This repository was archived by the owner on Jun 6, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathpimpmypi.yml
More file actions
171 lines (157 loc) · 6.09 KB
/
pimpmypi.yml
File metadata and controls
171 lines (157 loc) · 6.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
- hosts: all
roles:
- role: common
tags: ["common"]
- role: aria2
tags: ["aria2"]
- role: docker
tags: ["docker"]
- role: fluentbit
tags: ["fluentbit"]
- role: grafana
tags: ["grafana"]
- role: hdidle
tags: ["hdidle"]
- role: log2ram
tags: ["log2ram"]
- role: postfix
tags: ["postfix"]
- role: smartmontools
tags: ["smartmontools"]
vars:
boot_config_params:
- name: "arm_boost"
value: 1 # turbo-mode clock to be increased from 1.5GHz to 1.8GHz
- name: "arm_64bit"
value: 1 # 64-bit kernel (for performance)
- name: "hdmi_drive"
value: 2 # always enable HDMI audio to preserve alsa device order
- name: "hdmi_force_hotplug"
value: 1 # enable HDMI even if no monitor is detected
- name: "hdmi_ignore_cec_init"
value: 1 # disable a CEC-enabled TV from coming out of standby after boot
- name: "disable_fw_kms_setup"
value: 1 # KMS will parse the EDID instead of firmware
- name: "disable_overscan"
value: 1 # disable black border if display can output without overscan
- name: "disable_splash"
value: 1 # disable rainbow splash screen
boot_config_enabled:
- dtoverlay=vc4-kms-v3d
- dtoverlay=rpivid-v4l2 # enable hardware video decoding
- dtoverlay=hifiberry-dacplus
- dtoverlay=disable-wifi
- dtoverlay=disable-bt
hostname: bekasow
locale: en_US.UTF-8
timezone: Europe/Warsaw
packages:
# admin utilities
- deborphan
- dnsutils
- hdparm
- htop
- iotop
- lsof
- mc
- nmap
- rsync
- screen
- tcpdump
# build tools
- build-essential
- devscripts
- git
# security
- unattended-upgrades
- fail2ban
# other
- jhead
- python3-lxml
# configure static IP address
dhcpcd:
ip_address: 192.168.1.2/24
gateway_address: 192.168.1.1
dns_addresses: [8.8.8.8, 8.8.4.4]
# limit logs storage
journald:
system_max_use: 50M
max_file_sec: 1month
# configure Alsa for HiFiBerry
hifiberry:
alias: hifiberry
card: sndrpihifiberry # by name
mounts:
- uuid: 24963094-c186-4ad5-a376-1efa26facc01
path: /media/disk1
fstype: ext4
opts: defaults,nofail,x-systemd.device-timeout=10s
- uuid: 620d0822-63d1-4921-9d98-205a1fb4c663
path: /media/disk2
fstype: ext4
opts: defaults,nofail,x-systemd.device-timeout=10s
# - uuid: 834d8e92-b1fe-4f63-bbb7-25373734e592
# path: /media/timemachine
# fstype: ext4
# opts: defaults,nofail,x-systemd.device-timeout=10s
fluentbit:
# stackdriver:
# google_service_credentials: "{{ playbook_dir }}/stackdriver.vault"
loki:
host: "logs-prod-us-central1.grafana.net"
port: 443
http_user: 34439
http_passwd: !vault |
$ANSIBLE_VAULT;1.1;AES256
63376464633266373239633739346639623264383666323037333235316463323261386531323538
3063353733366339393530336536663630626134393035390a383437323034323562366563646666
31663736613937373264303137643532386562663033383839383133333630626234373930653435
3164643633613361370a363863353931323932353363353731313636393761636439636163663736
36336538303130643631333462313130663532623166366239363137396433303764636632613338
35396531376138333836316332323166386634386237336633373964636532333833353363323432
33326439386334316533623237386236326164646361383339376564353132356161636436383961
39313536376663646236656362643231326530623861616631386537666234666564616635386364
36306665333334383461333231643732613865313730306261616333616263373238
grafana:
agent_version: 0.38.0
username: 70924
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
36393466623037356137643462353264353366623061386135613534313336313438323465383035
6630643361316133326564396263343937656535306366620a663339613137333536663566313566
62666438373138353138303161366462376530336431643237393336396463386237366535653031
3463313639363562650a376264353533643836646234353932396133623533386630623734393737
36363033346136373038646235353032633436396234376533653733333636323761653862383737
31303061353731373831353631363630653335633439323638333836363765656334643139613232
30356161343535316438303832363562613466333030636437386139643431666330323165336239
37376263393132333333613961613532306666393165356132346465373633306639653063343435
32346138656665333832623330326266633936333432613863316138313835323065626633653735
34373061366661376166643835326235336235643662373965656335393065356634376661323163
366632626666376465353466353864633634
# spin down disk after 10 minutes
hdidle:
idle_time: 600
# move logs into memory
log2ram:
size: 100M
use_rsync: "true"
# relay mail to real account
postfix:
relay_host: "[smtp.gmail.com]:587"
sasl_mail: !vault |
$ANSIBLE_VAULT;1.1;AES256
65633364343836313435353131376466366530643738353466393761313963633936353037396134
3964336237623237653032663332323966643061363636650a633963363637636161663635653164
63303361613737313031313833613734623065363433353334616261383461623138636135386131
3562343261663762320a666162383338636462373735613536663435336265646436623266366439
65333034396238623834323236323936643934333464643731303330326436636536
sasl_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
65336233663862303530653934393239653731326664336465326233313561323331623266393034
3831636366353866326537333666363231343832386134380a643532353830353666373034623233
66323739386530636464366564626538313934333564646334373561616338626665613561636330
3632663634626666650a643838393066616563333933353362326166313864613565333562306262
37666364623035663365336461323762323730326135353936336339643538333165
# check disks once a day
smartmontools:
interval: 86400