initial: no secrets

group_vars/all.yaml

@@ -0,0 +1,280 @@
+---
+checks:
+extra_sheppy_pubkeys:
+nsca_server: ""
+ldap_server: ""
+nsca_password: ""
+RSYSLOG_SERVER: ""
+influxdb_telegraf_password: ""
+
+icinga_api_user: ""
+icinga_api_pass: ""
+icinga_api_url: "https://XXXXXXXXXXXXXXX:5665"
+icinga_web_url: "https://icinga.atlantishq.de/"
+
+event_dispatcher_host: dispatcher.atlantishq.de
+event_dispatcher_proto: https
+event_dispatcher_port: 443
+event_dispatcher_address: "{{ event_dispatcher_proto }}://{{ event_dispatcher_host }}"
+event_dispatcher_user: ""
+event_dispatcher_pass: ""
+
+ldap_password: ""
+ldap_dc: "atlantishq"
+ldap_org: "atlantishq de"
+ldap_suffix: "dc=atlantishq,dc=de"
+ldap_bind_dn: "cn=Manager,dc=atlantishq,dc=de"
+ldap_user_dn: "ou=People,dc=atlantishq,dc=de"
+ldap_group_dn: "ou=groups,dc=atlantishq,dc=de"
+ldap_connection_url: ldap://192.168.122.112
+ldap_connection_url_ext: "ldaps://ldap.atlantishq.de"
+
+event_dispatcher_token: ""
+
+extra_root_keys:
+    - "# no extra keys"
+
+smtp_internal_host: mail.atlantishq.de
+smtp_internal_host_port: 8025
+smtp_service_user: ""
+smtp_service_pass: ""
+
+pki_domain: pki.atlantishq.de
+
+SOUNDLIB_AWS_ACCESS_KEY_ID: ""
+SOUNDLIB_AWS_SECRET_ACCESS_KEY: ""
+SOUNDLIB_S3_ENDPOINT: ""
+
+# gotify #
+gotify_user: admin
+gotify_password: ""
+
+# overwritten in monitoring master group var
+monitoring_master: false
+
+async_icinga_static_services:
+  - { "name" : "service_names", "timeout" : "5h",  "owner" : "sheppy", "token" : "" }
+
+keycloak_admin_password: ""
+keycloak_postgres_password: ""
+keycloak_address: keycloak.atlantishq.de
+
+harbor_http_secret: ""
+harbor_core_secret: ""
+harbor_jobservice_secret: ""
+harbor_postgres_pass: ""
+harbor_registry_user: harbor
+harbor_registry_password: ""
+harbor_admin_password: ""
+
+keycloak_clients:
+    python-flask-picture-factory:
+        party_secret : "" # pwgen -s 16
+        client_id: z_images
+        client_secret: "" # pwgen -s 32
+        redirect_uris:
+            - "https://images.atlantishq.de/*"
+            - "https://images.athq.de/*"
+            - "https://images.potaris.de/*"
+        description: "Images Factory"
+        keycloak_id: "00000000-0000-0000-0000-000000000001"
+        groups: "images"
+        master_address: "https://images.atlantishq.de"
+        skips:
+            - "/m/"
+            - "/media/"
+            - "/image/"
+            - "/images/"
+            - "/picture/"
+            - "/pictures/"
+
+    simple-log-server:
+        party_secret : ""
+        client_id: z_sls
+        client_secret: ""
+        redirect_uris:
+            - "https://sls.atlantishq.de/*"
+        description: "Simple Log Server"
+        keycloak_id: "00000000-0000-0000-0000-000000000002"
+        groups: "monitoring"
+        master_address: "https://sls.atlantishq.de"
+        skips:
+            - "/submit"
+
+    soundlib-interface:
+        party_secret : ""
+        client_id: z_soundlib
+        client_secret: ""
+        redirect_uris:
+            - "https://sounds.atlantishq.de/*"
+        description: "Soundlib interface"
+        keycloak_id: "00000000-0000-0000-0000-000000000003"
+        groups: "soundlib"
+        master_address: "https://sounds.atlantishq.de"
+        skips:
+
+    pki:
+        party_secret : ""
+        client_id: z_hashicorp_vault
+        client_secret: ""
+        redirect_uris:
+            - "https://pki.atlantishq.de/*"
+        description: "PKI Vault"
+        keycloak_id: "00000000-0000-0000-0000-000000000004"
+        groups: "pki"
+        master_address: "https://pki.atlantishq.de"
+        skips:
+
+    cert-manager:
+        party_secret : ""
+        client_id: z_cert_manager
+        client_secret: ""
+        redirect_uris:
+            - "https://vpn.atlantishq.de/*"
+        description: "AtlantisHQ Certificate Manager"
+        keycloak_id: "00000000-0000-0000-0000-000000000005"
+        groups: "pki"
+        master_address: "https://vpn.atlantishq.de"
+        skips:
+
+    tmnf-replay-server:
+        party_secret : ""
+        client_id: z_trackmania
+        client_secret: ""
+        redirect_uris:
+            - "https://trackmania.atlantishq.de/*"
+        description: "AtlantisHQ Trackmania Replays"
+        keycloak_id: "00000000-0000-0000-0000-000000000006"
+        groups: "trackmania"
+        master_address: "https://trackmania.atlantishq.de"
+        skips:
+            - "/open-info"
+
+    atlantis-hub:
+        party_secret : ""
+        client_id: z_atlantishub
+        client_secret: ""
+        redirect_uris:
+            - "https://hub.atlantishq.de/*"
+        description: "AtlantisHQ Hub"
+        keycloak_id: "00000000-0000-0000-0000-000000000007"
+        groups:
+        master_address: "https://hub.atlantishq.de"
+        skips:
+
+    paperless:
+        party_secret : ""
+        client_id: z_paperless
+        client_secret: ""
+        redirect_uris:
+            - "https://paperless.atlantishq.de/*"
+        description: "AtlantisHQ Paperless Archiving"
+        keycloak_id: "00000000-0000-0000-0000-000000000008"
+        groups: "paperless"
+        master_address: "https://paperless.atlantishq.de"
+        skips:
+
+    icinga:
+        party_secret : ""
+        client_id: z_icinga
+        client_secret: ""
+        redirect_uris:
+            - "https://icinga.atlantishq.de/*"
+        description: "Icinga Web"
+        keycloak_id: "00000000-0000-0000-0000-000000000009"
+        groups: "monitoring,icinga"
+        master_address: "https://icinga.atlantishq.de"
+        skips:
+
+    grafana:
+        party_secret : ""
+        client_id: z_grafana
+        client_secret: ""
+        redirect_uris:
+            - "https://stats.atlantishq.de/*"
+        description: "Grafana"
+        keycloak_id: "00000000-0000-0000-0000-000000000010"
+        groups: "monitoring"
+        master_address: "https://stats.atlantishq.de"
+        skips:
+
+    async-icinga:
+        party_secret : ""
+        client_id: z_async_icinga
+        client_secret: ""
+        redirect_uris:
+            - "https://async-icinga.atlantishq.de/*"
+        description: "Icinga Web"
+        keycloak_id: "00000000-0000-0000-0000-000000000011"
+        groups: "monitoring,icinga"
+        master_address: "https://async-icinga.atlantishq.de"
+        skips:
+            - "/report"
+
+    hedgedoc:
+        party_secret : ""
+        client_id: z_hedgedoc
+        client_secret: ""
+        redirect_uris:
+            - "https://hedgedoc.atlantishq.de/*"
+        description: "Hedgedoc"
+        keycloak_id: "00000000-0000-0000-0000-000000000012"
+        groups: "monitoring"
+        master_address: "https://hedgedoc.atlantishq.de"
+
+    harbor:
+        party_secret: ""
+        client_id: z_harbor
+        client_secret: ""
+        redirect_uris:
+            - "https://harbor-registry.atlantishq.de/*"
+        description: "Harbor Registry"
+        keycloak_id: "00000000-0000-0000-0000-000000000013"
+        groups: "pki"
+        master_address: "https://harbor-registry.atlantishq.de"
+
+    atlantis-verify:
+        party_secret: ""
+        client_id: z_at_verify
+        client_secret: ""
+        redirect_uris:
+            - "https://verify.atlantishq.de/*"
+        description: "Atlantis Verification"
+        keycloak_id: "00000000-0000-0000-0000-000000000014"
+        groups:
+        master_address: "https://verify.atlantishq.de"
+
+    reactive-resume:
+        party_secret: ""
+        client_id: z_reactive_resume
+        client_secret: ""
+        redirect_uris:
+            - "https://resume.atlantishq.de/*"
+        description: "Reactive Resume"
+        keycloak_id: "00000000-0000-0000-0000-000000000015"
+        groups:
+        master_address: "https://resume.atlantishq.de"
+        skips:
+            - "/logo/light.svg"
+
+    money-balancer:
+        party_secret: ""
+        client_id: z_money_balancer
+        client_secret: ""
+        redirect_uris:
+            - "https://money-balancer.atlantishq.de/*"
+        description: "Money Balancer"
+        keycloak_id: "00000000-0000-0000-0000-000000000016"
+        groups:
+        master_address: "https://money-balancer.atlantishq.de"
+
+    atlantis-web-check:
+        party_secret: ""
+        client_id: z_web_check
+        client_secret: ""
+        redirect_uris:
+            - "https://smartchecks.atlantishq.de/*"
+        description: "SMART Web-Checks"
+        keycloak_id: "00000000-0000-0000-0000-000000000017"
+        groups:
+        master_address: "https://smartchecks.atlantishq.de"

group_vars/harbor-registry.yaml

@@ -0,0 +1,4 @@
+harbor_version: v2.10.0
+harbor_file: harbor-online-installer-{{ harbor_version }}.tgz
+harbor_admin_password: ""
+harbor_db_password: ""

group_vars/irc.yaml

@@ -0,0 +1,3 @@
+---
+checks :
+    - { user : sheppy, name : irc, cmd : "/bin/true"}

group_vars/kathi.yaml

@@ -0,0 +1,7 @@
+extra_sheppy_pubkeys: |
+    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/395VxgeExQUllcOw5n2U/6ZQoBznwNz136SLJd3B8rDUM6vFhJVIDIh3IKGCBttyIiDZtMw/XnMdxfm9/A4micFKcFnYc1/JF+clNXYRC6tX4jq8gOrDdQZkRQXrSpACt9Zm7yk7OYeVoBsOraZCfi8xnkbXiRnIi9u7HFYk01PVwbtEr+aG0PZxHBZZlng+dDi0b9DeJ115QBtW5IWBx9bwBo3utg1TcLIge5q76ioNX7B8r0aNylCOl3yw3ifui2mgiTGKe5utpl4vJV1UphUamTqFPEMm2wxFg3kppfXwdexKpoEoAR3sh/UjeKL59rs/ilzV7KIEGeOctGDI7cxEkQBsZNox2LAoVSOnNJC/TPVVYoLvJ41jYX9mlpK+AlgRdVvNZl9rR4rm06Gh7FP+UxSt/IOgZ8bW1hlbzYq18D9sT8VFxVHzxzbBtgioUnxCtnzJ61sLnQog8AyXCaqVoQ7KtyRXSUZsLpHFsDj2r3GojIMaHRG3ko7zQok= bekama
+    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCbKTdJjGmXz4dWD21wnLBZXgI1hPBE1gaIW2DAraZFExmoamhYtLTGNv1w2caM22hRI3yk+5DYJHEdhYt3ws7b8ZnLJnjJr8LQj8q3RRfI5ixkO1IsHiO1QG9blaD01aQ7zLd7h9X0gk9wpkC0CR3Z9LsfW73Wkgs+b0ggVeyheX9CXFfCDmveoDKj/Rl1gBZAfFyEvhTiuh9TNVyMdo6haYRJNYXIj3yMWaFQY30Sdf1y+IVwUXsko/RZ8YA8lJ3eHPbs3tdmCgvprHefC051NzIducUuAwq1EVYnFfj6Vbp9QJDbgc1lHDinwr1Sw1C0a+3p+jip8atqPEkBpcqhqEYjq0hGZOUTSSetny7mtS4cK5WGZbwxejD9/eg0Vf60DAqkWN1zXWUQNNftcf1bPvCxqUl7nTjW01Bdyo5LTleAGOPmusOVRaCnu5YkL+g5RIhg97sumWwDfp2Tcr3cz5pRdox9QXDXafcSpSbcUPdqIl094GitkQExCZ91dY0= kathi@atlantisV2
+
+extra_root_keys:
+    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/395VxgeExQUllcOw5n2U/6ZQoBznwNz136SLJd3B8rDUM6vFhJVIDIh3IKGCBttyIiDZtMw/XnMdxfm9/A4micFKcFnYc1/JF+clNXYRC6tX4jq8gOrDdQZkRQXrSpACt9Zm7yk7OYeVoBsOraZCfi8xnkbXiRnIi9u7HFYk01PVwbtEr+aG0PZxHBZZlng+dDi0b9DeJ115QBtW5IWBx9bwBo3utg1TcLIge5q76ioNX7B8r0aNylCOl3yw3ifui2mgiTGKe5utpl4vJV1UphUamTqFPEMm2wxFg3kppfXwdexKpoEoAR3sh/UjeKL59rs/ilzV7KIEGeOctGDI7cxEkQBsZNox2LAoVSOnNJC/TPVVYoLvJ41jYX9mlpK+AlgRdVvNZl9rR4rm06Gh7FP+UxSt/IOgZ8bW1hlbzYq18D9sT8VFxVHzxzbBtgioUnxCtnzJ61sLnQog8AyXCaqVoQ7KtyRXSUZsLpHFsDj2r3GojIMaHRG3ko7zQok= bekama
+    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCbKTdJjGmXz4dWD21wnLBZXgI1hPBE1gaIW2DAraZFExmoamhYtLTGNv1w2caM22hRI3yk+5DYJHEdhYt3ws7b8ZnLJnjJr8LQj8q3RRfI5ixkO1IsHiO1QG9blaD01aQ7zLd7h9X0gk9wpkC0CR3Z9LsfW73Wkgs+b0ggVeyheX9CXFfCDmveoDKj/Rl1gBZAfFyEvhTiuh9TNVyMdo6haYRJNYXIj3yMWaFQY30Sdf1y+IVwUXsko/RZ8YA8lJ3eHPbs3tdmCgvprHefC051NzIducUuAwq1EVYnFfj6Vbp9QJDbgc1lHDinwr1Sw1C0a+3p+jip8atqPEkBpcqhqEYjq0hGZOUTSSetny7mtS4cK5WGZbwxejD9/eg0Vf60DAqkWN1zXWUQNNftcf1bPvCxqUl7nTjW01Bdyo5LTleAGOPmusOVRaCnu5YkL+g5RIhg97sumWwDfp2Tcr3cz5pRdox9QXDXafcSpSbcUPdqIl094GitkQExCZ91dY0= kathi@atlantisV2

group_vars/mail.yaml

@@ -0,0 +1,3 @@
+---
+checks :
+    - { user : nobody, name : mail_queue, cmd : "/usr/lib/nagios/plugins/check_mailq -w 10 -c 20"}

group_vars/monitoring.yaml

@@ -0,0 +1,6 @@
+monitoring_master: true
+extra_internal_iptables_ports_allow:
+    - { "protocol" : "tcp", "port" : 8086, "comment" : "influx" }
+    - { "protocol" : "tcp", "port" : 514, "comment" : "rsyslog" }
+    - { "protocol" : "tcp", "port" : 5665, "comment" : "icinga-api" }
+    - { "protocol" : "tcp", "port" : 5668, "comment" : "nsca" }

group_vars/steam.yaml

@@ -0,0 +1,4 @@
+---
+checks :
+    - { user : sheppy, name : insurgency-1, cmd : "/etc/monitoring-tools/rcon-check.py -p 27015"}
+    - { user : sheppy, name : insurgency-2, cmd : "/etc/monitoring-tools/rcon-check.py -p 27016"}

group_vars/ths.yaml

@@ -0,0 +1,3 @@
+---
+checks :
+    - { user : sheppy, name : irc, cmd : ""}

group_vars/usermanagement.yaml

@@ -0,0 +1,7 @@
+---
+extra_internal_iptables_ports_allow:
+    - { "protocol" : "tcp", "port" : 389, "comment" : "ldap" }
+    - { "protocol" : "tcp", "port" : 22, "comment" : "ssh from backup" }
+
+extra_sheppy_pubkeys: |
+    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaABPy9h009vUQj+gewvhIO9kDpUBkkW5dGz6HsDxp6FLeZ0KOMTPZyRkwPHkC3Jee8vkTl2fFi7wjXhkWSpPe7H/RFdn6nHf5RSvM4aEwhkjD7E1lvf9lLRUXnISeFXFOdD3hpRXqT5yVP9O1S3Rk3b+i9HPlcw1vDmFHS5mZ+rXmxQSyHD8uuyCEL1Ri5IOz9XxycaJ/MHX2XaHWU+xgrQ2uvWrvhnibB3bhtf94GrHJQXRfjUc4nF3SG3937Fkdit5LozuDE3/mLoNN6PwXz13Z2acClpjiyOZQxpa2+TpwE5i2rWoZwsXv//yzohHbA30+qYSxJYQrYZ1XRyOSPFWSp3wwcuj8yMMqMJT2e75ZyWaHuoYuindOFW4VMR7pFppssnnbdLHvJGe5PZMSDxlyhUtkAK4p1nf2nEng3VjCBcn6UWK1po5DQmcLwkd0cQbWTLxHjH4sAtfyp7A8jsGLXrhWraMOOoU0JVkamZrq2BuSyaC5S7+KdvGCg3U= backupvm

group_vars/vpn.yaml

@@ -0,0 +1,9 @@
+---
+checks :
+    - { user : nobody, name : wireguard-darknet-rudi, cmd : "/usr/lib/nagios/plugins/check_ping -H fe80::2%wg_rudi_darknet -w300,10% -c 1000,20%"}
+    - { user : nobody, name : wireguard-darknet-hase, cmd : "/usr/lib/nagios/plugins/check_ping -H fe80::2%wg_hase_darknet -w300,10% -c 1000,20%"}
+#    - { user : nobody, name : darknet-reachable, cmd : "/usr/lib/nagios/plugins/check_ping -H 10.100.100.100 -w300,10% -c 1000,20%"}
+
+openvpn_management_password: ""
+openvpn_management_passfile: mgnt-pass.txt
+openvpn_management_port: 23000

group_vars/web1.yaml

@@ -0,0 +1,2 @@
+extra_internal_iptables_ports_allow:
+    - { "protocol" : "tcp", "port" : 5004, "comment" : "signal-gateway" }

group_vars/zabbix.yaml

@@ -0,0 +1,2 @@
+extra_internal_iptables_ports_allow:
+    - { "protocol" : "tcp", "port" : 10051, "comment" : "zabbix-server" }