dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity
1,006 Commits 14 Branches 0 Tags
bc7e7c24750ede22158f3f90876039617317c9cd
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dustin C. Hatch bc7e7c2475 applyConfigPolicy: Configure SSH user certificate 
In order to manage servers that are not members of the
_pyrocufflink.blue_ AD domain, Jenkins needs a user certificate signed
by the SSH CA.  Unfortunately, there is not really a good way to get a
certificate issued on demand in a non-interactive way, as SSHCA relies
on OIDC ID tokens which are issued by Authelia, and Authelica requires
browser-based interactive login and consent.  Until I can come up with a
better option, I've manually signed a certificate for Jenkins to use.

The Jenkins SSH Credentials plugin does not support certificates
directly, so in order to use one, we have to explicitly configure `ssh`
to load it via the `CertificateFile` option.
2024-11-25 21:17:44 -06:00
.certs @ 0322911067
public-web: Add Tabitha's new SSH key
2024-03-15 10:29:03 -05:00
certs
r/webites: Add apps.du5t1n.xyz F-Droid repo
2024-11-05 06:47:02 -06:00
ci
pyrocufflink-dns: Drop group
2024-02-22 10:23:19 -06:00
deploy
kubernetes: Manage worker nodes
2024-11-24 10:33:21 -06:00
group_vars
Deploy new Kubernetes nodes
2024-11-24 10:33:21 -06:00
host_vars
chromie: Scrape logs from serial consoles
2024-11-10 18:34:49 -06:00
migration
hosts: Add loki1.p.b
2024-11-05 06:54:27 -06:00
passwords/kojiweb_secret
hosts: Add koji0.pyrocufflink.blue
2018-08-12 10:27:20 -05:00
roles
r/doas: Configure sudo alternative
2024-11-24 10:33:21 -06:00
scripts
scripts: Add VM host maintenance scripts
2024-08-23 09:43:24 -05:00
vars
applyConfigPolicy: Configure SSH user certificate
2024-11-25 21:17:44 -06:00
vault
chromie: Set MinIO root password
2024-09-02 21:24:59 -05:00
.gitignore
r/blackbox-exporter: Deploy blackbox_exporter
2022-08-10 22:18:53 -05:00
.gitmodules
certs: Add certificates submodule
2020-02-22 16:28:06 -06:00
.vault-secret.sh
vault-secret: Get key from Bitwarden
2023-04-23 20:05:00 -05:00
alertmanager.yml
r/alertmanager: Deploy AlertManager
2022-08-10 22:18:53 -05:00
ansible.cfg
ansible.cfg: Disable stupid group name warning
2019-09-19 19:50:35 -05:00
ansible.yml
ansible: Install Ansible
2018-04-08 12:20:03 -05:00
aria2.yml
aria2: Deploy aria2 download manager
2018-08-19 14:17:48 -05:00
auto-updates.yml
auto-updates: Install and configure dnf-automatic
2024-06-12 06:25:17 -05:00
base.yml
r/ssu-user-ca: Configure sshd TrustedUserCAKeys
2024-02-01 18:46:40 -06:00
bitwarden_rs.yml
bitwarden_rs: Deploy Bitwarden_rs using Docker
2019-09-19 19:27:29 -05:00
blackbox-exporter.yml
r/blackbox-exporter: Deploy blackbox_exporter
2022-08-10 22:18:53 -05:00
bootstrap.yml
bootstrap: PB to bootstrap a new machine
2024-07-02 20:44:29 -05:00
btop.yml
btop: Install btop and run it on the console
2024-09-01 09:24:53 -05:00
burp-client.yml
burp-client: Switch from cron to systemd timer
2023-05-23 09:51:07 -05:00
burp-server.yml
burp-{client,server}: PBs to deploy BURP
2018-08-08 20:14:25 -05:00
certbot.yml
certbot: Playbook to deploy certbot
2018-06-13 22:23:27 -05:00
collectd.yml
collect: Import dyngroups.yml playbook
2022-12-19 10:20:57 -06:00
create-dc.sh
create-dc: Add PB for creating new DCs
2024-06-23 10:43:15 -05:00
create-dc.yml
create-dc: Add PB for creating new DCs
2024-06-23 10:43:15 -05:00
datavol.yml
datavol: Support creating btrfs subvolumes
2024-09-01 08:59:28 -05:00
dch-gw.yml
dch-gw: Initial commit
2018-03-27 20:44:43 -05:00
dch-proxy.yml
r/dch-proxy: Update and clean up
2024-08-24 11:46:28 -05:00
dch-root-ca-r2.crt
fixup-dch-root-ca-r2
2024-06-12 18:56:41 -05:00
dch-root-ca.crt
pyrocufflink: Trust DCH Root CA
2018-06-04 20:03:55 -05:00
dch-root-ca.yml
dch-root-ca: Add PB to trust DCH Root CA
2024-08-12 22:22:50 -05:00
dch-vpn.yml
Move VPN server to dedicated VM
2018-10-07 21:42:18 -05:00
deploy.sh
kubernetes: Manage worker nodes
2024-11-24 10:33:21 -06:00
dhcpcd.yml
dhcpcd: Install and configure dhcpcd
2018-03-13 23:19:50 -05:00
dhcpd.yml
dhcpd: Install and configure ISC DHCPD
2018-03-27 20:44:43 -05:00
docker.yml
roles/docker: Install and set up Docker daemon
2019-09-19 19:27:12 -05:00
domain-controller.yml
domain-controller: Configure local AD authentication
2018-03-11 18:16:17 -05:00
dyngroups.yml
dyngroups: Always run all tasks
2024-01-09 18:18:34 -06:00
facts.yml
facts: Do not collect facts in first play
2023-10-27 17:40:50 -05:00
fileserver.yml
fileserver: Configure Apache ~user directories
2019-01-04 20:52:23 -06:00
firewalld.yml
firewalld: Playbook to bootstrap firewalld
2018-01-29 15:11:07 -06:00
frigate.yml
r/frigate-exporter: Deploy Prometheus exporter
2024-10-21 20:27:31 -05:00
gitea.yml
r/gitea: use sshd_config.d
2023-11-13 17:45:21 -06:00
grafana.yml
grafana: Redirect HTTP to HTTPS
2022-08-10 21:55:54 -05:00
graylog.yml
graylog: Add PB to deploy Graylog server
2019-10-28 18:47:09 -05:00
hassdb.yml
hassdb: Fix playbook
2020-08-29 14:22:17 -05:00
homeassistant.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
hostname.yml
hostname: Also write /etc/hosts
2018-04-08 10:11:43 -05:00
hosts
Deploy new Kubernetes nodes
2024-11-24 10:33:21 -06:00
hosts.gw
hosts: Migrate remaining hosts to Restic
2024-09-07 20:45:24 -05:00
jellyfin.yml
jellyfin: Deploy Jellyfin media server
2023-09-12 13:38:35 -05:00
jenkins-slave.yml
jenkins-slave: Apply ssh-hostkeys role
2018-04-08 12:32:02 -05:00
journal2ntfy.yml
journal2ntfy: Script to send log messagess via ntfy
2023-05-17 14:51:21 -05:00
koji-builder.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji-hub.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji-web.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
kube-root-ca.crt
metrics: Scrape metrics from Kubernetes API server
2023-05-22 21:21:08 -05:00
kubernetes.yml
kubernetes: Manage worker nodes
2024-11-24 10:33:21 -06:00
loki.yml
r/loki-caddy: Caddy reverse proxy for Loki
2024-11-05 06:54:27 -06:00
metricspi.yml
metricspi: Apply victoria-metrics-nginx role
2022-08-12 13:14:41 -05:00
minio-backups.yml
minio-backups: Deploy MinIO for backups
2024-09-01 08:59:28 -05:00
minio.yml
minio: Install and configure MinIO
2023-05-09 21:37:46 -05:00
motioneye.yml
motioneye: Deploy motionEye camera software
2020-10-03 11:29:39 -05:00
named-server.yml
named-server: Playbook to deploy BIND
2018-01-29 15:10:04 -06:00
net-ifaces.yml
net-ifaces: PB to apply net-ifaces role
2018-07-23 17:35:10 -05:00
