Catching up with current successes
This commit is contained in:
parent
94a4736839
commit
921d53c724
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,4 +1,6 @@
|
|||||||
roles/Vanik/files
|
roles/Node/files/**
|
||||||
|
roles/Nazara/files/dns
|
||||||
|
roles/Nazara/files/dhcp
|
||||||
venv/
|
venv/
|
||||||
|
|
||||||
# ---> Python
|
# ---> Python
|
||||||
|
4
bin/generate-mirrorlist
Normal file
4
bin/generate-mirrorlist
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
curl -s https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/pacman-mirrorlist/trunk/mirrorlist | awk '/^## United States$/{f=1; next}f==0{next}/^$/{exit}{print substr($0, 1);}' | sed 's/^#Server/Server/' > /tmp/candidates
|
||||||
|
rankmirrors -n 6 /tmp/candidates > ../roles/ShadowArch/files/mirrorlist
|
@ -25,7 +25,7 @@ def WriteDHCPEntry(content,hosttype,hostclass):
|
|||||||
with open(dhcpfilepath,'a') as dhcpfile:
|
with open(dhcpfilepath,'a') as dhcpfile:
|
||||||
for host in content['all']['children'][hosttype]['children'][hostclass]['hosts']:
|
for host in content['all']['children'][hosttype]['children'][hostclass]['hosts']:
|
||||||
try:
|
try:
|
||||||
dhcpfile.write('dhcp-host=' + content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['vars']['mac'] + ',' + content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['vars']['ip'] + '\n')
|
dhcpfile.write('dhcp-host=' + content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['vars']['mac'] + ',' + content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['vars']['ip'] + ',' + host + '.' + content['all']['vars']['replica_domain'] + '\n')
|
||||||
except:
|
except:
|
||||||
print(host + ' is not complete for DHCP.')
|
print(host + ' is not complete for DHCP.')
|
||||||
|
|
||||||
@ -63,11 +63,11 @@ def GenerateFiles(file):
|
|||||||
|
|
||||||
# Add DNS entries for each host
|
# Add DNS entries for each host
|
||||||
hosttype = 'managed'
|
hosttype = 'managed'
|
||||||
for hostclass in ['physical','virtual','geth-hubs']:
|
for hostclass in ['physical','virtual','geth_hubs']:
|
||||||
WriteDNSEntry(content,hosttype,hostclass)
|
WriteDNSEntry(content,hosttype,hostclass)
|
||||||
WriteDHCPEntry(content,hosttype,hostclass)
|
WriteDHCPEntry(content,hosttype,hostclass)
|
||||||
hosttype = 'unmanaged'
|
hosttype = 'unmanaged'
|
||||||
for hostclass in ['ovas','hardware','iot']:
|
for hostclass in ['ovas','appliances','iot']:
|
||||||
WriteDNSEntry(content,hosttype,hostclass)
|
WriteDNSEntry(content,hosttype,hostclass)
|
||||||
WriteDHCPEntry(content,hosttype,hostclass)
|
WriteDHCPEntry(content,hosttype,hostclass)
|
||||||
|
|
||||||
|
21
bin/generate-ssh-keyscan
Executable file
21
bin/generate-ssh-keyscan
Executable file
@ -0,0 +1,21 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# File: gen-ssh-keyscan
|
||||||
|
#
|
||||||
|
# Description: This file generates a known_host block for the inventory.
|
||||||
|
#
|
||||||
|
# Package: AniNIX/HelloWorld
|
||||||
|
# Copyright: WTFPL
|
||||||
|
#
|
||||||
|
# Author: DarkFeather <ircs://aninix.net:6697/DarkFeather>
|
||||||
|
|
||||||
|
inventory="$1"
|
||||||
|
|
||||||
|
replicadomain="$(grep replica_domain:\ "$inventory" | awk '{ print $2; }';)"
|
||||||
|
|
||||||
|
for short in `ansible -i "$inventory" --list-hosts managed | grep -v hosts | sed 's/^\s\+//'`; do
|
||||||
|
long="$short"'.'"$replicadomain"
|
||||||
|
ip="$(dig "$long" +short)"
|
||||||
|
ssh-keyscan -t ed25519 -f <(echo "$long" "$long","$short","$ip") 2>&1
|
||||||
|
ssh-keyscan -t rsa -f <(echo "$long" "$long","$short","$ip") 2>/dev/null
|
||||||
|
done
|
@ -1,11 +1,13 @@
|
|||||||
all:
|
all:
|
||||||
vars:
|
vars:
|
||||||
# Environment-wide data
|
# Environment-wide data
|
||||||
replica_domain: MSN0.AniNIX.net
|
external_domain: AniNIX.net
|
||||||
|
replica_domain: "MSN0.{{ external_domain }}"
|
||||||
time_zone: "America/Chicago"
|
time_zone: "America/Chicago"
|
||||||
# Services used by all
|
# Services used by all
|
||||||
router: 10.0.1.1
|
router: 10.0.1.1
|
||||||
dns: 10.0.1.7 # TODO will change once IPs are resegmented.
|
netmask: 24
|
||||||
|
dns: 10.0.1.2
|
||||||
dhcprange: '10.0.1.224,10.0.1.254,255.255.255.0,12h'
|
dhcprange: '10.0.1.224,10.0.1.254,255.255.255.0,12h'
|
||||||
staticrange: '10.0.1.1,10.0.1.223,255.255.255.0,12h'
|
staticrange: '10.0.1.1,10.0.1.223,255.255.255.0,12h'
|
||||||
logserver: "Sharingan.{{ replica_domain }}"
|
logserver: "Sharingan.{{ replica_domain }}"
|
||||||
@ -13,190 +15,175 @@ all:
|
|||||||
# Standards
|
# Standards
|
||||||
daemon_shell: /sbin/nologin
|
daemon_shell: /sbin/nologin
|
||||||
user_shell: /bin/bash
|
user_shell: /bin/bash
|
||||||
|
ansible_become_method: sudo
|
||||||
|
ansible_become_user: root
|
||||||
|
static: false
|
||||||
|
wireless_ssid: 'Shadowfeed'
|
||||||
|
ansible_python_interpreter: auto_silent
|
||||||
children:
|
children:
|
||||||
managed:
|
managed:
|
||||||
children:
|
children:
|
||||||
physical: # 10.0.1.0/29
|
physical: # 10.0.1.0/28
|
||||||
vars:
|
|
||||||
depriv_user: pi
|
|
||||||
hosts:
|
hosts:
|
||||||
Nazara:
|
Nazara:
|
||||||
vars:
|
|
||||||
ipinterface: eth0
|
ipinterface: eth0
|
||||||
ip: 10.0.1.2
|
ip: 10.0.1.2
|
||||||
mac: B8:27:EB:B6:AA:0C
|
mac: B8:27:EB:B6:AA:0C
|
||||||
Node-1:
|
static: true
|
||||||
vars:
|
Core:
|
||||||
ipinterface: eth0
|
ipinterface: enp1s0f0
|
||||||
ip: 10.0.1.3
|
ip: 10.0.1.3
|
||||||
mac: B8:27:EB:B6:AA:0C
|
mac: 00:25:90:0d:6e:86
|
||||||
Node-2:
|
static: true
|
||||||
vars:
|
sslidentity: aninix.net-0001
|
||||||
ipinterface: eth0
|
Node0:
|
||||||
|
ipinterface: enp1s0f0
|
||||||
ip: 10.0.1.4
|
ip: 10.0.1.4
|
||||||
mac: B8:27:EB:B6:AA:0C
|
mac: DE:8B:9E:19:55:1D
|
||||||
Node-3:
|
static: true
|
||||||
vars:
|
virtual: # 10.0.1.16/28
|
||||||
ipinterface: eth0
|
|
||||||
ip: 10.0.1.5
|
|
||||||
mac: B8:27:EB:B6:AA:0C
|
|
||||||
Node-4:
|
|
||||||
vars:
|
|
||||||
ipinterface: eth0
|
|
||||||
ip: 10.0.1.6
|
|
||||||
mac: B8:27:EB:B6:AA:0C
|
|
||||||
Node-5:
|
|
||||||
vars:
|
|
||||||
ipinterface: eth0
|
|
||||||
ip: 10.0.1.7
|
|
||||||
mac: B8:27:EB:B6:AA:0C
|
|
||||||
virtual: # 10.0.1.8/29
|
|
||||||
vars:
|
vars:
|
||||||
depriv_user: depriv
|
|
||||||
hosts:
|
hosts:
|
||||||
Sharingan:
|
Sharingan:
|
||||||
vars:
|
ip: 10.0.1.16
|
||||||
ip: 10.0.1.8
|
ipinterface: ens3
|
||||||
mac: 00:15:5D:01:02:05
|
mac: 00:15:5D:01:02:10
|
||||||
cores: 4
|
cores: 6
|
||||||
memory: 4
|
memory: 6
|
||||||
|
vnc: 8
|
||||||
bridge: br0
|
bridge: br0
|
||||||
disks:
|
disks:
|
||||||
- '-drive file=/srv/maat/vm/Sharingan.qcow2,format=qcow2,l2-cache-size=1M'
|
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/Sharingan.qcow2'
|
||||||
DarkNet:
|
DarkNet:
|
||||||
vars:
|
ip: 10.0.1.17
|
||||||
ip: 10.0.1.9
|
ipinterface: eth0
|
||||||
mac: 00:15:5D:01:02:04
|
mac: 00:15:5D:01:02:05
|
||||||
cores: 2
|
cores: 2
|
||||||
memory: 2
|
memory: 2
|
||||||
|
vnc: 9
|
||||||
bridge: br0
|
bridge: br0
|
||||||
disks:
|
disks:
|
||||||
- '-hda /dev/sdb'
|
- '-drive if=none,id=disk0,cache=none,format=raw,aio=native,file=/dev/sdb'
|
||||||
Maat:
|
Maat:
|
||||||
vars:
|
ip: 10.0.1.18
|
||||||
ip: 10.0.1.10
|
ipinterface: ens3
|
||||||
mac: 00:15:5d:01:02:06
|
|
||||||
cores: 2
|
|
||||||
memory: 2
|
|
||||||
bridge: br0
|
|
||||||
disks:
|
|
||||||
- '-drive file=/srv/maat/vm/MaatBuilder.qcow2,format=qcow2,l2-cache-size=1M'
|
|
||||||
Aether:
|
|
||||||
vars:
|
|
||||||
ip: 10.0.1.11
|
|
||||||
mac: 00:15:5d:01:02:07
|
mac: 00:15:5d:01:02:07
|
||||||
cores: 2
|
cores: 2
|
||||||
memory: 2
|
memory: 2
|
||||||
bridge: br0
|
bridge: br0
|
||||||
|
vnc: 7
|
||||||
disks:
|
disks:
|
||||||
- '-hda /dev/sdd'
|
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/Maat.qcow2'
|
||||||
- '-cdrom /srv/maat/iso/archlinux.iso -boot order=d'
|
geth_hubs: # 10.0.1.32/28
|
||||||
Core:
|
|
||||||
vars:
|
|
||||||
depriv_user: DarkFeather
|
|
||||||
ipinterface: enp1s0f0
|
|
||||||
ip: 10.0.1.12
|
|
||||||
mac: 00:25:90:0d:6e:86
|
|
||||||
geth-hubs: # 10.0.1.16/29
|
|
||||||
vars:
|
vars:
|
||||||
depriv_user: pi
|
motion_enabled: yes
|
||||||
hosts:
|
hosts:
|
||||||
Geth-Hub-1:
|
Geth-Hub-1:
|
||||||
vars:
|
ip: 10.0.1.32
|
||||||
ip: 10.0.1.16
|
|
||||||
mac: 84:16:F9:14:15:C5
|
mac: 84:16:F9:14:15:C5
|
||||||
Geth-Hub-2:
|
Geth-Hub-2:
|
||||||
vars:
|
ip: 10.0.1.33
|
||||||
ip: 10.0.1.17
|
|
||||||
mac: 84:16:F9:13:B6:E6
|
mac: 84:16:F9:13:B6:E6
|
||||||
# Geth-Hub-3:
|
motion_enabled: no
|
||||||
# vars:
|
Geth-Hub-3:
|
||||||
# ip: 10.0.1.18
|
ip: 10.0.1.34
|
||||||
# mac: b8:27:eb:60:73:68
|
mac: b8:27:eb:60:73:68
|
||||||
unmanaged:
|
unmanaged:
|
||||||
children:
|
children:
|
||||||
ovas: # 10.0.1.24/29
|
ovas: # 10.0.1.48/28
|
||||||
hosts:
|
hosts:
|
||||||
DedNet:
|
TDS-Jump:
|
||||||
vars:
|
ip: 10.0.1.48
|
||||||
ip: 10.0.1.24
|
|
||||||
mac: 00:15:5d:01:02:08
|
mac: 00:15:5d:01:02:08
|
||||||
cores: 2
|
cores: 2
|
||||||
memory: 2
|
memory: 2
|
||||||
|
vnc: 4
|
||||||
bridge: br0
|
bridge: br0
|
||||||
disks:
|
disks:
|
||||||
- '-drive file=/srv/maat/vm/DedNet.qcow2,format=qcow2'
|
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/TDSJump.qcow2'
|
||||||
- '-cdrom /srv/maat/iso/kali-linux.iso -boot order=d'
|
|
||||||
Geth:
|
Geth:
|
||||||
vars:
|
ip: 10.0.1.49
|
||||||
ip: 10.0.1.25
|
mac: DE:8B:9E:19:55:1E
|
||||||
|
cores: 2
|
||||||
|
memory: 2
|
||||||
|
vnc: 6
|
||||||
|
bridge: br0
|
||||||
|
disks:
|
||||||
|
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/hassos_ova-5.13.qcow2'
|
||||||
|
DedNet:
|
||||||
|
ip: 10.0.1.50
|
||||||
mac: 00:15:5d:01:02:09
|
mac: 00:15:5d:01:02:09
|
||||||
cores: 2
|
cores: 2
|
||||||
memory: 2
|
memory: 2
|
||||||
|
vnc: 3
|
||||||
bridge: br0
|
bridge: br0
|
||||||
disks:
|
disks:
|
||||||
- '-drive file=/srv/maat/vm/DedNet.qcow2,format=qcow2'
|
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/DedNet.qcow2'
|
||||||
- '-cdrom /srv/maat/iso/kali-linux.iso -boot order=d'
|
- '-cdrom /srv/maat/iso/kali-linux.iso -boot order=d'
|
||||||
hardware:
|
Aether:
|
||||||
hosts: # 10.0.1.32/28
|
ip: 10.0.1.51
|
||||||
Tachikoma:
|
mac: 00:15:5d:01:02:11
|
||||||
vars:
|
cores: 2
|
||||||
ip: 10.0.1.32
|
memory: 2
|
||||||
mac: aa:aa:aa:aa:aa:aa
|
vnc: 5
|
||||||
Dedsec:
|
bridge: br0
|
||||||
vars:
|
disks:
|
||||||
ip: 10.0.1.33
|
- '-drive if=none,id=disk0,cache=none,format=raw,aio=native,file=/dev/sdc'
|
||||||
mac: 34:f6:4b:36:12:8f
|
- '-cdrom /srv/maat/iso/archlinux.iso -boot order=d'
|
||||||
DarkFeather:
|
|
||||||
vars:
|
appliances:
|
||||||
ip: 10.0.1.34
|
hosts: # 10.0.1.64/27
|
||||||
mac: 64:C2:DE:78:BB:40
|
|
||||||
Lykos:
|
|
||||||
vars:
|
|
||||||
ip: 10.0.1.35
|
|
||||||
mac: 64:C2:DE:0C:AB:0D
|
|
||||||
Games:
|
|
||||||
vars:
|
|
||||||
ip: 10.0.1.36
|
|
||||||
mac: 00:1F:BC:10:1C:F7
|
|
||||||
Shadowfeed:
|
Shadowfeed:
|
||||||
vars:
|
|
||||||
ip: 10.0.1.1
|
ip: 10.0.1.1
|
||||||
mac: 2c:30:33:64:f4:03
|
mac: 2c:30:33:64:f4:03
|
||||||
|
DarkFeather:
|
||||||
|
ip: 10.0.1.64
|
||||||
|
mac: D0:40:EF:D4:14:CF
|
||||||
|
Lykos:
|
||||||
|
ip: 10.0.1.65
|
||||||
|
mac: 70:74:14:4F:8E:42
|
||||||
|
Games:
|
||||||
|
ip: 10.0.1.66
|
||||||
|
mac: 00:1F:BC:10:1C:F8
|
||||||
Print:
|
Print:
|
||||||
vars:
|
ip: 10.0.1.67
|
||||||
ip: 10.0.1.37
|
|
||||||
mac: 00:80:92:77:CE:E4
|
mac: 00:80:92:77:CE:E4
|
||||||
Core-Console:
|
|
||||||
vars:
|
|
||||||
ip: 10.0.1.38
|
|
||||||
mac: 00:25:90:0D:82:5B
|
|
||||||
Maat-Console:
|
|
||||||
vars:
|
|
||||||
ip: 10.0.1.39
|
|
||||||
mac: 00:25:90:3E:C6:8C
|
|
||||||
Geth-Eyes:
|
Geth-Eyes:
|
||||||
vars:
|
ip: 10.0.1.68
|
||||||
ip: 10.0.1.40
|
mac: 9C:A3:AA:33:A3:99
|
||||||
mac: 9c:a3:aa:33:a3:99
|
LivingRoomTV:
|
||||||
# dhcp build space: 10.0.1.224/27
|
ip: 10.0.1.69
|
||||||
|
mac: 80:D2:1D:17:63:0E
|
||||||
|
BedRoomTV:
|
||||||
|
ip: 10.0.1.70
|
||||||
|
mac: 80:D2:1D:17:63:0F
|
||||||
|
TraingRoomTV:
|
||||||
|
ip: 10.0.1.71
|
||||||
|
mac: 80:D2:1D:17:63:10
|
||||||
|
Tachikoma:
|
||||||
|
ip: 10.0.1.72
|
||||||
|
mac: B8:76:3F:70:DB:C1
|
||||||
|
Dedsec:
|
||||||
|
ip: 10.0.1.73
|
||||||
|
mac: 34:F6:4B:36:12:8F
|
||||||
|
"Core.Console":
|
||||||
|
ip: 10.0.1.74
|
||||||
|
mac: 00:25:90:0D:82:5B
|
||||||
|
"Node0.Console":
|
||||||
|
ip: 10.0.1.75
|
||||||
|
mac: 00:25:90:3E:C6:8C
|
||||||
|
# dhcp build space: 10.0.1.224/27
|
||||||
iot: # 10.0.2.0/24
|
iot: # 10.0.2.0/24
|
||||||
hosts:
|
hosts:
|
||||||
LinKeuei:
|
LinKeuei:
|
||||||
vars:
|
|
||||||
ip: 10.0.2.2
|
ip: 10.0.2.2
|
||||||
mac: 64:16:66:08:57:F5
|
mac: 64:16:66:08:57:F5
|
||||||
Canary:
|
Canary:
|
||||||
vars:
|
|
||||||
ip: 10.0.2.3
|
ip: 10.0.2.3
|
||||||
mac: 18:B4:30:2F:F1:37
|
mac: 18:B4:30:2F:F1:37
|
||||||
Charon:
|
Charon:
|
||||||
vars:
|
|
||||||
ip: 10.0.2.4
|
ip: 10.0.2.4
|
||||||
mac: 64:52:99:14:28:2B
|
mac: 64:52:99:14:28:2B
|
||||||
Skitarii-1:
|
Skitarii-1:
|
||||||
vars:
|
|
||||||
ip: 10.0.2.5
|
ip: 10.0.2.5
|
||||||
mac: 40:9F:38:95:06:34
|
mac: 40:9F:38:95:06:34
|
||||||
|
|
||||||
|
|
||||||
|
57
precommit-hooks/find-bad-ipam
Executable file
57
precommit-hooks/find-bad-ipam
Executable file
@ -0,0 +1,57 @@
|
|||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
# File: find-bad-ipam
|
||||||
|
#
|
||||||
|
# Description: This file finds bad IPAM entries in an inventory.
|
||||||
|
#
|
||||||
|
# Package: AniNIX/Ubiqtorate
|
||||||
|
# Copyright: WTFPL
|
||||||
|
#
|
||||||
|
# Author: DarkFeather <ircs://aninix.net:6697/DarkFeather>
|
||||||
|
|
||||||
|
file="examples/msn0.yml"
|
||||||
|
|
||||||
|
function findBadTerm() {
|
||||||
|
### Check for a term to be duplicated.
|
||||||
|
# param file: the file
|
||||||
|
# param term: the term to search for duplicates
|
||||||
|
file="$1"
|
||||||
|
term="$2"
|
||||||
|
results="$(grep "$term:" "$file" | sed 's/\s\+'"$term"':\s*//' | sort)"
|
||||||
|
|
||||||
|
if ! diff <(echo "$results") <(echo "$results" | uniq); then
|
||||||
|
echo "Some ${term^^} entries are duplicated. Search for the above terms in your inventory and deduplicate."
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function Usage() {
|
||||||
|
### Helptext
|
||||||
|
# param retcode: what to return
|
||||||
|
retcode="$1"
|
||||||
|
echo "Usage: $0 -f SOMEFILE"
|
||||||
|
echo " $0 -h"
|
||||||
|
echo "Add -v for verbosity."
|
||||||
|
exit $retcode
|
||||||
|
}
|
||||||
|
|
||||||
|
while getopts 'f:hv' OPTION; do
|
||||||
|
### Parse arguments
|
||||||
|
case "$OPTION" in
|
||||||
|
f) file="$OPTARG" ;;
|
||||||
|
h) echo "Find bad IPAM entries in an inventory." ; Usage 0 ;;
|
||||||
|
v) set -x ;;
|
||||||
|
*) Usage 1 ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
# Sanity check
|
||||||
|
if [ -z "$file" ] || [ ! -f "$file" ]; then
|
||||||
|
echo Need an inventory to process.
|
||||||
|
Usage 3;
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check for the unique attributes.
|
||||||
|
for i in ip vnc mac; do
|
||||||
|
findBadTerm "$file" "$i"
|
||||||
|
done
|
44
roles/Geth-Hub/files/lircd.conf/Geth-Hub-3
Normal file
44
roles/Geth-Hub/files/lircd.conf/Geth-Hub-3
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
|
||||||
|
# Please make this file available to others
|
||||||
|
# by sending it to <lirc@bartelmus.de>
|
||||||
|
#
|
||||||
|
# this config file was automatically generated
|
||||||
|
# using lirc-0.9.0-pre1(default) on Thu Jun 29 00:24:26 2017
|
||||||
|
#
|
||||||
|
# contributed by darkfeather@aninix.net
|
||||||
|
#
|
||||||
|
# brand: LG.conf
|
||||||
|
# model no. of remote control: AKB73715608
|
||||||
|
# devices being controlled by this remote: TV
|
||||||
|
#
|
||||||
|
|
||||||
|
begin remote
|
||||||
|
|
||||||
|
name LG-AKB73715608
|
||||||
|
bits 16
|
||||||
|
flags SPACE_ENC|CONST_LENGTH
|
||||||
|
eps 30
|
||||||
|
aeps 100
|
||||||
|
|
||||||
|
header 9063 4496
|
||||||
|
one 579 1673
|
||||||
|
zero 579 546
|
||||||
|
ptrail 580
|
||||||
|
repeat 9066 2248
|
||||||
|
pre_data_bits 16
|
||||||
|
pre_data 0x20DF
|
||||||
|
gap 108528
|
||||||
|
toggle_bit_mask 0x0
|
||||||
|
|
||||||
|
begin codes
|
||||||
|
KEY_POWER 0x10EF
|
||||||
|
KEY_VOLUMEUP 0x40BF
|
||||||
|
KEY_VOLUMEDOWN 0xC03F
|
||||||
|
KEY_CONFIG 0xD02F
|
||||||
|
KEY_ENTER 0x22DD
|
||||||
|
KEY_MUTE 0x906F
|
||||||
|
end codes
|
||||||
|
|
||||||
|
end remote
|
||||||
|
|
||||||
|
|
770
roles/Geth-Hub/files/motion.conf/Geth-Hub-2
Normal file
770
roles/Geth-Hub/files/motion.conf/Geth-Hub-2
Normal file
@ -0,0 +1,770 @@
|
|||||||
|
# Rename this distribution example file to motion.conf
|
||||||
|
#
|
||||||
|
# This config file was generated by motion 4.0.1
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Daemon
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Start in daemon (background) mode and release terminal (default: off)
|
||||||
|
daemon on
|
||||||
|
|
||||||
|
# File to store the process ID, also called pid file. (default: not defined)
|
||||||
|
process_id_file /var/run/motion/motion.pid
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Basic Setup Mode
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Start in Setup-Mode, daemon disabled. (default: off)
|
||||||
|
setup_mode off
|
||||||
|
|
||||||
|
|
||||||
|
# Use a file to save logs messages, if not defined stderr and syslog is used. (default: not defined)
|
||||||
|
;logfile /tmp/motion.log
|
||||||
|
|
||||||
|
# Level of log messages [1..9] (EMG, ALR, CRT, ERR, WRN, NTC, INF, DBG, ALL). (default: 6 / NTC)
|
||||||
|
log_level 6
|
||||||
|
|
||||||
|
# Filter to log messages by type (COR, STR, ENC, NET, DBL, EVT, TRK, VID, ALL). (default: ALL)
|
||||||
|
log_type all
|
||||||
|
|
||||||
|
###########################################################
|
||||||
|
# Capture device options
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Videodevice to be used for capturing (default /dev/video0)
|
||||||
|
# for FreeBSD default is /dev/bktr0
|
||||||
|
videodevice /dev/video0
|
||||||
|
|
||||||
|
# v4l2_palette allows one to choose preferable palette to be use by motion
|
||||||
|
# to capture from those supported by your videodevice. (default: 17)
|
||||||
|
# E.g. if your videodevice supports both V4L2_PIX_FMT_SBGGR8 and
|
||||||
|
# V4L2_PIX_FMT_MJPEG then motion will by default use V4L2_PIX_FMT_MJPEG.
|
||||||
|
# Setting v4l2_palette to 2 forces motion to use V4L2_PIX_FMT_SBGGR8
|
||||||
|
# instead.
|
||||||
|
#
|
||||||
|
# Values :
|
||||||
|
# V4L2_PIX_FMT_SN9C10X : 0 'S910'
|
||||||
|
# V4L2_PIX_FMT_SBGGR16 : 1 'BYR2'
|
||||||
|
# V4L2_PIX_FMT_SBGGR8 : 2 'BA81'
|
||||||
|
# V4L2_PIX_FMT_SPCA561 : 3 'S561'
|
||||||
|
# V4L2_PIX_FMT_SGBRG8 : 4 'GBRG'
|
||||||
|
# V4L2_PIX_FMT_SGRBG8 : 5 'GRBG'
|
||||||
|
# V4L2_PIX_FMT_PAC207 : 6 'P207'
|
||||||
|
# V4L2_PIX_FMT_PJPG : 7 'PJPG'
|
||||||
|
# V4L2_PIX_FMT_MJPEG : 8 'MJPEG'
|
||||||
|
# V4L2_PIX_FMT_JPEG : 9 'JPEG'
|
||||||
|
# V4L2_PIX_FMT_RGB24 : 10 'RGB3'
|
||||||
|
# V4L2_PIX_FMT_SPCA501 : 11 'S501'
|
||||||
|
# V4L2_PIX_FMT_SPCA505 : 12 'S505'
|
||||||
|
# V4L2_PIX_FMT_SPCA508 : 13 'S508'
|
||||||
|
# V4L2_PIX_FMT_UYVY : 14 'UYVY'
|
||||||
|
# V4L2_PIX_FMT_YUYV : 15 'YUYV'
|
||||||
|
# V4L2_PIX_FMT_YUV422P : 16 '422P'
|
||||||
|
# V4L2_PIX_FMT_YUV420 : 17 'YU12'
|
||||||
|
#
|
||||||
|
v4l2_palette 17
|
||||||
|
|
||||||
|
# Tuner device to be used for capturing using tuner as source (default /dev/tuner0)
|
||||||
|
# This is ONLY used for FreeBSD. Leave it commented out for Linux
|
||||||
|
; tunerdevice /dev/tuner0
|
||||||
|
|
||||||
|
# The video input to be used (default: -1)
|
||||||
|
# Should normally be set to 0 or 1 for video/TV cards, and -1 for USB cameras
|
||||||
|
# Set to 0 for uvideo(4) on OpenBSD
|
||||||
|
input -1
|
||||||
|
|
||||||
|
# The video norm to use (only for video capture and TV tuner cards)
|
||||||
|
# Values: 0 (PAL), 1 (NTSC), 2 (SECAM), 3 (PAL NC no colour). Default: 0 (PAL)
|
||||||
|
norm 0
|
||||||
|
|
||||||
|
# The frequency to set the tuner to (kHz) (only for TV tuner cards) (default: 0)
|
||||||
|
frequency 0
|
||||||
|
|
||||||
|
# Override the power line frequency for the webcam. (normally not necessary)
|
||||||
|
# Values:
|
||||||
|
# -1 : Do not modify device setting
|
||||||
|
# 0 : Power line frequency Disabled
|
||||||
|
# 1 : 50hz
|
||||||
|
# 2 : 60hz
|
||||||
|
# 3 : Auto
|
||||||
|
power_line_frequency -1
|
||||||
|
|
||||||
|
# Rotate image this number of degrees. The rotation affects all saved images as
|
||||||
|
# well as movies. Valid values: 0 (default = no rotation), 90, 180 and 270.
|
||||||
|
rotate 0
|
||||||
|
|
||||||
|
# Image width (pixels). Valid range: Camera dependent, default: 352
|
||||||
|
width 640
|
||||||
|
|
||||||
|
# Image height (pixels). Valid range: Camera dependent, default: 288
|
||||||
|
height 480
|
||||||
|
|
||||||
|
# Maximum number of frames to be captured per second.
|
||||||
|
# Valid range: 2-100. Default: 100 (almost no limit).
|
||||||
|
framerate 100
|
||||||
|
|
||||||
|
# Minimum time in seconds between capturing picture frames from the camera.
|
||||||
|
# Default: 0 = disabled - the capture rate is given by the camera framerate.
|
||||||
|
# This option is used when you want to capture images at a rate lower than 2 per second.
|
||||||
|
minimum_frame_time 0
|
||||||
|
|
||||||
|
# URL to use if you are using a network camera, size will be autodetected (incl http:// ftp:// mjpg:// rtsp:// mjpeg:// or file:///)
|
||||||
|
# Must be a URL that returns single jpeg pictures or a raw mjpeg stream. A trailing slash may be required for some cameras.
|
||||||
|
# Default: Not defined
|
||||||
|
; netcam_url value
|
||||||
|
|
||||||
|
# Username and password for network camera (only if required). Default: not defined
|
||||||
|
# Syntax is user:password
|
||||||
|
; netcam_userpass value
|
||||||
|
|
||||||
|
# The setting for keep-alive of network socket, should improve performance on compatible net cameras.
|
||||||
|
# off: The historical implementation using HTTP/1.0, closing the socket after each http request.
|
||||||
|
# force: Use HTTP/1.0 requests with keep alive header to reuse the same connection.
|
||||||
|
# on: Use HTTP/1.1 requests that support keep alive as default.
|
||||||
|
# Default: off
|
||||||
|
netcam_keepalive off
|
||||||
|
|
||||||
|
# URL to use for a netcam proxy server, if required, e.g. "http://myproxy".
|
||||||
|
# If a port number other than 80 is needed, use "http://myproxy:1234".
|
||||||
|
# Default: not defined
|
||||||
|
; netcam_proxy value
|
||||||
|
|
||||||
|
# Set less strict jpeg checks for network cameras with a poor/buggy firmware.
|
||||||
|
# Default: off
|
||||||
|
netcam_tolerant_check off
|
||||||
|
|
||||||
|
# RTSP connection uses TCP to communicate to the camera. Can prevent image corruption.
|
||||||
|
# Default: on
|
||||||
|
rtsp_uses_tcp on
|
||||||
|
|
||||||
|
# Name of camera to use if you are using a camera accessed through OpenMax/MMAL
|
||||||
|
# Default: Not defined
|
||||||
|
; mmalcam_name vc.ril.camera
|
||||||
|
|
||||||
|
# Camera control parameters (see raspivid/raspistill tool documentation)
|
||||||
|
# Default: Not defined
|
||||||
|
; mmalcam_control_params -hf
|
||||||
|
|
||||||
|
# Let motion regulate the brightness of a video device (default: off).
|
||||||
|
# The auto_brightness feature uses the brightness option as its target value.
|
||||||
|
# If brightness is zero auto_brightness will adjust to average brightness value 128.
|
||||||
|
# Only recommended for cameras without auto brightness
|
||||||
|
auto_brightness off
|
||||||
|
|
||||||
|
# Set the initial brightness of a video device.
|
||||||
|
# If auto_brightness is enabled, this value defines the average brightness level
|
||||||
|
# which Motion will try and adjust to.
|
||||||
|
# Valid range 0-255, default 0 = disabled
|
||||||
|
brightness 0
|
||||||
|
|
||||||
|
# Set the contrast of a video device.
|
||||||
|
# Valid range 0-255, default 0 = disabled
|
||||||
|
contrast 0
|
||||||
|
|
||||||
|
# Set the saturation of a video device.
|
||||||
|
# Valid range 0-255, default 0 = disabled
|
||||||
|
saturation 0
|
||||||
|
|
||||||
|
# Set the hue of a video device (NTSC feature).
|
||||||
|
# Valid range 0-255, default 0 = disabled
|
||||||
|
hue 0
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Round Robin (multiple inputs on same video device name)
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Number of frames to capture in each roundrobin step (default: 1)
|
||||||
|
roundrobin_frames 1
|
||||||
|
|
||||||
|
# Number of frames to skip before each roundrobin step (default: 1)
|
||||||
|
roundrobin_skip 1
|
||||||
|
|
||||||
|
# Try to filter out noise generated by roundrobin (default: off)
|
||||||
|
switchfilter off
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Motion Detection Settings:
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Threshold for number of changed pixels in an image that
|
||||||
|
# triggers motion detection (default: 1500)
|
||||||
|
threshold 1500
|
||||||
|
|
||||||
|
# Automatically tune the threshold down if possible (default: off)
|
||||||
|
threshold_tune off
|
||||||
|
|
||||||
|
# Noise threshold for the motion detection (default: 32)
|
||||||
|
noise_level 32
|
||||||
|
|
||||||
|
# Automatically tune the noise threshold (default: on)
|
||||||
|
noise_tune on
|
||||||
|
|
||||||
|
# Despeckle motion image using (e)rode or (d)ilate or (l)abel (Default: not defined)
|
||||||
|
# Recommended value is EedDl. Any combination (and number of) of E, e, d, and D is valid.
|
||||||
|
# (l)abeling must only be used once and the 'l' must be the last letter.
|
||||||
|
# Comment out to disable
|
||||||
|
despeckle_filter EedDl
|
||||||
|
|
||||||
|
# Detect motion in predefined areas (1 - 9). Areas are numbered like that: 1 2 3
|
||||||
|
# A script (on_area_detected) is started immediately when motion is 4 5 6
|
||||||
|
# detected in one of the given areas, but only once during an event. 7 8 9
|
||||||
|
# One or more areas can be specified with this option. Take care: This option
|
||||||
|
# does NOT restrict detection to these areas! (Default: not defined)
|
||||||
|
; area_detect value
|
||||||
|
|
||||||
|
# PGM file to use as a sensitivity mask.
|
||||||
|
# Full path name to. (Default: not defined)
|
||||||
|
; mask_file value
|
||||||
|
|
||||||
|
# Dynamically create a mask file during operation (default: 0)
|
||||||
|
# Adjust speed of mask changes from 0 (off) to 10 (fast)
|
||||||
|
smart_mask_speed 0
|
||||||
|
|
||||||
|
# Ignore sudden massive light intensity changes given as a percentage of the picture
|
||||||
|
# area that changed intensity. Valid range: 0 - 100 , default: 0 = disabled
|
||||||
|
lightswitch 0
|
||||||
|
|
||||||
|
# Picture frames must contain motion at least the specified number of frames
|
||||||
|
# in a row before they are detected as true motion. At the default of 1, all
|
||||||
|
# motion is detected. Valid range: 1 to thousands, recommended 1-5
|
||||||
|
minimum_motion_frames 1
|
||||||
|
|
||||||
|
# Specifies the number of pre-captured (buffered) pictures from before motion
|
||||||
|
# was detected that will be output at motion detection.
|
||||||
|
# Recommended range: 0 to 5 (default: 0)
|
||||||
|
# Do not use large values! Large values will cause Motion to skip video frames and
|
||||||
|
# cause unsmooth movies. To smooth movies use larger values of post_capture instead.
|
||||||
|
pre_capture 0
|
||||||
|
|
||||||
|
# Number of frames to capture after motion is no longer detected (default: 0)
|
||||||
|
post_capture 0
|
||||||
|
|
||||||
|
# Event Gap is the seconds of no motion detection that triggers the end of an event.
|
||||||
|
# An event is defined as a series of motion images taken within a short timeframe.
|
||||||
|
# Recommended value is 60 seconds (Default). The value -1 is allowed and disables
|
||||||
|
# events causing all Motion to be written to one single movie file and no pre_capture.
|
||||||
|
# If set to 0, motion is running in gapless mode. Movies don't have gaps anymore. An
|
||||||
|
# event ends right after no more motion is detected and post_capture is over.
|
||||||
|
event_gap 60
|
||||||
|
|
||||||
|
# Maximum length in seconds of a movie
|
||||||
|
# When value is exceeded a new movie file is created. (Default: 0 = infinite)
|
||||||
|
max_movie_time 0
|
||||||
|
|
||||||
|
# Always save images even if there was no motion (default: off)
|
||||||
|
emulate_motion off
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Image File Output
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Output 'normal' pictures when motion is detected (default: on)
|
||||||
|
# Valid values: on, off, first, best, center
|
||||||
|
# When set to 'first', only the first picture of an event is saved.
|
||||||
|
# Picture with most motion of an event is saved when set to 'best'.
|
||||||
|
# Picture with motion nearest center of picture is saved when set to 'center'.
|
||||||
|
# Can be used as preview shot for the corresponding movie.
|
||||||
|
output_pictures off
|
||||||
|
|
||||||
|
# Output pictures with only the pixels moving object (ghost images) (default: off)
|
||||||
|
output_debug_pictures off
|
||||||
|
|
||||||
|
# The quality (in percent) to be used by the jpeg compression (default: 75)
|
||||||
|
quality 75
|
||||||
|
|
||||||
|
# Type of output images
|
||||||
|
# Valid values: jpeg, ppm (default: jpeg)
|
||||||
|
picture_type jpeg
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# FFMPEG related options
|
||||||
|
# Film (movies) file output, and deinterlacing of the video input
|
||||||
|
# The options movie_filename and timelapse_filename are also used
|
||||||
|
# by the ffmpeg feature
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Use ffmpeg to encode movies in realtime (default: off)
|
||||||
|
ffmpeg_output_movies off
|
||||||
|
|
||||||
|
# Use ffmpeg to make movies with only the pixels moving
|
||||||
|
# object (ghost images) (default: off)
|
||||||
|
ffmpeg_output_debug_movies off
|
||||||
|
|
||||||
|
# Use ffmpeg to encode a timelapse movie
|
||||||
|
# Default value 0 = off - else save frame every Nth second
|
||||||
|
ffmpeg_timelapse 0
|
||||||
|
|
||||||
|
# The file rollover mode of the timelapse video
|
||||||
|
# Valid values: hourly, daily (default), weekly-sunday, weekly-monday, monthly, manual
|
||||||
|
ffmpeg_timelapse_mode daily
|
||||||
|
|
||||||
|
# Bitrate to be used by the ffmpeg encoder (default: 400000)
|
||||||
|
# This option is ignored if ffmpeg_variable_bitrate is not 0 (disabled)
|
||||||
|
ffmpeg_bps 400000
|
||||||
|
|
||||||
|
# Enables and defines variable bitrate for the ffmpeg encoder.
|
||||||
|
# ffmpeg_bps is ignored if variable bitrate is enabled.
|
||||||
|
# Valid values: 0 (default) = fixed bitrate defined by ffmpeg_bps,
|
||||||
|
# or the range 1 - 100 where 1 means worst quality and 100 is best.
|
||||||
|
ffmpeg_variable_bitrate 0
|
||||||
|
|
||||||
|
# Codec to used by ffmpeg for the video compression.
|
||||||
|
# Timelapse videos have two options.
|
||||||
|
# mpg - Creates mpg file with mpeg-2 encoding.
|
||||||
|
# If motion is shutdown and restarted, new pics will be appended
|
||||||
|
# to any previously created file with name indicated for timelapse.
|
||||||
|
# mpeg4 - Creates avi file with the default encoding.
|
||||||
|
# If motion is shutdown and restarted, new pics will create a
|
||||||
|
# new file with the name indicated for timelapse.
|
||||||
|
# Supported formats are:
|
||||||
|
# mpeg4 or msmpeg4 - gives you files with extension .avi
|
||||||
|
# msmpeg4 is recommended for use with Windows Media Player because
|
||||||
|
# it requires no installation of codec on the Windows client.
|
||||||
|
# swf - gives you a flash film with extension .swf
|
||||||
|
# flv - gives you a flash video with extension .flv
|
||||||
|
# ffv1 - FF video codec 1 for Lossless Encoding
|
||||||
|
# mov - QuickTime
|
||||||
|
# mp4 - MPEG-4 Part 14 H264 encoding
|
||||||
|
# mkv - Matroska H264 encoding
|
||||||
|
# hevc - H.265 / HEVC (High Efficiency Video Coding)
|
||||||
|
ffmpeg_video_codec mpeg4
|
||||||
|
|
||||||
|
# When creating videos, should frames be duplicated in order
|
||||||
|
# to keep up with the requested frames per second
|
||||||
|
# (default: true)
|
||||||
|
ffmpeg_duplicate_frames true
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# SDL Window
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Number of motion thread to show in SDL Window (default: 0 = disabled)
|
||||||
|
#sdl_threadnr 0
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# External pipe to video encoder
|
||||||
|
# Replacement for FFMPEG builtin encoder for ffmpeg_output_movies only.
|
||||||
|
# The options movie_filename and timelapse_filename are also used
|
||||||
|
# by the ffmpeg feature
|
||||||
|
#############################################################
|
||||||
|
|
||||||
|
# Bool to enable or disable extpipe (default: off)
|
||||||
|
use_extpipe off
|
||||||
|
|
||||||
|
# External program (full path and opts) to pipe raw video to
|
||||||
|
# Generally, use '-' for STDIN...
|
||||||
|
;extpipe mencoder -demuxer rawvideo -rawvideo w=%w:h=%h:i420 -ovc x264 -x264encopts bframes=4:frameref=1:subq=1:scenecut=-1:nob_adapt:threads=1:keyint=1000:8x8dct:vbv_bufsize=4000:crf=24:partitions=i8x8,i4x4:vbv_maxrate=800:no-chroma-me -vf denoise3d=16:12:48:4,pp=lb -of avi -o %f.avi - -fps %fps
|
||||||
|
;extpipe x264 - --input-res %wx%h --fps %fps --bitrate 2000 --preset ultrafast --quiet -o %f.mp4
|
||||||
|
;extpipe mencoder -demuxer rawvideo -rawvideo w=%w:h=%h:fps=%fps -ovc x264 -x264encopts preset=ultrafast -of lavf -o %f.mp4 - -fps %fps
|
||||||
|
;extpipe ffmpeg -y -f rawvideo -pix_fmt yuv420p -video_size %wx%h -framerate %fps -i pipe:0 -vcodec libx264 -preset ultrafast -f mp4 %f.mp4
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Snapshots (Traditional Periodic Webcam File Output)
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Make automated snapshot every N seconds (default: 0 = disabled)
|
||||||
|
snapshot_interval 0
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Text Display
|
||||||
|
# %Y = year, %m = month, %d = date,
|
||||||
|
# %H = hour, %M = minute, %S = second, %T = HH:MM:SS,
|
||||||
|
# %v = event, %q = frame number, %t = camera id number,
|
||||||
|
# %D = changed pixels, %N = noise level, \n = new line,
|
||||||
|
# %i and %J = width and height of motion area,
|
||||||
|
# %K and %L = X and Y coordinates of motion center
|
||||||
|
# %C = value defined by text_event - do not use with text_event!
|
||||||
|
# You can put quotation marks around the text to allow
|
||||||
|
# leading spaces
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Locate and draw a box around the moving object.
|
||||||
|
# Valid values: on, off, preview (default: off)
|
||||||
|
# Set to 'preview' will only draw a box in preview_shot pictures.
|
||||||
|
locate_motion_mode off
|
||||||
|
|
||||||
|
# Set the look and style of the locate box if enabled.
|
||||||
|
# Valid values: box, redbox, cross, redcross (default: box)
|
||||||
|
# Set to 'box' will draw the traditional box.
|
||||||
|
# Set to 'redbox' will draw a red box.
|
||||||
|
# Set to 'cross' will draw a little cross to mark center.
|
||||||
|
# Set to 'redcross' will draw a little red cross to mark center.
|
||||||
|
locate_motion_style box
|
||||||
|
|
||||||
|
# Draws the timestamp using same options as C function strftime(3)
|
||||||
|
# Default: %Y-%m-%d\n%T = date in ISO format and time in 24 hour clock
|
||||||
|
# Text is placed in lower right corner
|
||||||
|
text_right %Y-%m-%d\n%T-%q
|
||||||
|
|
||||||
|
# Draw a user defined text on the images using same options as C function strftime(3)
|
||||||
|
# Default: Not defined = no text
|
||||||
|
# Text is placed in lower left corner
|
||||||
|
; text_left CAMERA %t
|
||||||
|
|
||||||
|
# Draw the number of changed pixed on the images (default: off)
|
||||||
|
# Will normally be set to off except when you setup and adjust the motion settings
|
||||||
|
# Text is placed in upper right corner
|
||||||
|
text_changes off
|
||||||
|
|
||||||
|
# This option defines the value of the special event conversion specifier %C
|
||||||
|
# You can use any conversion specifier in this option except %C. Date and time
|
||||||
|
# values are from the timestamp of the first image in the current event.
|
||||||
|
# Default: %Y%m%d%H%M%S
|
||||||
|
# The idea is that %C can be used filenames and text_left/right for creating
|
||||||
|
# a unique identifier for each event.
|
||||||
|
text_event %Y%m%d%H%M%S
|
||||||
|
|
||||||
|
# Draw characters at twice normal size on images. (default: off)
|
||||||
|
text_double off
|
||||||
|
|
||||||
|
|
||||||
|
# Text to include in a JPEG EXIF comment
|
||||||
|
# May be any text, including conversion specifiers.
|
||||||
|
# The EXIF timestamp is included independent of this text.
|
||||||
|
;exif_text %i%J/%K%L
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Target Directories and filenames For Images And Films
|
||||||
|
# For the options snapshot_, picture_, movie_ and timelapse_filename
|
||||||
|
# you can use conversion specifiers
|
||||||
|
# %Y = year, %m = month, %d = date,
|
||||||
|
# %H = hour, %M = minute, %S = second,
|
||||||
|
# %v = event, %q = frame number, %t = camera id number,
|
||||||
|
# %D = changed pixels, %N = noise level,
|
||||||
|
# %i and %J = width and height of motion area,
|
||||||
|
# %K and %L = X and Y coordinates of motion center
|
||||||
|
# %C = value defined by text_event
|
||||||
|
# Quotation marks round string are allowed.
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Target base directory for pictures and films
|
||||||
|
# Recommended to use absolute path. (Default: current working directory)
|
||||||
|
target_dir /var/run/motion/capture
|
||||||
|
|
||||||
|
# File path for snapshots (jpeg or ppm) relative to target_dir
|
||||||
|
# Default: %v-%Y%m%d%H%M%S-snapshot
|
||||||
|
# Default value is equivalent to legacy oldlayout option
|
||||||
|
# For Motion 3.0 compatible mode choose: %Y/%m/%d/%H/%M/%S-snapshot
|
||||||
|
# File extension .jpg or .ppm is automatically added so do not include this.
|
||||||
|
# Note: A symbolic link called lastsnap.jpg created in the target_dir will always
|
||||||
|
# point to the latest snapshot, unless snapshot_filename is exactly 'lastsnap'
|
||||||
|
snapshot_filename %v-%Y%m%d%H%M%S-snapshot
|
||||||
|
|
||||||
|
# File path for motion triggered images (jpeg or ppm) relative to target_dir
|
||||||
|
# Default: %v-%Y%m%d%H%M%S-%q
|
||||||
|
# Default value is equivalent to legacy oldlayout option
|
||||||
|
# For Motion 3.0 compatible mode choose: %Y/%m/%d/%H/%M/%S-%q
|
||||||
|
# File extension .jpg or .ppm is automatically added so do not include this
|
||||||
|
# Set to 'preview' together with best-preview feature enables special naming
|
||||||
|
# convention for preview shots. See motion guide for details
|
||||||
|
picture_filename %v-%Y%m%d%H%M%S-%q
|
||||||
|
|
||||||
|
# File path for motion triggered ffmpeg films (movies) relative to target_dir
|
||||||
|
# Default: %v-%Y%m%d%H%M%S
|
||||||
|
# File extensions(.mpg .avi) are automatically added so do not include them
|
||||||
|
movie_filename %v-%Y%m%d%H%M%S
|
||||||
|
|
||||||
|
# File path for timelapse movies relative to target_dir
|
||||||
|
# Default: %Y%m%d-timelapse
|
||||||
|
# File extensions(.mpg .avi) are automatically added so do not include them
|
||||||
|
timelapse_filename %Y%m%d-timelapse
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Global Network Options
|
||||||
|
############################################################
|
||||||
|
# Enable IPv6 (default: off)
|
||||||
|
ipv6_enabled off
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Live Stream Server
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# The mini-http server listens to this port for requests (default: 0 = disabled)
|
||||||
|
stream_port 8081
|
||||||
|
|
||||||
|
# Quality of the jpeg (in percent) images produced (default: 50)
|
||||||
|
stream_quality 50
|
||||||
|
|
||||||
|
# Output frames at 1 fps when no motion is detected and increase to the
|
||||||
|
# rate given by stream_maxrate when motion is detected (default: off)
|
||||||
|
stream_motion off
|
||||||
|
|
||||||
|
# Maximum framerate for stream streams (default: 1)
|
||||||
|
stream_maxrate 1
|
||||||
|
|
||||||
|
# Restrict stream connections to localhost only (default: on)
|
||||||
|
stream_localhost off
|
||||||
|
|
||||||
|
# Limits the number of images per connection (default: 0 = unlimited)
|
||||||
|
# Number can be defined by multiplying actual stream rate by desired number of seconds
|
||||||
|
# Actual stream rate is the smallest of the numbers framerate and stream_maxrate
|
||||||
|
stream_limit 0
|
||||||
|
|
||||||
|
# Set the authentication method (default: 0)
|
||||||
|
# 0 = disabled
|
||||||
|
# 1 = Basic authentication
|
||||||
|
# 2 = MD5 digest (the safer authentication)
|
||||||
|
stream_auth_method 0
|
||||||
|
|
||||||
|
# Authentication for the stream. Syntax username:password
|
||||||
|
# Default: not defined (Disabled)
|
||||||
|
; stream_authentication username:password
|
||||||
|
|
||||||
|
# Percentage to scale the stream image for preview
|
||||||
|
# Default: 25
|
||||||
|
; stream_preview_scale 25
|
||||||
|
|
||||||
|
# Have stream preview image start on a new line
|
||||||
|
# Default: no
|
||||||
|
; stream_preview_newline no
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# HTTP Based Control
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# TCP/IP port for the http server to listen on (default: 0 = disabled)
|
||||||
|
webcontrol_port 8080
|
||||||
|
|
||||||
|
# Restrict control connections to localhost only (default: on)
|
||||||
|
webcontrol_localhost on
|
||||||
|
|
||||||
|
# Output for http server, select off to choose raw text plain (default: on)
|
||||||
|
webcontrol_html_output on
|
||||||
|
|
||||||
|
# Authentication for the http based control. Syntax username:password
|
||||||
|
# Default: not defined (Disabled)
|
||||||
|
; webcontrol_authentication username:password
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Tracking (Pan/Tilt)
|
||||||
|
#############################################################
|
||||||
|
|
||||||
|
# Type of tracker (0=none (default), 1=stepper, 2=iomojo, 3=pwc, 4=generic, 5=uvcvideo, 6=servo)
|
||||||
|
# The generic type enables the definition of motion center and motion size to
|
||||||
|
# be used with the conversion specifiers for options like on_motion_detected
|
||||||
|
track_type 0
|
||||||
|
|
||||||
|
# Enable auto tracking (default: off)
|
||||||
|
track_auto off
|
||||||
|
|
||||||
|
# Serial port of motor (default: none)
|
||||||
|
;track_port /dev/ttyS0
|
||||||
|
|
||||||
|
# Motor number for x-axis (default: 0)
|
||||||
|
;track_motorx 0
|
||||||
|
|
||||||
|
# Set motorx reverse (default: 0)
|
||||||
|
;track_motorx_reverse 0
|
||||||
|
|
||||||
|
# Motor number for y-axis (default: 0)
|
||||||
|
;track_motory 1
|
||||||
|
|
||||||
|
# Set motory reverse (default: 0)
|
||||||
|
;track_motory_reverse 0
|
||||||
|
|
||||||
|
# Maximum value on x-axis (default: 0)
|
||||||
|
;track_maxx 200
|
||||||
|
|
||||||
|
# Minimum value on x-axis (default: 0)
|
||||||
|
;track_minx 50
|
||||||
|
|
||||||
|
# Maximum value on y-axis (default: 0)
|
||||||
|
;track_maxy 200
|
||||||
|
|
||||||
|
# Minimum value on y-axis (default: 0)
|
||||||
|
;track_miny 50
|
||||||
|
|
||||||
|
# Center value on x-axis (default: 0)
|
||||||
|
;track_homex 128
|
||||||
|
|
||||||
|
# Center value on y-axis (default: 0)
|
||||||
|
;track_homey 128
|
||||||
|
|
||||||
|
# ID of an iomojo camera if used (default: 0)
|
||||||
|
track_iomojo_id 0
|
||||||
|
|
||||||
|
# Angle in degrees the camera moves per step on the X-axis
|
||||||
|
# with auto-track (default: 10)
|
||||||
|
# Currently only used with pwc type cameras
|
||||||
|
track_step_angle_x 10
|
||||||
|
|
||||||
|
# Angle in degrees the camera moves per step on the Y-axis
|
||||||
|
# with auto-track (default: 10)
|
||||||
|
# Currently only used with pwc type cameras
|
||||||
|
track_step_angle_y 10
|
||||||
|
|
||||||
|
# Delay to wait for after tracking movement as number
|
||||||
|
# of picture frames (default: 10)
|
||||||
|
track_move_wait 10
|
||||||
|
|
||||||
|
# Speed to set the motor to (stepper motor option) (default: 255)
|
||||||
|
track_speed 255
|
||||||
|
|
||||||
|
# Number of steps to make (stepper motor option) (default: 40)
|
||||||
|
track_stepsize 40
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# External Commands, Warnings and Logging:
|
||||||
|
# You can use conversion specifiers for the on_xxxx commands
|
||||||
|
# %Y = year, %m = month, %d = date,
|
||||||
|
# %H = hour, %M = minute, %S = second,
|
||||||
|
# %v = event, %q = frame number, %t = camera id number,
|
||||||
|
# %D = changed pixels, %N = noise level,
|
||||||
|
# %i and %J = width and height of motion area,
|
||||||
|
# %K and %L = X and Y coordinates of motion center
|
||||||
|
# %C = value defined by text_event
|
||||||
|
# %f = filename with full path
|
||||||
|
# %n = number indicating filetype
|
||||||
|
# Both %f and %n are only defined for on_picture_save,
|
||||||
|
# on_movie_start and on_movie_end
|
||||||
|
# Quotation marks round string are allowed.
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Do not sound beeps when detecting motion (default: on)
|
||||||
|
# Note: Motion never beeps when running in daemon mode.
|
||||||
|
quiet on
|
||||||
|
|
||||||
|
# Command to be executed when an event starts. (default: none)
|
||||||
|
# An event starts at first motion detected after a period of no motion defined by event_gap
|
||||||
|
; on_event_start value
|
||||||
|
|
||||||
|
# Command to be executed when an event ends after a period of no motion
|
||||||
|
# (default: none). The period of no motion is defined by option event_gap.
|
||||||
|
; on_event_end value
|
||||||
|
|
||||||
|
# Command to be executed when a picture (.ppm|.jpg) is saved (default: none)
|
||||||
|
# To give the filename as an argument to a command append it with %f
|
||||||
|
; on_picture_save value
|
||||||
|
|
||||||
|
# Command to be executed when a motion frame is detected (default: none)
|
||||||
|
; on_motion_detected value
|
||||||
|
|
||||||
|
# Command to be executed when motion in a predefined area is detected
|
||||||
|
# Check option 'area_detect'. (default: none)
|
||||||
|
; on_area_detected value
|
||||||
|
|
||||||
|
# Command to be executed when a movie file (.mpg|.avi) is created. (default: none)
|
||||||
|
# To give the filename as an argument to a command append it with %f
|
||||||
|
; on_movie_start value
|
||||||
|
|
||||||
|
# Command to be executed when a movie file (.mpg|.avi) is closed. (default: none)
|
||||||
|
# To give the filename as an argument to a command append it with %f
|
||||||
|
; on_movie_end value
|
||||||
|
|
||||||
|
# Command to be executed when a camera can't be opened or if it is lost
|
||||||
|
# NOTE: There is situations when motion don't detect a lost camera!
|
||||||
|
# It depends on the driver, some drivers dosn't detect a lost camera at all
|
||||||
|
# Some hangs the motion thread. Some even hangs the PC! (default: none)
|
||||||
|
; on_camera_lost value
|
||||||
|
|
||||||
|
#####################################################################
|
||||||
|
# Common Options for database features.
|
||||||
|
# Options require database options to be active also.
|
||||||
|
#####################################################################
|
||||||
|
|
||||||
|
# Log to the database when creating motion triggered picture file (default: on)
|
||||||
|
; sql_log_picture on
|
||||||
|
|
||||||
|
# Log to the database when creating a snapshot image file (default: on)
|
||||||
|
; sql_log_snapshot on
|
||||||
|
|
||||||
|
# Log to the database when creating motion triggered movie file (default: off)
|
||||||
|
; sql_log_movie off
|
||||||
|
|
||||||
|
# Log to the database when creating timelapse movies file (default: off)
|
||||||
|
; sql_log_timelapse off
|
||||||
|
|
||||||
|
# SQL query string that is sent to the database
|
||||||
|
# Use same conversion specifiers has for text features
|
||||||
|
# Additional special conversion specifiers are
|
||||||
|
# %n = the number representing the file_type
|
||||||
|
# %f = filename with full path
|
||||||
|
# Default value:
|
||||||
|
# Create tables :
|
||||||
|
##
|
||||||
|
# Mysql
|
||||||
|
# CREATE TABLE security (camera int, filename char(80) not null, frame int, file_type int, time_stamp timestamp(14), event_time_stamp timestamp(14));
|
||||||
|
#
|
||||||
|
# Postgresql
|
||||||
|
# CREATE TABLE security (camera int, filename char(80) not null, frame int, file_type int, time_stamp timestamp without time zone, event_time_stamp timestamp without time zone);
|
||||||
|
#
|
||||||
|
# insert into security(camera, filename, frame, file_type, time_stamp, text_event) values('%t', '%f', '%q', '%n', '%Y-%m-%d %T', '%C')
|
||||||
|
; sql_query insert into security(camera, filename, frame, file_type, time_stamp, event_time_stamp) values('%t', '%f', '%q', '%n', '%Y-%m-%d %T', '%C')
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Database Options
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# database type : mysql, postgresql, sqlite3 (default : not defined)
|
||||||
|
; database_type value
|
||||||
|
|
||||||
|
# database to log to (default: not defined)
|
||||||
|
# for sqlite3, the full path and name for the database.
|
||||||
|
; database_dbname value
|
||||||
|
|
||||||
|
# The host on which the database is located (default: localhost)
|
||||||
|
; database_host value
|
||||||
|
|
||||||
|
# User account name for database (default: not defined)
|
||||||
|
; database_user value
|
||||||
|
|
||||||
|
# User password for database (default: not defined)
|
||||||
|
; database_password value
|
||||||
|
|
||||||
|
# Port on which the database is located
|
||||||
|
# mysql 3306 , postgresql 5432 (default: not defined)
|
||||||
|
; database_port value
|
||||||
|
|
||||||
|
# Database wait time in milliseconds for locked database to
|
||||||
|
# be unlocked before returning database locked error (default 0)
|
||||||
|
; database_busy_timeout 0
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Video Loopback Device (vloopback project)
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Output images to a video4linux loopback device
|
||||||
|
# The value '-' means next available (default: not defined)
|
||||||
|
; video_pipe value
|
||||||
|
|
||||||
|
# Output motion images to a video4linux loopback device
|
||||||
|
# The value '-' means next available (default: not defined)
|
||||||
|
; motion_video_pipe value
|
||||||
|
|
||||||
|
|
||||||
|
##############################################################
|
||||||
|
# camera config files - One for each camera.
|
||||||
|
# Except if only one camera - You only need this config file.
|
||||||
|
# If you have more than one camera you MUST define one camera
|
||||||
|
# config file for each camera in addition to this config file.
|
||||||
|
##############################################################
|
||||||
|
|
||||||
|
# Remember: If you have more than one camera you must have one
|
||||||
|
# camera file for each camera. E.g. 2 cameras requires 3 files:
|
||||||
|
# This motion.conf file AND camera1.conf and camera2.conf.
|
||||||
|
# Only put the options that are unique to each camera in the
|
||||||
|
# camera config files.
|
||||||
|
; camera /etc/motion/camera1.conf
|
||||||
|
; camera /etc/motion/camera2.conf
|
||||||
|
; camera /etc/motion/camera3.conf
|
||||||
|
; camera /etc/motion/camera4.conf
|
||||||
|
|
||||||
|
|
||||||
|
##############################################################
|
||||||
|
# Camera config directory - One for each camera.
|
||||||
|
##############################################################
|
||||||
|
#
|
||||||
|
; camera_dir /etc/motion/conf.d
|
770
roles/Geth-Hub/files/motion.conf/Geth-Hub-3
Normal file
770
roles/Geth-Hub/files/motion.conf/Geth-Hub-3
Normal file
@ -0,0 +1,770 @@
|
|||||||
|
# Rename this distribution example file to motion.conf
|
||||||
|
#
|
||||||
|
# This config file was generated by motion 4.0.1
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Daemon
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Start in daemon (background) mode and release terminal (default: off)
|
||||||
|
daemon on
|
||||||
|
|
||||||
|
# File to store the process ID, also called pid file. (default: not defined)
|
||||||
|
process_id_file /var/run/motion/motion.pid
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Basic Setup Mode
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Start in Setup-Mode, daemon disabled. (default: off)
|
||||||
|
setup_mode off
|
||||||
|
|
||||||
|
|
||||||
|
# Use a file to save logs messages, if not defined stderr and syslog is used. (default: not defined)
|
||||||
|
;logfile /tmp/motion.log
|
||||||
|
|
||||||
|
# Level of log messages [1..9] (EMG, ALR, CRT, ERR, WRN, NTC, INF, DBG, ALL). (default: 6 / NTC)
|
||||||
|
log_level 6
|
||||||
|
|
||||||
|
# Filter to log messages by type (COR, STR, ENC, NET, DBL, EVT, TRK, VID, ALL). (default: ALL)
|
||||||
|
log_type all
|
||||||
|
|
||||||
|
###########################################################
|
||||||
|
# Capture device options
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Videodevice to be used for capturing (default /dev/video0)
