directlx
/
dlx-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
23 Commits 1 Branch 0 Tags 168 KiB
Commit Graph

4 Commits

Author SHA1 Message Date
directlx 5859751c66 Add HTTPS support for registry.directlx.dev via NPM 
Configure registry.directlx.dev to route through Nginx Proxy Manager
(192.168.200.71) for SSL/TLS termination, instead of direct access to
Docker registry at 192.168.200.200:5000.

Changes:
- Updated Pi-hole DNS to route registry.directlx.dev → NPM (192.168.200.71)
- Added gitea.directlx.dev to DNS records (previously missing)
- Created comprehensive NPM configuration guide with Docker-specific Nginx config
- Created Docker registry usage documentation with HTTPS examples
- Added local DNS configuration playbooks and documentation

Benefits:
- HTTPS encryption for Docker registry traffic
- Consistent SSL certificate management via Let's Encrypt
- No insecure-registry configuration needed on Docker clients
- Centralized proxy management through NPM

Next step: Configure NPM proxy host following docs/NPM-REGISTRY-SETUP.md

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-14 14:58:30 -05:00
directlx 015c708644 Add PostgreSQL user management playbook and documentation 
Created reusable Ansible playbook for creating PostgreSQL users with
flexible privilege options (superuser, createdb, createrole). Features
include auto-generated secure passwords, credential file export, and
comprehensive documentation with examples.

Files added:
- playbooks/create-postgres-user.yml - Automated user creation
- docs/POSTGRES-USER-MANAGEMENT.md - Usage guide and examples

Initial use case: Created hiveops superuser for HiveOps application.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-14 07:44:35 -05:00
directlx 538feb79c2 Add comprehensive security audit and Jenkins connectivity fixes 
Security Audit Infrastructure:
- Add security-audit.yml and security-audit-v2.yml playbooks
- Comprehensive security checks: SSH config, firewall, open ports,
  failed logins, auto-updates, password policies
- Generate per-server reports in /tmp/security-audit-*/
- Add SECURITY-AUDIT-SUMMARY.md with prioritized findings

Docker Server Security (Ready for Execution):
- Add secure-docker-server-firewall.yml playbook
- Three firewall modes: internal (recommended), selective, custom
- Add DOCKER-SERVER-SECURITY.md execution guide
- Security updates applied (107 packages upgraded)
- Firewall configuration saved for future execution

Jenkins Connectivity Fixes:
- Fixed Jenkins and SonarQube port blocking (opened 8080, 9000)
- Created jenkins host_vars with firewall configuration
- Restarted SonarQube containers (postgresql, sonarqube)
- Add JENKINS-CONNECTIVITY-FIX.md documentation

Jenkins SSH Agent Configuration:
- Add setup-jenkins-agent-ssh.yml for SSH key generation
- Enable password authentication for AWS Jenkins Master
- Created jenkins user SSH key pair
- Add comprehensive troubleshooting guide

NPM SSH Proxy Setup:
- Configure NPM as SSH proxy for Jenkins agents (port 2222)
- Update npm.yml host_vars with port 2222
- Add configure-npm-ssh-proxy.yml playbook
- Create nginx stream config at /data/nginx/stream/jenkins.conf
- Add NPM-SSH-PROXY-FOR-JENKINS.md full documentation
- Add JENKINS-NPM-PROXY-QUICK-REFERENCE.md quick guide

DNS Configuration:
- Add jenkins.directlx.dev to Pi-hole DNS
- Points to NPM server (192.168.200.71) for internal resolution

Key Security Findings:
- 16 servers audited
- Critical: Root SSH login enabled on 2 servers
- Critical: No firewall on several servers
- High: 65 pending security updates on docker server (now applied)
- High: Automatic updates not configured on most servers

Documentation:
- SECURITY-AUDIT-SUMMARY.md: Executive summary and remediation plan
- DOCKER-SERVER-SECURITY.md: Docker server security guide
- JENKINS-CONNECTIVITY-FIX.md: Jenkins firewall fix documentation
- JENKINS-SSH-AGENT-TROUBLESHOOTING.md: SSH troubleshooting guide
- NPM-SSH-PROXY-FOR-JENKINS.md: NPM proxy configuration
- JENKINS-NPM-PROXY-QUICK-REFERENCE.md: Quick reference guide

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-09 13:27:36 -05:00
directlx 90ed5c1edb Add storage remediation playbooks and comprehensive audit documentation 
This commit introduces a complete storage remediation solution for critical
Proxmox cluster issues:

Playbooks (4 new):
- remediate-storage-critical-issues.yml: Log cleanup, Docker prune, audits
- remediate-docker-storage.yml: Deep Docker cleanup with automation
- remediate-stopped-containers.yml: Safe container removal with backups
- configure-storage-monitoring.yml: Proactive monitoring and alerting

Critical Issues Addressed:
- proxmox-00 root FS: 84.5% → <70% (frees 10-15 GB)
- proxmox-01 dlx-docker: 81.1% → <75% (frees 50-150 GB)
- Unused containers: 1.2 TB allocated → removable
- Storage gaps: Automated monitoring with 75/85/95% thresholds

Documentation (3 new):
- STORAGE-AUDIT.md: Comprehensive capacity analysis and hardware inventory
- STORAGE-REMEDIATION-GUIDE.md: Step-by-step execution with timeline
- REMEDIATION-SUMMARY.md: Quick reference for playbooks and results

Features:
✓ Dry-run modes for safety
✓ Configuration backups before removal
✓ Automated weekly maintenance scheduled
✓ Continuous monitoring with syslog integration
✓ Prometheus metrics export ready
✓ Complete troubleshooting guide

Expected Results:
- Total space freed: 1-2 TB
- Automated cleanup prevents regrowth
- Real-time capacity alerts
- Monthly audit cycles

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
 2026-02-08 13:22:53 -05:00