services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

more ipv6 fixes

Browse Source
This commit is contained in:
Reese Wells
2024-07-31 22:36:46 -04:00
parent 2533c545d6
commit 9833a696d2
18 changed files with 635 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cloud/graduated/aws_route53/README.md
View File

@@ -18,11 +18,11 @@ convenience.
## Reeselink Addresses
```bash
aws route53 change-resource-record-sets --hosted-zone-id Z0092652G7L97DSINN18 --change-batch file://dns/reeselink.json
aws route53 change-resource-record-sets --hosted-zone-id Z0092652G7L97DSINN18 --change-batch file://cloud/graduated/aws_route53/reeselink.json
```
## Reeseapps Addresses
```bash
aws route53 change-resource-record-sets --hosted-zone-id Z012820733346FJ0U4FUF --change-batch file://dns/reeseapps.json
aws route53 change-resource-record-sets --hosted-zone-id Z012820733346FJ0U4FUF --change-batch file://cloud/graduated/aws_route53/reeseapps.json
```

13
cloud/graduated/aws_route53/reeselink.json
View File

@@ -92,6 +92,19 @@
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "yellow.home.reeselink.com",
"Type": "AAAA",
"TTL": 300,
"ResourceRecords": [
{
"Value": "2603:6013:3140:103:664b:f0ff:fe14:dbd"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {

13
hardware/graduated/pivpn/README.md
View File

@@ -94,3 +94,16 @@ systemctl restart cloudflared
sudo chmod +x /etc/cron.weekly/cloudflared-updater
sudo chown root:root /etc/cron.weekly/cloudflared-updater
```
## IPTables
For masquerading to other networks.
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
```bash
iptables -t nat -I POSTROUTING 1 -s 10.55.87.0/24 -o end0.3 -j MASQUERADE
iptables -I FORWARD 1 -i wg0 -o end0.3 -j ACCEPT
iptables -I FORWARD 1 -i end0.3 -o wg0 -j ACCEPT
```

2
infrastructure/graduated/arch/README.md
View File

@@ -684,6 +684,8 @@ You can create chroot environments to run firejails or just use for testing purp
##### Turn Off Fingerprint When Laptop Lid Closed
**NOTE: This may break fingerprint unlock. Testing in progress.**
To disable fingerprint authentication when the laptop lid is closed, and
re-enable when it is reopened, we will use acpid to bind to the button/lid.*
event to a custom script that will comment out fprintd auth in /etc/pam.d/sudo.

59
infrastructure/graduated/arch/workstation.md
View File

@@ -14,8 +14,6 @@
- [Docker](#docker)
- [QEMU/KVM](#qemukvm)
- [Arch Guests](#arch-guests)
- [Restore qcow snapshots](#restore-qcow-snapshots)
- [Convert qcow to bootable drive](#convert-qcow-to-bootable-drive)
- [Kubernetes](#kubernetes)
- [VSCode](#vscode)
- [Shell](#shell)
@@ -34,6 +32,7 @@
- [Development](#development)
- [Cura](#cura)
- [Creality Print](#creality-print)
- [Bambu Studio](#bambu-studio)
- [Orca Slicer](#orca-slicer)
- [AWS CLI](#aws-cli)
- [NSlookup](#nslookup)
@@ -258,29 +257,6 @@ In order to get drivers for spice you'll need the guest spice drivers:
sudo pacman -S qemu-guest-agent spice-vdagent
```
### Restore qcow snapshots
```bash
# Create a snapshot
qemu-img snapshot -c snapshot-name /var/lib/libvirt/images/vm-image.qcow2
# List snapshots for a given image
qemu-img snapshot -l /var/lib/libvirt/images/vm-image.qcow2
# Restore snapshot
qemu-img snapshot -a snapshot-name /var/lib/libvirt/images/vm-image.qcow2
```
### Convert qcow to bootable drive
```bash
qemu-img convert -f qcow2 -O raw /var/lib/libvirt/images/vm-image.qcow2 /dev/sdb
```
If you need to resize a windows partition to non-continuous space simply grow the
last partition, shrink it to the end of the drive, then grow the windows partition
with gparted.
## Kubernetes
```bash
@@ -517,6 +493,39 @@ Icon=/home/ducoterra/.icons/creality_print.png
Type=Application
```
## Bambu Studio
<https://github.com/bambulab/BambuStudio/releases>
I usually grab the Ubuntu appimage. The Fedora one seems to crash when displaying the camera.
```bash
# You might need to install webkit2gtk
pacman -S webkit2gtk
```
```bash
mv ~/Downloads/Bambu_Studio_linux*.AppImage ~/Applications/BambuStudio.AppImage
chmod +x ~/Applications/*.AppImage
```
Note! The file name "BambuStudio.desktop" must match the appimage name "BambuStudio" for the icon to show up.
~/.local/share/applications/BambuStudio.desktop
```conf
[Desktop Entry]
Name=Bambu Studio
Exec=/home/ducoterra/Applications/BambuStudio.AppImage
Icon=/home/ducoterra/.icons/bambu_studio.png
Type=Application
```
```bash
update-desktop-database
```
## Orca Slicer
<https://github.com/SoftFever/OrcaSlicer>

