blob: e5c4611dba70ccce30c130fd4860ba11524160a1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
---
# -- <misc> --
timezone: "America/Los_Angeles"
# -- </misc> --
# -- <target_user> --
ansible_user: serve
# -- </target_user> --
# -- <networking> --
loadbalancer_ip: "10.128.0.200"
homelab_network: "10.128.0.0/16"
swarm_network: "10.0.0.0/8"
docker_network: "172.16.0.0/12"
headnet_network: "100.64.0.0/10"
rfc1918_cgnat_networks:
- 10.0.0.0/8
- "{{ docker_network }}"
- 192.168.0.0/16
- "{{ headnet_network }}"
# -- </networking> --
# -- <shared_services> --
domain: "liz.coffee"
idm_domain: "idm.{{ domain }}"
headscale_host: "vpn.{{ domain }}"
headscale_nodes_domain: "in.{{ domain }}"
mail_domain: "mail.{{ domain }}"
oci_domain: "oci.{{ domain }}"
passwd_domain: "passwd.{{ domain }}"
oauth_proxy_domain: "fwdauth.{{ domain }}"
outbound_domain: "outbound.{{ domain }}"
# -- </shared_services> --
# -- <docker> --
docker_gid: 995
# -- </docker> --
# -- <notifcation_email> --
info_mail_user: "info"
info_mail: "{{ info_mail_user }}@{{ domain }}"
# see secret for info mail password
# -- </notifcation_email> --
# -- <certs> --
traextor_base: "{{ swarm_base }}/traextor"
letsencrypt_certs: "{{ traextor_base }}/volumes/certs/letsencrypt"
# -- </certs> --
# -- <region_build> --
# first deployment?
homelab_build: false
#homelab_build: true
# -- </region_build> --
# -- <unique_deployment> --
deployment_time: "{{ now(utc=true,fmt='%s') }}"
# -- </unique_deployment> --
# -- <groups> --
admins: "coffee_admins@{{ idm_domain }}"
# -- </groups> --
# -- <keys> --
me_lizcoffee_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRHu3h9mDjQyFbojcxGKW0hPUDfgUmb2WCzd4Dv2qISM3GGt9LjD8o0IbWRNaTf5UyId5lu7wNHtygs5ZDfUVnlfxrI1CmoExuqkYFjy+R9Cu0x1J2w7+MrKPBd5akLCuKTTnXbyv79T0tLb07rCpGHojW8HH6wdDtg0siVqsPqZVTjg7WGbBYqiqlA5p8s+V9xN1q8lTOZrRI0PdgoU8W+1oIr9OHSG1ZeUBQx60izTEwMnWBxY2aA8SQolIVvsJCcMMc/EAnaz/rdJ5IkeqXGslIhUI7WCPHnPWN8CSdwMOLi5BNaOAK7Y2FkfKTUlO7I52BL87Cl3YpMxR0mTDrfSJTSp0B3ZAbUIXDA7biSh04YLwGQVI799vcyJf355A60btPaiuiBgI0am3h0WxnOACg7K6eV023EiUQ24UjlQ8pufHcJ1oDW8v6LHlp/atCWOl9KQIun9UUg8DD8/BLPprc0wzAV6Nco0ZIedouxZuUhduYYvUrLJ+ICpaZg6oPGitVJPIgyyI+WTfjRN4WTj/Z3Yhuj0RqF8b5ea4FNWuJtfF724t7SVnZsYlZGSCqL8gaEzbIATVe3THn5VwbK+S4ELD/9W6MOd6aZcTOK2yP3jlwjcjnW8sLuX+2qNwtSVVa4o5VsRZU40Da+3flzoBsyUwSE3H2PsFPH29lIQ== lizzy@yubikey"
# -- </keys> --
# -- <mesh> --
mesh:
lucina:
gateway: "10.128.0.44"
domain: "lucina.cloud"
forward_dns: true
split_vpn_dns_to: "10.128.0.44"
private_records: []
public_healthchecks: []
private_healthchecks: []
liz:
gateway: "{{ loadbalancer_ip }}"
domain: "{{ domain }}"
forward_dns: false
split_vpn_dns_to: "{{ loadbalancer_ip }}"
public_healthchecks:
- "https://{{ domain }}"
- "https://{{ idm_domain }}/status"
- "https://{{ headscale_host }}/health"
- "https://fwdauth.{{ domain }}/oauth2/sign_in"
- "https://test.{{ domain }}/"
private_healthchecks:
- "https://bin.{{ domain }}"
- "https://ci.{{ domain }}"
- "https://notes.{{ domain }}"
private_records:
- type: "A"
name: "piplup.{{ domain }}"
ip: "10.128.0.101"
- type: "A"
name: "togepi.{{ domain }}"
ip: "10.128.0.102"
- type: "A"
name: "roton.{{ domain }}"
ip: "10.128.0.103"
- type: "A"
name: "{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "oci.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "ci.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "test.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "bin.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "idm.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "kanban.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "loadbalancer.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "notes.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "passwd.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "pihole.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "proxy.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "src.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "fwdauth.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "swarm.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "traefik.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "prometheus.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
- type: "A"
name: "mon.{{ domain }}"
ip: "{{ loadbalancer_ip }}"
# -- </mesh> --
# -- <logo> --
logo: |
--| |--
--| ~ welcome to ~ |--
--| |--
--| .-. _ .--. .--. |--
--| :.: :_; : .-': .-' |--
--| :.: .-..---. .--. .--. : `; : `;.--. .--. |--
--| :.:_ : :`-'_.' _ ' ..'' .; :: : : :' '_.'' '_.' |--
--| `.__;:_;`.___;:_;`.__.'`.__.':_; :_;`.__.'`.__.' |--
--| |--
--| ~₊˚⊹ ⋆˚✿˖°~ -────୨ৎ────- ~₊˚⊹ ⋆˚✿˖°~ |--
--| ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣀⣀⣀⣀⣀⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ |--
--| ⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⠤⠒⠉⠉⠉⣀⣂⣅⠬⡉⠭⢛⠿⢟⡶⣄⡀⠀⠀⠀⠀ we'll get brewing |--
--| ⠀⠀⠀⠀⠀⠀⠀⣠⠞⠁⠀⣄⢎⢩⢸⢉⣵⡖⢰⣶⣮⢹⣦⣡⢊⢻⡿⣦⠀⠀⠀ right away! |--
--| ⠀⠀⠀⠀⠀⠀⢠⡇⠀⠀⢎⠕⢭⢪⡶⠈⢿⣷⣿⠟⣋⣚⣯⣒⣣⡑⢨⢻⡇⠀⣀⣀⠀⠀⠀ |--
--| ⠀⠀⠀⠀⠀⣀⡼⣧⠀⠄⡊⢼⡩⣾⢌⠳⡜⣉⡠⡜⡞⣵⣊⡧⡠⠝⣣⡾⠁⠀⠻⠿⠗⠀⠀ /) /) (\ (\ |--
--| ⠀⠀⠀⣢⣾⡟⣥⠻⣷⣌⡀⠬⡘⢅⡟⡇⡮⣷⡾⡿⢋⣉⢣⢔⣎⠿⠊⠀⠀⡴⣛⠆⠌⠀⠀ ( . .) (. . ) |--
--| ⠀⢀⣶⡟⣡⣿⣿⣟⢯⣟⢿⣷⣶⣯⣬⣵⣾⣷⣶⡾⠧⠞⠓⠉⠀⠀⠀⢀⠘⠈⠀⠠⢘⡤⠀ ( づ ˚♡︎˖ ⊂ ) |--
--| ⠄⣾⠏⣐⣛⡻⢿⣿⣯⣿⣿⣿⣾⣽⣛⣍⢃⡂⢄⠀⡀⠀⡀⠄⢂⠄⠡⢈⠒⡈⢒⠘⠴⢀⠀ |--
--| ⢰⣿⠀⠈⠻⣜⣄⠈⢙⣾⢿⣿⣿⣿⡿⣜⢣⡜⢢⠁⠄⡐⢠⢉⠂⠌⠀⡀⠄⠐⡀⠄⠐⠀⢐ ___ |--
--| ⠸⣟⠀⡐⡅⠈⠑⠀⠊⠝⠈⢖⡿⠿⣿⣾⡱⢊⠅⡌⡰⢌⢆⠣⠈⢀⠐⠀⠄⠂⠠⡈⠠⣈⡧ (...) |--
--| ⠀⢿⣆⠱⣘⣧⣤⣀⣀⡀⢒⡥⣑⢨⠒⡰⠯⠾⡼⠶⠙⢈⠀⣀⠂⡄⢂⣁⢢⣑⣶⡽⣳⠟⠁ _ \ _ |--
--| ⠀⠀⠻⣧⡜⢹⣿⣿⣿⣿⣿⣿⣿⣿⣷⣦⣴⡀⡀⠀⠛⠺⢿⣶⣿⣾⣷⣿⣿⣿⢟⣵⠏⠀⠀ ('> <') |--
--| ⠀⠀⠀⠈⠿⣶⣉⠻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣧⣤⢀⠀⠀⠈⠉⠙⠻⣯⡷⠟⠁⠀⠀⠀ (v) (v) |--
--| ⠀⠀⠀⠀⠀⠈⠙⠿⣶⣽⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣾⣞⣤⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀\(__w w__)/ |--
--| ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠉⠛⠛⠛⠿⠿⠿⠿⠿⠿⠛⠛⠛⠉⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ |--
--| |--
--| |--
# -- </logo> --
|
