dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity
Ansible configuration policy for the private network/home lab of Dustin C. Hatch http://dustin.hatch.name/
639 Commits
14 Branches
0 Tags
7.3 MiB
Jinja 86.3%
Python 6.7%
Shell 4.5%
Groovy 2.5%
 
 
 
 
Go to file
Dustin 14bfddd0ee r/nbd-server: Deploy nbd-server 
The *nbd-server* role configures a machine as a Network Block Device
(NDB) server, using the reference `nbd-server` implementation.  It
configures a systemd socket unit to listen on the port and accept
incoming connections, and a template service unit for systemd to
instantiate and pass each incoming connection.

The reference `nbd-server` is actually not very good.  It does not clean
up closed connections reliably, especially if the client disconnects
unexpectedly.  Fortunately, systemd provides the necessary tools to work
around these bugs.  Specifically, spawning one process per connection
allows processes to be killed externally.  Further, since systemd
creates the listening socket, it can control the keep-alive interval.
By setting this to a rather low value, we can clean up server processes
for disconnected clients more quickly.

Configuration of the server itself is minimal; most of the configuration
is done on a per-export basis using drop-in configuration files.  Other
Ansible roles should create these configuration files to configure
application-specific exports.  Nothing needs to be reloaded or restarted
for changes to take effect; the next incoming connection will spawn a
new process, which will use the latest configuration file automatically.
 		2022-08-15 16:55:36 -05:00
.certs@13f97e4fa1 websites: dustin.hatch.name: Deploy new site 2022-04-23 15:30:40 -05:00
certs hosts: Add mtrcs0.p.r 2022-08-11 21:40:19 -05:00
ci ci: gitea: Convert to cfgpol shared library 2021-11-13 09:49:24 -06:00
group_vars metricspi: Increase scrape_timeout for speedtest 2022-08-12 14:54:49 -05:00
host_vars mtrcs0: Remove Ansible user/become settings 2022-08-12 13:22:47 -05:00
passwords/kojiweb_secret hosts: Add koji0.pyrocufflink.blue 2018-08-12 10:27:20 -05:00
roles r/nbd-server: Deploy nbd-server 2022-08-15 16:55:36 -05:00
vars ci: lib: Configure SSH key for Ansible 2022-08-12 13:30:22 -05:00
vault burp: Add missing client password for hass2 2022-01-22 12:19:47 -06:00
.gitignore r/blackbox-exporter: Deploy blackbox_exporter 2022-08-10 22:18:53 -05:00
.gitmodules certs: Add certificates submodule 2020-02-22 16:28:06 -06:00
.vault-secret.sh Protect vault secret with GPG 2018-01-29 15:11:07 -06:00
alertmanager.yml r/alertmanager: Deploy AlertManager 2022-08-10 22:18:53 -05:00
ansible.cfg ansible.cfg: Disable stupid group name warning 2019-09-19 19:50:35 -05:00
ansible.yml ansible: Install Ansible 2018-04-08 12:20:03 -05:00
aria2.yml aria2: Deploy aria2 download manager 2018-08-19 14:17:48 -05:00
base.yml base: Enable serial console on KVM VMs 2021-10-16 14:34:51 -05:00
bitwarden_rs.yml bitwarden_rs: Deploy Bitwarden_rs using Docker 2019-09-19 19:27:29 -05:00
blackbox-exporter.yml r/blackbox-exporter: Deploy blackbox_exporter 2022-08-10 22:18:53 -05:00
burp-client.yml burp-client: Apply the cronie role 2019-09-19 19:27:30 -05:00
burp-server.yml burp-{client,server}: PBs to deploy BURP 2018-08-08 20:14:25 -05:00
certbot.yml certbot: Playbook to deploy certbot 2018-06-13 22:23:27 -05:00
collectd.yml collectd: Only configure SELinux when used 2022-08-14 19:39:02 -05:00
dch-gw.yml dch-gw: Initial commit 2018-03-27 20:44:43 -05:00
dch-proxy.yml dch-proxy: PB to deploy HAProxy 2018-07-01 15:19:20 -05:00
dch-root-ca.crt pyrocufflink: Trust DCH Root CA 2018-06-04 20:03:55 -05:00
dch-vpn.yml Move VPN server to dedicated VM 2018-10-07 21:42:18 -05:00
dhcpcd.yml dhcpcd: Install and configure dhcpcd 2018-03-13 23:19:50 -05:00
dhcpd.yml dhcpd: Install and configure ISC DHCPD 2018-03-27 20:44:43 -05:00
docker.yml roles/docker: Install and set up Docker daemon 2019-09-19 19:27:12 -05:00
