tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(k3s): centralize k3s primary server IP and integrate Netcup DNS

Browse Source 
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
2025-07-13 01:30:05 +02:00
parent f1b0cfad2c
commit 97a5d6c41d
18 changed files with 141 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
playbooks/k3s-agents.yml
View File

@@ -1,8 +1,6 @@
- name: Set up Agents - name: Set up Agents
hosts: k3s hosts: k3s
gather_facts: true gather_facts: true
vars:
k3s_primary_server_ip: "{{ groups['k3s_server'] | map('extract', hostvars, 'ansible_host') | list | first }}"
pre_tasks: pre_tasks:
- name: Get K3s token from the first server - name: Get K3s token from the first server
when: host.ip == k3s_primary_server_ip and inventory_hostname in groups["k3s_server"] when: host.ip == k3s_primary_server_ip and inventory_hostname in groups["k3s_server"]

8
playbooks/k3s-loadbalancer.yml
View File

@@ -11,7 +11,7 @@
tags: tags:
- k3s_loadbalancer - k3s_loadbalancer
when: inventory_hostname in groups["k3s_loadbalancer"] when: inventory_hostname in groups["k3s_loadbalancer"]
# - role: node_exporter - role: node_exporter
# tags: tags:
# - node_exporter - node_exporter
# when: inventory_hostname in groups["k3s_loadbalancer"] when: inventory_hostname in groups["k3s_loadbalancer"]

8
playbooks/k3s-servers.yml
View File

@@ -6,10 +6,12 @@
- role: common - role: common
tags: tags:
- common - common
when: inventory_hostname in groups["k3s_server"]
- role: k3s_server - role: k3s_server
tags: tags:
- k3s_server - k3s_server
when: inventory_hostname in groups["k3s_server"] when: inventory_hostname in groups["k3s_server"]
- role: node_exporter # - role: node_exporter
tags: # tags:
- node_exporter # - node_exporter
# when: inventory_hostname in groups["k3s_server"]

2
playbooks/k3s-storage.yml
View File

@@ -1,8 +1,6 @@
- name: Set up storage - name: Set up storage
hosts: k3s_nodes hosts: k3s_nodes
gather_facts: true gather_facts: true
vars:
k3s_primary_server_ip: "{{ groups['k3s_server'] | map('extract', hostvars, 'ansible_host') | list | first }}"
pre_tasks: pre_tasks:
- name: Get K3s token from the first server - name: Get K3s token from the first server
when: host.ip == k3s_primary_server_ip and inventory_hostname in groups["k3s_server"] when: host.ip == k3s_primary_server_ip and inventory_hostname in groups["k3s_server"]

2
roles/k3s_loadbalancer/tasks/configuration.yml
View File

@@ -10,7 +10,7 @@
notify: notify:
- Restart nginx - Restart nginx
vars: vars:
k3s_server_ips: "{{ groups['k3s_server'] | map('extract', hostvars, 'ansible_default_ipv4') | map(attribute='address') | unique | list }}" k3s_server_ips: "{{ k3s_primary_server_ip }}"
- name: Enable nginx - name: Enable nginx
ansible.builtin.systemd: ansible.builtin.systemd:

11
roles/k3s_loadbalancer/tasks/main.yml
View File

@@ -3,3 +3,14 @@
ansible.builtin.include_tasks: installation.yml ansible.builtin.include_tasks: installation.yml
- name: Configure - name: Configure
ansible.builtin.include_tasks: configuration.yml ansible.builtin.include_tasks: configuration.yml
- name: Setup DNS on Netcup
community.general.netcup_dns:
api_key: "{{ k3s_loadbalancer_netcup_api_key }}"
api_password: "{{ k3s_loadbalancer_netcup_api_password }}"
customer_id: "{{ k3s_loadbalancer_netcup_customer_id }}"
domain: "{{ domain }}"
name: "k3s"
type: "A"
value: "{{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }}"
delegate_to: localhost

6
roles/k3s_loadbalancer/vars/main.yml
View File

@@ -1 +1,7 @@
k3s_loadbalancer_nginx_config_path: "/etc/nginx/nginx.conf" k3s_loadbalancer_nginx_config_path: "/etc/nginx/nginx.conf"
k3s_loadbalancer_netcup_api_key: "{{ netcup_api_key }}"
k3s_loadbalancer_netcup_api_password: "{{ netcup_api_password }}"
k3s_loadbalancer_netcup_customer_id: "{{ netcup_customer_id }}"
domain: "{{ internal_domain }}"

