blob: b8716d054e270c1fdf099441543f70e8aa79054c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
---
system_lvm_volume_size_root: 3G
install:
cloud:
credentials:
token: "{{ vault_hcloud_api_token }}"
server_name: "{{ host_name }}"
external_ip: "116.203.212.131"
external_ip6: "2a01:4f8:c2c:906c::2"
apt_repo_provider: hetzner
apt_repo_components:
- main
- contrib ## for zfs
- non-free-firmware
spreadspace_apt_repo_components:
- prometheus
sshd_allowusers_host: "{{ admin_users_host + (['git'] | product(gitolite_instances | list) | map('join', '-')) }}"
ssh_keys_root_extra:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjZEFZLrl2KIqYl/GU8Vkp7mlhAbFbjwf4Ht9zQRmI8 ZFS Backup syncoid@epimetheus
ntp_variant: systemd-timesyncd
nginx_server_names_hash_bucket_size: 64
acme_directory_server: "{{ acme_directory_server_le_live_v2 }}"
zfs_arc_size:
min: 256MB
max: 1GB
zfs_pools:
storage:
mountpoint: /srv/storage
create_vdevs: "/dev/mapper/{{ host_name | replace('-', '--') }}-storage"
zfs_sanoid_modules:
storage:
use_template: production
recursive: yes
process_children_only: yes
wireguard_p2p_interface:
name: remote0
description: connection to chaos-at-home internal services
listen_port: 51820
addresses:
- "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets[inventory_hostname]) }}"
static_routes:
- dest: "{{ network_zones.svc.prefix }}"
gw: "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-router']) | ansible.utils.ipaddr('address') }}"
- dest: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}/32"
gw: "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-router']) | ansible.utils.ipaddr('address') }}"
wireguard_p2p_peers:
- pub_key: "9pUDet+les5aI9UnHHVgyw95hNBxlAX8DBCxTjigpEI="
endpoint:
host: "{{ network_zones.magenta.prefix | ansible.utils.ipaddr(network_zones.magenta.offsets['ch-router']) | ansible.utils.ipaddr('address') }}"
port: 51820
allowed_ips:
- "{{ network_zones.remote.prefix }}"
- "{{ network_zones.svc.prefix }}"
- "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}/32"
bind_option_empty_zones_enable: no
bind_option_allow_transfer: []
bind_option_allow_recursion:
- localhost
bind_option_notify: 'no'
bind_stats_channels:
- addr: 127.0.0.1
port: 8053
allow:
- 127.0.0.1
bind_zone_blacklist:
- onion
- zip
- mov
bind_slave_zones:
pan:
masters:
- 89.106.215.19
- 2a02:3e0:407::19
zones:
## formerly known as self
- chaos-at-home.org
- chaox.org
- spreadspace.org
- spreadspace.com
- spreadspace.net
- spreadspace.systems
- elev8.at
- java-sucks.com
- xn--gh-via.org
- schaaas.at
## formerly known as others
- gimpf.org
- movetogether.at
realraum:
masters:
- 89.106.211.33
- 2a02:3e0:4000:1::1
zones:
- realraum.at
- r3.at
- hack-challenge.at
funkfeuer:
masters:
- 193.33.150.114
zones:
- ffgraz.net
- graz.funkfeuer.at
- 10.in-addr.arpa
- 150.33.193.in-addr.arpa
- 151.33.193.in-addr.arpa
prometheus_scrape_endpoint: "{{ external_ip }}:9999"
prometheus_exporters_extra:
- bind
prometheus_job_multitarget_blackbox__probe:
ch-mon:
- instance: "ssh-{{ inventory_hostname }}"
target: "{{ external_ip }}:{{ ansible_port | default(22) }}"
module: ssh_banner
- instance: "https-mimas.chaos-at-home.org"
target: "https://mimas.chaos-at-home.org"
module: http_tls_2xx
gitolite_storage:
type: zfs
pool: storage
name: git
properties:
quota: 1G
compression: lz4
gitolite_instances:
spreadspace:
primary_admin_key: "{{ users.equinox.ssh | first }}"
http:
hostnames:
- git.spreadspace.org
- git.spreadspace.com
- git.spreadspace.net
- git.spreadspace.systems
tls:
certificate_provider: acmetool
enable_git_backend: yes
title: spreadspace
description: spreadspace GIT Repoistories
|