Separate vault and vars
This commit is contained in:
parent
f06d757010
commit
ec1009eb02
6
.gitignore
vendored
6
.gitignore
vendored
@ -1,6 +1,4 @@
|
|||||||
**/__pycache__/**
|
**/__pycache__/**
|
||||||
.coverage
|
|
||||||
fact_cache/**
|
fact_cache/**
|
||||||
group_vars/**
|
.coverage
|
||||||
host_vars/**
|
vault.yml
|
||||||
playbooks/filesystem/tmp/valkyrie/etc/resolv.conf
|
|
||||||
|
18
group_vars/all/vars.yml
Normal file
18
group_vars/all/vars.yml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# ansible
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
ansible_port: "{{ vault_ansible_port }}"
|
||||||
|
ansible_become_password: "{{ vault_ansible_become_password }}"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:base
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_base_ssh_user: "{{ vault_system_base_ssh_user }}"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:mail
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_mail_domain: "{{ vault_system_mail_domain }}"
|
||||||
|
system_mail_smtp_server: "{{ vault_system_mail_smtp_server }}"
|
||||||
|
system_mail_smtp_port: 465
|
||||||
|
system_mail_smtp_user: "{{ vault_system_mail_smtp_user }}"
|
58
group_vars/asgard/vars.yml
Normal file
58
group_vars/asgard/vars.yml
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# vpn:wireguard
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
vpn_wireguard_port: 51820
|
||||||
|
vpn_wireguard_address: "10.66.0.{{ vpn_subnet_id }}"
|
||||||
|
vpn_wireguard_netmask: "255.255.255.252"
|
||||||
|
vpn_wireguard_subnet: "10.66.0.0/30"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# vpn:bridge
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
vpn_bridge_prefix: "10.66.{{ vpn_subnet_id }}"
|
||||||
|
vpn_bridge_address: "{{ vpn_bridge_prefix }}.1"
|
||||||
|
vpn_bridge_broadcast: "{{ vpn_bridge_prefix }}.255"
|
||||||
|
vpn_bridge_netmask: "255.255.255.0"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# services
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
services:
|
||||||
|
rproxy: {}
|
||||||
|
www:
|
||||||
|
repo_user: "{{ vault_services.www.repo_user }}"
|
||||||
|
repo_token: "{{ vault_services.www.repo_token }}"
|
||||||
|
lrproxy: {}
|
||||||
|
database:
|
||||||
|
password: "{{ vault_services.database.password }}"
|
||||||
|
cloud:
|
||||||
|
domain: "{{ vault_services.cloud.domain }}"
|
||||||
|
database_name: "{{ vault_services.cloud.database_name }}"
|
||||||
|
database_user: "{{ vault_services.cloud.database_user }}"
|
||||||
|
database_password: "{{ vault_services.cloud.database_password }}"
|
||||||
|
admin_user: "{{ vault_services.cloud.admin_user }}"
|
||||||
|
admin_password: "{{ vault_services.cloud.admin_password }}"
|
||||||
|
smtp_host: "{{ vault_services.cloud.smtp_host }}"
|
||||||
|
smtp_name: "{{ vault_services.cloud.smtp_name }}"
|
||||||
|
smtp_password: "{{ vault_services.cloud.smtp_password }}"
|
||||||
|
git:
|
||||||
|
domain: "{{ vault_services.git.domain }}"
|
||||||
|
database_name: "{{ vault_services.git.database_name }}"
|
||||||
|
database_user: "{{ vault_services.git.database_user }}"
|
||||||
|
database_passwd: "{{ vault_services.git.database_passwd }}"
|
||||||
|
smtp_host: "{{ vault_services.git.smtp_host }}"
|
||||||
|
smtp_user: "{{ vault_services.git.smtp_user }}"
|
||||||
|
smtp_passwd: "{{ vault_services.git.smtp_passwd }}"
|
||||||
|
notes:
|
||||||
|
domain: "{{ vault_services.notes.domain }}"
|
||||||
|
database_name: "{{ vault_services.notes.database_name }}"
|
||||||
|
database_user: "{{ vault_services.notes.database_user }}"
|
||||||
|
database_password: "{{ vault_services.notes.database_password }}"
|
||||||
|
smtp_host: "{{ vault_services.notes.smtp_host }}"
|
||||||
|
smtp_name: "{{ vault_services.notes.smtp_name }}"
|
||||||
|
smtp_password: "{{ vault_services.notes.smtp_password }}"
|
||||||
|
|
||||||
|
scw_bucket_endpoint: "{{ vault_scw_bucket_endpoint }}"
|
||||||
|
scw_access_key: "{{ vault_scw_access_key }}"
|
||||||
|
scw_secret_key: "{{ vault_scw_secret_key }}"
|
||||||
|
restic_password: "{{ vault_restic_password }}"
|
6
group_vars/bifrost/vars.yml
Normal file
6
group_vars/bifrost/vars.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# vpn:wireguard
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
vpn_wireguard_port: 12768
|
||||||
|
vpn_wireguard_netmask: "255.255.255.252"
|
||||||
|
vpn_wireguard_subnet: "10.68.0.0/30"
|
11
group_vars/home/vars.yml
Normal file
11
group_vars/home/vars.yml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# network
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
local_network_address: "192.168.0.0"
|
||||||
|
local_network_masklen: 16
|
||||||
|
local_network: "{{ local_network_address }}/{{ local_network_masklen }}"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:base
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_base_fail2ban_ignoreip: "{{ local_network }}"
|
4
group_vars/remote/vars.yml
Normal file
4
group_vars/remote/vars.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:base
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_base_fail2ban_ignoreip: "{{ vault_system_base_fail2ban_ignoreip }}"
|
20
host_vars/heimdall/vars.yml
Normal file
20
host_vars/heimdall/vars.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:mail
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:base
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_base_udp_ports:
|
||||||
|
- 12768
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# vpn:wireguard
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
vpn_wireguard_role: "server"
|
||||||
|
vpn_wireguard_address: "10.68.0.1"
|
||||||
|
vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}"
|
||||||
|
vpn_wireguard_clients:
|
||||||
|
- public_key: "{{ vault_vpn_wireguard_clients_0_public_key }}"
|
||||||
|
preshared_key: "{{ vault_vpn_wireguard_clients_0_preshared_key }}"
|
39
host_vars/valkyrie/vars.yml
Normal file
39
host_vars/valkyrie/vars.yml
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:mail
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:base
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_base_additional_ssh_users:
|
||||||
|
- "pod-rproxy"
|
||||||
|
system_base_additional_tcp_ports:
|
||||||
|
- 80
|
||||||
|
- 443
|
||||||
|
system_base_udp_ports:
|
||||||
|
- 51820
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# vpn
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
vpn_subnet_id: 1
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# vpn:wireguard
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
vpn_wireguard_role: "server"
|
||||||
|
vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}"
|
||||||
|
vpn_wireguard_clients:
|
||||||
|
- public_key: "{{ vault_vpn_wireguard_clients_0_public_key }}"
|
||||||
|
preshared_key: "{{ vault_vpn_wireguard_clients_0_preshared_key }}"
|
||||||
|
subnet: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.0/24"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# vpn:bridge
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
vpn_bridge_dnat:
|
||||||
|
- address: "{{ vpn_bridge_prefix }}.2"
|
||||||
|
ports:
|
||||||
|
- 80
|
||||||
|
- 443
|
52
host_vars/yggdrasil/vars.yml
Normal file
52
host_vars/yggdrasil/vars.yml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:zfs
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_zfs_zpools:
|
||||||
|
- "bpool"
|
||||||
|
- "rpool"
|
||||||
|
- "hpool"
|
||||||
|
system_zfs_zpools_trim:
|
||||||
|
- "bpool"
|
||||||
|
- "rpool"
|
||||||
|
system_zfs_zpools_load_key:
|
||||||
|
- "hpool"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:mail
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:base
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_base_additional_tcp_ports:
|
||||||
|
- 80
|
||||||
|
- 443
|
||||||
|
- 2770
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# vpn
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
vpn_subnet_id: 2
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# vpn:wireguard
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
vpn_wireguard_role: "client"
|
||||||
|
vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}"
|
||||||
|
vpn_wireguard_server_public_key: "{{ vault_vpn_wireguard_server_public_key }}"
|
||||||
|
vpn_wireguard_server_preshared_key: "{{ vault_vpn_wireguard_server_preshared_key }}"
|
||||||
|
vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}"
|
||||||
|
vpn_wireguard_routing_table: 66
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# vpn:bridge
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
vpn_bridge_dnat:
|
||||||
|
- address: "{{ vpn_bridge_prefix }}.2"
|
||||||
|
ports:
|
||||||
|
- 80
|
||||||
|
- 443
|
||||||
|
- address: "{{ vpn_bridge_prefix }}.5"
|
||||||
|
ports:
|
||||||
|
- 2770
|
Loading…
Reference in New Issue
Block a user