9 files changed, 294 insertions, 0 deletions

diff --git a/dan/host_vars/sk-cloudio.yml b/dan/host_vars/sk-cloudio.yml
new file mode 100644
index 00000000..c5887a82
--- /dev/null
+++ b/dan/host_vars/sk-cloudio.yml
@@ -0,0 +1,53 @@
+$ANSIBLE_VAULT;1.2;AES256;dan
+35643164636339633130626437653864373332623936633833316362643239373437373830353237
+6531666166396233303132646135366565613934313037350a373031643132346537303036333662
+31393333363733663465643833303536353463633937643136323435643465333437326634363066
+6337613661633636650a323634383436363838346566373262653039343435383362623934303332
+30353866653836363631636466396334393765656163366163353134633339396534336235333535
+36306262623332323465376435386134333631623762623136323764373538666463386562666630
+65633233333366626539323134616432356237636334383264366263316663313933653465386661
+32363561383661653138383362373662313464303766663666353733666462376566666563633963
+39633032313764623839656639386564383665313535333831313166323237393163303163313838
+32653661343163386166636438323662653537636130333334623663353333313338316461346632
+33316538336135306233366430613531303763313732393931626235646666643235323035353237
+36623933383461653631663961666134666636666535646161393963343533643235616432643965
+61663130333732656431323235376561313036646262376232666138323964623030633437373732
+31663139353064353365343966353435353430623531643939366336333962333030363066353735
+66653062663730363230383432356538363839383434323338623434373536386561323534323239
+33356434663032376562356139333238643836613061646135303861656339333466383033353561
+34353633326131623933376263623665336337356362386332303136383366306631656136663832
+39653166333934386336653861643964356337383362656466306164663235343665646463643064
+39366365393863386430323533353866633533353633343666643665366666653965376336386564
+64613633383464373533636661333665333262646135383234303534626635333863336362343932
+34323466373031326365316366313832633165623037303039616462643161376532366637653564
+38616438326361313765636332323965623631626632306363383530316234613337656562663637
+34643266376461653939653730393162633738356137383662313132363961613338626561653931
+30653639313966316130373934333965366637653839333238303932313565323436656635653665
+37396338613939663162353034373463333737383232333633326238623837353938356266393036
+39663463303066343835396161303166353164663434356165363233333538623430376164663832
+37616330643138343135666434343431353064303838626239336165366362393634663965333664
+65333365333035646465306232666361366331393762613535306263376265303065353834323231
+30363165663036313838363539636231343966316537306639663863663664393733613362616566
+37613239383364373036653039336534353661613261646632353763623435376664336534346236
+32353534316561353763646361333063656136373230306331343261613332363136626531363433
+30373065653139623533303932363931306264613866313734663634356133636661316234623632
+66383532343266366164393561316230626534313634623264353964346432383037316365333763
+61653062383434663939346265343563323039383164666239313965323061333164343236386636
+38666338653066656235316332626366316334323066356139613838313633323738366531303865
+38663466626364356335336230313630326365393762396162306164303733643761323539316437
+65626238643734303730623430383137643463373133383165333337646437356366613562643730
+33633365313534356665373332353361306661356434616433663765643139613937353065306465
+62313235393433663963383035613736626433306661633262306134613065386664663935396337
+37643437616235663639363537353237383539663866646164313863343230613362336164653834
+34666361356135376333343033613930393438626235333964313732616331356432636661326361
+30366432663663626430356665613431353661303961366564613865643862383264363331343364
+31393966663133306539663532623337653537336132613430346333653437373664373537373261
+38616366333761343033626261653630366434633332613465393566646561613665646363363833
+32613161376434333736653532313335653537313038333134613164623562663364653037313638
+38333261616262363461393931303364613836353363326236616161373933613035353961386238
+32323266633465393335323138343433396133626664626438356464616130633266363532313431
+64663662346663306365616463393933363965643465643863653561623538306662353264346561
+30646232623031363431386632393763623437656565333662376238643465366134313334376437
+36363262663433343061313839653665343366306336616461303739356464646638633966343631
+38323933376136343664333239623834303339613735383964663165316631366234383531316433
+62626666313939633364
diff --git a/dan/sk-cloudio.yml b/dan/sk-cloudio.yml
new file mode 100644
index 00000000..c82b0555
--- /dev/null
+++ b/dan/sk-cloudio.yml
@@ -0,0 +1,22 @@
+---
+- name: Basic Setup
+  hosts: sk-cloudio
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd
+  - role: core/zsh
+  - role: core/cpu-microcode
+  - role: core/admin-users
+  - role: zfs/base
+  - role: apt-repo/spreadspace
+  - role: zfs/sanoid
+  - role: kubernetes/base
+  - role: kubernetes/standalone/base
+  - role: acmetool/base
+  - role: nginx/base
+  # - role: apps/nextcloud
+  # - role: apps/collabora/code
+  # - role: apps/etherpad-lite
+  # - role: apps/coturn
+  # - role: apps/jitsi/meet
diff --git a/inventory/host_vars/sk-cloudio/collabora.yml b/inventory/host_vars/sk-cloudio/collabora.yml
new file mode 100644
index 00000000..3fc973c3
--- /dev/null
+++ b/inventory/host_vars/sk-cloudio/collabora.yml
@@ -0,0 +1,16 @@
+---
+collabora_code_base_path: /srv/storage/collabora/code
+
+collabora_code_instances:
+  o.skillz.biz:
+    version: 4.2.4.5
+    port: 8200
+    hostname: o.skillz.biz
+    admin:
+      username: admin
+      password: "{{ vault_collabora_code_admin_passwords['o.skillz.biz'] }}"
+    backend_storages:
+    - wolke.elevate.at
+    - insomnia.skillz.biz
+    - nc.skillz.biz
+    - wae.elevate.at
diff --git a/inventory/host_vars/sk-cloudio/coturn.yml b/inventory/host_vars/sk-cloudio/coturn.yml
new file mode 100644
index 00000000..43dc2d3c
--- /dev/null
+++ b/inventory/host_vars/sk-cloudio/coturn.yml
@@ -0,0 +1,14 @@
+---
+coturn_base_path: /srv/storage/coturn
+
+coturn_version: 4.5.1.3
+coturn_realm: elev8.at
+coturn_hostnames:
+  - stun.elev8.at
+  - turn.elev8.at
+
+coturn_max_bps: 1048576  ## 8Mbit/s
+coturn_bps_capacity: 13107200  ## 100Mbit/s
+coturn_threads: 4
+
+coturn_auth_secret: "{{ vault_coturn_auth_secret }}"
diff --git a/inventory/host_vars/sk-cloudio/etherpad.yml b/inventory/host_vars/sk-cloudio/etherpad.yml
new file mode 100644
index 00000000..1d82e4b3
--- /dev/null
+++ b/inventory/host_vars/sk-cloudio/etherpad.yml
@@ -0,0 +1,58 @@
+---
+etherpad_lite_zfs:
+  pool: storage
+  name: etherpad-lite
+  properties:
+    compression: lz4
+
+etherpad_lite_instances:
+  pad.elevate.at:
+    version: c65c5f17aa26c9179ce591f44721861ba6f6bec4-elevate
+    port: 8300
+    hostnames:
+      - pad.elevate.at
+    zfs_properties:
+      quota: 5G
+    settings:
+      title: Elevate Etherpad
+      users:
+        admin:
+          is_admin: true
+          password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['admin'] }}"
+        user:
+          is_admin: false
+          password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['user'] }}"
+
+      defaultPadText: "Welcome to the ELEVATE - Etherpad!\n\nThis pad text is synchronized\
+        \ as you type, so that everyone viewing this page sees the same text. This allows\
+        \ you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http://etherpad.org\n\
+        \n IMPORTANT: THIS PAD IS PRIVIDED FOR FREE TO THE PUBLIC! There is no guarantee\
+        \ for your data - please take care of backups yourself! This is usually intended\
+        \ only for the Elevate Team and it might get access control in the future! If you\
+        \ are interested in having a PAD for your project, please get back to dan@elevate.at\
+        \ for information. It can be made available!"
