diff options
author | Jakob Odersky <jakob@odersky.com> | 2017-12-03 23:59:59 -0800 |
---|---|---|
committer | Jakob Odersky <jakob@odersky.com> | 2017-12-04 00:00:13 -0800 |
commit | c780b908f539b8042881a87007859797e0d6bdc4 (patch) | |
tree | 02884c584909811de36a32ba0968ae3aafc28f23 | |
parent | df6be44d67e29d73b0f226985c2c7b6ec989c224 (diff) | |
download | metamorphic-c780b908f539b8042881a87007859797e0d6bdc4.tar.gz metamorphic-c780b908f539b8042881a87007859797e0d6bdc4.tar.bz2 metamorphic-c780b908f539b8042881a87007859797e0d6bdc4.zip |
Remove incomplete roles
25 files changed, 1 insertions, 1187 deletions
diff --git a/ansible.cfg b/ansible.cfg deleted file mode 100644 index 29a3719..0000000 --- a/ansible.cfg +++ /dev/null @@ -1,346 +0,0 @@ -# config file for ansible -- http://ansible.com/ -# ============================================== - -# nearly all parameters can be overridden in ansible-playbook -# or with command line flags. ansible will read ANSIBLE_CONFIG, -# ansible.cfg in the current working directory, .ansible.cfg in -# the home directory or /etc/ansible/ansible.cfg, whichever it -# finds first - -[defaults] - -# some basic default values... - -#inventory = /etc/ansible/hosts -#library = /usr/share/my_modules/ -#remote_tmp = $HOME/.ansible/tmp -#local_tmp = $HOME/.ansible/tmp -#forks = 5 -#poll_interval = 15 -#sudo_user = root -#ask_sudo_pass = True -#ask_pass = True -#transport = smart -#remote_port = 22 -#module_lang = C -#module_set_locale = True - -# plays will gather facts by default, which contain information about -# the remote system. -# -# smart - gather by default, but don't regather if already gathered -# implicit - gather by default, turn off with gather_facts: False -# explicit - do not gather by default, must say gather_facts: True -#gathering = implicit - -# by default retrieve all facts subsets -# all - gather all subsets -# network - gather min and network facts -# hardware - gather hardware facts (longest facts to retrieve) -# virtual - gather min and virtual facts -# facter - import facts from facter -# ohai - import facts from ohai -# You can combine them using comma (ex: network,virtual) -# You can negate them using ! (ex: !hardware,!facter,!ohai) -# A minimal set of facts is always gathered. -#gather_subset = all - -# additional paths to search for roles in, colon separated -#roles_path = /etc/ansible/roles - -# uncomment this to disable SSH key host checking -#host_key_checking = False - -# change the default callback -#stdout_callback = skippy -# enable additional callbacks -#callback_whitelist = timer, mail - -# Determine whether includes in tasks and handlers are "static" by -# default. As of 2.0, includes are dynamic by default. Setting these -# values to True will make includes behave more like they did in the -# 1.x versions. -#task_includes_static = True -#handler_includes_static = True - -# change this for alternative sudo implementations -#sudo_exe = sudo - -# What flags to pass to sudo -# WARNING: leaving out the defaults might create unexpected behaviours -#sudo_flags = -H -S -n - -# SSH timeout -#timeout = 10 - -# default user to use for playbooks if user is not specified -# (/usr/bin/ansible will use current user as default) -#remote_user = root - -# logging is off by default unless this path is defined -# if so defined, consider logrotate -#log_path = /var/log/ansible.log - -# default module name for /usr/bin/ansible -#module_name = command - -# use this shell for commands executed under sudo -# you may need to change this to bin/bash in rare instances -# if sudo is constrained -#executable = /bin/sh - -# if inventory variables overlap, does the higher precedence one win -# or are hash values merged together? The default is 'replace' but -# this can also be set to 'merge'. -#hash_behaviour = replace - -# by default, variables from roles will be visible in the global variable -# scope. To prevent this, the following option can be enabled, and only -# tasks and handlers within the role will see the variables there -#private_role_vars = yes - -# list any Jinja2 extensions to enable here: -#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n - -# if set, always use this private key file for authentication, same as -# if passing --private-key to ansible or ansible-playbook -#private_key_file = /path/to/file - -# If set, configures the path to the Vault password file as an alternative to -# specifying --vault-password-file on the command line. -#vault_password_file = ~/.vault.py - -# format of string {{ ansible_managed }} available within Jinja2 -# templates indicates to users editing templates files will be replaced. -# replacing {file}, {host} and {uid} and strftime codes with proper values. -#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} -# This short version is better used in templates as it won't flag the file as changed every run. -#ansible_managed = Ansible managed: {file} on {host} - -# by default, ansible-playbook will display "Skipping [host]" if it determines a task -# should not be run on a host. Set this to "False" if you don't want to see these "Skipping" -# messages. NOTE: the task header will still be shown regardless of whether or not the -# task is skipped. -#display_skipped_hosts = True - -# by default, if a task in a playbook does not include a name: field then -# ansible-playbook will construct a header that includes the task's action but -# not the task's args. This is a security feature because ansible cannot know -# if the *module* considers an argument to be no_log at the time that the -# header is printed. If your environment doesn't have a problem securing -# stdout from ansible-playbook (or you have manually specified no_log in your -# playbook on all of the tasks where you have secret information) then you can -# safely set this to True to get more informative messages. -#display_args_to_stdout = False - -# by default (as of 1.3), Ansible will raise errors