ansible-edda/inventory/host_vars/yggdrasil/vars.yml

197 lines
8.8 KiB
YAML

---
# --------------------------------------------------------------------------------------------------
# system:zfs
# --------------------------------------------------------------------------------------------------
system_zfs_zpools:
- "bpool"
- "rpool"
- "hpool"
system_zfs_zpools_trim:
- "bpool"
- "rpool"
# --------------------------------------------------------------------------------------------------
# system:mail
# --------------------------------------------------------------------------------------------------
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
# --------------------------------------------------------------------------------------------------
# system:base
# --------------------------------------------------------------------------------------------------
system_base_additional_ssh_users:
- "music"
system_base_interfaces_iifname:
- "virbr0"
system_base_udp_ports:
- 67 # dhcp (libvirt)
- 68 # dhcp (libvirt)
- 137 # samba
- 138 # samba
- 546 # dhcpv6
system_base_additional_tcp_ports:
- 139 # samba
- 445 # samba
system_base_unattended_upgrades_blacklist:
- "linux-"
- "zfs(utils)?-"
# --------------------------------------------------------------------------------------------------
# system:var
# --------------------------------------------------------------------------------------------------
system_var_root_directory: "/var/lib/yggdrasil"
system_var_root_dataset: "rpool{{ system_var_root_directory }}"
system_var_home_dataset: "rpool{{ system_var_home_directory }}"
system_var_data_dataset: "rpool{{ system_var_data_directory }}"
system_var_containers_dataset: "rpool{{ system_var_containers_directory }}"
# --------------------------------------------------------------------------------------------------
# system:backup
# --------------------------------------------------------------------------------------------------
system_backups_snapshots_dataset: "hpool/backup"
system_backups_snapshots_root_dataset: "{{ system_var_root_dataset |
replace('rpool/var/lib/yggdrasil',
'hpool/backup/srv') }}"
system_backups_snapshots_data_dataset: "{{ system_var_data_dataset |
replace('rpool/var/lib/yggdrasil/data',
'hpool/backup/srv/the-nine-worlds') }}"
# --------------------------------------------------------------------------------------------------
# vpn
# --------------------------------------------------------------------------------------------------
vpn_subnet_id: 2
# --------------------------------------------------------------------------------------------------
# vpn:wireguard
# --------------------------------------------------------------------------------------------------
vpn_wireguard_role: "client"
vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}"
vpn_wireguard_server_public_key: "{{ vault_vpn_wireguard_server_public_key }}"
vpn_wireguard_server_preshared_key: "{{ vault_vpn_wireguard_server_preshared_key }}"
vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}"
vpn_wireguard_routing_table: 66
# --------------------------------------------------------------------------------------------------
# vpn:bridge
# --------------------------------------------------------------------------------------------------
vpn_bridge_routing_table: "{{ vpn_wireguard_routing_table }}"
vpn_bridge_local_only_inet_daddr:
- "{{ services_host_services.database.inet_address }}"
vpn_bridge_local_only_inet6_daddr:
- "{{ services_host_services.database.inet6_address }}"
# --------------------------------------------------------------------------------------------------
# backups:snapshots
# --------------------------------------------------------------------------------------------------
backups_snapshots_sanoid_system_datasets:
- name: "bpool/BOOT"
templates: ["system"]
recursive: true
children_only: true
- name: "rpool/ROOT"
templates: ["system"]
recursive: true
children_only: true
- name: "rpool/home"
templates: ["system", "home"]
recursive: true
children_only: true
# --------------------------------------------------------------------------------------------------
# music:rip
# --------------------------------------------------------------------------------------------------
music_user_name: "music"
music_user_password: "{{ vault_music_user_password }}"
music_user_samba_password: "{{ vault_music_user_samba_password }}"
music_user_home_directory: "{{ system_var_home_directory }}/{{ music_user_name }}"
music_user_data_directory: "{{ system_var_data_directory }}/{{ music_user_name }}"
music_user_data_collection_directory: "{{ music_user_data_directory }}/collection"
music_user_data_archive_directory: "{{ music_user_data_directory }}/archive"
music_user_home_dataset: "rpool{{ music_user_home_directory }}"
music_user_data_dataset: "rpool{{ music_user_data_directory }}"
music_user_data_collection_dataset: "{{ music_user_data_dataset }}/collection"
music_user_data_archive_dataset: "{{ music_user_data_dataset }}/archive"
# --------------------------------------------------------------------------------------------------
# music:backups
# --------------------------------------------------------------------------------------------------
music_user_backups_snapshots_data_dataset: "\
{{ system_backups_snapshots_data_dataset }}/{{ music_user_name }}"
music_user_backups_snapshots_recursive: true
music_user_backups_snapshots_skip_parent: true
# --------------------------------------------------------------------------------------------------
# music:org
# --------------------------------------------------------------------------------------------------
music_user_nextcloud_domain: "cloud.wojciechkozlowski.eu"
music_user_nextcloud_url: "https://{{ music_user_nextcloud_domain }}/public.php/webdav"
music_user_nextcloud_music_user: "{{ vault_music_user_nextcloud_music_user }}"
music_user_nextcloud_music_pswd: "{{ vault_music_user_nextcloud_music_pswd }}"
music_user_nextcloud_videos_user: "{{ vault_music_user_nextcloud_videos_user }}"
music_user_nextcloud_videos_pswd: "{{ vault_music_user_nextcloud_videos_pswd }}"
# --------------------------------------------------------------------------------------------------
# services
# --------------------------------------------------------------------------------------------------
services_root_dataset: "{{ system_var_root_dataset }}"
services_home_dataset: "{{ system_var_home_dataset }}"
services_data_dataset: "{{ system_var_data_dataset }}"
services_containers_dataset: "{{ system_var_containers_dataset }}"
services_host_services:
lrproxy:
inet_address: "{{ vpn_bridge_inet_prefix }}.2"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::2"
tcp: [80, 443]
restic: true
database:
inet_address: "{{ vpn_bridge_inet_prefix }}.3"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::3"
restic: true
cloud:
inet_address: "{{ vpn_bridge_inet_prefix }}.4"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::4"
restic: true
restic_exclude:
- "external"
git:
inet_address: "{{ vpn_bridge_inet_prefix }}.5"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::5"
tcp: ["{{ services.git.ssh_port }}"]
restic: true
notes:
inet_address: "{{ vpn_bridge_inet_prefix }}.6"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::6"
restic: true
music:
inet_address: "{{ vpn_bridge_inet_prefix }}.7"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::7"
collection_path: "{{ music_user_data_collection_directory }}"
archive_path: "{{ music_user_data_archive_directory }}"
restic: true
# --------------------------------------------------------------------------------------------------
# services:backups
# --------------------------------------------------------------------------------------------------
services_backups_snapshots_dataset: "{{ system_backups_snapshots_dataset }}"
services_backups_snapshots_root_dataset: "{{ system_backups_snapshots_root_dataset }}"
services_backups_snapshots_data_dataset: "{{ system_backups_snapshots_data_dataset }}"
services_backups_snapshots_services: "\
{% set services_backups_snapshots_service = {} %}\
{% for service in services_host_services.keys() %}\
{{ services_backups_snapshots_service.update(
{ service: {
'user_name': ( 'pod-' ~ service ),
'data_dataset': ( services_data_dataset ~ '/pod-' ~ service ),
'backup_dataset': ( services_backups_snapshots_data_dataset ~ '/pod-' ~ service ),
'recursive': true,
'skip_parent': true,
}}
) }}\
{% endfor %}\
{{ services_backups_snapshots_service }}"