ansible is its own repo now

.drone.star

@@ -0,0 +1,22 @@
+
+def main(ctx):
+    return {
+        "kind": "pipeline",
+        "type": "docker",
+        "name": "nomad-nummer5",
+        "platform": 
+            {
+                "os": "linux",
+                "arch": "arm64"
+            }
+        ,
+        "steps": [
+            {
+                "name": "git log",
+                "image": "cr.wks/debian-stable",
+                "commands": [
+                    "git diff-tree --no-commit-id --name-only HEAD -r"
+                ]
+            }
+        ]
+    }

.project

@@ -5,7 +5,13 @@
 	<projects>
 	</projects>
 	<buildSpec>
+		<buildCommand>
+			<name>org.python.pydev.PyDevBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 	</buildSpec>
 	<natures>
+		<nature>org.python.pydev.pythonNature</nature>
 	</natures>
 </projectDescription>

.pydevproject

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?eclipse-pydev version="1.0"?><pydev_project>
+    <pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">Default</pydev_property>
+    <pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python interpreter</pydev_property>
+</pydev_project>

README.md

@@ -1,20 +1,30 @@
 # Datacenter: nummer5
 
-* Packages: podman, kubernetes-cni (from the kubernetes-source)
-
+* Packages: podman, containernetworking-plugins
 
 # Plugins
 
-NFS - https://github.com/thatsk/nfs-csi-nomad/tree/main
-Podman - https://github.com/hashicorp/nomad-driver-podman
+* NFS - https://github.com/thatsk/nfs-csi-nomad/tree/main
+* Podman - https://github.com/hashicorp/nomad-driver-podman
 
+# Hosts:
+## Ebin*
 
+* https://docs.oracle.com/en/learn/ol-linux-bonding/#for-additional-information - Bonding with Networkmanager
+* u-boot-env: https://forum.armbian.com/topic/35780-with-new-uboot-env-esspressobin-v5-does-not-boot/
 
+## adm01
+
+* ``podman run -d --replace --pull=always --expose=5001 -p 127.0.0.1:5001:5001 --mount=type=bind,source=/etc/docker/registry-cache/config.yml,destination=/etc/docker/registry/config.yml --mount=type=bind,source=/data/container-dr-mirror,destination=/var/lib/registry --tz=Europe/Berlin --name=container-docker-mirror docker.io/library/registry:2``
+* ``podman run --restart=always -d --replace --pull=always --expose=5000 -p 5000:5000 --mount=type=bind,source=/etc/docker/registry/config.yml,destination=/etc/docker/registry/config.yml --mount=type=bind,source=/data/container-registry,destination=/var/lib/registry --tz=Europe/Berlin --name=container-registry docker.io/library/registry:2``
 
 
 # Datacenter: ring86
+## Podman tricks
 
-# auto.chaos
+* Get CreateCommand: ``podman inspect <containername> --format "{{.Config.CreateCommand}}"``
+
+### auto.chaos
 podman run -d --replace -e 1883 -p 1883:1883 --mount=type=bind,source=/etc/mosquitto,destination=/mosquitto --tz=Europe/Berlin --name=mosquitto-mqtt cr.wks/mosquitto:latest
 podman run -d --replace -e 9234 -p 0.0.0.0:9234:9234 --tz=Europe/Berlin --name=mosquitto-exporter cr.wks/mosquitto-prometheus-exporter --endpoint "tcp://mqtt:1883"
 

_sys/nfs-controller.hcl

@@ -7,6 +7,8 @@ variable "datacenters" {
 
 job "plugin-nfs-controller" {
   datacenters = var.datacenters
+  node_pool = "sys"
+  priority = 100
 
   group "controller" {
     task "plugin" {
@@ -35,4 +37,4 @@ job "plugin-nfs-controller" {
       }
     }
   }
-}
+}