when attempting to dereference -# Jinja2 variables that are not set in templates or action lines. Uncomment this line -# to revert the behavior to pre-1.3. -#error_on_undefined_vars = False - -# by default (as of 1.6), Ansible may display warnings based on the configuration of the -# system running ansible itself. This may include warnings about 3rd party packages or -# other conditions that should be resolved if possible. -# to disable these warnings, set the following value to False: -#system_warnings = True - -# by default (as of 1.4), Ansible may display deprecation warnings for language -# features that should no longer be used and will be removed in future versions. -# to disable these warnings, set the following value to False: -#deprecation_warnings = True - -# (as of 1.8), Ansible can optionally warn when usage of the shell and -# command module appear to be simplified by using a default Ansible module -# instead. These warnings can be silenced by adjusting the following -# setting or adding warn=yes or warn=no to the end of the command line -# parameter string. This will for example suggest using the git module -# instead of shelling out to the git command. -# command_warnings = False - - -# set plugin path directories here, separate with colons -#action_plugins = /usr/share/ansible/plugins/action -#callback_plugins = /usr/share/ansible/plugins/callback -#connection_plugins = /usr/share/ansible/plugins/connection -#lookup_plugins = /usr/share/ansible/plugins/lookup -#vars_plugins = /usr/share/ansible/plugins/vars -#filter_plugins = /usr/share/ansible/plugins/filter -#test_plugins = /usr/share/ansible/plugins/test -#strategy_plugins = /usr/share/ansible/plugins/strategy - -# by default callbacks are not loaded for /bin/ansible, enable this if you -# want, for example, a notification or logging callback to also apply to -# /bin/ansible runs -#bin_ansible_callbacks = False - - -# don't like cows? that's unfortunate. -# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 -#nocows = 1 - -# set which cowsay stencil you'd like to use by default. When set to 'random', -# a random stencil will be selected for each task. The selection will be filtered -# against the `cow_whitelist` option below. -#cow_selection = default -#cow_selection = random - -# when using the 'random' option for cowsay, stencils will be restricted to this list. -# it should be formatted as a comma-separated list with no spaces between names. -# NOTE: line continuations here are for formatting purposes only, as the INI parser -# in python does not support them. -#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\ -# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\ -# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www - -# don't like colors either? -# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 -#nocolor = 1 - -# if set to a persistent type (not 'memory', for example 'redis') fact values -# from previous runs in Ansible will be stored. This may be useful when -# wanting to use, for example, IP information from one group of servers -# without having to talk to them in the same playbook run to get their -# current IP information. -#fact_caching = memory - - -# retry files -# When a playbook fails by default a .retry file will be created in ~/ -# You can disable this feature by setting retry_files_enabled to False -# and you can change the location of the files by setting retry_files_save_path - -#retry_files_enabled = False -#retry_files_save_path = ~/.ansible-retry - -# squash actions -# Ansible can optimise actions that call modules with list parameters -# when looping. Instead of calling the module once per with_ item, the -# module is called once with all items at once. Currently this only works -# under limited circumstances, and only with parameters named 'name'. -#squash_actions = apk,apt,dnf,package,pacman,pkgng,yum,zypper - -# prevents logging of task data, off by default -#no_log = False - -# prevents logging of tasks, but only on the targets, data is still logged on the master/controller -#no_target_syslog = False - -# controls whether Ansible will raise an error or warning if a task has no -# choice but to create world readable temporary files to execute a module on -# the remote machine. This option is False by default for security. Users may -# turn this on to have behaviour more like Ansible prior to 2.1.x. See -# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user -# for more secure ways to fix this than enabling this option. -#allow_world_readable_tmpfiles = False - -# controls the compression level of variables sent to -# worker processes. At the default of 0, no compression -# is used. This value must be an integer from 0 to 9. -#var_compression_level = 9 - -# controls what compression method is used for new-style ansible modules when -# they are sent to the remote system. The compression types depend on having -# support compiled into both the controller's python and the client's python. -# The names should match with the python Zipfile compression types: -# * ZIP_STORED (no compression. available everywhere) -# * ZIP_DEFLATED (uses zlib, the default) -# These values may be set per host via the ansible_module_compression inventory -# variable -#module_compression = 'ZIP_DEFLATED' - -# This controls the cutoff point (in bytes) on --diff for files -# set to 0 for unlimited (RAM may suffer!). -#max_diff_size = 1048576 - -[privilege_escalation] -#become=True -#become_method=sudo -#become_user=root -#become_ask_pass=False - -[paramiko_connection] - -# uncomment this line to cause the paramiko connection plugin to not record new host -# keys encountered. Increases performance on new host additions. Setting works independently of the -# host key checking setting above. -#record_host_keys=False - -# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this -# line to disable this behaviour. -#pty=False - -[ssh_connection] - -# ssh arguments to use -# Leaving off ControlPersist will result in poor performance, so use -# paramiko on older platforms rather than removing it -#ssh_args = -o ControlMaster=auto -o ControlPersist=60s - -# The path to use for the ControlPath sockets. This defaults to -# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with -# very long hostnames or very long path names (caused by long user names or -# deeply nested home directories) this can exceed the character limit on -# file socket names (108 characters for most platforms). In that case, you -# may wish to shorten the string below. -# -# Example: -# control_path = %(directory)s/%%h-%%r -#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r - -# Enabling pipelining reduces the number of SSH operations required to -# execute a module on the remote server. This can result in a significant -# performance improvement when enabled, however when using "sudo:" you must -# first disable 'requiretty' in /etc/sudoers -# -# By default, this option is disabled to preserve compatibility with -# sudoers configurations that have requiretty (the default on many distros). -# -pipelining = True - -# if True, make ansible use scp if the connection type is ssh -# (default is sftp) -#scp_if_ssh = True - -# if False, sftp will not use batch mode to transfer files. This may cause some -# types of file transfer failures impossible to catch however, and should -# only be disabled if your sftp version has problems with batch mode -#sftp_batch_mode = False - -[accelerate] -#accelerate_port = 5099 -#accelerate_timeout = 30 -#accelerate_connect_timeout = 5.0 - -# The daemon timeout is measured in minutes. This time is measured -# from the last activity to the accelerate daemon. -#accelerate_daemon_timeout = 30 - -# If set to yes, accelerate_multi_key will allow multiple -# private keys to be uploaded to it, though each user must -# have access to the system via SSH to add a new key. The default -# is "no". -#accelerate_multi_key = yes - -[selinux] -# file systems that require special treatment when dealing with security context -# the default behaviour that copies the existing context or uses the user default -# needs to be changed to use the file system dependent context. -#special_context_filesystems=nfs,vboxsf,fuse,ramfs - -# Set this to yes to allow libvirt_lxc connections to work without SELinux. -#libvirt_lxc_noseclabel = yes - -[colors] -#highlight = white -#verbose = blue -#warn = bright purple -#error = red -#debug = dark gray -#deprecate = purple -#skip = cyan -#unreachable = red -#ok = green -#changed = yellow -#diff_add = green -#diff_remove = red -#diff_lines = cyan diff --git a/roles/ddns.notyet/meta/main.yml b/roles/ddns.notyet/meta/main.yml deleted file mode 100644 index fdda41b..0000000 --- a/roles/ddns.notyet/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: common diff --git a/roles/ddns.notyet/tasks/main.yml b/roles/ddns.notyet/tasks/main.yml deleted file mode 100644 index 63caa0c..0000000 --- a/roles/ddns.notyet/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- include_vars: vars/vault.yml - -- name: install dns utilities - apt: name=dnsutils state=latest - -- name: install jq - apt: name=jq state=latest - -- name: schedule periodic updates of dns entry - template: src=update-dns.j2 dest=/etc/cron.daily/update-dns diff --git a/roles/ddns.notyet/templates/update-dns.j2 b/roles/ddns.notyet/templates/update-dns.j2 deleted file mode 100644 index 4d68666..0000000 --- a/roles/ddns.notyet/templates/update-dns.j2 +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -set -e - -api_email=jodersky@gmail.com -api_key={{ddns_api_key}} -zone_name={{ddns_zone}} -record_name={{ddns_record}} - -cf() { - curl \ - -sS \ - -H "X-Auth-Email: $api_email"\ - -H "X-Auth-Key: $api_key"\ - -H "Content-Type: application/json"\ - $@ -} - -external_ip=$(dig +short myip.opendns.com @resolver1.opendns.com) -zone_id=$(cf -X GET "https://api.cloudflare.com/client/v4/zones?name=$zone_name" | jq -r '.result[0].id') -record_id=$(cf -X GET "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records?name=$record_name" | jq -r '.result[0].id') - -cf -X PUT "https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id}" \ - --data {\"type\":\"A\",\"name\":\""$record_name"\",\"content\":\""$external_ip"\"} \ - || (echo "Error updating IP address." >&2 && exit 1) diff --git a/roles/ddns.notyet/vars/main.yml b/roles/ddns.notyet/vars/main.yml deleted file mode 100644 index 6128462..0000000 --- a/roles/ddns.notyet/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -ddns_api_key: "{{vault_ddns_api_key}}" diff --git a/roles/ddns.notyet/vars/vault.yml b/roles/ddns.notyet/vars/vault.yml deleted file mode 100644 index 77502f8..0000000 --- a/roles/ddns.notyet/vars/vault.yml +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -38333565623838383936376530366331383234626234346666623232643831333761376563666561 -3930343438613136656633656363633930623931626238330a656236633037303535663733383838 -33636566336164313365653766353931353739343562343435613130623739656432383831323466 -3039626461333738610a303632633562326133356635656234353334343764636236623238343262 -39623638376663643964623938626238626636313136636364633561346630303266303232363366 -33383361623532636165666433653964653937613038393132343762666131616338643230643734 -313734343834663538323038393337316635 diff --git a/roles/dl/files/dl.conf b/roles/dl/files/dl.conf deleted file mode 100644 index 43b96da..0000000 --- a/roles/dl/files/dl.conf +++ /dev/null @@ -1,17 +0,0 @@ -server { - server_name dl.crashbox.io; - listen 80; - listen 443; - - root /srv/dl; - - location /debian/mini-dinstall { - deny all; - return 403; - } - - location / { - try_files $uri $uri/ =404; - autoindex on; - } -} diff --git a/roles/dl/files/mini-dinstall.conf b/roles/dl/files/mini-dinstall.conf deleted file mode 100644 index 9ceca88..0000000 --- a/roles/dl/files/mini-dinstall.conf +++ /dev/null @@ -1,10 +0,0 @@ -[DEFAULT] -archivedir = /srv/dl/debian -archive_style = flat -incoming_permissions = 0770 -architecture = all,amd64,i386,armhf -generate_release = 1 -mail_to = root@localhost - -[internal] -release_label = Internal Packages
