feat: convert inventories and use Ansible Vault
Fixes #52 Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
parent
8454780c92
commit
bbd265cf95
21 changed files with 160 additions and 48 deletions
|
@ -1,3 +1,3 @@
|
||||||
[defaults]
|
[defaults]
|
||||||
inventory = inventory/
|
inventory = ./inventory
|
||||||
roles_path = roles/
|
roles_path = roles/
|
||||||
|
|
|
@ -35,6 +35,9 @@ porkbun_secretapikey: None
|
||||||
# Public ID tied to the Yubikey OTP
|
# Public ID tied to the Yubikey OTP
|
||||||
yubikey_token_id: None
|
yubikey_token_id: None
|
||||||
|
|
||||||
|
# Client IP for the ‹wg-admin› VPN
|
||||||
|
wg_admin_ip: None
|
||||||
|
|
||||||
# Wireguard connections
|
# Wireguard connections
|
||||||
# List of connections to set up, example:
|
# List of connections to set up, example:
|
||||||
#
|
#
|
||||||
|
|
12
group_vars/all/vars
Normal file
12
group_vars/all/vars
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
target_user: "mfocko"
|
||||||
|
target_group: "{{ target_user }}"
|
||||||
|
gitlab_login: "{{ target_user }}"
|
||||||
|
fullname: "Matej Focko"
|
||||||
|
git_email: "{{ vault_git_email }}"
|
||||||
|
gpg_signingkey: "7C47D46246790496"
|
||||||
|
|
||||||
|
hashicorp_vault_address: "{{ vault_hashicorp_vault_address }}"
|
||||||
|
vaultwarden_address: "{{ vault_vaultwarden_address }}"
|
||||||
|
|
||||||
|
wg_admin_ip: "{{ vault_wg_admin_ip }}"
|
||||||
|
wg_connections: "{{ vault_wg_connections }}"
|
28
group_vars/all/vault
Normal file
28
group_vars/all/vault
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
63376231613461376465633862633737343864636662306262303530303165623730613833323961
|
||||||
|
6233383266366236326435656134656437356539326533390a636631613339373366346338666436
|
||||||
|
38633938316237626662666363343230663533633565643838323137306434376539353439306339
|
||||||
|
3435623631323865630a333834343066363837643061313063666632383962396435326530633239
|
||||||
|
30396561643634396632386433633263323830646463643835626639313139663332653638353862
|
||||||
|
33616434363635396462343533656234393662373533666662623763633363636233626436663931
|
||||||
|
33633439323531663634613834396330653636353733366336303836646230373165663833363134
|
||||||
|
39623339353436373862333736353133353331623239663961313835666166323233643964646138
|
||||||
|
34656332663534626636323531333563653263366330346665663739373335356631386562353531
|
||||||
|
32613765316661303034616366656462376561363432396663646565353230316238366336376466
|
||||||
|
32663264313531393136363832393364616538646131653561653762366430396437396361376132
|
||||||
|
66633035663334323762396361326538343032356432333766346538653864313530653162653131
|
||||||
|
66383461383036306137343638373831633265303638643366393837373332623538326364643739
|
||||||
|
32316464376535643933363935383336663438373132643233346133383232653363373337323634
|
||||||
|
36356531623838306262333733306639336538323630656438383836323437373938373139396131
|
||||||
|
33643361326362643638306162336132626135393362373431306137383261643335626534353730
|
||||||
|
32626630633135656432313737326238343264333465313434633961383166313162656666626639
|
||||||
|
34336438353838376530306630326635633262616631653436313739393438663162313265626431
|
||||||
|
35333033396265356166356162646462376532616431663530653664323838343833663464653035
|
||||||
|
31336436316631616135326233363235303032346161393366323930623430376333636661623737
|
||||||
|
39613464653165366230383539366464336639383666636437323337666566613836376537656466
|
||||||
|
32346161386163363665373633663961333435613636376165386634366331393835306537323033
|
||||||
|
39353963633061616466323636396536643338356361353865313139396135663836636162343165
|
||||||
|
65386162343539336437643630323631353230396566616563613865613261383835353862313134
|
||||||
|
37336236393862656636376665646466623862633732663833616535373737613538626437303935
|
||||||
|
65633539663834333564386638626432316166616630653333326431643231626331666634383236
|
||||||
|
393965363664366531313766383735323335
|
15
group_vars/desktops/vars
Normal file
15
group_vars/desktops/vars
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
sshd_port: 22
|
||||||
|
sshd_sign_host_keys: false
|
||||||
|
sshd_auth_password_authentication: "yes"
|
||||||
|
|
||||||
|
flatpak_apps:
|
||||||
|
- "com.chatterino.chatterino/{{ ansible_architecture }}/stable"
|
||||||
|
- com.discordapp.Discord
|
||||||
|
- com.spotify.Client
|
||||||
|
# - net.ankiweb.Anki
|
||||||
|
- org.gnome.DejaDup
|
||||||
|
- org.mozilla.Thunderbird
|
||||||
|
# - org.raspberrypi.rpi-imager
|
||||||
|
- org.telegram.desktop
|
||||||
|
# - org.x.Warpinator
|
||||||
|
- org.flameshot.Flameshot
|
6
group_vars/servers/vars
Normal file
6
group_vars/servers/vars
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
certbot_email: "{{ vault_certbot_email }}"
|
||||||
|
|
||||||
|
host_fqdn: "{{ vault_host_fqdn }}"
|
||||||
|
|
||||||
|
porkbun_apikey: "{{ vault_porkbun_apikey }}"
|
||||||
|
porkbun_secretapikey: "{{ vault_porkbun_secretapikey }}"
|
7
group_vars/servers/vault
Normal file
7
group_vars/servers/vault
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
65363533346631623966613439373365316565326561363833373232633735306538386635306133
|
||||||
|
3065663736356532656637623031363737346137633534660a613064316533613063663939303966
|
||||||
|
61386430333631656634653431353337396633303165346462306362336534303339383731313037
|
||||||
|
3666333931383966320a316565383835323235353230326665636365333330646638366662383937
|
||||||
|
30626434663564393239613961333761653661643933303264313530366263616538373832343234
|
||||||
|
3030303234623935383262653236393335363834383838316530
|
1
host_vars/ampere/vars
Normal file
1
host_vars/ampere/vars
Normal file
|
@ -0,0 +1 @@
|
||||||
|
git_email: mfocko@redhat.com
|
6
host_vars/ampere/vault
Normal file
6
host_vars/ampere/vault
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
37346330376565653933653934653564643163356637666632393964366632363336353463323432
|
||||||
|
3765303739303338326463396635653834396361316331340a326239666464363739363562613233
|
||||||
|
30353039313564353866663838626366663064633332313662656238323262393131626462373064
|
||||||
|
6566376239356530300a303362633534636565386636393764396362653263323362306264383461
|
||||||
|
31363065383436313062336338303762316164663036393533376130643138646237
|
6
host_vars/hertz/vault
Normal file
6
host_vars/hertz/vault
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
61353931363939383464363938643136373433643736333361646566393863663136336162643962
|
||||||
|
3038666635616462623231656565663764643666663536390a316232623638396239636234376330
|
||||||
|
64663638363766343536373236366434356135366435336661393935396161393161626361313662
|
||||||
|
6664343835393263310a623439323739666362356335653538646331316331613165393263343039
|
||||||
|
34363335393961363265646263653138346563633339653039613831366565326638
|
10
host_vars/mountainside/vars
Normal file
10
host_vars/mountainside/vars
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
system_sshd_port: 22022
|
||||||
|
|
||||||
|
certbot_domains:
|
||||||
|
- mountainside.mfocko.xyz
|
||||||
|
- '*.mountainside.mfocko.xyz'
|
||||||
|
|
||||||
|
ddns_domain: "mfocko.xyz"
|
||||||
|
ddns_subdomains:
|
||||||
|
- mountainside
|
||||||
|
- '*.mountainside'
|
18
host_vars/mountainside/vault
Normal file
18
host_vars/mountainside/vault
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
36636438356436373332646664346661373963643733333236363633643064623636663239383965
|
||||||
|
3635646338663966303232306532393934336261646537300a363838643037656339393937366633
|
||||||
|
66303139376663626136353838353961626533623031316565393639363538636666633633656532
|
||||||
|
6533643435663638380a663565313230326166343431666266663737393032326334633537653763
|
||||||
|
39323464636231333931646430313539613332623435323833643763333637643438633431303166
|
||||||
|
38386434323565343266663331313664316333373032613238326139333038383134336134316666
|
||||||
|
62633364613830323935653839373235376566393863363565376463346263653837643534376333
|
||||||
|
32666233613036616366363263353030633966343066623731343763313537373433663266393362
|
||||||
|
32376636313465373932633435306363313262613161353234313063396362333732343864373964
|
||||||
|
37323333356235336530343761316335623366646536623233353062396439613834663963326230
|
||||||
|
33376235626165346530623931663832633363373139323237353664663562336235366538623538
|
||||||
|
39636230326639613637653431666564343831663438623738323635343237656463333637306563
|
||||||
|
36346131363737613633383763333032373635393730626435343565353065653265653563646562
|
||||||
|
38366630373166373266633030323066653866363238323738666137656435653133643336316463
|
||||||
|
63666236343534303636643630613838336466623530613436356362333732303666636239663665
|
||||||
|
38396166333837393737303138636133323933613932313030386664303865626130626661663337
|
||||||
|
35613532613062346435343330633232393038303862326632303033623031306433
|
6
host_vars/ohm/vault
Normal file
6
host_vars/ohm/vault
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
39613963623737303136636165366264616163393832663536353438303531326537626530383739
|
||||||
|
3635393366636431636232663433616437313037326430340a323865383730653761323939643832
|
||||||
|
64613364663265616239333465336232326165633539396538363137303132633064396239643134
|
||||||
|
3733353132613664310a393830626335623236626364353530386631396261373731323464656235
|
||||||
|
35663438656465626364376335353831613439363335343633613339393733613365
|
6
host_vars/pascal/vault
Normal file
6
host_vars/pascal/vault
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
37343037373839623562376137666464336335333264653438343536336365646566383730313439
|
||||||
|
3133646234353136353361643261393461643863363533370a326539376438303663323032633938
|
||||||
|
35393162346338646464356535373337333364636333623531316638386363626365613962346461
|
||||||
|
6435313634376330350a636632373533323762656131336431656266303136373031313932343963
|
||||||
|
66323135373033363262613633353731386135646138346265653237343438376462
|
3
host_vars/poincare/vars
Normal file
3
host_vars/poincare/vars
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
certbot_domains:
|
||||||
|
- mfocko.xyz
|
||||||
|
- '*.mfocko.xyz'
|
16
host_vars/poincare/vault
Normal file
16
host_vars/poincare/vault
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
32373735633265643033656563343839666566353330653231353538646537643363373438636664
|
||||||
|
3535373337356161653838653734616431336539623338630a663766393436343964623737663064
|
||||||
|
36323130313462306333663932386438613731336163343434333833313065366130313462633532
|
||||||
|
6533663439313565310a623161333466376166656630323636366435336334316635623138353761
|
||||||
|
36346539646632326166643935623137363964383036373632616466396239346533626239356565
|
||||||
|
37613331613238336561326161343163303733393262303230663732386334323232353037396334
|
||||||
|
34326633663031613837353464616436666663623733386463306164393562613061383031623137
|
||||||
|
35616564396562653163653938353163306362666530373663373361383434323962656236326164
|
||||||
|
61376434643365633863363833323665363662633638626663356164383864353064393163383532
|
||||||
|
65613739373665396333326631323663316561383932666662376137316636363536376532336632
|
||||||
|
65333562626530643835636561376166653732343731633737363237313263313464656162623138
|
||||||
|
30623939373930316239366336316466393333656365326135393964396538656638663066393832
|
||||||
|
65623438343562343332313438306235363839383136376333393933303730316265303133373939
|
||||||
|
62303838313036333262616438303263663666393063393030646336343239383631396130346361
|
||||||
|
313061323037333237623965396362373936
|
16
inventory
Normal file
16
inventory
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
[ssh_only]
|
||||||
|
# FI
|
||||||
|
aisa
|
||||||
|
anxur
|
||||||
|
|
||||||
|
# FIT
|
||||||
|
merlin
|
||||||
|
|
||||||
|
[servers]
|
||||||
|
poincare # VPS
|
||||||
|
mountainside # Raspberry Pi
|
||||||
|
|
||||||
|
[desktops]
|
||||||
|
ampere # X1 G9 (RH)
|
||||||
|
hertz # X570
|
||||||
|
ohm # T490
|
|
@ -1,23 +0,0 @@
|
||||||
---
|
|
||||||
desktops:
|
|
||||||
hosts:
|
|
||||||
hertz:
|
|
||||||
ampere:
|
|
||||||
git_email: "mfocko@redhat.com"
|
|
||||||
ohm:
|
|
||||||
|
|
||||||
vars:
|
|
||||||
sshd_port: 22
|
|
||||||
sshd_sign_host_keys: false
|
|
||||||
sshd_auth_password_authentication: "yes"
|
|
||||||
|
|
||||||
flatpak_apps:
|
|
||||||
- "com.chatterino.chatterino/{{ ansible_architecture }}/stable"
|
|
||||||
- com.discordapp.Discord
|
|
||||||
- com.spotify.Client
|
|
||||||
# - net.ankiweb.Anki
|
|
||||||
- org.gnome.DejaDup
|
|
||||||
- org.mozilla.Thunderbird
|
|
||||||
# - org.raspberrypi.rpi-imager
|
|
||||||
- org.telegram.desktop
|
|
||||||
# - org.x.Warpinator
|
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
all:
|
|
||||||
vars:
|
|
||||||
target_user: "mfocko"
|
|
||||||
target_group: "{{ target_user }}"
|
|
||||||
gitlab_login: "{{ target_user }}"
|
|
||||||
fullname: "Matej Focko"
|
|
||||||
git_email: "me@mfocko.xyz"
|
|
||||||
gpg_signingkey: "7C47D46246790496"
|
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
servers:
|
|
||||||
hosts:
|
|
||||||
poincare:
|
|
||||||
maxwell:
|
|
||||||
system_sshd_port: 6969
|
|
||||||
|
|
||||||
vars:
|
|
||||||
cloudflare_token: None
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
ssh_only:
|
|
||||||
hosts:
|
|
||||||
aisa:
|
|
||||||
anxur:
|
|
||||||
merlin:
|
|
Loading…
Reference in a new issue