diff options
Diffstat (limited to 'group_vars')
| -rw-r--r-- | group_vars/all.yml | 93 | ||||
| -rw-r--r-- | group_vars/ceph.yml | 1 | ||||
| -rw-r--r-- | group_vars/labdns.yml | 20 | ||||
| -rw-r--r-- | group_vars/oci.yml | 4 | ||||
| -rw-r--r-- | group_vars/outbound.yml | 13 | ||||
| -rw-r--r-- | group_vars/src.yml | 2 |
6 files changed, 109 insertions, 24 deletions
diff --git a/group_vars/all.yml b/group_vars/all.yml index 717a983..74f626e 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,36 +1,115 @@ --- -# first deployment? -homelab_build: false -#homelab_build: true +# -- <misc> -- +timezone: "America/Los_Angeles" +# -- </misc> -- +# -- <target_user> -- ansible_user: serve +# -- </target_user> -- +# -- <networking> -- loadbalancer_ip: "10.128.0.200" -homelab_network: "10.0.0.0/8" +homelab_network: "10.128.0.0/16" +swarm_network: "10.0.0.0/16" docker_network: "172.16.0.0/12" headnet_network: "100.64.0.0/10" rfc1918_cgnat_networks: - - "{{ homelab_network }}" + - 10.0.0.0/8 - "{{ docker_network }}" - 192.168.0.0/16 - "{{ headnet_network }}" +# -- </networking> -- -timezone: "America/Los_Angeles" - +# -- <shared_services> -- domain: "liz.coffee" idm_domain: "idm.{{ domain }}" headscale_host: "vpn.{{ domain }}" mail_domain: "mail.{{ domain }}" oci_domain: "oci.{{ domain }}" passwd_domain: "passwd.{{ domain }}" +# -- </shared_services> -- +# -- <notifcation_email> -- info_mail_user: "info" info_mail: "{{ info_mail_user }}@{{ domain }}" +# see secret for info mail password +# -- </notifcation_email> -- +# -- <certs> -- traextor_base: "{{ swarm_base }}/traextor" letsencrypt_certs: "{{ traextor_base }}/volumes/certs/letsencrypt" +# -- </certs> -- +# -- <region_build> -- +# first deployment? +homelab_build: false +#homelab_build: true +# -- </region_build> -- + +# -- <unique_deployment> -- deployment_time: "{{ now(utc=true,fmt='%s') }}" +# -- </unique_deployment> -- +# -- <keys> -- me_lizcoffee_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRHu3h9mDjQyFbojcxGKW0hPUDfgUmb2WCzd4Dv2qISM3GGt9LjD8o0IbWRNaTf5UyId5lu7wNHtygs5ZDfUVnlfxrI1CmoExuqkYFjy+R9Cu0x1J2w7+MrKPBd5akLCuKTTnXbyv79T0tLb07rCpGHojW8HH6wdDtg0siVqsPqZVTjg7WGbBYqiqlA5p8s+V9xN1q8lTOZrRI0PdgoU8W+1oIr9OHSG1ZeUBQx60izTEwMnWBxY2aA8SQolIVvsJCcMMc/EAnaz/rdJ5IkeqXGslIhUI7WCPHnPWN8CSdwMOLi5BNaOAK7Y2FkfKTUlO7I52BL87Cl3YpMxR0mTDrfSJTSp0B3ZAbUIXDA7biSh04YLwGQVI799vcyJf355A60btPaiuiBgI0am3h0WxnOACg7K6eV023EiUQ24UjlQ8pufHcJ1oDW8v6LHlp/atCWOl9KQIun9UUg8DD8/BLPprc0wzAV6Nco0ZIedouxZuUhduYYvUrLJ+ICpaZg6oPGitVJPIgyyI+WTfjRN4WTj/Z3Yhuj0RqF8b5ea4FNWuJtfF724t7SVnZsYlZGSCqL8gaEzbIATVe3THn5VwbK+S4ELD/9W6MOd6aZcTOK2yP3jlwjcjnW8sLuX+2qNwtSVVa4o5VsRZU40Da+3flzoBsyUwSE3H2PsFPH29lIQ== lizzy@yubikey" +# -- </keys> -- + +# -- <mesh> -- +mesh: + lucina: + gateway: "10.128.0.44" + domain: "lucina.cloud" + forward_dns: true + private_records: [] + liz: + gateway: "{{ loadbalancer_ip }}" + domain: "{{ domain }}" + forward_dns: false + private_records: + - type: "A" + name: "oci.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "ci.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "test.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "bin.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "ci.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "idm.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "kanban.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "loadbalancer.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "notes.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "passwd.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "pihole.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "proxy.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "src.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "swarm.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" + name: "traefik.{{ domain }}" + ip: "{{ loadbalancer_ip }}" +# -- </mesh> -- diff --git a/group_vars/ceph.yml b/group_vars/ceph.yml index 5c985ca..a3d406f 100644 --- a/group_vars/ceph.yml +++ b/group_vars/ceph.yml @@ -1,6 +1,5 @@ --- -# ceph_secret: <keep it safe in the vault> cephfs_name: cephfs ceph_mon_host: "[v2:10.128.0.101:3300/0,v1:10.128.0.101:6789/0] [v2:10.128.0.103:3300/0,v1:10.128.0.103:6789/0] [v2:10.128.0.102:3300/0,v1:10.128.0.102:6789/0]" ceph_fsid: "ee994518-d7f3-4a7b-b148-09dba7f3dd4d" diff --git a/group_vars/labdns.yml b/group_vars/labdns.yml index d0b0c6a..2be9e47 100644 --- a/group_vars/labdns.yml +++ b/group_vars/labdns.yml @@ -2,19 +2,7 @@ labdns_base: "{{ swarm_base }}/labdns" -internal_services: - - oci.{{ domain }} - - ci.{{ domain }} - - test.{{ domain }} - - bin.{{ domain }} - - ci.{{ domain }} - - idm.{{ domain }} - - kanban.{{ domain }} - - loadbalancer.{{ domain }} - - notes.{{ domain }} - - passwd.{{ domain }} - - pihole.{{ domain }} - - proxy.{{ domain }} - - src.{{ domain }} - - swarm.{{ domain }} - - traefik.{{ domain }} +forward_addrs: + - "9.9.9.9@853#dns.quad9.net" + - "1.0.0.1@853#cloudflare-dns.com" + - "1.1.1.1@853#cloudflare-dns.com" diff --git a/group_vars/oci.yml b/group_vars/oci.yml index 7bc2db0..97d130e 100644 --- a/group_vars/oci.yml +++ b/group_vars/oci.yml @@ -1,3 +1,7 @@ --- oci_base: "{{ swarm_base }}/oci" +oci_repos: + - "emprespresso" + +ci_user: "ci" diff --git a/group_vars/outbound.yml b/group_vars/outbound.yml index d9b65bb..759872f 100644 --- a/group_vars/outbound.yml +++ b/group_vars/outbound.yml @@ -19,3 +19,16 @@ auth_key_expiration: '2y' auth_key_user: 'pocketmonsters' oauth_user_suffix: '@idm.{{ domain }}' + +# being in this list just means you'll have access to your own devices. +# the vpn_users oauth claim decides whether or not you're authorized to actually +# use the vpn. +vpn_users: + - liz + - lucina + - riley + +# but... there's no way to membership sync the groups that i know of... D: +vpn_admins: + - liz + - lucina diff --git a/group_vars/src.yml b/group_vars/src.yml index 3d8689a..efad903 100644 --- a/group_vars/src.yml +++ b/group_vars/src.yml @@ -3,3 +3,5 @@ src_domain: src.liz.coffee src_base: "{{ swarm_base }}/src" src_admin_keys: "{{ me_lizcoffee_key }}" + +laminar_host: "laminard:9997" |