ansible/homelab
1
0
Fork 0
Code Issues 33 Pull Requests Projects 1 Releases Wiki Activity

Compare commits

base: ansible:main
Branches Tags
ansible:main
..
compare: ansible:d7515a1ff525624625cb75060e688605c7fba5d8
Branches Tags
ansible:main

7 Commits
main ... d7515a1ff5

Author SHA1 Message Date
Lukáš Kucharczyk
d7515a1ff5 Merge branch 'main' into feat/better-ssl 2021-05-14 20:48:41 +00:00
Lukáš Kucharczyk
47dd3267f5 Put cert generation behind variable 2021-05-14 22:47:44 +02:00
Lukáš Kucharczyk
17161c39ca Add nginx snippets from Nginx Proxy Manager 2021-05-14 22:47:11 +02:00
Lukáš Kucharczyk
979027e192 Change certificate paths in nginx.conf 2021-05-14 22:46:41 +02:00
Lukáš Kucharczyk
f1f28a80f1 Change how certificates are installed 2021-05-14 22:45:51 +02:00
Lukáš Kucharczyk
8ae8a88684 Move certificates to roles/nginx/files for now 2021-05-14 22:44:18 +02:00
Lukáš Kucharczyk
f7a618a10a Add new certs 2021-05-14 00:08:26 +02:00
44 changed files with 143 additions and 935 deletions
Expand all files Collapse all files

12
.editorconfig
View File

@ -1,12 +0,0 @@
# EditorConfig is awesome: https://EditorConfig.org
# top-most EditorConfig file
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = false
insert_final_newline = false

1
.gitignore vendored
View File

@ -1 +1,2 @@
docker-data/
.vagrant

8
README.adoc
View File

@ -12,14 +12,8 @@ homelab.
=== Containers
* Authelia
* Jellyfin
* Keycloak
* NGINX
* OpenLDAP
* Portainer
* PostgreSQL
* Radarr
* Jellyfin
=== Testing
To run locally, specify the inventory file with `-i hosts`.

2
Vagrantfile vendored
View File

@ -12,7 +12,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
ansible.become = true
ansible.compatibility_mode = "2.0"
ansible.playbook = "playbook.yml"
ansible.raw_arguments = Shellwords.shellsplit(ENV['ANSIBLE_ARGS']) if ENV['ANSIBLE_ARGS']
ansible.raw_arguments = ["--extra-vars=ansible_python_interpreter=/usr/bin/python3"]
end
end

4
certs/ovh.ini Normal file
View File

@ -0,0 +1,4 @@
dns_ovh_endpoint = ovh-eu
dns_ovh_application_key = 1r7GONhtM6izlpzD
dns_ovh_application_secret = 8DrggXJadF6xfQfwnjMaAb6E7kkSa41L
dns_ovh_consumer_key = IEh7TN82OdYcBghcxieDYbDVJyzuWby1

7
group_vars/all
View File

@ -13,9 +13,4 @@ pgid: "1000"
tz: "Europe/Prague"
media:
tv: "{{ data_folder }}/media/tv"
movies: "{{ data_folder }}/media/movies"
downloads:
nzb: "{{ data_folder }}/downloads/nzb"
torrent: "{{ data_folder }}/downloads/torrent"
torrent_blackhole: "{{ data_folder }}/downloads/blackhole"
music: "{{ data_folder }}/downloads/music"
movies: "{{ data_folder }}/media/movies"

9
playbook.yml
View File

@ -3,13 +3,4 @@
roles:
- docker
- nginx
- openldap
- portainer
- jellyfin
- postgres
- authelia
- keycloak
- radarr
vars_files:
- vault/certs/{{ base_domain }}.yml
- vault/passwords.yml

2
provision.sh
View File

@ -1,2 +0,0 @@
#!/bin/env fish
ANSIBLE_VAULT_PASSWORD_FILE=(pass show ansible-homelab | psub) vagrant provision

39
roles/authelia/tasks/main.yml
View File

@ -1,39 +0,0 @@
- name: ensure directories exist
file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- "{{ data_folder }}/authelia"
- name: copy configuration.yml
template:
src: "configuration.yml.j2"
dest: "{{ data_folder }}/authelia/configuration.yml"
mode: "755"
- name: run container
docker_container:
name: "authelia"
image: "authelia/authelia"
ports:
- "9091:9091"
networks:
- name: external
- name: openldap
volumes:
- "{{ data_folder }}/authelia:/config"
- name: copy nginx endpoint conf
template:
src: "authelia-endpoint.conf.j2"
dest: "{{ data_folder }}/nginx/snippets/authelia-endpoint.conf"
mode: "755"
- name: copy nginx auth conf
template:
src: "authelia-auth.conf.j2"
dest: "{{ data_folder }}/nginx/snippets/authelia-auth.conf"
mode: "755"
- name: copy nginx conf
template:
src: "authelia.conf.j2"
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
mode: "755"
notify: reload nginx

11
roles/authelia/templates/authelia-auth.conf.j2
View File

@ -1,11 +0,0 @@
auth_request /authelia/api/verify;
auth_request_set $target_url $scheme://$http_host$request_uri;
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
error_page 401 =302 https://$http_host/authelia/?rd=$target_url;

47
roles/authelia/templates/authelia-endpoint.conf.j2
View File

@ -1,47 +0,0 @@
location ^~ /authelia {
include /etc/nginx/snippets/proxy.conf;
set $upstream_authelia authelia;
proxy_pass http://$upstream_authelia:9091;
}
location = /authelia/api/verify {
internal;
if ($request_uri ~ [^a-zA-Z0-9_+-=\!@$%&*?~.:#'\;\(\)\[\]]) {
return 401;
}
set $upstream_authelia authelia;
proxy_pass_request_body off;
proxy_pass http://$upstream_authelia:9091;
proxy_set_header Content-Length "";
# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# [REQUIRED] Needed by Authelia to check authorizations of the resource.
# Provide either X-Original-URL and X-Forwarded-Proto or
# X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
# Those headers will be used by Authelia to deduce the target url of the user.
# Basic Proxy Config
client_body_buffer_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 4 32k;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
}

16
roles/authelia/templates/authelia.conf.j2
View File

@ -1,16 +0,0 @@
server {
server_name auth.{{ base_domain }};
listen 80;
return 301 https://$server_name$request_uri;
}
server {
server_name auth.{{ base_domain }};
listen 443 ssl http2;
location / {
include /etc/nginx/snippets/proxy.conf;
set $upstream_authelia http://authelia:9091; # This example assumes a Docker deployment
proxy_pass $upstream_authelia;
}
}

71
roles/authelia/templates/configuration.yml.j2
View File

@ -1,71 +0,0 @@
host: 0.0.0.0
port: 9091
server:
read_buffer_size: 4096
write_buffer_size: 4096
path: "authelia"
log_level: debug
jwt_secret: somethingsomethingrandomrecret
default_redirection_url: https://{{ base_domain }}
authentication_backend:
disable_reset_password: false
ldap:
implementation: custom
url: ldap://openldap
start_tls: false
tls:
server_name: openldap
skip_verify: false
minimum_version: TLS1.2
base_dn: dc=kucharczyk,dc=xyz
username_attribute: uid
users_filter: ({username_attribute}={input})
groups_filter: (member={dn})
mail_attribute: mail
user: cn=admin,dc=kucharczyk,dc=xyz
password: {{ vault_openldap_admin_password }}
access_control:
default_policy: deny
networks:
- name: local
networks:
- 192.168.0.0/24
rules:
- domain: "*.{{ base_domain }}"
networks:
- local
policy: bypass
- domain: portainer.{{ base_domain }}
policy: one_factor
- domain: keycloak.{{ base_domain }}
policy: one_factor
- domain: radarr.{{ base_domain }}
policy: two_factor
session:
name: authelia_session
secret: somerandomsecret
expiration: 1h
inactivity: 5m
remember_me_duration: 1M
domain: {{ base_domain }}
regulation:
max_retries: 3
find_time: 2m
ban_time: 99y
storage:
local:
path: /config/db.sqlite3
notifier:
disable_startup_check: false
smtp:
username: kucharczyk.lukas@gmail.com
password: {{ vault_email_gmail_password }}
host: smtp.gmail.com
port: 587
sender: kucharczyk.lukas@gmail.com
subject: "[Authelia] {title}"
startup_check_address: test@authelia.com
disable_require_tls: false
tls:
skip_verify: false
minimum_version: TLS1.2