38
infrastructure/graduated/qemu/README.md Normal file
View File

@@ -0,0 +1,38 @@
# QEMU
- [QEMU](#qemu)
- [QCOW2](#qcow2)
- [Restore qcow snapshots](#restore-qcow-snapshots)
- [Convert qcow to bootable drive](#convert-qcow-to-bootable-drive)
- [Convert bootable drive to qcow](#convert-bootable-drive-to-qcow)
## QCOW2
### Restore qcow snapshots
```bash
# Create a snapshot
qemu-img snapshot -c snapshot-name /var/lib/libvirt/images/vm-image.qcow2
# List snapshots for a given image
qemu-img snapshot -l /var/lib/libvirt/images/vm-image.qcow2
# Restore snapshot
qemu-img snapshot -a snapshot-name /var/lib/libvirt/images/vm-image.qcow2
```
### Convert qcow to bootable drive
```bash
qemu-img convert -f qcow2 -O raw /var/lib/libvirt/images/vm-image.qcow2 /dev/sdb
```
### Convert bootable drive to qcow
```bash
qemu-img convert -f raw -O qcow2 /dev/sdd /var/lib/libvirt/images/toshiba.qcow2 conv=noerror -p
```
If you need to resize a windows partition to non-continuous space simply grow the
last partition, shrink it to the end of the drive, then grow the windows partition
with gparted.

12
infrastructure/graduated/unifi/README.md
View File

@@ -9,12 +9,12 @@
## IP Addresses
| Hostname | IPV4 | IPV6 |
| -------- | ----------- | ------------------ |
| unifi | 192.168.2.1 | 2603:6013:3140:102 |
| lab | 10.1.0.1 | 2603:6013:3140:100 |
| iot | 10.2.0.1 | |
| home | 10.3.0.1 | 2603:6013:3140:103 |
| metallb | 10.5.0.1 | 2603:6013:3140:101 |
| -------- | -------------- | ------------------------ |
| unifi | 192.168.2.0/24 | 2603:6013:3140:102::0/64 |
| lab | 10.1.0.0/16 | 2603:6013:3140:100::0/64 |
| iot | 10.2.0.0/16 | |
| home | 10.3.0.0/16 | 2603:6013:3140:103::0/64 |
| metallb | 10.5.0.0/16 | 2603:6013:3140:101::0/64 |
## Route53

2
kubernetes/graduated/external-dns/deploy.yaml
View File

@@ -56,7 +56,7 @@ spec:
- --provider=aws
- --aws-zone-type=public
- --registry=txt
- --txt-owner-id=external-dns
# - --txt-owner-id=external-dns
env:
- name: AWS_DEFAULT_REGION
value: us-east-1 # change to region where EKS is installed

3
kubernetes/graduated/ingress-nginx/values.yaml
View File

@@ -5,9 +5,10 @@ controller:
metallb.universe.tf/address-pool: "external"
metallb.universe.tf/allow-shared-ip: nginx
external-dns.alpha.kubernetes.io/hostname: ingress-nginx.reeseapps.com
ipFamilyPolicy: SingleStack
ipFamilyPolicy: RequireDualStack
ipFamilies:
- IPv6
- IPv4
config:
log-format-upstream: '| Remote Addr: $remote_addr:$server_port | Host: $host | Referer: $http_referer | $request | $time_local | $status |'
allowSnippetAnnotations: true

29
kubernetes/incubating/bitwarden/README.md Normal file
View File

@@ -0,0 +1,29 @@
# Bitwarden
- [Bitwarden](#bitwarden)
- [Install](#install)
## Install
<https://bitwarden.com/help/self-host-with-helm/>
```bash
helm repo add bitwarden https://charts.bitwarden.com/
helm repo update
kubectl create namespace bitwarden
helm show values bitwarden/self-host > kubernetes/incubating/bitwarden/values.yaml
# Installation ID: https://bitwarden.com/host/
# Optional argument for Have I Been Pwned: --from-literal=globalSettings__hibpApiKey="REPLACE" \
kubectl create secret generic custom-secret -n bitwarden \
--from-file=globalSettings__installation__id=./secrets/bitwarden/installation_id \
--from-file=globalSettings__installation__key=./secrets/bitwarden/installation_key \
--from-file=globalSettings__mail__smtp__username=./secrets/bitwarden/smtp_username \
--from-file=globalSettings__mail__smtp__password=./secrets/bitwarden/smtp_password \
--from-file=globalSettings__yubico__clientId=./secrets/bitwarden/yubico_id \
--from-file=globalSettings__yubico__key=./secrets/bitwarden/yubico_secret \
--from-file=SA_PASSWORD=./secrets/bitwarden/sa_password
helm upgrade bitwarden bitwarden/self-host --install --namespace bitwarden --values kubernetes/incubating/bitwarden/values.yaml
```

427
kubernetes/incubating/bitwarden/values.yaml Normal file
View File

@@ -0,0 +1,427 @@
# Optional - Override the chart name if desired
fullnameOverride: ""
nameOverride: ""
general:
# Domain name for the service
domain: bitwarden.reeseapps.com
ingress:
# Set to false if using a custom ingress
enabled: true
# Current supported values for ingress type include: nginx
className: "nginx"
## - Annotations to add to the Ingress resource.
annotations:
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/use-regex: "true"
# nginx.ingress.kubernetes.io/rewrite-target: /$1
## - Labels to add to the Ingress resource
labels: {}
# Certificate options
tls:
# TLS certificate secret name
name: bitwarden
# Cluster cert issuer (ex. Let's Encrypt) name if one exists
clusterIssuer: letsencrypt
# Ingress path configuration - The samples provided are for Nginx. Examples with other Ingress providers are in the chart Readme on GitHub
paths:
web:
path: /(.*)
pathType: ImplementationSpecific
attachments:
path: /attachments/(.*)
pathType: ImplementationSpecific
api:
path: /api/(.*)
pathType: ImplementationSpecific
icons:
path: /icons/(.*)
pathType: ImplementationSpecific
notifications:
path: /notifications/(.*)
pathType: ImplementationSpecific
events:
path: /events/(.*)
pathType: ImplementationSpecific
scim:
path: /scim/(.*)
pathType: ImplementationSpecific
sso:
path: /(sso/.*)
pathType: ImplementationSpecific
identity:
path: /(identity/.*)
pathType: ImplementationSpecific
admin:
path: /(admin/?.*)
pathType: ImplementationSpecific
# Override application container version tags. Theses will be versioned with the chart and need not be changed in most circumstances.
coreVersionOverride: ""
webVersionOverride: ""
# Disable account registration on web vault
disableUserRegistration: "false"
# Comma-separated list of email addresses for Admin users
admins: "false"
email:
# Email address used for invitations, typically no-reply@smtp-host
replyToEmail: "no-reply@reeseapps.com"
# Your SMTP server hostname (recommended) or IP address
smtpHost: "email-smtp.us-east-1.amazonaws.com"
# The SMTP port used by the SMTP server
smtpPort: "587"
# Whether your SMTP server uses an encryption protocol, "true" for SSL, "false" for TLS
smtpSsl: "true"
# Custom labels to add throughout the installation
labels: {}
# Specifies the access mode for persistent volume claims. This should not be changed in most cases, and the allowable
# values are only ReadWriteMany and ReadWriteOnce. Please read https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes
# to better understand these options before changing this value.
volumeAccessMode: "ReadWriteMany"
# Set to true to allow communication between your server and our cloud system. Doing so enables billing and license sync. Please see: https://bitwarden.com/help/self-host-an-organization/#step-4-setup-billing-and-license-sync
enableCloudCommunication: false
# Cloud region for sync. Please see: https://bitwarden.com/help/families-for-enterprise-self-hosted/#step-1-enable-cloud-communication
cloudRegion: US
# Specify the name of the shared storage class
# This storage class requires ReadWriteMany. You will need to provide your own storage class. Storage classes with automatic volume previsioners are recommended.
sharedStorageClassName: "ssd"
# Secrets are required. Review the chart README on GitHub for details on creating these secrets
secrets:
secretName: custom-secret
# Secrets can either be created via 'kubectl create secrets' or by using a secret provider class. If using the latter, specify the name here
secretProviderClass:
# Settings for individual service containers
component:
# The Admin component
admin:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/admin
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
api:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/api
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
attachments:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/attachments
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
events:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/events
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
icons:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/icons
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
identity:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/identity
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
notifications:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/notifications
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
scim:
# SCIM is disabled by default. To use this service, enable it below and set an appropriate Ingress path
enabled: false
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/scim
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
sso:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/sso
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
web:
# Additional deployment labels
labels: {}
# Image name, tag, and pull policy
image:
name: bitwarden/web
# The pod resource requirements. You can adjust these up and down for your environment
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
# Specifies the strategy used to replace old Pods by new ones. The value can be "Recreate" or "RollingUpdate". "RollingUpdate" is the default value.
deploymentStrategy: RollingUpdate
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
# Images used for jobs and init containers
supportComponents:
dbMigrator:
image:
name: bitwarden/mssqlmigratorutility
certGenerator:
image:
name: docker.io/nginx
tag: 1.25.3
kubectl:
image:
name: bitnami/kubectl
tag: 1.21
# Data volume sizes for shared PVCs
volume:
dataprotection:
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: "1Gi"
labels: {}
attachments:
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: 1Gi
labels: {}
licenses:
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: 1Gi
labels: {}
logs:
# Logs are disabled by default
enabled: false
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: 1Gi
labels: {}
#
# Configure service account for pre- and post-install hooks
#
serviceAccount:
name: service-account
# Certain instances will prequire the creation of a pre-deployed service account. For instance, AWS IAM enabled service accounts need to be created outside
# of the chart to allow for setting of permissions on other AWS services like Secrets Manager
deployRolesOnly: false
#
# Configure database
#
database:
# deploy the database pod? if false, a connection string to a SQL Server will need to be provided through one of the configuration providers.
enabled: true
# Labels to add to the MSSQL deployment
labels: {}
# Image name, tag, and pull policy
image:
name: mcr.microsoft.com/mssql/server
# Tag of the image to use. (Defaults to general.coreVersion)
tag: 2022-CU13-ubuntu-22.04
# The container is limited to the resources below. Adjust for your environment.
resources:
requests:
memory: "2G"
cpu: "100m"
limits:
memory: "2G"
cpu: "500m"
# The MSSQL volumes for the PVCs
volume:
backups:
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: 1Gi
labels: {}
data:
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: 10Gi
labels: {}
log:
# Use an existing PVC by specifying the name.
# existingClaim: claimName
# Override the accessMode specified in general.volumeAccessMode
# accessMode: ReadWriteOnce
# Override the storageClass specified in sharedStorageClassName
# storageClass: "shared-storage"
size: 10Gi
labels: {}
# Specifies the strategy used to replace old Pods by new ones. The value can be "OnDelete" or "RollingUpdate". "OnDelete" is the default value.
# When set to OnDelete, the SQL pod will not be recreated automatically on update. It must be manually deleted to update.
updateStrategy: OnDelete
# This will set the Kubernetes container security context
securityContext:
# Run the pod under a service account you create. This is especially useful for OpenShift deployments
podServiceAccount:
# You can specify raw Kubernetes manifests that will be applied before or after the base Helm install.
# Please see the chart README in GitHub for more information and examples.
rawManifests:
preInstall: []
postInstall: []

