dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity
266 Commits
14 Branches
0 Tags
7.3 MiB
Commit Graph

46 Commits (07a23267c64d0d61c28ec63ce3abcb7b0535c268)

Author SHA1 Message Date
Dustin 07a23267c6 hosts: Add dns1.pyrocufflink.blue 
To avoid having a single point of failure, a second recursive DNS server
is necessary. This will be useful in cases where the VM hosts must both
be taken offline, but Internet access is still required.

The new server, *dns1.pyrocufflink.blue*, has all the same zones defined
as the original. It forwards the *pyrocufflink.blue* zone and
corresponding reverse zones to the domain controllers, and acts as a
slave for the *pyrocufflink.red* zone.
 2018-08-12 17:24:37 -05:00
Dustin 26f3637bfa hosts: Add proxy0.pyrocufflink.blue 
As its name suggests, *proxy0.pyrocufflink.blue* acts as an HTTP proxy
server running Squid.
 2018-08-12 16:00:53 -05:00
Dustin b86ecb99fd squid: Add role and PB to deploy Squid 2018-08-12 16:00:32 -05:00
Dustin 00b04179b1 hosts: Remove smtp0.p.b 
Now that the SMTP relay has been moved to *smtp1.pyrocufflink.blue*,
*smtp0* is no longer needed.
 2018-08-12 15:23:08 -05:00
Dustin 72b148bd0e hosts: Add smtp1.p.b 
*smtp1.pyrocufflink.blue* is a VM that will replace
*smtp0.pyrocufflink.blue*, a Raspberry Pi.

I decided that there is little use in having the availability guarantee of
a discreet machine for the SMTP relay. The only system that would NEED
to send mail if the VM host fails is Zabbix, which operates as its own
relay anyway. As such, the main relay can be a VM, and the Raspberry Pi
can be repurposed as a recursive DNS server.
 2018-08-12 15:22:31 -05:00
Dustin 4e8bd8995b hosts: Add koji0.pyrocufflink.blue 
*koji0.pyrocufflink.blue* hosts the Koji ecosystem, including a builder.
 2018-08-12 10:27:20 -05:00
Dustin f9cba30582 koji: Add playbooks for Koji 
The `koji.yml` playbook can be used to deploy an entire Koji ecosystem.
It is composed of three smaller playbooks:

* `koji-hub.yml`: Deploys the Koji hub, GC, and Kojira
* `koji-web.yml`: Deploys the Koji Web GUI
* `koji-builder.yml`: Deploys the Koji builder
 2018-08-12 10:14:25 -05:00
Dustin 997951d59e hosts: Add file0.p.b to burp-client 
Adding *file0.pyrocufflink.blue* to enable automatic backups. The
`/home` and `/srv/cifs/Downloads` paths are backed up.
 2018-08-08 22:07:32 -05:00
Dustin 06b2d3163b hosts: Add burp0.p.b 
The machine *burp0.pyrocufflink.blue* runs a BURP server.
 2018-08-08 20:14:40 -05:00
Dustin 7ebc2bdfa2 burp-{client,server}: PBs to deploy BURP 
The `burp-client.yml` and `burp-server.yml` playbooks apply the
*burp-client* and *burp-server* roles to BURP clients and servers,
respectively. The server playbook also applies the *postfix* role to
ensure that SMTP is configured and backup notifications can be sent.
 2018-08-08 20:14:25 -05:00
Dustin 171edd72d9 hosts: Move vmhost1.p.b to hosts.offline 
Because *vmhost1.pyrocufflink.blue* is usually sleeping, continuous
enforcement jobs always fail. By keeping it in a separate inventory
file, configuration policy can still be applied to it manually, but it
will be ignored by continuous enforcement.
 2018-08-04 11:31:40 -05:00
Dustin 69a7e869b4 hosts: Add file0.p.b 2018-08-01 22:11:40 -05:00
Dustin 155cb091f4 fileserver: PB to deploy fileserver role 2018-08-01 22:08:24 -05:00
Dustin 67fc5c8c05 hosts: Add web0.p.b 
*web0.pyrocufflink.blue* hosts the public-facing websites
 2018-07-29 09:39:02 -05:00
Dustin 2d8418c7a7 websites: PB to deploy public-facing websites 2018-07-29 09:37:47 -05:00
Dustin 11dc40bc76 hosts: Add vmhost{0,1}.p.b 2018-07-23 17:35:10 -05:00
Dustin a8dd2e9ec3 vmhost: PB to set up VM hosts 2018-07-23 17:35:10 -05:00
Dustin b13f28f505 hosts: Add jenkins0.p.b 2018-06-24 13:27:47 -05:00
Dustin 5188250cfc hosts: Add dch-gw to zabbix group 
The gateway device is now monitored by Zabbix. Adding it to the *zabbix*
group ensures that the Zabbix agent is installed and configured
correctly.

Because the *zabbix-agent* role has a task to configure FirewallD, the
`host_uses_firewalld` variable needs to be set to `false` for *gw0*,
since it does not use FirewallD.
 2018-06-19 20:40:58 -05:00
Dustin 5ad0104500 hosts: Add git0.p.b to certbot 
The *git.pyrocufflink.blue* site now uses a certificate issued by Let's
Encrypt.
 2018-06-13 22:23:27 -05:00
Dustin d5769c254d certbot: Playbook to deploy certbot 2018-06-13 22:23:27 -05:00
Dustin 5318f0c5a1 hosts: Add rprx0.p.b 
*rprx0.pyrocufflink.blue* provides a reverse proxy for HTTP and HTTPS
for all public-facing web services
 2018-06-12 22:44:54 -05:00
Dustin 2f41ac3520 hosts: Add all domain members to zabbix group 
By making the *pyrocufflink* group a child of the *zabbix* group, all
hosts that are members of the former will have Zabbix installed.
 2018-06-12 21:13:39 -05:00
Dustin c2f819554c hosts: Alphabetize groups 2018-06-12 21:13:15 -05:00
Dustin d97dbaa189 hosts: Add git0.pyrocufflink.blue 
*git0.pyrocufflink.blue* hosts Gitea.
 2018-06-04 20:03:55 -05:00
Dustin aba3fe8e04 hosts: Add DCs to radius group 
All domain controllers for the *pyrocufflink.blue* domain are RADIUS
servers as well.
 2018-05-06 13:10:31 -05:00
Dustin 48a5c19232 hosts: Add dc0.p.b to nptd group 2018-04-22 11:20:02 -05:00
Dustin 424275fc57 ntp: Initial PB and role to set up ntpd 2018-04-22 11:19:22 -05:00
Dustin 7ce3c0e2c6 hosts: Add smtp0.p.b to zabbix 2018-04-15 13:30:08 -05:00
Dustin 2b127e1616 hosts: Add zbx0.p.b to smtp-server 
Zabbix servers should also be SMTP relays, so as to limit the
possibility for lost trigger alerts caused by outages.
 2018-04-15 13:28:45 -05:00
Dustin 2d58fdcebf hosts: Add smtp0.pyrocufflink.blue 
The host *smtp0.pyrocufflink.blue* serves the main SMTP relay for the
Pyrocufflink network.
 2018-04-15 11:39:33 -05:00
Dustin 94a89d8d78 smtp-relay: PB to deploy Postfix SMTP relay 
The `smtp-relay.yml` playbook configures Postfix on the managed node as
an SMTP relay.
 2018-04-15 11:38:51 -05:00
Dustin f3739d91ac hosts: Add hosts to zabbix group 
Hosts in the *zabbix* group will get the Zabbix agent deployed to them.
 2018-04-14 15:47:49 -05:00
Dustin 3bbe5aee6a hosts: Add zbx0.pyrocufflink.blue 
The host *zbx0.pyrocufflink.blue* (a Raspberry Pi) runs the Zabbix
server and web UI. It has a reserved IPv4 address to simplify reverse
DNS management for now, since Samba's dynamic DNS client does not
register PTR records.
 2018-04-14 15:47:30 -05:00
Dustin 9ace01788a zabbix: Playbooks for Zabbix server, agents 2018-04-14 15:31:17 -05:00
Dustin 1f6cc840eb hosts: Add cm0.pyrocufflink.blue 
This host is a Jenkins slave dedicated configuration management using
Ansible.
 2018-04-08 12:20:13 -05:00
Dustin ac4e9fc390 ansible: Install Ansible 
The `ansible.yml` playbook and corresponding *ansible* role simply
install Ansible and related utilities, such as OpenSSH and GnuPG.
 2018-04-08 12:20:03 -05:00
Dustin 54bc5570f1 jenkins-slave: PB to deploy Jenkins slave 2018-04-08 12:04:03 -05:00
Dustin 6bc55cfb45 hosts: Remove hard-coded IP addresses 
Now that DNS is up and running on the blue network, these hosts no
longer need their IP addresses in the inventory. These were wrong,
anyway.
 2018-04-07 22:57:15 -05:00
Dustin da5da95894 hosts: add gw0 2018-03-29 07:52:20 -05:00
Dustin a7ac6c586d dch-gw: Initial commit 
The *dch-gw* role, and the corresponding `dch-gw.yml` playbook, apply
all of the necessary configuration to the edge router on my home
network.
 2018-03-27 20:44:43 -05:00
Dustin e99db22765 hosts: dns0.p.b: Add to AD 2018-03-11 18:16:17 -05:00
Dustin 61b918242a hosts: Add dns0.p.b 2018-02-21 22:43:06 -06:00
Dustin 71f28dfee2 Add pyrocufflink-dns group 
The *pyrocufflink-dns* group specifies the BIND configuration for the
primary DNS servers on the "new" Pyrocufflink network.
 2018-02-21 22:42:18 -06:00
Dustin bf820c482e hosts: Add new domain controllers 2018-02-19 22:46:27 -06:00
Dustin 7f86881b7c Initial commit 2018-01-02 23:36:42 -06:00