Files @ 32f61f233098
Branch filter:

Location: majic-ansible-roles/testsite/group_vars/all.yml

32f61f233098 2.7 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
Noticket: Fixed documentation and examples for CA certificate deployment in common role. Fixed usage instructions, mainly some syntax changes and more explicit listing of parameters and such. Fixed path to truststore file for mail_forwarder role. Fixed testsite configurtion for CA certificates.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
---

# Define domain for the test site that should be used.
testsite_domain: example.com

# Derive some additional values that will be used - basing them on domain.
testsite_domain_underscores: "{{ testsite_domain | regex_replace('\\.', '_') }}"
testsite_domain_alternative: "{{ testsite_domain | regex_replace('\\.[^.]+$', '.something') }}"
testsite_ldap_base: "{{ testsite_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"

# Configuration for roles bootstrap and preseed.
ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

# Configuration for role 'common', shared across all servers.
os_users:
  - name: admin
    uid: 1000
    additional_groups:
      - sudo
    authorized_keys:
      - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    password: '$6$/aerscJY6aevRG$ABBCymEDtk2mHW/dklre9dMEdgZNJvVHsGLCzgjGmy61FssZ.KW7ePcO2wsMGIkHcg3mZlrA4dhYh.APq9OQu0'
  - name: johndoe
    uid: 1001
    additional_groups:
      - office
      - developer
    password: '$6$cJnUatae7cMz23fl$O3HE2TslnEaKaTDSZnvuDDrfqILAiuMV1wOPGVnkUQFxUu3gIWZOyO7AI1OWYkqeQMVBiezpSqYNiQy6NF6bi0'

os_groups:
  - name: office
    gid: 1500
  - name: developer
    gid: 1501

common_packages:
  - emacs24-nox
  - screen
  - debconf-utils
  - colordiff
  - unzip

ca_certificates:
  "ca": "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"

incoming_connection_limit: 2/second

incoming_connection_limit_burst: 6

# Default LDAP client configuration.
ldap_client_config:
  - comment: Set the base DN
    option: BASE
    value: "{{ testsite_ldap_base }}"
  - comment: Set the default URI
    option: URI
    value: ldap://ldap.{{ testsite_domain }}/
  - comment: Set the LDAP TLS truststore
    option: TLS_CACERT
    value: /etc/ssl/certs/ca.pem
  - comment: Enforce TLS
    option: TLS_REQCERT
    value: demand

# Enable and configure backups
enable_backup: yes

backup_additional_encryption_keys:
  - "{{ lookup('pipe', 'gpg2 --homedir \"' + inventory_dir + '/backup_keyring' + '\" --armor --export backup.' + testsite_domain ) }}"

backup_encryption_key: "{{ lookup('pipe', 'gpg2 --homedir \"' + inventory_dir + '/backup_keyring' + '\" --armor --export-secret-keys ' + ansible_fqdn ) }}"

backup_server: "backup.{{ testsite_domain }}"

backup_server_host_ssh_public_keys:
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key.pub') }}"
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}"
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key.pub') }}"
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key.pub') }}"

backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/' + ansible_fqdn) }}"

# Set-up prompt.
prompt_colour: light_purple
prompt_id: MAR
This site is powered by Kallithea 0.7.0, which is © 2010–2023 by various authors & licensed under GPLv3.