refactor(ansible): centralize inventory and variables in 'vars' directory

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
2025-07-12 21:38:53 +02:00
parent 3d7f652ff3
commit 609e000089
35 changed files with 135 additions and 73 deletions
--- a/vars/docker.ini
+++ b/vars/docker.ini
@@ -0,0 +1,13 @@
+[docker_host]
+docker-host01 ansible_become_pass="{{ vault.docker.host01.sudo }}"
+docker-host10
+docker-host12
+
+[docker_lb]
+docker-lb ansible_become_pass="{{ vault.docker.lb.sudo }}"
+
+[docker]
+
+[docker:children]
+docker_host
+docker_lb
--- a/vars/group_vars/all/secrets.yml
+++ b/vars/group_vars/all/secrets.yml
@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+65646664663537386235383334613536393336623332363437376337323235636335363165366632
+3433623633393731373932306433643663333133393734370a353261353164353335356264643234
+65376132336534306465376435303764616136646633303166336136373263346436353235343065
+6238353863333239330a303131623262353563323864323536313036356237653936326361366565
+62616566396266363535653062636537383061363438303138333237643939323162336465326363
+64323830393839386233303634326562386537373766646461376238663963376463623130303363
+65366638666132393538336361663639303831333232336632616338396539353565663239373265
+38323036343733303131383439323738623263383736303935636339303564343662633437626233
+33303564373963646465306137346161656166366266663766356362636362643430393232646635
+38363764386538613166306464336532623464343565396431643738353434313838633763663861
+35616365383831643434316436313035366131663131373064663464393031623132366137303333
+62333561373465323664303539353966663763613365373633373761343966656166363265313134
+6163
--- a/vars/group_vars/all/vars.yml
+++ b/vars/group_vars/all/vars.yml
@@ -0,0 +1,20 @@
+#
+# Essential
+#
+
+root: "root"
+user: "tudattr"
+timezone: "Europe/Berlin"
+puid: "1000"
+pgid: "1000"
+pk_path: "/media/veracrypt1/genesis"
+pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqc9fnzfCz8fQDFzla+D8PBhvaMmFu2aF+TYkkZRxl9 tuan@genesis-2022-01-20"
+
+public_domain: "tudattr.dev"
+internal_domain: "seyshiro.de"
+
+#
+# Packages
+#
+
+arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
--- a/vars/group_vars/docker/docker.yml
+++ b/vars/group_vars/docker/docker.yml
@@ -0,0 +1,502 @@
+docker:
+  url: "https://download.docker.com/linux"
+  apt_release_channel: "stable"
+  directories:
+    local: "/opt/local/"
+    config: "/opt/docker/config/"
+    compose: "/opt/docker/compose/"
+
+services:
+  - name: status
+    vm:
+      - docker-host12
+    container_name: kuma
+    image: louislam/uptime-kuma:1.23.16
+    volumes:
+      - name: "Data"
+        internal: /app/data
+        external: "{{ docker.directories.local }}/kuma/"
+    ports:
+      - name: "http"
+        internal: 3001
+        external: "{{ services_external_http.kuma }}"
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+  - name: plex
+    vm:
+      - docker-host10
+    container_name: plex
+    image: lscr.io/linuxserver/plex:1.41.5
+    volumes:
+      - name: "Configuration"
+        internal: /config
+        external: "{{ docker.directories.local }}/plex/config/"
+      - name: "TV Series"
+        internal: /tv:ro
+        external: /media/series
+      - name: "Movies"
+        internal: /movies:ro
+        external: /media/movies
+      - name: "Music"
+        internal: /music:ro
+        external: /media/songs
+    devices:
+      - name: "Graphics Card"
+        internal: /dev/dri
+        external: /dev/dri
+    ports:
+      - name: "http"
+        internal: 32400
+        external: "{{ services_external_http.plex }}"
+      - name: ""
+        internal: 1900
+        external: 1900
+      - name: ""
+        internal: 3005
+        external: 3005
+      - name: ""
+        internal: 5353
+        external: 5353
+      - name: ""
+        internal: 32410
+        external: 32410
+      - name: ""
+        internal: 8324
+        external: 8324
+      - name: ""
+        internal: 32412
+        external: 32412
+      - name: ""
+        internal: 32469
+        external: 32469
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - VERSION=docker