6
roles/docker/tasks/main.yml
View File

@ -3,9 +3,6 @@
name:
- docker
- python-pip
- neovim
- fish
- curlie
state: present
update_cache: true
- name: start
@ -15,9 +12,8 @@
- name: add user to group
user:
name: lukas
groups: docker,wheel
groups: docker
append: true
shell: /usr/bin/fish
- name: install python docker
pip:
name:

3
roles/jellyfin/tasks/main.yml
View File

@ -12,7 +12,7 @@
name: 'jellyfin'
image: linuxserver/jellyfin
networks:
- name: external
- name: nginx-internal
volumes:
- "{{ data_folder }}/jellyfin:/config"
- "{{ media.tv }}:/data/tv"
@ -29,6 +29,7 @@
devices:
- /dev/dri:/dev/dri
state: started
restart: yes
- name: copy jellyfin nginx config
template:
src: jellyfin.conf.j2

3
roles/jellyfin/templates/jellyfin.conf.j2
View File

@ -1,7 +1,6 @@
server {
server_name "jellyfin.{{ base_domain }}";
listen 80;
return 301 https://$server_name$request_uri;
return 301 https://$host$request_uri;
}
server {

26
roles/keycloak/tasks/main.yml
View File

@ -1,26 +0,0 @@
- name: run container
docker_container:
name: "keycloak"
image: "quay.io/keycloak/keycloak"
ports:
- "8080:8080"
networks:
- name: external
- name: postgres
- name: openldap
env:
"KEYCLOAK_USER": "{{ vault_keycloak_user }}"
"KEYCLOAK_PASSWORD": "{{ vault_keycloak_password }}"
"DB_VENDOR": POSTGRES
"DB_ADDR": postgres
"DB_DATABASE": keycloak
"DB_USER": keycloak
"DB_SCHEMA": public
"DB_PASSWORD": "{{ vault_postgres_keycloak_user_password }}"
"PROXY_ADDRESS_FORWARDING": "true"
- name: copy nginx conf
template:
src: "keycloak.conf.j2"
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
mode: "755"
notify: reload nginx

30
roles/keycloak/templates/keycloak.conf.j2
View File

@ -1,30 +0,0 @@
server {
server_name "keycloak.{{ base_domain }}";
listen 80;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name "keycloak.{{ base_domain }}";
set $keycloak keycloak;
# Security/XSS Mitigation Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
include /etc/nginx/snippets/authelia-endpoint.conf;
location / {
proxy_pass http://$keycloak:8080;
include /etc/nginx/snippets/authelia-auth.conf;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_buffering off;
}
}

20
roles/nginx/files/dev.local.crt Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDNTCCAh0CFA+NVMwkGKvL8NbRd7waRkEHYcf/MA0GCSqGSIb3DQEBCwUAMFUx
CzAJBgNVBAYTAkNaMQ8wDQYDVQQHDAZQcmFndWUxEDAOBgNVBAMMB0hvbWVsYWIx
IzAhBgkqhkiG9w0BCQEWFGx1a2FzQGt1Y2hhcmN6eWsueHl6MB4XDTIxMDUxMzIy
MDA1NloXDTMxMDUxMTIyMDA1NlowWTELMAkGA1UEBhMCQ1oxDzANBgNVBAcMBlBy
YWd1ZTEUMBIGA1UEAwwLKi5kZXYubG9jYWwxIzAhBgkqhkiG9w0BCQEWFGx1a2Fz
QGt1Y2hhcmN6eWsueHl6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
0/jsQ6h6PodfYxTSAwUIY9+AXQ519Km4YNnxH5Ma3AjFH0asJyYR/CC6Zx4VOI1c
ZvelLHH/fonuLygSVc9zG5e3k62m6WHxZDDD0GidbmsgPMfPK5r1m9B2McbqWlVD
R0Y7FuGCQb0PqClJu86knw2kaYaFHrMVyBgZXAqXfEYIVJJ5SL8Yzo/lyoSHwlmk
lZ3LjnvlJ9IAOVpoWiuxmCzzEpGWQyve47HgyN5Q6Um8C0hgwj9fbA9L8Ns8PKt3
y+ypFJMO8gXsup4h7VhRz8KpqdBpo9ghMsvxTAUiPGkerUEjqiIFK2Iz1bZ8yL5d
/Gh0EM6ii2FSwsTpVzJ0xQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBjaFbfxfut
blYjPZ3mn1hbo3w5kqo9Ly7OLU4mCoK/DFzUBJbIj471B+7cK8hjmvzDUCQxRQWx
pBOBzOR4VSF4Z/xKKc1tWQJSC1r5JP0qmkYrmgIgLVi/gdZVYc7qLQbAlJhIOqD1
vQnXrBRqUm7J2ThqFdBuILvR20Pkoa2GnH3ufnQvdSs4WPWocR+fKYbx/DKjpAbU
GWg1HnL+7PiflV1HDAkc2kiNQy70/bxcQq1HvQRxjm5C15ojdVzyqPy+CwQo+JOd
IdueOS9mM6CQATnwQxK0XKkyH1yI9M83ahQbArwWTzejRWJQd0xYWdQgiEr4aWWV
DONUin6JUgVV
-----END CERTIFICATE-----

17
roles/nginx/files/dev.local.csr Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICnjCCAYYCAQAwWTELMAkGA1UEBhMCQ1oxDzANBgNVBAcMBlByYWd1ZTEUMBIG
A1UEAwwLKi5kZXYubG9jYWwxIzAhBgkqhkiG9w0BCQEWFGx1a2FzQGt1Y2hhcmN6
eWsueHl6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/jsQ6h6Podf
YxTSAwUIY9+AXQ519Km4YNnxH5Ma3AjFH0asJyYR/CC6Zx4VOI1cZvelLHH/fonu
LygSVc9zG5e3k62m6WHxZDDD0GidbmsgPMfPK5r1m9B2McbqWlVDR0Y7FuGCQb0P
qClJu86knw2kaYaFHrMVyBgZXAqXfEYIVJJ5SL8Yzo/lyoSHwlmklZ3LjnvlJ9IA
OVpoWiuxmCzzEpGWQyve47HgyN5Q6Um8C0hgwj9fbA9L8Ns8PKt3y+ypFJMO8gXs
up4h7VhRz8KpqdBpo9ghMsvxTAUiPGkerUEjqiIFK2Iz1bZ8yL5d/Gh0EM6ii2FS
wsTpVzJ0xQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAD9stDlWNlzkGFsTJc36
CfT7/qovjmxWGJLsuczU7oBwf6nwPuV0W3fUvl2tqz5Nnff4wOnKkRlrR54R0Obl
6KgebvwjACypYkFcL075qrdBpm52yiDWfE7ZOAU7tRCZ7DtMeEtSx/g/03bVp0n1
7rZm2eeiXB/m7VqabxK1eRwnDktXGuRWpRK7OpQQ0UuKSTlRsI8o4N4r0af8DInP
C3mWATJ56dsWaVhW1fBvSFAjrdho1vPadyC2Lb71MyM1H8IQSW8pQlyvAOlw+JVE
iEaTYt7miCODHzKSMv73Or2XGYMEFtoLDot3B+rBQun8TQwujDrMA7KU25NcgfQ+
d+Y=
-----END CERTIFICATE REQUEST-----

