mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

ersetze oxidized mit routeros-config-export (#562)

Browse source 
Reviewed-on: #562
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2023-08-02 20:38:26 +02:00 committed by mg
parent d1d6325dec
commit d9f9a1fc7e
13 changed files with 31 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docker-compose/homer/assets/mgmt.yml
View file

@ -89,11 +89,6 @@ services:
url: "http://docker10.grote.lan:1234" url: "http://docker10.grote.lan:1234"
target: "_blank" target: "_blank"
subtitle: "Monitoring" subtitle: "Monitoring"
- name: "Oxidized"
logo: "assets/icons/oxidized.svg"
url: "http://docker10.grote.lan:8888"
target: "_blank"
subtitle: "network device configuration backup tool"
- name: "Internet-MGMT" - name: "Internet-MGMT"
icon: "fas fa-cloud" icon: "fas fa-cloud"

34
docker-compose/oxidized/config.j2
View file

@ -1,34 +0,0 @@
source:
default: csv
csv:
file: /home/oxidized/.config/oxidized/router.db
delimiter: !ruby/regexp /:/
map:
name: 0
ip: 1
model: 2
username: 3
password: 4
vars_map:
enable: 5
# enable WebGUI
rest: 0.0.0.0:8888
# debug
# debug: true
output:
default: git
git:
user: oxidized
email: oxidized@grote.lan
repo: "/var/lib/oxidized/devices.git"
hooks:
push_to_remote:
type: githubrepo
events: [post_store]
remote_repo: ssh://gitea@git.mgrote.net:2222/mg/oxidized-configs.git
publickey: /ssh/id_rsa.pub
privatekey: /ssh/id_rsa

37
docker-compose/oxidized/docker-compose.yml.j2
View file

@ -1,37 +0,0 @@
version: '3.3'
services:
oxidized:
restart: always
container_name: "oxidized"
image: oxidized/oxidized:latest
ports:
- 8888:8888/tcp
environment:
CONFIG_RELOAD_INTERVAL: 600
volumes:
- ./router.db:/home/oxidized/.config/oxidized/router.db
- ./config:/home/oxidized/.config/oxidized/config
- ./ssh:/ssh/
- oxidized:/var/lib/oxidized
labels:
com.centurylinklabs.watchtower.enable: false
######## Volumes ########
volumes:
oxidized:
# auf git.mgrote.net ist "docker-oxidized" als user angelegt und die ssh-keys sind in seinem Nutzerprofil hinterlegt
# von Nutzer "mg" sind die beiden oxidized Repos an "docker-oxidized" geteilt
# ssh:
# die ssh-keys müsen im alten pem-format vorliegen
# https://github.com/ytti/oxidized/pull/2453/commits/a67a7204f65be8c564144e23012844fcff5444b5
# erstellen:
# 1. ssh-keygen (ohne alles)
# 2. ssh-keygen -p -m PEM -f <private_key>
# 3. chmod 0660 id_rsa*
# 4. Key in ansible-vault/KeePass hinterlegen
# hardware:
# oxidized besitzt jeweils einen user auf jedem Gerät mit der Policy "read-only"

4
docker-compose/oxidized/router.db.j2
View file

@ -1,4 +0,0 @@
rb5009.grote.lan:192.168.2.1:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_rb5009', 'password') }}
nanohd-wohnzimmer.grote.lan:192.168.2.35:airos:ubi_ssh_admin:{{ lookup('keepass', 'docker_oxidized_nanohd', 'password') }}
crs305.grote.lan:192.168.2.225:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_crs305', 'password') }}
hex.grote.lan:192.168.3.144:routeros:oxidized:{{ lookup('keepass', 'docker_oxidized_hex', 'password') }}

1
docker-compose/oxidized/ssh/id_rsa.j2
View file

@ -1 +0,0 @@
{{ lookup('keepass', 'docker_oxidized_gitea_ssh_key_private', 'notes') }}

