homelab/ansible/host_vars/oscar

---
wireguard_address: "10.0.0.2/24"
wireguard_byhost_allowed_ips:
  merlin: 10.0.0.2,192.168.1.40
  corwin: 10.0.0.2,192.168.1.40
perrsistent_keepalive: "30"
wireguard_endpoint: ""

wireguard_postup:
  - iptables -A FORWARD -i wg0 -j ACCEPT
  - iptables -A FORWARD -o wg0 -j ACCEPT
  - iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE

wireguard_postdown:
  - iptables -D FORWARD -i wg0 -j ACCEPT
  - iptables -D FORWARD -o wg0 -j ACCEPT
  - iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE
consul_snapshot: True

vault_snapshot: true
vault_backup_location: "/mnt/diskstation/git/backup/vault"
vault_roleID: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:vault-snapshot_approle') }}"
vault_secretID: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:vault-snapshot_secretID') }}"
partition_table:
  - device: "/dev/sda"
    label: gpt
    settings:
      - number: 1
        part_end: 300MB
        flags: [boot, esp]
        fstype: vfat
        format: yes
      - number: 2
        part_start: 512MB
        part_end: 1524MB
        flags: []
        fstype: swap
        format: yes
      - number: 3
        part_start: 1524MB
        flags: [lvm]
        fstype: ext4
        format: yes
  #- device: "/dev/sdb"
  #settings:
  #- number: 1
  #name: home
  #fstype: ext4
  #format:
mount_table:
  - device: "/dev/sda"
    settings:
      - number: 3
        mountpath: /mnt
        fstype: ext4
      - number: 1
        mountpath: /mnt/boot
        fstype: vfat

#need vfat boot partition with esp label
provissionning_UEFI_Enable: True
split workstation and server playbook from https://git.ducamps.win/vincent/ansible 2022-06-19 10:38:23 +00:00			`---`
			`wireguard_address: "10.0.0.2/24"`
fixe wireguard issue and custome allowed ips 2022-09-13 16:11:39 +00:00			`wireguard_byhost_allowed_ips:`
oscar is dead 2023-04-16 17:27:26 +00:00			`merlin: 10.0.0.2,192.168.1.40`
			`corwin: 10.0.0.2,192.168.1.40`
split workstation and server playbook from https://git.ducamps.win/vincent/ansible 2022-06-19 10:38:23 +00:00			`perrsistent_keepalive: "30"`
			`wireguard_endpoint: ""`

			`wireguard_postup:`
			`- iptables -A FORWARD -i wg0 -j ACCEPT`
			`- iptables -A FORWARD -o wg0 -j ACCEPT`
fixe wireguard issue and custome allowed ips 2022-09-13 16:11:39 +00:00			`- iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE`
split workstation and server playbook from https://git.ducamps.win/vincent/ansible 2022-06-19 10:38:23 +00:00
			`wireguard_postdown:`
			`- iptables -D FORWARD -i wg0 -j ACCEPT`
			`- iptables -D FORWARD -o wg0 -j ACCEPT`
fixe wireguard issue and custome allowed ips 2022-09-13 16:11:39 +00:00			`- iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE`
split workstation and server playbook from https://git.ducamps.win/vincent/ansible 2022-06-19 10:38:23 +00:00			`consul_snapshot: True`
add partition table for oscar 2022-09-12 18:20:08 +00:00
add vault snapshot 2023-08-27 15:06:45 +00:00			`vault_snapshot: true`
			`vault_backup_location: "/mnt/diskstation/git/backup/vault"`
			`vault_roleID: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:vault-snapshot_approle') }}"`
			`vault_secretID: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:vault-snapshot_secretID') }}"`
add partition table for oscar 2022-09-12 18:20:08 +00:00			`partition_table:`
			`- device: "/dev/sda"`
			`label: gpt`
			`settings:`
			`- number: 1`
fix size EFI issue 2022-09-12 21:11:47 +00:00			`part_end: 300MB`
add partition table for oscar 2022-09-12 18:20:08 +00:00			`flags: [boot, esp]`
			`fstype: vfat`
			`format: yes`
			`- number: 2`
			`part_start: 512MB`
			`part_end: 1524MB`
			`flags: []`
			`fstype: swap`
			`format: yes`
			`- number: 3`
			`part_start: 1524MB`
			`flags: [lvm]`
			`fstype: ext4`
			`format: yes`
			`#- device: "/dev/sdb"`
			`#settings:`
			`#- number: 1`
			`#name: home`
			`#fstype: ext4`
			`#format:`
			`mount_table:`
			`- device: "/dev/sda"`
			`settings:`
			`- number: 3`
			`mountpath: /mnt`
			`fstype: ext4`
			`- number: 1`
			`mountpath: /mnt/boot`
			`fstype: vfat`

			`#need vfat boot partition with esp label`
			`provissionning_UEFI_Enable: True`