diff --git a/inventory/host_vars/baybay-ponay.mateu.be.yml b/inventory/host_vars/baybay-ponay.yml similarity index 100% rename from inventory/host_vars/baybay-ponay.mateu.be.yml rename to inventory/host_vars/baybay-ponay.yml diff --git a/inventory/host_vars/bt.dmz.mateu.be.yml b/inventory/host_vars/bt.yml similarity index 100% rename from inventory/host_vars/bt.dmz.mateu.be.yml rename to inventory/host_vars/bt.yml diff --git a/inventory/host_vars/frederica.dmz.mateu.be.yml b/inventory/host_vars/frederica.yml similarity index 100% rename from inventory/host_vars/frederica.dmz.mateu.be.yml rename to inventory/host_vars/frederica.yml diff --git a/inventory/host_vars/garage1.dmz.mateu.be.yml b/inventory/host_vars/garage1.yml similarity index 100% rename from inventory/host_vars/garage1.dmz.mateu.be.yml rename to inventory/host_vars/garage1.yml diff --git a/inventory/host_vars/git1.dmz.mateu.be.yml b/inventory/host_vars/git1.yml similarity index 100% rename from inventory/host_vars/git1.dmz.mateu.be.yml rename to inventory/host_vars/git1.yml diff --git a/inventory/host_vars/jabber.dmz.mateu.be.yml b/inventory/host_vars/jabber.yml similarity index 100% rename from inventory/host_vars/jabber.dmz.mateu.be.yml rename to inventory/host_vars/jabber.yml diff --git a/inventory/host_vars/mail.dmz.mateu.be.yml b/inventory/host_vars/mail.yml similarity index 100% rename from inventory/host_vars/mail.dmz.mateu.be.yml rename to inventory/host_vars/mail.yml diff --git a/inventory/host_vars/masto1.dmz.mateu.be.yml b/inventory/host_vars/masto1.yml similarity index 100% rename from inventory/host_vars/masto1.dmz.mateu.be.yml rename to inventory/host_vars/masto1.yml diff --git a/inventory/host_vars/munin.dmz.mateu.be.yml b/inventory/host_vars/munin.yml similarity index 100% rename from inventory/host_vars/munin.dmz.mateu.be.yml rename to inventory/host_vars/munin.yml diff --git a/inventory/host_vars/muse-HP-EliteBook-820-G2.home.arpa.yml b/inventory/host_vars/muse-HP-EliteBook-820-G2.yml similarity index 100% rename from inventory/host_vars/muse-HP-EliteBook-820-G2.home.arpa.yml rename to inventory/host_vars/muse-HP-EliteBook-820-G2.yml diff --git a/inventory/host_vars/pinkypie.home.arpa.yml b/inventory/host_vars/pinkypie.yml similarity index 100% rename from inventory/host_vars/pinkypie.home.arpa.yml rename to inventory/host_vars/pinkypie.yml diff --git a/inventory/host_vars/pt1.dmz.mateu.be.yml b/inventory/host_vars/pt1.yml similarity index 100% rename from inventory/host_vars/pt1.dmz.mateu.be.yml rename to inventory/host_vars/pt1.yml diff --git a/inventory/host_vars/vlt1.dmz.mateu.be.yml b/inventory/host_vars/vlt1.yml similarity index 100% rename from inventory/host_vars/vlt1.dmz.mateu.be.yml rename to inventory/host_vars/vlt1.yml diff --git a/inventory/host_vars/voice1.dmz.mateu.be.yml b/inventory/host_vars/voice1.yml similarity index 100% rename from inventory/host_vars/voice1.dmz.mateu.be.yml rename to inventory/host_vars/voice1.yml diff --git a/inventory/host_vars/voice3.dmz.mateu.be.yml b/inventory/host_vars/voice3.yml similarity index 100% rename from inventory/host_vars/voice3.dmz.mateu.be.yml rename to inventory/host_vars/voice3.yml diff --git a/inventory/host_vars/web1.dmz.mateu.be.yml b/inventory/host_vars/web1.yml similarity index 100% rename from inventory/host_vars/web1.dmz.mateu.be.yml rename to inventory/host_vars/web1.yml diff --git a/inventory/host_vars/web2.dmz.mateu.be.yml b/inventory/host_vars/web2.yml similarity index 100% rename from inventory/host_vars/web2.dmz.mateu.be.yml rename to inventory/host_vars/web2.yml diff --git a/inventory/host_vars/web3.dmz.mateu.be.yml b/inventory/host_vars/web3.yml similarity index 100% rename from inventory/host_vars/web3.dmz.mateu.be.yml rename to inventory/host_vars/web3.yml diff --git a/inventory/production.yml b/inventory/production.yml deleted file mode 100644 index ac01db3..0000000 --- a/inventory/production.yml +++ /dev/null @@ -1,190 +0,0 @@ ---- -router: - hosts: - machinbox.mateu.be: - -physicalservers: - hosts: - frederica.dmz.mateu.be: - serenor.dmz.mateu.be: - -hypervisors: - hosts: - serenor.dmz.mateu.be: - -nasservers: - hosts: - frederica.dmz.mateu.be: - -zfsservers: - hosts: - serenor.dmz.mateu.be: - frederica.dmz.mateu.be: - -resticservers: - hosts: - baybay-ponay.mateu.be: - bt.dmz.mateu.be: - es1.dmz.mateu.be: - frederica.dmz.mateu.be: - garage1.dmz.mateu.be: - git1.dmz.mateu.be: - jabber.dmz.mateu.be: - mail.dmz.mateu.be: - masto1.dmz.mateu.be: - muse-HP-EliteBook-820-G2.home.arpa: - pinkypie.home.arpa: - pt1.dmz.mateu.be: - voice1.dmz.mateu.be: - vlt1.dmz.mateu.be: - web[1:3].dmz.mateu.be: - -garageservers: - children: - garage_prd_cluster: - hosts: - garage1.dmz.mateu.be: - garage_bck_cluster: - hosts: - frederica.dmz.mateu.be: - -elasticsearchservers: - hosts: - es1.dmz.mateu.be: - -nut: - children: - nut_client: - hosts: - serenor.dmz.mateu.be: - frederica.dmz.mateu.be: - nut_server: - hosts: - serenor.dmz.mateu.be: - -webservers: - hosts: - bt.dmz.mateu.be: - garage1.dmz.mateu.be: - git1.dmz.mateu.be: - jabber.dmz.mateu.be: - mail.dmz.mateu.be: - masto1.dmz.mateu.be: - pt1.dmz.mateu.be: - voice3.dmz.mateu.be: - munin.dmz.mateu.be: - vlt1.dmz.mateu.be: - web[1:3].dmz.mateu.be: - -peertubeservers: - hosts: - pt1.dmz.mateu.be: - -phpservers: - hosts: - web[1:3].dmz.mateu.be: - -mariadbservers: - hosts: - web[2:3].dmz.mateu.be: - -pgsqlservers: - hosts: - masto1.dmz.mateu.be: - pt1.dmz.mateu.be: - web1.dmz.mateu.be: - git1.dmz.mateu.be: - -giteaservers: - hosts: - git1.dmz.mateu.be: - -actrunnerservers: - hosts: - git1.dmz.mateu.be: - -mastodonservers: - hosts: - masto1.dmz.mateu.be: - -rorservers: - hosts: - masto1.dmz.mateu.be: - -mailservers: - hosts: - mail.dmz.mateu.be: - -xmppservers: - hosts: - jabber.dmz.mateu.be: - -loadbalancers: - hosts: - haproxy.dmz.mateu.be: - -transmission: - hosts: - bt.dmz.mateu.be: - -mumbleservers: - hosts: - voice1.dmz.mateu.be: - -icecastservers: - hosts: - voice3.dmz.mateu.be: - -rsyslogservers: - hosts: - syslog.dmz.mateu.be: - -vaultservers: - hosts: - vlt1.dmz.mateu.be: - -muninservers: - hosts: - munin.dmz.mateu.be: - -disabled_loadbalanced_webservers: - hosts: - -disabled_system: - hosts: - baybay-ponay.mateu.be: - machinbox.mateu.be: - muse-HP-EliteBook-820-G2.home.arpa: - pinkypie.home.arpa: - -disabled_munin: - hosts: - baybay-ponay.mateu.be: - muse-HP-EliteBook-820-G2.home.arpa: - pinkypie.home.arpa: - -disabled_syslog: - hosts: - baybay-ponay.mateu.be: - machinbox.mateu.be: - muse-HP-EliteBook-820-G2.home.arpa: - pinkypie.home.arpa: - -# Those are not servers and should not be configured as such -disabled_server_conf: - hosts: - baybay-ponay.mateu.be: - muse-HP-EliteBook-820-G2.home.arpa: - pinkypie.home.arpa: - -ftpservers: - hosts: - ftp.dmz.mateu.be: - -domservers: - hosts: - dom.dmz.mateu.be: - -unifiservers: - hosts: - unifi.dmz.mateu.be: diff --git a/inventory/proxmox.yml b/inventory/proxmox.yml new