summaryrefslogtreecommitdiff
path: root/inventory/host_vars
diff options
context:
space:
mode:
Diffstat (limited to 'inventory/host_vars')
-rw-r--r--inventory/host_vars/ch-greenbone.yml87
-rw-r--r--inventory/host_vars/ch-testvm-phoebe.yml4
2 files changed, 91 insertions, 0 deletions
diff --git a/inventory/host_vars/ch-greenbone.yml b/inventory/host_vars/ch-greenbone.yml
new file mode 100644
index 00000000..674b102e
--- /dev/null
+++ b/inventory/host_vars/ch-greenbone.yml
@@ -0,0 +1,87 @@
+---
+install_jumphost: ch-jump
+
+install:
+ vm:
+ memory: 8G
+ numcpus: 4
+ autostart: False
+ disks:
+ primary: /dev/sda
+ scsi:
+ sda:
+ type: zfs
+ name: root
+ size: 30g
+ properties:
+ 'syncoid:sync': 'false'
+ interfaces:
+ - bridge: br-svc
+ name: svc0
+
+network:
+ nameservers: "{{ network_zones.svc.dns }}"
+ domain: "{{ host_domain }}"
+ systemd_link:
+ interfaces: "{{ install.interfaces }}"
+ primary: &_network_primary_
+ name: svc0
+ address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}"
+ gateway: "{{ network_zones.svc.gateway }}"
+ static_routes:
+ - destination: "{{ network_zones.lan.prefix }}"
+ gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
+ interfaces:
+ - *_network_primary_
+
+ntp_variant: systemd-timesyncd
+
+
+docker_pkg_provider: docker-com
+docker_plugins:
+ - compose
+
+docker_storage:
+ type: lvm
+ vg: "{{ host_name }}"
+ lv: docker
+ size: 20G
+ fs: ext4
+
+
+greenbone_server_version: 22.4
+greenbone_server_hostname: "{{ host_name }}.{{ host_domain }}"
+greenbone_server_tls:
+ certificate_provider: static-ca
+ certificate_config:
+ mode: "0750"
+ owner: root
+ group: www-data
+ ca:
+ key_content: "{{ chaos_at_home_internal_ca_key }}"
+ cert_content: "{{ chaos_at_home_internal_ca_cert }}"
+ key:
+ mode: "0640"
+ owner: root
+ group: www-data
+ type: RSA
+ size: 4096
+ cert:
+ mode: "0644"
+ owner: root
+ group: www-data
+ common_name: "{{ host_name }}"
+ san_extra: "{{ ['IP:'] | product(ansible_all_ipv4_addresses) | map('join') | list }}"
+ key_usage:
+ - digitalSignature
+ - keyAgreement
+ key_usage_critical: yes
+ extended_key_usage:
+ - serverAuth
+ extended_key_usage_critical: yes
+ create_subject_key_identifier: yes
+ not_before: +0h
+ not_after: +365d
+ renew_margin: +70d
+
+greenbone_server_admin_password: "{{ vault_greenbone_server_admin_password }}"
diff --git a/inventory/host_vars/ch-testvm-phoebe.yml b/inventory/host_vars/ch-testvm-phoebe.yml
index d15e4142..df89e810 100644
--- a/inventory/host_vars/ch-testvm-phoebe.yml
+++ b/inventory/host_vars/ch-testvm-phoebe.yml
@@ -39,3 +39,7 @@ network:
address: "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) }}"
ntp_variant: systemd-timesyncd
+
+
+####
+sshd_allowusers_host: "{{ admin_users_host + ['greenbone'] }}"