aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRomain Gonçalves <me@rgoncalves.se>2024-02-08 13:27:52 +0100
committerRomain Gonçalves <me@rgoncalves.se>2024-02-08 13:33:36 +0100
commit76af5e5e55fce3912608722cd5f774c215f34c1d (patch)
treef374d762e1f3c45b03a52d23617382a979f00238
parentbd3aa9905be222f5198d7f56e4f1ee0f59b477e8 (diff)
downloadrules-76af5e5e55fce3912608722cd5f774c215f34c1d.tar.gz
refactor(vars): flatten group_vars and host_vars files
-rw-r--r--group_vars/all.yml (renamed from group_vars/all/main.yml)81
l---------group_vars/all/secrets.yml1
-rw-r--r--group_vars/workstations.yml3
-rw-r--r--group_vars/workstations/main.yml3
-rw-r--r--host_vars/ams-dcontroller-01.yml78
-rw-r--r--host_vars/ams-dcontroller-01/main.yml46
-rw-r--r--host_vars/localhost.yml (renamed from host_vars/localhost/main.yml)0
-rw-r--r--host_vars/wstation-think-01.yml (renamed from host_vars/wstation-think-01/main.yml)0
-rw-r--r--host_vars/wstation-xps-01.yml/main.yml (renamed from host_vars/wstation-xps-01/main.yml)0
9 files changed, 135 insertions, 77 deletions
diff --git a/group_vars/all/main.yml b/group_vars/all.yml
index 35abefd..ca98ea6 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all.yml
@@ -4,40 +4,17 @@
ansible_hostname: "{{ ansible_host }}"
ansible_become_method: su
+ansible_port: 22
-# roles overrides
-
-wireguard_domain_controller: "{{ __global_domain_controller }}"
-relayd_domain_name: "{{ __domain_name }}"
-nfsclient_server: stack0
-httpd_use_nfs: true
-acme_rules: "[
- {% for rule in __services if 'domain' in rule %}
- {{ {'domain': rule.domain} }},
- {% endfor %}
- ]"
-pf_rules: "[
- {% for rule in __services if
- 'port' in rule and 'protocol' in rule and 'name' in rule %}
- {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }},
- {% endfor %}
- ]"
-relayd_rules: "[
- {% for rule in __services if
- 'domain' in rule and 'port' in rule %}
- {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }},
- {% endfor %}
- ]"
-
-# playbook specific
-
-__is_vm: false
+# custom variables
+# secrets and globals
__ip:
external:
internal:
__services: {}
+__users: "{{ __secrets__users }}"
__domain_name: rgoncalves.se
__global_domain_controller: dc0
@@ -55,3 +32,53 @@ __global_services:
protocol: tcp
port: 8000
is_public: true
+
+# roles overrides
+
+httpd__log_format: forwarded
+
+wireguard_domain_controller: "{{ __global_domain_controller }}"
+relayd__domain_name: "{{ __domain_name }}"
+acme__rules: "[
+ {% for rule in __services if 'domain' in rule %}
+ {{ {'domain': rule.domain} }},
+ {% endfor %}
+ ]"
+pf__rules: "[
+ {% for rule in __services if
+ 'port' in rule and 'protocol' in rule and 'name' in rule %}
+ {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }},
+ {% endfor %}
+ ]"
+relayd__rules: "[
+ {% for rule in __services if
+ 'domain' in rule and 'port' in rule %}
+ {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }},
+ {% endfor %}
+ ]"
+httpd__rules: "[
+ {% for rule in __services if
+ 'domain' in rule and 'port' in rule %}
+ {{ {
+ 'name': rule.name,
+ 'domain': rule.domain,
+ 'port': rule.port,
+ 'extra': rule.extra if rule.extra is defined else {}
+ } }},
+ {% endfor %}
+ ]"
+
+unix_users__users: "[
+ {% for user in __users %}
+ {{ {
+ 'username': user.username,
+ 'comment': user.firstname + ' ' + user.lastname
+ } }},
+ {% endfor %}
+ ]"
+
+sshd_keys__users: "[
+ {% for user in __users %}
+ {{ user.username }},
+ {% endfor %}
+ ]"
diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml
deleted file mode 120000
index 6ea8863..0000000
--- a/group_vars/all/secrets.yml
+++ /dev/null
@@ -1 +0,0 @@
-../../../secrets/ansible/group_vars/all.yml \ No newline at end of file
diff --git a/group_vars/workstations.yml b/group_vars/workstations.yml
new file mode 100644
index 0000000..87adb6e
--- /dev/null
+++ b/group_vars/workstations.yml
@@ -0,0 +1,3 @@
+---
+
+sshd__listen_port: 71
diff --git a/group_vars/workstations/main.yml b/group_vars/workstations/main.yml
deleted file mode 100644
index 09a770c..0000000
--- a/group_vars/workstations/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-sshd_listen_port: 71
diff --git a/host_vars/ams-dcontroller-01.yml b/host_vars/ams-dcontroller-01.yml
new file mode 100644
index 0000000..0c319d6
--- /dev/null
+++ b/host_vars/ams-dcontroller-01.yml
@@ -0,0 +1,78 @@
+---
+
+ansible_host: 46.23.91.150
+
+git_dir: /var/www/data/git
+sshd__listen_port: "{{ ansible_port }}"
+relayd__connected_hosts: servers
+acme_connected_hosts: servers
+
+cgit_listen_port: 8002
+cgit_domain_name: git.rgoncalves.se
+cgit_favicon_url: "https://{{ __domain_name }}/img/favicon.ico"
+cgit_logo_url: "https://{{ __domain_name }}/img/favicon.ico"
+cgit_css_url: "https://{{ __domain_name }}/style/cgit.css"
+cgit_description: development hub
+cgit_readme_url: https://{{ __domain_name }}"
+
+nextcloud__listen_port: 8003
+nextcloud__domain_name: cloud.rgoncalves.se
+
+__ip:
+ external: 46.23.91.150
+ internal: 10.10.0.1
+
+__services:
+ - name: ssh
+ protocol: tcp
+ port: "{{ ansible_port }}"
+
+ - name: wireguard
+ protocol: udp
+ port: 53
+
+ - name: http
+ protocol: tcp
+ port: 80
+
+ - name: https
+ protocol: tcp
+ port: 443
+
+ - name: site
+ domain: rgoncalves.se
+ protocol: tcp
+ port: 8001
+ extra:
+ type: static
+
+ - name: git
+ domain: "{{ cgit_domain_name }}"
+ protocol: tcp
+ port: "{{ cgit_listen_port }}"
+
+ - name: nextcloud
+ domain: "{{ nextcloud__domain_name }}"
+ protocol: tcp
+ port: "{{ nextcloud__listen_port }}"
+
+ - name: melpiat
+ domain: melpiat.com
+ protocol: tcp
+ port: 8004
+ extra:
+ type: static
+
+ - name: sousleciel
+ domain: sousleciel.lol
+ protocol: tcp
+ port: 8005
+ extra:
+ type: static
+
+ - name: healthcheck
+ domain: owo.rgoncalves.se
+ protocol: tcp
+ port: 8006
+ extra:
+ type: static
diff --git a/host_vars/ams-dcontroller-01/main.yml b/host_vars/ams-dcontroller-01/main.yml
deleted file mode 100644
index 2c7461a..0000000
--- a/host_vars/ams-dcontroller-01/main.yml
+++ /dev/null
@@ -1,46 +0,0 @@
----
-
-ansible_port: 71
-
-httpd_use_nfs: false
-git_dir: /var/www/data/git
-sshd_listen_port: "{{ ansible_port }}"
-relayd_connected_hosts: servers
-acme_connected_hosts: servers
-
-cgit_listen_port: 1235
-cgit_domain_name: git.rgoncalves.se
-cgit_favicon_url: "https://{{ __domain_name }}/img/favicon.ico"
-cgit_logo_url: "https://{{ __domain_name }}/img/favicon.ico"
-cgit_css_url: "https://{{ __domain_name }}/style/cgit.css"
-cgit_description: development hub
-cgit_readme_url: https://{{ __domain_name }}"
-
-__is_vm: true
-
-__ip:
- external: 185.203.114.234
- internal: 10.10.0.1
-
-__services:
- - name: ssh
- protocol: tcp
- port: 22
-
- - name: wireguard
- protocol: udp
- port: 53
-
- - name: http
- domain: rgoncalves.se
- protocol: tcp
- port: 80
-
- - name: https
- protocol: tcp
- port: 443
-
- - name: git
- domain: "{{ cgit_domain_name }}"
- protocol: tcp
- port: "{{ cgit_listen_port }}"
diff --git a/host_vars/localhost/main.yml b/host_vars/localhost.yml
index 2947445..2947445 100644
--- a/host_vars/localhost/main.yml
+++ b/host_vars/localhost.yml
diff --git a/host_vars/wstation-think-01/main.yml b/host_vars/wstation-think-01.yml
index c1a5ef7..c1a5ef7 100644
--- a/host_vars/wstation-think-01/main.yml
+++ b/host_vars/wstation-think-01.yml
diff --git a/host_vars/wstation-xps-01/main.yml b/host_vars/wstation-xps-01.yml/main.yml
index bf2e0c8..bf2e0c8 100644
--- a/host_vars/wstation-xps-01/main.yml
+++ b/host_vars/wstation-xps-01.yml/main.yml
remember that computers suck.