Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • antiz/infrastructure
  • okabe/infrastructure
  • eworm/infrastructure
  • polyzen/infrastructure
  • pitastrudl/infrastructure
  • sjon/infrastructure
  • torxed/infrastructure
  • jinmiaoluo/infrastructure
  • moson/infrastructure
  • serebit/infrastructure
  • ivabus/infrastructure
  • lb-wilson/infrastructure
  • gromit/infrastructure
  • matt-1-2-3/infrastructure
  • jocke-l/infrastructure
  • alucryd/infrastructure
  • maximbaz/infrastructure
  • ainola/infrastructure
  • segaja/infrastructure
  • nl6720/infrastructure
  • peanutduck/infrastructure
  • aminvakil/infrastructure
  • xenrox/infrastructure
  • felixonmars/infrastructure
  • denisse/infrastructure
  • artafinde/infrastructure
  • jleclanche/infrastructure
  • kpcyrd/infrastructure
  • metalmatze/infrastructure
  • kevr/infrastructure
  • dvzrv/infrastructure
  • dhoppe/infrastructure
  • ekkelett/infrastructure
  • seblu/infrastructure
  • lahwaacz/infrastructure
  • klausenbusk/infrastructure
  • alerque/infrastructure
  • hashworks/infrastructure
  • foxboron/infrastructure
  • shibumi/infrastructure
  • lambdaclan/infrastructure
  • ffy00/infrastructure
  • freswa/infrastructure
  • archlinux/infrastructure
44 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 543 additions and 210 deletions
roles/gitlab_runner/tasks/main.yml
View file @ fb5e0503
......@@ -4,6 +4,10 @@
pacman: name=docker,python-docker,python-gitlab,gitlab-runner state=latest update_cache=yes
notify: restart gitlab-runner
- name: install docker.slice
copy: src=docker.slice dest=/etc/systemd/system/ owner=root group=root mode=0644
notify: systemd daemon-reload
- name: start docker
systemd: name=docker enabled=yes state=started daemon_reload=yes
......
roles/grafana/defaults/main.yml
View file @ fb5e0503
---
grafana_domain: "grafana.archlinux.org"
grafana_anonymous_access: false
roles/grafana/files/dashboards/aur.json 0 → 100644
View file @ fb5e0503
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"description": "The AUR package and user statistics",
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"id": 41,
"links": [],
"panels": [
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "The two different user types, normal and trusted users.",
"fieldConfig": {
"defaults": {},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 0
},
"hiddenSeries": false,
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.5.5",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "aur_users",
"interval": "",
"legendFormat": "{{ type }}",
"queryType": "randomWalk",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Users",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:140",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:141",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "The total AUR packages state listing orphan ,ever updated and updated packages.",
"fieldConfig": {
"defaults": {},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 11,
"w": 24,
"x": 0,
"y": 9
},
"hiddenSeries": false,
"id": 2,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.5.5",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "aur_packages ",
"interval": "",
"legendFormat": "{{ state }}",
"queryType": "randomWalk",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Packages",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:58",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:59",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
}
],
"refresh": false,
"schemaVersion": 27,
"style": "dark",
"tags": [],
"templating": {
"list": []
},
"time": {
"from": "now-30d",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "AUR Statistics",
"uid": "gmvZGXjGk",
"version": 1
}
\ No newline at end of file
roles/grafana/files/dashboards/rebuilderd.json
View file @ fb5e0503
......@@ -15,177 +15,206 @@
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"iteration": 1610815477110,
"iteration": 1620944663181,
"links": [],
"panels": [
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "Overall statistics of all repositories.",
"description": "reproducible percentage for [$suite] repository",
"fieldConfig": {
"defaults": {
"custom": {}
"color": {
"mode": "fixed"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