\ No newline at end of file diff --git a/roles/dl/files/mini-dinstall.service b/roles/dl/files/mini-dinstall.service deleted file mode 100644 index f543123..0000000 --- a/roles/dl/files/mini-dinstall.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=APT archive management - -[Service] -User=mini-dinstall -Group=mini-dinstall -Type=forking -ExecStart=/usr/bin/mini-dinstall -PIDFile=/srv/dl/debian/mini-dinstall/mini-dinstall.lock - -[Install] -WantedBy=multi-user.target
\ No newline at end of file diff --git a/roles/dl/meta/main.yml b/roles/dl/meta/main.yml deleted file mode 100644 index 8d74850..0000000 --- a/roles/dl/meta/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -dependencies: - - role: common - - role: webserver - - diff --git a/roles/dl/tasks/main.yml b/roles/dl/tasks/main.yml deleted file mode 100644 index a0dbd46..0000000 --- a/roles/dl/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- - -- name: nginx - configure dl - copy: src=dl.conf dest=/etc/nginx/sites-available/dl.conf - -- name: nginx - activate dl - file: - src=/etc/nginx/sites-available/dl.conf - dest=/etc/nginx/sites-enabled/dl.conf - state=link - -- name: add mini-dinstall user - command: adduser --system --disabled-password --disabled-login --home /var/empty --no-create-home --quiet --force-badname --group mini-dinstall - -- name: install mini-dinstall - apt: name=mini-dinstall state=latest - -- name: copy mini-dinstall config - copy: src=mini-dinstall.conf dest=/etc/mini-dinstall.conf - -- name: create mini-dinstall archive directory - file: path=/srv/dl/debian state=directory owner=mini-dinstall group=mini-dinstall mode=0755 - -- name: copy mini-dinstall service config - copy: src=mini-dinstall.service dest=/etc/systemd/system/mini-dinstall.service - -- name: enable and start mini-dinstall service - service: name=mini-dinstall enabled=yes state=started diff --git a/roles/openvpn/files/ca.crt b/roles/openvpn/files/ca.crt deleted file mode 100644 index dc24426..0000000 --- a/roles/openvpn/files/ca.crt +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFUDCCAzigAwIBAgIJALKknwe+743TMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV -BAMMFEpha29iIE9kZXJza3kgVlBOIENBMB4XDTE2MTIyNjE1NDYzOFoXDTI2MTIy -NDE1NDYzOFowHzEdMBsGA1UEAwwUSmFrb2IgT2RlcnNreSBWUE4gQ0EwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqQWgLTIUBuJm83VlWA0Mq6kpHGqjD -PICzlEHFjT6uliSQBeGDCBZ5VyZH3xM+KXsbibDHlWuBebrysv6Eepl64E2X9BnH -7OtCM1XaYxITB5bXLvA+YGAdklZC28Izv63elcV4HCD593T38txErGWJsK1OG78i -GKIAAlhWR9wjdGxF8YzQx1GNud1AoY8Xgi3W0cTaJc18yqaapnDNs3gRcNBSmrq/ -s5CsFG/vvz0+Njf1u79qyrQVUFLYJqFWwnqrSmj/ldVYCn2vlIExNvFy5EGQi90L -Y1jyDQYMVDIC1yLWJIlW6TGZi8qjc7MbRXqLs1SePJaYtfxMG8mGb605cZ5v3mTS -Mi3+nFe5OIqk8E8NsVl/s2oUGbYc3GMdGKUU68O6ihUwH9Gxj1ocSq4cKxyXHXPL -uErCFBu36FN/CoAgdOThPED84x9n8EklGxewJKvkHNos3zQoubEimzqw1e8hXH3Z -kxHG325W4PcaT6HK7t127wvWPNywsYa5A+cuQKnXq6NysQbEhcsHxMUmeBBEOfaH -KQmji/KQTQQPAW8GpRh/PIVY/fmKVu8tKgVhQPlURNVqU0o2Mi/xDtnhFiPmaTzt -2zOyWpl3WGZrHiX+cdHqInqSQAbBe1sjNqPDTNsTGxAEnmzYK2Ya0C1TIc2MFv/j -uQRaOTRApAxy4wIDAQABo4GOMIGLMB0GA1UdDgQWBBTOxv73DemHSrCYq3B1GcDc -NrBOKzBPBgNVHSMESDBGgBTOxv73DemHSrCYq3B1GcDcNrBOK6EjpCEwHzEdMBsG -A1UEAwwUSmFrb2IgT2RlcnNreSBWUE4gQ0GCCQCypJ8Hvu+N0zAMBgNVHRMEBTAD -AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAckRY9ueeSa3uafKX -PzNYqmwUVlIEYhQtG3vy0rqDQU3gcNYEkABXigquZatF46qOZ0pTN+8vGCksN3mZ -42/idtEfv0yxlZIbJRHBjYs6YZP1/rABAEtZSxIebw+cq1zdXnr98xWGAVWA3WJY -np8+Man2zeBEqU4dSJOr6wPSqpwJOFaYwI+PeHqcpHUd+PWsdFaWeOkk58oaS+1j -oVPSdEP+YgAZ7Pn/O6cF7ft7k1H6mQ6oUYJwKjN9/lsaFwKghicH3/iCizwwqZCw -sFxkGUMMFlN8EAuKu/44Tk3BegsJnkF6EB6ihesA5sF/Ymbx+nYPIlkwY6E7wG5W -+/jfj+CbQmZqbtXtwtx8zCVCmNuYGFlv5nq5TpmBn9Uxb1cN7YPp/ytDd4YkvJyc -MsTKU12PFs4+XKItW0PV4ipY+djZnN//sJYjcJPKS7UsxMLg7oV5ooQvV6NMkVUg -yP+dPS5NK3L63HT2s9VyRKV058Oc/J9Kcm9GG5faFo2EUxCIRwvVne/gIcEqxaRD -5s533dmhI4VgWVIOhY00Fg7M3Ee016oTiRbZmmu2rpemHwEYkrmS4HKi+JWSce3a -PjQXZHPsfk05V84Dr2aLS7giC7QYOg+iaoeXh61djFsGaX1jltPHH2HG4F6FJ1XC -eCb8J4mhiEuYryEJKAz+55wKgp8= ------END CERTIFICATE----- diff --git a/roles/openvpn/files/crl.pem b/roles/openvpn/files/crl.pem deleted file mode 100644 index cbcc529..0000000 --- a/roles/openvpn/files/crl.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN X509 CRL----- -MIIC0zCBvAIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRKYWtvYiBPZGVy -c2t5IFZQTiBDQRcNMTYxMjI2MTU1NTUzWhcNMTcwNjI0MTU1NTUzWjAUMBICAQIX -DTE2MTIyNjE1NTEyN1qgUzBRME8GA1UdIwRIMEaAFM7G/vcN6YdKsJircHUZwNw2 -sE4roSOkITAfMR0wGwYDVQQDDBRKYWtvYiBPZGVyc2t5IFZQTiBDQYIJALKknwe+ -743TMA0GCSqGSIb3DQEBCwUAA4ICAQA3NWbkDDKdaMBSMnX0pCOebHigtNwiBLa+ -7riMqu0W+lok/pnrYXIvssk36psXljv/9NZ/U3KE1TfSOXM84YKNgN9nPS1JFaMD -1bVJQ4WMlBO/onF1ELtAyIePhHm9ZQSNKa9i7hLep+PCZadvI8JIxZGNeKDHYv6x -xrs3yqyte0Lw3gRB8XjWXKJQPCmaYpRf/X1EdrHteZX78uTZX3ArbysyY1xpji98 -8r6AeYOQgR2hLmaa5mpgn9YCiN5VFherVexGubz7xRvIEvII8BcIk84tW08U9oCO -cyUsTxWeiDYd6WJY3BEjVSy0DRGHQMOhc84XSp4KMS9fQfdLpdXbpovf4mVhNuJQ -5H41ZZ7dwuVWEf0n3ma/EAVOQE6MD1vMaPedHBEwqRCNDXz6XkQPi6ar/uSi9YhX -Zyc/9DP/auQ5wgc6xkJptIB3DFKkW8yUHB7yEzhmWYuF8Z89Dtxsh9GV9e4s40v2 -ELrPm4Yf5UzeDQdl+ipkpjvL2Xs5+FRYtQIsTVGEnKcu0+fGHOd+bpRt909cpiNC -ToIgnskJpnBzGwlmCsAg3Mt8QB8GpKouIwyYRIDTSdzJnh9OUYHtqDC2MUZ+xgWF -YvqFMkMVQJ0g0X6f5BYukyicTNK/BJ++NySXov83Jb8xxQg771VxmJvWNx8plekZ -0oar1TLHJQ== ------END X509 CRL----- diff --git a/roles/openvpn/files/dh4096.pem b/roles/openvpn/files/dh4096.pem deleted file mode 100644 index 3fd26d4..0000000 --- a/roles/openvpn/files/dh4096.