crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity
ansible/host_vars/sputnik.adm.crans.org.yml

125 lines
3.4 KiB
YAML
Raw Blame History

---
debian_mirror: http://deb.debian.org/debian
postfix:
primary: false
secondary: true
public: true
dkim: true
titanic: false
loc_wireguard:
tunnels:
- name: "sputnik"
addresses:
- "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}/24"
- "{{ query('ldap', 'ip6', 'sputnik', 'adm') }}/64"
listen_port: 51820
private_key: "{{ vault.wireguard.sputnik.privkey }}"
peers:
- public_key: "{{ vault.wireguard.boeing.sputnik.pubkey }}"
allowed_ips:
- "{{ query('ldap', 'network', 'adm') }}"
- "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51820"
post_up:
- "/sbin/ip link set sputnik alias adm"
loc_slapd:
ip: "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}"
replica: true
replica_rid: 4
loc_moinmoin:
main: false
loc_certbot:
- mail: root@crans.org
certname: adm.crans.org
domains: "*.adm.crans.org"
- mail: root@crans.org
certname: crans.org
domains: "*.crans.org"
loc_service_certbot:
config:
"crans.org":
zone: _acme-challenge.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_challenge.
secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
algorithm: HMAC-SHA512
"adm.crans.org":
zone: _acme-challenge.adm.crans.org
server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
port: 53
key:
name: certbot_adm_challenge.
secret: "{{ vault.bind.rfc2136_keys['certbot_adm_challenge.'].secret }}"
algorithm: HMAC-SHA512
loc_nginx:
service_name: wiki
ssl:
- name: adm.crans.org
cert: /etc/letsencrypt/live/adm.crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/adm.crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/adm.crans.org/chain.pem
- name: crans.org
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
servers:
- server_name:
- "wiki2.crans.org"
ssl: "crans.org"
access_log: "/var/log/nginx/wiki.log combined"
error_log: "/var/log/nginx/wiki.error.log"
additional_params:
- "rewrite ^/$ $scheme://wiki2.crans.org/PageAccueil"
- "client_max_body_size 15M"
locations:
- filter: "/wiki"
params:
- "alias /var/local/wiki/htdocs/"
- filter: "/robots.txt"
params:
- "alias /var/local/wiki/robots.txt"
- filter: "/favicon.ico"
params:
- "alias /var/local/wiki/favicon.ico"
- filter: "/www-sitemap.xml"
params:
- "alias /var/local/wiki/www-sitemap.xml"
- filter: "/"
params:
- "uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket"
- "include uwsgi_params"
loc_reverseproxy:
reverseproxy_sites:
- {from: status.crans.org, to: "127.0.0.1:8080"}
- {from: git2.crans.org, to: "127.0.0.1:3000"}
- {from: git2.adm.crans.org, to: "127.0.0.1:3000", ssl: adm.crans.org}
redirect_sites: []
static_sites: []
loc_bind:
default:
type: slave
primaries: "{{ query('ldap', 'ip', 'silice', 'adm') }}"
loc_service_ssh_known_hosts:
config:
ldap:
server: "ldaps://{{ query('ldap', 'ip4', 'sputnik', 'adm') }}"
Reference in New Issue View Git Blame Copy Permalink