cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-09-04 03:43:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: cwchristerw:dfb32da69248a75bac85b7036c560462ad6bf634
Branches Tags
cwchristerw:master
..
compare: cwchristerw:master
Branches Tags
cwchristerw:master

68 Commits
dfb32da692 ... master

Author SHA1 Message Date
Christer Warén
cf65e1ac85 Update workstation installation guide 2025-09-01 16:30:51 +03:00
Christer Warén
177bafaa93 Fix typos in Init script 2025-09-01 15:56:52 +03:00
Christer Warén
89c5cc2437 FIx to work in WSL 2025-09-01 15:49:37 +03:00
Christer Warén
586ea6bd0e Fix missing sudo in INSTRUCTIONS.md 2025-09-01 15:39:42 +03:00
Christer Warén
13d07913ef Add workstation installation guide to INSTRUCTIONS.md 2025-09-01 15:33:12 +03:00
Christer Warén
718874a63d Beautification of Protect script 2025-09-01 15:21:41 +03:00
Christer Warén
859b96eb88 Beautification of Init script 2025-09-01 15:21:19 +03:00
Christer Warén
e149ba3db0 Inventories Update 2025-09-01 15:20:42 +03:00
Christer Warén
2224e2c596 Inventories Update 2025-09-01 10:25:36 +03:00
Christer Warén
2b6921e9f3 Fix typo in Yggdrasil configuration 2025-09-01 10:12:30 +03:00
Christer Warén
b895ac02b9 Yggdrasil Configuration 2025-09-01 09:03:41 +03:00
Christer Warén
edbf3f6191 Inventories Update 2025-09-01 09:03:27 +03:00
Christer Warén
79e45822c1 Protect Update 2025-09-01 09:03:04 +03:00
Christer Warén
a4e7218050 Fix Kea configuration commands in Deployer tasks 2025-08-30 18:52:23 +03:00
Christer Warén
f1a5f0caa5 Add NET_BIND_SERVICE capability to PowerDNS containers 2025-08-28 12:43:16 +03:00
Christer Warén
7f8b4a1e13 Add NET_BIND_SERVICE capability to dnsdist container 2025-08-28 11:55:16 +03:00
Christer Warén
e1a1e4889a Add parameters to dnsdist in Deployer tasks 2025-08-28 10:44:11 +03:00
Christer Warén
d5b99d3146 FIx PowerDNS container names in Deployer tasks 2025-08-27 14:03:04 +03:00
Christer Warén
be900d5785 Add useClientSubnet to dnsdist configuration 2025-08-27 13:55:05 +03:00
Christer Warén
84884d9015 Add PowerDNS Recursor to Deployer 2025-08-26 19:42:00 +03:00
Christer Warén
5589d94f11 Update Issue & MOTD 2025-08-26 13:37:04 +03:00
Christer Warén
491ad0aba8 Update VSCode settings 2025-08-26 13:36:48 +03:00
Christer Warén
dec30dd66b Fix typo in server network configuration 2025-08-26 13:04:54 +03:00
Christer Warén
5008c1be97 Allow DHCP & DNS from FirewallD 2025-08-26 12:49:41 +03:00
Christer Warén
56b53fdc5b Update network device configurations to INSTRUCTIONS.md 2025-08-26 12:49:22 +03:00
Christer Warén
2b671f8a6d Add interfaces to subnets to restrict them to specific vlan 2025-08-26 09:08:10 +03:00
Christer Warén
ada1aa726d Start Kea server in Deployer tasks 2025-08-26 08:31:00 +03:00
Christer Warén
89d03c5141 Set statiic IPs for interfaces 2025-08-26 08:11:46 +03:00
Christer Warén
b889bd2054 Update Kea tasks 2025-08-25 14:58:22 +03:00
Christer Warén
877cbc1005 Restore unique MAC addresses to interfaces 2025-08-25 14:05:25 +03:00
Christer Warén
6b83b10523 Remove static IPs from network interfaces 2025-08-25 13:59:24 +03:00
Christer Warén
21fcb394cd Update Issue & MOTD 2025-08-25 12:23:01 +03:00
Christer Warén
aab33c9c21 Change name of office laptop 2025-08-25 12:11:40 +03:00
Christer Warén
742e77a1fc Update 2025-08-25 12:10:41 +03:00
Christer Warén
63f6266f2c Update 2025-08-25 12:02:51 +03:00
Christer Warén
c89ab05b1a Add Issue and MOTD to Installer tasks 2025-08-25 12:02:23 +03:00
Christer Warén
41d961ce6b Restart Networking during Installer tasks 2025-08-25 10:59:00 +03:00
Christer Warén
f81480af87 Network Changes 2025-08-25 10:26:26 +03:00
Christer Warén
76e57329ce Fix typo in interfaces file 2025-08-16 14:57:18 +03:00
Christer Warén
c6b2c2cd25 Add vlan to packages to install in Installer tasks 2025-08-16 14:27:18 +03:00
Christer Warén
37114a0f8d Update network interfaces 2025-08-16 14:20:32 +03:00
Christer Warén
47e7f0415b Update Kea configuration 2025-08-16 14:20:23 +03:00
Christer Warén
296b3b5502 Add Kea database upgrade task to Deployer tasks 2025-08-16 14:04:20 +03:00
Christer Warén
681999d4e2 Deployer Tasks - Uodate 2025-08-16 13:54:33 +03:00
Christer Warén
41008ed852 Add database configuration task for Kea in Deployer tasks 2025-08-16 13:45:18 +03:00
Christer Warén
79c6ee8af8 Adding more tags to Installer tasks 2025-08-16 13:25:30 +03:00
Christer Warén
5339d47d11 Installer Tasks: Add mariadb-client package to dependencies for MariaDB 2025-08-16 13:17:40 +03:00
Christer Warén
8d1a7820c9 Fix syntax in Kea configuration 2025-08-16 13:01:14 +03:00
Christer Warén
b9d58a6822 Change database server address in Kea configuration 2025-08-16 12:41:46 +03:00
Christer Warén
4cfaf5f0a4 Fix wrong mac address of s3 switch in Kea configuration 2025-08-16 12:38:41 +03:00
Christer Warén
9e898bd5e3 Remove unnecessary hooks-libraries from Kea configuration 2025-08-16 12:29:18 +03:00
Christer Warén
669fdcc6a6 Fix typos in Kea configuration 2025-08-16 11:05:50 +03:00
Christer Warén
ffd215d9f8 Fix typo in Deployer tasks 2025-08-13 14:44:01 +03:00
Christer Warén
19fb89cfb2 Add interfaces to Kea configuration 2025-08-13 14:39:26 +03:00
Christer Warén
f17f1bfb7b Update Deployer tasks: Add tags and replace DHCPD with Kea 2025-08-13 13:39:33 +03:00
Christer Warén
ee486ad369 Remove DHCPD configuration and update Kea configuration 2025-08-13 13:38:25 +03:00
Christer Warén
00cf46fe10 Commenting forcing to pull images due to Docker Hub limits 2025-08-08 19:33:40 +03:00
Christer Warén
811f681ba4 Fix MariaDB tasks in Deployer tasks with adding conditions 2025-08-08 19:08:08 +03:00
Christer Warén
034a790501 Fix typo in Deployer tasks 2025-08-08 18:57:02 +03:00
Christer Warén
c486c307c1 Fix typo in olympus.juva.tjas host variables 2025-08-08 18:52:55 +03:00
Christer Warén
21acf6f0cb Rename olympus.intra.tjas to olympus.juva.tjas 2025-08-08 18:42:01 +03:00
Christer Warén
b86a8c9c4b Fix typo in Deployer tasks 2025-08-08 18:33:33 +03:00
Christer Warén
b0b1a0f19d Add kea-dhcp4.conf to Kea files 2025-08-08 18:28:03 +03:00
Christer Warén
8931fda671 Update olympus host variables 2025-08-08 18:27:30 +03:00
Christer Warén
9803cad577 Install Kea server as new DHCP server in Deployer tasks 2025-08-08 18:27:30 +03:00
Christer Warén
03a4760ab5 Update data directory location to be static in root user directory 2025-08-08 18:27:30 +03:00
Christer Warén
30e04c8667 Update DHCP server configuration 2025-08-08 18:27:30 +03:00
Christer Warén
fa8775abc1 Update network device configurations to INSTRUCTIONS.md 2025-08-08 18:26:36 +03:00
25 changed files with 1079 additions and 433 deletions
Expand all files Collapse all files

