Catching up with current successes

This commit is contained in:
DarkFeather 2022-01-25 23:54:43 -06:00
parent 94a4736839
commit 921d53c724
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
70 changed files with 2912 additions and 355 deletions

4
.gitignore vendored
View File

@ -1,4 +1,6 @@
roles/Vanik/files
roles/Node/files/**
roles/Nazara/files/dns
roles/Nazara/files/dhcp
venv/
# ---> Python

4
bin/generate-mirrorlist Normal file
View File

@ -0,0 +1,4 @@
#!/bin/bash
curl -s https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/pacman-mirrorlist/trunk/mirrorlist | awk '/^## United States$/{f=1; next}f==0{next}/^$/{exit}{print substr($0, 1);}' | sed 's/^#Server/Server/' > /tmp/candidates
rankmirrors -n 6 /tmp/candidates > ../roles/ShadowArch/files/mirrorlist

View File

@ -25,7 +25,7 @@ def WriteDHCPEntry(content,hosttype,hostclass):
with open(dhcpfilepath,'a') as dhcpfile:
for host in content['all']['children'][hosttype]['children'][hostclass]['hosts']:
try:
dhcpfile.write('dhcp-host=' + content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['vars']['mac'] + ',' + content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['vars']['ip'] + '\n')
dhcpfile.write('dhcp-host=' + content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['vars']['mac'] + ',' + content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['vars']['ip'] + ',' + host + '.' + content['all']['vars']['replica_domain'] + '\n')
except:
print(host + ' is not complete for DHCP.')
@ -63,11 +63,11 @@ def GenerateFiles(file):
# Add DNS entries for each host
hosttype = 'managed'
for hostclass in ['physical','virtual','geth-hubs']:
for hostclass in ['physical','virtual','geth_hubs']:
WriteDNSEntry(content,hosttype,hostclass)
WriteDHCPEntry(content,hosttype,hostclass)
hosttype = 'unmanaged'
for hostclass in ['ovas','hardware','iot']:
for hostclass in ['ovas','appliances','iot']:
WriteDNSEntry(content,hosttype,hostclass)
WriteDHCPEntry(content,hosttype,hostclass)

21
bin/generate-ssh-keyscan Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
# File: gen-ssh-keyscan
#
# Description: This file generates a known_host block for the inventory.
#
# Package: AniNIX/HelloWorld
# Copyright: WTFPL
#
# Author: DarkFeather <ircs://aninix.net:6697/DarkFeather>
inventory="$1"
replicadomain="$(grep replica_domain:\ "$inventory" | awk '{ print $2; }';)"
for short in `ansible -i "$inventory" --list-hosts managed | grep -v hosts | sed 's/^\s\+//'`; do
long="$short"'.'"$replicadomain"
ip="$(dig "$long" +short)"
ssh-keyscan -t ed25519 -f <(echo "$long" "$long","$short","$ip") 2>&1
ssh-keyscan -t rsa -f <(echo "$long" "$long","$short","$ip") 2>/dev/null
done

View File

@ -1,11 +1,13 @@
all:
vars:
# Environment-wide data
replica_domain: MSN0.AniNIX.net
external_domain: AniNIX.net
replica_domain: "MSN0.{{ external_domain }}"
time_zone: "America/Chicago"
# Services used by all
router: 10.0.1.1
dns: 10.0.1.7 # TODO will change once IPs are resegmented.
netmask: 24
dns: 10.0.1.2
dhcprange: '10.0.1.224,10.0.1.254,255.255.255.0,12h'
staticrange: '10.0.1.1,10.0.1.223,255.255.255.0,12h'
logserver: "Sharingan.{{ replica_domain }}"
@ -13,190 +15,175 @@ all:
# Standards
daemon_shell: /sbin/nologin
user_shell: /bin/bash
ansible_become_method: sudo
ansible_become_user: root
static: false
wireless_ssid: 'Shadowfeed'
ansible_python_interpreter: auto_silent
children:
managed:
children:
physical: # 10.0.1.0/29
vars:
depriv_user: pi
physical: # 10.0.1.0/28
hosts:
Nazara:
vars:
ipinterface: eth0
ip: 10.0.1.2
mac: B8:27:EB:B6:AA:0C
Node-1:
vars:
ipinterface: eth0
static: true
Core:
ipinterface: enp1s0f0
ip: 10.0.1.3
mac: B8:27:EB:B6:AA:0C
Node-2:
vars:
ipinterface: eth0
mac: 00:25:90:0d:6e:86
static: true
sslidentity: aninix.net-0001
Node0:
ipinterface: enp1s0f0
ip: 10.0.1.4
mac: B8:27:EB:B6:AA:0C
Node-3:
mac: DE:8B:9E:19:55:1D
static: true
virtual: # 10.0.1.16/28
vars:
ipinterface: eth0
ip: 10.0.1.5
mac: B8:27:EB:B6:AA:0C
Node-4:
vars:
ipinterface: eth0
ip: 10.0.1.6
mac: B8:27:EB:B6:AA:0C
Node-5:
vars:
ipinterface: eth0
ip: 10.0.1.7
mac: B8:27:EB:B6:AA:0C
virtual: # 10.0.1.8/29
vars:
depriv_user: depriv
hosts:
Sharingan:
vars:
ip: 10.0.1.8
mac: 00:15:5D:01:02:05
cores: 4
memory: 4
ip: 10.0.1.16
ipinterface: ens3
mac: 00:15:5D:01:02:10
cores: 6
memory: 6
vnc: 8
bridge: br0
disks:
- '-drive file=/srv/maat/vm/Sharingan.qcow2,format=qcow2,l2-cache-size=1M'
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/Sharingan.qcow2'
DarkNet:
vars:
ip: 10.0.1.9
mac: 00:15:5D:01:02:04
ip: 10.0.1.17
ipinterface: eth0
mac: 00:15:5D:01:02:05
cores: 2
memory: 2
vnc: 9
bridge: br0
disks:
- '-hda /dev/sdb'
- '-drive if=none,id=disk0,cache=none,format=raw,aio=native,file=/dev/sdb'
Maat:
vars:
ip: 10.0.1.10
mac: 00:15:5d:01:02:06
cores: 2
memory: 2
bridge: br0
disks:
- '-drive file=/srv/maat/vm/MaatBuilder.qcow2,format=qcow2,l2-cache-size=1M'
Aether:
vars:
ip: 10.0.1.11
ip: 10.0.1.18
ipinterface: ens3
mac: 00:15:5d:01:02:07
cores: 2
memory: 2
bridge: br0
vnc: 7
disks:
- '-hda /dev/sdd'
- '-cdrom /srv/maat/iso/archlinux.iso -boot order=d'
Core:
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/Maat.qcow2'
geth_hubs: # 10.0.1.32/28
vars:
depriv_user: DarkFeather
ipinterface: enp1s0f0
ip: 10.0.1.12
mac: 00:25:90:0d:6e:86
geth-hubs: # 10.0.1.16/29
vars:
depriv_user: pi
motion_enabled: yes
hosts:
Geth-Hub-1:
vars:
ip: 10.0.1.16
ip: 10.0.1.32
mac: 84:16:F9:14:15:C5
Geth-Hub-2:
vars:
ip: 10.0.1.17
ip: 10.0.1.33
mac: 84:16:F9:13:B6:E6
# Geth-Hub-3:
# vars:
# ip: 10.0.1.18
# mac: b8:27:eb:60:73:68
motion_enabled: no
Geth-Hub-3:
ip: 10.0.1.34
mac: b8:27:eb:60:73:68
unmanaged:
children:
ovas: # 10.0.1.24/29
ovas: # 10.0.1.48/28
hosts:
DedNet:
vars:
ip: 10.0.1.24
TDS-Jump:
ip: 10.0.1.48
mac: 00:15:5d:01:02:08
cores: 2
memory: 2
vnc: 4
bridge: br0
disks:
- '-drive file=/srv/maat/vm/DedNet.qcow2,format=qcow2'
- '-cdrom /srv/maat/iso/kali-linux.iso -boot order=d'
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/TDSJump.qcow2'
Geth:
vars:
ip: 10.0.1.25
ip: 10.0.1.49
mac: DE:8B:9E:19:55:1E
cores: 2
memory: 2
vnc: 6
bridge: br0
disks:
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/hassos_ova-5.13.qcow2'
DedNet:
ip: 10.0.1.50
mac: 00:15:5d:01:02:09
cores: 2
memory: 2
vnc: 3
bridge: br0
disks:
- '-drive file=/srv/maat/vm/DedNet.qcow2,format=qcow2'
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/DedNet.qcow2'
- '-cdrom /srv/maat/iso/kali-linux.iso -boot order=d'
hardware:
hosts: # 10.0.1.32/28
Tachikoma:
vars:
ip: 10.0.1.32
mac: aa:aa:aa:aa:aa:aa
Dedsec:
vars:
ip: 10.0.1.33
mac: 34:f6:4b:36:12:8f
DarkFeather:
vars:
ip: 10.0.1.34
mac: 64:C2:DE:78:BB:40
Lykos:
vars:
ip: 10.0.1.35
mac: 64:C2:DE:0C:AB:0D
Games:
vars:
ip: 10.0.1.36
mac: 00:1F:BC:10:1C:F7
Aether:
ip: 10.0.1.51
mac: 00:15:5d:01:02:11
cores: 2
memory: 2
vnc: 5
bridge: br0
disks:
- '-drive if=none,id=disk0,cache=none,format=raw,aio=native,file=/dev/sdc'
- '-cdrom /srv/maat/iso/archlinux.iso -boot order=d'
appliances:
hosts: # 10.0.1.64/27
Shadowfeed:
vars:
ip: 10.0.1.1
mac: 2c:30:33:64:f4:03
DarkFeather:
ip: 10.0.1.64
mac: D0:40:EF:D4:14:CF
Lykos:
ip: 10.0.1.65
mac: 70:74:14:4F:8E:42
Games:
ip: 10.0.1.66
mac: 00:1F:BC:10:1C:F8
Print:
vars:
ip: 10.0.1.37
ip: 10.0.1.67
mac: 00:80:92:77:CE:E4
Core-Console:
vars:
ip: 10.0.1.38
mac: 00:25:90:0D:82:5B
Maat-Console:
vars:
ip: 10.0.1.39
mac: 00:25:90:3E:C6:8C
Geth-Eyes:
vars:
ip: 10.0.1.40
mac: 9c:a3:aa:33:a3:99
ip: 10.0.1.68
mac: 9C:A3:AA:33:A3:99
LivingRoomTV:
ip: 10.0.1.69
mac: 80:D2:1D:17:63:0E
BedRoomTV:
ip: 10.0.1.70
mac: 80:D2:1D:17:63:0F
TraingRoomTV:
ip: 10.0.1.71
mac: 80:D2:1D:17:63:10
Tachikoma:
ip: 10.0.1.72
mac: B8:76:3F:70:DB:C1
Dedsec:
ip: 10.0.1.73
mac: 34:F6:4B:36:12:8F
"Core.Console":
ip: 10.0.1.74
mac: 00:25:90:0D:82:5B
"Node0.Console":
ip: 10.0.1.75
mac: 00:25:90:3E:C6:8C
# dhcp build space: 10.0.1.224/27
iot: # 10.0.2.0/24
hosts:
LinKeuei:
vars:
ip: 10.0.2.2
mac: 64:16:66:08:57:F5
Canary:
vars:
ip: 10.0.2.3
mac: 18:B4:30:2F:F1:37
Charon:
vars:
ip: 10.0.2.4
mac: 64:52:99:14:28:2B
Skitarii-1:
vars:
ip: 10.0.2.5
mac: 40:9F:38:95:06:34

57
precommit-hooks/find-bad-ipam Executable file
View File

@ -0,0 +1,57 @@
#!/usr/bin/bash
# File: find-bad-ipam
#
# Description: This file finds bad IPAM entries in an inventory.
#
# Package: AniNIX/Ubiqtorate
# Copyright: WTFPL
#
# Author: DarkFeather <ircs://aninix.net:6697/DarkFeather>
file="examples/msn0.yml"
function findBadTerm() {
### Check for a term to be duplicated.
# param file: the file
# param term: the term to search for duplicates
file="$1"
term="$2"
results="$(grep "$term:" "$file" | sed 's/\s\+'"$term"':\s*//' | sort)"
if ! diff <(echo "$results") <(echo "$results" | uniq); then
echo "Some ${term^^} entries are duplicated. Search for the above terms in your inventory and deduplicate."
exit 2
fi
}
function Usage() {
### Helptext
# param retcode: what to return
retcode="$1"
echo "Usage: $0 -f SOMEFILE"
echo " $0 -h"
echo "Add -v for verbosity."
exit $retcode
}
while getopts 'f:hv' OPTION; do
### Parse arguments
case "$OPTION" in
f) file="$OPTARG" ;;
h) echo "Find bad IPAM entries in an inventory." ; Usage 0 ;;
v) set -x ;;
*) Usage 1 ;;
esac
done
# Sanity check
if [ -z "$file" ] || [ ! -f "$file" ]; then
echo Need an inventory to process.
Usage 3;
fi
# Check for the unique attributes.
for i in ip vnc mac; do
findBadTerm "$file" "$i"
done

View File

@ -0,0 +1,44 @@
# Please make this file available to others
# by sending it to <lirc@bartelmus.de>
#
# this config file was automatically generated
# using lirc-0.9.0-pre1(default) on Thu Jun 29 00:24:26 2017
#
# contributed by darkfeather@aninix.net
#
# brand: LG.conf
# model no. of remote control: AKB73715608
# devices being controlled by this remote: TV
#
begin remote
name LG-AKB73715608
bits 16
flags SPACE_ENC|CONST_LENGTH
eps 30
aeps 100
header 9063 4496
one 579 1673
zero 579 546
ptrail 580
repeat 9066 2248
pre_data_bits 16
pre_data 0x20DF
gap 108528
toggle_bit_mask 0x0
begin codes
KEY_POWER 0x10EF
KEY_VOLUMEUP 0x40BF
KEY_VOLUMEDOWN 0xC03F
KEY_CONFIG 0xD02F
KEY_ENTER 0x22DD
KEY_MUTE 0x906F
end codes
end remote

View File

@ -0,0 +1,770 @@
# Rename this distribution example file to motion.conf
#
# This config file was generated by motion 4.0.1
############################################################
# Daemon
############################################################
# Start in daemon (background) mode and release terminal (default: off)
daemon on
# File to store the process ID, also called pid file. (default: not defined)
process_id_file /var/run/motion/motion.pid
############################################################
# Basic Setup Mode
############################################################
# Start in Setup-Mode, daemon disabled. (default: off)
setup_mode off
# Use a file to save logs messages, if not defined stderr and syslog is used. (default: not defined)
;logfile /tmp/motion.log
# Level of log messages [1..9] (EMG, ALR, CRT, ERR, WRN, NTC, INF, DBG, ALL). (default: 6 / NTC)
log_level 6
# Filter to log messages by type (COR, STR, ENC, NET, DBL, EVT, TRK, VID, ALL). (default: ALL)
log_type all
###########################################################
# Capture device options
############################################################
# Videodevice to be used for capturing (default /dev/video0)
# for FreeBSD default is /dev/bktr0
videodevice /dev/video0
# v4l2_palette allows one to choose preferable palette to be use by motion
# to capture from those supported by your videodevice. (default: 17)
# E.g. if your videodevice supports both V4L2_PIX_FMT_SBGGR8 and
# V4L2_PIX_FMT_MJPEG then motion will by default use V4L2_PIX_FMT_MJPEG.
# Setting v4l2_palette to 2 forces motion to use V4L2_PIX_FMT_SBGGR8
# instead.
#
# Values :
# V4L2_PIX_FMT_SN9C10X : 0 'S910'
# V4L2_PIX_FMT_SBGGR16 : 1 'BYR2'
# V4L2_PIX_FMT_SBGGR8 : 2 'BA81'
# V4L2_PIX_FMT_SPCA561 : 3 'S561'
# V4L2_PIX_FMT_SGBRG8 : 4 'GBRG'
# V4L2_PIX_FMT_SGRBG8 : 5 'GRBG'
# V4L2_PIX_FMT_PAC207 : 6 'P207'
# V4L2_PIX_FMT_PJPG : 7 'PJPG'
# V4L2_PIX_FMT_MJPEG : 8 'MJPEG'
# V4L2_PIX_FMT_JPEG : 9 'JPEG'
# V4L2_PIX_FMT_RGB24 : 10 'RGB3'
# V4L2_PIX_FMT_SPCA501 : 11 'S501'
# V4L2_PIX_FMT_SPCA505 : 12 'S505'
# V4L2_PIX_FMT_SPCA508 : 13 'S508'
# V4L2_PIX_FMT_UYVY : 14 'UYVY'
# V4L2_PIX_FMT_YUYV : 15 'YUYV'
# V4L2_PIX_FMT_YUV422P : 16 '422P'
# V4L2_PIX_FMT_YUV420 : 17 'YU12'
#
v4l2_palette 17
# Tuner device to be used for capturing using tuner as source (default /dev/tuner0)
# This is ONLY used for FreeBSD. Leave it commented out for Linux
; tunerdevice /dev/tuner0
# The video input to be used (default: -1)
# Should normally be set to 0 or 1 for video/TV cards, and -1 for USB cameras
# Set to 0 for uvideo(4) on OpenBSD
input -1
# The video norm to use (only for video capture and TV tuner cards)
# Values: 0 (PAL), 1 (NTSC), 2 (SECAM), 3 (PAL NC no colour). Default: 0 (PAL)
norm 0
# The frequency to set the tuner to (kHz) (only for TV tuner cards) (default: 0)
frequency 0
# Override the power line frequency for the webcam. (normally not necessary)
# Values:
# -1 : Do not modify device setting
# 0 : Power line frequency Disabled
# 1 : 50hz
# 2 : 60hz
# 3 : Auto
power_line_frequency -1
# Rotate image this number of degrees. The rotation affects all saved images as
# well as movies. Valid values: 0 (default = no rotation), 90, 180 and 270.
rotate 0
# Image width (pixels). Valid range: Camera dependent, default: 352
width 640
# Image height (pixels). Valid range: Camera dependent, default: 288
height 480
# Maximum number of frames to be captured per second.
# Valid range: 2-100. Default: 100 (almost no limit).
framerate 100
# Minimum time in seconds between capturing picture frames from the camera.
# Default: 0 = disabled - the capture rate is given by the camera framerate.
# This option is used when you want to capture images at a rate lower than 2 per second.
minimum_frame_time 0
# URL to use if you are using a network camera, size will be autodetected (incl http:// ftp:// mjpg:// rtsp:// mjpeg:// or file:///)
# Must be a URL that returns single jpeg pictures or a raw mjpeg stream. A trailing slash may be required for some cameras.
# Default: Not defined
; netcam_url value
# Username and password for network camera (only if required). Default: not defined
# Syntax is user:password
; netcam_userpass value
# The setting for keep-alive of network socket, should improve performance on compatible net cameras.
# off: The historical implementation using HTTP/1.0, closing the socket after each http request.
# force: Use HTTP/1.0 requests with keep alive header to reuse the same connection.
# on: Use HTTP/1.1 requests that support keep alive as default.
# Default: off
netcam_keepalive off
# URL to use for a netcam proxy server, if required, e.g. "http://myproxy".
# If a port number other than 80 is needed, use "http://myproxy:1234".
# Default: not defined
; netcam_proxy value
# Set less strict jpeg checks for network cameras with a poor/buggy firmware.
# Default: off
netcam_tolerant_check off
# RTSP connection uses TCP to communicate to the camera. Can prevent image corruption.
# Default: on
rtsp_uses_tcp on
# Name of camera to use if you are using a camera accessed through OpenMax/MMAL
# Default: Not defined
; mmalcam_name vc.ril.camera
# Camera control parameters (see raspivid/raspistill tool documentation)
# Default: Not defined
; mmalcam_control_params -hf
# Let motion regulate the brightness of a video device (default: off).
# The auto_brightness feature uses the brightness option as its target value.
# If brightness is zero auto_brightness will adjust to average brightness value 128.
# Only recommended for cameras without auto brightness
auto_brightness off
# Set the initial brightness of a video device.
# If auto_brightness is enabled, this value defines the average brightness level
# which Motion will try and adjust to.
# Valid range 0-255, default 0 = disabled
brightness 0
# Set the contrast of a video device.
# Valid range 0-255, default 0 = disabled
contrast 0
# Set the saturation of a video device.
# Valid range 0-255, default 0 = disabled
saturation 0
# Set the hue of a video device (NTSC feature).
# Valid range 0-255, default 0 = disabled
hue 0
############################################################
# Round Robin (multiple inputs on same video device name)
############################################################
# Number of frames to capture in each roundrobin step (default: 1)
roundrobin_frames 1
# Number of frames to skip before each roundrobin step (default: 1)
roundrobin_skip 1
# Try to filter out noise generated by roundrobin (default: off)
switchfilter off
############################################################
# Motion Detection Settings:
############################################################
# Threshold for number of changed pixels in an image that
# triggers motion detection (default: 1500)
threshold 1500
# Automatically tune the threshold down if possible (default: off)
threshold_tune off
# Noise threshold for the motion detection (default: 32)
noise_level 32
# Automatically tune the noise threshold (default: on)
noise_tune on
# Despeckle motion image using (e)rode or (d)ilate or (l)abel (Default: not defined)
# Recommended value is EedDl. Any combination (and number of) of E, e, d, and D is valid.
# (l)abeling must only be used once and the 'l' must be the last letter.
# Comment out to disable
despeckle_filter EedDl
# Detect motion in predefined areas (1 - 9). Areas are numbered like that: 1 2 3
# A script (on_area_detected) is started immediately when motion is 4 5 6
# detected in one of the given areas, but only once during an event. 7 8 9
# One or more areas can be specified with this option. Take care: This option
# does NOT restrict detection to these areas! (Default: not defined)
; area_detect value
# PGM file to use as a sensitivity mask.
# Full path name to. (Default: not defined)
; mask_file value
# Dynamically create a mask file during operation (default: 0)
# Adjust speed of mask changes from 0 (off) to 10 (fast)
smart_mask_speed 0
# Ignore sudden massive light intensity changes given as a percentage of the picture
# area that changed intensity. Valid range: 0 - 100 , default: 0 = disabled
lightswitch 0
# Picture frames must contain motion at least the specified number of frames
# in a row before they are detected as true motion. At the default of 1, all
# motion is detected. Valid range: 1 to thousands, recommended 1-5
minimum_motion_frames 1
# Specifies the number of pre-captured (buffered) pictures from before motion
# was detected that will be output at motion detection.
# Recommended range: 0 to 5 (default: 0)
# Do not use large values! Large values will cause Motion to skip video frames and
# cause unsmooth movies. To smooth movies use larger values of post_capture instead.
pre_capture 0
# Number of frames to capture after motion is no longer detected (default: 0)
post_capture 0
# Event Gap is the seconds of no motion detection that triggers the end of an event.
# An event is defined as a series of motion images taken within a short timeframe.
# Recommended value is 60 seconds (Default). The value -1 is allowed and disables
# events causing all Motion to be written to one single movie file and no pre_capture.
# If set to 0, motion is running in gapless mode. Movies don't have gaps anymore. An
# event ends right after no more motion is detected and post_capture is over.
event_gap 60
# Maximum length in seconds of a movie
# When value is exceeded a new movie file is created. (Default: 0 = infinite)
max_movie_time 0
# Always save images even if there was no motion (default: off)
emulate_motion off
############################################################
# Image File Output
############################################################
# Output 'normal' pictures when motion is detected (default: on)
# Valid values: on, off, first, best, center
# When set to 'first', only the first picture of an event is saved.
# Picture with most motion of an event is saved when set to 'best'.
# Picture with motion nearest center of picture is saved when set to 'center'.
# Can be used as preview shot for the corresponding movie.
output_pictures off
# Output pictures with only the pixels moving object (ghost images) (default: off)
output_debug_pictures off
# The quality (in percent) to be used by the jpeg compression (default: 75)
quality 75
# Type of output images
# Valid values: jpeg, ppm (default: jpeg)
picture_type jpeg
############################################################
# FFMPEG related options
# Film (movies) file output, and deinterlacing of the video input
# The options movie_filename and timelapse_filename are also used
# by the ffmpeg feature
############################################################
# Use ffmpeg to encode movies in realtime (default: off)
ffmpeg_output_movies off
# Use ffmpeg to make movies with only the pixels moving
# object (ghost images) (default: off)
ffmpeg_output_debug_movies off
# Use ffmpeg to encode a timelapse movie
# Default value 0 = off - else save frame every Nth second
ffmpeg_timelapse 0
# The file rollover mode of the timelapse video
# Valid values: hourly, daily (default), weekly-sunday, weekly-monday, monthly, manual
ffmpeg_timelapse_mode daily
# Bitrate to be used by the ffmpeg encoder (default: 400000)
# This option is ignored if ffmpeg_variable_bitrate is not 0 (disabled)
ffmpeg_bps 400000
# Enables and defines variable bitrate for the ffmpeg encoder.
# ffmpeg_bps is ignored if variable bitrate is enabled.
# Valid values: 0 (default) = fixed bitrate defined by ffmpeg_bps,
# or the range 1 - 100 where 1 means worst quality and 100 is best.
ffmpeg_variable_bitrate 0
# Codec to used by ffmpeg for the video compression.
# Timelapse videos have two options.
# mpg - Creates mpg file with mpeg-2 encoding.
# If motion is shutdown and restarted, new pics will be appended
# to any previously created file with name indicated for timelapse.
# mpeg4 - Creates avi file with the default encoding.
# If motion is shutdown and restarted, new pics will create a
# new file with the name indicated for timelapse.
# Supported formats are:
# mpeg4 or msmpeg4 - gives you files with extension .avi
# msmpeg4 is recommended for use with Windows Media Player because
# it requires no installation of codec on the Windows client.
# swf - gives you a flash film with extension .swf
# flv - gives you a flash video with extension .flv
# ffv1 - FF video codec 1 for Lossless Encoding
# mov - QuickTime
# mp4 - MPEG-4 Part 14 H264 encoding
# mkv - Matroska H264 encoding
# hevc - H.265 / HEVC (High Efficiency Video Coding)
ffmpeg_video_codec mpeg4
# When creating videos, should frames be duplicated in order
# to keep up with the requested frames per second
# (default: true)
ffmpeg_duplicate_frames true
############################################################
# SDL Window
############################################################
# Number of motion thread to show in SDL Window (default: 0 = disabled)
#sdl_threadnr 0
############################################################
# External pipe to video encoder
# Replacement for FFMPEG builtin encoder for ffmpeg_output_movies only.
# The options movie_filename and timelapse_filename are also used
# by the ffmpeg feature
#############################################################
# Bool to enable or disable extpipe (default: off)
use_extpipe off
# External program (full path and opts) to pipe raw video to
# Generally, use '-' for STDIN...
;extpipe mencoder -demuxer rawvideo -rawvideo w=%w:h=%h:i420 -ovc x264 -x264encopts bframes=4:frameref=1:subq=1:scenecut=-1:nob_adapt:threads=1:keyint=1000:8x8dct:vbv_bufsize=4000:crf=24:partitions=i8x8,i4x4:vbv_maxrate=800:no-chroma-me -vf denoise3d=16:12:48:4,pp=lb -of avi -o %f.avi - -fps %fps
;extpipe x264 - --input-res %wx%h --fps %fps --bitrate 2000 --preset ultrafast --quiet -o %f.mp4
;extpipe mencoder -demuxer rawvideo -rawvideo w=%w:h=%h:fps=%fps -ovc x264 -x264encopts preset=ultrafast -of lavf -o %f.mp4 - -fps %fps
;extpipe ffmpeg -y -f rawvideo -pix_fmt yuv420p -video_size %wx%h -framerate %fps -i pipe:0 -vcodec libx264 -preset ultrafast -f mp4 %f.mp4
############################################################
# Snapshots (Traditional Periodic Webcam File Output)
############################################################
# Make automated snapshot every N seconds (default: 0 = disabled)
snapshot_interval 0
############################################################
# Text Display
# %Y = year, %m = month, %d = date,
# %H = hour, %M = minute, %S = second, %T = HH:MM:SS,
# %v = event, %q = frame number, %t = camera id number,
# %D = changed pixels, %N = noise level, \n = new line,
# %i and %J = width and height of motion area,
# %K and %L = X and Y coordinates of motion center
# %C = value defined by text_event - do not use with text_event!
# You can put quotation marks around the text to allow
# leading spaces
############################################################
# Locate and draw a box around the moving object.
# Valid values: on, off, preview (default: off)
# Set to 'preview' will only draw a box in preview_shot pictures.
locate_motion_mode off
# Set the look and style of the locate box if enabled.
# Valid values: box, redbox, cross, redcross (default: box)
# Set to 'box' will draw the traditional box.
# Set to 'redbox' will draw a red box.
# Set to 'cross' will draw a little cross to mark center.
# Set to 'redcross' will draw a little red cross to mark center.
locate_motion_style box
# Draws the timestamp using same options as C function strftime(3)
# Default: %Y-%m-%d\n%T = date in ISO format and time in 24 hour clock
# Text is placed in lower right corner
text_right %Y-%m-%d\n%T-%q
# Draw a user defined text on the images using same options as C function strftime(3)
# Default: Not defined = no text
# Text is placed in lower left corner
; text_left CAMERA %t
# Draw the number of changed pixed on the images (default: off)
# Will normally be set to off except when you setup and adjust the motion settings
# Text is placed in upper right corner
text_changes off
# This option defines the value of the special event conversion specifier %C
# You can use any conversion specifier in this option except %C. Date and time
# values are from the timestamp of the first image in the current event.
# Default: %Y%m%d%H%M%S
# The idea is that %C can be used filenames and text_left/right for creating
# a unique identifier for each event.
text_event %Y%m%d%H%M%S
# Draw characters at twice normal size on images. (default: off)
text_double off
# Text to include in a JPEG EXIF comment
# May be any text, including conversion specifiers.
# The EXIF timestamp is included independent of this text.
;exif_text %i%J/%K%L
############################################################
# Target Directories and filenames For Images And Films
# For the options snapshot_, picture_, movie_ and timelapse_filename
# you can use conversion specifiers
# %Y = year, %m = month, %d = date,
# %H = hour, %M = minute, %S = second,
# %v = event, %q = frame number, %t = camera id number,
# %D = changed pixels, %N = noise level,
# %i and %J = width and height of motion area,
# %K and %L = X and Y coordinates of motion center
# %C = value defined by text_event
# Quotation marks round string are allowed.
############################################################
# Target base directory for pictures and films
# Recommended to use absolute path. (Default: current working directory)
target_dir /var/run/motion/capture
# File path for snapshots (jpeg or ppm) relative to target_dir
# Default: %v-%Y%m%d%H%M%S-snapshot
# Default value is equivalent to legacy oldlayout option
# For Motion 3.0 compatible mode choose: %Y/%m/%d/%H/%M/%S-snapshot
# File extension .jpg or .ppm is automatically added so do not include this.
# Note: A symbolic link called lastsnap.jpg created in the target_dir will always
# point to the latest snapshot, unless snapshot_filename is exactly 'lastsnap'
snapshot_filename %v-%Y%m%d%H%M%S-snapshot
# File path for motion triggered images (jpeg or ppm) relative to target_dir
# Default: %v-%Y%m%d%H%M%S-%q
# Default value is equivalent to legacy oldlayout option
# For Motion 3.0 compatible mode choose: %Y/%m/%d/%H/%M/%S-%q
# File extension .jpg or .ppm is automatically added so do not include this
# Set to 'preview' together with best-preview feature enables special naming
# convention for preview shots. See motion guide for details
picture_filename %v-%Y%m%d%H%M%S-%q
# File path for motion triggered ffmpeg films (movies) relative to target_dir
# Default: %v-%Y%m%d%H%M%S
# File extensions(.mpg .avi) are automatically added so do not include them
movie_filename %v-%Y%m%d%H%M%S
# File path for timelapse movies relative to target_dir
# Default: %Y%m%d-timelapse
# File extensions(.mpg .avi) are automatically added so do not include them
timelapse_filename %Y%m%d-timelapse
############################################################
# Global Network Options
############################################################
# Enable IPv6 (default: off)
ipv6_enabled off
############################################################
# Live Stream Server
############################################################
# The mini-http server listens to this port for requests (default: 0 = disabled)
stream_port 8081
# Quality of the jpeg (in percent) images produced (default: 50)
stream_quality 50
# Output frames at 1 fps when no motion is detected and increase to the
# rate given by stream_maxrate when motion is detected (default: off)
stream_motion off
# Maximum framerate for stream streams (default: 1)
stream_maxrate 1
# Restrict stream connections to localhost only (default: on)
stream_localhost off
# Limits the number of images per connection (default: 0 = unlimited)
# Number can be defined by multiplying actual stream rate by desired number of seconds
# Actual stream rate is the smallest of the numbers framerate and stream_maxrate
stream_limit 0
# Set the authentication method (default: 0)
# 0 = disabled
# 1 = Basic authentication
# 2 = MD5 digest (the safer authentication)
stream_auth_method 0
# Authentication for the stream. Syntax username:password
# Default: not defined (Disabled)
; stream_authentication username:password
# Percentage to scale the stream image for preview
# Default: 25
; stream_preview_scale 25
# Have stream preview image start on a new line
# Default: no
; stream_preview_newline no
############################################################
# HTTP Based Control
############################################################
# TCP/IP port for the http server to listen on (default: 0 = disabled)
webcontrol_port 8080
# Restrict control connections to localhost only (default: on)
webcontrol_localhost on
# Output for http server, select off to choose raw text plain (default: on)
webcontrol_html_output on
# Authentication for the http based control. Syntax username:password
# Default: not defined (Disabled)
; webcontrol_authentication username:password
############################################################
# Tracking (Pan/Tilt)
#############################################################
# Type of tracker (0=none (default), 1=stepper, 2=iomojo, 3=pwc, 4=generic, 5=uvcvideo, 6=servo)
# The generic type enables the definition of motion center and motion size to
# be used with the conversion specifiers for options like on_motion_detected
track_type 0
# Enable auto tracking (default: off)
track_auto off
# Serial port of motor (default: none)
;track_port /dev/ttyS0
# Motor number for x-axis (default: 0)
;track_motorx 0
# Set motorx reverse (default: 0)
;track_motorx_reverse 0
# Motor number for y-axis (default: 0)
;track_motory 1
# Set motory reverse (default: 0)
;track_motory_reverse 0
# Maximum value on x-axis (default: 0)
;track_maxx 200
# Minimum value on x-axis (default: 0)
;track_minx 50
# Maximum value on y-axis (default: 0)
;track_maxy 200
# Minimum value on y-axis (default: 0)
;track_miny 50
# Center value on x-axis (default: 0)
;track_homex 128
# Center value on y-axis (default: 0)
;track_homey 128
# ID of an iomojo camera if used (default: 0)
track_iomojo_id 0
# Angle in degrees the camera moves per step on the X-axis
# with auto-track (default: 10)
# Currently only used with pwc type cameras
track_step_angle_x 10
# Angle in degrees the camera moves per step on the Y-axis
# with auto-track (default: 10)
# Currently only used with pwc type cameras
track_step_angle_y 10
# Delay to wait for after tracking movement as number
# of picture frames (default: 10)
track_move_wait 10
# Speed to set the motor to (stepper motor option) (default: 255)
track_speed 255
# Number of steps to make (stepper motor option) (default: 40)
track_stepsize 40
############################################################
# External Commands, Warnings and Logging:
# You can use conversion specifiers for the on_xxxx commands
# %Y = year, %m = month, %d = date,
# %H = hour, %M = minute, %S = second,
# %v = event, %q = frame number, %t = camera id number,
# %D = changed pixels, %N = noise level,
# %i and %J = width and height of motion area,
# %K and %L = X and Y coordinates of motion center
# %C = value defined by text_event
# %f = filename with full path
# %n = number indicating filetype
# Both %f and %n are only defined for on_picture_save,
# on_movie_start and on_movie_end
# Quotation marks round string are allowed.
############################################################
# Do not sound beeps when detecting motion (default: on)
# Note: Motion never beeps when running in daemon mode.
quiet on
# Command to be executed when an event starts. (default: none)
# An event starts at first motion detected after a period of no motion defined by event_gap
; on_event_start value
# Command to be executed when an event ends after a period of no motion
# (default: none). The period of no motion is defined by option event_gap.
; on_event_end value
# Command to be executed when a picture (.ppm|.jpg) is saved (default: none)
# To give the filename as an argument to a command append it with %f
; on_picture_save value
# Command to be executed when a motion frame is detected (default: none)
; on_motion_detected value
# Command to be executed when motion in a predefined area is detected
# Check option 'area_detect'. (default: none)
; on_area_detected value
# Command to be executed when a movie file (.mpg|.avi) is created. (default: none)
# To give the filename as an argument to a command append it with %f
; on_movie_start value
# Command to be executed when a movie file (.mpg|.avi) is closed. (default: none)
# To give the filename as an argument to a command append it with %f
; on_movie_end value
# Command to be executed when a camera can't be opened or if it is lost
# NOTE: There is situations when motion don't detect a lost camera!
# It depends on the driver, some drivers dosn't detect a lost camera at all
# Some hangs the motion thread. Some even hangs the PC! (default: none)
; on_camera_lost value
#####################################################################
# Common Options for database features.
# Options require database options to be active also.
#####################################################################
# Log to the database when creating motion triggered picture file (default: on)
; sql_log_picture on
# Log to the database when creating a snapshot image file (default: on)
; sql_log_snapshot on
# Log to the database when creating motion triggered movie file (default: off)
; sql_log_movie off
# Log to the database when creating timelapse movies file (default: off)
; sql_log_timelapse off
# SQL query string that is sent to the database
# Use same conversion specifiers has for text features
# Additional special conversion specifiers are
# %n = the number representing the file_type
# %f = filename with full path
# Default value:
# Create tables :
##
# Mysql
# CREATE TABLE security (camera int, filename char(80) not null, frame int, file_type int, time_stamp timestamp(14), event_time_stamp timestamp(14));
#
# Postgresql
# CREATE TABLE security (camera int, filename char(80) not null, frame int, file_type int, time_stamp timestamp without time zone, event_time_stamp timestamp without time zone);
#
# insert into security(camera, filename, frame, file_type, time_stamp, text_event) values('%t', '%f', '%q', '%n', '%Y-%m-%d %T', '%C')
; sql_query insert into security(camera, filename, frame, file_type, time_stamp, event_time_stamp) values('%t', '%f', '%q', '%n', '%Y-%m-%d %T', '%C')
############################################################
# Database Options
############################################################
# database type : mysql, postgresql, sqlite3 (default : not defined)
; database_type value
# database to log to (default: not defined)
# for sqlite3, the full path and name for the database.
; database_dbname value
# The host on which the database is located (default: localhost)
; database_host value
# User account name for database (default: not defined)
; database_user value
# User password for database (default: not defined)
; database_password value
# Port on which the database is located
# mysql 3306 , postgresql 5432 (default: not defined)
; database_port value
# Database wait time in milliseconds for locked database to
# be unlocked before returning database locked error (default 0)
; database_busy_timeout 0
############################################################
# Video Loopback Device (vloopback project)
############################################################
# Output images to a video4linux loopback device
# The value '-' means next available (default: not defined)
; video_pipe value
# Output motion images to a video4linux loopback device
# The value '-' means next available (default: not defined)
; motion_video_pipe value
##############################################################
# camera config files - One for each camera.
# Except if only one camera - You only need this config file.
# If you have more than one camera you MUST define one camera
# config file for each camera in addition to this config file.
##############################################################
# Remember: If you have more than one camera you must have one
# camera file for each camera. E.g. 2 cameras requires 3 files:
# This motion.conf file AND camera1.conf and camera2.conf.
# Only put the options that are unique to each camera in the
# camera config files.
; camera /etc/motion/camera1.conf
; camera /etc/motion/camera2.conf
; camera /etc/motion/camera3.conf
; camera /etc/motion/camera4.conf
##############################################################
# Camera config directory - One for each camera.
##############################################################
#
; camera_dir /etc/motion/conf.d

View File

@ -0,0 +1,770 @@
# Rename this distribution example file to motion.conf
#
# This config file was generated by motion 4.0.1
############################################################
# Daemon
############################################################
# Start in daemon (background) mode and release terminal (default: off)
daemon on
# File to store the process ID, also called pid file. (default: not defined)
process_id_file /var/run/motion/motion.pid
############################################################
# Basic Setup Mode
############################################################
# Start in Setup-Mode, daemon disabled. (default: off)
setup_mode off
# Use a file to save logs messages, if not defined stderr and syslog is used. (default: not defined)
;logfile /tmp/motion.log
# Level of log messages [1..9] (EMG, ALR, CRT, ERR, WRN, NTC, INF, DBG, ALL). (default: 6 / NTC)
log_level 6
# Filter to log messages by type (COR, STR, ENC, NET, DBL, EVT, TRK, VID, ALL). (default: ALL)
log_type all
###########################################################
# Capture device options
############################################################
# Videodevice to be used for capturing (default /dev/video0)
# for FreeBSD default is /dev/bktr0
videodevice /dev/video0
# v4l2_palette allows one to choose preferable palette to be use by motion
# to capture from those supported by your videodevice. (default: 17)
# E.g. if your videodevice supports both V4L2_PIX_FMT_SBGGR8 and
# V4L2_PIX_FMT_MJPEG then motion will by default use V4L2_PIX_FMT_MJPEG.
# Setting v4l2_palette to 2 forces motion to use V4L2_PIX_FMT_SBGGR8
# instead.
#
# Values :
# V4L2_PIX_FMT_SN9C10X : 0 'S910'
# V4L2_PIX_FMT_SBGGR16 : 1 'BYR2'
# V4L2_PIX_FMT_SBGGR8 : 2 'BA81'
# V4L2_PIX_FMT_SPCA561 : 3 'S561'
# V4L2_PIX_FMT_SGBRG8 : 4 'GBRG'
# V4L2_PIX_FMT_SGRBG8 : 5 'GRBG'
# V4L2_PIX_FMT_PAC207 : 6 'P207'
# V4L2_PIX_FMT_PJPG : 7 'PJPG'
# V4L2_PIX_FMT_MJPEG : 8 'MJPEG'
# V4L2_PIX_FMT_JPEG : 9 'JPEG'
# V4L2_PIX_FMT_RGB24 : 10 'RGB3'
# V4L2_PIX_FMT_SPCA501 : 11 'S501'
# V4L2_PIX_FMT_SPCA505 : 12 'S505'
# V4L2_PIX_FMT_SPCA508 : 13 'S508'
# V4L2_PIX_FMT_UYVY : 14 'UYVY'
# V4L2_PIX_FMT_YUYV : 15 'YUYV'
# V4L2_PIX_FMT_YUV422P : 16 '422P'
# V4L2_PIX_FMT_YUV420 : 17 'YU12'
#
v4l2_palette 17
# Tuner device to be used for capturing using tuner as source (default /dev/tuner0)
# This is ONLY used for FreeBSD. Leave it commented out for Linux
; tunerdevice /dev/tuner0
# The video input to be used (default: -1)
# Should normally be set to 0 or 1 for video/TV cards, and -1 for USB cameras
# Set to 0 for uvideo(4) on OpenBSD
input -1
# The video norm to use (only for video capture and TV tuner cards)
# Values: 0 (PAL), 1 (NTSC), 2 (SECAM), 3 (PAL NC no colour). Default: 0 (PAL)
norm 0
# The frequency to set the tuner to (kHz) (only for TV tuner cards) (default: 0)
frequency 0
# Override the power line frequency for the webcam. (normally not necessary)
# Values:
# -1 : Do not modify device setting
# 0 : Power line frequency Disabled
# 1 : 50hz
# 2 : 60hz
# 3 : Auto
power_line_frequency -1
# Rotate image this number of degrees. The rotation affects all saved images as
# well as movies. Valid values: 0 (default = no rotation), 90, 180 and 270.
rotate 0
# Image width (pixels). Valid range: Camera dependent, default: 352
width 640
# Image height (pixels). Valid range: Camera dependent, default: 288
height 480
# Maximum number of frames to be captured per second.
# Valid range: 2-100. Default: 100 (almost no limit).
framerate 100
# Minimum time in seconds between capturing picture frames from the camera.
# Default: 0 = disabled - the capture rate is given by the camera framerate.
# This option is used when you want to capture images at a rate lower than 2 per second.
minimum_frame_time 0
# URL to use if you are using a network camera, size will be autodetected (incl http:// ftp:// mjpg:// rtsp:// mjpeg:// or file:///)
# Must be a URL that returns single jpeg pictures or a raw mjpeg stream. A trailing slash may be required for some cameras.
# Default: Not defined
; netcam_url value
# Username and password for network camera (only if required). Default: not defined
# Syntax is user:password
; netcam_userpass value
# The setting for keep-alive of network socket, should improve performance on compatible net cameras.
# off: The historical implementation using HTTP/1.0, closing the socket after each http request.
# force: Use HTTP/1.0 requests with keep alive header to reuse the same connection.
# on: Use HTTP/1.1 requests that support keep alive as default.
# Default: off
netcam_keepalive off
# URL to use for a netcam proxy server, if required, e.g. "http://myproxy".
# If a port number other than 80 is needed, use "http://myproxy:1234".
# Default: not defined
; netcam_proxy value
# Set less strict jpeg checks for network cameras with a poor/buggy firmware.
# Default: off
netcam_tolerant_check off
# RTSP connection uses TCP to communicate to the camera. Can prevent image corruption.
# Default: on
rtsp_uses_tcp on
# Name of camera to use if you are using a camera accessed through OpenMax/MMAL
# Default: Not defined
; mmalcam_name vc.ril.camera
# Camera control parameters (see raspivid/raspistill tool documentation)
# Default: Not defined
; mmalcam_control_params -hf
# Let motion regulate the brightness of a video device (default: off).
# The auto_brightness feature uses the brightness option as its target value.
# If brightness is zero auto_brightness will adjust to average brightness value 128.
# Only recommended for cameras without auto brightness
auto_brightness off
# Set the initial brightness of a video device.
# If auto_brightness is enabled, this value defines the average brightness level
# which Motion will try and adjust to.
# Valid range 0-255, default 0 = disabled
brightness 0
# Set the contrast of a video device.
# Valid range 0-255, default 0 = disabled
contrast 0
# Set the saturation of a video device.
# Valid range 0-255, default 0 = disabled
saturation 0
# Set the hue of a video device (NTSC feature).
# Valid range 0-255, default 0 = disabled
hue 0
############################################################
# Round Robin (multiple inputs on same video device name)
############################################################
# Number of frames to capture in each roundrobin step (default: 1)
roundrobin_frames 1
# Number of frames to skip before each roundrobin step (default: 1)
roundrobin_skip 1
# Try to filter out noise generated by roundrobin (default: off)
switchfilter off
############################################################
# Motion Detection Settings:
############################################################
# Threshold for number of changed pixels in an image that
# triggers motion detection (default: 1500)
threshold 1500
# Automatically tune the threshold down if possible (default: off)
threshold_tune off
# Noise threshold for the motion detection (default: 32)
noise_level 32
# Automatically tune the noise threshold (default: on)
noise_tune on
# Despeckle motion image using (e)rode or (d)ilate or (l)abel (Default: not defined)
# Recommended value is EedDl. Any combination (and number of) of E, e, d, and D is valid.
# (l)abeling must only be used once and the 'l' must be the last letter.
# Comment out to disable
despeckle_filter EedDl
# Detect motion in predefined areas (1 - 9). Areas are numbered like that: 1 2 3
# A script (on_area_detected) is started immediately when motion is 4 5 6
# detected in one of the given areas, but only once during an event. 7 8 9
# One or more areas can be specified with this option. Take care: This option
# does NOT restrict detection to these areas! (Default: not defined)
; area_detect value
# PGM file to use as a sensitivity mask.
# Full path name to. (Default: not defined)
; mask_file value
# Dynamically create a mask file during operation (default: 0)
# Adjust speed of mask changes from 0 (off) to 10 (fast)
smart_mask_speed 0
# Ignore sudden massive light intensity changes given as a percentage of the picture
# area that changed intensity. Valid range: 0 - 100 , default: 0 = disabled
lightswitch 0
# Picture frames must contain motion at least the specified number of frames
# in a row before they are detected as true motion. At the default of 1, all
# motion is detected. Valid range: 1 to thousands, recommended 1-5
minimum_motion_frames 1
# Specifies the number of pre-captured (buffered) pictures from before motion
# was detected that will be output at motion detection.
# Recommended range: 0 to 5 (default: 0)
# Do not use large values! Large values will cause Motion to skip video frames and
# cause unsmooth movies. To smooth movies use larger values of post_capture instead.
pre_capture 0
# Number of frames to capture after motion is no longer detected (default: 0)
post_capture 0
# Event Gap is the seconds of no motion detection that triggers the end of an event.
# An event is defined as a series of motion images taken within a short timeframe.
# Recommended value is 60 seconds (Default). The value -1 is allowed and disables
# events causing all Motion to be written to one single movie file and no pre_capture.
# If set to 0, motion is running in gapless mode. Movies don't have gaps anymore. An
# event ends right after no more motion is detected and post_capture is over.
event_gap 60
# Maximum length in seconds of a movie
# When value is exceeded a new movie file is created. (Default: 0 = infinite)
max_movie_time 0
# Always save images even if there was no motion (default: off)
emulate_motion off
############################################################
# Image File Output
############################################################
# Output 'normal' pictures when motion is detected (default: on)
# Valid values: on, off, first, best, center
# When set to 'first', only the first picture of an event is saved.
# Picture with most motion of an event is saved when set to 'best'.
# Picture with motion nearest center of picture is saved when set to 'center'.
# Can be used as preview shot for the corresponding movie.
output_pictures off
# Output pictures with only the pixels moving object (ghost images) (default: off)
output_debug_pictures off
# The quality (in percent) to be used by the jpeg compression (default: 75)
quality 75
# Type of output images
# Valid values: jpeg, ppm (default: jpeg)
picture_type jpeg
############################################################
# FFMPEG related options
# Film (movies) file output, and deinterlacing of the video input
# The options movie_filename and timelapse_filename are also used
# by the ffmpeg feature
############################################################
# Use ffmpeg to encode movies in realtime (default: off)
ffmpeg_output_movies off
# Use ffmpeg to make movies with only the pixels moving
# object (ghost images) (default: off)
ffmpeg_output_debug_movies off
# Use ffmpeg to encode a timelapse movie
# Default value 0 = off - else save frame every Nth second
ffmpeg_timelapse 0
# The file rollover mode of the timelapse video
# Valid values: hourly, daily (default), weekly-sunday, weekly-monday, monthly, manual
ffmpeg_timelapse_mode daily
# Bitrate to be used by the ffmpeg encoder (default: 400000)
# This option is ignored if ffmpeg_variable_bitrate is not 0 (disabled)
ffmpeg_bps 400000
# Enables and defines variable bitrate for the ffmpeg encoder.
# ffmpeg_bps is ignored if variable bitrate is enabled.
# Valid values: 0 (default) = fixed bitrate defined by ffmpeg_bps,
# or the range 1 - 100 where 1 means worst quality and 100 is best.
ffmpeg_variable_bitrate 0
# Codec to used by ffmpeg for the video compression.
# Timelapse videos have two options.
# mpg - Creates mpg file with mpeg-2 encoding.
# If motion is shutdown and restarted, new pics will be appended
# to any previously created file with name indicated for timelapse.
# mpeg4 - Creates avi file with the default encoding.
# If motion is shutdown and restarted, new pics will create a
# new file with the name indicated for timelapse.
# Supported formats are:
# mpeg4 or msmpeg4 - gives you files with extension .avi
# msmpeg4 is recommended for use with Windows Media Player because
# it requires no installation of codec on the Windows client.
# swf - gives you a flash film with extension .swf
# flv - gives you a flash video with extension .flv
# ffv1 - FF video codec 1 for Lossless Encoding
# mov - QuickTime
# mp4 - MPEG-4 Part 14 H264 encoding
# mkv - Matroska H264 encoding
# hevc - H.265 / HEVC (High Efficiency Video Coding)
ffmpeg_video_codec mpeg4
# When creating videos, should frames be duplicated in order
# to keep up with the requested frames per second
# (default: true)
ffmpeg_duplicate_frames true
############################################################
# SDL Window
############################################################
# Number of motion thread to show in SDL Window (default: 0 = disabled)
#sdl_threadnr 0
############################################################
# External pipe to video encoder
# Replacement for FFMPEG builtin encoder for ffmpeg_output_movies only.
# The options movie_filename and timelapse_filename are also used
# by the ffmpeg feature
#############################################################
# Bool to enable or disable extpipe (default: off)
use_extpipe off
# External program (full path and opts) to pipe raw video to
# Generally, use '-' for STDIN...
;extpipe mencoder -demuxer rawvideo -rawvideo w=%w:h=%h:i420 -ovc x264 -x264encopts bframes=4:frameref=1:subq=1:scenecut=-1:nob_adapt:threads=1:keyint=1000:8x8dct:vbv_bufsize=4000:crf=24:partitions=i8x8,i4x4:vbv_maxrate=800:no-chroma-me -vf denoise3d=16:12:48:4,pp=lb -of avi -o %f.avi - -fps %fps
;extpipe x264 - --input-res %wx%h --fps %fps --bitrate 2000 --preset ultrafast --quiet -o %f.mp4
;extpipe mencoder -demuxer rawvideo -rawvideo w=%w:h=%h:fps=%fps -ovc x264 -x264encopts preset=ultrafast -of lavf -o %f.mp4 - -fps %fps
;extpipe ffmpeg -y -f rawvideo -pix_fmt yuv420p -video_size %wx%h -framerate %fps -i pipe:0 -vcodec libx264 -preset ultrafast -f mp4 %f.mp4
############################################################
# Snapshots (Traditional Periodic Webcam File Output)
############################################################
# Make automated snapshot every N seconds (default: 0 = disabled)
snapshot_interval 0
############################################################
# Text Display
# %Y = year, %m = month, %d = date,
# %H = hour, %M = minute, %S = second, %T = HH:MM:SS,
# %v = event, %q = frame number, %t = camera id number,
# %D = changed pixels, %N = noise level, \n = new line,
# %i and %J = width and height of motion area,
# %K and %L = X and Y coordinates of motion center
# %C = value defined by text_event - do not use with text_event!
# You can put quotation marks around the text to allow
# leading spaces
############################################################
# Locate and draw a box around the moving object.
# Valid values: on, off, preview (default: off)
# Set to 'preview' will only draw a box in preview_shot pictures.
locate_motion_mode off
# Set the look and style of the locate box if enabled.
# Valid values: box, redbox, cross, redcross (default: box)
# Set to 'box' will draw the traditional box.
# Set to 'redbox' will draw a red box.
# Set to 'cross' will draw a little cross to mark center.
# Set to 'redcross' will draw a little red cross to mark center.
locate_motion_style box
# Draws the timestamp using same options as C function strftime(3)
# Default: %Y-%m-%d\n%T = date in ISO format and time in 24 hour clock
# Text is placed in lower right corner
text_right %Y-%m-%d\n%T-%q
# Draw a user defined text on the images using same options as C function strftime(3)
# Default: Not defined = no text
# Text is placed in lower left corner
; text_left CAMERA %t
# Draw the number of changed pixed on the images (default: off)
# Will normally be set to off except when you setup and adjust the motion settings
# Text is placed in upper right corner
text_changes off
# This option defines the value of the special event conversion specifier %C
# You can use any conversion specifier in this option except %C. Date and time
# values are from the timestamp of the first image in the current event.
# Default: %Y%m%d%H%M%S
# The idea is that %C can be used filenames and text_left/right for creating
# a unique identifier for each event.
text_event %Y%m%d%H%M%S
# Draw characters at twice normal size on images. (default: off)
text_double off
# Text to include in a JPEG EXIF comment
# May be any text, including conversion specifiers.
# The EXIF timestamp is included independent of this text.
;exif_text %i%J/%K%L
############################################################
# Target Directories and filenames For Images And Films
# For the options snapshot_, picture_, movie_ and timelapse_filename
# you can use conversion specifiers
# %Y = year, %m = month, %d = date,
# %H = hour, %M = minute, %S = second,
# %v = event, %q = frame number, %t = camera id number,
# %D = changed pixels, %N = noise level,
# %i and %J = width and height of motion area,
# %K and %L = X and Y coordinates of motion center
# %C = value defined by text_event
# Quotation marks round string are allowed.
############################################################
# Target base directory for pictures and films
# Recommended to use absolute path. (Default: current working directory)
target_dir /var/run/motion/capture
# File path for snapshots (jpeg or ppm) relative to target_dir
# Default: %v-%Y%m%d%H%M%S-snapshot
# Default value is equivalent to legacy oldlayout option
# For Motion 3.0 compatible mode choose: %Y/%m/%d/%H/%M/%S-snapshot
# File extension .jpg or .ppm is automatically added so do not include this.
# Note: A symbolic link called lastsnap.jpg created in the target_dir will always
# point to the latest snapshot, unless snapshot_filename is exactly 'lastsnap'
snapshot_filename %v-%Y%m%d%H%M%S-snapshot
# File path for motion triggered images (jpeg or ppm) relative to target_dir
# Default: %v-%Y%m%d%H%M%S-%q
# Default value is equivalent to legacy oldlayout option
# For Motion 3.0 compatible mode choose: %Y/%m/%d/%H/%M/%S-%q
# File extension .jpg or .ppm is automatically added so do not include this
# Set to 'preview' together with best-preview feature enables special naming
# convention for preview shots. See motion guide for details
picture_filename %v-%Y%m%d%H%M%S-%q
# File path for motion triggered ffmpeg films (movies) relative to target_dir
# Default: %v-%Y%m%d%H%M%S
# File extensions(.mpg .avi) are automatically added so do not include them
movie_filename %v-%Y%m%d%H%M%S
# File path for timelapse movies relative to target_dir
# Default: %Y%m%d-timelapse
# File extensions(.mpg .avi) are automatically added so do not include them
timelapse_filename %Y%m%d-timelapse
############################################################
# Global Network Options
############################################################
# Enable IPv6 (default: off)
ipv6_enabled off
############################################################
# Live Stream Server
############################################################
# The mini-http server listens to this port for requests (default: 0 = disabled)
stream_port 8081
# Quality of the jpeg (in percent) images produced (default: 50)
stream_quality 50
# Output frames at 1 fps when no motion is detected and increase to the
# rate given by stream_maxrate when motion is detected (default: off)
stream_motion off
# Maximum framerate for stream streams (default: 1)
stream_maxrate 1
# Restrict stream connections to localhost only (default: on)
stream_localhost off
# Limits the number of images per connection (default: 0 = unlimited)
# Number can be defined by multiplying actual stream rate by desired number of seconds
# Actual stream rate is the smallest of the numbers framerate and stream_maxrate
stream_limit 0
# Set the authentication method (default: 0)
# 0 = disabled
# 1 = Basic authentication
# 2 = MD5 digest (the safer authentication)
stream_auth_method 0
# Authentication for the stream. Syntax username:password
# Default: not defined (Disabled)
; stream_authentication username:password
# Percentage to scale the stream image for preview
# Default: 25
; stream_preview_scale 25
# Have stream preview image start on a new line
# Default: no
; stream_preview_newline no
############################################################
# HTTP Based Control
############################################################
# TCP/IP port for the http server to listen on (default: 0 = disabled)
webcontrol_port 8080
# Restrict control connections to localhost only (default: on)
webcontrol_localhost on
# Output for http server, select off to choose raw text plain (default: on)
webcontrol_html_output on
# Authentication for the http based control. Syntax username:password
# Default: not defined (Disabled)
; webcontrol_authentication username:password
############################################################
# Tracking (Pan/Tilt)
#############################################################
# Type of tracker (0=none (default), 1=stepper, 2=iomojo, 3=pwc, 4=generic, 5=uvcvideo, 6=servo)
# The generic type enables the definition of motion center and motion size to
# be used with the conversion specifiers for options like on_motion_detected
track_type 0
# Enable auto tracking (default: off)
track_auto off
# Serial port of motor (default: none)
;track_port /dev/ttyS0
# Motor number for x-axis (default: 0)
;track_motorx 0
# Set motorx reverse (default: 0)
;track_motorx_reverse 0
# Motor number for y-axis (default: 0)
;track_motory 1
# Set motory reverse (default: 0)
;track_motory_reverse 0
# Maximum value on x-axis (default: 0)
;track_maxx 200
# Minimum value on x-axis (default: 0)
;track_minx 50
# Maximum value on y-axis (default: 0)
;track_maxy 200
# Minimum value on y-axis (default: 0)
;track_miny 50
# Center value on x-axis (default: 0)
;track_homex 128
# Center value on y-axis (default: 0)
;track_homey 128
# ID of an iomojo camera if used (default: 0)
track_iomojo_id 0
# Angle in degrees the camera moves per step on the X-axis
# with auto-track (default: 10)
# Currently only used with pwc type cameras
track_step_angle_x 10
# Angle in degrees the camera moves per step on the Y-axis
# with auto-track (default: 10)
# Currently only used with pwc type cameras
track_step_angle_y 10
# Delay to wait for after tracking movement as number
# of picture frames (default: 10)
track_move_wait 10
# Speed to set the motor to (stepper motor option) (default: 255)
track_speed 255
# Number of steps to make (stepper motor option) (default: 40)
track_stepsize 40
############################################################
# External Commands, Warnings and Logging:
# You can use conversion specifiers for the on_xxxx commands
# %Y = year, %m = month, %d = date,
# %H = hour, %M = minute, %S = second,
# %v = event, %q = frame number, %t = camera id number,
# %D = changed pixels, %N = noise level,
# %i and %J = width and height of motion area,
# %K and %L = X and Y coordinates of motion center
# %C = value defined by text_event
# %f = filename with full path
# %n = number indicating filetype
# Both %f and %n are only defined for on_picture_save,
# on_movie_start and on_movie_end
# Quotation marks round string are allowed.
############################################################
# Do not sound beeps when detecting motion (default: on)
# Note: Motion never beeps when running in daemon mode.
quiet on
# Command to be executed when an event starts. (default: none)
# An event starts at first motion detected after a period of no motion defined by event_gap
; on_event_start value
# Command to be executed when an event ends after a period of no motion
# (default: none). The period of no motion is defined by option event_gap.
; on_event_end value
# Command to be executed when a picture (.ppm|.jpg) is saved (default: none)
# To give the filename as an argument to a command append it with %f
; on_picture_save value
# Command to be executed when a motion frame is detected (default: none)
; on_motion_detected value
# Command to be executed when motion in a predefined area is detected
# Check option 'area_detect'. (default: none)
; on_area_detected value
# Command to be executed when a movie file (.mpg|.avi) is created. (default: none)
# To give the filename as an argument to a command append it with %f
; on_movie_start value
# Command to be executed when a movie file (.mpg|.avi) is closed. (default: none)
# To give the filename as an argument to a command append it with %f
; on_movie_end value
# Command to be executed when a camera can't be opened or if it is lost
# NOTE: There is situations when motion don't detect a lost camera!
# It depends on the driver, some drivers dosn't detect a lost camera at all
# Some hangs the motion thread. Some even hangs the PC! (default: none)
; on_camera_lost value
#####################################################################
# Common Options for database features.
# Options require database options to be active also.
#####################################################################
# Log to the database when creating motion triggered picture file (default: on)
; sql_log_picture on
# Log to the database when creating a snapshot image file (default: on)
; sql_log_snapshot on
# Log to the database when creating motion triggered movie file (default: off)
; sql_log_movie off
# Log to the database when creating timelapse movies file (default: off)
; sql_log_timelapse off
# SQL query string that is sent to the database
# Use same conversion specifiers has for text features
# Additional special conversion specifiers are
# %n = the number representing the file_type
# %f = filename with full path
# Default value:
# Create tables :
##
# Mysql
# CREATE TABLE security (camera int, filename char(80) not null, frame int, file_type int, time_stamp timestamp(14), event_time_stamp timestamp(14));
#
# Postgresql
# CREATE TABLE security (camera int, filename char(80) not null, frame int, file_type int, time_stamp timestamp without time zone, event_time_stamp timestamp without time zone);
#
# insert into security(camera, filename, frame, file_type, time_stamp, text_event) values('%t', '%f', '%q', '%n', '%Y-%m-%d %T', '%C')
; sql_query insert into security(camera, filename, frame, file_type, time_stamp, event_time_stamp) values('%t', '%f', '%q', '%n', '%Y-%m-%d %T', '%C')
############################################################
# Database Options
############################################################
# database type : mysql, postgresql, sqlite3 (default : not defined)
; database_type value
# database to log to (default: not defined)
# for sqlite3, the full path and name for the database.
; database_dbname value
# The host on which the database is located (default: localhost)
; database_host value
# User account name for database (default: not defined)
; database_user value
# User password for database (default: not defined)
; database_password value
# Port on which the database is located
# mysql 3306 , postgresql 5432 (default: not defined)
; database_port value
# Database wait time in milliseconds for locked database to
# be unlocked before returning database locked error (default 0)
; database_busy_timeout 0
############################################################
# Video Loopback Device (vloopback project)
############################################################
# Output images to a video4linux loopback device
# The value '-' means next available (default: not defined)
; video_pipe value
# Output motion images to a video4linux loopback device
# The value '-' means next available (default: not defined)
; motion_video_pipe value
##############################################################
# camera config files - One for each camera.
# Except if only one camera - You only need this config file.
# If you have more than one camera you MUST define one camera
# config file for each camera in addition to this config file.
##############################################################
# Remember: If you have more than one camera you must have one
# camera file for each camera. E.g. 2 cameras requires 3 files:
# This motion.conf file AND camera1.conf and camera2.conf.
# Only put the options that are unique to each camera in the
# camera config files.
; camera /etc/motion/camera1.conf
; camera /etc/motion/camera2.conf
; camera /etc/motion/camera3.conf
; camera /etc/motion/camera4.conf
##############################################################
# Camera config directory - One for each camera.
##############################################################
#
; camera_dir /etc/motion/conf.d

View File

@ -0,0 +1,3 @@
deb http://raspbian.raspberrypi.org/raspbian/ bullseye main contrib non-free rpi
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
#deb-src http://raspbian.raspberrypi.org/raspbian/ bullseye main contrib non-free rpi

View File

@ -1,15 +1,24 @@
---
- name: Update the apt sources
become: yes
copy:
src: "sources.list"
dest: "/etc/apt/sources.list"
- name: Geth-Hub packages
become: yes
package:
name:
- motion
- lirc
- libcamera-apps
- ir-keytable
state: present
update_cache: yes
- name: Copy the SSH key
authorized_key:
user: "{{ depriv_user | default('pi') }}"
user: "{{ ansible_user_id }}"
state: present
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/geth.pub') }}"
@ -17,27 +26,53 @@
become: yes
register: motion_config
copy:
src: "motion.conf"
src: "motion.conf/{{ inventory_hostname }}"
dest: "/etc/motion/motion.conf"
- name: Create motion log folder
become: yes
file:
path: "{{ item }}"
state: directory
owner: motion
group: motion
mode: 0750
loop:
- "/var/log/motion"
- "/var/run/motion"
- name: Restart the motion service
become: yes
when: motion_config.changed
when: motion_config.changed and motion_enabled
service:
name: motion
state: restarted
enabled: yes
- name: Allow override of motion service
become: yes
when: not motion_enabled
service:
name: motion
state: stopped
enabled: no
# Thanks to https://wiki.geekworm.com/Raspberry_Pi_IR_Control_Expansion_Board for instructions setting up lirc
- name: Set the dtoverlay
become: yes
lineinfile:
register: dtoverlay
blockinfile:
path: "/boot/config.txt"
regexp: "^dtoverlay="
line: "dtoverlay=lirc-rpi,gpio_in_pin={{ gpio_in_pin | default('18') }},gpio_out_pin={{ gpio_out_pin | default('17') }}"
insertafter: EOF
marker: "# {mark} Ubiqtorate Managed Block"
block: |
dtoverlay=gpio-ir,gpio_pin={{ gpio_in_pin | default('18') }}
dtoverlay=gpio-ir-tx,gpio_pin={{ gpio_out_pin | default('17') }}
- name: Set the dtparam
become: yes
register: dtparam
lineinfile:
path: "/boot/config.txt"
regexp: "^dtparam="
@ -45,10 +80,28 @@
- name: Copy the modules config
become: yes
register: modules_config
template:
src: "modules.j2"
dest: "/etc/modules"
- name: Copy the modules config, part 2
become: yes
register: modules_config_2
template:
src: "lirc_rpi.conf.j2"
dest: "/etc/modprobe.d/lirc_rpi.conf"
- name: Reboot if needed
become: yes
when: modules_config.changed or dtparam.changed or dtoverlay.changed or modules_config_2.changed
reboot:
- name: Wait if needed
become: yes
when: modules_config.changed or dtparam.changed or dtoverlay.changed or modules_config_2.changed
wait_for_connection:
- name: Copy lircd supplemental config
register: lircd_supp_config
become: yes
@ -60,13 +113,13 @@
register: lircd_remote_config
become: yes
copy:
src: "lircd.conf.{{ inventory_hostname }}"
src: "lircd.conf/{{ inventory_hostname }}"
dest: /etc/lircd.conf
- name: Start the services
when: lircd_supp_config.changed or lircd_remote_config.changed
become: yes
service:
name: lirc
name: lircd
state: restarted
enabled: yes

View File

@ -0,0 +1 @@
options gpio_ir_recv gpio_in_pin={{ gpio_in_pin | default('18') }} gpio_out_pin={{ gpio_out_pin | default('17') }}

View File

@ -1,34 +0,0 @@
dhcp-range=10.0.1.224,10.0.1.254,255.255.255.0,12h
dhcp-option=option:router,10.0.1.1
dhcp-option=option:dns-server,10.0.1.7
dhcp-range=10.0.1.1,10.0.1.223,255.255.255.0,12h
dhcp-host=B8:27:EB:B6:AA:0C,10.0.1.2
dhcp-host=B8:27:EB:B6:AA:0C,10.0.1.3
dhcp-host=B8:27:EB:B6:AA:0C,10.0.1.4
dhcp-host=B8:27:EB:B6:AA:0C,10.0.1.5
dhcp-host=B8:27:EB:B6:AA:0C,10.0.1.6
dhcp-host=B8:27:EB:B6:AA:0C,10.0.1.7
dhcp-host=00:15:5D:01:02:05,10.0.1.8
dhcp-host=00:15:5D:01:02:04,10.0.1.9
dhcp-host=00:15:5d:01:02:06,10.0.1.10
dhcp-host=00:15:5d:01:02:07,10.0.1.11
dhcp-host=00:25:90:0d:6e:86,10.0.1.12
dhcp-host=84:16:F9:14:15:C5,10.0.1.16
dhcp-host=84:16:F9:13:B6:E6,10.0.1.17
dhcp-host=00:15:5d:01:02:08,10.0.1.24
dhcp-host=00:15:5d:01:02:09,10.0.1.25
dhcp-host=aa:aa:aa:aa:aa:aa,10.0.1.32
dhcp-host=34:f6:4b:36:12:8f,10.0.1.33
dhcp-host=64:C2:DE:78:BB:40,10.0.1.34
dhcp-host=64:C2:DE:0C:AB:0D,10.0.1.35
dhcp-host=00:1F:BC:10:1C:F7,10.0.1.36
dhcp-host=2c:30:33:64:f4:03,10.0.1.1
dhcp-host=00:80:92:77:CE:E4,10.0.1.37
dhcp-host=00:25:90:0D:82:5B,10.0.1.38
dhcp-host=00:25:90:3E:C6:8C,10.0.1.39
dhcp-host=9c:a3:aa:33:a3:99,10.0.1.40
dhcp-host=64:16:66:08:57:F5,10.0.2.2
dhcp-host=18:B4:30:2F:F1:37,10.0.2.3
dhcp-host=64:52:99:14:28:2B,10.0.2.4
dhcp-host=40:9F:38:95:06:34,10.0.2.5

View File

@ -1,29 +0,0 @@
10.0.1.2 Nazara.MSN0.AniNIX.net Nazara
10.0.1.3 Node-1.MSN0.AniNIX.net Node-1
10.0.1.4 Node-2.MSN0.AniNIX.net Node-2
10.0.1.5 Node-3.MSN0.AniNIX.net Node-3
10.0.1.6 Node-4.MSN0.AniNIX.net Node-4
10.0.1.7 Node-5.MSN0.AniNIX.net Node-5
10.0.1.8 Sharingan.MSN0.AniNIX.net Sharingan
10.0.1.9 DarkNet.MSN0.AniNIX.net DarkNet
10.0.1.10 Maat.MSN0.AniNIX.net Maat
10.0.1.11 Aether.MSN0.AniNIX.net Aether
10.0.1.12 Core.MSN0.AniNIX.net Core
10.0.1.16 Geth-Hub-1.MSN0.AniNIX.net Geth-Hub-1
10.0.1.17 Geth-Hub-2.MSN0.AniNIX.net Geth-Hub-2
10.0.1.24 DedNet.MSN0.AniNIX.net DedNet
10.0.1.25 Geth.MSN0.AniNIX.net Geth
10.0.1.32 Tachikoma.MSN0.AniNIX.net Tachikoma
10.0.1.33 Dedsec.MSN0.AniNIX.net Dedsec
10.0.1.34 DarkFeather.MSN0.AniNIX.net DarkFeather
10.0.1.35 Lykos.MSN0.AniNIX.net Lykos
10.0.1.36 Games.MSN0.AniNIX.net Games
10.0.1.1 Shadowfeed.MSN0.AniNIX.net Shadowfeed
10.0.1.37 Print.MSN0.AniNIX.net Print
10.0.1.38 Core-Console.MSN0.AniNIX.net Core-Console
10.0.1.39 Maat-Console.MSN0.AniNIX.net Maat-Console
10.0.1.40 Geth-Eyes.MSN0.AniNIX.net Geth-Eyes
10.0.2.2 LinKeuei.MSN0.AniNIX.net LinKeuei
10.0.2.3 Canary.MSN0.AniNIX.net Canary
10.0.2.4 Charon.MSN0.AniNIX.net Charon
10.0.2.5 Skitarii-1.MSN0.AniNIX.net Skitarii-1

55
roles/Node/tasks/main.yml Normal file
View File

@ -0,0 +1,55 @@
---
- name: Generate VM service files from inventory
delegate_to: localhost
register: systemd_files
run_once: true
command: "python3 ../bin/generate-systemd-vms.py {{ inventory_file }}"
- name: Install virtualization packages
become: yes
package:
name:
- edk2-ovmf
- qemu-headless
- ddrescue
state: present
- name: Copy VM definitions
become: yes
register: vmdefs
copy:
src: vm-definitions/
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0644
- name: Reload systemd daemon
become: yes
when: vmdefs.changed
systemd:
daemon_reload: yes
- name: QEMU Bridge Config
become: yes
copy:
src: bridge.conf
dest: /etc/qemu/bridge.conf
owner: root
group: root
mode: 0644
- name: System bridge interface
become: yes
register: br0
copy:
src: br0
dest: /etc/netctl/br0
owner: root
group: root
mode: 0644
- name: Enable bridge
become: yes
when: br0.changed
command: "/bin/bash -l -c 'netctl enable br0 && netctl restart br0'"

View File

@ -0,0 +1,14 @@
[Unit]
Description=AniNIX/{{ inventory_hostname }}
After=network.target
[Service]
ExecStart=/usr/sbin/qemu-system-x86_64 -name AniNIX/{{ inventory_hostname }} -machine type=pc,accel=kvm -bios /usr/share/edk2-ovmf/x64/OVMF.fd -cpu host -smp {{ cores }} {{ disks }} -net nic,macaddr={{ mac }},model=virtio -net bridge,br={{ bridge }} -vga std -nographic -vnc :{{ vnc }} -m size={{ memory }}G -device virtio-rng-pci
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
User=root
Group=root
[Install]
WantedBy=multi-user.target

11
roles/SSL/files/certbot.service Executable file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Certbot
[Service]
ExecStart=certbot renew -w /var/lib/letsencrypt/ --preferred-chain "ISRG Root X1"
ExecStartPost=/usr/bin/systemctl reload openresty
KillMode=process
Type=oneshot
RemainAfterExit=no
User=root
Group=root

10
roles/SSL/files/certbot.timer Executable file
View File

@ -0,0 +1,10 @@
[Unit]
Description=Certbot
[Timer]
OnCalendar=Sat *-*-* 00:00
AccuracySec=1us
Persistent=true
[Install]
WantedBy=timers.target

View File

@ -1,24 +0,0 @@
#!/bin/bash
if [ `whoami` != 'root' ]; then
sudo $0 $@
exit
fi
domain="$1"
certbot certonly -d ${domain} -d "*.${domain}" --manual --force-interactive --reuse-key
cat /etc/letsencrypt/live/${domain}/cert.pem /etc/letsencrypt/live/${domain}/privkey.pem > /etc/letsencrypt/live/${domain}/certkey.pem
# PKCS12 for Emby
echo | openssl pkcs12 -password stdin -export -out /etc/letsencrypt/live/${domain}/ssl.pfx -inkey /etc/letsencrypt/live/${domain}/privkey.pem -in /etc/letsencrypt/live/${domain}/cert.pem -certfile /etc/letsencrypt/live/${domain}/fullchain.pem
cat /etc/letsencrypt/live/${domain}/ssl.pfx > /var/lib/emby/ssl/yggdrasil.pfx
systemctl restart webserver
systemctl restart yggdrasil
echo
echo "Don't forget to send \`/raw reloadmodule m_ssl_openssl.so\` to a NetAdmin session on AniNIX/IRC"
echo Add these to the TLSA records for the domain
bash ./tlsa-generation.bash

View File

@ -1,4 +0,0 @@
#!/bin/bash
openssl x509 -in /etc/letsencrypt/live/aninix.net/chain.pem -noout -pubkey | openssl rsa -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "le-ca TLSA 2 1 1", $NF}'
openssl x509 -in /etc/letsencrypt/live/aninix.net/cert.pem -noout -pubkey | openssl rsa -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "cert TLSA 3 1 1", $NF}'

View File

@ -6,3 +6,60 @@
name:
- certbot
- openssl
- name: Services
become: yes
register: services
copy:
src: "{{ item }}"
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0644
loop:
- "certbot.service"
- "certbot.timer"
- name: Enable timer
when: services.changed
systemd:
daemon_reload: yes
name: certbot.timer
enabled: yes
state: started
- name: Create letsencrypt folder
become: yes
file:
path: /var/lib/letsencrypt
owner: root
group: http
mode: 2755
- name: Copy TLSA script
become: yes
template:
src: tlsa-generation.bash.j2
dest: /usr/local/sbin/tlsa-generation.bash
owner: root
group: root
mode: 0700
- name: Get proposed TLSA records
become: yes
command: /usr/local/sbin/tlsa-generation.bash
register: tlsa_records
- name: Show proposed TLSA records
debug:
msg: "{{ tlsa_records.stdout_lines }}"
- name: Get TLSA records
delegate_to: localhost
run_once: yes
command: "/bin/bash -c 'printf _443._tcp\\ ; dig _443._tcp.{{ external_domain }} TLSA +short; printf _6697._tcp\\ ; dig _6697._tcp.{{ external_domain }} TLSA +short'"
register: ext_tlsa_records
- name: Show TLSA records
debug:
msg: "{{ ext_tlsa_records.stdout_lines }}"

View File

@ -0,0 +1,4 @@
#!/bin/bash
openssl x509 -in /etc/letsencrypt/live/{{ sslidentity }}/chain.pem -noout -pubkey | openssl rsa -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "le-ca TLSA 2 1 1", $NF}'
openssl x509 -in /etc/letsencrypt/live/{{ sslidentity}}/cert.pem -noout -pubkey | openssl rsa -pubin -outform DER | openssl dgst -sha256 -hex | awk '{print "cert TLSA 3 1 1", $NF}'

View File

@ -0,0 +1 @@
This role expands on the [AniNIX/ShadowArch](/AniNIX/ShadowArch) project for customizing ArchLinux to fit our needs. This role is intended to populate those settings driven from inventory data that can't be easily included in the package.

View File

@ -0,0 +1,7 @@
# Server list generated by rankmirrors on 2022-01-25
Server = http://mirrors.kernel.org/archlinux/$repo/os/$arch
Server = http://arch.hu.fo/archlinux/$repo/os/$arch
Server = http://il.us.mirror.archlinux-br.org/$repo/os/$arch
Server = http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch
Server = http://mirror.pit.teraswitch.com/archlinux/$repo/os/$arch
Server = http://mirrors.gigenet.com/archlinux/$repo/os/$arch

View File

@ -0,0 +1,5 @@
################################################################################
# Welcome to the AniNIX #
# #
# This is the network core VM. Let us know if services are gone or down. #
################################################################################

View File

@ -0,0 +1,5 @@
################################################################################
# AniNIX/DarkNet #
# #
# This is the network anonymization platform. Make sure VPN and TOR are up. #
################################################################################

View File

@ -0,0 +1,3 @@
# AniNIX/Geth Hardware Platform (Raspbian Rpi 1 B+) #

View File

@ -0,0 +1,3 @@
# AniNIX/Geth Hardware Platform (Raspbian Rpi 1 B+) #

View File

@ -0,0 +1,3 @@
# AniNIX/Geth Hardware Platform (Raspberry Pi 3 Model B Plus Rev 1.3) #

View File

@ -0,0 +1,5 @@
################################################################################
# AniNIX/Maat #
# #
# This is the network CI/CD platform. Check `systemctl status maat-builder` #
################################################################################

View File

@ -0,0 +1,5 @@
################################################################################
# AniNIX/Nazara #
# #
# This is the network DNS/DHCP service, using Raspberry Pi pihole, and bastion #
################################################################################

View File

@ -0,0 +1,6 @@
################################################################################
# AniNIX/Node0 #
# #
# This is the network virtualization platform. VMs can be found with this: #
# cd /usr/lib/systemd/system; ls -1 *vm.service | xargs -n 1 systemctl status #
################################################################################

View File

@ -0,0 +1,5 @@
################################################################################
# AniNIX/Sharingan #
# #
# This is the network monitoring platform. It will send alarms to #sharingan #
################################################################################

View File

@ -74,16 +74,16 @@ LocalFileSigLevel = Optional
#Include = /etc/pacman.d/mirrorlist
[core]
Include = /etc/pacman.d/mirrorlist
Include = /etc/pacman.d/mirrorlist.shadowarch
[extra]
Include = /etc/pacman.d/mirrorlist
Include = /etc/pacman.d/mirrorlist.shadowarch
#[community-testing]
#Include = /etc/pacman.d/mirrorlist
[community]
Include = /etc/pacman.d/mirrorlist
Include = /etc/pacman.d/mirrorlist.shadowarch
# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.
@ -92,7 +92,7 @@ Include = /etc/pacman.d/mirrorlist
#Include = /etc/pacman.d/mirrorlist
[multilib]
Include = /etc/pacman.d/mirrorlist
Include = /etc/pacman.d/mirrorlist.shadowarch
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.

View File

@ -0,0 +1,17 @@
# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
iface eth0 inet manual
auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant.conf

View File

@ -0,0 +1,3 @@
# interfaces(5) file used by ifup(8) and ifdown(8)
# Include files from /etc/network/interfaces.d:
source /etc/network/interfaces.d/*

View File

@ -0,0 +1,26 @@
---
- name: ArchLinux network packages
become: yes
package:
name:
- netctl
state: present
- name: Static ArchLinux network config
become: yes
when: static
template:
src: netctl-static.j2
dest: "/etc/netctl/{{ ipinterface }}"
- name: Dynamic ArchLinux network config
become: yes
when: static
template:
src: netctl-dhcp.j2
dest: "/etc/netctl/{{ ipinterface }}"
- name: Enable network config
become: yes
command: "netctl enable {{ ipinterface }}"

View File

@ -0,0 +1,29 @@
---
- name: Install DNS packages
become: yes
ignore_errors: yes
package:
name:
- bind
- net-tools
- iputils
state: present
- name: Set up /etc/resolv.conf
become: yes
copy:
dest: /etc/resolv.conf
content: "domain {{ replica_domain }}\nnameserver {{ dns }}\n"
owner: root
group: root
mode: 0644
- name: Set up /etc/hosts
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
lineinfile:
dest: /etc/hosts
regexp: '^127.0.0.1[ \t]+localhost'
line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
state: present

View File

@ -0,0 +1,190 @@
---
###
# This role installs the basic package and host setup for AniNIX operations.
# This is an AniNIX convention to allow password management by Ansible.
- name: Base packages
vars:
ansible_become_method: su
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
package:
name:
- bash
- sudo
- git
- tmux
- vim
- sysstat
- iotop
- lsof
- rsync
state: present
update_cache: yes
- name: Ensure deploy user has sudo permissions.
vars:
ansible_become_method: su
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
copy:
dest: /etc/sudoers.d/basics
content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"
- name: Ensure we include /etc/sudoers.d (Current)
vars:
ansible_become_method: su
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
when: ansible_architecture != "armv6l"
lineinfile:
path: /etc/sudoers
regexp: "includedir /etc/sudoers.d"
line: "@includedir /etc/sudoers.d"
- name: Ensure we include /etc/sudoers.d (Legacy)
vars:
ansible_become_method: su
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
when: ansible_architecture == "armv6l"
lineinfile:
path: /etc/sudoers
regexp: "includedir /etc/sudoers.d"
line: "#includedir /etc/sudoers.d"
- name: Test root password
ignore_errors: yes
register: root_password_test
vars:
ansible_become_method: su
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
command: id
- name: Define passwords
vars:
ansible_become_user: "root"
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
when: root_password_test.rc is not defined or root_password_test.rc != 0
command:
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ passwords[inventory_hostname] }}' '{{ passwords[inventory_hostname] }}' | passwd {{ item }}"
loop:
- root
- "{{ ansible_user_id }}"
- name: Set up pacman.conf
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
copy:
src: pacman.conf
dest: /etc/pacman.conf
owner: root
group: root
mode: 0644
when: ansible_os_family == "Archlinux"
- name: Generate mirrorlist
delegate_to: localhost
run_once: yes
command: "bash ../bin/generate-mirrorlist"
- name: Copy mirrorlist
become: yes
when: ansible_os_family == "Archlinux"
copy:
src: mirrorlist
dest: /etc/pacman.d/mirrorlist.shadowarch
owner: root
group: root
mode: 0644
- name: Set up apt sources.list
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
copy:
content: |
deb http://raspbian.raspberrypi.org/raspbian/ bullseye main contrib non-free rpi
# deb-src http://archive.raspbian.org/raspbian/ stretch main contrib non-free rpi
dest: /etc/apt/sources.list
owner: root
group: root
mode: 0644
when: ansible_os_family == "Debian"
- name: Install ShadowArch (ArchLinux)
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
pacman:
name: ShadowArch
state: present
update_cache: yes
when: ansible_os_family == "Archlinux"
- name: Set up AniNIX-specific repository location (Other)
when: ansible_os_family != "Archlinux"
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
file:
path: /opt/aninix
state: directory
- name: Download ShadowArch (Other)
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
ignore_errors: yes
git:
repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
dest: '/opt/aninix/ShadowArch'
update: yes
when: ansible_os_family != "Archlinux"
- name: Install ShadowArch (Other)
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
command:
chdir: '/opt/aninix/ShadowArch'
cmd: '/bin/bash -c "make install; /usr/local/sbin/shadowarch-sync"'
when: ansible_os_family != "Archlinux"
- name: Set up hostname
vars:
ansible_become_password: "{{ passwords[inventory_hostname] }}"
become: yes
hostname:
name: "{{ inventory_hostname }}.{{ replica_domain }}"
- name: Set Bash MOTD
become: yes
copy:
src: "motd/{{ inventory_hostname }}"
dest: /etc/bash.motd
owner: root
group: root
mode: 0644
- name: Nullify overall MOTD
become: yes
copy:
src: /dev/null
dest: /etc/motd
owner: root
group: root
mode: 0644
- include: archlinux-network.yml
when: ansible_os_family == "Archlinux"
- include: raspbian-network.yml
when: ansible_os_family == "Debian"
- include: dns.yml
- include: ntp.yml

View File

@ -0,0 +1,40 @@
---
- name: Set up time zone
become: yes
register: localtime
file:
src: "/usr/share/zoneinfo/{{ time_zone }}"
dest: /etc/localtime
state: link
- name: Remove legacy NTP services
become: yes
ignore_errors: yes
service:
name: "{{ item }}"
state: stopped
enabled: no
loop:
- ntpd
- openntpd
- name: Remove legacy NTP packages
become: yes
package:
name:
- ntp
- openntpd
state: absent
- name: Install NTP packages
become: yes
package:
name: chrony
state: present
- name: Start NTP service
become: yes
service:
name: chronyd
state: started
enabled: yes

View File

@ -0,0 +1,43 @@
---
- name: Rasbian network packages
become: yes
package:
name:
- netbase
state: present
- name: Rasbian network config
become: yes
when: not static
copy:
src: raspbian-interfaces
dest: "/etc/network/interfaces"
owner: root
group: root
mode: 0644
- name: Rasbian network config (static)
become: yes
when: static
template:
src: raspbian-static.j2
dest: "/etc/network/interfaces"
owner: root
group: root
mode: 0644
- name: Raspbian wireless
become: yes
command:
cmd: /bin/bash -c "wpa_passphrase {{ wireless_ssid }} '{{ passwords['Shadowfeed'] }}' > /etc/wpa_supplicant.conf"
creates: '/etc/wpa_supplicant.conf'
- name: Raspbian wireless hardening
become: yes
file:
path: '/etc/wpa_supplicant.conf'
state: file
owner: root
group: root
mode: 0600

View File

@ -0,0 +1,4 @@
Description='DHCP wired connection'
Interface={{ ipinterface }}
Connection=ethernet
IP=dhcp

View File

@ -0,0 +1,7 @@
Description='A basic static ethernet connection'
Interface={{ ipinterface }}
Connection=ethernet
IP=static
Address=('{{ ip }}/24')
Gateway='{{ router }}'
DNS=('{{ dns }}')

View File

@ -0,0 +1,20 @@
# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
iface {{ ipinterface }} inet static
address {{ ansible_host }}/{{ netmask }}
gateway {{ router }}
auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant.conf

View File

@ -0,0 +1,9 @@
check program anixix-HTTP with path "/usr/lib/monitoring-plugins/check_http -H aninix.net -e 301"
if status == 1 then exec "/usr/bin/bash /etc/monit.d/scripts/notify aninix.net HTTP is CRITICAL"
check program anixix-HTTPS with path "/usr/lib/monitoring-plugins/check_http -S -H aninix.net -e 200"
if status == 1 then exec "/usr/bin/bash /etc/monit.d/scripts/notify aninix.net HTTPS is CRITICAL"
check program foundation-HTTPS with path "/usr/lib/monitoring-plugins/check_http -S -H foundation.aninix.net -e 200"
if status == 1 then exec "/usr/bin/bash /etc/monit.d/scripts/notify aninix.net HTTPS is CRITICAL"

View File

View File

View File

View File

View File

View File

View File

View File

View File

@ -0,0 +1,2 @@
#!/bin/bash
systemd-cat -t sharingan-eval "$@"

View File

@ -0,0 +1,19 @@
[Unit]
Description=AniNIX/Sharingan | Data filer
Documentation=man:syslog-ng(8)
Conflicts=emergency.service emergency.target
Wants=network.target network-online.target
After=network.target network-online.target
[Service]
Type=notify
EnvironmentFile=-/etc/default/syslog-ng@sharingan-data
EnvironmentFile=-/etc/sysconfig/syslog-ng@sharingan-data
ExecStart=/usr/bin/syslog-ng -F $OTHER_OPTIONS --cfgfile $CONFIG_FILE --control $CONTROL_FILE --persist-file $PERSIST_FILE --pidfile $PID_FILE
ExecReload=/usr/bin/kill -HUP $MAINPID
StandardOutput=journal
StandardError=journal
Restart=on-failure
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,19 @@
[Unit]
Description=AniNIX/Sharingan | Data filer
Documentation=man:syslog-ng(8)
Conflicts=emergency.service emergency.target
Wants=network.target network-online.target
After=network.target network-online.target
[Service]
Type=notify
EnvironmentFile=-/etc/default/syslog-ng@sharingan-data
EnvironmentFile=-/etc/sysconfig/syslog-ng@sharingan-data
ExecStart=/usr/sbin/syslog-ng -F $OTHER_OPTIONS --cfgfile $CONFIG_FILE --control $CONTROL_FILE --persist-file $PERSIST_FILE --pidfile $PID_FILE
ExecReload=/usr/bin/kill -HUP $MAINPID
StandardOutput=journal
StandardError=journal
Restart=on-failure
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,33 @@
# This file is systemd template for monit service. To
# register monit with systemd, place the monit.service file
# to the /lib/systemd/system/ directory and then start it
# using systemctl (see bellow).
#
# Enable monit to start on boot:
# systemctl enable monit.service
#
# Start monit immediately:
# systemctl start monit.service
#
# Stop monit:
# systemctl stop monit.service
#
# Status:
# systemctl status monit.service
[Unit]
Description=AniNIX/Sharingan | Evaluation service, powered by monit
After=network-online.target
Documentation=man:monit(1) https://mmonit.com/wiki/Monit/HowTo
[Service]
Type=simple
KillMode=process
ExecStart=/usr/bin/monit -I
ExecStop=/usr/bin/monit quit
ExecReload=/usr/bin/monit reload
Restart=on-abnormal
StandardOutput=null
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,5 @@
CONFIG_FILE=/etc/syslog-ng/syslog-ng.conf
PERSIST_FILE=/var/lib/syslog-ng/syslog-ng.persist
CONTROL_FILE=/run/syslog-ng.ctl
PID_FILE=/run/syslog-ng.pid
OTHER_OPTIONS="--enable-core"

View File

@ -5,6 +5,8 @@
state: present
name:
- syslog-ng
- monit
- monitoring-plugins
- name: Sharingan-Data apps dir
become: yes
@ -14,6 +16,7 @@
- name: Sharingan-Data include apps dir
become: yes
register: base_config
lineinfile:
path: /etc/syslog-ng/syslog-ng.conf
line: "{{ item }}"
@ -29,31 +32,75 @@
owner: root
group: root
mode: 0750
- name: Sharingan-Data service conf
become: yes
copy:
src: syslog-ng@sharingan-data
dest: /etc/default/syslog-ng@sharingan-data
owner: root
group: root
mode: 0655
- name: Sharingan-Data filer service
become: yes
copy:
remote_src: yes
src: /usr/lib/systemd/system/syslog-ng@.service
src: "sharingan-data.service/{{ ansible_os_family }}"
dest: /usr/lib/systemd/system/sharingan-data.service
owner: root
group: root
mode: 0750
- name: Sharingan-Data replace content
- name: Sharingan-Eval service
become: yes
replace:
path: /usr/lib/systemd/system/sharingan-data.service
regexp: '%i'
replace: 'default'
copy:
src: sharingan-eval.service
dest: /usr/lib/systemd/system/sharingan-eval.service
owner: root
group: root
mode: 0750
- name: Sharingan-Data set vanity description
- name: Sharingan-Eval monitrc
become: yes
lineinfile:
path: /usr/lib/systemd/system/sharingan-data.service
regexp: 'Description='
line: 'Description=AniNIX/Sharingan | Data filer'
template:
src: monitrc.j2
dest: /etc/monitrc
owner: root
group: root
mode: 0700
- name: Sharingan-Eval includes dir
become: yes
file:
path: /etc/monit.d
state: directory
- name: Sharingan-Eval monit templates
become: yes
copy:
src: templates
dest: /etc/monit.d/templates
owner: root
group: root
mode: 0700
- name: Sharingan-Eval monit scripts
become: yes
copy:
src: templates
dest: /etc/monit.d/scripts
owner: root
group: root
mode: 0700
- name: Sharingan-Eval monit host config
become: yes
copy:
src: "{{ inventory_hostname }}"
dest: "/etc/monit.d/{{ inventory_hostname }}"
owner: root
group: root
mode: 0700
- name: Sharingan-Data heartbeat service
become: yes
@ -81,14 +128,16 @@
become: yes
service:
name: "{{ item }}"
state: started
state: restarted
enabled: yes
loop:
- sharingan-heartbeat.timer
- sharingan-data.service
- sharingan-heartbeat.timer
- sharingan-eval.service
- name: Disable default service
become: yes
ignore_errors: yes
service:
name: syslog-ng@default.service
state: stopped

View File

@ -0,0 +1,300 @@
###############################################################################
## Monit control file
###############################################################################
##
## Comments begin with a '#' and extend through the end of the line. Keywords
## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
##
## Below you will find examples of some frequently used statements. For
## information about the control file and a complete list of statements and
## options, please have a look in the Monit manual.
##
##
###############################################################################
## Global section
###############################################################################
set daemon 30 # check services at 30 seconds intervals
with start delay 240 # optional: delay the first check by 4-minutes (by
# default Monit check immediately after Monit start)
#
## Set syslog logging. If you want to log to a standalone log file instead,
## specify the full path to the log file
#
set log syslog
#
#
## Set the location of the Monit lock file which stores the process id of the
## running Monit instance. By default this file is stored in $HOME/.monit.pid
#
# set pidfile /var/run/monit.pid
#
## Set the location of the Monit id file which stores the unique id for the
## Monit instance. The id is generated and stored on first Monit start. By
## default the file is placed in $HOME/.monit.id.
#
# set idfile /var/.monit.id
#
## Set the location of the Monit state file which saves monitoring states
## on each cycle. By default the file is placed in $HOME/.monit.state. If
## the state file is stored on a persistent filesystem, Monit will recover
## the monitoring state across reboots. If it is on temporary filesystem, the
## state will be lost on reboot which may be convenient in some situations.
#
# set statefile /var/.monit.state
#
#
## Set limits for various tests. The following example shows the default values:
##
# set limits {
# programOutput: 512 B, # check program's output truncate limit
# sendExpectBuffer: 256 B, # limit for send/expect protocol test
# fileContentBuffer: 512 B, # limit for file content test
# httpContentBuffer: 1 MB, # limit for HTTP content test
# networkTimeout: 5 seconds # timeout for network I/O
# programTimeout: 300 seconds # timeout for check program
# stopTimeout: 30 seconds # timeout for service stop
# startTimeout: 30 seconds # timeout for service start
# restartTimeout: 30 seconds # timeout for service restart
# }
## Set global SSL options (just most common options showed, see manual for
## full list).
#
# set ssl {
# verify : enable, # verify SSL certificates (disabled by default but STRONGLY RECOMMENDED)
# selfsigned : allow # allow self signed SSL certificates (reject by default)
#}
#
#
## Set the list of mail servers for alert delivery. Multiple servers may be
## specified using a comma separator. If the first mail server fails, Monit
# will use the second mail server in the list and so on. By default Monit uses
# port 25 - it is possible to override this with the PORT option.
#
# set mailserver mail.bar.baz, # primary mailserver
# backup.bar.baz port 10025, # backup mailserver on port 10025
# localhost # fallback relay
#
#
## By default Monit will drop alert events if no mail servers are available.
## If you want to keep the alerts for later delivery retry, you can use the
## EVENTQUEUE statement. The base directory where undelivered alerts will be
## stored is specified by the BASEDIR option. You can limit the queue size
## by using the SLOTS option (if omitted, the queue is limited by space
## available in the back end filesystem).
#
# set eventqueue
# basedir /var/monit # set the base directory where events will be stored
# slots 100 # optionally limit the queue size
#
#
## Send status and events to M/Monit (for more information about M/Monit
## see https://mmonit.com/). By default Monit registers credentials with
## M/Monit so M/Monit can smoothly communicate back to Monit and you don't
## have to register Monit credentials manually in M/Monit. It is possible to
## disable credential registration using the commented out option below.
## Though, if safety is a concern we recommend instead using https when
## communicating with M/Monit and send credentials encrypted. The password
## should be URL encoded if it contains URL-significant characters like
## ":", "?", "@". Default timeout is 5 seconds, you can customize it by
## adding the timeout option.
#
# set mmonit http://monit:monit@192.168.1.10:8080/collector
# # with timeout 30 seconds # Default timeout is 5 seconds
# # and register without credentials # Don't register credentials
#
#
## Monit by default uses the following format for alerts if the mail-format
## statement is missing::
## --8<--
## set mail-format {
## from: Monit <monit@$HOST>
## subject: monit alert -- $EVENT $SERVICE
## message: $EVENT Service $SERVICE
## Date: $DATE
## Action: $ACTION
## Host: $HOST
## Description: $DESCRIPTION
##
## Your faithful employee,
## Monit
## }
## --8<--
##
## You can override this message format or parts of it, such as subject
## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
## are expanded at runtime. For example, to override the sender, use:
#
# set mail-format { from: monit@foo.bar }
#
#
## You can set alert recipients whom will receive alerts if/when a
## service defined in this file has errors. Alerts may be restricted on
## events by using a filter as in the second example below.
#
# set alert sysadm@foo.bar # receive all alerts
#
## Do not alert when Monit starts, stops or performs a user initiated action.
## This filter is recommended to avoid getting alerts for trivial cases.
#
# set alert your-name@your.domain not on { instance, action }
#
#
## Monit has an embedded HTTP interface which can be used to view status of
## services monitored and manage services from a web interface. The HTTP
## interface is also required if you want to issue Monit commands from the
## command line, such as 'monit status' or 'monit restart service' The reason
## for this is that the Monit client uses the HTTP interface to send these
## commands to a running Monit daemon. See the Monit Wiki if you want to
## enable SSL for the HTTP interface.
#
set httpd port 2812 and
use address localhost # only accept connection from localhost (drop if you use M/Monit)
allow localhost # allow localhost to connect to the server and
allow admin:"{{ monitcli | default('monit') }}" # require user 'admin' with password 'monit'
#with ssl { # enable SSL/TLS and set path to server certificate
# pemfile: /etc/ssl/certs/monit.pem
#}
###############################################################################
## Services
###############################################################################
##
## Check general system resources such as load average, cpu and memory
## usage. Each test specifies a resource, conditions and the action to be
## performed should a test fail.
#
# check system $HOST
# if loadavg (1min) per core > 2 for 5 cycles then alert
# if loadavg (5min) per core > 1.5 for 10 cycles then alert
# if cpu usage > 95% for 10 cycles then alert
# if memory usage > 75% then alert
# if swap usage > 25% then alert
#
#
## Check if a file exists, checksum, permissions, uid and gid. In addition
## to alert recipients in the global section, customized alert can be sent to
## additional recipients by specifying a local alert handler. The service may
## be grouped using the GROUP option. More than one group can be specified by
## repeating the 'group name' statement.
#
# check file apache_bin with path /usr/local/apache/bin/httpd
# if failed checksum and
# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
# if failed permission 755 then unmonitor
# if failed uid "root" then unmonitor
# if failed gid "root" then unmonitor
# alert security@foo.bar on {
# checksum, permission, uid, gid, unmonitor
# } with the mail-format { subject: Alarm! }
# group server
#
#
## Check that a process is running, in this case Apache, and that it respond
## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
## and number of children. If the process is not running, Monit will restart
## it by default. In case the service is restarted very often and the
## problem remains, it is possible to disable monitoring using the TIMEOUT
## statement. This service depends on another service (apache_bin) which
## is defined above.
#
# check process apache with pidfile /usr/local/apache/logs/httpd.pid
# start program = "/etc/init.d/httpd start" with timeout 60 seconds
# stop program = "/etc/init.d/httpd stop"
# if cpu > 60% for 2 cycles then alert
# if cpu > 80% for 5 cycles then restart
# if totalmem > 200.0 MB for 5 cycles then restart
# if children > 250 then restart
# if disk read > 500 kb/s for 10 cycles then alert
# if disk write > 500 kb/s for 10 cycles then alert
# if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart
# if failed port 443 protocol https with timeout 15 seconds then restart
# if 3 restarts within 5 cycles then unmonitor
# depends on apache_bin
# group server
#
#
## Check filesystem permissions, uid, gid, space usage, inode usage and disk I/O.
## Other services, such as databases, may depend on this resource and an automatically
## graceful stop may be cascaded to them before the filesystem will become full and data
## lost.
#
# check filesystem datafs with path /dev/sdb1
# start program = "/bin/mount /data"
# stop program = "/bin/umount /data"
# if failed permission 660 then unmonitor
# if failed uid "root" then unmonitor
# if failed gid "disk" then unmonitor
# if space usage > 80% for 5 times within 15 cycles then alert
# if space usage > 99% then stop
# if inode usage > 30000 then alert
# if inode usage > 99% then stop
# if read rate > 1 MB/s for 5 cycles then alert
# if read rate > 500 operations/s for 5 cycles then alert
# if write rate > 1 MB/s for 5 cycles then alert
# if write rate > 500 operations/s for 5 cycles then alert
# if service time > 10 milliseconds for 3 times within 5 cycles then alert
# group server
#
#
## Check a file's timestamp. In this example, we test if a file is older
## than 15 minutes and assume something is wrong if its not updated. Also,
## if the file size exceed a given limit, execute a script
#
# check file database with path /data/mydatabase.db
# if failed permission 700 then alert
# if failed uid "data" then alert
# if failed gid "data" then alert
# if timestamp > 15 minutes then alert
# if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba
#
#
## Check directory permission, uid and gid. An event is triggered if the
## directory does not belong to the user with uid 0 and gid 0. In addition,
## the permissions have to match the octal description of 755 (see chmod(1)).
#
# check directory bin with path /bin
# if failed permission 755 then unmonitor
# if failed uid 0 then unmonitor
# if failed gid 0 then unmonitor
#
#
## Check a remote host availability by issuing a ping test and check the
## content of a response from a web server. Up to three pings are sent and
## connection to a port and an application level network check is performed.
#
# check host myserver with address 192.168.1.1
# if failed ping then alert
# if failed port 3306 protocol mysql with timeout 15 seconds then alert
# if failed port 80 protocol http
# and request /some/path with content = "a string"
# then alert
#
#
## Check a network link status (up/down), link capacity changes, saturation
## and bandwidth usage.
#
# check network public with interface eth0
# if failed link then alert
# if changed link then alert
# if saturation > 90% then alert
# if download > 10 MB/s then alert
# if total uploaded > 1 GB in last hour then alert
#
#
## Check custom program status output.
#
# check program myscript with path /usr/local/bin/myscript.sh
# if status != 0 then alert
#
#
###############################################################################
## Includes
###############################################################################
##
## It is possible to include additional configuration parts from other files or
## directories.
#
include /etc/monit.d/{{ inventory_hostname }}

View File

@ -1,7 +0,0 @@
This role is defined to handle basic system setup tasks.
# Scope
* Setting the hostname
* Installing [/AniNIX/ShadowArch] customizations
* Managing passwords
* Setting initial sudo permissions.

View File

@ -1,105 +0,0 @@
---
###
# This role installs the basic package and host setup for AniNIX operations.
- name: Set up AniNIX-specific repository
become: yes
file:
path: /opt/aninix
state: directory
- name: Set up pacman.conf
become: yes
blockinfile:
path: /etc/pacman.conf
insertafter: EOF
marker: "# {mark} Ubiqtorate Managed Block"
block: |
[AniNIX]
SigLevel = Required DatabaseOptional
Server = https://maat.aninix.net/
[aur]
SigLevel = Required DatabaseOptional
Server = https://maat.aninix.net/aur/
when: ansible_os_family == "Archlinux"
- name: Install ShadowArch (ArchLinux)
become: yes
pacman:
name: ShadowArch
state: present
update_cache: yes
when: ansible_os_family == "Archlinux"
- name: Download ShadowArch (Other)
become: yes
git:
repo: 'https://foundation.aninix.net/AniNIX/ShadowArch'
dest: '/opt/aninix/ShadowArch'
update: yes
when: ansible_os_family != "Archlinux"
- name: Install ShadowArch (Other)
become: yes
command:
chdir: '/opt/aninix/ShadowArch'
cmd: 'make install'
when: ansible_os_family != "Archlinux"
- name: Base packages
become: yes
package:
name:
- bash
- sudo
- name: Set up hostname
become: yes
hostname:
name: "{{ inventory_hostname }}.{{ replica_domain }}"
- name: Set up /etc/hosts
become: yes
lineinfile:
dest: /etc/hosts
regexp: '^127.0.0.1[ \t]+localhost'
line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
state: present
# This is an AniNIX convention to allow password management by Ansible.
- name: Ensure SSH user has sudo permissions.
become: yes
copy:
dest: /etc/sudoers.d/basics
content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"
- name: Ensure we include /etc/sudoers.d
become: yes
lineinfile:
path: /etc/sudoers
regexp: "includedir /etc/sudoers.d"
line: "includedir /etc/sudoers.d"
- name: Test root password
ignore_errors: yes
register: root_password_test
become: yes
command: id
vars:
ansible_become_method: su
ansible_become_user: root
ansible_become_password: "{{ lookup('vars',inventory_hostname+'_password') }}"
- name: Define root password
become: yes
when: root_password_test.rc is not defined or root_password_test.rc != 0
command:
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd"
- name: Define depriv password
become: yes
when: root_password_test.rc is not defined or root_password_test.rc != 0
command:
cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd {{ depriv_user.stdout }}"

View File

@ -0,0 +1,34 @@
---
- name: Install packages
become: yes
package:
name:
- smartmontools
- hdparm
- apcupsd
state: present
- name: Set udev settings for drives
become: yes
copy:
dest: /etc/udev/rules.d/60-ioschedulers.rules
content: |
# set scheduler for NVMe
ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/scheduler}="none"
# set scheduler for SSD and eMMC
ACTION=="add|change", KERNEL=="sd[a-z]*|mmcblk[0-9]*", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="mq-deadline"
# set scheduler for rotating disks
ACTION=="add|change", KERNEL=="sd[a-z]*", ATTR{queue/rotational}=="1", ATTR{queue/scheduler}="bfq"
owner: root
group: root
mode: 0700
register: udev_iosched
- name: Reload udev
become: yes
command: /bin/bash -c 'udevadm control --reload; udevadm trigger'
when: udev_iosched.changed