initial commit

16 files changed, 218 insertions, 0 deletions

diff --git a/inventory-example/host_vars/bitwarden1.yml b/inventory-example/host_vars/bitwarden1.yml
new file mode 100644
index 0000000..feb6baa
--- /dev/null
+++ b/inventory-example/host_vars/bitwarden1.yml
@@ -0,0 +1 @@
+vaultwarden_server_name: bitwarden.{{ domain }}
diff --git a/inventory-example/host_vars/dmz-git1.yml b/inventory-example/host_vars/dmz-git1.yml
new file mode 100644
index 0000000..e5b5f76
--- /dev/null
+++ b/inventory-example/host_vars/dmz-git1.yml
@@ -0,0 +1,21 @@
+apache_letsencrypt: yes
+apache_server_name: git.example.com  # changeme
+nagios_https_vhosts: ['{{ apache_server_name }}']
+
+cgit_clone_prefixes:  # changeme - public clone URL displayed in cgit interface
+  - https://git.example.com
+
+cgit_cache_size: 10000
+
+# changeme: everything below this line
+cgit_title: 'ACME Corp : git'
+cgit_description: Source code for ACME Corporation
+
+cgit_about_html: >
+  This is just an example. Change me!
+
+cgit_logo: ~/assets/cgit/acme_logo.png
+cgit_favicon: ~/assets/cgit/acme_favicon.png
+cgit_css: ~/assets/cgit/acme.css
+cgit_header: ~/assets/cgit/acme-header.html
+cgit_head_include: ~/assets/cgit/acme-head-include.html
diff --git a/inventory-example/host_vars/dmz-mx1.yml b/inventory-example/host_vars/dmz-mx1.yml
new file mode 100644
index 0000000..2ee6004
--- /dev/null
+++ b/inventory-example/host_vars/dmz-mx1.yml
@@ -0,0 +1 @@
+postfix_myhostname: mx1.example.com  # changeme - your public MX hostname
diff --git a/inventory-example/host_vars/dmz-www1.yml b/inventory-example/host_vars/dmz-www1.yml
new file mode 100644
index 0000000..b44309e
--- /dev/null
+++ b/inventory-example/host_vars/dmz-www1.yml
@@ -0,0 +1,9 @@
+nagios_https_vhosts:  # changeme - https vhosts to monitor
+  - example.com
+  - example.net
+  - www.example.com
+  - www.example.net
+
+# subdirs of /var/www to be included in the backup.yml playbook
+apache_backup_dirs:
+  - www.example.com
diff --git a/inventory-example/host_vars/nas1.yml b/inventory-example/host_vars/nas1.yml
new file mode 100644
index 0000000..304e16f
--- /dev/null
+++ b/inventory-example/host_vars/nas1.yml
@@ -0,0 +1,128 @@
+# This file contains a few complex dictionaries used to set up ZFS datasets,
+# NFS exports, autofs mounts, and file permissions for network shares.
+#
+# changeme: everything in this file, probably.
+---
+# zpools for this host, and any pool-level properties you wish to set
+zfs_pools:
+  - name: tank
+    mountpoint: /tank
+    properties:
+      ashift: 12
+      autotrim: 'on'
+    vdevs:
+      - type: raidz2
+        devices:
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000001
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000002
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000003
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000004
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000005
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000006
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000007
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000008
+      - type: raidz2
+        devices:
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000009
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000010
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000011
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000012
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000013
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000014
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000015
+          - /dev/disk/by-id/scsi-SSEAGATE_SSSSSSSSSSSS_00000016
+      - type: log
+        devices:
+          - /dev/disk/by-id/nvme-INTEL_IIIIIIIIIIIII_000000000000000001
+
+# ZFS datasets for this host, and any properties you wish to set.
