Compare commits
No commits in common. "7f7e6121326afce832021ff1937e29aa02112d71" and "7bbcfa28af9d2132cad4e6d26d28078367220043" have entirely different histories.
7f7e612132
...
7bbcfa28af
9 changed files with 21 additions and 129 deletions
|
|
@ -22,7 +22,3 @@ s3_bucket: "prymn-cache"
|
||||||
s3_endpoint: "https://75178f9eca227dea51b3db4db2c15a5a.r2.cloudflarestorage.com"
|
s3_endpoint: "https://75178f9eca227dea51b3db4db2c15a5a.r2.cloudflarestorage.com"
|
||||||
s3_access_key_id: "{{ vault_s3_access_key_id }}"
|
s3_access_key_id: "{{ vault_s3_access_key_id }}"
|
||||||
s3_secret_access_key: "{{ vault_s3_secret_access_key }}"
|
s3_secret_access_key: "{{ vault_s3_secret_access_key }}"
|
||||||
|
|
||||||
# Wireguard
|
|
||||||
wireguard_ip: "10.0.42.1"
|
|
||||||
wireguard_network_mask: "24"
|
|
||||||
|
|
|
||||||
|
|
@ -1,2 +0,0 @@
|
||||||
ansible_become_pass: "{{ ulna_become_pass | default(omit) }}"
|
|
||||||
wireguard_ip: "10.0.42.1"
|
|
||||||
|
|
@ -3,15 +3,9 @@
|
||||||
hosts: ulna
|
hosts: ulna
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Install nix libraries
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: nix-bin
|
|
||||||
state: present
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Unarchive
|
- name: Unarchive
|
||||||
ansible.builtin.unarchive:
|
ansible.builtin.unarchive:
|
||||||
src: files/attic.tar.xz
|
src: attic.tar.xz
|
||||||
dest: /usr/local
|
dest: /usr/local
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
|
|
@ -36,7 +30,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Restart service
|
- name: Restart systemd
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
state: restarted
|
state: restarted
|
||||||
name: attic
|
name: attic
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,6 @@
|
||||||
- WOODPECKER_GITEA_URL=https://{{ gitea_host }}
|
- WOODPECKER_GITEA_URL=https://{{ gitea_host }}
|
||||||
- WOODPECKER_GITEA_CLIENT={{ woodpecker_client_id }}
|
- WOODPECKER_GITEA_CLIENT={{ woodpecker_client_id }}
|
||||||
- WOODPECKER_GITEA_SECRET={{ woodpecker_client_secret }}
|
- WOODPECKER_GITEA_SECRET={{ woodpecker_client_secret }}
|
||||||
- WOODPECKER_ADMIN=nikos
|
|
||||||
|
|
||||||
woodpecker-agent:
|
woodpecker-agent:
|
||||||
image: woodpeckerci/woodpecker-agent:next
|
image: woodpeckerci/woodpecker-agent:next
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,10 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
63613665646438616265666332616134306638336363643763376536386338336265333036633561
|
34626236366363333963613532643239643331333637613664653238336431636338303537643936
|
||||||
3866393138653031346363613137343238323839633632330a346433343633383938383835373438
|
3830343365336262633165616535363336313665383261310a383931623831326530313837346137
|
||||||
33306235633230633734663937316365643263373964386234613236316132396661643565356639
|
35663961343433396461653164613666363331396430393131393038393433346263653331653064
|
||||||
3966326363643566360a326135633033396262636661366536653132613939323034346138353434
|
3162663361623439340a363865633661623563366330336666633766656531663033613131343466
|
||||||
63356662653461333537643737353537353862313366356265623333373635323133393462353638
|
39366463393839333963326531376436373038386239623937303839336264336462613236623431
|
||||||
35646563643231666632666537373633643037376638323132383739613736393035376462313065
|
37633635333738316665346463333361363234636465333764643464323830313636616165646365
|
||||||
63633366363265396163343633306439313364656161663930623965376337343661323230616532
|
39663235323764323564326135333631613665336338646565666362336666633337643065626362
|
||||||
35613663373263323839313534623831366334346135383439316439366634343133343462366631
|
66663631313434393636326531616261623132633730333439313534636165373635393465616531
|
||||||
31663363346138336163633562366130663430626633303733643730333039646663643930626564
|
66643663376238653164626364386338363863366661313235353966316664343039
|
||||||
38366466306534366661646564386566303562303733663534666334383639623939616238666237
|
|
||||||
34353130663033376534386533633639656161333164646164346136323937623630663638633731
|
|
||||||
32353131386538326230633630626530393561623930353963316431663635343131373539633937
|
|
||||||
38396539323566616565633161653835306435653639633336626434643562316564346665616662
|
|
||||||
39633663343736366264623334653763323763366133343634306162356664386564393232386564
|
|
||||||
346330633462313734343039633666616536
|
|
||||||
|
|
|
||||||
|
|
@ -58,33 +58,33 @@ url = "sqlite:///usr/local/share/attic/server.db"
|
||||||
# Storage type
|
# Storage type
|
||||||
#
|
#
|
||||||
# Can be "local" or "s3".
|
# Can be "local" or "s3".
|
||||||
type = "local"
|
type = "s3"
|
||||||
|
|
||||||
## Local storage
|
# ## Local storage
|
||||||
|
|
||||||
# The directory to store all files under
|
# The directory to store all files under
|
||||||
path = "/usr/local/share/attic/storage"
|
# path = "/home/nikos/.local/share/attic/storage"
|
||||||
|
|
||||||
# ## S3 Storage (set type to "s3" and uncomment below)
|
# ## S3 Storage (set type to "s3" and uncomment below)
|
||||||
|
|
||||||
# The AWS region
|
# The AWS region
|
||||||
# region = "auto"
|
region = "auto"
|
||||||
|
|
||||||
# The name of the bucket
|
# The name of the bucket
|
||||||
# bucket = "{{ s3_bucket }}"
|
bucket = "{{ s3_bucket }}"
