blob: c88b8481b306d931fad9f6f29b9b2477d763eb21 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
|
---
install_jumphost: ch-jump
install:
vm:
memory: 1G
numcpus: 1
autostart: False
disks:
primary: /dev/sda
scsi:
sda:
type: zfs
name: root
size: 10g
properties:
'syncoid:sync': 'false'
sdb:
type: zfs
name: data
size: 10g
properties:
'syncoid:sync': 'false'
interfaces:
- bridge: br-svc
name: svc0
network:
nameservers: "{{ network_zones.svc.dns }}"
domain: "{{ host_domain }}"
systemd_link:
interfaces: "{{ install.interfaces }}"
primary: &_network_primary_
name: svc0
address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}"
gateway: "{{ network_zones.svc.gateway }}"
static_routes:
- destination: "{{ network_zones.lan.prefix }}"
gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
interfaces:
- *_network_primary_
ntp_variant: systemd-timesyncd
#################
system_lvm_volume_size_root: 3G
apt_repo_components:
- main
- contrib ## for zfs
zfs_pools:
storage:
mountpoint: /srv/storage
create_vdevs: /dev/sdb
zfs_volumes:
storage:
whawty:
children:
auth: {}
spreadspace_apt_repo_components:
- container
docker_pkg_provider: docker-com
docker_plugins:
- buildx
docker_storage:
type: zfs
pool: storage
name: docker
properties:
quota: 1G
kubelet_storage:
type: zfs
pool: storage
name: kubelet
properties:
quota: 1G
kubernetes_version: 1.28.5
kubernetes_container_runtime: docker
kubernetes_standalone_max_pods: 42
kubernetes_standalone_cni_variant: with-portmap
ch_testvm_prometheus_apps_publish_ca_key: |
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAopKJFGAl3yKFcIFI7j3M/n3lNafjBo3QySoTgtkobO2gR8Me
E6RFwZXEquceO5MYU4BxmWN+m+mOFnTezJbQZAmGv/dPsV+yM/I/oidokg7EZNuo
2lOrnlt9SP8koIvSBOrzVjCy84BeZWTNpKPXK26lcBoFGxjQ2PYjdW99t0gkX9Rz
KUE9ybTb60F7mVUt99O/eWOBBdQAMPX80eyr7OjFBoQoyDAv3OMx/ZuVjhYOIE+s
Eijjl36NCu4LQawvwd2ewIH+YeTK/VH/JN1yt9RZurlhHrajJvQ6U1t5zY8SubsX
nTUMpTHFoX+B3vPC1fKhMnG+QoPlN2sT9lBCxZcDVKKj6zuhoFCupBWOc4m9A+yK
zAVq0sWnmV1O2AVgtFKdFUc7D7On5hKsN8hlX83haIfyqLN45wdCeXxrHbcyHYS1
RDTbE2Y5CKqjcgLWjrO72tDyhQJEu1ttkY6HR8d0EBd9WemvWN1xIjx5x4HHHk5e
