JankySolutions/infra
2
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages 12 Wiki Activity Actions

Add home-k8s which just has monitoring and misc cleanup

Browse source
This commit is contained in:
Finn 2024-02-03 16:16:30 -08:00
parent 252821c2a7
commit f761fcc3eb
9 changed files with 50 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
home-k8s-playbook.yaml Normal file
View file

@ -0,0 +1,6 @@
- hosts: home_k8s
vars:
ansible_user: root
roles:
- base
- monitoring

36
inventory.yml
View file

@ -3,14 +3,36 @@ nameservers:
dns.janky.solutions: dns.janky.solutions:
ansible_host: 10.5.1.156 ansible_host: 10.5.1.156
powerdns_admin: yes powerdns_admin: yes
wireguard_ip: 10.6.0.1 dns_wg_ip: 10.6.0.1
wireguard_pubkey: hYUM1LRSemvjcPfHHcH9sZOsE45xWRSkasXs8uEDJDo= dns_wg_pubkey: hYUM1LRSemvjcPfHHcH9sZOsE45xWRSkasXs8uEDJDo=
wireguard_endpoint: wg.home.finn.io dns_wg_endpoint: wg.home.finn.io
home_network: true
ns1.janky.zone: ns1.janky.zone:
ansible_host: 137.184.226.48 ansible_host: 137.184.226.48
wireguard_ip: 10.6.0.101 dns_wg_ip: 10.6.0.101
wireguard_pubkey: TwJXoSNhKhCCerjq1P8o3SBGQEe5vfjnB2Y9uX8mATU= dns_wg_pubkey: TwJXoSNhKhCCerjq1P8o3SBGQEe5vfjnB2Y9uX8mATU=
ns2.janky.zone: ns2.janky.zone:
ansible_host: 66.42.71.31 ansible_host: 66.42.71.31
wireguard_ip: 10.6.0.102 dns_wg_ip: 10.6.0.102
wireguard_pubkey: gTa4wsiQCGu+rbH05U8bjDJPVzINKJ/BIY0FejSWrWs= dns_wg_pubkey: gTa4wsiQCGu+rbH05U8bjDJPVzINKJ/BIY0FejSWrWs=
monitoring:
hosts:
hypervisor-d.home.finn.io:
ansible_host: 10.5.1.123
home_network: true
authentik:
hosts:
authentik.home.finn.io:
ansible_host: 10.5.1.133
home_network: true
home_k8s:
hosts:
k8s-node-1:
home_network: true
k8s-node-2:
home_network: true
k8s-node-3:
home_network: true

BIN
roles/monitoring/files/grafana-apt-key.gpg Normal file
View file

Binary file not shown.

7
roles/monitoring/handlers/main.yml Normal file
View file

@ -0,0 +1,7 @@
- name: systemctl daemon-reload
command: systemctl daemon-reload
- name: restart promtail
service:
name: promtail
state: restarted

1
roles/monitoring/tasks/main.yml
View file

@ -5,3 +5,4 @@
- name: promtail - name: promtail
include_tasks: promtail.yml include_tasks: promtail.yml
when: home_network

4
roles/monitoring/templates/promtail.yml
View file

@ -4,7 +4,7 @@ server:
grpc_listen_port: 0 grpc_listen_port: 0
clients: clients:
- url: https://logs.janky.solutions - url: http://monitoring-0:3100/loki/api/v1/push
external_labels: external_labels:
hostname: "{{ inventory_hostname }}" hostname: "{{ inventory_hostname }}"
@ -16,7 +16,7 @@ scrape_configs:
relabel_configs: relabel_configs:
- source_labels: ['__journal__systemd_unit'] - source_labels: ['__journal__systemd_unit']
target_label: 'unit' target_label: 'unit'
{% if 'jobs' in logs %} {% if logs is defined and 'jobs' in logs %}
{% for job_name, path in logs.jobs.items() %} {% for job_name, path in logs.jobs.items() %}
- job_name: {{ job_name }} - job_name: {{ job_name }}
static_configs: static_configs:

23
roles/pdns/templates/pg_hpa.conf
View file

@ -1,23 +0,0 @@
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 scram-sha-256
# IPv6 local connections:
host all all ::1/128 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 scram-sha-256
host replication all ::1/128 scram-sha-256
host all all 10.6.0.0/24 md5

2
roles/pdns/templates/postgres.conf
View file

@ -1,4 +1,4 @@
listen_addresses = 'localhost,{{ wireguard_ip }}' listen_addresses = 'localhost,{{ dns_wg_ip }}'
{% if powerdns_admin|default(false) %} {% if powerdns_admin|default(false) %}
# write replica specific settings # write replica specific settings

8
roles/pdns/templates/wireguard.conf
View file

@ -1,14 +1,14 @@
[Interface] [Interface]
PrivateKey = {{ lookup('ansible.builtin.ini', 'private_key section=wireguard file=secrets/' + inventory_hostname + '.ini') }} PrivateKey = {{ lookup('ansible.builtin.ini', 'private_key section=wireguard file=secrets/' + inventory_hostname + '.ini') }}
ListenPort = 51822 ListenPort = 51822
Address = {{ wireguard_ip }} Address = {{ dns_wg_ip }}
{% for host in hostvars %} {% for host in hostvars %}
{% if host != inventory_hostname %} {% if host != inventory_hostname %}
# {{ host }} # {{ host }}
[Peer] [Peer]
Endpoint = {{ hostvars[host].wireguard_endpoint|default(host) }}:51822 Endpoint = {{ hostvars[host].dns_wg_endpoint|default(host) }}:51822
PublicKey = {{ hostvars[host].wireguard_pubkey }} PublicKey = {{ hostvars[host].dns_wg_pubkey }}
AllowedIPs = {{ hostvars[host].wireguard_ip }} AllowedIPs = {{ hostvars[host].dns_wg_ip }}
{% endif %}{% endfor %} {% endif %}{% endfor %}