+  - name: jellyfin
+    vm:
+      - docker-host01
+    container_name: jellyfin
+    image: jellyfin/jellyfin:10.10
+    volumes:
+      - name: "Configuration"
+        internal: /config
+        external: "{{ docker.directories.local }}/jellyfin/config"
+      - name: "Cache"
+        internal: /cache
+        external: "{{ docker.directories.config }}/jellyfin/cache"
+      - name: "Tv Series"
+        internal: /tv:ro
+        external: /media/series
+      - name: "Music"
+        internal: /movies:ro
+        external: /media/movies
+      - name: "Music"
+        internal: /music:ro
+        external: /media/songs
+    devices:
+      - name: "Graphics Card"
+        internal: /dev/dri
+        external: /dev/dri
+    ports:
+      - name: "http"
+        internal: 8096
+        external: "{{ services_external_http.jellyfin }}"
+    environment:
+  - name: hass
+    vm:
+      - docker-host01
+    container_name: homeassistant
+    image: "ghcr.io/home-assistant/home-assistant:stable"
+    privileged: true
+    volumes:
+      - name: "Configuration"
+        internal: /config/
+        external: "{{ docker.directories.local }}/home-assistant/config/"
+      - name: "Local Time"
+        internal: /etc/localtime:ro
+        external: /etc/localtime
+    ports:
+      - name: "http"
+        internal: 8123
+        external: "{{ services_external_http.hass }}"
+      - name: ""
+        internal: 4357
+        external: 4357
+      - name: ""
+        internal: 5683
+        external: 5683
+      - name: ""
+        internal: 5683
+        external: 5683
+  - name: ddns
+    vm:
+      - docker-host12
+    container_name: ddns-updater
+    image: qmcgaw/ddns-updater:2
+    volumes:
+      - name: "Configuration"
+        internal: /updater/data/
+        external: "{{ docker.directories.local }}/ddns-updater/data/"
+    ports:
+      - name: "http"
+        internal: 8000
+        external: "{{ services_external_http.ddns }}"
+  - name: sonarr
+    vm:
+      - docker-host12
+    container_name: sonarr
+    image: linuxserver/sonarr:4.0.14
+    volumes:
+      - name: "Configuration"
+        internal: /config
+        external: "{{ docker.directories.local }}/sonarr/config"
+      - name: "Tv Series"
+        internal: /tv
+        external: /media/series
+      - name: "Torrent Downloads"
+        internal: /downloads
+        external: /media/docker/data/arr_downloads/sonarr
+    ports:
+      - name: "http"
+        internal: 8989
+        external: "{{ services_external_http.sonarr }}"
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+  - name: radarr
+    vm:
+      - docker-host12
+    container_name: radarr
+    image: linuxserver/radarr:5.21.1
+    volumes:
+      - name: "Configuration"
+        internal: /config
+        external: "{{ docker.directories.local }}/radarr/config"
+      - name: "Movies"
+        internal: /movies
+        external: /media/movies
+      - name: "Torrent Downloads"
+        internal: /downloads
+        external: /media/docker/data/arr_downloads/radarr
+    ports:
+      - name: "http"
+        internal: 7878
+        external: "{{ services_external_http.radarr }}"
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+  - name: lidarr
+    vm:
+      - docker-host12
+    container_name: lidarr
+    image: linuxserver/lidarr:2.10.3
+    volumes:
+      - name: "Configuration"
+        internal: /config
+        external: "{{ docker.directories.local }}/lidarr/config"
+      - name: "Music"
+        internal: /music
+        external: /media/songs
+      - name: "Torrent Downloads"
+        internal: /downloads
+        external: /media/docker/data/arr_downloads/lidarr
+    ports:
+      - name: "http"
+        internal: 8686
+        external: "{{ services_external_http.lidarr }}"
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+  - name: prowlarr
+    vm:
+      - docker-host12
+    container_name: prowlarr
+    image: linuxserver/prowlarr:1.32.2
+    volumes:
+      - name: "Configuration"
+        internal: /config
+        external: "{{ docker.directories.local }}/prowlarr/config"
+    ports:
+      - name: "http"
