From 62c7f0f3660e24c6a07013f9f34e84c7335a1c04 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 21 Jan 2024 16:34:35 +0100 Subject: ch-apps: add node-red.chaos-at-home.org and passwd.chaos-at-home.org --- inventory/host_vars/ch-apps/node-red.yml | 16 ++++++++-- inventory/host_vars/ch-apps/vars.yml | 13 +++++++++ inventory/host_vars/ch-apps/whawty.yml | 50 ++++++++++++++++++++------------ 3 files changed, 57 insertions(+), 22 deletions(-) (limited to 'inventory/host_vars/ch-apps') diff --git a/inventory/host_vars/ch-apps/node-red.yml b/inventory/host_vars/ch-apps/node-red.yml index ee11a495..f57d9318 100644 --- a/inventory/host_vars/ch-apps/node-red.yml +++ b/inventory/host_vars/ch-apps/node-red.yml @@ -1,9 +1,13 @@ --- +_node_red_zfs_base_: + pool: storage + name: node-red + node_red_instances: - test: + node-red.chaos-at-home.org: version: 3.1.3 port: 1880 - credential_secret: "{{ vault_nodered_credential_secrets['test'] }}" + credential_secret: "{{ vault_nodered_credential_secrets['node-red.chaos-at-home.org'] }}" mqtt_tls: certificate_provider: managed-ca certificate_config: @@ -11,12 +15,18 @@ node_red_instances: host: ch-iot name: mqtt cert: - common_name: test + common_name: node-red.chaos-at-home.org extended_key_usage: - clientAuth extended_key_usage_critical: yes create_subject_key_identifier: yes not_after: +100w + storage: + type: zfs + parent: "{{ _node_red_zfs_base_ }}" + name: node-red.chaos-at-home.org + properties: + quota: 512M publish: zone: "{{ apps_publish_zone__chaos_at_home }}" hostnames: diff --git a/inventory/host_vars/ch-apps/vars.yml b/inventory/host_vars/ch-apps/vars.yml index 4bfb2d29..a3a4af5b 100644 --- a/inventory/host_vars/ch-apps/vars.yml +++ b/inventory/host_vars/ch-apps/vars.yml @@ -81,6 +81,19 @@ zfs_pools: ashift: 12 autotrim: "on" +zfs_volumes: + storage: + node-red: + properties: + compression: lz4 + xattr: sa + whawty: + properties: + compression: lz4 + xattr: sa + children: + auth: {} + zfs_sanoid_modules: storage: use_template: production diff --git a/inventory/host_vars/ch-apps/whawty.yml b/inventory/host_vars/ch-apps/whawty.yml index a909f780..6d6d8aab 100644 --- a/inventory/host_vars/ch-apps/whawty.yml +++ b/inventory/host_vars/ch-apps/whawty.yml @@ -1,34 +1,46 @@ --- +_whawty_auth_zfs_base_: + pool: storage + name: whawty/auth + whawty_auth_instances: - test: + passwd.chaos-at-home.org: version: 0.2-rc9 port: 3080 store: - default: 1 + default: 2 params: - id: 1 + scryptauth: + hmackey: "{{ vault_whawty_auth_scryptauth_hmackeys['passwd.chaos-at-home.org']['1'] }}" + cost: 12 + - id: 2 + scryptauth: + hmackey: "{{ vault_whawty_auth_scryptauth_hmackeys['passwd.chaos-at-home.org']['2'] }}" + cost: 12 + - id: 3 argon2id: time: 1 memory: 65536 threads: 4 length: 32 - hostnames: - - passwd.example.com - tls: - certificate_provider: selfsigned - cert: - organization_name: "chaos-at-home" - organizational_unit_name: "ansible" - key_usage: - - digitalSignature - - keyAgreement - key_usage_critical: yes - extended_key_usage: - - serverAuth - extended_key_usage_critical: yes - create_subject_key_identifier: yes - not_after: +52w - renew_margin: +42d sync: port: 3022 authorized_keys: "{{ users.equinox.ssh }}" + storage: + type: zfs + parent: "{{ _whawty_auth_zfs_base_ }}" + name: passwd.chaos-at-home.org + properties: + quota: 128M + publish: + zone: "{{ apps_publish_zone__chaos_at_home }}" + hostnames: + #- passwd.chaos-at-home.org + - passwd-ng.chaos-at-home.org + tls: + certificate_provider: acmetool + certificate_config: + request: + challenge: + http-self-test: false -- cgit v1.2.3