first draft

2025-03-21 09:06:39 +01:00
parent 064c28f0a7
commit 7ea0dc4cb8
30 changed files with 122 additions and 201 deletions
--- a/inventory/host_vars/baybay-ponay.mateu.be.yml
+++ b/inventory/host_vars/baybay-ponay.mateu.be.yml
--- a/inventory/host_vars/bt.dmz.mateu.be.yml
+++ b/inventory/host_vars/bt.dmz.mateu.be.yml
--- a/inventory/host_vars/frederica.dmz.mateu.be.yml
+++ b/inventory/host_vars/frederica.dmz.mateu.be.yml
--- a/inventory/host_vars/garage1.dmz.mateu.be.yml
+++ b/inventory/host_vars/garage1.dmz.mateu.be.yml
--- a/inventory/host_vars/git1.dmz.mateu.be.yml
+++ b/inventory/host_vars/git1.dmz.mateu.be.yml
--- a/inventory/host_vars/jabber.dmz.mateu.be.yml
+++ b/inventory/host_vars/jabber.dmz.mateu.be.yml
--- a/inventory/host_vars/mail.dmz.mateu.be.yml
+++ b/inventory/host_vars/mail.dmz.mateu.be.yml
--- a/inventory/host_vars/masto1.dmz.mateu.be.yml
+++ b/inventory/host_vars/masto1.dmz.mateu.be.yml
--- a/inventory/host_vars/munin.dmz.mateu.be.yml
+++ b/inventory/host_vars/munin.dmz.mateu.be.yml
--- a/inventory/host_vars/muse-HP-EliteBook-820-G2.home.arpa.yml
+++ b/inventory/host_vars/muse-HP-EliteBook-820-G2.home.arpa.yml
--- a/inventory/host_vars/pinkypie.home.arpa.yml
+++ b/inventory/host_vars/pinkypie.home.arpa.yml
--- a/inventory/host_vars/pt1.dmz.mateu.be.yml
+++ b/inventory/host_vars/pt1.dmz.mateu.be.yml
--- a/inventory/host_vars/vlt1.dmz.mateu.be.yml
+++ b/inventory/host_vars/vlt1.dmz.mateu.be.yml
--- a/inventory/host_vars/voice1.dmz.mateu.be.yml
+++ b/inventory/host_vars/voice1.dmz.mateu.be.yml
--- a/inventory/host_vars/voice3.dmz.mateu.be.yml
+++ b/inventory/host_vars/voice3.dmz.mateu.be.yml
--- a/inventory/host_vars/web1.dmz.mateu.be.yml
+++ b/inventory/host_vars/web1.dmz.mateu.be.yml
--- a/inventory/host_vars/web2.dmz.mateu.be.yml
+++ b/inventory/host_vars/web2.dmz.mateu.be.yml
--- a/inventory/host_vars/web3.dmz.mateu.be.yml
+++ b/inventory/host_vars/web3.dmz.mateu.be.yml
--- a/inventory/production.yml
+++ b/inventory/production.yml
@@ -1,190 +0,0 @@
 ---
 router:
  hosts:
    machinbox.mateu.be:
 physicalservers:
  hosts:
    frederica.dmz.mateu.be:
    serenor.dmz.mateu.be:
 hypervisors:
  hosts:
    serenor.dmz.mateu.be:
 nasservers:
  hosts:
    frederica.dmz.mateu.be:
 zfsservers:
  hosts:
    serenor.dmz.mateu.be:
    frederica.dmz.mateu.be:
 resticservers:
  hosts:
    baybay-ponay.mateu.be:
    bt.dmz.mateu.be:
    es1.dmz.mateu.be:
    frederica.dmz.mateu.be:
    garage1.dmz.mateu.be:
    git1.dmz.mateu.be:
    jabber.dmz.mateu.be:
    mail.dmz.mateu.be:
    masto1.dmz.mateu.be:
    muse-HP-EliteBook-820-G2.home.arpa:
    pinkypie.home.arpa:
    pt1.dmz.mateu.be:
    voice1.dmz.mateu.be:
    vlt1.dmz.mateu.be:
    web[1:3].dmz.mateu.be:
 garageservers:
  children:
    garage_prd_cluster:
      hosts:
        garage1.dmz.mateu.be:
    garage_bck_cluster:
      hosts:
        frederica.dmz.mateu.be:
 elasticsearchservers:
  hosts:
    es1.dmz.mateu.be:
 nut:
  children:
    nut_client:
      hosts:
        serenor.dmz.mateu.be:
        frederica.dmz.mateu.be:
    nut_server:
      hosts:
        serenor.dmz.mateu.be:
 webservers:
  hosts:
    bt.dmz.mateu.be:
    garage1.dmz.mateu.be:
    git1.dmz.mateu.be:
    jabber.dmz.mateu.be:
    mail.dmz.mateu.be:
    masto1.dmz.mateu.be:
    pt1.dmz.mateu.be:
    voice3.dmz.mateu.be:
    munin.dmz.mateu.be:
    vlt1.dmz.mateu.be:
    web[1:3].dmz.mateu.be:
 peertubeservers:
  hosts:
    pt1.dmz.mateu.be:
 phpservers:
  hosts:
    web[1:3].dmz.mateu.be:
 mariadbservers:
  hosts:
    web[2:3].dmz.mateu.be:
 pgsqlservers:
  hosts:
    masto1.dmz.mateu.be:
    pt1.dmz.mateu.be:
    web1.dmz.mateu.be:
    git1.dmz.mateu.be:
 giteaservers:
  hosts:
    git1.dmz.mateu.be:
 actrunnerservers:
  hosts:
    git1.dmz.mateu.be:
 mastodonservers:
  hosts:
    masto1.dmz.mateu.be:
 rorservers:
  hosts:
    masto1.dmz.mateu.be:
 mailservers:
  hosts:
    mail.dmz.mateu.be:
 xmppservers:
  hosts:
    jabber.dmz.mateu.be:
 loadbalancers:
  hosts:
    haproxy.dmz.mateu.be:
 transmission:
  hosts:
    bt.dmz.mateu.be:
 mumbleservers:
  hosts:
    voice1.dmz.mateu.be:
 icecastservers:
  hosts:
    voice3.dmz.mateu.be:
 rsyslogservers:
  hosts:
    syslog.dmz.mateu.be:
 vaultservers:
  hosts:
    vlt1.dmz.mateu.be:
 muninservers:
  hosts:
    munin.dmz.mateu.be:
 disabled_loadbalanced_webservers:
  hosts:
 disabled_system:
  hosts:
    baybay-ponay.mateu.be:
    machinbox.mateu.be:
    muse-HP-EliteBook-820-G2.home.arpa:
    pinkypie.home.arpa:
 disabled_munin:
  hosts:
    baybay-ponay.mateu.be:
    muse-HP-EliteBook-820-G2.home.arpa:
    pinkypie.home.arpa:
 disabled_syslog:
  hosts:
    baybay-ponay.mateu.be:
    machinbox.mateu.be:
    muse-HP-EliteBook-820-G2.home.arpa:
    pinkypie.home.arpa:
 # Those are not servers and should not be configured as such
 disabled_server_conf:
  hosts:
    baybay-ponay.mateu.be:
    muse-HP-EliteBook-820-G2.home.arpa:
    pinkypie.home.arpa:
 ftpservers:
  hosts:
    ftp.dmz.mateu.be:
 domservers:
  hosts:
    dom.dmz.mateu.be:
 unifiservers:
  hosts:
    unifi.dmz.mateu.be:
--- a/inventory/proxmox.yml
+++ b/inventory/proxmox.yml
@@ -0,0 +1,28 @@
 ---
 plugin: community.general.proxmox
 url: https://serenor.dmz.mateu.be:8006
 user: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          32383264316162623632343363653539363432386663393431643463313038373736353332306636
          3032376462316331333337313136653137323436396536380a633038323762303461626332346632
          38643362643638333339626232386465626161303336613139646364356661383430316436636639
          6130383863636331610a666662643565393664613533366237646539663230313631623431643261
          3238
 password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          30343833663162373334373732653433373866376635396633356637656235373233613531376433
          3033353465313336356562336137623836356163666334650a306131393434656130383239353765
          38656165633861623863363966383435633331666565616464396336653161626136356130623539
          3061636531363338380a313265653134333264303730323464306565393838363630626266376237
          30363735303434323062636437663761346534666266353334396531303561346165
 validate_certs: false
 want_facts: true
 want_proxmox_nodes_ansible_host: true
 keyed_groups:
  - key: proxmox_tags_parsed
    separator: ""
 compose:
  ansible_host: proxmox_hostname ~ '.dmz.mateu.be'
--- a/inventory/static.yml
+++ b/inventory/static.yml
@@ -0,0 +1,83 @@
 ---
 all:
  hosts:
    machinbox:
      ansible_host: machinbox.mateu.be
    frederica:
      ansible_host: frederica.dmz.mateu.be
    baybay-ponay:
      ansible_host: baybay-ponay.mateu.be
    muse-HP-EliteBook-820-G2:
      ansible_host: muse-HP-EliteBook-820-G2.home.arpa
    pinkypie:
      ansible_host: pinkypie.home.arpa
 router:
  hosts:
    machinbox:
 physicalservers:
  hosts:
    frederica:
    serenor:
 hypervisors:
  children:
    proxmox_nodes:
 nasservers:
  hosts:
    frederica:
 zfsservers:
  hosts:
    serenor:
    frederica:
 garageservers:
  children:
    garage_prd_cluster:
    garage_bck_cluster:
      hosts:
        frederica:
 nut:
  children:
    nut_client:
