ansible variable: split variable in file
This commit is contained in:
parent
50d43dd44c
commit
3770c41d03
@ -13,7 +13,7 @@ pdns_sqlite_databases_locations:
|
||||
|
||||
pdns_rec_config:
|
||||
forward-zones:
|
||||
- "consul=127.0.0.1:8600"
|
||||
- "{{ consul_domain }}=127.0.0.1:8600"
|
||||
- "ducamps.win=192.168.1.10"
|
||||
- "ducamps.eu=192.168.1.10"
|
||||
local-address: "{{ ansible_default_ipv4.address }}"
|
||||
|
32
ansible/group_vars/VPS/mount
Normal file
32
ansible/group_vars/VPS/mount
Normal file
@ -0,0 +1,32 @@
|
||||
systemd_mounts:
|
||||
diskstation_nomad:
|
||||
share: diskstation.ducamps.win:/volume2/nomad
|
||||
mount: /mnt/diskstation/nomad
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
hetzner_storage:
|
||||
share: //u304977.your-storagebox.de/backup
|
||||
mount: /mnt/hetzner/storagebox
|
||||
type: cifs
|
||||
options:
|
||||
- credentials=/etc/creds/hetzner_credentials
|
||||
- uid= 1024
|
||||
- gid= 10
|
||||
- vers=3.0
|
||||
- mfsymlinks
|
||||
automount: true
|
||||
|
||||
credentials_files:
|
||||
1:
|
||||
type: smb
|
||||
path: /etc/creds/hetzner_credentials
|
||||
username: u304977
|
||||
password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:hetzner') }}"
|
||||
|
||||
|
||||
|
||||
systemd_mounts_enabled:
|
||||
- diskstation_nomad
|
||||
- hetzner_storage
|
@ -42,35 +42,4 @@ nomad_datacenter: hetzner
|
||||
|
||||
consul_server: False
|
||||
nomad_server: False
|
||||
systemd_mounts:
|
||||
diskstation_nomad:
|
||||
share: diskstation.ducamps.win:/volume2/nomad
|
||||
mount: /mnt/diskstation/nomad
|
||||
type: nfs
|
||||
options:
|
||||
- " "
|
||||
automount: true
|
||||
hetzner_storage:
|
||||
share: //u304977.your-storagebox.de/backup
|
||||
mount: /mnt/hetzner/storagebox
|
||||
type: cifs
|
||||
options:
|
||||
- credentials=/etc/creds/hetzner_credentials
|
||||
- uid= 1024
|
||||
- gid= 10
|
||||
- vers=3.0
|
||||
- mfsymlinks
|
||||
automount: true
|
||||
|
||||
credentials_files:
|
||||
1:
|
||||
type: smb
|
||||
path: /etc/creds/hetzner_credentials
|
||||
username: u304977
|
||||
password: "{{ lookup('hashi_vault','secret=secrets/data/ansible/storage:hetzner') }}"
|
||||
|
||||
|
||||
|
||||
systemd_mounts_enabled:
|
||||
- diskstation_nomad
|
||||
- hetzner_storage
|
@ -1,36 +1,6 @@
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
user:
|
||||
name: vincent
|
||||
home: /home/vincent
|
||||
uid: 1024
|
||||
mail: vincent@ducamps.win
|
||||
groups:
|
||||
- docker
|
||||
authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
|
||||
privatekey:
|
||||
- keyname: "id_gitea"
|
||||
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
|
||||
|
||||
user_config_repo: "ssh://git@git.{{ domain.name }}:2222/vincent/conf2.git"
|
||||
domain:
|
||||
name: ducamps.win
|
||||
|
||||
hass_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfVei9iC/Ra5qmSZcLu8z2CTaXCmfn4JSS4o3eu0HhykdYGSqhBTcUDD3/FhcTPQJVFsu1P4Gwqq1dCE+EvaZZRQaMUqVKUpOliThSG6etbImkvqLQQsC1qt+/NqSvfzu2+28A6+YspzuxsViGo7e3Gg9MdwV3LMGh0mcOr/uXb/HIk18sJg5yQpwMfYTj0Wda90nyegcN3F2iZMeauh/aaFJzWcHNakAAewceDYOErU07NhlZgVA2C8HgkJ8HL7AqIVqt9VOx3xLp91DbKTNXSxvyM0X4NQP24P7ZFxAOk/j0AX3hAWhaNmievCHyBWvQve1VshZXFwEIiuHm8q4GSCxK2r0oQudKdtIuQMfuUALigdiSxo522oEiML/2kSk17WsxZwh7SxfD0DKa82fy9iAwcAluWLwJ+yN3nGnDFF/tHYaamSiowpmTTmQ9ycyIPWPLVZclt3BlEt9WH/FPOdzAyY7YLzW9X6jhsU3QwViyaTRGqAdqzUAiflKCMsNzb5kq0oYsDFC+/eqp1USlgTZDhoKtTKRGEjW2KuUlDsXGBeB6w1D8XZxXJXAaHuMh4oMUgLswjLUdTH3oLnnAvfOrl8O66kTkmcQ8i/kr1wDODMy/oNUzs8q4DeRuhD5dpUiTUGYDTWPYj6m6U/GAEHvN/2YEqSgfVff1iQ4VBw==
|
||||
|
||||
system_arch_local_mirror: "https://arch.{{domain.name}}/repo/archlinux_$arch"
|
||||
|
||||
|
||||
system_sudoers_group: "serverAdmin"
|
||||
system_ipV6_disable: True
|
||||
|
||||
user_custom_host:
|
||||
- host: "git.ducamps.win"
|
||||
user: "git"
|
||||
keyfile: "~/.ssh/id_gitea"
|
||||
- host: "gitlab.com"
|
||||
user: "git"
|
||||
keyfile: "~/.ssh/id_consort"
|
||||
|
||||
|
5
ansible/group_vars/all/consul
Normal file
5
ansible/group_vars/all/consul
Normal file
@ -0,0 +1,5 @@
|
||||
consul_client_addr: "0.0.0.0"
|
||||
consul_datacenter: "homelab"
|
||||
consul_backup_location: "/mnt/diskstation/git/backup/consul"
|
||||
consul_ansible_group: all
|
||||
consul_systemd_resolved_enable: true
|
5
ansible/group_vars/all/mail
Normal file
5
ansible/group_vars/all/mail
Normal file
@ -0,0 +1,5 @@
|
||||
notification_mail: "{{inventory_hostname}}@{{ domain.name }}"
|
||||
msmtp_mailhub: smtp.{{ domain.name }}
|
||||
msmtp_auth_user: "{{ user.mail }}"
|
||||
msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}"
|
||||
|
9
ansible/group_vars/all/nomad
Normal file
9
ansible/group_vars/all/nomad
Normal file
@ -0,0 +1,9 @@
|
||||
nomad_docker_allow_caps:
|
||||
- NET_ADMIN
|
||||
- NET_BROADCAST
|
||||
- NET_RAW
|
||||
nomad_vault_enabled: true
|
||||
nomad_vault_address: "http://active.vault.service.{{consul_domain}}:8200"
|
||||
nomad_vault_role: "nomad-cluster"
|
||||
nomad_vault_token: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:nomad_vault_token') }}"
|
||||
|
@ -1,43 +0,0 @@
|
||||
consul_client_addr: "0.0.0.0"
|
||||
consul_datacenter: "homelab"
|
||||
consul_backup_location: "/mnt/diskstation/git/backup/consul"
|
||||
consul_ansible_group: all
|
||||
consul_bootstrap_expect: 3
|
||||
consul_systemd_resolved_enable: true
|
||||
nomad_docker_allow_caps:
|
||||
- NET_ADMIN
|
||||
- NET_BROADCAST
|
||||
- NET_RAW
|
||||
nomad_vault_enabled: true
|
||||
nomad_vault_address: "http://active.vault.service.consul:8200"
|
||||
nomad_vault_role: "nomad-cluster"
|
||||
nomad_vault_token: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:nomad_vault_token') }}"
|
||||
nomad_bootstrap_expect: 3
|
||||
notification_mail: "{{inventory_hostname}}@{{ domain.name }}"
|
||||
msmtp_mailhub: smtp.{{ domain.name }}
|
||||
msmtp_auth_user: "{{ user.mail }}"
|
||||
msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}"
|
||||
|
||||
system_user:
|
||||
- name: drone-deploy
|
||||
home: /home/drone-deploy
|
||||
shell: /bin/bash
|
||||
privatekey:
|
||||
- keyname: id_gitea
|
||||
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
|
||||
|
||||
|
||||
authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
|
||||
|
||||
- name: ansible
|
||||
home: /home/ansible
|
||||
shell: /bin/bash
|
||||
|
||||
- name: root
|
||||
home: /root
|
||||
privatekey:
|
||||
- keyname: id_gitea
|
||||
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
|
||||
|
||||
|
49
ansible/group_vars/all/users
Normal file
49
ansible/group_vars/all/users
Normal file
@ -0,0 +1,49 @@
|
||||
user:
|
||||
name: vincent
|
||||
home: /home/vincent
|
||||
uid: 1024
|
||||
mail: vincent@ducamps.win
|
||||
groups:
|
||||
- docker
|
||||
authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
|
||||
privatekey:
|
||||
- keyname: "id_gitea"
|
||||
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
|
||||
|
||||
|
||||
|
||||
system_user:
|
||||
- name: drone-deploy
|
||||
home: /home/drone-deploy
|
||||
shell: /bin/bash
|
||||
privatekey:
|
||||
- keyname: id_gitea
|
||||
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
|
||||
|
||||
|
||||
authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
|
||||
|
||||
- name: ansible
|
||||
home: /home/ansible
|
||||
shell: /bin/bash
|
||||
|
||||
- name: root
|
||||
home: /root
|
||||
privatekey:
|
||||
- keyname: id_gitea
|
||||
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
|
||||
|
||||
|
||||
user_custom_host:
|
||||
- host: "git.ducamps.win"
|
||||
user: "git"
|
||||
keyfile: "~/.ssh/id_gitea"
|
||||
- host: "gitlab.com"
|
||||
user: "git"
|
||||
keyfile: "~/.ssh/id_consort"
|
||||
|
||||
user_config_repo: "ssh://git@git.{{ domain.name }}:2222/vincent/conf2.git"
|
2
ansible/group_vars/all/vault
Normal file
2
ansible/group_vars/all/vault
Normal file
@ -0,0 +1,2 @@
|
||||
vault_raft_group_name: "homelab"
|
||||
vault_unseal_token: 8f2aceff5fcf8452a65a281709b6d6398e9d788dacf78a500c4be64545230a88
|
6
ansible/group_vars/production
Normal file
6
ansible/group_vars/production
Normal file
@ -0,0 +1,6 @@
|
||||
domain:
|
||||
name: ducamps.win
|
||||
consul_bootstrap_expect: 3
|
||||
consul_domain: "consul"
|
||||
nomad_bootstrap_expect: 3
|
||||
vault_unseal_keys_dir_output: "~/vaultUnseal/production"
|
@ -1,4 +1,8 @@
|
||||
domain:
|
||||
name: ducamps-dev.win
|
||||
systemd_mounts: []
|
||||
systemd_mounts_enabled: []
|
||||
consul_bootstrap_expect: 2
|
||||
consul_domain: "consul"
|
||||
nomad_bootstrap_expect: 2
|
||||
vault_unseal_keys_dir_output: "~/vaultUnseal/staging"
|
||||
|
@ -1,3 +1,22 @@
|
||||
[DNS]
|
||||
gerard
|
||||
|
||||
[dhcp]
|
||||
gerard
|
||||
|
||||
[database]
|
||||
oscar
|
||||
bleys
|
||||
|
||||
[rsyncd]
|
||||
oscar
|
||||
bleys
|
||||
|
||||
[wireguard:children]
|
||||
production
|
||||
|
||||
|
||||
|
||||
[homelab]
|
||||
oscar
|
||||
bleys
|
||||
@ -7,23 +26,14 @@ gerard
|
||||
corwin
|
||||
merlin
|
||||
|
||||
[DNS]
|
||||
gerard
|
||||
[region:children]
|
||||
homelab
|
||||
VPS
|
||||
production
|
||||
|
||||
[dhcp]
|
||||
gerard
|
||||
|
||||
[wireguard]
|
||||
[production]
|
||||
corwin
|
||||
oscar
|
||||
merlin
|
||||
gerard
|
||||
bleys
|
||||
|
||||
[database]
|
||||
oscar
|
||||
bleys
|
||||
|
||||
[rsyncd]
|
||||
oscar
|
||||
bleys
|
||||
|
@ -1,10 +1,3 @@
|
||||
[homelab]
|
||||
oscar-dev
|
||||
gerard-dev
|
||||
|
||||
[VPS]
|
||||
merlin-dev
|
||||
|
||||
[DNS]
|
||||
oscar-dev
|
||||
|
||||
@ -14,6 +7,18 @@ oscar-dev
|
||||
[wireguard:children]
|
||||
staging
|
||||
|
||||
[homelab]
|
||||
oscar-dev
|
||||
gerard-dev
|
||||
|
||||
[VPS]
|
||||
merlin-dev
|
||||
|
||||
[region:children]
|
||||
homelab
|
||||
VPS
|
||||
staging
|
||||
|
||||
[staging]
|
||||
oscar-dev
|
||||
gerard-dev
|
||||
|
Loading…
Reference in New Issue
Block a user