15
roles/k3s_server/tasks/installation.yml
View File

@@ -12,18 +12,19 @@
mode: "0755" mode: "0755"
- name: Install K3s server with node taint and TLS SAN - name: Install K3s server with node taint and TLS SAN
when: (host.ip == k3s.server.ips[0] and (not k3s_status.stat.exists)) when: (ansible_default_ipv4.address == k3s_primary_server_ip and (not k3s_status.stat.exists))
ansible.builtin.command: | ansible.builtin.command: |
/tmp/k3s_install.sh server \ /tmp/k3s_install.sh server \
--node-taint CriticalAddonsOnly=true:NoExecute \ --node-taint CriticalAddonsOnly=true:NoExecute \
--tls-san {{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }} --tls-san {{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }}
--tls-san {{ k3s_server_name }}
become: true become: true
async: 300 async: 300
poll: 0 poll: 0
register: k3s_primary_install register: k3s_primary_install
- name: Wait for K3s to be installed - name: Wait for K3s to be installed
when: (host.ip == k3s.server.ips[0] and (not k3s_status.stat.exists)) when: (ansible_default_ipv4.address == k3s_primary_server_ip and (not k3s_status.stat.exists))
ansible.builtin.async_status: ansible.builtin.async_status:
jid: "{{ k3s_primary_install.ansible_job_id }}" jid: "{{ k3s_primary_install.ansible_job_id }}"
register: k3s_primary_install_status register: k3s_primary_install_status
@@ -33,23 +34,23 @@
become: true become: true
- name: Get K3s token from the first server - name: Get K3s token from the first server
when: host.ip == k3s.server.ips[0] when: ansible_default_ipv4.address == k3s_primary_server_ip
ansible.builtin.slurp: ansible.builtin.slurp:
src: /var/lib/rancher/k3s/server/node-token src: /var/lib/rancher/k3s/server/node-token
register: k3s_token register: k3s_token
become: true become: true
- name: Set fact on k3s.server.ips[0] - name: Set fact on k3s_primary_server_ip
when: host.ip == k3s.server.ips[0] when: ansible_default_ipv4.address == k3s_primary_server_ip
ansible.builtin.set_fact: ansible.builtin.set_fact:
k3s_token: "{{ k3s_token['content'] | b64decode | trim }}" k3s_token: "{{ k3s_token['content'] | b64decode | trim }}"
- name: Install K3s on the secondary servers - name: Install K3s on the secondary servers
when: (host.ip != k3s.server.ips[0] and (not k3s_status.stat.exists)) when: (ansible_default_ipv4.address != k3s_primary_server_ip and (not k3s_status.stat.exists))
ansible.builtin.command: | ansible.builtin.command: |
/tmp/k3s_install.sh server \ /tmp/k3s_install.sh server \
--node-taint CriticalAddonsOnly=true:NoExecute \ --node-taint CriticalAddonsOnly=true:NoExecute \
--tls-san {{ k3s.loadbalancer.ip }} --tls-san {{ k3s.loadbalancer.ip }}
environment: environment:
K3S_TOKEN: "{{ hostvars[(hostvars | dict2items | map(attribute='value') | map('dict2items') | map('selectattr', 'key', 'match', 'host') | map('selectattr', 'value.ip', 'match', k3s.server.ips[0] ) | select() | first | items2dict).host.hostname].k3s_token }}" K3S_TOKEN: "{{ hostvars[(hostvars | dict2items | map(attribute='value') | map('dict2items') | map('selectattr', 'key', 'match', 'host') | map('selectattr', 'value.ip', 'match', k3s_primary_server_ip ) | select() | first | items2dict).host.hostname].k3s_token }}"
become: true become: true

4
vars/docker.ini
View File

@@ -1,10 +1,10 @@
[docker_host] [docker_host]
docker-host01 ansible_become_pass="{{ vault.docker.host01.sudo }}" docker-host01 ansible_become_pass="{{ vault_docker.host01.sudo }}"
docker-host10 docker-host10
docker-host12 docker-host12
[docker_lb] [docker_lb]
docker-lb ansible_become_pass="{{ vault.docker.lb.sudo }}" docker-lb ansible_become_pass="{{ vault_docker.lb.sudo }}"
[docker] [docker]

26
vars/group_vars/all/secrets.yml
View File

@@ -1,14 +1,14 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
65646664663537386235383334613536393336623332363437376337323235636335363165366632 39363732646365356438376435333235623762396237353933613036633233623964363662326335
3433623633393731373932306433643663333133393734370a353261353164353335356264643234 6135336632653162356336363736333238666531313565390a346539393135633638656565623934
65376132336534306465376435303764616136646633303166336136373263346436353235343065 34333739323264623638623038343433376333646238396164616564646432353835663561366562
6238353863333239330a303131623262353563323864323536313036356237653936326361366565 3832323739316235390a663661666334396538656163383838363631666265356334313938373263
62616566396266363535653062636537383061363438303138333237643939323162336465326363 63376537313863653734333565363634383139396131363636366465356461376561353333313136
64323830393839386233303634326562386537373766646461376238663963376463623130303363 32343937363665346662623439303435386631623263663063313862373634396539656130303636
65366638666132393538336361663639303831333232336632616338396539353565663239373265 66623066656162633635643361316335383736333535363562386334663437333335336131616537
38323036343733303131383439323738623263383736303935636339303564343662633437626233 32633331313965353733656439646465616637336637626238653139356661353037623638653434
33303564373963646465306137346161656166366266663766356362636362643430393232646635 33333330303336623434313730373837373366343337343637326161656235663535643666663831
38363764386538613166306464336532623464343565396431643738353434313838633763663861 38343834343234316463626137363763393133643761653532626532633832353266353934646466
35616365383831643434316436313035366131663131373064663464393031623132366137303333 33613830666634393636633130626664323135366666306533613839633234656334396365373135
62333561373465323664303539353966663763613365373633373761343966656166363265313134 61303637376139616366346135353563383331303630613739636137666339363531366165393231
6163 3334

4
vars/group_vars/all/vars.yml
View File

@@ -18,3 +18,7 @@ internal_domain: "seyshiro.de"
# #
arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
netcup_api_key: "{{ vault_netcup.api_key }}"
netcup_api_password: "{{ vault_netcup.api_password }}"
netcup_customer_id: "{{ vault_netcup.customer_id }}"

24
vars/group_vars/docker/docker.yml
View File

@@ -256,7 +256,7 @@ services:
- "PAPERLESS_REDIS=redis://paperless-redis:6379" - "PAPERLESS_REDIS=redis://paperless-redis:6379"
- "PAPERLESS_DBHOST=paperless-postgres" - "PAPERLESS_DBHOST=paperless-postgres"
- "PAPERLESS_DBUSER=paperless" - "PAPERLESS_DBUSER=paperless"
- "PAPERLESS_DBPASS={{ vault.docker.paperless.dbpass }}" - "PAPERLESS_DBPASS={{ vault_docker.paperless.dbpass }}"
- "USERMAP_UID=1000" - "USERMAP_UID=1000"
- "USERMAP_GID=1000" - "USERMAP_GID=1000"
- "PAPERLESS_URL=https://paperless.{{ domain }}" - "PAPERLESS_URL=https://paperless.{{ domain }}"
@@ -270,7 +270,7 @@ services:
- name: postgres - name: postgres
version: 15 version: 15
username: paperless username: paperless
password: "{{ vault.docker.paperless.dbpass }}" password: "{{ vault_docker.paperless.dbpass }}"
- name: redis - name: redis
version: 7 version: 7
- name: pdf - name: pdf
@@ -353,9 +353,9 @@ services:
- VPN_SERVICE_PROVIDER=protonvpn - VPN_SERVICE_PROVIDER=protonvpn
- UPDATER_VPN_SERVICE_PROVIDERS=protonvpn - UPDATER_VPN_SERVICE_PROVIDERS=protonvpn
- UPDATER_PERIOD=24h - UPDATER_PERIOD=24h
- "SERVER_COUNTRIES={{ vault.docker.proton.country }}" - "SERVER_COUNTRIES={{ vault_docker.proton.country }}"
- "OPENVPN_USER={{ vault.docker.proton.openvpn_user }}" - "OPENVPN_USER={{ vault_docker.proton.openvpn_user }}"
- "OPENVPN_PASSWORD={{ vault.docker.proton.openvpn_password }}" - "OPENVPN_PASSWORD={{ vault_docker.proton.openvpn_password }}"
- name: torrentleech - name: torrentleech
vm: vm:
- docker-host12 - docker-host12
@@ -446,18 +446,18 @@ services:
environment: environment:
- MEILI_ADDR=http://karakeep-meilisearch:7700 - MEILI_ADDR=http://karakeep-meilisearch:7700
- BROWSER_WEB_URL=http://karakeep-chrome:9222 - BROWSER_WEB_URL=http://karakeep-chrome:9222
- NEXTAUTH_SECRET={{ vault.docker.karakeep.nextauth_secret }} - NEXTAUTH_SECRET={{ vault_docker.karakeep.nextauth_secret }}
- MEILI_MASTER_KEY={{ vault.docker.karakeep.meili_master_key }} - MEILI_MASTER_KEY={{ vault_docker.karakeep.meili_master_key }}
- NEXTAUTH_URL=https://karakeep.tudattr.dev/ - NEXTAUTH_URL=https://karakeep.tudattr.dev/
- OPENAI_API_KEY={{ vault.docker.karakeep.openai_key }} - OPENAI_API_KEY={{ vault_docker.karakeep.openai_key }}
- DATA_DIR=/data - DATA_DIR=/data
- DISABLE_SIGNUPS=true - DISABLE_SIGNUPS=true
sub_service: sub_service:
- name: meilisearch - name: meilisearch
version: v1.11.1 version: v1.11.1
nextauth_secret: "{{ vault.docker.karakeep.nextauth_secret }}" nextauth_secret: "{{ vault_docker.karakeep.nextauth_secret }}"
meili_master_key: "{{ vault.docker.karakeep.meili_master_key }}" meili_master_key: "{{ vault_docker.karakeep.meili_master_key }}"
openai_key: "{{ vault.docker.karakeep.openai_key }}" openai_key: "{{ vault_docker.karakeep.openai_key }}"
- name: chrome - name: chrome
version: 123 version: 123
- name: keycloak - name: keycloak
@@ -494,7 +494,7 @@ services:
- KC_HOSTNAME_URL=https://keycloak.{{ internal_domain }} - KC_HOSTNAME_URL=https://keycloak.{{ internal_domain }}
- KC_HOSTNAME_ADMIN_URL=https://keycloak.{{ internal_domain }} - KC_HOSTNAME_ADMIN_URL=https://keycloak.{{ internal_domain }}
- KC_BOOTSTRAP_ADMIN_USERNAME=serviceadmin-{{ keycloak_admin_hash }} - KC_BOOTSTRAP_ADMIN_USERNAME=serviceadmin-{{ keycloak_admin_hash }}
- KC_BOOTSTRAP_ADMIN_PASSWORD={{ vault.docker.keycloak.admin.password }} - KC_BOOTSTRAP_ADMIN_PASSWORD={{ vault_docker.keycloak.admin.password }}
sub_service: sub_service:
- name: postgres - name: postgres
version: 17 version: 17

10
vars/group_vars/docker/keycloak.yml
View File

@@ -1,4 +1,4 @@
keycloak_admin_hash: "{{ vault.docker.keycloak.admin.hash }}" keycloak_admin_hash: "{{ vault_docker.keycloak.admin.hash }}"
keycloak_realms: "{{ keycloak_config.realms }}" keycloak_realms: "{{ keycloak_config.realms }}"
@@ -6,13 +6,13 @@ keycloak_config:
database: database:
db_name: keycloak db_name: keycloak
username: keycloak username: keycloak
password: "{{ vault.docker.keycloak.database.password }}" password: "{{ vault_docker.keycloak.database.password }}"
realms: realms:
- realm: homelab - realm: homelab
display_name: "Homelab Realm" display_name: "Homelab Realm"
users: users:
- username: tudattr - username: tudattr
password: "{{ vault.docker.keycloak.user.password }}" password: "{{ vault_docker.keycloak.user.password }}"
realm_roles: realm_roles:
- offline_access - offline_access
- uma_authorization - uma_authorization
@@ -22,7 +22,7 @@ keycloak_config:
- manage-account - manage-account
admin: admin:
username: "serviceadmin-{{ keycloak_admin_hash }}" username: "serviceadmin-{{ keycloak_admin_hash }}"
password: "{{ vault.docker.keycloak.admin.password }}" password: "{{ vault_docker.keycloak.admin.password }}"
realm_roles: realm_roles:
- offline_access - offline_access
- uma_authorization - uma_authorization
@@ -44,7 +44,7 @@ keycloak_config:
display_name: "master" display_name: "master"
admin: admin:
username: "serviceadmin-{{ keycloak_admin_hash }}" username: "serviceadmin-{{ keycloak_admin_hash }}"
password: "{{ vault.docker.keycloak.admin.password }}" password: "{{ vault_docker.keycloak.admin.password }}"
realm_roles: realm_roles:
- offline_access - offline_access
- uma_authorization - uma_authorization

