unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
1,016 Commits 18 Branches 0 Tags 3 MiB
26b908e5e7
Commit Graph

429 Commits

Author SHA1 Message Date
Ben Vincent
6ebf5c03a5 feat: add nomad profile/role (#200) 
- add basic consul manage nomad servers

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/200
 2024-12-22 22:35:31 +11:00
Ben Vincent
46b4fdf632 neoloc/sysadmin_early (#197) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/197
 2024-12-09 22:12:01 +11:00
Ben Vincent
aaf81d0a6c feat: create sysadmin on firstrun (#196) 
- prevent packages from using uid 1000

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/196
 2024-12-09 21:51:37 +11:00
Ben Vincent
afbc15ff40 feat: import crypto-policices earlier (#195) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/195
 2024-12-08 22:50:25 +11:00
Ben Vincent
64248a45c2 feat: ensure crypto-policices are managed before yumrepos (#194) 
- ensure crypto_policies are set before creating yum yumrepos
- ensure that they rpmdb is rebuilt after upgrading to el9

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/194
 2024-12-08 20:30:08 +11:00
Ben Vincent
ec926dfe0a feat: enable network manager on el9 (#189) 
- el9 doesnt have the network-scripts scripts

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/189
 2024-12-08 19:11:54 +11:00
Ben Vincent
40af30d0ff chore: change packagerepo vhost name (#188) 
- ensure http endpoint works for packagerepo.service.consul

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/188
 2024-12-08 17:05:38 +11:00
Ben Vincent
bac90b5459 Merge pull request 'fix: permissions for cobbler files' (#187) from neoloc/cobbler_perms into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/187
 2024-12-08 08:37:36 +11:00
Ben Vincent
41aab65f85 fix: permissions for cobbler files 
- ensure idempotency for /var/lib/cobbler/web.ss
 2024-12-08 08:36:35 +11:00
Ben Vincent
766f124b2c feat: edgecache updates 
- update metadatacache size
- increase cache age from 60d to 365d
- subscribe nginx service to ssl certs
 2024-12-07 23:50:45 +11:00
Ben Vincent
58d31c5c9a chore: migrate puppet-r10k 
- moved puppet-r10k the unkin organisation
- ensure branch is set to follow origin/master
 2024-11-17 19:26:27 +11:00
Ben Vincent
845b91b497 fix: ensure reposync directories exist 2024-11-16 22:32:15 +11:00
Ben Vincent
6493f392b8 Merge pull request 'neoloc/jupyterhub' (#174) from neoloc/jupyterhub into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/174
 2024-11-16 20:20:16 +11:00
Ben Vincent
92a9655a50 feat: jupyterhub updates 
- always pull containers when starting new instance
- enable access to terminal
 2024-11-16 19:54:19 +11:00
Ben Vincent
42ad972697 feat: add ldap configuration 
- add group members to jupyterhub_user
- add svc_jupyterhub user for ldap binding
- paramatarise all ldap fields required
- manage the notebook data directory
 2024-11-16 19:20:20 +11:00
Ben Vincent
61f5f1ce1f feat: add docker settings 
- list docker network and image
- fix ldap_admin setting to be a list of users
 2024-11-10 20:26:18 +11:00
Ben Vincent
c6bdae5790 Merge pull request 'feat: add jupyterhub role' (#173) from neoloc/jupyterhub into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/173
 2024-11-10 19:14:49 +11:00
Ben Vincent
159d66af18 feat: add jupyterhub role 
- add nodejs module to use npm package provider
- add jupyterhub role
- add class to configure the jupyterhub instance
- add ldap groups
- add nginx simpleproxy
 2024-11-10 19:09:50 +11:00
Ben Vincent
76b4c8c930 Merge pull request 'feat: add jumphost role' (#171) from neoloc/jumphost into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/171
 2024-10-27 13:18:50 +11:00
Ben Vincent
0455965525 feat: add jumphost role 
- add role for ssh proxy/jumphost
 2024-10-27 13:15:28 +11:00
Ben Vincent
ca87702466 feat: ensure vault restarts with ssl cert 
- ensure the vault service resource subscribes to the ssl crt/key
- update unseal script to retry unseal process until it completes
 2024-10-27 12:59:36 +11:00
Ben Vincent
4bf4b42fdf feat: restart nginx on ssl change 
- manage nginx service from simpleproxy class
- ensure nginx restarts when ssl certificates are changed
 2024-09-27 21:46:46 +10:00
Ben Vincent
0210d849c7 feat: add gitea runner role 
- ensure docker is configured
- create runner user/group
- deploy config.yaml from hiera hash
- install runner from url
- register the runner with the gitea instance
- manage the act_runner service
 2024-09-07 17:59:02 +10:00
Ben Vincent
42d8047043 fix: comments in gitea role 
- was copy of puppetboard, missed updating the comment
 2024-09-03 22:34:48 +10:00
Ben Vincent
afda425fab feat: psql changes on master only 
- add fact to detect if a psql host is a slave
- only import users/db/grants on master
 2024-09-03 22:13:50 +10:00
Ben Vincent
2912cbb68b feat: add droneci runner 
- add runner role
 2024-08-25 00:00:48 +10:00
Ben Vincent
5d36a4053b feat: add droneci module 
- add droneci module for server
- add droneci/server role
- add consul query for droneci service
- manage certificates, ssh principals, consul services/checks
 2024-08-24 00:34:15 +10:00
Ben Vincent
8fad79f2bc feat: manage database/user/grants for patroni 
- add defines for exporting/collecting psql objects for patroni
- add generic profile for managing patroni psql databases for an app
 2024-08-24 00:33:18 +10:00
Ben Vincent
1a2023f4ff Merge pull request 'feat: add patroni/psql cluster' (#140) from neoloc/patroni into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/140
 2024-08-10 23:40:29 +10:00
Ben Vincent
35834f8f5a feat: add patroni/psql cluster 
- add patroni puppet module
- add patroni role and hieradata
- add sql/patroni class that utilised consul
 2024-08-10 22:34:43 +10:00
Ben Vincent
dafac3d5ab fix: require vault-unseal.service 
- wrong service name specified
 2024-08-07 22:05:50 +10:00
Ben Vincent
3ce2ec3754 Merge pull request 'feat: auto-unseal vault every hour' (#132) from neoloc/vault_unseal_check into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/132
 2024-08-06 22:51:54 +10:00
Ben Vincent
7863d54275 feat: auto-unseal vault every hour 
- add cron job to run vault unsealing service hourly
 2024-08-06 22:51:16 +10:00
Ben Vincent
988e7c2a32 Merge pull request 'feat: auto restart puppetdb' (#131) from neoloc/puppetdb_restart into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/131
 2024-08-06 22:47:02 +10:00
Ben Vincent
0c44654a47 feat: auto restart puppetdb 
- found several times the puppetdb service locks up after a week of active time
- restart the puppetdb nightly to prevent lock ups
 2024-08-06 22:43:07 +10:00
Ben Vincent
20ee6fa19e Merge pull request 'feat: add rundeck runner user' (#130) from neoloc/rundeck_user into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/130
 2024-08-06 22:36:54 +10:00
Ben Vincent
c846cc4e21 feat: add rundeck runner user 
- add rundeck account on all hosts except rundeck
- add rundeck ssh private/public key to rundeck server
 2024-08-06 22:33:32 +10:00
Ben Vincent
2ae8dbc0ac feat: add gonic role 
- basic role only
 2024-08-01 22:38:32 +10:00
Ben Vincent
eb32a216f5 Merge pull request 'neoloc/rundeck' (#121) from neoloc/rundeck into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/121
 2024-07-28 02:05:20 +10:00
Ben Vincent
5354c99b1e feat: add rundeck profile 
- export mysql user for each rundeck server
- ensure the jdbc driver for mariadb is available
- exclude jq from default packages (managed by rundeck)
- add groups for admin/user for each project in rundeck
- add consul service
- add vault certificates
- add ssh principals
- add nginx simpleproxy
 2024-07-28 01:51:41 +10:00
Ben Vincent
6a3123e12e Merge pull request 'feat: change packages to Hash' (#120) from neoloc/packages_hash into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/120
 2024-07-27 16:29:48 +10:00
Ben Vincent
08241692ee feat: add rundeck 
- add puppet-rundeck module
- add rundeck role
 2024-07-27 13:06:14 +10:00
Ben Vincent
76989e45c4 feat: change packages to Hash 
- change from multiple arrays for managing packages to a hash
- change to ensure_packages to prevent duplicate resource conflicts
 2024-07-27 13:05:54 +10:00
Ben Vincent
cc01259a64 feat: change packages to Hash 
- change from multiple arrays for managing packages to a hash
- change to ensure_packages to prevent duplicate resource conflicts
 2024-07-27 13:01:06 +10:00
Ben Vincent
b5148fc2a0 Merge pull request 'fix: generate_types cahnges' (#119) from neoloc/puppetserver_startup into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/119
 2024-07-27 00:17:46 +10:00
Ben Vincent
ab44bfc430 fix: generate_types cahnges 
- this command will always fail, remove the systemd dropin
- create script that will run and exit with 0
- create systemd service/timer to run script daily
 2024-07-27 00:13:25 +10:00
Ben Vincent
480eced404 Merge pull request 'feat: add vrrp to halb' (#116) from neoloc/keepalived into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/116
 2024-07-14 22:07:34 +10:00
Ben Vincent
946922fdb9 feat: add vrrp to halb 
- update keepalived module to 5.1.0
- add keepalived::vrrp::* to be deep merged in hiera
- add vrrp dns configuration
- add vrrp instance/script to halb in syd1
 2024-07-13 20:15:13 +10:00
Ben Vincent
0fb11b22cf feat: add param for ffmpeg 
- add param to jellyfin class to specify the path to ffmpeg
- update templates to use location
 2024-07-11 22:41:08 +10:00
Ben Vincent
f63cf2f654 fix: create nginx cache dirs before nginx class 2024-07-09 23:29:56 +10:00
Ben Vincent
e8c8f5c1d6 fix: simpleproxy create cachedirs 
- ensure the '/var/cache/nginx' directory exists
 2024-07-09 23:27:51 +10:00
Ben Vincent
1204ee3314 feat: actually add nzbget profile 2024-07-09 23:20:12 +10:00
Ben Vincent
1532641640 feat: add nzbget to media platform 
- add haproxy rules
- generate/distribute letsencrypt certificates
- manage access to cephfs
 2024-07-09 22:32:54 +10:00
Ben Vincent
bd5164fed3 feat: certbot reorg 
- moved certbot into its own module
- added fact to list available certificates
- created systemd timer to rsync data to $data_dir/pub
- ensure the $data_dir/pub exists
- manage selinux for nginx
 2024-07-08 22:33:11 +10:00
Ben Vincent
30ec8c1bb1 feat: enable retrieval of certbot certs 
- refactor certbot
- add nginx to certbot hosts
 2024-07-07 22:30:40 +10:00
Ben Vincent
9db714d02f feat: manage certbot 
- add haproxy backend for be_letsencrypt
- manage the certbot role/profile
- create define to export certificate requests
 2024-07-07 21:21:50 +10:00
Ben Vincent
152ffaa1d3 Merge pull request 'feat: stop installing systemd exported by default' (#94) from neoloc/systemd_exporter_removal into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/94
 2024-07-07 15:02:48 +10:00
Ben Vincent
65046329f4 feat: stop installing systemd exported by default 2024-07-07 15:01:49 +10:00
Ben Vincent
d05cf628a8 Merge pull request 'fix: change service to socket' (#93) from neoloc/cobbler_socket into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/93
 2024-07-06 23:40:20 +10:00
Ben Vincent
da1402691c fix: change service to socket 
- ensure the tftpd.socket is running, which starts the service
 2024-07-06 23:37:55 +10:00
Ben Vincent
b5c7b310ee Merge pull request 'neoloc/mediaproxy' (#92) from neoloc/mediaproxy into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/92
 2024-07-06 23:24:49 +10:00
Ben Vincent
8b01ddba9c fix: cleanup simpleproxy 
- remove commented sections
- remove $server from locations
 2024-07-06 22:09:16 +10:00
Ben Vincent
d1dd12a091 feat: add cache to simpleproxy 2024-07-06 22:05:55 +10:00
Ben Vincent
354e561380 feat: add ldapauth for nginx 
- add service, defaults and script
 2024-07-06 22:02:00 +10:00
Ben Vincent
02a2097955 feat: paramatise use_default_location 
- allow the use of location blocks for simpleproxy
- add way to add locations in simpleproxy
 2024-07-05 23:10:58 +10:00
Ben Vincent
