From 1a8b467bdfddfea048260e578251d724c8431e66 Mon Sep 17 00:00:00 2001 From: vincent Date: Sat, 28 Nov 2020 17:36:30 +0100 Subject: [PATCH] split server config in several file --- group_vars/server/database | 14 ++ group_vars/server/gitea | 14 ++ group_vars/server/mount | 88 ++++++++++ group_vars/server/nextcloud | 21 +++ group_vars/server/php | 21 +++ group_vars/server/server | 93 +++++++++++ group_vars/{server => server/web} | 256 +----------------------------- 7 files changed, 253 insertions(+), 254 deletions(-) create mode 100644 group_vars/server/database create mode 100644 group_vars/server/gitea create mode 100644 group_vars/server/mount create mode 100644 group_vars/server/nextcloud create mode 100644 group_vars/server/php create mode 100644 group_vars/server/server rename group_vars/{server => server/web} (57%) diff --git a/group_vars/server/database b/group_vars/server/database new file mode 100644 index 0000000..b2519cb --- /dev/null +++ b/group_vars/server/database @@ -0,0 +1,14 @@ +mysql_root_password: "{{ vault_mysql_root }}" +mysql_root_password_update: true + +postgresql_users: + - name: root + role_attr_flags: SUPERUSER + password: "{{ vault_mysql_root }}" + +# Users. +mysql_users: + - name: dump + host: localhost + password: "{{ vault_mysql_dump }}" + priv: "*.*:SELECT,SHOW DATABASES,LOCK TABLES" diff --git a/group_vars/server/gitea b/group_vars/server/gitea new file mode 100644 index 0000000..8215432 --- /dev/null +++ b/group_vars/server/gitea @@ -0,0 +1,14 @@ +gitea_http_domain: git.{{domain.name}} +gitea_root_url: https://git.{{domain.name}} +gitea_http_listen: 0.0.0.0 +gitea_db_type: postgres +gitea_db_host: localhost +gitea_db_name: gitea +gitea_db_user: gitea +gitea_db_password: "{{ vault_mysql_gitea }}" +gitea_ssh_domain: git.{{ domain.name }} +gitea_start_ssh: false +gitea_ssh_port: 22 +gitea_SQl_target_file: /mnt/diskstation/git/backup/postgres/last/gitea.sql +gitea_http_domain: git.{{domain.name}} +gitea_root_url: https://git.{{domain.name}} \ No newline at end of file diff --git a/group_vars/server/mount b/group_vars/server/mount new file mode 100644 index 0000000..43d2e33 --- /dev/null +++ b/group_vars/server/mount @@ -0,0 +1,88 @@ +systemd_mounts: + diskstation_git: + share: diskstation.ducamps.win:/volume2/git + mount: /mnt/diskstation/git + type: nfs + options: + - " " + automount: true + diskstation_CardDav: + share: diskstation.ducamps.win:/volume2/CardDav + mount: /mnt/diskstation/CardDav + type: nfs + options: + - " " + automount: true + backup_disk: + share: /dev/sdb1 + mount: /mnt/backup + type: ntfs-3g + options: + - "uid=1024 + - guid=100 + - vers=3.0" + automount: true + diskstation_home: + share: diskstation.ducamps.win:/volume2/homes/admin + mount: /mnt/diskstation/home + type: nfs + options: + - " " + automount: true + diskstation_photo: + share: diskstation.ducamps.win:/volume2/photo + mount: /mnt/diskstation/photo + type: nfs + options: + - " " + automount: true + diskstation_music: + share: diskstation.ducamps.win:/volume2/music + mount: /mnt/diskstation/music + type: nfs + options: + - " " + automount: true + diskstation_media: + share: diskstation.ducamps.win:/volume1/media + mount: /mnt/diskstation/media + type: nfs + options: + - " " + automount: true + diskstation_ebook: + share: diskstation.ducamps.win:/volume2/ebook + mount: /mnt/diskstation/ebook + type: nfs + options: + - " " + automount: true + diskstation_nextcloud: + share: //diskstation/nextcloud + mount: /mnt/diskstation/nextcloud + type: cifs + options: + - credentials=/etc/creds/.diskstation_credentials + - uid=33 + - gid=33 + - vers=3.0 + - dir_mode=0770 + automount: true +systemd_mounts_enabled: + - diskstation_git + - diskstation_music + - backup_disk + - diskstation_photo + - diskstation_home + - diskstation_CardDav + - diskstation_media + - diskstation_ebook + - diskstation_nextcloud + + +credentials_files: + 1: + type: smb + path: /etc/creds/.diskstation_credentials + username: admin + password: "{{ vault_diskstation_admin }}" diff --git a/group_vars/server/nextcloud b/group_vars/server/nextcloud new file mode 100644 index 0000000..a0cbb21 --- /dev/null +++ b/group_vars/server/nextcloud @@ -0,0 +1,21 @@ + +nextcloud_SQl_target_file: /mnt/diskstation/git/backup/postgres/last/nextcloud.sql +nextcloud_db_password: "{{ vault_mysql_nextcloud }}" +nextcloud_admin_password: "{{ vault_nextcloud_admin }}" +nextcloud_admin_user: "{{user.name}}" +nextcloud_trusted_domains: + - localhost + - file.ducamps.win +nextcloud_config_options: # additional options to set in config.php + - option: overwrite.cli.url + value: "'https://file.ducamps.win'" + - option: maintenance + value: "false" + - option: loglevel + value: "'2'" + - option: installed + value: "true" + - option: config_is_read_only + value: "false" +nextcloud_datadirectory: /mnt/diskstation/nextcloud +nextcloud_data_directory_creation: false diff --git a/group_vars/server/php b/group_vars/server/php new file mode 100644 index 0000000..a2f6ac8 --- /dev/null +++ b/group_vars/server/php @@ -0,0 +1,21 @@ +PHP_ReadWritePaths: + - /usr/share/webapps/nextcloud/apps + - /etc/webapps/nextcloud/config + - /mnt/diskstation +php_memory_limit: 512M #need for nextcloud be carefull on low memory device +php_extention_enable: + - iconv + - mysqli + - pdo_mysql + - pgsql + - pdo_pgsql + - soap + - intl + - bcmath #need for nextcloud + - gmp #need for nextcloud + - gd #need for nextcloud + - imagick #need for nextcloud + - exif # need for nextcloud +php_zend_extention_enable: + - opcache #need for nextcloud + \ No newline at end of file diff --git a/group_vars/server/server b/group_vars/server/server new file mode 100644 index 0000000..05128bb --- /dev/null +++ b/group_vars/server/server @@ -0,0 +1,93 @@ +syncthing_address: "0.0.0.0:8384" +syncthing_gui_user: "{{user.name}}" +syncthing_gui_password: $2a$10$nJZ8YN/1mB84Cbi79BKka.6SFMAKF.CBwyCNJDA9qUgXdkcuBilx2 + +notification_mail: "{{inventory_hostname}}@{{ domain.name }}" +msmtp_mailhub: smtp.{{ domain.name }} +msmtp_auth_user: "{{ user.mail }}" +msmtp_auth_pass: "{{ vault_email_password }}" + +rsynclocations: + - name: backup nas + location: /mnt/backup + readonly: "no" + +rsynchostalloawed: 192.168.1.10 + + +fail2ban_destmail: "{{ user.mail }}" +fail2ban_sendmail: "{{inventory_hostname}}@{{domain.name}}" + +Gandi_API_KEYS: "{{ vault_gandi_API_Keys }}" +Gandi_Domain: "{{ domain.name }}" +Gandi_Record: www + + +ttrss_db_password: "{{ vault_mysql_ttrss }}" +ttrss_log_destination: "" +ttrss_SQl_target_file: /mnt/diskstation/git/backup/postgres/last/ttrss.sql +ttrss_url_path: "https://www.{{domain.name}}/tt-rss" +ttrss_url_path: "https://www.{{domain.name}}/tt-rss" + +bind_listen_ipv4: ['any'] +bind_allow_query: ['any'] +bind_zone_master_server_ip: 192.168.1.10 +bind_zone_domains: + - name: ducamps.win + hostmaster_email: "vincent@ducamps.win" + - name: 1.168.192.in-addr.arpa + hostmaster_email: "vincent@ducamps.win" +bind_forwarders: + - '1.1.1.1' + - '80.67.169.40' +bind_recursion: true +bind_allow_recursion: + - "192.168.1.0/24" + + + +supysonic_db_password: "{{ vault_mysql_supysonic }}" +supysonic_SQl_target_file: /mnt/diskstation/git/backup/postgres/last/supysonic.sql +supysonic_force_site_update: true + +docker_users: "{{user.name}}" + +hass_SQl_target_file: /mnt/diskstation/git/backup/postgres/last/hass.sql +hass_db_password: "{{ vault_mysql_hass }}" +hass_repo: "gitea@git.{{ domain.name }}:vincent/HASS_conf.git" +hass_users: "{{user.name}}" + +samba_shares: + - name: hassconfig + path: /var/lib/hass + read_only: no + writable: yes + directory_mode: 770 + owner: hass + group: hass + write_list: "{{user.name}}" + +samba_users: + - name: "{{user.name}}" + password: "{{ vault_smb_user }}" + +keystodeploy: + - name: juicessh with password + sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJFXpEtY3gfc5QHaXFf4ynR+EC4ADOAj97ATKTZBAJKb JuiceSSH + - name: fixe-pc new + sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01 + - name: zen-pc + sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc + +pihole_admin_password: "{{ vault_pihole_admin }}" +pihole_local_resolver: 192.168.1.10 +pihole_local_domain: "{{ domain.name }}" + + + +chisel_server: true +chisel_server_port: 9090 +chisel_server_backend: https://www.{{domain.name}} +chisel_server_auth: + user: chisel + pass: "{{vault_chisel_server_pass}}" \ No newline at end of file diff --git a/group_vars/server b/group_vars/server/web similarity index 57% rename from group_vars/server rename to group_vars/server/web index 7b17bde..c8e2cd0 100644 --- a/group_vars/server +++ b/group_vars/server/web @@ -1,117 +1,3 @@ -systemd_mounts: - diskstation_git: - share: diskstation.ducamps.win:/volume2/git - mount: /mnt/diskstation/git - type: nfs - options: - - " " - automount: true - diskstation_CardDav: - share: diskstation.ducamps.win:/volume2/CardDav - mount: /mnt/diskstation/CardDav - type: nfs - options: - - " " - automount: true - backup_disk: - share: /dev/sdb1 - mount: /mnt/backup - type: ntfs-3g - options: - - "uid=1024 - - guid=100 - - vers=3.0" - automount: true - diskstation_home: - share: diskstation.ducamps.win:/volume2/homes/admin - mount: /mnt/diskstation/home - type: nfs - options: - - " " - automount: true - diskstation_photo: - share: diskstation.ducamps.win:/volume2/photo - mount: /mnt/diskstation/photo - type: nfs - options: - - " " - automount: true - diskstation_music: - share: diskstation.ducamps.win:/volume2/music - mount: /mnt/diskstation/music - type: nfs - options: - - " " - automount: true - diskstation_media: - share: diskstation.ducamps.win:/volume1/media - mount: /mnt/diskstation/media - type: nfs - options: - - " " - automount: true - diskstation_ebook: - share: diskstation.ducamps.win:/volume2/ebook - mount: /mnt/diskstation/ebook - type: nfs - options: - - " " - automount: true - diskstation_nextcloud: - share: //diskstation/nextcloud - mount: /mnt/diskstation/nextcloud - type: cifs - options: - - credentials=/etc/creds/.diskstation_credentials - - uid=33 - - gid=33 - - vers=3.0 - - dir_mode=0770 - automount: true -systemd_mounts_enabled: - - diskstation_git - - diskstation_music - - backup_disk - - diskstation_photo - - diskstation_home - - diskstation_CardDav - - diskstation_media - - diskstation_ebook - - diskstation_nextcloud - - -credentials_files: - 1: - type: smb - path: /etc/creds/.diskstation_credentials - username: admin - password: "{{ vault_diskstation_admin }}" - -syncthing_address: "0.0.0.0:8384" -syncthing_gui_user: "{{user.name}}" -syncthing_gui_password: $2a$10$nJZ8YN/1mB84Cbi79BKka.6SFMAKF.CBwyCNJDA9qUgXdkcuBilx2 - -notification_mail: "{{inventory_hostname}}@{{ domain.name }}" -msmtp_mailhub: smtp.{{ domain.name }} -msmtp_auth_user: "{{ user.mail }}" -msmtp_auth_pass: "{{ vault_email_password }}" - -rsynclocations: - - name: backup nas - location: /mnt/backup - readonly: "no" - -rsynchostalloawed: 192.168.1.10 - - - -fail2ban_destmail: "{{ user.mail }}" -fail2ban_sendmail: "{{inventory_hostname}}@{{domain.name}}" - -Gandi_API_KEYS: "{{ vault_gandi_API_Keys }}" -Gandi_Domain: "{{ domain.name }}" -Gandi_Record: www - certbot_force: false certbot_auto_renew_user: root certbot_create_if_missing: true @@ -128,6 +14,8 @@ certbot_certs: - hass.{{domain.name}} - ww.{{domain.name}} + +nginx_realIP_Proxy: 192.168.1.40/24 nginx_upstreams: - name: PHP-handler servers: @@ -392,143 +280,3 @@ nginx_vhosts: add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; proxy_pass http://localhost:9090; } - - -nginx_realIP_Proxy: 192.168.1.40/24 -PHP_ReadWritePaths: - - /usr/share/webapps/nextcloud/apps - - /etc/webapps/nextcloud/config - - /mnt/diskstation -php_memory_limit: 512M #need for nextcloud be carefull on low memory device -php_extention_enable: - - iconv - - mysqli - - pdo_mysql - - pgsql - - pdo_pgsql - - soap - - intl - - bcmath #need for nextcloud - - gmp #need for nextcloud - - gd #need for nextcloud - - imagick #need for nextcloud - - exif # need for nextcloud -php_zend_extention_enable: - - opcache #need for nextcloud - -mysql_root_password: "{{ vault_mysql_root }}" -mysql_root_password_update: true - -postgresql_users: - - name: root - role_attr_flags: SUPERUSER - password: "{{ vault_mysql_root }}" - -# Users. -mysql_users: - - name: dump - host: localhost - password: "{{ vault_mysql_dump }}" - priv: "*.*:SELECT,SHOW DATABASES,LOCK TABLES" - -ttrss_db_password: "{{ vault_mysql_ttrss }}" -ttrss_log_destination: "" -ttrss_SQl_target_file: /mnt/diskstation/git/backup/postgres/last/ttrss.sql -ttrss_url_path: "https://www.{{domain.name}}/tt-rss" - -bind_listen_ipv4: ['any'] -bind_allow_query: ['any'] -bind_zone_master_server_ip: 192.168.1.10 -bind_zone_domains: - - name: ducamps.win - hostmaster_email: "vincent@ducamps.win" - - name: 1.168.192.in-addr.arpa - hostmaster_email: "vincent@ducamps.win" -bind_forwarders: - - '1.1.1.1' - - '80.67.169.40' -bind_recursion: true -bind_allow_recursion: - - "192.168.1.0/24" - -gitea_http_listen: 0.0.0.0 -gitea_db_type: postgres -gitea_db_host: localhost -gitea_db_name: gitea -gitea_db_user: gitea -gitea_db_password: "{{ vault_mysql_gitea }}" -gitea_ssh_domain: git.{{ domain.name }} -gitea_start_ssh: false -gitea_ssh_port: 22 -gitea_SQl_target_file: /mnt/diskstation/git/backup/postgres/last/gitea.sql -gitea_http_domain: git.{{domain.name}} -gitea_root_url: https://git.{{domain.name}} - -supysonic_db_password: "{{ vault_mysql_supysonic }}" -supysonic_SQl_target_file: /mnt/diskstation/git/backup/postgres/last/supysonic.sql -supysonic_force_site_update: true - -docker_users: "{{user.name}}" - -hass_SQl_target_file: /mnt/diskstation/git/backup/postgres/last/hass.sql -hass_db_password: "{{ vault_mysql_hass }}" -hass_repo: "gitea@git.{{ domain.name }}:vincent/HASS_conf.git" -hass_users: "{{user.name}}" - -nextcloud_SQl_target_file: /mnt/diskstation/git/backup/postgres/last/nextcloud.sql -nextcloud_db_password: "{{ vault_mysql_nextcloud }}" -nextcloud_admin_password: "{{ vault_nextcloud_admin }}" -nextcloud_admin_user: "{{user.name}}" -nextcloud_trusted_domains: - - localhost - - file.ducamps.win -nextcloud_config_options: # additional options to set in config.php - - option: overwrite.cli.url - value: "'https://file.ducamps.win'" - - option: maintenance - value: "false" - - option: loglevel - value: "'2'" - - option: installed - value: "true" - - option: config_is_read_only - value: "false" -nextcloud_datadirectory: /mnt/diskstation/nextcloud -nextcloud_data_directory_creation: false - -samba_shares: - - name: hassconfig - path: /var/lib/hass - read_only: no - writable: yes - directory_mode: 770 - owner: hass - group: hass - - write_list: "{{user.name}}" -samba_users: - - name: "{{user.name}}" - password: "{{ vault_smb_user }}" - -keystodeploy: - - name: juicessh with password - sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJFXpEtY3gfc5QHaXFf4ynR+EC4ADOAj97ATKTZBAJKb JuiceSSH - - name: fixe-pc new - sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01 - - name: zen-pc - sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc - -pihole_admin_password: "{{ vault_pihole_admin }}" -pihole_local_resolver: 192.168.1.10 -pihole_local_domain: "{{ domain.name }}" - -ttrss_url_path: "https://www.{{domain.name}}/tt-rss" -gitea_http_domain: git.{{domain.name}} -gitea_root_url: https://git.{{domain.name}} -certbot_force: false -chisel_server: true -chisel_server_port: 9090 -chisel_server_backend: https://www.{{domain.name}} -chisel_server_auth: - user: chisel - pass: "{{vault_chisel_server_pass}}" \ No newline at end of file