+zfs_datasets:
+  - name: tank
+    properties:
+      compression: lz4
+      acltype: posix
+      xattr: sa
+      relatime: 'on'
+      com.sun:auto-snapshot:frequent: 'false'
+
+# For each NFS export on this host, specify the following:
+#   - dataset: zfs dataset
+#   - zfs_properties: zfs dataset properties
+#   - owner: unix owner of the directory
+#   - group: unix group owner of the directory
+#   - acl: list of POSIX ACLs for the directory
+#   - options: NFS export options
+#   - client: NFS client list
+#   - automount_map: autofs map name
+#   - autofs_key: autofs key name (default: basename)
+#   - smb_share: SMB share name if you want to share directory over CIFS
+nfs_exports:
+  - dataset: tank/archive
+    zfs_properties:
+      refquota: 500G
+    owner: s-archiver
+    group: sysadmins
+    mode: 02770
+    acl:
+      - entity: sysadmins
+        etype: group
+        permissions: rwX
+        default: yes
+    options: crossmnt
+    clients:
+      - client: archive1
+        options: sec=krb5p,rw
+    automount_map: auto.nfs
+
+  - dataset: tank/media/pictures
+    group: role-photo-admin
+    mode: 02770
+    acl:
+      - entity: role-photo-admin
+        etype: group
+        permissions: rwX
+        default: yes
+    options: rw,crossmnt
+    clients:
+      - client: '{{ vlans.trusted.cidr }}'
+        options: sec=krb5p
+      - client: syncthing1
+        options: sec=sys
+    automount_map: auto.nfs_media
+
+  - dataset: tank/media/music
+    group: role-music-admin
+    mode: 02770
+    acl:
+      - entity: role-music-admin
+        etype: group
+        permissions: rwX
+        default: yes
+
+      - entity: role-music-access
+        etype: group
+        permissions: rX
+        default: yes
+    options: rw,crossmnt
+    clients:
+      - client: '{{ vlans.trusted.cidr }}'
+        options: sec=krb5p
+      - client: syncthing1
+        options: sec=sys
+    automount_map: auto.nfs_media
+
+# This list contains all users whose homedirs should live on this host.
+# ZFS datasets, NFS exports, and autofs maps will be created automatically.
+nfs_homedirs:
+  - user: johndoe
+    priv_quota: 250G
+  - user: janedoe
+    priv_quota: 250G
+  - group: doefamily
+    priv_quota: 500G
+
+# List any SMB shares to create here.
+# All home directories automatically get an SMB share.
+smb_shares:
+  - name: media
+    path: /tank/media
diff --git a/inventory-example/host_vars/opnsense1/vars.yml b/inventory-example/host_vars/opnsense1/vars.yml
new file mode 100644
index 0000000..ec5ab37
--- /dev/null
+++ b/inventory-example/host_vars/opnsense1/vars.yml
@@ -0,0 +1,8 @@
+freebsd_loader_config:
+  'mrsas_load': 'YES'
+  'hw.mfi.mrsas_enable': 1
+  'kern.ipc.nmbclusters': 1000000
+  'kern.ipc.nmbjumbop': 524288
+
+opnsense_backup_api_key: '{{ vault_opnsense_backup_api_key }}'
+opnsense_backup_api_secret: '{{ vault_opnsense_backup_api_secret }}'
diff --git a/inventory-example/host_vars/opnsense1/vault.yml b/inventory-example/host_vars/opnsense1/vault.yml
new file mode 100644
index 0000000..fbc5b60
--- /dev/null
+++ b/inventory-example/host_vars/opnsense1/vault.yml
@@ -0,0 +1,6 @@
+# This is a sample file with fake secrets. For a real deployment, encrypt this
+# file with `ansible-vault encrypt` and add your own secrets.
+---
+# Generate these values from the OPNsense web interface.
+vault_opnsense_backup_api_key: AAAAAAAAAAAchangeme
+vault_opnsense_backup_api_secret: AAAAAAAAAchangeme
diff --git a/inventory-example/host_vars/privbrowse1.yml b/inventory-example/host_vars/privbrowse1.yml
new file mode 100644
index 0000000..155cbf0
--- /dev/null
+++ b/inventory-example/host_vars/privbrowse1.yml
@@ -0,0 +1,8 @@
+cname:
+  - invidious
+  - nitter
+  - teddit
+
+invidious_server_name: invidious.{{ domain }}
+teddit_server_name: teddit.{{ domain }}
+nitter_server_name: nitter.{{ domain }}
diff --git a/inventory-example/host_vars/switch1/vars.yml b/inventory-example/host_vars/switch1/vars.yml
new file mode 100644
index 0000000..f09d6f3
--- /dev/null
+++ b/inventory-example/host_vars/switch1/vars.yml
@@ -0,0 +1,15 @@
+edgeswitch_backup_username: changeme
+edgeswitch_backup_password: '{{ vault_edgeswitch_backup_password }}'
+
+nagios_interfaces: # changeme (or delete)
+  - 0/1
+  - 0/2
+  - 0/3
+  - 0/4
+  - 0/5
+  - 0/6
+  - 0/7
+  - 0/8
+  - 0/9
+  - 0/10
+  - 3/1
diff --git a/inventory-example/host_vars/switch1/vault.yml b/inventory-example/host_vars/switch1/vault.yml
new file mode 100644
index 0000000..7067cd6
--- /dev/null
+++ b/inventory-example/host_vars/switch1/vault.yml
@@ -0,0 +1,4 @@
+# This is a sample file with fake secrets. For a real deployment, encrypt this
+# file with `ansible-vault encrypt` and add your own secrets.
+---
+vault_edgeswitch_backup_password: changeme
diff --git a/inventory-example/host_vars/ttrss1.yml b/inventory-example/host_vars/ttrss1.yml
new file mode 100644
index 0000000..f81784a
--- /dev/null
+++ b/inventory-example/host_vars/ttrss1.yml
@@ -0,0 +1 @@
+ttrss_server_name: ttrss.{{ domain }}
diff --git a/inventory-example/host_vars/tuxbook1.yml b/inventory-example/host_vars/tuxbook1.yml
new file mode 100644
index 0000000..9fd1945
--- /dev/null
+++ b/inventory-example/host_vars/tuxbook1.yml
@@ -0,0 +1 @@
+linux_laptop_wlan_device: wlp2s0
diff --git a/inventory-example/host_vars/tuxstation1.yml b/inventory-example/host_vars/tuxstation1.yml
new file mode 100644
index 0000000..92f34ef
--- /dev/null
+++ b/inventory-example/host_vars/tuxstation1.yml
@@ -0,0 +1,5 @@
+# When powersave is enabled on the communication controller of the Dell
+# Optiplex Micro, the onboad NIC drops a *huge* amount of packets.
+# see https://bugzilla.kernel.org/show_bug.cgi?id=213377
+udev_pci_powersave_blacklist:
+  - 8086:43e0
diff --git a/inventory-example/host_vars/tuxstation2.yml b/inventory-example/host_vars/tuxstation2.yml
new file mode 100644
index 0000000..ca83f4e
--- /dev/null
+++ b/inventory-example/host_vars/tuxstation2.yml
@@ -0,0 +1,8 @@
+# When powersave is enabled on the communication controller of the Dell
+# Optiplex Micro, the onboad NIC drops a *huge* amount of packets.
+# see https://bugzilla.kernel.org/show_bug.cgi?id=213377
+udev_pci_powersave_blacklist:
+  - 8086:7ae8
+
+# This i915 parameter was required in EL8
+grub_cmdline: resume=/dev/mapper/rl-swap rd.lvm.lv=rl/root rd.lvm.lv=rl/swap i915.force_probe=4680
diff --git a/inventory-example/host_vars/wiki1.yml b/inventory-example/host_vars/wiki1.yml
new file mode 100644
index 0000000..3141618
--- /dev/null
+++ b/inventory-example/host_vars/wiki1.yml
@@ -0,0 +1 @@
+mediawiki_fqdn: wiki.{{ domain }}
diff --git a/inventory-example/host_vars/www1.yml b/inventory-example/host_vars/www1.yml
new file mode 100644
index 0000000..d65643b
--- /dev/null
+++ b/inventory-example/host_vars/www1.yml
@@ -0,0 +1 @@
+apache_use_nfs: yes