dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity
1,176 Commits 14 Branches 0 Tags
7929176b4ef4b3d9b2e4fc222db6fc36099f70df
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dustin C. Hatch 7929176b4e create-dc: Update to use new provisioning process 
Instead of running `virt-install` directly from the `create-dc.sh`
script, it now relies on `newvm.sh`.  This will ensure that VMs created
to be domain controllers will conform to the same expectations as all
other machines, such as using the libvirt domain metadata to build
dynamic inventory.

Similarly, the `create-dc.yml` playbook now imports the `host-setup.yml`
playbook, which covers the basic setup of a new machine.  Again, this
ensures that the same policy is applied to DCs as to other machines.

Finally, domain controller machines now no longer use _winbind_ for
OS user accounts and authentication.  This never worked particularly
well on DCs anyway (particularly because of the way _winbind_ insists on
using domain-prefixed user accounts when it runs on a DC), and is now
worse with recent Fedora changes.  Instead, DCs now have local users who
authenticate via SSH certificates, the same as other current-generaton
servers.
2025-10-27 12:53:27 -05:00
.certs @ 0322911067
public-web: Add Tabitha's new SSH key
2024-03-15 10:29:03 -05:00
certs
websites/pyrocufflink: Switch to mod_md for cert
2025-09-04 10:04:37 -05:00
ci
ci: Add pipeline for fluent-bit Playbook
2025-10-17 07:53:10 -05:00
deploy
kubernetes: Manage worker nodes
2024-11-24 10:33:21 -06:00
group_vars
create-dc: Update to use new provisioning process
2025-10-27 12:53:27 -05:00
host_vars
smtp1: Fix mynetworks setting for k8s network
2025-08-20 07:11:27 -05:00
migration
hosts: Add loki1.p.b
2024-11-05 06:54:27 -06:00
passwords/kojiweb_secret
hosts: Add koji0.pyrocufflink.blue
2018-08-12 10:27:20 -05:00
plugins
inventory: Ignore errors connecting to libvirt
2025-07-27 17:47:31 -05:00
pulumi
pulumi: Manage HostVDS instances
2025-01-26 13:08:59 -06:00
roles
fluent-bit: Do not apply to K8s nodes
2025-10-17 07:51:32 -05:00
scripts
scripts/shutdown-vmhost: Skip Longhorn nodes
2025-08-29 21:38:12 -05:00
vars
ci: Optionally allow installing packages
2025-10-19 09:04:27 -05:00
vault
chromie: Set MinIO root password
2024-09-02 21:24:59 -05:00
.gitignore
plugins: Add lookup cache plugin
2025-07-13 16:02:57 -05:00
.gitmodules
certs: Add certificates submodule
2020-02-22 16:28:06 -06:00
.vault-secret.sh
vault-secret: Get key from Bitwarden
2023-04-23 20:05:00 -05:00
alertmanager.yml
r/alertmanager: Deploy AlertManager
2022-08-10 22:18:53 -05:00
ansible.cfg
plugins: Add lookup cache plugin
2025-07-13 16:02:57 -05:00
ansible.yml
ansible: Install Ansible
2018-04-08 12:20:03 -05:00
aria2.yml
aria2: Deploy aria2 download manager
2018-08-19 14:17:48 -05:00
auto-updates.yml
auto-updates: Install and configure dnf-automatic
2024-06-12 06:25:17 -05:00
base.yml
base: Factor out SSH host, user cert roles
2025-02-01 17:36:58 -06:00
bitwarden_rs.yml
bitwarden_rs: Deploy Bitwarden_rs using Docker
2019-09-19 19:27:29 -05:00
blackbox-exporter.yml
r/blackbox-exporter: Deploy blackbox_exporter
2022-08-10 22:18:53 -05:00
bootstrap.yml
bootstrap: Import useproxy playbook
2025-03-19 07:46:28 -05:00
btop.yml
btop: Install btop and run it on the console
2024-09-01 09:24:53 -05:00
burp-client.yml
burp-client: Switch from cron to systemd timer
2023-05-23 09:51:07 -05:00
burp-server.yml
burp-{client,server}: PBs to deploy BURP
2018-08-08 20:14:25 -05:00
certbot.yml
certbot: Playbook to deploy certbot
2018-06-13 22:23:27 -05:00
chrony.yml
chrony: Add role/PB for chrony
2025-03-16 16:37:19 -05:00
clouds.yaml
inventory: Configure for HostVDS openstack
2025-01-26 13:08:59 -06:00
collectd.yml
collect: Import dyngroups.yml playbook
2022-12-19 10:20:57 -06:00
create-dc.sh
create-dc: Update to use new provisioning process
2025-10-27 12:53:27 -05:00
create-dc.yml
create-dc: Update to use new provisioning process
2025-10-27 12:53:27 -05:00
datavol.yml
datavol: Handle undefined logical_volumes
2025-07-28 16:51:04 -05:00
dch-gw.yml
dch-gw: Initial commit
2018-03-27 20:44:43 -05:00
dch-proxy.yml
r/dch-proxy: Update and clean up
2024-08-24 11:46:28 -05:00
dch-root-ca-r2.crt
fixup-dch-root-ca-r2
2024-06-12 18:56:41 -05:00
dch-root-ca.crt
pyrocufflink: Trust DCH Root CA
2018-06-04 20:03:55 -05:00
dch-root-ca.yml
dch-root-ca: Add PB to trust DCH Root CA
2024-08-12 22:22:50 -05:00
dch-vpn.yml
Move VPN server to dedicated VM
2018-10-07 21:42:18 -05:00
deploy.sh
kubernetes: Manage worker nodes
2024-11-24 10:33:21 -06:00
dhcpcd.yml
dhcpcd: Install and configure dhcpcd
2018-03-13 23:19:50 -05:00
dhcpd.yml
dhcpd: Install and configure ISC DHCPD
2018-03-27 20:44:43 -05:00
docker-proxy.yml
docker-proxy: Deploy a proxy/cache for Docker Hub
2025-07-12 16:45:47 -05:00
docker.yml
roles/docker: Install and set up Docker daemon
2019-09-19 19:27:12 -05:00
domain-controller.yml
domain-controller: Configure local AD authentication
2018-03-11 18:16:17 -05:00
dyngroups.yml
dyngroups: Always run all tasks
2024-01-09 18:18:34 -06:00
epel.yml
fluent-bit: Enable EPEL repo if needed
2025-10-19 09:28:47 -05:00
facts.yml
facts: Do not collect facts in first play
2023-10-27 17:40:50 -05:00
fileserver.yml
fileserver: Configure Apache ~user directories
2019-01-04 20:52:23 -06:00
firewalld.yml
firewalld: Playbook to bootstrap firewalld
2018-01-29 15:11:07 -06:00
fluent-bit.yml
fluent-bit: Enable EPEL repo if needed
2025-10-19 09:28:47 -05:00
frigate.yml
r/frigate-exporter: Deploy Prometheus exporter
2024-10-21 20:27:31 -05:00
gitea.yml
r/gitea: use sshd_config.d
2023-11-13 17:45:21 -06:00
grafana.yml
grafana: Redirect HTTP to HTTPS
2022-08-10 21:55:54 -05:00
graylog.yml
graylog: Add PB to deploy Graylog server
2019-10-28 18:47:09 -05:00
hassdb.yml
hassdb: Fix playbook
2020-08-29 14:22:17 -05:00
homeassistant.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
host-setup.yml
fluent-bit: Deploy log collector for Victoria Logs
2025-08-05 07:14:08 -05:00
hostname.yml
hostname: Also write /etc/hosts
2018-04-08 10:11:43 -05:00
hosts
create-dc: Update to use new provisioning process
2025-10-27 12:53:27 -05:00
hosts.gw
chrony: Add role/PB for chrony
2025-03-16 16:37:19 -05:00
hosts.pyrocufflink.yml
Introduce dynamic inventory
2025-02-08 15:29:58 -06:00
hostvds.openstack.yml
inventory: Configure for HostVDS openstack
2025-01-26 13:08:59 -06:00
jellyfin.yml
jellyfin: Deploy Jellyfin media server
2023-09-12 13:38:35 -05:00
jenkins-slave.yml
jenkins-slave: Apply ssh-hostkeys role
2018-04-08 12:32:02 -05:00
journal2ntfy.yml
journal2ntfy: Script to send log messagess via ntfy
2023-05-17 14:51:21 -05:00
koji-builder.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji-hub.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji-web.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
kube-root-ca.crt
metrics: Scrape metrics from Kubernetes API server
2023-05-22 21:21:08 -05:00
kubernetes.yml
r/k8s-controller: Deploy HAProxy
2025-07-22 16:21:49 -05:00
loki.yml
r/loki-caddy: Caddy reverse proxy for Loki
2024-11-05 06:54:27 -06:00
metricspi.yml
metricspi: Apply victoria-metrics-nginx role
2022-08-12 13:14:41 -05:00
minio-backups.yml
minio-backups: Deploy MinIO for backups
2024-09-01 08:59:28 -05:00
minio.yml
minio: Install and configure MinIO
2023-05-09 21:37:46 -05:00
motioneye.yml
motioneye: Deploy motionEye camera software
2020-10-03 11:29:39 -05:00
named-server.yml
named-server: Playbook to deploy BIND
2018-01-29 15:10:04 -06:00
net-ifaces.yml
net-ifaces: PB to apply net-ifaces role
2018-07-23 17:35:10 -05:00
network.yml
network: Playbook to configure networking
2018-03-27 20:44:43 -05:00
newvm.sh
newvm: Add support for specifying static IP config
2025-10-24 11:17:11 -05:00
nextcloud.yml
nextcloud: Move database to db0
2024-09-02 21:03:33 -05:00
ntp.yml
ntp: Initial PB and role to set up ntpd
2018-04-22 11:19:22 -05:00
nut.yml
nut-monitor: Configure upsmon
2024-01-19 20:50:03 -06:00
postgresql.yml
r/postgresql-data: Manage users and databases
2025-02-01 17:36:58 -06:00
promtail.yml
promtail: Role/Playbook to deploy Promtail
2024-02-22 19:23:31 -06:00
protonvpn.yml
pyrocufflink-dns: Cloudflare over ProtonVPN
2020-09-06 11:06:58 -05:00
Pulumi.prod.yaml
pulumi: Manage HostVDS instances
2025-01-26 13:08:59 -06:00
Pulumi.yaml
pulumi: Manage HostVDS instances
2025-01-26 13:08:59 -06:00
pxe.yml
r/netboot/basementhud: Configure NBD export
2022-08-15 17:18:48 -05:00
pyproject.toml
pulumi: Manage HostVDS instances
2025-01-26 13:08:59 -06:00
pyrocufflink.yml
pyrocufflink: Trust DCH Root CA R2
2024-06-12 18:40:17 -05:00
radius.yml
radius: PB to configure RADIUS servers
2018-05-06 13:09:18 -05:00
radvd.yml
radvd: Install and configure radvd
2018-03-27 20:44:43 -05:00
raid-array.yml
raid-array: Fix md re-add automation
2025-08-05 10:31:33 -05:00
remount.yml
remount: Do not remount SquashFS volumes
2022-08-12 13:40:06 -05:00
repohost.yml
r/repohost: Configure Yum package repo host
2023-11-07 20:51:10 -06:00
restic.yml
restic: Trust dch-root-ca certificate
2025-03-29 09:34:17 -05:00
rngd.yml
rngd: PB to set up rngd
2018-08-13 20:25:22 -05:00
samba-dc.yml
samba-dc: Gather facts for all DCs
2024-06-23 10:43:15 -05:00
scrape-collectd-configmap.yml
scrape-collectd-configmap: Add PB
2025-07-20 21:27:54 -05:00
serterm.yml
r/serterm: Deploy serial terminal multiplexer
2024-11-10 13:15:08 -06:00
site.yml
site: Apply scrape-collectd-configmap PB
2025-07-18 12:46:22 -05:00
smtp-relay.yml
smtp-relay: PB to deploy Postfix SMTP relay
2018-04-15 11:38:51 -05:00
squid.yml
squid: Add role and PB to deploy Squid
2018-08-12 16:00:32 -05:00
ssh-host-certs.yml
base: Factor out SSH host, user cert roles
2025-02-01 17:36:58 -06:00
ssh-user-ca.yml
base: Factor out SSH host, user cert roles
2025-02-01 17:36:58 -06:00
synapse.yml
roles/synapse: Add cert role dependency
2021-01-31 15:38:18 -06:00
systemd-networkd.yml
r/systemd-networkd: Role to configure networkd
2021-10-10 16:09:15 -05:00
systemd-resolved.yml
r/systemd-resolved: Manage systemd resolver daemon
2022-08-12 14:35:14 -05:00
taiga.yml
taiga: Add playbook for Taiga
2019-09-19 19:51:45 -05:00
unifi.yml
unifi: Switch from nginx to Caddy
2025-03-16 17:17:00 -05:00
useproxy.yml
r/useproxy: Configure system-wide proxy
2024-08-12 18:47:04 -05:00
users.yml
users: Do not apply sudo role on Samba DCs
2025-10-22 21:13:03 -05:00
uv.lock
pulumi: Manage HostVDS instances
2025-01-26 13:08:59 -06:00
victoria-logs.yml
r/victoria-logs: Deploy VictoriaLogs
2025-05-30 21:19:05 -05:00
victoria-metrics.yml
r/vmalert: Deploy vmalert
2022-08-11 21:40:19 -05:00
vmhost.yml
vmhost: Allow host provisioner to log in
2025-02-08 16:49:14 -06:00
wait-for-host.yml
wait-for-host: PB to wait for a host to come up
2024-07-02 20:44:29 -05:00
websites.yml
websites: Remove formsubmit
2025-08-23 20:44:41 -05:00
wheelhost.yml
wheelhost: Publish wheels built by Jenkins
2019-03-22 10:19:27 -05:00
zabbix-agent.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zabbix-server.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zabbix.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zezere.yml
zezere: role/playbook to deploy Zezere
2021-07-05 09:34:25 -05:00
zigbee2mqtt.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
zwavejs2mqtt.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
Description
Ansible configuration policy for the private network/home lab of Dustin C. Hatch
http://dustin.hatch.name/
7.7 MiB
Languages
Jinja 86.2%
Python 6.6%
Shell 4.6%
Groovy 2.6%