2022-12-18 23:43:40 +01:00
|
|
|
---
|
2022-12-13 22:06:29 +01:00
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
# system:zfs
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
system_zfs_zpools:
|
|
|
|
- "bpool"
|
|
|
|
- "rpool"
|
|
|
|
- "hpool"
|
|
|
|
system_zfs_zpools_trim:
|
|
|
|
- "bpool"
|
|
|
|
- "rpool"
|
|
|
|
system_zfs_zpools_load_key:
|
|
|
|
- "hpool"
|
|
|
|
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
# system:mail
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
|
|
|
|
2023-02-19 21:12:16 +01:00
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
# system:base
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
system_base_additional_ssh_users:
|
|
|
|
- "music"
|
2023-04-30 10:44:16 +02:00
|
|
|
system_base_interfaces_iifname:
|
|
|
|
- "virbr0"
|
2023-02-19 21:12:16 +01:00
|
|
|
system_base_udp_ports:
|
2023-02-23 22:43:37 +01:00
|
|
|
- 67 # dhcp (libvirt)
|
|
|
|
- 68 # dhcp (libvirt)
|
2023-02-19 21:12:16 +01:00
|
|
|
- 137 # samba
|
|
|
|
- 138 # samba
|
2023-07-27 23:00:04 +02:00
|
|
|
- 546 # dhcpv6
|
2023-07-08 13:07:43 +02:00
|
|
|
system_base_additional_tcp_ports:
|
2023-02-19 21:12:16 +01:00
|
|
|
- 139 # samba
|
|
|
|
- 445 # samba
|
2023-02-25 10:40:38 +01:00
|
|
|
system_base_unattended_upgrades_blacklist:
|
|
|
|
- "linux-"
|
|
|
|
- "zfs(utils)?-"
|
2023-02-19 21:12:16 +01:00
|
|
|
|
2023-02-19 17:49:35 +01:00
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
# system:var
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
2023-07-22 23:51:34 +02:00
|
|
|
system_var_root_directory: "/var/lib/yggdrasil"
|
2023-02-19 17:49:35 +01:00
|
|
|
|
|
|
|
system_var_root_dataset: "rpool{{ system_var_root_directory }}"
|
|
|
|
system_var_home_dataset: "rpool{{ system_var_home_directory }}"
|
|
|
|
system_var_data_dataset: "rpool{{ system_var_data_directory }}"
|
|
|
|
system_var_containers_dataset: "rpool{{ system_var_containers_directory }}"
|
|
|
|
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
# system:backup
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
system_backups_snapshots_dataset: "hpool/backup"
|
|
|
|
system_backups_snapshots_root_dataset: "{{ system_var_root_dataset |
|
|
|
|
replace('rpool/var/lib', 'hpool/backup') }}"
|
|
|
|
system_backups_snapshots_data_dataset: "{{ system_var_data_dataset |
|
|
|
|
replace('rpool/var/lib', 'hpool/backup') }}"
|
|
|
|
|
2022-12-13 22:06:29 +01:00
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
# vpn
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
vpn_subnet_id: 2
|
|
|
|
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
# vpn:wireguard
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
vpn_wireguard_role: "client"
|
|
|
|
vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}"
|
|
|
|
vpn_wireguard_server_public_key: "{{ vault_vpn_wireguard_server_public_key }}"
|
|
|
|
vpn_wireguard_server_preshared_key: "{{ vault_vpn_wireguard_server_preshared_key }}"
|
|
|
|
vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}"
|
|
|
|
vpn_wireguard_routing_table: 66
|
|
|
|
|
2022-12-20 19:40:33 +01:00
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
# vpn:bridge
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
vpn_bridge_routing_table: "{{ vpn_wireguard_routing_table }}"
|
2023-07-27 23:13:26 +02:00
|
|
|
vpn_bridge_local_only_inet_daddr:
|
|
|
|
- "{{ services_host_services.database.inet_address }}"
|
|
|
|
vpn_bridge_local_only_inet6_daddr:
|
|
|
|
- "{{ services_host_services.database.inet6_address }}"
|
2022-12-20 19:40:33 +01:00
|
|
|
|
2022-12-18 00:05:58 +01:00
|
|
|
# --------------------------------------------------------------------------------------------------
|
2022-12-18 17:06:27 +01:00
|
|
|
# backups:snapshots
|
2022-12-18 00:05:58 +01:00
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
backups_snapshots_sanoid_system_datasets:
|
|
|
|
- name: "bpool/BOOT"
|
|
|
|
templates: ["system"]
|
|
|
|
recursive: true
|
|
|
|
children_only: true
|
|
|
|
- name: "rpool/ROOT"
|
|
|
|
templates: ["system"]
|
|
|
|
recursive: true
|
|
|
|
children_only: true
|
|
|
|
- name: "rpool/home"
|
|
|
|
templates: ["system", "home"]
|
|
|
|
recursive: true
|
|
|
|
children_only: true
|
|
|
|
|
2023-02-19 21:12:16 +01:00
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
# music:rip
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
music_user_name: "music"
|
|
|
|
music_user_password: "{{ vault_music_user_password }}"
|
|
|
|
music_user_samba_password: "{{ vault_music_user_samba_password }}"
|
|
|
|
|
|
|
|
music_user_home_directory: "{{ system_var_home_directory }}/{{ music_user_name }}"
|
|
|
|
music_user_data_directory: "{{ system_var_data_directory }}/{{ music_user_name }}"
|
2023-03-01 19:58:37 +01:00
|
|
|
music_user_data_collection_directory: "{{ music_user_data_directory }}/collection"
|
2023-03-01 20:14:12 +01:00
|
|
|
music_user_data_archive_directory: "{{ music_user_data_directory }}/archive"
|
2023-02-19 21:12:16 +01:00
|
|
|
|
|
|
|
music_user_home_dataset: "rpool{{ music_user_home_directory }}"
|
|
|
|
music_user_data_dataset: "rpool{{ music_user_data_directory }}"
|
2023-03-01 19:58:37 +01:00
|
|
|
music_user_data_collection_dataset: "{{ music_user_data_dataset }}/collection"
|
2023-03-01 20:14:12 +01:00
|
|
|
music_user_data_archive_dataset: "{{ music_user_data_dataset }}/archive"
|
2023-02-19 21:12:16 +01:00
|
|
|
|
2023-02-19 23:46:17 +01:00
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
# music:backups
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
2023-02-19 22:51:17 +01:00
|
|
|
music_user_backups_snapshots_data_dataset: "\
|
|
|
|
{{ system_backups_snapshots_data_dataset }}/{{ music_user_name }}"
|
|
|
|
music_user_backups_snapshots_recursive: true
|
|
|
|
music_user_backups_snapshots_skip_parent: true
|
|
|
|
|
2023-02-19 23:46:17 +01:00
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
# music:org
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
2023-02-26 00:21:00 +01:00
|
|
|
music_user_nextcloud_domain: "cloud.wojciechkozlowski.eu"
|
|
|
|
music_user_nextcloud_url: "https://{{ music_user_nextcloud_domain }}/public.php/webdav"
|
2023-04-06 14:07:13 +02:00
|
|
|
|
|
|
|
music_user_nextcloud_music_user: "{{ vault_music_user_nextcloud_music_user }}"
|
|
|
|
music_user_nextcloud_music_pswd: "{{ vault_music_user_nextcloud_music_pswd }}"
|
|
|
|
|
|
|
|
music_user_nextcloud_videos_user: "{{ vault_music_user_nextcloud_videos_user }}"
|
|
|
|
music_user_nextcloud_videos_pswd: "{{ vault_music_user_nextcloud_videos_pswd }}"
|
2023-02-19 23:46:17 +01:00
|
|
|
|
2022-12-13 22:06:29 +01:00
|
|
|
# --------------------------------------------------------------------------------------------------
|
2022-12-14 21:19:05 +01:00
|
|
|
# services
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
2023-02-19 17:49:35 +01:00
|
|
|
services_root_dataset: "{{ system_var_root_dataset }}"
|
|
|
|
services_home_dataset: "{{ system_var_home_dataset }}"
|
|
|
|
services_data_dataset: "{{ system_var_data_dataset }}"
|
|
|
|
services_containers_dataset: "{{ system_var_containers_dataset }}"
|
2022-12-18 00:05:58 +01:00
|
|
|
|
2022-12-14 21:19:05 +01:00
|
|
|
services_host_services:
|
|
|
|
lrproxy:
|
2023-07-27 23:13:26 +02:00
|
|
|
inet_address: "{{ vpn_bridge_inet_prefix }}.2"
|
|
|
|
inet6_address: "{{ vpn_bridge_inet6_prefix }}::2"
|
2022-12-14 21:19:05 +01:00
|
|
|
tcp: [80, 443]
|
2023-07-11 21:16:59 +02:00
|
|
|
restic: true
|
2022-12-14 21:19:05 +01:00
|
|
|
database:
|
2023-07-27 23:13:26 +02:00
|
|
|
inet_address: "{{ vpn_bridge_inet_prefix }}.3"
|
|
|
|
inet6_address: "{{ vpn_bridge_inet6_prefix }}::3"
|
2023-07-11 21:16:59 +02:00
|
|
|
restic: true
|
2022-12-14 21:19:05 +01:00
|
|
|
cloud:
|
2023-07-27 23:13:26 +02:00
|
|
|
inet_address: "{{ vpn_bridge_inet_prefix }}.4"
|
|
|
|
inet6_address: "{{ vpn_bridge_inet6_prefix }}::4"
|
2023-07-11 21:16:59 +02:00
|
|
|
restic: true
|
2023-07-16 00:08:49 +02:00
|
|
|
restic_exclude:
|
|
|
|
- "external"
|
2022-12-14 21:19:05 +01:00
|
|
|
git:
|
2023-07-27 23:13:26 +02:00
|
|
|
inet_address: "{{ vpn_bridge_inet_prefix }}.5"
|
|
|
|
inet6_address: "{{ vpn_bridge_inet6_prefix }}::5"
|
2022-12-17 00:09:05 +01:00
|
|
|
tcp: ["{{ services.git.ssh_port }}"]
|
2023-07-11 21:16:59 +02:00
|
|
|
restic: true
|
2022-12-14 21:19:05 +01:00
|
|
|
notes:
|
2023-07-27 23:13:26 +02:00
|
|
|
inet_address: "{{ vpn_bridge_inet_prefix }}.6"
|
|
|
|
inet6_address: "{{ vpn_bridge_inet6_prefix }}::6"
|
2023-07-11 21:16:59 +02:00
|
|
|
restic: true
|
2023-02-21 00:06:29 +01:00
|
|
|
music:
|
2023-07-27 23:13:26 +02:00
|
|
|
inet_address: "{{ vpn_bridge_inet_prefix }}.7"
|
|
|
|
inet6_address: "{{ vpn_bridge_inet6_prefix }}::7"
|
2023-03-19 18:11:16 +01:00
|
|
|
collection_path: "{{ music_user_data_collection_directory }}"
|
|
|
|
archive_path: "{{ music_user_data_archive_directory }}"
|
2023-07-11 21:16:59 +02:00
|
|
|
restic: true
|
2022-12-18 00:05:58 +01:00
|
|
|
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
|
|
|
# services:backups
|
|
|
|
# --------------------------------------------------------------------------------------------------
|
2023-02-19 17:49:35 +01:00
|
|
|
services_backups_snapshots_dataset: "{{ system_backups_snapshots_dataset }}"
|
|
|
|
services_backups_snapshots_root_dataset: "{{ system_backups_snapshots_root_dataset }}"
|
|
|
|
services_backups_snapshots_data_dataset: "{{ system_backups_snapshots_data_dataset }}"
|
2022-12-18 17:06:27 +01:00
|
|
|
services_backups_snapshots_services: "\
|
|
|
|
{% set services_backups_snapshots_service = {} %}\
|
|
|
|
{% for service in services_host_services.keys() %}\
|
|
|
|
{{ services_backups_snapshots_service.update(
|
|
|
|
{ service: {
|
2023-02-19 22:36:16 +01:00
|
|
|
'user_name': ( 'pod-' ~ service ),
|
|
|
|
'data_dataset': ( services_data_dataset ~ '/pod-' ~ service ),
|
2022-12-18 17:06:27 +01:00
|
|
|
'backup_dataset': ( services_backups_snapshots_data_dataset ~ '/pod-' ~ service ),
|
|
|
|
'recursive': true,
|
|
|
|
'skip_parent': true,
|
|
|
|
}}
|
|
|
|
) }}\
|
|
|
|
{% endfor %}\
|
|
|
|
{{ services_backups_snapshots_service }}"
|