diff --git a/ansible/group_vars/NAS/main b/ansible/group_vars/NAS/main index 5c35545..d11e145 100644 --- a/ansible/group_vars/NAS/main +++ b/ansible/group_vars/NAS/main @@ -1,4 +1,4 @@ -nfs_cluster_list: "{% for server in groups['all']%}{{hostvars[server]['inventory_hostname']}}(rw,async,insecure_locks,sec=sys,anonuid=1000001,anongid=100) {%endfor%}" +nfs_cluster_list: "{% for server in groups['all']%}{{ hostvars[server]['inventory_hostname'] }}.{{ nfs_domain_name }}(rw,async,insecure_locks,sec=sys,anonuid=1000001,anongid=100) {%endfor%}" nfs_exports: @@ -8,4 +8,6 @@ nfs_exports: - "/var/local/volume1/photo {{nfs_cluster_list}}" - "/var/local/volume1/ebook {{nfs_cluster_list}}" - "/var/local/volume1/git {{nfs_cluster_list}}" - + - "/var/local/volume1/archMirror {{nfs_cluster_list}}" + - "/var/local/volume1/homes/admin {{nfs_cluster_list}}" + - "/var/local/volume1/CardDav {{nfs_cluster_list}}" diff --git a/ansible/group_vars/all/server b/ansible/group_vars/all/server new file mode 100644 index 0000000..9604dfe --- /dev/null +++ b/ansible/group_vars/all/server @@ -0,0 +1,42 @@ +consul_client_addr: "0.0.0.0" +consul_datacenter: "homelab" +consul_backup_location: "/mnt/diskstation/git/backup/consul" +consul_ansible_group: all +consul_bootstrap_expect: 3 +nomad_docker_allow_caps: + - NET_ADMIN + - NET_BROADCAST + - NET_RAW +nomad_vault_enabled: true +nomad_vault_address: "http://active.vault.service.consul:8200" +nomad_vault_role: "nomad-cluster" +nomad_vault_token: "{{ lookup('hashi_vault','secret=secrets/data/ansible/hashistack:nomad_vault_token') }}" +nomad_bootstrap_expect: 3 +notification_mail: "{{inventory_hostname}}@{{ domain_name }}" +msmtp_mailhub: smtp.{{ domain_name }} +msmtp_auth_user: "{{ user.mail }}" +msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}" + +system_user: + - name: drone-deploy + home: /home/drone-deploy + shell: /bin/bash + privatekey: + - keyname: id_gitea + key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" + + + authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar + + - name: ansible + home: /home/ansible + shell: /bin/bash + + - name: root + home: /root + privatekey: + - keyname: id_gitea + key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" + + diff --git a/ansible/group_vars/production b/ansible/group_vars/production index 5840fd7..c877722 100644 --- a/ansible/group_vars/production +++ b/ansible/group_vars/production @@ -1,10 +1,10 @@ -<<<<<<< HEAD domain: name: ducamps.eu consul_bootstrap_expect: 3 consul_domain: "consul" nomad_bootstrap_expect: 3 vault_unseal_keys_dir_output: "~/vaultUnseal/production" +nfs_domain_name: {{ domain_name}} env_default_nfs_path: "/volume2" env_media_nfs_path: "/volume1" env_automount: true diff --git a/ansible/group_vars/staging b/ansible/group_vars/staging index 84a48f0..39a5ba7 100644 --- a/ansible/group_vars/staging +++ b/ansible/group_vars/staging @@ -1,4 +1,3 @@ -<<<<<<< HEAD domain: name: ducamps-dev.win #systemd_mounts: [] @@ -7,6 +6,7 @@ consul_bootstrap_expect: 2 consul_domain: "consul" nomad_bootstrap_expect: 2 vault_unseal_keys_dir_output: "~/vaultUnseal/staging" +nfs_domain_name: "lxd" hosts_entries: - ip: "{{ hostvars['nas-dev']['ansible_default_ipv4']['address'] }}" name: diskstation.ducamps.win diff --git a/ansible/playbooks/server.yml b/ansible/playbooks/server.yml index ea10028..2327a12 100644 --- a/ansible/playbooks/server.yml +++ b/ansible/playbooks/server.yml @@ -23,5 +23,4 @@ loop_var: create roles: - system - - autofs - cronie diff --git a/ansible/staging b/ansible/staging index 9663b6f..fcfb9e2 100644 --- a/ansible/staging +++ b/ansible/staging @@ -33,4 +33,3 @@ oscar-dev gerard-dev merlin-dev nas-dev -