Initial CommitHEAD master

author: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
committer: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
commit: 95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree: cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /group_vars/all
1 files changed, 570 insertions, 0 deletions
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
new file mode 100644
index 0000000..7e37fc4
--- /dev/null
+++ b/group_vars/all/vars.yml
@@ -0,0 +1,570 @@
+# Homelab IaC Global Variables File
+# Variables are all kept here to avoid having them scattered
+# throughout the various roles
+#####################
+#                   #
+#   Infrastructure  #
+#                   #
+#####################
+timezone: America/New_York
+domain: "home.local"
+# proxmox system
+proxmox_api_user: "vmadmin@pam"
+proxmox_username: vmadmin
+ssh_public_key: data/common/id_rsa.pub
+# vm deploy
+vm_vlan: 20
+vm_onboot: yes
+vm_agent: yes
+vm_bridge: vmbr0
+vm_full_clone: yes
+template_id: 1000
+memory_size: 512
+cpu_cores: 1
+cpu_sockets: 1 
+bios_type: seabios
+# cloud init vars
+ci_target_dir: "/home/vmadmin"
+ci_memory_size: 512
+ci_base_id: 1000
+ci_disk_size: "10G"
+ci_storage: "fast-pool"
+ci_user: "admin"
+ci_debian_name: "debiantest"
+ci_bridge: "vmbr0"
+ci_vlan: 20
+ci_sshkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxbdj9XqeorxBqfhWaJp8JonsIhD0g6qSYRdBKqIyHARglr+mG0hjdeDg1TPxGUnuJUDmG1vC0gbSoaKyiPrwf3nbCfqVXT2k+aY4VepV4g4TLTTUVuTXiyVdd83sE5uiF7DDOfoYU34oZ0bHBjpJfuBHHYhipnZTdxdXhxUtDSmJ8kIz3F7NEiKA66U/4JYRolI5jYhIhdUGgEpxxWz+pCsrZIo9N+VkJfqvMoVs+GVOyUMLjmJDB+zBC28V7yaVtt3kQVl38hhYxOhDkrSdaV+PyyTatZxNVW1u9WcdVhCnyke1bmEIbjXBvSHC2MH6VKiXCCkA9YEjUNEYGbkYPfe3wiZMh7OQnMlTSs/cV6T5UUGbmcJQnsys1PR/szzDLAvFziK4q6TvvyzDXyBZPKoBT8SXjeRNWdhWIlsJA7Z8+GTxGr2Ow9WjDDHHU2gL8yWkZvMfGO6MUo6K4ItLW/H1HtasAcHBXjvRFiHiK2WAB55GRrMkwNU1TLRmNvmT27blbe/+c52EySs8FLNlGEgW3/80YUnwEkOWZ2hRsbe8BnxRVr28wjwzWSc4RJP7AXMcn73J1hBZ6mvrQK5V0pneLXXpjdebflwwVc1mAVoFXt8w5etGHn+bx5kKINlzXW1h7PPg/7kexqX7bVYRjcyI0Ot5/rsCikKuyAqDVhQ== picard@titan"
+ssh_key_local: data/common/id_rsa.pub
+ssh_key_dest: "/home/{{ci_user}}/ci_sshkey"
+nameserver: 192.168.20.1
+# proxmox backup server
+pbs_admin: "backupadmin@pbs"
+pbs_user: "backup@pbs"
+#pbs_host: "proxmox.home.local"
+pbs_host: "192.168.10.11"
+pbs_datastore: "onsite"
+pbs_datastore_path: "/mnt/backup/onsite"
+pbs_keep_last: "3"
+pbs_keep_daily: "13"
+pbs_keep_weekly: "8"
+pbs_keep_monthly: "11"
+pbs_keep_yearly: "4"
+pbs_fingerprint: "90:39:30:90:e9:11:7b:48:3f:88:a6:78:8d:62:c1:e4:c2:7a:ac:29:44:f7:88:5b:1e:25:f4:f7:b4:69:58:ac"
+# distro base
+base_packages:
+  - openssh-server
+  - ufw
+  - rsync
+  - htop
+  - vim
+  - sudo
+  - qemu-guest-agent
+  - git
+#####################
+#                   #
+#     Services      #
+#                   #
+#####################
+# common
+nginx_cert: data/common/fullchain.pem
+services_domain: chudnick.com
+oidc_issuer: "https://auth.chudnick.com"
+# chronyd
+chrony_config: data/chronyd/chrony.conf
+# msmtp_mta
+msmtp_mta_packages: 
+  - msmtp
+  - msmtp-mta
+msmtp_mta_config: data/msmtp_mta/msmtprc
+# prometheus server
+prometheus_package: prometheus
+management_ip: 192.168.10.254
+grafana_server_ip: 192.168.20.32
+prometheus_port: '9090'
+prometheus_nginx_config: data/grafana/grafana.conf
+prometheus_config: data/prometheus-server/prometheus.yml
+prometheus_defaults: data/prometheus-server/defaults
+# prometheus node exporter
+node_exporter_debian_package: prometheus-node-exporter
+node_exporter_fedora_package: golang-github-prometheus-node-exporter
+prometheus_server_ip: 192.168.20.32
+node_exporter_port: '9100'
+# prometheus nginx exporter
+nginx_exporter_debian_package: prometheus-nginx-exporter
+nginx_exporter_fedora_package: golang-github-prometheus-nginx-exporter
+nginx_exporter_port: '9113'
+nginx_exporter_config: data/prometheus-nginx-exporter/metrics.conf
+nginx_exporter_defaults: data/prometheus-nginx-exporter/defaults
+# grafana
+grafana_package:
+  - grafana
+  - nginx
+grafana_config: data/grafana/grafana.ini.j2
+grafana_nginx_config: data/grafana/grafana.conf
+grafana_url: https://monitoring.chudnick.com/grafana
+grafana_admin: admin
+grafana_email: admin@home.local
+prometheus_url: https://monitoring.chudnick.com/prometheus
+influxdb_url: http://monitoring.home.local:8086
+influx_database: proxmox
+influx_user: readonly
+loki_url: http://monitoring.home.local:3100
+grafana_dashboard_main: data/grafana/main.json
+# loki
