ansible variable: split variable in file

2023-10-29 15:33:24 +01:00 · 2023-10-29 15:33:24 +01:00 · 3770c41d03
commit 3770c41d03
parent 50d43dd44c
15 changed files with 149 additions and 126 deletions
--- a/ansible/group_vars/DNS
+++ b/ansible/group_vars/DNS
@ -13,7 +13,7 @@ pdns_sqlite_databases_locations:

 pdns_rec_config:
  forward-zones:
-    - "consul=127.0.0.1:8600"
+    - "{{ consul_domain }}=127.0.0.1:8600"
    - "ducamps.win=192.168.1.10"
    - "ducamps.eu=192.168.1.10"
  local-address: "{{ ansible_default_ipv4.address }}"
--- a/ansible/group_vars/VPS/mount
+++ b/ansible/group_vars/VPS/mount
@ -0,0 +1,32 @@
+systemd_mounts:
+  diskstation_nomad:
+    share: diskstation.ducamps.win:/volume2/nomad
+    mount: /mnt/diskstation/nomad
+    type: nfs
+    options:
+        - " "
+    automount: true
+  hetzner_storage:
+    share: //u304977.your-storagebox.de/backup
+    mount: /mnt/hetzner/storagebox
+    type: cifs
+    options:
+      - credentials=/etc/creds/hetzner_credentials
+      - uid= 1024
+      - gid= 10
+      - vers=3.0
+      - mfsymlinks
+    automount: true
+
+credentials_files:
+  1:
+      type: smb
+      path: /etc/creds/hetzner_credentials
+      username: u304977
+      password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:hetzner') }}"
+
+
+
+systemd_mounts_enabled:
+  - diskstation_nomad
+  - hetzner_storage
--- a/ansible/group_vars/VPS/vps
+++ b/ansible/group_vars/VPS/vps
@ -42,35 +42,4 @@ nomad_datacenter: hetzner

 consul_server: False
 nomad_server: False
-systemd_mounts:
-  diskstation_nomad:
-    share: diskstation.ducamps.win:/volume2/nomad
-    mount: /mnt/diskstation/nomad
-    type: nfs
-    options:
-        - " "
-    automount: true
-  hetzner_storage:
-    share: //u304977.your-storagebox.de/backup
-    mount: /mnt/hetzner/storagebox
-    type: cifs
-    options:
-      - credentials=/etc/creds/hetzner_credentials
-      - uid= 1024
-      - gid= 10
-      - vers=3.0
-      - mfsymlinks
-    automount: true

-credentials_files:
-  1:
-      type: smb
-      path: /etc/creds/hetzner_credentials
-      username: u304977
-      password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:hetzner') }}"
-
-
-
-systemd_mounts_enabled:
-  - diskstation_nomad
-  - hetzner_storage
--- a/ansible/group_vars/all/all
+++ b/ansible/group_vars/all/all
@ -1,36 +1,6 @@
 ansible_python_interpreter: /usr/bin/python3
-user:
-    name: vincent
-    home: /home/vincent
-    uid: 1024
-    mail: vincent@ducamps.win
-    groups:
-        - docker
-    authorized_keys:
-        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
-        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
-        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
-    privatekey:
-        - keyname: "id_gitea"
-          key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
-
-user_config_repo: "ssh://git@git.{{ domain.name }}:2222/vincent/conf2.git"
-domain:
-    name: ducamps.win
-
 hass_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfVei9iC/Ra5qmSZcLu8z2CTaXCmfn4JSS4o3eu0HhykdYGSqhBTcUDD3/FhcTPQJVFsu1P4Gwqq1dCE+EvaZZRQaMUqVKUpOliThSG6etbImkvqLQQsC1qt+/NqSvfzu2+28A6+YspzuxsViGo7e3Gg9MdwV3LMGh0mcOr/uXb/HIk18sJg5yQpwMfYTj0Wda90nyegcN3F2iZMeauh/aaFJzWcHNakAAewceDYOErU07NhlZgVA2C8HgkJ8HL7AqIVqt9VOx3xLp91DbKTNXSxvyM0X4NQP24P7ZFxAOk/j0AX3hAWhaNmievCHyBWvQve1VshZXFwEIiuHm8q4GSCxK2r0oQudKdtIuQMfuUALigdiSxo522oEiML/2kSk17WsxZwh7SxfD0DKa82fy9iAwcAluWLwJ+yN3nGnDFF/tHYaamSiowpmTTmQ9ycyIPWPLVZclt3BlEt9WH/FPOdzAyY7YLzW9X6jhsU3QwViyaTRGqAdqzUAiflKCMsNzb5kq0oYsDFC+/eqp1USlgTZDhoKtTKRGEjW2KuUlDsXGBeB6w1D8XZxXJXAaHuMh4oMUgLswjLUdTH3oLnnAvfOrl8O66kTkmcQ8i/kr1wDODMy/oNUzs8q4DeRuhD5dpUiTUGYDTWPYj6m6U/GAEHvN/2YEqSgfVff1iQ4VBw==
-
 system_arch_local_mirror: "https://arch.{{domain.name}}/repo/archlinux_$arch"
-
-
 system_sudoers_group: "serverAdmin"
 system_ipV6_disable: True

-user_custom_host:
-  - host: "git.ducamps.win"
-    user: "git"
-    keyfile: "~/.ssh/id_gitea"
-  - host: "gitlab.com"
-    user: "git"
-    keyfile: "~/.ssh/id_consort"
-
--- a/ansible/group_vars/all/consul
+++ b/ansible/group_vars/all/consul
@ -0,0 +1,5 @@
+consul_client_addr: "0.0.0.0"
+consul_datacenter: "homelab"
+consul_backup_location: "/mnt/diskstation/git/backup/consul"
+consul_ansible_group: all
+consul_systemd_resolved_enable: true
--- a/ansible/group_vars/all/mail
+++ b/ansible/group_vars/all/mail
@ -0,0 +1,5 @@
+notification_mail: "{{inventory_hostname}}@{{ domain.name }}"
+msmtp_mailhub: smtp.{{ domain.name }}
+msmtp_auth_user: "{{ user.mail }}"
+msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}"
+
--- a/ansible/group_vars/all/nomad
+++ b/ansible/group_vars/all/nomad
@ -0,0 +1,9 @@
+nomad_docker_allow_caps: 
+  - NET_ADMIN
+  - NET_BROADCAST
+  - NET_RAW
+nomad_vault_enabled: true
+nomad_vault_address: "http://active.vault.service.{{consul_domain}}:8200"
+nomad_vault_role: "nomad-cluster"
+nomad_vault_token: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:nomad_vault_token') }}"
+
--- a/ansible/group_vars/all/server
+++ b/ansible/group_vars/all/server
@ -1,43 +0,0 @@
-consul_client_addr: "0.0.0.0"
-consul_datacenter: "homelab"
-consul_backup_location: "/mnt/diskstation/git/backup/consul"
-consul_ansible_group: all
-consul_bootstrap_expect: 3
-consul_systemd_resolved_enable: true
-nomad_docker_allow_caps: 
-  - NET_ADMIN
-  - NET_BROADCAST
-  - NET_RAW
-nomad_vault_enabled: true
-nomad_vault_address: "http://active.vault.service.consul:8200"
-nomad_vault_role: "nomad-cluster"
-nomad_vault_token: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:nomad_vault_token') }}"
-nomad_bootstrap_expect: 3
-notification_mail: "{{inventory_hostname}}@{{ domain.name }}"
-msmtp_mailhub: smtp.{{ domain.name }}
-msmtp_auth_user: "{{ user.mail }}"
-msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}"
-
-system_user:
-    - name: drone-deploy
-      home: /home/drone-deploy
-      shell: /bin/bash
-      privatekey:
-        - keyname: id_gitea
-          key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
-
-
-      authorized_keys: 
-        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
-
-    - name: ansible
-      home: /home/ansible
-      shell: /bin/bash
-
-    - name: root
-      home: /root
-      privatekey:
-        - keyname: id_gitea
-          key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
-
-
--- a/ansible/group_vars/all/users
+++ b/ansible/group_vars/all/users
@ -0,0 +1,49 @@
+user:
+    name: vincent
+    home: /home/vincent
+    uid: 1024
+    mail: vincent@ducamps.win
+    groups:
+        - docker
+    authorized_keys:
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
+    privatekey:
+        - keyname: "id_gitea"
+          key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
+
+
+
+system_user:
+    - name: drone-deploy
+      home: /home/drone-deploy
+      shell: /bin/bash
+      privatekey:
+        - keyname: id_gitea
+          key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
+
+
+      authorized_keys: 
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
+
+    - name: ansible
+      home: /home/ansible
+      shell: /bin/bash
+
+    - name: root
+      home: /root
+      privatekey:
+        - keyname: id_gitea
+          key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
+
+
+user_custom_host:
+  - host: "git.ducamps.win"
+    user: "git"
+    keyfile: "~/.ssh/id_gitea"
+  - host: "gitlab.com"
+    user: "git"
+    keyfile: "~/.ssh/id_consort"
+
+user_config_repo: "ssh://git@git.{{ domain.name }}:2222/vincent/conf2.git"
--- a/ansible/group_vars/all/vault
+++ b/ansible/group_vars/all/vault
@ -0,0 +1,2 @@
+vault_raft_group_name: "homelab"
+vault_unseal_token: 8f2aceff5fcf8452a65a281709b6d6398e9d788dacf78a500c4be64545230a88
--- a/ansible/group_vars/production
+++ b/ansible/group_vars/production
@ -0,0 +1,6 @@
+domain:
+  name: ducamps.win
+consul_bootstrap_expect: 3
+consul_domain: "consul"
+nomad_bootstrap_expect: 3
+vault_unseal_keys_dir_output: "~/vaultUnseal/production"
--- a/ansible/group_vars/staging
+++ b/ansible/group_vars/staging
@ -1,4 +1,8 @@
+domain:
+  name: ducamps-dev.win
 systemd_mounts: []
 systemd_mounts_enabled: []
 consul_bootstrap_expect: 2
+consul_domain: "consul"
 nomad_bootstrap_expect: 2
+vault_unseal_keys_dir_output: "~/vaultUnseal/staging"
--- a/ansible/group_vars/wireguard
+++ b/ansible/group_vars/wireguard
--- a/ansible/production
+++ b/ansible/production
@ -1,3 +1,22 @@
+[DNS]
+gerard
+
+[dhcp]
+gerard
+
+[database]
+oscar
+bleys
+
+[rsyncd]
+oscar
+bleys
+
+[wireguard:children]
+production
+
+
+
 [homelab]
 oscar
 bleys
@ -7,23 +26,14 @@ gerard
 corwin
 merlin

-[DNS]
-gerard
+[region:children]
+homelab
+VPS
+production

-[dhcp]
-gerard
-
-[wireguard]
+[production]
 corwin
 oscar
 merlin
 gerard
 bleys
-
-[database]
-oscar
-bleys
-
-[rsyncd]
-oscar
-bleys
--- a/ansible/staging
+++ b/ansible/staging
@ -1,10 +1,3 @@
-[homelab]
-oscar-dev
-gerard-dev
-
-[VPS]
-merlin-dev
-
 [DNS]
 oscar-dev

@ -14,6 +7,18 @@ oscar-dev
 [wireguard:children]
 staging

+[homelab]
+oscar-dev
+gerard-dev
+
+[VPS]
+merlin-dev
+
+[region:children]
+homelab
+VPS
+staging
+
 [staging]
 oscar-dev
 gerard-dev