5
podman/incubating/update-quadlets.yaml
View File

@@ -1,8 +1,5 @@
- name: Update quadlets
hosts: colors
become: true
become_user: root
become_method: sudo
hosts: yellow
tasks:
- name: Copy quadlets with owner and permissions
ansible.builtin.copy:

9
software/incubating/discord/bot1/README.md Normal file
View File

@@ -0,0 +1,9 @@
# Discord Bot
## Installation
- Py-Cord
Intents: "senses"
Scopes: "Permissions"

13
systemd/graduated/ddns/reeseapps_record_template.json
View File

@@ -91,6 +91,19 @@
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "bitwarden.reeseapps.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [
{
"Value": ""
}
]
}
}
]
}

6
systemd/graduated/ipv4-proxy/vars.yaml
View File

@@ -29,6 +29,12 @@ stream_ssl:
domain: ingress-nginx.reeselink.com
port: 443
protocol: https
- external:
domain: bitwarden.reeseapps.com
internal:
domain: ingress-nginx.reeselink.com
port: 443
protocol: https
stream_ports:
- external: 2222

7
systemd/incubating/iperf3/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Iperf3
## Install
```bash
ansible-playbook -i ansible/inventory.yaml systemd/incubating/iperf3/install_iperf3.yaml
```

22
systemd/incubating/iperf3/install_iperf3.yaml Normal file
View File

@@ -0,0 +1,22 @@
- name: Install iperf3 service
hosts: yellow
vars_files:
- vars.yaml
tasks:
- name: Ensure iperf3 is installed
ansible.builtin.dnf:
name:
- iperf3
state: present
- name: Copy iperf3.service
template:
src: iperf3.service
dest: /etc/systemd/system/iperf3.service
owner: root
group: root
mode: '0644'
- name: Reload iperf3 timer
ansible.builtin.systemd_service:
state: restarted
name: iperf3.service
enabled: true

9
systemd/incubating/iperf3/iperf3.service Normal file
View File

@@ -0,0 +1,9 @@
[Unit]
Description=iperf3 server
After=syslog.target network.target auditd.service
[Service]
ExecStart=/usr/bin/iperf3 -s
[Install]
WantedBy=multi-user.target