--- install_interface: enp1s0 system_lvm_volume_size_root: 3G install: efi: true disks: primary: software-raid raid: level: 1 members: - /dev/disk/by-id/nvme-Samsung_SSD_980_PRO_1TB_S5GXNX0T354642E - /dev/disk/by-id/nvme-Samsung_SSD_980_PRO_1TB_S5GXNF1R804538A system_lvm: size: 25G network: nameservers: "{{ network_zones.lan.dns }}" domain: "{{ host_domain }}" primary: &_network_primary_ name: br-lan address: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets[inventory_hostname]) }}" gateway: "{{ network_zones.lan.gateway }}" interfaces: - *_network_primary_ bonds: - name: bond0 mode: 802.3ad slaves: - enp38s0 - enp39s0 options: miimon: 100 vlans: bond0: "{{ __vmhost_bridge_interface_zones__['bond0'] | map('extract', network_zones) | map(attribute='vlan') | list }}" apt_repo_components: - main - contrib ## for zfs - non-free-firmware ssh_keys_root_extra: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjZEFZLrl2KIqYl/GU8Vkp7mlhAbFbjwf4Ht9zQRmI8 ZFS Backup syncoid@epimetheus spreadspace_apt_repo_components: - prometheus prometheus_exporter_node_textfile_collector_scripts: - deleted-libraries - smartmon prometheus_exporters_extra: - ipmi prometheus_exporter_ipmi_modules: default: collectors: - bmc - ipmi - chassis - sel prometheus_job_multitarget_blackbox__probe: ch-mon: - instance: "ssh-{{ inventory_hostname }}" target: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:{{ ansible_port | default(22) }}" module: ssh_banner installer_storage: type: lvm vg: "{{ host_name }}" lv: installer size: 10G fs: ext4 luks_devices: crypto-nvme0: passphrase: "{{ vault_luks_devices['crypto-nvme0'].passphrase }}" device: /dev/disk/by-id/nvme-Samsung_SSD_980_PRO_1TB_S5GXNX0T354642E-part4 crypto-nvme1: passphrase: "{{ vault_luks_devices['crypto-nvme1'].passphrase }}" device: /dev/disk/by-id/nvme-Samsung_SSD_980_PRO_1TB_S5GXNF1R804538A-part4 crypto-sata0: passphrase: "{{ vault_luks_devices['crypto-sata0'].passphrase }}" device: /dev/disk/by-id/ata-WDC_WD102KRYZ-01A5AB0_VCG6HGTN crypto-sata1: passphrase: "{{ vault_luks_devices['crypto-sata1'].passphrase }}" device: /dev/disk/by-id/ata-WDC_WD121KRYZ-01W0RB0_5QHUESHB crypto-sata2: passphrase: "{{ vault_luks_devices['crypto-sata2'].passphrase }}" device: /dev/disk/by-id/ata-WDC_WD102KRYZ-01A5AB0_VCG6A2UN zfs_arc_size: min: 2GB max: 24GB zfs_pools: nvme: mountpoint: /srv/nvme create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 properties: ashift: 12 autotrim: "on" storage: mountpoint: /srv/storage create_vdevs: mirror /dev/mapper/crypto-sata0 /dev/mapper/crypto-sata1 /dev/mapper/crypto-sata2 zfs_sanoid_modules: nvme/vm: use_template: production recursive: yes process_children_only: yes nvme/vm/ch-apps/data: use_template: ignore recursive: yes storage/vm: use_template: production recursive: yes process_children_only: yes storage: use_template: production recursive: yes process_children_only: yes fileserver_zfs_default_pool: storage fileserver_zfs_filesystems: - name: archiv properties: quota: 1T owner: root group: users mode: "02775" - name: buffer properties: quota: 50G owner: root group: users mode: "02775" - name: home ## legacy properties: quota: 500G export: no owner: root group: root mode: "0755" - name: movies properties: quota: 1T owner: root group: users mode: "02775" - name: music properties: quota: 500G owner: root group: users mode: "02775" - name: series properties: quota: 4T owner: root group: users mode: "02775" fileserver_nfs_root: /srv/_nfs4_root_ fileserver_nfs_default_options: - rw - async - root_squash - no_subtree_check fileserver_nfs_default_destinations: - dest: "{{ network_zones.lan.prefix }}" fileserver_users: equinox: id: 1000 groups: users amun: id: 1001 groups: users baum: id: 1002 groups: users gimpf: id: 1003 groups: users mel: id: 1004 groups: users otti: id: 1005 groups: users mama: id: 1006 groups: users papa: id: 1007 groups: users thor: id: 1008 groups: users nenzen: id: 1009 groups: users michisix: id: 1010 groups: users