From 99b8524c16cc99ceeaf1ebf588f2fc0f2c0fbe0a Mon Sep 17 00:00:00 2001 From: Cullum Smith Date: Sat, 12 Oct 2024 08:14:59 -0400 Subject: add a bunch of hostclasses --- vars/common | 7 ++++++- vars/hostclass/asterisk_server | 10 ++++++++++ vars/hostclass/authoritative_nameserver | 4 ++++ vars/hostclass/bitwarden_server | 3 +++ vars/hostclass/dav_server | 4 ++++ vars/hostclass/pkg_repository | 1 + vars/hostclass/postgresql_server | 3 +++ vars/hostclass/public_webserver | 5 +++++ vars/hostclass/ttrss_server | 4 ++++ vars/hostclass/turn_server | 8 ++++++++ vars/hostclass/xmpp_server | 5 +++++ vars/hostclass/znc_server | 4 ++++ vars/hostname/bitwarden1 | 4 ++++ vars/hostname/dav1 | 3 +++ vars/hostname/ns1 | 3 +++ vars/hostname/pbx1 | 3 +++ vars/hostname/postgres1 | 4 ++++ vars/hostname/ttrss1 | 4 ++++ vars/hostname/turn1 | 3 +++ vars/hostname/www1 | 5 +++++ vars/hostname/xmpp1 | 5 +++++ vars/os/freebsd | 1 + 22 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 vars/hostclass/asterisk_server create mode 100644 vars/hostclass/authoritative_nameserver create mode 100644 vars/hostclass/bitwarden_server create mode 100644 vars/hostclass/dav_server create mode 100644 vars/hostclass/postgresql_server create mode 100644 vars/hostclass/public_webserver create mode 100644 vars/hostclass/ttrss_server create mode 100644 vars/hostclass/turn_server create mode 100644 vars/hostclass/xmpp_server create mode 100644 vars/hostclass/znc_server create mode 100644 vars/hostname/bitwarden1 create mode 100644 vars/hostname/dav1 create mode 100644 vars/hostname/ns1 create mode 100644 vars/hostname/pbx1 create mode 100644 vars/hostname/postgres1 create mode 100644 vars/hostname/ttrss1 create mode 100644 vars/hostname/turn1 create mode 100644 vars/hostname/www1 create mode 100644 vars/hostname/xmpp1 (limited to 'vars') diff --git a/vars/common b/vars/common index 18d0e52..92a0c96 100644 --- a/vars/common +++ b/vars/common @@ -3,6 +3,7 @@ site=myhomelab domain=idm.example.com email_domain=example.com +turn_domain=turn.example.com locale=en_US.UTF-8 ntp_pools='pool.ntp.org' root_password=changeme @@ -21,6 +22,8 @@ idm2 2 5.6.7.8" reverse_dns_zones="0.168.192.in-addr.arpa 12.11.10.in-addr.arpa" +kerberized_cidrs=192.168.0.0/24 + rspamd_privkey='changeme with: rspamadm keypair' rspamd_pubkey='changeme with: rspamadm keypair' rspamd_ro_password='changeme' @@ -46,6 +49,8 @@ krb5_renew_lifetime=7d nslcd_min_uid=1000 nscd_ttl=600 nscd_negative_ttl=20 +prosody_username='s-prosody' +prosody_uid=20005 rspamd_port=11334 ssh_authzkeys_uid=789 ssh_authzkeys_username=sshkeys @@ -53,7 +58,7 @@ tcp_buffer_size=2097152 # suitable for 1 GigE nginx_nofile=2048 nginx_worker_connections=768 -if $(( nproc > 4 )); then +if (( nproc > 4 )); then nginx_worker_processes=4 else nginx_worker_processes=$nproc diff --git a/vars/hostclass/asterisk_server b/vars/hostclass/asterisk_server new file mode 100644 index 0000000..daf5fa6 --- /dev/null +++ b/vars/hostclass/asterisk_server @@ -0,0 +1,10 @@ +#!/bin/sh + +asterisk_rtp_port_start=10000 +asterisk_rtp_port_end=10999 + +allowed_tcp_ports='ssh sip sip-tls' +allowed_udp_ports="ssh sip sip-tls ${asterisk_rtp_port_start}:${asterisk_rtp_port_end}" + +acme=true +acme_standalone=true diff --git a/vars/hostclass/authoritative_nameserver b/vars/hostclass/authoritative_nameserver new file mode 100644 index 0000000..a421b7c --- /dev/null +++ b/vars/hostclass/authoritative_nameserver @@ -0,0 +1,4 @@ +#!/bin/sh + +allowed_tcp_ports='ssh domain' +allowed_udp_ports='domain' diff --git a/vars/hostclass/bitwarden_server b/vars/hostclass/bitwarden_server new file mode 100644 index 0000000..5ae7588 --- /dev/null +++ b/vars/hostclass/bitwarden_server @@ -0,0 +1,3 @@ +#!/bin/sh + +allowed_tcp_ports="ssh http https" diff --git a/vars/hostclass/dav_server b/vars/hostclass/dav_server new file mode 100644 index 0000000..2a4b250 --- /dev/null +++ b/vars/hostclass/dav_server @@ -0,0 +1,4 @@ +#!/bin/sh + +allowed_tcp_ports='ssh http https' +nginx_gssapi=true diff --git a/vars/hostclass/pkg_repository b/vars/hostclass/pkg_repository index dbd49a7..4752685 100644 --- a/vars/hostclass/pkg_repository +++ b/vars/hostclass/pkg_repository @@ -1,3 +1,4 @@ #!