ansible-ffibk/inventory/group_vars/all
prisma01 b91112516d
Introduce Kumpir, our new www server, add wordpress role (#26)
* Introduce Kumpir, our new www server, add wordpress role

* move kumpir to services group, use safer distinction for ssl_cert location, reduce www playbook

* set server type to services

* fix typo

* rename service-wordpress to service-nginx-wordpress

* Add service-nginx-etherpad role

* Add ed25519 keypair for system_users when supported.

* Revert "Add ed25519 keypair for system_users when supported."

This reverts commit ffef991ca41185d19953b96439e80b1b9a6ba534.

* Change generated keys format to ed25519

* fix indention of nginx templates, reduce amount of needed tasks by adding extra_opts to unarchive, remove not needed mysql db tasks, make new acme_server default

* Change new default preference for acme servers, marking acme_server zuckerwatte deprecated soon.
2019-09-26 22:13:13 +02:00

722 lines
14 KiB
Text

---
ansible_version_minimum: "2.6"
debug_fastd: False
site_code: ffmwu
site_name: "Mainz, Wiesbaden und Umgebung"
as_private: 65037
as_public_ffrl: 201701
internet_exit_tcp_mss_ipv4: 1240
internet_exit_tcp_mss_ipv6: 1220
icvpn_ipv4_transfer_net: 10.207.0.0/16
icvpn_ipv6_transfer_net: fec0::a:cf:0:0/96
loopback_net_ipv4: 10.87.255.0/24
loopback_net_ipv6: fd86:b4dc:4b1e:00ff::/64
anycast_ipv4: 10.87.255.255/32
anycast_ipv6: fd86:b4dc:4b1e:00ff::ff/128
internal_prefixes:
- ipv4: 10.37.0.0/16
ipv6: fd37:b4dc:4b1e::/48
- ipv4: 10.56.0.0/16
ipv6: fd56:b4dc:4b1e::/48
- ipv4: 10.86.0.0/15
ipv6: fd86:b4dc:4b1e::/48
public_prefixes:
- ipv6: 2a03:2260:11a::/48
- ipv6: 2a03:2260:11b::/48
bgp_ipv4_transfer_net_legacy: 10.37.0.0/18
bgp_ipv6_transfer_net_legacy: fd37:b4dc:4b1e::/64
bgp_groups:
- gateways
- services
- monitoring
wireguard_networks:
- ipv4: 10.87.253.0/31
peers:
- lotuswurzel
- spinat
port: 50000
- ipv4: 10.87.253.2/31
peers:
- lotuswurzel
- wasserfloh
port: 50001
- ipv4: 10.87.253.4/31
peers:
- lotuswurzel
- uffschnitt
port: 50002
- ipv4: 10.87.253.6/31
peers:
- lotuswurzel
- ingwer
port: 50003
- ipv4: 10.87.253.8/31
peers:
- spinat
- wasserfloh
port: 50004
- ipv4: 10.87.253.10/31
peers:
- spinat
- uffschnitt
port: 50005
- ipv4: 10.87.253.12/31
peers:
- spinat
- ingwer
port: 50006
- ipv4: 10.87.253.14/31
peers:
- ingwer
- wasserfloh
port: 50007
- ipv4: 10.87.253.16/31
peers:
- wasserfloh
- uffschnitt
port: 50008
- ipv4: 10.87.253.18/31
peers:
- ingwer
- uffschnitt
port: 50009
- ipv4: 10.87.253.20/31
peers:
- lotuswurzel
- kichererbse
port: 50010
- ipv4: 10.87.253.22/31
peers:
- spinat
- kichererbse
port: 50011
- ipv4: 10.87.253.24/31
peers:
- wasserfloh
- kichererbse
port: 50012
- ipv4: 10.87.253.26/31
peers:
- uffschnitt
- kichererbse
port: 50013
- ipv4: 10.87.253.28/31
peers:
- ingwer
- kichererbse
port: 50014
- ipv4: 10.87.253.30/31
peers:
- lotuswurzel
- suesskartoffel
port: 50015
- ipv4: 10.87.253.32/31
peers:
- spinat
- suesskartoffel
port: 50016
- ipv4: 10.87.253.34/31
peers:
- ingwer
- suesskartoffel
port: 50017
- ipv4: 10.87.253.36/31
peers:
- wasserfloh
- suesskartoffel
port: 50018
- ipv4: 10.87.253.38/31
peers:
- uffschnitt
- suesskartoffel
port: 50019
- ipv4: 10.87.253.40/31
peers:
- kichererbse
- suesskartoffel
port: 50020
- ipv4: 10.87.253.42/31
peers:
- ingwer
- linse
port: 50021
- ipv4: 10.87.253.44/31
peers:
- lotuswurzel
- linse
port: 50022
- ipv4: 10.87.253.46/31
peers:
- spinat
- linse
port: 50023
- ipv4: 10.87.253.48/31
peers:
- uffschnitt
- linse
port: 50024
- ipv4: 10.87.253.50/31
peers:
- wasserfloh
- linse
port: 50025
- ipv4: 10.87.253.52/31
peers:
- suesskartoffel
- linse
port: 50026
- ipv4: 10.87.253.54/31
peers:
- kichererbse
- linse
port: 50027
- ipv4: 10.87.253.56/31
peers:
- unifi
- ingwer
port: 50028
- ipv4: 10.87.253.58/31
peers:
- unifi
- spinat
port: 50029
- ipv4: 10.87.253.60/31
peers:
- unifi
- uffschnitt
port: 50030
- ipv4: 10.87.253.62/31
peers:
- unifi
- lotuswurzel
port: 50031
- ipv4: 10.87.253.64/31
peers:
- unifi
- wasserfloh
port: 50032
- ipv4: 10.87.253.66/31
peers:
- unifi
- linse
port: 50033
- ipv4: 10.87.253.68/31
peers:
- unifi
- kichererbse
port: 50034
- ipv4: 10.87.253.70/31
peers:
- unifi
- suesskartoffel
port: 50035
- ipv4: 10.87.253.72/31
peers:
- kumpir
- ingwer
port: 50036
- ipv4: 10.87.253.74/31
peers:
- kumpir
- spinat
port: 50037
- ipv4: 10.87.253.76/31
peers:
- kumpir
- uffschnitt
port: 50038
- ipv4: 10.87.253.78/31
peers:
- kumpir
- lotuswurzel
port: 50039
- ipv4: 10.87.253.80/31
peers:
- kumpir
- wasserfloh
port: 50040
- ipv4: 10.87.253.82/31
peers:
- kumpir
- linse
port: 50041
- ipv4: 10.87.253.84/31
peers:
- kumpir
- kichererbse
port: 50042
- ipv4: 10.87.253.86/31
peers:
- kumpir
- suesskartoffel
port: 50043
- ipv4: 10.87.253.88/31
peers:
- kumpir
- unifi
port: 50044
fastd_groups:
- gateways
- monitoring
prometheus_groups:
- gateways
- services
- monitoring
node_exporter_opts: "--collector.systemd"
http_domain_internal: ffmwu.org
http_domain_external: freifunk-mwu.de
mail_domain: freifunk-mwu.de
acme_server: zuckerwatte
unifi_server: unifi
git_path: "/home/admin/clones"
gopath: "/opt/go"
meshes:
- id: dom0
domain_number: 0
domain_code: dom0
domain_name: Domain 0
aliases:
umland: Umland
ipv4_network: 10.86.0.0/20
ipv6_ula:
- fd86:b4dc:4b1e::/64
ipv6_public:
- 2a03:2260:11a:ff::/64
batman:
it: 10000
gw: server 96mbit/96mbit
mm: 0
dat: 1
hop_penalty: 60
radvd:
maxrtradvinterval: 900
advvalidlifetime: 864000
advpreferredlifetime: 172800
iface_mtu: 1350
fastd:
nodes:
instances:
- id: 0
mtu: 1406
pass: fastd/dom0vpn
peers:
repo: https://github.com/freifunk-mwu/peers-ffmwu.git
version: master
backbone:
instances:
- id: 0
mtu: 1406
pass: fastd/dom0igvpn
- id: dom1
domain_number: 1
domain_code: dom1
domain_name: Domain 1
aliases:
mainz: Mainz
ipv4_network: 10.86.16.0/20
ipv6_ula:
- fd86:b4dc:4b1e:1::/64
ipv6_public:
- 2a03:2260:11a:1::/64
batman:
it: 10000
gw: server 96mbit/96mbit
mm: 0
dat: 1
hop_penalty: 60
radvd:
maxrtradvinterval: 900
advvalidlifetime: 864000
advpreferredlifetime: 172800
iface_mtu: 1350
fastd:
nodes:
instances:
- id: 0
mtu: 1406
pass: fastd/dom1vpn
peers:
repo: https://github.com/freifunk-mwu/peers-ffmwu.git
version: master
backbone:
instances:
- id: 0
mtu: 1406
pass: fastd/dom1igvpn
- id: dom2
domain_number: 2
domain_code: dom2
domain_name: Domain 2
aliases:
wiesbaden: Wiesbaden
ipv4_network: 10.86.32.0/20
ipv6_ula:
- fd86:b4dc:4b1e:2::/64
ipv6_public:
- 2a03:2260:11a:2::/64
batman:
it: 10000
gw: server 96mbit/96mbit
mm: 0
dat: 1
hop_penalty: 60
radvd:
maxrtradvinterval: 900
advvalidlifetime: 864000
advpreferredlifetime: 172800
iface_mtu: 1350
fastd:
nodes:
instances:
- id: 0
mtu: 1406
pass: fastd/dom2vpn
peers:
repo: https://github.com/freifunk-mwu/peers-ffmwu.git
version: master
backbone:
instances:
- id: 0
mtu: 1406
pass: fastd/dom2igvpn
- id: dom3
domain_number: 3
domain_code: dom3
domain_name: Domain 3
aliases:
bingen: Bingen
ipv4_network: 10.86.48.0/20
ipv6_ula:
- fd86:b4dc:4b1e:3::/64
ipv6_public:
- 2a03:2260:11a:3::/64
batman:
it: 10000
gw: server 96mbit/96mbit
mm: 0
dat: 1
hop_penalty: 60
radvd:
maxrtradvinterval: 900
advvalidlifetime: 864000
advpreferredlifetime: 172800
iface_mtu: 1350
fastd:
nodes:
instances:
- id: 0
mtu: 1406
pass: fastd/dom3vpn
peers:
repo: https://github.com/freifunk-mwu/peers-ffmwu.git
version: master
backbone:
instances:
- id: 0
mtu: 1406
pass: fastd/dom3igvpn
- id: dom4
domain_number: 4
domain_code: dom4
domain_name: Domain 4
aliases:
rheingau: Rheingau
ipv4_network: 10.86.64.0/20
ipv6_ula:
- fd86:b4dc:4b1e:4::/64
ipv6_public:
- 2a03:2260:11a:4::/64
batman:
it: 10000
gw: server 96mbit/96mbit
mm: 0
dat: 1
hop_penalty: 60
radvd:
maxrtradvinterval: 900
advvalidlifetime: 864000
advpreferredlifetime: 172800
iface_mtu: 1350
fastd:
nodes:
instances:
- id: 0
mtu: 1406
pass: fastd/dom4vpn
peers:
repo: https://github.com/freifunk-mwu/peers-ffmwu.git
version: master
backbone:
instances:
- id: 0
mtu: 1406
pass: fastd/dom4igvpn
- id: dom5
domain_number: 5
domain_code: dom5
domain_name: Domain 5
aliases:
taunus: Taunus
ipv4_network: 10.86.80.0/20
ipv6_ula:
- fd86:b4dc:4b1e:5::/64
ipv6_public:
- 2a03:2260:11a:5::/64
batman:
it: 10000
gw: server 96mbit/96mbit
mm: 0
dat: 1
hop_penalty: 60
radvd:
maxrtradvinterval: 900
advvalidlifetime: 864000
advpreferredlifetime: 172800
iface_mtu: 1350
fastd:
nodes:
instances:
- id: 0
mtu: 1406
pass: fastd/dom5vpn
peers:
repo: https://github.com/freifunk-mwu/peers-ffmwu.git
version: master
backbone:
instances:
- id: 0
mtu: 1406
pass: fastd/dom5igvpn
- id: dom6
domain_number: 6
domain_code: dom6
domain_name: Domain 6
aliases:
limburg: Limburg
ipv4_network: 10.86.96.0/20
ipv6_ula:
- fd86:b4dc:4b1e:6::/64
ipv6_public:
- 2a03:2260:11a:6::/64
batman:
it: 10000
gw: server 96mbit/96mbit
mm: 0
dat: 1
hop_penalty: 60
radvd:
maxrtradvinterval: 900
advvalidlifetime: 864000
advpreferredlifetime: 172800
iface_mtu: 1350
fastd:
nodes:
instances:
- id: 0
mtu: 1406
pass: fastd/dom6vpn
peers:
repo: https://github.com/freifunk-mwu/peers-ffmwu.git
version: master
backbone:
instances:
- id: 0
mtu: 1406
pass: fastd/dom6igvpn
- id: dom7
domain_number: 7
domain_code: dom7
domain_name: Domain 7
aliases:
weilrod: Weilrod
ipv4_network: 10.86.112.0/20
ipv6_ula:
- fd86:b4dc:4b1e:7::/64
ipv6_public:
- 2a03:2260:11a:7::/64
batman:
it: 10000
gw: server 96mbit/96mbit
mm: 0
dat: 1
hop_penalty: 60
radvd:
maxrtradvinterval: 900
advvalidlifetime: 864000
advpreferredlifetime: 172800
iface_mtu: 1350
fastd:
nodes:
instances:
- id: 0
mtu: 1406
pass: fastd/dom7vpn
peers:
repo: https://github.com/freifunk-mwu/peers-ffmwu.git
version: master
backbone:
instances:
- id: 0
mtu: 1406
pass: fastd/dom7igvpn
- id: mz
legacy: true
domain_number: 37
domain_code: ffmz
domain_name: "Mainz (legacy)"
aliases:
ffbin: "Bingen (legacy)"
ffrhg: "Rheingau (legacy)"
ipv4_network: 10.37.0.0/18
ipv6_ula:
- fd37:b4dc:4b1e::/64
ipv6_public:
- 2a03:2260:11a::/64
dnssl:
- ffmz.org
- user.ffmz.org
batman:
it: 10000
gw: server 96mbit/96mbit
mm: 0
dat: 1
hop_penalty: 60
radvd:
maxrtradvinterval: 900
advvalidlifetime: 86400
advpreferredlifetime: 14400
iface_mtu: 1350
fastd:
nodes:
instances:
- id: 0
mtu: 1406
peers:
repo: https://github.com/freifunk-mwu/peers-ffmwu.git
version: master
pass: fastd/mzvpn
backbone:
instances:
- id: 0
mtu: 1406
peers:
repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
version: master
pass: fastd/mzigvpn
http_domain_internal: ffmz.org
http_domain_external: freifunk-mainz.de
- id: wi
legacy: true
domain_number: 56
domain_code: ffwi
domain_name: "Wiesbaden (legacy)"
aliases:
ffta: "Taunus (legacy)"
ipv4_network: 10.56.0.0/18
ipv6_ula:
- fd56:b4dc:4b1e::/64
ipv6_public:
- 2a03:2260:11b::/64
dnssl:
- ffwi.org
- user.ffwi.org
batman:
it: 10000
gw: server 96mbit/96mbit
mm: 0
dat: 1
hop_penalty: 60
radvd:
maxrtradvinterval: 900
advvalidlifetime: 864000
advpreferredlifetime: 172800
iface_mtu: 1350
fastd:
nodes:
instances:
- id: 0
mtu: 1406
peers:
repo: https://github.com/freifunk-mwu/peers-ffmwu.git
version: master
pass: fastd/wivpn
backbone:
instances:
- id: 0
mtu: 1406
peers:
repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git
version: master
pass: fastd/wiigvpn
http_domain_internal: ffwi.org
http_domain_external: wiesbaden.freifunk.net
icvpn:
prefix: mwu
interface: icvpn
icvpn_repo: https://github.com/freifunk/icvpn
bgp_legacy_servers:
zuckerwatte:
ipv4: 10.37.1.2
ipv6: fd37:b4dc:4b1e::a25:102
glueckskeks:
ipv4: 10.37.1.1
ipv6: fd37:b4dc:4b1e::a25:101
extrasahne:
ipv4: 10.37.0.42
ipv6: fd37:b4dc:4b1e::a25:2a
dns_external:
slaves:
- ns1.treck.de
- ns2.treck.de
- ns3.treck.de
dns_internal:
master_ipv4: 10.87.255.67
master_ipv6: fd86:b4dc:4b1e:ff::43
zones:
- ffmwu.org
- ffmz.org
- ffwi.org
- bb.ffmz.org
- bb.ffwi.org
- user.ffmz.org
- user.ffwi.org
- ffbin
- 37.10.in-addr.arpa
- 56.10.in-addr.arpa
- 86.10.in-addr.arpa
- 87.10.in-addr.arpa
- 0.0.0.0.e.1.b.4.c.d.4.b.7.3.d.f.ip6.arpa
- 0.0.0.0.e.1.b.4.c.d.4.b.6.5.d.f.ip6.arpa
- e.1.b.4.c.d.4.b.6.8.d.f.ip6.arpa