Add backup bind and prom

2024-04-15 01:38:55 +02:00
parent 6931225a85
commit 450683895e
3 changed files with 27 additions and 18 deletions
--- a/backup.yml
+++ b/backup.yml
@@ -29,6 +29,12 @@
              6137356332636431643830666461333862613835336631333037
  tasks:
    # - name: Return all secrets from a path
    #   delegate_to: localhost
    #   ansible.builtin.debug:
    #     msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=apps/data/postgres token=prout url=https://hash.jingoh.fr') }}"
    - ansible.builtin.git:
        repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git
        dest: "{{ playbook_dir }}/backup"
@@ -64,10 +70,12 @@
        - /opt/dockerapps/appdata/grafana/etc/grafana.ini
      #! prometheus
        - /opt/dockerapps/appdata/prometheus/prometheus/prometheus.yml
-        - /opt/dockerapps/appdata/prometheus/prometheus/alerts_iowait.yml
+        - /opt/dockerapps/appdata/prometheus/prometheus/alerts_system.yml
-        - /opt/dockerapps/appdata/prometheus/prometheus/alerts_memory.yml
+        - /opt/dockerapps/appdata/prometheus/prometheus/alerts_network.yml
-        - /opt/dockerapps/appdata/prometheus/prometheus/alerts_space.yml
+        - /opt/dockerapps/appdata/prometheus/prometheus/alerts_exporter.yml
-        - /opt/dockerapps/appdata/prometheus/prometheus/alerts_load.yml
+      #! bind
        - /opt/dockerapps/appdata/bind/config/named.conf
        - /opt/dockerapps/appdata/bind/records/example.com.zone
    - name: Push backup to git
      ansible.builtin.shell: |
--- a/hardening.yml
+++ b/hardening.yml
@@ -81,19 +81,19 @@
 #||-----> GPG error: https://pkgs.netbird.io/debian stable InRelease: The following signatures couldn't be verified because the public key is not available
  roles:
-    - robertdebock.update
+    # - robertdebock.update
-    - devsec.hardening.os_hardening
+    # - devsec.hardening.os_hardening
-    - devsec.hardening.ssh_hardening
+    # - devsec.hardening.ssh_hardening
-    - maxlareo.rkhunter
+    # - maxlareo.rkhunter
-    - maxlareo.chkrootkit
+    # - maxlareo.chkrootkit
-    - robertdebock.auditd
+    # - robertdebock.auditd
-    - geerlingguy.firewall
+    - { role: geerlingguy.firewall, tags: firewall }
-    - grog.management-user
+    # - grog.management-user
-    - GROG.user
+    # - GROG.user
-    - GROG.authorized-key
+    # - GROG.authorized-key
-    - GROG.sudo
+    # - GROG.sudo
-    - ansible_unattended_upgrades
+    # - ansible_unattended_upgrades
-    - buluma.lynis
+    # - buluma.lynis
  # roles:
  #   - role: netways.elasticstack.elasticsearch
@@ -122,7 +122,7 @@
        line: '#!Enable-HMAC-ETM'
    - name: Reload service httpd, in all cases
-      ansible.builtin.systemd_service:
+      ansible.builtin.service:
        name: sshd.service
        state: reloaded
--- a/host_vars/ovh01.yml
+++ b/host_vars/ovh01.yml
@@ -34,6 +34,7 @@ firewall_allowed_tcp_ports:
  - "9100"
  - "9090"
  - "3000"
  - "9323"
 #* NETBIRD