1VSaNKp25SucwvsySGpPfnWV4dKnIzFYPnhnpt6xsbwA0s0w/POggKgK+p4YEgtt
GdpBbesME1OrYFu8mlj25JobVyC8H+e7DF7NKNEpLlT0VWR4E1yYTTm9rIhhM0Ne
Cqs0mqOhr+bZ0EDpmD6O9ffyIFjIh9ArkUuf1cD/8V+33Kl8AcB4pHlFaQ0CAwEA
AQKCAgAeWYpfRCrVyvlL3Urq9R0ftouTln3Ow6tiXqlJUHaYTU1SkFW9V3nRT78p
I5/0gbu1HQG4H8erXjDxNszAN3h8cH3YORiG1cVsJrGj+UTvnXOjG5HcfmnH1K8h
MUaadTfWRLF8WfeSd1jIB4dPkOmyuUOH18ezvRCCLINGoXOAA6cMv9nm7f/Vt96l
fvJO2ATOoxh4FjAoUSFfApE59HvNLNBZbNM7Oim5TC3ROVo0biAhfpYyRrFkXxMA
Ixv1XOqGf/Pq3unJRz/xBj2CWZgYwvskXYbIx9JSC56W4Lkuu6LEiy23osdzUIUj
Zu0tHOc270aSJwNcogho7ePKZEXulnx721gQWzSGtY8fVmVHshyFb/h7AiU7uvzQ
b/zh4uG/FcXfTOHWD6nLkzA0bXlnhkhodwt6qn4tCxDTzmlN5Y2oMT3yYax7fxSZ
MVRTvwt5PUKNOf3oxx4IqdmXhVGhdMBaKfrCly4sGQksPes5bcBDbYHlDNZCRwr9
pn1lSHqrEoD0bN+DV+jDLl2/FUXd/G6SlJUmMwINDRsLaKIM89cOwfIjJa1Y/o9Z
iQ+XZQBKnff9fhLG3cI33CVWXF/v3C99Gy//v2kmyIxamE4cjR76p8hRM1jq896R
Hnb2hKZAONP5a/v3cpnaW08+yvBRT+SvtPFPTuuSUwUTWCymiQKCAQEAwJ7Z/797
p4lnZBqoDPQfDqqFzn5aTqLvyY1jOYltgxDrlgDjD3SRWDJO3rzUAzIZlCw2stGu
wxhNAT/kaptB3QMcStiVGBnYa0YnPTwp0kVC7+jsp1+FyyGN0b1hcxbkq2EyQN3m
RB5rQZuTKaBDSGO/VQGzTBEW4DAg9bYmBfetbhNQoBjNJ/7yTQIrL9Mf25V3LdXM
T8txuGnOb1eP21t4Ty9mVQMiv/s5Gn611r4rO3BsQ+DSHomUbybGUrnMs4PHmO84
lTKMCLI1RtebO0Kjhbb6ufWgdrYBzZ0Ir/eleohB8zLhKT6m99Hk57Ou1u1OIi0s
v8jLs43MAPoK+QKCAQEA2BCecN1b/kP3Pex1ZyaXmMZJUNk9BPwFe90KrfJVAmJ9
qo8Ql8hF95I1roCJghxo3c5EUzp/y7C+vXQdCLUrRGCG2qT5/IIuy8NclmtYSx2T
NH+16ZtO/4EhmmazRWzTBjDyU5Umgvp9O2PKC8iGL7JC32lJ4NYX6M81NgfYXnjz
4JlgRQZ6mtNlrN+Zc/zyzm7Pb9bSPUJj6sOadrsdgvR0gu1Yi/nKQeGpXMd9LjPT
DFV+Nb0KIFo22MHrUPTaWl7oTtNqBWjKvvV252QzVEuxqzrFOtFMO8Fd4r/lHSAG
kZMFBCiFrApk+hEzchn1umG9IDzBc+6JOglvIMOftQKCAQEAmCAdDbX+A+gp5s6C
sJBQwvV77gSub/KRLH5kwjk+a0f+t56FtVwbuispTRKW4ts7hmGQ5ZNi0aQslPMQ
A/4Qe2uMebQptDodSUPDk8IjSXT4E5/C38E6Wp5qch5+izWmbY+6764QwPXBQbSL
+lEfMlnM72cDYu0QQwjfzw8HYqkkqI3KnFZaGN9qH9W5o/C69WJLGMEEtnR3oOy3
ZAokjFrmXquRx0xNso/Hnpw6IppYbH4ykz1I1WNU/qAB+63P9Gr8RVWRO4wLOob8
OrHnYFsV6HIF/L33+ClwrSH7jXYpk+dvJpKlbzyTA6Aah7/KMuaCUc2ZzPHZpzoy
xwaziQKCAQEA0DcTuMhZQqrUtIQOj50NMljDhnoS557G2hqllAOYEHhBif/ciaii
ZHYt7UBJQ22FUVrZVStmxDBLX99pq16Ll5U9365kigYaepqFux8vMxQJK+p2r+zP
MEKM03JtCFZa9fhtTkbJmicyT+1WZAyV45jyAMJCQ72NxPkJ2kutIz2EJ8kmkN4x
