1 files changed, 105 insertions, 0 deletions
diff --git a/inventory-example/group_vars/all/global.yml b/inventory-example/group_vars/all/global.yml
new file mode 100644
index 0000000..f4ea98e
--- /dev/null
+++ b/inventory-example/group_vars/all/global.yml
@@ -0,0 +1,105 @@
+# By convention, variables defined in this file are safe to use in all roles.
+#
+# In other words, this should be the only place where you should see variables
+# without a 'rolename_' prefix.
+---
+ansible_python_interpreter: /usr/libexec/platform-python
+
+timezone: America/New_York
+domain: ipa.example.com    # changeme
+email_domain: example.com  # changeme
+
+organization: ACME, Inc.   # changeme
+
+# This variable will be used to configure an SSID with certificate-based auth
+# for any hosts in the linux-laptops group.
+wifi_ssid: acme-wifi
+
+# Hosts in these CIDRs should be capable of kerberos authentication.
+# We use this in many apache configs to determine when to force GSSAPI auth.
+kerberized_cidrs:  # changeme
+  - 10.10.12.0/24
+
+backup_path: ~/backups
+
+# Use your external MX hostname so that TLS validation works.
+mail_host: mx1.exmaple.com
+
+imap_host: imap.{{ domain }}
+rspamd_host: rspamd.{{ domain }}
+
+# changeme: specify your vlans here.
+# This dictionary is used to discover which VLAN a host belongs to.
+# The appropriate VLAN object will end up in the `vlan` variable in host_vars.
+vlans:
+  mgmt:
+    id: 11
+    cidr: 10.10.11.0/24
+    gateway: 10.10.11.1
+    dns_servers: # freeipa servers
+      - 10.10.12.2
+      - 10.10.12.3
+    ntp_servers: ['10.10.11.1']
+
+  trusted:
+    id: 12
+    cidr: 10.10.12.0/23
+    dns_servers: # freeipa servers
+      - 10.10.12.2
+      - 10.10.12.3
+    gateway: 10.10.12.1
+    ntp_servers: ['10.10.12.1']
+
+  voip:
+    id: 14
+    cidr: 10.10.14.0/24
+    gateway: 10.10.14.1
+    dns_servers: # freeipa servers
+      - 10.10.12.2
+      - 10.10.12.3
+    ntp_servers: ['10.10.14.1']
+
+  print:
+    id: 15
+    cidr: 10.10.15.0/24
+    gateway: 10.10.15.1
+    dns_servers: # freeipa servers
+      - 10.10.12.2
+      - 10.10.12.3
+    ntp_servers: ['10.10.15.1']
+
+  vpn:
+    id: 16
+    cidr: 10.10.16.0/24
+    gateway: 10.10.16.1
+    dns_servers: # freeipa servers
+      - 10.10.12.2
+      - 10.10.12.3
+    ntp_servers: ['10.10.16.1']
+
+  dmz:
+    id: 19
+    cidr: 10.10.19.0/24
+    dns_servers: # freeipa servers
+      - 10.10.12.2
+      - 10.10.12.3
+    gateway: 10.10.19.1
+    ntp_servers: ['10.10.19.1']
+
+
+# standard freeipa variables
+freeipa_realm: '{{ domain | upper }}'
+freeipa_basedn: "dc={{ domain.split('.') | join(',dc=') }}"
+freeipa_hosts: "{{ groups['freeipa_servers'] | map('regex_replace', '$', '.' ~ domain) }}"
+freeipa_ldap_uri: "{{ groups['freeipa_servers'] | map('regex_replace', '^(.*)$', 'ldap://\\1.' ~ domain) | join(' ') }}"
+freeipa_master: "{{ groups['freeipa_master'][0] }}"
+freeipa_sysaccount_basedn: 'cn=sysaccounts,cn=etc,{{ freeipa_basedn }}'
+freeipa_user_basedn: cn=users,cn=accounts,{{ freeipa_basedn }}
+freeipa_group_basedn: cn=groups,cn=accounts,{{ freeipa_basedn }}
+freeipa_accounts_basedn: cn=accounts,{{ freeipa_basedn }}
+freeipa_service_basedn: cn=services,cn=accounts,{{ freeipa_basedn }}
+freeipa_ds_password: '{{ vault_freeipa_ds_password }}'
+freeipa_admin_password: '{{ vault_freeipa_admin_password }}'
+ipa_host: '{{ freeipa_master }}.{{ domain }}'
+ipa_user: admin
+ipa_pass: '{{ freeipa_admin_password }}'