"overrides": [
{
"matcher": {
"id": "byName",
"options": "good"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "bad"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-red",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "unknown"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "yellow",
"mode": "fixed"
}
}
]
}
]
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 24,
"w": 4,
"x": 0,
"y": 0
},
"hiddenSeries": false,
"id": 8,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"id": 10,
"links": [
{
"targetBlank": true,
"title": "",
"url": "https://reproducible.archlinux.org/"
}
],
"options": {
"alertThreshold": true
"displayLabels": [
"percent"
],
"legend": {
"displayMode": "list",
"placement": "bottom",
"values": [
"percent"
]
},
"pieType": "pie",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"text": {}
},
"percentage": false,
"pluginVersion": "7.3.6",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"pluginVersion": "7.5.5",
"targets": [
{
"expr": "sum by (status) (rebuilderd_results)",
"exemplar": true,
"expr": "sum by (status) (rebuilderd_results{suite=~\"^$suite\"})",
"hide": false,
"interval": "",
"legendFormat": "{{ suite }}",
"legendFormat": "{{ status }}",
"queryType": "randomWalk",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Overall status",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
"title": "Percentage ($suite)",
"type": "piechart"
},
{
"aliasColors": {
"bad": "red",
"good": "green"
},
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"description": "rebuilderd results for [$suite] repository",
"fieldConfig": {
"defaults": {
"custom": {
"align": null
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"defaults": {},
"overrides": []
},
"fill": 1,
"fill": 3,
"fillGradient": 0,
"gridPos": {
"h": 10,
"w": 24,
"x": 0,
"y": 9
"h": 9,
"w": 20,
"x": 4,
"y": 0
},
"hiddenSeries": false,
"id": 2,
"id": 8,
"legend": {
"alignAsTable": true,
"avg": false,
"current": false,
"max": false,
"min": false,
"current": true,
"max": true,
"min": true,
"rightSide": true,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": false
"values": true
},
"lines": true,
"linewidth": 1,
"linewidth": 2,
"links": [
{
"targetBlank": true,
"title": "",
"url": "https://reproducible.archlinux.org/"
}
],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.3.6",
"percentage": true,
"pluginVersion": "7.5.5",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"seriesOverrides": [
{
"$$hashKey": "object:1291",
"alias": "good",
"color": "#37872D"
},
{
"$$hashKey": "object:1302",
"alias": "bad",
"color": "#C4162A"
},
{
"$$hashKey": "object:1310",
"alias": "unknown",
"color": "#FADE2A"
}
],
"spaceLength": 10,
"stack": false,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "rebuilderd_results{suite=\"$suite\"}",
"exemplar": true,
"expr": "sum by (status) (rebuilderd_results{suite=~\"^$suite\"})",
"interval": "",
"legendFormat": "{{ status }}",
"legendFormat": "{{ suite }}",
"queryType": "randomWalk",
"refId": "A"
}
],
......@@ -193,10 +222,10 @@
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "$suite",
"title": "Reproducible status ($suite)",
"tooltip": {
"shared": true,
"sort": 0,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
......@@ -209,14 +238,16 @@
},
"yaxes": [
{
"$$hashKey": "object:1161",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"max": "100",
"min": "0",
"show": true
},
{
"$$hashKey": "object:1162",
"format": "short",
"label": null,
"logBase": 1,
......@@ -236,40 +267,39 @@
"dashLength": 10,
"dashes": false,
"datasource": "Prometheus",
"decimals": 0,
"description": "Number of active rebuidlerd-workers",
"fieldConfig": {
"defaults": {
"custom": {}
},
"defaults": {},
"overrides": []
},
"fill": 1,
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 11,
"h": 10,
"w": 11,
"x": 0,
"y": 19
"y": 9
},
"hiddenSeries": false,
"id": 4,
"legend": {
"avg": false,
"current": false,
"current": true,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
"values": true
},
"lines": true,
"linewidth": 1,
"linewidth": 2,
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.3.6",
"pluginVersion": "7.5.5",
"pointradius": 2,
"points": false,
"renderer": "flot",
......@@ -279,6 +309,7 @@
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "rebuilderd_workers",
"interval": "",
