commit 78150cfe8100e258068d3cd994ccce8877c753ac
parent 6c626a3c3c2ffbc6452114fe23c77d9839cf6311
Author: Leah Thein <leah@toaster.fritz.box>
Date: Thu, 3 Dec 2020 20:02:07 +0100
parent 6c626a3c3c2ffbc6452114fe23c77d9839cf6311
Author: Leah Thein <leah@toaster.fritz.box>
Date: Thu, 3 Dec 2020 20:02:07 +0100
playbooks: split
3 files changed, 408 insertions(+), 343 deletions(-)
A
|
336
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/playbook-router.yml b/playbook-router.yml @@ -0,0 +1,71 @@ +--- +- hosts: all + remote_user: root + gather_facts: false + tasks: + - name: Install Python + raw: test -e /usr/bin/python || (apk update && apk add python3) + +- hosts: lollo + name: Install lollo + roles: + - common + - syncthing + - frp + vars: + alpineVersion: v3.12 + network: + hostname: lollo + domain: ctu.cx + nameservers: + - 1.1.1.1 + - 8.8.8.8 + awall: + zones: + WAN: + - iface: eth0 + policys: + - in: _fw + action: accept + - in: _fw + out: WAN + action: accept + - in: WAN + action: drop + filters: + - in: _fw + out: WAN + service: + - dns + - http + - https + - ssh + - in: WAN + out: _fw + service: + - ping + action: accept + vlanSupport: true + natSupport: true + interfaces: + - name: lo + loopback: true + - name: eth0 + ipv4: + dhcp: true + ipv6: + stateless: true + syncthing: + disableReverseProxy: true + guiAddress: 0.0.0.0:8384 + frpc: + serverAddress: wanderduene.ctu.cx + serverPort: 5050 + token: "{{ lookup('community.general.passwordstore', 'server/wanderduene/frps/token returnall=true')}}" + dashboard: false + tunnels: + - name: lollo-ssh + type: tcp + local_ip: 127.0.0.1 + local_port: 22 + remote_port: 2202+ \ No newline at end of file
diff --git a/playbook-servers.yml b/playbook-servers.yml @@ -0,0 +1,336 @@ +--- +- hosts: all + remote_user: root + gather_facts: false + tasks: + - name: Install Python + raw: test -e /usr/bin/python || (apk update && apk add python3) + + +- hosts: wanderduene + name: Install wanderduene + roles: + - common + - bind + - acme-redirect + - nginx + - gitolite + - cgit + - oeffisearch + - oeffi-web + - maddy + - prometheus + - radicale + - websites + - pleroma + - synapse + - grafana + - frp + - backup + vars: + alpineVersion: edge + network: + hostname: wanderduene + domain: ctu.cx + nameservers: + - 1.1.1.1 + - 8.8.8.8 + awall: + zones: + WAN: + - iface: eth0 + policys: + - in: _fw + action: accept + - in: _fw + out: WAN + action: accept + - in: WAN + action: drop + filters: + - in: _fw + out: WAN + service: + - dns + - http + - https + - ssh + - in: WAN + out: _fw + service: + - ping + action: accept + vlanSupport: false + natSupport: false + interfaces: + - name: lo + loopback: true + - name: eth0 + ipv4: + address: 46.38.253.139 + gateway: 46.38.253.1 + netmask: 255.255.255.0 + ipv6: + address: 2a03:4000:1:45d::1 + gateway: fe80::1 + netmask: 64 + bind: + type: master + slaves: + - 37.221.196.131 + - 195.39.247.15 + domains: + - ctu.cx + - ctucx.de + - thein.ovh + - antifa.jetzt + - oeffisear.ch + acme_redirect_certs: + wanderduene.ctu.cx: + dns_names: + - wanderduene.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/wanderduene.ctu.cx + - sudo rc-service nginx restart + - sudo rc-service maddy restart + metrics.wanderduene.ctu.cx: + dns_names: + - metrics.wanderduene.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/metrics.wanderduene.ctu.cx + - sudo rc-service nginx restart + ctucx.de: + dns_names: + - ctucx.de + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/ctucx.de + - sudo rc-service nginx restart + ctu.cx: + dns_names: + - ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/ctu.cx + - sudo rc-service nginx restart + matrix.ctu.cx: + dns_names: + - matrix.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/matrix.ctu.cx + - sudo rc-service nginx restart + dav.ctu.cx: + dns_names: + - dav.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/dav.ctu.cx + - sudo rc-service nginx restart + cgit.ctu.cx: + dns_names: + - cgit.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/cgit.ctu.cx + - sudo rc-service nginx restart + grafana.ctu.cx: + dns_names: + - grafana.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/grafana.ctu.cx + - sudo rc-service nginx restart + pleroma.ctu.cx: + dns_names: + - pleroma.