Add backup bind and prom
This commit is contained in:
16
backup.yml
16
backup.yml
@@ -29,6 +29,12 @@
|
||||
6137356332636431643830666461333862613835336631333037
|
||||
tasks:
|
||||
|
||||
|
||||
# - name: Return all secrets from a path
|
||||
# delegate_to: localhost
|
||||
# ansible.builtin.debug:
|
||||
# msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=apps/data/postgres token=prout url=https://hash.jingoh.fr') }}"
|
||||
|
||||
- ansible.builtin.git:
|
||||
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git
|
||||
dest: "{{ playbook_dir }}/backup"
|
||||
@@ -64,10 +70,12 @@
|
||||
- /opt/dockerapps/appdata/grafana/etc/grafana.ini
|
||||
#! prometheus
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/prometheus.yml
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_iowait.yml
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_memory.yml
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_space.yml
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_load.yml
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_system.yml
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_network.yml
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_exporter.yml
|
||||
#! bind
|
||||
- /opt/dockerapps/appdata/bind/config/named.conf
|
||||
- /opt/dockerapps/appdata/bind/records/example.com.zone
|
||||
|
||||
- name: Push backup to git
|
||||
ansible.builtin.shell: |
|
||||
|
||||
@@ -81,19 +81,19 @@
|
||||
#||-----> GPG error: https://pkgs.netbird.io/debian stable InRelease: The following signatures couldn't be verified because the public key is not available
|
||||
|
||||
roles:
|
||||
- robertdebock.update
|
||||
- devsec.hardening.os_hardening
|
||||
- devsec.hardening.ssh_hardening
|
||||
- maxlareo.rkhunter
|
||||
- maxlareo.chkrootkit
|
||||
- robertdebock.auditd
|
||||
- geerlingguy.firewall
|
||||
- grog.management-user
|
||||
- GROG.user
|
||||
- GROG.authorized-key
|
||||
- GROG.sudo
|
||||
- ansible_unattended_upgrades
|
||||
- buluma.lynis
|
||||
# - robertdebock.update
|
||||
# - devsec.hardening.os_hardening
|
||||
# - devsec.hardening.ssh_hardening
|
||||
# - maxlareo.rkhunter
|
||||
# - maxlareo.chkrootkit
|
||||
# - robertdebock.auditd
|
||||
- { role: geerlingguy.firewall, tags: firewall }
|
||||
# - grog.management-user
|
||||
# - GROG.user
|
||||
# - GROG.authorized-key
|
||||
# - GROG.sudo
|
||||
# - ansible_unattended_upgrades
|
||||
# - buluma.lynis
|
||||
|
||||
# roles:
|
||||
# - role: netways.elasticstack.elasticsearch
|
||||
@@ -122,7 +122,7 @@
|
||||
line: '#!Enable-HMAC-ETM'
|
||||
|
||||
- name: Reload service httpd, in all cases
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.service:
|
||||
name: sshd.service
|
||||
state: reloaded
|
||||
|
||||
|
||||
@@ -34,6 +34,7 @@ firewall_allowed_tcp_ports:
|
||||
- "9100"
|
||||
- "9090"
|
||||
- "3000"
|
||||
- "9323"
|
||||
|
||||
#* NETBIRD
|
||||
|
||||
|
||||
Reference in New Issue
Block a user