/bin/sh allowed_tcp_ports='ssh http' +nginx_redirect=false diff --git a/vars/hostclass/postgresql_server b/vars/hostclass/postgresql_server new file mode 100644 index 0000000..500e59b --- /dev/null +++ b/vars/hostclass/postgresql_server @@ -0,0 +1,3 @@ +#!/bin/sh + +allowed_tcp_ports='ssh postgresql' diff --git a/vars/hostclass/public_webserver b/vars/hostclass/public_webserver new file mode 100644 index 0000000..b6a9c9d --- /dev/null +++ b/vars/hostclass/public_webserver @@ -0,0 +1,5 @@ +#!/bin/sh + +allowed_tcp_ports='ssh http https' +acme=true +nginx_public=true diff --git a/vars/hostclass/ttrss_server b/vars/hostclass/ttrss_server new file mode 100644 index 0000000..2a4b250 --- /dev/null +++ b/vars/hostclass/ttrss_server @@ -0,0 +1,4 @@ +#!/bin/sh + +allowed_tcp_ports='ssh http https' +nginx_gssapi=true diff --git a/vars/hostclass/turn_server b/vars/hostclass/turn_server new file mode 100644 index 0000000..06cc6ae --- /dev/null +++ b/vars/hostclass/turn_server @@ -0,0 +1,8 @@ +#!/bin/sh + +coturn_listen_port=3478 +coturn_min_port=49152 +coturn_max_port=65535 + +allowed_tcp_ports="ssh ${coturn_listen_port}" +allowed_udp_ports="${coturn_listen_port} ${coturn_min_port}:${coturn_max_port}" diff --git a/vars/hostclass/xmpp_server b/vars/hostclass/xmpp_server new file mode 100644 index 0000000..204d1ba --- /dev/null +++ b/vars/hostclass/xmpp_server @@ -0,0 +1,5 @@ +#!/bin/sh + +acme=true +allowed_tcp_ports='ssh http https xmpp-client xmpp-server' +nginx_public=true diff --git a/vars/hostclass/znc_server b/vars/hostclass/znc_server new file mode 100644 index 0000000..7e6ad77 --- /dev/null +++ b/vars/hostclass/znc_server @@ -0,0 +1,4 @@ +#!/bin/sh + +znc_irc_port=6697 +allowed_tcp_ports="ssh http https ${znc_irc_port}" diff --git a/vars/hostname/bitwarden1 b/vars/hostname/bitwarden1 new file mode 100644 index 0000000..659336e --- /dev/null +++ b/vars/hostname/bitwarden1 @@ -0,0 +1,4 @@ +#!/bin/sh + +cnames=bitwarden +vaultwarden_fqdn="bitwarden.${domain}" diff --git a/vars/hostname/dav1 b/vars/hostname/dav1 new file mode 100644 index 0000000..cab4c08 --- /dev/null +++ b/vars/hostname/dav1 @@ -0,0 +1,3 @@ +#!/bin/sh + +cnames=dav diff --git a/vars/hostname/ns1 b/vars/hostname/ns1 new file mode 100644 index 0000000..cb59104 --- /dev/null +++ b/vars/hostname/ns1 @@ -0,0 +1,3 @@ +#!/bin/sh + +cnames=ns diff --git a/vars/hostname/pbx1 b/vars/hostname/pbx1 new file mode 100644 index 0000000..4931dd6 --- /dev/null +++ b/vars/hostname/pbx1 @@ -0,0 +1,3 @@ +#!/bin/sh + +cnames=pbx diff --git a/vars/hostname/postgres1 b/vars/hostname/postgres1 new file mode 100644 index 0000000..a38ba94 --- /dev/null +++ b/vars/hostname/postgres1 @@ -0,0 +1,4 @@ +#!/bin/sh + +memsize=$(( 8 * 1024 * 1024 * 1024)) +cnames=postgres diff --git a/vars/hostname/ttrss1 b/vars/hostname/ttrss1 new file mode 100644 index 0000000..d6fbb39 --- /dev/null +++ b/vars/hostname/ttrss1 @@ -0,0 +1,4 @@ +#!/bin/sh + +cnames=ttrss +ttrss_hostname="ttrss.${domain}" diff --git a/vars/hostname/turn1 b/vars/hostname/turn1 new file mode 100644 index 0000000..86e970a --- /dev/null +++ b/vars/hostname/turn1 @@ -0,0 +1,3 @@ +#!/bin/sh + +cnames=turn diff --git a/vars/hostname/www1 b/vars/hostname/www1 new file mode 100644 index 0000000..88a683e --- /dev/null +++ b/vars/hostname/www1 @@ -0,0 +1,5 @@ +#!/bin/sh + +cnames='www' +acmeproxy_client_group=$prosody_username +acmeproxy_client_gid=$prosody_uid diff --git a/vars/hostname/xmpp1 b/vars/hostname/xmpp1 new file mode 100644 index 0000000..e094b54 --- /dev/null +++ b/vars/hostname/xmpp1 @@ -0,0 +1,5 @@ +#!/bin/sh + +cnames=xmpp +prosody_acme_host=www1 +prosody_public_fqdn=xmpp.example.com diff --git a/vars/os/freebsd b/vars/os/freebsd index 5fae2d6..d13c84e 100644 --- a/vars/os/freebsd +++ b/vars/os/freebsd @@ -14,6 +14,7 @@ export ASSUME_ALWAYS_YES=yes keytab_dir=/var/db/keytabs nfscbd_port=7745 nginx_user=www +nginx_conf_dir=/usr/local/etc/nginx nslcd_user=nslcd php_version=82 postgresql_version=16 -- cgit v1.2.3