"legendFormat": "active workers",
......@@ -289,7 +320,7 @@
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Active rebuilderd workers",
"title": "Active workers",
"tooltip": {
"shared": true,
"sort": 0,
......@@ -305,14 +336,17 @@
},
"yaxes": [
{
"$$hashKey": "object:1921",
"decimals": 0,
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"min": "0",
"show": true
},
{
"$$hashKey": "object:1922",
"format": "short",
"label": null,
"logBase": 1,
......@@ -334,38 +368,36 @@
"datasource": "Prometheus",
"description": "The rebuilderd queue length of to be rebuild packages",
"fieldConfig": {
"defaults": {
"custom": {}
},
"defaults": {},
"overrides": []
},
"fill": 1,
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 11,
"h": 10,
"w": 13,
"x": 11,
"y": 19
"y": 9
},
"hiddenSeries": false,
"id": 6,
"legend": {
"avg": false,
"current": false,
"current": true,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
"values": true
},
"lines": true,
"linewidth": 1,
"linewidth": 2,
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.3.6",
"pluginVersion": "7.5.5",
"pointradius": 2,
"points": false,
"renderer": "flot",
......@@ -375,6 +407,7 @@
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "rebuilderd_queue_length",
"interval": "",
"legendFormat": "queue length",
......@@ -401,6 +434,7 @@
},
"yaxes": [
{
"$$hashKey": "object:1839",
"format": "short",
"label": null,
"logBase": 1,
......@@ -409,6 +443,7 @@
"show": true
},
{
"$$hashKey": "object:1840",
"format": "short",
"label": null,
"logBase": 1,
......@@ -424,7 +459,7 @@
}
],
"refresh": false,
"schemaVersion": 26,
"schemaVersion": 27,
"style": "dark",
"tags": [],
"templating": {
......@@ -433,41 +468,29 @@
"allValue": null,
"current": {
"selected": true,
"text": "extra",
"value": "extra"
"tags": [],
"text": [
"All"
],
"value": [
"$__all"
]
},
"datasource": "Prometheus",
"definition": "label_values(rebuilderd_results,suite)",
"description": null,
"error": null,
"hide": 0,
"includeAll": false,
"includeAll": true,
"label": "suite",
"multi": false,
"multi": true,
"name": "suite",
"options": [
{
"selected": false,
"text": "community",
"value": "community"
},
{
"selected": false,
"text": "core",
"value": "core"
},
{
"selected": true,
"text": "extra",
"value": "extra"
},
{
"selected": false,
"text": "testing",
"value": "testing"
}
],
"query": "label_values(rebuilderd_results,suite)",
"refresh": 0,
"options": [],
"query": {
"query": "label_values(rebuilderd_results,suite)",
"refId": "StandardVariableQuery"
},
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
......@@ -500,5 +523,5 @@
"timezone": "",
"title": "Rebuilderd",
"uid": "PKkRg-FGz",
"version": 2
"version": 4
}
\ No newline at end of file
roles/grafana/files/public-dashboards/archive.json 0 → 120000
View file @ fb5e0503
../dashboards/archive.json
\ No newline at end of file
roles/grafana/files/public-dashboards/aur.json 0 → 120000
View file @ fb5e0503
../dashboards/aur.json
\ No newline at end of file
roles/grafana/files/public-dashboards/home.json 0 → 120000
View file @ fb5e0503
archive.json
\ No newline at end of file
roles/grafana/files/public-dashboards/rebuilderd.json 0 → 120000
View file @ fb5e0503
../dashboards/rebuilderd.json
\ No newline at end of file
roles/grafana/files/public-dashboards/repository.json 0 → 120000
View file @ fb5e0503
../dashboards/repository.json
\ No newline at end of file
roles/grafana/tasks/main.yml
View file @ fb5e0503
......@@ -3,8 +3,14 @@
- name: install grafana
pacman: name=grafana state=present
- name: create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ grafana_domain }}"]
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/grafana.conf owner=root group=root mode=644
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/grafana.conf owner=root group=http mode=640
notify:
- reload nginx
tags: ['nginx']
......@@ -36,6 +42,10 @@
- name: copy grafana dashboards
copy: src=dashboards dest=/var/lib/grafana/dashboards owner=grafana group=grafana mode=0600
- name: copy (public) grafana dashboards
copy: src=public-dashboards dest=/var/lib/grafana/ owner=root group=grafana mode=0640
when: grafana_anonymous_access
- name: install grafana config
template: src=grafana.ini.j2 dest=/etc/grafana.ini owner=grafana group=root mode=0600
notify: restart grafana
......
roles/grafana/templates/dashboard.yaml.j2
View file @ fb5e0503
......@@ -9,6 +9,10 @@ providers:
allowUiUpdates: false
type: file
options:
{% if grafana_anonymous_access %}
path: /var/lib/grafana/public-dashboards
{% else %}
path: /var/lib/grafana/dashboards
{% endif %}
foldersFromFilesStructure: true
roles/grafana/templates/datasources.yaml.j2
View file @ fb5e0503
apiVersion: 1
datasources:
{% if grafana_anonymous_access %}
- name: Prometheus
type: prometheus
access: proxy
basicAuth: true
basicAuthUser: {{ vault_prometheus_user }}
secureJsonData:
basicAuthPassword: {{ vault_prometheus_passwd }}
url: https://{{ prometheus_domain }}:9090
{% else %}
- name: Prometheus
type: prometheus
access: proxy
......@@ -9,4 +19,4 @@ datasources:
type: loki
access: proxy
url: http://localhost:3100
{% endif %}
roles/grafana/templates/grafana.ini.j2
View file @ fb5e0503
......@@ -233,6 +233,11 @@ x_xss_protection = true
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
;min_refresh_interval =
{% if grafana_anonymous_access %}
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
default_home_dashboard_path = /var/lib/grafana/public-dashboards/home.json
{% endif %}
#################################### Users ###############################
[users]
# disable user signup / registration
......@@ -303,13 +308,15 @@ oauth_auto_login = true
#################################### Anonymous Auth ######################
[auth.anonymous]
# enable anonymous access
;enabled = false
{% if grafana_anonymous_access %}
enabled = true
{% endif %}
# specify organization name that should be used for unauthenticated users
;org_name = Main Org.
# specify role for unauthenticated users
;org_role = Viewer
org_role = Viewer
#################################### Github Auth ##########################
[auth.github]
......@@ -373,6 +380,7 @@ oauth_auto_login = true
;allowed_domains =
;allowed_groups =
{% if not grafana_anonymous_access %}
#################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled = true
......@@ -394,6 +402,7 @@ role_attribute_path: contains(roles[*], 'DevOps') && 'Admin' || contains(roles[*
;tls_client_cert =
;tls_client_key =
;tls_client_ca =
{% endif %}
#################################### SAML Auth ###########################
[auth.saml] # Enterprise only
......
roles/grafana/templates/nginx.d.conf.j2
View file @ fb5e0503
......@@ -29,8 +29,8 @@ server {
listen [::]:443 ssl http2;
server_name {{ grafana_domain }};
access_log /var/log/nginx/{{ grafana_domain }}/access.log reduced;
access_log /var/log/nginx/{{ grafana_domain }}/access.log.json json_reduced;
access_log /var/log/nginx/{{ grafana_domain }}/access.log main;
access_log /var/log/nginx/{{ grafana_domain }}/access.log.json json_main;
error_log /var/log/nginx/{{ grafana_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ grafana_domain }}/fullchain.pem;
......@@ -39,12 +39,21 @@ server {
root {{ grafana_domain }};
location / {
access_log /var/log/nginx/{{ grafana_domain }}/access.log main;
access_log /var/log/nginx/{{ grafana_domain }}/access.log.json json_main;
{% set proxy -%}
proxy_pass http://grafana;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{%- endset %}
location / {
{{ proxy }}
}
location = /metrics {
if ($http_authorization != "Bearer {{ vault_grafana_metrics_token }}") {
return 403;
}
{{ proxy }}
}
}
roles/hedgedoc/tasks/main.yml
View file @ fb5e0503
---
- name: create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ hedgedoc_domain }}"]
- name: install hedgedoc
pacman: name=hedgedoc state=present
......@@ -19,7 +25,7 @@
file: path=/var/log/nginx/{{ hedgedoc_domain }} state=directory owner=root group=root mode=0755
- name: set up nginx
template: src=nginx.d.conf.j2 dest={{ hedgedoc_nginx_conf }} owner=root group=root mode=644
template: src=nginx.d.conf.j2 dest={{ hedgedoc_nginx_conf }} owner=root group=http mode=640
notify: reload nginx
tags: ['nginx']
......