      hosts:
        serenor:
        frederica:
    nut_server:
      hosts:
        serenor:
 disabled_loadbalanced_webservers:
  hosts:
 disabled_system:
  hosts:
    baybay-ponay:
    machinbox:
    muse-HP-EliteBook-820-G2:
    pinkypie:
 disabled_munin:
  hosts:
    baybay-ponay:
    muse-HP-EliteBook-820-G2:
    pinkypie:
 disabled_syslog:
  hosts:
    baybay-ponay:
    machinbox:
    muse-HP-EliteBook-820-G2:
    pinkypie:
 # Those are not servers and should not be configured as such
 disabled_server_conf:
  hosts:
    baybay-ponay:
    muse-HP-EliteBook-820-G2:
    pinkypie:
--- a/playbooks/bittorrent.yml
+++ b/playbooks/bittorrent.yml
@@ -1,7 +1,7 @@
 ---
 - name: Deploy transmission
-  hosts: transmission
+  hosts: btservers
  diff: true
  roles:
    - transmission
--- a/playbooks/firewall.yml
+++ b/playbooks/firewall.yml
@@ -1,7 +1,7 @@
 ---
 - name: Retrieve network info
-  hosts: all:!disabled_server_conf:!machinbox.mateu.be
+  hosts: all:!disabled_server_conf:!machinbox
  gather_facts: true
  gather_subset:
    - network
--- a/playbooks/loadbalancinghttp.yml
+++ b/playbooks/loadbalancinghttp.yml
@@ -8,7 +8,7 @@
  tasks: []
 - name: Deploy haproxy
-  hosts: loadbalancers
+  hosts: lbservers
  diff: true
  roles:
    - haproxy
--- a/playbooks/smtprelay.yml
+++ b/playbooks/smtprelay.yml
@@ -1,7 +1,7 @@
 ---
 - name: Deploy smtp relay
-  hosts: all:!disabled_server_conf:!machinbox.mateu.be:!mail.dmz.mateu.be
+  hosts: all:!disabled_server_conf:!machinbox:!mail
  diff: true
  roles:
    - smtprelay
--- a/playbooks/webapps.yml
+++ b/playbooks/webapps.yml
@@ -1,7 +1,7 @@
 ---
 - name: Install libertus webapplications
-  hosts: web1.dmz.mateu.be
+  hosts: web1
  diff: true
  roles:
    - role: bac
@@ -20,7 +20,7 @@
      tags: [never, nextcloud]
 - name: Install dojo webapplications
-  hosts: web2.dmz.mateu.be
+  hosts: web2
  diff: true
  roles:
    - wordpress
--- a/playbooks/webservers.yml
+++ b/playbooks/webservers.yml
@@ -1,7 +1,7 @@
 ---
 - name: Retrieve network info
-  hosts: loadbalancers
+  hosts: lbservers
  gather_facts: true
  gather_subset:
    - network
--- a/roles/munin_client/tasks/main.yml
+++ b/roles/munin_client/tasks/main.yml
@@ -41,7 +41,7 @@
    update_cache: true
  notify:
    - Restart munin-node
-  when: "'webservers' in group_names or 'loadbalancers' in group_names"
+  when: "'webservers' in group_names or 'lbservers' in group_names"
 # for HAProxy servers
 - name: Add haproxy backend module
@@ -51,7 +51,7 @@
    state: link
  notify:
    - Restart munin-node
-  when: "'loadbalancers' in group_names"
+  when: "'lbservers' in group_names"
 # For MariaDB servers
 - name: Install MariaDB servers
--- a/roles/munin_client/templates/munin-node.conf.j2
+++ b/roles/munin_client/templates/munin-node.conf.j2
@@ -34,7 +34,7 @@ ignore_file \.pod$
 # Set this if the client doesn't report the correct hostname when
 # telnetting to localhost, port 4949
 #
-host_name {{ inventory_hostname }}
+host_name {{ ansible_host }}
 # A list of addresses that are allowed to connect.  This must be a
 # regular expression, since Net::Server does not understand CIDR-style
--- a/roles/restic/vars/main.yml
+++ b/roles/restic/vars/main.yml
@@ -6,4 +6,4 @@ restic_architecture: "amd64"
 restic_system: "{{ ansible_facts['system'] | lower }}"
 restic_download_url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_{{ restic_system }}_{{ restic_architecture }}.bz2"
-restic_repository: "{{ restic_s3_url }}/{{ inventory_hostname }}"
+restic_repository: "{{ restic_s3_url }}/{{ ansible_host }}"