feat: convert inventories and use Ansible Vault

Fixes #52 Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-11-13 09:45:54 +01:00 · 2024-11-13 09:45:54 +01:00 · bbd265cf95
commit bbd265cf95
parent 8454780c92
21 changed files with 160 additions and 48 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,3 +1,3 @@
 [defaults]
-inventory     = inventory/
+inventory     = ./inventory
 roles_path    = roles/
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -35,6 +35,9 @@ porkbun_secretapikey: None
 # Public ID tied to the Yubikey OTP
 yubikey_token_id: None
 # Client IP for the ‹wg-admin› VPN
 wg_admin_ip: None
 # Wireguard connections
 # List of connections to set up, example:
 #
--- a/group_vars/all/vars
+++ b/group_vars/all/vars
@ -0,0 +1,12 @@
 target_user: "mfocko"
 target_group: "{{ target_user }}"
 gitlab_login: "{{ target_user }}"
 fullname: "Matej Focko"
 git_email: "{{ vault_git_email }}"
 gpg_signingkey: "7C47D46246790496"
 hashicorp_vault_address: "{{ vault_hashicorp_vault_address }}"
 vaultwarden_address: "{{ vault_vaultwarden_address }}"
 wg_admin_ip: "{{ vault_wg_admin_ip }}"
 wg_connections: "{{ vault_wg_connections }}"
--- a/group_vars/all/vault
+++ b/group_vars/all/vault
@ -0,0 +1,28 @@
 $ANSIBLE_VAULT;1.1;AES256
 63376231613461376465633862633737343864636662306262303530303165623730613833323961
 6233383266366236326435656134656437356539326533390a636631613339373366346338666436
 38633938316237626662666363343230663533633565643838323137306434376539353439306339
 3435623631323865630a333834343066363837643061313063666632383962396435326530633239
 30396561643634396632386433633263323830646463643835626639313139663332653638353862
 33616434363635396462343533656234393662373533666662623763633363636233626436663931
 33633439323531663634613834396330653636353733366336303836646230373165663833363134
 39623339353436373862333736353133353331623239663961313835666166323233643964646138
 34656332663534626636323531333563653263366330346665663739373335356631386562353531
 32613765316661303034616366656462376561363432396663646565353230316238366336376466
 32663264313531393136363832393364616538646131653561653762366430396437396361376132
 66633035663334323762396361326538343032356432333766346538653864313530653162653131
 66383461383036306137343638373831633265303638643366393837373332623538326364643739
 32316464376535643933363935383336663438373132643233346133383232653363373337323634
 36356531623838306262333733306639336538323630656438383836323437373938373139396131
 33643361326362643638306162336132626135393362373431306137383261643335626534353730
 32626630633135656432313737326238343264333465313434633961383166313162656666626639
 34336438353838376530306630326635633262616631653436313739393438663162313265626431
 35333033396265356166356162646462376532616431663530653664323838343833663464653035
 31336436316631616135326233363235303032346161393366323930623430376333636661623737
 39613464653165366230383539366464336639383666636437323337666566613836376537656466
 32346161386163363665373633663961333435613636376165386634366331393835306537323033
 39353963633061616466323636396536643338356361353865313139396135663836636162343165
 65386162343539336437643630323631353230396566616563613865613261383835353862313134
 37336236393862656636376665646466623862633732663833616535373737613538626437303935
 65633539663834333564386638626432316166616630653333326431643231626331666634383236
 393965363664366531313766383735323335
--- a/group_vars/desktops/vars
+++ b/group_vars/desktops/vars
@ -0,0 +1,15 @@
 sshd_port: 22
 sshd_sign_host_keys: false
 sshd_auth_password_authentication: "yes"
 flatpak_apps:
  - "com.chatterino.chatterino/{{ ansible_architecture }}/stable"
  - com.discordapp.Discord
  - com.spotify.Client
  # - net.ankiweb.Anki
  - org.gnome.DejaDup
  - org.mozilla.Thunderbird
  # - org.raspberrypi.rpi-imager
  - org.telegram.desktop
  # - org.x.Warpinator
  - org.flameshot.Flameshot
--- a/group_vars/servers/vars
+++ b/group_vars/servers/vars
@ -0,0 +1,6 @@
 certbot_email: "{{ vault_certbot_email }}"
 host_fqdn: "{{ vault_host_fqdn }}"
 porkbun_apikey: "{{ vault_porkbun_apikey }}"
 porkbun_secretapikey: "{{ vault_porkbun_secretapikey }}"
--- a/group_vars/servers/vault
+++ b/group_vars/servers/vault
@ -0,0 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
 65363533346631623966613439373365316565326561363833373232633735306538386635306133
 3065663736356532656637623031363737346137633534660a613064316533613063663939303966
 61386430333631656634653431353337396633303165346462306362336534303339383731313037
 3666333931383966320a316565383835323235353230326665636365333330646638366662383937
 30626434663564393239613961333761653661643933303264313530366263616538373832343234
 3030303234623935383262653236393335363834383838316530
--- a/host_vars/ampere/vars
+++ b/host_vars/ampere/vars
@ -0,0 +1 @@
 git_email: mfocko@redhat.com
--- a/host_vars/ampere/vault
+++ b/host_vars/ampere/vault
@ -0,0 +1,6 @@
 $ANSIBLE_VAULT;1.1;AES256
 37346330376565653933653934653564643163356637666632393964366632363336353463323432
 3765303739303338326463396635653834396361316331340a326239666464363739363562613233
 30353039313564353866663838626366663064633332313662656238323262393131626462373064
 6566376239356530300a303362633534636565386636393764396362653263323362306264383461
 31363065383436313062336338303762316164663036393533376130643138646237
--- a/host_vars/hertz/vault
+++ b/host_vars/hertz/vault
@ -0,0 +1,6 @@
 $ANSIBLE_VAULT;1.1;AES256
 61353931363939383464363938643136373433643736333361646566393863663136336162643962
 3038666635616462623231656565663764643666663536390a316232623638396239636234376330
 64663638363766343536373236366434356135366435336661393935396161393161626361313662
 6664343835393263310a623439323739666362356335653538646331316331613165393263343039
 34363335393961363265646263653138346563633339653039613831366565326638
--- a/host_vars/mountainside/vars
+++ b/host_vars/mountainside/vars
@ -0,0 +1,10 @@
 system_sshd_port: 22022
 certbot_domains:
  - mountainside.mfocko.xyz
  - '*.mountainside.mfocko.xyz'
 ddns_domain: "mfocko.xyz"
 ddns_subdomains:
  - mountainside
  - '*.mountainside'
--- a/host_vars/mountainside/vault
+++ b/host_vars/mountainside/vault
@ -0,0 +1,18 @@
 $ANSIBLE_VAULT;1.1;AES256
 36636438356436373332646664346661373963643733333236363633643064623636663239383965
 3635646338663966303232306532393934336261646537300a363838643037656339393937366633
 66303139376663626136353838353961626533623031316565393639363538636666633633656532
 6533643435663638380a663565313230326166343431666266663737393032326334633537653763
 39323464636231333931646430313539613332623435323833643763333637643438633431303166
 38386434323565343266663331313664316333373032613238326139333038383134336134316666
 62633364613830323935653839373235376566393863363565376463346263653837643534376333
 32666233613036616366363263353030633966343066623731343763313537373433663266393362
 32376636313465373932633435306363313262613161353234313063396362333732343864373964
 37323333356235336530343761316335623366646536623233353062396439613834663963326230
 33376235626165346530623931663832633363373139323237353664663562336235366538623538
 39636230326639613637653431666564343831663438623738323635343237656463333637306563
 36346131363737613633383763333032373635393730626435343565353065653265653563646562
 38366630373166373266633030323066653866363238323738666137656435653133643336316463
 63666236343534303636643630613838336466623530613436356362333732303666636239663665
 38396166333837393737303138636133323933613932313030386664303865626130626661663337
 35613532613062346435343330633232393038303862326632303033623031306433
