feat(role): add provisioner role

2024-06-27 00:00:00 +00:00 · 2024-06-27 00:00:00 +00:00 · 1b3e0c401c
commit 1b3e0c401c
parent b22b39c92b
15 changed files with 181 additions and 4 deletions
--- a/inventory/group_vars/provisioner/vars.yml
+++ b/inventory/group_vars/provisioner/vars.yml
@ -0,0 +1,8 @@
+# Variables starting with 'provisioner_' in this file will be injected in all hosts configuration as 'ansible_facts.provisioner_facts.<key>'
+provisioner_artifacts_dir: /srv/ansible/artifacts
+provisioner_helm_binary_path: /usr/local/bin/helm
+provisioner_k8s_states_dir: /srv/ansible/states
+provisioner_kubeconfig_repository: /srv/ansible/kubeconfig
+provisioner_kubectl_binary_path: /usr/local/bin/kubectl
+provisioner_k3sup_binary_path: /usr/local/bin/k3sup
+provisioner_tofu_binary_path: /usr/bin/tofu #do not change this, the path is decided by the .deb package
--- a/inventory/host_vars/unobtainium/vars.yml
+++ b/inventory/host_vars/unobtainium/vars.yml
@ -1,6 +1,5 @@
 ansible_become_password: "{{ vault_root_pass }}"
 ansible_host: "{{ vault_ansible_host }}"
-ansible_connection: local

 # common role
 common_apt_packages:
@ -21,6 +20,3 @@ common_sysctl_configuration:
 security_firewall_filter_policy_output: accept
 security_firewall_filter_policy_forward: accept
 security_firewall_mangle_policy_forward: accept
-
-# provisioner role
-terraform_binary_path: '/usr/bin/tofu'
--- a/inventory/host_vars/unsepttrium/unsepttrium/vars.yml
+++ b/inventory/host_vars/unsepttrium/unsepttrium/vars.yml
@ -0,0 +1,21 @@
+ansible_become_password: "{{ vault_root_pass }}"
+ansible_host: "{{ vault_ansible_host }}"
+
+# common role
+common_apt_packages:
+  - pcscd
+  - pinentry-curses
+common_git_enabled: true
+common_git_username: "{{ vault_common_gitconfig_username }}"
+common_git_email: "{{ vault_common_gitconfig_email }}"
+common_git_force_sign: true
+common_git_signing_key: "{{ vault_common_gitconfig_signingkey }}"
+common_install_fonts: true
+common_sysctl_configuration:
+  'fs.inotify.max_user_watches': 1048576
+  'vm.swappiness': 1
+
+# security role
+security_firewall_filter_policy_output: accept
+security_firewall_filter_policy_forward: accept
+security_firewall_mangle_policy_forward: accept
--- a/inventory/host_vars/unsepttrium/vars.yml
+++ b/inventory/host_vars/unsepttrium/vars.yml
@ -0,0 +1,21 @@
+ansible_become_password: "{{ vault_root_pass }}"
+ansible_host: "{{ vault_ansible_host }}"
+
+# common role
+common_apt_packages:
+  - pcscd
+  - pinentry-curses
+common_git_enabled: true
+common_git_username: "{{ vault_common_gitconfig_username }}"
+common_git_email: "{{ vault_common_gitconfig_email }}"
+common_git_force_sign: true
+common_git_signing_key: "{{ vault_common_gitconfig_signingkey }}"
+common_install_fonts: true
+common_sysctl_configuration:
+  'fs.inotify.max_user_watches': 1048576
+  'vm.swappiness': 1
+
+# security role
+security_firewall_filter_policy_output: accept
+security_firewall_filter_policy_forward: accept
+security_firewall_mangle_policy_forward: accept