--- install: cloud: credentials: token: "{{ vault_hcloud_api_token }}" server_name: "{{ host_name }}" external_ip: "116.203.212.131" external_ip6: "2a01:4f8:c2c:906c::2" apt_repo_provider: hetzner apt_repo_components: - main - contrib ## for zfs spreadspace_apt_repo_components: - prometheus sshd_allowusers_host: "{{ admin_users_host + (['git'] | product(gitolite_instances | list) | map('join', '-')) }}" ssh_keys_root_extra: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZK9NBainiE0+A8pT8dbwlNZ0k0AZVhLTzUSo3YtKJt ZFS Backup syncoid@epimetheus ntp_variant: systemd-timesyncd nginx_server_names_hash_bucket_size: 64 acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" zfs_arc_size: min: 256MB max: 1GB zfs_pools: storage: mountpoint: /srv/storage create_vdevs: "/dev/mapper/{{ host_name | replace('-', '--') }}-storage" zfs_sanoid_modules: storage: use_template: production recursive: yes process_children_only: yes wireguard_p2p_interface: name: remote0 description: connection to chaos-at-home internal services listen_port: 51820 addresses: - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets[inventory_hostname]) }}" static_routes: - dest: "{{ network_zones.svc.prefix }}" gw: "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" - dest: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}/32" gw: "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" wireguard_p2p_peers: - pub_key: "9pUDet+les5aI9UnHHVgyw95hNBxlAX8DBCxTjigpEI=" endpoint: host: "{{ network_zones.magenta.prefix | ansible.utils.ipaddr(network_zones.magenta.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" port: 51820 allowed_ips: - "{{ network_zones.remote.prefix }}" - "{{ network_zones.svc.prefix }}" - "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}/32" bind_option_empty_zones_enable: no bind_option_allow_transfer: [] bind_option_allow_recursion: - localhost bind_option_notify: 'no' bind_stats_channels: - addr: 127.0.0.1 port: 8053 allow: - 127.0.0.1 bind_empty_onion_zone: yes bind_slave_zones: pan: masters: - 89.106.215.19 - 2a02:3e0:407::19 zones: ## formerly known as self - chaos-at-home.org - chaox.org - spreadspace.org - spreadspace.com - spreadspace.net - spreadspace.systems - elev8.at - java-sucks.com - xn--gh-via.org - schaaas.at ## formerly known as others - gimpf.org - movetogether.at realraum: masters: - 89.106.211.33 - 2a02:3e0:4000:1::1 zones: - realraum.at - r3.at - hack-challenge.at funkfeuer: masters: - 193.33.150.114 zones: - ffgraz.net - graz.funkfeuer.at - 10.in-addr.arpa - 150.33.193.in-addr.arpa - 151.33.193.in-addr.arpa prometheus_scrape_endpoint: "{{ external_ip }}:9999" prometheus_exporters_extra: - bind prometheus_job_multitarget_blackbox__probe: ch-mon: - instance: "ssh-{{ inventory_hostname }}" target: "{{ external_ip }}:{{ ansible_port | default(22) }}" module: ssh_banner - instance: "https-mimas.chaos-at-home.org" target: "https://mimas.chaos-at-home.org" module: http_tls_2xx gitolite_storage: type: zfs pool: storage name: git properties: quota: 1G compression: lz4 gitolite_instances: spreadspace: primary_admin_key: "{{ users.equinox.ssh | first }}" http: hostnames: - git.spreadspace.org - git.spreadspace.com - git.spreadspace.net - git.spreadspace.systems enable_git_backend: yes title: spreadspace description: spreadspace GIT Repoistories