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/pleroma.ctu.cx + - sudo rc-service nginx restart + frp.ctu.cx: + dns_names: + - frp.ctu.cx + - stasicontainer-mac.frp.ctu.cx + - stasicontainer.frp.ctu.cx + - coladose.frp.ctu.cx + - toaster.frp.ctu.cx + - archrepo.frp.ctu.cx + - isa.frp.ctu.cx + - isa-mac.frp.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/frp.ctu.cx + - sudo rc-service nginx restart + oeffi.ctu.cx: + dns_names: + - oeffi.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/oeffi.ctu.cx + - sudo rc-service nginx restart + repo.f2k1.de: + dns_names: + - repo.f2k1.de + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/repo.f2k1.de + - sudo rc-service nginx restart + oeffisear.ch: + dns_names: + - oeffisear.ch + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/oeffisear.ch + - sudo rc-service nginx restart + nginx: + ssl_cert: "/var/lib/acme-redirect/live/wanderduene.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/wanderduene.ctu.cx/privkey" + cgit: + domain: "cgit.ctu.cx" + ssl_cert: "/var/lib/acme-redirect/live/cgit.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/cgit.ctu.cx/privkey" + oeffisearch: + domain: "oeffisear.ch" + ssl_cert: "/var/lib/acme-redirect/live/oeffisear.ch/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/oeffisear.ch/privkey" + oeffi_web: + domain: "oeffi.ctu.cx" + ssl_cert: "/var/lib/acme-redirect/live/oeffi.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/oeffi.ctu.cx/privkey" + maddy: + hostname: "wanderduene.ctu.cx" + ssl_cert: "/var/lib/acme-redirect/live/wanderduene.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/wanderduene.ctu.cx/privkey" + prometheus: + domain: "metrics.wanderduene.ctu.cx" + ssl_cert: "/var/lib/acme-redirect/live/metrics.wanderduene.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/metrics.wanderduene.ctu.cx/privkey" + radicale: + domain: "dav.ctu.cx" + users: "{{ lookup('community.general.passwordstore', 'server/wanderduene/radicale.users returnall=true')}}" + ssl_cert: "/var/lib/acme-redirect/live/dav.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/dav.ctu.cx/privkey" + synapse: + domain: "matrix.ctu.cx" + ssl_cert: "/var/lib/acme-redirect/live/matrix.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/matrix.ctu.cx/privkey" + grafana: + domain: "grafana.ctu.cx" + ssl_cert: "/var/lib/acme-redirect/live/grafana.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/grafana.ctu.cx/privkey" + pleroma: + domain: "pleroma.ctu.cx" + ssl_cert: "/var/lib/acme-redirect/live/pleroma.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/pleroma.ctu.cx/privkey" + frps: + token: "{{ lookup('community.general.passwordstore', 'server/wanderduene/frps/token returnall=true')}}" + port: 5050 + ssl_cert: "/var/lib/acme-redirect/live/frp.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/frp.ctu.cx/privkey" + vhost_domain: "frp.ctu.cx" + vhost_port: 8088 + vhosts: + - stasicontainer-mac + - stasicontainer + - coladose + - toaster + - archrepo + - isa + - isa-mac + gitolite_initialKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829" + + +- hosts: taurus + name: Install taurus + roles: + - common + - bind + - acme-redirect + - nginx + - syncthing + - websites + - rest-server + vars: + alpineVersion: edge + network: + hostname: taurus + domain: ctu.cx + nameservers: + - 1.1.1.1 + - 8.8.8.8 + awall: + zones: + WAN: + - iface: eth0 + policys: + - in: _fw + action: accept + - in: _fw + out: WAN + action: accept + - in: WAN + action: drop + filters: + - in: _fw + out: WAN + service: + - dns + - http + - https + - ssh + - in: WAN + out: _fw + service: + - ping + action: accept + vlanSupport: false + natSupport: false + interfaces: + - name: lo + loopback: true + - name: eth0 + ipv4: + address: 37.221.196.131 + gateway: 37.221.196.1 + netmask: 255.255.255.0 + ipv6: + address: 2a03:4000:9:f8::1 + gateway: fe80::1 + netmask: 64 + bind: + type: slave + masters: + - 46.38.253.139 + domains: + - ctu.cx + - ctucx.de + - thein.ovh + - antifa.jetzt + - oeffisear.ch + nginx: + ssl_cert: "/var/lib/acme-redirect/live/taurus.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/taurus.ctu.cx/privkey" + acme_redirect_certs: + taurus.ctu.cx: + dns_names: + - taurus.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/taurus.ctu.cx + - sudo rc-service nginx restart + syncthing.ctu.cx: + dns_names: + - syncthing.