---
install_jumphost: ch-jump

system_lvm_volume_size_root: 4G
install:
  vm:
    memory: 12G
    numcpus: 8
    autostart: True
    virtiofs:
      music:
        src: /srv/storage/music
        dest: /srv/music
        mnt_opts: ro
  disks:
    primary: /dev/sda
    scsi:
      sda:
        type: zfs
        name: root
        size: 25g
      sdb:
        type: zfs
        name: data
        size: 100g
        properties:
          'syncoid:sync': 'false'
  interfaces:
  - bridge: br-svc
    name: svc0

network:
  nameservers: "{{ network_zones.svc.dns }}"
  domain: "{{ host_domain }}"
  systemd_link:
    interfaces: "{{ install.interfaces }}"
  primary: &_network_primary_
    name: svc0
    address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}"
    gateway: "{{ network_zones.svc.gateway }}"
    static_routes:
    - destination: "{{ network_zones.lan.prefix }}"
      gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
  interfaces:
  - *_network_primary_


apt_repo_components:
  - main
  - contrib  ## for zfs
  - non-free-firmware

spreadspace_apt_repo_components:
  - container
  - prometheus


ssh_keys_root_extra:
  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjZEFZLrl2KIqYl/GU8Vkp7mlhAbFbjwf4Ht9zQRmI8 ZFS Backup syncoid@epimetheus


prometheus_exporters_extra:
  - standalone-kubelet
  - ssl

prometheus_job_multitarget_blackbox__probe:
  ch-mon:
  - instance: "ssh-{{ inventory_hostname }}"
    target: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:{{ ansible_port | default(22) }}"
    module: ssh_banner

prometheus_job_multitarget_ssl__probe:
  ch-apps:
  - instance: "sslcert-standalone-kubelet-{{ inventory_hostname }}"
    target: "/etc/ssl/standalone-kubelet/*.pem"
    module: file
  - instance: "sslcert-node-red-{{ inventory_hostname }}"
    target: "/etc/ssl/node-red-*/*.pem"
    module: file
  - instance: "sslcert-whawty-auth-{{ inventory_hostname }}"
    target: "/etc/ssl/whawty-auth-*/*.pem"
    module: file


zfs_arc_size:
  min: 512MB
  max: 2GB

zfs_pools:
  storage:
    mountpoint: /srv/storage
    create_vdevs: /dev/sdb
    properties:
      ashift: 12
      autotrim: "on"

zfs_volumes:
  storage:
    node-red:
      properties:
        compression: lz4
        xattr: sa
    whawty:
      properties:
        compression: lz4
        xattr: sa
      children:
        auth: {}

zfs_sanoid_modules:
  storage:
    use_template: production
    recursive: yes
    process_children_only: yes
  storage/docker:
    use_template: ignore
    recursive: yes
  storage/kubelet:
    use_template: ignore
    recursive: yes


docker_pkg_provider: docker-com
docker_plugins:
  - buildx

docker_storage:
  type: zfs
  pool: storage
  name: docker
  properties:
    quota: 10G
    'syncoid:sync': 'false'

kubelet_storage:
  type: zfs
  pool: storage
  name: kubelet
  properties:
    quota: 10G
    'syncoid:sync': 'false'

kubernetes_version: 1.30.2
kubernetes_container_runtime: docker
kubernetes_standalone_max_pods: 42
kubernetes_standalone_cni_variant: with-portmap