1
docker-compose/oxidized/ssh/id_rsa.pub
View file

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiSAQC6Ayt6c9FSrJFBuuGmNpAU/cTDt+s9fy5l4LXOlY+255+ny0IDwfSYBx0e4DtOcpMnaOBazBSONc9zPAU+JFfX7XnO00ion4zHdoviy4TGYO+26L08srobU2sggZnIZLdXIXflpB2t80L2VfJa0RruARjDOAwAv1pM2JqWLjI1be1s8VvY6cj4ki5vl2xkKLBviIS/tBTgdIxtr/+S6U5az+wuopzEO6bXgIoye8ZvwWRVbqWhWwSarntX1yLfDHjFg5IIP9T5j1ySK/dgNL632JZhqM36F4LYEHiTZ4myAE7dCk08HIneQ3O5K4mWgRDKShBpPrWRMGKQouH0N0uoXVu24R7nBio3poVP0dY0TInhWtjIrY8vmdebHQGThNtTwXCBmBHX40UAkKSUuy98gzXa5X068ohvoWzOBHhSk9XY2upPwPEf3qga+mB98aH6UqjcI6/CHi2dIGOL5z8WbYBLhHJQo/hp7lVgLCbpQVv45Whjf+p+IX/sgk= mg@docker10

1
docker-compose/routeros-config-export/deploy_token.j2 Normal file
View file

@ -0,0 +1 @@
{{ lookup('keepass', 'routeros-config-backup_deploy-token', 'notes') }}

23
docker-compose/routeros-config-export/docker-compose.yml Normal file
View file

@ -0,0 +1,23 @@
version: "3"
services:
routeros-config-export:
container_name: routeros-config-export
restart: always
image: registry.mgrote.net/oxidized-selfmade:master
volumes:
- ./key_rb5009:/key_rb5009:ro
- ./key_hex:/key_hex:ro
- ./key_crs305:/key_crs305:ro
- ./deploy_token:/deploy_token:ro
environment:
DEVICES: |-
rb5009.grote.lan,routeros-config-backup,/key_rb5009
hex.grote.lan,routeros-config-backup,/key_hex
crs305.grote.lan,routeros-config-backup,/key_crs305
GIT_REPO_BRANCH: "master"
GIT_REPO_URL: "ssh://gitea@git.mgrote.net:2222/mg/routeros-configs.git"
GIT_REPO_DEPLOY_KEY: "/deploy_token"
GIT_USERNAME: oxidized-selfmade
GIT_USER_MAIL: michael.grote@posteo.de
GIT_REPO_REMOTE_NAME: origin
INTERVAL: 600 # in sekunden

1
docker-compose/routeros-config-export/key_crs305.j2 Normal file
View file

@ -0,0 +1 @@
{{ lookup('keepass', 'routeros-config-backup_crs305_private_key', 'notes') }}

1
docker-compose/routeros-config-export/key_hex.j2 Normal file
View file

@ -0,0 +1 @@
{{ lookup('keepass', 'routeros-config-backup_hex_private_key', 'notes') }}

1
docker-compose/routeros-config-export/key_rb5009.j2 Normal file
View file

@ -0,0 +1 @@
{{ lookup('keepass', 'routeros-config-backup_rb5009_private_key', 'notes') }}

8
host_vars/docker10.grote.lan.yml
View file

@ -25,8 +25,6 @@
compose_dest_basedir: "/docker" compose_dest_basedir: "/docker"
compose_src_basedir: "{{ inventory_dir }}/docker-compose" compose_src_basedir: "{{ inventory_dir }}/docker-compose"
compose_files: compose_files:
- name: oxidized
state: present
- name: homer - name: homer
state: present state: present
- name: munin - name: munin
@ -53,6 +51,8 @@
state: present state: present
- name: blocky - name: blocky
state: present state: present
- name: routeros-config-export
state: present
- name: registry - name: registry
state: present state: present
network: traefik network: traefik
@ -136,7 +136,7 @@
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
config: | config: |
[http_response] [http_response]
env.sites http://docker10.grote.lan:333 http://docker10.grote.lan:8888/nodes http://docker10.grote.lan:1234 https://nextcloud.mgrote.net http://docker10.grote.lan:3344 http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081 env.sites http://docker10.grote.lan:333 http://docker10.grote.lan:1234 https://nextcloud.mgrote.net http://docker10.grote.lan:3344 http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081
env.max_time 20 env.max_time 20
env.short_label true env.short_label true
env.follow_redirect true env.follow_redirect true
@ -271,7 +271,7 @@
config: | config: |
[gitea_commit_time_diff] [gitea_commit_time_diff]
env.url git.mgrote.net env.url git.mgrote.net
env.repo oxidized-configs env.repo routeros-configs
env.user mg env.user mg
env.git_ref HEAD env.git_ref HEAD
env.warning 1000 env.warning 1000

BIN
keepass_db.kdbx
View file

Binary file not shown.