88 lines
3 KiB
YAML
88 lines
3 KiB
YAML
ansible_become_password: "{{ vault_root_pass }}"
|
|
ansible_host: "{{ vault_ansible_host }}"
|
|
ansible_user: "{{ vault_ssh_user }}"
|
|
|
|
security_firewall_mangle_drop_privatenets: false
|
|
security_firewall_mangle_policy_forward: accept
|
|
security_firewall_filter_policy_forward: accept
|
|
|
|
k3s_cluster_name: internal
|
|
k3s_cluster_role: server
|
|
k3s_cluster_ip: "{{ vault_cluster_ip }}"
|
|
|
|
mariadb_server_root_password: "{{ vault_mariadb_server_root_password }}"
|
|
mariadb_server_run_custom_sql: true
|
|
mariadb_server_custom_sql: "{{ vault_mariadb_server_custom_sql }}"
|
|
mariadb_server_bind_addresses: "{{ vault_mariadb_server_bind_addresses }}"
|
|
|
|
postgresql_server_run_custom_sql: true
|
|
postgresql_nft_allowed_ingress_list: '{{ vault_postgresql_nft_allowed_ingress_list }}'
|
|
postgresql_server_custom_sql: "{{ vault_postgresql_server_custom_sql }}"
|
|
postgresql_server_bind_addresses: "{{ vault_postgresql_server_bind_addresses }}"
|
|
postgresql_server_databases_list:
|
|
- name: '{{ vault_invidious_pg_dbname }}'
|
|
- name: '{{ vault_opentofu_pg_dbname }}'
|
|
postgresql_server_accounts_list:
|
|
- name: '{{ vault_invidious_pg_user }}'
|
|
password: '{{ vault_invidious_pg_password }}'
|
|
- name: '{{ vault_opentofu_pg_user }}'
|
|
password: '{{ vault_opentofu_pg_password }}'
|
|
postgresql_server_hba_conf_list:
|
|
- address: '10.42.0.0/16'
|
|
databases:
|
|
- '{{ vault_invidious_pg_dbname }}'
|
|
contype: hostssl
|
|
method: scram-sha-256
|
|
users:
|
|
- '{{ vault_invidious_pg_user }}'
|
|
- address: '{{ vault_provider_geopoiesis }}/32'
|
|
databases:
|
|
- '{{ vault_opentofu_pg_dbname }}'
|
|
contype: hostssl
|
|
method: scram-sha-256
|
|
users:
|
|
- '{{ vault_opentofu_pg_user }}'
|
|
- address: '{{ vault_provider_unobtainium }}/32'
|
|
databases:
|
|
- '{{ vault_opentofu_pg_dbname }}'
|
|
contype: hostssl
|
|
method: scram-sha-256
|
|
users:
|
|
- '{{ vault_opentofu_pg_user }}'
|
|
- address: '{{ vault_provider_unsepttrium }}/32'
|
|
databases:
|
|
- '{{ vault_opentofu_pg_dbname }}'
|
|
contype: hostssl
|
|
method: scram-sha-256
|
|
users:
|
|
- '{{ vault_opentofu_pg_user }}'
|
|
|
|
k3s_cluster_helm_customizations:
|
|
k3s_cluster_additional_helm_charts:
|
|
- release_name: redis
|
|
release_namespace: default
|
|
chart_ref: 'oci://registry-1.docker.io/bitnamicharts/redis'
|
|
chart_version: '^18'
|
|
values:
|
|
replica:
|
|
replicaCount: 1
|
|
|
|
k3s_cluster_additional_tf_resources:
|
|
- name: Invoice Ninja
|
|
git_repository: 'https://gitlab.0x2a.ninja/flowtech/oss/invoice-ninja.git'
|
|
git_revision: 0.0.8
|
|
terraform_dir: 'terraform'
|
|
tfvars_content: '{{ vault_invoice_ninja_tfvars }}'
|
|
backend_override: |-
|
|
terraform {
|
|
backend "pg" {}
|
|
}
|
|
backend_env:
|
|
PGHOST: '{{ vault_ansible_host }}'
|
|
PGDATABASE: '{{ vault_opentofu_pg_dbname }}'
|
|
PGUSER: '{{ vault_opentofu_pg_user }}'
|
|
PGPASSWORD: '{{ vault_opentofu_pg_password }}'
|
|
|
|
hc_vault_server_tls_cert_data: '{{ vault_hc_vault_server_tls_cert_data }}'
|
|
hc_vault_server_tls_key_data: '{{ vault_hc_vault_server_tls_key_data }}'
|
|
hc_vault_initialize: true
|