--- install: efi: true disks: primary: /dev/disk/by-id/ata-ADATA_SP300_1302938101000079 network: nameservers: "{{ network_zones.lan.dns }}" domain: "{{ host_domain }}" primary: &_network_primary_ name: enp1s0 address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" gateway: "{{ network_zones.lan.gateway }}" interfaces: - *_network_primary_ wakeonlan_interfaces: - enp7s0 ## onboard GBit/s port - enp1s0 is a 10g SFP+ card without support for WOL apt_repo_components: - main - contrib ## for zfs - non-free ## for microcode updates spreadspace_apt_repo_components: - prometheus prometheus_exporter_node_textfile_collector_scripts: - deleted-libraries - smartmon prometheus_exporters_extra: - ssl prometheus_job_multitarget_blackbox__probe: ch-mon: - instance: "ssh-{{ inventory_hostname }}" target: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address') }}:{{ ansible_port | default(22) }}" module: ssh_banner prometheus_job_multitarget_ssl__probe: ch-epimetheus: - instance: "sslcert-prometheus-{{ inventory_hostname }}" target: "/etc/ssl/prometheus/**/*.pem" module: file luks_volumes: crypto-sata0: passphrase: "{{ vault_luks_volumes['crypto-sata0'].passphrase }}" device: /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY976JP crypto-sata1: passphrase: "{{ vault_luks_volumes['crypto-sata1'].passphrase }}" device: /dev/disk/by-id/ata-ST4000VN008-2DR166_ZDHAVYJT crypto-sata2: passphrase: "{{ vault_luks_volumes['crypto-sata2'].passphrase }}" device: /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9802C crypto-sata3: passphrase: "{{ vault_luks_volumes['crypto-sata3'].passphrase }}" device: /dev/disk/by-id/ata-ST4000VN008-2DR166_ZDHADPQL zfs_arc_size: min: 10GB max: 18GB zfs_pools: backup: mountpoint: /srv/backup create_vdevs: raidz /dev/mapper/crypto-sata0 /dev/mapper/crypto-sata1 /dev/mapper/crypto-sata2 /dev/mapper/crypto-sata3 zfs_sanoid_templates: backup: frequently: 0 hourly: 48 daily: 90 monthly: 6 yearly: 0 autosnap: no autoprune: yes ignore: autoprune: no autosnap: no monitor: no zfs_sanoid_modules: backup: use_template: backup recursive: yes process_children_only: yes # zfs_syncoid_autosuspend: yes zfs_syncoid_target_pool: backup zfs_syncoid_sources: 'ch-prometheus': ssh_hostname: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus']) | ipaddr('address') }}" ssh_port: "{{ hostvars['ch-prometheus'].ansible_port }}" report_prometheus_textfile_path: "/var/lib/prometheus-node-exporter/textfile-collector" periodic: schedule: "*-*-* 00,06,12,18:31:00" timeout: 5h paths: nvme/vm: recursive: yes skip_parent: yes storage/vm: recursive: yes skip_parent: yes storage: recursive: yes skip_parent: yes exclude: - '^storage/vm' 'ch-phoebe': ssh_hostname: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-phoebe']) | ipaddr('address') }}" ssh_port: "{{ hostvars['ch-phoebe'].ansible_port }}" report_prometheus_textfile_path: "/var/lib/prometheus-node-exporter/textfile-collector" periodic: schedule: "*-*-* 00,06,12,18:23:00" timeout: 5h paths: nvme/vm: recursive: yes skip_parent: yes 'ch-apps': ssh_hostname: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-apps']) | ipaddr('address') }}" ssh_port: "{{ hostvars['ch-apps'].ansible_port }}" report_prometheus_textfile_path: "/var/lib/prometheus-node-exporter/textfile-collector" periodic: schedule: "*-*-* 00,06,12,18:15:00" timeout: 5h paths: storage: recursive: yes skip_parent: yes 'ch-equinox-t450s': ssh_hostname: 192.168.28.139 ssh_port: 222 paths: storage: recursive: yes skip_parent: yes