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIICCAKCAgEA8PC5fLB2y0AAFvUFwSoZCi/vgWVHKoHY34kU3NnCrmAHKVpvBGJ0 -g8Y4No6MHWyMGtgt7JGcnRRokzsgedtn02j69rqiwQWDS6WlU3gOYSRQAtrzU6L8 -1TYoAc5iux0M0rw9nV2XSLZSRGsLQQDDsiOb0fsZD05B3JytyjIGCgs3PiztdmCM -4BIFn2VqYj2vm9+wmwJ716JRVHgieU58pHIQrao4uSRCSVTNru8+1ACXgcFI/xGk -89hti0Ywh2sGKC+9+SZOKdZMXl8u7NhCo9dAQAjg1e6wAp/jjP0yUWnlhY87rVl/ -LNQnVSM7VmPMgUGy1ffdLd03b/MBG1to64ioSaNyq0VAuevBihQ7BZaZxuwuioWk -eTLv0dp1Zie2IihiY3/IONu8HvrqvZn8+Ml7m4icTPwQrqN9S0eMsyA09MuNI3MP -5F+fn2zyib3fxwPV7GeNjsCj+QywFGdmukThD7sT0Q7BLx2KhZaj6D76JZLz4H0S -cBkJGjK3/YcjZFHipaaFvvEdftO33o+CdWwKc3+TL1gn3TB5smZS4V5oO3SkoMOr -mowBd6CsFqdNASvoWZs29CgRHewtAmMfx4ZtlcFDffGLNzx1DO8VoCX0RGATEI/M -vlrYYchykZjEMqjS6PAxpeCSDLWqIkW9fy8qUJcebZ7Rml25vv4SeeMCAQI= ------END DH PARAMETERS----- diff --git a/roles/openvpn/files/server.conf b/roles/openvpn/files/server.conf deleted file mode 100644 index a30e72c..0000000 --- a/roles/openvpn/files/server.conf +++ /dev/null @@ -1,306 +0,0 @@ -################################################# -# Sample OpenVPN 2.0 config file for # -# multi-client server. # -# # -# This file is for the server side # -# of a many-clients <-> one-server # -# OpenVPN configuration. # -# # -# OpenVPN also supports # -# single-machine <-> single-machine # -# configurations (See the Examples page # -# on the web site for more info). # -# # -# This config should work on Windows # -# or Linux/BSD systems. Remember on # -# Windows to quote pathnames and use # -# double backslashes, e.g.: # -# "C:\\Program Files\\OpenVPN\\config\\foo.key" # -# # -# Comments are preceded with '#' or ';' # -################################################# - -# Which local IP address should OpenVPN -# listen on? (optional) -;local a.b.c.d - -# Which TCP/UDP port should OpenVPN listen on? -# If you want to run multiple OpenVPN instances -# on the same machine, use a different port -# number for each one. You will need to -# open up this port on your firewall. -port 1194 - -# TCP or UDP server? -;proto tcp -proto udp - -# "dev tun" will create a routed IP tunnel, -# "dev tap" will create an ethernet tunnel. -# Use "dev tap0" if you are ethernet bridging -# and have precreated a tap0 virtual interface -# and bridged it with your ethernet interface. -# If you want to control access policies -# over the VPN, you must create firewall -# rules for the the TUN/TAP interface. -# On non-Windows systems, you can give -# an explicit unit number, such as tun0. -# On Windows, use "dev-node" for this. -# On most systems, the VPN will not function -# unless you partially or fully disable -# the firewall for the TUN/TAP interface. -;dev tap -dev tun - -# Windows needs the TAP-Win32 adapter name -# from the Network Connections panel if you -# have more than one. On XP SP2 or higher, -# you may need to selectively disable the -# Windows firewall for the TAP adapter. -# Non-Windows systems usually don't need this. -;dev-node MyTap - -# SSL/TLS root certificate (ca), certificate -# (cert), and private key (key). Each client -# and the server must have their own cert and -# key file. The server and all clients will -# use the same ca file. -# -# See the "easy-rsa" directory for a series -# of scripts for generating RSA certificates -# and private keys. Remember to use -# a unique Common Name for the server -# and each of the client certificates. -# -# Any X509 key management system can be used. -# OpenVPN can also use a PKCS #12 formatted key file -# (see "pkcs12" directive in man page). -ca ca.crt -cert server.crt -key server.key # This file should be kept secret -crl-verify crl.pem - -# Diffie hellman parameters. -# Generate your own with: -# openssl dhparam -out dh2048.pem 2048 -dh dh4096.pem - -# Network topology -# Should be subnet (addressing via IP) -# unless Windows clients v2.0.9 and lower have to -# be supported (then net30, i.e. a /30 per client) -# Defaults to net30 (not recommended) -topology subnet - -# Configure server mode and supply a VPN subnet -# for OpenVPN to draw client addresses from. -# The server will take 10.8.0.1 for itself, -# the rest will be made available to clients. -# Each client will be able to reach the server -# on 10.8.0.1. Comment this line out if you are -# ethernet bridging. See the man page for more info. -;server 10.8.0.0 255.255.255.0 -server 192.168.255.128 255.255.255.128 - -# Maintain a record of client <-> virtual IP address -# associations in this file. If OpenVPN goes down or -# is restarted, reconnecting clients can be assigned -# the same virtual IP address from the pool that was -# previously assigned. -ifconfig-pool-persist ipp.txt - -# Configure server mode for ethernet bridging. -# You must first use your OS's bridging capability -# to bridge the TAP interface with the ethernet -# NIC interface. Then you must manually set the -# IP/netmask on the bridge interface, here we -# assume 10.8.0.4/255.255.255.0. Finally we -# must set aside an IP range in this subnet -# (start=10.8.0.50 end=10.8.0.100) to allocate -# to connecting clients. Leave this line commented -# out unless you are ethernet bridging. -;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 - -# Configure server mode for ethernet bridging -# using a DHCP-proxy, where clients talk -# to the OpenVPN server-side DHCP server -# to receive their IP address allocation -# and DNS server addresses. You must first use -# your OS's bridging capability to bridge the TAP -# interface with the ethernet NIC interface. -# Note: this mode only works on clients (such as -# Windows), where the client-side TAP adapter is -# bound to a DHCP client. -;server-bridge - -# Push routes to the client to allow it -# to reach other private subnets behind -# the server. Remember that these -# private subnets will also need -# to know to route the OpenVPN client -# address pool (10.8.0.0/255.255.255.0) -# back to the OpenVPN server. -;push "route 192.168.10.0 255.255.255.0" -;push "route 192.168.20.0 255.255.255.0" - -# To assign specific IP addresses to specific -# clients or if a connecting client has a private -# subnet behind it that should also have VPN access, -# use the subdirectory "ccd" for client-specific -# configuration files (see man page