28
roles/nginx/files/dev.local.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDT+OxDqHo+h19j
FNIDBQhj34BdDnX0qbhg2fEfkxrcCMUfRqwnJhH8ILpnHhU4jVxm96Uscf9+ie4v
KBJVz3Mbl7eTrabpYfFkMMPQaJ1uayA8x88rmvWb0HYxxupaVUNHRjsW4YJBvQ+o
KUm7zqSfDaRphoUesxXIGBlcCpd8RghUknlIvxjOj+XKhIfCWaSVncuOe+Un0gA5
WmhaK7GYLPMSkZZDK97jseDI3lDpSbwLSGDCP19sD0vw2zw8q3fL7KkUkw7yBey6
niHtWFHPwqmp0Gmj2CEyy/FMBSI8aR6tQSOqIgUrYjPVtnzIvl38aHQQzqKLYVLC
xOlXMnTFAgMBAAECggEBAMuHAOPdyrJrLM1n2lYH6QxsN0YicmOe6mgkGv8kMe//
g7YKF5XnWfFqQ1BrdBi+snAzbCcGtjj7mvUwVpqJ+44M2Lk1TURdRHfc0sczC6ZP
ub5iY6sMuLMJL9OPmMlvgI/ZATdxA663J2dhbWikezA02x5viTX24f0kFoVnrhgl
LYSVOVOl94vk1jByJVtJeusd5JwF6JZ6Ws8My7Fzh3hHMepcB5uVfYr20O7FZHEX
DAlVN7MSh7nM0a4WsZPg5S5KLMZlhTyqosRwx9n5Y08S8BRYMLNyetRICDe6MIn9
cJllAR/W51WsvmH/LHmLTRA6eC4rxO744z0DDpGuc6kCgYEA+44eS79TCRG6zQjo
Jt2VMcdUpqTwcXWwllpZh071SV3wMQTlzRwAM8QdPga5O0qYe/UBVxx4dh5MinpN
TnGP+4sBlME2Q8iUml5jNU8Fwuo1XZWkdrTmeJl/DyJ2iqokPyJSp/iFhFWuNhJS
eNgmu7gvLPMhQjdfTDsom4OSAt8CgYEA17fBltxcWmQV6XxkVbVLnrdesvGv8zGg
VIod02wW39G0WR5FEffu+TEOcsdkQGqH9gCUkyEomGzZKGDmzCu+PpLjb1KIBkf+
8tt4o4Za91XgOm79m2sP5qczwXqUOsgRZBNPTDrbwIA4Y4pMYoxwx4aQF9DLl0Vt
jqNhHtn2ANsCgYA0LcSG/cahiPXwdbqB5VB/JNOgRXJCdqEMbu1HLc+fSkb6RAPO
ydIY6sMODKL7c3uxqp5+jT9HcP17c+b5MIEnMiw/yNwSr1ZztsRpWFzfk2lCYjnd
DaUIuv4qC4H/PU+LcPkoMlqvmn4qZR6KRnuyUIAomL37WDUCQPspVt9AjQKBgQDB
1euNbLtLuc16vXzHCx5FIw5kCwqIo5om/OiqFuFDAwNkZO+5oqjIoA0UlBiATXmY
UpMu1cfNl1lWkCQzaEcNoR3e5TE3O7Bad12iytKolzDiMOOPqRdjsfCutT/Gxgni
e/twSx81jcGdqCLVFs8sarzFuaeHaSp11lcpyr7jqwKBgQDWL0Dx6/ybyma/NcWD
liF6OMkxwvA58c7eoG2pOSENxMhe5rA9uzaYj0jjLCEIwF5X5uI5vsnnl1vKtfA4
YAly4qve/lhCqM9YvRi1l2Oi5aeZLqVKF8tA81k5kK/O7dKjHvq8hLIipcQ2Esfy
3X+EPcWIxFSX64m5+Ib+cch6hg==
-----END PRIVATE KEY-----

28
roles/nginx/files/rootca.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAH/nCewvHL6pP
tGUyUwVBiL6T3er0mS4rM6ifoQxEGb1EsURyngik0I1IaPn9ciI09JnUdXpKnMS3
/jhHlkibD93datDPHEdPTdw1TZmQLcJyWW5MQ52/DMKDokCzWdQNENEL7I9A8GUD
V1Rl8E3G/uKHAzj2ULI1S+MwY+5URF3MLABmxFEfWcIBNef42wQ67hx74WlwOVVK
GNTVyd6EkRXDXu/YoMnZUdWOUxk6Bo9eKALOiVoTDtJOgubs5LT8MmhIosI6SqDM
lPq7huLLPD09egDrQqU13LfOG/+N7LXwsTcQXNV6irzMgNTE7vsWDyO+q8m4J1BU
sMWHnOpxAgMBAAECggEAD6SK2WLbWqRu4X52ntpTmzpfCfsPnkq6j5ntKNIcBY9y
8ZzdTdfALGsula62bARW9KjVvY6zHlAVVEXGn02FK9rm3ZhM2BAdXj+gplZjInIX
WugdKuh2d4+6Zq1XR0MRGN89phLktwzbrKH3pTUjoAgwuX1xrdx0JhK/tLjuNr4W
CBtmz2X6lzKeD9S7PHu33Tqseg1GCfQYBKyDrCOgWBq8/V0eoAQB3g4t3ZIfzAYN
Ft4BEB3prNBgLhuea43DRNcUnIu2k9/LzLTpGJE8oqM55yUEULdWIvRQJHEDfah2
1YiDCzzd3CCYgk6CjRaEihL+WPJfohKzDghnrhVp4QKBgQDw6CTWcm6S7/+eO6qP
PnyFPK/1ajCwc1KsVEjiS2OQ9WMK6d8pfA9o6lCjlRcu8kCO6CXQS8vXwg7G3PBY
7ndMUoyTD5X32uG/VXY1LxYtCdrjKWsnZP/cuTtcodaG/Sp+5Pa1eO00cG6ckCQr
FU8BLqeLhOSjlFinvoEVqPFriwKBgQDMKW2xTeqQpbLuTgvGcFglhTiyjGzIwtf7
Du0ZqF7LpzY95CUBOL9YZBBcAzarCnemzDeMy7aDuIesVP0JPGdTC2f4W/X++WUO
7CXJH7Xt/ULQLXDwRyQiMCKNCCNQtpDfP/Uzf6Ts/F3rIYre3NzscTbUradD3RMd
OqyIyzwxcwKBgBGhK3D2Ftlx7sbpnuW0sPAfLNFM4BtJlTc/Q8YrtjGZg5H843Pp
vEb1Psl506R/3fGXU40WvugfL22mJYCckuZm9Bqe/V6SCgsyeeASfhD1s6sEEO9l
GMRSWeHBhi2CwWVf5B4Lp3A6+h1C/yKYAJwZifFP3FuMM6Cy9Eddga1ZAoGBAKCR
SKM0y3F90E8Z9KrZ+olv0FqklH4Et8bNQ251fDChTsi4YN4oGl1TPYaQRHOa5OW7
IUlLgjzwaUwA/40/A2hNxTSQZtVkobVtxn36waPuFpkR1Aw1d1aoEtRmfRfirefX
LmqVTknQZbEijUyf2eTfWadE+BMokPrhBYcEiE+/AoGBANdhUebsG0AGYvM2SuHy
UQFmwamIzSUdBPXvNDALoCOi/9t0ySakxmBOyaUFY6k1WOW/fvBJ4eTGdlIUO6Ee
v1vMxpjLb8Z5H19qK/qSu1Q4PI70q0uThaWFFQ4Hhadb1m1vfxZ7u/jqx3rxCVqD
dw4+Bq5YpiLXR11wW29gx6dx
-----END PRIVATE KEY-----

21
roles/nginx/files/rootca.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIUYUlmu4VunV3uvnrMuV9MOXRJmjowDQYJKoZIhvcNAQEL
BQAwVTELMAkGA1UEBhMCQ1oxDzANBgNVBAcMBlByYWd1ZTEQMA4GA1UEAwwHSG9t
ZWxhYjEjMCEGCSqGSIb3DQEJARYUbHVrYXNAa3VjaGFyY3p5ay54eXowHhcNMjEw
NTEzMjIwMDU1WhcNMzEwNTExMjIwMDU1WjBVMQswCQYDVQQGEwJDWjEPMA0GA1UE
BwwGUHJhZ3VlMRAwDgYDVQQDDAdIb21lbGFiMSMwIQYJKoZIhvcNAQkBFhRsdWth
c0BrdWNoYXJjenlrLnh5ejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMAf+cJ7C8cvqk+0ZTJTBUGIvpPd6vSZLiszqJ+hDEQZvUSxRHKeCKTQjUho+f1y
IjT0mdR1ekqcxLf+OEeWSJsP3d1q0M8cR09N3DVNmZAtwnJZbkxDnb8MwoOiQLNZ
1A0Q0Qvsj0DwZQNXVGXwTcb+4ocDOPZQsjVL4zBj7lREXcwsAGbEUR9ZwgE15/jb
BDruHHvhaXA5VUoY1NXJ3oSRFcNe79igydlR1Y5TGToGj14oAs6JWhMO0k6C5uzk
tPwyaEiiwjpKoMyU+ruG4ss8PT16AOtCpTXct84b/43stfCxNxBc1XqKvMyA1MTu
+xYPI76rybgnUFSwxYec6nECAwEAAaNTMFEwHQYDVR0OBBYEFMIPcuQ9X1fX4grD
O+mb1PipZfPYMB8GA1UdIwQYMBaAFMIPcuQ9X1fX4grDO+mb1PipZfPYMA8GA1Ud
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHKHCIGmFygvzyXENSbzFcwI
vSLkB/pb3NLXIcFtFI2hu3NdXkf2Lf/YdSTeXz0TS9M4EyDouVg4rKrGfgQCXwpd
FK05b9x2MBrKm1sLMr8gofYvKYlRzF+Fedr/d1S9ze/FE2UbMuzjc70vjRpKd8yN
nRATyJdicWUqhZZC2TB2ko3G6vzoUxIHQH7PPHjpJW1kYspio/+ohYSmh9rpqeSG
MHYyBsjSbEJJOdkaWWxc+OWhLuhfD4lZlmmzyVBBQ0HQ/shztPaWYogHVpU9yAEW
kasPGcwXxrpIaQo06U5qmmDbwfUadljfaOicMuu4Rv2xQPGvdNy49uYdSERlKpQ=
-----END CERTIFICATE-----

1
roles/nginx/files/rootca.srl Normal file
View File

@ -0,0 +1 @@
0F8D54CC2418ABCBF0D6D177BC1A46410761C7FF

25
roles/nginx/files/snippets/block-exploits.conf
View File

@ -134,28 +134,3 @@ if ($http_user_agent ~ "GrabNet") {
if ($block_user_agents = 1) {
return 403;
}
# # read more here http://tautt.com/best-nginx-configuration-for-security/
# # don't send the nginx version number in error pages and Server header
# server_tokens off;
# # config to don't allow the browser to render the page inside an frame or iframe
# # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
# add_header X-Frame-Options SAMEORIGIN;
# # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# # to disable content-type sniffing on some browsers.
# # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
# # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
# # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
# # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
# add_header X-Content-Type-Options nosniff;
# # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
# # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
# # this particular website if it was disabled by the user.
# # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
# add_header X-XSS-Protection "1; mode=block";

8
roles/nginx/files/snippets/cache-assets.conf
View File

@ -28,10 +28,4 @@ location ~* ^.*\.(css|js|jpe?g|gif|png|woff|eot|ttf|svg|ico|css\.map|js\.map)$ {
access_log off;
include conf.d/include/proxy.conf;
}
# location ~* \.(?:ico|css|js|gif|jpe?g|png|svg|eot|ttf|woff|woff2)$ {
# expires 30d;
# add_header Pragma public;
# add_header Cache-Control "public";
# }
}

10
roles/nginx/files/snippets/gzip.conf
View File

@ -1,10 +0,0 @@
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types application/javascript text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;

20
roles/nginx/files/snippets/ssl-ciphers.conf
View File

@ -6,22 +6,4 @@ ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'EECDH+AESGCM:AES256+EECDH:AES256+EDH:EDH+AESGCM:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-
ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AE
S128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES';
ssl_prefer_server_ciphers on;
# # from https://mozilla.github.io/server-side-tls/ssl-config-generator/
# ssl_session_timeout 1d;
# ssl_session_tickets off;
# # modern configuration. tweak to your needs.
# ssl_protocols TLSv1.2;
# ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# ssl_prefer_server_ciphers on;
# # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
# add_header Strict-Transport-Security max-age=15768000;
# # OCSP Stapling ---
# # fetch OCSP records from URL in ssl_certificate and cache them
# ssl_stapling on;
# ssl_stapling_verify on;
ssl_prefer_server_ciphers on;

14
roles/nginx/tasks/main.yml
View File

@ -14,11 +14,11 @@
- name: generate self-signed certs
import_tasks: self-signed.yml
when: self_signed
- name: create external bridge network
- name: create nginx bridge network
docker_network:
name: external
name: nginx-internal
attachable: true
internal: false
internal: true
state: present
- name: copy nginx.conf
template:
@ -31,13 +31,14 @@
dest: "{{ data_folder }}/nginx/snippets/{{ item | basename | regex_replace('.j2$', '') }}"
mode: '0755'
with_fileglob:
- "../templates/snippets/*.conf.j2"
- "../templates/snippets/*.conf"
- name: run container
docker_container:
name: 'nginx'
image: nginx
networks:
- name: external
- name: bridge
- name: nginx-internal
volumes:
- "{{ data_folder }}/nginx/conf.d:/etc/nginx/conf.d"
- "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
@ -52,4 +53,5 @@
env:
NGINX_HOST: "{{ base_domain }}"
NGINX_PORT: '80'
state: started
state: started
restart: yes

14
roles/nginx/tasks/self-signed.yml
View File

@ -30,13 +30,11 @@
-days 3650 \
-sha256
when: generate_cert.wildcard
- name: copy wildcard certificate and key from vault
- name: copy wildcard certificate and key
copy:
content: "{{ item.content }}"
dest: "{{ data_folder }}/nginx/{{ item.name }}"
owner: root
group: root
src: "{{ item }}"
dest: "{{ data_folder }}/nginx/{{ item }}"
mode: '0700'
with_items:
- "{{ certificates }}"
no_log: true
loop:
- "{{ base_domain }}.crt"
- "{{ base_domain }}.key"

2
roles/nginx/templates/nginx.conf.j2
View File

@ -13,8 +13,6 @@ events {
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_subrequest on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '

36
roles/nginx/templates/snippets/proxy.conf.j2
View File

@ -1,36 +0,0 @@
client_body_buffer_size 128k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;
# Basic Proxy Config
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 172.17.0.0/16;
set_real_ip_from 172.18.0.0/16;
set_real_ip_from 172.19.0.0/16;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

32
roles/openldap/tasks/main.yml
View File

@ -1,32 +0,0 @@
- name: ensure directories exist
file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- "{{ data_folder }}/openldap"
- "{{ data_folder }}/openldap/data"
- name: create network
docker_network:
name: openldap
attachable: true
internal: true
state: present
- name: run container
docker_container:
name: "openldap"
image: osixia/openldap
hostname: openldap
networks:
- name: openldap
ports:
- "389:389"
- "636:636"
volumes:
- "{{ data_folder }}/openldap/data:/var/lib/ldap"
env:
LDAP_ORGANISATION: "Homelab"
LDAP_DOMAIN: "kucharczyk.xyz"
LDAP_ADMIN_PASSWORD: "{{ vault_openldap_admin_password }}"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
state: started

19
roles/portainer/tasks/main.yml
View File

@ -1,19 +0,0 @@
- name: run container
docker_container:
name: 'portainer'
image: portainer/portainer-ce
networks:
- name: external
- name: openldap
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
ports:
- "8000:8000"
- "9000:9000"
state: started
- name: copy nginx conf
template:
src: portainer.conf.j2
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
mode: "755"
notify: reload nginx

20
roles/portainer/templates/portainer.conf.j2
View File

@ -1,20 +0,0 @@
server {
server_name portainer.{{ base_domain }};
listen 80;
return 301 https://$server_name$request_uri;
}
server {
server_name portainer.{{ base_domain }};
listen 443 ssl http2;
include /etc/nginx/snippets/authelia-endpoint.conf;
location / {
include /etc/nginx/snippets/proxy.conf;
include /etc/nginx/snippets/authelia-auth.conf;
set $upstream http://portainer:9000; # This example assumes a Docker deployment
proxy_pass $upstream;
}
}

36
roles/postgres/tasks/main.yml
View File

@ -1,36 +0,0 @@
- name: install psycopg2
pip:
name: psycopg2-binary
state: present
- name: ensure directories exist
file:
path: "{{ item }}"
state: directory
mode: "0755"
loop:
- "{{ data_folder }}/postgres/data"
- "{{ data_folder }}/postgres/init"
- name: copy init sql files
template:
src: "{{ item }}"
dest: "{{ data_folder }}/postgres/init/{{ item | basename | regex_replace('.j2$', '') }}"
with_fileglob:
- "../templates/*.sql.j2"
- name: create network
docker_network:
name: postgres
attachable: true
internal: true
state: present
- name: run container
docker_container:
name: "postgres"
image: "postgres:13"
networks:
- name: postgres
volumes:
- "{{ data_folder }}/postgres/data:/var/lib/postgresql/data"
- "{{ data_folder }}/postgres/init:/docker-entrypoint-initdb.d"
env:
POSTGRES_PASSWORD: "{{ vault_postgres_password }}"
state: started

3
roles/postgres/templates/keycloak.sql.j2
View File

@ -1,3 +0,0 @@
CREATE USER keycloak WITH PASSWORD '{{ vault_postgres_keycloak_user_password }}';
CREATE DATABASE keycloak;
GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;

34
roles/radarr/tasks/main.yml
View File

@ -1,34 +0,0 @@
- name: ensure directories exist
file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- "{{ data_folder }}/radarr"
- "{{ media.tv }}"
- "{{ media.movies }}"
- "{{ downloads.nzb }}"
- name: run container
docker_container:
name: "{{ role_name }}"
image: "linuxserver/radarr"
networks:
- name: external
env:
"TZ": "{{ tz }}"
"PUID": "{{ puid }}"
"PGID": "{{ pgid }}"
"UMASK": "022"
volumes:
- "{{ data_folder }}/radarr:/config"
- "{{ downloads.nzb }}:/downloads"
- "{{ media.movies }}:/movies"
ports:
- "7878:7878"
state: started
- name: copy nginx conf
template:
src: "{{ role_name }}.conf.j2"
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
mode: "755"
notify: reload nginx

20
roles/radarr/templates/radarr.conf.j2
View File

@ -1,20 +0,0 @@
server {
server_name {{ role_name }}.{{ base_domain }};
listen 80;
return 301 https://$server_name$request_uri;
}
server {
server_name {{ role_name }}.{{ base_domain }};
listen 443 ssl http2;
include /etc/nginx/snippets/authelia-endpoint.conf;
location / {
include /etc/nginx/snippets/proxy.conf;
include /etc/nginx/snippets/authelia-auth.conf;
set $upstream http://{{ role_name }}:7878;
proxy_pass $upstream;
}
}

2
show-pass.sh
View File

@ -1,2 +0,0 @@
#!/bin/env fish
ansible-vault view --vault-password-file (pass show ansible-homelab | psub) vault/passwords.yml

14
vault/api/ovh.ini
View File

@ -1,14 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
37326661663464363539306262656364616362666463323939653338633432373336663632313534
6237663533353434333962303363383733653139313563320a313235666463346635616334366165
65396231613730353939646561393462316234313839616532383862343436353038326636333462
6465663562646131630a366233633739613663643330346139643363633937633737313865313666
33666134653031323439663063326539613431643530303161613937393031353066323561633765
33343331316535613462663135633565343762333631346663626264663530626461336564313761
64373336396534363663306139326564616236616134616463363730656633343763626562616562
30326138623464306663663738393736313761616237363537633935366334363636393132323738
30336430313965653930663965316561326639633063336238323137316330356439623239346561
32333865366339373838323364323530633465383131316431363365633264333637353062646561
33356261633934363266656562316464643136633062363162383238633263636363623332623337
63643835373031643731656634646566376533666662386336343034633235303061613033373364
33346537366135396363356530633732306464653239356661633463316164653164

169
vault/certs/dev.local.yml
View File

@ -1,169 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
38336334376563396233646135353633346463616233373137313438653832636265333439316432
6231626239633464333936613964306466336538346436650a343561633630356235663936616139
38623538663762623861313531333163326631616263663536323834353763376436656332663439
3532636463333538620a313565336133333139656563393932336134393036343935613366643664
62636164316463616164393333313939653533303866313061666234363234663561353037306331
30613865323764643966633030343732343137353765313831636235346236326534353961376133
66353962383133666131323638336438393630313039383735363738386237356434373939303835
62326533633633663339366165353539386133663438653961313063613966386565333866623866
65626133626331666232363138613864616235383235383837396233313465363562613462393031
35363238343838626163373066643037623532306132653562303034323138376139356361626338
30333539323464306130393835343865336233613266346230333138666233666164303063363061
62393234306337396539626338373532636237636663653635643031383566646338613963626134
37666165383739323866633131643135633734383737613265383036643761633662336639336563
38346465336166363837323436633264626634663064623562343863326234613937613766333037
63303863616366366134663862653238323863323466313137353465613735393639393863616633
35326161353739343064666665363435386437336633336366646537613831326235353261613937
37636165313463616134663439353665373665313037323736383361323433613838633464633433
34656238363265656161633433323832316434353232386337373030303637316531326236666334
65396466386261376235396666383664313834636365623834626436343064373535363662613737
64663762663935376639393039376531656435343261396539613334386131623732396366633766
30393465666661326166663164343862643237666361616332643332653765316435646261663166
66343361363761336530326334613066623032666165663063643662636337363439663237303365
65393238356634643538313266396661626338633261373935343631346261633638373837313630
66336266376165393566376138346435303564613837346238653562353661643531353436303138
33613036643062626135663933323266666539656265616565313432626262656437613038373236
34636236303433333030313836636361366238333363363664613062663333623734626639643137
38336166613733323038626536353234643133333130323037373435303264346164356534323633
34663564643065656263343731643537303231333766313363396331336564373663656233323462
36333836636132393761623638343635326630633665336161376363376231386536366232333163
33633462306135333939663231343834616637336261663463646137313165326239623439386262
39356136633265333539383636333437636539396164323932643865653137616330346163643365
62303866643062376134336666613161653238383863346465643638313436316463353538303738
36383164353938373439653136666436356439613031356332656161643664626263313864666635
32623164313362643232323536663666323037636261313135653533343136333362613631623637
39383366383166343139653132653863333865313733656330616232633133353238333434333338
36396132343931303230303164333632336331336130326137313832653735666331363563373264
36663562663461616237363863656337646239396539666533336466623962333765323864626432
35613764326331623533353138626265656663366136373463646235623566643466373666383936
39333463396537323831653865316435396262336666333362343363356238386564313638613337
63613438353264383863643265616566333262323934646131613764326265653434613361346663
39643734393162383261393030653061356330653738626666613932663061396665623138316538
36343831303166303739643635333466623062396561653433623065616533346261666162636231
39663865383638363430316236336266323238306366346638376266393939346536373236653662
64636265336632336462653463346364373761373234333961376464386438333561646133363733
32633830663532393131613262636361386163376539356439623966666665656265666539336639
39646433626334663862393138613666393137303739313936353938613137653666636235643131
61663632383862323632393361336263366235396239346566663761653735396661343663376435
62656534323463393531386637623366316466633433633933363564393435633361323437613036
32363531303465373537353237313438346534626165363564353639666134396263393333313934
63313463643834343633343231386537376566303539633536333235336161386631356531323866
36643934643337363865386631643931303038353462333035363537356539646665383365333766
63663139396366643834623232306365376633363332626336303661326237383736336365323763
66316530343133636230636234616665353939663332316364613362343261393934626264383732
32613363316632643332333065653766646464633066316433656430366330653365626466336230
34356433623030383662663564306533646563306337346535353065666239336661343033356635
64636231343636386432316662626538633066656261326465363438333064373534376637316333
31396364336234663832303261366639313132343663666530343136363434333662383733336530
66396563616166333633623363383963383432663630356431323132626336633630343066313735
31666462386163636334386131616261616531366463366362663133633065633234306536343431
31376630393035373034633463336463303132326563646330623830626564613433323866643362
34323436356366643661323563333564353863373035336565613739636562363736636530653139
31663931616230313436323230336461336637613539653165343664663165303364633464313939
63333131613366626234656235393463343534343864363463616634633533623730306536343964
34383030303535393737386163346531623333393162666161626162616137343832383835376262
34663437353930393135306433663566396636333430363334306631646663326234373331376138
34366661626635636330353835323430343635343833363037663139646233356165643265333466
39633437393963626666653236656535316432613739336431653864353739313461663536636230
34353034333831396235323365613036323537386662373435653362326538343262643637373164
64323665373035383735613563623537653832643733393037653038626437636563326138653962
64343734343630663837363239393836623565663634323437616233636438656662323932323465
38613038636138656634346533393864613862623939633961623337623533643162613631353962
34633063346361653132343036636638323230383564393734386531313562383132633637656362
31636162393337656533656538643437306136336436393634366562343637313465356634616164
39333535373561653362366338656132623137343038646333363563343864653330316133306635
32643263346136643766663236613132653465363461656331613237623765323961343966306633
63323866623836663231373464643863326562636539313238646536636131626564366438646462
66333139393062643434356366363565336564373865386163303737653336396434316663346364
39656339336366663437393130373535626566303133316333363764346536333865393865346231
61633939323537343863373731343539386237346332323932633837333762383864326163333164
34373138663763313163303065353031653164316536653635376664346434643064633439663635
32313464373532336263393565333236303833383533346566346565393730383636633063393566
64396565323961653532616166383637323437373062663436333433346635363630313865633632
33316462323433643235666166363538383964356462376663336165663035353938306134626665
31313638363461393865396233613264366661616161653730616366353566393131616438316637
39333362666666313964383730363230336565333938623931346664376631373133633862656565
64316336643564396661333066356235336265613832316362613033616661366334613261313862
63613031356561346334626666343966633633356464313465666464366332633134323731323336
31386131373835326439643230343630386331346230383937653739613734323430343538653635
62383563393334333331383032323138386632363164633236643562313239393034313033346331
62643433363331653564346163623261616463633761366538393532393563386130636330396131
36393231303937303332363135623230373164636165323637303561343366373930333465353939
33643533323363333738663634336361393837396164353936306361313532383963326133316166
64636337353234353632373835326165663162356461646133323832393130343966316139383338
33363238636532376534303163653732366134343366616235313838363034356531303930633661
65383337636532633165323961373234386237313764633839363962616135663437653764646230
66393739383135326332393038343561343538333735643932316361633936363338353066363537
36336635343936346134636464323164643639313765383534643865663333383136666163383138
62313738646538303338343132383536386436353265613735336663373366626566343636626562
65373463396238616230396165356335633231623834633735623763316264613231323930363566
38633833666661333535613461643035326131663862313335366231396666303861353739653039
65306533343130316134346362386236363735363334376161313064343961623466356334323938
63303738303831366463396165393062663633303031663461643563613364323463323561613930
39633663326165333033326631326233333833646164333033386366343839376664613830623532
30333733646432393763633563376135626535643961666362383962366464363132353564383735
37393365396464646430343038656430363931663835393463326561666138303730383864666364
35646339346630393761323839613131316464646465376635656335393361366365353064336133
36326462633637393236323065383436383330653662623036346465333663626239313264373466
64396262393565373738623233363665636264666330386337313732363466353766623562613864
35393665383937656533643062373261633462363064656134663132373532373632623332383530
65303739393834323266323062623663333034633132366439393862326134323630323563353935
64396464633438643262653664323238366130643461376133646238656463373531333137323662
38633532623766336431323331303135616432306362323937633535373031623265616139663133
34313962353434343139656336643064333961383531353461303035616532623862643864323737
61333866386165336537313065366661313439643430623164633361646666393337626436333564
35393564653866333339376462316338333237303663616466643235366633376564323832643238
64393735323131653131626235366438343032326461616137326634353731303162656135653162
62313639346366326534313432353731396161383764616431313266643639666432363931353930
35363834353361343566313631636439376265356231623637323063333265653236616330346662
36346564626638643832623436356332663536623533366539656264363936646362323262323561
31386639636430623963663730663664626639303532653465636132663834383362633938353432
65393062393933613963623864303339613638643261323033623364343266626231623566623734
36373331333266356332616131376463613766623365393439613033616262306361366534356534
31393366313263666564356330616566326336663730323262663463666238376538663037303663
32623964373535663838656538306561376130343736623336316266393361343161643335303834
37353338333265316632393263613032373164323064646632363664643335666530303465646237
33666338306631313465323661656533363734633366383337396132646561663461356138356665
34663735323132653139646633323766336566346164316331626637663532643266666630383837
64343736633765383239656633633466336633333332626436373363353138393733623339356433
66323031316663666134303464326264653762306634326638636135646636333734396362306239
62303037323639616531343364336632396465346631616536366636363838313164316637656638
62653834393636303766386636323131383039613436666131373163353463393665393338333366
31323734633337343330313136356665326139356433343230386437636538386636663037633936
61333466376564666364336563653334306665336634336363653962386135353961343030623865
39346138386135656338326632373734333933666237343764303963363536323032653938303338
37326132393036323532666163666235303635363936343265326333613561643938353061663035
31356431343664383164363065316164643166653934386436633262323836303230303133636530
37376437393364393435393535363563333936323866623434353161343965343630333363633564
35656666316262636438323839613731356362623638323033306137633530326164643165303333
34353537663830333538653438333365333332643039666433653961646339643365333566626235
37313166313734353661326362306265396639326565326533323632633832353339613362626465
65383539346566396261346166336436343939363339663462366262306434366266633664303264
33383731313934353161333465643861663038313833663163336261626537623130653564336433
63646131383464633937643838636364303165373361353738383736323035306666343766613866
33336663643634633266653337653761636231346338383938613534656361653963323861343161
62623538643834383734326335653839306531353065393961303536363137303031356636626664
32376163353662346539653064643265663236333031316430633930333066623837386235663164
32366430383531366230393830393463396435373036383135643535376330643635373531366263
33653934633066613838333864633762323364356461313465616664376532323338393432323763
62306537376436363337666134626238323436333137616333633332653638356561316531353735
39306534316138623363383566636439376233316635346230386337633565383639336164393137
38623738656132336433303730326135643265333261363132363261303538353236623433326233
30666632336261383930376536346530666662666237653136646138316566353532366433343338
32303961316433396330336333363835313964383863646337333137343062303630326237653931
38633862643431306638643535316632326432613763396437636661333664363733376532656239
31353736646232633961383661303036336135323061386263383364306366616137646535316662
31393036356132643337623964643734666662613632323437316565626237306630633765636436
65303435363665643135343863626663613836313866363837393134306332373036323063623662
37386138623262633133303334373037663539613462666436373031366165343261393835306465
35313733633735653466633263333936383939663264386264613566646632643133393661633061
31353634646366393236666230346262353633633233633231666638643131663862323061656338
30346361633531656332303235383837643436386362623065323963353565653163346131616665
35313232396230336333396361336533623738383035353963373264613132663861393062303732
32633738616339343035306532313735343936313339396564353432346132353036653765646337
64666663363663653631323061333735623063383639613531633464653635333630343031326535
65353330356438656235346137353662323938636262363434336633336431633064316238396534
35373439643764303361306164653934616632353339313633623866366436666161316231336262
63383131383939326666613439323662663730313632336235363338643537313938313439326166
66396638633235633062

