Skip to content
Snippets Groups Projects
Commit dcb4443e authored by void's avatar void
Browse files

Neuer Server ogg für interne Dienste, alter Server warpsrvint raus

parent 3fe59b38
No related branches found
No related tags found
No related merge requests found
Showing
with 10 additions and 350 deletions
......@@ -22,25 +22,6 @@
- { role: common/cronapt, tags: cronapt }
- hosts: octoprint1
remote_user: root
roles:
- { role: common/cronapt, tags: cronapt }
- { role: common/docker, tags: docker }
- { role: common/prometheus-node, tags: prometheus-node }
- {
role: common/docker_dockerstats, tags: dockerstats,
servicename: dockerstats,
basedir: /srv/dockerstats
}
- {
role: octoprint/docker_octoprint, tags: octoprint,
servicename: octoprint,
basedir: /srv/octoprint,
octoprint_port: 80
}
- hosts: weatherwax
remote_user: root
roles:
......@@ -48,12 +29,11 @@
- { role: common/cronapt, tags: cronapt }
- hosts: warpsrvint
- hosts: ogg
remote_user: root
roles:
- { role: common/borgbackup, tags: borgbackup }
- { role: common/borgserver, tags: borgserver }
# - { role: common/cronapt, tags: cronapt }
- { role: common/cronapt, tags: cronapt }
- { role: common/docker, tags: docker }
- { role: common/prometheus-node, tags: prometheus-node }
- {
......@@ -62,58 +42,37 @@
basedir: /srv/dockerstats
}
- {
role: common/docker_ldap,
tags: ldap,
servicename: ldap
}
- { role: common/nginx, tags: nginx }
- {
role: warpsrvint/samba,
tags: samba
}
- {
role: warpsrvint/docker_esphome,
tags: esphome,
role: intern/docker_esphome, tags: esphome,
servicename: esphome,
basedir: /srv/esphome
}
- {
role: warpsrvint/docker_grafana,
tags: grafana,
servicename: grafana
role: intern/docker_heimdall, tags: heimdall,
servicename: heimdall,
basedir: /srv/heimdall
}
- { role: warpsrvint/docker_l4z0r, tags: l4z0r }
- { role: warpsrvint/docker_matestatdb, tags: matestatdb }
- {
role: warpsrvint/docker_mete,
tags: mete,
servicename: mete,
mete_port: 8084
}
- {
role: warpsrvint/docker_mqtt,
role: intern/docker_mqtt,
tags: mqtt,
servicename: mqtt,
influxdb_port: 18086
}
- {
role: warpsrvint/docker_nodered,
role: intern/docker_nodered,
tags: nodered,
servicename: nodered
}
- {
role: warpsrvint/docker_openhab,
role: intern/docker_openhab,
tags: openhab,
servicename: openhab,
influxdb_port: 28086
}
- {
role: warpsrvint/docker_unifi,
role: intern/docker_unifi,
tags: unifi,
servicename: unifi
}
- { role: warpsrvint/docker_warpinfra, tags: warpinfra }
- hosts: webserver
......
---
# Get secrets
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: /srv/ldap/secret/ldap_readonly_pass, length: 24 }
- { path: /srv/grafana/grafana_admin_pass, length: 12 }
- name: create folder struct for grafana
file:
path: "{{ item }}"
state: "directory"
with_items:
- "/srv/grafana/"
- "/srv/grafana/config/"
- "/srv/grafana/data/"
- name: create config files
template: src={{ item }} dest=/srv/grafana/config/{{ item }}
with_items:
- grafana.ini
- ldap.toml
register: config
- name: Docker Compose Konfig-Datei erstellen
template:
src: "docker-compose.yml"
dest: "/srv/grafana/docker-compose.yml"
# - name: start grafana docker
# docker_service:
# project_src: /srv/grafana/
# state: absent
# when: config.changed
# - name: start grafana docker
# docker_service:
# project_src: /srv/grafana/
# state: present
version: "3"
services:
app:
image: grafana/grafana:6.6.0
restart: always
ports:
- 3000:3000
volumes:
- /srv/grafana/config/grafana.ini:/etc/grafana/grafana.ini
- /srv/grafana/config/ldap.toml:/etc/grafana/ldap.toml
- /srv/grafana/data/:/var/lib/grafana
environment:
GF_SERVER_ROOT_URL: "http://warpsrvint:3000"
GF_SECURITY_ADMIN_PASSWORD: "{{ grafana_admin_pass }}"
##################### Grafana Configuration ##################################
#
# Everything has defaults so you only need to uncomment things you want to
# change
# possible values : production, development
app_mode = production
# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
instance_name = intern
#
#################################### Server ####################################
[server]
# Protocol (http, https, socket)
;protocol = http
# The ip address to bind to, empty will bind to all interfaces
;http_addr =
# The http port to use
;http_port = 3000
# The public facing domain name used to access grafana from a browser
;domain = localhost
# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
;enforce_domain = false
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
;root_url = http://localhost:3000
# Log web requests
;router_logging = false
# the path relative working path
;static_root_path = public
# enable gzip
;enable_gzip = false
# https certs & key file
;cert_file =
;cert_key =
# Unix socket path
;socket =
#################################### Security ####################################
[security]
# default admin user, created on startup
;admin_user = admin
