feat: ansible-vault with gopass + granular host_vars and group_vars

2 files changed, 58 insertions, 0 deletions

diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
new file mode 100644
index 0000000..35abefd
--- /dev/null
+++ b/group_vars/all/main.yml
@@ -0,0 +1,57 @@
+---
+
+# ansible overrides
+
+ansible_hostname: "{{ ansible_host }}"
+ansible_become_method: su
+
+# roles overrides
+
+wireguard_domain_controller: "{{ __global_domain_controller }}"
+relayd_domain_name: "{{ __domain_name }}"
+nfsclient_server: stack0
+httpd_use_nfs: true
+acme_rules: "[
+    {% for rule in __services if 'domain' in rule %}
+    {{ {'domain': rule.domain} }},
+    {% endfor %}
+  ]"
+pf_rules: "[
+    {% for rule in __services if
+        'port' in rule and 'protocol' in rule and 'name' in rule %}
+    {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }},
+    {% endfor %}
+  ]"
+relayd_rules: "[
+    {% for rule in __services if
+        'domain' in rule and 'port' in rule %}
+    {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }},
+    {% endfor %}
+  ]"
+
+# playbook specific
+
+__is_vm: false
+
+__ip:
+  external:
+  internal:
+
+__services: {}
+__domain_name: rgoncalves.se
+
+__global_domain_controller: dc0
+__global_domain_name_hosts: owo
+__global_domain_name_servers:
+  - 8.8.8.8
+  - 1.1.1.1
+
+__global_services:
+  - name: ssh
+    protocol: tcp
+    port: 22
+
+  - name: healthcheck
+    protocol: tcp
+    port: 8000
+    is_public: true
diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml
new file mode 120000
index 0000000..6ea8863
--- /dev/null
+++ b/group_vars/all/secrets.yml
@@ -0,0 +1 @@
+../../../secrets/ansible/group_vars/all.yml
\ No newline at end of file