for more info). - -# EXAMPLE: Suppose the client -# having the certificate common name "Thelonious" -# also has a small subnet behind his connecting -# machine, such as 192.168.40.128/255.255.255.248. -# First, uncomment out these lines: -;client-config-dir ccd -;route 192.168.40.128 255.255.255.248 -# Then create a file ccd/Thelonious with this line: -# iroute 192.168.40.128 255.255.255.248 -# This will allow Thelonious' private subnet to -# access the VPN. This example will only work -# if you are routing, not bridging, i.e. you are -# using "dev tun" and "server" directives. - -# EXAMPLE: Suppose you want to give -# Thelonious a fixed VPN IP address of 10.9.0.1. -# First uncomment out these lines: -;client-config-dir ccd -;route 10.9.0.0 255.255.255.252 -# Then add this line to ccd/Thelonious: -# ifconfig-push 10.9.0.1 10.9.0.2 - -# Suppose that you want to enable different -# firewall access policies for different groups -# of clients. There are two methods: -# (1) Run multiple OpenVPN daemons, one for each -# group, and firewall the TUN/TAP interface -# for each group/daemon appropriately. -# (2) (Advanced) Create a script to dynamically -# modify the firewall in response to access -# from different clients. See man -# page for more info on learn-address script. -;learn-address ./script - -# If enabled, this directive will configure -# all clients to redirect their default -# network gateway through the VPN, causing -# all IP traffic such as web browsing and -# and DNS lookups to go through the VPN -# (The OpenVPN server machine may need to NAT -# or bridge the TUN/TAP interface to the internet -# in order for this to work properly). -push "redirect-gateway def1 bypass-dhcp" - -# Certain Windows-specific network settings -# can be pushed to clients, such as DNS -# or WINS server addresses. CAVEAT: -# http://openvpn.net/faq.html#dhcpcaveats -# The addresses below refer to the public -# DNS servers provided by opendns.com. -push "dhcp-option DNS 208.67.222.222" -push "dhcp-option DNS 208.67.220.220" - -# Uncomment this directive to allow different -# clients to be able to "see" each other. -# By default, clients will only see the server. -# To force clients to only see the server, you -# will also need to appropriately firewall the -# server's TUN/TAP interface. -;client-to-client - -# Uncomment this directive if multiple clients -# might connect with the same certificate/key -# files or common names. This is recommended -# only for testing purposes. For production use, -# each client should have its own certificate/key -# pair. -# -# IF YOU HAVE NOT GENERATED INDIVIDUAL -# CERTIFICATE/KEY PAIRS FOR EACH CLIENT, -# EACH HAVING ITS OWN UNIQUE "COMMON NAME", -# UNCOMMENT THIS LINE OUT. -;duplicate-cn - -# The keepalive directive causes ping-like -# messages to be sent back and forth over -# the link so that each side knows when -# the other side has gone down. -# Ping every 10 seconds, assume that remote -# peer is down if no ping received during -# a 120 second time period. -keepalive 10 120 - -# For extra security beyond that provided -# by SSL/TLS, create an "HMAC firewall" -# to help block DoS attacks and UDP port flooding. -# -# Generate with: -# openvpn --genkey --secret ta.key -# -# The server and each client must have -# a copy of this key. -# The second parameter should be '0' -# on the server and '1' on the clients. -;tls-auth ta.key 0 # This file is secret - -# Select a cryptographic cipher. -# This config item must be copied to -# the client config file as well. -;cipher BF-CBC # Blowfish (default) -cipher AES-128-CBC # AES -;cipher DES-EDE3-CBC # Triple-DES - -# Enable compression on the VPN link. -# If you enable it here, you must also -# enable it in the client config file. -comp-lzo - -# The maximum number of concurrently connected -# clients we want to allow. -;max-clients 100 - -# It's a good idea to reduce the OpenVPN -# daemon's privileges after initialization. -# -# You can uncomment this out on -# non-Windows systems. -user nobody -group nogroup - -# The persist options will try to avoid -# accessing certain resources on restart -# that may no longer be accessible because -# of the privilege downgrade. -persist-key -persist-tun - -# Output a short status file showing -# current connections, truncated -# and rewritten every minute. -status openvpn-status.log - -# By default, log messages will go to the syslog (or -# on Windows, if running as a service, they will go to -# the "\Program Files\OpenVPN\log" directory). -# Use log or log-append to override this default. -# "log" will truncate the log file on OpenVPN startup, -# while "log-append" will append to it. Use one -# or the other (but not both). -;log openvpn.log -;log-append openvpn.log - -# Set the appropriate level of log -# file verbosity. -# -# 0 is silent, except for fatal errors -# 4 is reasonable for general usage -# 5 and 6 can help to debug connection problems -# 9 is extremely verbose -verb 4 - -# Silence repeating messages. At most 20 -# sequential messages of the same message -# category will be output to the log. -;mute 20 diff --git a/roles/openvpn/handlers/main.yml b/roles/openvpn/handlers/main.yml deleted file mode 100644 index d462ff1..0000000 --- a/roles/openvpn/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: restart openvpn - service: name=openvpn state=restarted - -- name: restart ufw - service: name=ufw state=restarted diff --git a/roles/openvpn/meta/main.yml b/roles/openvpn/meta/main.yml deleted file mode 100644 index fdda41b..0000000 --- a/roles/openvpn/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: common diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml deleted file mode 100644 index ad3b928..0000000 --- a/roles/openvpn/tasks/main.