+        internal: 9696
+        external: "{{ services_external_http.prowlarr }}"
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+  - name: paperless
+    vm:
+      - docker-host12
+    container_name: paperless
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.14
+    depends_on:
+      - paperless-postgres
+      - paperless-redis
+    volumes:
+      - name: "Configuration"
+        internal: /usr/src/paperless/data
+        external: "{{ docker.directories.local }}/paperless/data/data"
+      - name: "Media"
+        internal: /usr/src/paperless/media
+        external: "{{ docker.directories.local }}/paperless/data/media"
+      - name: "Document Export"
+        internal: /usr/src/paperless/export
+        external: "{{ docker.directories.local }}/paperless/data/export"
+      - name: "Document Consume"
+        internal: /usr/src/paperless/consume
+        external: "{{ docker.directories.local }}/paperless/data/consume"
+    environment:
+      - "PAPERLESS_REDIS=redis://paperless-redis:6379"
+      - "PAPERLESS_DBHOST=paperless-postgres"
+      - "PAPERLESS_DBUSER=paperless"
+      - "PAPERLESS_DBPASS={{ vault.docker.paperless.dbpass }}"
+      - "USERMAP_UID=1000"
+      - "USERMAP_GID=1000"
+      - "PAPERLESS_URL=https://paperless.{{ domain }}"
+      - "PAPERLESS_TIME_ZONE=Europe/Berlin"
+      - "PAPERLESS_OCR_LANGUAGE=deu"
+    ports:
+      - name: "http"
+        internal: 8000
+        external: "{{ services_external_http.paperless }}"
+    sub_service:
+      - name: postgres
+        version: 15
+        username: paperless
+        password: "{{ vault.docker.paperless.dbpass }}"
+      - name: redis
+        version: 7
+  - name: pdf
+    vm:
+      - docker-host12
+    container_name: stirling
+    image: frooodle/s-pdf:0.45.0
+    ports:
+      - name: "http"
+        internal: 8080
+        external: "{{ services_external_http.pdf }}"
+  - name: git
+    vm:
+      - docker-host01
+    container_name: gitea
+    image: gitea/gitea:1.23-rootless
+    volumes:
+      - name: "Configuration"
+        internal: /etc/gitea
+        external: "{{ docker.directories.local }}/gitea/config"
+      - name: "Data"
+        internal: /var/lib/gitea
+        external: "{{ docker.directories.local }}/gitea/data"
+      - name: "Time Zone"
+        internal: /etc/timezone:ro
+        external: /etc/timezone
+      - name: "Local Time"
+        internal: /etc/localtime:ro
+        external: /etc/localtime
+    ports:
+      - name: "http"
+        internal: 3000
+        external: "{{ services_external_http.git }}"
+      - name: "ssh"
+        internal: 2222
+        external: 2222
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+  - name: changedetection
+    vm:
+      - docker-host12
+    container_name: changedetection
+    image: dgtlmoon/changedetection.io:0.49
+    healthcheck: curl
+    volumes:
+      - name: "Data"
+        internal: /datastore
+        external: "{{ docker.directories.local }}/changedetection/data/"
+    ports:
+      - name: "http"
+        internal: 5000
+        external: "{{ services_external_http.changedetection }}"
+  - name: gluetun
+    vm:
+      - docker-host12
+    container_name: gluetun
+    image: qmcgaw/gluetun:v3.40
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - name: "Tunnel"
+        internal: /dev/net/tun
+        external: /dev/net/tun
+    volumes:
+      - name: "Configuration"
+        internal: /gluetun
+        external: "{{ docker.directories.local }}/gluetun/config"
+    ports:
+      - name: "Qbit Client"
+        internal: 8082
+        external: 8082
+      - name: "Torrentleech Client"
+        internal: 8083
+        external: 8083
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - VPN_SERVICE_PROVIDER=protonvpn
+      - UPDATER_VPN_SERVICE_PROVIDERS=protonvpn
+      - UPDATER_PERIOD=24h
+      - "SERVER_COUNTRIES={{ vault.docker.proton.country }}"
+      - "OPENVPN_USER={{ vault.docker.proton.openvpn_user }}"
+      - "OPENVPN_PASSWORD={{ vault.docker.proton.openvpn_password }}"
+  - name: torrentleech
+    vm:
+      - docker-host12
+    container_name: torrentleech
+    image: qbittorrentofficial/qbittorrent-nox
+    depends_on:
+      - gluetun
+    network_mode: "container:gluetun"
+    volumes:
+      - name: "Configuration"
+        internal: /config
+        external: "{{ docker.directories.local }}/torrentleech/config"
+      - name: "Downloads"
+        internal: /downloads
+        external: /media/docker/data/arr_downloads
+    ports:
+      - name: "http"
+        internal: proxy_only
+        external: 8083
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - QBT_EULA="accept"
+      - QBT_WEBUI_PORT="8083"
+  - name: qbit
+    vm:
+      - docker-host12
+    container_name: qbit
+    image: qbittorrentofficial/qbittorrent-nox:5.0.4-1
+    depends_on:
+      - gluetun
+    network_mode: "container:gluetun"
+    volumes:
+      - name: "Configuration"
+        internal: /config
+        external: "{{ docker.directories.local }}/qbit/config"
+      - name: "Downloads"
+        internal: /downloads
+        external: /media/docker/data/arr_downloads
+    ports:
+      - name: "http"
+        internal: proxy_only
+        external: 8082
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - QBT_EULA="accept"
+      - QBT_WEBUI_PORT="8082"
+  - name: cadvisor
+    vm:
+      - docker-host12
+      - docker-host10
+      - docker-host01
+    container_name: cadvisor
+    image: gcr.io/cadvisor/cadvisor:v0.52.1
+    ports:
+      - name: ""
+        internal: 8080
+        external: 8081
+    volumes:
+      - name: "Root"
+        internal: /rootfs:ro
+        external: /
+      - name: "Run"
+        internal: /var/run:rw
+        external: /var/run
+      - name: "System"
+        internal: /sys:ro
+        external: /sys
+      - name: "Docker"
+        internal: /var/lib/docker:ro
+        external: /var/lib/docker
+  - name: karakeep
+    vm:
+      - docker-host01
+    container_name: karakeep
+    image: ghcr.io/karakeep-app/karakeep:0.23.2
+    ports:
+      - name: "http"
+        internal: 3000
+        external: "{{ services_external_http.karakeep }}"
+    volumes:
+      - name: "Data"
+        internal: /data
+        external: "{{ docker.directories.local }}/karakeep/config"
+    environment:
+      - MEILI_ADDR=http://karakeep-meilisearch:7700
+      - BROWSER_WEB_URL=http://karakeep-chrome:9222
+      - NEXTAUTH_SECRET={{ vault.docker.karakeep.nextauth_secret }}
+      - MEILI_MASTER_KEY={{ vault.docker.karakeep.meili_master_key }}
+      - NEXTAUTH_URL=https://karakeep.tudattr.dev/
+      - OPENAI_API_KEY={{ vault.docker.karakeep.openai_key }}
+      - DATA_DIR=/data
+      - DISABLE_SIGNUPS=true
+    sub_service:
+      - name: meilisearch
+        version: v1.11.1
+        nextauth_secret: "{{ vault.docker.karakeep.nextauth_secret }}"
+        meili_master_key: "{{ vault.docker.karakeep.meili_master_key }}"
+        openai_key: "{{ vault.docker.karakeep.openai_key }}"
+      - name: chrome
+        version: 123
+  - name: keycloak
+    vm:
+      - docker-host01
+    container_name: keycloak
+    image: quay.io/keycloak/keycloak:26.2
+    depends_on:
+      - keycloak-postgres
+    ports:
+      - name: "http"
+        internal: 8080
+        external: "{{ services_external_http.keycloak }}"
+    volumes:
+      - name: "config"
+        internal: /opt/keycloak/data/import/homelab-realm.json
+        external: "{{ docker.directories.local }}/keycloak/homelab-realm.json"
+      - name: "config"
+        internal: /opt/keycloak/data/import/master-realm.json
+        external: "{{ docker.directories.local }}/keycloak/master-realm.json"
+    command:
+      - "start"
+      - "--import-realm"
+    environment:
+      - KC_DB=postgres
+      - KC_DB_URL=jdbc:postgresql://keycloak-postgres:5432/keycloak
+      - KC_DB_USERNAME={{ keycloak_config.database.username }}
+      - KC_DB_PASSWORD={{ keycloak_config.database.password }}
+      - KC_HOSTNAME=keycloak.{{ internal_domain }}
+      - KC_HTTP_ENABLED=true
+      - KC_HTTP_RELATIVE_PATH=/
+      - KC_PROXY=edge
+      - KC_PROXY_HEADERS=xforwarded
+      - KC_HOSTNAME_URL=https://keycloak.{{ internal_domain }}
+      - KC_HOSTNAME_ADMIN_URL=https://keycloak.{{ internal_domain }}
+      - KC_BOOTSTRAP_ADMIN_USERNAME=serviceadmin-{{ keycloak_admin_hash }}
+      - KC_BOOTSTRAP_ADMIN_PASSWORD={{ vault.docker.keycloak.admin.password }}
+    sub_service:
+      - name: postgres
+        version: 17
+        username: "{{ keycloak_config.database.username }}"
+        password: "{{ keycloak_config.database.password }}"
--- a/vars/group_vars/docker/keycloak.yml
+++ b/vars/group_vars/docker/keycloak.yml
@@ -0,0 +1,61 @@
+keycloak_admin_hash: "{{ vault.docker.keycloak.admin.hash }}"
+
+keycloak_realms: "{{ keycloak_config.realms }}"
+
+keycloak_config:
+  database:
+    db_name: keycloak
+    username: keycloak
+    password: "{{ vault.docker.keycloak.database.password }}"
+  realms:
+    - realm: homelab
+      display_name: "Homelab Realm"
+      users:
+        - username: tudattr
+          password: "{{ vault.docker.keycloak.user.password }}"
+          realm_roles:
+            - offline_access
+            - uma_authorization
+          client_roles:
+            account:
+              - view-profile
+              - manage-account
+      admin:
+        username: "serviceadmin-{{ keycloak_admin_hash }}"
+        password: "{{ vault.docker.keycloak.admin.password }}"
+        realm_roles:
+          - offline_access
+          - uma_authorization
+          - admin
+        client_roles:
+          realm_management:
+            - realm-admin
+          account:
+            - view-profile
+            - manage-account
+      roles:
+        realm:
+          - name: admin
+            description: "Administrator role for the homelab realm"
+        default_roles:
+          - offline_access
+          - uma_authorization
+    - realm: master
+      display_name: "master"
+      admin:
+        username: "serviceadmin-{{ keycloak_admin_hash }}"
+        password: "{{ vault.docker.keycloak.admin.password }}"
+        realm_roles:
+          - offline_access
+          - uma_authorization
+          - create-realm
+          - admin
+        client_roles:
+          realm_management:
+            - realm-admin
+          account:
+            - view-profile
+            - manage-account
+      roles:
+        realm: []
+        default_roles: []
--- a/vars/group_vars/docker/port_mapping.yml
+++ b/vars/group_vars/docker/port_mapping.yml
@@ -0,0 +1,18 @@
+services_external_http:
+  kuma: 3001
+  plex: 32400
+  jellyfin: 8096
+  hass: 8123
+  ddns: 8001
+  sonarr: 8989
+  radarr: 7878
+  lidarr: 8686
+  prowlarr: 9696
+  paperless: 8000
+  pdf: 8080
+  git: 3000
+  changedetection: 5000
+  torrentleech: 8083
+  qbit: 8082
+  karakeep: 3002
+  keycloak: 3003
--- a/vars/group_vars/docker/secrets.yml
+++ b/vars/group_vars/docker/secrets.yml
@@ -0,0 +1,65 @@
+$ANSIBLE_VAULT;1.1;AES256
+62353938306631616432613936343031386266643837393733336533306532643332383761336462
+3566663762343161373266353236323532666562383031310a663661316264313737633732313166
+35336535353964646238393563333339646634346532633130633364343864363565353461616663
+6336343138623762320a366132383634383231316130643535313465356238343534656237626362
+38373439663730353739386636313865336262363864323633343839636434353261313432386135
+33343438663564323465373435613765306538633339303362656163636237643661623637376135
+65346465303530663161356666333062326536313135363536313237616564363838326339646162
+62323066626431376231386432333766366434326239303734353036396433333662333733373830
+66336433643032636166306332323063393333363734326333363936303033396336626135363832
+30636136656235376163613033616563663663633161643937666537333066343135326138643663
+64646638393364376466306438383337383231303637313366333638393939373739646338353036
+62303162383362393830316163303236336236363531333665353163373530323063313164656562
+33383561613530346561336166653536393137346630333262633738383838383338643761666463
+61303239636631646634373266303930343437636464326132316534616261376137396233653265
+39383137666533613739363764643162663361333465386332383964343534646537343065343833
+66643938623734643537313866316335396135613239393262613562356332663861646261373630
+34373939663239646534396638636265303438386239636439663635313665613634373832313237
