AniNIX/Kapisi
AniNIX/Kapisi
3
0
Fork 0
Code Issues 25 Pull Requests Projects 1 Releases Wiki Activity

Updates for Raspberry Pi 12 Bookworm

Browse Source
This commit is contained in:
DarkFeather 2024-07-23 14:18:32 -05:00
parent 9366d8b6d7
commit a17e2c6fe9
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
71 changed files with 488 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bin/deploy-role
View File

@ -1,5 +1,8 @@
#!/bin/bash
# Ensure we are in the source directory.
cd $(dirname $0)/..
# Role is first argument
role="$1"
if [ -z "$role" ]; then

3
bin/full-deploy
View File

@ -1,5 +1,8 @@
#!/bin/bash
# Ensure we are in the source directory.
cd $(dirname $0)/..
# Arguments
inventory="$1"
if [ "$inventory" == "-h" ] || [ "$inventory" == "--help" ]; then

14
examples/msn0.yml
View File

@ -28,6 +28,8 @@ all:
orgdn: "dc=aninix,dc=net"
binduser: 'binduser'
userou: 'ou=People'
groupou: 'ou=Group'
filter: '(&(objectClass=person)(!(pwdReset=TRUE)))'
organization: # Information about the group
admin: 'DarkFeather'
email: 'ircs://irc.aninix.net:6697/DarkFeather'
@ -46,11 +48,6 @@ all:
ip: 10.0.1.2
mac: B8:27:EB:B6:AA:0C
static: true
Maker:
ipinterface: eth0
ip: 10.0.1.14
mac: B8:27:EB:B6:AA:0D
static: true
children:
Node:
hosts:
@ -107,6 +104,11 @@ all:
ip: 10.0.1.13
mac: E4:5F:01:01:FF:E4
static: true
Geth5:
ipinterface: eth0
ip: 10.0.1.14
mac: B8:27:EB:B6:AA:0D
static: true
virtual: # 10.0.1.16/28
vars:
hosts:
@ -165,7 +167,7 @@ all:
- '-drive format=raw,index=0,media=disk,file=/dev/sdb'
- '-drive format=raw,index=0,media=disk,file=/dev/sdc'
- '-drive format=raw,index=0,media=disk,file=/dev/sdd'
geth_hubs: # 10.0.1.32/28
Vergil: # 10.0.1.32/28
vars:
motion_enabled: yes
hosts:

0
roles/IRC/files/services/ircservices.service → roles/IRC/files/services/anope.service
View File

0
roles/IRC/files/services/irc.service → roles/IRC/files/services/inspircd.service
View File

0
roles/IRC/files/services/ircweb.service → roles/IRC/files/services/kiwiirc.service
View File

8
roles/IRC/tasks/daemon.yml
View File

@ -38,8 +38,8 @@
become: yes
register: servicesfile
copy:
src: services/irc.service
dest: /usr/lib/systemd/system/irc.service
src: services/inspircd.service
dest: /usr/lib/systemd/system/inspircd.service
owner: root
group: root
mode: 0644
@ -90,7 +90,7 @@
- name: Ensure service running
become: yes
service:
name: irc
name: inspircd
state: started
enabled: yes
@ -98,5 +98,5 @@
become: yes
when: templatefiles.changed or servicesfile.changed
service:
name: irc
name: inspircd
state: reloaded

8
roles/IRC/tasks/services.yml
View File

@ -38,8 +38,8 @@
become: yes
register: servicesfile
copy:
src: services/ircservices.service
dest: /usr/lib/systemd/system/ircservices.service
src: services/anope.service
dest: /usr/lib/systemd/system/anope.service
owner: root
group: root
mode: 0644
@ -53,7 +53,7 @@
- name: Ensure service running
become: yes
service:
name: ircservices
name: anope
state: started
enabled: yes
@ -61,5 +61,5 @@
become: yes
when: templatefiles.changed or servicesfile.changed
service:
name: ircservices
name: anope
state: reloaded

8
roles/IRC/tasks/web.yml
View File

@ -31,8 +31,8 @@
become: yes
register: servicesfile
copy:
src: services/ircweb.service
dest: /usr/lib/systemd/system/ircweb.service
src: services/kiwiirc.service
dest: /usr/lib/systemd/system/kiwiirc.service
owner: root
group: root
mode: 0644
@ -46,7 +46,7 @@
- name: Ensure service running
become: yes
service:
name: ircweb
name: kiwiirc
state: started
enabled: yes
@ -54,5 +54,5 @@
become: yes
when: config.changed or servicesfile.changed
service:
name: ircweb
name: kiwiirc
state: reloaded

19
roles/Password/files/nsswitch.conf Normal file
View File

@ -0,0 +1,19 @@
# Begin /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
publickey: files
hosts: files dns myhostname
networks: files
protocols: files
services: files
ethers: files
rpc: files
netgroup: files
# End /etc/nsswitch.conf

12
roles/Password/files/pam.d/atd Normal file
View File

@ -0,0 +1,12 @@
#%PAM-1.0
auth required pam_unix.so
auth required pam_env.so
account required pam_access.so
account required pam_unix.so
account required pam_time.so
session required pam_loginuid.so
session required pam_limits.so
session required pam_unix.so

6
roles/Password/files/pam.d/chfn Normal file
View File

@ -0,0 +1,6 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
password required pam_permit.so

4
roles/Password/files/pam.d/chpasswd Normal file
View File

@ -0,0 +1,4 @@
#%PAM-1.0
auth sufficient pam_rootok.so
account required pam_permit.so
password include system-auth

6
roles/Password/files/pam.d/chsh Normal file
View File

@ -0,0 +1,6 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
password required pam_permit.so

11
roles/Password/files/pam.d/crond Normal file
View File

@ -0,0 +1,11 @@
#
# The PAM configuration file for the cron daemon
#
#
# Although no PAM authentication is called, auth modules
# are used for credential setting
auth include system-auth
account required pam_access.so
account include system-auth
session required pam_loginuid.so
session include system-auth

3
roles/Password/files/pam.d/cups Normal file
View File

@ -0,0 +1,3 @@
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so

4
roles/Password/files/pam.d/groupmems Normal file
View File

@ -0,0 +1,4 @@
#%PAM-1.0
auth sufficient pam_rootok.so
account required pam_permit.so
password include system-auth

7
roles/Password/files/pam.d/login Normal file
View File

@ -0,0 +1,7 @@
#%PAM-1.0
auth requisite pam_nologin.so
auth include system-local-login
account include system-local-login
session include system-local-login
password include system-local-login

4
roles/Password/files/pam.d/newusers Normal file
View File

@ -0,0 +1,4 @@
#%PAM-1.0
auth sufficient pam_rootok.so
account required pam_permit.so
password include system-auth

1
roles/Password/files/pam.d/nslcd.conf Normal file
View File

@ -0,0 +1 @@
UiqiKXIU

9
roles/Password/files/pam.d/other Normal file
View File

@ -0,0 +1,9 @@
#%PAM-1.0
auth required pam_deny.so
auth required pam_warn.so
account required pam_deny.so
account required pam_warn.so
password required pam_deny.so
password required pam_warn.so
session required pam_deny.so
session required pam_warn.so

5
roles/Password/files/pam.d/passwd Normal file
View File

@ -0,0 +1,5 @@
#%PAM-1.0
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
#password required pam_unix.so sha512 shadow use_authtok
password sufficient pam_ldap.so
password required pam_unix.so sha512 shadow nullok

4
roles/Password/files/pam.d/passwd.pacnew Normal file
View File

@ -0,0 +1,4 @@
#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth

3
roles/Password/files/pam.d/postgresql Normal file
View File

@ -0,0 +1,3 @@
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so

8
roles/Password/files/pam.d/remote Normal file
View File

@ -0,0 +1,8 @@
#%PAM-1.0
auth required pam_securetty.so
auth requisite pam_nologin.so
auth include system-remote-login
account include system-remote-login
session include system-remote-login
password include system-remote-login

