public
/
ansible-playbooks
13
0
Fork 0
Code Issues 8 Pull Requests Projects Releases Wiki Activity

update_2022 #14

Merged
sysadmin merged 9 commits from update_2022 into master 2022-10-15 22:46:24 -04:00
Conversation 0 Commits 9 Files Changed 85 +298 -1126
85 changed files with 298 additions and 1126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.config/ansible-lint.yml Normal file
View File

@ -0,0 +1,3 @@
skip_list:
- yaml[indentation]
- package-latest

1
.gitignore vendored
View File

@ -4,3 +4,4 @@ logs/
generate-hosts/
generate-hosts-*/
*.retry
venv

30
README
View File

@ -6,10 +6,32 @@
Ansible playbooks of the University of Waterloo Computer Science Club.
** Usage **
To run a playbook and request a user's ssh/sudo password:
** 2022 Playbook Modernization **
If a playbook is not in this list, it is not guaranteed to work.
- [x] test-playbook.yml
- [x] gather-ssh-fingerprints.yml
- [x] upgrade-ceo.yml
`ansible-playbook -kK -b test-playbook.yml`
** Deps **
1. Install pipx
```
sudo apt install python3-pip python3-venv
python3 -m pip install --user pipx
python3 -m pipx ensurepath
```
2. Install ansible and ansible-lint
```
pipx install --include-deps ansible
pipx install ansible-lint
```
** Usage **
To run a playbook and request a user's sudo password:
`ansible-playbook test-playbook.yml`
** OLD **
To run a playbook as a different user (for example to provision a new system
that doesn't have sssd yet):
@ -18,4 +40,4 @@ that doesn't have sssd yet):
To run a playbook starting at a certain spot:
`ansible-playbook -kK -b install-office-terminal.yml --start-at-task='enable magic sysrq'`
`ansible-playbook -kK -b install-office-terminal.yml --start-at-task='enable magic sysrq'`

6
ansible.cfg
View File

@ -6,15 +6,17 @@ nocows = 1
timeout = 60
# Inventory
inventory = hosts
inventory = inventory.yaml
# Logging
log_path = ansible.log
# Plugins
callback_plugins = plugins/callback/log_plays/
#callback_plugins = plugins/callback/log_plays/
[ssh_connection]
#ssh_args = -o ServerAliveInterval=30 -o ControlMaster=no
[privilege_escalation]
become_ask_pass= True

2
disable-login.yml
View File

@ -1,5 +1,5 @@
---
- hosts: office general-use
- hosts: office general_use
remote_user: root
tasks:
- name: copy nologin

2
enable-login.yml
View File

@ -1,5 +1,5 @@
---
- hosts: office general-use
- hosts: office general_use
remote_user: root
tasks:
- name: delete nologin

18
files/rsyslog.conf
View File

@ -1,18 +0,0 @@
#
# Computer Science Club
# Logging
#
# Configure TLS
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/ca.pem
$DefaultNetstreamDriverCertFile /etc/rsyslog.d/cert.pem
$DefaultNetstreamDriverKeyFile /etc/rsyslog.d/key.pem
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer hydrazine.csclub.uwaterloo.ca
$ActionSendStreamDriverMode 1 # TLS-only
# All logs are sent to the log server(s)
*.* @@hydrazine.csclub.uwaterloo.ca:10514

1
files/ssh_known_hosts
View File

@ -1 +0,0 @@
../roles/auth/files/ssh_known_hosts

66
files/ssh_known_hosts Normal file
View File

@ -0,0 +1,66 @@
auth1.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmdYsXyf24OrBn3ZTo1rWZt55ZnE6L5DGYgmvRqwTFlrr0GyqNKSUDu+QL4NlxVRMB8IMe4inpuRb7JZuO47IRqf/KCIgWLfpsd1CMflqc2rYRVYmra2JSQ10DHJb4VGbOqABhkeB4YeTPwImr/BG4FBOm7QCqIu16RzjANXjYtGZq/s72hUhnm4yV36BHtXXaI4Ji7i4IeT2onyxfZyFcC9DcP83GUFOGtjAMumDRpJ5ftek+147gfF3dSvaYj8esFZW4geMoKXBe3B9vYAgH8z4iNbMqDc7NAVOWsvf5dSKiegrIrovNWm6rVWqYAXluJ6nkt1i5wkkM776cUUCn
auth1.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvLvnQ6Ocf/QjojRW5fPrROrsQvSr/8pRVQCNXphs4W
auth2.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyXarBOhnkPR2cpeXPrSzBBFY5Wth7SRTuPtY0DLRsIVqAfJ/92pY79AWcvpM0DtoguMscc3iOWKhLpz5gxA3zPUOjloNMvGMHjUzC8Mwi0URJB9nbfpuE5+sHSLIcl26PbvHTTgL4WbsSypAxHNEe3Cc2uZ7JmGgccicXm6r7rQBICWmwQHjkB7rlXYNuY8Kni0lRDWNV45QUpab553wbBw0PZWmnjA1/ft8gN7ppXzBfvdPZy/OBal+7dUsCdBSsiCUu4Fowkqa5wzQP5JrfExmO3fp5mTTKWA1+ige2FJQoLhTtT6WuZ1MiMig2h/5itguxADP9X9/EFxVUsj05
auth2.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJcYRda4/NglHpJDn9CadzN6gkO4ziUI1CZ4KZ6T76G
biloba.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdi13l04LP2XMUh3cBQJK1wxPQIDd4X4dUJe2Q8t7mbF2aBbuhPRvCWqmVADzbHio7Bhw3duHRg8BsdByJXYBz2JC/BVSm4CsxWRn8M2MsvVdz/TZqb7kvoFcQgGOtDY3IFBe3IyQPssbA9RAi0XX+z/p8tJff2v6Zs6v6pEmhOT6LGB6gqwtkOqamvvadGhFqIqs3RcrCkRDuvYU8vg6yFZpNeorJjQjA2Gqj/8PvZYOMOdd1G39Xtfn/klff0zfMgG6UmC3ki3Rc3quiUCfmZ2wZcNWvryKlNtlykhnUm68gBSfV4jdqpoNvXpN+VM1xtJ7odFR+tRIXmMnqkNQt
biloba.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE4LtcwS3RYxhPENftd//ejt9QNQqRqMLbT1iULtk7cN
bit-shifter.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDzH2lcDDp7S3b42mbpdcO1FySgY0dZQjxn9+90RN9x7HPKIhmuppJ1dkbmUFiDix1NzhO8ea3q2/b7XTjtN19zQP4+sV7eNpLw6O4UjTGAhTc7rWFrDrcQ7i7UAh9iM+DfnQa4BkQHr9j2cjgbvemDaRKSvzJvZXAMYLCu4kIEc+K6Qeer/pj4fcv5bvPuq+/kSsrLLEN/QfShFeKhfpO7e8dGicMuOnvruXUs0pqUXQtmQ2Wyjzouo+al0LnEWkA+7Atm1pg/VHnYIyAtYO615oSd3ExeOrLhZc68klWx3SXzkgywNItOENsq32gVgExyl0yTfVLd3CKwn+3D8Vf
bit-shifter.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODyyKCLjh71NswLcYdjjHkGgvUXnru5wvoojQYR2kwH
caffeine.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzLf726SMtgFQODIFN0G2WhwMPW6A6zDvd+hLUZWsx5in1rdCAVgtBAnqSlIZQzG+VV6b7VF/vUFg0g8Iku4txwQzE2o0Edln6RWFcEgYgczCY/QdtQ358NyZQ75M/fzM3HyX62cTzkX/nXOLIxGs8O8lmCSRs0D2I5JW4XciFvH4tarlstCflfkiTitqOicpaU+bEKfnXlfbR6tWsm5dp0gFcowtabJnWkuMNxyFSURWfglTrIn/XsEbA9rMdPzSHkpbuibrP9TaRQt+hwph+0fOtb2TlQlH1wu4O8Xi0R/XqlWASjRrXHrU6bMSOqq9Ym4a6oBUDrZMdKdlH48xsQ==
caffeine.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEl/7srK3RCWen+dBNiO1WfWQQqx4yVs+X6M/XRYPjml
carbonated-water.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsG4GJOjGXnkKCPxDfaCnBsL9Yty1CWZ/2A/ZAZllW1Lu7Y4PXHPyuKi6mf4V6C7/Sa+EQamMIHZrwO8kQ4V2AbRXXt96m9BDT/urOBWpL9sD211t7EgEKB8m75rqBcSgnnM44/crO08zht+3h97BZ6Eqp9YtqcXi1TqBFna/W02Ui9ZRJethFOxUWpWN2r12Skz7LQ+VvhOiTggb4kpUdKJjpY5hL66TfLhCionBm0OEGt/ccSsxJUyj4PPGOy7i/BN/N7WiFZf7PFouSpMiAN7GtEmUOEiiYVgsAh6M3UUpErV6B6FPpiK5mNsg1meLZvfl2e17nWXDv7s1zvKeV
carbonated-water.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIlEqhO7fQzl2tx14SKvv0f2p1Jhhieoiukh4bWLB5ZJ
chamomile.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsPbZrivCCDhBiKYf5KQKgVm9aeMcR8LI0s7uVzdLkHZn07YaJep6GTcr4XvW9vzW69lcyASJsUSGrIQitpvU6Zd+5sliAWRlqo0Tc86SU+0Vo/b8gmA9odFhmvENEhA7rIa+qUxSB0NmJQtCnAsJXwcbLMLw9vhbJMK8u7MzzfYSOE6THA4hT3WkfwzHcanESWdAOjd/yNNY1r1XltmAShRg4QzJx+bx4KMb2iC9XUGormQBLbJQyJmNLMlNc/tkW1vBH+8ZNysAUYQqWKjpfTYLyzGUVf6BrxgNnJLPAqOnWePyDd9+oljMZfer8Bih4n0rGJG5/M3buELI1/r+T
chamomile.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAMztEz1IeDwR2gnmkUJ1ARH8qMb0Vye2K59RrULQBUO
cobalamin.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDo5+jPDT0ak6Ox4vk+EPmxNsVgQuLK82IyKvvuPHZ2qJ27ZJ6a1YxE+WiwpmKkF4BfLC0bwMIY5PZ3IUZ+gfVxiA19kddEWa97kmntsOB2oirpv/Ewvv83KflVWwjIiMCS9BlbVwtzhfzaOUec0f7jsqQ1x/J2mvAEt81vgjFeWOqmxGhLQs8sZZzeqQBZyOHral5GvcIfvBbBMAhV8E7KuyjqQsGWqOdrEThEM7a/sNmmawI130PGlOIz6FKcnBZJWxpo0L26cGIEI92lvWRs/NWPaPDtyWuaamkP3PFedAc6kX6pnU+MqZldsbH6bDsPq1iOryU3y8WebdTBGVh9
cobalamin.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJT/8C2QZ5eRyIA6Q9ZdDS6naCf9raqEo7hZUhTm+Sm
coffee.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF/hEcmyYeG+sqVL+urSAvjR4jkCrohTjk63IivxSxFWcflKikAWGBONS52FFveBdbfKVd9yIOBHpTl334Q7g8fVtDjRc8rhW9pcu+t5ImFv90NqQ3fhEIQOj/3B8mZ5xuqfE8dcuKwXd3QsyDGhwwBoDOanx/STrFJEJVTdeXPLJSA80LNV5oExSrsZ3yL7SkUdQq4ogVf6RkROSLWPHSXUUcTZzzkCztFMbgOIQEMejij9ZTfWMZtL2Ua5kCXk2d7peY4tM3W+ggHcOu0EzU7QClq8SbiaJv1LhhHBYKIYH+c14ndyici+hhrkdKHWR10O7Mm2eGETbffr4y18BN
coffee.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWezKQtIfCb/JxML8H6gtZOt5iiLd4Ix6Vaax+cHzja
corn-syrup.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1Y3qdNiwgOQzHXoDnRozSJ31eGoVYldmG3R2Rwa2rXNUwKVeVx612GxANjPaWrMyJ7bYEI1x7xtfdxKRcz94uumeqnR8cBTNKhxd1vtx0J64TcmezZqZdTAJZ11NVLRp+cuYPNDY62PNRtfjlkXMZ1BX1QFgNQdpARkXkLlDqAkkhaDVMhtXg2/3Z+xe5cizcwAjyeVjWlEpYrg+g2CKnpL6/hF9WZT3OLYsUDqVGZS0tDrS9nOuPuNQFdHZPUdaaNx7Lv+k8D4Yxeauc8EGGD2qEJ3xTh2P7FmaYbDc7s8GIYHa1lKh87ZULNyD6G5ieLYjSCjyHjVrmFVJM8woyw==
corn-syrup.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQYiN9/mUUBcJx4lOCnm9W9n91iKvAY5cfcnoRzNqKU
dns1.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEI6VGY4MP/KUvRmAZe4zU5uBS84+r1r1CCOqMrzUniLVeDeEwkLVOsVjzAA3aTrZTPHu74SnmIeFSgD8N3ZmLsRX1J5MjLyTueQWhW2CfVVmJgm2HKRT+oACd/ICK3igeLeLJZbHX/kWj3fpIXH1qPEE5FG1RXZnl//YrqlHfD5bhAkoc8T9f4tVSi2uCBLsygI9YX+TMgslVMaoAPtUOsNoHX86tC01PnJdZeWNV4mffsezritwANOcEHwer6ae8KvMHyTn1PNS+JliaUjM1sJgbcrKLgS2X3WiJobm6axTsoTtAuwYifhaRTKqoAOVowk2QnwyjKimI/oYNj7xZ
dns1.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo3l7ZgezN5AnhqcxDENRWI4d+XzQ2d3jU06cCrxdlk
dns2.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClthQ42O/5q46PqkF2Gbay+RQthHvRghnN62hDV+g6ROEyAHbsTZZH2GNadLAuCkiVMTLk7XXFaAXAzXGwKlnt9SML306U6gIxriDJ5xW2Qq1LzvAFcMGRLA0V7HhxHfQveHPiAOTjyBDXr0DL8JNvvw5RlcjATHkUnEIZMD8OVR4n4lZ4WWQGGimWekN/xqxAbICasvSeDVBlYlN2mlcjB0xuRbDJl9itbHW5lk9VIaSuCwc+Q+xcQI3jtWsz2baQa+yCfaHwIHys3ChN6AeW61hdWHRvYtsSvfnIyVXqGejADrNuTqJxMgFx+04JehuOrzNtLlC+QPaaN/F5abt5
dns2.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ69SS+uWofWrv6o/1ayfDl4dYrXdomif482cTVbFpyb
etcd-phy.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9oYiZYxbBtwgNvf1YWm9SPSrhmL4l/sflJyTyAuXspqjZdJ6hD2rekssRnANK/A2qy/1bCX+8dM5FLoU0jg2lAPO9m8OifyrcFaeu1K9rohL9g6xy6DO9+2XHqSrZpnojzbtkNmzSFyuOftJLl2NP2JKo+++ZJd9GPOiKzCWfIRIh5ir00boaFp1b7YtvYVINbH2esO94ArnQdseEOI9lnPc2/40RfCYANxjluOl8JwWH8KKlAcB9piv1qTWHDH2BKkinvcVjDe9+dJ/iyTlGe2BOqvbTz6JLwSK4E07In3dLCYTgfWYozmpHcNOfdc/NLhspyt6IufAFrcwBwJJl
etcd-phy.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvm5HSmM/ws9ufNGX22+N8DX0I97b1Xk4tnXarJPwG
ginkgo.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7a1fj72/toOLO7j2xCWjGV9LclAeSQhHA7AH55QXLpJ92wEJ85PDwlUUwR4ARKiSk5NnBpoI6RaEsuMBfmbghtXW4EYPz03jtenPPAku2Jkn4QH9Ijf6T0wzL2V8f53+bdqkTGc23/oQpDV0JjS6iSBREI11TT0TgO0KKh+te+qMFYuBhJCHqrZVWQKXoquGRPNZuOT9xZ6EOMMgL8tLDy3i2zwxgkFYcgaXVva9+fIR8PQm/4FK7dhXK9T2x5UtiuhQ3qcqr/oNjrimn+uYQjMuASzO4v/0/FvG/6Y08YKIcdC/3kCZX4DBSnajE178ahLEH4lveyLWpYtrEOAAj
ginkgo.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV07xCAXmf9VJ6Dyx17+eRs3wRQWPiFt4h2Rjfkgadv
guayusa.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC88UgT1RuYgWapX5Zjt+SqrdnxjfwbtnavhzCKVxNU5amXuRc6YCBWkisk9szFCmq5uFY17fyx+dT8lBgAjTuqD1y7nZ9tyOIvnJWWIVNIc4MW1N0/VDDNR/jUedFQXUxJqbPTnPox4dcgACF0EB4O13mIIjrdhESxGXHDlOHNgvYOLwWzbglY5oj06dBPtsFf/NVbhe8J0h/lI+6kwFanhZa+Bbahwr56lXCf4bNxC//DS+CAr4VkQr6OCp5hUZwcdnCBiUSOjck7aOhEu8exvS/iUErX4lmObq5slWcQl7IK6kXcI8yFqpMUKxi5sCQIQSE5tbvKy+M1Jqt7AaQT
guayusa.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC6yuHvichINMFx6Ur6kys3VzF9prSDoIFmYPP5qUKj3
hfcs.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/XkcWvw/JAagtCFymBySJpnPjx0Uk0KTDDtdwNqeHH4/GvN0R8KWQNLg/2eJpGNIt8geTyake7Hg879rrHEh4RZrDkz9Zu8yTrV8nGGf2tZ58NmEo0CQn7I3wziNcJHpl1MQUXmtua8buvUNL+l7F+yag3u+ElPeQd7KAUparF2n9pz06kK4U3XEvimgOnTqbJaqP39ki/EjmUhi0I6LvzpoOdA6/06IM+EkVi58l5mu1vBffUpzKQXIOSJf3j4y/zEYqEkO7rHWdZJn0CVMG+cfYxry+GC3CRonw5MdemzU3wd+e4KI/zsdvfXBJwqnhAIN6Jq1hbtodLZYODp/v
hfcs.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINx6o3+z5wJxIs9zYSvf/bwzsWI5Nm27Sf/F3kvp0aYs
mail.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTas45BY/7HZjNUgwJtBSOMNVK+/eMM3r3EJyXMaNbnsSa0SrZgXmu0oA39uYHZD++ejn8tYsGqTtTHgIIcCAgrFWJykzGS35lq/t4YcqWqJLbTO2UiNwbi+VBEHWSRF5+vmYgO8ApuksULLsTy2PwfV6OoAqWtLiKcS2nmTRYuRqJlBNPkEVDjgREseRS+uFPK42cEhL3NNvHaHOxd5s9iamWFPVyH4s55MIASNMFzy3O3FD0Ewg60sTqBt1i4bqZcEC+ONYkm8/QFEJNcldIyn2XPN2FhfQ6QhCHnC/X1Z7ok2LFDsYo4rNd0eQrwIiK4KhwlwQg5/eJhTgbcig/
mail.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyt77ru/ViAIvaw9Nca9zL8Gqv5VwNGZnW7LCQu+9WP
mannitol.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDl/0vrcgl/E3ybwdThwQlk9VoTMpVmhtTfuTH2mV1sNL/bQv+RVa4CArntuoxuI+d08PzzvFNT63UGMKmULoBrxiR9WcvnvVBYKZ2Uq0mZa7uW2xCk5vhTbr/LE9FxgwukwcsbFuC+8RFmy+qqwcWdJn45Iha0FbbLgwzAanxD3vUFGOT9uCvxhuQ4qbPwJBmWYOBOBwHS3wIo0buizqNkGW+ZyPJO7cl3ODMw8Q6QrRMP3c4zrvRrx7pK8ZRzrYfP6OjriipRRlcjKcPWkTTi5QQeTDQp4+X8MPukf9c16wE134MMzOAlSp9ac6Hc3Fo9YF6532p0OucdV1qdKe47
mannitol.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHBwWIlKsqicBIO2GEESK0o/50vksGS3sOTDOZQyBozD
mattermost.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChF3yXKmHgNXZ0lk9K62jJ2SyIQGcrB9NQkZfsX6UtQqaiTV0CTih5r3QBpfrqvSsuJGNEyJ4X1euN5YbuiSMsyjvNJ6WRo8x4B4WE5pPdu3nUMdxT7oPdX6dajAlyDfxPRDyYX1nhimPx1ZuFo3+DZ6LoLkJ2k3S7BDpXbByAtWYd7iKPjmUqWhJ1ic3mqCXYIOoWEGx2rDjZTtQzw35HTvcudOopkxsuWR4o6BW92e5cA0Dpz88zfDFcVfiuPJS1w/QmaYkhHN8lo1Ji3B09hVSIeO9Ii8zDCRPw/S7QYgfMQRRbQuoUtfH9hRHqZL/ycpEtYs9SGG1JWz5WOjK3
mattermost.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII2dttPz6rcDyIGM5NYKx9LURUQNgzSGEkSVEuP+OdjZ
munin.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGasfjpaAvGwIFaDUd7MVs+hlnXKbFuzz07lUkAH7LvtqQdfNi6ytBLar+xy52O2e8Dx1Id+zQIgy+69+mDY3ewJZ528CIlKTOutJIDQq9gr9NngZwVnz1Jhn5otFgRMcGRDjVcvU7Y+/krP1Tlty12Udi9Bxe0d3gbysMsQTmLqo/JgfjQ1TlfQqJbUQNFUESTX9lgxvRN+IZpI+924EphJ5dz5Yt9IP9D60BnLOPgG0Lo0QEUom6S32gE9aKSFp6Zd6bSTgMYM+zGRaLX36uwFF+SW36QxvhJOjoOXsTRJd0ASwcresqj1fIPhohYkwhpeBgR6O1uLSuhfklFY/z
munin.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIc2OFHM1FI9SLnd94+H8eExdmwRnQQO5axNZBdPR0Xk
natural-flavours.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxB8N1u+o/74IImggUHbW3l5TL6DhU2woDXxBS5h1e/tNlWpPWiAZUym8WQEARfPFwgKuz/lpGEPXHB4RjxBUO3XD06MqIltqAok231GB5JkjUxIV+0+prqNYn+69ddWGigNMHngy2x2K/hyb4nk2TmvqtYFPJAZvhv8YcVwQ6KZytWlOT0RtkLWr4NG+JpcUqFRbaAfD9Bb5xUTBmeEPTV2tE/XDOttA6unSl2bwZUhy6E5A5znk0/FashGCr/tpDeq2Sm7Fg4TGf/LX3TQU8myXL7aJxjOZlQ09LF/r4k8Vx7lQjZ6OF3UxIs52yrv5RaiIkCOb+FW6AlPSJZL9Jw==
natural-flavours.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8aYjlkPSts9u/HHwG3MPWPqvYx1eQ8EyfsHdQZvQmH
neotame.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCucFmVnoxzJueaDLxcV3/e/1/J5N3c30GMxBjXwijxxx8ummYEm+prHW3/zfGIY40Ygf7wkfa3wgXuGIcX2qOlO4RJcdLsoXgM+30MWs6L2QPGBgZVP8lB0B1VrjFX5+QfOx2ZF7yfjeL1caPE315h0Ju4AXAN5kkqZqF7lJToMdFo7GyKEgFI7bvnx//cZBs4ioxAtxzpS6E43yHJkijzIuTudJqH5EwiXwy9s7Mc+QP9uJnftS+fL3tea9zgn3yZKoXDLdwJuEzXbvhgwrVgGmCce08ETy0c/zwfR0UT0wvZexzQpvFMRNDWPl1kQCfE4oIiQ7y0kDef6QI6B4yl
neotame.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFHKfUU0zLGUL52QFEgWjEX9IqfMguFfacrBkoyZ/5Wp
nullsleep.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzJXI0yFebeqYl1tZICq8+B4WVyO9d9BvegKFxHaABeITyRfGpx/fO9gO7RgVKlpvOPI3fPWM7OiMwi471QNZcsEUxXshYgNfdiNCaMHcEBFYOx12moKhE1mo/KKyCdfhxel6Lt2Nq2sE2HpMo59vfM768RUCBlAIQWvfMUusnD47TO+sH5fE+MycKxDRg55kjGBB/K3+y+EO8mJ1ZV5CISlMCh8EL5HeOf8zh/ZX5B7v5PYlbKcyGBef0YjOulAoEal3XuqVnEF99bdgFCMdd/rOa/Cgq/44lubMBgwux770K/pgPz5OktOTFreH19P1lVmnOLQi2nGVue3Ljw8A4w==
nullsleep.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGEBbBWfDxURsUChomUCxt0cTXGt0tfLzcVDJrg50oK6
phosphoric-acid.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEp3lvRFATMbwUkKDxnKaTrWBgXsOWoPWVK24JE2cmPks7qzxde/OkMvx2XYHEUKNgzxSOyw/YBdFENEkbnOunyyqNP5ygb4hixaEH+aNmc7bAXE6lsIidbTwn4o2KeKG7FWLTlIk/kSHA4aNYxdeuQzpdUip3fmFfwfn2JvTJMHWI0KgMBWuIOQMFnEf+owRYnb0wSuEZFR46bZT7moA06A4PSB1+UlZIyJ+QN2rA5MkjMzvEEasWiJSpsM4W/QRmh+le2OMrNiJSQAhcI785/gvXNIFQZNG81QXiBDQ4XB8t1tbeTuRRDEgtmREVc3J6s6xgtdSO/mipwp280An9
phosphoric-acid.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOREvEW8G1rbqkz7DyrMD1QrLvxt28ajP/crJe8Lt0Qx
potassium-benzoate.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDO4ZqQ8XG7fmM1o6v6g3Ac+ljP6j4HnyrPA9dNjVWMxjM0KhxOtKWQZufAFcLBvmh/myK13cJnnrHYjq+ZIc4SH2LRTW/nu9Tdsj/BPbCiNQrAk8JLv4fJJVhysT3XWRlvJaN7xTwUdQ+EEPSHFj0KB5OevONwlNqQ+2GKGrkDRnslxY1Twgj+6WxGvY+mFBpid+v2K8ypb96zNOI2azwUvRMrFpgntRrqCiWbvsy4KZEikhSv/VumTb9YlyyjqMhqJgv7zKAbYf/VrlSHvO1pb9lbEGZmaS1P27m7sr5dfHMy5YeAG4NCwtsXXz8vz9zl9LzS08/Eb93rk7NiX17r
potassium-benzoate.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQTR2Zui8kaLLiQeBFDkkvdVEJ6+rL9Ez2QIMWJgu0Z
progcom.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNjB1iigeXStSM1ov3Uvh9HJdVEWDqVzshH2YzbwhYC/vB8RLpNAb0g+UIK9s3YJJ4Q58XzpWrCZTq1bOryoB2D6dnX0GSqw/M0ENMqIl/ftOpWrGgsNjPwXbTNWxw6Mb1oBBkFr+q6slbwN2gF48IKphmbFKFasE7LH12Uc56i5HXAjLTCIgxurviXKMP5okg86P91jbuN/jMy1osiad6jAKaWhlcGq40ntyZCvK2OkSK7fZ5joA4xKBr2G+Wu4cNi6e6w2ZjxBCuZBCP5oK8lh1LuxUQksyovYWeZMM8rP99wxq0CusbsPjm5OZP4GsFQKU/bRti9joRumfM0JP9
progcom.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDyrYEfmjvo+ArpqUyuzUeQbKWLiniIcWDIoAkIS2yK
prometheus.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+5HhLGTgUb0FVpdBtCF5w/JoFGVlgw0JXABAsxPweOWYaOLcc2fG6Fp6wratGbGBqIDguIZDzK1lD6niji74Uyeo/erPJNQJePlQRT7hH5zhuxHka1eY5nher/MjFsu9J57dIlCQ2UQg3xRqbDfSKIWhsh8VGwX+TOojQy3loyQqISOvqqNYqTCF+TsEEubPffvvagqRT1JEKVQ/64eBuC+VMewpZv2e/1Z67B5LwRsyFTKzPQVIcNbNNjl+6WGAbnsBTUEkWBOvx+iqhWXQCW4LbRWOLkDMAY1q666I/3d029Fh0QggKc1gEgmPXNukPwUYxNgLctIBVqV0u/WoV
prometheus.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMDw8IjwgClwwI2x+JfCAKWeO2DpMPSErsbtYrkoFOi
riboflavin.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2DQN5wmaDyyxojGz4NOl/lGElSxIrlGUBdYcbMN8gIW9H5TazFuitfIyoVNz68CXyNVNhNXybGqUybzBrPA5QRviEnff/Sywq1AREBgYeuhwwn88JTTx68Bwsx6fiRRKm2+EISN9N3hu1AeE2Hbqh91GhgWBt8WOroFD37Ryk5AV1mL0LsOlBhsPd55GmQKlFpC5t9bsnkJC4ZyVFE3LtDadr/JEJiQRrZqVrdBG39cv9e7lFVts6MZ2Z19hs23NX8pl6ZKkTu5zZN6aox6n6debEVX3dRCbNYFGs75tLieSkUMY7STAcvu1Wd0LSvdCvFV9ba7SFACO+FG1rQjZp
riboflavin.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMV/P9dCMkW4GA43a1FlOpM7ifHdI2MyWnkmLoLs/GT
rt.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvHWacOC003Qkp9hzBOBeH52MvYJkvSSbRgKdmaUVR5HB/MlqPNnp3tfw1kF3gdtM0PUU1NbZ94c7rRWRWYIOavkNr6hXzDFHACX7VGub8Hg6024IuoVRnmvgDcm6rnRxedvhN4OLpXlePXcmbtXQ302861cyKXTAzup0O5hAbuEqGvUhtR8bt3ATW5ucYmU+JinlV6gMcCz6UH69X3dj037mu5IxLJoSaknT6v9Zm5tsK2EfFe6/CqLN6tKyBuBWegdcXTJ1hNVCAIL5Ayz3wqcuPcRV25hTFddcNXUYGSnwUUk2rO1sSb0X9/RQ/OiH5bdVtSel0gi28Ap5+d0jd
rt.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhh51yhgdLUI9bq69aqtw1rrPo/y8O5339gaBFEH2am
sorbitol.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8CIrohMD4Bjn3xgFbkg9fAlqm3txjpneL7JGRe7FjcogWIEnWiVqjzgTYVQceIka7kbAqWB0yFkLZnLY3ZtYUAfQciyepuKiknqqzFgUNSZwJzz2+BmBddsLlVsudaN710zkHf432KkskLfhs873VPtMxkChHUrqHcVv+QVfBCHHNa4omxOalNFnlclw4ivROSc9INKoWdDWKTiAnjyvWUiwORDpRyZWtdbGxs0PIvFx1OtEUeSvlx6WYaxPNe0irLqY4QcSwBlfQZ5Z/kle2Ru/WEDZvcp/9txYBTT//b+08PPTeQVwExu+ay8Z/reb0z++Ay68qW1txSO3M9o9B
sorbitol.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDL9KkNuGJ4LFo7uMs3ldd7b13gkg+CSEubYQGv8EGPz
strombola.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZhdxHj587MfoUcfTR72ouS1VeRaivD9ZpbAULl7od73Uo4xff/sIuT4hhm+gyQGW9gKA1mQfuhJ34nXnEulaWk3R8dWMxwn0lRElvbIG+bcrCCinKNU2RRoLOCh2cmri4bEF8PaejN/kt91CSRRT4Sko1tG7P58GedrOAxJDmsq7zHoTm9JTAJBa9AuPo6TgurXLN+6zQ+eCvBERcMgPLG8G2bhZg37c/scdI59s0om1oc6LcOSgGkF3yxmBmkSxvworr8rCXzVWhUvbNAdd0P8CI0zBOxxWuUi1/Q0PeRyFmI/T+6DvOuzXKdQgpOZj9dR4rfJb04V/s3C3d+DA1
strombola.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcAk96AtqG1gJd0yc5YQbBHZlzq8/0MXf2b/q7Z3ZGo
test-ipv6.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIgYxewDMHZrNw1yRthPwQxcGD7CBFEWhAG5lKn51lq/uynucz5HBfouy7LU9PTyAJa5FsYVK23eDEHCppYlL+3TwU3gYyC0mEzsM9g2oJPCxvqH59p4qftyNKF9sgv9bkadYf6NT6MMtBlWYN7xLZPBfJkshQEQu85S+zD3JHO8bF7etwWn3sX7gbTheO0LD8jzj6G2AyRTWpkk5v8O7kBiwiZOoC2ehcSfqaxAVqxYbawi+pQ5iXfX8A5RXduezH2XcRKD2GG1/f2nMALXrEq8OrRH7UVFJUPPViQxNnk4D4w2THkNaEnT2/8YcxelzFFY5EhW9pEOBXjZeLRzGr
test-ipv6.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILYdv1TC4b7N8S0/t6Xvyft0mjrM9d4b54Frj8eQLLQx
yerba-mate.csclub.uwaterloo.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOuKRa3mQ9ljfSVmKcX4eXNr4impOHLl4VCWfrfi6fsQnBtgL9tpCZcRKDIqdgIHihqVKGsa4q5pCt9wIZyXnYkAC61+aoWCWJYON6WDacr3WAVQ7kRKR+MX0VSZrUm45WcjQIxfNA2X63DbmOexN5aUjlqwfFdbGGkSn/tQTGblmk35q5ZSyPrS2RvaneCyC/3jM8Al//aaPdN0j+CJF41GcToEbHBqSgV7YVR6AdWuYPE5dlZmZ4Ce9xh9mcWVd7NqXcWR76r7vIVO3ZwzJZ2ux7X/TG+4gzTigHlRw0vEGgVGtuxRuseP/MAX3w2euMebtifEtvAbJGHlpjJ4SV
yerba-mate.csclub.uwaterloo.ca ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILo5PcuOEnGo1KAIzMP/z3TjHnQqAre2xsumeAeCkNPj

5
files/ssh_known_hosts.j2 Normal file
View File

@ -0,0 +1,5 @@
{% for host in groups['all']|sort if hostvars[host]['ansible_facts']%}
{% set facts = hostvars[host]['ansible_facts']%}
{{ host }} {{ facts['ssh_host_key_rsa_public_keytype'] }} {{ facts['ssh_host_key_rsa_public'] }}
{{ host }} {{ facts['ssh_host_key_ed25519_public_keytype'] }} {{ facts['ssh_host_key_ed25519_public'] }}
{% endfor %}

1
fingerprints/aspartame_ed25519.pub
View File

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII27ztnAm39AurPIoIsdTFVE+u46EuOwpRizR6D9BG+Y root@aspartame

1
fingerprints/aspartame_rsa.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4TzqMpguUFMIly6HKTHpKKJrvJmIBWrS7FZSH0JCDsUrwzlYZQSTG1d0uCqO0NG0SV6GsdxcrucLRJajkidoB1RMgaZ/PPOK2a4o94aR09p9lBoE/MX9capCuybLg0EVc1/YTdRxM1wjP9f4Mjp6t5snTZ89RTAdPOg3MjFbveHHQceg0tYbOu3VlNMoove1gh0GBftmLobPnPzUgtMCJ3I2KcXpqTMUJSC01k23DG+M6sRQ7XjuG9P5Q0ly49qtt3p/NSeR6B/kETN3QiI8FQo5VoW2OP1Mpa4sNoBoBs55Wq4XYC1m1vyH3SqU8ExcrZqjI+LbJtYQGpH5BWySv root@honey

1
fingerprints/biloba_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE4LtcwS3RYxhPENftd//ejt9QNQqRqMLbT1iULtk7cN root@biloba

1
fingerprints/biloba_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdi13l04LP2XMUh3cBQJK1wxPQIDd4X4dUJe2Q8t7mbF2aBbuhPRvCWqmVADzbHio7Bhw3duHRg8BsdByJXYBz2JC/BVSm4CsxWRn8M2MsvVdz/TZqb7kvoFcQgGOtDY3IFBe3IyQPssbA9RAi0XX+z/p8tJff2v6Zs6v6pEmhOT6LGB6gqwtkOqamvvadGhFqIqs3RcrCkRDuvYU8vg6yFZpNeorJjQjA2Gqj/8PvZYOMOdd1G39Xtfn/klff0zfMgG6UmC3ki3Rc3quiUCfmZ2wZcNWvryKlNtlykhnUm68gBSfV4jdqpoNvXpN+VM1xtJ7odFR+tRIXmMnqkNQt root@biloba

1
fingerprints/carbonated-water_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIlEqhO7fQzl2tx14SKvv0f2p1Jhhieoiukh4bWLB5ZJ root@carbonated-water

1
fingerprints/carbonated-water_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsG4GJOjGXnkKCPxDfaCnBsL9Yty1CWZ/2A/ZAZllW1Lu7Y4PXHPyuKi6mf4V6C7/Sa+EQamMIHZrwO8kQ4V2AbRXXt96m9BDT/urOBWpL9sD211t7EgEKB8m75rqBcSgnnM44/crO08zht+3h97BZ6Eqp9YtqcXi1TqBFna/W02Ui9ZRJethFOxUWpWN2r12Skz7LQ+VvhOiTggb4kpUdKJjpY5hL66TfLhCionBm0OEGt/ccSsxJUyj4PPGOy7i/BN/N7WiFZf7PFouSpMiAN7GtEmUOEiiYVgsAh6M3UUpErV6B6FPpiK5mNsg1meLZvfl2e17nWXDv7s1zvKeV root@carbonated-water

1
fingerprints/chamomile_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAMztEz1IeDwR2gnmkUJ1ARH8qMb0Vye2K59RrULQBUO root@chamomile

1
fingerprints/chamomile_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsPbZrivCCDhBiKYf5KQKgVm9aeMcR8LI0s7uVzdLkHZn07YaJep6GTcr4XvW9vzW69lcyASJsUSGrIQitpvU6Zd+5sliAWRlqo0Tc86SU+0Vo/b8gmA9odFhmvENEhA7rIa+qUxSB0NmJQtCnAsJXwcbLMLw9vhbJMK8u7MzzfYSOE6THA4hT3WkfwzHcanESWdAOjd/yNNY1r1XltmAShRg4QzJx+bx4KMb2iC9XUGormQBLbJQyJmNLMlNc/tkW1vBH+8ZNysAUYQqWKjpfTYLyzGUVf6BrxgNnJLPAqOnWePyDd9+oljMZfer8Bih4n0rGJG5/M3buELI1/r+T root@chamomile

1
fingerprints/coffee_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWezKQtIfCb/JxML8H6gtZOt5iiLd4Ix6Vaax+cHzja root@coffee

1
fingerprints/coffee_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF/hEcmyYeG+sqVL+urSAvjR4jkCrohTjk63IivxSxFWcflKikAWGBONS52FFveBdbfKVd9yIOBHpTl334Q7g8fVtDjRc8rhW9pcu+t5ImFv90NqQ3fhEIQOj/3B8mZ5xuqfE8dcuKwXd3QsyDGhwwBoDOanx/STrFJEJVTdeXPLJSA80LNV5oExSrsZ3yL7SkUdQq4ogVf6RkROSLWPHSXUUcTZzzkCztFMbgOIQEMejij9ZTfWMZtL2Ua5kCXk2d7peY4tM3W+ggHcOu0EzU7QClq8SbiaJv1LhhHBYKIYH+c14ndyici+hhrkdKHWR10O7Mm2eGETbffr4y18BN root@coffee

1
fingerprints/dextrose_ed25519.pub
View File

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJakT99tON1ug7OGL8nAoelggn5kVIkU5ZJcgcYYQeDf root@dextrose

1
fingerprints/dextrose_rsa.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkn3oIB0ubCLlriCIYFNR7z7i5wOm/GmPnt94eOjVk21RKzo4jJeczYX/OjvqNPTqeYgsOknoSjNPZ9EwkARe9XmhjIhRYsSrQeQH2i59WQTzg9EqnrdwuxHfEkO2X3CBBp6clftjONK8Wm7IwlfrUHssbTNczCuxyNrVP8hapXJuv69GQCqi4DTHEnswynjrh47iEgp0m/q7Q8leb98vfJd6a1fQrTqP7/+XJ6/h4cT5+tnwIC3BlnzzJYqzvK0FePYNZEf1TGFTZ2f5PzHAQo8IQQOLH2/Qiv43FgUSWanm3DO94C2IOO7vvHyZFXtktfmxoAGnm8E5ppEP6UR/3 root@dextrose

1
fingerprints/dns1_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo3l7ZgezN5AnhqcxDENRWI4d+XzQ2d3jU06cCrxdlk root@dns1

1
fingerprints/dns1_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEI6VGY4MP/KUvRmAZe4zU5uBS84+r1r1CCOqMrzUniLVeDeEwkLVOsVjzAA3aTrZTPHu74SnmIeFSgD8N3ZmLsRX1J5MjLyTueQWhW2CfVVmJgm2HKRT+oACd/ICK3igeLeLJZbHX/kWj3fpIXH1qPEE5FG1RXZnl//YrqlHfD5bhAkoc8T9f4tVSi2uCBLsygI9YX+TMgslVMaoAPtUOsNoHX86tC01PnJdZeWNV4mffsezritwANOcEHwer6ae8KvMHyTn1PNS+JliaUjM1sJgbcrKLgS2X3WiJobm6axTsoTtAuwYifhaRTKqoAOVowk2QnwyjKimI/oYNj7xZ root@dns1

1
fingerprints/dns2_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ69SS+uWofWrv6o/1ayfDl4dYrXdomif482cTVbFpyb root@dns2

1
fingerprints/dns2_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClthQ42O/5q46PqkF2Gbay+RQthHvRghnN62hDV+g6ROEyAHbsTZZH2GNadLAuCkiVMTLk7XXFaAXAzXGwKlnt9SML306U6gIxriDJ5xW2Qq1LzvAFcMGRLA0V7HhxHfQveHPiAOTjyBDXr0DL8JNvvw5RlcjATHkUnEIZMD8OVR4n4lZ4WWQGGimWekN/xqxAbICasvSeDVBlYlN2mlcjB0xuRbDJl9itbHW5lk9VIaSuCwc+Q+xcQI3jtWsz2baQa+yCfaHwIHys3ChN6AeW61hdWHRvYtsSvfnIyVXqGejADrNuTqJxMgFx+04JehuOrzNtLlC+QPaaN/F5abt5 root@dns2

1
fingerprints/etcd-phy_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvm5HSmM/ws9ufNGX22+N8DX0I97b1Xk4tnXarJPwG root@etcd-phy

1
fingerprints/etcd-phy_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9oYiZYxbBtwgNvf1YWm9SPSrhmL4l/sflJyTyAuXspqjZdJ6hD2rekssRnANK/A2qy/1bCX+8dM5FLoU0jg2lAPO9m8OifyrcFaeu1K9rohL9g6xy6DO9+2XHqSrZpnojzbtkNmzSFyuOftJLl2NP2JKo+++ZJd9GPOiKzCWfIRIh5ir00boaFp1b7YtvYVINbH2esO94ArnQdseEOI9lnPc2/40RfCYANxjluOl8JwWH8KKlAcB9piv1qTWHDH2BKkinvcVjDe9+dJ/iyTlGe2BOqvbTz6JLwSK4E07In3dLCYTgfWYozmpHcNOfdc/NLhspyt6IufAFrcwBwJJl root@etcd-phy

1
fingerprints/ginkgo_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV07xCAXmf9VJ6Dyx17+eRs3wRQWPiFt4h2Rjfkgadv root@ginkgo

1
fingerprints/ginkgo_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7a1fj72/toOLO7j2xCWjGV9LclAeSQhHA7AH55QXLpJ92wEJ85PDwlUUwR4ARKiSk5NnBpoI6RaEsuMBfmbghtXW4EYPz03jtenPPAku2Jkn4QH9Ijf6T0wzL2V8f53+bdqkTGc23/oQpDV0JjS6iSBREI11TT0TgO0KKh+te+qMFYuBhJCHqrZVWQKXoquGRPNZuOT9xZ6EOMMgL8tLDy3i2zwxgkFYcgaXVva9+fIR8PQm/4FK7dhXK9T2x5UtiuhQ3qcqr/oNjrimn+uYQjMuASzO4v/0/FvG/6Y08YKIcdC/3kCZX4DBSnajE178ahLEH4lveyLWpYtrEOAAj root@ginkgo

1
fingerprints/glomag_ed25519.pub
View File

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxpuwKe9wYy992ulrBbTS8Ag0Y9YsBuFItwipix3mAA root@glomag

1
fingerprints/glomag_rsa.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdFFZ8VdVK0rtWAfTZdM5MoI6P+Lqpo8FPqeXK9crwxutbaTgyj8JHBayCCEVrPciuddJ181ysvEae1d/0kNykhvJBUPwWIi66s1yCU93TNYvjfpxYrMLuDrQa0dh6cjavdjRbbzoi96I1DCt90X7TbDQHKGglf1Kg3a+3QyDk9b1T4+goC5uiHHJaI7wpdSZp5v7a9F9cnMPAdHSeoKtzKf4M0umzEd+XEXJQQT/ZlxGaL0SGPBN/7Lz+7ddpI8r2ApOgSaiBLZD+64wJHks/BtXD3nzfn4V8a+JnMIJ0pNc4vPMJU4/kdIrW00jAHv5UG+q7Ke6p03EETtIUaHab root@glomag

1
fingerprints/guayusa_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC6yuHvichINMFx6Ur6kys3VzF9prSDoIFmYPP5qUKj3 root@guayusa

1
fingerprints/guayusa_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC88UgT1RuYgWapX5Zjt+SqrdnxjfwbtnavhzCKVxNU5amXuRc6YCBWkisk9szFCmq5uFY17fyx+dT8lBgAjTuqD1y7nZ9tyOIvnJWWIVNIc4MW1N0/VDDNR/jUedFQXUxJqbPTnPox4dcgACF0EB4O13mIIjrdhESxGXHDlOHNgvYOLwWzbglY5oj06dBPtsFf/NVbhe8J0h/lI+6kwFanhZa+Bbahwr56lXCf4bNxC//DS+CAr4VkQr6OCp5hUZwcdnCBiUSOjck7aOhEu8exvS/iUErX4lmObq5slWcQl7IK6kXcI8yFqpMUKxi5sCQIQSE5tbvKy+M1Jqt7AaQT root@guayusa

1
fingerprints/mannitol_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHBwWIlKsqicBIO2GEESK0o/50vksGS3sOTDOZQyBozD root@mannitol

1
fingerprints/mannitol_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDl/0vrcgl/E3ybwdThwQlk9VoTMpVmhtTfuTH2mV1sNL/bQv+RVa4CArntuoxuI+d08PzzvFNT63UGMKmULoBrxiR9WcvnvVBYKZ2Uq0mZa7uW2xCk5vhTbr/LE9FxgwukwcsbFuC+8RFmy+qqwcWdJn45Iha0FbbLgwzAanxD3vUFGOT9uCvxhuQ4qbPwJBmWYOBOBwHS3wIo0buizqNkGW+ZyPJO7cl3ODMw8Q6QrRMP3c4zrvRrx7pK8ZRzrYfP6OjriipRRlcjKcPWkTTi5QQeTDQp4+X8MPukf9c16wE134MMzOAlSp9ac6Hc3Fo9YF6532p0OucdV1qdKe47 root@mannitol

1
fingerprints/mattermost_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII2dttPz6rcDyIGM5NYKx9LURUQNgzSGEkSVEuP+OdjZ root@mattermost

1
fingerprints/mattermost_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChF3yXKmHgNXZ0lk9K62jJ2SyIQGcrB9NQkZfsX6UtQqaiTV0CTih5r3QBpfrqvSsuJGNEyJ4X1euN5YbuiSMsyjvNJ6WRo8x4B4WE5pPdu3nUMdxT7oPdX6dajAlyDfxPRDyYX1nhimPx1ZuFo3+DZ6LoLkJ2k3S7BDpXbByAtWYd7iKPjmUqWhJ1ic3mqCXYIOoWEGx2rDjZTtQzw35HTvcudOopkxsuWR4o6BW92e5cA0Dpz88zfDFcVfiuPJS1w/QmaYkhHN8lo1Ji3B09hVSIeO9Ii8zDCRPw/S7QYgfMQRRbQuoUtfH9hRHqZL/ycpEtYs9SGG1JWz5WOjK3 root@mattermost

1
fingerprints/neotame_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFHKfUU0zLGUL52QFEgWjEX9IqfMguFfacrBkoyZ/5Wp root@neotame

1
fingerprints/neotame_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCucFmVnoxzJueaDLxcV3/e/1/J5N3c30GMxBjXwijxxx8ummYEm+prHW3/zfGIY40Ygf7wkfa3wgXuGIcX2qOlO4RJcdLsoXgM+30MWs6L2QPGBgZVP8lB0B1VrjFX5+QfOx2ZF7yfjeL1caPE315h0Ju4AXAN5kkqZqF7lJToMdFo7GyKEgFI7bvnx//cZBs4ioxAtxzpS6E43yHJkijzIuTudJqH5EwiXwy9s7Mc+QP9uJnftS+fL3tea9zgn3yZKoXDLdwJuEzXbvhgwrVgGmCce08ETy0c/zwfR0UT0wvZexzQpvFMRNDWPl1kQCfE4oIiQ7y0kDef6QI6B4yl root@neotame

1
fingerprints/netbox_ed25519.pub
View File

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtLKp5XuE2o/rC6Is8nAebfBlTO23n2uy5rTnGbh6MK root@netbox

1
fingerprints/netbox_rsa.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBWgjnv2JxsoPSc3uGsV/8AcyHaxdRcZhO41qR1mfCOwHV/url8c69srx3k5s+dGwo+4Xiwgm6X4Zv0JdV/ALW2QWcBl0pSMansU/At0IUcEh5uPHqDn8iHaA5SFkCfAcfMLRgqIeloXTbCHdi5pVRjM1LhXjFBl6WAP7sDbA76SYuEb80ujZe1stojJbaHHMd9iEXmFdt5UZwktCqdsMFwNHTv1caf4Tc78CirBg3CqBVKWKHo4IXwYneBrX4CnBr9HJwaLVKzFZcg1TYFCuHfizOEKCOSsM1ZZA9l+68Oeza0oQq1PI0FvtpFPpWSRUN/OA1tPrJgcpnbEsf8Knr root@netbox

1
fingerprints/phosphoric-acid_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOREvEW8G1rbqkz7DyrMD1QrLvxt28ajP/crJe8Lt0Qx root@phosphoric-acid

1
fingerprints/phosphoric-acid_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEp3lvRFATMbwUkKDxnKaTrWBgXsOWoPWVK24JE2cmPks7qzxde/OkMvx2XYHEUKNgzxSOyw/YBdFENEkbnOunyyqNP5ygb4hixaEH+aNmc7bAXE6lsIidbTwn4o2KeKG7FWLTlIk/kSHA4aNYxdeuQzpdUip3fmFfwfn2JvTJMHWI0KgMBWuIOQMFnEf+owRYnb0wSuEZFR46bZT7moA06A4PSB1+UlZIyJ+QN2rA5MkjMzvEEasWiJSpsM4W/QRmh+le2OMrNiJSQAhcI785/gvXNIFQZNG81QXiBDQ4XB8t1tbeTuRRDEgtmREVc3J6s6xgtdSO/mipwp280An9 root@phosphoric-acid

1
fingerprints/progcom_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDyrYEfmjvo+ArpqUyuzUeQbKWLiniIcWDIoAkIS2yK root@progcom

1
fingerprints/progcom_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNjB1iigeXStSM1ov3Uvh9HJdVEWDqVzshH2YzbwhYC/vB8RLpNAb0g+UIK9s3YJJ4Q58XzpWrCZTq1bOryoB2D6dnX0GSqw/M0ENMqIl/ftOpWrGgsNjPwXbTNWxw6Mb1oBBkFr+q6slbwN2gF48IKphmbFKFasE7LH12Uc56i5HXAjLTCIgxurviXKMP5okg86P91jbuN/jMy1osiad6jAKaWhlcGq40ntyZCvK2OkSK7fZ5joA4xKBr2G+Wu4cNi6e6w2ZjxBCuZBCP5oK8lh1LuxUQksyovYWeZMM8rP99wxq0CusbsPjm5OZP4GsFQKU/bRti9joRumfM0JP9 root@progcom

1
fingerprints/prometheus_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMDw8IjwgClwwI2x+JfCAKWeO2DpMPSErsbtYrkoFOi root@prometheus

1
fingerprints/prometheus_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+5HhLGTgUb0FVpdBtCF5w/JoFGVlgw0JXABAsxPweOWYaOLcc2fG6Fp6wratGbGBqIDguIZDzK1lD6niji74Uyeo/erPJNQJePlQRT7hH5zhuxHka1eY5nher/MjFsu9J57dIlCQ2UQg3xRqbDfSKIWhsh8VGwX+TOojQy3loyQqISOvqqNYqTCF+TsEEubPffvvagqRT1JEKVQ/64eBuC+VMewpZv2e/1Z67B5LwRsyFTKzPQVIcNbNNjl+6WGAbnsBTUEkWBOvx+iqhWXQCW4LbRWOLkDMAY1q666I/3d029Fh0QggKc1gEgmPXNukPwUYxNgLctIBVqV0u/WoV root@prometheus

1
fingerprints/riboflavin_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMV/P9dCMkW4GA43a1FlOpM7ifHdI2MyWnkmLoLs/GT root@riboflavin

1
fingerprints/riboflavin_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2DQN5wmaDyyxojGz4NOl/lGElSxIrlGUBdYcbMN8gIW9H5TazFuitfIyoVNz68CXyNVNhNXybGqUybzBrPA5QRviEnff/Sywq1AREBgYeuhwwn88JTTx68Bwsx6fiRRKm2+EISN9N3hu1AeE2Hbqh91GhgWBt8WOroFD37Ryk5AV1mL0LsOlBhsPd55GmQKlFpC5t9bsnkJC4ZyVFE3LtDadr/JEJiQRrZqVrdBG39cv9e7lFVts6MZ2Z19hs23NX8pl6ZKkTu5zZN6aox6n6debEVX3dRCbNYFGs75tLieSkUMY7STAcvu1Wd0LSvdCvFV9ba7SFACO+FG1rQjZp root@riboflavin

1
fingerprints/sodium-benzoate_ed25519.pub
View File

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqTJmG62zeZGMmHOD+caw0XvGznpfhPaAJEJnWrMdRr root@sodium-benzoate

1
fingerprints/sodium-benzoate_rsa.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6rKVV1vf0TEM+80e2uCcsoTvoLQMNJHBvRnBIlrSBTZRctVFAydGLa4UhPdNIE/n/83DuVytZ4c0VS3ASi+7O+AA+NlW+KayKYnD6afzqxRrbMQPdOhFu4GN0q0MXJs3xIl1g0+OmI7RUdesvbZYJBY0uCsjH2Y6u/paqmTkMyr11Tk12iVEBvwnaH1HBdsN4ZnHGQWA58mUYZHBz1TxoGCp4o7vMStoOlJb5a2xS39RhPHp67lA5H0/51uwG6Lj5NHxr8w2OBst6722cxF2/fxl03LmEQM17uy9muiAi7igggO0Iu2IHMpNlanMRnkzypuGqKN1LHWJ1rJNr1MZlQ== root@sodium-benzoate

1
fingerprints/sorbitol_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDL9KkNuGJ4LFo7uMs3ldd7b13gkg+CSEubYQGv8EGPz root@sorbitol

1
fingerprints/sorbitol_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8CIrohMD4Bjn3xgFbkg9fAlqm3txjpneL7JGRe7FjcogWIEnWiVqjzgTYVQceIka7kbAqWB0yFkLZnLY3ZtYUAfQciyepuKiknqqzFgUNSZwJzz2+BmBddsLlVsudaN710zkHf432KkskLfhs873VPtMxkChHUrqHcVv+QVfBCHHNa4omxOalNFnlclw4ivROSc9INKoWdDWKTiAnjyvWUiwORDpRyZWtdbGxs0PIvFx1OtEUeSvlx6WYaxPNe0irLqY4QcSwBlfQZ5Z/kle2Ru/WEDZvcp/9txYBTT//b+08PPTeQVwExu+ay8Z/reb0z++Ay68qW1txSO3M9o9B root@sorbitol

1
fingerprints/sucrose_ed25519.pub
View File

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxM7kOFiqijhaYQyXADyXk0ktjp4OvZTk/auOSuYltw root@sucrose

1
fingerprints/sucrose_rsa.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPDNlOisklAHEpwXuw+HhHK8WzNRX+unks07c5JPOwDHKdwNj/q0H3Jp1avsfGwwVM3P+mALxi0gk2GBCT4MvOuv0GLiNoKJWz4mwADZcCb7FEdKqlRdpckVcHRNJSIA5lRrkb6IlegF0o8f+y5c+zTZE/4Pa61bIIUvU0hS4rtdvIaCd9x066Rutgl3taQ2tW8btmK7F+pWoTKiaz9KTt0hUcr/SGSrMtI9VNdD1Dt7sAyTqYz6v2OLRlTTF1Q5u2eYlNy9s7dlwHrHrwNgGildU2S/WvIZ0hLBLfU5yCuOocJUGoQdjCA/IbHVnl5jFhDiEJ6eD6jo23nVFWwnNL root@sucrose

1
fingerprints/taurine_ed25519.pub
View File

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFu35kh6YDpTfwmtFpdB8ZUl5hAy4l3q9QGCYL50JFD root@taurine

1
fingerprints/taurine_rsa.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAx69z3QCtSccheSYSqpMHeJUuoco3rfNZfCNuopQDc87RRO9vhqMg1K8cE0RiViY8/ksQ0VDT3LC2WyBCa2p1NJ+TU+ZB4bKpcR0SAH1/pagZvaI+wXq4jYeGzZSHnh2Uh0n5Tt2AycU8sOGs2OyPP3/uYuXOa3DW52ooZsvV61pSJwB7Kne3P/MpXTsOC6zcENVnXypv5dWeWY/0jOYO2WMBkjIsYdqj/4sPx0IIIqR9OKGuxaDVbcXhkC7Uqz5NOQ8r/lfueojWePo2ExuJUsyzv5FFD9Lls3U+gjekTQvNZtyqcx1hCfEFn3Hz87wZvhV6F9394zEU9A0z8X8nMQ== root@taurine

1
fingerprints/test-ipv6_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILYdv1TC4b7N8S0/t6Xvyft0mjrM9d4b54Frj8eQLLQx root@test-ipv6

1
fingerprints/test-ipv6_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIgYxewDMHZrNw1yRthPwQxcGD7CBFEWhAG5lKn51lq/uynucz5HBfouy7LU9PTyAJa5FsYVK23eDEHCppYlL+3TwU3gYyC0mEzsM9g2oJPCxvqH59p4qftyNKF9sgv9bkadYf6NT6MMtBlWYN7xLZPBfJkshQEQu85S+zD3JHO8bF7etwWn3sX7gbTheO0LD8jzj6G2AyRTWpkk5v8O7kBiwiZOoC2ehcSfqaxAVqxYbawi+pQ5iXfX8A5RXduezH2XcRKD2GG1/f2nMALXrEq8OrRH7UVFJUPPViQxNnk4D4w2THkNaEnT2/8YcxelzFFY5EhW9pEOBXjZeLRzGr root@test-ipv6

1
fingerprints/yerba-mate_ed25519.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILo5PcuOEnGo1KAIzMP/z3TjHnQqAre2xsumeAeCkNPj root@yerba-mate

1
fingerprints/yerba-mate_rsa.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOuKRa3mQ9ljfSVmKcX4eXNr4impOHLl4VCWfrfi6fsQnBtgL9tpCZcRKDIqdgIHihqVKGsa4q5pCt9wIZyXnYkAC61+aoWCWJYON6WDacr3WAVQ7kRKR+MX0VSZrUm45WcjQIxfNA2X63DbmOexN5aUjlqwfFdbGGkSn/tQTGblmk35q5ZSyPrS2RvaneCyC/3jM8Al//aaPdN0j+CJF41GcToEbHBqSgV7YVR6AdWuYPE5dlZmZ4Ce9xh9mcWVd7NqXcWR76r7vIVO3ZwzJZ2ux7X/TG+4gzTigHlRw0vEGgVGtuxRuseP/MAX3w2euMebtifEtvAbJGHlpjJ4SV root@yerba-mate

24
gather-ssh-fingerprints.yml
View File

@ -1,8 +1,20 @@
---
- hosts: all
- name: Gather ssh fingerprints
hosts: all
tasks:
- name: get fingerprints
fetch: src={{ item.src }} dest={{ item.dest }} flat=yes
with_items:
- { src: '/etc/ssh/ssh_host_rsa_key.pub', dest: 'fingerprints/{{ ansible_hostname }}_rsa.pub' }
- { src: '/etc/ssh/ssh_host_ed25519_key.pub', dest: 'fingerprints/{{ ansible_hostname }}_ed25519.pub' }
- name: get pubkey files
ansible.builtin.fetch:
src: "/etc/ssh/ssh_host_{{ item }}_key.pub"
dest: "fingerprints/{{ ansible_hostname }}_{{ item }}.pub"
flat: true
loop:
- rsa
- ed25519
- name: template ssh_known_hosts
ansible.builtin.template:
src: files/ssh_known_hosts.j2
dest: files/ssh_known_hosts
mode: '660'
run_once: true
delegate_to: localhost

7
generate-hosts.yml
View File

@ -1,7 +0,0 @@
---
- hosts: all
become: yes
become_method: sudo
roles:
- generate-hosts
- cleanup

106
hosts
View File

@ -1,106 +0,0 @@
[new-office]
[bare-metal:children]
general-use-bare-metal
syscom-bare-metal
mirror
audio-sink
[containers:children]
general-use-containers
syscom-containers
[general-use:children]
general-use-bare-metal
general-use-containers
[general-use-bare-metal]
corn-syrup.csclub.uwaterloo.ca
hfcs.csclub.uwaterloo.ca
sucrose.csclub.uwaterloo.ca
taurine.csclub.uwaterloo.ca
[general-use-containers]
caffeine.csclub.uwaterloo.ca
[general-use-containers:children]
webnodes
[webnodes]
caffeine-00.csclub.uwaterloo.ca
caffeine-01.csclub.uwaterloo.ca
[office]
bit-shifter.csclub.uwaterloo.ca
gwem.csclub.uwaterloo.ca
maltodextrin.csclub.uwaterloo.ca
natural-flavours.csclub.uwaterloo.ca
strombola.csclub.uwaterloo.ca
[syscom:children]
syscom-bare-metal
syscom-containers
cloud
[syscom-bare-metal]
aspartame.csclub.uwaterloo.ca
dextrose.csclub.uwaterloo.ca
cobalamin.csclub.uwaterloo.ca
glomag.csclub.uwaterloo.ca
potassium-benzoate.csclub.uwaterloo.ca
sodium-benzoate.csclub.uwaterloo.ca
yerba-mate.csclub.uwaterloo.ca
guayusa.csclub.uwaterloo.ca
coffee.csclub.uwaterloo.ca
[cloud]
db1.cloud.csclub.uwaterloo.ca
controller1.cloud.csclub.uwaterloo.ca
network1.cloud.csclub.uwaterloo.ca
block1.cloud.csclub.uwaterloo.ca
object1.cloud.csclub.uwaterloo.ca
web1.cloud.csclub.uwaterloo.ca
router1.cloud.csclub.uwaterloo.ca
ginkgo.csclub.uwaterloo.ca
[syscom-containers]
auth1.csclub.uwaterloo.ca
auth2.csclub.uwaterloo.ca
mail.csclub.uwaterloo.ca
munin.csclub.uwaterloo.ca
rt.csclub.uwaterloo.ca
netbox.csclub.uwaterloo.ca
logstash.csclub.uwaterloo.ca
dns1.csclub.uwaterloo.ca
dns2.csclub.uwaterloo.ca
cifs.csclub.uwaterloo.ca
mattermost.csclub.uwaterloo.ca
shibboleth.csclub.uwaterloo.ca
test-ipv6.csclub.uwaterloo.ca
etcd-mc.csclub.uwaterloo.ca
etcd-dc.csclub.uwaterloo.ca
etcd-phy.csclub.uwaterloo.ca
prometheus.csclub.uwaterloo.ca
[syscom-containers:children]
load-balancers
[audio-sink]
nullsleep.csclub.uwaterloo.ca
[mirror]
potassium-benzoate.csclub.uwaterloo.ca
[load-balancers]
load-balancer-01.csclub.uwaterloo.ca lb_priority=110
load-balancer-02.csclub.uwaterloo.ca lb_priority=100
[cloud-csc-club-managed:children]
club-iie
club-uwarc
[club-iie]
wiki.iie.csclub.cloud
[club-uwarc]
wiki.uwarc.csclub.cloud

96
inventory.yaml Normal file
View File

@ -0,0 +1,96 @@
new_office:
hosts:
bare_metal:
children:
general_use_bare_metal:
syscom_bare_metal:
mirror:
audio_sink:
containers:
children:
general_use_containers:
syscom_containers:
general_use:
children:
general_use_bare_metal:
general_use_containers:
general_use_bare_metal:
hosts:
corn-syrup.csclub.uwaterloo.ca:
hfcs.csclub.uwaterloo.ca:
carbonated-water.csclub.uwaterloo.ca:
neotame.csclub.uwaterloo.ca:
sorbitol.csclub.uwaterloo.ca:
mannitol.csclub.uwaterloo.ca:
general_use_containers:
hosts:
caffeine.csclub.uwaterloo.ca:
office:
hosts:
bit-shifter.csclub.uwaterloo.ca:
gwem.csclub.uwaterloo.ca:
maltodextrin.csclub.uwaterloo.ca:
natural-flavours.csclub.uwaterloo.ca:
strombola.csclub.uwaterloo.ca:
syscom:
children:
syscom_bare_metal:
syscom_containers:
cloud:
syscom_bare_metal:
hosts:
#xylitol
cobalamin.csclub.uwaterloo.ca:
potassium-benzoate.csclub.uwaterloo.ca:
yerba-mate.csclub.uwaterloo.ca:
phosphoric-acid.csclub.uwaterloo.ca:
cloud:
hosts:
biloba.csclub.uwaterloo.ca:
chamomile.csclub.uwaterloo.ca:
ginkgo.csclub.uwaterloo.ca:
guayusa.csclub.uwaterloo.ca:
riboflavin.csclub.uwaterloo.ca:
syscom_containers:
hosts:
auth1.csclub.uwaterloo.ca:
auth2.csclub.uwaterloo.ca:
chat.csclub.uwaterloo.ca:
coffee.csclub.uwaterloo.ca:
mail.csclub.uwaterloo.ca:
mailman.csclub.uwaterloo.ca:
munin.csclub.uwaterloo.ca:
rt.csclub.uwaterloo.ca:
dns1.csclub.uwaterloo.ca:
dns2.csclub.uwaterloo.ca:
mattermost.csclub.uwaterloo.ca:
test-ipv6.csclub.uwaterloo.ca:
etcd-phy.csclub.uwaterloo.ca:
prometheus.csclub.uwaterloo.ca:
progcom.csclub.uwaterloo.ca:
ceod_machines:
hosts:
phosphoric-acid.csclub.uwaterloo.ca:
biloba.csclub.uwaterloo.ca:
caffeine.csclub.uwaterloo.ca:
mailman.csclub.uwaterloo.ca:
audio_sink:
hosts:
nullsleep.csclub.uwaterloo.ca:
mirror:
hosts:
potassium-benzoate.csclub.uwaterloo.ca:

13
loadbalancer.yml
View File

@ -1,13 +0,0 @@
---
- hosts: load-balancers
become: yes
become_method: sudo
serial: "50%"
pre_tasks:
- name: stop keepalived (to remove from rotation)
service:
name: keepalived
state: stopped
roles:
- load-balancer
- cleanup

0
install-general-use-container.yml → old_install/install-general-use-container.yml
View File

0
install-office-terminal.yml → old_install/install-office-terminal.yml
View File

0
install-syscom-container.yml → old_install/install-syscom-container.yml
View File

0
install-syscom.yml → old_install/install-syscom.yml
View File

0
webnode.yml → old_install/webnode.yml
View File

18
roles/generate-hosts/tasks/main.yml
View File

@ -1,18 +0,0 @@
---
- name: update hosts
connection: local
become: no
git: repo=~git/public/hosts.git dest=/tmp/generate-hosts-{{ ansible_hostname }}
- name: generate hosts file
connection: local
become: no
shell: /tmp/generate-hosts-{{ ansible_hostname }}/generate-hosts.py < /tmp/generate-hosts-{{ ansible_hostname }}/hosts.in > /tmp/generate-hosts-{{ ansible_hostname }}/hosts
- name: copy hosts file
copy: src=/tmp/generate-hosts-{{ ansible_hostname }}/hosts dest=/etc/hosts backup=yes
- name: cleanup generate-hosts
connection: local
become: no
file: path=/tmp/generate-hosts-{{ ansible_hostname }} state=absent

4
roles/load-balancer/files/99-nonlocalbind.conf
View File

@ -1,4 +0,0 @@
net.ipv4.ip_nonlocal_bind = 1
# Until the kernel > 4.3, a hack binds the IPs on lo
# net.ipv6.ip_nonlocal_bind = 1

263
roles/load-balancer/files/haproxy.cfg
View File

@ -1,263 +0,0 @@
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
#ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
#ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ssl-default-server-options no-sslv3 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
#frontend ssh
# bind :::2222 v4v6
# mode tcp
# option tcplog
#
# default_backend ssh_general-use
frontend http_cloud_metadata
bind :::8775 v4v6 ssl crt /etc/ssl/private/cloud.csclub.uwaterloo.ca/cloud.csclub.uwaterloo.ca.pem
mode http
option forwardfor
http-request set-header X-Forwarded-Proto https if { ssl_fc }
default_backend http_metadata.cloud.csclub.uwaterloo.ca
frontend http
bind :::80 v4v6
bind :::443 v4v6 ssl crt /etc/ssl/private/csclub.uwaterloo.ca/csclub.uwaterloo.ca.pem crt /etc/ssl/private/cloud.csclub.uwaterloo.ca/cloud.csclub.uwaterloo.ca.pem crt /etc/ssl/private/csclub.cloud/csclub.cloud.pem
mode http
option forwardfor
# Add proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
#
# Determine host
#
# csclub webpage
acl csclub.uwaterloo.ca hdr(host) -i csclub.uwaterloo.ca
acl csclub.uwaterloo.ca hdr(host) -i www.csclub.uwaterloo.ca
acl csclub.uwaterloo.ca hdr(host) -i www2.csclub.uwaterloo.ca
# cloud.csclub
acl cloud.csclub.uwaterloo.ca hdr(host) -i cloud.csclub.uwaterloo.ca
acl console.cloud.csclub.uwaterloo.ca hdr(host) -i console.cloud.csclub.uwaterloo.ca
acl auth.cloud.csclub.uwaterloo.ca hdr(host) -i auth.cloud.csclub.uwaterloo.ca
acl admin.cloud.csclub.uwaterloo.ca hdr(host) -i admin.cloud.csclub.uwaterloo.ca
acl compute.cloud.csclub.uwaterloo.ca hdr(host) -i compute.cloud.csclub.uwaterloo.ca
acl dns.cloud.csclub.uwaterloo.ca hdr(host) -i dns.cloud.csclub.uwaterloo.ca
acl metadata.cloud.csclub.uwaterloo.ca hdr(host) -i metadata.cloud.csclub.uwaterloo.ca
acl network.cloud.csclub.uwaterloo.ca hdr(host) -i network.cloud.csclub.uwaterloo.ca
acl image.cloud.csclub.uwaterloo.ca hdr(host) -i image.cloud.csclub.uwaterloo.ca
acl object.cloud.csclub.uwaterloo.ca hdr(host) -i object.cloud.csclub.uwaterloo.ca
acl object.cloud.csclub.uwaterloo.ca hdr(host) -i object.csclub.uwaterloo.ca
acl volume.cloud.csclub.uwaterloo.ca hdr(host) -i volume.cloud.csclub.uwaterloo.ca
# csclub.cloud
acl csclub.cloud hdr(host) csclub.cloud
acl csclub.cloud hdr(host) www.csclub.cloud
#
# csclub.cloud (users)
#
# iie
acl iie_iise-wiki.csclub.cloud hdr(host) -i iise-wiki.csclub.cloud
# ztseguin
acl ztseguin.csclub.cloud hdr(host) -i ztseguin.csclub.cloud
acl ztseguin-reddit.csclub.cloud hdr(host) -i ztseguin-reddit.csclub.cloud
acl ztseguin-reddit.csclub.cloud hdr(host) -i reddit.csclub.cloud
# Force SSL
redirect scheme https if !{ ssl_fc } cloud.csclub.uwaterloo.ca
redirect scheme https if !{ ssl_fc } admin.cloud.csclub.uwaterloo.ca
redirect scheme https if !{ ssl_fc } auth.cloud.csclub.uwaterloo.ca
redirect scheme https if !{ ssl_fc } console.cloud.csclub.uwaterloo.ca
redirect scheme https if !{ ssl_fc } compute.cloud.csclub.uwaterloo.ca
redirect scheme https if !{ ssl_fc } dns.cloud.csclub.uwaterloo.ca
redirect scheme https if !{ ssl_fc } metadata.cloud.csclub.uwaterloo.ca
redirect scheme https if !{ ssl_fc } network.cloud.csclub.uwaterloo.ca
redirect scheme https if !{ ssl_fc } image.cloud.csclub.uwaterloo.ca
redirect scheme https if !{ ssl_fc } object.cloud.csclub.uwaterloo.ca
redirect scheme https if !{ ssl_fc } volume.cloud.csclub.uwaterloo.ca
redirect scheme https if !{ ssl_fc } csclub.cloud
redirect scheme https if !{ ssl_fc } ztseguin.csclub.cloud
redirect scheme https if !{ ssl_fc } iie_iise-wiki.csclub.cloud
# Backend
use_backend http_csclub.uwaterloo.ca if csclub.uwaterloo.ca
use_backend http_cloud.csclub.uwaterloo.ca if cloud.csclub.uwaterloo.ca
use_backend http_auth.cloud.csclub.uwaterloo.ca if auth.cloud.csclub.uwaterloo.ca
use_backend http_admin.cloud.csclub.uwaterloo.ca if admin.cloud.csclub.uwaterloo.ca
use_backend http_console.cloud.csclub.uwaterloo.ca if console.cloud.csclub.uwaterloo.ca
use_backend http_compute.cloud.csclub.uwaterloo.ca if compute.cloud.csclub.uwaterloo.ca
use_backend http_dns.cloud.csclub.uwaterloo.ca if dns.cloud.csclub.uwaterloo.ca
use_backend http_metadata.cloud.csclub.uwaterloo.ca if metadata.cloud.csclub.uwaterloo.ca
use_backend http_network.cloud.csclub.uwaterloo.ca if network.cloud.csclub.uwaterloo.ca
use_backend http_image.cloud.csclub.uwaterloo.ca if image.cloud.csclub.uwaterloo.ca
use_backend http_object.cloud.csclub.uwaterloo.ca if object.cloud.csclub.uwaterloo.ca
use_backend http_volume.cloud.csclub.uwaterloo.ca if volume.cloud.csclub.uwaterloo.ca
use_backend http_cloud.csclub.uwaterloo.ca if csclub.cloud
use_backend http_ztseguin.csclub.cloud if ztseguin.csclub.cloud
use_backend http_iie_iise-wiki.csclub.cloud if iie_iise-wiki.csclub.cloud
frontend stats
bind :::8443 v4v6 ssl crt /etc/ssl/private/csclub.uwaterloo.ca/csclub.uwaterloo.ca.pem
mode http
no log
stats enable
stats uri /
acl network_allowed src 10.0.0.0/8
acl network_allowed src 129.97.0.0/16
acl network_allowed src 172.16.0.0/12
acl network_allowed src 2620:101:f000::/47
acl network_allowed src fd74:6b6a:8eca::/47
tcp-request connection reject if !network_allowed
#
# BACKENDS
#
#backend ssh_general-use
# balance roundrobin
# mode tcp
# server corn-syrup corn-syrup.csclub.uwaterloo.ca check port 22
# server high-fructose-corn-syrup high-fructose-corn-syrup.csclub.uwaterloo.ca check port 22
# server sucrose sucrose.csclub.uwaterloo.ca check port 22
backend http_csclub.uwaterloo.ca
balance leastconn
mode http
cookie serverid insert indirect nocache
server caffeine-00 caffeine-00.csclub.uwaterloo.ca:80 check cookie 00
server caffeine-01 caffeine-01.csclub.uwaterloo.ca:80 check cookie 01
backend http_cloud.csclub.uwaterloo.ca
balance leastconn
mode http
cookie serverid insert indirect nocache
#server web1.cloud web1.cloud.csclub.uwaterloo.ca:80 check cookie 01
server web1.cloud 172.19.134.5:80 check cookie 01
backend http_auth.cloud.csclub.uwaterloo.ca
balance roundrobin
mode http
server controller1.cloud controller1.cloud.csclub.uwaterloo.ca:5000 check
backend http_admin.cloud.csclub.uwaterloo.ca
balance roundrobin
mode http
server controller1.cloud controller1.cloud.csclub.uwaterloo.ca:35357 check
backend http_console.cloud.csclub.uwaterloo.ca
balance leastconn
mode http
server controller1.cloud controller1.cloud.csclub.uwaterloo.ca:6080 check
backend http_compute.cloud.csclub.uwaterloo.ca
balance roundrobin
mode http
server controller1.cloud controller1.cloud.csclub.uwaterloo.ca:8774 check
backend http_dns.cloud.csclub.uwaterloo.ca
balance roundrobin
mode http
server controller1.cloud controller1.cloud.csclub.uwaterloo.ca:9001 check
backend http_network.cloud.csclub.uwaterloo.ca
balance roundrobin
mode http
server controller1.cloud controller1.cloud.csclub.uwaterloo.ca:9696 check
backend http_metadata.cloud.csclub.uwaterloo.ca
balance roundrobin
mode http
server controller1.cloud controller1.cloud.csclub.uwaterloo.ca:8775 check
backend http_image.cloud.csclub.uwaterloo.ca
balance roundrobin
mode http
server controller1.cloud controller1.cloud.csclub.uwaterloo.ca:9292 check
backend http_object.cloud.csclub.uwaterloo.ca
balance roundrobin
mode http
server controller1.cloud controller1.cloud.csclub.uwaterloo.ca:8080 check
backend http_volume.cloud.csclub.uwaterloo.ca
balance roundrobin
mode http
server controller1.cloud controller1.cloud.csclub.uwaterloo.ca:8776 check
backend http_ztseguin.csclub.cloud
balance roundrobin
mode http
server ztseguin1 csc-web.zacharyseguin.ca:80 check
backend http_iie_iise-wiki.csclub.cloud
balance roundrobin
mode http
server wiki wiki.iie.csclub.cloud:8090 check

277
roles/load-balancer/files/haproxy/config.yml
View File

@ -1,277 +0,0 @@
frontends:
- name: http
bind:
- host: '129.97.134.10'
port: 80
- host: '2620:101:f000:4901:c5c::10ad'
port: 80
# For certificates, always ensure to update both v4 and v6
- host: '129.97.134.10'
port: 443
ssl: true
certs:
- /etc/ssl/private/csclub.uwaterloo.ca/csclub.uwaterloo.ca.pem
- /etc/ssl/private/cloud.csclub.uwaterloo.ca/cloud.csclub.uwaterloo.ca.pem
- /etc/ssl/private/csclub.cloud/csclub.cloud.pem
- /etc/ssl/private/ztseguin/alerts.zacharyseguin.ca/alerts.zacharyseguin.ca.pem
# For certificates, always ensure to update both v4 and v6
- host: '2620:101:f000:4901:c5c::10ad'
port: 443
ssl: true
certs:
- /etc/ssl/private/csclub.uwaterloo.ca/csclub.uwaterloo.ca.pem
- /etc/ssl/private/cloud.csclub.uwaterloo.ca/cloud.csclub.uwaterloo.ca.pem
- /etc/ssl/private/csclub.cloud/csclub.cloud.pem
- /etc/ssl/private/ztseguin/alerts.zacharyseguin.ca/alerts.zacharyseguin.ca.pem
multiple: true
projects:
csc:
proxies:
- host: www2.csclub.uwaterloo.ca
cookie: true
backends:
- host: caffeine-00.csclub.uwaterloo.ca
port: 80
- host: caffeine-01.csclub.uwaterloo.ca
port: 80
- host: crl.csclub.uwaterloo.ca
cookie: true
backends:
- host: caffeine-00.csclub.uwaterloo.ca
port: 80
- host: caffeine-01.csclub.uwaterloo.ca
port: 80
- host: cloud.csclub.uwaterloo.ca
force_ssl: true
backends:
- host: web1.cloud.csclub.uwaterloo.ca
port: 80
- host: csclub.cloud
force_ssl: true
backends:
- host: web1.cloud.csclub.uwaterloo.ca
port: 80
office:
proxies:
- host: office.csclub.cloud
force_ssl: true
backends:
- host: 172.19.134.51
port: 80
- host: 2620:101:f000:4903:f816:3eff:fe11:1dd9
port: 80
ztseguin:
proxies:
- host: ztseguin.csclub.cloud
force_ssl: true
backends:
- host: node1.web.ztseguin.csclub.cloud
port: 80
- host: dashboard.csclub.cloud
force_ssl: true
backends:
- host: dashboard.ztseguin.csclub.cloud
port: 80
- host: alerts.zacharyseguin.ca
force_ssl: true
backends:
- host: web1.alerts-canada.ztseguin.csclub.cloud
port: 80
- host: ztseguin-alerts-canada.csclub.cloud
force_ssl: true
backends:
- host: web1.alerts-canada.ztseguin.csclub.cloud
port: 80
- host: freebsd.packages.zacharyseguin.ca
backends:
- host: george-mason.zacharyseguin.ca
port: 80
- host: twig-sockets.csclub.cloud
force_ssl: true
backends:
- host: sucrose.csclub.uwaterloo.ca
port: 25000
- host: twig.csclub.cloud
force_ssl: true
backends:
- host: twig-prod.ztseguin.csclub.cloud
port: 80
- host: twig-dev.csclub.cloud
force_ssl: true
backends:
- host: twig-dev.ztseguin.csclub.cloud
port: 5000
iie:
proxies:
- host: iise-wiki.csclub.cloud
force_ssl: true
backends:
- host: wiki.iie.csclub.cloud
port: 8090
uwarc:
proxies:
- host: uwarc-wiki.csclub.cloud
force_ssl: true
backends:
- host: wiki.uwarc.csclub.cloud
port: 80
- host: wiki.uwarc.uwaterloo.club
force_ssl: true
backends:
- host: wiki.uwarc.csclub.cloud
port: 80
- name: cloud-http
bind:
- host: '129.97.134.11'
port: 80
- host: '2620:101:f000:4901:c5c::c:10ad'
port: 80
# For certificates, always ensure to update both v4 and v6
- host: '129.97.134.11'
port: 443
ssl: true
certs:
- /etc/ssl/private/cloud.csclub.uwaterloo.ca/cloud.csclub.uwaterloo.ca.pem
# For certificates, always ensure to update both v4 and v6
- host: '2620:101:f000:4901:c5c::c:10ad'
port: 443
ssl: true
certs:
- /etc/ssl/private/cloud.csclub.uwaterloo.ca/cloud.csclub.uwaterloo.ca.pem
multiple: true
projects:
csc-cloud:
proxies:
- host: csclub.cloud
force_ssl: true
backends:
- host: web1.cloud.csclub.uwaterloo.ca
port: 80
- host: www.csclub.cloud
force_ssl: true
backends:
- host: web1.cloud.csclub.uwaterloo.ca
port: 80
- host: cloud.csclub.uwaterloo.ca
force_ssl: true
cookie: true
backends:
- host: web1.cloud.csclub.uwaterloo.ca
port: 80
- host: admin.cloud.csclub.uwaterloo.ca
force_ssl: true
backends:
- host: controller1.cloud.csclub.uwaterloo.ca
port: 35357
- host: auth.cloud.csclub.uwaterloo.ca
force_ssl: true
backends:
- host: controller1.cloud.csclub.uwaterloo.ca
port: 5000
- host: compute.cloud.csclub.uwaterloo.ca
force_ssl: true
backends:
- host: controller1.cloud.csclub.uwaterloo.ca
port: 8774
- host: console.cloud.csclub.uwaterloo.ca
force_ssl: true
backends:
- host: controller1.cloud.csclub.uwaterloo.ca
port: 6080
- host: dashboard.cloud.csclub.uwaterloo.ca
force_ssl: true
backends:
- host: web1.cloud.csclub.uwaterloo.ca
port: 8080
- host: dns.cloud.csclub.uwaterloo.ca
force_ssl: true
backends:
- host: controller1.cloud.csclub.uwaterloo.ca
port: 9001
- host: network.cloud.csclub.uwaterloo.ca
force_ssl: true
backends:
- host: controller1.cloud.csclub.uwaterloo.ca
port: 9696
- host: image.cloud.csclub.uwaterloo.ca
force_ssl: true
backends:
- host: controller1.cloud.csclub.uwaterloo.ca
port: 9292
- host: object.cloud.csclub.uwaterloo.ca
force_ssl: true
backends:
- host: controller1.cloud.csclub.uwaterloo.ca
port: 8080
- host: placement.cloud.csclub.uwaterloo.ca
force_ssl: true
backends:
- host: controller1.cloud.csclub.uwaterloo.ca
port: 8778
- host: volume.cloud.csclub.uwaterloo.ca
force_ssl: true
backends:
- host: controller1.cloud.csclub.uwaterloo.ca
port: 8776
# TODO: Force SSL for object.csclub.uwaterloo.ca domain
- name: object-http
bind:
- host: '129.97.134.12'
port: 80
- host: '2620:101:f000:4901:c5c::c0b:10ad'
port: 80
# For certificates, always ensure to update both v4 and v6
- host: '129.97.134.12'
port: 443
ssl: true
certs:
- /etc/ssl/private/cloud.csclub.uwaterloo.ca/cloud.csclub.uwaterloo.ca.pem
- /etc/ssl/private/csclub.cloud/csclub.cloud.pem
# For certificates, always ensure to update both v4 and v6
- host: '2620:101:f000:4901:c5c::c0b:10ad'
port: 443
ssl: true
certs:
- /etc/ssl/private/cloud.csclub.uwaterloo.ca/cloud.csclub.uwaterloo.ca.pem
- /etc/ssl/private/csclub.cloud/csclub.cloud.pem
backends:
- host: controller1.cloud.csclub.uwaterloo.ca
port: 8080
- name: cloud-metadata
bind:
- host: '::'
port: 8775
v4v6: true
ssl: true
certs:
- /etc/ssl/private/cloud.csclub.uwaterloo.ca/cloud.csclub.uwaterloo.ca.pem
force_ssl: true
backends:
- host: controller1.cloud.csclub.uwaterloo.ca
port: 8775
restrict:
- '10.0.0.0/8'
- '129.97.0.0/16'
- '172.16.0.0/12'
- '2620:101:f000::/47'
- 'fd74:6b6a:8eca::/47'
- name: stats
bind:
- host: '::'
port: 8443
v4v6: true
ssl: true
certs:
- /etc/ssl/private/csclub.uwaterloo.ca/csclub.uwaterloo.ca.pem
stats:
enable: true
uri: '/'
restrict:
- '10.0.0.0/8'
- '129.97.0.0/16'
- '172.16.0.0/12'
- '2620:101:f000::/47'
- 'fd74:6b6a:8eca::/47'

37
roles/load-balancer/files/haproxy/genconfig.py
View File

@ -1,37 +0,0 @@
#!/usr/bin/env python
from __future__ import print_function
import os, sys
from optparse import OptionParser
import yaml
from mako.template import Template
import pprint
def main():
# Arguments
parser = OptionParser()
parser.add_option('-c', '--config', dest='config', default='config.yml',
help='Configuration file', metavar="FILE")
parser.add_option('-t', '--template', dest='template', default='haproxy.cfg.mako',
help='haproxy.cfg Mako template')
(options, args) = parser.parse_args()
try:
config = yaml.load(open(options.config, 'r'))
except Exception as e:
print(e, file=sys.stderr)
config = None
if not config or type(config) != dict:
print('Unable to load configuration: "{}"'.format(options.config), file=sys.stderr)
sys.exit(-1)
print(Template(filename=options.template).render(config=config))
if __name__ == '__main__':
main()

147
roles/load-balancer/files/haproxy/haproxy.cfg.mako
View File

@ -1,147 +0,0 @@
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDH
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:EC
ssl-default-server-options no-sslv3 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
% for frontend in config.get('frontends'):
frontend ${frontend['name']}
% for bind in frontend['bind']:
bind ${bind['host']}:${bind['port']}${' v4v6' if bind.get('v4v6', False) else ''}${' ssl crt {}'.format(' crt '.join(bind['certs'])) if bind.get('ssl', False) else ''}
% endfor
mode ${frontend.get('mode', 'http')}
% if frontend.get('mode', 'http') == 'http':
option forwardfor
option http-server-close
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
% endif
% if frontend.get('stats') and frontend['stats'].get('enable', False):
stats enable
stats uri ${frontend['stats'].get('uri', '/')}
% endif
% for restriction in frontend.get('restrict', []):
acl network_allowed src ${restriction}
% endfor
% if frontend.get('restrict', None):
http-request deny if !network_allowed
% endif
% if not frontend.get('multiple', False):
# SSL
% if frontend.get('force_ssl', False):
redirect scheme https if !{ ssl_fc }
% endif
# Backend
% if frontend.get('backends'):
use_backend ${frontend['name']}
% endif
% else:
# Determine which virtual host is being requested
% for project in frontend['projects']:
# ${project}
% for proxy in frontend['projects'][project]['proxies']:
acl ${proxy['host']} hdr(host) -i ${proxy['host']}
% endfor
% endfor
# Redirect SSL
% for project in frontend['projects']:
# ${project}
% for proxy in frontend['projects'][project]['proxies']:
% if proxy.get('force_ssl', False):
redirect scheme https if !{ ssl_fc } ${proxy['host']}
% endif
% endfor
% endfor
# Select backend
% for project in frontend['projects']:
# ${project}
% for proxy in frontend['projects'][project]['proxies']:
% if proxy.get('force_ssl', False):
redirect scheme https if !{ ssl_fc } ${proxy['host']}
% endif
% endfor
% endfor
# Select backend
% for project in frontend['projects']:
# ${project}
% for proxy in frontend['projects'][project]['proxies']:
use_backend ${frontend['name']}_${project}_${proxy['host']} if ${proxy['host']}
% endfor
% endfor
% endif
% endfor
#
# BACKENDS
#
<%def name="backend(name, definition)">
backend ${name}
balance ${definition.get('balance', 'leastconn')}
mode http
% if definition.get('cookie', False):
cookie serverid insert indirect nocache
% endif
% for index, server in enumerate(definition.get('backends')):
server ${server['host']}:${server['port']} ${server['host']}:${server['port']} check ${ 'cookie {}'.format(index) if definition.get('cookie', False) else ''}
% endfor
</%def>
% for frontend in config.get('frontends', []):
% if not frontend.get('multiple', False) and frontend.get('backends'):
${backend(frontend['name'], frontend)}
% elif frontend.get('multiple', False):
% for project in frontend['projects']:
# ${project}
% for proxy in frontend['projects'][project]['proxies']:
${backend('{}_{}_{}'.format(frontend['name'], project, proxy['host']), proxy)}
% endfor
% endfor
% endif
% endfor

13
roles/load-balancer/files/ipv6-nonlocalhack.service
View File

@ -1,13 +0,0 @@
[Unit]
Description=Hack since 4.3 kernel does not support net.ipv6.ip_nonlocal_bind
Before=haproxy.service
[Service]
ExecStart=/sbin/ip -6 addr add 2620:101:f000:4901:c5c::10ad/64 dev lo
ExecStart=/sbin/ip -6 addr add 2620:101:f000:4901:c5c::c:10ad/64 dev lo
ExecStart=/sbin/ip -6 addr add 2620:101:f000:4901:c5c::c0b:10ad/64 dev lo
RemainAfterExit=true
Type=oneshot
[Install]
WantedBy=multi-user.target

1
roles/load-balancer/files/ssl
View File

@ -1 +0,0 @@
/users/syscom/certs

82
roles/load-balancer/tasks/main.yml
View File

@ -1,82 +0,0 @@
---
# SSL CERTS
- name: Install SSL certificates
copy:
src: ssl/
dest: /etc/ssl/private/
directory_mode: "u=rwx,g=rx,o="
mode: "u=rw,g=r,o="
owner: root
group: root
# Non-local binding
- name: Install 99-nonlocalbind.conf in /etc/sysctl.d
copy:
src: 99-nonlocalbind.conf
dest: /etc/sysctl.d
backup: no
- name: Install ipv6-nonlocalhack.service
copy:
src: ipv6-nonlocalhack.service
dest: /etc/systemd/system/ipv6-nonlocalhack.service
backup: no
- name: Start ipv6-nonlocalhack.service
service:
name: ipv6-nonlocalhack
state: running
# HAPROXY
- name: Install haproxy
package:
name: haproxy
state: latest
- name: Install packages required to generate config
package: name={{ item }} state=latest
with_items:
- python-yaml
- python-mako
- name: Copy haproxy configuration generation
copy:
src: haproxy/
dest: /tmp/haproxy
backup: no
- name: Generate haproxy configuration
shell: python genconfig.py > /etc/haproxy/haproxy.cfg
args:
chdir: /tmp/haproxy/
- name: Restart haproxy
service:
name: haproxy
state: restarted
# KEEPALIVED
- name: Install keepalived
package:
name: keepalived
state: latest
register: keepalived_installed
- name: Stop keepalived
service:
name: keepalived
state: stopped
- name: Copy keepalived config
template:
src: keepalived.conf
dest: /etc/keepalived/keepalived.conf
backup: no
#register: keepalived_configuration
- name: Restart keepalived
service:
name: keepalived
state: restarted
#when: keepalived_configuration.changed

72
roles/load-balancer/templates/keepalived.conf
View File

@ -1,72 +0,0 @@
global_defs {
notification_email {
syscom@csclub.uwaterloo.ca
}
notification_email_from load-balancer@csclub.uwaterloo.ca
}
vrrp_script check_haproxy {
script "pidof haproxy"
interval 1
weight: -20
}
! load-balancer.csclub.uwaterloo.ca
vrrp_instance VI_10 {
state MASTER
interface eth0
virtual_router_id 10
priority {{ lb_priority }}
advert_int 1
authentication {
auth_type PASS
auth_pass CSC_VRRP
}
track_script {
check_haproxy
}
virtual_ipaddress {
129.97.134.10
2620:101:f000:4901:c5c::10ad
}
}
! load-balancer-cloud.csclub.uwaterloo.ca
vrrp_instance VI_11 {
state MASTER
interface eth0
virtual_router_id 11
priority {{ lb_priority }}
advert_int 1
authentication {
auth_type PASS
auth_pass CSC_VRRP
}
track_script {
check_haproxy
}
virtual_ipaddress {
129.97.134.11
2620:101:f000:4901:c5c::c:10ad
}
}
! load-balancer-object.csclub.uwaterloo.ca
vrrp_instance VI_12 {
state MASTER
interface eth0
virtual_router_id 12
priority {{ lb_priority }}
advert_int 1
authentication {
auth_type PASS
auth_pass CSC_VRRP
}
track_script {
check_haproxy
}
virtual_ipaddress {
129.97.134.12
2620:101:f000:4901:c5c::c0b:10ad
}
}

16
rs.yml
View File

@ -1,16 +0,0 @@
---
- hosts: new-office
become: yes
tasks:
- name: install rsyslog-gnutls
package: name=rsyslog-gnutls state=latest
- name: copy tls keys
copy: src={{ item.src }} dest={{ item.dest }} mode=0640 owner=root group=syslog
with_items:
- { src: '/scratch/syscom/{{ ansible_hostname }}/rsyslog.d/ca.pem', dest: '/etc/rsyslog.d/ca.pem' }
- { src: '/scratch/syscom/{{ ansible_hostname }}/rsyslog.d/cert.pem', dest: '/etc/rsyslog.d/cert.pem' }
- { src: '/scratch/syscom/{{ ansible_hostname }}/rsyslog.d/key.pem', dest: '/etc/rsyslog.d/key.pem' }
- name: copy rsyslog config
copy: src='files/rsyslog.conf' dest='/etc/rsyslog.d/csclub.conf' mode=0644
- name: restart rsyslog
service: name=rsyslog state=restarted

17
test-playbook.yml
View File

@ -1,6 +1,13 @@
---
- hosts: all
become: yes
tasks:
- name: whoami
command: whoami
- name: Test become
hosts: all
become: true
tasks:
- name: Run whoami
ansible.builtin.command: whoami
register: result
when: true # keep the linter happy
- name: Print result
ansible.builtin.debug:
var: result.stdout

18
update-hosts.yml
View File

@ -1,18 +0,0 @@
---
- hosts: all
become: yes
become_method: sudo
tasks:
- name: update hosts
connection: local
git: repo=~git/public/hosts.git dest=/tmp/generate-hosts-{{ ansible_hostname }}
- name: generate hosts file
connection: local
shell: /tmp/generate-hosts-{{ ansible_hostname }}/generate-hosts.py < /tmp/generate-hosts-{{ ansible_hostname }}/hosts.in > /tmp/generate-hosts-{{ ansible_hostname }}/hosts
- name: copy hosts file
copy: src=/tmp/generate-hosts-{{ ansible_hostname }}/hosts dest=/etc/hosts backup=no
- name: etckeeper commit
command: etckeeper commit "Update /etc/hosts with ansible"
- name: delete local copy
connection: local
command: rm -rf /tmp/generate-hosts-{{ ansible_hostname }}

27
upgrade-ceo.yml Normal file
View File

@ -0,0 +1,27 @@
- name: Update ceod
hosts: ceod_machines
become: true
tasks:
- name: update ceod package
ansible.builtin.apt:
name: ceod
state: latest
update_cache: true
only_upgrade: true
- name: restart ceod service
ansible.builtin.systemd:
name: ceod
state: restarted
- name: Update ceo
hosts: all
become: true
tasks:
- name: update ceo package
ansible.builtin.apt:
name: ceo
state: latest
update_cache: true
only_upgrade: true