Compare commits

...

No commits in common. 'master' and 'v2-neotame-mannitol' have entirely different histories.

  1. 2
      .gitignore
  2. 21
      README
  3. 477
      ansible.cfg
  4. 2
      bootstrap-packages.sh
  5. 8
      disable-login.yml
  6. 8
      enable-login.yml
  7. 4
      files/nologin
  8. 12
      files/resolv.conf
  9. 1
      files/root-dotfiles
  10. 18
      files/rsyslog.conf
  11. 1
      files/ssh_known_hosts
  12. 1
      fingerprints/aspartame_ed25519.pub
  13. 1
      fingerprints/aspartame_rsa.pub
  14. 1
      fingerprints/auth1_ed25519.pub
  15. 1
      fingerprints/auth1_rsa.pub
  16. 1
      fingerprints/auth2_ed25519.pub
  17. 1
      fingerprints/auth2_rsa.pub
  18. 1
      fingerprints/bit-shifter_ed25519.pub
  19. 1
      fingerprints/bit-shifter_rsa.pub
  20. 1
      fingerprints/caffeine_ed25519.pub
  21. 1
      fingerprints/caffeine_rsa.pub
  22. 1
      fingerprints/cobalamin_ed25519.pub
  23. 1
      fingerprints/cobalamin_rsa.pub
  24. 1
      fingerprints/corn-syrup_ed25519.pub
  25. 1
      fingerprints/corn-syrup_rsa.pub
  26. 1
      fingerprints/dextrose_ed25519.pub
  27. 1
      fingerprints/dextrose_rsa.pub
  28. 1
      fingerprints/glomag_ed25519.pub
  29. 1
      fingerprints/glomag_rsa.pub
  30. 1
      fingerprints/gwem_ed25519.pub
  31. 1
      fingerprints/gwem_rsa.pub
  32. 1
      fingerprints/high-fructose-corn-syrup_ed25519.pub
  33. 1
      fingerprints/high-fructose-corn-syrup_rsa.pub
  34. 1
      fingerprints/mail_ed25519.pub
  35. 1
      fingerprints/mail_rsa.pub
  36. 1
      fingerprints/maltodextrin_ed25519.pub
  37. 1
      fingerprints/maltodextrin_rsa.pub
  38. 1
      fingerprints/munin_ed25519.pub
  39. 1
      fingerprints/munin_rsa.pub
  40. 1
      fingerprints/natural-flavours_ed25519.pub
  41. 1
      fingerprints/natural-flavours_rsa.pub
  42. 1
      fingerprints/netbox_ed25519.pub
  43. 1
      fingerprints/netbox_rsa.pub
  44. 1
      fingerprints/nullsleep_ed25519.pub
  45. 1
      fingerprints/nullsleep_rsa.pub
  46. 1
      fingerprints/potassium-benzoate_ed25519.pub
  47. 1
      fingerprints/potassium-benzoate_rsa.pub
  48. 1
      fingerprints/rt_ed25519.pub
  49. 1
      fingerprints/rt_rsa.pub
  50. 1
      fingerprints/sodium-benzoate_ed25519.pub
  51. 1
      fingerprints/sodium-benzoate_rsa.pub
  52. 1
      fingerprints/strombola_ed25519.pub
  53. 1
      fingerprints/strombola_rsa.pub
  54. 1
      fingerprints/sucrose_ed25519.pub
  55. 1
      fingerprints/sucrose_rsa.pub
  56. 1
      fingerprints/taurine_ed25519.pub
  57. 1
      fingerprints/taurine_rsa.pub
  58. 7
      fix-ssh-perms.yml
  59. 8
      gather-ssh-fingerprints.yml
  60. 50
      generate-fingerprints
  61. 7
      generate-hosts.yml
  62. 116
      hosts
  63. 15
      install-general-use-container.yml
  64. 19
      install-office-terminal.yml
  65. 11
      install-syscom-container.yml
  66. 15
      install-syscom.yml
  67. 13
      loadbalancer.yml
  68. 0
      log/.keep
  69. 8
      mount-scratch.yml
  70. 9
      mount-users.yml
  71. 11
      playbooks/test.yml
  72. 97
      plugins/callback/log_plays/log_plays.py
  73. 27
      resolv.yml
  74. 4
      roles/apache2/tasks/main.yml
  75. 168
      roles/audio-client/files/default.pa
  76. 8
      roles/audio-client/files/ncmpcpp
  77. 11
      roles/audio-client/tasks/main.yml
  78. 91
      roles/auth/tasks/main.yml
  79. 12
      roles/cleanup/tasks/main.yml
  80. 29
      roles/common/tasks/etckeeper.yml
  81. 18
      roles/common/tasks/main.yml
  82. 8
      roles/container/tasks/main.yml
  83. 6
      roles/core/files/csclub.rsyslog.conf
  84. 12
      roles/core/files/ntp.conf
  85. 0
      roles/core/files/ssh_config
  86. 0
      roles/core/files/ssh_known_hosts
  87. 0
      roles/core/files/sshd_config
  88. 5
      roles/core/handlers/main.yml
  89. 13
      roles/core/handlers/remote_access.yml
  90. 13
      roles/core/handlers/rsyslog.yml
  91. 13
      roles/core/handlers/time.yml
  92. 15
      roles/core/tasks/dns.yml
  93. 16
      roles/core/tasks/logging.yml
  94. 186
      roles/core/tasks/main.yml
  95. 26
      roles/core/tasks/mirrors.yml
  96. 180
      roles/core/tasks/packages.yml
  97. 33
      roles/core/tasks/remote_access.yml
  98. 13
      roles/core/tasks/root.yml
  99. 19
      roles/core/tasks/time.yml
  100. 9
      roles/core/templates/debian.sources.list
  101. Some files were not shown because too many files have changed in this diff Show More

2
.gitignore vendored

@ -1,4 +1,4 @@
logs/
log/
*.log
*.pyc
generate-hosts/

@ -1,21 +0,0 @@
____ ____ ____ _ _ _ _
/ ___/ ___| / ___| / \ _ __ ___(_) |__ | | ___
| | \___ \| | / _ \ | '_ \/ __| | '_ \| |/ _ \
| |___ ___) | |___ / ___ \| | | \__ \ | |_) | | __/
\____|____/ \____| /_/ \_\_| |_|___/_|_.__/|_|\___|
Ansible playbooks of the University of Waterloo Computer Science Club.
** Usage **
To run a playbook and request a user's ssh/sudo password:
`ansible-playbook -kK -b test-playbook.yml`
To run a playbook as a different user (for example to provision a new system
that doesn't have sssd yet):
`ansible-playbook -kK -b -u local_sysadmin test-playbook.yml`
To run a playbook starting at a certain spot:
`ansible-playbook -kK -b install-office-terminal.yml --start-at-task='enable magic sysrq'`

@ -1,20 +1,475 @@
# config file for ansible -- https://ansible.com/
# ===============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# Settings
ask_sudo_pass = False
remote_tmp = /tmp/${USER}/ansible
nocows = 1
timeout = 60
# Inventory
# some basic default values...
inventory = hosts
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
remote_tmp = /tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
#gathering = implicit
# This only affects the gathering done by a play's gather_facts directive,
# by default gathering retrieves all facts subsets
# all - gather all subsets
# network - gather min and network facts
# hardware - gather hardware facts (longest facts to retrieve)
# virtual - gather min and virtual facts
# facter - import facts from facter
# ohai - import facts from ohai
# You can combine them using comma (ex: network,virtual)
# You can negate them using ! (ex: !hardware,!facter,!ohai)
# A minimal set of facts is always gathered.
#gather_subset = all
# some hardware related facts are collected
# with a maximum timeout of 10 seconds. This
# option lets you increase or decrease that
# timeout to something more suitable for the
# environment.
# gather_timeout = 10
# additional paths to search for roles in, colon separated
roles_path = roles
# uncomment this to disable SSH key host checking
#host_key_checking = False
# change the default callback, you can only have one 'stdout' type enabled at a time.
#stdout_callback = skippy
## Ansible ships with some plugins that require whitelisting,
## this is done to avoid running all of a type by default.
## These setting lists those that you want enabled for your system.
## Custom plugins should not need this unless plugin author specifies it.
# enable callback plugins, they can output to stdout but cannot be 'stdout' type.
#callback_whitelist = timer, mail
# Determine whether includes in tasks and handlers are "static" by
# default. As of 2.0, includes are dynamic by default. Setting these
# values to True will make includes behave more like they did in the
# 1.x versions.
#task_includes_static = False
#handler_includes_static = False
# Controls if a missing handler for a notification event is an error or a warning
#error_on_missing_handler = True
# change this for alternative sudo implementations
#sudo_exe = sudo
# What flags to pass to sudo
# WARNING: leaving out the defaults might create unexpected behaviours
#sudo_flags = -H -S -n
# SSH timeout
#timeout = 10
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root
# logging is off by default unless this path is defined
# if so defined, consider logrotate
log_path = log/ansible.log
# default module name for /usr/bin/ansible
#module_name = command
# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh
# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace
# by default, variables from roles will be visible in the global variable
# scope. To prevent this, the following option can be enabled, and only
# tasks and handlers within the role will see the variables there
#private_role_vars = yes
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file
# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
#vault_password_file = /path/to/vault_password_file
# format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
# in some situations so the default is a static string:
#ansible_managed = Ansible managed
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#display_skipped_hosts = True
# by default, if a task in a playbook does not include a name: field then
# ansible-playbook will construct a header that includes the task's action but
# not the task's args. This is a security feature because ansible cannot know
# if the *module* considers an argument to be no_log at the time that the
# header is printed. If your environment doesn't have a problem securing
# stdout from ansible-playbook (or you have manually specified no_log in your
# playbook on all of the tasks where you have secret information) then you can
# safely set this to True to get more informative messages.
#display_args_to_stdout = False
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
#system_warnings = True
# by default (as of 1.4), Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions.
# to disable these warnings, set the following value to False:
#deprecation_warnings = True
# (as of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a default Ansible module
# instead. These warnings can be silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line
# parameter string. This will for example suggest using the git module
# instead of shelling out to the git command.
# command_warnings = False
# set plugin path directories here, separate with colons
#action_plugins = /usr/share/ansible/plugins/action
#cache_plugins = /usr/share/ansible/plugins/cache
#callback_plugins = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins = /usr/share/ansible/plugins/lookup
#inventory_plugins = /usr/share/ansible/plugins/inventory
#vars_plugins = /usr/share/ansible/plugins/vars
#filter_plugins = /usr/share/ansible/plugins/filter
#test_plugins = /usr/share/ansible/plugins/test
#terminal_plugins = /usr/share/ansible/plugins/terminal
#strategy_plugins = /usr/share/ansible/plugins/strategy
# by default, ansible will use the 'linear' strategy but you may want to try
# another one
#strategy = free
# by default callbacks are not loaded for /bin/ansible, enable this if you
# want, for example, a notification or logging callback to also apply to
# /bin/ansible runs
#bin_ansible_callbacks = False
# don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
nocows = 1
# set which cowsay stencil you'd like to use by default. When set to 'random',
# a random stencil will be selected for each task. The selection will be filtered
# against the `cow_whitelist` option below.
#cow_selection = default
#cow_selection = random
# when using the 'random' option for cowsay, stencils will be restricted to this list.
# it should be formatted as a comma-separated list with no spaces between names.
# NOTE: line continuations here are for formatting purposes only, as the INI parser
# in python does not support them.
#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
# don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
#fact_caching = memory
# Logging
log_path = ansible.log
# Plugins
# retry files
# When a playbook fails by default a .retry file will be created in ~/
# You can disable this feature by setting retry_files_enabled to False
# and you can change the location of the files by setting retry_files_save_path
callback_plugins = plugins/callback/log_plays/
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
# squash actions
# Ansible can optimise actions that call modules with list parameters
# when looping. Instead of calling the module once per with_ item, the
# module is called once with all items at once. Currently this only works
# under limited circumstances, and only with parameters named 'name'.
#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
# prevents logging of task data, off by default
#no_log = False
# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
#no_target_syslog = False
# controls whether Ansible will raise an error or warning if a task has no
# choice but to create world readable temporary files to execute a module on
# the remote machine. This option is False by default for security. Users may
# turn this on to have behaviour more like Ansible prior to 2.1.x. See
# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
# for more secure ways to fix this than enabling this option.
#allow_world_readable_tmpfiles = False
# controls the compression level of variables sent to
# worker processes. At the default of 0, no compression
# is used. This value must be an integer from 0 to 9.
#var_compression_level = 9
# controls what compression method is used for new-style ansible modules when
# they are sent to the remote system. The compression types depend on having
# support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory
# variable
#module_compression = 'ZIP_DEFLATED'
# This controls the cutoff point (in bytes) on --diff for files
# set to 0 for unlimited (RAM may suffer!).
#max_diff_size = 1048576
# This controls how ansible handles multiple --tags and --skip-tags arguments
# on the CLI. If this is True then multiple arguments are merged together. If
# it is False, then the last specified argument is used and the others are ignored.
# This option will be removed in 2.8.
#merge_multiple_cli_flags = True
# Controls showing custom stats at the end, off by default
#show_custom_stats = True
# Controls which files to ignore when using a directory as inventory with
# possibly multiple sources (both static and dynamic)
#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
# This family of modules use an alternative execution path optimized for network appliances
# only update this setting if you know how this works, otherwise it can break module execution
#network_group_modules=eos, nxos, ios, iosxr, junos, vyos
# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
# jinja2 templating language which will be run through the templating engine.
# ENABLING THIS COULD BE A SECURITY RISK
#allow_unsafe_lookups = False
# set default errors for all plays
#any_errors_fatal = False
[inventory]
# enable inventory plugins, default: 'host_list', 'script', 'yaml', 'ini'
#enable_plugins = host_list, virtualbox, yaml, constructed
# ignore these extensions when parsing a directory as inventory source
#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
# ignore files matching these patterns when parsing a directory as inventory source
#ignore_patterns=
# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
#unparsed_is_failed=False
[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=True
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
# paramiko will default to looking for SSH keys initially when trying to
# authenticate to remote devices. This is a problem for some network devices
# that close the connection after a key failure. Uncomment this line to
# disable the Paramiko look for keys function
#look_for_keys = False
# When using persistent connections with Paramiko, the connection runs in a
# background process. If the host doesn't already have a valid SSH key, by
# default Ansible will prompt to add the host key. This will cause connections
# running in background processes to fail. Uncomment this line to have
# Paramiko automatically add host keys.
#host_key_auto_add = True
[ssh_connection]
#ssh_args = -o ServerAliveInterval=30 -o ControlMaster=no
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it, -C controls compression use
#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
# The base directory for the ControlPath sockets.
# This is the "%(directory)s" in the control_path option
#
# Example:
# control_path_dir = /tmp/.ansible/cp
#control_path_dir = ~/.ansible/cp
# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
# port and username (empty string in the config). The hash mitigates a common problem users
# found with long hostames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
# In those cases, a "too long for Unix domain socket" ssh error would occur.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path =
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
#pipelining = False
# Control the mechanism for transferring files (old)
# * smart = try sftp and then try scp [default]
# * True = use scp only
# * False = use sftp only
#scp_if_ssh = smart
# Control the mechanism for transferring files (new)
# If set, this will override the scp_if_ssh option
# * sftp = use sftp to transfer files
# * scp = use scp to transfer files
# * piped = use 'dd' over SSH to transfer files
# * smart = try sftp, scp, and piped, in that order [default]
#transfer_method = smart
# if False, sftp will not use batch mode to transfer files. This may cause some
# types of file transfer failures impossible to catch however, and should
# only be disabled if your sftp version has problems with batch mode
#sftp_batch_mode = False
# The -tt argument is passed to ssh when pipelining is not enabled because sudo
# requires a tty by default.
#use_tty = True
[persistent_connection]
# Configures the persistent connection timeout value in seconds. This value is
# how long the persistent connection will remain idle before it is destroyed.
# If the connection doesn't receive a request before the timeout value
# expires, the connection is shutdown. The default value is 30 seconds.
#connect_timeout = 30
# Configures the persistent connection retry timeout. This value configures the
# the retry timeout that ansible-connection will wait to connect
# to the local domain socket. This value must be larger than the
# ssh timeout (timeout) and less than persistent connection idle timeout (connect_timeout).
# The default value is 15 seconds.
#connect_retry_timeout = 15
# The command timeout value defines the amount of time to wait for a command
# or RPC call before timing out. The value for the command timeout must
# be less than the value of the persistent connection idle timeout (connect_timeout)
# The default value is 10 second.
#command_timeout = 10
[accelerate]
#accelerate_port = 5099
#accelerate_timeout = 30
#accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
#accelerate_multi_key = yes
[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context.
#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
# Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes
[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green
#diff_remove = red
#diff_lines = cyan
[diff]
# Always print diff when running ( same as always running with -D/--diff )
# always = no
# Set how many context lines to show in diff
# context = 3

@ -1,2 +0,0 @@
#!/bin/sh
sudo apt-get update && sudo apt-get install python python-apt aptitude

@ -1,8 +0,0 @@
---
- hosts: office general-use
remote_user: root
tasks:
- name: copy nologin
copy: src={{ item.src }} dest={{ item.dest }} backup=no
with_items:
- { src: 'files/nologin', dest: '/etc/nologin' }

@ -1,8 +0,0 @@
---
- hosts: office general-use
remote_user: root
tasks:
- name: delete nologin
file: path={{ item }} state=absent
with_items:
- '/etc/nologin'

@ -1,4 +0,0 @@
***** ATTENTION *****
This machine is temporarily unavailable for system maintence.
See https://csclub.uwaterloo.ca/newsgroup/article.php?id=12268&group=uw.csc for more information.

@ -1,12 +0,0 @@
search csclub.uwaterloo.ca uwaterloo.ca
options rotate timeout:1 attempts:1 ndots:2
# CSC Nameservers
nameserver 2620:101:f000:4901:c5c::4
nameserver 2620:101:f000:7300:c5c::20
nameserver 129.97.134.4
nameserver 129.97.18.20
# IST Anycast (fallback)
#nameserver 129.97.2.1
#nameserver 129.97.2.2

@ -1 +0,0 @@
../roles/core/files/root-dotfiles

@ -1,18 +0,0 @@
#
# Computer Science Club
# Logging
#
# Configure TLS
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/ca.pem
$DefaultNetstreamDriverCertFile /etc/rsyslog.d/cert.pem
$DefaultNetstreamDriverKeyFile /etc/rsyslog.d/key.pem
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer hydrazine.csclub.uwaterloo.ca
$ActionSendStreamDriverMode 1 # TLS-only
# All logs are sent to the log server(s)
*.* @@hydrazine.csclub.uwaterloo.ca:10514

@ -1 +0,0 @@
../roles/auth/files/ssh_known_hosts

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII27ztnAm39AurPIoIsdTFVE+u46EuOwpRizR6D9BG+Y root@aspartame

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4TzqMpguUFMIly6HKTHpKKJrvJmIBWrS7FZSH0JCDsUrwzlYZQSTG1d0uCqO0NG0SV6GsdxcrucLRJajkidoB1RMgaZ/PPOK2a4o94aR09p9lBoE/MX9capCuybLg0EVc1/YTdRxM1wjP9f4Mjp6t5snTZ89RTAdPOg3MjFbveHHQceg0tYbOu3VlNMoove1gh0GBftmLobPnPzUgtMCJ3I2KcXpqTMUJSC01k23DG+M6sRQ7XjuG9P5Q0ly49qtt3p/NSeR6B/kETN3QiI8FQo5VoW2OP1Mpa4sNoBoBs55Wq4XYC1m1vyH3SqU8ExcrZqjI+LbJtYQGpH5BWySv root@honey

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvLvnQ6Ocf/QjojRW5fPrROrsQvSr/8pRVQCNXphs4W root@auth1

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmdYsXyf24OrBn3ZTo1rWZt55ZnE6L5DGYgmvRqwTFlrr0GyqNKSUDu+QL4NlxVRMB8IMe4inpuRb7JZuO47IRqf/KCIgWLfpsd1CMflqc2rYRVYmra2JSQ10DHJb4VGbOqABhkeB4YeTPwImr/BG4FBOm7QCqIu16RzjANXjYtGZq/s72hUhnm4yV36BHtXXaI4Ji7i4IeT2onyxfZyFcC9DcP83GUFOGtjAMumDRpJ5ftek+147gfF3dSvaYj8esFZW4geMoKXBe3B9vYAgH8z4iNbMqDc7NAVOWsvf5dSKiegrIrovNWm6rVWqYAXluJ6nkt1i5wkkM776cUUCn root@aspartame

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJcYRda4/NglHpJDn9CadzN6gkO4ziUI1CZ4KZ6T76G root@auth2

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyXarBOhnkPR2cpeXPrSzBBFY5Wth7SRTuPtY0DLRsIVqAfJ/92pY79AWcvpM0DtoguMscc3iOWKhLpz5gxA3zPUOjloNMvGMHjUzC8Mwi0URJB9nbfpuE5+sHSLIcl26PbvHTTgL4WbsSypAxHNEe3Cc2uZ7JmGgccicXm6r7rQBICWmwQHjkB7rlXYNuY8Kni0lRDWNV45QUpab553wbBw0PZWmnjA1/ft8gN7ppXzBfvdPZy/OBal+7dUsCdBSsiCUu4Fowkqa5wzQP5JrfExmO3fp5mTTKWA1+ige2FJQoLhTtT6WuZ1MiMig2h/5itguxADP9X9/EFxVUsj05 root@auth2

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODyyKCLjh71NswLcYdjjHkGgvUXnru5wvoojQYR2kwH root@bit-shifter

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDzH2lcDDp7S3b42mbpdcO1FySgY0dZQjxn9+90RN9x7HPKIhmuppJ1dkbmUFiDix1NzhO8ea3q2/b7XTjtN19zQP4+sV7eNpLw6O4UjTGAhTc7rWFrDrcQ7i7UAh9iM+DfnQa4BkQHr9j2cjgbvemDaRKSvzJvZXAMYLCu4kIEc+K6Qeer/pj4fcv5bvPuq+/kSsrLLEN/QfShFeKhfpO7e8dGicMuOnvruXUs0pqUXQtmQ2Wyjzouo+al0LnEWkA+7Atm1pg/VHnYIyAtYO615oSd3ExeOrLhZc68klWx3SXzkgywNItOENsq32gVgExyl0yTfVLd3CKwn+3D8Vf root@bit-shifter

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEl/7srK3RCWen+dBNiO1WfWQQqx4yVs+X6M/XRYPjml root@caffeine

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzLf726SMtgFQODIFN0G2WhwMPW6A6zDvd+hLUZWsx5in1rdCAVgtBAnqSlIZQzG+VV6b7VF/vUFg0g8Iku4txwQzE2o0Edln6RWFcEgYgczCY/QdtQ358NyZQ75M/fzM3HyX62cTzkX/nXOLIxGs8O8lmCSRs0D2I5JW4XciFvH4tarlstCflfkiTitqOicpaU+bEKfnXlfbR6tWsm5dp0gFcowtabJnWkuMNxyFSURWfglTrIn/XsEbA9rMdPzSHkpbuibrP9TaRQt+hwph+0fOtb2TlQlH1wu4O8Xi0R/XqlWASjRrXHrU6bMSOqq9Ym4a6oBUDrZMdKdlH48xsQ== root@caffeine

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJT/8C2QZ5eRyIA6Q9ZdDS6naCf9raqEo7hZUhTm+Sm root@cobalamin

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDo5+jPDT0ak6Ox4vk+EPmxNsVgQuLK82IyKvvuPHZ2qJ27ZJ6a1YxE+WiwpmKkF4BfLC0bwMIY5PZ3IUZ+gfVxiA19kddEWa97kmntsOB2oirpv/Ewvv83KflVWwjIiMCS9BlbVwtzhfzaOUec0f7jsqQ1x/J2mvAEt81vgjFeWOqmxGhLQs8sZZzeqQBZyOHral5GvcIfvBbBMAhV8E7KuyjqQsGWqOdrEThEM7a/sNmmawI130PGlOIz6FKcnBZJWxpo0L26cGIEI92lvWRs/NWPaPDtyWuaamkP3PFedAc6kX6pnU+MqZldsbH6bDsPq1iOryU3y8WebdTBGVh9 root@cobalamin

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQYiN9/mUUBcJx4lOCnm9W9n91iKvAY5cfcnoRzNqKU root@corn-syrup

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1Y3qdNiwgOQzHXoDnRozSJ31eGoVYldmG3R2Rwa2rXNUwKVeVx612GxANjPaWrMyJ7bYEI1x7xtfdxKRcz94uumeqnR8cBTNKhxd1vtx0J64TcmezZqZdTAJZ11NVLRp+cuYPNDY62PNRtfjlkXMZ1BX1QFgNQdpARkXkLlDqAkkhaDVMhtXg2/3Z+xe5cizcwAjyeVjWlEpYrg+g2CKnpL6/hF9WZT3OLYsUDqVGZS0tDrS9nOuPuNQFdHZPUdaaNx7Lv+k8D4Yxeauc8EGGD2qEJ3xTh2P7FmaYbDc7s8GIYHa1lKh87ZULNyD6G5ieLYjSCjyHjVrmFVJM8woyw== root@corn-syrup

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJakT99tON1ug7OGL8nAoelggn5kVIkU5ZJcgcYYQeDf root@dextrose

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkn3oIB0ubCLlriCIYFNR7z7i5wOm/GmPnt94eOjVk21RKzo4jJeczYX/OjvqNPTqeYgsOknoSjNPZ9EwkARe9XmhjIhRYsSrQeQH2i59WQTzg9EqnrdwuxHfEkO2X3CBBp6clftjONK8Wm7IwlfrUHssbTNczCuxyNrVP8hapXJuv69GQCqi4DTHEnswynjrh47iEgp0m/q7Q8leb98vfJd6a1fQrTqP7/+XJ6/h4cT5+tnwIC3BlnzzJYqzvK0FePYNZEf1TGFTZ2f5PzHAQo8IQQOLH2/Qiv43FgUSWanm3DO94C2IOO7vvHyZFXtktfmxoAGnm8E5ppEP6UR/3 root@dextrose

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxpuwKe9wYy992ulrBbTS8Ag0Y9YsBuFItwipix3mAA root@glomag

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdFFZ8VdVK0rtWAfTZdM5MoI6P+Lqpo8FPqeXK9crwxutbaTgyj8JHBayCCEVrPciuddJ181ysvEae1d/0kNykhvJBUPwWIi66s1yCU93TNYvjfpxYrMLuDrQa0dh6cjavdjRbbzoi96I1DCt90X7TbDQHKGglf1Kg3a+3QyDk9b1T4+goC5uiHHJaI7wpdSZp5v7a9F9cnMPAdHSeoKtzKf4M0umzEd+XEXJQQT/ZlxGaL0SGPBN/7Lz+7ddpI8r2ApOgSaiBLZD+64wJHks/BtXD3nzfn4V8a+JnMIJ0pNc4vPMJU4/kdIrW00jAHv5UG+q7Ke6p03EETtIUaHab root@glomag

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDzFSHEDNnprhxJ9IvjtHvud65CEP28tTObEGMewGhg root@gwem

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEMf5K0/8T88rXxBZeTh1qkdR/QxpShJsSHeh2KbEyHLyhJn26tudtzZojD93xt+LeZvL+Hi0bEkWgfVEX3WWbmetrePjd9Mcz+E7ND38n2oGYl/ddcNlUcVm1J4R+YI6G9pPfOa66yHeYeWFXGZEJRsJbZjI1r64GOjsm2cLP0+V7xlwPPe7lQFOcCRbfyKBEVaeipn4MUzXS0bRra1hxxB745FrvauJtM6HUQcaey+NKOczt+9ZiXGuklj3/qrGsiMg5K3rmRYbQWAbA2OELPwthgX3uP4FzH6XWjo6qYSRZBhytQcgRS8vqdlux1kcL19QCiv5aP/FlwDl4qqf9 root@gwem

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINx6o3+z5wJxIs9zYSvf/bwzsWI5Nm27Sf/F3kvp0aYs root@high-fructose-corn-syrup

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/XkcWvw/JAagtCFymBySJpnPjx0Uk0KTDDtdwNqeHH4/GvN0R8KWQNLg/2eJpGNIt8geTyake7Hg879rrHEh4RZrDkz9Zu8yTrV8nGGf2tZ58NmEo0CQn7I3wziNcJHpl1MQUXmtua8buvUNL+l7F+yag3u+ElPeQd7KAUparF2n9pz06kK4U3XEvimgOnTqbJaqP39ki/EjmUhi0I6LvzpoOdA6/06IM+EkVi58l5mu1vBffUpzKQXIOSJf3j4y/zEYqEkO7rHWdZJn0CVMG+cfYxry+GC3CRonw5MdemzU3wd+e4KI/zsdvfXBJwqnhAIN6Jq1hbtodLZYODp/v root@high-fructose-corn-syrup

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyt77ru/ViAIvaw9Nca9zL8Gqv5VwNGZnW7LCQu+9WP root@mail

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTas45BY/7HZjNUgwJtBSOMNVK+/eMM3r3EJyXMaNbnsSa0SrZgXmu0oA39uYHZD++ejn8tYsGqTtTHgIIcCAgrFWJykzGS35lq/t4YcqWqJLbTO2UiNwbi+VBEHWSRF5+vmYgO8ApuksULLsTy2PwfV6OoAqWtLiKcS2nmTRYuRqJlBNPkEVDjgREseRS+uFPK42cEhL3NNvHaHOxd5s9iamWFPVyH4s55MIASNMFzy3O3FD0Ewg60sTqBt1i4bqZcEC+ONYkm8/QFEJNcldIyn2XPN2FhfQ6QhCHnC/X1Z7ok2LFDsYo4rNd0eQrwIiK4KhwlwQg5/eJhTgbcig/ root@glomag

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINpo9EqfEkFPRj6AVsk2XwGT9eM6OtnSRxfOrV/cdrOJ root@maltodextrin

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINydeWNmqn3PAtvR4mJwI1equy5a5QYmWLqbbU4g2BxMt/t231bP0/MSgjk2hDslu96aYUREZjx0bgx0M9dlcaiy7UqXESXL1wROPAGqH35F4ZLH1HRkxI6b2vfysh3F2bfh+6A30ItstyFh3N5BsJufE+S1iSyTVxdJ9SLLi/0mC7pOymV3HEVG/B4EgSqk4MDBYVPO+jI5iKwDbcitvnXq7MxGQT/Svr9QHfK5o8Drl3gD46ZhF7JtKQ0ewivcfPnulhQkraVo6CaqnXerUPXGZn2JSURh8IRL/xLj8mHuZ75/rpQZnsUdOXIGYMqEOIthL5j3HGXR6pg3lHKlf root@maltodextrin

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIc2OFHM1FI9SLnd94+H8eExdmwRnQQO5axNZBdPR0Xk root@munin

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGasfjpaAvGwIFaDUd7MVs+hlnXKbFuzz07lUkAH7LvtqQdfNi6ytBLar+xy52O2e8Dx1Id+zQIgy+69+mDY3ewJZ528CIlKTOutJIDQq9gr9NngZwVnz1Jhn5otFgRMcGRDjVcvU7Y+/krP1Tlty12Udi9Bxe0d3gbysMsQTmLqo/JgfjQ1TlfQqJbUQNFUESTX9lgxvRN+IZpI+924EphJ5dz5Yt9IP9D60BnLOPgG0Lo0QEUom6S32gE9aKSFp6Zd6bSTgMYM+zGRaLX36uwFF+SW36QxvhJOjoOXsTRJd0ASwcresqj1fIPhohYkwhpeBgR6O1uLSuhfklFY/z root@glomag

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8aYjlkPSts9u/HHwG3MPWPqvYx1eQ8EyfsHdQZvQmH root@natural-flavours

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxB8N1u+o/74IImggUHbW3l5TL6DhU2woDXxBS5h1e/tNlWpPWiAZUym8WQEARfPFwgKuz/lpGEPXHB4RjxBUO3XD06MqIltqAok231GB5JkjUxIV+0+prqNYn+69ddWGigNMHngy2x2K/hyb4nk2TmvqtYFPJAZvhv8YcVwQ6KZytWlOT0RtkLWr4NG+JpcUqFRbaAfD9Bb5xUTBmeEPTV2tE/XDOttA6unSl2bwZUhy6E5A5znk0/FashGCr/tpDeq2Sm7Fg4TGf/LX3TQU8myXL7aJxjOZlQ09LF/r4k8Vx7lQjZ6OF3UxIs52yrv5RaiIkCOb+FW6AlPSJZL9Jw==

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtLKp5XuE2o/rC6Is8nAebfBlTO23n2uy5rTnGbh6MK root@netbox

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBWgjnv2JxsoPSc3uGsV/8AcyHaxdRcZhO41qR1mfCOwHV/url8c69srx3k5s+dGwo+4Xiwgm6X4Zv0JdV/ALW2QWcBl0pSMansU/At0IUcEh5uPHqDn8iHaA5SFkCfAcfMLRgqIeloXTbCHdi5pVRjM1LhXjFBl6WAP7sDbA76SYuEb80ujZe1stojJbaHHMd9iEXmFdt5UZwktCqdsMFwNHTv1caf4Tc78CirBg3CqBVKWKHo4IXwYneBrX4CnBr9HJwaLVKzFZcg1TYFCuHfizOEKCOSsM1ZZA9l+68Oeza0oQq1PI0FvtpFPpWSRUN/OA1tPrJgcpnbEsf8Knr root@netbox

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGEBbBWfDxURsUChomUCxt0cTXGt0tfLzcVDJrg50oK6 root@nullsleep

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzJXI0yFebeqYl1tZICq8+B4WVyO9d9BvegKFxHaABeITyRfGpx/fO9gO7RgVKlpvOPI3fPWM7OiMwi471QNZcsEUxXshYgNfdiNCaMHcEBFYOx12moKhE1mo/KKyCdfhxel6Lt2Nq2sE2HpMo59vfM768RUCBlAIQWvfMUusnD47TO+sH5fE+MycKxDRg55kjGBB/K3+y+EO8mJ1ZV5CISlMCh8EL5HeOf8zh/ZX5B7v5PYlbKcyGBef0YjOulAoEal3XuqVnEF99bdgFCMdd/rOa/Cgq/44lubMBgwux770K/pgPz5OktOTFreH19P1lVmnOLQi2nGVue3Ljw8A4w== root@nullsleep

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQTR2Zui8kaLLiQeBFDkkvdVEJ6+rL9Ez2QIMWJgu0Z root@potassium-benzoate

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDO4ZqQ8XG7fmM1o6v6g3Ac+ljP6j4HnyrPA9dNjVWMxjM0KhxOtKWQZufAFcLBvmh/myK13cJnnrHYjq+ZIc4SH2LRTW/nu9Tdsj/BPbCiNQrAk8JLv4fJJVhysT3XWRlvJaN7xTwUdQ+EEPSHFj0KB5OevONwlNqQ+2GKGrkDRnslxY1Twgj+6WxGvY+mFBpid+v2K8ypb96zNOI2azwUvRMrFpgntRrqCiWbvsy4KZEikhSv/VumTb9YlyyjqMhqJgv7zKAbYf/VrlSHvO1pb9lbEGZmaS1P27m7sr5dfHMy5YeAG4NCwtsXXz8vz9zl9LzS08/Eb93rk7NiX17r root@potassium-benzoate

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhh51yhgdLUI9bq69aqtw1rrPo/y8O5339gaBFEH2am root@rt

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvHWacOC003Qkp9hzBOBeH52MvYJkvSSbRgKdmaUVR5HB/MlqPNnp3tfw1kF3gdtM0PUU1NbZ94c7rRWRWYIOavkNr6hXzDFHACX7VGub8Hg6024IuoVRnmvgDcm6rnRxedvhN4OLpXlePXcmbtXQ302861cyKXTAzup0O5hAbuEqGvUhtR8bt3ATW5ucYmU+JinlV6gMcCz6UH69X3dj037mu5IxLJoSaknT6v9Zm5tsK2EfFe6/CqLN6tKyBuBWegdcXTJ1hNVCAIL5Ayz3wqcuPcRV25hTFddcNXUYGSnwUUk2rO1sSb0X9/RQ/OiH5bdVtSel0gi28Ap5+d0jd root@rt

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqTJmG62zeZGMmHOD+caw0XvGznpfhPaAJEJnWrMdRr root@sodium-benzoate

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6rKVV1vf0TEM+80e2uCcsoTvoLQMNJHBvRnBIlrSBTZRctVFAydGLa4UhPdNIE/n/83DuVytZ4c0VS3ASi+7O+AA+NlW+KayKYnD6afzqxRrbMQPdOhFu4GN0q0MXJs3xIl1g0+OmI7RUdesvbZYJBY0uCsjH2Y6u/paqmTkMyr11Tk12iVEBvwnaH1HBdsN4ZnHGQWA58mUYZHBz1TxoGCp4o7vMStoOlJb5a2xS39RhPHp67lA5H0/51uwG6Lj5NHxr8w2OBst6722cxF2/fxl03LmEQM17uy9muiAi7igggO0Iu2IHMpNlanMRnkzypuGqKN1LHWJ1rJNr1MZlQ== root@sodium-benzoate

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcAk96AtqG1gJd0yc5YQbBHZlzq8/0MXf2b/q7Z3ZGo root@strombola

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZhdxHj587MfoUcfTR72ouS1VeRaivD9ZpbAULl7od73Uo4xff/sIuT4hhm+gyQGW9gKA1mQfuhJ34nXnEulaWk3R8dWMxwn0lRElvbIG+bcrCCinKNU2RRoLOCh2cmri4bEF8PaejN/kt91CSRRT4Sko1tG7P58GedrOAxJDmsq7zHoTm9JTAJBa9AuPo6TgurXLN+6zQ+eCvBERcMgPLG8G2bhZg37c/scdI59s0om1oc6LcOSgGkF3yxmBmkSxvworr8rCXzVWhUvbNAdd0P8CI0zBOxxWuUi1/Q0PeRyFmI/T+6DvOuzXKdQgpOZj9dR4rfJb04V/s3C3d+DA1 root@strombola

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxM7kOFiqijhaYQyXADyXk0ktjp4OvZTk/auOSuYltw root@sucrose

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPDNlOisklAHEpwXuw+HhHK8WzNRX+unks07c5JPOwDHKdwNj/q0H3Jp1avsfGwwVM3P+mALxi0gk2GBCT4MvOuv0GLiNoKJWz4mwADZcCb7FEdKqlRdpckVcHRNJSIA5lRrkb6IlegF0o8f+y5c+zTZE/4Pa61bIIUvU0hS4rtdvIaCd9x066Rutgl3taQ2tW8btmK7F+pWoTKiaz9KTt0hUcr/SGSrMtI9VNdD1Dt7sAyTqYz6v2OLRlTTF1Q5u2eYlNy9s7dlwHrHrwNgGildU2S/WvIZ0hLBLfU5yCuOocJUGoQdjCA/IbHVnl5jFhDiEJ6eD6jo23nVFWwnNL root@sucrose

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFu35kh6YDpTfwmtFpdB8ZUl5hAy4l3q9QGCYL50JFD root@taurine

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAx69z3QCtSccheSYSqpMHeJUuoco3rfNZfCNuopQDc87RRO9vhqMg1K8cE0RiViY8/ksQ0VDT3LC2WyBCa2p1NJ+TU+ZB4bKpcR0SAH1/pagZvaI+wXq4jYeGzZSHnh2Uh0n5Tt2AycU8sOGs2OyPP3/uYuXOa3DW52ooZsvV61pSJwB7Kne3P/MpXTsOC6zcENVnXypv5dWeWY/0jOYO2WMBkjIsYdqj/4sPx0IIIqR9OKGuxaDVbcXhkC7Uqz5NOQ8r/lfueojWePo2ExuJUsyzv5FFD9Lls3U+gjekTQvNZtyqcx1hCfEFn3Hz87wZvhV6F9394zEU9A0z8X8nMQ== root@taurine

@ -1,7 +0,0 @@
---
- hosts: all
gather_facts: no
become: yes
tasks:
- name: fix ssh_known_hosts permissions
file: path=/etc/ssh/ssh_known_hosts mode=0644

@ -1,8 +0,0 @@
---
- hosts: all
tasks:
- name: get fingerprints
fetch: src={{ item.src }} dest={{ item.dest }} flat=yes
with_items:
- { src: '/etc/ssh/ssh_host_rsa_key.pub', dest: 'fingerprints/{{ ansible_hostname }}_rsa.pub' }
- { src: '/etc/ssh/ssh_host_ed25519_key.pub', dest: 'fingerprints/{{ ansible_hostname }}_ed25519.pub' }

@ -1,50 +0,0 @@
#!/bin/bash
echo '<?xml version="1.0"?>'
echo '<!DOCTYPE cscpage SYSTEM "../csc.dtd">'
echo '<cscpage title="SSH Key Fingerprints">'
echo '<header />'
echo '<section title="Machine SSH Key Fingerprints">'
echo '<table>'
echo '<tr>'
echo '<th>Machine Name</th>'
echo '<th>Key Type</th>'
echo '<th>Fingerprint</th>'
echo '</tr>'
for host in $(ls fingerprints | egrep -oh '[^_]+' | egrep -v '.pub' | sort -u )
do
for ktype in rsa ed25519
do
none=0
sha256=$(ssh-keygen -lE sha256 -f fingerprints/${host}_${ktype}.pub)
md5=$(ssh-keygen -lE md5 -f fingerprints/${host}_${ktype}.pub)
if [ ! $? -eq 0 ]
then
none=1
fi
echo '<tr>'
echo '<td>' ${host} '</td>'
echo '<td>' ${ktype} '</td>'
if [ ${none} -eq 0 ]
then
echo '<td><pre>'
echo $(echo ${sha256} | awk '{print $2}')
echo $(echo ${md5} | awk '{print $2}')
echo '</pre></td>'
else
echo '<td><pre>(none)</pre></td>'
fi
echo '</tr>'
done
done
echo '</table>'
echo '</section>'
echo '<footer />'
echo '</cscpage>'

@ -1,7 +0,0 @@
---
- hosts: all
become: yes
become_method: sudo
roles:
- generate-hosts
- cleanup

116
hosts

@ -1,106 +1,10 @@
[new-office]
[bare-metal:children]
general-use-bare-metal
syscom-bare-metal
mirror
audio-sink
[containers:children]
general-use-containers
syscom-containers
[general-use:children]
general-use-bare-metal
general-use-containers
[general-use-bare-metal]
corn-syrup.csclub.uwaterloo.ca
hfcs.csclub.uwaterloo.ca
sucrose.csclub.uwaterloo.ca
taurine.csclub.uwaterloo.ca
[general-use-containers]
caffeine.csclub.uwaterloo.ca
[general-use-containers:children]
webnodes
[webnodes]
caffeine-00.csclub.uwaterloo.ca
caffeine-01.csclub.uwaterloo.ca
[office]
bit-shifter.csclub.uwaterloo.ca
gwem.csclub.uwaterloo.ca
maltodextrin.csclub.uwaterloo.ca
natural-flavours.csclub.uwaterloo.ca
strombola.csclub.uwaterloo.ca
[syscom:children]
syscom-bare-metal
syscom-containers
cloud
[syscom-bare-metal]
aspartame.csclub.uwaterloo.ca
dextrose.csclub.uwaterloo.ca
cobalamin.csclub.uwaterloo.ca
glomag.csclub.uwaterloo.ca
potassium-benzoate.csclub.uwaterloo.ca
sodium-benzoate.csclub.uwaterloo.ca
yerba-mate.csclub.uwaterloo.ca
guayusa.csclub.uwaterloo.ca
coffee.csclub.uwaterloo.ca
[cloud]
db1.cloud.csclub.uwaterloo.ca
controller1.cloud.csclub.uwaterloo.ca
network1.cloud.csclub.uwaterloo.ca
block1.cloud.csclub.uwaterloo.ca
object1.cloud.csclub.uwaterloo.ca
web1.cloud.csclub.uwaterloo.ca
router1.cloud.csclub.uwaterloo.ca
ginkgo.csclub.uwaterloo.ca
[syscom-containers]
auth1.csclub.uwaterloo.ca
auth2.csclub.uwaterloo.ca
mail.csclub.uwaterloo.ca
munin.csclub.uwaterloo.ca
rt.csclub.uwaterloo.ca
netbox.csclub.uwaterloo.ca
logstash.csclub.uwaterloo.ca
dns1.csclub.uwaterloo.ca
dns2.csclub.uwaterloo.ca
cifs.csclub.uwaterloo.ca
mattermost.csclub.uwaterloo.ca
shibboleth.csclub.uwaterloo.ca
test-ipv6.csclub.uwaterloo.ca
etcd-mc.csclub.uwaterloo.ca
etcd-dc.csclub.uwaterloo.ca
etcd-phy.csclub.uwaterloo.ca
prometheus.csclub.uwaterloo.ca
[syscom-containers:children]
load-balancers
[audio-sink]
nullsleep.csclub.uwaterloo.ca
[mirror]
potassium-benzoate.csclub.uwaterloo.ca
[load-balancers]
load-balancer-01.csclub.uwaterloo.ca lb_priority=110
load-balancer-02.csclub.uwaterloo.ca lb_priority=100
[cloud-csc-club-managed:children]
club-iie
club-uwarc
[club-iie]
wiki.iie.csclub.cloud
[club-uwarc]
wiki.uwarc.csclub.cloud
test:
children:
debian:
hosts:
neotame: {}
mannitol: {}
vars:
ansible_user: root
vars:
ansible_ssh_private_key_file: ~/.ssh/id_rsa

@ -1,15 +0,0 @@
---
- hosts: caffeine-00.csclub.uwaterloo.ca
become: yes
become_method: sudo
roles:
- common
- core
- container
- devel
- generate-hosts
- auth
- csc-packages
- general-use
- static-ipv6
- cleanup

@ -1,19 +0,0 @@
---
- hosts: office
become: yes
become_method: sudo
roles:
- common
- core
- hardware
- devel
- generate-hosts
- auth
- csc-packages
- nfs
- general-use
- general-use-gui
- audio-client
- static-ipv6
- kill-user-processes
- cleanup

@ -1,11 +0,0 @@
---
- hosts: prometheus.csclub.uwaterloo.ca
become: yes
become_method: sudo
roles:
- common
- core
- container
- static-ipv6
- auth
- cleanup

@ -1,15 +0,0 @@
---
- hosts: wiki.uwarc.csclub.cloud
become: yes
become_method: sudo
roles:
- common
- core
- static-ipv6
- hardware
# - virtualization-host
# - generate-hosts
- auth
# - csc-packages
# - nfs
- cleanup

@ -1,13 +0,0 @@
---
- hosts: load-balancers
become: yes
become_method: sudo
serial: "50%"
pre_tasks:
- name: stop keepalived (to remove from rotation)
service:
name: keepalived
state: stopped
roles:
- load-balancer
- cleanup

@ -1,8 +0,0 @@
---
- hosts: all
remote_user: root
tasks:
- name: mount NFS
command: mount {{ item }}
with_items:
- /scratch

@ -1,9 +0,0 @@
---
- hosts: all
remote_user: root
tasks:
- name: mount NFS
command: mount {{ item }}
with_items:
- /users
- /music

@ -0,0 +1,11 @@
---
- hosts: test
become: true
roles:
- core
- csc-auth
- csc-packages
- csc-filesystems
- general-use
- devel
#- gui

@ -1,97 +0,0 @@
# (C) 2012, Michael DeHaan, <michael.dehaan@gmail.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import time
import json
from ansible.utils.unicode import to_bytes
# NOTE: in Ansible 1.2 or later general logging is available without
# this plugin, just set ANSIBLE_LOG_PATH as an environment variable
# or log_path in the DEFAULTS section of your ansible configuration
# file. This callback is an example of per hosts logging for those
# that want it.
class CallbackModule(object):
"""
logs playbook results, per host, in /var/log/ansible/hosts
"""
CALLBACK_VERSION = 2.0
CALLBACK_TYPE = 'notification'
CALLBACK_NAME = 'log_plays'
CALLBACK_NEEDS_WHITELIST = True
TIME_FORMAT="%b %d %Y %H:%M:%S"
MSG_FORMAT="%(now)s - %(category)s - %(data)s\n\n"
def __init__(self):
super(CallbackModule, self).__init__()
if not os.path.exists("./logs"):
os.makedirs("./logs")
def log(self, host, category, data):
if type(data) == dict:
if '_ansible_verbose_override' in data:
# avoid logging extraneous data
data = 'omitted'
else:
data = data.copy()
invocation = data.pop('invocation', None)
if invocation['module_name'] == 'setup':
data = json.dumps(data)
else:
data = json.dumps(data, indent=3, sort_keys=True, separators=(',', ': '))
if invocation is not None:
data = json.dumps(invocation, indent=3, sort_keys=True, separators=(',', ': ')) + " => %s " % data
path = os.path.join("./logs/", host)
now = time.strftime(self.TIME_FORMAT, time.localtime())
msg = to_bytes(self.MSG_FORMAT % dict(now=now, category=category, data=data))
with open(path, "ab") as fd:
fd.write(msg)
def runner_on_failed(self, host, res, ignore_errors=False):
self.log(host, 'FAILED', res)
def runner_on_ok(self, host, res):
self.log(host, 'OK', res)
def runner_on_skipped(self, host, item=None):
self.log(host, 'SKIPPED', '...')
def runner_on_unreachable(self, host, res):
self.log(host, 'UNREACHABLE', res)
def runner_on_async_failed(self, host, res, jid):
self.log(host, 'ASYNC_FAILED', res)
def playbook_on_import_for_host(self, host, imported_file):
self.log(host, 'IMPORTED', imported_file)
def playbook_on_not_import_for_host(self, host, missing_file):
self.log(host, 'NOTIMPORTED', missing_file)

@ -1,27 +0,0 @@
---
- hosts: all
become: yes
tasks:
- name: Disable resolvconf
service: name={{ item }} state=stopped enabled=no
with_items:
- resolvconf
- systemd-resolved
ignore_errors: yes
- name: Remove resolvconf
package:
name: resolvconf
state: absent
- name: Remove immutable on resolv.conf
command: chattr -i /etc/resolv.conf
- name: Copy resolv.conf
copy:
src: resolv.conf
dest: /etc/resolv.conf
# attributes: 'ie'
- name: Set immutable on resolv.conf
command: chattr +i /etc/resolv.conf

@ -1,4 +0,0 @@
---
- name: Install apache2
package: name=apache2 state=latest

@ -1,168 +0,0 @@
#!/usr/bin/pulseaudio -nF
#
# This file is part of PulseAudio.
#
# PulseAudio is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# PulseAudio is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
# This startup script is used only if PulseAudio is started per-user
# (i.e. not in system mode)
.nofail
### Load something into the sample cache
#load-sample-lazy x11-bell /usr/share/sounds/freedesktop/stereo/bell.oga
#load-sample-lazy pulse-hotplug /usr/share/sounds/freedesktop/stereo/device-added.oga
#load-sample-lazy pulse-coldplug /usr/share/sounds/freedesktop/stereo/device-added.oga
#load-sample-lazy pulse-access /usr/share/sounds/freedesktop/stereo/message.oga
.fail
### Automatically restore the volume of streams and devices
load-module module-device-restore
load-module module-stream-restore
load-module module-card-restore
### Automatically augment property information from .desktop files
### stored in /usr/share/application
load-module module-augment-properties
### Should be after module-*-restore but before module-*-detect
load-module module-switch-on-port-available
### Load audio drivers statically
### (it's probably better to not load these drivers manually, but instead
### use module-udev-detect -- see below -- for doing this automatically)
#load-module module-alsa-sink
#load-module module-alsa-source device=hw:1,0
#load-module module-oss device="/dev/dsp" sink_name=output source_name=input
#load-module module-oss-mmap device="/dev/dsp" sink_name=output source_name=input
#load-module module-null-sink
#load-module module-pipe-sink
.nofail
load-module module-tunnel-sink server=nullsleep cookie=/users/audio/.pulse-cookie
.fail
### Automatically load driver modules depending on the hardware available
.ifexists module-udev-detect.so
load-module module-udev-detect
.else
### Use the static hardware detection module (for systems that lack udev support)
load-module module-detect
.endif
### Automatically connect sink and source if JACK server is present
.ifexists module-jackdbus-detect.so
.nofail
load-module module-jackdbus-detect channels=2
.fail
.endif
### Automatically load driver modules for Bluetooth hardware
.ifexists module-bluetooth-policy.so
load-module module-bluetooth-policy
.endif
.ifexists module-bluetooth-discover.so
load-module module-bluetooth-discover
.endif
### Load several protocols
.ifexists module-esound-protocol-unix.so
load-module module-esound-protocol-unix
.endif
load-module module-native-protocol-unix
### Network access (may be configured with paprefs, so leave this commented
### here if you plan to use paprefs)
#load-module module-esound-protocol-tcp
#load-module module-native-protocol-tcp
#load-module module-zeroconf-publish
### Load the RTP receiver module (also configured via paprefs, see above)
#load-module module-rtp-recv
### Load the RTP sender module (also configured via paprefs, see above)
#load-module module-null-sink sink_name=rtp format=s16be channels=2 rate=44100 sink_properties="device.description='RTP Multicast Sink'"
#load-module module-rtp-send source=rtp.monitor
### Load additional modules from GConf settings. This can be configured with the paprefs tool.
### Please keep in mind that the modules configured by paprefs might conflict with manually
### loaded modules.
.ifexists module-gconf.so
.nofail
load-module module-gconf
.fail
.endif
### Automatically restore the default sink/source when changed by the user
### during runtime
### NOTE: This should be loaded as early as possible so that subsequent modules
### that look up the default sink/source get the right value
load-module module-default-device-restore
### Automatically move streams to the default sink if the sink they are
### connected to dies, similar for sources
load-module module-rescue-streams
### Make sure we always have a sink around, even if it is a null sink.
load-module module-always-sink
### Honour intended role device property
load-module module-intended-roles
### Automatically suspend sinks/sources that become idle for too long
load-module module-suspend-on-idle
### If autoexit on idle is enabled we want to make sure we only quit
### when no local session needs us anymore.
.ifexists module-console-kit.so
load-module module-console-kit
.endif
.ifexists module-systemd-login.so
load-module module-systemd-login
.endif
### Enable positioned event sounds
load-module module-position-event-sounds
### Cork music/video streams when a phone stream is active
#load-module module-role-cork
### Modules to allow autoloading of filters (such as echo cancellation)
### on demand. module-filter-heuristics tries to determine what filters
### make sense, and module-filter-apply does the heavy-lifting of
### loading modules and rerouting streams.
load-module module-filter-heuristics
load-module module-filter-apply
# X11 modules should not be started from default.pa so that one daemon
# can be shared by multiple sessions.
### Load X11 bell module
#load-module module-x11-bell sample=x11-bell
### Register ourselves in the X11 session manager
#load-module module-x11-xsmp
### Publish connection data in the X11 root window
#.ifexists module-x11-publish.so
#.nofail
#load-module module-x11-publish
#.fail
#.endif
### Make some devices default
#set-default-sink output
#set-default-source input

@ -1,8 +0,0 @@
#!/usr/bin/env bash
if [[ `hostname -f` = nullsleep.csclub.uwaterloo.ca ]]; then
MPD_HOST="/var/run/mpd/socket" /usr/bin/ncmpcpp "$@"
else
ssh nullsleep.csclub.uwaterloo.ca -t ncmpcpp "$@"
fi

@ -1,11 +0,0 @@
---
- name: copy over default.pa to enable pumping audio to nullsleep
copy: src={{ item.src }} dest={{ item.dest }}
with_items:
- { src: 'default.pa', dest: '/etc/pulse/default.pa' }
- name: Copy ncmpcpp client script
copy: src={{ item.src }} dest={{ item.dest }} backup=no mode=0755
with_items:
- { src: 'ncmpcpp', dest: '/usr/local/bin/ncmpcpp' }

@ -1,91 +0,0 @@
---
- name: install libpam-csc
when: "'syscom' not in group_names and 'club-uwarc' not in group_names"
apt: name=libpam-csc state=latest
- name: install required aptitude packages