gMp/jRzdkH0OsAjxNmHasNYt26ssS4b+ZZiWPyXi0uGhG+QPhi1oYQHoPFaXDcpi
29KUUEZwMtADLFuRm4T5AsV9vJBoSYyyOmXHja9RKeFQibVKeJ1cebjHG7qGdv9l
8ekCbkntPePuffJ6g3qJIuOYsqkswnJCkQKCAQAns9UolfLKHB68NuCswjtqlozX
KpMhDQKeS7a1/oOmlymAKJ9irmzwYvlsYTyW9mtYSurstTxKVbqIcPzY+jqGIuuh
6gpRsKUlfFHluZHl8sCB4ZZ7g+QDQCWAfoiBNgD+pkJqlL7DGKd520NMxQyYxDH1
cEx5blKgO2sKkkV0jTYHO7SAlVpy4j7Gm9olG8v6AxBFQrEgeI/pGANXundho6ai
u2m8YDkIlS1zQiyyvBncNoZ5X2ZDSa1aAJn9B6lCq9PWKxhKNX8E8aVVbrDFIK4+
zu71QecMIJVfHGtrjBbfQgFiJzxTi10YpuJvBT5HQPF4XjAN3DB15D/Gy9BG
-----END RSA PRIVATE KEY-----
ch_testvm_prometheus_apps_publish_ca_cert: |
-----BEGIN CERTIFICATE-----
MIIFBDCCAuygAwIBAgIUB05Y1b+0LfULh1R7h1OUHF44VO4wDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAwwkY2gtdGVzdHZtLXByb21ldGh1ZXMgQXBwcyBQdWJsaXNo
IENBMCAXDTI0MDExMTIwMTIyMloYDzIwNjMxMTIzMjAxMjIyWjAvMS0wKwYDVQQD
DCRjaC10ZXN0dm0tcHJvbWV0aHVlcyBBcHBzIFB1Ymxpc2ggQ0EwggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQCikokUYCXfIoVwgUjuPcz+feU1p+MGjdDJ
KhOC2Shs7aBHwx4TpEXBlcSq5x47kxhTgHGZY36b6Y4WdN7MltBkCYa/90+xX7Iz
8j+iJ2iSDsRk26jaU6ueW31I/ySgi9IE6vNWMLLzgF5lZM2ko9crbqVwGgUbGNDY
9iN1b323SCRf1HMpQT3JtNvrQXuZVS330795Y4EF1AAw9fzR7Kvs6MUGhCjIMC/c
4zH9m5WOFg4gT6wSKOOXfo0K7gtBrC/B3Z7Agf5h5Mr9Uf8k3XK31Fm6uWEetqMm
9DpTW3nNjxK5uxedNQylMcWhf4He88LV8qEycb5Cg+U3axP2UELFlwNUoqPrO6Gg
UK6kFY5zib0D7IrMBWrSxaeZXU7YBWC0Up0VRzsPs6fmEqw3yGVfzeFoh/Kos3jn
B0J5fGsdtzIdhLVENNsTZjkIqqNyAtaOs7va0PKFAkS7W22RjodHx3QQF31Z6a9Y
3XEiPHnHgcceTl7VVJo0qnblK5zC+zJIak9+dZXh0qcjMVg+eGem3rGxvADSzTD8
86CAqAr6nhgSC20Z2kFt6wwTU6tgW7yaWPbkmhtXILwf57sMXs0o0SkuVPRVZHgT
XJhNOb2siGEzQ14KqzSao6Gv5tnQQOmYPo719/IgWMiH0CuRS5/VwP/xX7fcqXwB
wHikeUVpDQIDAQABoxYwFDASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
CwUAA4ICAQBOwXLbrM+9D9177SWrn/O9ETGBAMyITotf970eSDTfh7qeMagYY3z2
72sABwv226ITrS/ukgyWqC/jqZFr/lONqG5ckrfn8JHJyX8PpQUW0C9TkOrd6NMu
bgoQWXJHrKiqW56jPzo9WiQ0HqEY/QUKw7ZkhVr/SrUykSombGw0mCzPXGrpcYBe
5p0IwEEDX7Meu6iPPXhLhK0RMtLGPNSKmnGdnlMR88DdbVzAyxS5bfwmEsaE8U4x
3oMYCfzVTjYIu/mNizEen4TMK8MlYMD4xFP/Zsd+/l3JGfXy/qhQiOaCQZy1yhZI
S5Ypm6IsnZ9yhz6+XysOSq1aXeMsJeADGrpCIz1MKSK6YK5J6wMvEYWLVC73FosF
