From 099c6982f087f04f2e5e281ffb575d59ee963c53 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Fri, 26 Jan 2024 21:15:20 +0200
Subject: [PATCH] Cleanup.
Remove services that have been decomissioned.
---
Ansible/renew-certs.yaml | 3 --
Ansible/roles/router/files/filebeat.yml | 27 ------------
Ansible/roles/router/files/metricbeat.yml | 33 ---------------
Ansible/roles/router/files/nsd/shore.co.il | 5 +--
Ansible/roles/router/files/packetbeat.yml | 34 ---------------
Ansible/roles/router/handlers/main.yaml | 15 -------
Ansible/roles/router/tasks/main.yaml | 36 ----------------
.../host01/conf.d/sogo.shore.co.il.conf | 41 -------------------
Compose/web-proxy/host01/docker-compose.yml | 1 -
.../ns4/conf.d/elasticsearch.shore.co.il.conf | 30 --------------
.../ns4/conf.d/kibana.shore.co.il.conf | 31 --------------
11 files changed, 1 insertion(+), 255 deletions(-)
delete mode 100644 Ansible/roles/router/files/filebeat.yml
delete mode 100644 Ansible/roles/router/files/metricbeat.yml
delete mode 100644 Ansible/roles/router/files/packetbeat.yml
delete mode 100644 Compose/web-proxy/host01/conf.d/sogo.shore.co.il.conf
delete mode 100644 Compose/web-proxy/ns4/conf.d/elasticsearch.shore.co.il.conf
delete mode 100644 Compose/web-proxy/ns4/conf.d/kibana.shore.co.il.conf
diff --git a/Ansible/renew-certs.yaml b/Ansible/renew-certs.yaml
index 4b5c6bb..02cac5e 100644
--- a/Ansible/renew-certs.yaml
+++ b/Ansible/renew-certs.yaml
@@ -37,8 +37,6 @@
- autoconfig.nehes.co
- autoconfig.nehe.sr
- autoconfig.shore.co.il
- - elasticsearch.shore.co.il
- - kibana.shore.co.il
- myip.shore.co.il
- nehes.co
- nehe.sr
@@ -70,7 +68,6 @@
- ns1.shore.co.il
- notify.shore.co.il
- matrix.shore.co.il
- - sogo.shore.co.il
- vouch.shore.co.il
- zpush.shore.co.il
handlers:
diff --git a/Ansible/roles/router/files/filebeat.yml b/Ansible/roles/router/files/filebeat.yml
deleted file mode 100644
index fe2bf08..0000000
--- a/Ansible/roles/router/files/filebeat.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-output.elasticsearch:
- hosts:
- - https://elasticsearch.shore.co.il:443
-
-logging:
- level: warning
- json: true
- to_syslog: true
- metrics.enabled: false
-
-processors:
- - add_host_metadata: ~
-
-filebeat:
- inputs:
- - type: log
- enabled: true
- paths:
- - /var/log/*.log
- - /var/log/authlog
- - /var/log/daemon
-
- config.modules:
- path: ${path.config}/modules.d/*.yml
- reload:
- enabled: false
diff --git a/Ansible/roles/router/files/metricbeat.yml b/Ansible/roles/router/files/metricbeat.yml
deleted file mode 100644
index 3d9c73e..0000000
--- a/Ansible/roles/router/files/metricbeat.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-output.elasticsearch:
- hosts:
- - https://elasticsearch.shore.co.il:443
-
-logging:
- level: warning
- json: true
- to_syslog: true
- metrics.enabled: false
-
-# processors:
-# - add_host_metadata: ~
-
-metricbeat.config.modules:
- path: ${path.config}/modules.d/*.yml
- reload.enabled: false
-
-metricbeat.modules:
- - module: system
- metricsets:
- - cpu
- - load
- - memory
- # - network
- # - process
- # - process_summary
- - uptime
- - socket_summary
- # - diskio
- - filesystem
- - fsstat
- # - service
diff --git a/Ansible/roles/router/files/nsd/shore.co.il b/Ansible/roles/router/files/nsd/shore.co.il
index 14e6fda..2a7fa83 100644
--- a/Ansible/roles/router/files/nsd/shore.co.il
+++ b/Ansible/roles/router/files/nsd/shore.co.il
@@ -2,7 +2,7 @@
$TTL 1h
$ORIGIN shore.co.il.
@ IN SOA ns1 hostmaster (
- 2023121501 ; Serial
+ 2024012601 ; Serial
4h ; Refresh
1h ; Retry
4w ; Expire
@@ -56,11 +56,9 @@ _caldavs._tcp IN SRV 0 1 443 nextcloud
auth IN CNAME ns1
autoconfig IN CNAME ns4
code IN CNAME ns1
-elasticsearch IN CNAME ns4
git IN CNAME ns1
imap IN CNAME smtp
jellyfin IN CNAME ns1
-kibana IN CNAME ns4
kodi IN CNAME ns1
lam IN CNAME ns1
library IN CNAME ns1
@@ -70,7 +68,6 @@ myip IN CNAME ns4
nextcloud IN CNAME ns1
notify IN CNAME ns1
registry IN CNAME ns4
-sogo IN CNAME ns1
transmission IN CNAME ns1
vouch IN CNAME ns1
www IN CNAME ns4
diff --git a/Ansible/roles/router/files/packetbeat.yml b/Ansible/roles/router/files/packetbeat.yml
deleted file mode 100644
index 07b3b8a..0000000
--- a/Ansible/roles/router/files/packetbeat.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-output.elasticsearch:
- hosts:
- - https://elasticsearch.shore.co.il:443
-
-logging:
- level: warning
- json: true
- to_syslog: true
- metrics.enabled: false
-
-# processors:
-# - add_host_metadata: ~
-
-packetbeat:
- interfaces.device: em1
- protocols:
- - type: icmp
- enabled: true
- - type: dns
- enabled: true
- - type: http
- enabled: true
- ports:
- - 80
- - type: tls
- enabled: true
- ports:
- - 443
- # - type: dhcp
- # enabled: true
- # ports:
- # - 67
- # - 68
diff --git a/Ansible/roles/router/handlers/main.yaml b/Ansible/roles/router/handlers/main.yaml
index 24920ae..835727a 100644
--- a/Ansible/roles/router/handlers/main.yaml
+++ b/Ansible/roles/router/handlers/main.yaml
@@ -71,21 +71,6 @@
name: sshd
state: restarted
-- name: Restart the filebeat daemon
- ansible.builtin.service:
- name: filebeat
- state: restarted
-
-- name: Restart the metricbeat daemon
- ansible.builtin.service:
- name: metricbeat
- state: restarted
-
-- name: Restart the packetbeat daemon
- ansible.builtin.service:
- name: packetbeat
- state: restarted
-
- name: Message about restarting the machine
ansible.builtin.debug:
msg: The {{ ansible_facts.hostname }} needs to be restarted
diff --git a/Ansible/roles/router/tasks/main.yaml b/Ansible/roles/router/tasks/main.yaml
index a0f292c..4171c12 100644
--- a/Ansible/roles/router/tasks/main.yaml
+++ b/Ansible/roles/router/tasks/main.yaml
@@ -519,39 +519,3 @@
tags:
- cron
- mail
-
-- name: Install beats
- loop: &beats
- - filebeat
- - metricbeat
- - packetbeat
- community.general.openbsd_pkg:
- name: '{{ item }}'
- state: present
- tags:
- - packages
- - beats
-
-- name: Configure beats
- loop: *beats
- ansible.builtin.copy:
- backup: true
- dest: '/etc/{{ item }}/{{ item }}.yml'
- group: wheel
- mode: 0o0644
- owner: root
- src: '{{ item }}.yml'
- validate: '{{ item }} test config -c %s'
- notify:
- - Restart the {{ item }} daemon
- tags:
- - beats
-
-- name: Enable beats
- loop: *beats
- ansible.builtin.service:
- enabled: true
- name: '{{ item }}'
- state: started
- tags:
- - beats
diff --git a/Compose/web-proxy/host01/conf.d/sogo.shore.co.il.conf b/Compose/web-proxy/host01/conf.d/sogo.shore.co.il.conf
deleted file mode 100644
index 09dcaa4..0000000
--- a/Compose/web-proxy/host01/conf.d/sogo.shore.co.il.conf
+++ /dev/null
@@ -1,41 +0,0 @@
-# vim: ft=nginx
-map $host $sogo { default sogo; }
-
-server {
- listen 80;
- listen [::]:80;
- server_name sogo.shore.co.il;
- include snippets/robots-disallow-all.conf;
- include snippets/ads-txt.conf;
- include snippets/security-txt.conf;
- include snippets/www-acme-challenge.conf;
- include snippets/redirect-https.conf;
-}
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
- http2 on;
- server_name sogo.shore.co.il;
- include snippets/robots-disallow-all.conf;
- include snippets/ads-txt.conf;
- include snippets/security-txt.conf;
- include snippets/ssl-modern.conf;
-
- location / { return 301 https://$host/SOGo/; }
- location /SOGo { return 301 https://$host/SOGo/; }
- location /SOGo/ {
- proxy_pass http://$sogo:20000$request_uri;
- proxy_http_version 1.1;
- include snippets/proxy-headers.conf;
- proxy_hide_header X-Frame-Options;
- include snippets/allow-private-ips.conf;
-
- # Copied from http://wiki.sogo.nu/nginxSettings
- proxy_set_header x-webobjects-server-protocol HTTP/1.1;
- proxy_set_header x-webobjects-remote-host $sogo;
- proxy_set_header x-webobjects-server-name $server_name;
- proxy_set_header x-webobjects-server-url $scheme://$host;
- proxy_set_header x-webobjects-server-port $server_port;
- }
-}
diff --git a/Compose/web-proxy/host01/docker-compose.yml b/Compose/web-proxy/host01/docker-compose.yml
index b7f28f0..43c9654 100644
--- a/Compose/web-proxy/host01/docker-compose.yml
+++ b/Compose/web-proxy/host01/docker-compose.yml
@@ -17,7 +17,6 @@ services:
- lam.shore.co.il
- matrix.shore.co.il
- mta-sts.shore.co.il
- - sogo.shore.co.il
- vouch.shore.co.il
- zpush.shore.co.il
ports:
diff --git a/Compose/web-proxy/ns4/conf.d/elasticsearch.shore.co.il.conf b/Compose/web-proxy/ns4/conf.d/elasticsearch.shore.co.il.conf
deleted file mode 100644
index 77b5170..0000000
--- a/Compose/web-proxy/ns4/conf.d/elasticsearch.shore.co.il.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-# vim: ft=nginx
-map $host $es { default elasticsearch; }
-
-server {
- listen 80;
- listen [::]:80;
- server_name elasticsearch.shore.co.il;
- include snippets/robots-disallow-all.conf;
- include snippets/ads-txt.conf;
- include snippets/security-txt.conf;
- include snippets/www-acme-challenge.conf;
- include snippets/redirect-https.conf;
-}
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
- http2 on;
- server_name elasticsearch.shore.co.il;
- include snippets/robots-disallow-all.conf;
- include snippets/ads-txt.conf;
- include snippets/security-txt.conf;
- include snippets/ssl-modern.conf;
-
- location / {
- proxy_pass http://$es:9200$request_uri;
- proxy_http_version 1.1;
- include snippets/allow-shore-ips.conf;
- }
-}
diff --git a/Compose/web-proxy/ns4/conf.d/kibana.shore.co.il.conf b/Compose/web-proxy/ns4/conf.d/kibana.shore.co.il.conf
deleted file mode 100644
index 3e4ba7b..0000000
--- a/Compose/web-proxy/ns4/conf.d/kibana.shore.co.il.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# vim: ft=nginx
-map $host $kibana { default kibana; }
-
-server {
- listen 80;
- listen [::]:80;
- server_name kibana.shore.co.il;
- include snippets/robots-disallow-all.conf;
- include snippets/ads-txt.conf;
- include snippets/security-txt.conf;
- include snippets/www-acme-challenge.conf;
- include snippets/redirect-https.conf;
-}
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
- http2 on;
- server_name kibana.shore.co.il;
- include snippets/robots-disallow-all.conf;
- include snippets/ads-txt.conf;
- include snippets/security-txt.conf;
- include snippets/ssl-modern.conf;
- include snippets/vouch.conf;
-
- location / {
- proxy_pass http://$kibana:5601$request_uri;
- proxy_http_version 1.1;
- include snippets/proxy-headers.conf;
- }
-}
--
GitLab