diff --git a/ansible/group_vars/DNS b/ansible/group_vars/DNS index be43090..63f085c 100644 --- a/ansible/group_vars/DNS +++ b/ansible/group_vars/DNS @@ -13,7 +13,7 @@ pdns_sqlite_databases_locations: pdns_rec_config: forward-zones: - - "consul=127.0.0.1:8600" + - "{{ consul_domain }}=127.0.0.1:8600" - "ducamps.win=192.168.1.10" - "ducamps.eu=192.168.1.10" local-address: "{{ ansible_default_ipv4.address }}" diff --git a/ansible/group_vars/VPS/mount b/ansible/group_vars/VPS/mount new file mode 100644 index 0000000..9918c74 --- /dev/null +++ b/ansible/group_vars/VPS/mount @@ -0,0 +1,32 @@ +systemd_mounts: + diskstation_nomad: + share: diskstation.ducamps.win:/volume2/nomad + mount: /mnt/diskstation/nomad + type: nfs + options: + - " " + automount: true + hetzner_storage: + share: //u304977.your-storagebox.de/backup + mount: /mnt/hetzner/storagebox + type: cifs + options: + - credentials=/etc/creds/hetzner_credentials + - uid= 1024 + - gid= 10 + - vers=3.0 + - mfsymlinks + automount: true + +credentials_files: + 1: + type: smb + path: /etc/creds/hetzner_credentials + username: u304977 + password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:hetzner') }}" + + + +systemd_mounts_enabled: + - diskstation_nomad + - hetzner_storage diff --git a/ansible/group_vars/VPS b/ansible/group_vars/VPS/vps similarity index 55% rename from ansible/group_vars/VPS rename to ansible/group_vars/VPS/vps index 64254f1..14e07d2 100644 --- a/ansible/group_vars/VPS +++ b/ansible/group_vars/VPS/vps @@ -42,35 +42,4 @@ nomad_datacenter: hetzner consul_server: False nomad_server: False -systemd_mounts: - diskstation_nomad: - share: diskstation.ducamps.win:/volume2/nomad - mount: /mnt/diskstation/nomad - type: nfs - options: - - " " - automount: true - hetzner_storage: - share: //u304977.your-storagebox.de/backup - mount: /mnt/hetzner/storagebox - type: cifs - options: - - credentials=/etc/creds/hetzner_credentials - - uid= 1024 - - gid= 10 - - vers=3.0 - - mfsymlinks - automount: true -credentials_files: - 1: - type: smb - path: /etc/creds/hetzner_credentials - username: u304977 - password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:hetzner') }}" - - - -systemd_mounts_enabled: - - diskstation_nomad - - hetzner_storage diff --git a/ansible/group_vars/all/all b/ansible/group_vars/all/all index 684d52e..3e55506 100644 --- a/ansible/group_vars/all/all +++ b/ansible/group_vars/all/all @@ -1,36 +1,6 @@ ansible_python_interpreter: /usr/bin/python3 -user: - name: vincent - home: /home/vincent - uid: 1024 - mail: vincent@ducamps.win - groups: - - docker - authorized_keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01 - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc - privatekey: - - keyname: "id_gitea" - key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" - -user_config_repo: "ssh://git@git.{{ domain.name }}:2222/vincent/conf2.git" -domain: - name: ducamps.win - hass_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfVei9iC/Ra5qmSZcLu8z2CTaXCmfn4JSS4o3eu0HhykdYGSqhBTcUDD3/FhcTPQJVFsu1P4Gwqq1dCE+EvaZZRQaMUqVKUpOliThSG6etbImkvqLQQsC1qt+/NqSvfzu2+28A6+YspzuxsViGo7e3Gg9MdwV3LMGh0mcOr/uXb/HIk18sJg5yQpwMfYTj0Wda90nyegcN3F2iZMeauh/aaFJzWcHNakAAewceDYOErU07NhlZgVA2C8HgkJ8HL7AqIVqt9VOx3xLp91DbKTNXSxvyM0X4NQP24P7ZFxAOk/j0AX3hAWhaNmievCHyBWvQve1VshZXFwEIiuHm8q4GSCxK2r0oQudKdtIuQMfuUALigdiSxo522oEiML/2kSk17WsxZwh7SxfD0DKa82fy9iAwcAluWLwJ+yN3nGnDFF/tHYaamSiowpmTTmQ9ycyIPWPLVZclt3BlEt9WH/FPOdzAyY7YLzW9X6jhsU3QwViyaTRGqAdqzUAiflKCMsNzb5kq0oYsDFC+/eqp1USlgTZDhoKtTKRGEjW2KuUlDsXGBeB6w1D8XZxXJXAaHuMh4oMUgLswjLUdTH3oLnnAvfOrl8O66kTkmcQ8i/kr1wDODMy/oNUzs8q4DeRuhD5dpUiTUGYDTWPYj6m6U/GAEHvN/2YEqSgfVff1iQ4VBw== - system_arch_local_mirror: "https://arch.{{domain.name}}/repo/archlinux_$arch" - - system_sudoers_group: "serverAdmin" system_ipV6_disable: True -user_custom_host: - - host: "git.ducamps.win" - user: "git" - keyfile: "~/.ssh/id_gitea" - - host: "gitlab.com" - user: "git" - keyfile: "~/.ssh/id_consort" - diff --git a/ansible/group_vars/all/consul b/ansible/group_vars/all/consul new file mode 100644 index 0000000..353335a --- /dev/null +++ b/ansible/group_vars/all/consul @@ -0,0 +1,5 @@ +consul_client_addr: "0.0.0.0" +consul_datacenter: "homelab" +consul_backup_location: "/mnt/diskstation/git/backup/consul" +consul_ansible_group: all +consul_systemd_resolved_enable: true diff --git a/ansible/group_vars/all/mail b/ansible/group_vars/all/mail new file mode 100644 index 0000000..b8f3748 --- /dev/null +++ b/ansible/group_vars/all/mail @@ -0,0 +1,5 @@ +notification_mail: "{{inventory_hostname}}@{{ domain.name }}" +msmtp_mailhub: smtp.{{ domain.name }} +msmtp_auth_user: "{{ user.mail }}" +msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}" + diff --git a/ansible/group_vars/all/nomad b/ansible/group_vars/all/nomad new file mode 100644 index 0000000..16a79bb --- /dev/null +++ b/ansible/group_vars/all/nomad @@ -0,0 +1,9 @@ +nomad_docker_allow_caps: + - NET_ADMIN + - NET_BROADCAST + - NET_RAW +nomad_vault_enabled: true +nomad_vault_address: "http://active.vault.service.{{consul_domain}}:8200" +nomad_vault_role: "nomad-cluster" +nomad_vault_token: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:nomad_vault_token') }}" + diff --git a/ansible/group_vars/all/server b/ansible/group_vars/all/server deleted file mode 100644 index c57d84d..0000000 --- a/ansible/group_vars/all/server +++ /dev/null @@ -1,43 +0,0 @@ -consul_client_addr: "0.0.0.0" -consul_datacenter: "homelab" -consul_backup_location: "/mnt/diskstation/git/backup/consul" -consul_ansible_group: all -consul_bootstrap_expect: 3 -consul_systemd_resolved_enable: true -nomad_docker_allow_caps: - - NET_ADMIN - - NET_BROADCAST - - NET_RAW -nomad_vault_enabled: true -nomad_vault_address: "http://active.vault.service.consul:8200" -nomad_vault_role: "nomad-cluster" -nomad_vault_token: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:nomad_vault_token') }}" -nomad_bootstrap_expect: 3 -notification_mail: "{{inventory_hostname}}@{{ domain.name }}" -msmtp_mailhub: smtp.{{ domain.name }} -msmtp_auth_user: "{{ user.mail }}" -msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}" - -system_user: - - name: drone-deploy - home: /home/drone-deploy - shell: /bin/bash - privatekey: - - keyname: id_gitea - key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" - - - authorized_keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar - - - name: ansible - home: /home/ansible - shell: /bin/bash - - - name: root - home: /root - privatekey: - - keyname: id_gitea - key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" - - diff --git a/ansible/group_vars/all/users b/ansible/group_vars/all/users new file mode 100644 index 0000000..e602fee --- /dev/null +++ b/ansible/group_vars/all/users @@ -0,0 +1,49 @@ +user: + name: vincent + home: /home/vincent + uid: 1024 + mail: vincent@ducamps.win + groups: + - docker + authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc + privatekey: + - keyname: "id_gitea" + key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" + + + +system_user: + - name: drone-deploy + home: /home/drone-deploy + shell: /bin/bash + privatekey: + - keyname: id_gitea + key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" + + + authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar + + - name: ansible + home: /home/ansible + shell: /bin/bash + + - name: root + home: /root + privatekey: + - keyname: id_gitea + key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" + + +user_custom_host: + - host: "git.ducamps.win" + user: "git" + keyfile: "~/.ssh/id_gitea" + - host: "gitlab.com" + user: "git" + keyfile: "~/.ssh/id_consort" + +user_config_repo: "ssh://git@git.{{ domain.name }}:2222/vincent/conf2.git" diff --git a/ansible/group_vars/all/vault b/ansible/group_vars/all/vault new file mode 100644 index 0000000..4645252 --- /dev/null +++ b/ansible/group_vars/all/vault @@ -0,0 +1,2 @@ +vault_raft_group_name: "homelab" +vault_unseal_token: 8f2aceff5fcf8452a65a281709b6d6398e9d788dacf78a500c4be64545230a88 diff --git a/ansible/group_vars/production b/ansible/group_vars/production new file mode 100644 index 0000000..54b6f22 --- /dev/null +++ b/ansible/group_vars/production @@ -0,0 +1,6 @@ +domain: + name: ducamps.win +consul_bootstrap_expect: 3 +consul_domain: "consul" +nomad_bootstrap_expect: 3 +vault_unseal_keys_dir_output: "~/vaultUnseal/production" diff --git a/ansible/group_vars/staging b/ansible/group_vars/staging index d539a99..f07223c 100644 --- a/ansible/group_vars/staging +++ b/ansible/group_vars/staging @@ -1,4 +1,8 @@ +domain: + name: ducamps-dev.win systemd_mounts: [] systemd_mounts_enabled: [] consul_bootstrap_expect: 2 +consul_domain: "consul" nomad_bootstrap_expect: 2 +vault_unseal_keys_dir_output: "~/vaultUnseal/staging" diff --git a/ansible/group_vars/wireguard b/ansible/group_vars/wireguard deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/production b/ansible/production index a08828c..ba5847c 100644 --- a/ansible/production +++ b/ansible/production @@ -1,3 +1,22 @@ +[DNS] +gerard + +[dhcp] +gerard + +[database] +oscar +bleys + +[rsyncd] +oscar +bleys + +[wireguard:children] +production + + + [homelab] oscar bleys @@ -7,23 +26,14 @@ gerard corwin merlin -[DNS] -gerard +[region:children] +homelab +VPS +production -[dhcp] -gerard - -[wireguard] +[production] corwin oscar merlin gerard bleys - -[database] -oscar -bleys - -[rsyncd] -oscar -bleys diff --git a/ansible/staging b/ansible/staging index faeb8d4..ad06426 100644 --- a/ansible/staging +++ b/ansible/staging @@ -1,10 +1,3 @@ -[homelab] -oscar-dev -gerard-dev - -[VPS] -merlin-dev - [DNS] oscar-dev @@ -14,6 +7,18 @@ oscar-dev [wireguard:children] staging +[homelab] +oscar-dev +gerard-dev + +[VPS] +merlin-dev + +[region:children] +homelab +VPS +staging + [staging] oscar-dev gerard-dev