From 76af5e5e55fce3912608722cd5f774c215f34c1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= Date: Thu, 8 Feb 2024 13:27:52 +0100 Subject: refactor(vars): flatten group_vars and host_vars files --- group_vars/all.yml | 84 ++++++++++++++++++++++++++++++++++ group_vars/all/main.yml | 57 ----------------------- group_vars/all/secrets.yml | 1 - group_vars/workstations.yml | 3 ++ group_vars/workstations/main.yml | 3 -- host_vars/ams-dcontroller-01.yml | 78 +++++++++++++++++++++++++++++++ host_vars/ams-dcontroller-01/main.yml | 46 ------------------- host_vars/localhost.yml | 8 ++++ host_vars/localhost/main.yml | 8 ---- host_vars/wstation-think-01.yml | 5 ++ host_vars/wstation-think-01/main.yml | 5 -- host_vars/wstation-xps-01.yml/main.yml | 5 ++ host_vars/wstation-xps-01/main.yml | 5 -- 13 files changed, 183 insertions(+), 125 deletions(-) create mode 100644 group_vars/all.yml delete mode 100644 group_vars/all/main.yml delete mode 120000 group_vars/all/secrets.yml create mode 100644 group_vars/workstations.yml delete mode 100644 group_vars/workstations/main.yml create mode 100644 host_vars/ams-dcontroller-01.yml delete mode 100644 host_vars/ams-dcontroller-01/main.yml create mode 100644 host_vars/localhost.yml delete mode 100644 host_vars/localhost/main.yml create mode 100644 host_vars/wstation-think-01.yml delete mode 100644 host_vars/wstation-think-01/main.yml create mode 100644 host_vars/wstation-xps-01.yml/main.yml delete mode 100644 host_vars/wstation-xps-01/main.yml diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..ca98ea6 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,84 @@ +--- + +# ansible overrides + +ansible_hostname: "{{ ansible_host }}" +ansible_become_method: su +ansible_port: 22 + +# custom variables +# secrets and globals + +__ip: + external: + internal: + +__services: {} +__users: "{{ __secrets__users }}" +__domain_name: rgoncalves.se + +__global_domain_controller: dc0 +__global_domain_name_hosts: owo +__global_domain_name_servers: + - 8.8.8.8 + - 1.1.1.1 + +__global_services: + - name: ssh + protocol: tcp + port: 22 + + - name: healthcheck + protocol: tcp + port: 8000 + is_public: true + +# roles overrides + +httpd__log_format: forwarded + +wireguard_domain_controller: "{{ __global_domain_controller }}" +relayd__domain_name: "{{ __domain_name }}" +acme__rules: "[ + {% for rule in __services if 'domain' in rule %} + {{ {'domain': rule.domain} }}, + {% endfor %} + ]" +pf__rules: "[ + {% for rule in __services if + 'port' in rule and 'protocol' in rule and 'name' in rule %} + {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }}, + {% endfor %} + ]" +relayd__rules: "[ + {% for rule in __services if + 'domain' in rule and 'port' in rule %} + {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }}, + {% endfor %} + ]" +httpd__rules: "[ + {% for rule in __services if + 'domain' in rule and 'port' in rule %} + {{ { + 'name': rule.name, + 'domain': rule.domain, + 'port': rule.port, + 'extra': rule.extra if rule.extra is defined else {} + } }}, + {% endfor %} + ]" + +unix_users__users: "[ + {% for user in __users %} + {{ { + 'username': user.username, + 'comment': user.firstname + ' ' + user.lastname + } }}, + {% endfor %} + ]" + +sshd_keys__users: "[ + {% for user in __users %} + {{ user.username }}, + {% endfor %} + ]" diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml deleted file mode 100644 index 35abefd..0000000 --- a/group_vars/all/main.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- - -# ansible overrides - -ansible_hostname: "{{ ansible_host }}" -ansible_become_method: su - -# roles overrides - -wireguard_domain_controller: "{{ __global_domain_controller }}" -relayd_domain_name: "{{ __domain_name }}" -nfsclient_server: stack0 -httpd_use_nfs: true -acme_rules: "[ - {% for rule in __services if 'domain' in rule %} - {{ {'domain': rule.domain} }}, - {% endfor %} - ]" -pf_rules: "[ - {% for rule in __services if - 'port' in rule and 'protocol' in rule and 'name' in rule %} - {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }}, - {% endfor %} - ]" -relayd_rules: "[ - {% for rule in __services if - 'domain' in rule and 'port' in rule %} - {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }}, - {% endfor %} - ]" - -# playbook specific - -__is_vm: false - -__ip: - external: - internal: - -__services: {} -__domain_name: rgoncalves.se - -__global_domain_controller: dc0 -__global_domain_name_hosts: owo -__global_domain_name_servers: - - 8.8.8.8 - - 1.1.1.1 - -__global_services: - - name: ssh - protocol: tcp - port: 22 - - - name: healthcheck - protocol: tcp - port: 8000 - is_public: true diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml deleted file mode 120000 index 6ea8863..0000000 --- a/group_vars/all/secrets.yml +++ /dev/null @@ -1 +0,0 @@ -../../../secrets/ansible/group_vars/all.yml \ No newline at end of file diff --git a/group_vars/workstations.yml b/group_vars/workstations.yml new file mode 100644 index 0000000..87adb6e --- /dev/null +++ b/group_vars/workstations.yml @@ -0,0 +1,3 @@ +--- + +sshd__listen_port: 71 diff --git a/group_vars/workstations/main.yml b/group_vars/workstations/main.yml deleted file mode 100644 index 09a770c..0000000 --- a/group_vars/workstations/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -sshd_listen_port: 71 diff --git a/host_vars/ams-dcontroller-01.yml b/host_vars/ams-dcontroller-01.yml new file mode 100644 index 0000000..0c319d6 --- /dev/null +++ b/host_vars/ams-dcontroller-01.yml @@ -0,0 +1,78 @@ +--- + +ansible_host: 46.23.91.150 + +git_dir: /var/www/data/git +sshd__listen_port: "{{ ansible_port }}" +relayd__connected_hosts: servers +acme_connected_hosts: servers + +cgit_listen_port: 8002 +cgit_domain_name: git.rgoncalves.se +cgit_favicon_url: "https://{{ __domain_name }}/img/favicon.ico" +cgit_logo_url: "https://{{ __domain_name }}/img/favicon.ico" +cgit_css_url: "https://{{ __domain_name }}/style/cgit.css" +cgit_description: development hub +cgit_readme_url: https://{{ __domain_name }}" + +nextcloud__listen_port: 8003 +nextcloud__domain_name: cloud.rgoncalves.se + +__ip: + external: 46.23.91.150 + internal: 10.10.0.1 + +__services: + - name: ssh + protocol: tcp + port: "{{ ansible_port }}" + + - name: wireguard + protocol: udp + port: 53 + + - name: http + protocol: tcp + port: 80 + + - name: https + protocol: tcp + port: 443 + + - name: site + domain: rgoncalves.se + protocol: tcp + port: 8001 + extra: + type: static + + - name: git + domain: "{{ cgit_domain_name }}" + protocol: tcp + port: "{{ cgit_listen_port }}" + + - name: nextcloud + domain: "{{ nextcloud__domain_name }}" + protocol: tcp + port: "{{ nextcloud__listen_port }}" + + - name: melpiat + domain: melpiat.com + protocol: tcp + port: 8004 + extra: + type: static + + - name: sousleciel + domain: sousleciel.lol + protocol: tcp + port: 8005 + extra: + type: static + + - name: healthcheck + domain: owo.rgoncalves.se + protocol: tcp + port: 8006 + extra: + type: static diff --git a/host_vars/ams-dcontroller-01/main.yml b/host_vars/ams-dcontroller-01/main.yml deleted file mode 100644 index 2c7461a..0000000 --- a/host_vars/ams-dcontroller-01/main.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- - -ansible_port: 71 - -httpd_use_nfs: false -git_dir: /var/www/data/git -sshd_listen_port: "{{ ansible_port }}" -relayd_connected_hosts: servers -acme_connected_hosts: servers - -cgit_listen_port: 1235 -cgit_domain_name: git.rgoncalves.se -cgit_favicon_url: "https://{{ __domain_name }}/img/favicon.ico" -cgit_logo_url: "https://{{ __domain_name }}/img/favicon.ico" -cgit_css_url: "https://{{ __domain_name }}/style/cgit.css" -cgit_description: development hub -cgit_readme_url: https://{{ __domain_name }}" - -__is_vm: true - -__ip: - external: 185.203.114.234 - internal: 10.10.0.1 - -__services: - - name: ssh - protocol: tcp - port: 22 - - - name: wireguard - protocol: udp - port: 53 - - - name: http - domain: rgoncalves.se - protocol: tcp - port: 80 - - - name: https - protocol: tcp - port: 443 - - - name: git - domain: "{{ cgit_domain_name }}" - protocol: tcp - port: "{{ cgit_listen_port }}" diff --git a/host_vars/localhost.yml b/host_vars/localhost.yml new file mode 100644 index 0000000..2947445 --- /dev/null +++ b/host_vars/localhost.yml @@ -0,0 +1,8 @@ +--- + +ansible_host: 127.0.0.1 +ansible_connection: local + +__ip: + external: 127.0.0.1 + internal: 127.0.0.1 diff --git a/host_vars/localhost/main.yml b/host_vars/localhost/main.yml deleted file mode 100644 index 2947445..0000000 --- a/host_vars/localhost/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -ansible_host: 127.0.0.1 -ansible_connection: local - -__ip: - external: 127.0.0.1 - internal: 127.0.0.1 diff --git a/host_vars/wstation-think-01.yml b/host_vars/wstation-think-01.yml new file mode 100644 index 0000000..c1a5ef7 --- /dev/null +++ b/host_vars/wstation-think-01.yml @@ -0,0 +1,5 @@ +--- + +__ip: + external: dhcp + internal: 10.10.0.82 diff --git a/host_vars/wstation-think-01/main.yml b/host_vars/wstation-think-01/main.yml deleted file mode 100644 index c1a5ef7..0000000 --- a/host_vars/wstation-think-01/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -__ip: - external: dhcp - internal: 10.10.0.82 diff --git a/host_vars/wstation-xps-01.yml/main.yml b/host_vars/wstation-xps-01.yml/main.yml new file mode 100644 index 0000000..bf2e0c8 --- /dev/null +++ b/host_vars/wstation-xps-01.yml/main.yml @@ -0,0 +1,5 @@ +--- + +__ip: + external: dhcp + internal: 10.10.0.81 diff --git a/host_vars/wstation-xps-01/main.yml b/host_vars/wstation-xps-01/main.yml deleted file mode 100644 index bf2e0c8..0000000 --- a/host_vars/wstation-xps-01/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -__ip: - external: dhcp - internal: 10.10.0.81 -- cgit v1.2.3