unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
1,060 Commits 18 Branches 0 Tags 3 MiB
c5c40c3bfd
Commit Graph

306 Commits

Author SHA1 Message Date
Ben Vincent
98f1961a07 benvin/ceph_common (#360) 
Reviewed-on: #360
 2025-07-15 20:38:39 +10:00
Ben Vincent
eb1ada8ea5 fix: duplicate declatation (#359) 
- only install ceph-common once

Reviewed-on: #359
 2025-07-15 20:31:09 +10:00
Ben Vincent
ec3e42901a feat: add basic k8s node role (#358) 
- update prodnxsr0001-8 to use networkd
- add basic k8s node role

Reviewed-on: #358
 2025-07-15 20:18:17 +10:00
Ben Vincent
de6e7d0ba9 feat: add vmagent role (#356) 
- add vmagent role for vicmet

Reviewed-on: #356
 2025-07-13 17:20:58 +10:00
Ben Vincent
780a97dfe4 feat: add new cobbler master (#355) 
- change cobbler.main.unkin.net to 2098

Reviewed-on: #355
 2025-07-12 20:31:43 +10:00
Ben Vincent
7d87e11e79 feat: add victoria metrics roles (#350) 
- add vmstorage, vmselect and vminsert roles
- base roles, only adding packages
- preparation for standing up a vicmet cluster

Reviewed-on: #350
 2025-07-08 20:34:46 +10:00
Ben Vincent
2d9faf578f feat: add unkin.net domain (#347) 
- manage the unkin.net domain
- ensure forwarding for unkin.net
- split domain from cname list and set zone correctly
- add fafflix to cnames list for haproxy2

Reviewed-on: #347
 2025-07-06 20:02:20 +10:00
Ben Vincent
0063f68bc6 feat: enable external access to gitea (#344) 
- add git.unkin.net to certbot
- export haproxy resources for gitea
- add be_gitea to haproxy, import the certbot cert
- update the ROOT_URL for gitea instances

Reviewed-on: #344
 2025-07-06 13:47:56 +10:00
Ben Vincent
372d99893a core: fix ROOT_URL (#343) 
- root_url is used for docker authentication
- access to git.unkin.net is not yet ready

Reviewed-on: https://git.query.consul/unkin/puppet-prod/pulls/343
 2025-07-06 13:20:27 +10:00
Ben Vincent
2317d0af59 feat: expose gitea metrics (#340) 
- add a gitea-metrics service to consul
- tag as metrics for victoria metrics
- check the /metrics endpoint (bypass nginx)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/340
 2025-07-06 12:01:57 +10:00
Ben Vincent
cf0ff85b70 fix: manage git user (#339) 
- prevent different gid/uid for git users when deploying cluster
- only add sudo conf when sudo_rules is a list

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/339
 2025-07-06 11:27:35 +10:00
Ben Vincent
359ce101f1 feat: add indexer for git (#338) 
- reuse the database for the indexer

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/338
 2025-07-05 17:12:38 +10:00
Ben Vincent
b6c959d368 feat: use redis for cache/queue (#337) 
- use gitea redis cluster for queue/cache
- use redis+sentinel url (pass required for redis and sentinel)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/337
 2025-07-05 16:42:01 +10:00
Ben Vincent
b976f2063a feat: deploy redis for git (#336) 
- deploy redis/sentinel ha cluster for git
- update redis to 7 (required for almalinux 9)
- enable requirepass/masterauth

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/336
 2025-07-05 15:51:28 +10:00
Ben Vincent
93049707e7 benvin/gitea_cluster (#335) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/335
 2025-07-05 14:49:56 +10:00
Ben Vincent
a9faa098ee benvin/grafana_postgres (#334) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/334
 2025-07-01 19:07:24 +10:00
Ben Vincent
61d912de30 feat: update password for grafana service account (#333) 
- updated grafana password

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/333
 2025-06-30 20:22:18 +10:00
Ben Vincent
aab3eaf9e7 feat: add grafana service to ldap (#331) 
- add grafana service account for binding
- add grafana_user group
- add users to group

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/331
 2025-06-30 19:17:56 +10:00
Ben Vincent
49ff7cc3ab feat: add toml puppet gem (#329) 
- required for ldap support in grafana

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/329
 2025-06-30 19:02:37 +10:00
Ben Vincent
d1e63ad18b feat: add shared pgsql instance (#328) 
- add shared pgsql instance
- use patroni

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/328
 2025-06-29 17:25:59 +10:00
Ben Vincent
99b312669b benvin/dhcp_failover (#327) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/327
 2025-06-29 13:36:16 +10:00
Ben Vincent
3bb2a5dbad fix: enable health check from haproxy2 (#324) 
- tactical fix: enable dmz subnets container access to health url

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/324
 2025-06-28 17:04:25 +10:00
Ben Vincent
770fd643ac feat: add haproxy2 role (#322) 
- add basic haproxy2 role
- add peers and resolvers
- add haproxy2+ metrics frontend

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/322
 2025-06-28 16:20:06 +10:00
Ben Vincent
bd9e08dc24 feat: cleanup hieranodes settings (#321) 
- migrate hieranodes values to roles yaml
- rename anycast ip keys to be similar

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/321
 2025-06-21 23:16:34 +10:00
Ben Vincent
ae57e0e81c feat: add openvox repos to reposync (#319) 
- add el8/9/10 for openvox7/8

