aboutsummaryrefslogtreecommitdiffstats
path: root/inventory-example/40-groups
blob: 9703c6c4a7ff9680274b9e94e2b3f8b3ebd2ce50 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

# Required Groups
# ===============
# Hosts that aren't ready for Rocky 9 yet.
[el8:children]
asterisk_servers
imap_servers
rspamd_servers
unifi_controllers
xmpp_servers


# Required Variables
# ==================
[all:vars]
ansible_python_interpreter = /usr/libexec/platform-python
freeipa_realm = '{{ domain | upper }}'
freeipa_basedn = "dc={{ domain.split('.') | join(',dc=') }}"
freeipa_hosts = "{{ groups['freeipa_servers'] | map('regex_replace', '$', '.' ~ domain) }}"
freeipa_ldap_uri = "{{ groups['freeipa_servers'] | map('regex_replace', '^(.*)$', 'ldap://\\1.' ~ domain) | join(' ') }}"
freeipa_master = "{{ groups['freeipa_master'][0] }}"
freeipa_sysaccount_basedn = 'cn=sysaccounts,cn=etc,{{ freeipa_basedn }}'
freeipa_user_basedn = 'cn=users,cn=accounts,{{ freeipa_basedn }}'
freeipa_group_basedn = 'cn=groups,cn=accounts,{{ freeipa_basedn }}'
freeipa_accounts_basedn = 'cn=accounts,{{ freeipa_basedn }}'
freeipa_service_basedn = 'cn=services,cn=accounts,{{ freeipa_basedn }}'
ipa_host = '{{ freeipa_master }}.{{ domain }}'
ipa_user = admin
ipa_pass = '{{ freeipa_admin_password }}'

[dav_servers:vars]
apache_can_sendmail = True
apache_can_network_connect_db = True
apache_can_connect_ldap = True
apache_gssapi = True
nagios_http_status = 401

[el8:vars]
proxmox_template = rocky8.8
proxmox_bios = seabios

[freeipa_master:vars]
# The initial FreeIPA installation requires an upstream DNS server to bootstrap itself.
proxmox_nameservers = '{{ freeipa_dns_forwarders }}'
# Don't update all freeipa servers at once
dnf_automatic_on_calendar = '*-*-1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31 04:00:00'

[freeipa_replicas:vars]
# Don't update all freeipa servers at once
dnf_automatic_on_calendar = '*-*-2,4,6,8,10,12,14,16,18,20,22,24,26,28,30 04:00:00'

[freeipa_servers:vars]
dnf_automatic_restart = False

[git_servers:vars]
apache_gssapi = True

[linux_desktops:vars]
tuned_profile = desktop

[linux_laptops:vars]
tuned_profile = powersave
rsyslog_forward = no

[nagios_servers:vars]
apache_gssapi = True

[matrix_servers:vars]
apache_ssl_listen_ports='[443,{{ synapse_client_port }},{{ synapse_federation_port }}]'

[opnsense_firewalls:vars]
ansible_python_interpreter = /usr/local/bin/python3

[photostructure_servers:vars]
apache_gssapi = True
nagios_http_status = 401

[proxmox_hypervisors:vars]
ansible_python_interpreter = /usr/bin/python3

[proxmox_instances:vars]
tuned_profile = virtual-guest
grub_cmdline = 'console=ttyS0,115200n8 no_timer_check net.ifnames=0'

[rspamd_servers:vars]
apache_gssapi = True
nagios_http_status = 401

[syncthing_servers:vars]
apache_gssapi = True

[ttrss_servers:vars]
apache_gssapi = True
apache_can_sendmail = True
apache_can_network_connect_db = True
apache_can_network_connect = True
apache_can_connect_ldap = True

[wiki_servers:vars]
apache_gssapi = True
apache_can_sendmail = True
apache_can_network_connect_db = True
apache_can_connect_ldap = True
apache_can_network_connect = True
nagios_http_status = 401

[xmpp_servers:vars]
apache_can_network_connect = True
nagios_https_vhosts = '["{{ prosody_http_host | default(ansible_fqdn) }}"]'


# Nagios hostgroups
# =================
[nagios_net_snmp_clients:children]
nagios_ansible_managed_clients
opnsense_firewalls

[nagios_check_load:children]
nagios_net_snmp_clients

[nagios_check_mem:children]
nagios_net_snmp_clients

[nagios_check_disk:children]
nagios_net_snmp_clients

[nagios_check_interfaces:children]
nagios_net_snmp_clients
switches
access_points

[nagios_check_systemd:children]
nagios_ansible_managed_clients

[nagios_check_ssh:children]
baremetal
proxmox_instances
switches
access_points

[nagios_check_zfs:children]
nfs_servers
proxmox_hypervisors

[nagios_check_https:children]
freeipa_servers
yum_mirrors
ttrss_servers
znc_servers
dav_servers
bitwarden_servers
cups_servers
web_servers
git_servers
syncthing_servers
wiki_servers
jellyfin_servers
privbrowse_servers
photostructure_servers
rspamd_servers
unifi_controllers
xmpp_servers

# vi: ft=dosini
generated by cgit (git 2.34.1) at 2024-09-16 15:39:49 -0400