diff options
| author | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-05-01 01:33:35 -0700 |
|---|---|---|
| committer | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-05-01 01:33:35 -0700 |
| commit | bbad09e2b15eeca86f83a9d2a97449baf71e326f (patch) | |
| tree | 9d10c3ec94ae11a7cd28131bbcf5d553245006ec /group_vars | |
| download | mmt-infra-bbad09e2b15eeca86f83a9d2a97449baf71e326f.tar.gz mmt-infra-bbad09e2b15eeca86f83a9d2a97449baf71e326f.zip | |
init
Diffstat (limited to 'group_vars')
| -rw-r--r-- | group_vars/all.yml | 14 | ||||
| -rw-r--r-- | group_vars/certbot.yml | 6 | ||||
| -rw-r--r-- | group_vars/host_domains.yml | 9 | ||||
| -rw-r--r-- | group_vars/kanidm.yml | 4 | ||||
| -rw-r--r-- | group_vars/mail.yml | 41 | ||||
| -rw-r--r-- | group_vars/mmt.yml | 8 | ||||
| -rw-r--r-- | group_vars/nginx.yml | 3 | ||||
| -rw-r--r-- | group_vars/wireguard-mesh.yml | 4 |
8 files changed, 89 insertions, 0 deletions
diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..8e21681 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,14 @@ +--- + +dns_servers: + - 1.1.1.1 + - 1.0.0.1 +dns_domains: + - ["mistymountainstherapy.com"] +dns_dnssec: true +dns_stub_listener: false + +rfc1918_networks: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 diff --git a/group_vars/certbot.yml b/group_vars/certbot.yml new file mode 100644 index 0000000..23a10e6 --- /dev/null +++ b/group_vars/certbot.yml @@ -0,0 +1,6 @@ +--- + +cloudflare_credentials_destination: /root/.cloudflare-dns-api-key.ini +certbot_post_hook_dir: /etc/letsencrypt/renewal-hooks/post +certbot_live_dir: /etc/letsencrypt/live +certbot_email: infra@mistymountainstherapy.com diff --git a/group_vars/host_domains.yml b/group_vars/host_domains.yml new file mode 100644 index 0000000..be02f26 --- /dev/null +++ b/group_vars/host_domains.yml @@ -0,0 +1,9 @@ +--- + +host_domains: + www.int.mistymountainstherapy.com: + - www.mistymountainstherapy.com + - mistymountainstherapy.com + mail.int.mistymountainstherapy.com: + - mail.mistymountainstherapy.com + - auth.mistymountainstherapy.com diff --git a/group_vars/kanidm.yml b/group_vars/kanidm.yml new file mode 100644 index 0000000..6d755d4 --- /dev/null +++ b/group_vars/kanidm.yml @@ -0,0 +1,4 @@ +--- + +kanidm_domain: auth.mistymountainstherapy.com +kanidm_bind_address: "{{ lookup('community.general.dig', inventory_hostname) }}" diff --git a/group_vars/mail.yml b/group_vars/mail.yml new file mode 100644 index 0000000..8e7591b --- /dev/null +++ b/group_vars/mail.yml @@ -0,0 +1,41 @@ +--- + +postmaster_email: postmaster@mistymountainstherapy.com + +domain: mistymountainstherapy.com +mail_domain: mail.mistymountainstherapy.com + +ldap_server: "auth.mistymountainstherapy.com" +ldap_server_host: "ldaps://{{ ldap_server }}:3636" +ldap_intranet: > + {{ lookup('community.general.dig', + 'mail.int.mistymountainstherapy.com') }} +ldap_search_base: "dc=auth,dc=mistymountainstherapy,dc=com" +ldap_bind_dn: "dn=token" + +ldap_query_filter_user: "(&(objectClass=posixAccount)(mail=%s))" +ldap_query_filter_group: "(&(objectClass=posixAccount)(|(mail=%s)(uid=%s)))" +ldap_query_filter_alias: "(&(objectClass=posixAccount)(emailalternative=%s))" +ldap_query_filter_domain: "(&(objectClass=posixAccount)(|(mail=%s)(uid=%s)))" +ldap_query_filter_senders: "(&(objectClass=posixAccount)(|(mail=%s)(uid=%s)))" + +sasl_ldap_filter: > + (&(|(uid=%U)(mail=%U))(class=posixAccount) + (memberOf=cn=mail,dc=auth,dc=mistymountainstherapy,dc=com)) + +dovecot_user_filter: > + (&(class=posixAccount)(uid=%u) + (memberOf=cn=mail,dc=auth,dc=mistymountainstherapy,dc=com)) +dovecot_auth_bind_userdn: "uid=%u,dc=auth,dc=mistymountainstherapy,dc=com" +dovecot_user_attrs: "=mail=maildir:~/Maildir,uidNumber=uid,gidNumber=gid" + +roundcube_default_host: "ssl://mail.mistymountainstherapy.com" +roundcube_default_port: 993 +roundcube_smtp_host: "ssl://mail.mistymountainstherapy.com" +roundcube_smtp_port: 465 +roundcube_plugins: "archive,zipdownload,managesieve,markasjunk" + +roundcube_oauth2_auth_uri: "https://auth.mistymountainstherapy.com/ui/oauth2" +roundcube_oauth2_user_uri: > + https://auth.mistymountainstherapy.com/oauth2/openid/roundcube/userinfo +roundcube_oauth2_token_uri: "https://auth.mistymountainstherapy.com/oauth2/token" diff --git a/group_vars/mmt.yml b/group_vars/mmt.yml new file mode 100644 index 0000000..47e3829 --- /dev/null +++ b/group_vars/mmt.yml @@ -0,0 +1,8 @@ +--- + +from_email: "{{ mmt_from_email }}" +hcaptcha_secret: "{{ mmt_hcaptcha_secret }}" +smtp_server: "{{ mmt_smtp_server }}" +smtp_password: "{{ mmt_smtp_password }}" +smtp_username: "{{ mmt_smtp_username }}" +form_to_email: "{{ mmt_form_to_email }}" diff --git a/group_vars/nginx.yml b/group_vars/nginx.yml new file mode 100644 index 0000000..26f919f --- /dev/null +++ b/group_vars/nginx.yml @@ -0,0 +1,3 @@ +--- + +dh_params_src: https://ssl-config.mozilla.org/ffdhe2048.txt diff --git a/group_vars/wireguard-mesh.yml b/group_vars/wireguard-mesh.yml new file mode 100644 index 0000000..e5a7985 --- /dev/null +++ b/group_vars/wireguard-mesh.yml @@ -0,0 +1,4 @@ +--- + +wireguard_listen_port: 51830 +wireguard_subnet: 10.212.0.0/16 |