diff --git a/home-k8s-playbook.yaml b/home-k8s-playbook.yaml new file mode 100644 index 0000000..1a3c43c --- /dev/null +++ b/home-k8s-playbook.yaml @@ -0,0 +1,6 @@ +- hosts: home_k8s + vars: + ansible_user: root + roles: + - base + - monitoring diff --git a/inventory.yml b/inventory.yml index 6444698..3c83f3d 100644 --- a/inventory.yml +++ b/inventory.yml @@ -3,14 +3,36 @@ nameservers: dns.janky.solutions: ansible_host: 10.5.1.156 powerdns_admin: yes - wireguard_ip: 10.6.0.1 - wireguard_pubkey: hYUM1LRSemvjcPfHHcH9sZOsE45xWRSkasXs8uEDJDo= - wireguard_endpoint: wg.home.finn.io + dns_wg_ip: 10.6.0.1 + dns_wg_pubkey: hYUM1LRSemvjcPfHHcH9sZOsE45xWRSkasXs8uEDJDo= + dns_wg_endpoint: wg.home.finn.io + home_network: true ns1.janky.zone: ansible_host: 137.184.226.48 - wireguard_ip: 10.6.0.101 - wireguard_pubkey: TwJXoSNhKhCCerjq1P8o3SBGQEe5vfjnB2Y9uX8mATU= + dns_wg_ip: 10.6.0.101 + dns_wg_pubkey: TwJXoSNhKhCCerjq1P8o3SBGQEe5vfjnB2Y9uX8mATU= ns2.janky.zone: ansible_host: 66.42.71.31 - wireguard_ip: 10.6.0.102 - wireguard_pubkey: gTa4wsiQCGu+rbH05U8bjDJPVzINKJ/BIY0FejSWrWs= + dns_wg_ip: 10.6.0.102 + dns_wg_pubkey: gTa4wsiQCGu+rbH05U8bjDJPVzINKJ/BIY0FejSWrWs= + +monitoring: + hosts: + hypervisor-d.home.finn.io: + ansible_host: 10.5.1.123 + home_network: true + +authentik: + hosts: + authentik.home.finn.io: + ansible_host: 10.5.1.133 + home_network: true + +home_k8s: + hosts: + k8s-node-1: + home_network: true + k8s-node-2: + home_network: true + k8s-node-3: + home_network: true diff --git a/roles/monitoring/files/grafana-apt-key.gpg b/roles/monitoring/files/grafana-apt-key.gpg new file mode 100644 index 0000000..7bcf81d Binary files /dev/null and b/roles/monitoring/files/grafana-apt-key.gpg differ diff --git a/roles/monitoring/handlers/main.yml b/roles/monitoring/handlers/main.yml new file mode 100644 index 0000000..a4cfd34 --- /dev/null +++ b/roles/monitoring/handlers/main.yml @@ -0,0 +1,7 @@ +- name: systemctl daemon-reload + command: systemctl daemon-reload + +- name: restart promtail + service: + name: promtail + state: restarted diff --git a/roles/monitoring/tasks/main.yml b/roles/monitoring/tasks/main.yml index 9304911..42f23bf 100644 --- a/roles/monitoring/tasks/main.yml +++ b/roles/monitoring/tasks/main.yml @@ -5,3 +5,4 @@ - name: promtail include_tasks: promtail.yml + when: home_network diff --git a/roles/monitoring/templates/promtail.yml b/roles/monitoring/templates/promtail.yml index 40a2db4..a5735bb 100644 --- a/roles/monitoring/templates/promtail.yml +++ b/roles/monitoring/templates/promtail.yml @@ -4,7 +4,7 @@ server: grpc_listen_port: 0 clients: - - url: https://logs.janky.solutions + - url: http://monitoring-0:3100/loki/api/v1/push external_labels: hostname: "{{ inventory_hostname }}" @@ -16,7 +16,7 @@ scrape_configs: relabel_configs: - source_labels: ['__journal__systemd_unit'] target_label: 'unit' -{% if 'jobs' in logs %} +{% if logs is defined and 'jobs' in logs %} {% for job_name, path in logs.jobs.items() %} - job_name: {{ job_name }} static_configs: diff --git a/roles/pdns/templates/pg_hpa.conf b/roles/pdns/templates/pg_hpa.conf deleted file mode 100644 index 6d99ec8..0000000 --- a/roles/pdns/templates/pg_hpa.conf +++ /dev/null @@ -1,23 +0,0 @@ -# DO NOT DISABLE! -# If you change this first entry you will need to make sure that the -# database superuser can access the database using some other method. -# Noninteractive access to all databases is required during automatic -# maintenance (custom daily cronjobs, replication, and similar tasks). -# -# Database administrative login by Unix domain socket -local all postgres peer - -# TYPE DATABASE USER ADDRESS METHOD - -# "local" is for Unix domain socket connections only -local all all peer -# IPv4 local connections: -host all all 127.0.0.1/32 scram-sha-256 -# IPv6 local connections: -host all all ::1/128 scram-sha-256 -# Allow replication connections from localhost, by a user with the -# replication privilege. -local replication all peer -host replication all 127.0.0.1/32 scram-sha-256 -host replication all ::1/128 scram-sha-256 -host all all 10.6.0.0/24 md5 diff --git a/roles/pdns/templates/postgres.conf b/roles/pdns/templates/postgres.conf index f027418..218a9fe 100644 --- a/roles/pdns/templates/postgres.conf +++ b/roles/pdns/templates/postgres.conf @@ -1,4 +1,4 @@ -listen_addresses = 'localhost,{{ wireguard_ip }}' +listen_addresses = 'localhost,{{ dns_wg_ip }}' {% if powerdns_admin|default(false) %} # write replica specific settings diff --git a/roles/pdns/templates/wireguard.conf b/roles/pdns/templates/wireguard.conf index a29122d..570d2a5 100644 --- a/roles/pdns/templates/wireguard.conf +++ b/roles/pdns/templates/wireguard.conf @@ -1,14 +1,14 @@ [Interface] PrivateKey = {{ lookup('ansible.builtin.ini', 'private_key section=wireguard file=secrets/' + inventory_hostname + '.ini') }} ListenPort = 51822 -Address = {{ wireguard_ip }} +Address = {{ dns_wg_ip }} {% for host in hostvars %} {% if host != inventory_hostname %} # {{ host }} [Peer] -Endpoint = {{ hostvars[host].wireguard_endpoint|default(host) }}:51822 -PublicKey = {{ hostvars[host].wireguard_pubkey }} -AllowedIPs = {{ hostvars[host].wireguard_ip }} +Endpoint = {{ hostvars[host].dns_wg_endpoint|default(host) }}:51822 +PublicKey = {{ hostvars[host].dns_wg_pubkey }} +AllowedIPs = {{ hostvars[host].dns_wg_ip }} {% endif %}{% endfor %}