diff options
Diffstat (limited to 'inventory-example/group_vars/all/global.yml')
-rw-r--r-- | inventory-example/group_vars/all/global.yml | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/inventory-example/group_vars/all/global.yml b/inventory-example/group_vars/all/global.yml new file mode 100644 index 0000000..f4ea98e --- /dev/null +++ b/inventory-example/group_vars/all/global.yml @@ -0,0 +1,105 @@ +# By convention, variables defined in this file are safe to use in all roles. +# +# In other words, this should be the only place where you should see variables +# without a 'rolename_' prefix. +--- +ansible_python_interpreter: /usr/libexec/platform-python + +timezone: America/New_York +domain: ipa.example.com # changeme +email_domain: example.com # changeme + +organization: ACME, Inc. # changeme + +# This variable will be used to configure an SSID with certificate-based auth +# for any hosts in the linux-laptops group. +wifi_ssid: acme-wifi + +# Hosts in these CIDRs should be capable of kerberos authentication. +# We use this in many apache configs to determine when to force GSSAPI auth. +kerberized_cidrs: # changeme + - 10.10.12.0/24 + +backup_path: ~/backups + +# Use your external MX hostname so that TLS validation works. +mail_host: mx1.exmaple.com + +imap_host: imap.{{ domain }} +rspamd_host: rspamd.{{ domain }} + +# changeme: specify your vlans here. +# This dictionary is used to discover which VLAN a host belongs to. +# The appropriate VLAN object will end up in the `vlan` variable in host_vars. +vlans: + mgmt: + id: 11 + cidr: 10.10.11.0/24 + gateway: 10.10.11.1 + dns_servers: # freeipa servers + - 10.10.12.2 + - 10.10.12.3 + ntp_servers: ['10.10.11.1'] + + trusted: + id: 12 + cidr: 10.10.12.0/23 + dns_servers: # freeipa servers + - 10.10.12.2 + - 10.10.12.3 + gateway: 10.10.12.1 + ntp_servers: ['10.10.12.1'] + + voip: + id: 14 + cidr: 10.10.14.0/24 + gateway: 10.10.14.1 + dns_servers: # freeipa servers + - 10.10.12.2 + - 10.10.12.3 + ntp_servers: ['10.10.14.1'] + + print: + id: 15 + cidr: 10.10.15.0/24 + gateway: 10.10.15.1 + dns_servers: # freeipa servers + - 10.10.12.2 + - 10.10.12.3 + ntp_servers: ['10.10.15.1'] + + vpn: + id: 16 + cidr: 10.10.16.0/24 + gateway: 10.10.16.1 + dns_servers: # freeipa servers + - 10.10.12.2 + - 10.10.12.3 + ntp_servers: ['10.10.16.1'] + + dmz: + id: 19 + cidr: 10.10.19.0/24 + dns_servers: # freeipa servers + - 10.10.12.2 + - 10.10.12.3 + gateway: 10.10.19.1 + ntp_servers: ['10.10.19.1'] + + +# standard freeipa variables +freeipa_realm: '{{ domain | upper }}' +freeipa_basedn: "dc={{ domain.split('.') | join(',dc=') }}" +freeipa_hosts: "{{ groups['freeipa_servers'] | map('regex_replace', '$', '.' ~ domain) }}" +freeipa_ldap_uri: "{{ groups['freeipa_servers'] | map('regex_replace', '^(.*)$', 'ldap://\\1.' ~ domain) | join(' ') }}" +freeipa_master: "{{ groups['freeipa_master'][0] }}" +freeipa_sysaccount_basedn: 'cn=sysaccounts,cn=etc,{{ freeipa_basedn }}' +freeipa_user_basedn: cn=users,cn=accounts,{{ freeipa_basedn }} +freeipa_group_basedn: cn=groups,cn=accounts,{{ freeipa_basedn }} +freeipa_accounts_basedn: cn=accounts,{{ freeipa_basedn }} +freeipa_service_basedn: cn=services,cn=accounts,{{ freeipa_basedn }} +freeipa_ds_password: '{{ vault_freeipa_ds_password }}' +freeipa_admin_password: '{{ vault_freeipa_admin_password }}' +ipa_host: '{{ freeipa_master }}.{{ domain }}' +ipa_user: admin +ipa_pass: '{{ freeipa_admin_password }}' |