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: install openvpn - apt: name=openvpn state=latest - -- name: copy root certificate - copy: src=ca.crt dest=/etc/openvpn/ca.crt - notify: restart openvpn - -- name: copy dh parameters - copy: src=dh4096.pem dest=/etc/openvpn/dh4096.pem - notify: restart openvpn - -- name: copy server config - copy: src=server.conf dest=/etc/openvpn/server.conf - notify: restart openvpn - -- name: copy crl - copy: src=crl.pem dest=/etc/openvpn/crl.pem - notify: restart openvpn # restart to terminate all connections and enforce crl - -- name: copy server certificate - copy: - src="host_files/{{inventory_hostname}}/etc/openvpn/server.crt" - dest=/etc/openvpn/server.crt - notify: restart openvpn - -- name: copy server key - copy: - src="host_files/{{inventory_hostname}}/etc/openvpn/server.key" - dest=/etc/openvpn/server.key - mode=0600 - notify: restart openvpn - -- name: enable ip forwarding - sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes - -- name: firewall - update default forward policy - lineinfile: dest=/etc/default/ufw regexp=^DEFAULT_FORWARD_POLICY line=DEFAULT_FORWARD_POLICY="ACCEPT" - notify: restart ufw - -- name: firewall - add NAT rules - blockinfile: - dest: /etc/ufw/before.rules - insertbefore: BOF - block: | - # NAT table rules - *nat - :POSTROUTING ACCEPT [0:0] - # Allow traffic from OpenVPN client to eth0 - -A POSTROUTING -s 192.168.255.0/24 -o eth0 -j MASQUERADE - COMMIT - notify: restart ufw - -- name: firewall - allow openvpn - ufw: rule=allow port=1194 proto=udp - notify: restart ufw diff --git a/roles/rsnapshot.notyet/files/rsnapshot.conf b/roles/rsnapshot.notyet/files/rsnapshot.conf deleted file mode 100644 index 57e100c..0000000 --- a/roles/rsnapshot.notyet/files/rsnapshot.conf +++ /dev/null @@ -1,228 +0,0 @@ -################################################# -# rsnapshot.conf - rsnapshot configuration file # -################################################# -# # -# PLEASE BE AWARE OF THE FOLLOWING RULE: # -# # -# This file requires tabs between elements # -# # -################################################# - -# This rsnapshot configuration file has been modified to support -# multiple hosts, each specified in /etc/rsnapshot.d/ and including -# this file. The idea is from -# http://derek.simkowiak.net/backing-up-multiple-servers-with-rsnapshot/ - -####################### -# CONFIG FILE VERSION # -####################### - -config_version 1.2 - -########################### -# SNAPSHOT ROOT DIRECTORY # -########################### - -# All snapshots will be stored under this root directory. -# -#snapshot_root /mnt/backup/ (defined in host-specific rsnapshot config file) - -# If no_create_root is enabled, rsnapshot will not automatically create the -# snapshot_root directory. This is particularly useful if you are backing -# up to removable media, such as a FireWire or USB drive. -# -no_create_root 1 - -################################# -# EXTERNAL PROGRAM DEPENDENCIES # -################################# - -# LINUX USERS: Be sure to uncomment "cmd_cp". This gives you extra features. -# EVERYONE ELSE: Leave "cmd_cp" commented out for compatibility. -# -# See the README file or the man page for more details. -# -cmd_cp /bin/cp - -# uncomment this to use the rm program instead of the built-in perl routine. -# -cmd_rm /bin/rm - -# rsync must be enabled for anything to work. This is the only command that -# must be enabled. -# -cmd_rsync /usr/bin/rsync - -# Uncomment this to enable remote ssh backups over rsync. -# -cmd_ssh /usr/bin/ssh - -# Comment this out to disable syslog support. -# -cmd_logger /usr/bin/logger - -# Uncomment this to specify the path to "du" for disk usage checks. -# If you have an older version of "du", you may also want to check the -# "du_args" parameter below. -# -cmd_du /usr/bin/du - -# Uncomment this to specify the path to rsnapshot-diff. -# -#cmd_rsnapshot_diff /usr/bin/rsnapshot-diff - -# Specify the path to a script (and any optional arguments) to run right -# before rsnapshot syncs files -# -#cmd_preexec /path/to/preexec/script - -# Specify the path to a script (and any optional arguments) to run right -# after rsnapshot syncs files -# -#cmd_postexec /path/to/postexec/script - -# Paths to lvcreate, lvremove, mount and umount commands, for use with -# Linux LVMs. -# -#linux_lvm_cmd_lvcreate /sbin/lvcreate -#linux_lvm_cmd_lvremove /sbin/lvremove -#linux_lvm_cmd_mount /bin/mount -#linux_lvm_cmd_umount /bin/umount - -######################################### -# BACKUP LEVELS / INTERVALS # -# Must be unique and in ascending order # -# e.g. alpha, beta, gamma, etc. # -######################################### - -retain daily 7 -retain weekly 4 -retain monthly 12 -retain yearly 3 - -############################################ -# GLOBAL OPTIONS # -# All are optional, with sensible defaults # -############################################ - -# Verbose level, 1 through 5. -# 1 Quiet Print fatal errors only -# 2 Default Print errors and warnings only -# 3 Verbose Show equivalent shell commands being executed -# 4 Extra Verbose Show extra verbose information -# 5 Debug mode Everything -# -verbose 3 - -# Same as "verbose" above, but controls the amount of data sent to the -# logfile, if one is being used. The default is 3. -# -loglevel 3 - -# If you enable this, data will be written to the file you specify. The -# amount of data written is controlled by the "loglevel" parameter. -# -#logfile /var/log/rsnapshot.log (defined in host-specific rsnapshot config file) - -# If enabled, rsnapshot will write a lockfile to prevent two instances -# from running simultaneously (and messing up the snapshot_root). -# If you enable this, make sure the lockfile directory is not world -# writable. Otherwise anyone can prevent the program from running. -# -#lockfile /var/run/rsnapshot.pid (defined in host-specific rsnapshot config file) - -# By default, rsnapshot check lockfile, check if PID is running -# and if not, consider lockfile as stale, then start -# Enabling this stop rsnapshot if PID in lockfile is not running -# -#stop_on_stale_lockfile 0 - -# Default rsync args. All rsync commands have at least these options set. -# -rsync_short_args -P -rsync_long_args --archive --delete --delete-excluded --relative --human-readable --stats --filter='dir-merge .rsyncignore' - -# ssh has no args passed by default, but you can specify some here. -# -ssh_args -p 22 - -# Default arguments for the "du" program (for disk space reporting). -# The GNU version of "du" is preferred. See the man page for more details. -# If your version of "du" doesn't support the -h flag, try -k flag instead. -# -du_args -csh - -# If this is enabled, rsync won't span filesystem partitions within a -# backup point. This essentially passes the -x option to rsync. -# The default is 0 (off). -# -#one_fs 0 - -# The include and exclude parameters, if enabled, simply get passed directly -# to rsync. If you have multiple include/exclude patterns, put each one on a -# separate line. Please look up the --include and --exclude options in the -# rsync man page for more details on how to specify file name patterns. -# -#include /usr/local/ -#exclude /boot/ - -# The include_file and exclude_file parameters, if enabled, simply get -# passed directly to rsync. Please look up the --include-from and -# --exclude-from options in the rsync man page for more details. -# -#include_file /path/to/include/file -#exclude_file /path/to/exclude/file - -# If your version of rsync supports --link-dest, consider enabling this. -# This is the best way to support special files (FIFOs, etc) cross-platform. -# The default is 0 (off). -# -#link_dest 0 - -# When sync_first is enabled, it changes the default behaviour of rsnapshot. -# Normally, when rsnapshot is called with its lowest interval -# (i.e.: "rsnapshot alpha"), it will sync files AND rotate the lowest -# intervals. With sync_first enabled, "rsnapshot sync" handles the file sync, -# and all interval calls simply rotate files. See the man page for more -# details. The default is 0 (off). -# -sync_first 1 - -# If enabled, rsnapshot will move the oldest directory for each interval -# to [interval_name].delete, then it will remove the lockfile and delete -# that directory just before it exits. The default is 0 (off). -# -#use_lazy_deletes 0 - -# Number of rsync re-tries. If you experience any network problems or -# network card issues that tend to cause ssh to fail with errors like -# "Corrupted MAC on input", for example, set this to a non-zero value -# to have the rsync operation re-tried. -# -#rsync_numtries 0 - -# LVM parameters. Used to backup with creating lvm snapshot before backup -# and removing it after. This should ensure consistency of data in some special -# cases -# -# LVM snapshot(s) size (lvcreate --size option). -# -#linux_lvm_snapshotsize 100M - -# Name to be used when creating the LVM logical volume snapshot(s). -# -#linux_lvm_snapshotname rsnapshot - -# Path to the LVM Volume Groups. -# -#linux_lvm_vgpath /dev - -# Mount point to use to temporarily mount the snapshot(s). -# -#linux_lvm_mountpath /path/to/mount/lvm/snapshot/during/backup - -############################### -### BACKUP POINTS / SCRIPTS ### -############################### - -# (defined in host-specific rsnapshot config file)
\ No newline at end of file diff --git a/roles/rsnapshot.notyet/meta/main.yml b/roles/rsnapshot.notyet/meta/main.yml deleted file mode 100644 index fdda41b..0000000 --- a/roles/rsnapshot.notyet/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: common diff --git a/roles/rsnapshot.notyet/tasks/main.yml b/roles/rsnapshot.notyet/tasks/main.yml deleted file mode 100644 index 81b9d71..0000000 --- a/roles/rsnapshot.notyet/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: install rsnapshot - apt: name=rsnapshot state=latest - -- name: create config directory - file: path=/etc/rsnapshot.d state=directory mode=0755 - -- name: copy parent configuration - copy: src=rsnapshot.conf dest=/etc/rsnapshot.conf force=true - -- name: copy child configurations - template: src=linux.conf.j2 dest="/etc/rsnapshot.d/{{host}}.conf" - vars: - host: "{{item}}" - with_items: - - muninn - - jodersky-mbp diff --git a/roles/rsnapshot.notyet/templates/cron.j2 b/roles/rsnapshot.notyet/templates/cron.j2 deleted file mode 100644 index 2cdf278..0000000 --- a/roles/rsnapshot.notyet/templates/cron.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# m h dom mon dow command -00 * * * * rsnapshot -c /home/rsnapshot/$HOST/rsnapshot.conf sync && rsnapshot -c /home/rsnapshot/$HOST/rsnapshot.conf hourly -00 04 * * * rsnapshot -c /home/rsnapshot/$HOST/rsnapshot.conf daily -00 02 * * 0 rsnapshot -c /home/rsnapshot/$HOST/rsnapshot.conf weekly -00 00 1 * * rsnapshot -c /home/rsnapshot/$HOST/rsnapshot.conf monthly
\ No newline at end of file diff --git a/roles/rsnapshot.notyet/templates/linux.conf.j2 b/roles/rsnapshot.notyet/templates/linux.conf.j2 deleted file mode 100644 index 26dffb9..0000000 --- a/roles/rsnapshot.notyet/templates/linux.conf.j2 +++ /dev/null @@ -1,31 +0,0 @@ -# This file requires tabs between elements - -# Include global rsnapshot configuration -include_conf /etc/rsnapshot.conf - -logfile /var/log/rsnapshot/{{host}}.log -lockfile /var/run/rsnapshot/{{host}}.pid - -snapshot_root /mnt/backup/rsnapshot/{{host}}/ - -include /usr/local/ -exclude /bin/ -exclude /boot/ -exclude /dev/ -exclude /lib/ -exclude /lib64/ -exclude /lost+found/ -exclude /proc/ -exclude /run/ -exclude /sbin/ -exclude /sys/ -exclude /tmp/ -exclude /usr/ -exclude /var/backups/ -exclude /var/cache/ -exclude /var/lock/ -exclude /var/run/ -exclude /var/spool/ -exclude /var/tmp/ - -backup backup@{{host}}:/ ./
\ No newline at end of file @@ -4,5 +4,5 @@ hosts: peter.crashbox.io remote_user: root roles: - - openvpn + - common - webserver diff --git a/vaultpass b/vaultpass deleted file mode 100755 index f01fbd6..0000000 --- a/vaultpass +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -/usr/bin/pass infra/ansible-vault
\ No newline at end of file |