feat: convert inventories and use Ansible Vault

Fixes #52

Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
Matej Focko 2024-11-13 09:45:54 +01:00
parent 8454780c92
commit bbd265cf95
Signed by: mfocko
SSH key fingerprint: SHA256:icm0fIOSJUpy5+1x23sfr+hLtF9UhY8VpMC7H4WFJP8
21 changed files with 160 additions and 48 deletions

View file

@ -1,3 +1,3 @@
[defaults]
inventory = inventory/
inventory = ./inventory
roles_path = roles/

View file

@ -35,6 +35,9 @@ porkbun_secretapikey: None
# Public ID tied to the Yubikey OTP
yubikey_token_id: None
# Client IP for the wg-admin VPN
wg_admin_ip: None
# Wireguard connections
# List of connections to set up, example:
#

12
group_vars/all/vars Normal file
View file

@ -0,0 +1,12 @@
target_user: "mfocko"
target_group: "{{ target_user }}"
gitlab_login: "{{ target_user }}"
fullname: "Matej Focko"
git_email: "{{ vault_git_email }}"
gpg_signingkey: "7C47D46246790496"
hashicorp_vault_address: "{{ vault_hashicorp_vault_address }}"
vaultwarden_address: "{{ vault_vaultwarden_address }}"
wg_admin_ip: "{{ vault_wg_admin_ip }}"
wg_connections: "{{ vault_wg_connections }}"

28
group_vars/all/vault Normal file
View file

@ -0,0 +1,28 @@
$ANSIBLE_VAULT;1.1;AES256
63376231613461376465633862633737343864636662306262303530303165623730613833323961
6233383266366236326435656134656437356539326533390a636631613339373366346338666436
38633938316237626662666363343230663533633565643838323137306434376539353439306339
3435623631323865630a333834343066363837643061313063666632383962396435326530633239
30396561643634396632386433633263323830646463643835626639313139663332653638353862
33616434363635396462343533656234393662373533666662623763633363636233626436663931
33633439323531663634613834396330653636353733366336303836646230373165663833363134
39623339353436373862333736353133353331623239663961313835666166323233643964646138
34656332663534626636323531333563653263366330346665663739373335356631386562353531
32613765316661303034616366656462376561363432396663646565353230316238366336376466
32663264313531393136363832393364616538646131653561653762366430396437396361376132
66633035663334323762396361326538343032356432333766346538653864313530653162653131
66383461383036306137343638373831633265303638643366393837373332623538326364643739
32316464376535643933363935383336663438373132643233346133383232653363373337323634
36356531623838306262333733306639336538323630656438383836323437373938373139396131
33643361326362643638306162336132626135393362373431306137383261643335626534353730
32626630633135656432313737326238343264333465313434633961383166313162656666626639
34336438353838376530306630326635633262616631653436313739393438663162313265626431
35333033396265356166356162646462376532616431663530653664323838343833663464653035
31336436316631616135326233363235303032346161393366323930623430376333636661623737
39613464653165366230383539366464336639383666636437323337666566613836376537656466
32346161386163363665373633663961333435613636376165386634366331393835306537323033
39353963633061616466323636396536643338356361353865313139396135663836636162343165
65386162343539336437643630323631353230396566616563613865613261383835353862313134
37336236393862656636376665646466623862633732663833616535373737613538626437303935
65633539663834333564386638626432316166616630653333326431643231626331666634383236
393965363664366531313766383735323335

15
group_vars/desktops/vars Normal file
View file

@ -0,0 +1,15 @@
sshd_port: 22
sshd_sign_host_keys: false
sshd_auth_password_authentication: "yes"
flatpak_apps:
- "com.chatterino.chatterino/{{ ansible_architecture }}/stable"
- com.discordapp.Discord
- com.spotify.Client
# - net.ankiweb.Anki
- org.gnome.DejaDup
- org.mozilla.Thunderbird
# - org.raspberrypi.rpi-imager
- org.telegram.desktop
# - org.x.Warpinator
- org.flameshot.Flameshot

6
group_vars/servers/vars Normal file
View file

@ -0,0 +1,6 @@
certbot_email: "{{ vault_certbot_email }}"
host_fqdn: "{{ vault_host_fqdn }}"
porkbun_apikey: "{{ vault_porkbun_apikey }}"
porkbun_secretapikey: "{{ vault_porkbun_secretapikey }}"

7
group_vars/servers/vault Normal file
View file

@ -0,0 +1,7 @@
$ANSIBLE_VAULT;1.1;AES256
65363533346631623966613439373365316565326561363833373232633735306538386635306133
3065663736356532656637623031363737346137633534660a613064316533613063663939303966
61386430333631656634653431353337396633303165346462306362336534303339383731313037
3666333931383966320a316565383835323235353230326665636365333330646638366662383937
30626434663564393239613961333761653661643933303264313530366263616538373832343234
3030303234623935383262653236393335363834383838316530

1
host_vars/ampere/vars Normal file
View file

@ -0,0 +1 @@
git_email: mfocko@redhat.com

6
host_vars/ampere/vault Normal file
View file

@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.1;AES256
37346330376565653933653934653564643163356637666632393964366632363336353463323432
3765303739303338326463396635653834396361316331340a326239666464363739363562613233
30353039313564353866663838626366663064633332313662656238323262393131626462373064
6566376239356530300a303362633534636565386636393764396362653263323362306264383461
31363065383436313062336338303762316164663036393533376130643138646237

6
host_vars/hertz/vault Normal file
View file

@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.1;AES256
61353931363939383464363938643136373433643736333361646566393863663136336162643962
3038666635616462623231656565663764643666663536390a316232623638396239636234376330
64663638363766343536373236366434356135366435336661393935396161393161626361313662
6664343835393263310a623439323739666362356335653538646331316331613165393263343039
34363335393961363265646263653138346563633339653039613831366565326638

View file

@ -0,0 +1,10 @@
system_sshd_port: 22022
certbot_domains:
- mountainside.mfocko.xyz
- '*.mountainside.mfocko.xyz'
ddns_domain: "mfocko.xyz"
ddns_subdomains:
- mountainside
- '*.mountainside'

View file

@ -0,0 +1,18 @@
$ANSIBLE_VAULT;1.1;AES256
36636438356436373332646664346661373963643733333236363633643064623636663239383965
3635646338663966303232306532393934336261646537300a363838643037656339393937366633
66303139376663626136353838353961626533623031316565393639363538636666633633656532
6533643435663638380a663565313230326166343431666266663737393032326334633537653763
39323464636231333931646430313539613332623435323833643763333637643438633431303166
38386434323565343266663331313664316333373032613238326139333038383134336134316666
62633364613830323935653839373235376566393863363565376463346263653837643534376333
32666233613036616366363263353030633966343066623731343763313537373433663266393362
32376636313465373932633435306363313262613161353234313063396362333732343864373964
37323333356235336530343761316335623366646536623233353062396439613834663963326230
33376235626165346530623931663832633363373139323237353664663562336235366538623538
39636230326639613637653431666564343831663438623738323635343237656463333637306563
36346131363737613633383763333032373635393730626435343565353065653265653563646562
38366630373166373266633030323066653866363238323738666137656435653133643336316463
63666236343534303636643630613838336466623530613436356362333732303666636239663665
38396166333837393737303138636133323933613932313030386664303865626130626661663337
35613532613062346435343330633232393038303862326632303033623031306433

6
host_vars/ohm/vault Normal file
View file

@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.1;AES256
39613963623737303136636165366264616163393832663536353438303531326537626530383739
3635393366636431636232663433616437313037326430340a323865383730653761323939643832
64613364663265616239333465336232326165633539396538363137303132633064396239643134
3733353132613664310a393830626335623236626364353530386631396261373731323464656235
35663438656465626364376335353831613439363335343633613339393733613365

6
host_vars/pascal/vault Normal file
View file

@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.1;AES256
37343037373839623562376137666464336335333264653438343536336365646566383730313439
3133646234353136353361643261393461643863363533370a326539376438303663323032633938
35393162346338646464356535373337333364636333623531316638386363626365613962346461
6435313634376330350a636632373533323762656131336431656266303136373031313932343963
66323135373033363262613633353731386135646138346265653237343438376462

3
host_vars/poincare/vars Normal file
View file

@ -0,0 +1,3 @@
certbot_domains:
- mfocko.xyz
- '*.mfocko.xyz'

16
host_vars/poincare/vault Normal file
View file

@ -0,0 +1,16 @@
$ANSIBLE_VAULT;1.1;AES256
32373735633265643033656563343839666566353330653231353538646537643363373438636664
3535373337356161653838653734616431336539623338630a663766393436343964623737663064
36323130313462306333663932386438613731336163343434333833313065366130313462633532
6533663439313565310a623161333466376166656630323636366435336334316635623138353761
36346539646632326166643935623137363964383036373632616466396239346533626239356565
37613331613238336561326161343163303733393262303230663732386334323232353037396334
34326633663031613837353464616436666663623733386463306164393562613061383031623137
35616564396562653163653938353163306362666530373663373361383434323962656236326164
61376434643365633863363833323665363662633638626663356164383864353064393163383532
65613739373665396333326631323663316561383932666662376137316636363536376532336632
65333562626530643835636561376166653732343731633737363237313263313464656162623138
30623939373930316239366336316466393333656365326135393964396538656638663066393832
65623438343562343332313438306235363839383136376333393933303730316265303133373939
62303838313036333262616438303263663666393063393030646336343239383631396130346361
313061323037333237623965396362373936

16
inventory Normal file
View file

@ -0,0 +1,16 @@
[ssh_only]
# FI
aisa
anxur
# FIT
merlin
[servers]
poincare # VPS
mountainside # Raspberry Pi
[desktops]
ampere # X1 G9 (RH)
hertz # X570
ohm # T490

View file

@ -1,23 +0,0 @@
---
desktops:
hosts:
hertz:
ampere:
git_email: "mfocko@redhat.com"
ohm:
vars:
sshd_port: 22
sshd_sign_host_keys: false
sshd_auth_password_authentication: "yes"
flatpak_apps:
- "com.chatterino.chatterino/{{ ansible_architecture }}/stable"
- com.discordapp.Discord
- com.spotify.Client
# - net.ankiweb.Anki
- org.gnome.DejaDup
- org.mozilla.Thunderbird
# - org.raspberrypi.rpi-imager
- org.telegram.desktop
# - org.x.Warpinator

View file

@ -1,9 +0,0 @@
---
all:
vars:
target_user: "mfocko"
target_group: "{{ target_user }}"
gitlab_login: "{{ target_user }}"
fullname: "Matej Focko"
git_email: "me@mfocko.xyz"
gpg_signingkey: "7C47D46246790496"

View file

@ -1,9 +0,0 @@
---
servers:
hosts:
poincare:
maxwell:
system_sshd_port: 6969
vars:
cloudflare_token: None

View file

@ -1,6 +0,0 @@
---
ssh_only:
hosts:
aisa:
anxur:
merlin: