blob: be136e822968e1fcf090e3624dbdda7dd9f7129f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
---
system_lvm_volume_size_root: 4G
system_lvm_volume_size_varlog: 5G
install:
vm:
memory: 48G
numcpus: 12
autostart: True
disks:
primary: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0
scsi:
sda:
type: zfs
name: root
size: 15g
sdb:
type: zfs
name: data
size: 900g
properties:
'syncoid:sync': 'false'
interfaces:
- bridge: br-public
name: primary0
network:
nameservers: "{{ vm_host.network.dns }}"
domain: "{{ host_domain }}"
systemd_link:
interfaces: "{{ install.interfaces }}"
primary: &_network_primary_
name: primary0
address: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) }}"
gateway: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ansible.utils.ipaddr('address') }}"
template: overlay
overlay: "{{ (vm_host.network.bridges.public.overlays.default.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.overlays.default.offsets[inventory_hostname])).split('/')[0] }}"
interfaces:
- *_network_primary_
external_ip: "{{ network.primary.overlay }}"
apt_repo_components:
- main
- contrib ## for zfs
- non-free-firmware
spreadspace_apt_repo_components:
- container
zfs_arc_size:
min: 2GB
max: 16GB
zfs_pools:
storage:
mountpoint: /srv/storage
create_vdevs: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-1
properties:
ashift: 12
autotrim: "on"
zfs_volumes:
storage:
nextcloud:
properties:
compression: lz4
xattr: sa
zfs_sanoid_modules:
storage/nextcloud:
use_template: production
recursive: yes
process_children_only: yes
storage/keycloak:
use_template: production
recursive: yes
process_children_only: yes
storage/onlyoffice:
use_template: production
recursive: yes
process_children_only: yes
docker_pkg_provider: docker-com
docker_plugins:
- buildx
docker_storage:
type: zfs
pool: storage
name: docker
properties:
quota: 40G
kubelet_storage:
type: zfs
pool: storage
name: kubelet
properties:
quota: 20G
kubernetes_version: 1.30.4
kubernetes_container_runtime: docker
kubernetes_standalone_max_pods: 100
kubernetes_standalone_pod_cidr: 192.168.255.0/24
kubernetes_standalone_cni_variant: with-portmap
kubernetes_standalone_local_services_tcp:
- 25
postfix_base_mynetworks:
- "127.0.0.0/8"
- "[::ffff:127.0.0.0]/104"
- "[::1]/128"
- "{{ kubernetes_standalone_pod_cidr }}"
postfix_base_inet_protocols:
- "ipv4"
acme_directory_server: "{{ acme_directory_server_le_live_v2 }}"
acme_client: acmetool
sk_cloudio_apps_publish_ca_key: "{{ vault_sk_cloudio_apps_publish_ca_key }}"
sk_cloudio_apps_publish_ca_cert: |
-----BEGIN CERTIFICATE-----
MIIE+DCCAuCgAwIBAgIUWYAlW7BhaDHZaWjkVlttP26KVhgwDQYJKoZIhvcNAQEL
BQAwKTEnMCUGA1UEAwweQXBwcyBQdWJsaXNoIENBIGZvciBzay1jbG91ZGlvMCAX
DTI0MDgyNDIwNDEzNloYDzIwNjQwNzA2MjA0MTM2WjApMScwJQYDVQQDDB5BcHBz
IFB1Ymxpc2ggQ0EgZm9yIHNrLWNsb3VkaW8wggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDUOVJTgNrqTlD6FXupVLIoMbQ7O9Xj3XmtYGVtF6LUPodbrlTs
9TRkhWwVSUGokfgRtKOx1Zk13HFadKw92t9zzTVnT62drH9xOPPGitBXyxeCiyzr
Ib98qnDeO9o+9x0cRsg4tvjksfyMV0JtFxOsSJ6diHrGrakk9SIRVk63GYbRSKBQ
wKCeAihFX35oyd3qCmIt6ZuueX5Z2dNdiaXmcrwe0MhBghd4Upqe3BPopGeVzJtY
Bm6Fsq/V2H28g6l3kNU5sPpgPWMpDRuUTjnfe1MFVu51QwmbkxqWhODaH8dClshJ
imACGnRmTxJ5bAqBbT2z3IEdhaEnKKUyN8OYqX3mtmU1/We9d52cLvghtbiRuhrE
4eK7GRCvc0QqU/hk6eFvfXVd5KI48tB8at9tKP6tWeavlYyfq5G3canmzOTTbxuA
TfpbFrHIwHCk9M3VTIcABMeb38EGoOpaSTTcX3eOT/k97tQJPKFlfl+EF+fhbijN
1CEdR+6m2BIvcNmGkKl0VH6eVXiAUFKm03Kg1sH0gh4upQKdx+54szF51jsrHcPI
16oBChS0t+JG1tcvbluVWwLMw1G5nvm302/RxYahNyCniMAUl/eaubTHarTBtK7w
lAYryanwtlbAR/XQZAHBNzhG/2er1nCr6E5Wh+98ID+ElWbmaQ5ale/8OQIDAQAB
oxYwFDASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4ICAQCpTUjN
veOg2dZ/44tg5P5RnZKZFiyYapaaxv3W6cfqpfUhrI8qSuBn9G/UAJAfMszU87rf
OZ1PRZCFuzu+dB7CrmMgvqt0cTRpaxlN9CzZpfpFADlt9NQKYxK4T8IxIZ7ebISl
UNyX08mRXNB3N+Qq1CcTVtwHNLbnwkLttryGJ1tmAwEu4QIHauG7cDXFQuRGP0CE
x+DSdLTcs6hvOYq4OfpX0Zci5zy4SI50DLoT5h94IaIPAL6XBi7n9bj8ZSHqa1ZC
lveyaGguEy53meARTXSCm/jxtpo8xD7pWz4vnYPZuyMGe9rbE77Y8CwWK/RvUdYx
th09ALKw76W59e78RkxKTqBvGmZYw1igY4p8IqcXci65xtO2HiRDHX2jU7AYkgAD
z5Rv+2ZMcOQHOPzxDRXk06+pQUZ3qQ3cU9ASziTSaLITnMVH0VokRNXvSZYxeuwR
yDqb1H4MsV91Sy4UyXmtfXZYouM3/3OwCzxpkgvxdVdQBzssUssLrRcS5UEcJGr8
69M2CNHXX1fy0mLKdgqHNPzX9ALnqTHJMV5C5J3Q4RU6Vl2Un3Vg3A3dRKLPkg5P
C69nyBua3CIlx6Z8o2Ik9tJdwCULV6lYLGEfpsJHt627gF893Jexxuo3zI7XWQhb
ucrEkA2qzf0fHzCwFeiACMjssiN1YyevdI4Flw==
-----END CERTIFICATE-----
apps_publish_zone__sk_cloudio:
name: sk-cloudio
publisher: sk-cloudio
certificate_provider: static-ca
certificate_ca_config:
cert_content: "{{ sk_cloudio_apps_publish_ca_cert }}"
key_content: "{{ sk_cloudio_apps_publish_ca_key }}"
|