Separate vault and vars
This commit is contained in:
parent
f06d757010
commit
ec1009eb02
6
.gitignore
vendored
6
.gitignore
vendored
@ -1,6 +1,4 @@
|
||||
**/__pycache__/**
|
||||
.coverage
|
||||
fact_cache/**
|
||||
group_vars/**
|
||||
host_vars/**
|
||||
playbooks/filesystem/tmp/valkyrie/etc/resolv.conf
|
||||
.coverage
|
||||
vault.yml
|
||||
|
18
group_vars/all/vars.yml
Normal file
18
group_vars/all/vars.yml
Normal file
@ -0,0 +1,18 @@
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# ansible
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
ansible_port: "{{ vault_ansible_port }}"
|
||||
ansible_become_password: "{{ vault_ansible_become_password }}"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:base
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_base_ssh_user: "{{ vault_system_base_ssh_user }}"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:mail
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_mail_domain: "{{ vault_system_mail_domain }}"
|
||||
system_mail_smtp_server: "{{ vault_system_mail_smtp_server }}"
|
||||
system_mail_smtp_port: 465
|
||||
system_mail_smtp_user: "{{ vault_system_mail_smtp_user }}"
|
58
group_vars/asgard/vars.yml
Normal file
58
group_vars/asgard/vars.yml
Normal file
@ -0,0 +1,58 @@
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn:wireguard
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_wireguard_port: 51820
|
||||
vpn_wireguard_address: "10.66.0.{{ vpn_subnet_id }}"
|
||||
vpn_wireguard_netmask: "255.255.255.252"
|
||||
vpn_wireguard_subnet: "10.66.0.0/30"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn:bridge
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_bridge_prefix: "10.66.{{ vpn_subnet_id }}"
|
||||
vpn_bridge_address: "{{ vpn_bridge_prefix }}.1"
|
||||
vpn_bridge_broadcast: "{{ vpn_bridge_prefix }}.255"
|
||||
vpn_bridge_netmask: "255.255.255.0"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# services
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
services:
|
||||
rproxy: {}
|
||||
www:
|
||||
repo_user: "{{ vault_services.www.repo_user }}"
|
||||
repo_token: "{{ vault_services.www.repo_token }}"
|
||||
lrproxy: {}
|
||||
database:
|
||||
password: "{{ vault_services.database.password }}"
|
||||
cloud:
|
||||
domain: "{{ vault_services.cloud.domain }}"
|
||||
database_name: "{{ vault_services.cloud.database_name }}"
|
||||
database_user: "{{ vault_services.cloud.database_user }}"
|
||||
database_password: "{{ vault_services.cloud.database_password }}"
|
||||
admin_user: "{{ vault_services.cloud.admin_user }}"
|
||||
admin_password: "{{ vault_services.cloud.admin_password }}"
|
||||
smtp_host: "{{ vault_services.cloud.smtp_host }}"
|
||||
smtp_name: "{{ vault_services.cloud.smtp_name }}"
|
||||
smtp_password: "{{ vault_services.cloud.smtp_password }}"
|
||||
git:
|
||||
domain: "{{ vault_services.git.domain }}"
|
||||
database_name: "{{ vault_services.git.database_name }}"
|
||||
database_user: "{{ vault_services.git.database_user }}"
|
||||
database_passwd: "{{ vault_services.git.database_passwd }}"
|
||||
smtp_host: "{{ vault_services.git.smtp_host }}"
|
||||
smtp_user: "{{ vault_services.git.smtp_user }}"
|
||||
smtp_passwd: "{{ vault_services.git.smtp_passwd }}"
|
||||
notes:
|
||||
domain: "{{ vault_services.notes.domain }}"
|
||||
database_name: "{{ vault_services.notes.database_name }}"
|
||||
database_user: "{{ vault_services.notes.database_user }}"
|
||||
database_password: "{{ vault_services.notes.database_password }}"
|
||||
smtp_host: "{{ vault_services.notes.smtp_host }}"
|
||||
smtp_name: "{{ vault_services.notes.smtp_name }}"
|
||||
smtp_password: "{{ vault_services.notes.smtp_password }}"
|
||||
|
||||
scw_bucket_endpoint: "{{ vault_scw_bucket_endpoint }}"
|
||||
scw_access_key: "{{ vault_scw_access_key }}"
|
||||
scw_secret_key: "{{ vault_scw_secret_key }}"
|
||||
restic_password: "{{ vault_restic_password }}"
|
6
group_vars/bifrost/vars.yml
Normal file
6
group_vars/bifrost/vars.yml
Normal file
@ -0,0 +1,6 @@
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn:wireguard
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_wireguard_port: 12768
|
||||
vpn_wireguard_netmask: "255.255.255.252"
|
||||
vpn_wireguard_subnet: "10.68.0.0/30"
|
11
group_vars/home/vars.yml
Normal file
11
group_vars/home/vars.yml
Normal file
@ -0,0 +1,11 @@
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# network
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
local_network_address: "192.168.0.0"
|
||||
local_network_masklen: 16
|
||||
local_network: "{{ local_network_address }}/{{ local_network_masklen }}"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:base
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_base_fail2ban_ignoreip: "{{ local_network }}"
|
4
group_vars/remote/vars.yml
Normal file
4
group_vars/remote/vars.yml
Normal file
@ -0,0 +1,4 @@
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:base
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_base_fail2ban_ignoreip: "{{ vault_system_base_fail2ban_ignoreip }}"
|
20
host_vars/heimdall/vars.yml
Normal file
20
host_vars/heimdall/vars.yml
Normal file
@ -0,0 +1,20 @@
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:mail
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:base
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_base_udp_ports:
|
||||
- 12768
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn:wireguard
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_wireguard_role: "server"
|
||||
vpn_wireguard_address: "10.68.0.1"
|
||||
vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}"
|
||||
vpn_wireguard_clients:
|
||||
- public_key: "{{ vault_vpn_wireguard_clients_0_public_key }}"
|
||||
preshared_key: "{{ vault_vpn_wireguard_clients_0_preshared_key }}"
|
39
host_vars/valkyrie/vars.yml
Normal file
39
host_vars/valkyrie/vars.yml
Normal file
@ -0,0 +1,39 @@
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:mail
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:base
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_base_additional_ssh_users:
|
||||
- "pod-rproxy"
|
||||
system_base_additional_tcp_ports:
|
||||
- 80
|
||||
- 443
|
||||
system_base_udp_ports:
|
||||
- 51820
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_subnet_id: 1
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn:wireguard
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_wireguard_role: "server"
|
||||
vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}"
|
||||
vpn_wireguard_clients:
|
||||
- public_key: "{{ vault_vpn_wireguard_clients_0_public_key }}"
|
||||
preshared_key: "{{ vault_vpn_wireguard_clients_0_preshared_key }}"
|
||||
subnet: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.0/24"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn:bridge
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_bridge_dnat:
|
||||
- address: "{{ vpn_bridge_prefix }}.2"
|
||||
ports:
|
||||
- 80
|
||||
- 443
|
52
host_vars/yggdrasil/vars.yml
Normal file
52
host_vars/yggdrasil/vars.yml
Normal file
@ -0,0 +1,52 @@
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:zfs
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_zfs_zpools:
|
||||
- "bpool"
|
||||
- "rpool"
|
||||
- "hpool"
|
||||
system_zfs_zpools_trim:
|
||||
- "bpool"
|
||||
- "rpool"
|
||||
system_zfs_zpools_load_key:
|
||||
- "hpool"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:mail
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:base
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_base_additional_tcp_ports:
|
||||
- 80
|
||||
- 443
|
||||
- 2770
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_subnet_id: 2
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn:wireguard
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_wireguard_role: "client"
|
||||
vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}"
|
||||
vpn_wireguard_server_public_key: "{{ vault_vpn_wireguard_server_public_key }}"
|
||||
vpn_wireguard_server_preshared_key: "{{ vault_vpn_wireguard_server_preshared_key }}"
|
||||
vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}"
|
||||
vpn_wireguard_routing_table: 66
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn:bridge
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
vpn_bridge_dnat:
|
||||
- address: "{{ vpn_bridge_prefix }}.2"
|
||||
ports:
|
||||
- 80
|
||||
- 443
|
||||
- address: "{{ vpn_bridge_prefix }}.5"
|
||||
ports:
|
||||
- 2770
|
Loading…
Reference in New Issue
Block a user