658af2b6b6 Merge pull request 'feat: manage jellyfin data migration_flag' (#90) from neoloc/jellyfin into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/90
 2024-07-04 00:09:22 +10:00
Ben Vincent
f3046f8fbb feat: manage jellyfin data migration_flag 2024-07-03 22:49:54 +10:00
Ben Vincent
8e1622a158 Merge pull request 'neoloc/glauth' (#87) from neoloc/glauth into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/87
 2024-07-02 18:12:54 +10:00
Ben Vincent
fe35baacfd chore: cleanup glauth 
- remove datavol, not required
- remove commented out systemd socket
 2024-07-02 18:12:08 +10:00
Ben Vincent
6e3802ad57 feat: add users/services/groups 2024-07-01 22:54:22 +10:00
Ben Vincent
c8604baa4e feat: add glauth role/profile classes 
- role added to cobbler
- add role specific hieradata
 2024-07-01 22:42:29 +10:00
Ben Vincent
f81b5753ff feat: add jellyfin role/profile classes 2024-06-30 00:02:16 +10:00
Ben Vincent
d07751a151 feat: haproxy for *arr stack 
- add additional backends
- set *arr's to export as a backend
- add *arr.main.unkin.net certificates
 2024-06-28 22:46:50 +10:00
Ben Vincent
9b8556f487 fear: deploy additional *arr stack apps 
- cleanup hieradata entires for roles to remove some defaults
- add profiles::media::* classes to manage *arr stacks
 2024-06-27 23:42:33 +10:00
Ben Vincent
7efd6edea9 Revert "chore: cleanup yum repos" 
This reverts commit febd98d316.
 2024-06-27 22:11:46 +10:00
Ben Vincent
febd98d316 chore: cleanup yum repos 
- cleanup yum repos on first run
 2024-06-27 21:59:27 +10:00
Ben Vincent
5f5a9f5f65 Merge pull request 'feat: add prowlarr module' (#69) from neoloc/prowlarr into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/69
 2024-06-27 21:34:30 +10:00
Ben Vincent
3c63d8e797 Merge pull request 'feat: add readarr module' (#68) from neoloc/readarr into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/68
 2024-06-27 21:34:17 +10:00
Ben Vincent
f2046efebe feat: add prowlarr module 
- add media::prowlarr role
 2024-06-27 21:32:13 +10:00
Ben Vincent
0b7f07692c feat: add readarr module 
- add media::readarr role
 2024-06-27 21:21:18 +10:00
Ben Vincent
40ff5f7d92 feat: deploy radarr 
- manage ens19 nic on ausyd1nxvm1040
- manage cephfs storage
 2024-06-26 22:57:36 +10:00
Ben Vincent
679a4203a9 chore: duplicate resource 2024-06-26 22:42:17 +10:00
Ben Vincent
b90c6468b3 chore: add facts/motd to firstrun 2024-06-26 22:37:17 +10:00
Ben Vincent
3b907159f1 chore: change eth0 to ens18 2024-06-23 16:47:46 +10:00
Ben Vincent
803a0ac01d Merge pull request 'neoloc/cephfs' (#54) from neoloc/cephfs into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/54
 2024-06-23 15:34:04 +10:00
Ben Vincent
82ed27cf56 feat: add sonarr profile 
- add cephfs secret for mounting mediafs
- add ceph-reef repo for apps::media roles
- add the shared cephfs mediafs mount
 2024-06-23 15:33:40 +10:00
Ben Vincent
5631f07e6e feat: add cephfs shared volume define 
- add ceph class to manage ceph client configuration/packages
- add cephfs define for mounting volumes
- add ceph keyring define to manage secrets used to mount cephfs
 2024-06-23 15:33:33 +10:00
Ben Vincent
548076728a feat: swap networkmanager for network service 2024-06-22 16:31:03 +10:00
Ben Vincent
f5a9eaef4a fix: proxmox ceph services use different network 
- set the consul services for ceph mon, mds, mgr and osd to report the ceph
  cluster interface
 2024-06-22 00:45:17 +10:00
Ben Vincent
4db9faa551 chore: include profiles::defaults in all roles 2024-06-21 22:57:47 +10:00
Ben Vincent
8548ef0284 Merge pull request 'neoloc/sonarr_deploy' (#48) from neoloc/sonarr_deploy into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/48
 2024-06-21 22:53:06 +10:00
Ben Vincent
681f9e3eb8 feat: deploy sonarr 
- add required hieradata/role data to deploy sonarr
- add nginx simpleproxy
- add consul service/query
- add vault certificates
 2024-06-21 22:51:40 +10:00
Ben Vincent
a431c50980 Merge pull request 'chore: add media managemnet roles' (#44) from neoloc/media_roles into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/44
 2024-06-21 20:50:04 +10:00
Ben Vincent
d98b12bf81 chore: add media managemnet roles 
- add radarr, lidarr, nzbget
 2024-06-21 20:49:28 +10:00
Ben Vincent
59b181ed54 Merge pull request 'feat: add ceph mirror to edgecache' (#43) from neoloc/ceph_mirror into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/43
 2024-06-21 20:44:08 +10:00
Ben Vincent
36ad19ffed feat: add ceph mirror to edgecache 
- add ceph reef apt and rpm repository to edgecache
- add the centos storage sig gpg
 2024-06-21 20:38:54 +10:00
Ben Vincent
a3ef535bfc fix: ceph consul check script 
- add permissions to write ceph-* services to consul
- change from `script` to `args` array
 2024-06-19 22:36:04 +10:00
Ben Vincent
eb462eb3a3 fix: update check script to use pgrep 2024-06-18 21:33:38 +10:00
Ben Vincent
94aed2df9c feat: add pveceph consul services 
- refacter the pveceph facts
- define consul services for osd, mgr, mds and mons
 2024-06-18 21:14:57 +10:00
Ben Vincent
c6530e34f6 Merge pull request 'feat: add haproxy exporter' (#38) from neoloc/haproxy_exporter into develop 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/38
 2024-06-17 21:36:31 +10:00