+62306366633139333937646534393765663130396466346161376235656461346638323063353662
+64386466373433376133343266396537656435333831356531346531653262396330346238623431
+61303466366161336664333239663066643232623532643933373661663266366639646139666636
+62393532643535656566643862353337333533633861396164643766316637393638363662653863
+32643566333961663065383636383436666137356237643634326464636463303530306466616635
+36366365636337366335333630306237356366306535613464636463373063653861623464323764
+62336139653361376239303632326431643231346137333835356362333962613039643332373166
+32316234376431376136666161383039633035356636626664376137323630323966646161313664
+38623463376366623430663363663662303166636165646138363631643261376137336636636663
+61656631393963353066333930303932653730613431366131616233363662316139663038336538
+36383532316162356235373566313832323131326466363734613438323233353330613561383435
+39623435366236306431636232323838386462346464653561653638346338613833613133373133
+38626364643738373938336237323836646532356539643933333730353333626138646239633234
+66316563306230636139323335323665646462343861393366666462623966376431393438376134
+37376339356430316235633337376462666439643430303062656538386630613763623433646133
+65663530626533663266623861326431633137363466346634656634623166623331306636616666
+31643761343632336531356566636165363737646639326533386333646434393736643934643064
+39393039346639353439653766326138613164343030306436383461663636346534346365333265
+66653535623962653762633934646131653334363232636634303130306632383263373161363462
+35323133616665366238353535346561323834353634613730613439643536376337353234313337
+61623264616433336532383533376631396438313739616462323064613665396638333438306336
+34633338366235336131303462346665663464376334353431343363336662356335356562366532
+64366461623864633238666339346138663931363331613463333762336230313530613235303766
+34313064383461623230383730623731323533326663613565646436303230653264323061616536
+38636162356164656432626433373864326264623063343662323563366133363336313739326137
+31326164646364613865396534626533616366613565303032636637366435326336396464313232
+66393538393862616466313833326666316231393130666238636130613339663664393434613732
+65383363323138343335393636626138303561613532306131666334346631336333336639626466
+38343337346566346334383934306433366239666662346463666166643338613264636563653434
+36306338313363636665333763323135386165313939336432636339613432323736326635303162
+36656234656563376633373333633430313430333834623964653530626539333265363563376239
+33633430396338663063383338333732356532313435613737393465323431393035356136306166
+62633035653731636361396235613162643332393233326434353831613731373333326464326234
+36366166633437356336616166306164343636623962623136653861333866393039653939333037
+31343261663534356530373233336165326134613961616331316531313435386464396438363838
+31353935666566326630373336376438326366623537356536653564303066343837653030373962
+30393363336232646662663166326166386636356466616165376435623031666664373664623330
+31613030616162303732353738386434666566386138373238363732303138316533356435656662
+38636136353134303166636438663036363834663639613464376662666364386635333138353035
+39363236653336386332313930306663366130303836333664363335386331636431623036336535
+32366339386539306364343065323263366563643663623731643866346232653838333561336331
+36363030383263666137393035356331323038316239356637303665653164363739313664396235
+32366231613532323865623861636263383731303164366333303636356633323161653635393830
+38616139656264393932353332303264393038396663663236353838343432373965663561333531
+36363432323362643634623030356539396562633238653732313739616464643436666130633364
+37383764623938626332316630636630343236663338323661333933333730333630353061653061
+62656233653439353438
--- a/vars/group_vars/docker/vars.yml
+++ b/vars/group_vars/docker/vars.yml
@@ -0,0 +1,8 @@
+caddy:
+  admin_email: me+acme@tudattr.dev
+
+domain: "{{ internal_domain }}"
+
+netcup_api_key: "{{ vault.netcup.api_key }}"
+netcup_api_password: "{{ vault.netcup.api_password }}"
+netcup_customer_id: "{{ vault.netcup.customer_id }}"
--- a/vars/group_vars/k3s/secrets.yml
+++ b/vars/group_vars/k3s/secrets.yml
@@ -0,0 +1,22 @@
+$ANSIBLE_VAULT;1.1;AES256
+34316133396533396139633865623964346462666461313938663138313133393538636137383239
+3135346533313734393638396530383066623765326266360a666235636561623863613538346235
+38663039313737373961383935636233633563376230326535636539633366363261316436636630
+3834383036386132640a383566323963666531623333336635636266623666343262386566653133
+34613765323062646362333364366533613234356132333864373139316631633039616666323731
+38643562333432393736626566346234336333643132373535316532336339623533333863656131
+65333537643637326465333030663662653461326231613363386637316333323064333163396130
+30653934663465613461666566623935626530663161666436616338333235313338333830386235
+30353331333731393336616466396438356131383737366137346266336136353236623765366266
+31393161366433613562373663616434343161663539313536316538616530613166656562633466
+37663864643763626663373731313664333832386138363132646631366431636634393933363830
+34336536313064626333353630613366326539326662316236666263336435363061333634663964
+62346662643361313434663065363534643635633733376634396534363962653735666338366661
+32623939343334326237663934363337316364376264626566303539613564336361343762663431
+38313737336332316263333664373663653366306165386631663730346163613839303166613064
+31653638623064653665393739636664316139383732323036636636336538396238313337323562
+39666235313439336336336635386638633562383630383565336436626137383432373632613563
+37373235326562393966383037663764306430393431346662363530386563633638316539323833
+30316130336439633961303930376132613030366265313835386536363730326564333561313833
+65393136333330653231343830323534623463663765393166666631353035613238376161636632
+3838
--- a/vars/group_vars/k3s/vars.yml
+++ b/vars/group_vars/k3s/vars.yml
@@ -0,0 +1,18 @@
+k3s:
+  net: "192.168.20.0/24"
+  server:
+    ips:
+      - 192.168.20.21
+      - 192.168.20.24
+      - 192.168.20.30
+  loadbalancer:
+    ip: 192.168.20.22
+    default_port: 6443
+  db:
+    ip: 192.168.20.23
+    default_port: "5432"
+  agent:
+    ips:
+      - 192.168.20.25
+      - 192.168.20.26
+      - 192.168.20.27
--- a/vars/group_vars/proxmox/containers.yml
+++ b/vars/group_vars/proxmox/containers.yml
@@ -0,0 +1,2 @@
+lxcs:
+  - name: "test-lxc-00"
--- a/vars/group_vars/proxmox/secrets.yml
+++ b/vars/group_vars/proxmox/secrets.yml
@@ -0,0 +1,16 @@
+$ANSIBLE_VAULT;1.1;AES256
+35336335313463633337373430646432306364613234666463373135306263383932323266303834
+3033643661303537303332316361326464336136623139350a373137396165623861623433303031
+37303264373362313534623966626665633339623464376236323436336563376261323739623033
+3066663137653562320a616130653165326530643562646531373736313064626164653661353535
+37633031626462663636366464323963653535333235633939636636376436646164333965326636
+62313164336265336539333261333732626562663966306537353763333339353030666133633064
+33336230646435616166346639363835373562313265306332346662636364326337616637346333
+39343063356138326536653933656164616264666662396132383865343630383139326531616464
+64333561313631616261303431336265623166386131613634646337396332653239323262343961
+66303938323337656662303562613736366366616663633639646566333737393765626365383963
+34616166336465376331366465303230666435626463383031653661376233626538353830356366
+34633239326532303931663435363365396535393733383637656139336164306663623761386135
+31313630383139376661343334616533316231393438663837383861313734313837623063366135
+64356334336133303164656338303339623631313461353139363838356337636462363862303436
+336363363733363436356663323962383030
--- a/vars/group_vars/proxmox/secrets_vm.yml
+++ b/vars/group_vars/proxmox/secrets_vm.yml
@@ -0,0 +1,20 @@
+$ANSIBLE_VAULT;1.1;AES256
+35616266333838306161336339353538306634373132626132643732303066303163343630333630
+6338393762616262303038373334663230383464643836370a656538393531393134616463643239
+36383330653339393362353838313639333432643535643833396535653632376336613130646663
+3532646538363137630a363731613235653935316531616430346264643837306434386333373033
+33663135653931373963343734366562386263663939383536663439383537333264666233343233