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/syncthing.ctu.cx + - sudo rc-service nginx restart + restic.ctu.cx: + dns_names: + - restic.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/restic.ctu.cx + - sudo rc-service nginx restart + photos.ctu.cx: + dns_names: + - photos.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/photo.ctu.cx + - sudo rc-service nginx restart + syncthing: + domain: "syncthing.ctu.cx" + ssl_cert: "/var/lib/acme-redirect/live/syncthing.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/syncthing.ctu.cx/privkey" + rest_server: + domain: "restic.ctu.cx" + ssl_cert: "/var/lib/acme-redirect/live/restic.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/restic.ctu.cx/privkey" + passwd: "{{ lookup('community.general.passwordstore', 'server/taurus/rest-server.htpasswd returnall=true')}}"
diff --git a/playbooks.yml b/playbooks.yml @@ -1,342 +0,0 @@ ---- -- hosts: all - remote_user: root - gather_facts: false - tasks: - - name: Install Python - raw: test -e /usr/bin/python || (apk update && apk add python3) - - -- hosts: wanderduene - name: Install wanderduene - roles: -# - common -# - bind -# - acme-redirect -# - nginx -# - gitolite -# - cgit -# - oeffisearch -# - oeffi-web -# - maddy -# - prometheus -# - radicale -# - websites -# - pleroma -# - synapse -# - grafana -# - frps -# - backup - vars: - alpineVersion: edge - network: - hostname: wanderduene - domain: ctu.cx - nameservers: - - 1.1.1.1 - - 8.8.8.8 - awall: - wan: eth0 - vlanSupport: false - natSupport: false - interfaces: - - name: lo - loopback: true - - name: eth0 - ipv4: - address: 46.38.253.139 - gateway: 46.38.253.1 - netmask: 255.255.255.0 - ipv6: - address: 2a03:4000:1:45d::1 - gateway: fe80::1 - netmask: 64 - bind: - type: master - slaves: - - 37.221.196.131 - - 195.39.247.15 - domains: - - ctu.cx - - ctucx.de - - thein.ovh - - antifa.jetzt - - oeffisear.ch - acme_redirect_certs: - wanderduene.ctu.cx: - dns_names: - - wanderduene.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/wanderduene.ctu.cx - - sudo rc-service nginx restart - - sudo rc-service maddy restart - metrics.wanderduene.ctu.cx: - dns_names: - - metrics.wanderduene.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/metrics.wanderduene.ctu.cx - - sudo rc-service nginx restart - ctucx.de: - dns_names: - - ctucx.de - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/ctucx.de - - sudo rc-service nginx restart - ctu.cx: - dns_names: - - ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/ctu.cx - - sudo rc-service nginx restart - matrix.ctu.cx: - dns_names: - - matrix.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/matrix.ctu.cx - - sudo rc-service nginx restart - dav.ctu.cx: - dns_names: - - dav.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/dav.ctu.cx - - sudo rc-service nginx restart - cgit.ctu.cx: - dns_names: - - cgit.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/cgit.ctu.cx - - sudo rc-service nginx restart - grafana.ctu.cx: - dns_names: - - grafana.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/grafana.ctu.cx - - sudo rc-service nginx restart - pleroma.ctu.cx: - dns_names: - - pleroma.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/pleroma.ctu.cx - - sudo rc-service nginx restart - frp.ctu.cx: - dns_names: - - frp.ctu.cx - - stasicontainer-mac.frp.ctu.cx - - stasicontainer.frp.ctu.cx - - coladose.frp.ctu.cx - - toaster.frp.ctu.cx - - archrepo.frp.ctu.cx - - isa.frp.ctu.cx - - isa-mac.frp.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/frp.ctu.cx - - sudo rc-service nginx restart - oeffi.ctu.cx: - dns_names: - - oeffi.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/oeffi.ctu.cx - - sudo rc-service nginx restart - repo.f2k1.de: - dns_names: - - repo.f2k1.de - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/repo.f2k1.de - - sudo rc-service nginx restart - oeffisear.ch: - dns_names: - - oeffisear.ch - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/oeffisear.ch - - sudo rc-service nginx restart - nginx: - ssl_cert: "/var/lib/acme-redirect/live/wanderduene.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/wanderduene.ctu.cx/privkey" - cgit: - domain: "cgit.ctu.cx" - ssl_cert: "/var/lib/acme-redirect/live/cgit.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/cgit.ctu.cx/privkey" - oeffisearch: - domain: "oeffisear.ch" - ssl_cert: "/var/lib/acme-redirect/live/oeffisear.ch/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/oeffisear.ch/privkey" - oeffi_web: - domain: "oeffi.ctu.cx" - ssl_cert: "/var/lib/acme-redirect/live/oeffi.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/oeffi.ctu.cx/privkey" - maddy: - hostname: "wanderduene.ctu.cx" - ssl_cert: "/var/lib/acme-redirect/live/wanderduene.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/wanderduene.ctu.cx/privkey" - prometheus: - domain: "metrics.wanderduene.ctu.cx" - ssl_cert: "/var/lib/acme-redirect/live/metrics.wanderduene.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/metrics.wanderduene.ctu.cx/privkey" - radicale: - domain: "dav.ctu.cx" - ssl_cert: "/var/lib/acme-redirect/live/dav.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/dav.ctu.cx/privkey" - synapse: - domain: "matrix.ctu.cx" - ssl_cert: "/var/lib/acme-redirect/live/matrix.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/matrix.ctu.cx/privkey" - grafana: - domain: "grafana.ctu.cx" - ssl_cert: "/var/lib/acme-redirect/live/grafana.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/grafana.ctu.cx/privkey" - pleroma: - domain: "pleroma.ctu.cx" - ssl_cert: "/var/lib/acme-redirect/live/pleroma.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/pleroma.ctu.cx/privkey" - frps: - token: "foobar123" - port: 5050 - ssl_cert: "/var/lib/acme-redirect/live/frp.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/frp.ctu.cx/privkey" - vhost_domain: "frp.ctu.cx" - vhost_port: 8088 - vhosts: - - stasicontainer-mac - - stasicontainer - - coladose - - toaster - - archrepo - - isa - - isa-mac - gitolite_initialKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829" - - -- hosts: taurus - name: Install taurus - roles: -# - common -# - bind -# - acme-redirect -# - nginx -# - syncthing -# - websites -# - rest-server - vars: - alpineVersion: edge - network: - hostname: taurus - domain: ctu.cx - nameservers: - - 1.1.1.1 - - 8.8.8.8 - awall: - wan: eth0 - vlanSupport: false - natSupport: false - interfaces: - - name: lo - loopback: true - - name: eth0 - ipv4: - address: 37.221.196.131 - gateway: 37.221.196.1 - netmask: 255.255.255.0 - ipv6: - address: 2a03:4000:9:f8::1 - gateway: fe80::1 - netmask: 64 - bind: - type: slave - masters: - - 46.38.253.139 - domains: - - ctu.cx - - ctucx.de - - thein.ovh - - antifa.jetzt - - oeffisear.ch - nginx: - ssl_cert: "/var/lib/acme-redirect/live/taurus.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/taurus.ctu.cx/privkey" - acme_redirect_certs: - taurus.ctu.cx: - dns_names: - - taurus.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/taurus.ctu.cx - - sudo rc-service nginx restart - syncthing.ctu.cx: - dns_names: - - syncthing.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/syncthing.ctu.cx - - sudo rc-service nginx restart - restic.ctu.cx: - dns_names: - - restic.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/restic.ctu.cx - - sudo rc-service nginx restart - photos.ctu.cx: - dns_names: - - photos.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/photo.ctu.cx - - sudo rc-service nginx restart - syncthing: - domain: "syncthing.ctu.cx" - ssl_cert: "/var/lib/acme-redirect/live/syncthing.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/syncthing.ctu.cx/privkey" - rest_server: - domain: "restic.ctu.cx" - ssl_cert: "/var/lib/acme-redirect/live/restic.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/restic.ctu.cx/privkey" - passwd: "{{ lookup('community.general.passwordstore', 'server/taurus/rest-server.htpasswd returnall=true')}}" - - -- hosts: lollo - name: Install lollo - roles: - - common - - syncthing - vars: - alpineVersion: v3.12 - network: - hostname: lollo - domain: ctu.cx - nameservers: - - 1.1.1.1 - - 8.8.8.8 - awall: - zones: - WAN: - - iface: eth0 - policys: - - in: _fw - action: accept - - in: _fw - out: WAN - action: accept - - in: WAN - action: drop - filters: - - in: _fw - out: WAN - service: - - dns - - http - - https - - ssh - - in: WAN - out: _fw - service: - - ping - action: accept - vlanSupport: true - natSupport: true - interfaces: - - name: lo - loopback: true - - name: eth0 - ipv4: - dhcp: true - ipv6: - stateless: true - syncthing: - disableReverseProxy: true - guiAddress: 0.0.0.0:8384- \ No newline at end of file