diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 08790ca..b56d3f2 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -898,6 +898,15 @@ tor_hidden_service_port: - 993 127.0.0.1:993 - 995 127.0.0.1:995 + +# --- +# vars used by modify-munin-ip.yml +# --- + +munin_remote_ipv4: 135.181.136.84 +munin_remote_ipv6: 2a01:4f9:3a:1051::84 + + # --- # vars used by cron.yml # --- diff --git a/hosts b/hosts index 9b72900..2c34601 100644 --- a/hosts +++ b/hosts @@ -18,6 +18,7 @@ dns1.warenform.de [extra_hosts] backup.oopen.de +backup-neu.oopen.de gitea.so36.net backup.so36.net @@ -365,6 +366,8 @@ nscache.oopen.de # - o29.oopen.de o29.oopen.de +backup-neu.oopen.de +git-neu.oopen.de # AK - Server Nextcloud/Jitsi Meet o30.oopen.de @@ -1062,6 +1065,7 @@ gateway_server # --- backup.oopen.de +backup-neu.oopen.de devel-root.wf.netz # Backup Faire Mobilitaet @@ -1259,6 +1263,8 @@ munin.oopen.de nc-gw.oopen.de # o29.oopen.de +backup-neu.oopen.de +git-neu.oopen.de # o30.oopen.de - AK Server Nextcloud/Jitsi Meet meet.akweb.de @@ -1445,6 +1451,8 @@ nc-gw.oopen.de # - o29.oopen.de o29.oopen.de +backup-neu.oopen.de +git-neu.oopen.de # AK - Server Nextcloud/Jitsi Meet o30.oopen.de diff --git a/modify-munin-ip.yml b/modify-munin-ip.yml new file mode 100644 index 0000000..e21b7c9 --- /dev/null +++ b/modify-munin-ip.yml @@ -0,0 +1,6 @@ +--- + + +- hosts: all + roles: + - modify-munin-ip diff --git a/roles/modify-munin-ip/handlers/main.yml b/roles/modify-munin-ip/handlers/main.yml new file mode 100644 index 0000000..1dbd644 --- /dev/null +++ b/roles/modify-munin-ip/handlers/main.yml @@ -0,0 +1,20 @@ +- name: Restart ulogd + service: + name: ulogd + state: restarted + +- name: Restart IPv4 Firewall + service: + name: ipt-firewall + state: restarted + when: + - interfaces_ipv4_exists.stat.exists + - main_ipv4_exists.stat.exists + +- name: Restart IPv6 Firewall + service: + name: ip6t-firewall + state: restarted + when: + - interfaces_ipv6_exists.stat.exists + - main_ipv6_exists.stat.exists diff --git a/roles/modify-munin-ip/tasks/main.yml b/roles/modify-munin-ip/tasks/main.yml new file mode 100644 index 0000000..57cec93 --- /dev/null +++ b/roles/modify-munin-ip/tasks/main.yml @@ -0,0 +1,77 @@ +--- + + +# --- +# Set some facts +# --- + + +- name: (modify-munin-ip) Set fact_sshd_kexalgorithms (comma separated list) + set_fact: + fact_munin_node_ipv4: "{{ munin_remote_ipv4 | replace('.', '\\.') }}" + when: + - munin_remote_ipv4 is defined and munin_remote_ipv4 | length > 0 + +- name: (modify-munin-ip - main.yml)) Set fact_sshd_kexalgorithms (comma separated list) + set_fact: + fact_munin_node_ipv4_old: "{{ munin_remote_ipv4 | replace('.', '\\.') }}" + when: + - munin_remote_ipv4_old is defined and munin_remote_ipv4_old | length > 0 + + # --- + # Some Checks + # --- + +- name: (modify-munin-ip) Check if file '/etc/ipt-firewall/main_ipv4.conf' exists + stat: + path: /etc/ipt-firewall/main_ipv4.conf + register: main_ipv4_exists + + +- name: Check if /etc/ipt-firewall/interfaces_ipv4.conf are present + stat: + path: /etc/ipt-firewall/interfaces_ipv4.conf + register: interfaces_ipv4_exists + + +- name: Check if /etc/ipt-firewall/interfaces_ipv6.conf are present + stat: + path: /etc/ipt-firewall/interfaces_ipv6.conf + register: interfaces_ipv6_exists + + +- name: Check if file '/etc/ipt-firewall/main_ipv6.conf' exists + stat: + path: /etc/ipt-firewall/main_ipv6.conf + register: main_ipv6_exists + + +- name: (modify-munin-ip) Check if file '/etc/munin/munin-node.conf' exists + stat: + path: /etc/munin/munin-node.conf + register: munin_node__exists + + +- name: (modify-munin-ip) /etc/ipt-firewall/main_ipv4.conf - addjust line 'munin_remote_ip' (IPv4) + lineinfile: + path: /etc/ipt-firewall/main_ipv4.conf + regexp: '^munin_remote_ip=' + line: 'munin_remote_ip="{{ munin_remote_ipv4 }}"' + when: + - main_ipv4_exists.stat.exists + notify: + - Restart IPv4 Firewall + + +- name: (modify-munin-ip) /etc/ipt-firewall/main_ipv6.conf - addjust line 'munin_remote_ip' (IPv6) + lineinfile: + path: /etc/ipt-firewall/main_ipv6.conf + regexp: '^munin_remote_ip=' + line: 'munin_remote_ip="{{ munin_remote_ipv6 }}"' + when: + - main_ipv6_exists.stat.exists + notify: + - Restart IPv6 Firewall + + +