jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-27 00:05:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-01 19:13

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
roles/journal_remote/templates/dehydrated_hook.sh.j2 Normal file
View File

@@ -0,0 +1,14 @@
#!/bin/sh
{% if journal_remote_letsencrypt_cert is defined %}
mkdir -p /etc/systemd/journal-remote-tls
chown systemd-journal-remote:systemd-journal-remote /etc/systemd/journal-remote-tls
chmod 700 /etc/systemd/journal-remote-tls
if [ -e /var/lib/dehydrated/certificates/certs/{{ journal_remote_letsencrypt_cert }}/privkey.pem ]; then
cp -f /var/lib/dehydrated/certificates/certs/{{ journal_remote_letsencrypt_cert }}/privkey.pem /etc/systemd/journal-remote-tls/
cp -f /var/lib/dehydrated/certificates/certs/{{ journal_remote_letsencrypt_cert }}/fullchain.pem /etc/systemd/journal-remote-tls/
chown systemd-journal-remote:systemd-journal-remote /etc/systemd/journal-remote-tls/*
chmod 600 /etc/systemd/journal-remote-tls/privkey.pem
/sbin/service systemd-journal-remote restart
fi
{% endif %}

14
roles/journal_remote/templates/journal-remote.conf.j2 Normal file
View File

@@ -0,0 +1,14 @@
[Remote]
Seal={{ journal_remote_seal | ternary(True,False) }}
SplitMode=host
{% if (journal_remote_crt is defined and journal_remote_key is defined) or journal_remote_letsencrypt_cert is defined %}
{% if journal_remote_crt is defined and journal_remote_key is defined %}
ServerKeyFile={{ journal_remote_key }}
ServerCertificateFile={{ journal_remote_cert }}
TrustedCertificateFile={{ journal_remote_ca | default('/etc/pki/tls/cert.pem') }}
{% else %}
ServerKeyFile=/etc/systemd/journal-remote-tls/privkey.pem
ServerCertificateFile=/etc/systemd/journal-remote-tls/fullchain.pem
TrustedCertificateFile=/etc/systemd/journal-remote-tls/fullchain.pem
{% endif %}
{% endif %}

15
roles/journal_remote/templates/systemd-journal-remote.service.j2 Normal file
View File

@@ -0,0 +1,15 @@
[Unit]
Description=Journal Remote Sink Service
Requires=systemd-journal-remote.socket
[Service]
ExecStart=/usr/lib/systemd/systemd-journal-remote \
--listen-{{ ((journal_remote_crt is defined and journal_remote_key is defined) or journal_remote_letsencrypt_cert is defined) | ternary('https','http') }}={{ journal_remote_port }} \
--output=/var/log/journal/remote/
User=systemd-journal-remote
Group=systemd-journal-remote
PrivateTmp=yes
PrivateDevices=yes
[Install]
WantedBy=multi-user.target