blob: b01335858f47425fc336e53f785961d12406d2ec (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
---
install:
efi: true
disks:
primary: /dev/disk/by-id/ata-Samsung_SSD_840_Series_S14GNEACC92243K
system_lvm:
volumes:
- name: root
size: 3584M
filesystem: ext4
mountpoint: /
- name: var
size: 1280M
filesystem: ext4
mountpoint: /var
- name: var+log
size: 768M
filesystem: ext4
mountpoint: /var/log
mount_options:
- noatime
- nodev
- noexec
kernel_cmdline:
- "consoleblank=0"
network:
# nameservers: "{{ network_zones.lan.dns }}"
nameservers:
- 1.1.1.1
domain: "{{ host_domain }}"
primary: &_network_primary_
name: eno1
# address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
# gateway: "{{ network_zones.lan.gateway }}"
address: "192.168.28.99/24"
gateway: "192.168.28.254"
interfaces:
- *_network_primary_
admin_users_host:
- equinox
apt_repo_components:
- main
- contrib ## for zfs
- non-free ## for microcode updates
spreadspace_apt_repo_components:
- container
docker_pkg_provider: docker-com
docker_storage:
type: lvm
vg: "{{ host_name }}"
lv: docker
size: 5G
fs: ext4
kubelet_storage:
type: lvm
vg: "{{ host_name }}"
lv: kubelet
size: 5G
fs: ext4
kubernetes_version: 1.23.2
kubernetes_container_runtime: docker
kubernetes_standalone_cni_variant: with-portmap
zfs_arc_size:
min: 2GB
max: 8GB
zfs_pools:
storage:
mountpoint: /srv/storage
create_vdevs: raidz /dev/disk/by-id/ata-WDC_WD30EFRX-68EUZN0_WD-WCC4N2AYHY8E /dev/disk/by-id/ata-WDC_WD30EFRX-68EUZN0_WD-WCC4ND0PVLUE /dev/disk/by-id/ata-WDC_WD30EFRX-68EUZN0_WD-WCC4N6PJ1CSJ /dev/disk/by-id/ata-WDC_WD30EFRX-68EUZN0_WD-WCC4N3YN09NC
wireguard_keys:
gwhetzner:
pub: "YO78lnFJdlGnKxBrtVZF4QXF7bpF8rAP7yF97klWLzg="
priv: "{{ vault_wireguard_priv_keys.gwhetzner }}"
wireguard_gateway_tunnels:
wg-gwhetzner:
priv_key: "{{ wireguard_keys.gwhetzner.priv }}"
addresses:
- 192.168.254.2/30
default_gateway:
outer: 178.63.180.138
inner: 192.168.254.1
peers:
- pub_key: "{{ hostvars['ele-gwhetzner'].wireguard_keys.elemedia.pub }}"
endpoint:
host: 178.63.180.138 # TODO: fix this variable "{{ hostvars['ele-gwhetzner'].external_ip }}"
port: 51820
keepalive_interval: 15
allowed_ips:
- 0.0.0.0/0
## TODO: switch to production acme server once testing is done
# acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}"
elevate_media_share_storage:
type: zfs
pool: storage
name: share
properties:
compression: lz4
quota: 9T
elevate_media_nextcloud_storage:
type: lvm
vg: "{{ host_name }}"
lv: nextcloud
size: 150G
fs: ext4
elevate_media_nextcloud_instance:
new: true
version: 23.0.0
port: 8100
hostnames:
- media.elevate.at
- media.elev8.at
database:
type: mariadb
version: 10.7.1
password: "{{ vault_nextcloud_database_passwords['team.tomwaitz.eu'] }}"
### legacy stuff
# dyndns:
# server: ch-pan
# network_setup: elevate-festival
|