# default admin password, can be changed before first start of grafana, or in profile settings
;admin_password = admin
# used for signing
;secret_key = SW2YcwTIb9zpOOhoPsMm
# Auto-login remember days
;login_remember_days = 7
;cookie_username = grafana_user
;cookie_remember_name = grafana_remember
# disable gravatar profile images
;disable_gravatar = false
# data source proxy whitelist (ip_or_domain:port separated by spaces)
;data_source_proxy_whitelist =
[snapshots]
# snapshot sharing options
;external_enabled = true
;external_snapshot_url = https://snapshots-origin.raintank.io
;external_snapshot_name = Publish to snapshot.raintank.io
# remove expired snapshot
;snapshot_remove_expired = true
# remove snapshots after 90 days
;snapshot_TTL_days = 90
#################################### Users ####################################
[users]
# disable user signup / registration
allow_sign_up = false
# Allow non admin users to create organizations
allow_org_create = false
# Set to true to automatically assign new users to the default organization (id 1)
auto_assign_org = true
# Default role new users will be automatically assigned (if disabled above is set to true)
auto_assign_org_role = Viewer
# Background text for the user field on the login page
login_hint = infa.warpzone.ms account
# Default UI theme ("dark" or "light")
default_theme = dark
[auth]
# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
;disable_login_form = false
# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false
;disable_signout_menu = false
#################################### Anonymous Auth ##########################
[auth.anonymous]
# enable anonymous access
enabled = true
# specify organization name that should be used for unauthenticated users
org_name = Main Org.
# specify role for unauthenticated users
org_role = Viewer
#################################### Auth LDAP ##########################
[auth.ldap]
enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = true
#################################### Alerting ############################
[alerting]
# Disable alerting engine & UI features
enabled = false
# Makes it possible to turn off alert rule execution but alerting UI is visible
execute_alerts = false
# Set to true to log user information returned from LDAP
verbose_logging = false
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "{{ int_ip4 }}"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if ldap server supports TLS
use_ssl = false
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
start_tls = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Search user bind dn
bind_dn = "cn=readonly,dc=warpzone,dc=ms"
# Search user bind password
# If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;"""
bind_password = '{{ldap_readonly_pass}}'
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
search_filter = "(&(uid=%s)(memberOf=cn=active,ou=groups,dc=warpzone,dc=ms))"
# An array of base dns to search through
search_base_dns = ["dc=warpzone,dc=ms"]
# In POSIX LDAP schemas, without memberOf attribute a secondary query must be made for groups.
# This is done by enabling group_search_filter below. You must also set member_of= "cn"
# in [servers.attributes] below.
## Group search filter, to retrieve the groups of which the user is a member (only set if memberOf attribute is not available)
# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
## An array of the base DNs to search through for groups. Typically uses ou=groups
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name = "givenName"
surname = "sn"
username = "uid"
member_of = "memberOf"
email = "email"
# Map ldap groups to grafana org roles
[[servers.group_mappings]]
group_dn = "cn=grafana-admin,ou=infrastructure,dc=warpzone,dc=ms"
org_role = "Admin"
[[servers.group_mappings]]
group_dn = "cn=active,ou=groups,dc=warpzone,dc=ms"
org_role = "Editor"
[[servers.group_mappings]]
# If you want to match all (or no ldap groups) then you can use wildcard
group_dn = "*"
org_role = "Viewer"
---
# Create folders
- name: create folder struct for l4z0r
file:
path: "{{ item }}"
state: "directory"
with_items:
- "/srv/l4z0r"
- "/srv/l4z0r/db"
# Get secrets
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: /srv/l4z0r/mysql_root_pw, length: 24 }
- { path: /srv/l4z0r/mysql_user_pw, length: 12 }
# Create docker-compose.yml
- name: Konfig-Datei erstellen
template:
src: "docker-compose.yml"
dest: "/srv/l4z0r/docker-compose.yml"
# # Start containers
# - name: start l4z0r docker
# docker_service:
# project_src: /srv/l4z0r/
# state: present
version: "3"
services:
db:
image: mariadb:10.1
restart: always
ports:
- 0.0.0.0:33306:3306
volumes:
- /srv/l4z0r/db/:/var/lib/mysql
environment:
MYSQL_DATABASE: l4z0r
MYSQL_USER: l4z0r
MYSQL_PASSWORD: {{ mysql_user_pw }}
MYSQL_ROOT_PASSWORD: {{ mysql_root_pw }}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment