From 409e17b72fd82e04b80f0023b3680edb0d78fcd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Norman=20Hauk=C3=A5s?= Date: Wed, 20 Mar 2024 16:44:43 +0100 Subject: [PATCH] :recycle: refactor how hosts are defined --- host_vars/jake.box.nilsnh.no.yml | 29 ++++++++++++++++++++++ inventory/production | 4 +-- playbook.yml | 42 +++++--------------------------- 3 files changed, 37 insertions(+), 38 deletions(-) create mode 100644 host_vars/jake.box.nilsnh.no.yml diff --git a/host_vars/jake.box.nilsnh.no.yml b/host_vars/jake.box.nilsnh.no.yml new file mode 100644 index 0000000..388cdd8 --- /dev/null +++ b/host_vars/jake.box.nilsnh.no.yml @@ -0,0 +1,29 @@ +--- +restic_repo_pw: "{{ vault_restic_pw_jake }}" +restic_repo_url: "{{ vault_restic_url_jake }}" +restic_backup_pre_cmd: + - (cd "/tmp" && forgejo.sh dump --file="forgejo.zip") +restic_backup_targets: + - /tmp/forgejo.zip +restic_backup_frequency: daily +sendmail_mta_user: "{{ vault_mta_user }}" +sendmail_mta_user_pw: "{{ vault_mta_user_pw }}" +sendmail_mailhub: "box.nilsnh.no:465" +sendmail_hostname: jake.box.nilsnh.no +sendmail_rewrite_domain: "nilsnh.no" +sendmail_revaliases: + root: "{{ machine_from_email }}" + jake: "{{ machine_from_email }}" + git: "{{ machine_from_email }}" +machine_from_email: "noreply+jake@nilsnh.no" +machine_notifications_receiver: "mail@nilsnh.no" +forgejo_domain: "code.on.nilsnh.no" +forgejo_from: "\"Forgejo at nilsnh.no\" <{{ machine_from_email }}>" +firewall_allowed_ports: + - { port: 80, proto: "tcp" } + - { port: 443, proto: "tcp" } + - { port: 51820, proto: "udp" } # Wireguard +wireguard_private_key: "{{ vault_wireguard_private_key }}" +wireguard_address: 10.0.24.1/24 +wireguard_peers: + - { AllowedIPs: 10.0.24.2/32, Endpoint: finn.lan:51820, PublicKey: "ZXbZPQY9aycB9t+lqLsiteleeWqxNi+Q37yYZcPIlSA=" } \ No newline at end of file diff --git a/inventory/production b/inventory/production index 815877e..c3bf027 100644 --- a/inventory/production +++ b/inventory/production @@ -1,5 +1,5 @@ -[jake] +[servers] jake.box.nilsnh.no ansible_user=jake -[this_machine] +[this-machine] localhost ansible_connection=local diff --git a/playbook.yml b/playbook.yml index 929eec2..54e623e 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,41 +1,11 @@ --- -- hosts: jake - handlers: - vars: - restic_repo_pw: "{{ vault_restic_pw_jake }}" - restic_repo_url: "{{ vault_restic_url_jake }}" - restic_backup_pre_cmd: - - (cd "/tmp" && forgejo.sh dump --file="forgejo.zip") - restic_backup_targets: - - /tmp/forgejo.zip - restic_backup_frequency: daily - sendmail_mta_user: "{{ vault_mta_user }}" - sendmail_mta_user_pw: "{{ vault_mta_user_pw }}" - sendmail_mailhub: "box.nilsnh.no:465" - sendmail_hostname: jake.box.nilsnh.no - sendmail_rewrite_domain: "nilsnh.no" - sendmail_revaliases: - root: "{{ machine_from_email }}" - jake: "{{ machine_from_email }}" - git: "{{ machine_from_email }}" - machine_from_email: "noreply+jake@nilsnh.no" - machine_notifications_receiver: "mail@nilsnh.no" - forgejo_domain: "code.on.nilsnh.no" - forgejo_from: "\"Forgejo at nilsnh.no\" <{{ machine_from_email }}>" - firewall_allowed_ports: - - { port: 80, proto: "tcp" } - - { port: 443, proto: "tcp" } - - { port: 51820, proto: "udp" } # Wireguard - wireguard_private_key: "{{ vault_wireguard_private_key }}" - wireguard_address: 10.0.24.1/24 - wireguard_peers: - - { AllowedIPs: 10.0.24.2/32, Endpoint: finn.lan:51820, PublicKey: "ZXbZPQY9aycB9t+lqLsiteleeWqxNi+Q37yYZcPIlSA=" } +- hosts: jake.box.nilsnh.no roles: - wireguard - # - backup - # - sendmail - # - nodejs + - backup + - sendmail + - nodejs - firewall - # - forgejo - # - caddy + - forgejo + - caddy