--- install_interface: enp1s0 install: efi: true disks: primary: software-raid raid: level: 1 members: - /dev/disk/by-id/nvme-Samsung_SSD_970_PRO_512GB_S5JYNC0N310329Z - /dev/disk/by-id/nvme-Samsung_SSD_970_PRO_512GB_S5JYNC0N310327Y system_lvm: size: 25G network: nameservers: "{{ network_zones.lan.dns }}" domain: "{{ host_domain }}" primary: &_network_primary_ name: br-lan address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" gateway: "{{ network_zones.lan.gateway }}" interfaces: - *_network_primary_ bonds: - name: bond0 mode: 802.3ad slaves: - enp35s0 - enp36s0 options: miimon: 100 vlans: bond0: "{{ __vmhost_bridge_interface_zones__['bond0'] | map('extract', network_zones) | map(attribute='vlan') | list }}" apt_repo_components: - main - contrib ## for zfs - non-free ## for microcode updates ssh_keys_root_extra: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9AkOBxvf1wZ0B3wEyf7O3GbaIGx5o2f6cVuQIrOjeFfgMSAr1LwiB/gmHhMSEq6OSauD37TA5yDIrzk6NPPjVs/wiklsHgYtTqIxSPItTZFPX4gLvNwwGuRvEW9bTEiHd+bVPIiIT7HOje0kgacjan44rdgppX9DgcUp2j7uSZZabsxDCS/ms0slhwBNU1gtR31PoQ56vIya23D2uMauNAbRJzDEOfAjy4pHF8njYcXPas/yrbLi8PUZ1YO1u/AZto96EIYfHaCLWlstqeCX+R2JrTunvfTr8TF3AkFw8lHMzk3neUR+tPAAFQaqeTlqGPiSNq1Oyf+52XR16qwhd equinox@mail - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZK9NBainiE0+A8pT8dbwlNZ0k0AZVhLTzUSo3YtKJt ZFS Backup syncoid@epimetheus spreadspace_apt_repo_components: - main - prometheus prometheus_exporter_node_textfile_collector_scripts: - deleted-libraries - smartmon prometheus_exporters_extra: - ssl - ipmi prometheus_exporter_ipmi_modules: default: collectors: - bmc - ipmi - chassis - sel prometheus_job_multitarget_blackbox__probe: ch-mon: - instance: "ssh-{{ inventory_hostname }}" target: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address') }}:{{ ansible_port | default(22) }}" module: ssh_banner prometheus_job_multitarget_ssl__probe: ch-prometheus: - instance: "sslcert-prometheus-{{ inventory_hostname }}" target: "/etc/ssl/prometheus/**/*.pem" module: file installer_storage: type: lvm vg: "{{ host_name }}" lv: installer size: 10G fs: ext4 luks_volumes: crypto-nvme0: passphrase: "{{ vault_luks_volumes['crypto-nvme0'].passphrase }}" device: /dev/disk/by-id/nvme-Samsung_SSD_970_PRO_512GB_S5JYNC0N310329Z-part4 crypto-nvme1: passphrase: "{{ vault_luks_volumes['crypto-nvme1'].passphrase }}" device: /dev/disk/by-id/nvme-Samsung_SSD_970_PRO_512GB_S5JYNC0N310327Y-part4 crypto-sata0: passphrase: "{{ vault_luks_volumes['crypto-sata0'].passphrase }}" device: /dev/disk/by-id/ata-WDC_WD102KRYZ-01A5AB0_VCG6HGTN crypto-sata1: passphrase: "{{ vault_luks_volumes['crypto-sata1'].passphrase }}" device: /dev/disk/by-id/ata-WDC_WD102KRYZ-01A5AB0_VCG6GT2N crypto-sata2: passphrase: "{{ vault_luks_volumes['crypto-sata2'].passphrase }}" device: /dev/disk/by-id/ata-WDC_WD102KRYZ-01A5AB0_VCG6A2UN zfs_arc_size: min: 2GB max: 24GB zfs_pools: nvme: mountpoint: /srv/nvme create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 storage: mountpoint: /srv/storage create_vdevs: mirror /dev/mapper/crypto-sata0 /dev/mapper/crypto-sata1 /dev/mapper/crypto-sata2 zfs_sanoid_modules: nvme/vm: use_template: production recursive: yes process_children_only: yes storage/vm: use_template: production recursive: yes process_children_only: yes storage: use_template: production recursive: yes process_children_only: yes fileserver_zfs_default_pool: storage fileserver_zfs_filesystems: - name: archiv properties: quota: 1T owner: root group: users mode: "02775" - name: buffer properties: quota: 50G owner: root group: users mode: "02775" - name: home ## legacy properties: quota: 500G export: no owner: root group: root mode: "0755" - name: movies properties: quota: 1T owner: root group: users mode: "02775" - name: music properties: quota: 500G owner: root group: users mode: "02775" - name: series properties: quota: 4T owner: root group: users mode: "02775" fileserver_nfs_root: /srv/_nfs4_root_ fileserver_nfs_default_options: - rw - async - root_squash - no_subtree_check fileserver_nfs_default_destinations: - dest: "{{ network_zones.lan.prefix }}" fileserver_users: equinox: id: 1000 groups: users amun: id: 1001 groups: users baum: id: 1002 groups: users gimpf: id: 1003 groups: users mel: id: 1004 groups: users otti: id: 1005 groups: users mama: id: 1006 groups: users papa: id: 1007 groups: users thor: id: 1008 groups: users nenzen: id: 1009 groups: users michisix: id: 1010 groups: users