domain-controller.yml domain-controller: Configure local AD authentication 2018-03-11 18:16:17 -05:00
dyngroups.yml base: Enable serial console on KVM VMs 2021-10-16 14:34:51 -05:00
fileserver.yml fileserver: Configure Apache ~user directories 2019-01-04 20:52:23 -06:00
firewalld.yml firewalld: Playbook to bootstrap firewalld 2018-01-29 15:11:07 -06:00
frigate.yml r/frigate: Add role to deploy Frigate 2021-08-21 17:16:58 -05:00
gitea.yml gitea: Restrict SSH configuration 2018-06-06 21:45:36 -05:00
grafana.yml grafana: Redirect HTTP to HTTPS 2022-08-10 21:55:54 -05:00
graylog.yml graylog: Add PB to deploy Graylog server 2019-10-28 18:47:09 -05:00
hassdb.yml hassdb: Fix playbook 2020-08-29 14:22:17 -05:00
homeassistant.yml homeassistant: Split out Zigbee/Zwave playbooks 2021-12-18 16:45:52 -06:00
hostname.yml hostname: Also write /etc/hosts 2018-04-08 10:11:43 -05:00
hosts hosts: remove stats0 2022-08-12 13:18:04 -05:00
hosts.offline r/collectd-sensors: Install collectd sensors plugin 2022-07-21 13:14:25 -05:00
jenkins-slave.yml jenkins-slave: Apply ssh-hostkeys role 2018-04-08 12:32:02 -05:00
koji-builder.yml koji: Add playbooks for Koji 2018-08-12 10:14:25 -05:00
koji-hub.yml koji: Add playbooks for Koji 2018-08-12 10:14:25 -05:00
koji-web.yml koji: Add playbooks for Koji 2018-08-12 10:14:25 -05:00
koji.yml koji: Add playbooks for Koji 2018-08-12 10:14:25 -05:00
metricspi.yml metricspi: Apply victoria-metrics-nginx role 2022-08-12 13:14:41 -05:00
motioneye.yml motioneye: Deploy motionEye camera software 2020-10-03 11:29:39 -05:00
named-server.yml named-server: Playbook to deploy BIND 2018-01-29 15:10:04 -06:00
net-ifaces.yml net-ifaces: PB to apply net-ifaces role 2018-07-23 17:35:10 -05:00
network.yml network: Playbook to configure networking 2018-03-27 20:44:43 -05:00
nextcloud.yml roles/cert: Add handler topic notification 2020-12-26 10:38:17 -06:00
ntp.yml ntp: Initial PB and role to set up ntpd 2018-04-22 11:19:22 -05:00
nut.yml nut: Add playbook for NUT 2021-10-31 14:28:27 -05:00
postgresql.yml postgresql: PB to deploy PostgreSQL server 2018-04-14 15:28:46 -05:00
protonvpn.yml pyrocufflink-dns: Cloudflare over ProtonVPN 2020-09-06 11:06:58 -05:00
pyrocufflink.yml pyrocufflink: Trust DCH Root CA 2018-06-04 20:03:55 -05:00
radius.yml radius: PB to configure RADIUS servers 2018-05-06 13:09:18 -05:00
radvd.yml radvd: Install and configure radvd 2018-03-27 20:44:43 -05:00
remount.yml remount: Do not remount SquashFS volumes 2022-08-12 13:40:06 -05:00
rngd.yml rngd: PB to set up rngd 2018-08-13 20:25:22 -05:00
samba-dc.yml samba-dc: Apply to one machine at a time 2021-11-07 16:20:03 -06:00
smtp-relay.yml smtp-relay: PB to deploy Postfix SMTP relay 2018-04-15 11:38:51 -05:00
squid.yml squid: Add role and PB to deploy Squid 2018-08-12 16:00:32 -05:00
synapse.yml roles/synapse: Add cert role dependency 2021-01-31 15:38:18 -06:00
systemd-networkd.yml r/systemd-networkd: Role to configure networkd 2021-10-10 16:09:15 -05:00
systemd-resolved.yml r/systemd-resolved: Manage systemd resolver daemon 2022-08-12 14:35:14 -05:00
taiga.yml taiga: Add playbook for Taiga 2019-09-19 19:51:45 -05:00
victoria-metrics.yml r/vmalert: Deploy vmalert 2022-08-11 21:40:19 -05:00
vmhost.yml r/vmhost: mount shared filesystems 2021-10-10 16:09:15 -05:00
websites.yml websites: dustin.hatch.name: Deploy new site 2022-04-23 15:30:40 -05:00
wheelhost.yml wheelhost: Publish wheels built by Jenkins 2019-03-22 10:19:27 -05:00
zabbix-agent.yml zabbix: Playbooks for Zabbix server, agents 2018-04-14 15:31:17 -05:00
zabbix-server.yml zabbix: Playbooks for Zabbix server, agents 2018-04-14 15:31:17 -05:00
zabbix.yml zabbix: Playbooks for Zabbix server, agents 2018-04-14 15:31:17 -05:00
zezere.yml zezere: role/playbook to deploy Zezere 2021-07-05 09:34:25 -05:00
zigbee2mqtt.yml homeassistant: Split out Zigbee/Zwave playbooks 2021-12-18 16:45:52 -06:00
zwavejs2mqtt.yml homeassistant: Split out Zigbee/Zwave playbooks 2021-12-18 16:45:52 -06:00