Add home-k8s which just has monitoring and misc cleanup

2024-02-03 16:16:30 -08:00 · 2024-02-03 16:16:30 -08:00 · f761fcc3eb
commit f761fcc3eb
parent 252821c2a7
9 changed files with 50 additions and 37 deletions
--- a/home-k8s-playbook.yaml
+++ b/home-k8s-playbook.yaml
@ -0,0 +1,6 @@
+- hosts: home_k8s
+  vars:
+    ansible_user: root
+  roles:
+    - base
+    - monitoring
--- a/inventory.yml
+++ b/inventory.yml
@ -3,14 +3,36 @@ nameservers:
    dns.janky.solutions:
      ansible_host: 10.5.1.156
      powerdns_admin: yes
-      wireguard_ip: 10.6.0.1
-      wireguard_pubkey: hYUM1LRSemvjcPfHHcH9sZOsE45xWRSkasXs8uEDJDo=
-      wireguard_endpoint: wg.home.finn.io
+      dns_wg_ip: 10.6.0.1
+      dns_wg_pubkey: hYUM1LRSemvjcPfHHcH9sZOsE45xWRSkasXs8uEDJDo=
+      dns_wg_endpoint: wg.home.finn.io
+      home_network: true
    ns1.janky.zone:
      ansible_host: 137.184.226.48
-      wireguard_ip: 10.6.0.101
-      wireguard_pubkey: TwJXoSNhKhCCerjq1P8o3SBGQEe5vfjnB2Y9uX8mATU=
+      dns_wg_ip: 10.6.0.101
+      dns_wg_pubkey: TwJXoSNhKhCCerjq1P8o3SBGQEe5vfjnB2Y9uX8mATU=
    ns2.janky.zone:
      ansible_host: 66.42.71.31
-      wireguard_ip: 10.6.0.102
-      wireguard_pubkey: gTa4wsiQCGu+rbH05U8bjDJPVzINKJ/BIY0FejSWrWs=
+      dns_wg_ip: 10.6.0.102
+      dns_wg_pubkey: gTa4wsiQCGu+rbH05U8bjDJPVzINKJ/BIY0FejSWrWs=
+
+monitoring:
+  hosts:
+    hypervisor-d.home.finn.io:
+      ansible_host: 10.5.1.123
+      home_network: true
+
+authentik:
+  hosts:
+    authentik.home.finn.io:
+      ansible_host: 10.5.1.133
+      home_network: true
+
+home_k8s:
+  hosts:
+    k8s-node-1:
+      home_network: true
+    k8s-node-2:
+      home_network: true
+    k8s-node-3:
+      home_network: true
--- a/roles/monitoring/files/grafana-apt-key.gpg
+++ b/roles/monitoring/files/grafana-apt-key.gpg
--- a/roles/monitoring/handlers/main.yml
+++ b/roles/monitoring/handlers/main.yml
@ -0,0 +1,7 @@
+- name: systemctl daemon-reload
+  command: systemctl daemon-reload
+
+- name: restart promtail
+  service:
+    name: promtail
+    state: restarted
--- a/roles/monitoring/tasks/main.yml
+++ b/roles/monitoring/tasks/main.yml
@ -5,3 +5,4 @@

 - name: promtail
  include_tasks: promtail.yml
+  when: home_network
--- a/roles/monitoring/templates/promtail.yml
+++ b/roles/monitoring/templates/promtail.yml
@ -4,7 +4,7 @@ server:
  grpc_listen_port: 0

 clients:
-  - url: https://logs.janky.solutions
+  - url: http://monitoring-0:3100/loki/api/v1/push
    external_labels:
      hostname: "{{ inventory_hostname }}"

@ -16,7 +16,7 @@ scrape_configs:
    relabel_configs:
      - source_labels: ['__journal__systemd_unit']
        target_label: 'unit'
-{% if 'jobs' in logs %}
+{% if logs is defined and 'jobs' in logs %}
 {% for job_name, path in logs.jobs.items() %}
  - job_name: {{ job_name }}
    static_configs:
--- a/roles/pdns/templates/pg_hpa.conf
+++ b/roles/pdns/templates/pg_hpa.conf
@ -1,23 +0,0 @@
-# DO NOT DISABLE!
-# If you change this first entry you will need to make sure that the
-# database superuser can access the database using some other method.
-# Noninteractive access to all databases is required during automatic
-# maintenance (custom daily cronjobs, replication, and similar tasks).
-#
-# Database administrative login by Unix domain socket
-local   all             postgres                                peer
-
-# TYPE  DATABASE        USER            ADDRESS                 METHOD
-
-# "local" is for Unix domain socket connections only
-local   all             all                                     peer
-# IPv4 local connections:
-host    all             all             127.0.0.1/32            scram-sha-256
-# IPv6 local connections:
-host    all             all             ::1/128                 scram-sha-256
-# Allow replication connections from localhost, by a user with the
-# replication privilege.
-local   replication     all                                     peer
-host    replication     all             127.0.0.1/32            scram-sha-256
-host    replication     all             ::1/128                 scram-sha-256
-host    all             all             10.6.0.0/24             md5
--- a/roles/pdns/templates/postgres.conf
+++ b/roles/pdns/templates/postgres.conf
@ -1,4 +1,4 @@
-listen_addresses = 'localhost,{{ wireguard_ip }}'
+listen_addresses = 'localhost,{{ dns_wg_ip }}'

 {% if powerdns_admin|default(false) %}
 # write replica specific settings
--- a/roles/pdns/templates/wireguard.conf
+++ b/roles/pdns/templates/wireguard.conf
@ -1,14 +1,14 @@
 [Interface]
 PrivateKey = {{ lookup('ansible.builtin.ini', 'private_key section=wireguard file=secrets/' + inventory_hostname + '.ini') }}
 ListenPort = 51822
-Address = {{ wireguard_ip }}
+Address = {{ dns_wg_ip }}

 {% for host in hostvars %}
 {% if host != inventory_hostname %}
 # {{ host }}
 [Peer]
-Endpoint = {{ hostvars[host].wireguard_endpoint|default(host) }}:51822
-PublicKey = {{ hostvars[host].wireguard_pubkey }}
-AllowedIPs = {{ hostvars[host].wireguard_ip }}
+Endpoint = {{ hostvars[host].dns_wg_endpoint|default(host) }}:51822
+PublicKey = {{ hostvars[host].dns_wg_pubkey }}
+AllowedIPs = {{ hostvars[host].dns_wg_ip }}

 {% endif %}{% endfor %}