diff --git a/docker-compose/homer/assets/mgmt.yml b/docker-compose/homer/assets/mgmt.yml index 532d516e..8890aaeb 100644 --- a/docker-compose/homer/assets/mgmt.yml +++ b/docker-compose/homer/assets/mgmt.yml @@ -89,11 +89,6 @@ services: url: "http://docker10.grote.lan:1234" target: "_blank" subtitle: "Monitoring" - - name: "Oxidized" - logo: "assets/icons/oxidized.svg" - url: "http://docker10.grote.lan:8888" - target: "_blank" - subtitle: "network device configuration backup tool" - name: "Internet-MGMT" icon: "fas fa-cloud" diff --git a/docker-compose/oxidized/config.j2 b/docker-compose/oxidized/config.j2 deleted file mode 100644 index dd062d6b..00000000 --- a/docker-compose/oxidized/config.j2 +++ /dev/null @@ -1,34 +0,0 @@ -source: - default: csv - csv: - file: /home/oxidized/.config/oxidized/router.db - delimiter: !ruby/regexp /:/ - map: - name: 0 - ip: 1 - model: 2 - username: 3 - password: 4 - vars_map: - enable: 5 - -# enable WebGUI -rest: 0.0.0.0:8888 - -# debug -# debug: true - -output: - default: git - git: - user: oxidized - email: oxidized@grote.lan - repo: "/var/lib/oxidized/devices.git" - -hooks: - push_to_remote: - type: githubrepo - events: [post_store] - remote_repo: ssh://gitea@git.mgrote.net:2222/mg/oxidized-configs.git - publickey: /ssh/id_rsa.pub - privatekey: /ssh/id_rsa diff --git a/docker-compose/oxidized/docker-compose.yml.j2 b/docker-compose/oxidized/docker-compose.yml.j2 deleted file mode 100644 index 89a1bc55..00000000 --- a/docker-compose/oxidized/docker-compose.yml.j2 +++ /dev/null @@ -1,37 +0,0 @@ -version: '3.3' -services: - oxidized: - restart: always - container_name: "oxidized" - image: oxidized/oxidized:latest - ports: - - 8888:8888/tcp - environment: - CONFIG_RELOAD_INTERVAL: 600 - volumes: - - ./router.db:/home/oxidized/.config/oxidized/router.db - - ./config:/home/oxidized/.config/oxidized/config - - ./ssh:/ssh/ - - oxidized:/var/lib/oxidized - labels: - com.centurylinklabs.watchtower.enable: false - -######## Volumes ######## -volumes: - oxidized: - -# auf git.mgrote.net ist "docker-oxidized" als user angelegt und die ssh-keys sind in seinem Nutzerprofil hinterlegt -# von Nutzer "mg" sind die beiden oxidized Repos an "docker-oxidized" geteilt - -# ssh: -# die ssh-keys müsen im alten pem-format vorliegen -# https://github.com/ytti/oxidized/pull/2453/commits/a67a7204f65be8c564144e23012844fcff5444b5 - -# erstellen: -# 1. ssh-keygen (ohne alles) -# 2. ssh-keygen -p -m PEM -f -# 3. chmod 0660 id_rsa* -# 4. Key in ansible-vault/KeePass hinterlegen - -# hardware: -# oxidized besitzt jeweils einen user auf jedem Gerät mit der Policy "read-only" diff --git a/docker-compose/oxidized/router.db.j2 b/docker-compose/oxidized/router.db.j2 deleted file mode 100644 index 4fcd61b4..00000000 --- a/docker-compose/oxidized/router.db.j2 +++ /dev/null @@ -1,4 +0,0 @@ -rb5009.grote.lan:192.168.2.1:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_rb5009', 'password') }} -nanohd-wohnzimmer.grote.lan:192.168.2.35:airos:ubi_ssh_admin:{{ lookup('keepass', 'docker_oxidized_nanohd', 'password') }} -crs305.grote.lan:192.168.2.225:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_crs305', 'password') }} -hex.grote.lan:192.168.3.144:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_hex', 'password') }} diff --git a/docker-compose/oxidized/ssh/id_rsa.j2 b/docker-compose/oxidized/ssh/id_rsa.j2 deleted file mode 100644 index 208359be..00000000 --- a/docker-compose/oxidized/ssh/id_rsa.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ lookup('keepass', 'docker_oxidized_gitea_ssh_key_private', 'notes') }} diff --git a/docker-compose/oxidized/ssh/id_rsa.pub b/docker-compose/oxidized/ssh/id_rsa.pub deleted file mode 100644 index f6ac6d1d..00000000 --- a/docker-compose/oxidized/ssh/id_rsa.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiSAQC6Ayt6c9FSrJFBuuGmNpAU/cTDt+s9fy5l4LXOlY+255+ny0IDwfSYBx0e4DtOcpMnaOBazBSONc9zPAU+JFfX7XnO00ion4zHdoviy4TGYO+26L08srobU2sggZnIZLdXIXflpB2t80L2VfJa0RruARjDOAwAv1pM2JqWLjI1be1s8VvY6cj4ki5vl2xkKLBviIS/tBTgdIxtr/+S6U5az+wuopzEO6bXgIoye8ZvwWRVbqWhWwSarntX1yLfDHjFg5IIP9T5j1ySK/dgNL632JZhqM36F4LYEHiTZ4myAE7dCk08HIneQ3O5K4mWgRDKShBpPrWRMGKQouH0N0uoXVu24R7nBio3poVP0dY0TInhWtjIrY8vmdebHQGThNtTwXCBmBHX40UAkKSUuy98gzXa5X068ohvoWzOBHhSk9XY2upPwPEf3qga+mB98aH6UqjcI6/CHi2dIGOL5z8WbYBLhHJQo/hp7lVgLCbpQVv45Whjf+p+IX/sgk= mg@docker10 diff --git a/docker-compose/routeros-config-export/deploy_token.j2 b/docker-compose/routeros-config-export/deploy_token.j2 new file mode 100644 index 00000000..be61e905 --- /dev/null +++ b/docker-compose/routeros-config-export/deploy_token.j2 @@ -0,0 +1 @@ +{{ lookup('keepass', 'routeros-config-backup_deploy-token', 'notes') }} diff --git a/docker-compose/routeros-config-export/docker-compose.yml b/docker-compose/routeros-config-export/docker-compose.yml new file mode 100644 index 00000000..aec73dad --- /dev/null +++ b/docker-compose/routeros-config-export/docker-compose.yml @@ -0,0 +1,23 @@ +version: "3" +services: + routeros-config-export: + container_name: routeros-config-export + restart: always + image: registry.mgrote.net/oxidized-selfmade:master + volumes: + - ./key_rb5009:/key_rb5009:ro + - ./key_hex:/key_hex:ro + - ./key_crs305:/key_crs305:ro + - ./deploy_token:/deploy_token:ro + environment: + DEVICES: |- + rb5009.grote.lan,routeros-config-backup,/key_rb5009 + hex.grote.lan,routeros-config-backup,/key_hex + crs305.grote.lan,routeros-config-backup,/key_crs305 + GIT_REPO_BRANCH: "master" + GIT_REPO_URL: "ssh://gitea@git.mgrote.net:2222/mg/routeros-configs.git" + GIT_REPO_DEPLOY_KEY: "/deploy_token" + GIT_USERNAME: oxidized-selfmade + GIT_USER_MAIL: michael.grote@posteo.de + GIT_REPO_REMOTE_NAME: origin + INTERVAL: 600 # in sekunden diff --git a/docker-compose/routeros-config-export/key_crs305.j2 b/docker-compose/routeros-config-export/key_crs305.j2 new file mode 100644 index 00000000..fc8fe677 --- /dev/null +++ b/docker-compose/routeros-config-export/key_crs305.j2 @@ -0,0 +1 @@ +{{ lookup('keepass', 'routeros-config-backup_crs305_private_key', 'notes') }} diff --git a/docker-compose/routeros-config-export/key_hex.j2 b/docker-compose/routeros-config-export/key_hex.j2 new file mode 100644 index 00000000..ceb37fef --- /dev/null +++ b/docker-compose/routeros-config-export/key_hex.j2 @@ -0,0 +1 @@ +{{ lookup('keepass', 'routeros-config-backup_hex_private_key', 'notes') }} diff --git a/docker-compose/routeros-config-export/key_rb5009.j2 b/docker-compose/routeros-config-export/key_rb5009.j2 new file mode 100644 index 00000000..c4f2e31d --- /dev/null +++ b/docker-compose/routeros-config-export/key_rb5009.j2 @@ -0,0 +1 @@ +{{ lookup('keepass', 'routeros-config-backup_rb5009_private_key', 'notes') }} diff --git a/host_vars/docker10.grote.lan.yml b/host_vars/docker10.grote.lan.yml index 65eeaa32..a38258ff 100644 --- a/host_vars/docker10.grote.lan.yml +++ b/host_vars/docker10.grote.lan.yml @@ -25,8 +25,6 @@ compose_dest_basedir: "/docker" compose_src_basedir: "{{ inventory_dir }}/docker-compose" compose_files: - - name: oxidized - state: present - name: homer state: present - name: munin @@ -53,6 +51,8 @@ state: present - name: blocky state: present + - name: routeros-config-export + state: present - name: registry state: present network: traefik @@ -136,7 +136,7 @@ src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response config: | [http_response] - env.sites http://docker10.grote.lan:333 http://docker10.grote.lan:8888/nodes http://docker10.grote.lan:1234 https://nextcloud.mgrote.net http://docker10.grote.lan:3344 http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081 + env.sites http://docker10.grote.lan:333 http://docker10.grote.lan:1234 https://nextcloud.mgrote.net http://docker10.grote.lan:3344 http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081 env.max_time 20 env.short_label true env.follow_redirect true @@ -271,7 +271,7 @@ config: | [gitea_commit_time_diff] env.url git.mgrote.net - env.repo oxidized-configs + env.repo routeros-configs env.user mg env.git_ref HEAD env.warning 1000 diff --git a/keepass_db.kdbx b/keepass_db.kdbx index effe8e76..6ffae60a 100644 Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