gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '858757162f'
${ noResults }
hetzner-ansible/group_vars/all/plain.yml

223 lines
5.9 KiB
YAML
Raw Blame History

---
ansible_ssh_host: "{{ stage_server_domain }}"
ssh_macs:
- umac-128-etm@openssh.com
- hmac-sha2-256-etm@openssh.com
- hmac-sha2-512-etm@openssh.com
ssh_host_key_algorithms:
- rsa-sha2-512
- rsa-sha2-256
- ssh-ed25519
ssh_kex:
- curve25519-sha256
- curve25519-sha256@libssh.org
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group16-sha512
- diffie-hellman-group18-sha512
- diffie-hellman-group14-sha256
ssh_ciphers:
- chacha20-poly1305@openssh.com
- aes128-ctr
- aes192-ctr
- aes256-ctr
- aes128-gcm@openssh.com
- aes256-gcm@openssh.com
ssh_permit_root_login: "yes"
debug: false
docker_enabled: true
docker_config_enabled: true
traefik_enabled: true
filebeat_enabled: true
metricbeat_enabled: false
node_exporter_enabled: true
common_apt_dependencies:
- jq
- vim
# TODO Check if we really want this
- zip
- curl
- htop
- iotop
- net-tools
- bash-completion
- python3-pip
common_pip_dependencies:
- passlib
- pyOpenSSL>=23.0
- docker-compose
- requests==2.28
use_ssl: true
http_s: "http{{ use_ssl | ternary('s', '', omit) }}"
stage_server_domain: "{{ inventory_hostname }}.{{ domain }}"
stage_server_url: "{{ http_s }}://{{ stage_server_domain }}"
stage_kube_load_balancer: "{{ stage_kube }}-ingress"
hetzner_server_type: cx11
hetzner_server_image: ubuntu-20.04
hetzner_location: nbg1
hetzner_load_balancer_type: lb11
gitlab_ansible_user_name: "gitlabci"
backupuser_user_name: backupuser
# used for root-access by hetzner on server creation
# all ssh keys have to be available to hetzner cloud
# (@see cloud console / security / ssh-keys) (web ui)
default_hetzner_ssh_keys:
- "claus.paetow@netgo.de"
- "sven.ketelsen@netgo.de"
- "michael.haehnel@netgo.de"
- "hoan.to@netgo.de"
- "hendrik.kiedrowski@netgo.de"
- "{{ awx_ansible_user_name }}@netgo.de"
- "{{ gitlab_ansible_user_name }}@git.dev-at.de"
hetzner_ssh_keys: "{{
default_hetzner_ssh_keys
+ (custom_stage_hetzner_ssh_keys | default([]))
}}"
hetzner_server_labels: "stage={{ stage }} service=none"
admin_user: "root"
sudo_groups:
[
{ id: "CentOS", sudo_group: "wheel" },
{ id: "RedHat", sudo_group: "wheel" },
{ id: "Ubuntu", sudo_group: "sudo" },
]
sudo_group: "{{ sudo_groups
| selectattr('id', 'match', '' + ansible_distribution + '')
| map(attribute='sudo_group')
| list
| first
| replace('.', '-') }}"
# whitelist for outdated user detection - they wont't be deleted at all
default_users:
- "nobody"
- "elastic"
- "postgres"
- "backuphamster"
- "administrator"
- "{{ admin_user }}"
default_platform_users:
- "claus.paetow"
- "sven.ketelsen"
- "michael.haehnel"
- "hoan.to"
- "hendrik.kiedrowski"
- "{{ awx_ansible_user_name }}"
- "{{ gitlab_ansible_user_name }}"
smardigo_platform_users: "{{
default_platform_users
+ (custom_platform_users | default([]))
+ (custom_stage_platform_users | default([]))
}}"
ip_whitelist_netgo:
- "212.121.131.106/32" # netgo berlin
- "149.233.6.129/32" # netgo e-shelter
- "46.245.219.98/32" # netgo borken
- "164.138.195.162/32" # netgo Aachen
ip_whitelist: "{{ ip_whitelist_netgo + [shared_service_network] + [(shared_service_vpn_ip) | default('')] | select() }}"
offsite_storage_server_ip: 142.132.155.83/32
docker_owner: "{{ admin_user }}"
docker_group: "{{ admin_user }}"
docker_users: "{{ smardigo_platform_users }}"
docker_compose_path: "/usr/bin/docker-compose"
service_base_path: "/etc/smardigo"
devops_email_address: "nso.devops@netgo.de"
gitea_admin_email: "{{ devops_email_address }}"
lets_encrypt_email: "{{ devops_email_address }}"
connect_admin_email: "{{ devops_email_address }}"
keycloak_admin_email: "{{ devops_email_address }}"
pgadmin4_admin_email: "{{ devops_email_address }}"
grafana_admin_email: "{{ devops_email_address }}"
grafana_smardigo_email: "{{ devops_email_address }}"
harbor_oidc_admin_email: "{{ devops_email_address }}"
argocd_admin_email: "{{ devops_email_address }}"
http_port: "80"
https_port: "443"
service_port: "8080"
management_port: "8081"
service_port_mssql: "1433"
service_port_git: "2222"
service_port_mysql: "3306"
service_port_logstash: "5044"
service_port_postgres: "5432"
service_port_kibana: "5601"
service_port_cadvisor: "8080"
service_port_keycloak: "8080"
service_port_iam: "8082"
service_port_sonarqube: "9000"
service_port_pgadmin: "9001"
service_port_phpmyadmin: "9002"
service_port_node_exporter: "9100"
service_port_elasticsearch: "9200"
service_port_wireguard: "51820"
monitor_port_system: "9082"
monitor_port_docker: "9083"
monitor_port_elastic: "9084"
monitor_port_harbor: "9085"
monitor_port_maria: "9086"
monitor_port_postgres: "9087"
admin_port_service: "9081"
admin_port_traefik: "9080"
filebeat_certificate: "{{ stage }}-elastic-stack-filebeat"
logstash_certificate: "{{ stage }}-elastic-stack-logstash-01"
backup_directory: "/backups"
get_current_date: "{{ lookup('pipe', 'date +%Y-%m-%d') }}"
get_current_date_time: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}"
hetzner_authentication_ansible: "{{ hetzner_authentication_ansible_vault }}"
hetzner_authentication_ccm: "{{ hetzner_authentication_ccm_vault }}"
hetzner_authentication_csi: "{{ hetzner_authentication_csi_vault }}"
k8s_basic_services:
- kubelet
- containerd
selfsigned_ca_private_key_passphrase: "{{ selfsigned_ca_private_key_passphrase_vault }}"
# hetzner upstream DNSservers
upstream_dns_servers:
- 185.12.64.1
- 185.12.64.2
keycloak_admin_username: "keycloak-admin"
keycloak_admin_password: "{{ keycloak_admin_password_vault }}"
# Note: all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
traefik_admin_username: "traefik-admin"
traefik_admin_password_htpasswd: "{{ traefik_admin_password_htpasswd_vault }}"
mysql_root_username: "{{ mysql_root_username_vault }}"
mysql_root_password: "{{ mysql_root_password_vault }}"
lvm_volume_encryption: false
Reference in New Issue View Git Blame Copy Permalink