+loki_nginx_config: data/loki/loki.conf
+loki_config: data/loki/config.yml
+loki_repo: "https://github.com/grafana/loki"
+loki_version: "v2.7.1"
+# promtail
+promtail_config: data/promtail/config.yml
+# influxdb
+influxdb_packages:
+  - influxdb
+  - influxdb-client
+influx_config: data/influxdb/influxdb.conf
+influx_data: data/influxdb/influx_data/
+# pihole
+pihole_packages:
+  - git
+  - unbound
+  - dns-root-data
+  - lighttpd-mod-openssl
+pihole_setupvars: data/pihole/setupVars.conf
+pihole_unboundconf: data/pihole/pihole_unbound.conf
+# unattended upgrades
+unattended_upgrades_packages:
+  - unattended-upgrades
+  - powermgmt-base
+  - python3-gi
+uu_mail_to: sam@chudnick.com
+uu_mail_from: Unattended Upgrades <monitoring@chudnick.com>
+# ipaserver
+ipa_dns_ip: 192.168.20.34
+# ipaclient
+ipaclient_domain: home.local
+ipaclient_realm: HOME.LOCAL
+ipaclient_mkhomedir: yes
+ipaclient_servers: ipasrv.home.local
+ipaclient_ntp_servers: ntp.home.local
+# ipabackup
+ipabackup_name: ipa-full-2022-08-27-07-56-01
+ipabackup_from_controller: yes
+# game server
+sunshine_repo: https://github.com/LizardByte/Sunshine
+sunshine_version: v0.20.1
+sunshine_packages:
+  - build-essential
+  - cmake
+  - libavdevice-dev
+  - libboost-filesystem-dev
+  - libboost-log-dev
+  - libboost-program-options-dev
+  - libboost-thread-dev
+  - libcap-dev
+  - libcurl4-openssl-dev
+  - libdrm-dev
+  - libevdev-dev
+  - libmfx-dev
+  - libnuma-dev
+  - libopus-dev
+  - libpulse-dev
+  - libssl-dev
+  - libva-dev
+  - libvdpau-dev
+  - libwayland-dev
+  - libx11-dev
+  - libxcb-shm0-dev
+  - libxcb-xfixes0-dev
+  - libxcb1-dev
+  - libxfixes-dev
+  - libxrandr-dev
+  - libxtst-dev
+  - nodejs
+  - npm
+  - nvidia-cuda-dev
+  - nvidia-cuda-toolkit
+  - xz-utils
+game_server_packages:
+  - xorg
+  - task-xfce-desktop
+  - firmware-amd-graphics
+  - amd64-microcode
+  - xserver-xorg-video-all
+  - linux-headers-6.0.0-0.deb11.2-amd64
+  - nginx
+  - ssl-cert
+games_user: gamer
+game_server_nginx_config: data/game_server/sunshine_proxy.conf
+steam_packages:
+  - steam
+  - mesa-vulkan-drivers
+  - libglx-mesa0:i386
+  - mesa-vulkan-drivers:i386
+  - libgl1-mesa-dri:i386
+lightdm_config: data/game_server/lightdm.conf
+xfce_xinit: data/game_server/xinitrc
+# jenkins
+jenkins_nginx_config: data/jenkins/jenkins.conf
+jenkins_config: data/jenkins/configuration.yml.j2
+jenkins_packages:
+  - openjdk-11-jre-headless
+  - nginx
+  - git
+  - ansible
+  - jenkins
+  - python3-proxmoxer
+jenkins_username: 7238a8bf-8945-47bc-85c3-d0356ad3428e
+jenkins_url: "https://jenkins.chudnick.com"
+# docker rootless
+docker_packages:
+  - docker-ce
+  - docker-ce-cli
+  - docker-ce-rootless-extras
+  - docker-compose-plugin
+  - uidmap
+  - dbus-user-session
+  - slirp4netns
+  - fuse-overlayfs
+  - acl
+docker_username: docker_rootless
+docker_uid: "2000"
+docker_home: /srv/docker
+docker_registry_url: "gitea.chudnick.com"
+docker_registry_username: "sam"
+docker_config: data/docker/daemon.json
+#####################
+#                   #
+# Docker Containers #
+#                   #
+#####################
+# authelia
+authelia_repo: "https://github.com/authelia/authelia"
+authelia_version: "master"
+authelia_nginx_config: data/authelia/authelia.conf
+authelia_config: data/authelia/configuration.yml
+authelia_network_name: authelia_net
+authelia_subnet: 172.25.0.0/24
+authelia_gateway: 172.25.0.1
+authelia_ipv4: 172.25.0.2
+redis_authelia_ipv4: 172.25.0.3
+authelia_proxy_snippet: data/authelia/proxy.conf
+authelia_location_snippet: data/authelia/authelia-location.conf
+authelia_request_snippet: data/authelia/authelia-authrequest.conf
+# searxng
+searxng_repo: "https://github.com/searxng/searxng"
+searxng_config: data/searxng/settings.yml
+searxng_uwsgi_config: data/searxng/uwsgi.ini
+searxng_nginx_config: data/searxng/searxng.conf
+searxng_network_name: searxng_net
+searxng_subnet: 172.25.1.0/24
+searxng_gateway: 172.25.1.1
+searxng_ipv4: 172.25.1.2
+redis_searxng_ipv4: 172.25.1.3
+# pihole_exporter
+pihole_exporter_repo: "https://github.com/eko/pihole-exporter/"
+pihole_exporter_version: "v0.3.0"
+pihole_exporter_network_name: pihole_exporter_net
+pihole_exporter_subnet: 172.25.2.0/24
+pihole_exporter_gateway: 172.25.2.1
+pihole_ip: 192.168.20.34
+pihole_api_port: '9617'
+pihole_exporter_nginx_config: data/pihole-exporter/pihole-exporter.conf
+# drawio
+drawio_repo: "https://github.com/jgraph/docker-drawio"
+drawio_nginx_config: data/drawio/drawio.conf
+drawio_network_name: drawio_net
+drawio_subnet: 172.25.3.0/24
+drawio_gateway: 172.25.3.1
+drawio_ipv4: 172.25.3.2
+drawio_plantuml_ipv4: 172.25.3.3
+drawio_export_ipv4: 172.25.3.4
+drawio_base_url: drawio.home.local
+# jellyfin
+jellyfin_repo: "https://github.com/jellyfin/jellyfin"
+jellyfin_version: "v10.8.8"
+jellyfin_nginx_config: data/jellyfin/jellyfin.conf
+jellyfin_network_name: jellyfin_net
+jellyfin_subnet: 172.25.4.0/24
+jellyfin_gateway: 172.25.4.1
+jellyfin_ipv4: 172.25.4.2
+jellyfin_config: data/jellyfin/config
+jellyfin_web_config: data/jellyfin/web-config.json
+jellyfin_media: data/jellyfin/media
+jellyfin_url: https://jellyfin.chudnick.com
+# navidrome
+navidrome_repo: "https://github.com/navidrome/navidrome"
+navidrome_version: "v0.48.0"
+navidrome_nginx_config: data/navidrome/navidrome.conf
+navidrome_network_name: navidrome_net
+navidrome_subnet: 172.25.5.0/24
+navidrome_gateway: 172.25.5.1
+navidrome_ipv4: 172.25.5.2
+# radicale
+radicale_repo: "https://github.com/Kozea/Radicale"
+radicale_version: "v3.1.8"
+radicale_config: data/radicale/config
+radicale_users: data/radicale/users
+radicale_nginx_config: data/radicale/radicale.conf
+radicale_network_name: radicale_net
+radicale_subnet: 172.25.6.0/24
+radicale_gateway: 172.25.6.1
+radicale_ipv4: 172.25.6.2
+# freshrss
+freshrss_repo: "https://github.com/FreshRSS/FreshRSS"
+freshrss_version: "v1.20.2"
+freshrss_nginx_config: data/freshrss/freshrss.conf
+freshrss_network_name: freshrss_net
+freshrss_subnet: 172.25.7.0/24
+freshrss_gateway: 172.25.7.1
+freshrss_ipv4: 172.25.7.2
+# homer
+homer_repo: "https://github.com/bastienwirtz/homer"
+homer_version: "v22.11.2"
+homer_nginx_config: data/homer/homer.conf
+homer_network_name: homer_net
+homer_subnet: 172.25.9.0/24
+homer_gateway: 172.25.9.1
+homer_ipv4: 172.25.9.2
+homer_assets_dir: data/homer/
+# invidious
+invidious_repo: "https://github.com/iv-org/invidious"
+invidious_nginx_config: data/invidious/invidious.conf.j2
+invidious_network_name: invidious_net
+invidious_subnet: 172.25.10.0/24
+invidious_gateway: 172.25.10.1
+invidious_ipv4: 172.25.10.2
+invidious_db_ipv4: 172.25.10.3
+invidious_server_name: "invidious.chudnick.com"
+invidious_external_port: 8002
+  #invidious_username: sam
+  #invidious_version: "v0.3.0-remote_user"
+# gitea
+gitea_repo: "https://github.com/go-gitea/gitea"
+gitea_git_uid: "1100"
+gitea_version: "v1.17.3"
+gitea_nginx_config: data/gitea/gitea.conf
+gitea_config: data/gitea/app.ini
+gitea_network_name: gitea_net
+gitea_subnet: 172.25.11.0/24
+gitea_gateway: 172.25.11.1
+gitea_ipv4: 172.25.11.2
+gitea_external_port: 8003
+# cadvisor
+cadvisor_repo: "https://github.com/google/cadvisor"
+cadvisor_version: "v0.46.0"
+cadvisor_nginx_config: data/cadvisor/cadvisor.conf
+cadvisor_network_name: cadvisor_net
+cadvisor_subnet: 172.25.12.0/24
+cadvisor_gateway: 172.25.12.1
+cadvisor_ipv4: 172.25.12.2
+cadvisor_external_port: 8004
+# nextcloud
+nextcloud_version: "25.0.2"
+nextcloud_nginx_config: data/nextcloud/nextcloud.conf
+nextcloud_network_name: nextcloud_net
+nextcloud_subnet: 172.25.13.0/24
+nextcloud_gateway: 172.25.13.1
+nextcloud_ipv4: 172.25.13.2
+nextcloud_redis_ipv4: 172.25.13.3
+nextcloud_postgres_ipv4: 172.25.13.4
+nextcloud_cron_ipv4: 172.25.13.5
+nextcloud_external_port: 8005
+nextcloud_postgres_db: "nextcloud"
+nextcloud_postgres_user: "nextcloud"
+nextcloud_admin: "admin"
+nextcloud_trusted_domains: "nextcloud.chudnick.com"
+# renovate
+renovate_network_name: renovate_net
+renovate_subnet: 172.25.14.0/24
+renovate_gateway: 172.25.14.1
+renovate_ipv4: 172.25.14.2
+renovate_endpoint: "https://gitea.chudnick.com/api/v1/"
+renovate_author: "renovate[bot] <renovate@chudnick.com>"
+# photoprism
+photoprism_admin_user: "admin"
+photoprism_auth_mode: "password"
+photoprism_site_url: "https://photos.chudnick.com"
+photoprism_nginx_config: data/photoprism/photoprism.conf
+photoprism_network_name: photoprism_net
+photoprism_subnet: 172.25.15.0/24
+photoprism_gateway: 172.25.15.1
+photoprism_ipv4: 172.25.15.2
+photoprism_external_port: 8006
+# gluetun
+gluetun_network_name: gluetun_net
+gluetun_subnet: 172.25.16.0/24
+gluetun_gateway: 172.25.16.1
+gluetun_ipv4: 172.25.16.2
+# qbittorrent
+qbittorrent_nginx_config: data/qbittorrent/qbittorrent.conf.j2
+qbittorrent_external_port: "8007"
+qbittorrent_server_name: qbittorrent.chudnick.com
+# sonarr
+sonarr_nginx_config: data/sonarr/sonarr.conf.j2
+sonarr_external_port: 8008
+sonarr_server_name: sonarr.chudnick.com
+# radarr
+radarr_nginx_config: data/radarr/radarr.conf.j2
+radarr_external_port: 8009
+radarr_server_name: radarr.chudnick.com
+# lidarr
+lidarr_nginx_config: data/lidarr/lidarr.conf.j2
+lidarr_external_port: 8010
+lidarr_server_name: lidarr.chudnick.com
+# readarr
+readarr_nginx_config: data/readarr/readarr.conf.j2
+readarr_external_port: 8011
+readarr_server_name: readarr.chudnick.com
+# prowlarr
+prowlarr_nginx_config: data/prowlarr/prowlarr.conf.j2
+prowlarr_external_port: 8012
+prowlarr_server_name: prowlarr.chudnick.com
+# bookstack
+bookstack_nginx_config: data/bookstack/bookstack.conf.j2
+bookstack_network_name: bookstack_net
+bookstack_subnet: 172.25.17.0/24
+bookstack_gateway: 172.25.17.1
+bookstack_ipv4: 172.25.17.2
+bookstack_db_ipv4: 172.25.17.3
+bookstack_server_name: "wiki.chudnick.com"
+bookstack_external_port: 8013
+# pywttr-docker
+pywttr_docker_nginx_config: data/pywttr_docker/pywttr_docker.conf.j2
+pywttr_docker_network_name: pywttr_docker_net
+pywttr_docker_subnet: 172.25.18.0/24
+pywttr_docker_gateway: 172.25.18.1
+pywttr_docker_ipv4: 172.25.18.2
+pywttr_docker_db_ipv4: 172.25.18.3
+pywttr_docker_server_name: "weather.chudnick.com"
+pywttr_docker_external_port: 8014
+# text-generation-webui
+text_generation_nginx_config: data/text_generation/text_generation.conf.j2
+text_generation_network_name: text_generation_net
+text_generation_subnet: 172.25.19.0/24
+text_generation_gateway: 172.25.19.1
+text_generation_ipv4: 172.25.19.2
+text_generation_db_ipv4: 172.25.19.3
+text_generation_server_name: "gpt.chudnick.com"
+text_generation_external_port: 8015
+text_generation_api_port: 5005
+text_generation_api_stream_port: 5000
+# kanboard
+kanboard_config: data/kanboard/config.php
+kanboard_nginx_config: data/kanboard/kanboard.conf.j2
+kanboard_network_name: kanboard_net
+kanboard_subnet: 172.25.20.0/24
+kanboard_gateway: 172.25.20.1
+kanboard_ipv4: 172.25.20.2
+kanboard_db_ipv4: 172.25.20.3
+kanboard_server_name: "tasks.chudnick.com"
+kanboard_external_port: 8016
+# firefly
+firefly_nginx_config: data/firefly/firefly.conf.j2
+firefly_network_name: firefly_net
+firefly_subnet: 172.25.21.0/24
+firefly_gateway: 172.25.21.1
+firefly_ipv4: 172.25.21.2
+firefly_db_ipv4: 172.25.21.3
+firefly_cron_ipv4: 172.25.21.4
+firefly_server_name: "finances.chudnick.com"
+firefly_external_port: 8017
+firefly_postgres_db: "firefly"
+firefly_postgres_user: "firefly"
+firefly_importer_ipv4: 172.25.21.5
+firefly_importer_server_name: "finimporter.chudnick.com"
+firefly_importer_external_port: 8018
+# home_assistant
+home_assistant_config: data/home_assistant/configuration.yaml
+home_assistant_nginx_config: data/home_assistant/home_assistant.conf.j2
+home_assistant_network_name: home_assistant_net
+home_assistant_subnet: 172.25.22.0/24
+home_assistant_gateway: 172.25.22.1
+home_assistant_ipv4: 172.25.22.2
+home_assistant_server_name: "homeassistant.chudnick.com"
+home_assistant_external_port: 8019
+# vaultwarden
+vaultwarden_nginx_config: data/vaultwarden/vaultwarden.conf.j2
+vaultwarden_network_name: vaultwarden_net
+vaultwarden_subnet: 172.25.23.0/24
+vaultwarden_gateway: 172.25.23.1
+vaultwarden_ipv4: 172.25.23.2
+vaultwarden_server_name: "vaultwarden.chudnick.com"
+vaultwarden_external_port: 8020
+######################
+#                    #
+# Networking Devices #
+#                    #
+######################
+# router
+router_hostname: charon
+ntp_server_ip: 192.168.20.2
+router_ip: 192.168.10.1
+router_user: data
+local_interface: enp34s0
+network_config_file: /etc/network/interfaces
+# ap
+ap_hostname: sol
+ap_ip: 192.168.10.2
author	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
committer	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
commit	95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree	cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /group_vars/all

diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml new file mode 100644 index 0000000..7e37fc4 --- /dev/null +++ b/group_vars/all/vars.yml
@@ -0,0 +1,570 @@
	1	# Homelab IaC Global Variables File
	2
	3	# Variables are all kept here to avoid having them scattered
	4	# throughout the various roles
	5
	6	#####################
	7	# #
	8	# Infrastructure #
	9	# #
	10	#####################
	11
	12	timezone: America/New_York
	13	domain: "home.local"
	14
	15	# proxmox system
	16	proxmox_api_user: "vmadmin@pam"
	17	proxmox_username: vmadmin
	18	ssh_public_key: data/common/id_rsa.pub
	19
	20	# vm deploy
	21	vm_vlan: 20
	22	vm_onboot: yes
	23	vm_agent: yes
	24	vm_bridge: vmbr0
	25	vm_full_clone: yes
	26	template_id: 1000
	27	memory_size: 512
	28	cpu_cores: 1
	29	cpu_sockets: 1
	30	bios_type: seabios
	31
	32	# cloud init vars
	33	ci_target_dir: "/home/vmadmin"
	34	ci_memory_size: 512
	35	ci_base_id: 1000
	36	ci_disk_size: "10G"
	37	ci_storage: "fast-pool"
	38	ci_user: "admin"
	39	ci_debian_name: "debiantest"
	40	ci_bridge: "vmbr0"
	41	ci_vlan: 20
	42	ci_sshkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxbdj9XqeorxBqfhWaJp8JonsIhD0g6qSYRdBKqIyHARglr+mG0hjdeDg1TPxGUnuJUDmG1vC0gbSoaKyiPrwf3nbCfqVXT2k+aY4VepV4g4TLTTUVuTXiyVdd83sE5uiF7DDOfoYU34oZ0bHBjpJfuBHHYhipnZTdxdXhxUtDSmJ8kIz3F7NEiKA66U/4JYRolI5jYhIhdUGgEpxxWz+pCsrZIo9N+VkJfqvMoVs+GVOyUMLjmJDB+zBC28V7yaVtt3kQVl38hhYxOhDkrSdaV+PyyTatZxNVW1u9WcdVhCnyke1bmEIbjXBvSHC2MH6VKiXCCkA9YEjUNEYGbkYPfe3wiZMh7OQnMlTSs/cV6T5UUGbmcJQnsys1PR/szzDLAvFziK4q6TvvyzDXyBZPKoBT8SXjeRNWdhWIlsJA7Z8+GTxGr2Ow9WjDDHHU2gL8yWkZvMfGO6MUo6K4ItLW/H1HtasAcHBXjvRFiHiK2WAB55GRrMkwNU1TLRmNvmT27blbe/+c52EySs8FLNlGEgW3/80YUnwEkOWZ2hRsbe8BnxRVr28wjwzWSc4RJP7AXMcn73J1hBZ6mvrQK5V0pneLXXpjdebflwwVc1mAVoFXt8w5etGHn+bx5kKINlzXW1h7PPg/7kexqX7bVYRjcyI0Ot5/rsCikKuyAqDVhQ== picard@titan"
	43	ssh_key_local: data/common/id_rsa.pub
	44	ssh_key_dest: "/home/{{ci_user}}/ci_sshkey"
	45	nameserver: 192.168.20.1
	46
	47	# proxmox backup server
	48	pbs_admin: "backupadmin@pbs"
	49	pbs_user: "backup@pbs"
	50	#pbs_host: "proxmox.home.local"
	51	pbs_host: "192.168.10.11"
	52	pbs_datastore: "onsite"
	53	pbs_datastore_path: "/mnt/backup/onsite"
	54	pbs_keep_last: "3"
	55	pbs_keep_daily: "13"
	56	pbs_keep_weekly: "8"
	57	pbs_keep_monthly: "11"
	58	pbs_keep_yearly: "4"
	59	pbs_fingerprint: "90:39:30:90:e9:11:7b:48:3f:88:a6:78:8d:62:c1:e4:c2:7a:ac:29:44:f7:88:5b:1e:25:f4:f7:b4:69:58:ac"
	60
	61
	62	# distro base
	63	base_packages:
	64	- openssh-server
	65	- ufw
	66	- rsync
	67	- htop
	68	- vim
	69	- sudo
	70	- qemu-guest-agent
	71	- git
	72
	73	#####################
	74	# #
	75	# Services #
	76	# #
	77	#####################
	78
	79	# common
	80	nginx_cert: data/common/fullchain.pem
	81	services_domain: chudnick.com
	82	oidc_issuer: "https://auth.chudnick.com"
	83
	84	# chronyd
	85	chrony_config: data/chronyd/chrony.conf
	86
	87	# msmtp_mta
	88	msmtp_mta_packages:
	89	- msmtp
	90	- msmtp-mta
	91	msmtp_mta_config: data/msmtp_mta/msmtprc
	92
	93	# prometheus server
	94	prometheus_package: prometheus
	95	management_ip: 192.168.10.254
	96	grafana_server_ip: 192.168.20.32
	97	prometheus_port: '9090'
	98	prometheus_nginx_config: data/grafana/grafana.conf
	99	prometheus_config: data/prometheus-server/prometheus.yml
	100	prometheus_defaults: data/prometheus-server/defaults
	101
	102	# prometheus node exporter
	103	node_exporter_debian_package: prometheus-node-exporter
	104	node_exporter_fedora_package: golang-github-prometheus-node-exporter
	105	prometheus_server_ip: 192.168.20.32
	106	node_exporter_port: '9100'
	107
	108	# prometheus nginx exporter
	109	nginx_exporter_debian_package: prometheus-nginx-exporter
	110	nginx_exporter_fedora_package: golang-github-prometheus-nginx-exporter
	111	nginx_exporter_port: '9113'
	112	nginx_exporter_config: data/prometheus-nginx-exporter/metrics.conf
	113	nginx_exporter_defaults: data/prometheus-nginx-exporter/defaults
	114
	115	# grafana
	116	grafana_package:
	117	- grafana
	118	- nginx
	119	grafana_config: data/grafana/grafana.ini.j2
	120	grafana_nginx_config: data/grafana/grafana.conf
	121	grafana_url: https://monitoring.chudnick.com/grafana
	122	grafana_admin: admin
	123	grafana_email: admin@home.local
	124	prometheus_url: https://monitoring.chudnick.com/prometheus
	125	influxdb_url: http://monitoring.home.local:8086
	126	influx_database: proxmox
	127	influx_user: readonly
	128	loki_url: http://monitoring.home.local:3100
	129	grafana_dashboard_main: data/grafana/main.json
	130
	131	# loki
	132	loki_nginx_config: data/loki/loki.conf
	133	loki_config: data/loki/config.yml
	134	loki_repo: "https://github.com/grafana/loki"
	135	loki_version: "v2.7.1"
	136
	137	# promtail
	138	promtail_config: data/promtail/config.yml
	139
	140	# influxdb
	141	influxdb_packages:
	142	- influxdb
	143	- influxdb-client
	144	influx_config: data/influxdb/influxdb.conf
	145	influx_data: data/influxdb/influx_data/
	146
	147	# pihole
	148	pihole_packages:
	149	- git
	150	- unbound
	151	- dns-root-data
	152	- lighttpd-mod-openssl
	153	pihole_setupvars: data/pihole/setupVars.conf
	154	pihole_unboundconf: data/pihole/pihole_unbound.conf
	155
	156	# unattended upgrades