network.yml
network: Playbook to configure networking
2018-03-27 20:44:43 -05:00
newvm.sh
newvm: Add domain argument
2024-11-24 10:33:21 -06:00
nextcloud.yml
nextcloud: Move database to db0
2024-09-02 21:03:33 -05:00
ntp.yml
ntp: Initial PB and role to set up ntpd
2018-04-22 11:19:22 -05:00
nut.yml
nut-monitor: Configure upsmon
2024-01-19 20:50:03 -06:00
postgresql.yml
postgresql: Collect Wal-G metrics with statsd_exporter
2024-10-13 20:01:19 -05:00
promtail.yml
promtail: Role/Playbook to deploy Promtail
2024-02-22 19:23:31 -06:00
protonvpn.yml
pyrocufflink-dns: Cloudflare over ProtonVPN
2020-09-06 11:06:58 -05:00
pxe.yml
r/netboot/basementhud: Configure NBD export
2022-08-15 17:18:48 -05:00
pyrocufflink.yml
pyrocufflink: Trust DCH Root CA R2
2024-06-12 18:40:17 -05:00
radius.yml
radius: PB to configure RADIUS servers
2018-05-06 13:09:18 -05:00
radvd.yml
radvd: Install and configure radvd
2018-03-27 20:44:43 -05:00
raid-array.yml
raid-array: Create udev rules to auto re-add disks
2024-11-05 06:52:20 -06:00
remount.yml
remount: Do not remount SquashFS volumes
2022-08-12 13:40:06 -05:00
repohost.yml
r/repohost: Configure Yum package repo host
2023-11-07 20:51:10 -06:00
restic.yml
restic: Add role+playbook for Restic backups
2024-09-04 09:40:29 -05:00
rngd.yml
rngd: PB to set up rngd
2018-08-13 20:25:22 -05:00
samba-dc.yml
samba-dc: Gather facts for all DCs
2024-06-23 10:43:15 -05:00
serterm.yml
r/serterm: Deploy serial terminal multiplexer
2024-11-10 13:15:08 -06:00
smtp-relay.yml
smtp-relay: PB to deploy Postfix SMTP relay
2018-04-15 11:38:51 -05:00
squid.yml
squid: Add role and PB to deploy Squid
2018-08-12 16:00:32 -05:00
synapse.yml
roles/synapse: Add cert role dependency
2021-01-31 15:38:18 -06:00
systemd-networkd.yml
r/systemd-networkd: Role to configure networkd
2021-10-10 16:09:15 -05:00
systemd-resolved.yml
r/systemd-resolved: Manage systemd resolver daemon
2022-08-12 14:35:14 -05:00
taiga.yml
taiga: Add playbook for Taiga
2019-09-19 19:51:45 -05:00
unifi.yml
unifi: Deploy Unifi Network controller
2023-07-07 10:05:01 -05:00
useproxy.yml
r/useproxy: Configure system-wide proxy
2024-08-12 18:47:04 -05:00
users.yml
r/doas: Configure sudo alternative
2024-11-24 10:33:21 -06:00
victoria-metrics.yml
r/vmalert: Deploy vmalert
2022-08-11 21:40:19 -05:00
vmhost.yml
vmhost: Run on a single host at a time
2024-06-23 10:43:15 -05:00
wait-for-host.yml
wait-for-host: PB to wait for a host to come up
2024-07-02 20:44:29 -05:00
websites.yml
r/webites: Add apps.du5t1n.xyz F-Droid repo
2024-11-05 06:47:02 -06:00
wheelhost.yml
wheelhost: Publish wheels built by Jenkins
2019-03-22 10:19:27 -05:00
zabbix-agent.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zabbix-server.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zabbix.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zezere.yml
zezere: role/playbook to deploy Zezere
2021-07-05 09:34:25 -05:00
zigbee2mqtt.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
zwavejs2mqtt.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
Description
Ansible configuration policy for the private network/home lab of Dustin C. Hatch
http://dustin.hatch.name/
7.7 MiB
Languages
Jinja 86.2%
Python 6.6%
Shell 4.6%
Groovy 2.6%