Content dump and hide apprentice docs for now...

assets/apprentice/ansible/ansible.cfg

@@ -0,0 +1,135 @@
+[defaults]
+roles_path = ~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
+library = ~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
+inventory = ~/.ansible/hosts,/etc/ansible/hosts
+
+collections_path = ~/.ansible/collections:/usr/share/ansible/collections
+# This may be "ignore" or "fail", "warnging" is the default
+collections_on_ansible_version_mismatch = warning
+collections_scan_sys_path = True
+
+# Very useful, this will issue a warning if you run a command that
+# Ansible thinks there is an existing module to do the same job!
+command_warnings = True
+forks = 42
+
+# The default for gathering is "impicit", meaning Ansible won't cache facts
+gathering = smart
+gather_timeout = 13
+
+# May specify "paramiko", "ssh" or "smart" for choosing based of OS and ssh versions
+transport = smart
+use_persistent_connections = True
+private_key_file = ~/.ssh/id_rsa
+pipelining = ANSIBLE_PIPELINING
+
+# Task timeout, 0 = no timeout
+task_timeout = 0
+# Connection timeout
+timeout = 7
+
+# Run plays as fast as possible
+strategy = free
+
+# This gives better performance at the expense of CPU load,
+# so I guess you'd want it low on your workstation or laptop,
+# but higher on like an Ansible tower or similar automation setup using Ansible
+internal_poll_interval = 0.000001
+poll_interval = 3
+
+system_tmpdirs = /tmp, /var/tmp
+remote_tmp = ~/.ansible/tmp
+local_tmp = ~/.ansible/tmp
+
+jinja2_native_warning = True
+jinja2_native = True
+
+# This one is only really useful to make sure no secrets are logged on servers
+# when running Ansible tower or other automation systems using Ansible
+no_log = False
+# Logging is disabled on the client if "log_path" is empty
+log_path =
+# Target hosts logging facility
+syslog_facility = LOG_USER
+no_target_syslog = False
+
+# Must be one from python [zipfile](https://docs.python.org/3/library/zipfile.html) built-in library that is supported
+# on both the client and the target servers Ansible is going to run on, ZIP_DEFLATED is the default
+module_compression = ZIP_LZMA
+# ZIP_STORED = no compression
+# ZIP_DEFLATED = normal zip, requires zlib python module
+# ZIP_BZIP2 = bzip2, requires bz2 python module
+# ZIP_LZMA = lzma, requires lzma python module
+
+# Default module to run with the "ansible" command if not -m [module] is specified
+module_name = command
+
+# What will null variables in templates show?
+null_representation =
+
+# Let's make some errors warnings instead
+invalid_task_attribute_failed = False
+error_on_missing_handler = False
+string_conversion_action = warn
+
+# The same as the -v command line arg
+verbosity = 0
+
+# Extra output goodness!~
+show_task_path_on_failure = True
+display_args_to_stdout = True
+display_skipped_hosts = True
+show_per_host_start = True
+check_mode_markers = True
+show_custom_stats = True
+display_ok_hosts = True
+
+# This may be useful
+retry_files_enabled = False
+
+yaml_valid_extensions = .yml, .yaml, .json
+
+display_failed_stderr = True
+
+[persistent_connection]
+command_timeout = 42
+connect_retry_timeout = 7
+connect_timeout = 60
+
+[connection]
+# This only works if your become supports not using a tty,
+# but gives "significant performance improvement when enabled."
+pipelining = True
+
+# Eye-candy!
+[colors]
+changed = bright yellow
+console_prompt = white
+debug = gray
+deprecate = purple
+diff_add = green
+diff_lines = cyan
+diff_remove = red
+error = red
+highlight = white
+ok = green
+skip = cyan
+unreachable = bright red
+verbose = blue
+warn = bright purple
+
+[selinux]
+# Enable this if running SELinux
+libvirt_lxc_noseclabel = False
+# We want this to be empty unless maybe nfs target? it may be a list of filesystems
+special_context_filesystems =
+
+[diff]
+always = True
+context = 3
+
+[inventory]
+enable_plugins = host_list, script, auto, yaml, ini, toml
+
+[paramiko_connection]
+host_key_auto_add = True

assets/apprentice/ansible/inv.ini

@@ -0,0 +1,56 @@
+[prod]
+lost-islands
+
+[prod:children]
+prod_frontend
+prod_backend
+prod_vpn
+prod_db
+monitor
+backups
+misc
+
+[prod_frontend]
+hamar
+toten
+
+[prod_backend]
+lofoten
+narvik
+
+[prod_vpn]
+bergen
+molde
+
+[prod_db]
+hangar-22
+
+[monitor]
+smokeping.skyid.no
+monitoring
+
+[backups]
+backup.skyid.no
+myrkdalen
+
+[misc]
+gulf-of-oman
+deploy
+
+[dev:children]
+dev_frontend
+dev_backend
+dev_vpn
+dev_db
+
+[dev_frontend]
+mercury
+
+[dev_backend]
+scrapmetal
+
+[dev_vpn]
+dawnbreaker
+
+[dev_db]
+propaganda

assets/apprentice/ansible/inv.py

@@ -0,0 +1,67 @@
+#!/usr/bin/python3
+from json import dumps
+
+inv = {
+  'prod_frontend': {
+    'hosts': ['toten', 'hamar']
+  }, 'prod_backend': {
+    'hosts': ['lofoten', 'narvik']
+  }, 'prod_vpn': { # vpn/radius
+    'hosts': ['bergen', 'molde']
+  }, 'prod_db': {
+    'hosts': ['hangar-22']
+  }, 'prod': {
+    'hosts': ['lost-islands'], # monitoring and internal DNS
+    'children': [
+      'prod_frontend', 'prod_backend', 'misc',
+      'prod_vpn', 'prod_db', 'backups', 'monitor'
+    ]
+  },
+  'misc': {
+    'hosts': ['gulf-of-oman', 'deploy']
+  }, 'backups': {
+    'hosts': ['myrkdalen', 'backup.skyid.no']
+  }, 'monitor': {
+    'hosts': ['monitoring', 'smokeping.skyid.no']
+  },
+  'dev_frontend': { 'hosts': ['mercury'] },
+  'dev_backend': { 'hosts': ['scrapmetal'] },
+  'dev_vpn': { 'hosts': ['dawnbreaker'] },
+  'dev_db': { 'hosts': ['propaganda'] },
+  'dev': {
+    'children': [
+      'dev_frontend', 'dev_backend', 'dev_vpn', 'dev_db'
+    ]
+  },
+  "_meta": {
+    # since we're not doing hostvars this will make it a whole lot faster
+    # as Ansible won't have to run this script with --host for each one
+    "hostvars": {}
+  }
+}
+
+def inventory():
+  return dumps(inv, indent=2)
+
+def group_vars(host):
+  for group in inv.values():
+    if host in group.get('hosts', []):
+      return dumps(group.get('vars', {}), indent=2)
+  return '{}'
+
+if __name__ == '__main__':
+  from argparse import ArgumentParser
+  argparse = ArgumentParser()
+  argparse.add_argument(
+    '-l', '--list', action='store_true',
+    help='Print the inventory to stdout')
+  argparse.add_argument(
+    '-v', '--host', type=str,
+    help='Print host vars for a specific host')
+  args = argparse.parse_args()
+  if args.list:
+    print(inventory())
+  elif args.host:
+    print(group_vars(args.host))
+  else:
+    argparse.print_help()

assets/apprentice/ansible/inv.txt

@@ -0,0 +1,18 @@
+lost-islands
+toten
+hamar
+lofoten
+narvik
+gulf-of-oman
+deploy
+bergen
+molde
+hangar-22
+myrkdalen
+backup.skyid.no
+monitoring
+smokeping.skyid.no
+mercury
+scrapmetal
+dawnbreaker
+propaganda

assets/apprentice/ansible/inv.yml

@@ -0,0 +1,47 @@
+all:
+  children:
+    prod:
+      hosts:
+        lost-islands:
+      children:
+        prod_frontend:
+          hosts:
+            hamar:
+            toten:
+        prod_backend:
+          hosts:
+            lofoten:
+            narvik:
+        prod_vpn:
+          hosts:
+            bergen:
+            molde:
+        prod_db:
+          hosts:
+            hangar-22:
+        monitor:
+          hosts:
+            smokeping.skyid.no:
+            monitoring:
+        backups:
+          hosts:
+            backup.skyid.no:
+            myrkdalen:
+        misc:
+          hosts:
+            gulf-of-oman:
+            deploy:
+    dev:
+      children:
+        dev_frontend:
+          hosts:
+            mercury:
+        dev_backend:
+          hosts:
+            scrapmetal:
+        dev_vpn:
+          hosts:
+            dawnbreaker:
+        dev_db:
+          hosts:
+            propaganda:

assets/apprentice/security/accesscontrol-fix.py

@@ -0,0 +1,8 @@
+class AccessControl:
+  current_user = None
+  ...
+  def get_current_user(self):
+    if self.current_user.deleted is None:
+      return self.current_user
+    else:
+      raise Forbidden

assets/apprentice/security/accesscontrol.py

@@ -0,0 +1,5 @@
+class AccessControl:
+  current_user = None
+  ...
+  def get_current_user(self):
+    return self.current_user

assets/apprentice/security/htaccess

@@ -0,0 +1,2 @@
+Options +ExecCGI
+AddHandler cgi-script .cgi .pl .py .sh .rb

assets/chroma.scss

@@ -1,6 +1,5 @@
-.chroma {
-  min-height: 3.3vh; overflow: auto;
-  color: #ffffff; background-color: #111111; }
+.chroma { overflow: auto; color: #ffffff; background-color: #111111; }
+
 .chroma .lntd { vertical-align: top; padding: 0; margin: 0; border: 0 }
 .chroma .lntable { border-spacing: 0; padding: 0; margin: 0; border: 0 }
 .chroma .hl { background-color: #ffffcc }