ansible-edda/host_vars/yggdrasil/vars.yml

118 lines
5.0 KiB
YAML

# --------------------------------------------------------------------------------------------------
# system:zfs
# --------------------------------------------------------------------------------------------------
system_zfs_zpools:
- "bpool"
- "rpool"
- "hpool"
system_zfs_zpools_trim:
- "bpool"
- "rpool"
system_zfs_zpools_load_key:
- "hpool"
# --------------------------------------------------------------------------------------------------
# system:mail
# --------------------------------------------------------------------------------------------------
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
# --------------------------------------------------------------------------------------------------
# vpn
# --------------------------------------------------------------------------------------------------
vpn_subnet_id: 2
# --------------------------------------------------------------------------------------------------
# vpn:wireguard
# --------------------------------------------------------------------------------------------------
vpn_wireguard_role: "client"
vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}"
vpn_wireguard_server_public_key: "{{ vault_vpn_wireguard_server_public_key }}"
vpn_wireguard_server_preshared_key: "{{ vault_vpn_wireguard_server_preshared_key }}"
vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}"
vpn_wireguard_routing_table: 66
# --------------------------------------------------------------------------------------------------
# backups:snapshots
# --------------------------------------------------------------------------------------------------
backups_snapshots_sanoid_system_datasets:
- name: "bpool/BOOT"
templates: ["system"]
recursive: true
children_only: true
- name: "rpool/ROOT"
templates: ["system"]
recursive: true
children_only: true
- name: "rpool/home"
templates: ["system", "home"]
recursive: true
children_only: true
# --------------------------------------------------------------------------------------------------
# services
# --------------------------------------------------------------------------------------------------
services_root_dataset: "rpool{{ services_root_directory }}"
services_home_dataset: "rpool{{ services_home_directory }}"
services_data_dataset: "rpool{{ services_data_directory }}"
services_containers_dataset: "rpool{{ services_containers_directory }}"
services_host_services:
lrproxy:
address: "{{ vpn_bridge_prefix }}.2"
tcp: [80, 443]
database:
address: "{{ vpn_bridge_prefix }}.3"
cloud:
address: "{{ vpn_bridge_prefix }}.4"
git:
address: "{{ vpn_bridge_prefix }}.5"
tcp: ["{{ services.git.ssh_port }}"]
notes:
address: "{{ vpn_bridge_prefix }}.6"
# --------------------------------------------------------------------------------------------------
# services:backups
# --------------------------------------------------------------------------------------------------
services_backups_snapshots_dataset: "hpool/backup"
services_backups_snapshots_root_dataset: "{{ services_root_dataset |
replace('rpool/var/lib', 'hpool/backup') }}"
services_backups_snapshots_data_dataset: "{{ services_data_dataset |
replace('rpool/var/lib', 'hpool/backup') }}"
services_backups_snapshots_services: "\
{% set services_backups_snapshots_service = {} %}\
{% for service in services_host_services.keys() %}\
{{ services_backups_snapshots_service.update(
{ service: {
'backup_dataset': ( services_backups_snapshots_data_dataset ~ '/pod-' ~ service ),
'recursive': true,
'skip_parent': true,
}}
) }}\
{% endfor %}\
{{ services_backups_snapshots_service }}"
services_backups_restic_restic_password: "{{ vault_services_backups_restic_restic_password }}"
services_backups_restic_aws_access_key_id: "{{ vault_services_backups_restic_aws_access_key_id }}"
services_backups_restic_aws_secret_access_key: "\
{{ vault_services_backups_restic_aws_secret_access_key }}"
services_backups_restic_aws_bucket_endpoint: "\
{{ vault_services_backups_restic_aws_bucket_endpoint }}"
services_backups_restic_services: "\
{% set services_backups_restic_service = {} %}\
{% for service in services_host_services.keys() %}\
{{ services_backups_restic_service.update(
{ service: {
'aws_access_key_id': services_backups_restic_aws_access_key_id,
'aws_secret_access_key': services_backups_restic_aws_secret_access_key,
'aws_keys_file': '/etc/restic-aws-keys.yml',
'aws_bucket_endpoint': services_backups_restic_aws_bucket_endpoint,
'aws_bucket_prefix': ( 'the-nine-worlds---pod-' ~ service ),
'restic_password': services_backups_restic_restic_password,
'restic_password_file': '/etc/restic.password',
'restic_keep_daily': 30,
'restic_keep_monthly': 3,
}}
) }}\
{% endfor %}\
{{ services_backups_restic_service }}"