From 35498e61b26112b56dac4cdda213ebd69bca30b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= Date: Sun, 2 Apr 2023 11:44:08 +0200 Subject: feat: ansible-vault with gopass + granular host_vars and group_vars --- group_vars/all.yml | 57 ---------------------------------------- group_vars/all/main.yml | 57 ++++++++++++++++++++++++++++++++++++++++ group_vars/all/secrets.yml | 1 + group_vars/workstations.yml | 3 --- group_vars/workstations/main.yml | 3 +++ 5 files changed, 61 insertions(+), 60 deletions(-) delete mode 100644 group_vars/all.yml create mode 100644 group_vars/all/main.yml create mode 120000 group_vars/all/secrets.yml delete mode 100644 group_vars/workstations.yml create mode 100644 group_vars/workstations/main.yml (limited to 'group_vars') diff --git a/group_vars/all.yml b/group_vars/all.yml deleted file mode 100644 index 35abefd..0000000 --- a/group_vars/all.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- - -# ansible overrides - -ansible_hostname: "{{ ansible_host }}" -ansible_become_method: su - -# roles overrides - -wireguard_domain_controller: "{{ __global_domain_controller }}" -relayd_domain_name: "{{ __domain_name }}" -nfsclient_server: stack0 -httpd_use_nfs: true -acme_rules: "[ - {% for rule in __services if 'domain' in rule %} - {{ {'domain': rule.domain} }}, - {% endfor %} - ]" -pf_rules: "[ - {% for rule in __services if - 'port' in rule and 'protocol' in rule and 'name' in rule %} - {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }}, - {% endfor %} - ]" -relayd_rules: "[ - {% for rule in __services if - 'domain' in rule and 'port' in rule %} - {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }}, - {% endfor %} - ]" - -# playbook specific - -__is_vm: false - -__ip: - external: - internal: - -__services: {} -__domain_name: rgoncalves.se - -__global_domain_controller: dc0 -__global_domain_name_hosts: owo -__global_domain_name_servers: - - 8.8.8.8 - - 1.1.1.1 - -__global_services: - - name: ssh - protocol: tcp - port: 22 - - - name: healthcheck - protocol: tcp - port: 8000 - is_public: true diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml new file mode 100644 index 0000000..35abefd --- /dev/null +++ b/group_vars/all/main.yml @@ -0,0 +1,57 @@ +--- + +# ansible overrides + +ansible_hostname: "{{ ansible_host }}" +ansible_become_method: su + +# roles overrides + +wireguard_domain_controller: "{{ __global_domain_controller }}" +relayd_domain_name: "{{ __domain_name }}" +nfsclient_server: stack0 +httpd_use_nfs: true +acme_rules: "[ + {% for rule in __services if 'domain' in rule %} + {{ {'domain': rule.domain} }}, + {% endfor %} + ]" +pf_rules: "[ + {% for rule in __services if + 'port' in rule and 'protocol' in rule and 'name' in rule %} + {{ {'name': rule.name, 'port': rule.port, 'protocol': rule.protocol} }}, + {% endfor %} + ]" +relayd_rules: "[ + {% for rule in __services if + 'domain' in rule and 'port' in rule %} + {{ {'name': rule.name, 'domain': rule.domain, 'port': rule.port} }}, + {% endfor %} + ]" + +# playbook specific + +__is_vm: false + +__ip: + external: + internal: + +__services: {} +__domain_name: rgoncalves.se + +__global_domain_controller: dc0 +__global_domain_name_hosts: owo +__global_domain_name_servers: + - 8.8.8.8 + - 1.1.1.1 + +__global_services: + - name: ssh + protocol: tcp + port: 22 + + - name: healthcheck + protocol: tcp + port: 8000 + is_public: true diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml new file mode 120000 index 0000000..6ea8863 --- /dev/null +++ b/group_vars/all/secrets.yml @@ -0,0 +1 @@ +../../../secrets/ansible/group_vars/all.yml \ No newline at end of file diff --git a/group_vars/workstations.yml b/group_vars/workstations.yml deleted file mode 100644 index 09a770c..0000000 --- a/group_vars/workstations.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -sshd_listen_port: 71 diff --git a/group_vars/workstations/main.yml b/group_vars/workstations/main.yml new file mode 100644 index 0000000..09a770c --- /dev/null +++ b/group_vars/workstations/main.yml @@ -0,0 +1,3 @@ +--- + +sshd_listen_port: 71 -- cgit v1.2.3