+      favicon: favicon.ico
+
+      maxAge: 21600
+      editOnly: false
+      minify: true
+      requireSession: false
+      requireAuthentication: false
+      requireAuthorization: false
+      socketTransportProtocols: [xhr-polling, jsonp-polling, htmlfile]
+      abiword: null
+      loglevel: INFO
+      logconfig:
+        appenders:
+        - type: console
+      dbType: "mysql"
+      dbSettings:
+        host: "127.0.0.1"
+        user: "etherpad-lite"
+        password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}"
+        database: "etherpad-lite"
+        charset: "utf8mb4"
+    database:
+      type: mariadb
+      version: 10.4.8
+      password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}"
diff --git a/inventory/host_vars/sk-cloudio/jitsi.yml b/inventory/host_vars/sk-cloudio/jitsi.yml
new file mode 100644
index 00000000..1c50c94c
--- /dev/null
+++ b/inventory/host_vars/sk-cloudio/jitsi.yml
@@ -0,0 +1,8 @@
+---
+jitsi_meet_base_path: /srv/storage/jitsi/meet
+
+jitsi_meet_version: stable-4857
+jitsi_meet_hostnames:
+  - meet.elev8.at
+
+jitsi_meet_secrets: "{{ vault_jitsi_meet_secrets }}"
diff --git a/inventory/host_vars/sk-cloudio/nextcloud.yml b/inventory/host_vars/sk-cloudio/nextcloud.yml
new file mode 100644
index 00000000..2bb6eab5
--- /dev/null
+++ b/inventory/host_vars/sk-cloudio/nextcloud.yml
@@ -0,0 +1,56 @@
+---
+nextcloud_zfs:
+  pool: storage
+  name: nextcloud
+  properties:
+    compression: lz4
+
+nextcloud_instances:
+  wolke.elevate.at:
+    # new: true
+    version: 18.0.6
+    port: 8100
+    hostnames:
+    - wolke.elevate.at
+    zfs_properties:
+      quota: 300G
+    database:
+      type: mariadb
+      version: 10.4.13
+      password: "{{ vault_nextcloud_database_passwords['wolke.elevate.at'] }}"
+  insomnia.skillz.biz:
+    # new: true
+    version: 18.0.6
+    port: 8101
+    hostnames:
+      - insomnia.skillz.biz
+    zfs_properties:
+      quota: 200G
+    database:
+      type: mariadb
+      version: 10.4.13
+      password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}"
+  nc.skillz.biz:
+    # new: true
+    version: 18.0.6
+    port: 8102
+    hostnames:
+      - nc.skillz.biz
+    zfs_properties:
+      quota: 200G
+    database:
+      type: mariadb
+      version: 10.4.13
+      password: "{{ vault_nextcloud_database_passwords['nc.skillz.biz'] }}"
+  wae.elevate.at:
+    # new: true
+    version: 18.0.6
+    port: 8104
+    hostnames:
+    - wae.elevate.at
+    zfs_properties:
+      quota: 100G
+    database:
+      type: mariadb
+      version: 10.4.13
+      password: "{{ vault_nextcloud_database_passwords['wae.elevate.at'] }}"
diff --git a/inventory/host_vars/sk-cloudio/vars.yml b/inventory/host_vars/sk-cloudio/vars.yml
new file mode 100644
index 00000000..b8e3d2a5
--- /dev/null
+++ b/inventory/host_vars/sk-cloudio/vars.yml
@@ -0,0 +1,64 @@
+---
+install:
+  cloud:
+    credentials: "{{ vault_hroot_robot_account }}"
+    server_name: "{{ host_name }}"
+  disks:
+    primary: software-raid
+    raid:
+      level: 1
+      members:
+      - /dev/nvme0n1
+      - /dev/nvme1n1
+  system_lvm:
+    size: 15G
+
+network: {}
+
+
+apt_repo_components:
+  - main
+  - contrib  ## for zfs
+  - non-free ## for microcode updates
+
+
+zfs_arc_size:
+  min: "{{ 2 * 1024 * 1024 * 1024 }}"
+  max: "{{ 16 * 1024 * 1024 * 1024 }}"
+
+zfs_zpools:
+  storage:
+    mountpoint: /srv/storage
+    create_vdevs: mirror nvme0n1p3 nvme1n1p3
+
+zfs_sanoid_modules:
+  storage/nextcloud:
+    use_template: production
+    recursive: yes
+    process_children_only: yes
+  storage/etherpad-lite:
+    use_template: production
+    recursive: yes
+    process_children_only: yes
+
+
+docker_zfs:
+  pool: storage
+  name: docker
+  properties:
+    quota: 40G
+
+kubelet_zfs:
+  pool: storage
+  name: kubelet
+  properties:
+    quota: 20G
+
+kubernetes_version: 1.18.6
+kubernetes_container_runtime: docker
+kubernetes_standalone_max_pods: 100
+kubernetes_standalone_resolv_conf: /var/run/systemd/resolve/resolv.conf
+kubernetes_standalone_pod_cidr: 192.168.255.0/24
+kubernetes_standalone_cni_variant: with-portmap
+
+# acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}"
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index c099ddd9..17360d01 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -116,6 +116,7 @@ env_group=dan
 [skillz]
 sk-2019 host_name=2019
 sk-cloudia host_name=cloudia
+sk-cloudio host_name=cloudio
 sk-2019vm host_name=2019vm
 sk-tomnext host_name=tomnext
 sk-tomnext-nc host_name=tomnext-nc
@@ -312,6 +313,7 @@ vmhost-sk-tomnext-guests
 [hroot]
 sk-2019
 sk-cloudia
+sk-cloudio
 sk-2019vm
 sk-tomnext
 
@@ -369,6 +371,7 @@ k8s-lwl
 
 [standalone-kubelet]
 sk-cloudia
+sk-cloudio
 ele-thetys
 lw-thetys
 sk-tomnext-nc