Cleanup.

Remove services that have been decomissioned.

Ansible/renew-certs.yaml

@@ -37,8 +37,6 @@
           - autoconfig.nehes.co
           - autoconfig.nehe.sr
           - autoconfig.shore.co.il
-          - elasticsearch.shore.co.il
-          - kibana.shore.co.il
           - myip.shore.co.il
           - nehes.co
           - nehe.sr
@@ -70,7 +68,6 @@
           - ns1.shore.co.il
           - notify.shore.co.il
           - matrix.shore.co.il
-          - sogo.shore.co.il
           - vouch.shore.co.il
           - zpush.shore.co.il
         handlers:

Ansible/roles/router/files/filebeat.yml

----
-output.elasticsearch:
-  hosts:
-    - https://elasticsearch.shore.co.il:443
-
-logging:
-  level: warning
-  json: true
-  to_syslog: true
-  metrics.enabled: false
-
-processors:
-  - add_host_metadata: ~
-
-filebeat:
-  inputs:
-    - type: log
-      enabled: true
-      paths:
-        - /var/log/*.log
-        - /var/log/authlog
-        - /var/log/daemon
-
-  config.modules:
-    path: ${path.config}/modules.d/*.yml
-    reload:
-      enabled: false

Ansible/roles/router/files/metricbeat.yml

----
-output.elasticsearch:
-  hosts:
-    - https://elasticsearch.shore.co.il:443
-
-logging:
-  level: warning
-  json: true
-  to_syslog: true
-  metrics.enabled: false
-
-# processors:
-#   - add_host_metadata: ~
-
-metricbeat.config.modules:
-  path: ${path.config}/modules.d/*.yml
-  reload.enabled: false
-
-metricbeat.modules:
-  - module: system
-    metricsets:
-      - cpu
-      - load
-      - memory
-      # - network
-      # - process
-      # - process_summary
-      - uptime
-      - socket_summary
-      # - diskio
-      - filesystem
-      - fsstat
-      # - service

Ansible/roles/router/files/nsd/shore.co.il

@@ -2,7 +2,7 @@
 $TTL 1h
 $ORIGIN shore.co.il.
 @               IN      SOA     ns1     hostmaster (
-        2023121501 ; Serial
+        2024012601 ; Serial
         4h         ; Refresh
         1h         ; Retry
         4w         ; Expire
@@ -56,11 +56,9 @@ _caldavs._tcp    IN  SRV  0 1 443 nextcloud
 auth            IN  CNAME   ns1
 autoconfig      IN  CNAME   ns4
 code            IN  CNAME   ns1
-elasticsearch   IN  CNAME   ns4
 git             IN  CNAME   ns1
 imap            IN  CNAME   smtp
 jellyfin        IN  CNAME   ns1
-kibana          IN  CNAME   ns4
 kodi            IN  CNAME   ns1
 lam             IN  CNAME   ns1
 library         IN  CNAME   ns1
@@ -70,7 +68,6 @@ myip            IN  CNAME   ns4
 nextcloud       IN  CNAME   ns1
 notify          IN  CNAME   ns1
 registry        IN  CNAME   ns4
-sogo            IN  CNAME   ns1
 transmission    IN  CNAME   ns1
 vouch           IN  CNAME   ns1
 www             IN  CNAME   ns4

Ansible/roles/router/files/packetbeat.yml

----
-output.elasticsearch:
-  hosts:
-    - https://elasticsearch.shore.co.il:443
-
-logging:
-  level: warning
-  json: true
-  to_syslog: true
-  metrics.enabled: false
-
-# processors:
-#   - add_host_metadata: ~
-
-packetbeat:
-  interfaces.device: em1
-  protocols:
-    - type: icmp
-      enabled: true
-    - type: dns
-      enabled: true
-    - type: http
-      enabled: true
-      ports:
-        - 80
-    - type: tls
-      enabled: true
-      ports:
-        - 443
-    # - type: dhcp
-    #   enabled: true
-    #   ports:
-    #     - 67
-    #     - 68

Ansible/roles/router/handlers/main.yaml

@@ -71,21 +71,6 @@
     name: sshd
     state: restarted
 
-- name: Restart the filebeat daemon
-  ansible.builtin.service:
-    name: filebeat
-    state: restarted
-
-- name: Restart the metricbeat daemon
-  ansible.builtin.service:
-    name: metricbeat
-    state: restarted
-
-- name: Restart the packetbeat daemon
-  ansible.builtin.service:
-    name: packetbeat
-    state: restarted
-
 - name: Message about restarting the machine
   ansible.builtin.debug:
     msg: The {{ ansible_facts.hostname }} needs to be restarted

Ansible/roles/router/tasks/main.yaml

@@ -519,39 +519,3 @@
   tags:
     - cron
     - mail
-
-- name: Install beats
-  loop: &beats
-    - filebeat
-    - metricbeat
-    - packetbeat
-  community.general.openbsd_pkg:
-    name: '{{ item }}'
-    state: present
-  tags:
-    - packages
-    - beats
-
-- name: Configure beats
-  loop: *beats
-  ansible.builtin.copy:
-    backup: true
-    dest: '/etc/{{ item }}/{{ item }}.yml'
-    group: wheel
-    mode: 0o0644
-    owner: root
-    src: '{{ item }}.yml'
-    validate: '{{ item }} test config -c %s'
-  notify:
-    - Restart the {{ item }} daemon
-  tags:
-    - beats
-
-- name: Enable beats
-  loop: *beats
-  ansible.builtin.service:
-    enabled: true
-    name: '{{ item }}'
-    state: started
-  tags:
-    - beats

Compose/web-proxy/host01/conf.d/sogo.shore.co.il.conf

-# vim: ft=nginx
-map $host $sogo { default sogo; }
-
-server {
-    listen      80;
-    listen      [::]:80;
-    server_name sogo.shore.co.il;
-    include     snippets/robots-disallow-all.conf;
-    include     snippets/ads-txt.conf;
-    include     snippets/security-txt.conf;
-    include     snippets/www-acme-challenge.conf;
-    include     snippets/redirect-https.conf;
-}
-
-server {
-    listen      443 ssl;
-    listen      [::]:443 ssl;
-    http2       on;
-    server_name sogo.shore.co.il;
-    include     snippets/robots-disallow-all.conf;
-    include     snippets/ads-txt.conf;
-    include     snippets/security-txt.conf;
-    include     snippets/ssl-modern.conf;
-
-    location    /       { return 301 https://$host/SOGo/; }
-    location    /SOGo   { return 301 https://$host/SOGo/; }
-    location /SOGo/ {
-        proxy_pass              http://$sogo:20000$request_uri;
-        proxy_http_version      1.1;
-        include                 snippets/proxy-headers.conf;
-        proxy_hide_header       X-Frame-Options;
-        include                 snippets/allow-private-ips.conf;
-
-        # Copied from http://wiki.sogo.nu/nginxSettings
-        proxy_set_header        x-webobjects-server-protocol HTTP/1.1;
-        proxy_set_header        x-webobjects-remote-host $sogo;
-        proxy_set_header        x-webobjects-server-name $server_name;
-        proxy_set_header        x-webobjects-server-url $scheme://$host;
-        proxy_set_header        x-webobjects-server-port $server_port;
-    }
-}

Compose/web-proxy/host01/docker-compose.yml

@@ -17,7 +17,6 @@ services:
           - lam.shore.co.il
           - matrix.shore.co.il
           - mta-sts.shore.co.il
-          - sogo.shore.co.il
           - vouch.shore.co.il
           - zpush.shore.co.il
     ports:

Compose/web-proxy/ns4/conf.d/elasticsearch.shore.co.il.conf

-# vim: ft=nginx
-map $host $es { default elasticsearch; }
-
-server {
-    listen      80;
-    listen      [::]:80;
-    server_name elasticsearch.shore.co.il;
-    include     snippets/robots-disallow-all.conf;
-    include     snippets/ads-txt.conf;
-    include     snippets/security-txt.conf;
-    include     snippets/www-acme-challenge.conf;
-    include     snippets/redirect-https.conf;
-}
-
-server {
-    listen      443 ssl;
-    listen      [::]:443 ssl;
-    http2       on;
-    server_name elasticsearch.shore.co.il;
-    include     snippets/robots-disallow-all.conf;
-    include     snippets/ads-txt.conf;
-    include     snippets/security-txt.conf;
-    include     snippets/ssl-modern.conf;
-
-    location / {
-        proxy_pass              http://$es:9200$request_uri;
-        proxy_http_version      1.1;
-        include                 snippets/allow-shore-ips.conf;
-    }
-}

Compose/web-proxy/ns4/conf.d/kibana.shore.co.il.conf

-# vim: ft=nginx
-map $host $kibana { default kibana; }
-
-server {
-    listen      80;
-    listen      [::]:80;
-    server_name kibana.shore.co.il;
-    include     snippets/robots-disallow-all.conf;
-    include     snippets/ads-txt.conf;
-    include     snippets/security-txt.conf;
-    include     snippets/www-acme-challenge.conf;
-    include     snippets/redirect-https.conf;
-}
-
-server {
-    listen      443 ssl;
-    listen      [::]:443 ssl;
-    http2       on;
-    server_name kibana.shore.co.il;
-    include     snippets/robots-disallow-all.conf;
-    include     snippets/ads-txt.conf;
-    include     snippets/security-txt.conf;
-    include     snippets/ssl-modern.conf;
-    include     snippets/vouch.conf;
-
-    location / {
-        proxy_pass              http://$kibana:5601$request_uri;
-        proxy_http_version      1.1;
-        include                 snippets/proxy-headers.conf;
-    }
-}