13
roles/Password/files/pam.d/rlogin Normal file
View File

@ -0,0 +1,13 @@
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth sufficient pam_rhosts.so
auth include system-auth
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session required pam_loginuid.so
session include system-auth

11
roles/Password/files/pam.d/rsh Normal file
View File

@ -0,0 +1,11 @@
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts.so
account include system-auth
session optional pam_keyinit.so force revoke
session required pam_loginuid.so
session include system-auth

4
roles/Password/files/pam.d/runuser Normal file
View File

@ -0,0 +1,4 @@
#%PAM-1.0
auth sufficient pam_rootok.so
session include system-login

4
roles/Password/files/pam.d/runuser-l Normal file
View File

@ -0,0 +1,4 @@
#%PAM-1.0
auth sufficient pam_rootok.so
session include system-login

1
roles/Password/files/pam.d/screen Normal file
View File

@ -0,0 +1 @@
auth required pam_unix.so

6
roles/Password/files/pam.d/sshd Normal file
View File

@ -0,0 +1,6 @@
#%PAM-1.0
auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login

6
roles/Password/files/pam.d/sssd-shadowutils Normal file
View File

@ -0,0 +1,6 @@
#%PAM-1.0
auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
auth required pam_deny.so
account required pam_unix.so
account required pam_permit.so

14
roles/Password/files/pam.d/su Normal file
View File

@ -0,0 +1,14 @@
#%PAM-1.0
auth sufficient pam_ldap.so
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
session sufficient pam_ldap.so
session required pam_unix.so

12
roles/Password/files/pam.d/su-l Normal file
View File

@ -0,0 +1,12 @@
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth sufficient pam_ldap.so
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
session sufficient pam_ldap.so
session required pam_unix.so

10
roles/Password/files/pam.d/su-l.pacnew Normal file
View File

@ -0,0 +1,10 @@
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
password include system-auth

10
roles/Password/files/pam.d/su.pacnew Normal file
View File

@ -0,0 +1,10 @@
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
password include system-auth

4
roles/Password/files/pam.d/sudo Normal file
View File

@ -0,0 +1,4 @@
#%PAM-1.0
auth include system-auth
account include system-auth
session include system-auth

20
roles/Password/files/pam.d/system-auth Normal file
View File

@ -0,0 +1,20 @@
#%PAM-1.0
auth sufficient pam_ldap.so
auth required pam_unix.so try_first_pass nullok
auth optional pam_permit.so
auth required pam_env.so
account sufficient pam_ldap.so
account required pam_unix.so
account optional pam_permit.so
account required pam_time.so
password sufficient pam_ldap.so
password required pam_unix.so try_first_pass nullok sha512 shadow
password optional pam_permit.so
session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so
session optional pam_permit.so

27
roles/Password/files/pam.d/system-auth.pacnew Normal file
View File

@ -0,0 +1,27 @@
#%PAM-1.0
auth required pam_faillock.so preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
-auth [success=2 default=ignore] pam_systemd_home.so
auth [success=1 default=bad] pam_unix.so try_first_pass nullok
auth [default=die] pam_faillock.so authfail
auth optional pam_permit.so
auth required pam_env.so
auth required pam_faillock.so authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.
-account [success=1 default=ignore] pam_systemd_home.so
account required pam_unix.so
account optional pam_permit.so
account required pam_time.so
-password [success=1 default=ignore] pam_systemd_home.so
password required pam_unix.so try_first_pass nullok shadow
password optional pam_permit.so
-session optional pam_systemd_home.so
session required pam_limits.so
session required pam_unix.so
session optional pam_permit.so

6
roles/Password/files/pam.d/system-local-login Normal file
View File

@ -0,0 +1,6 @@
#%PAM-1.0
auth include system-login
account include system-login
password include system-login
session include system-login

19
roles/Password/files/pam.d/system-login Normal file
View File

@ -0,0 +1,19 @@
#%PAM-1.0
auth required pam_shells.so
auth requisite pam_nologin.so
auth include system-auth
account required pam_access.so
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_loginuid.so
session include system-auth
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so dir=/var/spool/mail standard quiet
-session optional pam_systemd.so
session required pam_env.so
#session required pam_mkhomedir.so skel=/etc/skel umask=0027

20
roles/Password/files/pam.d/system-login.pacnew Normal file
View File

@ -0,0 +1,20 @@
#%PAM-1.0
auth required pam_shells.so
auth requisite pam_nologin.so
auth include system-auth
account required pam_access.so
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_loginuid.so
session optional pam_keyinit.so force revoke
session include system-auth
session optional pam_motd.so
session optional pam_mail.so dir=/var/spool/mail standard quiet
session optional pam_umask.so
-session optional pam_systemd.so
session required pam_env.so

6
roles/Password/files/pam.d/system-remote-login Normal file
View File

@ -0,0 +1,6 @@
#%PAM-1.0
auth include system-login
account include system-login
password include system-login
session include system-login

11
roles/Password/files/pam.d/system-services Normal file
View File

@ -0,0 +1,11 @@
#%PAM-1.0
auth sufficient pam_permit.so
account include system-auth
session optional pam_loginuid.so
session required pam_limits.so
session required pam_unix.so
session optional pam_permit.so
session required pam_env.so

5
roles/Password/files/pam.d/systemd-user Normal file
View File

@ -0,0 +1,5 @@
# Used by systemd --user instances.
account include system-login
session required pam_loginuid.so
session include system-login

5
roles/Password/files/pam.d/vlock Normal file
View File

@ -0,0 +1,5 @@
#%PAM-1.0
auth required pam_unix.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so

1
roles/Password/package/ldap-adduser
View File

@ -52,7 +52,6 @@ if [ "$?" -eq 0 ]; then
line="$(grep -E '^uidNumber: ' "$file")"; sed -i "s/$line/uidNumber: $newuserid/" "$file"
ldapadd -D 'cn=root,dc=aninix,dc=net' -W -f "$file"
ldap-resetpass "$username"
# Create default home
cp -r /etc/skel "/home/$username"; chmod 0027 "/home/$username"; chown -R "$username": "/home/$username"
fi
rmdir "$lockfile"

7
roles/Password/package/ldap-resetpass
View File

@ -7,11 +7,8 @@ if [ -z "$uid" ]; then
exit 1
fi
ldappasswd -D 'cn=root,dc=aninix,dc=net' -W "uid=$uid,ou=People,dc=aninix,dc=net"
ldappasswd -D 'cn=root,dc=aninix,dc=net' -W -H ldap://127.0.0.1 "uid=$uid,ou=People,dc=aninix,dc=net"
if [ `ldapsearch -x "(uid=$uid)" + \* | grep -c shadowLastChange\:` -ne 0 ]; then
(printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\ndelete: shadowLastChange\n\n") | ldapmodify -D 'cn=root,dc=aninix,dc=net' -W &>/dev/null;
fi
(printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: shadowLastChange\nshadowLastChange: 0\n\ndn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: pwdReset\npwdReset: TRUE\n\n") | ldapmodify -D 'cn=root,dc=aninix,dc=net' -W &>/dev/null;
#ldapmodify -D 'cn=root,dc=aninix,dc=net' -W -H ldap://127.0.0.1 -f <(printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: pwdReset\npwdReset: TRUE\n\n")
exit $?

80
roles/Password/templates/nscld.conf.j2 Normal file
View File

@ -0,0 +1,80 @@
# This is the configuration file for the LDAP nameservice
# switch library's nslcd daemon. It configures the mapping
# between NSS names (see /etc/nsswitch.conf) and LDAP
# information in the directory.
# See the manual page nslcd.conf(5) for more information.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The uri pointing to the LDAP server to use for name lookups.
# Multiple entries may be specified. The address that is used
# here should be resolvable without using LDAP (obviously).
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
uri ldap://{{ ldap['server'] }}/
# The LDAP version to use (defaults to 3
# if supported by client library)
#ldap_version 3
# The distinguished name of the search base.
base {{ ldap['orgdn'] }}
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn {{ ldap['binduser'] }},{{ ldap['userou'] }},{{ ldap['orgdn'] }}
# The credentials to bind with.
# Optional: default is no credentials.
# Note that if you set a bindpw you should check the permissions of this file.
bindpw {{ secrets['Sora']['bindpassword'] }}
# The distinguished name to perform password modifications by root by.
rootpwmoddn cn=root,{{ ldap['orgdn'] }}
# The default search scope.
scope sub
#filter (&(!(pwdReset=TRUE))(objectClass=person))
#scope one
#scope base
# Customize certain database lookups.
base group {{ ldap['groupou'] }},{{ ldap['orgdn'] }}
base passwd {{ ldap['userou'] }},{{ ldap['orgdn'] }}
base shadow {{ ldap['userou'] }},{{ ldap['orgdn'] }}
#scope group onelevel
scope hosts sub
# Bind/connect timelimit.
#bind_timelimit 30
# Search timelimit.
#timelimit 30
# Idle timelimit. nslcd will close connections if the
# server has not been contacted for the number of seconds.
#idle_timelimit 3600
# Use StartTLS without verifying the server certificate.
#ssl start_tls
#tls_reqcert never
# CA certificates for server certificate verification
#tls_cacertdir /etc/ssl/certs
#tls_cacertfile /etc/ssl/ca.cert
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key

4
roles/SSL/files/certbot.service
View File

@ -3,8 +3,8 @@ Description=Certbot
[Service]
ExecStart=certbot renew -w /var/lib/letsencrypt/ --preferred-chain "ISRG Root X1"
ExecStartPost=-/usr/bin/systemctl reload webserver
ExecStartPost=-/usr/bin/systemctl reload irc
ExecStartPost=-/usr/bin/systemctl reload nginx
ExecStartPost=-/usr/bin/systemctl reload inspircd
KillMode=process
Type=oneshot
RemainAfterExit=no

8
roles/SSL/tasks/main.yml
View File

@ -7,6 +7,14 @@
- certbot
- openssl
- name: LetsEncrypt directory
become: yes
file:
path: /etc/letsencrypt
owner: root
group: ssl
mode: 0750
- name: Services
become: yes
register: services

6
roles/ShadowArch/files/motd/Geth5 Normal file
View File

@ -0,0 +1,6 @@
################################################################################
# AniNIX/Node0 #
# #
# This is the network virtualization platform. VMs can be found with this: #
# cd /usr/lib/systemd/system; ls -1 *vm.service | xargs -n 1 systemctl status #
################################################################################

2
roles/ShadowArch/tasks/raspbian-network.yml
View File

@ -30,7 +30,7 @@
- name: Raspbian wireless
become: yes
command:
cmd: /bin/bash -c "wpa_passphrase {{ wireless_ssid }} '{{ passwords['Shadowfeed'] }}' > /etc/wpa_supplicant.conf"
cmd: /bin/bash -c "wpa_passphrase {{ wireless_ssid }} '{{ secrets['Shadownet']['ssid_passphrase'] }}' > /etc/wpa_supplicant.conf"
creates: '/etc/wpa_supplicant.conf'
- name: Raspbian wireless hardening

11
roles/Sharingan/files/monit/checks/vips
View File

@ -4,8 +4,8 @@ check program https_aninix with path "/usr/lib/monitoring-plugins/check_http --s
check program https_foundation with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H foundation.aninix.net"
if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical foundation.aninix.net not reporting OK"
check program https_geth with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H geth.aninix.net"
if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical geth.aninix.net not reporting OK"
check program https_superintendent with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H superintendent.aninix.net"
if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical superintendent.aninix.net not reporting OK"
check program https_lykos with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H lykos.aninix.net"
if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical lykos.aninix.net not reporting OK"
@ -22,9 +22,6 @@ check program https_sharingan with path "/usr/lib/monitoring-plugins/check_http
check program https_singularity with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H singularity.aninix.net"
if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical singularity.aninix.net not reporting OK"
check program https_wolfpack with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H wolfpack.aninix.net"
if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical wolfpack.aninix.net not reporting OK"
check program https_yggdrasil with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -u /web/index.html -H yggdrasil.aninix.net"
every "* 6-23 * * *"
if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical yggdrasil.aninix.net not reporting OK"
@ -32,5 +29,5 @@ check program https_yggdrasil with path "/usr/lib/monitoring-plugins/check_http
check program http_eyes with path "/usr/lib/monitoring-plugins/check_http -w 10 -c 10 -u / -H geth-eyes.msn0.aninix.net"
if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical geth-eyes HTTP not reporting OK"
check program http_shadowfeed with path "/usr/lib/monitoring-plugins/check_http -w 10 -c 10 -u / -H shadowfeed.msn0.aninix.net"
if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical shadowfeed HTTP not reporting OK"
check program http_shadownet with path "/usr/lib/monitoring-plugins/check_http -w 10 -c 10 -u / -H shadownet.msn0.aninix.net"
if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical shadownet HTTP not reporting OK"

1
roles/Sharingan/files/monit/hostdefs/Geth5 Normal file
View File

@ -0,0 +1 @@
include "/etc/monit.d/checks/system"

12
roles/Geth-Hub/README.md → roles/Vergil/README.md
View File

@ -9,6 +9,14 @@ For the IR control we use an [IR shield](https://www.amazon.com/s?k=Raspberry+pi
We also set up an SNMPv3 daemon service on the hubs, to work with their IR control. This snmpd requires the Geth OVA to add snmpget using `apk update && apk add net-snmp-tools` from the `Terminal & SSH` add-on. Covers can then be added from the [command-line integration](https://www.home-assistant.io/integrations/command_line/). They'll look something like this:
```
- cover:
command_open: bash /config/snmp.sh 10.0.1.32 .1.3.6.1.4.1.8072.1.3.2.4.1.2.5.112.111.119.101.114.1 # NET-SNMP-EXTEND-MIB::nsExtendOutLine."power".1
command_close: bash /config/snmp.sh 10.0.1.32 .1.3.6.1.4.1.8072.1.3.2.4.1.2.6.99.111.110.102.105.103.1 # NET-SNMP-EXTEND-MIB::nsExtendOutLine."config".1
command_stop: bash /config/snmp.sh 10.0.1.32 .1.3.6.1.4.1.8072.1.3.2.4.1.2.5.101.110.116.101.114.1 # NET-SNMP-EXTEND-MIB::nsExtendOutLine."enter".1
name: livingroom_power
- cover:
command_open: bash /config/snmp.sh 10.0.1.32 .1.3.6.1.4.1.8072.1.3.2.4.1.2.8.118.111.108.117.109.101.117.112.1 # NET-SNMP-EXTEND-MIB::nsExtendOutLine."volumeup".1
command_close: bash /config/snmp.sh 10.0.1.32 .1.3.6.1.4.1.8072.1.3.2.4.1.2.10.118.111.108.117.109.101.100.111.119.110.1 # NET-SNMP-EXTEND-MIB::nsExtendOutLine."volumedown".1
command_stop: bash /config/snmp.sh 10.0.1.32 .1.3.6.1.4.1.8072.1.3.2.4.1.2.4.109.117.116.101.1 # NET-SNMP-EXTEND-MIB::nsExtendOutLine."mute".1
name: livingroom_volume
```

0
roles/Geth-Hub/files/hardware.conf → roles/Vergil/files/hardware.conf
View File

0
roles/Geth-Hub/files/lirc_options.conf → roles/Vergil/files/lirc_options.conf
View File

0
roles/Geth-Hub/files/lircd.conf/Geth-Hub-1 → roles/Vergil/files/lircd.conf/Geth-Hub-1
View File