0pLbO+OANXW3/h6qatZoqCKEOmFe5vSLDbl7G4JPhl2YpW2nuKNyDhOSgH0NcbJy
saidgBVGFz5reT+Dj3rHaGUxgnBvBRF19RAy17K4jWvQlHNYP3+K4T3fXg2Jk+TJ
xNP1ILaGJp6lzTgWu2eOnuzoSL1nHXnFlH0j/GR/iutZMMUPWwifUn7AT1t8NcBF
sb5sQP1wadb+tLgNH47loPxdP5Ox8xReSPgvwB5Kjt3yvRnJ7WCezG2xUQOIO2cT
ZZPiVEsoxs6xspIPbfPPA6cOxsKPnWzp5eZpjFbDkkgURn0c2nSKlQ==
-----END CERTIFICATE-----
apps_publish_zone__ch_testvm_prometheus:
name: ch-testvm-prometheus
publisher: ch-testvm-prometheus
certificate_provider: static-ca
certificate_ca_config:
cert_content: "{{ ch_testvm_prometheus_apps_publish_ca_cert }}"
key_content: "{{ ch_testvm_prometheus_apps_publish_ca_key }}"
_whawty_auth_zfs_base_:
pool: storage
name: whawty/auth
whawty_auth_instances:
foo:
version: 0.2-rc9
port: 3080
store:
default: 1
params:
- id: 1
argon2id:
time: 1
memory: 65536
threads: 4
length: 32
sync:
port: 3022
authorized_keys: "{{ users.equinox.ssh }}"
storage:
type: zfs
parent: "{{ _whawty_auth_zfs_base_ }}"
name: foo
properties:
quota: 256M
publish:
zone: "{{ apps_publish_zone__ch_testvm_prometheus }}"
hostnames:
- passwd.example.com
tls:
certificate_provider: selfsigned
cert:
organization_name: "chaos-at-home"
organizational_unit_name: "ansible"
key_usage:
- digitalSignature
- keyAgreement
key_usage_critical: yes
extended_key_usage:
- serverAuth
extended_key_usage_critical: yes
create_subject_key_identifier: yes
not_after: +52w
renew_margin: +42d
bar:
version: 0.2-rc9
port: 3180
store:
default: 1
params:
- id: 1
argon2id:
time: 1
memory: 65536
threads: 4
length: 32
sync:
port: 3122
authorized_keys: "{{ users.equinox.ssh }}"
storage:
type: zfs
parent: "{{ _whawty_auth_zfs_base_ }}"
name: bar
properties:
quota: 128M
publish:
zone: "{{ apps_publish_zone__ch_testvm_prometheus }}"
hostnames:
- passwd.bar.com
tls:
certificate_provider: selfsigned
cert:
organization_name: "chaos-at-home"
organizational_unit_name: "ansible"
key_usage:
- digitalSignature
- keyAgreement
key_usage_critical: yes
extended_key_usage:
- serverAuth
extended_key_usage_critical: yes
create_subject_key_identifier: yes
not_after: +52w
renew_margin: +42d
|
