Files @ 93d485d7dc7b
Branch filter:

Location: majic-ansible-roles/testsite/group_vars/all.yml

93d485d7dc7b 2.7 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-218: Undo removal of explicitly specifying Python interpreter:

- Ansible will produce warnings if the interpreter path is not
specified explicitly.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
---

# Define domain for the test site that should be used.
testsite_domain: example.com

# Derive some additional values that will be used - basing them on domain.
testsite_domain_underscores: "{{ testsite_domain | regex_replace('\\.', '_') }}"
testsite_domain_alternative: "{{ testsite_domain | regex_replace('\\.[^.]+$', '.something') }}"
testsite_ldap_base: "{{ testsite_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"

# Configuration for roles bootstrap and preseed.
ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

# Configuration for role 'common', shared across all servers.
os_users:
  - name: admin
    uid: 1000
    additional_groups:
      - sudo
    authorized_keys:
      - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    password: '$6$/aerscJY6aevRG$ABBCymEDtk2mHW/dklre9dMEdgZNJvVHsGLCzgjGmy61FssZ.KW7ePcO2wsMGIkHcg3mZlrA4dhYh.APq9OQu0'
  - name: johndoe
    uid: 1001
    additional_groups:
      - office
      - developer
    password: '$6$cJnUatae7cMz23fl$O3HE2TslnEaKaTDSZnvuDDrfqILAiuMV1wOPGVnkUQFxUu3gIWZOyO7AI1OWYkqeQMVBiezpSqYNiQy6NF6bi0'

os_groups:
  - name: office
    gid: 1500
  - name: developer
    gid: 1501

common_packages:
  - emacs-nox
  - screen
  - debconf-utils
  - colordiff
  - unzip

ca_certificates:
  "ca": "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"

incoming_connection_limit: 2/second

incoming_connection_limit_burst: 6

# Default LDAP client configuration.
ldap_client_config:
  - comment: Set the base DN
    option: BASE
    value: "{{ testsite_ldap_base }}"
  - comment: Set the default URI
    option: URI
    value: ldap://ldap.{{ testsite_domain }}/
  - comment: Set the LDAP TLS truststore
    option: TLS_CACERT
    value: /etc/ssl/certs/ca.pem
  - comment: Enforce TLS
    option: TLS_REQCERT
    value: demand

# Enable and configure backups
enable_backup: true

backup_additional_encryption_keys:
  - "{{ lookup('pipe', 'gpg2 --homedir \"' + inventory_dir + '/backup_keyring' + '\" --armor --export backup.' + testsite_domain ) }}"

backup_encryption_key: "{{ lookup('pipe', 'gpg2 --homedir \"' + inventory_dir + '/backup_keyring' + '\" --armor --export-secret-keys ' + ansible_fqdn ) }}"

backup_server: "backup.{{ testsite_domain }}"

backup_server_host_ssh_public_keys:
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}"
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key.pub') }}"
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key.pub') }}"

backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/' + ansible_fqdn) }}"

# Set-up prompt.
prompt_colour: light_purple
prompt_id: MAR

# Set-up NTP time synchronisation.
ntp_pools:
  - "0.debian.pool.ntp.org"
  - "1.debian.pool.ntp.org"
  - "2.debian.pool.ntp.org"
  - "3.debian.pool.ntp.org"
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.