2
roles/Geth-Hub/files/lircd.conf/Geth-Hub-2 → roles/Vergil/files/lircd.conf/Geth-Hub-2
View File

@ -153,5 +153,3 @@ begin remote
end codes
end remote

0
roles/Geth-Hub/files/lircd.conf/Geth-Hub-3 → roles/Vergil/files/lircd.conf/Geth-Hub-3
View File

0
roles/Geth-Hub/files/lircd.conf/LG-AKB73715608 → roles/Vergil/files/lircd.conf/LG-AKB73715608
View File

0
roles/Geth-Hub/files/lircd.conf/NS-RC4NA-14 → roles/Vergil/files/lircd.conf/NS-RC4NA-14
View File

0
roles/Geth-Hub/files/motion.conf/Geth-Hub-1 → roles/Vergil/files/motion.conf/Geth-Hub-1
View File

0
roles/Geth-Hub/files/motion.conf/Geth-Hub-2 → roles/Vergil/files/motion.conf/Geth-Hub-2
View File

0
roles/Geth-Hub/files/motion.conf/Geth-Hub-3 → roles/Vergil/files/motion.conf/Geth-Hub-3
View File

28
roles/Geth-Hub/tasks/main.yml → roles/Vergil/tasks/main.yml
View File

@ -58,6 +58,7 @@
- name: Set the dtoverlay
become: yes
register: dtoverlay
when: ansible_distribution_major_version == 11
blockinfile:
path: "/boot/config.txt"
insertafter: EOF
@ -70,15 +71,40 @@
- name: Unset camera autodetect
become: yes
register: camera_autodetect
when: ansible_distribution_major_version == 11
lineinfile:
path: "/boot/config.txt"
regexp: "camera_auto_detect"
line: "# camera_auto_detect=1"
# Thanks to https://wiki.geekworm.com/Raspberry_Pi_IR_Control_Expansion_Board for instructions setting up lirc
- name: Set the dtoverlay
become: yes
register: dtoverlay
when: ansible_distribution_major_version == 12
blockinfile:
path: "/boot/firmware/config.txt"
insertafter: EOF
marker: "# {mark} Ubiqtorate Managed Block"
block: |
dtoverlay=gpio-ir,gpio_pin={{ gpio_in_pin | default('18') }}
dtoverlay=gpio-ir-tx,gpio_pin={{ gpio_out_pin | default('17') }}
start_x=1
- name: Unset camera autodetect
become: yes
register: camera_autodetect
when: ansible_distribution_major_version == 12
lineinfile:
path: "/boot/firmware/config.txt"
regexp: "camera_auto_detect"
line: "# camera_auto_detect=1"
- name: Set the dtparam
become: yes
register: dtparam
lineinfile:
path: "/boot/firmware/config.txt"
path: "/boot/config.txt"
regexp: "^dtparam="
line: "dtparam=gpio_in_pull={{ gpio_in_pull | default('down') }}"
@ -113,6 +139,8 @@
copy:
src: "{{ item }}"
dest: "/etc/lirc/{{ item }}"
force: no
# TODO: -- need a switch on the version of the RPi image
loop:
- hardware.conf
- lirc_options.conf

0
roles/Geth-Hub/templates/lirc_rpi.conf.j2 → roles/Vergil/templates/lirc_rpi.conf.j2
View File

1
roles/Geth-Hub/templates/modules.j2 → roles/Vergil/templates/modules.j2
View File

@ -7,4 +7,3 @@
# lirc_rpi gpio_in_pin={{ gpio_in_pin | default('18') }} gpio_out_pin={{ gpio_out_pin | default('17') }}
bcm2835-v4l2
r8188eu

0
roles/Geth-Hub/templates/motion.conf.j2 → roles/Vergil/templates/motion.conf.j2
View File

0
roles/Geth-Hub/templates/snmpd.conf.j2 → roles/Vergil/templates/snmpd.conf.j2
View File