refactor(vars): flatten group_vars and host_vars files

author: Romain Gonçalves <me@rgoncalves.se> 2024-02-08 13:27:52 +0100
committer: Romain Gonçalves <me@rgoncalves.se> 2024-02-08 13:33:36 +0100
commit: 76af5e5e55fce3912608722cd5f774c215f34c1d (patch)
tree: f374d762e1f3c45b03a52d23617382a979f00238
parent: bd3aa9905be222f5198d7f56e4f1ee0f59b477e8 (diff)
download: rules-76af5e5e55fce3912608722cd5f774c215f34c1d.tar.gz
9 files changed, 135 insertions, 77 deletions
diff --git a/group_vars/all/main.yml b/group_vars/all.yml
index 35abefd..ca98ea6 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all.yml
@@ -4,40 +4,17 @@
 
 ansible_hostname: "{{ ansible_host }}"
 ansible_become_method: su
+ansible_port: 22
 
-# roles overrides
-
-wireguard_domain_controller: "{{ __global_domain_controller }}"
-relayd_domain_name: "{{ __domain_name }}"
-nfsclient_server: stack0
-httpd_use_nfs: true
-acme_rules: "[
-    {% for rule in __services if 'domain' in rule %}
-    {{ {'domain': rule.domain} }},
-    {% endfor %}
-  ]"
-pf_rules: "[
-    {% for rule in __services if
-        'port' in rule and 'protocol' in rule and 'name' in rule %}
-    {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }},
-    {% endfor %}
-  ]"
-relayd_rules: "[
-    {% for rule in __services if
-        'domain' in rule and 'port' in rule %}
-    {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }},
-    {% endfor %}
-  ]"
-
-# playbook specific
-
-__is_vm: false
+# custom variables
+# secrets and globals
 
 __ip:
   external:
   internal:
 
 __services: {}
+__users: "{{ __secrets__users }}"
 __domain_name: rgoncalves.se
 
 __global_domain_controller: dc0
@@ -55,3 +32,53 @@ __global_services:
     protocol: tcp
     port: 8000
     is_public: true
+
+# roles overrides
+
+httpd__log_format: forwarded
+
+wireguard_domain_controller: "{{ __global_domain_controller }}"
+relayd__domain_name: "{{ __domain_name }}"
+acme__rules: "[
+    {% for rule in __services if 'domain' in rule %}
+    {{ {'domain': rule.domain} }},
+    {% endfor %}
+  ]"
+pf__rules: "[
+    {% for rule in __services if
+        'port' in rule and 'protocol' in rule and 'name' in rule %}
+    {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }},
+    {% endfor %}
+  ]"
+relayd__rules: "[
+    {% for rule in __services if
+        'domain' in rule and 'port' in rule %}
+    {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }},
+    {% endfor %}
+  ]"
+httpd__rules: "[
+    {% for rule in __services if
+        'domain' in rule and 'port' in rule %}
+    {{ {
+        'name': rule.name,
+        'domain': rule.domain,
+        'port': rule.port,
+        'extra': rule.extra if rule.extra is defined else {}
+    } }},
+    {% endfor %}
+  ]"
+
+unix_users__users: "[
+    {% for user in __users %}
+    {{ {
+        'username': user.username,
+        'comment': user.firstname + ' ' + user.lastname
+    } }},
+    {% endfor %}
+  ]"
+
+sshd_keys__users: "[
+    {% for user in __users %}
+      {{ user.username }},
+    {% endfor %}
+  ]"
diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml
deleted file mode 120000
index 6ea8863..0000000
--- a/group_vars/all/secrets.yml
+++ /dev/null
@@ -1 +0,0 @@
-../../../secrets/ansible/group_vars/all.yml
-\ No newline at end of file
diff --git a/group_vars/workstations.yml b/group_vars/workstations.yml
new file mode 100644
index 0000000..87adb6e
--- /dev/null
+++ b/group_vars/workstations.yml
@@ -0,0 +1,3 @@
+---
+
+sshd__listen_port: 71
diff --git a/group_vars/workstations/main.yml b/group_vars/workstations/main.yml
deleted file mode 100644
index 09a770c..0000000
--- a/group_vars/workstations/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-sshd_listen_port: 71
diff --git a/host_vars/ams-dcontroller-01.yml b/host_vars/ams-dcontroller-01.yml
new file mode 100644
index 0000000..0c319d6
--- /dev/null
+++ b/host_vars/ams-dcontroller-01.yml
@@ -0,0 +1,78 @@
+---
+
+ansible_host: 46.23.91.150
+
+git_dir: /var/www/data/git
+sshd__listen_port: "{{ ansible_port }}"
+relayd__connected_hosts: servers
+acme_connected_hosts: servers
+
+cgit_listen_port: 8002
+cgit_domain_name: git.rgoncalves.se
+cgit_favicon_url: "https://{{ __domain_name }}/img/favicon.ico"
+cgit_logo_url: "https://{{ __domain_name }}/img/favicon.ico"
+cgit_css_url: "https://{{ __domain_name }}/style/cgit.css"
+cgit_description: development hub
+cgit_readme_url: https://{{ __domain_name }}"
+
+nextcloud__listen_port: 8003
+nextcloud__domain_name: cloud.rgoncalves.se
+
+__ip:
+  external: 46.23.91.150
+  internal: 10.10.0.1
+
+__services:
+  - name: ssh
+    protocol: tcp
+    port: "{{ ansible_port }}"
+
+  - name: wireguard
+    protocol: udp
+    port: 53
+
+  - name: http
+    protocol: tcp
+    port: 80
+
+  - name: https
+    protocol: tcp
+    port: 443
+
+  - name: site
+    domain: rgoncalves.se
+    protocol: tcp
+    port: 8001
+    extra:
+      type: static
+
+  - name: git
+    domain: "{{ cgit_domain_name }}"
+    protocol: tcp
+    port: "{{ cgit_listen_port }}"
+
+  - name: nextcloud
+    domain: "{{ nextcloud__domain_name }}"
+    protocol: tcp
+    port: "{{ nextcloud__listen_port }}"
+
+  - name: melpiat
+    domain: melpiat.com
+    protocol: tcp
+    port: 8004
+    extra:
+      type: static
+
+  - name: sousleciel
+    domain: sousleciel.lol
+    protocol: tcp
+    port: 8005
+    extra:
+      type: static
+
+  - name: healthcheck
+    domain: owo.rgoncalves.se
+    protocol: tcp
+    port: 8006
+    extra:
+      type: static
diff --git a/host_vars/ams-dcontroller-01/main.yml b/host_vars/ams-dcontroller-01/main.yml
deleted file mode 100644
index 2c7461a..0000000
--- a/host_vars/ams-dcontroller-01/main.yml
+++ /dev/null
@@ -1,46 +0,0 @@
----
-
-ansible_port: 71
-
-httpd_use_nfs: false
-git_dir: /var/www/data/git
-sshd_listen_port: "{{ ansible_port }}"
-relayd_connected_hosts: servers
-acme_connected_hosts: servers
-
-cgit_listen_port: 1235
-cgit_domain_name: git.rgoncalves.se
-cgit_favicon_url: "https://{{ __domain_name }}/img/favicon.ico"
-cgit_logo_url: "https://{{ __domain_name }}/img/favicon.ico"
-cgit_css_url: "https://{{ __domain_name }}/style/cgit.css"
-cgit_description: development hub
-cgit_readme_url: https://{{ __domain_name }}"
-
-__is_vm: true
-
-__ip:
-  external: 185.203.114.234
-  internal: 10.10.0.1
-
-__services:
-  - name: ssh
-    protocol: tcp
-    port: 22
-
-  - name: wireguard
-    protocol: udp
-    port: 53
-
-  - name: http
-    domain: rgoncalves.se
-    protocol: tcp
-    port: 80
-
-  - name: https
-    protocol: tcp
-    port: 443
-
-  - name: git
-    domain: "{{ cgit_domain_name }}"
-    protocol: tcp
-    port: "{{ cgit_listen_port }}"
diff --git a/host_vars/localhost/main.yml b/host_vars/localhost.yml
index 2947445..2947445 100644
--- a/host_vars/localhost/main.yml
+++ b/host_vars/localhost.yml
diff --git a/host_vars/wstation-think-01/main.yml b/host_vars/wstation-think-01.yml
index c1a5ef7..c1a5ef7 100644
--- a/host_vars/wstation-think-01/main.yml
+++ b/host_vars/wstation-think-01.yml
diff --git a/host_vars/wstation-xps-01/main.yml b/host_vars/wstation-xps-01.yml/main.yml
index bf2e0c8..bf2e0c8 100644
--- a/host_vars/wstation-xps-01/main.yml
+++ b/host_vars/wstation-xps-01.yml/main.yml
author	Romain Gonçalves <me@rgoncalves.se>	2024-02-08 13:27:52 +0100
committer	Romain Gonçalves <me@rgoncalves.se>	2024-02-08 13:33:36 +0100
commit	76af5e5e55fce3912608722cd5f774c215f34c1d (patch)
tree	f374d762e1f3c45b03a52d23617382a979f00238
parent	bd3aa9905be222f5198d7f56e4f1ee0f59b477e8 (diff)
download	rules-76af5e5e55fce3912608722cd5f774c215f34c1d.tar.gz