roles/hedgedoc/templates/nginx.d.conf.j2
View file @ fb5e0503
......@@ -36,21 +36,32 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ hedgedoc_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ hedgedoc_domain }}/chain.pem;
{% set proxy -%}
proxy_pass http://hedgedoc;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
{%- endset %}
location / {
proxy_pass http://hedgedoc;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
{{ proxy }}
}
location = /status {
return 403;
}
location = /metrics {
if ($http_authorization != "Bearer {{ vault_hedgedoc_metrics_token }}") {
return 403;
}
{{ proxy }}
}
location /socket.io/ {
proxy_pass http://hedgedoc;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{{ proxy }}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
roles/hetzner_storagebox/templates/authorized_keys.j2
View file @ fb5e0503
#jinja2: lstrip_blocks: True
# Arch DevOps keys
{% for user in root_ssh_keys | sort -%}
{{ lookup('file', '../pubkeys/' + user) }}
{% for user in root_ssh_keys | sort(attribute="key") -%}
{% if user.hosts is not defined or inventory_hostname in user.hosts -%}
{{ lookup('file', role_path + '/../../pubkeys/' + user.key ) }}
{% if user.additional_keys is defined %}
{% for key in user.additional_keys | sort -%}
{{ lookup('file', role_path + '/../../pubkeys/' + key ) }}
{% endfor %}
{% endif %}
{% endif %}
{% endfor %}
# Client machines keys
......
roles/install_arch/tasks/main.yml
View file @ fb5e0503
......@@ -171,18 +171,11 @@
register: chroot_systemd_services
changed_when: "chroot_systemd_services.rc == 0"
- name: assign pubkey list to fact
set_fact: pubkey_list="{{ lookup('file', playbook_dir + "/../../pubkeys/" + item) }}"
register: pubkeys
vars:
playbook_dir: "{{ playbook_dir }}"
with_items: "{{ root_ssh_keys }}"
- name: assign pubkey string to fact
set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
- name: add authorized key for root
authorized_key: user=root key="{{ pubkey_string }}" path=/tmp/root.x86_64/mnt/root/.ssh/authorized_keys exclusive=yes
include_role:
name: root_ssh
vars:
root_ssh_directory: /tmp/root.x86_64/mnt/root/.ssh
- name: configure sshd
template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644
......
roles/keycloak/tasks/main.yml
View file @ fb5e0503
......@@ -69,6 +69,12 @@
group: http
mode: 0640
- name: create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ keycloak_domain }}"]
- name: make nginx log dir
file: path="/var/log/nginx/{{ keycloak_domain }}" state=directory owner=root mode=0755
......
roles/maintenance/templates/503.html.j2
View file @ fb5e0503
......@@ -35,7 +35,7 @@
<ul id="sitelinks">
<li><a href="https://bbs.archlinux.org">Forums</a></li>
<li><a href="https://wiki.archlinux.org">Wiki</a></li>
<li>IRC: #archlinux on freenode</li>
<li>IRC: #archlinux on Libera Chat</li>
</ul>
<div>
<img src="data:image/png;base64,
......