--- # -------------------------------------------------------------------------------------------------- # system:extra # -------------------------------------------------------------------------------------------------- system_extra_netdata_bind_to: "0.0.0.0 [::]" system_extra_netdata_stream_parent: true # -------------------------------------------------------------------------------------------------- # system:zfs # -------------------------------------------------------------------------------------------------- system_zfs_zpools: - "bpool" - "rpool" - "hpool" system_zfs_zpools_trim: - "bpool" - "rpool" # -------------------------------------------------------------------------------------------------- # system:mail # -------------------------------------------------------------------------------------------------- system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}" # -------------------------------------------------------------------------------------------------- # system:base # -------------------------------------------------------------------------------------------------- system_base_additional_ssh_users: - "music" system_base_interfaces_iifname: - "virbr0" system_base_udp_ports: - 67 # dhcp (libvirt) - 68 # dhcp (libvirt) - 137 # samba - 138 # samba - 546 # dhcpv6 system_base_additional_tcp_ports: - 139 # samba - 445 # samba - 19999 # netdata system_base_unattended_upgrades_blacklist: - "linux-" - "zfs(utils)?-" # -------------------------------------------------------------------------------------------------- # system:var # -------------------------------------------------------------------------------------------------- system_var_root_dataset: "rpool{{ system_var_root_directory }}" system_var_data_dataset: "rpool{{ system_var_data_directory }}" system_var_containers_dataset: "rpool{{ system_var_containers_directory }}" # -------------------------------------------------------------------------------------------------- # system:backup # -------------------------------------------------------------------------------------------------- system_backups_snapshots_dataset: "hpool/backup" system_backups_snapshots_root_dataset: "{{ system_backups_snapshots_dataset }}/the-nine-worlds" system_backups_snapshots_data_dataset: "{{ system_backups_snapshots_root_dataset }}/data" # -------------------------------------------------------------------------------------------------- # vpn # -------------------------------------------------------------------------------------------------- vpn_subnet_id: 2 # -------------------------------------------------------------------------------------------------- # vpn:wireguard # -------------------------------------------------------------------------------------------------- vpn_wireguard_role: "client" vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}" vpn_wireguard_server_public_key: "{{ vault_vpn_wireguard_server_public_key }}" vpn_wireguard_server_preshared_key: "{{ vault_vpn_wireguard_server_preshared_key }}" vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}" vpn_wireguard_routing_table: 66 # -------------------------------------------------------------------------------------------------- # vpn:bridge # -------------------------------------------------------------------------------------------------- vpn_bridge_routing_table: "{{ vpn_wireguard_routing_table }}" vpn_bridge_local_only_inet_daddr: - "{{ services_host_services.database.inet_address }}" vpn_bridge_local_only_inet6_daddr: - "{{ services_host_services.database.inet6_address }}" # -------------------------------------------------------------------------------------------------- # backups:snapshots # -------------------------------------------------------------------------------------------------- backups_snapshots_sanoid_system_datasets: - name: "bpool/BOOT" templates: ["system"] recursive: true children_only: true - name: "rpool/ROOT" templates: ["system"] recursive: true children_only: true - name: "rpool/home" templates: ["system", "home"] recursive: true children_only: true # -------------------------------------------------------------------------------------------------- # music:rip # -------------------------------------------------------------------------------------------------- music_user_name: "music" music_user_password: "{{ vault_music_user_password }}" music_user_samba_password: "{{ vault_music_user_samba_password }}" music_user_home_directory: "/home/{{ music_user_name }}" music_user_data_directory: "{{ system_var_data_directory }}/{{ music_user_name }}" music_user_data_collection_directory: "{{ music_user_data_directory }}/collection" music_user_data_archive_directory: "{{ music_user_data_directory }}/archive" music_user_home_dataset: "rpool{{ music_user_home_directory }}" music_user_data_dataset: "rpool{{ music_user_data_directory }}" music_user_data_collection_dataset: "{{ music_user_data_dataset }}/collection" music_user_data_archive_dataset: "{{ music_user_data_dataset }}/archive" # -------------------------------------------------------------------------------------------------- # music:backups # -------------------------------------------------------------------------------------------------- music_user_backups_snapshots_data_dataset: "\ {{ system_backups_snapshots_data_dataset }}/{{ music_user_name }}" music_user_backups_snapshots_recursive: true music_user_backups_snapshots_skip_parent: true # -------------------------------------------------------------------------------------------------- # music:org # -------------------------------------------------------------------------------------------------- music_user_nextcloud_domain: "cloud.wojciechkozlowski.eu" music_user_nextcloud_url: "https://{{ music_user_nextcloud_domain }}/public.php/webdav" music_user_nextcloud_music_user: "{{ vault_music_user_nextcloud_music_user }}" music_user_nextcloud_music_pswd: "{{ vault_music_user_nextcloud_music_pswd }}" music_user_nextcloud_videos_user: "{{ vault_music_user_nextcloud_videos_user }}" music_user_nextcloud_videos_pswd: "{{ vault_music_user_nextcloud_videos_pswd }}" # -------------------------------------------------------------------------------------------------- # services # -------------------------------------------------------------------------------------------------- services_root_dataset: "{{ system_var_root_dataset }}" services_data_dataset: "{{ system_var_data_dataset }}" services_containers_dataset: "{{ system_var_containers_dataset }}" services_host_services: lrproxy: inet_address: "{{ vpn_bridge_inet_prefix }}.2" inet6_address: "{{ vpn_bridge_inet6_prefix }}::2" tcp: [80, 443] restic: true database: inet_address: "{{ vpn_bridge_inet_prefix }}.3" inet6_address: "{{ vpn_bridge_inet6_prefix }}::3" restic: true cloud: inet_address: "{{ vpn_bridge_inet_prefix }}.4" inet6_address: "{{ vpn_bridge_inet6_prefix }}::4" restic: true restic_exclude: - "external" git: inet_address: "{{ vpn_bridge_inet_prefix }}.5" inet6_address: "{{ vpn_bridge_inet6_prefix }}::5" tcp: ["{{ services.git.ssh_port }}"] restic: true notes: inet_address: "{{ vpn_bridge_inet_prefix }}.6" inet6_address: "{{ vpn_bridge_inet6_prefix }}::6" restic: true music: inet_address: "{{ vpn_bridge_inet_prefix }}.7" inet6_address: "{{ vpn_bridge_inet6_prefix }}::7" collection_path: "{{ music_user_data_collection_directory }}" archive_path: "{{ music_user_data_archive_directory }}" restic: true metrics: inet_address: "{{ vpn_bridge_inet_prefix }}.8" inet6_address: "{{ vpn_bridge_inet6_prefix }}::8" target_inet: "{{ vpn_wireguard_inet6_address }}" target_inet6: "{{ vpn_wireguard_inet6_address }}" target_port: 19999 tcp: [9090] restic: true dash: inet_address: "{{ vpn_bridge_inet_prefix }}.9" inet6_address: "{{ vpn_bridge_inet6_prefix }}::9" restic: true # -------------------------------------------------------------------------------------------------- # services:backups # -------------------------------------------------------------------------------------------------- services_backups_snapshots_dataset: "{{ system_backups_snapshots_dataset }}" services_backups_snapshots_root_dataset: "{{ system_backups_snapshots_root_dataset }}" services_backups_snapshots_data_dataset: "{{ system_backups_snapshots_data_dataset }}" services_backups_snapshots_services: "\ {% set services_backups_snapshots_service = {} %}\ {% for service in services_host_services.keys() %}\ {{ services_backups_snapshots_service.update( { service: { 'user_name': ( 'pod-' ~ service ), 'data_dataset': ( services_data_dataset ~ '/pod-' ~ service ), 'backup_dataset': ( services_backups_snapshots_data_dataset ~ '/pod-' ~ service ), 'recursive': true, 'skip_parent': true, }} ) }}\ {% endfor %}\ {{ services_backups_snapshots_service }}"