From ed7ef3ba26ce65c02b04c2f03f88fbfcbc8004d7 Mon Sep 17 00:00:00 2001 From: Bastian de Byl Date: Wed, 31 Jul 2024 16:29:07 -0400 Subject: [PATCH] updated graylog, firewall, hass --- .../roles/podman/files/hass/automations.yaml | 197 +++++++++++++++++- .../podman/files/hass/configuration.yaml | 1 + .../podman/tasks/containers/home/graylog.yml | 37 ++-- .../podman/tasks/containers/home/hass.yml | 1 + ansible/roles/podman/tasks/firewall.yml | 9 +- ansible/roles/podman/tasks/main.yml | 10 +- 6 files changed, 224 insertions(+), 31 deletions(-) diff --git a/ansible/roles/podman/files/hass/automations.yaml b/ansible/roles/podman/files/hass/automations.yaml index 085a664..3ba5ddf 100644 --- a/ansible/roles/podman/files/hass/automations.yaml +++ b/ansible/roles/podman/files/hass/automations.yaml @@ -1,9 +1,10 @@ -- id: '1649042254031' - alias: Office Lights Morning +- id: '1707432654697' + alias: Lights on Sunset description: '' trigger: - - platform: time - at: '10:30:00' + - platform: sun + event: sunset + offset: 0 condition: [] action: - type: turn_on @@ -35,7 +36,191 @@ condition: [] action: - type: turn_off - device_id: 04a5b4bea0caafe63bca3fb31c49091b - entity_id: light.bastian_s_office_lights + device_id: 1fa1aca8f90daf94a2a7baf8a3abc158 + entity_id: 58d101e63456fd8e088d3a3b63f3a0f9 + domain: switch + - type: turn_on + device_id: 800eddbeeda071225f181a14cb9527e0 + entity_id: 521a92ddd8be76c7eddfc544f81f6020 domain: light + brightness_pct: 25 + - type: turn_on + device_id: f31e4f9bf8fa3687a07aeb4430eaef38 + entity_id: b79934d97f3bb9d8a3da47c76d03ded4 + domain: light + brightness_pct: 100 + - type: turn_on + device_id: 03a12d2360d9954aed19c2449070725a + entity_id: 7c1e7db73799cc3f90948b5118596985 + domain: light + brightness_pct: 100 + - type: turn_on + device_id: 3f7f65571d9bb0833433996f1f6725bd + entity_id: 7407afe14783543252c666d5ff7c5d5c + domain: light + brightness_pct: 75 + - type: turn_on + device_id: 3a93dada310aaf58c77d7225df0669a0 + entity_id: b3a8c8ff3198fed36a0bfb6dc6173725 + domain: switch + - type: turn_on + device_id: e9ee0a688d335e87c1c5a0910cb10369 + entity_id: f48c6c15253ffdff064a01994e3a2778 + domain: switch + - type: turn_on + device_id: 21eb2bd28aba2ee361a22af92e8b2d16 + entity_id: 81c486d682afcc94e98e377475cc92fc + domain: light + brightness_pct: 100 mode: single +- id: '1707432903086' + alias: Driveway String Lights Off + description: '' + trigger: + - platform: time + at: '22:30:00' + condition: [] + action: + - type: turn_off + device_id: 1fa1aca8f90daf94a2a7baf8a3abc158 + entity_id: 58d101e63456fd8e088d3a3b63f3a0f9 + domain: switch + mode: single +- id: '1707433130493' + alias: Kitchen Dim - Early + description: '' + trigger: + - platform: time + at: '20:30:00' + condition: [] + action: + - type: turn_on + device_id: 03a12d2360d9954aed19c2449070725a + entity_id: 7c1e7db73799cc3f90948b5118596985 + domain: light + brightness_pct: 50 + - type: turn_on + device_id: f31e4f9bf8fa3687a07aeb4430eaef38 + entity_id: b79934d97f3bb9d8a3da47c76d03ded4 + domain: light + brightness_pct: 50 + - type: turn_on + device_id: 3f7f65571d9bb0833433996f1f6725bd + entity_id: 7407afe14783543252c666d5ff7c5d5c + domain: light + brightness_pct: 50 + - type: turn_on + device_id: 21eb2bd28aba2ee361a22af92e8b2d16 + entity_id: 81c486d682afcc94e98e377475cc92fc + domain: light + brightness_pct: 50 + mode: single +- id: '1707433185560' + alias: Kitchen Dim - Mid + description: '' + trigger: + - platform: time + at: '21:00:00' + condition: [] + action: + - type: turn_on + device_id: f31e4f9bf8fa3687a07aeb4430eaef38 + entity_id: b79934d97f3bb9d8a3da47c76d03ded4 + domain: light + brightness_pct: 25 + - type: turn_on + device_id: 03a12d2360d9954aed19c2449070725a + entity_id: 7c1e7db73799cc3f90948b5118596985 + domain: light + brightness_pct: 25 + - type: turn_on + device_id: 800eddbeeda071225f181a14cb9527e0 + entity_id: 521a92ddd8be76c7eddfc544f81f6020 + domain: light + brightness_pct: 50 + - type: turn_on + device_id: 3f7f65571d9bb0833433996f1f6725bd + entity_id: 7407afe14783543252c666d5ff7c5d5c + domain: light + brightness_pct: 25 + - type: turn_on + device_id: 21eb2bd28aba2ee361a22af92e8b2d16 + entity_id: 81c486d682afcc94e98e377475cc92fc + domain: light + brightness_pct: 25 + mode: single +- id: '1707433226166' + alias: Kitchen Dim - Late + description: '' + trigger: + - platform: time + at: '22:00:00' + condition: [] + action: + - type: turn_on + device_id: f31e4f9bf8fa3687a07aeb4430eaef38 + entity_id: b79934d97f3bb9d8a3da47c76d03ded4 + domain: light + brightness_pct: 1 + - type: turn_on + device_id: 03a12d2360d9954aed19c2449070725a + entity_id: 7c1e7db73799cc3f90948b5118596985 + domain: light + brightness_pct: 1 + - type: turn_on + device_id: 800eddbeeda071225f181a14cb9527e0 + entity_id: 521a92ddd8be76c7eddfc544f81f6020 + domain: light + brightness_pct: 25 + - type: turn_on + device_id: 3f7f65571d9bb0833433996f1f6725bd + entity_id: 7407afe14783543252c666d5ff7c5d5c + domain: light + brightness_pct: 10 + - type: turn_on + device_id: 21eb2bd28aba2ee361a22af92e8b2d16 + entity_id: 81c486d682afcc94e98e377475cc92fc + domain: light + brightness_pct: 10 + mode: single +- id: '1711218890065' + alias: Lights Out + description: '' + trigger: + - platform: time + at: 01:00:00 + condition: [] + action: + - type: turn_off + device_id: 3f7f65571d9bb0833433996f1f6725bd + entity_id: 7407afe14783543252c666d5ff7c5d5c + domain: light + - type: turn_off + device_id: f31e4f9bf8fa3687a07aeb4430eaef38 + entity_id: b79934d97f3bb9d8a3da47c76d03ded4 + domain: light + - type: turn_off + device_id: 03a12d2360d9954aed19c2449070725a + entity_id: 7c1e7db73799cc3f90948b5118596985 + domain: light + - type: turn_off + device_id: 800eddbeeda071225f181a14cb9527e0 + entity_id: 521a92ddd8be76c7eddfc544f81f6020 + domain: light + - type: turn_off + device_id: 03eb359bf2344a58bebfe1e9c5bcfadd + entity_id: a30b2da3cd80a5b4c927e1608b91eb65 + domain: light + - type: turn_off + device_id: 3a93dada310aaf58c77d7225df0669a0 + entity_id: b3a8c8ff3198fed36a0bfb6dc6173725 + domain: switch + - type: turn_off + device_id: e9ee0a688d335e87c1c5a0910cb10369 + entity_id: f48c6c15253ffdff064a01994e3a2778 + domain: switch + - type: turn_off + device_id: 21eb2bd28aba2ee361a22af92e8b2d16 + entity_id: 81c486d682afcc94e98e377475cc92fc + domain: light + mode: single \ No newline at end of file diff --git a/ansible/roles/podman/files/hass/configuration.yaml b/ansible/roles/podman/files/hass/configuration.yaml index 12ab84d..59cf67a 100644 --- a/ansible/roles/podman/files/hass/configuration.yaml +++ b/ansible/roles/podman/files/hass/configuration.yaml @@ -10,6 +10,7 @@ http: trusted_proxies: - 127.0.0.1 - 10.0.0.0/8 + - 10.0.2.100 homeassistant: time_zone: America/New_York diff --git a/ansible/roles/podman/tasks/containers/home/graylog.yml b/ansible/roles/podman/tasks/containers/home/graylog.yml index 2cb22d9..a48527a 100644 --- a/ansible/roles/podman/tasks/containers/home/graylog.yml +++ b/ansible/roles/podman/tasks/containers/home/graylog.yml @@ -10,7 +10,7 @@ notify: restorecon podman loop: - "{{ graylog_path }}/mongo" - - "{{ graylog_path }}/elastic" + - "{{ graylog_path }}/opensearch" - "{{ graylog_path }}/conf" - "{{ graylog_path }}/bin" @@ -29,12 +29,12 @@ dest: "conf/graylog.conf" notify: restorecon podman -- name: unshare chown the elastic volume +- name: unshare chown the opensearch volume become: true become_user: "{{ podman_user }}" changed_when: false ansible.builtin.command: | - podman unshare chown -R 1000:1000 {{ graylog_path }}/elastic + podman unshare chown -R 1000:1000 {{ graylog_path }}/opensearch - name: flush handlers ansible.builtin.meta: flush_handlers @@ -63,31 +63,33 @@ - import_tasks: podman/podman-check.yml vars: - container_name: graylog-elastic - container_image: "{{ es_image }}" + container_name: graylog-opensearch + container_image: "{{ os_image }}" -- name: create graylog elasticsearch container +- name: create graylog opensearch container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: - name: graylog-elastic - image: "{{ es_image }}" + name: graylog-opensearch + image: "{{ os_image }}" restart_policy: on-failure:3 network: - shared volumes: - - "{{ graylog_path }}/elastic:/usr/share/elasticsearch/data" + - "{{ graylog_path }}/opensearch:/usr/share/opensearch/data" env: - http.host: "0.0.0.0" - transport.host: "localhost" - network.host: "0.0.0.0" - cluster.name: "graylog" - ES_JAVA_OPTS: "-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx2048m" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + discovery.type: "single-node" + action.auto_create_index: "false" + plugins.security.ssl.http.enabled: "false" + plugins.security.disabled: "true" + OPENSEARCH_INITIAL_ADMIN_PASSWORD: "{{ graylog_secret }}" -- name: create systemd startup job for graylog-elastic +- name: create systemd startup job for graylog-opensearch include_tasks: podman/systemd-generate.yml vars: - container_name: graylog-elastic + container_name: graylog-opensearch - import_tasks: podman/podman-check.yml vars: @@ -115,7 +117,8 @@ GRAYLOG_HTTP_EXTERNAL_URI: http://{{ ansible_default_ipv4.address }}:9000/ GRAYLOG_HTTP_BIND_ADDRESS: 0.0.0.0:9000 GRAYLOG_MONGODB_URI: mongodb://graylog-mongo/graylog - GRAYLOG_ELASTICSEARCH_HOSTS: http://graylog-elastic:9200 + GRAYLOG_ELASTICSEARCH_HOSTS: http://graylog-opensearch:9200 + GRAYLOG_REPORT_DISABLE_SANDBOX: "true" ports: - "{{ graylog_port }}:9000" - "{{ syslog_udp_default }}:{{ syslog_udp_default }}/udp" diff --git a/ansible/roles/podman/tasks/containers/home/hass.yml b/ansible/roles/podman/tasks/containers/home/hass.yml index 2cd7f68..d47cfbd 100644 --- a/ansible/roles/podman/tasks/containers/home/hass.yml +++ b/ansible/roles/podman/tasks/containers/home/hass.yml @@ -15,6 +15,7 @@ - name: copy configuration and automations become: true ansible.builtin.copy: + backup: true src: "files/hass/{{ item }}" dest: "{{ hass_path }}/config/{{ item }}" owner: "{{ podman_user }}" diff --git a/ansible/roles/podman/tasks/firewall.yml b/ansible/roles/podman/tasks/firewall.yml index a7cfece..e1a1126 100644 --- a/ansible/roles/podman/tasks/firewall.yml +++ b/ansible/roles/podman/tasks/firewall.yml @@ -27,9 +27,9 @@ # Factorio - 27015/tcp - 34197/udp - # Palworld - - 8211/udp - - 25575/udp + # Zomboid + - 16261/udp + - 16262/udp notify: restart firewalld tags: firewall @@ -54,5 +54,8 @@ # cam2ip - 56000/tcp - 56000/udp + # Palworld + - 8211/udp + - 25575/udp notify: restart firewalld tags: firewall diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml index fccad81..8248757 100644 --- a/ansible/roles/podman/tasks/main.yml +++ b/ansible/roles/podman/tasks/main.yml @@ -22,7 +22,7 @@ - import_tasks: containers/home/hass.yml vars: - image: ghcr.io/home-assistant/home-assistant:2023.11 + image: ghcr.io/home-assistant/home-assistant:2024.6.4 tags: hass - import_tasks: containers/home/partkeepr.yml @@ -33,15 +33,15 @@ - import_tasks: containers/home/graylog.yml vars: - db_image: docker.io/library/mongo:4.2 - es_image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 - image: docker.io/graylog/graylog:4.3.11 + db_image: docker.io/library/mongo:6.0.14 + os_image: docker.io/opensearchproject/opensearch:2.12.0 + image: docker.io/graylog/graylog:5.2 tags: graylog - import_tasks: containers/skudak/wiki.yml vars: db_image: docker.io/library/mysql:5.7.21 - image: docker.io/solidnerd/bookstack:23.12 + image: docker.io/solidnerd/bookstack:24.5 tags: skudak, skudak-wiki - import_tasks: containers/home/photos.yml