2 files changed, 91 insertions, 0 deletions

diff --git a/inventory/host_vars/ch-greenbone.yml b/inventory/host_vars/ch-greenbone.yml
new file mode 100644
index 00000000..674b102e
--- /dev/null
+++ b/inventory/host_vars/ch-greenbone.yml
@@ -0,0 +1,87 @@
+---
+install_jumphost: ch-jump
+
+install:
+  vm:
+    memory: 8G
+    numcpus: 4
+    autostart: False
+  disks:
+    primary: /dev/sda
+    scsi:
+      sda:
+        type: zfs
+        name: root
+        size: 30g
+        properties:
+          'syncoid:sync': 'false'
+  interfaces:
+  - bridge: br-svc
+    name: svc0
+
+network:
+  nameservers: "{{ network_zones.svc.dns }}"
+  domain: "{{ host_domain }}"
+  systemd_link:
+    interfaces: "{{ install.interfaces }}"
+  primary: &_network_primary_
+    name: svc0
+    address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}"
+    gateway: "{{ network_zones.svc.gateway }}"
+    static_routes:
+    - destination: "{{ network_zones.lan.prefix }}"
+      gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
+  interfaces:
+  - *_network_primary_
+
+ntp_variant: systemd-timesyncd
+
+
+docker_pkg_provider: docker-com
+docker_plugins:
+  - compose
+
+docker_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: docker
+  size: 20G
+  fs: ext4
+
+
+greenbone_server_version: 22.4
+greenbone_server_hostname: "{{ host_name }}.{{ host_domain }}"
+greenbone_server_tls:
+  certificate_provider: static-ca
+  certificate_config:
+    mode: "0750"
+    owner: root
+    group: www-data
+    ca:
+      key_content: "{{ chaos_at_home_internal_ca_key }}"
+      cert_content: "{{ chaos_at_home_internal_ca_cert }}"
+    key:
+      mode: "0640"
+      owner: root
+      group: www-data
+      type: RSA
+      size: 4096
+    cert:
+      mode: "0644"
+      owner: root
+      group: www-data
+      common_name: "{{ host_name }}"
+      san_extra: "{{ ['IP:'] | product(ansible_all_ipv4_addresses) | map('join') | list }}"
+      key_usage:
+      - digitalSignature
+      - keyAgreement
+      key_usage_critical: yes
+      extended_key_usage:
+      - serverAuth
+      extended_key_usage_critical: yes
+      create_subject_key_identifier: yes
+      not_before: +0h
+      not_after: +365d
+      renew_margin: +70d
+
+greenbone_server_admin_password: "{{ vault_greenbone_server_admin_password }}"
diff --git a/inventory/host_vars/ch-testvm-phoebe.yml b/inventory/host_vars/ch-testvm-phoebe.yml
index d15e4142..df89e810 100644
--- a/inventory/host_vars/ch-testvm-phoebe.yml
+++ b/inventory/host_vars/ch-testvm-phoebe.yml
@@ -39,3 +39,7 @@ network:
     address: "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) }}"
 
 ntp_variant: systemd-timesyncd
+
+
+####
+sshd_allowusers_host: "{{ admin_users_host + ['greenbone'] }}"