initial upload

group_vars/all/ansible.yml

@@ -0,0 +1 @@
+ansible_python_interpreter: /usr/bin/python3

group_vars/all/consul.yml

@@ -0,0 +1,22 @@
+---
+
+consul_server: "{{ ansible_hostname in consul_servers }}"
+
+consul_acl_datacenter: msiserv
+consul_acl_master_token: "229369d9-6345-6c57-72b3-166f3c2a74a5"
+consul_acl_agent_token: "ad92623d-fcab-85c2-55ae-3fbd36da6f83"
+consul_acl_token: "168d2a19-0a8d-b197-03dc-0e2b0c324421"
+consul_acl_replication_token: "377fdfae-02ac-7a43-f9d4-c5a9b1c2bdeb"
+
+# Bootstrap only:
+#consul_bootstrap_expect: 2
+#consul_encrypt_key: "eUQzZHtGbDlNmMuBr1UM2Q=="
+
+consul_servers:
+ - eu.srv
+ - us.srv
+ - admin.srv
+
+consul_services: yes
+
+consul_dns_forwarders: "{{ network_fallback_resolvers }}"

group_vars/all/datacenter.yml

@@ -0,0 +1,10 @@
+datacenter_global_networks:
+  - 192.168.255.0/24
+  - 10.11.0.0/16
+
+datacenter_id:
+  - msiserv
+
+datacenter_public_networks:
+  - 62.171.160.169/32
+  - 207.244.234.58/32  

group_vars/all/firewall.yml

@@ -0,0 +1,30 @@
+---
+
+firewall_ssh_acl:
+  - 0.0.0.0/0              # allow SSH from everywhere
+
+
+firewall_influx_acl:
+  - 10.11.0.0/16              # allow influx from ip(s)
+  - 192.168.255.0/24          # allow influx from ip(s)
+
+
+firewall_mariadb_acl:
+  - 10.11.0.0/16              # allow mariadb from ip(s)
+  - 192.168.255.0/24          # allow mariadb from ip(s)
+
+firewall_ssh_acl_extra: "{{ datacenter_global_networks + datacenter_public_networks }}"
+
+
+firewall_influx_acl_extra: "{{ datacenter_global_networks + datacenter_public_networks }}"
+
+
+firewall_mariadb_acl_extra: "{{ datacenter_global_networks + datacenter_public_networks }}"
+
+
+firewall_monitoring_ips:
+  - 10.11.11.200
+  - 10.11.12.150
+
+# TODO: Needs an inventory of all external services.
+firewall_output_default_drop: no

group_vars/all/network.yml

@@ -0,0 +1,8 @@
+---
+
+network_default_gateway: "{{ ansible_default_ipv4.gateway }}"
+
+network_nameservers:
+  - 1.1.1.1
+
+network_bind_listen: "{{ network_private_ip }}"

group_vars/all/postfix.yml

@@ -0,0 +1,5 @@
+postfix_mynetworks: "{{ datacenter_global_networks + datacenter_public_networks + datacenter_public_ipv6_networks if postfix_relay else [] }}"
+
+postfix_dkim_domains:
+  maruntiel.net:
+    selector: 201903

group_vars/eu/datacenter.yml

@@ -0,0 +1,11 @@
+---
+
+datacenter_id: msiserv
+datacenter_name: EU-Germany
+datacenter_full_name: Contabo
+datacenter_local_networks:
+  - 192.168.255.0/24
+  - 10.11.201.0/24
+datacenter_public_networks:
+  - 62.171.160.169/32
+

group_vars/eu/network.yml

@@ -0,0 +1,11 @@
+---
+network_default_gateway: 62.171.160.1
+network_nameservers:
+  - 213.136.95.10
+  - 213.136.95.11
+network_fallback_resolvers:
+  - 10.11.201.101
+network_private_ip:
+  - 10.11.201.101
+  - 10.11.202.101
+  - 10.11.11.200

group_vars/ro/datacenter.yml

@@ -0,0 +1,9 @@
+---
+
+datacenter_id: msiserv
+datacenter_name: EU-Romania
+datacenter_full_name: Maruntiel
+datacenter_local_networks:
+  - 10.11.11.0/24
+  - 10.11.12.0/24
+

group_vars/ro/network.yml

@@ -0,0 +1,10 @@
+---
+network_default_gateway: 10.11.12.1
+network_nameservers:
+  - 1.1.1.2
+  - 8.8.4.4
+network_fallback_resolvers:
+  - 10.11.201.101
+network_private_ip:
+  - 10.11.11.200
+  - 10.11.12.150

group_vars/us/datacenter.yml

@@ -0,0 +1,10 @@
+---
+
+datacenter_id: msiserv
+datacenter_name: US-New_York
+datacenter_full_name: Contabo
+datacenter_local_networks:
+  - 192.168.255.0/24
+  - 10.11.202.0/24
+datacenter_public_networks:
+  - 207.244.234.58/32

group_vars/us/network.yml

@@ -0,0 +1,7 @@
+---
+network_default_gateway: 207.244.224.1
+network_nameservers:
+  - 209.126.15.51 
+  - 209.126.15.52
+network_fallback_resolvers:
+  - 10.11.202.101