169
vault/certs/rootca.yml
View File

@ -1,169 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
34323366343164353236363233636338666233613462643461333533323138353263336535396562
6561666233663865653236666634343532613164343734340a393138646130313638663037393163
35623231636337393563373764363863313739306562336634633864323831393834626139396230
6665393538376334300a326137643930376664643336623661363438613465383439313065333332
37633063643537323431346363643063366366373336353966363561653862343739656265316632
38323639613638356461343931323736643138346434353737323065613738613465323163346234
62363062376532366134303634636632333663646563353362373565313038313030356265303739
36643739386535376236643337643639373762323162336461363833353266356433643034636664
61353634333930373039373965356664663438313461333363613739336139313461306637323865
65343137636266653535626132326265383530393566376564613961336237363939343166336435
64646164353831363262633964316136326439356666386232623937383265306232646663633930
37643565396532356536666536613539393163303561356635393133376265363236643666666531
35343363373036646132393135373265393739366563326533386435323064333731616666353762
34623132353538653338633565653463343761333433363434653364386634633166326535666238
30383035623862633164323133643266363039383962383937623964373131616536353135636436
38313130393438616664666333363265343830626461663362616266656630376238623466366235
65633164306234663037336639363264643235393866623266303039633862356466663161623162
37363034396232306361626166306266313639663130666265653931616638356530653462663365
34383763303035323838653366626265623861316430356330646533663561653663636265666431
30383264623065326132313039306562343336636264333461323763316135326166383833653036
39313565366136376666336263356565663235653535613933633866393737313835303231336164
32373862356432653065626534396538393830643033366336366533643535663762303266353062
64613733323662666634333839393066346566393037353463313166343436623464376236303732
38386438316431633535346431376632386532316263393638653466343032343935323232666364
61343266363838303132356636643939383262633133633833393565323637373161616434613538
30306664663137643538326162626562316462313338623861623030343339623564666138646332
66363238396162383736333738323263626461623732376661653633643033366363396536623130
30366362373134613134663839343731343338353564643130323833613433326237653065313739
61313933616562323933303037363162316462316530336461636335626563336364646234623733
65353733313138333235663735343534383831613264396162663166306530633031326662303836
66666138363363323939616234313232653261323766666333393230313231663832383038366166
37353065646337373761643332633731613532663736326234653731613266333963303539336431
37613030326235653066653636666666393030633033633737333632346538363634363631613830
38393463623533653835336533393732653533633232363062613438336639643063343533363732
32323432303730636461323564343036353766616635643735393732376132646633393865383234
61663535326563643966313536393237663832333562323065346362326433303731303962383634
62396137633733313639373030383038643939393130613734333138633166376364353766376266
38313130643435353230326238636566656661396438393333323364623338633739646364376261
62613865393264636234326635376638613234613163613530386665346632366566313162373931
34386135386434333935666636643365323337393931616231323938653233353138356335656533
62643637306631613731373233616132613338333362633632663839373032303733303632393163
35383034336132653636626162326638323662613961366262366432626165623063373738313835
63386463356233353461346433643234306264313866356131303938326638313835313264323465
30623162643632633032343932356531343838333435656238336139633836663639396566353937
38663733393335393031373336373864323666326333633330343237393266346662303762663664
32393931666236623633383236633661636266386430616130343530313831376131306130376339
64656133366637366235386263616635303835666132373331643861663730336266343562303434
61306632323839383230313235616366383365383739343761653736636338323535373834366133
37336539666562316362303931373630633564343565613361326366303131643235393565303833
35616134373532383236316530663662393637326364663263646265356636316466343637313066
35613230646638393338363262653936336365376565643238613665386531316565666539653065
35336436666464333762336264363766303662343062313038613739653733613239336238613739
36646439343666616161633431333532623833366639343430383761323137326136653734363236
65613763303361306434393132653362333939386630643037643139323031306565373430316636
39343635336135616335353534323531633561333539306566393765633034613864306262393333
62376134336338386237653865656338393232613230303138366133636331663337646563616237
39376465343738613638633237353666643538353761376164623031336637316436653336303864
31326230333333363162653561643933383730303565336166333933616432656466363463636438
66323030323631323936393938353030383266353364643730353261646461613362623733646638
32396466396330386331303733363837366530343036303731313763653036323866636139356161
31343462383539613766633261633662653135656337333538646637346431353366396339313032
33376165623866396236386461323936653164663537303630623238353963633435613733316235
63383563366637343037363361326661373236323231363061656534376434663833663164633938
34326231393864363665613839663038653735313637653833643239663963303233363465643664
37663361343765623735376538306538393061373530343032356637333834613966616236333639
66636237313539643964653230353832373433656465343064666631616237353139653962663435
31653966313235643438323135326435313664366238373537643665346535636534363661326561
33613737306136663936613132656631643932383862356263616132373239356533366537396536
38626462316664383631353262313735343163343435366164636535366163633561616664383737
32663934343830613132633664613965663064383165313933343638626639663764393933333138
31613962323035316133393265643936393933366233363431343766653732656636323334353539
36343465343362623734383337343366613539653465623834653833356464343235333734633136
37363932343865623333626531663965396236616130656232306564323763636535353466393731
32306563643566306566643936396230353933626136386634646430343533623932356632343538
36313563663032363237643538313161313038396566313535663062353833393565303332613336
61316461623139343664663833633662333463366266363635316434363434633362633230616539
32613237306330326463353933393964373366346137633431353266346237623838316134326430
62323039636334326261346137333138656366663666656664363537616639663039356433643166
37633135353738303239653839393163643962656565393836386434393835643231333966366261
38366265393238333934653736373530636663663961386339656164663865633337386262393963
39376637316134623665636436393032613361316630656266303838626661376438633337626366
65346235313432316665336331643033373061333734323538613433323566613162633835353434
62316161306663656433326339316632643762616239336239656135343166633635353238636538
33643035333534346439343637623764396361343565313833393865353537643539643161336530
63343637633133653563353739656434323834613938323466313835616463393734313739333530
30333736363432613139343734626564323838353932313830313536353534323538353465643730
38343963373862336530326337366634353261363531393637356361623030366562313564386133
34373735613337636664386534666537336338636233636461653330623464376630663437303631
30623861363934353661363764313265363233356665653261313262356461353439333030393936
62663039376562656161666663333461363330376333653631326539306633633330356338346232
34353261376163613831633832613532366230363533643434326134373439653433643839386439
34663962353433633532636239373136306435343461623936653661383037623236363265393264
37366132343366326537393138636366303865316630663938333730373938636531303537323666
34343833323631353131353763326265313363643661646632353261643636646666336631346163
66303031663663643736623837373061363063626662343435333865313930663662616332333337
39303138353033366338343735346137613731373938343464363362613934663761356232643730
64393434316131613630343431643933666433306335316335646131326664376264366562306530
62393062303661633231663639383231353034303237633338333730316666353135383033623934
34393135666438316232623537666335633933373766376363623736613037393034613538343539
36356237396464636464323633623436636266366238386564633635386663666535623631666333
32343464326237623862363833356135666562333061663931323064623762326463376266373266
66356433613962646332653135363437616466633136303630623738316531373639376238366238
61383966613134393366653663313435616232646164613737376664613433653761366534316338
34623436613139393137346563343333313766343662653138663135633564633034323665653065
62613636343138396236353936363763366631656661626536313338326534353237626537626135
33643131303331353430393665376531343136656234326161333535373536396465616561363561
35633266383962313030323966336530663865386263653538303661386163333336376534393565
66386539373432616431393935643563653332663464306230366163376231636666313863663164
35653230363836393834663839303961386561303535333964353631383966366263653136623634
36643339633566663330363830353436303063366162393666663634643830613461336133373832
38303061663131393162393066343837373130373631643062396466336635306336393631653762
34363432383031353662343862333034393136616262333334373364376339613865633731393961
65396566643535663666633836313935343439303335353731333639653135326264663935333133
36363264653639353639313264353531303766383138353464313036613735656632343233663937
38623962363566336661366566633766663938323366383865643637323961613935633636333165
65323039353739343137336537633033383464346535623461653163353662383831323961393336
66376463316265663164326531653261353038653665356339366465653262393963346361323634
38303962313461613066393730323237626163666461326464326664656530316230633830336130
31353632306432626361626437396236666361376666356439393862373033326635303332323030
38613762356137353737373136353563623038376430653338643030363533333263666233626536
38616637376335663230396365633833653765366532356532353265366665393238663333303439
65616161646566613161386438333736373061626234376632373534656638623535313064653436
36623665323931396533643932303036613366613465633866346261363835306634306639333865
32626466376131333132353661313265636237623534326166663034336136393566306332363964
39626365306438383531326138663264363438366335333161373135646632333962626233616562
61303464363131663963633433386331663433316638356138313836663165323230323364363666
65386564326531393966656235666536376532376437643431393130313537633566386239383066
61383631363436303664383134633530303331666666653439373530643330643438613336326639
34666239373161396264643066333932643231663864373439343934613534306462363830353363
34303832663130613262613736316665663234366438376233353663316565373833623062373839
33643963666662313264616234643833333732353331623939343633643737313761626235363731
32346561333931626630376165666135376434613333636337343336306564666565356538363938
61313233643431623139313366383931343566323162333264653537393736336132643936656136
30336563376531353065613638333237623664343331393765616665333139643735396265383334
62613039386537373364643065323734663564393066646164363038313237313865396663363231
34623833373937656138303337633438343531303366623838653465316330373362626234376532
61663963393639323766376238633566326231666561366163663039326632623662363539326533
34353161633236306663653066326534666631633332363237326635663132343333373332613035
62313961323734323537353964633135616530613931333462323339626537346538363338343632
38336666643634373434623833633863306534363831346161653835393638333436393034613963
37343731663664373462633037396262643562623334396237393330356365353230366631323334
62663435656362333136666432303766623931623464656133636633363165653933653165623435
66303539383634346466373965353733623637663862393730363865636363303733613165623965
64663663376232656230326632306536623531343564663933343265303339313632623965383839
32653236633332666166386437326336343731333335626430663763373833343036343961393764
39646337356266613734323963366465316238636131633663326332613931633236386333666631
66643138653235643833663664306533373066386136663862646634643934653562383530306565
32613037313633646365366535303632363638363764336664306361333037313431393831333333
34326635626233373737313064643834393734356265333535393830646535356235646266303463
34656430316434346339333762666432393736653566346332303636313963646338326333343962
66613563636363373164633666366332373735373533396233623165623965393432663534313835
63393436343765383332316635643465383163623833343931363034393830646164346532333039
64313136613133383762333961313234613431663933383565636237656636393939623765633735
36333037313561393633346661356634353035623265326136356661653830343135323138616664
39353563323736363062363233396461303337346131626333353863383638373337656634366662
65336230336236313234626266366235663032386561646238343430613034646465393434643636
32376464316162306134616639343232346638333734333464306432626138653436616134333163
36366665653965393433663237343361363430396563363730626330653736316530326265366366
65653733663663306137303632353336663437363834653231653166386533323762653136333664
30626661353637613365643137643462346632306133353363393962376638353865383562633338
36323833636431613837356331313336613065663162356266323964303635303464663630303730
66303933633533376239336331326637656231646236656636613164333365326132306161396363
38646136623762326537353664333139333661393230363363303231613864383337613635316561
38623536633264383864636334333334353533653565646435396635306232353137656432656163
31633264383731303437656131386236653137633735333362643938313461336530666235623230
38623333653961383762623131613732366633353732323635306261623561353535343438303465
36323833393261313766326161623930313335353237343632653736383435336264363238336262
64666136393230323937

19
vault/passwords.yml
View File

@ -1,19 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
35356537316639386637316365393533643061363734323630393363313237643935666639653963
3734376266353938653631323266663139306335646635660a373233663964623335663366333434
34386136656530386639646234316238326132616131616632346537613963636637393839613661
6366326639643632320a386436316165343166366134633464393461653434323934326238313430
39323439306637306134326635323138616337646336653238636539643538613664303764303661
39636661353538393532663937396363656664613334383261336664336237356366663334633430
36356235383930653835393439373737623036613565313131626462363034303062323662663832
66613833613336646633383835653161386363386136663764653734313763383231626434393864
63313061346335383933623630396336336561633938613237643238616531343766613734666132
32306362616131396266656162653563356137383239616464306662643032623438373764306361
32363133626662633435626232653061373831626563323861626635383039613136303632613335
61363265316534653033393763646565393330633063323634353932353936303638356433306362
65383938306637333765383263653939633964613230613835326630313761323561376162646439
62323035323634323766393233326363383364653531306432663263303831623936616139306639
64303863386265343165666435363761653464386366636366323261353731643263356635383536
66326666616339653731633530663161363933383334376238313637356331663431336433643338
64313861306161373538363332663363623131303561373237326436373838393965306663333835
3764356534323963303832653964666431626538316361613137