diff options
| author | Romain Gonçalves <me@rgoncalves.se> | 2024-02-08 13:27:52 +0100 |
|---|---|---|
| committer | Romain Gonçalves <me@rgoncalves.se> | 2024-02-08 13:33:36 +0100 |
| commit | 76af5e5e55fce3912608722cd5f774c215f34c1d (patch) | |
| tree | f374d762e1f3c45b03a52d23617382a979f00238 /group_vars | |
| parent | bd3aa9905be222f5198d7f56e4f1ee0f59b477e8 (diff) | |
| download | rules-76af5e5e55fce3912608722cd5f774c215f34c1d.tar.gz | |
refactor(vars): flatten group_vars and host_vars files
Diffstat (limited to 'group_vars')
| -rw-r--r-- | group_vars/all.yml (renamed from group_vars/all/main.yml) | 81 | ||||
| l--------- | group_vars/all/secrets.yml | 1 | ||||
| -rw-r--r-- | group_vars/workstations.yml | 3 | ||||
| -rw-r--r-- | group_vars/workstations/main.yml | 3 |
4 files changed, 57 insertions, 31 deletions
diff --git a/group_vars/all/main.yml b/group_vars/all.yml index 35abefd..ca98ea6 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all.yml @@ -4,40 +4,17 @@ ansible_hostname: "{{ ansible_host }}" ansible_become_method: su +ansible_port: 22 -# roles overrides - -wireguard_domain_controller: "{{ __global_domain_controller }}" -relayd_domain_name: "{{ __domain_name }}" -nfsclient_server: stack0 -httpd_use_nfs: true -acme_rules: "[ - {% for rule in __services if 'domain' in rule %} - {{ {'domain': rule.domain} }}, - {% endfor %} - ]" -pf_rules: "[ - {% for rule in __services if - 'port' in rule and 'protocol' in rule and 'name' in rule %} - {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }}, - {% endfor %} - ]" -relayd_rules: "[ - {% for rule in __services if - 'domain' in rule and 'port' in rule %} - {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }}, - {% endfor %} - ]" - -# playbook specific - -__is_vm: false +# custom variables +# secrets and globals __ip: external: internal: __services: {} +__users: "{{ __secrets__users }}" __domain_name: rgoncalves.se __global_domain_controller: dc0 @@ -55,3 +32,53 @@ __global_services: protocol: tcp port: 8000 is_public: true + +# roles overrides + +httpd__log_format: forwarded + +wireguard_domain_controller: "{{ __global_domain_controller }}" +relayd__domain_name: "{{ __domain_name }}" +acme__rules: "[ + {% for rule in __services if 'domain' in rule %} + {{ {'domain': rule.domain} }}, + {% endfor %} + ]" +pf__rules: "[ + {% for rule in __services if + 'port' in rule and 'protocol' in rule and 'name' in rule %} + {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }}, + {% endfor %} + ]" +relayd__rules: "[ + {% for rule in __services if + 'domain' in rule and 'port' in rule %} + {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }}, + {% endfor %} + ]" +httpd__rules: "[ + {% for rule in __services if + 'domain' in rule and 'port' in rule %} + {{ { + 'name': rule.name, + 'domain': rule.domain, + 'port': rule.port, + 'extra': rule.extra if rule.extra is defined else {} + } }}, + {% endfor %} + ]" + +unix_users__users: "[ + {% for user in __users %} + {{ { + 'username': user.username, + 'comment': user.firstname + ' ' + user.lastname + } }}, + {% endfor %} + ]" + +sshd_keys__users: "[ + {% for user in __users %} + {{ user.username }}, + {% endfor %} + ]" diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml deleted file mode 120000 index 6ea8863..0000000 --- a/group_vars/all/secrets.yml +++ /dev/null @@ -1 +0,0 @@ -../../../secrets/ansible/group_vars/all.yml
\ No newline at end of file diff --git a/group_vars/workstations.yml b/group_vars/workstations.yml new file mode 100644 index 0000000..87adb6e --- /dev/null +++ b/group_vars/workstations.yml @@ -0,0 +1,3 @@ +--- + +sshd__listen_port: 71 diff --git a/group_vars/workstations/main.yml b/group_vars/workstations/main.yml deleted file mode 100644 index 09a770c..0000000 --- a/group_vars/workstations/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -sshd_listen_port: 71 |