	157	unattended_upgrades_packages:
	158	- unattended-upgrades
	159	- powermgmt-base
	160	- python3-gi
	161	uu_mail_to: sam@chudnick.com
	162	uu_mail_from: Unattended Upgrades <monitoring@chudnick.com>
	163
	164	# ipaserver
	165	ipa_dns_ip: 192.168.20.34
	166
	167	# ipaclient
	168	ipaclient_domain: home.local
	169	ipaclient_realm: HOME.LOCAL
	170	ipaclient_mkhomedir: yes
	171	ipaclient_servers: ipasrv.home.local
	172	ipaclient_ntp_servers: ntp.home.local
	173
	174	# ipabackup
	175	ipabackup_name: ipa-full-2022-08-27-07-56-01
	176	ipabackup_from_controller: yes
	177
	178	# game server
	179	sunshine_repo: https://github.com/LizardByte/Sunshine
	180	sunshine_version: v0.20.1
	181	sunshine_packages:
	182	- build-essential
	183	- cmake
	184	- libavdevice-dev
	185	- libboost-filesystem-dev
	186	- libboost-log-dev
	187	- libboost-program-options-dev
	188	- libboost-thread-dev
	189	- libcap-dev
	190	- libcurl4-openssl-dev
	191	- libdrm-dev
	192	- libevdev-dev
	193	- libmfx-dev
	194	- libnuma-dev
	195	- libopus-dev
	196	- libpulse-dev
	197	- libssl-dev
	198	- libva-dev
	199	- libvdpau-dev
	200	- libwayland-dev
	201	- libx11-dev
	202	- libxcb-shm0-dev
	203	- libxcb-xfixes0-dev
	204	- libxcb1-dev
	205	- libxfixes-dev
	206	- libxrandr-dev
	207	- libxtst-dev
	208	- nodejs
	209	- npm
	210	- nvidia-cuda-dev
	211	- nvidia-cuda-toolkit
	212	- xz-utils
	213
	214	game_server_packages:
	215	- xorg
	216	- task-xfce-desktop
	217	- firmware-amd-graphics
	218	- amd64-microcode
	219	- xserver-xorg-video-all
	220	- linux-headers-6.0.0-0.deb11.2-amd64
	221	- nginx
	222	- ssl-cert
	223	games_user: gamer
	224	game_server_nginx_config: data/game_server/sunshine_proxy.conf
	225	steam_packages:
	226	- steam
	227	- mesa-vulkan-drivers
	228	- libglx-mesa0:i386
	229	- mesa-vulkan-drivers:i386
	230	- libgl1-mesa-dri:i386
	231	lightdm_config: data/game_server/lightdm.conf
	232	xfce_xinit: data/game_server/xinitrc
	233
	234	# jenkins
	235	jenkins_nginx_config: data/jenkins/jenkins.conf
	236	jenkins_config: data/jenkins/configuration.yml.j2
	237	jenkins_packages:
	238	- openjdk-11-jre-headless
	239	- nginx
	240	- git
	241	- ansible
	242	- jenkins
	243	- python3-proxmoxer
	244	jenkins_username: 7238a8bf-8945-47bc-85c3-d0356ad3428e
	245	jenkins_url: "https://jenkins.chudnick.com"
	246
	247
	248	# docker rootless
	249	docker_packages:
	250	- docker-ce
	251	- docker-ce-cli
	252	- docker-ce-rootless-extras
	253	- docker-compose-plugin
	254	- uidmap
	255	- dbus-user-session
	256	- slirp4netns
	257	- fuse-overlayfs
	258	- acl
	259	docker_username: docker_rootless
	260	docker_uid: "2000"
	261	docker_home: /srv/docker
	262	docker_registry_url: "gitea.chudnick.com"
	263	docker_registry_username: "sam"
	264	docker_config: data/docker/daemon.json
	265
	266	#####################
	267	# #
	268	# Docker Containers #
	269	# #
	270	#####################
	271
	272	# authelia
	273	authelia_repo: "https://github.com/authelia/authelia"
	274	authelia_version: "master"
	275	authelia_nginx_config: data/authelia/authelia.conf
	276	authelia_config: data/authelia/configuration.yml
	277	authelia_network_name: authelia_net
	278	authelia_subnet: 172.25.0.0/24
	279	authelia_gateway: 172.25.0.1
	280	authelia_ipv4: 172.25.0.2
	281	redis_authelia_ipv4: 172.25.0.3
	282	authelia_proxy_snippet: data/authelia/proxy.conf
	283	authelia_location_snippet: data/authelia/authelia-location.conf
	284	authelia_request_snippet: data/authelia/authelia-authrequest.conf
	285
	286	# searxng
	287	searxng_repo: "https://github.com/searxng/searxng"
	288	searxng_config: data/searxng/settings.yml
	289	searxng_uwsgi_config: data/searxng/uwsgi.ini
	290	searxng_nginx_config: data/searxng/searxng.conf
	291	searxng_network_name: searxng_net
	292	searxng_subnet: 172.25.1.0/24
	293	searxng_gateway: 172.25.1.1
	294	searxng_ipv4: 172.25.1.2
	295	redis_searxng_ipv4: 172.25.1.3
	296
	297	# pihole_exporter
	298	pihole_exporter_repo: "https://github.com/eko/pihole-exporter/"
	299	pihole_exporter_version: "v0.3.0"
	300	pihole_exporter_network_name: pihole_exporter_net
	301	pihole_exporter_subnet: 172.25.2.0/24
	302	pihole_exporter_gateway: 172.25.2.1
	303	pihole_ip: 192.168.20.34
	304	pihole_api_port: '9617'
	305	pihole_exporter_nginx_config: data/pihole-exporter/pihole-exporter.conf
	306
	307	# drawio
	308	drawio_repo: "https://github.com/jgraph/docker-drawio"
	309	drawio_nginx_config: data/drawio/drawio.conf
	310	drawio_network_name: drawio_net
	311	drawio_subnet: 172.25.3.0/24
	312	drawio_gateway: 172.25.3.1
	313	drawio_ipv4: 172.25.3.2
	314	drawio_plantuml_ipv4: 172.25.3.3
	315	drawio_export_ipv4: 172.25.3.4
	316	drawio_base_url: drawio.home.local
	317
	318	# jellyfin
	319	jellyfin_repo: "https://github.com/jellyfin/jellyfin"
	320	jellyfin_version: "v10.8.8"
	321	jellyfin_nginx_config: data/jellyfin/jellyfin.conf
	322	jellyfin_network_name: jellyfin_net
	323	jellyfin_subnet: 172.25.4.0/24
	324	jellyfin_gateway: 172.25.4.1
	325	jellyfin_ipv4: 172.25.4.2
	326	jellyfin_config: data/jellyfin/config
	327	jellyfin_web_config: data/jellyfin/web-config.json
	328	jellyfin_media: data/jellyfin/media
	329	jellyfin_url: https://jellyfin.chudnick.com
	330
	331	# navidrome
	332	navidrome_repo: "https://github.com/navidrome/navidrome"
	333	navidrome_version: "v0.48.0"
	334	navidrome_nginx_config: data/navidrome/navidrome.conf
	335	navidrome_network_name: navidrome_net
	336	navidrome_subnet: 172.25.5.0/24
	337	navidrome_gateway: 172.25.5.1
	338	navidrome_ipv4: 172.25.5.2
	339
	340	# radicale
	341	radicale_repo: "https://github.com/Kozea/Radicale"
	342	radicale_version: "v3.1.8"
	343	radicale_config: data/radicale/config
	344	radicale_users: data/radicale/users
	345	radicale_nginx_config: data/radicale/radicale.conf
	346	radicale_network_name: radicale_net
	347	radicale_subnet: 172.25.6.0/24
	348	radicale_gateway: 172.25.6.1
	349	radicale_ipv4: 172.25.6.2
	350
	351	# freshrss
	352	freshrss_repo: "https://github.com/FreshRSS/FreshRSS"
	353	freshrss_version: "v1.20.2"
	354	freshrss_nginx_config: data/freshrss/freshrss.conf
	355	freshrss_network_name: freshrss_net
	356	freshrss_subnet: 172.25.7.0/24
	357	freshrss_gateway: 172.25.7.1
	358	freshrss_ipv4: 172.25.7.2
	359
	360	# homer
	361	homer_repo: "https://github.com/bastienwirtz/homer"
	362	homer_version: "v22.11.2"
	363	homer_nginx_config: data/homer/homer.conf
	364	homer_network_name: homer_net
	365	homer_subnet: 172.25.9.0/24
	366	homer_gateway: 172.25.9.1
	367	homer_ipv4: 172.25.9.2
	368	homer_assets_dir: data/homer/
	369
	370	# invidious
	371	invidious_repo: "https://github.com/iv-org/invidious"
	372	invidious_nginx_config: data/invidious/invidious.conf.j2
	373	invidious_network_name: invidious_net
	374	invidious_subnet: 172.25.10.0/24
	375	invidious_gateway: 172.25.10.1
	376	invidious_ipv4: 172.25.10.2
	377	invidious_db_ipv4: 172.25.10.3
	378	invidious_server_name: "invidious.chudnick.com"
	379	invidious_external_port: 8002
	380	#invidious_username: sam
	381	#invidious_version: "v0.3.0-remote_user"
	382
	383	# gitea
	384	gitea_repo: "https://github.com/go-gitea/gitea"
	385	gitea_git_uid: "1100"
	386	gitea_version: "v1.17.3"
	387	gitea_nginx_config: data/gitea/gitea.conf
	388	gitea_config: data/gitea/app.ini
	389	gitea_network_name: gitea_net
	390	gitea_subnet: 172.25.11.0/24
	391	gitea_gateway: 172.25.11.1
	392	gitea_ipv4: 172.25.11.2
	393	gitea_external_port: 8003
	394
	395	# cadvisor
	396	cadvisor_repo: "https://github.com/google/cadvisor"
	397	cadvisor_version: "v0.46.0"
	398	cadvisor_nginx_config: data/cadvisor/cadvisor.conf
	399	cadvisor_network_name: cadvisor_net
	400	cadvisor_subnet: 172.25.12.0/24
	401	cadvisor_gateway: 172.25.12.1
	402	cadvisor_ipv4: 172.25.12.2
	403	cadvisor_external_port: 8004
	404
	405	# nextcloud
	406	nextcloud_version: "25.0.2"
	407	nextcloud_nginx_config: data/nextcloud/nextcloud.conf
	408	nextcloud_network_name: nextcloud_net
	409	nextcloud_subnet: 172.25.13.0/24
	410	nextcloud_gateway: 172.25.13.1
	411	nextcloud_ipv4: 172.25.13.2
	412	nextcloud_redis_ipv4: 172.25.13.3
	413	nextcloud_postgres_ipv4: 172.25.13.4
	414	nextcloud_cron_ipv4: 172.25.13.5
	415	nextcloud_external_port: 8005
	416	nextcloud_postgres_db: "nextcloud"
	417	nextcloud_postgres_user: "nextcloud"
	418	nextcloud_admin: "admin"
	419	nextcloud_trusted_domains: "nextcloud.chudnick.com"
	420
	421	# renovate
	422	renovate_network_name: renovate_net
	423	renovate_subnet: 172.25.14.0/24
	424	renovate_gateway: 172.25.14.1
	425	renovate_ipv4: 172.25.14.2
	426	renovate_endpoint: "https://gitea.chudnick.com/api/v1/"
	427	renovate_author: "renovate[bot] <renovate@chudnick.com>"
	428
	429	# photoprism
	430	photoprism_admin_user: "admin"
	431	photoprism_auth_mode: "password"
	432	photoprism_site_url: "https://photos.chudnick.com"
	433	photoprism_nginx_config: data/photoprism/photoprism.conf
	434	photoprism_network_name: photoprism_net
	435	photoprism_subnet: 172.25.15.0/24
	436	photoprism_gateway: 172.25.15.1
	437	photoprism_ipv4: 172.25.15.2
	438	photoprism_external_port: 8006
	439
	440	# gluetun
	441	gluetun_network_name: gluetun_net
	442	gluetun_subnet: 172.25.16.0/24
	443	gluetun_gateway: 172.25.16.1
	444	gluetun_ipv4: 172.25.16.2
	445
	446	# qbittorrent
	447	qbittorrent_nginx_config: data/qbittorrent/qbittorrent.conf.j2
	448	qbittorrent_external_port: "8007"
	449	qbittorrent_server_name: qbittorrent.chudnick.com
	450
	451	# sonarr
	452	sonarr_nginx_config: data/sonarr/sonarr.conf.j2
	453	sonarr_external_port: 8008
	454	sonarr_server_name: sonarr.chudnick.com
	455
	456	# radarr
	457	radarr_nginx_config: data/radarr/radarr.conf.j2
	458	radarr_external_port: 8009
	459	radarr_server_name: radarr.chudnick.com
	460
	461	# lidarr
	462	lidarr_nginx_config: data/lidarr/lidarr.conf.j2
	463	lidarr_external_port: 8010
	464	lidarr_server_name: lidarr.chudnick.com
	465
	466	# readarr
	467	readarr_nginx_config: data/readarr/readarr.conf.j2
	468	readarr_external_port: 8011
	469	readarr_server_name: readarr.chudnick.com
	470
	471	# prowlarr
	472	prowlarr_nginx_config: data/prowlarr/prowlarr.conf.j2
	473	prowlarr_external_port: 8012
	474	prowlarr_server_name: prowlarr.chudnick.com
	475
	476	# bookstack
	477	bookstack_nginx_config: data/bookstack/bookstack.conf.j2
	478	bookstack_network_name: bookstack_net
	479	bookstack_subnet: 172.25.17.0/24
	480	bookstack_gateway: 172.25.17.1
	481	bookstack_ipv4: 172.25.17.2
	482	bookstack_db_ipv4: 172.25.17.3
	483	bookstack_server_name: "wiki.chudnick.com"
	484	bookstack_external_port: 8013
	485
	486	# pywttr-docker
	487	pywttr_docker_nginx_config: data/pywttr_docker/pywttr_docker.conf.j2
	488	pywttr_docker_network_name: pywttr_docker_net
	489	pywttr_docker_subnet: 172.25.18.0/24
	490	pywttr_docker_gateway: 172.25.18.1
	491	pywttr_docker_ipv4: 172.25.18.2
	492	pywttr_docker_db_ipv4: 172.25.18.3
	493	pywttr_docker_server_name: "weather.chudnick.com"
	494	pywttr_docker_external_port: 8014
	495
	496	# text-generation-webui
	497	text_generation_nginx_config: data/text_generation/text_generation.conf.j2
	498	text_generation_network_name: text_generation_net
	499	text_generation_subnet: 172.25.19.0/24
	500	text_generation_gateway: 172.25.19.1
	501	text_generation_ipv4: 172.25.19.2
	502	text_generation_db_ipv4: 172.25.19.3
	503	text_generation_server_name: "gpt.chudnick.com"
	504	text_generation_external_port: 8015
	505	text_generation_api_port: 5005
	506	text_generation_api_stream_port: 5000
	507
	508	# kanboard
	509	kanboard_config: data/kanboard/config.php
	510	kanboard_nginx_config: data/kanboard/kanboard.conf.j2
	511	kanboard_network_name: kanboard_net
	512	kanboard_subnet: 172.25.20.0/24
	513	kanboard_gateway: 172.25.20.1
	514	kanboard_ipv4: 172.25.20.2
	515	kanboard_db_ipv4: 172.25.20.3
	516	kanboard_server_name: "tasks.chudnick.com"
	517	kanboard_external_port: 8016
	518
	519	# firefly
	520	firefly_nginx_config: data/firefly/firefly.conf.j2
	521	firefly_network_name: firefly_net
	522	firefly_subnet: 172.25.21.0/24
	523	firefly_gateway: 172.25.21.1
	524	firefly_ipv4: 172.25.21.2
	525	firefly_db_ipv4: 172.25.21.3
	526	firefly_cron_ipv4: 172.25.21.4
	527	firefly_server_name: "finances.chudnick.com"
	528	firefly_external_port: 8017
	529	firefly_postgres_db: "firefly"
	530	firefly_postgres_user: "firefly"
	531	firefly_importer_ipv4: 172.25.21.5
	532	firefly_importer_server_name: "finimporter.chudnick.com"
	533	firefly_importer_external_port: 8018
	534
	535	# home_assistant
	536	home_assistant_config: data/home_assistant/configuration.yaml
	537	home_assistant_nginx_config: data/home_assistant/home_assistant.conf.j2
	538	home_assistant_network_name: home_assistant_net
	539	home_assistant_subnet: 172.25.22.0/24
	540	home_assistant_gateway: 172.25.22.1
	541	home_assistant_ipv4: 172.25.22.2
	542	home_assistant_server_name: "homeassistant.chudnick.com"
	543	home_assistant_external_port: 8019
	544
	545	# vaultwarden
	546	vaultwarden_nginx_config: data/vaultwarden/vaultwarden.conf.j2
	547	vaultwarden_network_name: vaultwarden_net
	548	vaultwarden_subnet: 172.25.23.0/24
	549	vaultwarden_gateway: 172.25.23.1
	550	vaultwarden_ipv4: 172.25.23.2
	551	vaultwarden_server_name: "vaultwarden.chudnick.com"
	552	vaultwarden_external_port: 8020
	553
	554	######################
	555	# #
	556	# Networking Devices #
	557	# #
	558	######################
	559
	560	# router
	561	router_hostname: charon
	562	ntp_server_ip: 192.168.20.2
	563	router_ip: 192.168.10.1
	564	router_user: data
	565	local_interface: enp34s0
	566	network_config_file: /etc/network/interfaces
	567
	568	# ap
	569	ap_hostname: sol
	570	ap_ip: 192.168.10.2