116
vars/group_vars/docker/secrets.yml
View File

@@ -1,65 +1,53 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
62353938306631616432613936343031386266643837393733336533306532643332383761336462 30306666383965373266313366653831386438333732386238623261356631383664323462663135
3566663762343161373266353236323532666562383031310a663661316264313737633732313166 6163663162383431623931393831376163636262363766350a316463646662343161366531316531
35336535353964646238393563333339646634346532633130633364343864363565353461616663 36323665366263616565633064646664383065346166343536313633613034353030303062383637
6336343138623762320a366132383634383231316130643535313465356238343534656237626362 3139393833316232610a383031363839393463336461653963363131303664663765656234363531
38373439663730353739386636313865336262363864323633343839636434353261313432386135 62666665333730623463663134386232383534353334333336363434653838353762323063383562
33343438663564323465373435613765306538633339303362656163636237643661623637376135 36316533303333313565646139306238316534383235336432346364633265316435373763313861
65346465303530663161356666333062326536313135363536313237616564363838326339646162 62353566623665306137643934333534653730386138383462623864613433303633386339643461
62323066626431376231386432333766366434326239303734353036396433333662333733373830 33373330656431336434353965303133363237393864333634383463663065303633646239656665
66336433643032636166306332323063393333363734326333363936303033396336626135363832 64623562373864353865656664323064343535303931363635376233666339656236363133643536
30636136656235376163613033616563663663633161643937666537333066343135326138643663 37653831396538366466663830376665386231633438316437396331323534386433313634383137
64646638393364376466306438383337383231303637313366333638393939373739646338353036 32356435383965616635373432633563653630326334303165316166383165353734393966363861
62303162383362393830316163303236336236363531333665353163373530323063313164656562 32333534386634633561356538626536383838653461353664303264333737326237383234373561
33383561613530346561336166653536393137346630333262633738383838383338643761666463 35333234643461303961646430343334306332663039326237353836656531363262633661366138
61303239636631646634373266303930343437636464326132316534616261376137396233653265 32386635343738383732663538313164316531386564653939373032653631396566386638316464
39383137666533613739363764643162663361333465386332383964343534646537343065343833 38313731653234343037633066393134346136636637616666653038383464623065386635623031
66643938623734643537313866316335396135613239393262613562356332663861646261373630 34363064333036336263613964396433303538353134623130303032356438323237366664336238
34373939663239646534396638636265303438386239636439663635313665613634373832313237 36333335363261363038346264633263636461376538613866313935623762623234393763356638
62306366633139333937646534393765663130396466346161376235656461346638323063353662 32313363653739376333646235306136616132366566356530613362313436306361306633643262
64386466373433376133343266396537656435333831356531346531653262396330346238623431 65373039393636303164383736643631323662613637316565313938616436643137343065353261
61303466366161336664333239663066643232623532643933373661663266366639646139666636 63313661356633623266353233346436323230623966373262353336333935383938356462643637
62393532643535656566643862353337333533633861396164643766316637393638363662653863 39373232643035396533353063376234316330353764313930363435303932656464396265303035
32643566333961663065383636383436666137356237643634326464636463303530306466616635 35313463393664326438346161633735333639303930396166663730303033663836663232363733
36366365636337366335333630306237356366306535613464636463373063653861623464323764 65323839376638306133393161363864623365623238646165383765646139366535323631346437
62336139653361376239303632326431643231346137333835356362333962613039643332373166 64356465623366666439626463636261616439323230393938386231653837393738363532313962
32316234376431376136666161383039633035356636626664376137323630323966646161313664 33636635653862363962393966336235383361646366386365656338613064303133313364346532
38623463376366623430663363663662303166636165646138363631643261376137336636636663 36643566326564316335393534323836623963633638326531623030666334313665666636633639
61656631393963353066333930303932653730613431366131616233363662316139663038336538 64393139343637633036303236333861386135303235343735613431643734356338336537663138
36383532316162356235373566313832323131326466363734613438323233353330613561383435 35313063363966353837633130313739643630623263653064656530343131616465303664656536
39623435366236306431636232323838386462346464653561653638346338613833613133373133 37616534353033343235663665396437326338336661303566376361386665373930616130396136
38626364643738373938336237323836646532356539643933333730353333626138646239633234 37666338336538626663363639333532636566323634663135376239336339393838383837346239
66316563306230636139323335323665646462343861393366666462623966376431393438376134 63383636333038633264396463353739313234336338383639396531626534393764626235636338
37376339356430316235633337376462666439643430303062656538386630613763623433646133 31663865666530336666333137343835393739623732633630303833396539363131343663626235
65663530626533663266623861326431633137363466346634656634623166623331306636616666 31313563366264333737363036316136336138616134656232626438313033333136663731376531
31643761343632336531356566636165363737646639326533386333646434393736643934643064 32613237393463346161613334386135633661386666633135323133376335336631356437613261
39393039346639353439653766326138613164343030306436383461663636346534346365333265 63393132623863336461386431666263376265393138316162356239363037653065623633333632
66653535623962653762633934646131653334363232636634303130306632383263373161363462 62376131303532373031626431323030666165306336343764343363366661626333396233636231
35323133616665366238353535346561323834353634613730613439643536376337353234313337 31333836353731363062663334333736316265653130333836623236373263316639316437343537
61623264616433336532383533376631396438313739616462323064613665396638333438306336 39353233663965666564626632343263646339383934323564303730396166303362363736383838
34633338366235336131303462346665663464376334353431343363336662356335356562366532 35616561646531386338303936373565396465383839323830636539653934663039663938373738
64366461623864633238666339346138663931363331613463333762336230313530613235303766 32346361383135633365366634643139636431336436623330373931643233313134356364366638
34313064383461623230383730623731323533326663613565646436303230653264323061616536 63386138653331376638376663323736383734623463373439313962393661333539323737666633
38636162356164656432626433373864326264623063343662323563366133363336313739326137 36313639663864663564646166333033356163656339373063353338653634353538653736356134
31326164646364613865396534626533616366613565303032636637366435326336396464313232 64373435346136396461303733373134343735323663613561303062353330303734316333346331
66393538393862616466313833326666316231393130666238636130613339663664393434613732 35353835396661663932643432303433636230616232633032303137366232333239313463336231
65383363323138343335393636626138303561613532306131666334346631336333336639626466 66376261356564343064393531333066663562646165383737373632393261313638323862373936
38343337346566346334383934306433366239666662346463666166643338613264636563653434 34333234323261363830643332393338396338326432623736313836626462303839313732333730
36306338313363636665333763323135386165313939336432636339613432323736326635303162 36623863383364396366363065306334653837353837623437386465346463386166643939666161
36656234656563376633373333633430313430333834623964653530626539333265363563376239 38353136353037663834613162396139653164326536313734633664613233316665626661383661
33633430396338663063383338333732356532313435613737393465323431393035356136306166 32323263616164653334306231663439626134626535393630653639666261356537303135323934
62633035653731636361396235613162643332393233326434353831613731373333326464326234 64356263633635313336643531616639346565303938333334636263623633353764613232313165
36366166633437356336616166306164343636623962623136653861333866393039653939333037 35616235333364353339373562333938643731613031356638376439326533633236363335306138
31343261663534356530373233336165326134613961616331316531313435386464396438363838 31316436663536353861
31353935666566326630373336376438326366623537356536653564303066343837653030373962
30393363336232646662663166326166386636356466616165376435623031666664373664623330
31613030616162303732353738386434666566386138373238363732303138316533356435656662
38636136353134303166636438663036363834663639613464376662666364386635333138353035
39363236653336386332313930306663366130303836333664363335386331636431623036336535
32366339386539306364343065323263366563643663623731643866346232653838333561336331
36363030383263666137393035356331323038316239356637303665653164363739313664396235
32366231613532323865623861636263383731303164366333303636356633323161653635393830
38616139656264393932353332303264393038396663663236353838343432373965663561333531
36363432323362643634623030356539396562633238653732313739616464643436666130633364
37383764623938626332316630636630343236663338323661333933333730333630353061653061
62656233653439353438

4
vars/group_vars/docker/vars.yml
View File

@@ -2,7 +2,3 @@ caddy:
admin_email: me+acme@tudattr.dev admin_email: me+acme@tudattr.dev
domain: "{{ internal_domain }}" domain: "{{ internal_domain }}"
netcup_api_key: "{{ vault.netcup.api_key }}"
netcup_api_password: "{{ vault.netcup.api_password }}"
netcup_customer_id: "{{ vault.netcup.customer_id }}"

8
vars/group_vars/k3s/vars.yml
View File

@@ -1,7 +1,7 @@
k3s: k3s:
server:
ips: []
loadbalancer: loadbalancer:
default_port: 6443 default_port: 6443
agent:
ips: [] k3s_primary_server_ip: "{{ groups['k3s_server'] | map('extract', hostvars, 'ansible_default_ipv4') | map(attribute='address') | unique | list | first }}"
k3s_server_name: "k3s.{{ internal_domain }}"

28
vars/group_vars/proxmox/secrets.yml
View File

@@ -1,16 +1,14 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
35336335313463633337373430646432306364613234666463373135306263383932323266303834 31643966346364346162383139663866363832386666353662306232633765323662393839346130
3033643661303537303332316361326464336136623139350a373137396165623861623433303031 3735366533613662353262376435653236366636383133650a623665623365393466636361373830
37303264373362313534623966626665633339623464376236323436336563376261323739623033 63323162343966376439303637613637646331343034393737613165333033303063363933376336
3066663137653562320a616130653165326530643562646531373736313064626164653661353535 3938303162333965370a306437353332626363343030386631336231386432346236373166626262
37633031626462663636366464323963653535333235633939636636376436646164333965326636 31643331653638316161313335386463386661313330383339363430373336356633383161393165
62313164336265336539333261333732626562663966306537353763333339353030666133633064 63346364333963386635326566646237343364623238613632343339613661623938666337373138
33336230646435616166346639363835373562313265306332346662636364326337616637346333 37613365346165393565346465646332356234313238346264396631363439353666356139363461
39343063356138326536653933656164616264666662396132383865343630383139326531616464 31373762326636353138363238363134663732643238303733373736386533383231373436626338
64333561313631616261303431336265623166386131613634646337396332653239323262343961 36386534626432303363306439393032326631643530333831326639336134313438323161616635
66303938323337656662303562613736366366616663633639646566333737393765626365383963 32623238323065393737356338363538396235646434646665366361643464653433343236613963
34616166336465376331366465303230666435626463383031653661376233626538353830356366 34353331306266653332343832363730636137653937616536623636333762633039656537336434
34633239326532303931663435363365396535393733383637656139336164306663623761386135 35326333303736363032633263613231653038306132616461326266303663363762343437623738
31313630383139376661343334616533316231393438663837383861313734313837623063366135 35336663376263323332313666643065306533623333333130383261666231333830
64356334336133303164656338303339623631313461353139363838356337636462363862303436
336363363733363436356663323962383030

2
vars/group_vars/proxmox/vars.yml
View File

@@ -1,4 +1,4 @@
proxmox_api_host: 192.168.20.12 proxmox_api_host: 192.168.20.12
proxmox_api_user: root proxmox_api_user: root
proxmox_api_token_id: terraform proxmox_api_token_id: terraform
proxmox_api_token_secret: "{{ vault.pve.api.token_secret }}" proxmox_api_token_secret: "{{ vault_pve.api.token_secret }}"