Add backup bind and prom

This commit is contained in:
2024-04-15 01:38:55 +02:00
parent 6931225a85
commit 450683895e
3 changed files with 27 additions and 18 deletions

View File

@@ -29,6 +29,12 @@
6137356332636431643830666461333862613835336631333037
tasks:
# - name: Return all secrets from a path
# delegate_to: localhost
# ansible.builtin.debug:
# msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=apps/data/postgres token=prout url=https://hash.jingoh.fr') }}"
- ansible.builtin.git:
repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git
dest: "{{ playbook_dir }}/backup"
@@ -64,10 +70,12 @@
- /opt/dockerapps/appdata/grafana/etc/grafana.ini
#! prometheus
- /opt/dockerapps/appdata/prometheus/prometheus/prometheus.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_iowait.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_memory.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_space.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_load.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_system.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_network.yml
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_exporter.yml
#! bind
- /opt/dockerapps/appdata/bind/config/named.conf
- /opt/dockerapps/appdata/bind/records/example.com.zone
- name: Push backup to git
ansible.builtin.shell: |

View File

@@ -81,19 +81,19 @@
#||-----> GPG error: https://pkgs.netbird.io/debian stable InRelease: The following signatures couldn't be verified because the public key is not available
roles:
- robertdebock.update
- devsec.hardening.os_hardening
- devsec.hardening.ssh_hardening
- maxlareo.rkhunter
- maxlareo.chkrootkit
- robertdebock.auditd
- geerlingguy.firewall
- grog.management-user
- GROG.user
- GROG.authorized-key
- GROG.sudo
- ansible_unattended_upgrades
- buluma.lynis
# - robertdebock.update
# - devsec.hardening.os_hardening
# - devsec.hardening.ssh_hardening
# - maxlareo.rkhunter
# - maxlareo.chkrootkit
# - robertdebock.auditd
- { role: geerlingguy.firewall, tags: firewall }
# - grog.management-user
# - GROG.user
# - GROG.authorized-key
# - GROG.sudo
# - ansible_unattended_upgrades
# - buluma.lynis
# roles:
# - role: netways.elasticstack.elasticsearch
@@ -122,7 +122,7 @@
line: '#!Enable-HMAC-ETM'
- name: Reload service httpd, in all cases
ansible.builtin.systemd_service:
ansible.builtin.service:
name: sshd.service
state: reloaded

View File

@@ -34,6 +34,7 @@ firewall_allowed_tcp_ports:
- "9100"
- "9090"
- "3000"
- "9323"
#* NETBIRD