dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity
734 Commits 14 Branches 0 Tags
679ea47bf7ea3639d034e7e779017932baaa9f09
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dustin C. Hatch 679ea47bf7 r/homeassistant: Protect ~/.ssh 
When the Home Assistant container restarts, Podman relabels the entire
`/var/lib/homeassistant` directory as `container_file_t`.  Since the
*homeassistant* user's home directory is `/var/lib/homeassistant`, its
`~/.ssh` directory is thus also relabeled, preventing the SSH daemon
from accessing it.  Since Home Assistant itself does not need access to
this path, we can tell systemd to mount an empty tmpfs filesystem there
in the service unit's mount namespace.  This way, when Podman relabels
the directory, it will change the label of the tmpfs mount point instead
of the actual directory.
2023-06-08 10:05:36 -05:00
.certs @ 13f97e4fa1
websites: dustin.hatch.name: Deploy new site
2022-04-23 15:30:40 -05:00
certs
burp-server: Deploy MinIO
2023-05-09 21:55:25 -05:00
ci
ci: Add Jenkins pipeline for MinIO
2023-05-23 08:33:09 -05:00
group_vars
frigate: Configure journal2ntfy for MD RAID
2023-06-08 10:05:36 -05:00
host_vars
burp-server: Deploy MinIO
2023-05-09 21:55:25 -05:00
passwords/kojiweb_secret
hosts: Add koji0.pyrocufflink.blue
2018-08-12 10:27:20 -05:00
roles
r/homeassistant: Protect ~/.ssh
2023-06-08 10:05:36 -05:00
vars
ci: lib: Update for latest ansible container image
2022-12-03 13:36:10 -06:00
vault
synapse: Back up data using BURP
2023-05-23 09:52:50 -05:00
.gitignore
r/blackbox-exporter: Deploy blackbox_exporter
2022-08-10 22:18:53 -05:00
.gitmodules
certs: Add certificates submodule
2020-02-22 16:28:06 -06:00
.vault-secret.sh
vault-secret: Get key from Bitwarden
2023-04-23 20:05:00 -05:00
alertmanager.yml
r/alertmanager: Deploy AlertManager
2022-08-10 22:18:53 -05:00
ansible.cfg
ansible.cfg: Disable stupid group name warning
2019-09-19 19:50:35 -05:00
ansible.yml
ansible: Install Ansible
2018-04-08 12:20:03 -05:00
aria2.yml
aria2: Deploy aria2 download manager
2018-08-19 14:17:48 -05:00
base.yml
base: Enable serial console on KVM VMs
2021-10-16 14:34:51 -05:00
bitwarden_rs.yml
bitwarden_rs: Deploy Bitwarden_rs using Docker
2019-09-19 19:27:29 -05:00
blackbox-exporter.yml
r/blackbox-exporter: Deploy blackbox_exporter
2022-08-10 22:18:53 -05:00
burp-client.yml
burp-client: Switch from cron to systemd timer
2023-05-23 09:51:07 -05:00
burp-server.yml
burp-{client,server}: PBs to deploy BURP
2018-08-08 20:14:25 -05:00
certbot.yml
certbot: Playbook to deploy certbot
2018-06-13 22:23:27 -05:00
collectd.yml
collect: Import dyngroups.yml playbook
2022-12-19 10:20:57 -06:00
dch-gw.yml
dch-gw: Initial commit
2018-03-27 20:44:43 -05:00
dch-proxy.yml
dch-proxy: PB to deploy HAProxy
2018-07-01 15:19:20 -05:00
dch-root-ca.crt
pyrocufflink: Trust DCH Root CA
2018-06-04 20:03:55 -05:00
dch-vpn.yml
Move VPN server to dedicated VM
2018-10-07 21:42:18 -05:00
dhcpcd.yml
dhcpcd: Install and configure dhcpcd
2018-03-13 23:19:50 -05:00
dhcpd.yml
dhcpd: Install and configure ISC DHCPD
2018-03-27 20:44:43 -05:00
docker.yml
roles/docker: Install and set up Docker daemon
2019-09-19 19:27:12 -05:00
domain-controller.yml
domain-controller: Configure local AD authentication
2018-03-11 18:16:17 -05:00
dyngroups.yml
dyngroups: Also group by distribution and version
2022-12-19 10:20:09 -06:00
facts.yml
facts: Add PB to force fetching facts
2022-12-23 06:56:52 -06:00
fileserver.yml
fileserver: Configure Apache ~user directories
2019-01-04 20:52:23 -06:00
firewalld.yml
firewalld: Playbook to bootstrap firewalld
2018-01-29 15:11:07 -06:00
frigate.yml
r/frigate: Add role to deploy Frigate
2021-08-21 17:16:58 -05:00
gitea.yml
r/gitea: Update to 1.17.0
2022-09-01 17:29:34 -05:00
grafana.yml
grafana: Redirect HTTP to HTTPS
2022-08-10 21:55:54 -05:00
graylog.yml
graylog: Add PB to deploy Graylog server
2019-10-28 18:47:09 -05:00
hassdb.yml
hassdb: Fix playbook
2020-08-29 14:22:17 -05:00
homeassistant.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
hostname.yml
hostname: Also write /etc/hosts
2018-04-08 10:11:43 -05:00
hosts
frigate: Configure journal2ntfy for MD RAID
2023-06-08 10:05:36 -05:00
hosts.offline
r/collectd-sensors: Install collectd sensors plugin
2022-07-21 13:14:25 -05:00
jenkins-slave.yml
jenkins-slave: Apply ssh-hostkeys role
2018-04-08 12:32:02 -05:00
journal2ntfy.yml
journal2ntfy: Script to send log messagess via ntfy
2023-05-17 14:51:21 -05:00
koji-builder.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji-hub.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji-web.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
kube-root-ca.crt
metrics: Scrape metrics from Kubernetes API server
2023-05-22 21:21:08 -05:00
metricspi.yml
metricspi: Apply victoria-metrics-nginx role
2022-08-12 13:14:41 -05:00
minio.yml
minio: Install and configure MinIO
2023-05-09 21:37:46 -05:00
motioneye.yml
motioneye: Deploy motionEye camera software
2020-10-03 11:29:39 -05:00
named-server.yml
named-server: Playbook to deploy BIND
2018-01-29 15:10:04 -06:00
net-ifaces.yml
net-ifaces: PB to apply net-ifaces role
2018-07-23 17:35:10 -05:00
network.yml
network: Playbook to configure networking
2018-03-27 20:44:43 -05:00
nextcloud.yml
roles/cert: Add handler topic notification
2020-12-26 10:38:17 -06:00
ntp.yml
ntp: Initial PB and role to set up ntpd
2018-04-22 11:19:22 -05:00
nut.yml
nut: Add playbook for NUT
2021-10-31 14:28:27 -05:00
postgresql.yml
postgresql: PB to deploy PostgreSQL server
2018-04-14 15:28:46 -05:00
protonvpn.yml
pyrocufflink-dns: Cloudflare over ProtonVPN
2020-09-06 11:06:58 -05:00
pxe.yml
r/netboot/basementhud: Configure NBD export
2022-08-15 17:18:48 -05:00
pyrocufflink.yml
pyrocufflink: Trust DCH Root CA
2018-06-04 20:03:55 -05:00
radius.yml
radius: PB to configure RADIUS servers
2018-05-06 13:09:18 -05:00
radvd.yml
radvd: Install and configure radvd
2018-03-27 20:44:43 -05:00
remount.yml
remount: Do not remount SquashFS volumes
2022-08-12 13:40:06 -05:00
rngd.yml
rngd: PB to set up rngd
2018-08-13 20:25:22 -05:00
samba-dc.yml
samba-dc: Manage sudoers
2022-12-23 08:47:31 -06:00
smtp-relay.yml
smtp-relay: PB to deploy Postfix SMTP relay
2018-04-15 11:38:51 -05:00
squid.yml
squid: Add role and PB to deploy Squid
2018-08-12 16:00:32 -05:00
synapse.yml
roles/synapse: Add cert role dependency
2021-01-31 15:38:18 -06:00
systemd-networkd.yml
r/systemd-networkd: Role to configure networkd
2021-10-10 16:09:15 -05:00
systemd-resolved.yml
r/systemd-resolved: Manage systemd resolver daemon
2022-08-12 14:35:14 -05:00
taiga.yml
taiga: Add playbook for Taiga
2019-09-19 19:51:45 -05:00
victoria-metrics.yml
r/vmalert: Deploy vmalert
2022-08-11 21:40:19 -05:00
vmhost.yml
r/vmhost: mount shared filesystems
2021-10-10 16:09:15 -05:00
websites.yml
websites: Add hatchlearningcenter.org
2022-11-30 22:04:29 -06:00
wheelhost.yml
wheelhost: Publish wheels built by Jenkins
2019-03-22 10:19:27 -05:00
zabbix-agent.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zabbix-server.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zabbix.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zezere.yml
zezere: role/playbook to deploy Zezere
2021-07-05 09:34:25 -05:00
zigbee2mqtt.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
zwavejs2mqtt.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
Description
Ansible configuration policy for the private network/home lab of Dustin C. Hatch
http://dustin.hatch.name/
7.7 MiB
Languages
Jinja 86.2%
Python 6.6%
Shell 4.6%
Groovy 2.6%