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/319
 2025-06-19 06:06:41 +10:00
Ben Vincent
cb1d562cb0 feat: migrate pupeptdb sql to patroni (#318) 
- change puppetdb::sql to using the patroni profile
- change puppetdb::api to use new patroni cluster
- remove references to puppetlabs-puppetdb managed database
- update consul rules to enable sessions

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/318
 2025-06-19 05:52:32 +10:00
Ben Vincent
26b908e5e7 feat: add node_pools (#317) 
- change agentv2 to common node_pool
- set default node_pool to default

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/317
 2025-06-15 17:43:19 +10:00
Ben Vincent
a47c6155b8 feat: use fqdn in host_volumes (#316) 
- fix hard-coded message

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/316
 2025-06-15 17:34:03 +10:00
Ben Vincent
1cbc1be808 feat: add host_volumes to nomad (#315) 
- add puppet client certs
- add tls-ca-bundle

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/315
 2025-06-14 19:37:50 +10:00
Ben Vincent
60834ced00 feat: nomad cni additions (#314) 
- add consul-cni package
- enable grpc for consul servers
- enable consul connect for consul servers
- set recursors for consul
- add ports to consul agent (grpc, dns, http for nomad)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/314
 2025-06-14 18:47:24 +10:00
Ben Vincent
890e9670f3 chore: update the consul service name (#313) 
- update the name for the packagerepo service
- was copy/pasted from jupyterhub

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/313
 2025-06-09 14:46:16 +10:00
Ben Vincent
66fdd7b615 feat: update incus image host to run on incus (#309) 
- remove zfs
- remove some sysctl values
- remove memlocks from limits
- install iptables, required for creating bridges

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/309
 2025-06-08 22:58:44 +10:00
Ben Vincent
f43d5f685b feat: update reposync repos (#308) 
- remove almalinux 9.4
- add almalinux 9.6
- add epel 8 and 9
- update mssql
- add k8s 1.33

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/308
 2025-06-01 18:20:10 +10:00
Ben Vincent
bb2f59621a feat: split reposync into two roles (#307) 
- reposync and packagerepo web service
- change backing datastore to be cephfs /shared/app/packagerepo

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/307
 2025-06-01 11:33:44 +10:00
Ben Vincent
1a904af2ee feat: change g10k to use a package (#304) 
- the archive path is no longer valid
- produced a g10k rpm with rpmbuilder

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/304
 2025-05-31 13:51:51 +10:00
Ben Vincent
ed1a4f6488 fix: missed address in consul service (#303) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/303
 2025-05-30 23:27:44 +10:00
Ben Vincent
bdd833fa4e feat: create basic k8s roles to start deployment (#302) 
- just create roles so can deploy hosts

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/302
 2025-05-30 23:21:02 +10:00
Ben Vincent
c10a3e49fa chore: add new user (#301) 
- just jelly access

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/301
 2025-05-28 19:46:45 +10:00
Ben Vincent
3d5d40f381 chore: minor jellyfin updates (#300) 
- add jellyfin to video group, for access to gpu
- install intel related gpu drivers
- export lxc jellyfin to haproxy

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/300
 2025-05-27 19:55:55 +10:00
Ben Vincent
b3347f9226 chore: migrate media applications (#299) 
- migrate media applications to new cephfs pool + incus
- enable exporting haproxy
- move ceph-client-setup to only apply to non-lxc hosts
- ensure unrar is installed for nzbget
- updated jellyfin use of data_dir
- set lxc instances for jellyfin to use /shared/apps/jellyfin

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/299
 2025-05-25 20:27:17 +10:00
Ben Vincent
1d23fef82e feat: update settings for ceph (#298) 
- enable root logins via ssh with keys
- add ssh key for ceph to root user

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/298
 2025-05-25 20:22:00 +10:00
Ben Vincent
596e498a00 feat: change media arr apps to hiera_include (#296) 
- change profiles::media::* to be hiera_included
- this is required to enable it to be hiera_excluded on virtual == lxc

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/296
 2025-05-24 20:23:56 +10:00
Ben Vincent
520e8a34e0 feat: add a nomad agent v2 role (#293) 
- excludes ceph (will be passed from incus)
- excludes frrouting (will use host-networking)

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/293
 2025-05-24 15:35:20 +10:00
Ben Vincent
89a0f329d8 feat: update vault url (#291) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/291
 2025-05-21 19:58:12 +10:00
Ben Vincent
6dcc7343e0 feat: updated ceph ssh authorized_key (#290) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/290
 2025-05-17 14:05:25 +10:00
Ben Vincent
e7d4c75192 feat: enable ssh access to enp3s0 (#289) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/289
 2025-05-17 13:50:35 +10:00
Ben Vincent
d9e8637ad6 feat: manage more ceph requirements (#288) 
- add ceph-common to provide utilities for managing ceph
- add root and sysadmin ssh keys for ceph deployments

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/288
 2025-05-17 11:14:45 +10:00
Ben Vincent
92f0ae64b9 feat: enable ssh on all loopbacks (#287) 
- required for cephadm to manage roles

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/287
 2025-05-16 07:05:31 +10:00
Ben Vincent
c1637d9f43 feat: add cephadm to incus hosts (#286) 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/286
 2025-05-16 05:56:28 +10:00
Ben Vincent
1aabe21173 feat: manage mon loopback0 (#285) 
- add frrouting
- set all ceph nodes to use ospf + loopback0 + networkd
- fix ceph repos for mons

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/285
 2025-05-15 19:46:59 +10:00