From 327b9252e922996fb12f7959660eabe44f2a819a Mon Sep 17 00:00:00 2001 From: Alpha Chen Date: Tue, 5 Sep 2023 08:34:42 -0700 Subject: [PATCH] resize lotus-land-story, tweak ufw --- lotus-land-story/main.yml | 31 ++++++++++++++++++----- lotus-land-story/postgres.yml | 28 +++++--------------- lotus-land-story/prometheus.yml | 1 + lotus-land-story/templates/prometheus.yml | 13 +++++++--- 4 files changed, 41 insertions(+), 32 deletions(-) diff --git a/lotus-land-story/main.yml b/lotus-land-story/main.yml index 21cbe05..70f547c 100644 --- a/lotus-land-story/main.yml +++ b/lotus-land-story/main.yml @@ -95,13 +95,32 @@ GRANT SELECT ON prometheus.pg_stat_activity TO prometheus; when: "'prometheus' not in postgres_info.roles" -- import_playbook: golink.yml # noqa: name[play] -- import_playbook: grafana.yml # noqa: name[play] -- import_playbook: loki.yml # noqa: name[play] -- import_playbook: miniflux.yml # noqa: name[play] -- import_playbook: woodpecker.yml # noqa: name[play] +- import_playbook: golink.yml # noqa: name[play] +- import_playbook: grafana.yml # noqa: name[play] +- import_playbook: loki.yml # noqa: name[play] +- import_playbook: miniflux.yml # noqa: name[play] +- import_playbook: woodpecker.yml # noqa: name[play] - import_playbook: firefly-iii.yml # noqa: name[play] -- import_playbook: caddy.yml # noqa: name[play] +- import_playbook: caddy.yml # noqa: name[play] + +- name: Set up ufw + hosts: lotus-land-story + tasks: + + - name: Get docker network for ufw + community.docker.docker_network: + name: lotus_land_story + register: docker_network + + - name: Allow access from docker network + community.general.ufw: + rule: allow + from_ip: "{{ docker_network.network.IPAM.Config[0].Subnet }}" + notify: Reload ufw + + handlers: + - name: Import restarts + ansible.builtin.import_tasks: restarts.yml # vim: ft=yaml.ansible diff --git a/lotus-land-story/postgres.yml b/lotus-land-story/postgres.yml index 858d6ca..e76a6c7 100644 --- a/lotus-land-story/postgres.yml +++ b/lotus-land-story/postgres.yml @@ -33,28 +33,12 @@ from_ip: 127.0.0.1 notify: Reload ufw - - name: Allow access from docker - notify: Reload ufw - block: - - - name: Get docker network - community.docker.docker_network: - name: lotus_land_story - register: docker_network - - name: Allow access from docker network - community.general.ufw: - rule: allow - port: 5432 - proto: tcp - from_ip: "{{ docker_network.network.IPAM.Config[0].Subnet }}" - notify: Reload ufw - # https://pgtune.leopard.in.ua/ # DB Version: 15 # OS Type: linux # DB Type: web - # Total Memory (RAM): 2 GB - # CPUs num: 1 + # Total Memory (RAM): 4 GB + # CPUs num: 2 # Data Storage: ssd - name: Tune postgres ansible.builtin.lineinfile: @@ -66,15 +50,15 @@ vars: configs: max_connections: 200 - shared_buffers: 512MB - effective_cache_size: 1536MB - maintenance_work_mem: 128MB + shared_buffers: 1GB + effective_cache_size: 3GB + maintenance_work_mem: 256MB checkpoint_completion_target: 0.9 wal_buffers: 16MB default_statistics_target: 100 random_page_cost: 1.1 effective_io_concurrency: 200 - work_mem: 1310kB + work_mem: 2621kB min_wal_size: 1GB max_wal_size: 4GB notify: Restart postgres diff --git a/lotus-land-story/prometheus.yml b/lotus-land-story/prometheus.yml index 0cedbb8..c712986 100644 --- a/lotus-land-story/prometheus.yml +++ b/lotus-land-story/prometheus.yml @@ -61,6 +61,7 @@ command: - --config.file=/etc/prometheus/prometheus.yml - --storage.tsdb.retention.size=5GB + - --log.format=json restart: true user: "{{ prometheus_user.uid }}" groups: "{{ prometheus_user.group }}" diff --git a/lotus-land-story/templates/prometheus.yml b/lotus-land-story/templates/prometheus.yml index 2831b53..e2f81af 100644 --- a/lotus-land-story/templates/prometheus.yml +++ b/lotus-land-story/templates/prometheus.yml @@ -42,7 +42,12 @@ scrape_configs: static_configs: - targets: ['woodpecker-server:8000'] - - job_name: linode - linode_sd_configs: - - authorization: - credentials: {{ prometheus.linode_api_token }} + # - job_name: linode + # linode_sd_configs: + # - authorization: + # credentials: {{ prometheus.linode_api_token }} + # relabel_configs: + # # Use the public IPv6 address and port 9100 to scrape the target. + # - source_labels: [__meta_linode_public_ipv6] + # target_label: __address__ + # replacement: "[$1]:9100"