aboutsummaryrefslogtreecommitdiffstats
path: root/group_vars
diff options
context:
space:
mode:
authorRomain Gonçalves <me@rgoncalves.se>2024-02-08 13:27:52 +0100
committerRomain Gonçalves <me@rgoncalves.se>2024-02-08 13:33:36 +0100
commit76af5e5e55fce3912608722cd5f774c215f34c1d (patch)
treef374d762e1f3c45b03a52d23617382a979f00238 /group_vars
parentbd3aa9905be222f5198d7f56e4f1ee0f59b477e8 (diff)
downloadrules-76af5e5e55fce3912608722cd5f774c215f34c1d.tar.gz
refactor(vars): flatten group_vars and host_vars files
Diffstat (limited to 'group_vars')
-rw-r--r--group_vars/all.yml (renamed from group_vars/all/main.yml)81
l---------group_vars/all/secrets.yml1
-rw-r--r--group_vars/workstations.yml3
-rw-r--r--group_vars/workstations/main.yml3
4 files changed, 57 insertions, 31 deletions
diff --git a/group_vars/all/main.yml b/group_vars/all.yml
index 35abefd..ca98ea6 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all.yml
@@ -4,40 +4,17 @@
ansible_hostname: "{{ ansible_host }}"
ansible_become_method: su
+ansible_port: 22
-# roles overrides
-
-wireguard_domain_controller: "{{ __global_domain_controller }}"
-relayd_domain_name: "{{ __domain_name }}"
-nfsclient_server: stack0
-httpd_use_nfs: true
-acme_rules: "[
- {% for rule in __services if 'domain' in rule %}
- {{ {'domain': rule.domain} }},
- {% endfor %}
- ]"
-pf_rules: "[
- {% for rule in __services if
- 'port' in rule and 'protocol' in rule and 'name' in rule %}
- {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }},
- {% endfor %}
- ]"
-relayd_rules: "[
- {% for rule in __services if
- 'domain' in rule and 'port' in rule %}
- {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }},
- {% endfor %}
- ]"
-
-# playbook specific
-
-__is_vm: false
+# custom variables
+# secrets and globals
__ip:
external:
internal:
__services: {}
+__users: "{{ __secrets__users }}"
__domain_name: rgoncalves.se
__global_domain_controller: dc0
@@ -55,3 +32,53 @@ __global_services:
protocol: tcp
port: 8000
is_public: true
+
+# roles overrides
+
+httpd__log_format: forwarded
+
+wireguard_domain_controller: "{{ __global_domain_controller }}"
+relayd__domain_name: "{{ __domain_name }}"
+acme__rules: "[
+ {% for rule in __services if 'domain' in rule %}
+ {{ {'domain': rule.domain} }},
+ {% endfor %}
+ ]"
+pf__rules: "[
+ {% for rule in __services if
+ 'port' in rule and 'protocol' in rule and 'name' in rule %}
+ {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }},
+ {% endfor %}
+ ]"
+relayd__rules: "[
+ {% for rule in __services if
+ 'domain' in rule and 'port' in rule %}
+ {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }},
+ {% endfor %}
+ ]"
+httpd__rules: "[
+ {% for rule in __services if
+ 'domain' in rule and 'port' in rule %}
+ {{ {
+ 'name': rule.name,
+ 'domain': rule.domain,
+ 'port': rule.port,
+ 'extra': rule.extra if rule.extra is defined else {}
+ } }},
+ {% endfor %}
+ ]"
+
+unix_users__users: "[
+ {% for user in __users %}
+ {{ {
+ 'username': user.username,
+ 'comment': user.firstname + ' ' + user.lastname
+ } }},
+ {% endfor %}
+ ]"
+
+sshd_keys__users: "[
+ {% for user in __users %}
+ {{ user.username }},
+ {% endfor %}
+ ]"
diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml
deleted file mode 120000
index 6ea8863..0000000
--- a/group_vars/all/secrets.yml
+++ /dev/null
@@ -1 +0,0 @@
-../../../secrets/ansible/group_vars/all.yml \ No newline at end of file
diff --git a/group_vars/workstations.yml b/group_vars/workstations.yml
new file mode 100644
index 0000000..87adb6e
--- /dev/null
+++ b/group_vars/workstations.yml
@@ -0,0 +1,3 @@
+---
+
+sshd__listen_port: 71
diff --git a/group_vars/workstations/main.yml b/group_vars/workstations/main.yml
deleted file mode 100644
index 09a770c..0000000
--- a/group_vars/workstations/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-sshd_listen_port: 71
remember that computers suck.