dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity
952 Commits 14 Branches 0 Tags
7d93ba836ed8bf599fd4b1f5513eb5a09780200e
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dustin C. Hatch 7d93ba836e r/restic: Enhance restic-backup security sandbox 
Since `restic` needs to run as root in order to back up files regardless
of their permissions, we need to restrict it to doing only that.  Using
systemd sandbox features, especially the capability bounding set, we can
remove all of _root_'s powers except the ability to read all files.
2024-09-04 17:43:24 -05:00
.certs @ 0322911067
public-web: Add Tabitha's new SSH key
2024-03-15 10:29:03 -05:00
certs
hosts: Add db0.p.b
2024-07-02 20:44:29 -05:00
ci
pyrocufflink-dns: Drop group
2024-02-22 10:23:19 -06:00
deploy
hosts: Add chromie.p.b
2024-09-01 09:01:04 -05:00
group_vars
nextcloud: Back up Nextcloud with Restic
2024-09-04 17:41:42 -05:00
host_vars
hosts: Add chromie, nvr2 to nut-monitor group
2024-09-01 18:52:33 -05:00
migration
migration: Add PostgreSQL server migration script
2024-07-02 20:45:12 -05:00
passwords/kojiweb_secret
hosts: Add koji0.pyrocufflink.blue
2018-08-12 10:27:20 -05:00
roles
r/restic: Enhance restic-backup security sandbox
2024-09-04 17:43:24 -05:00
scripts
scripts: Add VM host maintenance scripts
2024-08-23 09:43:24 -05:00
vars
ci: Remove extraneous copy of ssh_known_hosts
2024-01-28 12:18:55 -06:00
vault
chromie: Set MinIO root password
2024-09-02 21:24:59 -05:00
.gitignore
r/blackbox-exporter: Deploy blackbox_exporter
2022-08-10 22:18:53 -05:00
.gitmodules
certs: Add certificates submodule
2020-02-22 16:28:06 -06:00
.vault-secret.sh
vault-secret: Get key from Bitwarden
2023-04-23 20:05:00 -05:00
alertmanager.yml
r/alertmanager: Deploy AlertManager
2022-08-10 22:18:53 -05:00
ansible.cfg
ansible.cfg: Disable stupid group name warning
2019-09-19 19:50:35 -05:00
ansible.yml
ansible: Install Ansible
2018-04-08 12:20:03 -05:00
aria2.yml
aria2: Deploy aria2 download manager
2018-08-19 14:17:48 -05:00
auto-updates.yml
auto-updates: Install and configure dnf-automatic
2024-06-12 06:25:17 -05:00
base.yml
r/ssu-user-ca: Configure sshd TrustedUserCAKeys
2024-02-01 18:46:40 -06:00
bitwarden_rs.yml
bitwarden_rs: Deploy Bitwarden_rs using Docker
2019-09-19 19:27:29 -05:00
blackbox-exporter.yml
r/blackbox-exporter: Deploy blackbox_exporter
2022-08-10 22:18:53 -05:00
bootstrap.yml
bootstrap: PB to bootstrap a new machine
2024-07-02 20:44:29 -05:00
btop.yml
btop: Install btop and run it on the console
2024-09-01 09:24:53 -05:00
burp-client.yml
burp-client: Switch from cron to systemd timer
2023-05-23 09:51:07 -05:00
burp-server.yml
burp-{client,server}: PBs to deploy BURP
2018-08-08 20:14:25 -05:00
certbot.yml
certbot: Playbook to deploy certbot
2018-06-13 22:23:27 -05:00
collectd.yml
collect: Import dyngroups.yml playbook
2022-12-19 10:20:57 -06:00
create-dc.sh
create-dc: Add PB for creating new DCs
2024-06-23 10:43:15 -05:00
create-dc.yml
create-dc: Add PB for creating new DCs
2024-06-23 10:43:15 -05:00
datavol.yml
datavol: Support creating btrfs subvolumes
2024-09-01 08:59:28 -05:00
dch-gw.yml
dch-gw: Initial commit
2018-03-27 20:44:43 -05:00
dch-proxy.yml
r/dch-proxy: Update and clean up
2024-08-24 11:46:28 -05:00
dch-root-ca-r2.crt
fixup-dch-root-ca-r2
2024-06-12 18:56:41 -05:00
dch-root-ca.crt
pyrocufflink: Trust DCH Root CA
2018-06-04 20:03:55 -05:00
dch-root-ca.yml
dch-root-ca: Add PB to trust DCH Root CA
2024-08-12 22:22:50 -05:00
dch-vpn.yml
Move VPN server to dedicated VM
2018-10-07 21:42:18 -05:00
deploy.sh
deploy.sh: Wrapper for deployment scripts
2024-07-02 20:44:29 -05:00
dhcpcd.yml
dhcpcd: Install and configure dhcpcd
2018-03-13 23:19:50 -05:00
dhcpd.yml
dhcpd: Install and configure ISC DHCPD
2018-03-27 20:44:43 -05:00
docker.yml
roles/docker: Install and set up Docker daemon
2019-09-19 19:27:12 -05:00
domain-controller.yml
domain-controller: Configure local AD authentication
2018-03-11 18:16:17 -05:00
dyngroups.yml
dyngroups: Always run all tasks
2024-01-09 18:18:34 -06:00
facts.yml
facts: Do not collect facts in first play
2023-10-27 17:40:50 -05:00
fileserver.yml
fileserver: Configure Apache ~user directories
2019-01-04 20:52:23 -06:00
firewalld.yml
firewalld: Playbook to bootstrap firewalld
2018-01-29 15:11:07 -06:00
frigate.yml
r/frigate-caddy: Deploy Caddy in front of Frigate
2024-08-12 18:47:04 -05:00
gitea.yml
r/gitea: use sshd_config.d
2023-11-13 17:45:21 -06:00
grafana.yml
grafana: Redirect HTTP to HTTPS
2022-08-10 21:55:54 -05:00
graylog.yml
graylog: Add PB to deploy Graylog server
2019-10-28 18:47:09 -05:00
hassdb.yml
hassdb: Fix playbook
2020-08-29 14:22:17 -05:00
homeassistant.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
hostname.yml
hostname: Also write /etc/hosts
2018-04-08 10:11:43 -05:00
hosts
nextcloud: Back up Nextcloud with Restic
2024-09-04 17:41:42 -05:00
hosts.gw
hosts: Deploy Squid on gw1
2024-01-27 20:09:34 -06:00
jellyfin.yml
jellyfin: Deploy Jellyfin media server
2023-09-12 13:38:35 -05:00
jenkins-slave.yml
jenkins-slave: Apply ssh-hostkeys role
2018-04-08 12:32:02 -05:00
journal2ntfy.yml
journal2ntfy: Script to send log messagess via ntfy
2023-05-17 14:51:21 -05:00
koji-builder.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji-hub.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji-web.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
kube-root-ca.crt
metrics: Scrape metrics from Kubernetes API server
2023-05-22 21:21:08 -05:00
metricspi.yml
metricspi: Apply victoria-metrics-nginx role
2022-08-12 13:14:41 -05:00
minio-backups.yml
minio-backups: Deploy MinIO for backups
2024-09-01 08:59:28 -05:00
minio.yml
minio: Install and configure MinIO
2023-05-09 21:37:46 -05:00
motioneye.yml
motioneye: Deploy motionEye camera software
2020-10-03 11:29:39 -05:00
named-server.yml
named-server: Playbook to deploy BIND
2018-01-29 15:10:04 -06:00
net-ifaces.yml
net-ifaces: PB to apply net-ifaces role
2018-07-23 17:35:10 -05:00
network.yml
network: Playbook to configure networking
2018-03-27 20:44:43 -05:00
newvm.sh
newvm: Add --network argument
2024-08-12 18:47:04 -05:00
nextcloud.yml
nextcloud: Move database to db0
2024-09-02 21:03:33 -05:00
ntp.yml
ntp: Initial PB and role to set up ntpd
2018-04-22 11:19:22 -05:00
nut.yml
nut-monitor: Configure upsmon
2024-01-19 20:50:03 -06:00
postgresql.yml
r/postgres-exporter: Deploy postgres-exporter
2024-07-02 20:44:29 -05:00
promtail.yml
promtail: Role/Playbook to deploy Promtail
2024-02-22 19:23:31 -06:00
protonvpn.yml
pyrocufflink-dns: Cloudflare over ProtonVPN
2020-09-06 11:06:58 -05:00
pxe.yml
r/netboot/basementhud: Configure NBD export
2022-08-15 17:18:48 -05:00
pyrocufflink.yml
pyrocufflink: Trust DCH Root CA R2
2024-06-12 18:40:17 -05:00
radius.yml
radius: PB to configure RADIUS servers
2018-05-06 13:09:18 -05:00
radvd.yml
radvd: Install and configure radvd
2018-03-27 20:44:43 -05:00
raid-array.yml
raid-array: Add PB to create md arrays
2024-09-01 08:59:28 -05:00
remount.yml
remount: Do not remount SquashFS volumes
2022-08-12 13:40:06 -05:00
repohost.yml
r/repohost: Configure Yum package repo host
2023-11-07 20:51:10 -06:00
restic.yml
restic: Add role+playbook for Restic backups
2024-09-04 09:40:29 -05:00
rngd.yml
rngd: PB to set up rngd
2018-08-13 20:25:22 -05:00
samba-dc.yml
samba-dc: Gather facts for all DCs
2024-06-23 10:43:15 -05:00
smtp-relay.yml
smtp-relay: PB to deploy Postfix SMTP relay
2018-04-15 11:38:51 -05:00
squid.yml
squid: Add role and PB to deploy Squid
2018-08-12 16:00:32 -05:00
synapse.yml
roles/synapse: Add cert role dependency
2021-01-31 15:38:18 -06:00
systemd-networkd.yml
r/systemd-networkd: Role to configure networkd
2021-10-10 16:09:15 -05:00
systemd-resolved.yml
r/systemd-resolved: Manage systemd resolver daemon
2022-08-12 14:35:14 -05:00
taiga.yml
taiga: Add playbook for Taiga
2019-09-19 19:51:45 -05:00
unifi.yml
unifi: Deploy Unifi Network controller
2023-07-07 10:05:01 -05:00
useproxy.yml
r/useproxy: Configure system-wide proxy
2024-08-12 18:47:04 -05:00
victoria-metrics.yml
r/vmalert: Deploy vmalert
2022-08-11 21:40:19 -05:00
vmhost.yml
vmhost: Run on a single host at a time
2024-06-23 10:43:15 -05:00
wait-for-host.yml
wait-for-host: PB to wait for a host to come up
2024-07-02 20:44:29 -05:00
websites.yml
websites: Fix file mode
2024-08-23 09:34:25 -05:00
wheelhost.yml
wheelhost: Publish wheels built by Jenkins
2019-03-22 10:19:27 -05:00
zabbix-agent.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zabbix-server.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zabbix.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zezere.yml
zezere: role/playbook to deploy Zezere
2021-07-05 09:34:25 -05:00
zigbee2mqtt.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
zwavejs2mqtt.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
Description
Ansible configuration policy for the private network/home lab of Dustin C. Hatch
http://dustin.hatch.name/
7.7 MiB
Languages
Jinja 86.2%
Python 6.6%
Shell 4.6%
Groovy 2.6%