+62626162666538333435396638393338393734656131303065616534613733353335643939333765
+38326237343337363064666530303664326563633262313432343030336266373437353837346461
+63333363626164316638346635666537613963383537313965373638303732353365623166363736
+31633239646262613539646637663664313337353465636366313338303439613638653530656631
+62396536316561623736633631623336313537646138383431633538303163303261323864383538
+38626338373332653561343036323236383337343037356366626230646432646538373836303063
+61346339376561626630653562346439306561643664666437386562356535303264646338326261
+33636536663161366635666264663539653037306339316233643662643134396636636162656333
+36666139376263646130333263653335333165356462363434373439313330383331356138333431
+31633362343639376436616339656561316433346532346533336261383433366366396261366134
+35363264373335616165643665653466613434386630373232386261393464376361313131386462
+33333531336334386562356338623233313862316232356562373561633364363263306465333439
+37386631626538636365376464653837333662363361653237366161316431653266643238346336
+363863376530613036313866323965326638
--- a/vars/group_vars/proxmox/vars.yml
+++ b/vars/group_vars/proxmox/vars.yml
@@ -0,0 +1,4 @@
+proxmox_api_host: 192.168.20.12
+proxmox_api_user: root
+proxmox_api_token_id: root@pam!terraform
+proxmox_api_token_secret: "{{ vault.pve.api.token_secret }}"
--- a/vars/group_vars/proxmox/vms.yml
+++ b/vars/group_vars/proxmox/vms.yml
@@ -0,0 +1,80 @@
+vms:
+  - name: "docker-host10"
+    node: "lulu"
+    vmid: 410
+    cores: 2
+    memory: 4096 # in MiB
+    net:
+      net0: "virtio,bridge=vmbr0,firewall=1"
+    boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
+    ciuser: "{{ user }}"
+    sshkeys: "{{ pubkey }}"
+    disk_size: 128 # in Gb
+    hostpci:
+      hostpci0: "0000:00:02.0"
+  - name: "docker-host11"
+    node: "lulu"
+    vmid: 411
+    cores: 2
+    memory: 4096 # in MiB
+    net:
+      net0: "virtio,bridge=vmbr0,firewall=1"
+    boot_image: "{{ proxmox_cloud_init_images.ubuntu.name }}"
+    ciuser: "{{ user }}"
+    sshkeys: "{{ pubkey }}"
+    disk_size: 128 # in Gb
+  - name: "docker-host12"
+    node: "naruto01"
+    vmid: 412
+    cores: 4
+    memory: 8192
+    net:
+      net0: "virtio,bridge=vmbr0,firewall=1"
+    boot_image: "{{ proxmox_cloud_init_images.ubuntu.name }}"
+    ciuser: "{{ user }}"
+    sshkeys: "{{ pubkey }}"
+    disk_size: 128 # in Gb
+  - name: "k3s-server10"
+    node: "naruto01"
+    vmid: 110
+    cores: 2
+    memory: 4096 # in MiB
+    net:
+      net0: "virtio,bridge=vmbr0,firewall=1"
+    boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
+    ciuser: "{{ user }}"
+    sshkeys: "{{ pubkey }}"
+    disk_size: 64 # in Gb
+#  - name: "k3s-agent10"
+#    node: "naruto01"
+#    vmid: 210
+#    cores: 2
+#    memory: 4096 # in MiB
+#    net:
+#      net0: "virtio,bridge=vmbr0,firewall=1"
+#    boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
+#    ciuser: "{{ user }}"
+#    sshkeys: "{{ pubkey }}"
+#    disk_size: 64 # in Gb
+#  - name: "k3s-agent11"
+#    node: "lulu"
+#    vmid: 211
+#    cores: 2
+#    memory: 4096 # in MiB
+#    net:
+#      net0: "virtio,bridge=vmbr0,firewall=1"
+#    boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
+#    ciuser: "{{ user }}"
+#    sshkeys: "{{ pubkey }}"
+#    disk_size: 64 # in Gb
+#  - name: "k3s-agent12"
+#    node: "inko"
+#    vmid: 212
+#    cores: 2
+#    memory: 4096 # in MiB
+#    net:
+#      net0: "virtio,bridge=vmbr0,firewall=1"
+#    boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
+#    ciuser: "{{ user }}"
+#    sshkeys: "{{ pubkey }}"
+#    disk_size: 64 # in Gb
--- a/vars/k3s.ini
+++ b/vars/k3s.ini
@@ -0,0 +1,21 @@
+[k3s]
+
+[k3s:children]
+k3s_server
+k3s_agent
+k3s_storage
+k3s_storage
+k3s_loadbalancer
+
+[k3s_server]
+k3s-server10
+
+[k3s_agent]
+k3s-agent[10:12]
+
+[k3s_storage]
+k3s-longhorn[10:12]
+
+[k3s_loadbalancer]
+k3s-loadbalancer
+
--- a/vars/proxmox.ini
+++ b/vars/proxmox.ini
@@ -0,0 +1,11 @@
+[proxmox]
+127.0.0.1 ansible_connection=local
+
+[proxmox:children]
+proxmox_nodes
+
+[proxmox_nodes]
+aya01
+lulu
+inko
+naruto01
--- a/vars/vps.ini
+++ b/vars/vps.ini
@@ -0,0 +1,3 @@
+[vps]
+mii
+