ctucx.git: ansible-configs

My personal ansible roles and playbooks [deprecated in favor of nixos]

commit a4606e297bf17d5250e76d9942d5f048f1d482de
parent e6db93fa4393ade99fee8f1c84ef27f6a5e21d94
Author: Leah Thein <leah@toaster.home.ctu.cx>
Date: Sun, 6 Dec 2020 23:32:40 +0100

update playbooks

2 files changed, 70 insertions(+), 72 deletions(-)
M
playbook-router.yml
|
57
++++++++++++++++++++++++++++-----------------------------
M
playbook-servers.yml
|
85
+++++++++++++++++++++++++++++++++++++++----------------------------------------
diff --git a/playbook-router.yml b/playbook-router.yml
@@ -10,8 +10,10 @@
   name: Install lollo
   roles:
     - common
-    - syncthing
-    - frp
+    - dnsmasq
+#    - hostapd
+#    - syncthing
+#    - frp
   vars:
     alpineVersion: v3.12
     users:

@@ -25,33 +27,11 @@
       nameservers:
         - 1.1.1.1
         - 8.8.8.8
-      awall:
-        zones:
-          WAN:
-            - iface: eth0
-        policys:
-          - in: _fw
-            action: accept
-          - in: _fw
-            out:  WAN
-            action: accept
-          - in: WAN
-            action: drop
-        filters:
-          - in: _fw
-            out: WAN
-            service:
-              - dns
-              - http
-              - https
-              - ssh
-          - in: WAN
-            out: _fw
-            service: 
-              - ping
-            action: accept
-      vlanSupport: true
-      natSupport: true
+      useFerm: true
+      useAwall: false
+      vlanSupport:   true
+      natSupport:    true
+      bridgeSupport: true
       interfaces:
         - name: lo
           loopback: true

@@ -60,6 +40,25 @@
             dhcp: true
           ipv6:
             stateless: true
+        - name: eth0.5
+          manual: true
+        - name: brlan0
+          bridge_ports: eth0.5
+          bridge_stp: false
+          ipv4:
+            address: 10.0.0.1
+            netmask: 255.255.255.0
+          ipv6:
+            address: fe80:acab::1
+            netmask: 64
+    hostapd:
+      interface: wlan0
+      bridge: brlan0
+      channel: 1
+      ssid: legacy.home.ctu.cx
+      passphrase: wasd1998
+    dnsmasq:
+      dhcp: true
     syncthing:
       disableReverseProxy: true
       guiAddress: 0.0.0.0:8384

diff --git a/playbook-servers.yml b/playbook-servers.yml
@@ -10,23 +10,23 @@
 - hosts: wanderduene
   name:  Install wanderduene
   roles: 
-    - common
-    - bind
-    - acme-redirect
-    - nginx
-    - gitolite
-    - cgit
+#    - common
+#    - bind
+#    - acme-redirect
+#    - nginx
+#    - gitolite
+#    - cgit
     - oeffisearch
     - oeffi-web
-    - maddy
-    - prometheus
-    - radicale
-    - websites
-    - pleroma
-    - synapse
-    - grafana
-    - frp
-    - backup 
+#    - maddy
+#    - prometheus
+#    - radicale
+#    - websites
+#    - pleroma
+#    - synapse
+#    - grafana
+#    - frp
+#    - backup 
   vars:
     alpineVersion: edge
     users:

@@ -40,6 +40,8 @@
       nameservers:
         - 1.1.1.1
         - 8.8.8.8
+      useFerm: false
+      useAwall: true
       awall:
         zones:
           WAN:

@@ -79,17 +81,14 @@
             address: 2a03:4000:1:45d::1
             gateway: fe80::1
             netmask: 64
-    bind:
-      type: master
-      slaves:
-        - 37.221.196.131
-        - 195.39.247.15
-      domains:
-        - ctu.cx
-        - ctucx.de
-        - thein.ovh
-        - antifa.jetzt
-        - oeffisear.ch
+    service:
+      bind:
+        domains:
+          - ctu.cx
+          - ctucx.de
+          - thein.ovh
+          - antifa.jetzt
+          - oeffisear.ch
     acme_redirect_certs:
       wanderduene.ctu.cx:
         dns_names: 

@@ -238,13 +237,13 @@
 - hosts: taurus
   name: Install taurus
   roles:
-    - common
-    - bind
-    - acme-redirect
-    - nginx
-    - syncthing
-    - websites
-    - rest-server
+#    - common
+#    - bind
+#    - acme-redirect
+#    - nginx
+#    - syncthing
+#    - websites
+#    - rest-server
   vars:
     alpineVersion: edge
     users:

@@ -258,6 +257,8 @@
       nameservers:
         - 1.1.1.1
         - 8.8.8.8
+      useFerm: false
+      useAwall: true
       awall:
         zones:
           WAN:

@@ -297,16 +298,14 @@
             address: 2a03:4000:9:f8::1
             gateway: fe80::1
             netmask: 64
-    bind:
-      type: slave
-      masters:
-        - 46.38.253.139
-      domains:
-        - ctu.cx
-        - ctucx.de
-        - thein.ovh
-        - antifa.jetzt
-        - oeffisear.ch
+    service:
+      bind:
+        domains:
+          - ctu.cx
+          - ctucx.de
+          - thein.ovh
+          - antifa.jetzt
+          - oeffisear.ch
     nginx:
       ssl_cert: "/var/lib/acme-redirect/live/taurus.ctu.cx/fullchain"
       ssl_privkey: "/var/lib/acme-redirect/live/taurus.ctu.cx/privkey"