1
.vscode/settings.json vendored
View File

@@ -1,6 +1,5 @@
{
"files.trimTrailingWhitespace": true,
"files.insertFinalNewline": true,
"files.trimFinalNewlines": true,
"editor.renderFinalNewline": false
}

413
INSTRUCTIONS.md
View File

@@ -1,7 +1,28 @@
#Tietojärjestelmäasentajien Infra
## PVJJK 1.VOS TJAS - Infra
# Tietojärjestelmäasentajien Infra
## PVJJK 1.VOS Niinisalo
### Ylläpitäjän ohjeet
**Työaseman asennus**
1. Asenna Windows Subsystem for Linux vaihtoehtoisista järjestelmäominaisuuksista.
2. Käynnistä työasema uudelleen
3. Asenna Debian käyttöjärjestelmä
1. Avaa Powershell järjestelmänvalvojana
2. Suorita asennuskomento `wsl --install -d Debian`
3. Aseta käyttäjätunnukseksi `asentaja` ja salasanaksi sama kuin työaseman Windows käyttäjän salasana.
4. Vaihda isännän nimi
1. Lisää Network kohtaan tai luo Network kohta `echo "[network]" > /etc/wsl.conf`
2. Lisää isännän nimi `echo "hostname = argo.aito.tjas" > /etc/wsl.conf`
3. Lisää Hosts tiedoston generointi `echo "generateHosts = true" > /etc/wsl.conf`
5. Sulje ikkuna
4. Aseta Debian oletusarvoiseksi käyttöjärjestelmäksi ja käynnistä se uudelleen
1. Avaa Powershell järjestelmänvalvojana
2. Vaihda oletusarvoinen käyttöjärjestelmä `wsl --set-default Debian`
3. Käynnistä uudelleen käyttöjärjestelmä `wsl -t Debian`
4. Sulje ikkuna
6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana `wsl -d Debian`
7. Asenna curl-paketti käyttämällä APT-paketinhallintaa `sudo apt update && sudo apt install curl`
8. Lataa ja suorita Init.sh skripti `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
**Palvelimen asennus**
1. Asenna Debian-käyttöjärjestelmä
2. Asenna curl-paketti käyttämällä APT-paketinhallintaa `apt update && apt install curl`
@@ -14,12 +35,12 @@
r1.net.tjas
```
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
!
hostname r1.net.tjas
!
boot-start-marker
@@ -35,14 +56,14 @@ resource policy
memory-size iomem 5
ip subnet-zero
!
!
ip cef
!
!
!
!
!
!
!
ip cef
!
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
no ip redirects
@@ -52,120 +73,266 @@ interface FastEthernet0/0
duplex full
speed auto
no mop enabled
!
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
!
interface FastEthernet0/1.10
description "TINU - INTERNET"
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.224
ip access-group 10 out
ip helper-address 192.168.2.10
ip nat inside
no snmp trap link-status
!
!
interface FastEthernet0/1.20
description "JUVA - INTRA"
encapsulation dot1Q 20
ip address 192.168.2.1 255.255.255.224
ip access-group 20 out
ip helper-address 192.168.2.10
ip nat inside
no snmp trap link-status
!
!
interface FastEthernet0/1.30
description "AITO - TOIMISTO"
encapsulation dot1Q 30
ip address 192.168.3.1 255.255.255.224
ip access-group 30 out
ip helper-address 192.168.2.10
ip nat inside
no snmp trap link-status
!
!
interface FastEthernet0/1.69
description "SIVE - HALLINTA"
encapsulation dot1Q 69
ip address 192.168.69.1 255.255.255.192
ip access-group 69 in
ip access-group 69 out
ip helper-address 192.168.69.20
no snmp trap link-status
!
!
interface GigabitEthernet0/0/0
no ip address
shutdown
shutdown
negotiation auto
!
!
ip classless
!
!
ip http server
!
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.31
access-list 1 permit 192.168.2.0 0.0.0.31
access-list 1 permit 192.168.3.0 0.0.0.31
access-list 10 deny 192.168.0.0 0.0.255.255
access-list 10 permit any
access-list 20 permit 192.168.2.0 0.0.0.31
access-list 20 deny 192.168.0.0 0.0.255.255
access-list 20 permit any
access-list 30 permit 192.168.2.10
access-list 30 permit 192.168.3.0 0.0.0.31
access-list 30 deny 192.168.0.0 0.0.255.255
access-list 30 permit any
access-list 69 permit 192.168.69.0 0.0.0.63
!
control-plane
!
!
!
banner motd ^C
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
r1.net.tjas
^C
!
line con 0
line aux 0
line vty 0 4
password TJAS1234
login
!
password ********
login
!
scheduler allocate 20000 1000
!
end
!
end
```
s1.net.tjas
```
hostname "s1.net.tjas"
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-52
ip address dhcp-bootp
exit
vlan 10
name "TINU"
ip address 192.168.1.2 255.255.255.224
tagged 1
exit
vlan 20
name "JUVA"
no ip address
tagged 1-2
exit
vlan 30
name "AITO"
no ip address
tagged 1,3
exit
vlan 69
name "SIVE"
ip address 192.168.69.11 255.255.255.192
tagged 1-3
exit
ip authorized-managers 192.168.69.20 255.255.255.255
hostname "s1.net.tjas"
ip default-gateway 192.168.1.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 4-52
ip address dhcp-bootp
no untagged 1-3
exit
vlan 10
name "TINU"
ip address 192.168.1.2 255.255.255.224
tagged 1
exit
vlan 20
name "JUVA"
no ip address
tagged 1-2
exit
vlan 30
name "AITO"
no ip address
tagged 1,3
exit
vlan 69
name "SIVE"
ip address 192.168.69.11 255.255.255.192
tagged 1-3
exit
ip authorized-managers 192.168.69.20 255.255.255.255
banner motd "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
s1.net.tjas
"
ip ssh
password manager
```
s2.net.tjas
```
hostname "s2.net.tjas"
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 25-28
ip address dhcp-bootp
no untagged 1-24
exit
vlan 20
name "JUVA"
untagged 2-24
ip address 192.168.2.2 255.255.255.224
hostname "s2.net.tjas"
interface 3
disable
exit
interface 4
disable
exit
interface 5
disable
exit
interface 6
disable
exit
interface 7
disable
exit
interface 8
disable
exit
interface 9
disable
exit
interface 10
disable
exit
interface 11
disable
exit
interface 12
disable
exit
interface 13
disable
exit
interface 14
disable
exit
interface 15
disable
exit
interface 16
disable
exit
interface 17
disable
exit
interface 18
disable
exit
interface 19
disable
exit
interface 20
disable
exit
interface 21
disable
exit
interface 22
disable
exit
interface 23
disable
exit
interface 24
disable
exit
ip default-gateway 192.168.2.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 3-28
ip address dhcp-bootp
no untagged 1-2
exit
vlan 20
name "JUVA"
untagged 3-24
ip address 192.168.2.2 255.255.255.224
tagged 1-2
exit
vlan 69
name "SIVE"
exit
vlan 69
name "SIVE"
ip address 192.168.69.12 255.255.255.192
tagged 1-2
exit
ip authorized-managers 192.168.69.20 255.255.255.255
tagged 1-2
exit
ip authorized-managers 192.168.69.20
banner motd "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
s2.net.tjas
"
ip ssh
password manager
```
@@ -173,26 +340,84 @@ password manager
s3.net.tjas
```
hostname "s3.net.tjas"
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 25-28
ip address dhcp-bootp
no untagged 1-24
exit
vlan 30
interface 2
disable
exit
interface 3
disable
exit
interface 4
disable
exit
interface 5
disable
exit
interface 6
disable
exit
interface 7
disable
exit
interface 8
disable
exit
interface 9
disable
exit
interface 10
disable
exit
interface 11
disable
exit
interface 12
disable
exit
ip default-gateway 192.168.3.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 25-28
ip address dhcp-bootp
no untagged 1-24
exit
vlan 30
name "AITO"
ip address 192.168.3.2 255.255.255.224
tagged 1,13-24
untagged
exit
vlan 69
name "SIVE"
untagged 2-24
ip address 192.168.69.13 255.255.255.192
tagged 1
exit
ip authorized-managers 192.168.69.20 255.255.255.255
untagged 13-24
ip address 192.168.3.2 255.255.255.224
tagged 1
exit
vlan 69
name "SIVE"
untagged 2-24
ip address 192.168.69.13 255.255.255.192
tagged 1
exit
ip authorized-managers 192.168.69.20
banner motd "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
s3.net.tjas
"
ip ssh
password manager
```
# LÄHTEET
## ISSUE - ASCII ART
ASCII Art Generator
https://www.textmods.com/ascii-art

2
README.md
View File

@@ -1,5 +1,5 @@
# Tietojärjestelmäasentajien Infra
## PVJJK 1.VOS TJAS - Infra
## PVJJK 1.VOS NIINISALO
Infran toteutus aloitettiin vuonna 2025 ja sen on suunnitellut [Jääkäri Warén](https://christerwaren.fi).

2
ansible.cfg
View File

@@ -1,5 +1,5 @@
[defaults]
inventory = inventories/pvjjk-1vos-tjas
inventory = inventories/pvjjk-1vos-niinisalo
hash_behaviour = merge
gathering = smart
display_skipped_hosts = false

190
files/dhcp/dhcpd.conf
View File

@@ -1,190 +0,0 @@
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "intra.tjas";
option domain-name-servers 192.168.2.10;
default-lease-time 600;
max-lease-time 7200;
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
#subnet 10.254.239.0 netmask 255.255.255.224 {
# range 10.254.239.10 10.254.239.20;
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}
# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.example.com";
#}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.example.com;
#}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}
#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}
subnet 192.168.1.0 netmask 255.255.255.240 {
range 192.168.1.2 192.168.1.14;
option routers 192.168.1.1;
option broadcast-address 192.168.1.15;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.1.1;
}
host s1.net.tjas {
hardware ethernet 9c:8e:99:9b:c3:80;
fixed-address 192.168.1.2;
}
}
subnet 192.168.2.0 netmask 255.255.255.224 {
range 192.168.2.2 192.168.2.30;
option routers 192.168.2.1;
option broadcast-address 192.168.2.31;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.2.1;
}
host s2.net.tjas {
hardware ethernet 00:24:a8:f1:c7:40;
fixed-address 192.168.2.2;
}
host olympus.intra.tjas {
hardware ethernet 90:1b:0e:5b:18:fa;
fixed-address 192.168.2.10;
}
}
subnet 192.168.3.0 netmask 255.255.255.224 {
range 192.168.3.2 192.168.3.30;
option routers 192.168.3.1;
option broadcast-address 192.168.3.31;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.3.1;
}
host s3.net.tjas {
hardware ethernet 00:1f:fe:ab:9e:c0;
fixed-address 192.168.3.2;
}
}
subnet 192.168.69.0 netmask 255.255.255.192 {
range 192.168.69.2 192.168.69.62;
option broadcast-address 192.168.69.63;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.69.1;
}
host s1.net.tjas {
hardware ethernet 9c:8e.99:9b:c3:80;
fixed-address 192.168.3.11;
}
host s2.net.tjas {
hardware ethernet 00:24:a8:f1:c7:40;
fixed-address 192.168.3.12;
}
host s3.net.tjas {
hardware ethernet 00:1f:fe:ab:9e:c0;
fixed-address 192.168.3.13;
}
host olympus.intra.tjas {
hardware ethernet 90:1b:0e:5b:18:fa;
fixed-address 192.168.69.20;
}
}

12
files/dnsdist/config.conf Normal file
View File

@@ -0,0 +1,12 @@
setLocal('0.0.0.0:53')
addLocal('[::]:53')
setACL({'0.0.0.0/0', '::/0'})
setECSOverride(true)
setECSSourcePrefixV4(32)
setECSSourcePrefixV6(128)
newServer({address='127.0.0.1:531', useClientSubnet=true, pool='authorative'})
newServer({ address='127.0.0.1:532', useClientSubnet=true, pool='recursor' })
addAction('tjas', PoolAction('authorative'))
addAction(AllRule(), PoolAction('recursor'))
setSecurityPollSuffix("")
setServFailWhenNoServer(true)

25
files/issue Normal file
View File

@@ -0,0 +1,25 @@
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
olympus.juva.tjas
Made by
Jääkäri Warén
https://christerwaren.fi

232
files/kea/kea-dhcp4.conf Normal file
View File

@@ -0,0 +1,232 @@
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "enp0s25.20" ]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea/kea4-ctrl-socket"
},
"lease-database": {
"type": "mysql",
"name": "{{ config.mariadb.users['kea'].database }}",
"user": "{{ config.mariadb.users['kea'].username }}",
"password": "{{ config.mariadb.users['kea'].password }}",
"host": "127.0.0.1",
"port": 3306
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"subnet4": [
{
"id": 1,
"subnet": "192.168.1.0/27",
"pools": [
{
"pool": "192.168.1.1 - 192.168.1.30"
}
],
"option-data": [
{
"name": "routers",
"data": "192.168.1.1"
},
{
"name": "domain-name-servers",
"data": "1.1.1.1"
},
{
"name": "domain-search",
"data": "puolustusvoimat.fi"
}
],
"user-context": {
"name": "Tinu",
"purpose": "Internet"
},
"reservations": [
{
"hw-address": "00:1d:46:dc:80:09",
"ip-address": "192.168.1.1",
"hostname": "r1.net.tjas"
},
{
"hw-address": "9c:8e:99:9b:c3:80",
"ip-address": "192.168.1.2",
"hostname": "s1.net.tjas"
}
]
},
{
"id": 2,
"subnet": "192.168.2.0/27",
"interface": "enp0s25.20",
"pools": [
{
"pool": "192.168.2.1 - 192.168.2.30"
}
],
"option-data": [
{
"name": "routers",
"data": "192.168.2.1"
},
{
"name": "domain-name-servers",
"data": "192.168.2.10, 1.1.1.1"
},
{
"name": "domain-name",
"data": "juva.tjas"
},
{
"name": "domain-search",
"data": "juva.tjas, tjas"
}
],
"user-context": {
"name": "Juva",
"purpose": "Intra"
},
"reservations": [
{
"hw-address": "00:1d:46:dc:80:09",
"ip-address": "192.168.2.1",
"hostname": "r1.net.tjas"
},
{
"hw-address": "00:24:a8:f1:c7:40",
"ip-address": "192.168.2.2",
"hostname": "s2.net.tjas"
},
{
"hw-address": "90:1b:0e:5b:18:fb",
"ip-address": "192.168.2.10",
"hostname": "olympus.juva.tjas"
}
]
},
{
"id": 3,
"subnet": "192.168.3.0/27",
"pools": [
{
"pool": "192.168.3.1 - 192.168.3.30"
}
],
"option-data": [
{
"name": "routers",
"data": "192.168.3.1"
},
{
"name": "domain-name-servers",
"data": "192.168.2.10"
},
{
"name": "domain-name",
"data": "aito.tjas"
},
{
"name": "domain-search",
"data": "aito.tjas, tjas"
}
],
"user-context": {
"name": "Aito",
"purpose": "Toimisto"
},
"reservations": [
{
"hw-address": "00:1d:46:dc:80:09",
"ip-address": "192.168.3.1",
"hostname": "r1.net.tjas"
},
{
"hw-address": "00:1f:fe:ab:9e:c0",
"ip-address": "192.168.3.2",
"hostname": "s3.net.tjas"
}
]
},
{
"id": 69,
"subnet": "192.168.69.0/26",
"interface": "enp0s25.69",
"pools": [
{
"pool": "192.168.69.1 - 192.168.69.62"
}
],
"option-data": [
{
"name": "domain-name-servers",
"data": "192.168.69.20"
},
{
"name": "domain-name",
"data": "sive.tjas"
},
{
"name": "domain-search",
"data": "sive.tjas"
}
],
"user-context": {
"name": "Sive",
"purpose": "Hallinta"
},
"reservations": [
{
"hw-address": "00:1d:46:dc:80:09",
"ip-address": "192.168.69.1",
"hostname": "r1.net.tjas"
},
{
"hw-address": "9c:8e:99:9b:c3:80",
"ip-address": "192.168.69.11",
"hostname": "s1.net.tjas"
},
{
"hw-address": "00:24:a8:f1:c7:40",
"ip-address": "192.168.69.12",
"hostname": "s2.net.tjas"
},
{
"hw-address": "00:1f:fe:ab:9e:c0",
"ip-address": "192.168.69.13",
"hostname": "s3.net.tjas"
},
{
"hw-address": "90:1b:0e:5b:18:fc",
"ip-address": "192.168.69.20",
"hostname": "olympus.juva.tjas"
}
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "stdout",
"pattern": "%-5p %m\n"
}
],
"severity": "ERROR",
"debuglevel": 0
}
]
}
}

29
files/motd Normal file
View File

@@ -0,0 +1,29 @@
_____ _ _ _ _
|_ _|_ _ _ __ __ _ ___ | |_ _| (_) ___| |_
| |/ _` | '_ \ / _` |/ _ \ _ | | | | | | |/ _ \ __|
| | (_| | | | | (_| | (_) | | |_| | |_| | | | __/ |_
|_|\__,_|_| |_|\__, |\___/ \___/ \__,_|_|_|\___|\__|
_ _ |___/ ____ _
/ \ | |_ __ | |__ __ _ / ___|(_) ___ _ __ _ __ __ _
/ _ \ | | '_ \| '_ \ / _` | \___ \| |/ _ \ '__| '__/ _` |
/ ___ \| | |_) | | | | (_| | ___) | | __/ | | | | (_| |
/_/ \_\_| .__/|_| |_|\__,_| |____/|_|\___|_| |_| \__,_|
|_|
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
olympus.juva.tjas
Palvelimen hallinta on automatisoitu. Manuaaliset muutokset saatetaan
ylikirjoittaa automatisoidusti.
https://github.com/cwchristerw/tjas-intra

9
files/network/interfaces → files/networking/interfaces
View File

@@ -12,7 +12,12 @@ allow-hotplug enp0s25
iface enp0s25 inet dhcp
auto enp0s25.20
iface enp0s25.20 inet dhcp
iface enp0s25.20 inet static
address 192.168.2.10/27
gateway 192.168.2.1
hwaddress 90:1b:0e:5b:18:fb
auto enp0s25.69
iface enp0s25.69 inet dhcp
iface enp0s25.69 inet static
address 192.168.69.20/26
hwaddress 90:1b:0e:5b:18:fc

6
files/nginx/conf/000-default.conf
View File

@@ -37,8 +37,8 @@ server {
# http2 on;
# ssl_certificate /etc/nginx/certs/pvjjk-1vos-tjas/fullchain.pem;
# ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-tjas/privkey.pem;
# ssl_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/fullchain.pem;
# ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-niinisalo/privkey.pem;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ecdh_curve X25519:prime256v1:secp384r1;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
@@ -46,7 +46,7 @@ server {
# ssl_session_cache shared:SSL:20m;
# ssl_session_timeout 180m;
# ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-tjas/chain.pem;
# ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/chain.pem;
# expires off;
# etag off;

4
files/powerdns/config.conf → files/powerdns-authorative/config.conf
View File

@@ -1,6 +1,6 @@
local-address=0.0.0.0,::
local-port=53
default-soa-content=s1.intra.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
local-port=531
default-soa-content=olympus.juva.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
launch=gmysql
gmysql-host=127.0.0.1
gmysql-port=3306

9
files/powerdns-recursor/config.conf Normal file
View File

@@ -0,0 +1,9 @@
incoming:
listen:
- 127.0.0.1:532
recursor:
forward_zones:
- zone: tjas
recurse: false
forwarders:
- 127.0.0.1:531

2
files/ssh/authorized_keys
View File

@@ -1,2 +1,2 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 l1.office.tjas
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 argo.aito.tjas
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW5phGhwAG8dmT+sR0uF1gRc0X9xXZiiFxvKUEsPk1N cwchristerw

16
files/yggdrasil/config.conf
View File

@@ -6,11 +6,17 @@
# use this section when you may connect via different interfaces.
Peers: [
#TRUSTED PEERS - Waren Group
#aurora.devices.waren.io
#201:361f:bbfb:7210:c5b8:3f74:a285:adb9
"tls://[2a01:4f9:2a:60c::2]:18836",
"tls://95.216.5.243:18836",
{% if config.yggdrasil.peers is defined %}
#TRUSTED PEERS
{% for peer in config.yggdrasil.peers %}
{% if peer.name is defined and peer.address is defined and peer.address is defined %}
#{{ peer.name }}
"{{ peer.address }}"{% if not loop.last %},{% endif %}
{% endif %}
{% endfor %}
{% endif %}
]
# List of connection strings for static peers in URI format, arranged

61
init.sh
View File

@@ -4,63 +4,74 @@ if [ ! "$BASH_VERSION" ] ; then
exit 1
fi
underline=`tput smul`
nounderline=`tput rmul`
bold=$(tput bold)
normal=$(tput sgr0)
ti-header(){
echo $(tput bold)$1$(tput sgr0)
echo ${bold}$1${normal}
}
echo "${bold}"
echo "
==============================
PVJJK 1.VOS TJAS - Infra
Init Script
------------------------------
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :\` \`.
| | | \`-'| | \| |_.' | '..\`''.)
| | ,--. | | | .-. |.-._) \\
| | | '-' / | | | |\ /
\`--' \`-----' \`--' \`--' \`-----'
"
echo "
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
INIT SCRIPT
"
echo -n "${normal}"
stop () {
echo "
==============================
"
exit 1
}
ti-header "Haetaan pakettien tiedot..."
apt update
sudo apt update
echo -e "\n\n"
ti-header "Asennetaan PVJJK 1.VOS TJAS Infran riippuvuudet APT-paketinhallinnalla..."
apt-get install -y python3-pip python3-venv jq git curl lsb-release
sudo apt-get install -y python3-pip python3-venv jq git curl lsb-release
echo -e "\n\n"
mkdir -p /root/.ssh/keys/pvjjk-1vos-tjas &> /dev/null
if [[ ! -f /root/.ssh/keys/pvjjk-1vos-tjas/infra ]]
mkdir -p $HOME/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null
if [[ ! -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra ]]
then
ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
ssh-keygen -f /root/.ssh/keys/pvjjk-1vos-tjas/infra -t ed25519 -N '' -C $(hostname --fqdn)
ssh-keygen -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn)
echo -e "\n\n"
fi
ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
python3 -m venv /root/.venv/ansible
python3 -m venv $HOME/.venv/ansible
echo -e "\n\n"
ti-header "Asennetaan Ansiblen riippuvuudet..."
/root/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
$HOME/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
echo -e "\n\n"
ti-header "Asennetaan Ansible..."
/root/.venv/ansible/bin/pip3 install ansible
$HOME/.venv/ansible/bin/pip3 install ansible
echo -e "\n\n"
ti-header "Asennetaan Ansible kokoelmat..."
/root/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
$HOME/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
echo -e "\n\n"
ti-header "Lisää SSH-avain Infra-repon käyttöön..."
cat /root/.ssh/keys/pvjjk-1vos-tjas/infra.pub
cat $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub
echo -n "Onko avain lisätty Github-repoon? [K/E]"
while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
@@ -69,8 +80,8 @@ do
done
echo -e "\n\n"
mkdir -p /root/.ansible/vault &> /dev/null
if [[ ! -f /root/.ansible/vault/pvjjk-1vos-tjas ]]
mkdir -p $HOME/.ansible/vault &> /dev/null
if [[ ! -f $HOME/.ansible/vault/pvjjk-1vos-niinisalo ]]
then
ti-header "Syötä Ansible Vaultin salasana..."
echo -n "Salasana: "
@@ -80,14 +91,14 @@ then
if [[ ! -z $VAULT_PASSWORD ]]
then
echo "$VAULT_PASSWORD" > /root/.ansible/vault/pvjjk-1vos-tjas
echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/pvjjk-1vos-niinisalo
fi
done
echo -e "\n\n"
fi
ti-header "Suoritetaan Infran asennus..."
/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t installer
$HOME/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file $HOME/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer
echo -e "\n\n"
echo "

6
inventories/pvjjk-1vos-niinisalo/group_vars/pvjjk_1vos_niinisalo Normal file
View File

@@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
30383633646132396336336135366264386137643166376336666261316465346632353333616361
3134623361333633653666313035633536396662613234320a386239373636623061383331663438
64366431613763376239613036633365346266643163396331653237313662346231623731373530
6630653939373762380a363939383862623336666361303032653431356139383766663331656335
3438

6
inventories/pvjjk-1vos-niinisalo/host_vars/argo.aito.tjas Normal file
View File

@@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
37353031396164353032396635313539613734613432323435383137303835383439663439363337
6230323066313361383061633932616230363465326239640a333739323064653263336337633639
64343833623362323734363239653866383037313331613738653133636364623237326637313232
3462636261386230380a313634313965343733616137663532623965393835306562633635633831
3166

51
inventories/pvjjk-1vos-niinisalo/host_vars/olympus.juva.tjas Normal file
View File

@@ -0,0 +1,51 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
30386163316331336461633036653363613064366361653938616138353736366463643664393933
6533383232616130626431353164663738346630616465300a393062663634356566656562646137
36623535313932316262663064366535616565386436653761336463323163646439656563303262
6531373030393264310a623933386234306532643664363335386231626664643531656433323731
30373237626531336431343965313239616339356162383262313363363262613463303236643734
62303636646232383235316137393634626235386662616339343231626661376331396138343361
31663630306431653532666463326536636365663163663162643136366363333638333930373234
36306166366533636562363063336436333465393231316363343864373335646437373561353538
31613162643664633435363831326230373635313165633566323135303263323034636265393163
62373234613334393261356464643262616132343963383165303534346335373634396161383532
31623330373935613866336135323038343030353865373863633562303134613662353762376134
61653035313965316134666534366435663333386235636266376164663731646365626135613166
39333934653563623966366466613436313635313537363337386133356433356336303938333366
66653735636462383666396332656333666234333435333062356338383034656637323438316134
62386136663962336232623663666438333931376561303964636563306664313134373338303339
32313635643136396365383834343438633463366262366330653034333332653038356331346566
30336164393136383434646636376239656162643734643735306436303961326565346566333461
33383861356537656262646131386134303165636632343134383264353466316633663732396334
33373664633239396234366534636365346631643063373836666233626565626234363433313866
31663464346264393731623364373035616134376430333764383836353132386339636537326637
36366662333336373633653330353939396239623037653862393932373932353834373339373934
61663338666164663235653337336238626462653336313532643131383638336535376232303465
64363530393065383639663731383036613338343436313937663162643434323835353363653738
62613139343934656135313832323532623263653038353166313531643036303538613436323664
33356434623633643462326564383263323833376165366536633264656366353137316265653534
36656561353634626330636363636133356265306336623737643961663061343630383330386538
63636434303066646261636338323563373663323835386563393539616663636139356536393462
37363766356138616232333162666562333261626661646538613862306264336636396562313665
35373266366134623263663363376630343263623335666663396438663238636534393130623134
36653465383763646563386361636530393366323538336532393661306362346333353661303334
32633966303964383861653365626332316135373731393935313262383164346233353765396561
33323864306336353732623937386235646366663764653965633764643864366331666262386639
66326335326562646630346435663533313335373034663565333839323961383366643263356133
64303030366263356231343530343566623935306431653866613165393633643835653330666436
38663535373666333763386436646337656133303262396237663931323864336630646466306462
65656536336533343065316637613034626333343837616363376263636635363866383638393234
39373030663230383865396131363638376537363362666439636235626461303930396464313532
63306136613265636438333764646465306565333435666233656534656538646465636263363433
37356131353530363665336564386264616235613564363065356234336537363561313666653637
35336638623730633735643465316164323739316636353762653965633831626561313532626139
62303933376637376334666362306133383035376561333361326338663762363230303533363632
62383539626263363636636164366139306666333165636130323765643532363338656261396135
36336664656335383561643637383066653531303236323765356666343765616134343036313538
34623935616531323536383565313238333564613635343332303238626534613337353430303864
30383131346163636335363563656465316263316439646530663665386636393261386536306265
34656230643662653665383730396335646562306161663233353835666131633730663237336434
62643631653738633638366133396364623837343138613765616362633262333333646639396637
36386533386439623866346335376164336439366133643266663938643333383836346538636536
35376335306435616236323163616163656366366630656535393233643966313166346530383365
3630646439643335393964313862363134396566636661643666

5
inventories/pvjjk-1vos-tjas/hosts.yml → inventories/pvjjk-1vos-niinisalo/hosts.yml
View File

@@ -1,6 +1,7 @@
---
pvjjk_1vos_tjas:
pvjjk_1vos_niinisalo:
hosts:
olympus.intra.tjas:
argo.aito.tjas:
olympus.juva.tjas:
vars:
ansible_python_interpreter: /usr/bin/python3

41
inventories/pvjjk-1vos-tjas/host_vars/olympus.intra.tjas
View File

@@ -1,41 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-tjas
64373537356265383835646633393666313433353930616236393663366439636536616464383132
6236316531333431663830663665613830363061666439320a373539613430323231643335373266
35653439666564373238303933636165393731303662323931663966623035323761396531346132
6164333533613038350a643431343134353965383932336262356431613965363431616130386639
31663335336535613863636336356531623836323130383030343838393934616332303631366433
63643462633265613761376361393538656137333066353532353830313839326230656235663639
65373735363039616535623561306462353837386238623362356661303133623264623335336538
39393864356434306161396361346134663331343534616262653737663163346166393837653632
31613539383933303936626665356538633862343233343534396462316264363637333730633434
39653838386537386434643531356662626663656134313434316665353565653538636133313436
32653632323366333365356561656335303834643264626561636232333235326662613963363631
61656239626438393266356133636562633265333735373061303336393539393139373065393163
39303533386330646336303232323261373832356461326463383962393562636638356534353639
62306132303536386364323932393265633737363334343033393731376230323830323632376164
62616535623065636361646235383932383366636339663938333162393563376266653930306135
38336636613764363065323662666166333934326465643636663833396436303538316431356437
38316338653131623566356463313262343334316330333166613938623965326663636437363865
38366565316631653334363764626264326665316239353066633161303933666336623038663665
35306434326537663836333930623765363165643261323336376435393561353033363432353535
65623034313466343065336135346162353739663934623635323830326139386463653831393466
64636633393239306538306663653836363866333335613536653434373762383330373464353330
38326132616232323137336539626164306232643131636538326630653136326532353739336163
66383733306431343039323437313533313966643138313862386563613431316264363834303565
37313161616637306130363432616139666635303361396361383230666236376435353965386430
66316666336162303239383263333134353765353639623030613932643761333030626265616366
63303763663361633062316233313265663865623730343866366164326139653239303135376134
36643933363937646534643335393130313766346263646230613963343835306135396138643436
33643638313833623566393464623131386532666661343264393039666233396666333035383265
34656461633932656237653936643331653831336666643461336162643337323166373461346333
61653066333532333566323366653833346238373664623830393237353661613435656162646234
38316137346463653731613938316665663963353531393132646430646161656366616565663034
37303530373532656339323737353061303732343930646639373231323032383863323161393761
65313061666664363730313562353931323034396535343636303137636134623639356663623432
65383964376434343237653933383834613366353362633830646664316436653836323030616563
64343435383436353332626534366538646637353166656135353038383564393739356664333530
37353764643964313037663936656335323532643963316430343038303366326163323432343862
33376264356634653533653561353164376632393465623638376535623562643464633930323466
36653932656237366532313834323566343232623935333166636462656664656239616636623036
64313366373165666133386232643334643562633634353938373064316461633435383066646437
63363466613135633130

50
protect.sh
View File

@@ -5,23 +5,37 @@ nounderline=`tput rmul`
bold=$(tput bold)
normal=$(tput sgr0)
echo "${bold}PVJJK 1.VOS TJAS / Infra / Protect${normal}"
echo "${bold}"
echo "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :\` \`.
| | | \`-'| | \| |_.' | '..\`''.)
| | ,--. | | | .-. |.-._) \\
| | | '-' / | | | |\ /
\`--' \`-----' \`--' \`--' \`-----'
"
echo "
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
PROTECT SCRIPT
"
echo -n "${normal}"
action=$1
encrypt() {
echo "${underline}Encrypting...${nounderline}"
execute "ansible-vault encrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas"
execute "ansible-vault encrypt --vault-id $1@vault/$1" $1
}
decrypt() {
echo "${underline}Decrypting...${nounderline}"
execute "ansible-vault decrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas"
execute "ansible-vault decrypt --vault-id $1@vault/$1" $1
}
list() {
echo "${underline}Listing...${nounderline}"
i=0
for file in inventories/*/group_vars/* inventories/*/host_vars/*;
for file in inventories/$1/group_vars/* inventories/$1/host_vars/*;
do
i=$((i + 1))
echo $i")"$file
@@ -29,7 +43,8 @@ list() {
}
execute() {
for file in inventories/*/group_vars/* inventories/*/host_vars/*;
i=0
for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
do
i=$((i + 1))
echo $i")"$file
@@ -40,18 +55,23 @@ for file in inventories/*/group_vars/* inventories/*/host_vars/*;
case $action in
encrypt)
encrypt
echo "${underline}Encrypting...${nounderline}"
encrypt pvjjk-1vos-niinisalo
;;
decrypt)
decrypt
echo "${underline}Decrypting...${nounderline}"
decrypt pvjjk-1vos-niinisalo
;;
list)
list
;;
help)
echo "encrypt, decrypt, list"
echo "${underline}Listing...${nounderline}"
list pvjjk-1vos-niinisalo
;;
*)
echo "..."
echo "${underline}HELP${nounderline}"
echo "encrypt - Encrypt Files"
echo "decrypt - Decrypt Files"
echo "list - List Files"
;;
esac
echo -e "\n\n\n"

6
tasks.yml
View File

@@ -10,6 +10,8 @@
import_tasks: tasks/installer.yml
vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags:
- installer
- never
@@ -18,6 +20,8 @@
import_tasks: tasks/maintenance.yml
vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags:
- maintenance
- never
@@ -26,6 +30,8 @@
import_tasks: tasks/deployer.yml
vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags:
- deployer
- never

259
tasks/deployer.yml
View File

@@ -58,7 +58,6 @@
containers.podman.podman_image:
name: docker.io/library/golang
tag: alpine
force: true
register: deployerTaskY2
- name: "Deployer - Yggdrasil - Clone Repository"
@@ -67,9 +66,9 @@
dest: ".cache/git/yggdrasil"
register: deployerTaskY3
- name: "Deployer - Yggdrasil - Pull Image"
- name: "Deployer - Yggdrasil - Build Image"
containers.podman.podman_image:
name: pvjjk-1vos-tjas/nginx
name: pvjjk-1vos-niinisalo/yggdrasil
tag: latest
path: "/root/data/yggdrasil"
build:
@@ -80,7 +79,7 @@
- name: "Deployer - Yggdrasil - Run Container"
containers.podman.podman_container:
name: yggdrasil
image: pvjjk-1vos-tjas/nginx:latest
image: pvjjk-1vos-niinisalo/yggdrasil:latest
state: started
recreate: on
network: host
@@ -102,12 +101,12 @@
state: directory
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Pull Image"
containers.podman.podman_image:
name: docker.io/library/mariadb
tag: latest
force: true
register: deployerTaskM1
- name: "Deployer - MariaDB - Run Container"
@@ -127,6 +126,7 @@
- (deployerTaskM1 is defined and deployerTaskM1.changed) or deployerTaskM1 is undefined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Wait"
ansible.builtin.wait_for:
@@ -137,6 +137,7 @@
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Upgrade"
containers.podman.podman_container_exec:
@@ -149,6 +150,7 @@
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Create Users"
community.mysql.mysql_user:
@@ -165,8 +167,14 @@
loop_var: "user"
when:
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
- config.mariadb.users is defined
- config.mariadb.users[user] is defined
- config.mariadb.users[user].username is defined
- config.mariadb.users[user].password is defined
- config.mariadb.users[user].database is defined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Create Database"
community.mysql.mysql_db:
@@ -180,8 +188,14 @@
loop_var: "user"
when:
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
- config.mariadb.users is defined
- config.mariadb.users[user] is defined
- config.mariadb.users[user].username is defined
- config.mariadb.users[user].password is defined
- config.mariadb.users[user].database is defined
tags:
- mariadb
- database
- name: "Deployer - Kea - Install"
ansible.builtin.apt:
@@ -189,75 +203,233 @@
- kea
state: latest
# - name: "Deployer - DHCP - Config"
# ansible.builtin.template:
# src: './files/dhcp/dhcpd.conf'
# dest: '/etc/dhcp/dhcpd.conf'
# register: deployerTaskD1
# tags:
# - dhcp
- name: "Deployer - Kea - Configure - DHCP4"
ansible.builtin.template:
src: './files/kea/kea-dhcp4.conf'
dest: '/etc/kea/kea-dhcp4.conf'
register: deployerTaskK1
tags:
- kea
- dhcp
# - name: "Deployer : DHCP : Restart"
# ansible.builtin.systemd_service:
# name: isc-dhcp-server
# state: restarted
# enabled: true
# when:
# - (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined
- name: "Deployer - Kea - Configure - Database : Init"
ansible.builtin.command:
cmd: "/usr/sbin/kea-admin db-init mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
register: deployerTaskK2
changed_when:
- deployerTaskK2.stdout.find('Initializing database') != -1
failed_when:
- deployerTaskK2.stdout.find('ERROR') != -1
- deployerTaskK2.stdout.find('Expected empty database kea.') == -1
tags:
- kea
- dhcp
- name: "Deployer - PowerDNS - Configure - Create Folder"
- name: "Deployer - Kea - Configure - Database : Upgrade"
ansible.builtin.command:
cmd: "/usr/sbin/kea-admin db-upgrade mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
tags:
- kea
- dhcp
- name: "Deployer : Kea : Restart"
ansible.builtin.systemd_service:
name: kea-dhcp4-server
state: restarted
when:
- (deployerTaskK1 is defined and deployerTaskK1.changed) or deployerTaskK1 is undefined or (deployerTaskK2 is defined and deployerTaskK2.changed) or deployerTaskK2 is undefined
tags:
- kea
- dhcp
- name: "Deployer : Kea : Start"
ansible.builtin.systemd_service:
name: kea-dhcp4-server
state: started
tags:
- kea
- dhcp
- name: "Deployer - dnsdist - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/powerdns/"
path: "/root/data/dnsdist/"
state: directory
tags:
- powerdns
- dnsdist
- dns
- name: "Deployer - PowerDNS - Configure - Create Subfolders"
- name: "Deployer - dnsdist - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/powerdns/{{ item.path }}'
dest: '/root/data/dnsdist/{{ item.path }}'
state: directory
with_filetree: './files/powerdns/'
with_filetree: './files/dnsdist/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns
- dnsdist
- dns
- name: "Deployer - PowerDNS - Configure - Generating & Transferring Files"
- name: "Deployer - dnsdist - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/powerdns/{{ item.path }}'
register: deployerTaskP1
with_filetree: './files/powerdns/'
dest: '/root/data/dnsdist/{{ item.path }}'
register: deployerTaskD1
with_filetree: './files/dnsdist/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns
- dnsdist
- dns
- name: "Deployer - PowerDNS - Pull Image"
- name: "Deployer - dnsdist - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-auth-49
name: docker.io/powerdns/dnsdist-20
tag: latest
force: true
register: deployerTaskP2
register: deployerTaskD2
- name: "Deployer - PowerDNS - Run Container"
- name: "Deployer - dnsdist - Run Container"
containers.podman.podman_container:
name: powerdns
image: docker.io/powerdns/pdns-auth-49:latest
name: dnsdist
image: docker.io/powerdns/dnsdist-20:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- /root/data/powerdns/config.conf:/etc/powerdns/pdns.conf:ro"
- "/root/data/dnsdist/config.conf:/etc/dnsdist/dnsdist.conf:ro"
tty: yes
interactive: yes
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskP1 is defined and deployerTaskP1.changed) or deployerTaskP1 is undefined or (deployerTaskP2 is defined and deployerTaskP2.changed) or deployerTaskP2 is undefined
- (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined or (deployerTaskD2 is defined and deployerTaskD2.changed) or deployerTaskD2 is undefined
tags:
- powerdns
- dnsdist
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/powerdns-authorative/"
state: directory
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/powerdns-authorative/{{ item.path }}'
state: directory
with_filetree: './files/powerdns-authorative/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/powerdns-authorative/{{ item.path }}'
register: deployerTaskPA1
with_filetree: './files/powerdns-authorative/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-auth-50
tag: latest
register: deployerTaskPA2
- name: "Deployer - PowerDNS Authorative - Run Container"
containers.podman.podman_container:
name: powerdns-authorative
image: docker.io/powerdns/pdns-auth-50:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/powerdns-authorative/config.conf:/etc/powerdns/pdns.conf:ro"
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskPA1 is defined and deployerTaskPA1.changed) or deployerTaskPA1 is undefined or (deployerTaskPA2 is defined and deployerTaskPA2.changed) or deployerTaskPA2 is undefined
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/powerdns-recursor/"
state: directory
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/powerdns-recursor/{{ item.path }}'
state: directory
with_filetree: './files/powerdns-recursor/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/powerdns-recursor/{{ item.path }}'
register: deployerTaskPR1
with_filetree: './files/powerdns-recursor/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-recursor-52
tag: latest
register: deployerTaskPR2
- name: "Deployer - PowerDNS Recursor - Run Container"
containers.podman.podman_container:
name: powerdns-recursor
image: docker.io/powerdns/pdns-recursor-52:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/powerdns-recursor/config.conf:/etc/powerdns/recursor.conf:ro"
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskPR1 is defined and deployerTaskPR1.changed) or deployerTaskPR1 is undefined or (deployerTaskPR2 is defined and deployerTaskPR2.changed) or deployerTaskPR2 is undefined
tags:
- powerdns-recursor
- dns
- name: "Deployer - Nginx - Configure - Create Folder"
ansible.builtin.file:
@@ -265,6 +437,7 @@
state: directory
tags:
- nginx
- www
- name: "Deployer - Nginx - Configure - Create Subfolders"
ansible.builtin.file:
@@ -277,6 +450,7 @@
- item.state == 'directory'
tags:
- nginx
- www
- name: "Deployer - Nginx - Configure - Generating & Transferring Files"
ansible.builtin.template:
@@ -290,12 +464,12 @@
- item.state == 'file'
tags:
- nginx
- www
- name: "Deployer - Nginx - Pull Image"
containers.podman.podman_image:
name: docker.io/library/nginx
tag: latest
force: true
register: deployerTaskN2
- name: "Deployer - Nginx - Run Container"
@@ -315,3 +489,4 @@
- (deployerTaskN1 is defined and deployerTaskN1.changed) or deployerTaskN1 is undefined or (deployerTaskN2 is defined and deployerTaskN2.changed) or deployerTaskN2 is undefined
tags:
- nginx
- www

75
tasks/installer.yml
View File

@@ -50,15 +50,49 @@
- pkg-config
- etckeeper
- picocom
- vlan
loop: "{{ packages }}"
loop_control:
label: "{{ package }}"
loop_var: "package"
- name: "Installer : Network : Configure"
- name: "Installer : Issue : Configure - Copy File"
ansible.builtin.template:
src: './files/network/interfaces'
src: './files/issue'
dest: '/etc/{{ file }}'
vars:
files:
- "issue"
- "issue.net"
loop: "{{ files }}"
loop_control:
label: "{{ file }}"
loop_var: "file"
tags:
- issue
- name: "Installer : Motd : Configure - Copy File"
ansible.builtin.template:
src: './files/motd'
dest: '/etc/motd'
tags:
- motd
- name: "Installer : Networking : Configure - Copy Configuration"
ansible.builtin.template:
src: './files/networking/interfaces'
dest: '/etc/network/interfaces'
tags:
- networking
- network
- name: "Installer : Networking : Start - Restart Service"
ansible.builtin.systemd_service:
name: networking
state: restarted
tags:
- networking
- network
- name: "Installer : FirewallD : Dependencies - Packages"
ansible.builtin.apt:
@@ -66,17 +100,26 @@
- python3-firewall
- iptables
state: latest
tags:
- firewalld
- firewall
- name: "Installer : FirewallD : Install"
ansible.builtin.apt:
name: "firewalld"
state: latest
tags:
- firewalld
- firewall
- name: "Installer : FirewallD : Start"
ansible.builtin.systemd_service:
name: firewalld
state: started
enabled: true
tags:
- firewalld
- firewall
- name: "Installer : FirewallD : Rules"
ansible.posix.firewalld:
@@ -90,12 +133,15 @@
- http
- https
- ssh
- dhcp
- dns
loop: "{{ services }}"
loop_control:
label: "{{ service }}"
loop_var: "service"
tags:
- firewalld
- firewall
- name: "Installer - Ansible - Python Library"
ansible.builtin.pip:
@@ -139,7 +185,7 @@
tags:
- ansible
- name: "Installer - Ansible - Dependencies / Python Libraries"
- name: "Installer - Ansible - Dependencies - Python Libraries"
ansible.builtin.pip:
name: "{{ library }}"
state: latest
@@ -158,8 +204,10 @@
loop_control:
label: "{{ library }}"
loop_var: "library"
tags:
- ansible
- name: "Installer : MariaDB : Dependencies / Python Library : pymysql"
- name: "Installer : MariaDB : Dependencies - Python Library : pymysql"
ansible.builtin.pip:
name: pymysql
state: latest
@@ -168,6 +216,15 @@
virtualenv_command: "python3 -m venv"
tags:
- mariadb
- database
- name: "Installer : MariaDB : Dependencies - Package : mariadb-client"
ansible.builtin.apt:
name: "mariadb-client"
state: latest
tags:
- mariadb
- database
- name: "Installer : Podman : Install"
ansible.builtin.apt:
@@ -178,13 +235,15 @@
- buildah
- slirp4netns
state: latest
tags:
- podman
- name: "Installer : Schedule : Maintenance"
ansible.builtin.cron:
name: "PVJJK 1.VOS TJAS - Infra - Maintenance"
hour: "*/3"
minute: "0"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t maintenance"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t maintenance"
tags:
- cron
@@ -192,6 +251,6 @@
ansible.builtin.cron:
name: "PVJJK 1.VOS TJAS - Infra - Deployer"
minute: "*/5"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t deployer"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t deployer"
tags:
- cron