summaryrefslogtreecommitdiff
path: root/inventory/host_vars/ch-apps/vars.yml
blob: f39d57f10dbaa3adb254ae018662a2e4774a693e (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
---
install_jumphost: ch-jump

system_lvm_volume_size_root: 4G
install:
  vm:
    memory: 12G
    numcpus: 8
    autostart: True
    virtiofs:
      music:
        src: /srv/storage/music
        dest: /srv/music
        mnt_opts: ro
  disks:
    primary: /dev/sda
    scsi:
      sda:
        type: zfs
        name: root
        size: 25g
      sdb:
        type: zfs
        name: data
        size: 100g
        properties:
          'syncoid:sync': 'false'
  interfaces:
  - bridge: br-svc
    name: svc0

network:
  nameservers: "{{ network_zones.svc.dns }}"
  domain: "{{ host_domain }}"
  systemd_link:
    interfaces: "{{ install.interfaces }}"
  primary: &_network_primary_
    name: svc0
    address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}"
    gateway: "{{ network_zones.svc.gateway }}"
    static_routes:
    - destination: "{{ network_zones.lan.prefix }}"
      gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
  interfaces:
  - *_network_primary_


apt_repo_components:
  - main
  - contrib  ## for zfs
  - non-free-firmware

spreadspace_apt_repo_components:
  - container
  - prometheus


ssh_keys_root_extra:
  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjZEFZLrl2KIqYl/GU8Vkp7mlhAbFbjwf4Ht9zQRmI8 ZFS Backup syncoid@epimetheus


prometheus_exporters_extra:
  - standalone-kubelet
  - ssl

prometheus_job_multitarget_blackbox__probe:
  ch-mon:
  - svc_kind: ssh
    svc_instance: "{{ inventory_hostname }}"
    target: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:{{ ansible_port | default(22) }}"
    module: ssh_banner

prometheus_job_multitarget_ssl__probe:
  ch-apps:
  - module: file
    target: "/etc/ssl/standalone-kubelet/*.pem"
    sslcert_instance: "standalone-kubelet"
  - module: file
    target: "/etc/ssl/node-red-*/*.pem"
    sslcert_instance: "node-red"
  - module: file
    target: "/etc/ssl/whawty-auth-*/*.pem"
    sslcert_instance: "whawty-auth"


zfs_arc_size:
  min: 512MB
  max: 2GB

zfs_pools:
  storage:
    mountpoint: /srv/storage
    create_vdevs: /dev/sdb
    properties:
      ashift: 12
      autotrim: "on"

zfs_volumes:
  storage:
    node-red:
      properties:
        compression: lz4
        xattr: sa
    whawty:
      properties:
        compression: lz4
        xattr: sa
      children:
        auth: {}

zfs_sanoid_modules:
  storage:
    use_template: production
    recursive: yes
    process_children_only: yes
  storage/docker:
    use_template: ignore
    recursive: yes
  storage/kubelet:
    use_template: ignore
    recursive: yes


docker_pkg_provider: docker-com
docker_plugins:
  - buildx

docker_storage:
  type: zfs
  pool: storage
  name: docker
  properties:
    quota: 10G
    'syncoid:sync': 'false'

kubelet_storage:
  type: zfs
  pool: storage
  name: kubelet
  properties:
    quota: 10G
    'syncoid:sync': 'false'

kubernetes_version: 1.30.2
kubernetes_container_runtime: docker
kubernetes_standalone_max_pods: 42
kubernetes_standalone_cni_variant: with-portmap