dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity
1,194 Commits 14 Branches 0 Tags
8aa1e986d42096cb89e4ae1938afd7c7ffdb9102
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dustin C. Hatch 8aa1e986d4 r/gitea: Enable PROXY protocol 
Using the PROXY protocol allows the publicly-facing reverse proxy to
pass through the original source address of the client, without doing
TLS termination.  Clients on the internal network will not go through
the proxy, though, so we have to disable the PROXY protocol for those
addresses.  Unfortunately, the syntax for this is kind of cumbersome,
because Apache only has a deny list, not an allow list, so we have to
enumerate all of the possible internal addresses _except_ the proxy.
2025-11-19 07:43:29 -06:00
certs
Drop .certs submodule
2025-11-16 16:28:49 -06:00
ci
ci: Add pipeline for fluent-bit Playbook
2025-10-17 07:53:10 -05:00
deploy
kubernetes: Manage worker nodes
2024-11-24 10:33:21 -06:00
group_vars
r/gitea: Enable PROXY protocol
2025-11-19 07:43:29 -06:00
host_vars
gw1/squid: Allow pxe.p.b via HTTPS
2025-11-16 16:49:15 -06:00
migration
hosts: Add loki1.p.b
2024-11-05 06:54:27 -06:00
passwords/kojiweb_secret
hosts: Add koji0.pyrocufflink.blue
2018-08-12 10:27:20 -05:00
plugins
inventory: Ignore errors connecting to libvirt
2025-07-27 17:47:31 -05:00
pulumi
pulumi: Manage HostVDS instances
2025-01-26 13:08:59 -06:00
roles
r/gitea: Enable PROXY protocol
2025-11-19 07:43:29 -06:00
scripts
scripts/shutdown-vmhost: Skip Longhorn nodes
2025-08-29 21:38:12 -05:00
vars
ci: Optionally allow installing packages
2025-10-19 09:04:27 -05:00
vault
domain-controller: Remove vault secrets
2025-10-27 12:54:07 -05:00
.gitignore
plugins: Add lookup cache plugin
2025-07-13 16:02:57 -05:00
.gitmodules
Drop .certs submodule
2025-11-16 16:28:49 -06:00
.vault-secret.sh
vault-secret: Get key from Bitwarden
2023-04-23 20:05:00 -05:00
alertmanager.yml
r/alertmanager: Deploy AlertManager
2022-08-10 22:18:53 -05:00
ansible.cfg
plugins: Add lookup cache plugin
2025-07-13 16:02:57 -05:00
ansible.yml
ansible: Install Ansible
2018-04-08 12:20:03 -05:00
aria2.yml
aria2: Deploy aria2 download manager
2018-08-19 14:17:48 -05:00
auto-updates.yml
auto-updates: Install and configure dnf-automatic
2024-06-12 06:25:17 -05:00
base.yml
base: Factor out SSH host, user cert roles
2025-02-01 17:36:58 -06:00
bitwarden_rs.yml
bitwarden_rs: Deploy Bitwarden_rs using Docker
2019-09-19 19:27:29 -05:00
blackbox-exporter.yml
r/blackbox-exporter: Deploy blackbox_exporter
2022-08-10 22:18:53 -05:00
bootstrap.yml
bootstrap: Import useproxy playbook
2025-03-19 07:46:28 -05:00
btop.yml
btop: Install btop and run it on the console
2024-09-01 09:24:53 -05:00
burp-client.yml
burp-client: Switch from cron to systemd timer
2023-05-23 09:51:07 -05:00
burp-server.yml
burp-{client,server}: PBs to deploy BURP
2018-08-08 20:14:25 -05:00
certbot.yml
certbot: Playbook to deploy certbot
2018-06-13 22:23:27 -05:00
chrony.yml
chrony: Add role/PB for chrony
2025-03-16 16:37:19 -05:00
clouds.yaml
inventory: Configure for HostVDS openstack
2025-01-26 13:08:59 -06:00
collectd.yml
collect: Import dyngroups.yml playbook
2022-12-19 10:20:57 -06:00
create-dc.sh
create-dc: Update to use new provisioning process
2025-10-27 12:53:27 -05:00
create-dc.yml
create-dc: Update to use new provisioning process
2025-10-27 12:53:27 -05:00
datavol.yml
datavol: Handle undefined logical_volumes
2025-07-28 16:51:04 -05:00
dch-gw.yml
dch-gw: Initial commit
2018-03-27 20:44:43 -05:00
dch-proxy.yml
r/dch-proxy: Update and clean up
2024-08-24 11:46:28 -05:00
dch-root-ca-r2.crt
fixup-dch-root-ca-r2
2024-06-12 18:56:41 -05:00
dch-root-ca.crt
pyrocufflink: Trust DCH Root CA
2018-06-04 20:03:55 -05:00
dch-root-ca.yml
dch-root-ca: Add PB to trust DCH Root CA
2024-08-12 22:22:50 -05:00
dch-vpn.yml
Move VPN server to dedicated VM
2018-10-07 21:42:18 -05:00
deploy.sh
kubernetes: Manage worker nodes
2024-11-24 10:33:21 -06:00
dhcpcd.yml
dhcpcd: Install and configure dhcpcd
2018-03-13 23:19:50 -05:00
dhcpd.yml
dhcpd: Install and configure ISC DHCPD
2018-03-27 20:44:43 -05:00
docker-proxy.yml
docker-proxy: Deploy a proxy/cache for Docker Hub
2025-07-12 16:45:47 -05:00
docker.yml
roles/docker: Install and set up Docker daemon
2019-09-19 19:27:12 -05:00
domain-controller.yml
domain-controller: Remove vault secrets
2025-10-27 12:54:07 -05:00
dyngroups.yml
dyngroups: Always run all tasks
2024-01-09 18:18:34 -06:00
epel.yml
fluent-bit: Enable EPEL repo if needed
2025-10-19 09:28:47 -05:00
facts.yml
facts: Do not collect facts in first play
2023-10-27 17:40:50 -05:00
fileserver.yml
fileserver: Configure Apache ~user directories
2019-01-04 20:52:23 -06:00
firewalld.yml
firewalld: Playbook to bootstrap firewalld
2018-01-29 15:11:07 -06:00
fluent-bit.yml
fluent-bit: Remove Promtail
2025-11-06 09:44:22 -06:00
frigate.yml
frigate: Switch to pre-compiled gasket-driver RPM
2025-11-16 16:30:51 -06:00
gitea.yml
r/gitea: use sshd_config.d
2023-11-13 17:45:21 -06:00
grafana.yml
grafana: Redirect HTTP to HTTPS
2022-08-10 21:55:54 -05:00
graylog.yml
graylog: Add PB to deploy Graylog server
2019-10-28 18:47:09 -05:00
hassdb.yml
hassdb: Fix playbook
2020-08-29 14:22:17 -05:00
homeassistant.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
host-setup.yml
fluent-bit: Deploy log collector for Victoria Logs
2025-08-05 07:14:08 -05:00
hostname.yml
hostname: Also write /etc/hosts
2018-04-08 10:11:43 -05:00
hosts
hosts: Remove nvr2 from AD domain
2025-11-16 16:48:20 -06:00
hosts.gw
chrony: Add role/PB for chrony
2025-03-16 16:37:19 -05:00
hosts.pyrocufflink.yml
Introduce dynamic inventory
2025-02-08 15:29:58 -06:00
hostvds.openstack.yml
inventory: Configure for HostVDS openstack
2025-01-26 13:08:59 -06:00
jellyfin.yml
jellyfin: Deploy Jellyfin media server
2023-09-12 13:38:35 -05:00
jenkins-slave.yml
jenkins-slave: Apply ssh-hostkeys role
2018-04-08 12:32:02 -05:00
journal2ntfy.yml
journal2ntfy: Script to send log messagess via ntfy
2023-05-17 14:51:21 -05:00
koji-builder.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji-hub.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji-web.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
kube-root-ca.crt
metrics: Scrape metrics from Kubernetes API server
2023-05-22 21:21:08 -05:00
kubernetes.yml
r/k8s-controller: Deploy HAProxy
2025-07-22 16:21:49 -05:00
loki.yml
r/loki-caddy: Caddy reverse proxy for Loki
2024-11-05 06:54:27 -06:00
metricspi.yml
metricspi: Apply victoria-metrics-nginx role
2022-08-12 13:14:41 -05:00
minio-backups.yml
minio-backups: Deploy MinIO for backups
2024-09-01 08:59:28 -05:00
minio.yml
minio: Install and configure MinIO
2023-05-09 21:37:46 -05:00
motioneye.yml
motioneye: Deploy motionEye camera software
2020-10-03 11:29:39 -05:00
named-server.yml
named-server: Playbook to deploy BIND
2018-01-29 15:10:04 -06:00
net-ifaces.yml
net-ifaces: PB to apply net-ifaces role
2018-07-23 17:35:10 -05:00
network.yml
network: Playbook to configure networking
2018-03-27 20:44:43 -05:00
newvm.sh
newvm: Add support for specifying static IP config
2025-10-24 11:17:11 -05:00
nextcloud.yml
nextcloud: Move database to db0
2024-09-02 21:03:33 -05:00
ntp.yml
ntp: Initial PB and role to set up ntpd
2018-04-22 11:19:22 -05:00
nut.yml
nut-monitor: Configure upsmon
2024-01-19 20:50:03 -06:00
postgresql.yml
r/postgresql-data: Manage users and databases
2025-02-01 17:36:58 -06:00
promtail.yml
promtail: Role/Playbook to deploy Promtail
2024-02-22 19:23:31 -06:00
protonvpn.yml
pyrocufflink-dns: Cloudflare over ProtonVPN
2020-09-06 11:06:58 -05:00
Pulumi.prod.yaml
pulumi: Manage HostVDS instances
2025-01-26 13:08:59 -06:00
Pulumi.yaml
pulumi: Manage HostVDS instances
2025-01-26 13:08:59 -06:00
pxe.yml
r/netboot/basementhud: Configure NBD export
2022-08-15 17:18:48 -05:00
pyproject.toml
pulumi: Manage HostVDS instances
2025-01-26 13:08:59 -06:00
pyrocufflink.yml
pyrocufflink: Trust DCH Root CA R2
2024-06-12 18:40:17 -05:00
radius.yml
radius: PB to configure RADIUS servers
2018-05-06 13:09:18 -05:00
radvd.yml
radvd: Install and configure radvd
2018-03-27 20:44:43 -05:00
raid-array.yml
raid-array: Fix md re-add automation
2025-08-05 10:31:33 -05:00
remount.yml
remount: Do not remount SquashFS volumes
2022-08-12 13:40:06 -05:00
repohost.yml
r/repohost: Configure Yum package repo host
2023-11-07 20:51:10 -06:00
restic.yml
restic: Trust dch-root-ca certificate
2025-03-29 09:34:17 -05:00
rngd.yml
rngd: PB to set up rngd
2018-08-13 20:25:22 -05:00
samba-dc.yml
samba-dc: Gather facts for all DCs
2024-06-23 10:43:15 -05:00
scrape-collectd-configmap.yml
scrape-collectd-configmap: Add PB
2025-07-20 21:27:54 -05:00
serterm.yml
r/serterm: Deploy serial terminal multiplexer
2024-11-10 13:15:08 -06:00
site.yml
site: Remove frigate PB
2025-11-16 16:49:15 -06:00
smtp-relay.yml
smtp-relay: PB to deploy Postfix SMTP relay
2018-04-15 11:38:51 -05:00
squid.yml
squid: Add role and PB to deploy Squid
2018-08-12 16:00:32 -05:00
ssh-host-certs.yml
base: Factor out SSH host, user cert roles
2025-02-01 17:36:58 -06:00
ssh-user-ca.yml
base: Factor out SSH host, user cert roles
2025-02-01 17:36:58 -06:00
synapse.yml
roles/synapse: Add cert role dependency
2021-01-31 15:38:18 -06:00
systemd-networkd.yml
r/systemd-networkd: Role to configure networkd
2021-10-10 16:09:15 -05:00
systemd-resolved.yml
r/systemd-resolved: Manage systemd resolver daemon
2022-08-12 14:35:14 -05:00
taiga.yml
taiga: Add playbook for Taiga
2019-09-19 19:51:45 -05:00
unifi.yml
unifi: Switch from nginx to Caddy
2025-03-16 17:17:00 -05:00
useproxy.yml
r/useproxy: Configure system-wide proxy
2024-08-12 18:47:04 -05:00
users.yml
users: Do not apply sudo role on Samba DCs
2025-10-22 21:13:03 -05:00
uv.lock
pulumi: Manage HostVDS instances
2025-01-26 13:08:59 -06:00
victoria-logs.yml
r/victoria-logs: Deploy VictoriaLogs
2025-05-30 21:19:05 -05:00
victoria-metrics.yml
r/vmalert: Deploy vmalert
2022-08-11 21:40:19 -05:00
vmhost.yml
vmhost: Allow host provisioner to log in
2025-02-08 16:49:14 -06:00
wait-for-host.yml
wait-for-host: PB to wait for a host to come up
2024-07-02 20:44:29 -05:00
websites.yml
websites: Drop unnecessary cert for hatch.chat
2025-11-17 07:56:38 -06:00
wheelhost.yml
wheelhost: Publish wheels built by Jenkins
2019-03-22 10:19:27 -05:00
zabbix-agent.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zabbix-server.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zabbix.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zezere.yml
zezere: role/playbook to deploy Zezere
2021-07-05 09:34:25 -05:00
zigbee2mqtt.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
zwavejs2mqtt.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
Description
Ansible configuration policy for the private network/home lab of Dustin C. Hatch
http://dustin.hatch.name/
7.7 MiB
Languages
Jinja 86.2%
Python 6.6%
Shell 4.6%
Groovy 2.6%