blob: 4cf034a64b0e0bc070797056c79f6fb17f7b26e2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
---
system_lvm_volume_size_root: 4G
system_lvm_volume_size_varlog: 2G
install:
vm:
memory: 48G
numcpus: 8
autostart: True
disks:
primary: /dev/sda
scsi:
sda:
type: zfs
name: root
size: 15g
sdb:
type: zfs
name: data
size: 800g
properties:
compression: off
interfaces:
- bridge: br-public
name: primary0
network:
nameservers: "{{ vm_host.network.dns }}"
domain: "{{ host_domain }}"
systemd_link:
interfaces: "{{ install.interfaces }}"
primary: &_network_primary_
name: primary0
address: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) }}"
gateway: "{{ vm_host.network.bridges.public.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ansible.utils.ipaddr('address') }}"
template: overlay
overlay: "{{ (vm_host.network.bridges.public.overlays.default.prefix | ansible.utils.ipaddr(vm_host.network.bridges.public.overlays.default.offsets[inventory_hostname])).split('/')[0] }}"
interfaces:
- *_network_primary_
external_ip: "{{ network.primary.overlay }}"
apt_repo_components:
- main
- contrib ## for zfs
spreadspace_apt_repo_components:
- main
- container
zfs_arc_size:
min: 2GB
max: 8GB
zfs_pools:
storage:
mountpoint: /srv/storage
create_vdevs: /dev/sdb
properties:
ashift: 12
autotrim: "on"
zfs_sanoid_modules:
storage/nextcloud:
use_template: production
recursive: yes
process_children_only: yes
storage/onlyoffice:
use_template: production
recursive: yes
process_children_only: yes
docker_pkg_provider: docker-com
docker_storage:
type: zfs
pool: storage
name: docker
properties:
quota: 15G
kubelet_storage:
type: zfs
pool: storage
name: kubelet
properties:
quota: 15G
kubernetes_version: 1.28.5
kubernetes_container_runtime: docker
kubernetes_standalone_max_pods: 15
kubernetes_standalone_cni_variant: with-portmap
kubernetes_standalone_local_services_tcp:
- 25
postfix_base_mynetworks:
- "127.0.0.0/8"
- "[::ffff:127.0.0.0]/104"
- "[::1]/128"
- "{{ kubernetes_standalone_pod_cidr }}"
acme_directory_server: "{{ acme_directory_server_le_live_v2 }}"
acme_client: acmetool
nginx_server_names_hash_bucket_size: 64
nextcloud_zfs:
pool: storage
name: nextcloud
properties:
compression: lz4
nextcloud_instances:
team.tomwaitz.eu:
# new: true
version: 28.0.1
port: 8100
hostnames:
- team.tomwaitz.eu
zfs_properties:
quota: 780G
redis:
version: 7.2.1
database:
type: mariadb
version: 10.11.5
password: "{{ vault_nextcloud_database_passwords['team.tomwaitz.eu'] }}"
custom_image:
dockerfile: |
RUN set -x \
&& if [ -e "/etc/apt/sources.list" ]; then sed 's/main$/main contrib non-free/' -i /etc/apt/sources.list; fi \
&& if [ -e "/etc/apt/sources.list.d/debian.sources" ]; then sed 's/^Components: main$/Components: main contrib non-free/' -i /etc/apt/sources.list.d/debian.sources; fi \
&& apt-get update -q \
&& apt-get install -y -q unrar \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
RUN set -x \
&& apt-get update -q \
&& apt-get install -y -q smbclient libsmbclient-dev \
&& pecl install smbclient \
&& docker-php-ext-enable smbclient \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
collabora_code_base_path: /srv/storage/collabora/code
collabora_code_instances:
o.tomwaitz.eu:
version: 23.05.6.4.1
port: 8200
hostname: o.tomwaitz.eu
admin:
username: admin
password: "{{ vault_collabora_code_admin_passwords['o.tomwaitz.eu'] }}"
backend_storages:
- team.tomwaitz.eu
onlyoffice_zfs:
pool: storage
name: onlyoffice
properties:
compression: lz4
quota: 10G
onlyoffice_instances:
oo.tomwaitz.eu:
version: 7.5.1.1
port: 8600
hostname: oo.tomwaitz.eu
jwt_secret: "{{ vault_onlyoffice_jwt_secrets['oo.tomwaitz.eu'] }}"
database:
version: 9.5.25
password: "{{ vault_onlyoffice_database_passwords['oo.tomwaitz.eu'] }}"
amqp:
version: 3.11.28
password: "{{ vault_onlyoffice_amqp_passwords['oo.tomwaitz.eu'] }}"
|