6 files changed, 19 insertions, 160 deletions

diff --git a/inventory/host_vars/sk-cloudia/collabora.yml b/inventory/host_vars/sk-cloudia/collabora.yml
deleted file mode 100644
index 3fc973c3..00000000
--- a/inventory/host_vars/sk-cloudia/collabora.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-collabora_code_base_path: /srv/storage/collabora/code
-
-collabora_code_instances:
-  o.skillz.biz:
-    version: 4.2.4.5
-    port: 8200
-    hostname: o.skillz.biz
-    admin:
-      username: admin
-      password: "{{ vault_collabora_code_admin_passwords['o.skillz.biz'] }}"
-    backend_storages:
-    - wolke.elevate.at
-    - insomnia.skillz.biz
-    - nc.skillz.biz
-    - wae.elevate.at
diff --git a/inventory/host_vars/sk-cloudia/coturn.yml b/inventory/host_vars/sk-cloudia/coturn.yml
deleted file mode 100644
index 43dc2d3c..00000000
--- a/inventory/host_vars/sk-cloudia/coturn.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-coturn_base_path: /srv/storage/coturn
-
-coturn_version: 4.5.1.3
-coturn_realm: elev8.at
-coturn_hostnames:
-  - stun.elev8.at
-  - turn.elev8.at
-
-coturn_max_bps: 1048576  ## 8Mbit/s
-coturn_bps_capacity: 13107200  ## 100Mbit/s
-coturn_threads: 4
-
-coturn_auth_secret: "{{ vault_coturn_auth_secret }}"
diff --git a/inventory/host_vars/sk-cloudia/etherpad.yml b/inventory/host_vars/sk-cloudia/etherpad.yml
deleted file mode 100644
index 1d82e4b3..00000000
--- a/inventory/host_vars/sk-cloudia/etherpad.yml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-etherpad_lite_zfs:
-  pool: storage
-  name: etherpad-lite
-  properties:
-    compression: lz4
-
-etherpad_lite_instances:
-  pad.elevate.at:
-    version: c65c5f17aa26c9179ce591f44721861ba6f6bec4-elevate
-    port: 8300
-    hostnames:
-      - pad.elevate.at
-    zfs_properties:
-      quota: 5G
-    settings:
-      title: Elevate Etherpad
-      users:
-        admin:
-          is_admin: true
-          password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['admin'] }}"
-        user:
-          is_admin: false
-          password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['user'] }}"
-
-      defaultPadText: "Welcome to the ELEVATE - Etherpad!\n\nThis pad text is synchronized\
-        \ as you type, so that everyone viewing this page sees the same text. This allows\
-        \ you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http://etherpad.org\n\
-        \n IMPORTANT: THIS PAD IS PRIVIDED FOR FREE TO THE PUBLIC! There is no guarantee\
-        \ for your data - please take care of backups yourself! This is usually intended\
-        \ only for the Elevate Team and it might get access control in the future! If you\
-        \ are interested in having a PAD for your project, please get back to dan@elevate.at\
-        \ for information. It can be made available!"
-      favicon: favicon.ico
-
-      maxAge: 21600
-      editOnly: false
-      minify: true
-      requireSession: false
-      requireAuthentication: false
-      requireAuthorization: false
-      socketTransportProtocols: [xhr-polling, jsonp-polling, htmlfile]
-      abiword: null
-      loglevel: INFO
-      logconfig:
-        appenders:
-        - type: console
-      dbType: "mysql"
-      dbSettings:
-        host: "127.0.0.1"
-        user: "etherpad-lite"
-        password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}"
-        database: "etherpad-lite"
-        charset: "utf8mb4"
-    database:
-      type: mariadb
-      version: 10.4.8
-      password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}"
diff --git a/inventory/host_vars/sk-cloudia/jitsi.yml b/inventory/host_vars/sk-cloudia/jitsi.yml
deleted file mode 100644
index 1c50c94c..00000000
--- a/inventory/host_vars/sk-cloudia/jitsi.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-jitsi_meet_base_path: /srv/storage/jitsi/meet
-
-jitsi_meet_version: stable-4857
-jitsi_meet_hostnames:
-  - meet.elev8.at
-
-jitsi_meet_secrets: "{{ vault_jitsi_meet_secrets }}"
diff --git a/inventory/host_vars/sk-cloudia/nextcloud.yml b/inventory/host_vars/sk-cloudia/nextcloud.yml
deleted file mode 100644
index 2bb6eab5..00000000
--- a/inventory/host_vars/sk-cloudia/nextcloud.yml
+++ /dev/null
@@ -1,56 +0,0 @@
----
-nextcloud_zfs:
-  pool: storage
-  name: nextcloud
-  properties:
-    compression: lz4
-
-nextcloud_instances:
-  wolke.elevate.at:
-    # new: true
-    version: 18.0.6
-    port: 8100
-    hostnames:
-    - wolke.elevate.at
-    zfs_properties:
-      quota: 300G
-    database:
-      type: mariadb
-      version: 10.4.13
-      password: "{{ vault_nextcloud_database_passwords['wolke.elevate.at'] }}"
-  insomnia.skillz.biz:
-    # new: true
-    version: 18.0.6
-    port: 8101
-    hostnames:
-      - insomnia.skillz.biz
-    zfs_properties:
-      quota: 200G
-    database:
-      type: mariadb
-      version: 10.4.13
-      password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}"
-  nc.skillz.biz:
-    # new: true
-    version: 18.0.6
-    port: 8102
-    hostnames:
-      - nc.skillz.biz
-    zfs_properties:
-      quota: 200G
-    database:
-      type: mariadb
-      version: 10.4.13
-      password: "{{ vault_nextcloud_database_passwords['nc.skillz.biz'] }}"
-  wae.elevate.at:
-    # new: true
-    version: 18.0.6
-    port: 8104
-    hostnames:
-    - wae.elevate.at
-    zfs_properties:
-      quota: 100G
-    database:
-      type: mariadb
-      version: 10.4.13
-      password: "{{ vault_nextcloud_database_passwords['wae.elevate.at'] }}"
diff --git a/inventory/host_vars/sk-cloudia/vars.yml b/inventory/host_vars/sk-cloudia/vars.yml
index 1a21765d..38bd7cfb 100644
--- a/inventory/host_vars/sk-cloudia/vars.yml
+++ b/inventory/host_vars/sk-cloudia/vars.yml
@@ -18,15 +18,31 @@ network: {}
 base_intel_nic_stability_fix: true
 
 
-zfs_use_systemd_mount_generator: no
+
+apt_repo_components:
+  - main
+  - contrib  ## for zfs
+  - non-free ## for microcode updates
+
+
+cryptdisk_volumes:
+  crypto-nvme0:
+    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}"
+    device: /dev/disk/by-id/nvme-SAMSUNG_MZVLB1T0HALR-00000_S3W6NA0M713049-part3
+  crypto-nvme1:
+    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}"
+    device: /dev/disk/by-id/nvme-SAMSUNG_MZVLB1T0HALR-00000_S3W6NA0M713090-part3
+
+
 zfs_arc_size:
   min: "{{ 2 * 1024 * 1024 * 1024 }}"
-  max: "{{ 16 * 1024 * 1024 * 1024 }}"
+  max: "{{ 12 * 1024 * 1024 * 1024 }}"
 
 zfs_zpools:
   storage:
     mountpoint: /srv/storage
-    create_vdevs: mirror nvme0n1p3 nvme1n1p3
+    create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1
+
 
 
 docker_zfs:
@@ -44,10 +60,5 @@ kubelet_zfs:
 kubernetes_version: 1.18.6
 kubernetes_container_runtime: docker
 kubernetes_standalone_max_pods: 100
-kubernetes_standalone_resolv_conf: /var/run/systemd/resolve/resolv.conf
 kubernetes_standalone_pod_cidr: 192.168.255.0/24
 kubernetes_standalone_cni_variant: with-portmap
-
-acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}"
-
-nginx_stream_module: yes