file mode 100644 index 0000000..6b87ce0 --- /dev/null +++ b/inventory/proxmox.yml @@ -0,0 +1,28 @@ +--- + +plugin: community.general.proxmox +url: https://serenor.dmz.mateu.be:8006 +user: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32383264316162623632343363653539363432386663393431643463313038373736353332306636 + 3032376462316331333337313136653137323436396536380a633038323762303461626332346632 + 38643362643638333339626232386465626161303336613139646364356661383430316436636639 + 6130383863636331610a666662643565393664613533366237646539663230313631623431643261 + 3238 +password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30343833663162373334373732653433373866376635396633356637656235373233613531376433 + 3033353465313336356562336137623836356163666334650a306131393434656130383239353765 + 38656165633861623863363966383435633331666565616464396336653161626136356130623539 + 3061636531363338380a313265653134333264303730323464306565393838363630626266376237 + 30363735303434323062636437663761346534666266353334396531303561346165 +validate_certs: false +want_facts: true +want_proxmox_nodes_ansible_host: false + +keyed_groups: + - key: proxmox_tags_parsed + separator: "" + +compose: + ansible_host: proxmox_hostname ~ '.dmz.mateu.be' diff --git a/inventory/static.yml b/inventory/static.yml new file mode 100644 index 0000000..73b9fc3 --- /dev/null +++ b/inventory/static.yml @@ -0,0 +1,92 @@ +--- + +all: + hosts: + machinbox: + ansible_host: machinbox.mateu.be + serenor: + ansible_host: serenor.dmz.mateu.be + frederica: + ansible_host: frederica.dmz.mateu.be + baybay-ponay: + ansible_host: baybay-ponay.mateu.be + muse-HP-EliteBook-820-G2: + ansible_host: muse-HP-EliteBook-820-G2.home.arpa + pinkypie: + ansible_host: pinkypie.home.arpa + +router: + hosts: + machinbox: + +physicalservers: + hosts: + frederica: + serenor: + +hypervisors: + children: + proxmox_nodes: + +nasservers: + hosts: + frederica: + +zfsservers: + hosts: + serenor: + frederica: + +garageservers: + children: + garage_prd_cluster: + garage_bck_cluster: + hosts: + frederica: + +nut: + children: + nut_client: + hosts: + serenor: + frederica: + nut_server: + hosts: + serenor: + +resticservers: + hosts: + frederica: + baybay-ponay: + muse-HP-EliteBook-820-G2: + pinkypie: + +disabled_loadbalanced_webservers: + hosts: + +disabled_system: + hosts: + baybay-ponay: + machinbox: + muse-HP-EliteBook-820-G2: + pinkypie: + +disabled_munin: + hosts: + baybay-ponay: + muse-HP-EliteBook-820-G2: + pinkypie: + +disabled_syslog: + hosts: + baybay-ponay: + machinbox: + muse-HP-EliteBook-820-G2: + pinkypie: + +# Those are not servers and should not be configured as such +disabled_server_conf: + hosts: + baybay-ponay: + muse-HP-EliteBook-820-G2: + pinkypie: diff --git a/playbooks/bittorrent.yml b/playbooks/bittorrent.yml index f483c60..f1412fd 100644 --- a/playbooks/bittorrent.yml +++ b/playbooks/bittorrent.yml @@ -1,7 +1,7 @@ --- - name: Deploy transmission - hosts: transmission + hosts: btservers diff: true roles: - transmission diff --git a/playbooks/firewall.yml b/playbooks/firewall.yml index 24c9ae1..4053913 100644 --- a/playbooks/firewall.yml +++ b/playbooks/firewall.yml @@ -1,7 +1,7 @@ --- - name: Retrieve network info - hosts: all:!disabled_server_conf:!machinbox.mateu.be + hosts: all:!disabled_server_conf:!machinbox gather_facts: true gather_subset: - network diff --git a/playbooks/loadbalancinghttp.yml b/playbooks/loadbalancinghttp.yml index 928027b..fba04f5 100644 --- a/playbooks/loadbalancinghttp.yml +++ b/playbooks/loadbalancinghttp.yml @@ -8,7 +8,7 @@ tasks: [] - name: Deploy haproxy - hosts: loadbalancers + hosts: lbservers diff: true roles: - haproxy diff --git a/playbooks/smtprelay.yml b/playbooks/smtprelay.yml index 9f57525..180b824 100644 --- a/playbooks/smtprelay.yml +++ b/playbooks/smtprelay.yml @@ -1,7 +1,7 @@ --- - name: Deploy smtp relay - hosts: all:!disabled_server_conf:!machinbox.mateu.be:!mail.dmz.mateu.be + hosts: all:!disabled_server_conf:!machinbox:!mail diff: true roles: - smtprelay diff --git a/playbooks/webapps.yml b/playbooks/webapps.yml index b0d835b..f5dd7ac 100644 --- a/playbooks/webapps.yml +++ b/playbooks/webapps.yml @@ -1,7 +1,7 @@ --- - name: Install libertus webapplications - hosts: web1.dmz.mateu.be + hosts: web1 diff: true roles: - role: bac @@ -20,7 +20,7 @@ tags: [never, nextcloud] - name: Install dojo webapplications - hosts: web2.dmz.mateu.be + hosts: web2 diff: true roles: - wordpress diff --git a/playbooks/webservers.yml b/playbooks/webservers.yml index 543c507..97bac14 100644 --- a/playbooks/webservers.yml +++ b/playbooks/webservers.yml @@ -1,7 +1,7 @@ --- - name: Retrieve network info - hosts: loadbalancers + hosts: lbservers gather_facts: true gather_subset: - network diff --git a/roles/firewall/templates/firewall.j2 b/roles/firewall/templates/firewall.j2 index f8719c0..d0fbb7a 100644 --- a/roles/firewall/templates/firewall.j2 +++ b/roles/firewall/templates/firewall.j2 @@ -120,7 +120,7 @@ config rule config rule option name 'Allow-DMZ-Syslog' option dest 'dmz' - option dest_ip '{{ hostvars['syslog.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['syslog']['ansible_default_ipv4']['address'] }}' option dest_port '514' list proto 'udp' option target 'ACCEPT' @@ -173,7 +173,7 @@ config redirect list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['haproxy.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['haproxy']['ansible_default_ipv4']['address'] }}' option dest_port '80' option target 'DNAT' @@ -184,14 +184,14 @@ config redirect list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['haproxy.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['haproxy']['ansible_default_ipv4']['address'] }}' option dest_port '443' option target 'DNAT' # Allow Web traffic IN -{% for host in groups['webservers'] %} +{% for host in groups['webservers'] | sort %} config rule - option name 'Allow-INPUT-{{ host }}-Web' + option name 'Allow-INPUT-{{ hostvars[host]['ansible_host'] }}-Web' option src 'wan' list proto 'tcp' list proto 'udp' @@ -207,7 +207,7 @@ config rule config rule option name 'Allow-OUTPUT-BT' option src 'dmz' - option src_ip '{{ hostvars['bt.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option src_ip '{{ hostvars['bt']['ansible_default_ipv4']['address'] }}' list proto 'tcp' list proto 'udp' option dest 'wan' @@ -217,7 +217,7 @@ config rule config rule option name 'Allow-OUTPUT-BT' option src 'dmz' - option src_ip '{{ hostvars['bt.dmz.mateu.be']['ansible_default_ipv6']['address'] }}' + option src_ip '{{ hostvars['bt']['ansible_default_ipv6']['address'] }}' list proto 'tcp' list proto 'udp' option dest 'wan' @@ -230,7 +230,7 @@ config rule list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['bt.dmz.mateu.be']['ansible_default_ipv6']['address'] }}' + option dest_ip '{{ hostvars['bt']['ansible_default_ipv6']['address'] }}' option dest_port '10010' option target 'ACCEPT' option family 'ipv6' @@ -242,7 +242,7 @@ config redirect list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['bt.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['bt']['ansible_default_ipv4']['address'] }}' option dest_port '10010' option target 'DNAT' @@ -275,7 +275,7 @@ config redirect config rule option name 'Allow-OUTPUT-XMPP-s2s' option src 'dmz' - option src_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv4']['address']}}' + option src_ip '{{ hostvars['jabber']['ansible_default_ipv4']['address']}}' list proto 'tcp' list proto 'udp' option dest 'wan' @@ -286,7 +286,7 @@ config rule config rule option name 'Allow-OUTPUT-XMPP-s2s' option src 'dmz' - option src_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv6']['address'] }}' + option src_ip '{{ hostvars['jabber']['ansible_default_ipv6']['address'] }}' list proto 'tcp' list proto 'udp' option dest 'wan' @@ -301,7 +301,7 @@ config redirect list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['jabber']['ansible_default_ipv4']['address'] }}' option dest_port '5222' option target 'DNAT' @@ -312,7 +312,7 @@ config redirect list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['jabber']['ansible_default_ipv4']['address'] }}' option dest_port '5269' option target 'DNAT' @@ -322,7 +322,7 @@ config rule list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv6']['address'] }}' + option dest_ip '{{ hostvars['jabber']['ansible_default_ipv6']['address'] }}' option dest_port '5222 5269' option target 'ACCEPT' option family 'ipv6' @@ -334,7 +334,7 @@ config rule list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['voice1.dmz.mateu.be']['ansible_default_ipv6']['address'] }}' + option dest_ip '{{ hostvars['voice1']['ansible_default_ipv6']['address'] }}' option dest_port '64738' option target 'ACCEPT' option family 'ipv6' @@ -346,7 +346,7 @@ config redirect list proto 'tcp' list proto 'udp' option dest 'dmz' - option dest_ip '{{ hostvars['voice1.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['voice1']['ansible_default_ipv4']['address'] }}' option dest_port '64738' option target 'DNAT' @@ -354,7 +354,7 @@ config redirect config rule option name 'Allow-OUTPUT-SMTP' option src 'dmz' - option src_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option src_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}' list proto 'tcp' option dest 'wan' option dest_port '25' @@ -366,7 +366,7 @@ config rule option src 'wan' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv6']['address'] }}' + option dest_ip '{{ hostvars['mail']['ansible_default_ipv6']['address'] }}' option dest_port '25 465 587' option target 'ACCEPT' option family 'ipv6' @@ -376,7 +376,7 @@ config rule option src 'wan' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv6']['address'] }}' + option dest_ip '{{ hostvars['mail']['ansible_default_ipv6']['address'] }}' option dest_port '143 993' option target 'ACCEPT' option family 'ipv6' @@ -387,7 +387,7 @@ config redirect option src_dport '25' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}' option dest_port '25' option target 'DNAT' @@ -397,7 +397,7 @@ config redirect option src_dport '465' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}' option dest_port '465' option target 'DNAT' @@ -407,7 +407,7 @@ config redirect option src_dport '587' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}' option dest_port '587' option target 'DNAT' @@ -417,7 +417,7 @@ config redirect option src_dport '143' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}' option dest_port '143' option target 'DNAT' @@ -427,7 +427,7 @@ config redirect option src_dport '993' list proto 'tcp' option dest 'lan' - option dest_ip '{{ hostvars['mail.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}' option dest_port '993' option target 'DNAT' @@ -435,7 +435,7 @@ config redirect config rule option name 'Allow-INPUT-Munin' option src 'dmz' - option src_ip '{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option src_ip '{{ hostvars['munin']['ansible_default_ipv4']['address'] }}' list proto 'tcp' option dest_port '4949' option target 'ACCEPT' @@ -444,7 +444,7 @@ config rule config rule option name 'Allow-FORWARD-Munin-Mikrotik-Garregmach' option src 'dmz' - option src_ip '{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option src_ip '{{ hostvars['munin']['ansible_default_ipv4']['address'] }}' list proto 'tcp' list proto 'udp' option dest 'lan' @@ -456,7 +456,7 @@ config rule config rule option name 'Allow-FORWARD-Munin-Mikrotik-Derdriu' option src 'dmz' - option src_ip '{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option src_ip '{{ hostvars['munin']['ansible_default_ipv4']['address'] }}' list proto 'tcp' list proto 'udp' option dest 'lan' @@ -530,7 +530,7 @@ config rule option src 'iot' list proto 'tcp' option dest 'dmz' - option dest_ip '{{ hostvars['ftp.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + option dest_ip '{{ hostvars['ftp']['ansible_default_ipv4']['address'] }}' option dest_port '21 10100-10110' option target 'ACCEPT' diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2 index 8d25947..855282e 100644 --- a/roles/haproxy/templates/haproxy.cfg.j2 +++ b/roles/haproxy/templates/haproxy.cfg.j2 @@ -45,7 +45,7 @@ frontend http {% for hostname in hostvars[server]['web_hostname'] | sort(attribute='host') %} ## {{ hostname.host }} configuration acl host_{{ hostname.host }} hdr(host) -i {{ hostname.host }} - use_backend http_{{ server }} if letsencrypt host_{{ hostname.host }} + use_backend http_{{ hostvars[server].ansible_host }} if letsencrypt host_{{ hostname.host }} {% endfor %} {% endfor %} @@ -64,21 +64,21 @@ frontend https acl network_allowed_{{ hostname.host }} src {% for addrv4 in hostname.allowlistv4 %}{{ addrv4 }}{% endfor %} {% endif %} - use_backend https_{{ server }} if host_{{ hostname.host }}{% if hostname.allowlistv4 is defined %} network_allowed_{{ hostname.host }}{% endif %} + use_backend https_{{ hostvars[server].ansible_host }} if host_{{ hostname.host }}{% if hostname.allowlistv4 is defined %} network_allowed_{{ hostname.host }}{% endif %} {% endfor %} {% endfor %} {% for server in groups['webservers'] | difference(groups['disabled_loadbalanced_webservers']) | sort %} -## {{ server }} configuration -backend http_{{ server }} +## {{ hostvars[server].ansible_host }} configuration +backend http_{{ hostvars[server].ansible_host }} mode http - server host_{{ server.split('.')|join('_') }} {{ hostvars[server]['ansible_default_ipv4']['address'] }}:80 + server host_{{ hostvars[server].ansible_host.split('.')|join('_') }} {{ hostvars[server]['ansible_default_ipv4']['address'] }}:80 -backend https_{{ server }} +backend https_{{ hostvars[server].ansible_host }} mode tcp - server host_{{ server.split('.')|join('_') }} {{ hostvars[server]['ansible_default_ipv4']['address'] }}:443 + server host_{{ hostvars[server].ansible_host.split('.')|join('_') }} {{ hostvars[server]['ansible_default_ipv4']['address'] }}:443 {% endfor %} diff --git a/roles/munin_client/tasks/main.yml b/roles/munin_client/tasks/main.yml index af61997..547fb01 100644 --- a/roles/munin_client/tasks/main.yml +++ b/roles/munin_client/tasks/main.yml @@ -41,7 +41,7 @@ update_cache: true notify: - Restart munin-node - when: "'webservers' in group_names or 'loadbalancers' in group_names" + when: "'webservers' in group_names or 'lbservers' in group_names" # for HAProxy servers - name: Add haproxy backend module @@ -51,7 +51,7 @@ state: link notify: - Restart munin-node - when: "'loadbalancers' in group_names" + when: "'lbservers' in group_names" # For MariaDB servers - name: Install MariaDB servers diff --git a/roles/munin_client/templates/munin-node.conf.j2 b/roles/munin_client/templates/munin-node.conf.j2 index e715b7e..d677a8a 100644 --- a/roles/munin_client/templates/munin-node.conf.j2 +++ b/roles/munin_client/templates/munin-node.conf.j2 @@ -34,14 +34,14 @@ ignore_file \.pod$ # Set this if the client doesn't report the correct hostname when # telnetting to localhost, port 4949 # -host_name {{ inventory_hostname }} +host_name {{ ansible_host }} # A list of addresses that are allowed to connect. This must be a # regular expression, since Net::Server does not understand CIDR-style # network notation unless the perl module Net::CIDR is installed. You # may repeat the allow line as many times as you'd like -allow ^{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'].split('.')|join('\.') }} +allow ^{{ hostvars['munin']['ansible_default_ipv4']['address'].split('.')|join('\.') }} allow ^127\.0\.0\.1$ allow ^::1$ diff --git a/roles/munin_server/templates/munin.conf.j2 b/roles/munin_server/templates/munin.conf.j2 index 543427c..79298d3 100644 --- a/roles/munin_server/templates/munin.conf.j2 +++ b/roles/munin_server/templates/munin.conf.j2 @@ -97,7 +97,7 @@ includedir /etc/munin/munin-conf.d # a simple host tree {% for host in groups['all'] | difference(groups['disabled_munin']) | sort %} -[{{ host }}] +[{{ hostvars[host].ansible_host }}] address {{ hostvars[host]['ansible_default_ipv4']['address'] }} {% endfor %} diff --git a/roles/nginx/templates/header.conf.j2 b/roles/nginx/templates/header.conf.j2 index 257337d..aac21c2 100644 --- a/roles/nginx/templates/header.conf.j2 +++ b/roles/nginx/templates/header.conf.j2 @@ -9,7 +9,7 @@ error_log /var/log/nginx/{{ item.host }}.error.log; error_log syslog:server=unix:/dev/log; {% if item.allowlistv4 is defined %} - allow {{ hostvars['haproxy.dmz.mateu.be'].ansible_default_ipv4.address }}; + allow {{ hostvars['haproxy']['ansible_default_ipv4']['address'] }}; {% endif %} {% if item.allowlistv6 is defined %} {% for addrv6 in item.allowlistv6 %} diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml index 1d5cca9..78b7e2b 100644 --- a/roles/nodejs/tasks/main.yml +++ b/roles/nodejs/tasks/main.yml @@ -26,5 +26,5 @@ - name: Install nodejs ansible.builtin.package: name: nodejs - state: latest + state: present update_cache: true diff --git a/roles/restic/vars/main.yml b/roles/restic/vars/main.yml index 7421b4e..91162e0 100644 --- a/roles/restic/vars/main.yml +++ b/roles/restic/vars/main.yml @@ -6,4 +6,4 @@ restic_architecture: "amd64" restic_system: "{{ ansible_facts['system'] | lower }}" restic_download_url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_{{ restic_system }}_{{ restic_architecture }}.bz2" -restic_repository: "{{ restic_s3_url }}/{{ inventory_hostname }}" +restic_repository: "{{ restic_s3_url }}/{{ ansible_host }}"