzip: true diff --git a/ansible/inventories/dev/group_vars/monitoring.yml b/ansible/inventories/dev/group_vars/monitoring.yml index 31c4cd9..b15fd6a 100644 --- a/ansible/inventories/dev/group_vars/monitoring.yml +++ b/ansible/inventories/dev/group_vars/monitoring.yml @@ -1,5 +1,27 @@ --- +users: + - name: admin + password_hash: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30623138653735643561343061356531373430393662383764633038383238383837626636393432 + 3138653539356430306266663864343563616332656131310a343632323363653665646363366437 + 66643430626437333461656231303339656435346261336238313036306431396333643965666631 + 3665393163623266320a373838313538626438623330393533353931336331623464613664633430 + 32303734396634376431383936643431313561303864343930393363623130663236666636353637 + 63613237383666656263316661333031643032323266636464313839653065316138343035346161 + 64313037336666353136383462333832373031623637636630326330313832333265386632343139 + 30306638356434376635346637346134653064613236326333656566383137353166393063333563 + 32623638343263313463313062303465626439356461613235656661623364656138 + ssh_public_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0" + opendoas_settings: "permit persist admin as root" + - name: ansible + password_hash: "" + ssh_public_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0" + opendoas_settings: "permit nopass ansible" + prometheus_options: global: diff --git a/ansible/inventories/dev/group_vars/postgresql.yml b/ansible/inventories/dev/group_vars/postgresql.yml index 8efad85..ce4bd8a 100644 --- a/ansible/inventories/dev/group_vars/postgresql.yml +++ b/ansible/inventories/dev/group_vars/postgresql.yml @@ -1,5 +1,28 @@ --- +users: + - name: admin + password_hash: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30623138653735643561343061356531373430393662383764633038383238383837626636393432 + 3138653539356430306266663864343563616332656131310a343632323363653665646363366437 + 66643430626437333461656231303339656435346261336238313036306431396333643965666631 + 3665393163623266320a373838313538626438623330393533353931336331623464613664633430 + 32303734396634376431383936643431313561303864343930393363623130663236666636353637 + 63613237383666656263316661333031643032323266636464313839653065316138343035346161 + 64313037336666353136383462333832373031623637636630326330313832333265386632343139 + 30306638356434376635346637346134653064613236326333656566383137353166393063333563 + 32623638343263313463313062303465626439356461613235656661623364656138 + ssh_public_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0" + opendoas_settings: "permit persist admin as root" + - name: ansible + password_hash: "" + ssh_public_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0" + opendoas_settings: "permit nopass ansible" + + postgresql_global_config_options: - option: unix_socket_directories value: '{{ postgresql_unix_socket_directories | join(",") }}' @@ -14,12 +37,10 @@ postgresql_hba_entries: - {type: local, database: all, user: postgres, auth_method: peer} - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: "{{ postgresql_auth_method }}"} - {type: host, database: forgejo_db, user: forgejo, address: '192.168.0.20/32', auth_method: "{{ postgresql_auth_method }}"} - - {type: host, database: test_db, user: test, address: '0.0.0.0/0', auth_method: "{{ postgresql_auth_method }}"} postgresql_databases: - name: forgejo_db owner: forgejo - # state: absent postgresql_users: - name: forgejo @@ -37,14 +58,12 @@ postgresql_users: 63303735393638336137666234383363383764313533323031303533343562336230613434316432 383632343762373735633664313431613064 encrypted: true - # state: absent postgresql_privs: - db: forgejo_db roles: forgejo privs: ALL type: database - # state: absent postgres_users_no_log: false diff --git a/ansible/inventories/dev/group_vars/searxng.yml b/ansible/inventories/dev/group_vars/searxng.yml index f99563d..e6ee389 100644 --- a/ansible/inventories/dev/group_vars/searxng.yml +++ b/ansible/inventories/dev/group_vars/searxng.yml @@ -1,5 +1,28 @@ --- +users: + - name: admin + password_hash: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30623138653735643561343061356531373430393662383764633038383238383837626636393432 + 3138653539356430306266663864343563616332656131310a343632323363653665646363366437 + 66643430626437333461656231303339656435346261336238313036306431396333643965666631 + 3665393163623266320a373838313538626438623330393533353931336331623464613664633430 + 32303734396634376431383936643431313561303864343930393363623130663236666636353637 + 63613237383666656263316661333031643032323266636464313839653065316138343035346161 + 64313037336666353136383462333832373031623637636630326330313832333265386632343139 + 30306638356434376635346637346134653064613236326333656566383137353166393063333563 + 32623638343263313463313062303465626439356461613235656661623364656138 + ssh_public_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0" + opendoas_settings: "permit persist admin as root" + - name: ansible + password_hash: "" + ssh_public_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0" + opendoas_settings: "permit nopass ansible" + + searxng_homedir: /opt/searxng searxng_git_commit: e52e9bb4b699e39d9ce51874ea339d4773717389