|
||||||
|
# for FreeBSD default is /dev/bktr0
|
||||||
|
videodevice /dev/video0
|
||||||
|
|
||||||
|
# v4l2_palette allows one to choose preferable palette to be use by motion
|
||||||
|
# to capture from those supported by your videodevice. (default: 17)
|
||||||
|
# E.g. if your videodevice supports both V4L2_PIX_FMT_SBGGR8 and
|
||||||
|
# V4L2_PIX_FMT_MJPEG then motion will by default use V4L2_PIX_FMT_MJPEG.
|
||||||
|
# Setting v4l2_palette to 2 forces motion to use V4L2_PIX_FMT_SBGGR8
|
||||||
|
# instead.
|
||||||
|
#
|
||||||
|
# Values :
|
||||||
|
# V4L2_PIX_FMT_SN9C10X : 0 'S910'
|
||||||
|
# V4L2_PIX_FMT_SBGGR16 : 1 'BYR2'
|
||||||
|
# V4L2_PIX_FMT_SBGGR8 : 2 'BA81'
|
||||||
|
# V4L2_PIX_FMT_SPCA561 : 3 'S561'
|
||||||
|
# V4L2_PIX_FMT_SGBRG8 : 4 'GBRG'
|
||||||
|
# V4L2_PIX_FMT_SGRBG8 : 5 'GRBG'
|
||||||
|
# V4L2_PIX_FMT_PAC207 : 6 'P207'
|
||||||
|
# V4L2_PIX_FMT_PJPG : 7 'PJPG'
|
||||||
|
# V4L2_PIX_FMT_MJPEG : 8 'MJPEG'
|
||||||
|
# V4L2_PIX_FMT_JPEG : 9 'JPEG'
|
||||||
|
# V4L2_PIX_FMT_RGB24 : 10 'RGB3'
|
||||||
|
# V4L2_PIX_FMT_SPCA501 : 11 'S501'
|
||||||
|
# V4L2_PIX_FMT_SPCA505 : 12 'S505'
|
||||||
|
# V4L2_PIX_FMT_SPCA508 : 13 'S508'
|
||||||
|
# V4L2_PIX_FMT_UYVY : 14 'UYVY'
|
||||||
|
# V4L2_PIX_FMT_YUYV : 15 'YUYV'
|
||||||
|
# V4L2_PIX_FMT_YUV422P : 16 '422P'
|
||||||
|
# V4L2_PIX_FMT_YUV420 : 17 'YU12'
|
||||||
|
#
|
||||||
|
v4l2_palette 17
|
||||||
|
|
||||||
|
# Tuner device to be used for capturing using tuner as source (default /dev/tuner0)
|
||||||
|
# This is ONLY used for FreeBSD. Leave it commented out for Linux
|
||||||
|
; tunerdevice /dev/tuner0
|
||||||
|
|
||||||
|
# The video input to be used (default: -1)
|
||||||
|
# Should normally be set to 0 or 1 for video/TV cards, and -1 for USB cameras
|
||||||
|
# Set to 0 for uvideo(4) on OpenBSD
|
||||||
|
input -1
|
||||||
|
|
||||||
|
# The video norm to use (only for video capture and TV tuner cards)
|
||||||
|
# Values: 0 (PAL), 1 (NTSC), 2 (SECAM), 3 (PAL NC no colour). Default: 0 (PAL)
|
||||||
|
norm 0
|
||||||
|
|
||||||
|
# The frequency to set the tuner to (kHz) (only for TV tuner cards) (default: 0)
|
||||||
|
frequency 0
|
||||||
|
|
||||||
|
# Override the power line frequency for the webcam. (normally not necessary)
|
||||||
|
# Values:
|
||||||
|
# -1 : Do not modify device setting
|
||||||
|
# 0 : Power line frequency Disabled
|
||||||
|
# 1 : 50hz
|
||||||
|
# 2 : 60hz
|
||||||
|
# 3 : Auto
|
||||||
|
power_line_frequency -1
|
||||||
|
|
||||||
|
# Rotate image this number of degrees. The rotation affects all saved images as
|
||||||
|
# well as movies. Valid values: 0 (default = no rotation), 90, 180 and 270.
|
||||||
|
rotate 0
|
||||||
|
|
||||||
|
# Image width (pixels). Valid range: Camera dependent, default: 352
|
||||||
|
width 640
|
||||||
|
|
||||||
|
# Image height (pixels). Valid range: Camera dependent, default: 288
|
||||||
|
height 480
|
||||||
|
|
||||||
|
# Maximum number of frames to be captured per second.
|
||||||
|
# Valid range: 2-100. Default: 100 (almost no limit).
|
||||||
|
framerate 100
|
||||||
|
|
||||||
|
# Minimum time in seconds between capturing picture frames from the camera.
|
||||||
|
# Default: 0 = disabled - the capture rate is given by the camera framerate.
|
||||||
|
# This option is used when you want to capture images at a rate lower than 2 per second.
|
||||||
|
minimum_frame_time 0
|
||||||
|
|
||||||
|
# URL to use if you are using a network camera, size will be autodetected (incl http:// ftp:// mjpg:// rtsp:// mjpeg:// or file:///)
|
||||||
|
# Must be a URL that returns single jpeg pictures or a raw mjpeg stream. A trailing slash may be required for some cameras.
|
||||||
|
# Default: Not defined
|
||||||
|
; netcam_url value
|
||||||
|
|
||||||
|
# Username and password for network camera (only if required). Default: not defined
|
||||||
|
# Syntax is user:password
|
||||||
|
; netcam_userpass value
|
||||||
|
|
||||||
|
# The setting for keep-alive of network socket, should improve performance on compatible net cameras.
|
||||||
|
# off: The historical implementation using HTTP/1.0, closing the socket after each http request.
|
||||||
|
# force: Use HTTP/1.0 requests with keep alive header to reuse the same connection.
|
||||||
|
# on: Use HTTP/1.1 requests that support keep alive as default.
|
||||||
|
# Default: off
|
||||||
|
netcam_keepalive off
|
||||||
|
|
||||||
|
# URL to use for a netcam proxy server, if required, e.g. "http://myproxy".
|
||||||
|
# If a port number other than 80 is needed, use "http://myproxy:1234".
|
||||||
|
# Default: not defined
|
||||||
|
; netcam_proxy value
|
||||||
|
|
||||||
|
# Set less strict jpeg checks for network cameras with a poor/buggy firmware.
|
||||||
|
# Default: off
|
||||||
|
netcam_tolerant_check off
|
||||||
|
|
||||||
|
# RTSP connection uses TCP to communicate to the camera. Can prevent image corruption.
|
||||||
|
# Default: on
|
||||||
|
rtsp_uses_tcp on
|
||||||
|
|
||||||
|
# Name of camera to use if you are using a camera accessed through OpenMax/MMAL
|
||||||
|
# Default: Not defined
|
||||||
|
; mmalcam_name vc.ril.camera
|
||||||
|
|
||||||
|
# Camera control parameters (see raspivid/raspistill tool documentation)
|
||||||
|
# Default: Not defined
|
||||||
|
; mmalcam_control_params -hf
|
||||||
|
|
||||||
|
# Let motion regulate the brightness of a video device (default: off).
|
||||||
|
# The auto_brightness feature uses the brightness option as its target value.
|
||||||
|
# If brightness is zero auto_brightness will adjust to average brightness value 128.
|
||||||
|
# Only recommended for cameras without auto brightness
|
||||||
|
auto_brightness off
|
||||||
|
|
||||||
|
# Set the initial brightness of a video device.
|
||||||
|
# If auto_brightness is enabled, this value defines the average brightness level
|
||||||
|
# which Motion will try and adjust to.
|
||||||
|
# Valid range 0-255, default 0 = disabled
|
||||||
|
brightness 0
|
||||||
|
|
||||||
|
# Set the contrast of a video device.
|
||||||
|
# Valid range 0-255, default 0 = disabled
|
||||||
|
contrast 0
|
||||||
|
|
||||||
|
# Set the saturation of a video device.
|
||||||
|
# Valid range 0-255, default 0 = disabled
|
||||||
|
saturation 0
|
||||||
|
|
||||||
|
# Set the hue of a video device (NTSC feature).
|
||||||
|
# Valid range 0-255, default 0 = disabled
|
||||||
|
hue 0
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Round Robin (multiple inputs on same video device name)
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Number of frames to capture in each roundrobin step (default: 1)
|
||||||
|
roundrobin_frames 1
|
||||||
|
|
||||||
|
# Number of frames to skip before each roundrobin step (default: 1)
|
||||||
|
roundrobin_skip 1
|
||||||
|
|
||||||
|
# Try to filter out noise generated by roundrobin (default: off)
|
||||||
|
switchfilter off
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Motion Detection Settings:
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Threshold for number of changed pixels in an image that
|
||||||
|
# triggers motion detection (default: 1500)
|
||||||
|
threshold 1500
|
||||||
|
|
||||||
|
# Automatically tune the threshold down if possible (default: off)
|
||||||
|
threshold_tune off
|
||||||
|
|
||||||
|
# Noise threshold for the motion detection (default: 32)
|
||||||
|
noise_level 32
|
||||||
|
|
||||||
|
# Automatically tune the noise threshold (default: on)
|
||||||
|
noise_tune on
|
||||||
|
|
||||||
|
# Despeckle motion image using (e)rode or (d)ilate or (l)abel (Default: not defined)
|
||||||
|
# Recommended value is EedDl. Any combination (and number of) of E, e, d, and D is valid.
|
||||||
|
# (l)abeling must only be used once and the 'l' must be the last letter.
|
||||||
|
# Comment out to disable
|
||||||
|
despeckle_filter EedDl
|
||||||
|
|
||||||
|
# Detect motion in predefined areas (1 - 9). Areas are numbered like that: 1 2 3
|
||||||
|
# A script (on_area_detected) is started immediately when motion is 4 5 6
|
||||||
|
# detected in one of the given areas, but only once during an event. 7 8 9
|
||||||
|
# One or more areas can be specified with this option. Take care: This option
|
||||||
|
# does NOT restrict detection to these areas! (Default: not defined)
|
||||||
|
; area_detect value
|
||||||
|
|
||||||
|
# PGM file to use as a sensitivity mask.
|
||||||
|
# Full path name to. (Default: not defined)
|
||||||
|
; mask_file value
|
||||||
|
|
||||||
|
# Dynamically create a mask file during operation (default: 0)
|
||||||
|
# Adjust speed of mask changes from 0 (off) to 10 (fast)
|
||||||
|
smart_mask_speed 0
|
||||||
|
|
||||||
|
# Ignore sudden massive light intensity changes given as a percentage of the picture
|
||||||
|
# area that changed intensity. Valid range: 0 - 100 , default: 0 = disabled
|
||||||
|
lightswitch 0
|
||||||
|
|
||||||
|
# Picture frames must contain motion at least the specified number of frames
|
||||||
|
# in a row before they are detected as true motion. At the default of 1, all
|
||||||
|
# motion is detected. Valid range: 1 to thousands, recommended 1-5
|
||||||
|
minimum_motion_frames 1
|
||||||
|
|
||||||
|
# Specifies the number of pre-captured (buffered) pictures from before motion
|
||||||
|
# was detected that will be output at motion detection.
|
||||||
|
# Recommended range: 0 to 5 (default: 0)
|
||||||
|
# Do not use large values! Large values will cause Motion to skip video frames and
|
||||||
|
# cause unsmooth movies. To smooth movies use larger values of post_capture instead.
|
||||||
|
pre_capture 0
|
||||||
|
|
||||||
|
# Number of frames to capture after motion is no longer detected (default: 0)
|
||||||
|
post_capture 0
|
||||||
|
|
||||||
|
# Event Gap is the seconds of no motion detection that triggers the end of an event.
|
||||||
|
# An event is defined as a series of motion images taken within a short timeframe.
|
||||||
|
# Recommended value is 60 seconds (Default). The value -1 is allowed and disables
|
||||||
|
# events causing all Motion to be written to one single movie file and no pre_capture.
|
||||||
|
# If set to 0, motion is running in gapless mode. Movies don't have gaps anymore. An
|
||||||
|
# event ends right after no more motion is detected and post_capture is over.
|
||||||
|
event_gap 60
|
||||||
|
|
||||||
|
# Maximum length in seconds of a movie
|
||||||
|
# When value is exceeded a new movie file is created. (Default: 0 = infinite)
|
||||||
|
max_movie_time 0
|
||||||
|
|
||||||
|
# Always save images even if there was no motion (default: off)
|
||||||
|
emulate_motion off
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Image File Output
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Output 'normal' pictures when motion is detected (default: on)
|
||||||
|
# Valid values: on, off, first, best, center
|
||||||
|
# When set to 'first', only the first picture of an event is saved.
|
||||||
|
# Picture with most motion of an event is saved when set to 'best'.
|
||||||
|
# Picture with motion nearest center of picture is saved when set to 'center'.
|
||||||
|
# Can be used as preview shot for the corresponding movie.
|
||||||
|
output_pictures off
|
||||||
|
|
||||||
|
# Output pictures with only the pixels moving object (ghost images) (default: off)
|
||||||
|
output_debug_pictures off
|
||||||
|
|
||||||
|
# The quality (in percent) to be used by the jpeg compression (default: 75)
|
||||||
|
quality 75
|
||||||
|
|
||||||
|
# Type of output images
|
||||||
|
# Valid values: jpeg, ppm (default: jpeg)
|
||||||
|
picture_type jpeg
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# FFMPEG related options
|
||||||
|
# Film (movies) file output, and deinterlacing of the video input
|
||||||
|
# The options movie_filename and timelapse_filename are also used
|
||||||
|
# by the ffmpeg feature
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Use ffmpeg to encode movies in realtime (default: off)
|
||||||
|
ffmpeg_output_movies off
|
||||||
|
|
||||||
|
# Use ffmpeg to make movies with only the pixels moving
|
||||||
|
# object (ghost images) (default: off)
|
||||||
|
ffmpeg_output_debug_movies off
|
||||||
|
|
||||||
|
# Use ffmpeg to encode a timelapse movie
|
||||||
|
# Default value 0 = off - else save frame every Nth second
|
||||||
|
ffmpeg_timelapse 0
|
||||||
|
|
||||||
|
# The file rollover mode of the timelapse video
|
||||||
|
# Valid values: hourly, daily (default), weekly-sunday, weekly-monday, monthly, manual
|
||||||
|
ffmpeg_timelapse_mode daily
|
||||||
|
|
||||||
|
# Bitrate to be used by the ffmpeg encoder (default: 400000)
|
||||||
|
# This option is ignored if ffmpeg_variable_bitrate is not 0 (disabled)
|
||||||
|
ffmpeg_bps 400000
|
||||||
|
|
||||||
|
# Enables and defines variable bitrate for the ffmpeg encoder.
|
||||||
|
# ffmpeg_bps is ignored if variable bitrate is enabled.
|
||||||
|
# Valid values: 0 (default) = fixed bitrate defined by ffmpeg_bps,
|
||||||
|
# or the range 1 - 100 where 1 means worst quality and 100 is best.
|
||||||
|
ffmpeg_variable_bitrate 0
|
||||||
|
|
||||||
|
# Codec to used by ffmpeg for the video compression.
|
||||||
|
# Timelapse videos have two options.
|
||||||
|
# mpg - Creates mpg file with mpeg-2 encoding.
|
||||||
|
# If motion is shutdown and restarted, new pics will be appended
|
||||||
|
# to any previously created file with name indicated for timelapse.
|
||||||
|
# mpeg4 - Creates avi file with the default encoding.
|
||||||
|
# If motion is shutdown and restarted, new pics will create a
|
||||||
|
# new file with the name indicated for timelapse.
|
||||||
|
# Supported formats are:
|
||||||
|
# mpeg4 or msmpeg4 - gives you files with extension .avi
|
||||||
|
# msmpeg4 is recommended for use with Windows Media Player because
|
||||||
|
# it requires no installation of codec on the Windows client.
|
||||||
|
# swf - gives you a flash film with extension .swf
|
||||||
|
# flv - gives you a flash video with extension .flv
|
||||||
|
# ffv1 - FF video codec 1 for Lossless Encoding
|
||||||
|
# mov - QuickTime
|
||||||
|
# mp4 - MPEG-4 Part 14 H264 encoding
|
||||||
|
# mkv - Matroska H264 encoding
|
||||||
|
# hevc - H.265 / HEVC (High Efficiency Video Coding)
|
||||||
|
ffmpeg_video_codec mpeg4
|
||||||
|
|
||||||
|
# When creating videos, should frames be duplicated in order
|
||||||
|
# to keep up with the requested frames per second
|
||||||
|
# (default: true)
|
||||||
|
ffmpeg_duplicate_frames true
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# SDL Window
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Number of motion thread to show in SDL Window (default: 0 = disabled)
|
||||||
|
#sdl_threadnr 0
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# External pipe to video encoder
|
||||||
|
# Replacement for FFMPEG builtin encoder for ffmpeg_output_movies only.
|
||||||
|
# The options movie_filename and timelapse_filename are also used
|
||||||
|
# by the ffmpeg feature
|
||||||
|
#############################################################
|
||||||
|
|
||||||
|
# Bool to enable or disable extpipe (default: off)
|
||||||
|
use_extpipe off
|
||||||
|
|
||||||
|
# External program (full path and opts) to pipe raw video to
|
||||||
|
# Generally, use '-' for STDIN...
|
||||||
|
;extpipe mencoder -demuxer rawvideo -rawvideo w=%w:h=%h:i420 -ovc x264 -x264encopts bframes=4:frameref=1:subq=1:scenecut=-1:nob_adapt:threads=1:keyint=1000:8x8dct:vbv_bufsize=4000:crf=24:partitions=i8x8,i4x4:vbv_maxrate=800:no-chroma-me -vf denoise3d=16:12:48:4,pp=lb -of avi -o %f.avi - -fps %fps
|
||||||
|
;extpipe x264 - --input-res %wx%h --fps %fps --bitrate 2000 --preset ultrafast --quiet -o %f.mp4
|
||||||
|
;extpipe mencoder -demuxer rawvideo -rawvideo w=%w:h=%h:fps=%fps -ovc x264 -x264encopts preset=ultrafast -of lavf -o %f.mp4 - -fps %fps
|
||||||
|
;extpipe ffmpeg -y -f rawvideo -pix_fmt yuv420p -video_size %wx%h -framerate %fps -i pipe:0 -vcodec libx264 -preset ultrafast -f mp4 %f.mp4
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Snapshots (Traditional Periodic Webcam File Output)
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Make automated snapshot every N seconds (default: 0 = disabled)
|
||||||
|
snapshot_interval 0
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Text Display
|
||||||
|
# %Y = year, %m = month, %d = date,
|
||||||
|
# %H = hour, %M = minute, %S = second, %T = HH:MM:SS,
|
||||||
|
# %v = event, %q = frame number, %t = camera id number,
|
||||||
|
# %D = changed pixels, %N = noise level, \n = new line,
|
||||||
|
# %i and %J = width and height of motion area,
|
||||||
|
# %K and %L = X and Y coordinates of motion center
|
||||||
|
# %C = value defined by text_event - do not use with text_event!
|
||||||
|
# You can put quotation marks around the text to allow
|
||||||
|
# leading spaces
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Locate and draw a box around the moving object.
|
||||||
|
# Valid values: on, off, preview (default: off)
|
||||||
|
# Set to 'preview' will only draw a box in preview_shot pictures.
|
||||||
|
locate_motion_mode off
|
||||||
|
|
||||||
|
# Set the look and style of the locate box if enabled.
|
||||||
|
# Valid values: box, redbox, cross, redcross (default: box)
|
||||||
|
# Set to 'box' will draw the traditional box.
|
||||||
|
# Set to 'redbox' will draw a red box.
|
||||||
|
# Set to 'cross' will draw a little cross to mark center.
|
||||||
|
# Set to 'redcross' will draw a little red cross to mark center.
|
||||||
|
locate_motion_style box
|
||||||
|
|
||||||
|
# Draws the timestamp using same options as C function strftime(3)
|
||||||
|
# Default: %Y-%m-%d\n%T = date in ISO format and time in 24 hour clock
|
||||||
|
# Text is placed in lower right corner
|
||||||
|
text_right %Y-%m-%d\n%T-%q
|
||||||
|
|
||||||
|
# Draw a user defined text on the images using same options as C function strftime(3)
|
||||||
|
# Default: Not defined = no text
|
||||||
|
# Text is placed in lower left corner
|
||||||
|
; text_left CAMERA %t
|
||||||
|
|
||||||
|
# Draw the number of changed pixed on the images (default: off)
|
||||||
|
# Will normally be set to off except when you setup and adjust the motion settings
|
||||||
|
# Text is placed in upper right corner
|
||||||
|
text_changes off
|
||||||
|
|
||||||
|
# This option defines the value of the special event conversion specifier %C
|
||||||
|
# You can use any conversion specifier in this option except %C. Date and time
|
||||||
|
# values are from the timestamp of the first image in the current event.
|
||||||
|
# Default: %Y%m%d%H%M%S
|
||||||
|
# The idea is that %C can be used filenames and text_left/right for creating
|
||||||
|
# a unique identifier for each event.
|
||||||
|
text_event %Y%m%d%H%M%S
|
||||||
|
|
||||||
|
# Draw characters at twice normal size on images. (default: off)
|
||||||
|
text_double off
|
||||||
|
|
||||||
|
|
||||||
|
# Text to include in a JPEG EXIF comment
|
||||||
|
# May be any text, including conversion specifiers.
|
||||||
|
# The EXIF timestamp is included independent of this text.
|
||||||
|
;exif_text %i%J/%K%L
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Target Directories and filenames For Images And Films
|
||||||
|
# For the options snapshot_, picture_, movie_ and timelapse_filename
|
||||||
|
# you can use conversion specifiers
|
||||||
|
# %Y = year, %m = month, %d = date,
|
||||||
|
# %H = hour, %M = minute, %S = second,
|
||||||
|
# %v = event, %q = frame number, %t = camera id number,
|
||||||
|
# %D = changed pixels, %N = noise level,
|
||||||
|
# %i and %J = width and height of motion area,
|
||||||
|
# %K and %L = X and Y coordinates of motion center
|
||||||
|
# %C = value defined by text_event
|
||||||
|
# Quotation marks round string are allowed.
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Target base directory for pictures and films
|
||||||
|
# Recommended to use absolute path. (Default: current working directory)
|
||||||
|
target_dir /var/run/motion/capture
|
||||||
|
|
||||||
|
# File path for snapshots (jpeg or ppm) relative to target_dir
|
||||||
|
# Default: %v-%Y%m%d%H%M%S-snapshot
|
||||||
|
# Default value is equivalent to legacy oldlayout option
|
||||||
|
# For Motion 3.0 compatible mode choose: %Y/%m/%d/%H/%M/%S-snapshot
|
||||||
|
# File extension .jpg or .ppm is automatically added so do not include this.
|
||||||
|
# Note: A symbolic link called lastsnap.jpg created in the target_dir will always
|
||||||
|
# point to the latest snapshot, unless snapshot_filename is exactly 'lastsnap'
|
||||||
|
snapshot_filename %v-%Y%m%d%H%M%S-snapshot
|
||||||
|
|
||||||
|
# File path for motion triggered images (jpeg or ppm) relative to target_dir
|
||||||
|
# Default: %v-%Y%m%d%H%M%S-%q
|
||||||
|
# Default value is equivalent to legacy oldlayout option
|
||||||
|
# For Motion 3.0 compatible mode choose: %Y/%m/%d/%H/%M/%S-%q
|
||||||
|
# File extension .jpg or .ppm is automatically added so do not include this
|
||||||
|
# Set to 'preview' together with best-preview feature enables special naming
|
||||||
|
# convention for preview shots. See motion guide for details
|
||||||
|
picture_filename %v-%Y%m%d%H%M%S-%q
|
||||||
|
|
||||||
|
# File path for motion triggered ffmpeg films (movies) relative to target_dir
|
||||||
|
# Default: %v-%Y%m%d%H%M%S
|
||||||
|
# File extensions(.mpg .avi) are automatically added so do not include them
|
||||||
|
movie_filename %v-%Y%m%d%H%M%S
|
||||||
|
|
||||||
|
# File path for timelapse movies relative to target_dir
|
||||||
|
# Default: %Y%m%d-timelapse
|
||||||
|
# File extensions(.mpg .avi) are automatically added so do not include them
|
||||||
|
timelapse_filename %Y%m%d-timelapse
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Global Network Options
|
||||||
|
############################################################
|
||||||
|
# Enable IPv6 (default: off)
|
||||||
|
ipv6_enabled off
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Live Stream Server
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# The mini-http server listens to this port for requests (default: 0 = disabled)
|
||||||
|
stream_port 8081
|
||||||
|
|
||||||
|
# Quality of the jpeg (in percent) images produced (default: 50)
|
||||||
|
stream_quality 50
|
||||||
|
|
||||||
|
# Output frames at 1 fps when no motion is detected and increase to the
|
||||||
|
# rate given by stream_maxrate when motion is detected (default: off)
|
||||||
|
stream_motion off
|
||||||
|
|
||||||
|
# Maximum framerate for stream streams (default: 1)
|
||||||
|
stream_maxrate 1
|
||||||
|
|
||||||
|
# Restrict stream connections to localhost only (default: on)
|
||||||
|
stream_localhost off
|
||||||
|
|
||||||
|
# Limits the number of images per connection (default: 0 = unlimited)
|
||||||
|
# Number can be defined by multiplying actual stream rate by desired number of seconds
|
||||||
|
# Actual stream rate is the smallest of the numbers framerate and stream_maxrate
|
||||||
|
stream_limit 0
|
||||||
|
|
||||||
|
# Set the authentication method (default: 0)
|
||||||
|
# 0 = disabled
|
||||||
|
# 1 = Basic authentication
|
||||||
|
# 2 = MD5 digest (the safer authentication)
|
||||||
|
stream_auth_method 0
|
||||||
|
|
||||||
|
# Authentication for the stream. Syntax username:password
|
||||||
|
# Default: not defined (Disabled)
|
||||||
|
; stream_authentication username:password
|
||||||
|
|
||||||
|
# Percentage to scale the stream image for preview
|
||||||
|
# Default: 25
|
||||||
|
; stream_preview_scale 25
|
||||||
|
|
||||||
|
# Have stream preview image start on a new line
|
||||||
|
# Default: no
|
||||||
|
; stream_preview_newline no
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# HTTP Based Control
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# TCP/IP port for the http server to listen on (default: 0 = disabled)
|
||||||
|
webcontrol_port 8080
|
||||||
|
|
||||||
|
# Restrict control connections to localhost only (default: on)
|
||||||
|
webcontrol_localhost on
|
||||||
|
|
||||||
|
# Output for http server, select off to choose raw text plain (default: on)
|
||||||
|
webcontrol_html_output on
|
||||||
|
|
||||||
|
# Authentication for the http based control. Syntax username:password
|
||||||
|
# Default: not defined (Disabled)
|
||||||
|
; webcontrol_authentication username:password
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Tracking (Pan/Tilt)
|
||||||
|
#############################################################
|
||||||
|
|
||||||
|
# Type of tracker (0=none (default), 1=stepper, 2=iomojo, 3=pwc, 4=generic, 5=uvcvideo, 6=servo)
|
||||||
|
# The generic type enables the definition of motion center and motion size to
|
||||||
|
# be used with the conversion specifiers for options like on_motion_detected
|
||||||
|
track_type 0
|
||||||
|
|
||||||
|
# Enable auto tracking (default: off)
|
||||||
|
track_auto off
|
||||||
|
|
||||||
|
# Serial port of motor (default: none)
|
||||||
|
;track_port /dev/ttyS0
|
||||||
|
|
||||||
|
# Motor number for x-axis (default: 0)
|
||||||
|
;track_motorx 0
|
||||||
|
|
||||||
|
# Set motorx reverse (default: 0)
|
||||||
|
;track_motorx_reverse 0
|
||||||
|
|
||||||
|
# Motor number for y-axis (default: 0)
|
||||||
|
;track_motory 1
|
||||||
|
|
||||||
|
# Set motory reverse (default: 0)
|
||||||
|
;track_motory_reverse 0
|
||||||
|
|
||||||
|
# Maximum value on x-axis (default: 0)
|
||||||
|
;track_maxx 200
|
||||||
|
|
||||||
|
# Minimum value on x-axis (default: 0)
|
||||||
|
;track_minx 50
|
||||||
|
|
||||||
|
# Maximum value on y-axis (default: 0)
|
||||||
|
;track_maxy 200
|
||||||
|
|
||||||
|
# Minimum value on y-axis (default: 0)
|
||||||
|
;track_miny 50
|
||||||
|
|
||||||
|
# Center value on x-axis (default: 0)
|
||||||
|
;track_homex 128
|
||||||
|
|
||||||
|
# Center value on y-axis (default: 0)
|
||||||
|
;track_homey 128
|
||||||
|
|
||||||
|
# ID of an iomojo camera if used (default: 0)
|
||||||
|
track_iomojo_id 0
|
||||||
|
|
||||||
|
# Angle in degrees the camera moves per step on the X-axis
|
||||||
|
# with auto-track (default: 10)
|
||||||
|
# Currently only used with pwc type cameras
|
||||||
|
track_step_angle_x 10
|
||||||
|
|
||||||
|
# Angle in degrees the camera moves per step on the Y-axis
|
||||||
|
# with auto-track (default: 10)
|
||||||
|
# Currently only used with pwc type cameras
|
||||||
|
track_step_angle_y 10
|
||||||
|
|
||||||
|
# Delay to wait for after tracking movement as number
|
||||||
|
# of picture frames (default: 10)
|
||||||
|
track_move_wait 10
|
||||||
|
|
||||||
|
# Speed to set the motor to (stepper motor option) (default: 255)
|
||||||
|
track_speed 255
|
||||||
|
|
||||||
|
# Number of steps to make (stepper motor option) (default: 40)
|
||||||
|
track_stepsize 40
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# External Commands, Warnings and Logging:
|
||||||
|
# You can use conversion specifiers for the on_xxxx commands
|
||||||
|
# %Y = year, %m = month, %d = date,
|
||||||
|
# %H = hour, %M = minute, %S = second,
|
||||||
|
# %v = event, %q = frame number, %t = camera id number,
|
||||||
|
# %D = changed pixels, %N = noise level,
|
||||||
|
# %i and %J = width and height of motion area,
|
||||||
|
# %K and %L = X and Y coordinates of motion center
|
||||||
|
# %C = value defined by text_event
|
||||||
|
# %f = filename with full path
|
||||||
|
# %n = number indicating filetype
|
||||||
|
# Both %f and %n are only defined for on_picture_save,
|
||||||
|
# on_movie_start and on_movie_end
|
||||||
|
# Quotation marks round string are allowed.
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Do not sound beeps when detecting motion (default: on)
|
||||||
|
# Note: Motion never beeps when running in daemon mode.
|
||||||
|
quiet on
|
||||||
|
|
||||||
|
# Command to be executed when an event starts. (default: none)
|
||||||
|
# An event starts at first motion detected after a period of no motion defined by event_gap
|
||||||
|
; on_event_start value
|
||||||
|
|
||||||
|
# Command to be executed when an event ends after a period of no motion
|
||||||
|
# (default: none). The period of no motion is defined by option event_gap.
|
||||||
|
; on_event_end value
|
||||||
|
|
||||||
|
# Command to be executed when a picture (.ppm|.jpg) is saved (default: none)
|
||||||
|
# To give the filename as an argument to a command append it with %f
|
||||||
|
; on_picture_save value
|
||||||
|
|
||||||
|
# Command to be executed when a motion frame is detected (default: none)
|
||||||
|
; on_motion_detected value
|
||||||
|
|
||||||
|
# Command to be executed when motion in a predefined area is detected
|
||||||
|
# Check option 'area_detect'. (default: none)
|
||||||
|
; on_area_detected value
|
||||||
|
|
||||||
|
# Command to be executed when a movie file (.mpg|.avi) is created. (default: none)
|
||||||
|
# To give the filename as an argument to a command append it with %f
|
||||||
|
; on_movie_start value
|
||||||
|
|
||||||
|
# Command to be executed when a movie file (.mpg|.avi) is closed. (default: none)
|
||||||
|
# To give the filename as an argument to a command append it with %f
|
||||||
|
; on_movie_end value
|
||||||
|
|
||||||
|
# Command to be executed when a camera can't be opened or if it is lost
|
||||||
|
# NOTE: There is situations when motion don't detect a lost camera!
|
||||||
|
# It depends on the driver, some drivers dosn't detect a lost camera at all
|
||||||
|
# Some hangs the motion thread. Some even hangs the PC! (default: none)
|
||||||
|
; on_camera_lost value
|
||||||
|
|
||||||
|
#####################################################################
|
||||||
|
# Common Options for database features.
|
||||||
|
# Options require database options to be active also.
|
||||||
|
#####################################################################
|
||||||
|
|
||||||
|
# Log to the database when creating motion triggered picture file (default: on)
|
||||||
|
; sql_log_picture on
|
||||||
|
|
||||||
|
# Log to the database when creating a snapshot image file (default: on)
|
||||||
|
; sql_log_snapshot on
|
||||||
|
|
||||||
|
# Log to the database when creating motion triggered movie file (default: off)
|
||||||
|
; sql_log_movie off
|
||||||
|
|
||||||
|
# Log to the database when creating timelapse movies file (default: off)
|
||||||
|
; sql_log_timelapse off
|
||||||
|
|
||||||
|
# SQL query string that is sent to the database
|
||||||
|
# Use same conversion specifiers has for text features
|
||||||
|
# Additional special conversion specifiers are
|
||||||
|
# %n = the number representing the file_type
|
||||||
|
# %f = filename with full path
|
||||||
|
# Default value:
|
||||||
|
# Create tables :
|
||||||
|
##
|
||||||
|
# Mysql
|
||||||
|
# CREATE TABLE security (camera int, filename char(80) not null, frame int, file_type int, time_stamp timestamp(14), event_time_stamp timestamp(14));
|
||||||
|
#
|
||||||
|
# Postgresql
|
||||||
|
# CREATE TABLE security (camera int, filename char(80) not null, frame int, file_type int, time_stamp timestamp without time zone, event_time_stamp timestamp without time zone);
|
||||||
|
#
|
||||||
|
# insert into security(camera, filename, frame, file_type, time_stamp, text_event) values('%t', '%f', '%q', '%n', '%Y-%m-%d %T', '%C')
|
||||||
|
; sql_query insert into security(camera, filename, frame, file_type, time_stamp, event_time_stamp) values('%t', '%f', '%q', '%n', '%Y-%m-%d %T', '%C')
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Database Options
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# database type : mysql, postgresql, sqlite3 (default : not defined)
|
||||||
|
; database_type value
|
||||||
|
|
||||||
|
# database to log to (default: not defined)
|
||||||
|
# for sqlite3, the full path and name for the database.
|
||||||
|
; database_dbname value
|
||||||
|
|
||||||
|
# The host on which the database is located (default: localhost)
|
||||||
|
; database_host value
|
||||||
|
|
||||||
|
# User account name for database (default: not defined)
|
||||||
|
; database_user value
|
||||||
|
|
||||||
|
# User password for database (default: not defined)
|
||||||
|
; database_password value
|
||||||
|
|
||||||
|
# Port on which the database is located
|
||||||
|
# mysql 3306 , postgresql 5432 (default: not defined)
|
||||||
|
; database_port value
|
||||||
|
|
||||||
|
# Database wait time in milliseconds for locked database to
|
||||||
|
# be unlocked before returning database locked error (default 0)
|
||||||
|
; database_busy_timeout 0
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
############################################################
|
||||||
|
# Video Loopback Device (vloopback project)
|
||||||
|
############################################################
|
||||||
|
|
||||||
|
# Output images to a video4linux loopback device
|
||||||
|
# The value '-' means next available (default: not defined)
|
||||||
|
; video_pipe value
|
||||||
|
|
||||||
|
# Output motion images to a video4linux loopback device
|
||||||
|
# The value '-' means next available (default: not defined)
|
||||||
|
; motion_video_pipe value
|
||||||
|
|
||||||
|
|
||||||
|
##############################################################
|
||||||
|
# camera config files - One for each camera.
|
||||||
|
# Except if only one camera - You only need this config file.
|
||||||
|
# If you have more than one camera you MUST define one camera
|
||||||
|
# config file for each camera in addition to this config file.
|
||||||
|
##############################################################
|
||||||
|
|
||||||
|
# Remember: If you have more than one camera you must have one
|
||||||
|
# camera file for each camera. E.g. 2 cameras requires 3 files:
|
||||||
|
# This motion.conf file AND camera1.conf and camera2.conf.
|
||||||
|
# Only put the options that are unique to each camera in the
|
||||||
|
# camera config files.
|
||||||
|
; camera /etc/motion/camera1.conf
|
||||||
|
; camera /etc/motion/camera2.conf
|
||||||
|
; camera /etc/motion/camera3.conf
|
||||||
|
; camera /etc/motion/camera4.conf
|
||||||
|
|
||||||
|
|
||||||
|
##############################################################
|
||||||
|
# Camera config directory - One for each camera.
|
||||||
|
##############################################################
|
||||||
|
#
|
||||||
|
; camera_dir /etc/motion/conf.d
|
3
roles/Geth-Hub/files/sources.list
Normal file
3
roles/Geth-Hub/files/sources.list
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
deb http://raspbian.raspberrypi.org/raspbian/ bullseye main contrib non-free rpi
|
||||||
|
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
|
||||||
|
#deb-src http://raspbian.raspberrypi.org/raspbian/ bullseye main contrib non-free rpi
|
@ -1,15 +1,24 @@
|
|||||||
---
|
---
|
||||||
|
- name: Update the apt sources
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: "sources.list"
|
||||||
|
dest: "/etc/apt/sources.list"
|
||||||
|
|
||||||
- name: Geth-Hub packages
|
- name: Geth-Hub packages
|
||||||
become: yes
|
become: yes
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- motion
|
- motion
|
||||||
- lirc
|
- lirc
|
||||||
|
- libcamera-apps
|
||||||
|
- ir-keytable
|
||||||
state: present
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
- name: Copy the SSH key
|
- name: Copy the SSH key
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: "{{ depriv_user | default('pi') }}"
|
user: "{{ ansible_user_id }}"
|
||||||
state: present
|
state: present
|
||||||
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/geth.pub') }}"
|
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/geth.pub') }}"
|
||||||
|
|
||||||
@ -17,27 +26,53 @@
|
|||||||
become: yes
|
become: yes
|
||||||
register: motion_config
|
register: motion_config
|
||||||
copy:
|
copy:
|
||||||
src: "motion.conf"
|
src: "motion.conf/{{ inventory_hostname }}"
|
||||||
dest: "/etc/motion/motion.conf"
|
dest: "/etc/motion/motion.conf"
|
||||||
|
|
||||||
|
- name: Create motion log folder
|
||||||
|
become: yes
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: motion
|
||||||
|
group: motion
|
||||||
|
mode: 0750
|
||||||
|
loop:
|
||||||
|
- "/var/log/motion"
|
||||||
|
- "/var/run/motion"
|
||||||
|
|
||||||
- name: Restart the motion service
|
- name: Restart the motion service
|
||||||
become: yes
|
become: yes
|
||||||
when: motion_config.changed
|
when: motion_config.changed and motion_enabled
|
||||||
service:
|
service:
|
||||||
name: motion
|
name: motion
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
|
||||||
|
- name: Allow override of motion service
|
||||||
|
become: yes
|
||||||
|
when: not motion_enabled
|
||||||
|
service:
|
||||||
|
name: motion
|
||||||
|
state: stopped
|
||||||
|
enabled: no
|
||||||
|
|
||||||
|
|
||||||
# Thanks to https://wiki.geekworm.com/Raspberry_Pi_IR_Control_Expansion_Board for instructions setting up lirc
|
# Thanks to https://wiki.geekworm.com/Raspberry_Pi_IR_Control_Expansion_Board for instructions setting up lirc
|
||||||
- name: Set the dtoverlay
|
- name: Set the dtoverlay
|
||||||
become: yes
|
become: yes
|
||||||
lineinfile:
|
register: dtoverlay
|
||||||
|
blockinfile:
|
||||||
path: "/boot/config.txt"
|
path: "/boot/config.txt"
|
||||||
regexp: "^dtoverlay="
|
insertafter: EOF
|
||||||
line: "dtoverlay=lirc-rpi,gpio_in_pin={{ gpio_in_pin | default('18') }},gpio_out_pin={{ gpio_out_pin | default('17') }}"
|
marker: "# {mark} Ubiqtorate Managed Block"
|
||||||
|
block: |
|
||||||
|
dtoverlay=gpio-ir,gpio_pin={{ gpio_in_pin | default('18') }}
|
||||||
|
dtoverlay=gpio-ir-tx,gpio_pin={{ gpio_out_pin | default('17') }}
|
||||||
|
|
||||||
- name: Set the dtparam
|
- name: Set the dtparam
|
||||||
become: yes
|
become: yes
|
||||||
|
register: dtparam
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "/boot/config.txt"
|
path: "/boot/config.txt"
|
||||||
regexp: "^dtparam="
|
regexp: "^dtparam="
|
||||||
@ -45,10 +80,28 @@
|
|||||||
|
|
||||||
- name: Copy the modules config
|
- name: Copy the modules config
|
||||||
become: yes
|
become: yes
|
||||||
|
register: modules_config
|
||||||
template:
|
template:
|
||||||
src: "modules.j2"
|
src: "modules.j2"
|
||||||
dest: "/etc/modules"
|
dest: "/etc/modules"
|
||||||
|
|
||||||
|
- name: Copy the modules config, part 2
|
||||||
|
become: yes
|
||||||
|
register: modules_config_2
|
||||||
|
template:
|
||||||
|
src: "lirc_rpi.conf.j2"
|
||||||
|
dest: "/etc/modprobe.d/lirc_rpi.conf"
|
||||||
|
|
||||||
|
- name: Reboot if needed
|
||||||
|
become: yes
|
||||||
|
when: modules_config.changed or dtparam.changed or dtoverlay.changed or modules_config_2.changed
|
||||||
|
reboot:
|
||||||
|
|
||||||
|
- name: Wait if needed
|
||||||
|
become: yes
|
||||||
|
when: modules_config.changed or dtparam.changed or dtoverlay.changed or modules_config_2.changed
|
||||||
|
wait_for_connection:
|
||||||
|
|
||||||
- name: Copy lircd supplemental config
|
- name: Copy lircd supplemental config
|
||||||
register: lircd_supp_config
|
register: lircd_supp_config
|
||||||
become: yes
|
become: yes
|
||||||
@ -60,13 +113,13 @@
|
|||||||
register: lircd_remote_config
|
register: lircd_remote_config
|
||||||
become: yes
|
become: yes
|
||||||
copy:
|
copy:
|
||||||
src: "lircd.conf.{{ inventory_hostname }}"
|
src: "lircd.conf/{{ inventory_hostname }}"
|
||||||
dest: /etc/lircd.conf
|
dest: /etc/lircd.conf
|
||||||
|
|
||||||
- name: Start the services
|
- name: Start the services
|
||||||
when: lircd_supp_config.changed or lircd_remote_config.changed
|
when: lircd_supp_config.changed or lircd_remote_config.changed
|
||||||
become: yes
|
become: yes
|
||||||
service:
|
service:
|
||||||
name: lirc
|
name: lircd
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
1
roles/Geth-Hub/templates/lirc_rpi.conf.j2
Normal file
1
roles/Geth-Hub/templates/lirc_rpi.conf.j2
Normal file
@ -0,0 +1 @@
|
|||||||
|
options gpio_ir_recv gpio_in_pin={{ gpio_in_pin | default('18') }} gpio_out_pin={{ gpio_out_pin | default('17') }}
|
@ -1,34 +0,0 @@
|
|||||||
dhcp-range=10.0.1.224,10.0.1.254,255.255.255.0,12h
|
|
||||||
dhcp-option=option:router,10.0.1.1
|
|
||||||
dhcp-option=option:dns-server,10.0.1.7
|
|
||||||
|
|
||||||
dhcp-range=10.0.1.1,10.0.1.223,255.255.255.0,12h
|
|
||||||
dhcp-host=B8:27:EB:B6:AA:0C,10.0.1.2
|
|
||||||
dhcp-host=B8:27:EB:B6:AA:0C,10.0.1.3
|
|
||||||
dhcp-host=B8:27:EB:B6:AA:0C,10.0.1.4
|
|
||||||
dhcp-host=B8:27:EB:B6:AA:0C,10.0.1.5
|
|
||||||
dhcp-host=B8:27:EB:B6:AA:0C,10.0.1.6
|
|
||||||
dhcp-host=B8:27:EB:B6:AA:0C,10.0.1.7
|
|
||||||
dhcp-host=00:15:5D:01:02:05,10.0.1.8
|
|
||||||
dhcp-host=00:15:5D:01:02:04,10.0.1.9
|
|
||||||
dhcp-host=00:15:5d:01:02:06,10.0.1.10
|
|
||||||
dhcp-host=00:15:5d:01:02:07,10.0.1.11
|
|
||||||
dhcp-host=00:25:90:0d:6e:86,10.0.1.12
|
|
||||||
dhcp-host=84:16:F9:14:15:C5,10.0.1.16
|
|
||||||
dhcp-host=84:16:F9:13:B6:E6,10.0.1.17
|
|
||||||
dhcp-host=00:15:5d:01:02:08,10.0.1.24
|
|
||||||
dhcp-host=00:15:5d:01:02:09,10.0.1.25
|
|
||||||
dhcp-host=aa:aa:aa:aa:aa:aa,10.0.1.32
|
|
||||||
dhcp-host=34:f6:4b:36:12:8f,10.0.1.33
|
|
||||||
dhcp-host=64:C2:DE:78:BB:40,10.0.1.34
|
|
||||||
dhcp-host=64:C2:DE:0C:AB:0D,10.0.1.35
|
|
||||||
dhcp-host=00:1F:BC:10:1C:F7,10.0.1.36
|
|
||||||
dhcp-host=2c:30:33:64:f4:03,10.0.1.1
|
|
||||||
dhcp-host=00:80:92:77:CE:E4,10.0.1.37
|
|
||||||
dhcp-host=00:25:90:0D:82:5B,10.0.1.38
|
|
||||||
dhcp-host=00:25:90:3E:C6:8C,10.0.1.39
|
|
||||||
dhcp-host=9c:a3:aa:33:a3:99,10.0.1.40
|
|
||||||
dhcp-host=64:16:66:08:57:F5,10.0.2.2
|
|
||||||
dhcp-host=18:B4:30:2F:F1:37,10.0.2.3
|
|
||||||
dhcp-host=64:52:99:14:28:2B,10.0.2.4
|
|
||||||
dhcp-host=40:9F:38:95:06:34,10.0.2.5
|
|
@ -1,29 +0,0 @@
|
|||||||
10.0.1.2 Nazara.MSN0.AniNIX.net Nazara
|
|
||||||
10.0.1.3 Node-1.MSN0.AniNIX.net Node-1
|
|
||||||
10.0.1.4 Node-2.MSN0.AniNIX.net Node-2
|
|
||||||
10.0.1.5 Node-3.MSN0.AniNIX.net Node-3
|
|
||||||
10.0.1.6 Node-4.MSN0.AniNIX.net Node-4
|
|
||||||
10.0.1.7 Node-5.MSN0.AniNIX.net Node-5
|
|
||||||
10.0.1.8 Sharingan.MSN0.AniNIX.net Sharingan
|
|
||||||
10.0.1.9 DarkNet.MSN0.AniNIX.net DarkNet
|
|
||||||
10.0.1.10 Maat.MSN0.AniNIX.net Maat
|
|
||||||
10.0.1.11 Aether.MSN0.AniNIX.net Aether
|
|
||||||
10.0.1.12 Core.MSN0.AniNIX.net Core
|
|
||||||
10.0.1.16 Geth-Hub-1.MSN0.AniNIX.net Geth-Hub-1
|
|
||||||
10.0.1.17 Geth-Hub-2.MSN0.AniNIX.net Geth-Hub-2
|
|
||||||
10.0.1.24 DedNet.MSN0.AniNIX.net DedNet
|
|
||||||
10.0.1.25 Geth.MSN0.AniNIX.net Geth
|
|
||||||
10.0.1.32 Tachikoma.MSN0.AniNIX.net Tachikoma
|
|
||||||
10.0.1.33 Dedsec.MSN0.AniNIX.net Dedsec
|
|
||||||
10.0.1.34 DarkFeather.MSN0.AniNIX.net DarkFeather
|
|
||||||
10.0.1.35 Lykos.MSN0.AniNIX.net Lykos
|
|
||||||
10.0.1.36 Games.MSN0.AniNIX.net Games
|
|
||||||
10.0.1.1 Shadowfeed.MSN0.AniNIX.net Shadowfeed
|
|
||||||
10.0.1.37 Print.MSN0.AniNIX.net Print
|
|
||||||
10.0.1.38 Core-Console.MSN0.AniNIX.net Core-Console
|
|
||||||
10.0.1.39 Maat-Console.MSN0.AniNIX.net Maat-Console
|
|
||||||
10.0.1.40 Geth-Eyes.MSN0.AniNIX.net Geth-Eyes
|
|
||||||
10.0.2.2 LinKeuei.MSN0.AniNIX.net LinKeuei
|
|
||||||
10.0.2.3 Canary.MSN0.AniNIX.net Canary
|
|
||||||
10.0.2.4 Charon.MSN0.AniNIX.net Charon
|
|
||||||
10.0.2.5 Skitarii-1.MSN0.AniNIX.net Skitarii-1
|
|
55
roles/Node/tasks/main.yml
Normal file
55
roles/Node/tasks/main.yml
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
---
|
||||||
|
- name: Generate VM service files from inventory
|
||||||
|
delegate_to: localhost
|
||||||
|
register: systemd_files
|
||||||
|
run_once: true
|
||||||
|
command: "python3 ../bin/generate-systemd-vms.py {{ inventory_file }}"
|
||||||
|
|
||||||
|
- name: Install virtualization packages
|
||||||
|
become: yes
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- edk2-ovmf
|
||||||
|
- qemu-headless
|
||||||
|
- ddrescue
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Copy VM definitions
|
||||||
|
become: yes
|
||||||
|
register: vmdefs
|
||||||
|
copy:
|
||||||
|
src: vm-definitions/
|
||||||
|
dest: /usr/lib/systemd/system
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Reload systemd daemon
|
||||||
|
become: yes
|
||||||
|
when: vmdefs.changed
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
|
||||||
|
- name: QEMU Bridge Config
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: bridge.conf
|
||||||
|
dest: /etc/qemu/bridge.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: System bridge interface
|
||||||
|
become: yes
|
||||||
|
register: br0
|
||||||
|
copy:
|
||||||
|
src: br0
|
||||||
|
dest: /etc/netctl/br0
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Enable bridge
|
||||||
|
become: yes
|
||||||
|
when: br0.changed
|
||||||
|
command: "/bin/bash -l -c 'netctl enable br0 && netctl restart br0'"
|
14
roles/Node/templates/vm.service.j2
Normal file
14
roles/Node/templates/vm.service.j2
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=AniNIX/{{ inventory_hostname }}
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/sbin/qemu-system-x86_64 -name AniNIX/{{ inventory_hostname }} -machine type=pc,accel=kvm -bios /usr/share/edk2-ovmf/x64/OVMF.fd -cpu host -smp {{ cores }} {{ disks }} -net nic,macaddr={{ mac }},model=virtio -net bridge,br={{ bridge }} -vga std -nographic -vnc :{{ vnc }} -m size={{ memory }}G -device virtio-rng-pci
|
||||||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
KillMode=process
|
||||||
|
Restart=always
|
||||||
|
User=root
|
||||||
|
Group=root
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
11
roles/SSL/files/certbot.service
Executable file
11
roles/SSL/files/certbot.service
Executable file
@ -0,0 +1,11 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Certbot
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=certbot renew -w /var/lib/letsencrypt/ --preferred-chain "ISRG Root X1"
|
||||||
|
ExecStartPost=/usr/bin/systemctl reload openresty
|
||||||
|
KillMode=process
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=no
|
||||||
|
User=root
|
||||||
|
Group=root
|
10
roles/SSL/files/certbot.timer
Executable file
10
roles/SSL/files/certbot.timer
Executable file
@ -0,0 +1,10 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Certbot
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar=Sat *-*-* 00:00
|
||||||
|
AccuracySec=1us
|
||||||
|
Persistent=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
@ -1,24 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [ `whoami` != 'root' ]; then
|
|
||||||
sudo $0 $@
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
|
|
||||||
domain="$1"
|
|
||||||
|
|
||||||
certbot certonly -d ${domain} -d "*.${domain}" --manual --force-interactive --reuse-key
|
|
||||||
cat /etc/letsencrypt/live/${domain}/cert.pem /etc/letsencrypt/live/${domain}/privkey.pem > /etc/letsencrypt/live/${domain}/certkey.pem
|
|
||||||
|
|
||||||
# PKCS12 for Emby
|
|
||||||
echo | openssl pkcs12 -password stdin -export -out /etc/letsencrypt/live/${domain}/ssl.pfx -inkey /etc/letsencrypt/live/${domain}/privkey.pem -in /etc/letsencrypt/live/${domain}/cert.pem -certfile /etc/letsencrypt/live/${domain}/fullchain.pem
|
|
||||||
cat /etc/letsencrypt/live/${domain}/ssl.pfx > /var/lib/emby/ssl/yggdrasil.pfx
|
|
||||||
|
|
||||||
systemctl restart webserver
|
|
||||||
systemctl restart yggdrasil
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "Don't forget to send \`/raw reloadmodule m_ssl_openssl.so\` to a NetAdmin session on AniNIX/IRC"
|
|
||||||
echo Add these to the TLSA records for the domain
|
|
||||||
|
|
||||||
bash ./tlsa-generation.bash
|
|
@ -1,4 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
openssl x509 -in /etc/letsencrypt/live/aninix.net/chain.pem -noout -pubkey | openssl rsa -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "le-ca TLSA 2 1 1", $NF}'
|
|
||||||
openssl x509 -in /etc/letsencrypt/live/aninix.net/cert.pem -noout -pubkey | openssl rsa -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "cert TLSA 3 1 1", $NF}'
|
|
||||||
|
|
@ -6,3 +6,60 @@
|
|||||||
name:
|
name:
|
||||||
- certbot
|
- certbot
|
||||||
- openssl
|
- openssl
|
||||||
|
|
||||||
|
- name: Services
|
||||||
|
become: yes
|
||||||
|
register: services
|
||||||
|
copy:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: /usr/lib/systemd/system
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
loop:
|
||||||
|
- "certbot.service"
|
||||||
|
- "certbot.timer"
|
||||||
|
|
||||||
|
- name: Enable timer
|
||||||
|
when: services.changed
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
name: certbot.timer
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Create letsencrypt folder
|
||||||
|
become: yes
|
||||||
|
file:
|
||||||
|
path: /var/lib/letsencrypt
|
||||||
|
owner: root
|
||||||
|
group: http
|
||||||
|
mode: 2755
|
||||||
|
|
||||||
|
- name: Copy TLSA script
|
||||||
|
become: yes
|
||||||
|
template:
|
||||||
|
src: tlsa-generation.bash.j2
|
||||||
|
dest: /usr/local/sbin/tlsa-generation.bash
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0700
|
||||||
|
|
||||||
|
- name: Get proposed TLSA records
|
||||||
|
become: yes
|
||||||
|
command: /usr/local/sbin/tlsa-generation.bash
|
||||||
|
register: tlsa_records
|
||||||
|
|
||||||
|
- name: Show proposed TLSA records
|
||||||
|
debug:
|
||||||
|
msg: "{{ tlsa_records.stdout_lines }}"
|
||||||
|
|
||||||
|
- name: Get TLSA records
|
||||||
|
delegate_to: localhost
|
||||||
|
run_once: yes
|
||||||
|
command: "/bin/bash -c 'printf _443._tcp\\ ; dig _443._tcp.{{ external_domain }} TLSA +short; printf _6697._tcp\\ ; dig _6697._tcp.{{ external_domain }} TLSA +short'"
|
||||||
|
register: ext_tlsa_records
|
||||||
|
|
||||||
|
- name: Show TLSA records
|
||||||
|
debug:
|
||||||
|
msg: "{{ ext_tlsa_records.stdout_lines }}"
|
||||||
|
4
roles/SSL/templates/tlsa-generation.bash.j2
Normal file
4
roles/SSL/templates/tlsa-generation.bash.j2
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
openssl x509 -in /etc/letsencrypt/live/{{ sslidentity }}/chain.pem -noout -pubkey | openssl rsa -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "le-ca TLSA 2 1 1", $NF}'
|
||||||
|
openssl x509 -in /etc/letsencrypt/live/{{ sslidentity}}/cert.pem -noout -pubkey | openssl rsa -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "cert TLSA 3 1 1", $NF}'
|
||||||
|
|
1
roles/ShadowArch/README.md
Normal file
1
roles/ShadowArch/README.md
Normal file
@ -0,0 +1 @@
|
|||||||
|
This role expands on the [AniNIX/ShadowArch](/AniNIX/ShadowArch) project for customizing ArchLinux to fit our needs. This role is intended to populate those settings driven from inventory data that can't be easily included in the package.
|
7
roles/ShadowArch/files/mirrorlist
Normal file
7
roles/ShadowArch/files/mirrorlist
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# Server list generated by rankmirrors on 2022-01-25
|
||||||
|
Server = http://mirrors.kernel.org/archlinux/$repo/os/$arch
|
||||||
|
Server = http://arch.hu.fo/archlinux/$repo/os/$arch
|
||||||
|
Server = http://il.us.mirror.archlinux-br.org/$repo/os/$arch
|
||||||
|
Server = http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch
|
||||||
|
Server = http://mirror.pit.teraswitch.com/archlinux/$repo/os/$arch
|
||||||
|
Server = http://mirrors.gigenet.com/archlinux/$repo/os/$arch
|
5
roles/ShadowArch/files/motd/Core
Normal file
5
roles/ShadowArch/files/motd/Core
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
################################################################################
|
||||||
|
# Welcome to the AniNIX #
|
||||||
|
# #
|
||||||
|
# This is the network core VM. Let us know if services are gone or down. #
|
||||||
|
################################################################################
|
5
roles/ShadowArch/files/motd/DarkNet
Normal file
5
roles/ShadowArch/files/motd/DarkNet
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
################################################################################
|
||||||
|
# AniNIX/DarkNet #
|
||||||
|
# #
|
||||||
|
# This is the network anonymization platform. Make sure VPN and TOR are up. #
|
||||||
|
################################################################################
|
3
roles/ShadowArch/files/motd/Geth-Hub-1
Normal file
3
roles/ShadowArch/files/motd/Geth-Hub-1
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
|
||||||
|
# AniNIX/Geth Hardware Platform (Raspbian Rpi 1 B+) #
|
||||||
|
|
3
roles/ShadowArch/files/motd/Geth-Hub-2
Normal file
3
roles/ShadowArch/files/motd/Geth-Hub-2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
|
||||||
|
# AniNIX/Geth Hardware Platform (Raspbian Rpi 1 B+) #
|
||||||
|
|
3
roles/ShadowArch/files/motd/Geth-Hub-3
Normal file
3
roles/ShadowArch/files/motd/Geth-Hub-3
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
|
||||||
|
# AniNIX/Geth Hardware Platform (Raspberry Pi 3 Model B Plus Rev 1.3) #
|
||||||
|
|
5
roles/ShadowArch/files/motd/Maat
Normal file
5
roles/ShadowArch/files/motd/Maat
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
################################################################################
|
||||||
|
# AniNIX/Maat #
|
||||||
|
# #
|
||||||
|
# This is the network CI/CD platform. Check `systemctl status maat-builder` #
|
||||||
|
################################################################################
|
5
roles/ShadowArch/files/motd/Nazara
Normal file
5
roles/ShadowArch/files/motd/Nazara
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
################################################################################
|
||||||
|
# AniNIX/Nazara #
|
||||||
|
# #
|
||||||
|
# This is the network DNS/DHCP service, using Raspberry Pi pihole, and bastion #
|
||||||
|
################################################################################
|
6
roles/ShadowArch/files/motd/Node0
Normal file
6
roles/ShadowArch/files/motd/Node0
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
################################################################################
|
||||||
|
# AniNIX/Node0 #
|
||||||
|
# #
|
||||||
|
# This is the network virtualization platform. VMs can be found with this: #
|
||||||
|
# cd /usr/lib/systemd/system; ls -1 *vm.service | xargs -n 1 systemctl status #
|
||||||
|
################################################################################
|
5
roles/ShadowArch/files/motd/Sharingan
Normal file
5
roles/ShadowArch/files/motd/Sharingan
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
################################################################################
|
||||||
|
# AniNIX/Sharingan #
|
||||||
|
# #
|
||||||
|
# This is the network monitoring platform. It will send alarms to #sharingan #
|
||||||
|
################################################################################
|
@ -74,16 +74,16 @@ LocalFileSigLevel = Optional
|
|||||||
#Include = /etc/pacman.d/mirrorlist
|
#Include = /etc/pacman.d/mirrorlist
|
||||||
|
|
||||||
[core]
|
[core]
|
||||||
Include = /etc/pacman.d/mirrorlist
|
Include = /etc/pacman.d/mirrorlist.shadowarch
|
||||||
|
|
||||||
[extra]
|
[extra]
|
||||||
Include = /etc/pacman.d/mirrorlist
|
Include = /etc/pacman.d/mirrorlist.shadowarch
|
||||||
|
|
||||||
#[community-testing]
|
#[community-testing]
|
||||||
#Include = /etc/pacman.d/mirrorlist
|
#Include = /etc/pacman.d/mirrorlist
|
||||||
|
|
||||||
[community]
|
[community]
|
||||||
Include = /etc/pacman.d/mirrorlist
|
Include = /etc/pacman.d/mirrorlist.shadowarch
|
||||||
|
|
||||||
# If you want to run 32 bit applications on your x86_64 system,
|
# If you want to run 32 bit applications on your x86_64 system,
|
||||||
# enable the multilib repositories as required here.
|
# enable the multilib repositories as required here.
|
||||||
@ -92,7 +92,7 @@ Include = /etc/pacman.d/mirrorlist
|
|||||||
#Include = /etc/pacman.d/mirrorlist
|
#Include = /etc/pacman.d/mirrorlist
|
||||||
|
|
||||||
[multilib]
|
[multilib]
|
||||||
Include = /etc/pacman.d/mirrorlist
|
Include = /etc/pacman.d/mirrorlist.shadowarch
|
||||||
|
|
||||||
# An example of a custom package repository. See the pacman manpage for
|
# An example of a custom package repository. See the pacman manpage for
|
||||||
# tips on creating your own repositories.
|
# tips on creating your own repositories.
|
17
roles/ShadowArch/files/raspbian-interfaces
Normal file
17
roles/ShadowArch/files/raspbian-interfaces
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
# interfaces(5) file used by ifup(8) and ifdown(8)
|
||||||
|
|
||||||
|
# Please note that this file is written to be used with dhcpcd
|
||||||
|
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
|
||||||
|
|
||||||
|
# Include files from /etc/network/interfaces.d:
|
||||||
|
source-directory /etc/network/interfaces.d
|
||||||
|
|
||||||
|
auto lo
|
||||||
|
iface lo inet loopback
|
||||||
|
|
||||||
|
iface eth0 inet manual
|
||||||
|
|
||||||
|
auto wlan0
|
||||||
|
allow-hotplug wlan0
|
||||||
|
iface wlan0 inet dhcp
|
||||||
|
wpa-conf /etc/wpa_supplicant.conf
|
3
roles/ShadowArch/files/raspbian-interfaces.static
Normal file
3
roles/ShadowArch/files/raspbian-interfaces.static
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# interfaces(5) file used by ifup(8) and ifdown(8)
|
||||||
|
# Include files from /etc/network/interfaces.d:
|
||||||
|
source /etc/network/interfaces.d/*
|
26
roles/ShadowArch/tasks/archlinux-network.yml
Normal file
26
roles/ShadowArch/tasks/archlinux-network.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: ArchLinux network packages
|
||||||
|
become: yes
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- netctl
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Static ArchLinux network config
|
||||||
|
become: yes
|
||||||
|
when: static
|
||||||
|
template:
|
||||||
|
src: netctl-static.j2
|
||||||
|
dest: "/etc/netctl/{{ ipinterface }}"
|
||||||
|
|
||||||
|
- name: Dynamic ArchLinux network config
|
||||||
|
become: yes
|
||||||
|
when: static
|
||||||
|
template:
|
||||||
|
src: netctl-dhcp.j2
|
||||||
|
dest: "/etc/netctl/{{ ipinterface }}"
|
||||||
|
|
||||||
|
- name: Enable network config
|
||||||
|
become: yes
|
||||||
|
command: "netctl enable {{ ipinterface }}"
|
29
roles/ShadowArch/tasks/dns.yml
Normal file
29
roles/ShadowArch/tasks/dns.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
- name: Install DNS packages
|
||||||
|
become: yes
|
||||||
|
ignore_errors: yes
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- bind
|
||||||
|
- net-tools
|
||||||
|
- iputils
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Set up /etc/resolv.conf
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
dest: /etc/resolv.conf
|
||||||
|
content: "domain {{ replica_domain }}\nnameserver {{ dns }}\n"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Set up /etc/hosts
|
||||||
|
vars:
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/hosts
|
||||||
|
regexp: '^127.0.0.1[ \t]+localhost'
|
||||||
|
line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
|
||||||
|
state: present
|
190
roles/ShadowArch/tasks/main.yml
Normal file
190
roles/ShadowArch/tasks/main.yml
Normal file
@ -0,0 +1,190 @@
|
|||||||
|
---
|
||||||
|
###
|
||||||
|
# This role installs the basic package and host setup for AniNIX operations.
|
||||||
|
|
||||||
|
# This is an AniNIX convention to allow password management by Ansible.
|
||||||
|
- name: Base packages
|
||||||
|
vars:
|
||||||
|
ansible_become_method: su
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- bash
|
||||||
|
- sudo
|
||||||
|
- git
|
||||||
|
- tmux
|
||||||
|
- vim
|
||||||
|
- sysstat
|
||||||
|
- iotop
|
||||||
|
- lsof
|
||||||
|
- rsync
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Ensure deploy user has sudo permissions.
|
||||||
|
vars:
|
||||||
|
ansible_become_method: su
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
dest: /etc/sudoers.d/basics
|
||||||
|
content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"
|
||||||
|
|
||||||
|
- name: Ensure we include /etc/sudoers.d (Current)
|
||||||
|
vars:
|
||||||
|
ansible_become_method: su
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
when: ansible_architecture != "armv6l"
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/sudoers
|
||||||
|
regexp: "includedir /etc/sudoers.d"
|
||||||
|
line: "@includedir /etc/sudoers.d"
|
||||||
|
|
||||||
|
- name: Ensure we include /etc/sudoers.d (Legacy)
|
||||||
|
vars:
|
||||||
|
ansible_become_method: su
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
when: ansible_architecture == "armv6l"
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/sudoers
|
||||||
|
regexp: "includedir /etc/sudoers.d"
|
||||||
|
line: "#includedir /etc/sudoers.d"
|
||||||
|
|
||||||
|
- name: Test root password
|
||||||
|
ignore_errors: yes
|
||||||
|
register: root_password_test
|
||||||
|
vars:
|
||||||
|
ansible_become_method: su
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
command: id
|
||||||
|
|
||||||
|
- name: Define passwords
|
||||||
|
vars:
|
||||||
|
ansible_become_user: "root"
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
when: root_password_test.rc is not defined or root_password_test.rc != 0
|
||||||
|
command:
|
||||||
|
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ passwords[inventory_hostname] }}' '{{ passwords[inventory_hostname] }}' | passwd {{ item }}"
|
||||||
|
loop:
|
||||||
|
- root
|
||||||
|
- "{{ ansible_user_id }}"
|
||||||
|
|
||||||
|
- name: Set up pacman.conf
|
||||||
|
vars:
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: pacman.conf
|
||||||
|
dest: /etc/pacman.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
when: ansible_os_family == "Archlinux"
|
||||||
|
|
||||||
|
- name: Generate mirrorlist
|
||||||
|
delegate_to: localhost
|
||||||
|
run_once: yes
|
||||||
|
command: "bash ../bin/generate-mirrorlist"
|
||||||
|
|
||||||
|
- name: Copy mirrorlist
|
||||||
|
become: yes
|
||||||
|
when: ansible_os_family == "Archlinux"
|
||||||
|
copy:
|
||||||
|
src: mirrorlist
|
||||||
|
dest: /etc/pacman.d/mirrorlist.shadowarch
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Set up apt sources.list
|
||||||
|
vars:
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
deb http://raspbian.raspberrypi.org/raspbian/ bullseye main contrib non-free rpi
|
||||||
|
# deb-src http://archive.raspbian.org/raspbian/ stretch main contrib non-free rpi
|
||||||
|
dest: /etc/apt/sources.list
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
when: ansible_os_family == "Debian"
|
||||||
|
|
||||||
|
- name: Install ShadowArch (ArchLinux)
|
||||||
|
vars:
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
pacman:
|
||||||
|
name: ShadowArch
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
when: ansible_os_family == "Archlinux"
|
||||||
|
|
||||||
|
- name: Set up AniNIX-specific repository location (Other)
|
||||||
|
when: ansible_os_family != "Archlinux"
|
||||||
|
vars:
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
file:
|
||||||
|
path: /opt/aninix
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Download ShadowArch (Other)
|
||||||
|
vars:
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
ignore_errors: yes
|
||||||
|
git:
|
||||||
|
repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
|
||||||
|
dest: '/opt/aninix/ShadowArch'
|
||||||
|
update: yes
|
||||||
|
when: ansible_os_family != "Archlinux"
|
||||||
|
|
||||||
|
- name: Install ShadowArch (Other)
|
||||||
|
vars:
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
command:
|
||||||
|
chdir: '/opt/aninix/ShadowArch'
|
||||||
|
cmd: '/bin/bash -c "make install; /usr/local/sbin/shadowarch-sync"'
|
||||||
|
when: ansible_os_family != "Archlinux"
|
||||||
|
|
||||||
|
- name: Set up hostname
|
||||||
|
vars:
|
||||||
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
||||||
|
become: yes
|
||||||
|
hostname:
|
||||||
|
name: "{{ inventory_hostname }}.{{ replica_domain }}"
|
||||||
|
|
||||||
|
- name: Set Bash MOTD
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: "motd/{{ inventory_hostname }}"
|
||||||
|
dest: /etc/bash.motd
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Nullify overall MOTD
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: /dev/null
|
||||||
|
dest: /etc/motd
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- include: archlinux-network.yml
|
||||||
|
when: ansible_os_family == "Archlinux"
|
||||||
|
|
||||||
|
- include: raspbian-network.yml
|
||||||
|
when: ansible_os_family == "Debian"
|
||||||
|
|
||||||
|
- include: dns.yml
|
||||||
|
|
||||||
|
- include: ntp.yml
|
40
roles/ShadowArch/tasks/ntp.yml
Normal file
40
roles/ShadowArch/tasks/ntp.yml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
---
|
||||||
|
- name: Set up time zone
|
||||||
|
become: yes
|
||||||
|
register: localtime
|
||||||
|
file:
|
||||||
|
src: "/usr/share/zoneinfo/{{ time_zone }}"
|
||||||
|
dest: /etc/localtime
|
||||||
|
state: link
|
||||||
|
|
||||||
|
- name: Remove legacy NTP services
|
||||||
|
become: yes
|
||||||
|
ignore_errors: yes
|
||||||
|
service:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: stopped
|
||||||
|
enabled: no
|
||||||
|
loop:
|
||||||
|
- ntpd
|
||||||
|
- openntpd
|
||||||
|
|
||||||
|
- name: Remove legacy NTP packages
|
||||||
|
become: yes
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- ntp
|
||||||
|
- openntpd
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Install NTP packages
|
||||||
|
become: yes
|
||||||
|
package:
|
||||||
|
name: chrony
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Start NTP service
|
||||||
|
become: yes
|
||||||
|
service:
|
||||||
|
name: chronyd
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
43
roles/ShadowArch/tasks/raspbian-network.yml
Normal file
43
roles/ShadowArch/tasks/raspbian-network.yml
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Rasbian network packages
|
||||||
|
become: yes
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- netbase
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Rasbian network config
|
||||||
|
become: yes
|
||||||
|
when: not static
|
||||||
|
copy:
|
||||||
|
src: raspbian-interfaces
|
||||||
|
dest: "/etc/network/interfaces"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Rasbian network config (static)
|
||||||
|
become: yes
|
||||||
|
when: static
|
||||||
|
template:
|
||||||
|
src: raspbian-static.j2
|
||||||
|
dest: "/etc/network/interfaces"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Raspbian wireless
|
||||||
|
become: yes
|
||||||
|
command:
|
||||||
|
cmd: /bin/bash -c "wpa_passphrase {{ wireless_ssid }} '{{ passwords['Shadowfeed'] }}' > /etc/wpa_supplicant.conf"
|
||||||
|
creates: '/etc/wpa_supplicant.conf'
|
||||||
|
|
||||||
|
- name: Raspbian wireless hardening
|
||||||
|
become: yes
|
||||||
|
file:
|
||||||
|
path: '/etc/wpa_supplicant.conf'
|
||||||
|
state: file
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0600
|
4
roles/ShadowArch/templates/netctl-dhcp.j2
Normal file
4
roles/ShadowArch/templates/netctl-dhcp.j2
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
Description='DHCP wired connection'
|
||||||
|
Interface={{ ipinterface }}
|
||||||
|
Connection=ethernet
|
||||||
|
IP=dhcp
|
7
roles/ShadowArch/templates/netctl-static.j2
Normal file
7
roles/ShadowArch/templates/netctl-static.j2
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
Description='A basic static ethernet connection'
|
||||||
|
Interface={{ ipinterface }}
|
||||||
|
Connection=ethernet
|
||||||
|
IP=static
|
||||||
|
Address=('{{ ip }}/24')
|
||||||
|
Gateway='{{ router }}'
|
||||||
|
DNS=('{{ dns }}')
|
20
roles/ShadowArch/templates/raspbian-static.j2
Normal file
20
roles/ShadowArch/templates/raspbian-static.j2
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
# interfaces(5) file used by ifup(8) and ifdown(8)
|
||||||
|
|
||||||
|
# Please note that this file is written to be used with dhcpcd
|
||||||
|
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
|
||||||
|
|
||||||
|
# Include files from /etc/network/interfaces.d:
|
||||||
|
source-directory /etc/network/interfaces.d
|
||||||
|
|
||||||
|
auto lo
|
||||||
|
iface lo inet loopback
|
||||||
|
|
||||||
|
iface {{ ipinterface }} inet static
|
||||||
|
address {{ ansible_host }}/{{ netmask }}
|
||||||
|
gateway {{ router }}
|
||||||
|
|
||||||
|
auto wlan0
|
||||||
|
allow-hotplug wlan0
|
||||||
|
iface wlan0 inet dhcp
|
||||||
|
wpa-conf /etc/wpa_supplicant.conf
|
||||||
|
|
9
roles/Sharingan-Data/files/Core
Normal file
9
roles/Sharingan-Data/files/Core
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
check program anixix-HTTP with path "/usr/lib/monitoring-plugins/check_http -H aninix.net -e 301"
|
||||||
|
if status == 1 then exec "/usr/bin/bash /etc/monit.d/scripts/notify aninix.net HTTP is CRITICAL"
|
||||||
|
|
||||||
|
check program anixix-HTTPS with path "/usr/lib/monitoring-plugins/check_http -S -H aninix.net -e 200"
|
||||||
|
if status == 1 then exec "/usr/bin/bash /etc/monit.d/scripts/notify aninix.net HTTPS is CRITICAL"
|
||||||
|
|
||||||
|
check program foundation-HTTPS with path "/usr/lib/monitoring-plugins/check_http -S -H foundation.aninix.net -e 200"
|
||||||
|
if status == 1 then exec "/usr/bin/bash /etc/monit.d/scripts/notify aninix.net HTTPS is CRITICAL"
|
||||||
|
|
0
roles/Sharingan-Data/files/DarkNet
Normal file
0
roles/Sharingan-Data/files/DarkNet
Normal file
0
roles/Sharingan-Data/files/Geth-Hub-1
Normal file
0
roles/Sharingan-Data/files/Geth-Hub-1
Normal file
0
roles/Sharingan-Data/files/Geth-Hub-2
Normal file
0
roles/Sharingan-Data/files/Geth-Hub-2
Normal file
0
roles/Sharingan-Data/files/Geth-Hub-3
Normal file
0
roles/Sharingan-Data/files/Geth-Hub-3
Normal file
0
roles/Sharingan-Data/files/Maat
Normal file
0
roles/Sharingan-Data/files/Maat
Normal file
0
roles/Sharingan-Data/files/Nazara
Normal file
0
roles/Sharingan-Data/files/Nazara
Normal file
0
roles/Sharingan-Data/files/Node0
Normal file
0
roles/Sharingan-Data/files/Node0
Normal file
0
roles/Sharingan-Data/files/Sharingan
Normal file
0
roles/Sharingan-Data/files/Sharingan
Normal file
0
roles/Sharingan-Data/files/scripts/empty-dir
Normal file
0
roles/Sharingan-Data/files/scripts/empty-dir
Normal file
2
roles/Sharingan-Data/files/scripts/notify
Normal file
2
roles/Sharingan-Data/files/scripts/notify
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
systemd-cat -t sharingan-eval "$@"
|
19
roles/Sharingan-Data/files/sharingan-data.service/Archlinux
Executable file
19
roles/Sharingan-Data/files/sharingan-data.service/Archlinux
Executable file
@ -0,0 +1,19 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=AniNIX/Sharingan | Data filer
|
||||||
|
Documentation=man:syslog-ng(8)
|
||||||
|
Conflicts=emergency.service emergency.target
|
||||||
|
Wants=network.target network-online.target
|
||||||
|
After=network.target network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
EnvironmentFile=-/etc/default/syslog-ng@sharingan-data
|
||||||
|
EnvironmentFile=-/etc/sysconfig/syslog-ng@sharingan-data
|
||||||
|
ExecStart=/usr/bin/syslog-ng -F $OTHER_OPTIONS --cfgfile $CONFIG_FILE --control $CONTROL_FILE --persist-file $PERSIST_FILE --pidfile $PID_FILE
|
||||||
|
ExecReload=/usr/bin/kill -HUP $MAINPID
|
||||||
|
StandardOutput=journal
|
||||||
|
StandardError=journal
|
||||||
|
Restart=on-failure
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
19
roles/Sharingan-Data/files/sharingan-data.service/Debian
Executable file
19
roles/Sharingan-Data/files/sharingan-data.service/Debian
Executable file
@ -0,0 +1,19 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=AniNIX/Sharingan | Data filer
|
||||||
|
Documentation=man:syslog-ng(8)
|
||||||
|
Conflicts=emergency.service emergency.target
|
||||||
|
Wants=network.target network-online.target
|
||||||
|
After=network.target network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
EnvironmentFile=-/etc/default/syslog-ng@sharingan-data
|
||||||
|
EnvironmentFile=-/etc/sysconfig/syslog-ng@sharingan-data
|
||||||
|
ExecStart=/usr/sbin/syslog-ng -F $OTHER_OPTIONS --cfgfile $CONFIG_FILE --control $CONTROL_FILE --persist-file $PERSIST_FILE --pidfile $PID_FILE
|
||||||
|
ExecReload=/usr/bin/kill -HUP $MAINPID
|
||||||
|
StandardOutput=journal
|
||||||
|
StandardError=journal
|
||||||
|
Restart=on-failure
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
33
roles/Sharingan-Data/files/sharingan-eval.service
Executable file
33
roles/Sharingan-Data/files/sharingan-eval.service
Executable file
@ -0,0 +1,33 @@
|
|||||||
|
# This file is systemd template for monit service. To
|
||||||
|
# register monit with systemd, place the monit.service file
|
||||||
|
# to the /lib/systemd/system/ directory and then start it
|
||||||
|
# using systemctl (see bellow).
|
||||||
|
#
|
||||||
|
# Enable monit to start on boot:
|
||||||
|
# systemctl enable monit.service
|
||||||
|
#
|
||||||
|
# Start monit immediately:
|
||||||
|
# systemctl start monit.service
|
||||||
|
#
|
||||||
|
# Stop monit:
|
||||||
|
# systemctl stop monit.service
|
||||||
|
#
|
||||||
|
# Status:
|
||||||
|
# systemctl status monit.service
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=AniNIX/Sharingan | Evaluation service, powered by monit
|
||||||
|
After=network-online.target
|
||||||
|
Documentation=man:monit(1) https://mmonit.com/wiki/Monit/HowTo
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
KillMode=process
|
||||||
|
ExecStart=/usr/bin/monit -I
|
||||||
|
ExecStop=/usr/bin/monit quit
|
||||||
|
ExecReload=/usr/bin/monit reload
|
||||||
|
Restart=on-abnormal
|
||||||
|
StandardOutput=null
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
5
roles/Sharingan-Data/files/syslog-ng@sharingan-data
Normal file
5
roles/Sharingan-Data/files/syslog-ng@sharingan-data
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
CONFIG_FILE=/etc/syslog-ng/syslog-ng.conf
|
||||||
|
PERSIST_FILE=/var/lib/syslog-ng/syslog-ng.persist
|
||||||
|
CONTROL_FILE=/run/syslog-ng.ctl
|
||||||
|
PID_FILE=/run/syslog-ng.pid
|
||||||
|
OTHER_OPTIONS="--enable-core"
|
0
roles/Sharingan-Data/files/templates/empty-dir
Normal file
0
roles/Sharingan-Data/files/templates/empty-dir
Normal file
@ -5,6 +5,8 @@
|
|||||||
state: present
|
state: present
|
||||||
name:
|
name:
|
||||||
- syslog-ng
|
- syslog-ng
|
||||||
|
- monit
|
||||||
|
- monitoring-plugins
|
||||||
|
|
||||||
- name: Sharingan-Data apps dir
|
- name: Sharingan-Data apps dir
|
||||||
become: yes
|
become: yes
|
||||||
@ -14,6 +16,7 @@
|
|||||||
|
|
||||||
- name: Sharingan-Data include apps dir
|
- name: Sharingan-Data include apps dir
|
||||||
become: yes
|
become: yes
|
||||||
|
register: base_config
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/syslog-ng/syslog-ng.conf
|
path: /etc/syslog-ng/syslog-ng.conf
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
@ -29,31 +32,75 @@
|
|||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0750
|
mode: 0750
|
||||||
|
- name: Sharingan-Data service conf
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: syslog-ng@sharingan-data
|
||||||
|
dest: /etc/default/syslog-ng@sharingan-data
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0655
|
||||||
|
|
||||||
- name: Sharingan-Data filer service
|
- name: Sharingan-Data filer service
|
||||||
become: yes
|
become: yes
|
||||||
copy:
|
copy:
|
||||||
remote_src: yes
|
src: "sharingan-data.service/{{ ansible_os_family }}"
|
||||||
src: /usr/lib/systemd/system/syslog-ng@.service
|
|
||||||
dest: /usr/lib/systemd/system/sharingan-data.service
|
dest: /usr/lib/systemd/system/sharingan-data.service
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0750
|
mode: 0750
|
||||||
|
|
||||||
- name: Sharingan-Data replace content
|
- name: Sharingan-Eval service
|
||||||
become: yes
|
become: yes
|
||||||
replace:
|
copy:
|
||||||
path: /usr/lib/systemd/system/sharingan-data.service
|
src: sharingan-eval.service
|
||||||
regexp: '%i'
|
dest: /usr/lib/systemd/system/sharingan-eval.service
|
||||||
replace: 'default'
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0750
|
||||||
|
|
||||||
- name: Sharingan-Data set vanity description
|
- name: Sharingan-Eval monitrc
|
||||||
become: yes
|
become: yes
|
||||||
lineinfile:
|
template:
|
||||||
path: /usr/lib/systemd/system/sharingan-data.service
|
src: monitrc.j2
|
||||||
regexp: 'Description='
|
dest: /etc/monitrc
|
||||||
line: 'Description=AniNIX/Sharingan | Data filer'
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0700
|
||||||
|
|
||||||
|
- name: Sharingan-Eval includes dir
|
||||||
|
become: yes
|
||||||
|
file:
|
||||||
|
path: /etc/monit.d
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Sharingan-Eval monit templates
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: templates
|
||||||
|
dest: /etc/monit.d/templates
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0700
|
||||||
|
|
||||||
|
- name: Sharingan-Eval monit scripts
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: templates
|
||||||
|
dest: /etc/monit.d/scripts
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0700
|
||||||
|
|
||||||
|
|
||||||
|
- name: Sharingan-Eval monit host config
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: "{{ inventory_hostname }}"
|
||||||
|
dest: "/etc/monit.d/{{ inventory_hostname }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0700
|
||||||
|
|
||||||
- name: Sharingan-Data heartbeat service
|
- name: Sharingan-Data heartbeat service
|
||||||
become: yes
|
become: yes
|
||||||
@ -81,14 +128,16 @@
|
|||||||
become: yes
|
become: yes
|
||||||
service:
|
service:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: started
|
state: restarted
|
||||||
enabled: yes
|
enabled: yes
|
||||||
loop:
|
loop:
|
||||||
- sharingan-heartbeat.timer
|
|
||||||
- sharingan-data.service
|
- sharingan-data.service
|
||||||
|
- sharingan-heartbeat.timer
|
||||||
|
- sharingan-eval.service
|
||||||
|
|
||||||
- name: Disable default service
|
- name: Disable default service
|
||||||
become: yes
|
become: yes
|
||||||
|
ignore_errors: yes
|
||||||
service:
|
service:
|
||||||
name: syslog-ng@default.service
|
name: syslog-ng@default.service
|
||||||
state: stopped
|
state: stopped
|
||||||
|
300
roles/Sharingan-Data/templates/monitrc.j2
Executable file
300
roles/Sharingan-Data/templates/monitrc.j2
Executable file
@ -0,0 +1,300 @@
|
|||||||
|
###############################################################################
|
||||||
|
## Monit control file
|
||||||
|
###############################################################################
|
||||||
|
##
|
||||||
|
## Comments begin with a '#' and extend through the end of the line. Keywords
|
||||||
|
## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
|
||||||
|
##
|
||||||
|
## Below you will find examples of some frequently used statements. For
|
||||||
|
## information about the control file and a complete list of statements and
|
||||||
|
## options, please have a look in the Monit manual.
|
||||||
|
##
|
||||||
|
##
|
||||||
|
###############################################################################
|
||||||
|
## Global section
|
||||||
|
###############################################################################
|
||||||
|
set daemon 30 # check services at 30 seconds intervals
|
||||||
|
with start delay 240 # optional: delay the first check by 4-minutes (by
|
||||||
|
# default Monit check immediately after Monit start)
|
||||||
|
#
|
||||||
|
## Set syslog logging. If you want to log to a standalone log file instead,
|
||||||
|
## specify the full path to the log file
|
||||||
|
#
|
||||||
|
set log syslog
|
||||||
|
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Set the location of the Monit lock file which stores the process id of the
|
||||||
|
## running Monit instance. By default this file is stored in $HOME/.monit.pid
|
||||||
|
#
|
||||||
|
# set pidfile /var/run/monit.pid
|
||||||
|
#
|
||||||
|
## Set the location of the Monit id file which stores the unique id for the
|
||||||
|
## Monit instance. The id is generated and stored on first Monit start. By
|
||||||
|
## default the file is placed in $HOME/.monit.id.
|
||||||
|
#
|
||||||
|
# set idfile /var/.monit.id
|
||||||
|
#
|
||||||
|
## Set the location of the Monit state file which saves monitoring states
|
||||||
|
## on each cycle. By default the file is placed in $HOME/.monit.state. If
|
||||||
|
## the state file is stored on a persistent filesystem, Monit will recover
|
||||||
|
## the monitoring state across reboots. If it is on temporary filesystem, the
|
||||||
|
## state will be lost on reboot which may be convenient in some situations.
|
||||||
|
#
|
||||||
|
# set statefile /var/.monit.state
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
## Set limits for various tests. The following example shows the default values:
|
||||||
|
##
|
||||||
|
# set limits {
|
||||||
|
# programOutput: 512 B, # check program's output truncate limit
|
||||||
|
# sendExpectBuffer: 256 B, # limit for send/expect protocol test
|
||||||
|
# fileContentBuffer: 512 B, # limit for file content test
|
||||||
|
# httpContentBuffer: 1 MB, # limit for HTTP content test
|
||||||
|
# networkTimeout: 5 seconds # timeout for network I/O
|
||||||
|
# programTimeout: 300 seconds # timeout for check program
|
||||||
|
# stopTimeout: 30 seconds # timeout for service stop
|
||||||
|
# startTimeout: 30 seconds # timeout for service start
|
||||||
|
# restartTimeout: 30 seconds # timeout for service restart
|
||||||
|
# }
|
||||||
|
|
||||||
|
## Set global SSL options (just most common options showed, see manual for
|
||||||
|
## full list).
|
||||||
|
#
|
||||||
|
# set ssl {
|
||||||
|
# verify : enable, # verify SSL certificates (disabled by default but STRONGLY RECOMMENDED)
|
||||||
|
# selfsigned : allow # allow self signed SSL certificates (reject by default)
|
||||||
|
#}
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Set the list of mail servers for alert delivery. Multiple servers may be
|
||||||
|
## specified using a comma separator. If the first mail server fails, Monit
|
||||||
|
# will use the second mail server in the list and so on. By default Monit uses
|
||||||
|
# port 25 - it is possible to override this with the PORT option.
|
||||||
|
#
|
||||||
|
# set mailserver mail.bar.baz, # primary mailserver
|
||||||
|
# backup.bar.baz port 10025, # backup mailserver on port 10025
|
||||||
|
# localhost # fallback relay
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## By default Monit will drop alert events if no mail servers are available.
|
||||||
|
## If you want to keep the alerts for later delivery retry, you can use the
|
||||||
|
## EVENTQUEUE statement. The base directory where undelivered alerts will be
|
||||||
|
## stored is specified by the BASEDIR option. You can limit the queue size
|
||||||
|
## by using the SLOTS option (if omitted, the queue is limited by space
|
||||||
|
## available in the back end filesystem).
|
||||||
|
#
|
||||||
|
# set eventqueue
|
||||||
|
# basedir /var/monit # set the base directory where events will be stored
|
||||||
|
# slots 100 # optionally limit the queue size
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Send status and events to M/Monit (for more information about M/Monit
|
||||||
|
## see https://mmonit.com/). By default Monit registers credentials with
|
||||||
|
## M/Monit so M/Monit can smoothly communicate back to Monit and you don't
|
||||||
|
## have to register Monit credentials manually in M/Monit. It is possible to
|
||||||
|
## disable credential registration using the commented out option below.
|
||||||
|
## Though, if safety is a concern we recommend instead using https when
|
||||||
|
## communicating with M/Monit and send credentials encrypted. The password
|
||||||
|
## should be URL encoded if it contains URL-significant characters like
|
||||||
|
## ":", "?", "@". Default timeout is 5 seconds, you can customize it by
|
||||||
|
## adding the timeout option.
|
||||||
|
#
|
||||||
|
# set mmonit http://monit:monit@192.168.1.10:8080/collector
|
||||||
|
# # with timeout 30 seconds # Default timeout is 5 seconds
|
||||||
|
# # and register without credentials # Don't register credentials
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Monit by default uses the following format for alerts if the mail-format
|
||||||
|
## statement is missing::
|
||||||
|
## --8<--
|
||||||
|
## set mail-format {
|
||||||
|
## from: Monit <monit@$HOST>
|
||||||
|
## subject: monit alert -- $EVENT $SERVICE
|
||||||
|
## message: $EVENT Service $SERVICE
|
||||||
|
## Date: $DATE
|
||||||
|
## Action: $ACTION
|
||||||
|
## Host: $HOST
|
||||||
|
## Description: $DESCRIPTION
|
||||||
|
##
|
||||||
|
## Your faithful employee,
|
||||||
|
## Monit
|
||||||
|
## }
|
||||||
|
## --8<--
|
||||||
|
##
|
||||||
|
## You can override this message format or parts of it, such as subject
|
||||||
|
## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
|
||||||
|
## are expanded at runtime. For example, to override the sender, use:
|
||||||
|
#
|
||||||
|
# set mail-format { from: monit@foo.bar }
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## You can set alert recipients whom will receive alerts if/when a
|
||||||
|
## service defined in this file has errors. Alerts may be restricted on
|
||||||
|
## events by using a filter as in the second example below.
|
||||||
|
#
|
||||||
|
# set alert sysadm@foo.bar # receive all alerts
|
||||||
|
#
|
||||||
|
## Do not alert when Monit starts, stops or performs a user initiated action.
|
||||||
|
## This filter is recommended to avoid getting alerts for trivial cases.
|
||||||
|
#
|
||||||
|
# set alert your-name@your.domain not on { instance, action }
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Monit has an embedded HTTP interface which can be used to view status of
|
||||||
|
## services monitored and manage services from a web interface. The HTTP
|
||||||
|
## interface is also required if you want to issue Monit commands from the
|
||||||
|
## command line, such as 'monit status' or 'monit restart service' The reason
|
||||||
|
## for this is that the Monit client uses the HTTP interface to send these
|
||||||
|
## commands to a running Monit daemon. See the Monit Wiki if you want to
|
||||||
|
## enable SSL for the HTTP interface.
|
||||||
|
#
|
||||||
|
set httpd port 2812 and
|
||||||
|
use address localhost # only accept connection from localhost (drop if you use M/Monit)
|
||||||
|
allow localhost # allow localhost to connect to the server and
|
||||||
|
allow admin:"{{ monitcli | default('monit') }}" # require user 'admin' with password 'monit'
|
||||||
|
#with ssl { # enable SSL/TLS and set path to server certificate
|
||||||
|
# pemfile: /etc/ssl/certs/monit.pem
|
||||||
|
#}
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
## Services
|
||||||
|
###############################################################################
|
||||||
|
##
|
||||||
|
## Check general system resources such as load average, cpu and memory
|
||||||
|
## usage. Each test specifies a resource, conditions and the action to be
|
||||||
|
## performed should a test fail.
|
||||||
|
#
|
||||||
|
# check system $HOST
|
||||||
|
# if loadavg (1min) per core > 2 for 5 cycles then alert
|
||||||
|
# if loadavg (5min) per core > 1.5 for 10 cycles then alert
|
||||||
|
# if cpu usage > 95% for 10 cycles then alert
|
||||||
|
# if memory usage > 75% then alert
|
||||||
|
# if swap usage > 25% then alert
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Check if a file exists, checksum, permissions, uid and gid. In addition
|
||||||
|
## to alert recipients in the global section, customized alert can be sent to
|
||||||
|
## additional recipients by specifying a local alert handler. The service may
|
||||||
|
## be grouped using the GROUP option. More than one group can be specified by
|
||||||
|
## repeating the 'group name' statement.
|
||||||
|
#
|
||||||
|
# check file apache_bin with path /usr/local/apache/bin/httpd
|
||||||
|
# if failed checksum and
|
||||||
|
# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
|
||||||
|
# if failed permission 755 then unmonitor
|
||||||
|
# if failed uid "root" then unmonitor
|
||||||
|
# if failed gid "root" then unmonitor
|
||||||
|
# alert security@foo.bar on {
|
||||||
|
# checksum, permission, uid, gid, unmonitor
|
||||||
|
# } with the mail-format { subject: Alarm! }
|
||||||
|
# group server
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Check that a process is running, in this case Apache, and that it respond
|
||||||
|
## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
|
||||||
|
## and number of children. If the process is not running, Monit will restart
|
||||||
|
## it by default. In case the service is restarted very often and the
|
||||||
|
## problem remains, it is possible to disable monitoring using the TIMEOUT
|
||||||
|
## statement. This service depends on another service (apache_bin) which
|
||||||
|
## is defined above.
|
||||||
|
#
|
||||||
|
# check process apache with pidfile /usr/local/apache/logs/httpd.pid
|
||||||
|
# start program = "/etc/init.d/httpd start" with timeout 60 seconds
|
||||||
|
# stop program = "/etc/init.d/httpd stop"
|
||||||
|
# if cpu > 60% for 2 cycles then alert
|
||||||
|
# if cpu > 80% for 5 cycles then restart
|
||||||
|
# if totalmem > 200.0 MB for 5 cycles then restart
|
||||||
|
# if children > 250 then restart
|
||||||
|
# if disk read > 500 kb/s for 10 cycles then alert
|
||||||
|
# if disk write > 500 kb/s for 10 cycles then alert
|
||||||
|
# if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart
|
||||||
|
# if failed port 443 protocol https with timeout 15 seconds then restart
|
||||||
|
# if 3 restarts within 5 cycles then unmonitor
|
||||||
|
# depends on apache_bin
|
||||||
|
# group server
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Check filesystem permissions, uid, gid, space usage, inode usage and disk I/O.
|
||||||
|
## Other services, such as databases, may depend on this resource and an automatically
|
||||||
|
## graceful stop may be cascaded to them before the filesystem will become full and data
|
||||||
|
## lost.
|
||||||
|
#
|
||||||
|
# check filesystem datafs with path /dev/sdb1
|
||||||
|
# start program = "/bin/mount /data"
|
||||||
|
# stop program = "/bin/umount /data"
|
||||||
|
# if failed permission 660 then unmonitor
|
||||||
|
# if failed uid "root" then unmonitor
|
||||||
|
# if failed gid "disk" then unmonitor
|
||||||
|
# if space usage > 80% for 5 times within 15 cycles then alert
|
||||||
|
# if space usage > 99% then stop
|
||||||
|
# if inode usage > 30000 then alert
|
||||||
|
# if inode usage > 99% then stop
|
||||||
|
# if read rate > 1 MB/s for 5 cycles then alert
|
||||||
|
# if read rate > 500 operations/s for 5 cycles then alert
|
||||||
|
# if write rate > 1 MB/s for 5 cycles then alert
|
||||||
|
# if write rate > 500 operations/s for 5 cycles then alert
|
||||||
|
# if service time > 10 milliseconds for 3 times within 5 cycles then alert
|
||||||
|
# group server
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Check a file's timestamp. In this example, we test if a file is older
|
||||||
|
## than 15 minutes and assume something is wrong if its not updated. Also,
|
||||||
|
## if the file size exceed a given limit, execute a script
|
||||||
|
#
|
||||||
|
# check file database with path /data/mydatabase.db
|
||||||
|
# if failed permission 700 then alert
|
||||||
|
# if failed uid "data" then alert
|
||||||
|
# if failed gid "data" then alert
|
||||||
|
# if timestamp > 15 minutes then alert
|
||||||
|
# if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Check directory permission, uid and gid. An event is triggered if the
|
||||||
|
## directory does not belong to the user with uid 0 and gid 0. In addition,
|
||||||
|
## the permissions have to match the octal description of 755 (see chmod(1)).
|
||||||
|
#
|
||||||
|
# check directory bin with path /bin
|
||||||
|
# if failed permission 755 then unmonitor
|
||||||
|
# if failed uid 0 then unmonitor
|
||||||
|
# if failed gid 0 then unmonitor
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Check a remote host availability by issuing a ping test and check the
|
||||||
|
## content of a response from a web server. Up to three pings are sent and
|
||||||
|
## connection to a port and an application level network check is performed.
|
||||||
|
#
|
||||||
|
# check host myserver with address 192.168.1.1
|
||||||
|
# if failed ping then alert
|
||||||
|
# if failed port 3306 protocol mysql with timeout 15 seconds then alert
|
||||||
|
# if failed port 80 protocol http
|
||||||
|
# and request /some/path with content = "a string"
|
||||||
|
# then alert
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Check a network link status (up/down), link capacity changes, saturation
|
||||||
|
## and bandwidth usage.
|
||||||
|
#
|
||||||
|
# check network public with interface eth0
|
||||||
|
# if failed link then alert
|
||||||
|
# if changed link then alert
|
||||||
|
# if saturation > 90% then alert
|
||||||
|
# if download > 10 MB/s then alert
|
||||||
|
# if total uploaded > 1 GB in last hour then alert
|
||||||
|
#
|
||||||
|
#
|
||||||
|
## Check custom program status output.
|
||||||
|
#
|
||||||
|
# check program myscript with path /usr/local/bin/myscript.sh
|
||||||
|
# if status != 0 then alert
|
||||||
|
#
|
||||||
|
#
|
||||||
|
###############################################################################
|
||||||
|
## Includes
|
||||||
|
###############################################################################
|
||||||
|
##
|
||||||
|
## It is possible to include additional configuration parts from other files or
|
||||||
|
## directories.
|
||||||
|
#
|
||||||
|
include /etc/monit.d/{{ inventory_hostname }}
|
@ -1,7 +0,0 @@
|
|||||||
This role is defined to handle basic system setup tasks.
|
|
||||||
|
|
||||||
# Scope
|
|
||||||
* Setting the hostname
|
|
||||||
* Installing [/AniNIX/ShadowArch] customizations
|
|
||||||
* Managing passwords
|
|
||||||
* Setting initial sudo permissions.
|
|
@ -1,105 +0,0 @@
|
|||||||
---
|
|
||||||
###
|
|
||||||
# This role installs the basic package and host setup for AniNIX operations.
|
|
||||||
|
|
||||||
- name: Set up AniNIX-specific repository
|
|
||||||
become: yes
|
|
||||||
file:
|
|
||||||
path: /opt/aninix
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Set up pacman.conf
|
|
||||||
become: yes
|
|
||||||
blockinfile:
|
|
||||||
path: /etc/pacman.conf
|
|
||||||
insertafter: EOF
|
|
||||||
marker: "# {mark} Ubiqtorate Managed Block"
|
|
||||||
block: |
|
|
||||||
[AniNIX]
|
|
||||||
SigLevel = Required DatabaseOptional
|
|
||||||
Server = https://maat.aninix.net/
|
|
||||||
|
|
||||||
[aur]
|
|
||||||
SigLevel = Required DatabaseOptional
|
|
||||||
Server = https://maat.aninix.net/aur/
|
|
||||||
when: ansible_os_family == "Archlinux"
|
|
||||||
|
|
||||||
- name: Install ShadowArch (ArchLinux)
|
|
||||||
become: yes
|
|
||||||
pacman:
|
|
||||||
name: ShadowArch
|
|
||||||
state: present
|
|
||||||
update_cache: yes
|
|
||||||
when: ansible_os_family == "Archlinux"
|
|
||||||
|
|
||||||
- name: Download ShadowArch (Other)
|
|
||||||
become: yes
|
|
||||||
git:
|
|
||||||
repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
|
|
||||||
dest: '/opt/aninix/ShadowArch'
|
|
||||||
update: yes
|
|
||||||
when: ansible_os_family != "Archlinux"
|
|
||||||
|
|
||||||
- name: Install ShadowArch (Other)
|
|
||||||
become: yes
|
|
||||||
command:
|
|
||||||
chdir: '/opt/aninix/ShadowArch'
|
|
||||||
cmd: 'make install'
|
|
||||||
when: ansible_os_family != "Archlinux"
|
|
||||||
|
|
||||||
- name: Base packages
|
|
||||||
become: yes
|
|
||||||
package:
|
|
||||||
name:
|
|
||||||
- bash
|
|
||||||
- sudo
|
|
||||||
|
|
||||||
- name: Set up hostname
|
|
||||||
become: yes
|
|
||||||
hostname:
|
|
||||||
name: "{{ inventory_hostname }}.{{ replica_domain }}"
|
|
||||||
|
|
||||||
- name: Set up /etc/hosts
|
|
||||||
become: yes
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/hosts
|
|
||||||
regexp: '^127.0.0.1[ \t]+localhost'
|
|
||||||
line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
|
|
||||||
state: present
|
|
||||||
|
|
||||||
# This is an AniNIX convention to allow password management by Ansible.
|
|
||||||
- name: Ensure SSH user has sudo permissions.
|
|
||||||
become: yes
|
|
||||||
copy:
|
|
||||||
dest: /etc/sudoers.d/basics
|
|
||||||
content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"
|
|
||||||
|
|
||||||
- name: Ensure we include /etc/sudoers.d
|
|
||||||
become: yes
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/sudoers
|
|
||||||
regexp: "includedir /etc/sudoers.d"
|
|
||||||
line: "includedir /etc/sudoers.d"
|
|
||||||
|
|
||||||
- name: Test root password
|
|
||||||
ignore_errors: yes
|
|
||||||
register: root_password_test
|
|
||||||
become: yes
|
|
||||||
command: id
|
|
||||||
vars:
|
|
||||||
ansible_become_method: su
|
|
||||||
ansible_become_user: root
|
|
||||||
ansible_become_password: "{{ lookup('vars',inventory_hostname+'_password') }}"
|
|
||||||
|
|
||||||
- name: Define root password
|
|
||||||
become: yes
|
|
||||||
when: root_password_test.rc is not defined or root_password_test.rc != 0
|
|
||||||
command:
|
|
||||||
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd"
|
|
||||||
|
|
||||||
- name: Define depriv password
|
|
||||||
become: yes
|
|
||||||
when: root_password_test.rc is not defined or root_password_test.rc != 0
|
|
||||||
command:
|
|
||||||
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd {{ depriv_user.stdout }}"
|
|
||||||
|
|
34
roles/hardware/tasks/main.yml
Normal file
34
roles/hardware/tasks/main.yml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install packages
|
||||||
|
become: yes
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- smartmontools
|
||||||
|
- hdparm
|
||||||
|
- apcupsd
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Set udev settings for drives
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
dest: /etc/udev/rules.d/60-ioschedulers.rules
|
||||||
|
content: |
|
||||||
|
# set scheduler for NVMe
|
||||||
|
ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/scheduler}="none"
|
||||||
|
# set scheduler for SSD and eMMC
|
||||||
|
ACTION=="add|change", KERNEL=="sd[a-z]*|mmcblk[0-9]*", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="mq-deadline"
|
||||||
|
# set scheduler for rotating disks
|
||||||
|
ACTION=="add|change", KERNEL=="sd[a-z]*", ATTR{queue/rotational}=="1", ATTR{queue/scheduler}="bfq"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0700
|
||||||
|
register: udev_iosched
|
||||||
|
|
||||||
|
- name: Reload udev
|
||||||
|
become: yes
|
||||||
|
command: /bin/bash -c 'udevadm control --reload; udevadm trigger'
|
||||||
|
when: udev_iosched.changed
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user