--- a/host_vars/ohm/vault
+++ b/host_vars/ohm/vault
@ -0,0 +1,6 @@
 $ANSIBLE_VAULT;1.1;AES256
 39613963623737303136636165366264616163393832663536353438303531326537626530383739
 3635393366636431636232663433616437313037326430340a323865383730653761323939643832
 64613364663265616239333465336232326165633539396538363137303132633064396239643134
 3733353132613664310a393830626335623236626364353530386631396261373731323464656235
 35663438656465626364376335353831613439363335343633613339393733613365
--- a/host_vars/pascal/vault
+++ b/host_vars/pascal/vault
@ -0,0 +1,6 @@
 $ANSIBLE_VAULT;1.1;AES256
 37343037373839623562376137666464336335333264653438343536336365646566383730313439
 3133646234353136353361643261393461643863363533370a326539376438303663323032633938
 35393162346338646464356535373337333364636333623531316638386363626365613962346461
 6435313634376330350a636632373533323762656131336431656266303136373031313932343963
 66323135373033363262613633353731386135646138346265653237343438376462
--- a/host_vars/poincare/vars
+++ b/host_vars/poincare/vars
@ -0,0 +1,3 @@
 certbot_domains:
  - mfocko.xyz
  - '*.mfocko.xyz'
--- a/host_vars/poincare/vault
+++ b/host_vars/poincare/vault
@ -0,0 +1,16 @@
 $ANSIBLE_VAULT;1.1;AES256
 32373735633265643033656563343839666566353330653231353538646537643363373438636664
 3535373337356161653838653734616431336539623338630a663766393436343964623737663064
 36323130313462306333663932386438613731336163343434333833313065366130313462633532
 6533663439313565310a623161333466376166656630323636366435336334316635623138353761
 36346539646632326166643935623137363964383036373632616466396239346533626239356565
 37613331613238336561326161343163303733393262303230663732386334323232353037396334
 34326633663031613837353464616436666663623733386463306164393562613061383031623137
 35616564396562653163653938353163306362666530373663373361383434323962656236326164
 61376434643365633863363833323665363662633638626663356164383864353064393163383532
 65613739373665396333326631323663316561383932666662376137316636363536376532336632
 65333562626530643835636561376166653732343731633737363237313263313464656162623138
 30623939373930316239366336316466393333656365326135393964396538656638663066393832
 65623438343562343332313438306235363839383136376333393933303730316265303133373939
 62303838313036333262616438303263663666393063393030646336343239383631396130346361
 313061323037333237623965396362373936
--- a/16
+++ b/16
@ -0,0 +1,16 @@
 [ssh_only]
 # FI
 aisa
 anxur
 # FIT
 merlin
 [servers]
 poincare  # VPS
 mountainside  # Raspberry Pi
 [desktops]
 ampere  # X1 G9 (RH)
 hertz  # X570
 ohm  # T490
--- a/inventory/desktops.yml
+++ b/inventory/desktops.yml
@ -1,23 +0,0 @@
 ---
 desktops:
  hosts:
    hertz:
    ampere:
      git_email: "mfocko@redhat.com"
    ohm:
  vars:
    sshd_port: 22
    sshd_sign_host_keys: false
    sshd_auth_password_authentication: "yes"
    flatpak_apps:
      - "com.chatterino.chatterino/{{ ansible_architecture }}/stable"
      - com.discordapp.Discord
      - com.spotify.Client
      # - net.ankiweb.Anki
      - org.gnome.DejaDup
      - org.mozilla.Thunderbird
      # - org.raspberrypi.rpi-imager
      - org.telegram.desktop
      # - org.x.Warpinator
--- a/inventory/global.yml
+++ b/inventory/global.yml
@ -1,9 +0,0 @@
 ---
 all:
  vars:
    target_user: "mfocko"
    target_group: "{{ target_user }}"
    gitlab_login: "{{ target_user }}"
    fullname: "Matej Focko"
    git_email: "me@mfocko.xyz"
    gpg_signingkey: "7C47D46246790496"
--- a/inventory/servers.yml
+++ b/inventory/servers.yml
@ -1,9 +0,0 @@
 ---
 servers:
  hosts:
    poincare:
    maxwell:
      system_sshd_port: 6969
  vars:
    cloudflare_token: None
--- a/inventory/ssh_only.yml
+++ b/inventory/ssh_only.yml
@ -1,6 +0,0 @@
 ---
 ssh_only:
  hosts:
    aisa:
    anxur:
    merlin: