107 lines
4.2 KiB
YAML
107 lines
4.2 KiB
YAML
---
|
|
|
|
users:
|
|
- name: admin
|
|
password_hash: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
30623138653735643561343061356531373430393662383764633038383238383837626636393432
|
|
3138653539356430306266663864343563616332656131310a343632323363653665646363366437
|
|
66643430626437333461656231303339656435346261336238313036306431396333643965666631
|
|
3665393163623266320a373838313538626438623330393533353931336331623464613664633430
|
|
32303734396634376431383936643431313561303864343930393363623130663236666636353637
|
|
63613237383666656263316661333031643032323266636464313839653065316138343035346161
|
|
64313037336666353136383462333832373031623637636630326330313832333265386632343139
|
|
30306638356434376635346637346134653064613236326333656566383137353166393063333563
|
|
32623638343263313463313062303465626439356461613235656661623364656138
|
|
ssh_public_keys:
|
|
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0"
|
|
opendoas_settings: "permit persist admin as root"
|
|
- name: ansible
|
|
password_hash: ""
|
|
ssh_public_keys:
|
|
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0"
|
|
opendoas_settings: "permit nopass ansible"
|
|
|
|
nginx_settings:
|
|
server_tokens: false
|
|
gzip: true
|
|
ssl_protocols:
|
|
- TLSv1.2
|
|
- TLSv1.3
|
|
load_balancers:
|
|
http:
|
|
- upstream:
|
|
name: main-page
|
|
servers:
|
|
- 192.168.0.10:80
|
|
server:
|
|
listen_port: 80
|
|
names:
|
|
- dev.cuqmbr.xyz
|
|
- dev.cuqmbr.home
|
|
- upstream:
|
|
name: searxng
|
|
servers:
|
|
- 192.168.0.15:8888
|
|
server:
|
|
listen_port: 80
|
|
names:
|
|
- searxng.dev.cuqmbr.xyz
|
|
- searxng.dev.cuqmbr.home
|
|
# - upstream:
|
|
# name: prometheus
|
|
# servers:
|
|
# - 192.168.0.252:9090
|
|
# server:
|
|
# listen_port: 80
|
|
# names:
|
|
# - prometheus.dev.cuqmbr.xyz
|
|
# - prometheus.dev.cuqmbr.home
|
|
- upstream:
|
|
name: grafana
|
|
servers:
|
|
- 192.168.0.252:3000
|
|
server:
|
|
listen_port: 80
|
|
names:
|
|
- monitoring.dev.cuqmbr.xyz
|
|
- monitoring.dev.cuqmbr.home
|
|
statements:
|
|
- proxy_set_header Host $http_host
|
|
|
|
fluentbit_settings:
|
|
service:
|
|
flush: 1
|
|
daemon: false
|
|
log_level: info
|
|
http_server: false
|
|
pipeline:
|
|
inputs:
|
|
- name: systemd
|
|
tag: systemd_input
|
|
filters:
|
|
- name: rewrite_tag
|
|
match: systemd_input
|
|
rule: $_SYSTEMD_UNIT ^(nginx.service)$ nginx false
|
|
- name: rewrite_tag
|
|
match: systemd_input
|
|
rule: $_SYSTEMD_UNIT ^(nginx.service.+|(?!nginx.service).*)$ systemd false
|
|
- name: record_modifier
|
|
match: nginx
|
|
allowlist_key:
|
|
- MESSAGE
|
|
# - name: record_modifier
|
|
# match: systemd_tag
|
|
# allowlist_key:
|
|
# - _SYSTEMD_UNIT
|
|
# - MESSAGE
|
|
outputs:
|
|
- name: loki
|
|
host: 192.168.0.252
|
|
labels: "env=common,hostname=load-balancer,service_name=nginx"
|
|
match: nginx
|
|
- name: loki
|
|
host: 192.168.0.252
|
|
labels: "env=common,hostname=load-balancer,service_name=systemd"
|
|
match: systemd
|