These are used to signal the start of the document in a stream of many
documents. As Ansible only supports one YAML document per file this is
unnecessary. About a third of our YAML documents already lacked these.
This is meant as a internal authenticated and encrypted network which we
can use for internal services, we don't want to expose to the internet
or when encryption is desired but not easily implementable.
For all hosts we want to have a working fail2ban for sshd brute force
attempts through a group_vars/all. For some hosts an override is
required to enable postfix or dovecot jails.
Add a new role called prometheus_exporters which should be run on every
machine we have and starts different collectors depending on what group
the machine is in. Currently supported our the gitlab runner exporter,
rebuilder textcollector, mysqld-exporter, borg textcollector and an
node/arch exporter. The arch exporter monitors the security status and
pacman out of date packages gauge.
Create a new VPS for running the master rebuilderd daemon which
coordinates the rebuild tasks to rebuilderd ndoes.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>