_sys/nfs-nodes.hcl

@@ -7,7 +7,8 @@ variable "datacenters" {
 
 job "plugin-nfs-nodes" {
   datacenters = var.datacenters
-
+  node_pool = "all"
+  priority  = 100
   type = "system"
 
   group "nodes" {
@@ -39,4 +40,4 @@ job "plugin-nfs-nodes" {
       }
     }
   }
-}
+}

_sys/pool-apps.hcl

@@ -0,0 +1,7 @@
+node_pool "apps" {
+  description = "Application Nodes"
+
+  meta {
+    environment = "apps"
+  }
+}

_sys/pool-sys.hcl

@@ -0,0 +1,7 @@
+node_pool "sys" {
+  description = "essential services"
+
+  meta {
+    environment = "sys"
+  }
+}

_sys/traefik.hcl

@@ -2,6 +2,8 @@ job "traefik" {
   region      = "global"
   datacenters = ["nummer5"]
   type        = "system"
+  node_pool   = "all"
+  priority    = 100
 
   group "traefik" {
     #count = 5

apps/apt-cacher-ng/live.hcl

@@ -1,6 +1,9 @@
+
 job "apt-cacher-ng" {
   datacenters = ["nummer5"]
-  
+  node_pool = "sys"
+  priority  = 90
+
   group "system" {
     count = 1
 
@@ -9,7 +12,10 @@ job "apt-cacher-ng" {
         to = 3142
       }
     }
-
+    spread {
+    	attribute = "${node.unique.id}"
+    	weight = 100
+    }
     service {
       name = "apt-cache"
       port = "http"

apps/apt-cacher-ng/volume.hcl

@@ -10,7 +10,7 @@ capability {
 }
 
 context {
-  server = "ebin02.wks"
+  server = "ebin01.wks"
   share = "/data/raid1-ssd/app-data/apt-cacher-ng"
   mountPermissions = "0"  
 }

apps/dmarc/live.hcl

@@ -3,7 +3,8 @@ job "dmarc" {
     "nummer5",
   ]
   type = "service"
-
+  node_pool = "apps"
+  priority = 20  
   group "apps" {
     count = 1
 
@@ -42,7 +43,7 @@ job "dmarc" {
         REPORT_DB_TYPE                  = "pgsql"
         REPORT_DB_HOST                  = "postgres.service.nr5"
         REPORT_DB_PORT                  = "5432"
-        REPORT_DB_NAME                  = "dmarc-srg"
+        REPORT_DB_NAME                  = "dmarc"
         REPORT_DB_USER                  = "dmarc"
         REPORT_DB_PASS                  = "4XSS4gKpheSBoMsIs"
         PARSER_IMAP_PORT                = "143"
@@ -61,4 +62,4 @@ job "dmarc" {
 
     }
   }
-}
+}

apps/docker-registry/live-ui.hcl

@@ -3,6 +3,7 @@ job "docker-registry-ui" {
     "nummer5",
   ]
   type = "service"
+  node_pool = "sys"
 
   group "apps" {
     count = 1

apps/drone/live-runner.hcl

@@ -3,6 +3,7 @@ job "drone-runner" {
     "nummer5",
   ]
   type = "service"
+  node_pool = "sys"
 
   group "apps" {
     count = 1
@@ -12,12 +13,23 @@ job "drone-runner" {
       port "http" {
         to = 3000
       }
-
+    }
+    volume "drone-runner" {
+      type      = "csi"
+      source    = "drone-runner"
+      read_only = false
+      access_mode = "single-node-writer"
+      attachment_mode = "file-system"
     }
     
     service {
         name = "drone-runner"
         port = "http"
+        
+        tags = [
+          "traefik.enable=true",
+          "traefik.http.routers.drone-runner.rule=Host(`drone-runner.service.nr5`)",
+        ]
     }
 
     restart {
@@ -30,14 +42,20 @@ job "drone-runner" {
 
       config {
         image = "docker.io/drone/drone-runner-docker:latest"
-        force_pull = true
+        force_pull = true 
         ports = ["http"]
+        privileged = true
         volumes = [
           "/var/run/podman/podman.sock:/var/run/docker.sock",
           "/etc/containers:/etc/containers"
         ]
  