|
||||||
|
|
||||||
# Custom S3 endpoint
|
# Custom S3 endpoint
|
||||||
#
|
#
|
||||||
# Set this if you are using an S3-compatible object storage (e.g., Minio).
|
# Set this if you are using an S3-compatible object storage (e.g., Minio).
|
||||||
# endpoint = "{{ s3_endpoint }}"
|
endpoint = "{{ s3_endpoint }}"
|
||||||
|
|
||||||
# Credentials
|
# Credentials
|
||||||
#
|
#
|
||||||
# If unset, the credentials are read from the `AWS_ACCESS_KEY_ID` and
|
# If unset, the credentials are read from the `AWS_ACCESS_KEY_ID` and
|
||||||
# `AWS_SECRET_ACCESS_KEY` environment variables.
|
# `AWS_SECRET_ACCESS_KEY` environment variables.
|
||||||
# [storage.credentials]
|
[storage.credentials]
|
||||||
# access_key_id = "{{ s3_access_key_id }}"
|
access_key_id = "{{ s3_access_key_id }}"
|
||||||
# secret_access_key = "{{ s3_secret_access_key }}"
|
secret_access_key = "{{ s3_secret_access_key }}"
|
||||||
|
|
||||||
# Data chunking
|
# Data chunking
|
||||||
#
|
#
|
||||||
|
|
@ -127,7 +127,7 @@ type = "zstd"
|
||||||
#
|
#
|
||||||
# If zero, automatic garbage collection is disabled, but
|
# If zero, automatic garbage collection is disabled, but
|
||||||
# it can still be run manually with `atticd --mode garbage-collector-once`.
|
# it can still be run manually with `atticd --mode garbage-collector-once`.
|
||||||
interval = "0"
|
interval = "12 hours"
|
||||||
|
|
||||||
# Default retention period
|
# Default retention period
|
||||||
#
|
#
|
||||||
|
|
|
||||||
|
|
@ -1,25 +0,0 @@
|
||||||
[NetDev]
|
|
||||||
Name=wg0
|
|
||||||
Kind=wireguard
|
|
||||||
Description=Wireguard tunnel wg0
|
|
||||||
|
|
||||||
[WireGuard]
|
|
||||||
ListenPort=51820
|
|
||||||
PrivateKey={{ wireguard_private_key.stdout }}
|
|
||||||
|
|
||||||
{% for peer in groups['wireguard'] %}
|
|
||||||
{% if peer != inventory_hostname %}
|
|
||||||
|
|
||||||
[WireGuardPeer]
|
|
||||||
PublicKey={{ hostvars[peer].wireguard_public_key.stdout }}
|
|
||||||
AllowedIPs={{ hostvars[peer].wireguard_ip }}/32
|
|
||||||
PersistentKeepalive=25
|
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
# ouroboros
|
|
||||||
[WireGuardPeer]
|
|
||||||
PublicKey={{ ouroboros_wireguard_public_key }}
|
|
||||||
AllowedIPs={{ ouroboros_wireguard_ip }}/32
|
|
||||||
PersistentKeepalive=25
|
|
||||||
|
|
@ -1,5 +0,0 @@
|
||||||
[Match]
|
|
||||||
Name=wg0
|
|
||||||
|
|
||||||
[Network]
|
|
||||||
Address={{ wireguard_ip }}/{{ wireguard_network_mask }}
|
|
||||||
|
|
@ -1,59 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: [wireguard]
|
|
||||||
tasks:
|
|
||||||
- name: Install wireguard packages
|
|
||||||
become: true
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: wireguard
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Generate keys
|
|
||||||
become: true
|
|
||||||
ansible.builtin.shell: |
|
|
||||||
umask 0077
|
|
||||||
wg genkey > /etc/wireguard/privatekey
|
|
||||||
wg pubkey < /etc/wireguard/privatekey > /etc/wireguard/publickey
|
|
||||||
args:
|
|
||||||
creates:
|
|
||||||
- /etc/wireguard/privatekey
|
|
||||||
- /etc/wireguard/publickey
|
|
||||||
|
|
||||||
- name: Register public key
|
|
||||||
become: true
|
|
||||||
ansible.builtin.shell: cat /etc/wireguard/publickey
|
|
||||||
register: wireguard_public_key
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Register private key
|
|
||||||
become: true
|
|
||||||
ansible.builtin.shell: cat /etc/wireguard/privatekey
|
|
||||||
register: wireguard_private_key
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Setup network device
|
|
||||||
become: yes
|
|
||||||
notify: systemd network restart
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: ./templates/wireguard/wg0.netdev.j2
|
|
||||||
dest: /etc/systemd/network/wg0.netdev
|
|
||||||
owner: root
|
|
||||||
group: systemd-network
|
|
||||||
mode: 0640
|
|
||||||
|
|
||||||
- name: Setup network
|
|
||||||
become: yes
|
|
||||||
notify: systemd network restart
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: ./templates/wireguard/wg0.network.j2
|
|
||||||
dest: /etc/systemd/network/wg0.network
|
|
||||||
owner: root
|
|
||||||
group: systemd-network
|
|
||||||
mode: 0640
|
|
||||||
|
|
||||||
handlers:
|
|
||||||
- name: systemd network restart
|
|
||||||
become: true
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: systemd-networkd
|
|
||||||
state: restarted
|
|
||||||
enabled: true
|
|
||||||
Loading…
Reference in a new issue