diff --git a/ansible/.yamllint b/ansible/.yamllint new file mode 100644 index 0000000..7967454 --- /dev/null +++ b/ansible/.yamllint @@ -0,0 +1,11 @@ +--- +extends: default + +rules: + line-length: + max: 160 + truthy: + allowed-values: ["true", "false"] + +ignore: + - group_vars/all/secrets.enc.yaml diff --git a/ansible/dotfiles/pr-test.yml b/ansible/dotfiles/pr-test.yml deleted file mode 100644 index ea73335..0000000 --- a/ansible/dotfiles/pr-test.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: PR Test - -on: - pull_request: - branches: - - master - - main - -jobs: - test: - strategy: - matrix: - distro: - - alpine - - archlinux - - fedora - - ubuntu - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Only build - run: | - docker buildx build --platform linux/amd64 --output "type=image,push=false" -f tests/Dockerfile-${{ matrix.distro }} . \ No newline at end of file diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml index b5b6139..06f2d0a 100644 --- a/ansible/roles/common/tasks/main.yml +++ b/ansible/roles/common/tasks/main.yml @@ -88,9 +88,9 @@ line: "{{ item.line }}" state: present loop: - - { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin prohibit-password' } - - { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no' } - - { regexp: '^#?X11Forwarding', line: 'X11Forwarding no' } + - {regexp: '^#?PermitRootLogin', line: 'PermitRootLogin prohibit-password'} + - {regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no'} + - {regexp: '^#?X11Forwarding', line: 'X11Forwarding no'} notify: Restart sshd when: ansible_facts["os_family"] != "FreeBSD" diff --git a/ansible/roles/dotfiles/tasks/main.yml b/ansible/roles/dotfiles/tasks/main.yml index 50be56f..ebd9409 100644 --- a/ansible/roles/dotfiles/tasks/main.yml +++ b/ansible/roles/dotfiles/tasks/main.yml @@ -15,9 +15,9 @@ mode: '0644' backup: true loop: - - { src: 'config/tmux/tmux.conf', dest: '/root/.tmux.conf' } - - { src: 'config/fish/config.fish', dest: '/root/.config/fish/config.fish' } - - { src: 'config/git/gitconfig', dest: '/root/.gitconfig' } + - {src: 'config/tmux/tmux.conf', dest: '/root/.tmux.conf'} + - {src: 'config/fish/config.fish', dest: '/root/.config/fish/config.fish'} + - {src: 'config/git/gitconfig', dest: '/root/.gitconfig'} failed_when: false when: - dotfiles_dir.stat.exists diff --git a/ansible/services/authelia/docker-compose.yml b/ansible/services/authelia/docker-compose.yml index 45af2d0..4ed6fac 100644 --- a/ansible/services/authelia/docker-compose.yml +++ b/ansible/services/authelia/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Authelia - SSO/authentication portal with LLDAP + MariaDB # Host: helsinki-a (100.67.6.27) # Data: /root/authelia/ diff --git a/ansible/services/bitwarden/docker-compose.yml b/ansible/services/bitwarden/docker-compose.yml index 378c28d..581e561 100644 --- a/ansible/services/bitwarden/docker-compose.yml +++ b/ansible/services/bitwarden/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Bitwarden - Self-hosted password manager # Host: helsinki-a (100.67.6.27) # Data: Docker volume (bitwarden) diff --git a/ansible/services/forgejo/docker-compose.yml b/ansible/services/forgejo/docker-compose.yml index b21563c..6c3ee9e 100644 --- a/ansible/services/forgejo/docker-compose.yml +++ b/ansible/services/forgejo/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Forgejo - Self-hosted Git forge # Host: helsinki-a (100.67.6.27) # Data: /srv/forgejo/data diff --git a/ansible/services/grafana/provisioning/alerting/contact-points.yml b/ansible/services/grafana/provisioning/alerting/contact-points.yml index 7257635..9507dee 100644 --- a/ansible/services/grafana/provisioning/alerting/contact-points.yml +++ b/ansible/services/grafana/provisioning/alerting/contact-points.yml @@ -1,3 +1,4 @@ +--- apiVersion: 1 # Contact points — defines where alerts are sent. diff --git a/ansible/services/grafana/provisioning/alerting/notification-policy.yml b/ansible/services/grafana/provisioning/alerting/notification-policy.yml index 9b4a6d4..0ef3d8e 100644 --- a/ansible/services/grafana/provisioning/alerting/notification-policy.yml +++ b/ansible/services/grafana/provisioning/alerting/notification-policy.yml @@ -1,3 +1,4 @@ +--- apiVersion: 1 # Notification routing policy. diff --git a/ansible/services/grafana/provisioning/alerting/rules-critical.yml b/ansible/services/grafana/provisioning/alerting/rules-critical.yml index 66c6c90..3216b01 100644 --- a/ansible/services/grafana/provisioning/alerting/rules-critical.yml +++ b/ansible/services/grafana/provisioning/alerting/rules-critical.yml @@ -1,3 +1,4 @@ +--- apiVersion: 1 # Tier 1 — Critical alerts. These page PagerDuty. diff --git a/ansible/services/grafana/provisioning/alerting/rules-warning.yml b/ansible/services/grafana/provisioning/alerting/rules-warning.yml index 94bfb16..58155f2 100644 --- a/ansible/services/grafana/provisioning/alerting/rules-warning.yml +++ b/ansible/services/grafana/provisioning/alerting/rules-warning.yml @@ -1,3 +1,4 @@ +--- apiVersion: 1 # Tier 2 — Warning alerts. These send email only (non-paging). @@ -239,4 +240,3 @@ groups: labels: severity: warning isPaused: false - diff --git a/ansible/services/grafana/provisioning/dashboards/dashboards.yml b/ansible/services/grafana/provisioning/dashboards/dashboards.yml index 37da2ec..2394d91 100644 --- a/ansible/services/grafana/provisioning/dashboards/dashboards.yml +++ b/ansible/services/grafana/provisioning/dashboards/dashboards.yml @@ -1,3 +1,4 @@ +--- apiVersion: 1 # Dashboard provisioning — tells Grafana where to find dashboard JSON files. diff --git a/ansible/services/jellyseerr/docker-compose.yml b/ansible/services/jellyseerr/docker-compose.yml index fa3d215..c2b0dc8 100644 --- a/ansible/services/jellyseerr/docker-compose.yml +++ b/ansible/services/jellyseerr/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Jellyseerr - Media request management # Host: london-b (100.84.65.101) # Data: /var/share/jellyseer diff --git a/ansible/services/minecraft/docker-compose.yml b/ansible/services/minecraft/docker-compose.yml index 4b808f2..dc51069 100644 --- a/ansible/services/minecraft/docker-compose.yml +++ b/ansible/services/minecraft/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Minecraft - PaperMC server # Host: copenhagen-a (100.89.206.60) # Data: Docker volume (minecraft_minecraftserver) diff --git a/ansible/services/miniflux/docker-compose.yml b/ansible/services/miniflux/docker-compose.yml index ac4fdbd..0bab8b9 100644 --- a/ansible/services/miniflux/docker-compose.yml +++ b/ansible/services/miniflux/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Miniflux - RSS reader # Host: london-b (100.84.65.101) # Data: Docker volume (miniflux-db) diff --git a/ansible/services/navidrome/docker-compose.yml b/ansible/services/navidrome/docker-compose.yml index 593c103..3ed1d18 100644 --- a/ansible/services/navidrome/docker-compose.yml +++ b/ansible/services/navidrome/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Navidrome - Music streaming server # Host: london-b (100.84.65.101) # Data: /root/navidrome (config), /hdd/music (library) diff --git a/ansible/services/nextcloud-aio/docker-compose.yml b/ansible/services/nextcloud-aio/docker-compose.yml index 58b08be..c5b7a18 100644 --- a/ansible/services/nextcloud-aio/docker-compose.yml +++ b/ansible/services/nextcloud-aio/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Nextcloud AIO - All-in-one Nextcloud deployment # Host: london-b (100.84.65.101) # Data: Docker volume (nextcloud_aio_mastercontainer) diff --git a/ansible/services/plex-exporter/docker-compose.yml b/ansible/services/plex-exporter/docker-compose.yml index 6afc5ed..c4e76e9 100644 --- a/ansible/services/plex-exporter/docker-compose.yml +++ b/ansible/services/plex-exporter/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Plex exporter - Plex metrics for Prometheus # Host: london-b (100.84.65.101) # Access: http://london-b:9000/metrics diff --git a/ansible/services/poste-io/docker-compose.yml b/ansible/services/poste-io/docker-compose.yml index bd4346d..cc7f371 100644 --- a/ansible/services/poste-io/docker-compose.yml +++ b/ansible/services/poste-io/docker-compose.yml @@ -1,3 +1,4 @@ +--- # Poste.io - Self-hosted mail server # Host: nuremberg-a (100.117.235.28) # Data: /root/postio/data diff --git a/ansible/services/prometheus/prometheus.yml b/ansible/services/prometheus/prometheus.yml index e5dc8c3..e85a017 100644 --- a/ansible/services/prometheus/prometheus.yml +++ b/ansible/services/prometheus/prometheus.yml @@ -1,3 +1,4 @@ +--- # Prometheus configuration — extracted from london-a (FreeBSD) # Config file location on london-a: /usr/local/etc/prometheus.yml # Prometheus runs as: /usr/local/bin/prometheus --config.file=/usr/local/etc/prometheus.yml @@ -10,12 +11,9 @@ global: alerting: alertmanagers: - static_configs: - - targets: - # - alertmanager:9093 + - targets: [] -rule_files: - # - "first_rules.yml" - # - "second_rules.yml" +rule_files: [] scrape_configs: - job_name: "prometheus" diff --git a/ansible/services/slskd/docker-compose.yml b/ansible/services/slskd/docker-compose.yml index c6dc9d9..2fe8d0b 100644 --- a/ansible/services/slskd/docker-compose.yml +++ b/ansible/services/slskd/docker-compose.yml @@ -1,3 +1,4 @@ +--- # slskd - Soulseek client (web UI) # Host: london-b (100.84.65.101) # Data: /root/slskd (app), /hdd/music/slskd (downloads) diff --git a/ansible/services/smartctl-exporter/docker-compose.yml b/ansible/services/smartctl-exporter/docker-compose.yml index d83c9ec..657f18e 100644 --- a/ansible/services/smartctl-exporter/docker-compose.yml +++ b/ansible/services/smartctl-exporter/docker-compose.yml @@ -1,3 +1,4 @@ +--- # smartctl-exporter - SMART disk metrics for Prometheus # Host: london-b (100.84.65.101) # Access: http://london-b:9633/metrics