From bbd265cf9523fe64dcb4cb9088dc18efd7bf8c72 Mon Sep 17 00:00:00 2001 From: Matej Focko Date: Wed, 13 Nov 2024 09:45:54 +0100 Subject: [PATCH] feat: convert inventories and use Ansible Vault Fixes #52 Signed-off-by: Matej Focko --- ansible.cfg | 2 +- defaults/main.yml | 3 +++ group_vars/all/vars | 12 ++++++++++++ group_vars/all/vault | 28 ++++++++++++++++++++++++++++ group_vars/desktops/vars | 15 +++++++++++++++ group_vars/servers/vars | 6 ++++++ group_vars/servers/vault | 7 +++++++ host_vars/ampere/vars | 1 + host_vars/ampere/vault | 6 ++++++ host_vars/hertz/vault | 6 ++++++ host_vars/mountainside/vars | 10 ++++++++++ host_vars/mountainside/vault | 18 ++++++++++++++++++ host_vars/ohm/vault | 6 ++++++ host_vars/pascal/vault | 6 ++++++ host_vars/poincare/vars | 3 +++ host_vars/poincare/vault | 16 ++++++++++++++++ inventory | 16 ++++++++++++++++ inventory/desktops.yml | 23 ----------------------- inventory/global.yml | 9 --------- inventory/servers.yml | 9 --------- inventory/ssh_only.yml | 6 ------ 21 files changed, 160 insertions(+), 48 deletions(-) create mode 100644 group_vars/all/vars create mode 100644 group_vars/all/vault create mode 100644 group_vars/desktops/vars create mode 100644 group_vars/servers/vars create mode 100644 group_vars/servers/vault create mode 100644 host_vars/ampere/vars create mode 100644 host_vars/ampere/vault create mode 100644 host_vars/hertz/vault create mode 100644 host_vars/mountainside/vars create mode 100644 host_vars/mountainside/vault create mode 100644 host_vars/ohm/vault create mode 100644 host_vars/pascal/vault create mode 100644 host_vars/poincare/vars create mode 100644 host_vars/poincare/vault create mode 100644 inventory delete mode 100644 inventory/desktops.yml delete mode 100644 inventory/global.yml delete mode 100644 inventory/servers.yml delete mode 100644 inventory/ssh_only.yml diff --git a/ansible.cfg b/ansible.cfg index d7109f2..b9656f8 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,3 +1,3 @@ [defaults] -inventory = inventory/ +inventory = ./inventory roles_path = roles/ diff --git a/defaults/main.yml b/defaults/main.yml index a4e761f..688651f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -35,6 +35,9 @@ porkbun_secretapikey: None # Public ID tied to the Yubikey OTP yubikey_token_id: None +# Client IP for the ‹wg-admin› VPN +wg_admin_ip: None + # Wireguard connections # List of connections to set up, example: # diff --git a/group_vars/all/vars b/group_vars/all/vars new file mode 100644 index 0000000..a1add04 --- /dev/null +++ b/group_vars/all/vars @@ -0,0 +1,12 @@ +target_user: "mfocko" +target_group: "{{ target_user }}" +gitlab_login: "{{ target_user }}" +fullname: "Matej Focko" +git_email: "{{ vault_git_email }}" +gpg_signingkey: "7C47D46246790496" + +hashicorp_vault_address: "{{ vault_hashicorp_vault_address }}" +vaultwarden_address: "{{ vault_vaultwarden_address }}" + +wg_admin_ip: "{{ vault_wg_admin_ip }}" +wg_connections: "{{ vault_wg_connections }}" diff --git a/group_vars/all/vault b/group_vars/all/vault new file mode 100644 index 0000000..d27f9c4 --- /dev/null +++ b/group_vars/all/vault @@ -0,0 +1,28 @@ +$ANSIBLE_VAULT;1.1;AES256 +63376231613461376465633862633737343864636662306262303530303165623730613833323961 +6233383266366236326435656134656437356539326533390a636631613339373366346338666436 +38633938316237626662666363343230663533633565643838323137306434376539353439306339 +3435623631323865630a333834343066363837643061313063666632383962396435326530633239 +30396561643634396632386433633263323830646463643835626639313139663332653638353862 +33616434363635396462343533656234393662373533666662623763633363636233626436663931 +33633439323531663634613834396330653636353733366336303836646230373165663833363134 +39623339353436373862333736353133353331623239663961313835666166323233643964646138 +34656332663534626636323531333563653263366330346665663739373335356631386562353531 +32613765316661303034616366656462376561363432396663646565353230316238366336376466 +32663264313531393136363832393364616538646131653561653762366430396437396361376132 +66633035663334323762396361326538343032356432333766346538653864313530653162653131 +66383461383036306137343638373831633265303638643366393837373332623538326364643739 +32316464376535643933363935383336663438373132643233346133383232653363373337323634 +36356531623838306262333733306639336538323630656438383836323437373938373139396131 +33643361326362643638306162336132626135393362373431306137383261643335626534353730 +32626630633135656432313737326238343264333465313434633961383166313162656666626639 +34336438353838376530306630326635633262616631653436313739393438663162313265626431 +35333033396265356166356162646462376532616431663530653664323838343833663464653035 +31336436316631616135326233363235303032346161393366323930623430376333636661623737 +39613464653165366230383539366464336639383666636437323337666566613836376537656466 +32346161386163363665373633663961333435613636376165386634366331393835306537323033 +39353963633061616466323636396536643338356361353865313139396135663836636162343165 +65386162343539336437643630323631353230396566616563613865613261383835353862313134 +37336236393862656636376665646466623862633732663833616535373737613538626437303935 +65633539663834333564386638626432316166616630653333326431643231626331666634383236 +393965363664366531313766383735323335 diff --git a/group_vars/desktops/vars b/group_vars/desktops/vars new file mode 100644 index 0000000..3e96827 --- /dev/null +++ b/group_vars/desktops/vars @@ -0,0 +1,15 @@ +sshd_port: 22 +sshd_sign_host_keys: false +sshd_auth_password_authentication: "yes" + +flatpak_apps: + - "com.chatterino.chatterino/{{ ansible_architecture }}/stable" + - com.discordapp.Discord + - com.spotify.Client + # - net.ankiweb.Anki + - org.gnome.DejaDup + - org.mozilla.Thunderbird + # - org.raspberrypi.rpi-imager + - org.telegram.desktop + # - org.x.Warpinator + - org.flameshot.Flameshot diff --git a/group_vars/servers/vars b/group_vars/servers/vars new file mode 100644 index 0000000..e238648 --- /dev/null +++ b/group_vars/servers/vars @@ -0,0 +1,6 @@ +certbot_email: "{{ vault_certbot_email }}" + +host_fqdn: "{{ vault_host_fqdn }}" + +porkbun_apikey: "{{ vault_porkbun_apikey }}" +porkbun_secretapikey: "{{ vault_porkbun_secretapikey }}" diff --git a/group_vars/servers/vault b/group_vars/servers/vault new file mode 100644 index 0000000..74def47 --- /dev/null +++ b/group_vars/servers/vault @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +65363533346631623966613439373365316565326561363833373232633735306538386635306133 +3065663736356532656637623031363737346137633534660a613064316533613063663939303966 +61386430333631656634653431353337396633303165346462306362336534303339383731313037 +3666333931383966320a316565383835323235353230326665636365333330646638366662383937 +30626434663564393239613961333761653661643933303264313530366263616538373832343234 +3030303234623935383262653236393335363834383838316530 diff --git a/host_vars/ampere/vars b/host_vars/ampere/vars new file mode 100644 index 0000000..144a827 --- /dev/null +++ b/host_vars/ampere/vars @@ -0,0 +1 @@ +git_email: mfocko@redhat.com diff --git a/host_vars/ampere/vault b/host_vars/ampere/vault new file mode 100644 index 0000000..4b95343 --- /dev/null +++ b/host_vars/ampere/vault @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +37346330376565653933653934653564643163356637666632393964366632363336353463323432 +3765303739303338326463396635653834396361316331340a326239666464363739363562613233 +30353039313564353866663838626366663064633332313662656238323262393131626462373064 +6566376239356530300a303362633534636565386636393764396362653263323362306264383461 +31363065383436313062336338303762316164663036393533376130643138646237 diff --git a/host_vars/hertz/vault b/host_vars/hertz/vault new file mode 100644 index 0000000..5c42073 --- /dev/null +++ b/host_vars/hertz/vault @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +61353931363939383464363938643136373433643736333361646566393863663136336162643962 +3038666635616462623231656565663764643666663536390a316232623638396239636234376330 +64663638363766343536373236366434356135366435336661393935396161393161626361313662 +6664343835393263310a623439323739666362356335653538646331316331613165393263343039 +34363335393961363265646263653138346563633339653039613831366565326638 diff --git a/host_vars/mountainside/vars b/host_vars/mountainside/vars new file mode 100644 index 0000000..df41936 --- /dev/null +++ b/host_vars/mountainside/vars @@ -0,0 +1,10 @@ +system_sshd_port: 22022 + +certbot_domains: + - mountainside.mfocko.xyz + - '*.mountainside.mfocko.xyz' + +ddns_domain: "mfocko.xyz" +ddns_subdomains: + - mountainside + - '*.mountainside' diff --git a/host_vars/mountainside/vault b/host_vars/mountainside/vault new file mode 100644 index 0000000..d3268fc --- /dev/null +++ b/host_vars/mountainside/vault @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +36636438356436373332646664346661373963643733333236363633643064623636663239383965 +3635646338663966303232306532393934336261646537300a363838643037656339393937366633 +66303139376663626136353838353961626533623031316565393639363538636666633633656532 +6533643435663638380a663565313230326166343431666266663737393032326334633537653763 +39323464636231333931646430313539613332623435323833643763333637643438633431303166 +38386434323565343266663331313664316333373032613238326139333038383134336134316666 +62633364613830323935653839373235376566393863363565376463346263653837643534376333 +32666233613036616366363263353030633966343066623731343763313537373433663266393362 +32376636313465373932633435306363313262613161353234313063396362333732343864373964 +37323333356235336530343761316335623366646536623233353062396439613834663963326230 +33376235626165346530623931663832633363373139323237353664663562336235366538623538 +39636230326639613637653431666564343831663438623738323635343237656463333637306563 +36346131363737613633383763333032373635393730626435343565353065653265653563646562 +38366630373166373266633030323066653866363238323738666137656435653133643336316463 +63666236343534303636643630613838336466623530613436356362333732303666636239663665 +38396166333837393737303138636133323933613932313030386664303865626130626661663337 +35613532613062346435343330633232393038303862326632303033623031306433 diff --git a/host_vars/ohm/vault b/host_vars/ohm/vault new file mode 100644 index 0000000..bd47154 --- /dev/null +++ b/host_vars/ohm/vault @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +39613963623737303136636165366264616163393832663536353438303531326537626530383739 +3635393366636431636232663433616437313037326430340a323865383730653761323939643832 +64613364663265616239333465336232326165633539396538363137303132633064396239643134 +3733353132613664310a393830626335623236626364353530386631396261373731323464656235 +35663438656465626364376335353831613439363335343633613339393733613365 diff --git a/host_vars/pascal/vault b/host_vars/pascal/vault new file mode 100644 index 0000000..fd02177 --- /dev/null +++ b/host_vars/pascal/vault @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +37343037373839623562376137666464336335333264653438343536336365646566383730313439 +3133646234353136353361643261393461643863363533370a326539376438303663323032633938 +35393162346338646464356535373337333364636333623531316638386363626365613962346461 +6435313634376330350a636632373533323762656131336431656266303136373031313932343963 +66323135373033363262613633353731386135646138346265653237343438376462 diff --git a/host_vars/poincare/vars b/host_vars/poincare/vars new file mode 100644 index 0000000..e83844c --- /dev/null +++ b/host_vars/poincare/vars @@ -0,0 +1,3 @@ +certbot_domains: + - mfocko.xyz + - '*.mfocko.xyz' diff --git a/host_vars/poincare/vault b/host_vars/poincare/vault new file mode 100644 index 0000000..094bc81 --- /dev/null +++ b/host_vars/poincare/vault @@ -0,0 +1,16 @@ +$ANSIBLE_VAULT;1.1;AES256 +32373735633265643033656563343839666566353330653231353538646537643363373438636664 +3535373337356161653838653734616431336539623338630a663766393436343964623737663064 +36323130313462306333663932386438613731336163343434333833313065366130313462633532 +6533663439313565310a623161333466376166656630323636366435336334316635623138353761 +36346539646632326166643935623137363964383036373632616466396239346533626239356565 +37613331613238336561326161343163303733393262303230663732386334323232353037396334 +34326633663031613837353464616436666663623733386463306164393562613061383031623137 +35616564396562653163653938353163306362666530373663373361383434323962656236326164 +61376434643365633863363833323665363662633638626663356164383864353064393163383532 +65613739373665396333326631323663316561383932666662376137316636363536376532336632 +65333562626530643835636561376166653732343731633737363237313263313464656162623138 +30623939373930316239366336316466393333656365326135393964396538656638663066393832 +65623438343562343332313438306235363839383136376333393933303730316265303133373939 +62303838313036333262616438303263663666393063393030646336343239383631396130346361 +313061323037333237623965396362373936 diff --git a/inventory b/inventory new file mode 100644 index 0000000..3988930 --- /dev/null +++ b/inventory @@ -0,0 +1,16 @@ +[ssh_only] +# FI +aisa +anxur + +# FIT +merlin + +[servers] +poincare # VPS +mountainside # Raspberry Pi + +[desktops] +ampere # X1 G9 (RH) +hertz # X570 +ohm # T490 diff --git a/inventory/desktops.yml b/inventory/desktops.yml deleted file mode 100644 index 7abb083..0000000 --- a/inventory/desktops.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -desktops: - hosts: - hertz: - ampere: - git_email: "mfocko@redhat.com" - ohm: - - vars: - sshd_port: 22 - sshd_sign_host_keys: false - sshd_auth_password_authentication: "yes" - - flatpak_apps: - - "com.chatterino.chatterino/{{ ansible_architecture }}/stable" - - com.discordapp.Discord - - com.spotify.Client - # - net.ankiweb.Anki - - org.gnome.DejaDup - - org.mozilla.Thunderbird - # - org.raspberrypi.rpi-imager - - org.telegram.desktop - # - org.x.Warpinator diff --git a/inventory/global.yml b/inventory/global.yml deleted file mode 100644 index 64664c9..0000000 --- a/inventory/global.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -all: - vars: - target_user: "mfocko" - target_group: "{{ target_user }}" - gitlab_login: "{{ target_user }}" - fullname: "Matej Focko" - git_email: "me@mfocko.xyz" - gpg_signingkey: "7C47D46246790496" diff --git a/inventory/servers.yml b/inventory/servers.yml deleted file mode 100644 index 4b5ebd1..0000000 --- a/inventory/servers.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -servers: - hosts: - poincare: - maxwell: - system_sshd_port: 6969 - - vars: - cloudflare_token: None diff --git a/inventory/ssh_only.yml b/inventory/ssh_only.yml deleted file mode 100644 index 50a1f10..0000000 --- a/inventory/ssh_only.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -ssh_only: - hosts: - aisa: - anxur: - merlin: