1 files changed, 87 insertions, 24 deletions

diff --git a/inventory/host_vars/sk-cloudio/vars.yml b/inventory/host_vars/sk-cloudio/vars.yml
index a6306161..be136e82 100644
--- a/inventory/host_vars/sk-cloudio/vars.yml
+++ b/inventory/host_vars/sk-cloudio/vars.yml
@@ -1,19 +1,43 @@
 ---
-system_lvm_volume_size_root: 3584M
+system_lvm_volume_size_root: 4G
 system_lvm_volume_size_varlog: 5G
 install:
-  cloud:
-    credentials: "{{ vault_hroot_robot_account }}"
-    server_name: "{{ host_name }}"
+  vm:
+    memory: 48G
+    numcpus: 12
+    autostart: True
   disks:
-    primary: software-raid
-    raid:
-      level: 1
-      members:
-      - /dev/nvme0n1
-      - /dev/nvme1n1
-  system_lvm:
-    size: 15G
+    primary: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0
+    scsi:
+      sda:
+        type: zfs
+        name: root
+        size: 15g
+      sdb:
+        type: zfs
+        name: data
+        size: 900g
+        properties:
+          'syncoid:sync': 'false'
+  interfaces:
+  - bridge: br-public
+    name: primary0
+
+network:
+  nameservers: "{{ vm_host.network.dns }}"
+  domain: "{{ host_domain }}"
+  systemd_link:
+    interfaces: "{{ install.interfaces }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ansible.utils.ipaddr('address') }}"
+    template: overlay
+    overlay: "{{ (vm_host.network.bridges.public.overlays.default.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.overlays.default.offsets[inventory_hostname])).split('/')[0] }}"
+  interfaces:
+  - *_network_primary_
+
+external_ip: "{{ network.primary.overlay }}"
 
 
 apt_repo_components:
@@ -22,7 +46,6 @@ apt_repo_components:
   - non-free-firmware
 
 spreadspace_apt_repo_components:
-  - main
   - container
 
 
@@ -33,20 +56,23 @@ zfs_arc_size:
 zfs_pools:
   storage:
     mountpoint: /srv/storage
-    create_vdevs: mirror /dev/nvme0n1p3 /dev/nvme1n1p3
+    create_vdevs: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-1
     properties:
       ashift: 12
       autotrim: "on"
 
+zfs_volumes:
+  storage:
+    nextcloud:
+      properties:
+        compression: lz4
+        xattr: sa
+
 zfs_sanoid_modules:
   storage/nextcloud:
     use_template: production
     recursive: yes
     process_children_only: yes
-  storage/etherpad-lite:
-    use_template: production
-    recursive: yes
-    process_children_only: yes
   storage/keycloak:
     use_template: production
     recursive: yes
@@ -58,6 +84,8 @@ zfs_sanoid_modules:
 
 
 docker_pkg_provider: docker-com
+docker_plugins:
+  - buildx
 
 docker_storage:
   type: zfs
@@ -73,7 +101,7 @@ kubelet_storage:
   properties:
     quota: 20G
 
-kubernetes_version: 1.30.2
+kubernetes_version: 1.30.4
 kubernetes_container_runtime: docker
 kubernetes_standalone_max_pods: 100
 kubernetes_standalone_pod_cidr: 192.168.255.0/24
@@ -94,8 +122,43 @@ postfix_base_inet_protocols:
 acme_directory_server: "{{ acme_directory_server_le_live_v2 }}"
 acme_client: acmetool
 
-## TODO: remove once migration of elevate services has been done
-ssh_users_root:
-  - equinox
-  - dan
-  - brt
+
+sk_cloudio_apps_publish_ca_key: "{{ vault_sk_cloudio_apps_publish_ca_key }}"
+sk_cloudio_apps_publish_ca_cert: |
+  -----BEGIN CERTIFICATE-----
+  MIIE+DCCAuCgAwIBAgIUWYAlW7BhaDHZaWjkVlttP26KVhgwDQYJKoZIhvcNAQEL
+  BQAwKTEnMCUGA1UEAwweQXBwcyBQdWJsaXNoIENBIGZvciBzay1jbG91ZGlvMCAX
+  DTI0MDgyNDIwNDEzNloYDzIwNjQwNzA2MjA0MTM2WjApMScwJQYDVQQDDB5BcHBz
+  IFB1Ymxpc2ggQ0EgZm9yIHNrLWNsb3VkaW8wggIiMA0GCSqGSIb3DQEBAQUAA4IC
+  DwAwggIKAoICAQDUOVJTgNrqTlD6FXupVLIoMbQ7O9Xj3XmtYGVtF6LUPodbrlTs
+  9TRkhWwVSUGokfgRtKOx1Zk13HFadKw92t9zzTVnT62drH9xOPPGitBXyxeCiyzr
+  Ib98qnDeO9o+9x0cRsg4tvjksfyMV0JtFxOsSJ6diHrGrakk9SIRVk63GYbRSKBQ
+  wKCeAihFX35oyd3qCmIt6ZuueX5Z2dNdiaXmcrwe0MhBghd4Upqe3BPopGeVzJtY
+  Bm6Fsq/V2H28g6l3kNU5sPpgPWMpDRuUTjnfe1MFVu51QwmbkxqWhODaH8dClshJ
+  imACGnRmTxJ5bAqBbT2z3IEdhaEnKKUyN8OYqX3mtmU1/We9d52cLvghtbiRuhrE
+  4eK7GRCvc0QqU/hk6eFvfXVd5KI48tB8at9tKP6tWeavlYyfq5G3canmzOTTbxuA
+  TfpbFrHIwHCk9M3VTIcABMeb38EGoOpaSTTcX3eOT/k97tQJPKFlfl+EF+fhbijN
+  1CEdR+6m2BIvcNmGkKl0VH6eVXiAUFKm03Kg1sH0gh4upQKdx+54szF51jsrHcPI
+  16oBChS0t+JG1tcvbluVWwLMw1G5nvm302/RxYahNyCniMAUl/eaubTHarTBtK7w
+  lAYryanwtlbAR/XQZAHBNzhG/2er1nCr6E5Wh+98ID+ElWbmaQ5ale/8OQIDAQAB
+  oxYwFDASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4ICAQCpTUjN
+  veOg2dZ/44tg5P5RnZKZFiyYapaaxv3W6cfqpfUhrI8qSuBn9G/UAJAfMszU87rf
+  OZ1PRZCFuzu+dB7CrmMgvqt0cTRpaxlN9CzZpfpFADlt9NQKYxK4T8IxIZ7ebISl
+  UNyX08mRXNB3N+Qq1CcTVtwHNLbnwkLttryGJ1tmAwEu4QIHauG7cDXFQuRGP0CE
+  x+DSdLTcs6hvOYq4OfpX0Zci5zy4SI50DLoT5h94IaIPAL6XBi7n9bj8ZSHqa1ZC
+  lveyaGguEy53meARTXSCm/jxtpo8xD7pWz4vnYPZuyMGe9rbE77Y8CwWK/RvUdYx
+  th09ALKw76W59e78RkxKTqBvGmZYw1igY4p8IqcXci65xtO2HiRDHX2jU7AYkgAD
+  z5Rv+2ZMcOQHOPzxDRXk06+pQUZ3qQ3cU9ASziTSaLITnMVH0VokRNXvSZYxeuwR
+  yDqb1H4MsV91Sy4UyXmtfXZYouM3/3OwCzxpkgvxdVdQBzssUssLrRcS5UEcJGr8
+  69M2CNHXX1fy0mLKdgqHNPzX9ALnqTHJMV5C5J3Q4RU6Vl2Un3Vg3A3dRKLPkg5P
+  C69nyBua3CIlx6Z8o2Ik9tJdwCULV6lYLGEfpsJHt627gF893Jexxuo3zI7XWQhb
+  ucrEkA2qzf0fHzCwFeiACMjssiN1YyevdI4Flw==
+  -----END CERTIFICATE-----
+
+apps_publish_zone__sk_cloudio:
+  name: sk-cloudio
+  publisher: sk-cloudio
+  certificate_provider: static-ca
+  certificate_ca_config:
+    cert_content: "{{ sk_cloudio_apps_publish_ca_cert }}"
+    key_content: "{{ sk_cloudio_apps_publish_ca_key }}"