       }
+      volume_mount {
+        volume      = "drone-runner"
+        destination = "/drone"
+        read_only   = false
+      }
 
       env {
         TZ                        = "Europe/Berlin"
@@ -46,14 +64,21 @@ job "drone-runner" {
         DRONE_RPC_HOST            = "drone.service.nr5"
         DRONE_RPC_PROTO           = "http"
         DRONE_RUNNER_CAPACITY     = 1
-        DRONE_LOGS_DEBUG          = true
+        DRONE_LOGS_DEBUG          = true 
         DRONE_LOGS_TRACE          = true
+        DRONE_TRACE               = true
         DOCKER_BUILDKIT           = 1
+        DRONE_GIT_ALWAYS_AUTH     = true
+        DRONE_UI_DISABLE          = false
+        DRONE_UI_USERNAME         = "root"
+        DRONE_UI_PASSWORD         = "root"
+        DRONE_RUNNER_CLONE_IMAGE  = "drone/git"
+        DRONE_RUNNER_VOLUMES      = "/etc/resolv.conf:/etc/resolv.conf"
       }
 
       resources {
-        cpu    = 300
-        memory = 1500 
+        cpu    = 2000
+        memory = 1024 
       }
 
     }

apps/drone/live.hcl

@@ -3,6 +3,8 @@ job "drone" {
     "nummer5",
   ]
   type = "service"
+  node_pool = "apps"
+  priority = 30
 
   group "apps" {
     count = 1
@@ -12,7 +14,6 @@ job "drone" {
       port "http" {
         to = 80
       }
-
     }
     
     service {
@@ -55,6 +56,7 @@ job "drone" {
 
       config {
         image = "docker.io/drone/drone:latest"
+	    force_pull = true
         ports = ["http"]
       }
 
@@ -63,11 +65,12 @@ job "drone" {
         DRONE_GIT_ALWAYS_AUTH     = true
         DRONE_GITEA_SERVER        = "http://gitea.service.nr5"
         DRONE_GITEA_CLIENT_ID     = "6c48da2c-2748-438e-b776-51f41d3fe607"
-        DRONE_GITEA_CLIENT_SECRET = "gto_ewohqwympejkb52veheox6doc4juodojyyvph4yf4gekhgtx7zna"
+        DRONE_GITEA_CLIENT_SECRET = "gto_shthxcqiqutd4f3quejnpefgbedaewfqnnkdi3cfmsdoxjq7qfsq"
         DRONE_RPC_SECRET          = "7eb685ed81d0c34bafc5efa7783c20b2"
         DRONE_SERVER_HOST         = "drone.service.nr5"
         DRONE_SERVER_PROTO        = "http"
         DRONE_JSONNET_ENABLED     = true
+        DRONE_STARLARK_ENABLED    = true
         DRONE_LOGS_DEBUG          = true 
         DRONE_LOGS_TRACE          = true
         DRONE_USER_CREATE         = "username:do,admin:true"

apps/drone/volume.hcl

@@ -10,7 +10,7 @@ capability {
 }
 
 context {
-  server = "ebin02.wks"
+  server = "ebin01.wks"
   share = "/data/raid1-ssd/app-data/drone-data"
   mountPermissions = "0"  
 }

apps/gitea/live.hcl

@@ -3,6 +3,8 @@ job "gitea" {
     "nummer5",
   ]
   type = "service"
+  node_pool = "apps"
+  priority  = 79
 
   group "apps" {
     count = 1
@@ -45,6 +47,7 @@ job "gitea" {
     }
 
     restart {
+      interval = "10m"
       attempts = 5
       delay    = "30s"
     }
@@ -59,9 +62,9 @@ job "gitea" {
       }
 
       config {
-        image = "docker.io/gitea/gitea:latest"
+        image = "docker.io/gitea/gitea"
         ports = ["ssh", "http"]
-        force_pull = true
+        force_pull = true 
       }
 
       env {
@@ -87,10 +90,10 @@ job "gitea" {
       }
 
       resources {
-        cpu    = 200
+        cpu    = 500
         memory = 512
       }
 
     }
   }
-}
+}

apps/gitea/volume.hcl

@@ -10,7 +10,7 @@ capability {
 }
 
 context {
-  server = "ebin02.wks"
+  server = "ebin01.wks"
   share = "/data/raid1-ssd/app-data/gitea-data"
   mountPermissions = "0"  
 }

apps/homeassistant/live.hcl

@@ -3,7 +3,7 @@ job "homeassistant" {
     "nummer5",
   ]
   type = "service"
-
+  node_pool = "apps"
   group "apps" {
     count = 1
 

apps/homer/live.hcl

@@ -1,6 +1,8 @@
 job "homer" {
   datacenters = ["nummer5"]
-  
+  node_pool = "apps"
+  priority = 80
+
   group "apps" {
     count = 1
 
@@ -33,7 +35,7 @@ job "homer" {
       driver = "podman"
 
       config {
-        image = "b4bz/homer:latest"
+        image = "docker.io/b4bz/homer:latest"
         ports = ["http"]
       }
       

apps/mosquitto-prometheus-exporter/live.hcl

@@ -1,6 +1,6 @@
 job "mosquitto-prometheus-exporter" {
   datacenters = ["nummer5"]
-  
+  node_pool = "sys"
   group "apps" {
     count = 1
 

apps/nodered/live.hcl

@@ -3,6 +3,7 @@ job "nodered" {
     "nummer5",
   ]
   type = "service"
+  node_pool = "apps"
 
   group "apps" {
     count = 1

apps/openwrt/live.hcl

@@ -0,0 +1,58 @@
+job "openwrt" {
+  datacenters = ["nummer5"]
+  node_pool = "sys"
+  priority = 10
+
+  group "apps" {
+    count = 1
+
+    network {
+      port  "http"{
+        to = 9091
+      }
+    }
+
+    service {
+      name = "openwrt"
+      port = "http"
+
+      tags = [
+        "traefik.enable=true",
+        "traefik.http.routers.openwrt.rule=Host(`openwrt.service.nr5`)",
+      ]
+
+    }
+    
+    volume "openwrt" {
+        type = "csi"
+        read_only = false
+        source = "openwrt"
+        access_mode = "single-node-writer"
+        attachment_mode = "file-system"
+    }  
+      
+    task "openwrt" {
+      driver = "podman"
+
+      config {
+        image = "docker.io/jitesoft/lighttpd"
+        ports = ["http"]
+      }
+      env {
+        PORT = 9091
+        SERVER_ROOT = "/www"
+        SERVER_NAME = "openwrt.service.nr5"  
+      }
+      
+      volume_mount {
+        volume = "openwrt"
+        destination = "/www"
+      }
+      
+       resources {
+         cpu    = 10
+         memory = 32
+       }
+    }
+  }
+}

apps/openwrt/volume.hcl

@@ -0,0 +1,20 @@
+type = "csi"
+id = "openwrt"
+name = "openwrt"
+plugin_id = "nfs"
+
+capability {
+    access_mode = "single-node-writer"
+    attachment_mode = "file-system"
+}
+
+context {
+  server = "ebin01.wks"
+  share = "/data/raid1-ssd/app-data/openwrt"
+  mountPermissions = "0"  
+}
+
+mount_options {
+  fs_type = "nfs"
+  mount_flags = [ "timeo=30", "vers=3", "_netdev" , "nolock" ]
+}

apps/postgresql/live.hcl

@@ -1,7 +1,14 @@
 job "postgres" {
   datacenters = ["nummer5"]
   type = "service"
-
+  node_pool = "sys"
+  priority  = 80
+  
+  #constraint {
+  #  attribute = "${attr.unique.hostname}"
+  #  value = "pine01" 
+  #}
+  
   group "service" {
     count = 1
     volume "postgres-data" {
@@ -13,7 +20,7 @@ job "postgres" {
     }
     
     network {
-        mode = "host"
+        #mode = "host"
         port "postgres"{
           static = 5432
         }
@@ -21,10 +28,10 @@ job "postgres" {
     service {
         name = "postgres"
         port = "postgres"
-        #tags = [
-        #    "traefik.enable=true",
-        #    "traefik.tcp.routers.postgres.rule=Host(`postgres.service.nr5`)",
-        #]
+        tags = [
+            "traefik.enable=true",
+            "traefik.tcp.routers.postgres.rule=Host(`postgres.service.nr5`)",
+        ]
     }
     task "postgres" {
       driver = "podman"
@@ -47,8 +54,8 @@ job "postgres" {
       }
       
       resources {
-        cpu = 1000
-        memory = 512
+        cpu = 3500
+        memory = 1500
 
       }
     
@@ -69,4 +76,4 @@ job "postgres" {
     auto_revert = false
     canary = 0
   }
-}
+}

apps/redis/live.hcl

@@ -1,6 +1,7 @@
 
 job "redis" {
   datacenters = ["nummer5"]
+  node_pool = "apps"
 
   group "cache" {
 

bin/hosts.conf

@@ -0,0 +1,2 @@
+hosts="adm01.wks pine01.wks pine02.wks pine03.wks pine04.wks pine05.wks ebin01.wks ebin02.wks drucki.wks switch_cloud.wks drucki_switch.wks"
+domain="wks"

bin/nummer5-host-powercycle.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+. hosts.conf
+
+host=$1
+hostname=$(echo ${host} | sed s/\.${domain}//)
+MOSQ="mosquitto_pub -h mqtt.wks -t switch_cloud/switch/${hostname}/command -m"
+echo "${host} turning it off"
+${MOSQ} OFF
+sleep 2
+echo "${host} turning it on"
+${MOSQ} ON
+ping -W 1 ${host}

bin/nummer5-hosts-alive.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+. hosts.conf
+for host in $hosts; do
+    if ping -c 1 -W 1 "$host" >/dev/null; then
+        echo "$host is alive"
+    else
+        echo "$host is pining for the fjords"
+    fi
+done
+echo ''
+nomad server members
+echo ''
+nomad node status

bin/yori-upgrade.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+SNAPS=/.snapshots
+DATE=$(date +%F)
+SNAP="${SNAPS}/${DATE}"
+REL=$(lsb_release -c |awk -F ' ' '{print $2}')
+echo "Cleaning apt..."
+apt clean
+apt autoremove --purge 
+echo ""
+echo ""
+echo ""
+echo ""
+echo ""
+echo "Remove all local apt lists:"
+rm -rvf /var/lib/apt/lists/*
+echo "Prune journalctl.."
+journalctl --vacuum-time 2h
+echo ""
+echo ""
+echo ""
+echo ""
+echo "Creating Snap: ${SNAP}"
+echo "btrfs subvolume snapshot / ${SNAP}"
+echo "Snaps: "
+ls -la ${SNAPS}/
+apt update
+apt dist-upgrade -t ${REL}
+echo "APT: autoremove --purge"
+apt autoremove --purge
+

drone.yml.bak

@@ -11,6 +11,10 @@ environment:
   TARGET_HOST: "test.chaos"
   
 steps:
+- name: git log
+  image: cr.wks/debian-stable
+  commands:
+    - git diff-tree --no-commit-id --name-only HEAD -r
 - name: test
   image: alpine
   commands: