Dustin C. Hatch
2cba5eb2e4
Most hosts will not need to send any messages to ntfy. Let's define the ntfy pipeline stages only for the machines that need them. There are currently two use cases for ntfy: * MD RAID status messages (from Chromie and nvr2) * WAN Link status messages (from gw1) Breaking up the pipeline into smaller pieces allows both of these use cases to define their appropriate filters while still sharing the common steps. The other machines that have no use for these steps now omit them entirely.
84 lines
2.3 KiB
YAML
84 lines
2.3 KiB
YAML
host_uses_firewalld: false
|
|
|
|
burp_backup:
|
|
- include: /etc
|
|
- exclude: /etc/selinux
|
|
- exclude: /etc/udev/hwdb.bin
|
|
|
|
restic_include:
|
|
- /etc
|
|
restic_exclude:
|
|
- /etc/selinux
|
|
- /etc/udev/hwdb.bin
|
|
|
|
nut_monitor_password: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
30313966316233643038626638343734356135393436333666353539666633373764343237363764
|
|
3263626334333965353833316136613562366232653264370a633866396263643438393136343331
|
|
38336337346434356164393961656663333162353035396662326138616666623164396363346331
|
|
3866663235393232320a386230346639643836623063373634383966663334626136313234333435
|
|
33313038643935343635366365626630613365316233393536373232616563396636323064366631
|
|
3734346263623832396439386463323430323437643537623262
|
|
|
|
sudo_use_pam_ssh_agent: true
|
|
sudo_authorized_ssh_keys: |
|
|
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIF4yQAS0bAQ9Ymxgxv828MsX0z4ff/Fs//0PQOtPexRJAAAABHNzaDo= dustin@rosalina.pyrocufflink.blue
|
|
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINal4+Gn/KuyP6YTsQuW4cphfDcjrS428osVIqnqMfagAAAABHNzaDo= dustin@luma.pyrocufflink.blue
|
|
# Default flags include -n, which makes Ansible complain about a "missing
|
|
# become password," even though it would never actually prompt for one.
|
|
ansible_become_flags: -H
|
|
|
|
promtail_scrape_configs:
|
|
- '{{ promtail_default_scrape.journal }}'
|
|
- job_name: named
|
|
static_configs:
|
|
- labels:
|
|
__path__: /var/log/named/*.log
|
|
job: named
|
|
pipeline_stages:
|
|
- regex:
|
|
expression: ^(?P<timestamp>\S+?) (?P<message>.*)
|
|
- timestamp:
|
|
source: timestamp
|
|
format: '2006-01-02T15:04:05.000'
|
|
- output:
|
|
source: message
|
|
|
|
dnf_automatic_reboot: never
|
|
|
|
chrony_servers: []
|
|
|
|
chrony_pools:
|
|
- 1.fedora.pool.ntp.org iburst
|
|
- 2.fedora.pool.ntp.org iburst
|
|
- 3.fedora.pool.ntp.org iburst
|
|
- 4.fedora.pool.ntp.org iburst
|
|
|
|
chrony_allow:
|
|
- 172.30.0.0/16
|
|
- 172.31.1.0/24
|
|
- 172.24.100.0/24
|
|
- 192.168.1.0/24
|
|
- fd68:c2d2:500e:3e00::/56
|
|
|
|
fluent_bit_ntfy_filters:
|
|
- name: rewrite_tag
|
|
alias: ntfy
|
|
match: host.*
|
|
rule: transport kernel ntfy true
|
|
- name: grep
|
|
match: ntfy
|
|
alias: ntfy.filter
|
|
regex: message wan.+Link
|
|
|
|
fluent_bit_default_filters: >-
|
|
{{
|
|
fluent_bit_common_filters +
|
|
fluent_bit_ntfy_filters +
|
|
fluent_bit_ntfy_common_filters
|
|
}}
|
|
|
|
fluent_bit_main_outputs:
|
|
- '{{ fluent_bit_output_systemd }}'
|
|
- '{{ fluent_bit_output_ntfy }}'
|