From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001
From: Sam Chudnick <sam@chudnick.com>
Date: Sun, 25 Jun 2023 09:52:36 -0400
Subject: Initial Commit

---
 group_vars/all/vars.yml | 570 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 570 insertions(+)
 create mode 100644 group_vars/all/vars.yml

(limited to 'group_vars')

diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
new file mode 100644
index 0000000..7e37fc4
--- /dev/null
+++ b/group_vars/all/vars.yml
@@ -0,0 +1,570 @@
+# Homelab IaC Global Variables File
+
+# Variables are all kept here to avoid having them scattered
+# throughout the various roles
+
+#####################
+#                   #
+#   Infrastructure  #
+#                   #
+#####################
+
+timezone: America/New_York
+domain: "home.local"
+
+# proxmox system
+proxmox_api_user: "vmadmin@pam"
+proxmox_username: vmadmin
+ssh_public_key: data/common/id_rsa.pub
+
+# vm deploy
+vm_vlan: 20
+vm_onboot: yes
+vm_agent: yes
+vm_bridge: vmbr0
+vm_full_clone: yes
+template_id: 1000
+memory_size: 512
+cpu_cores: 1
+cpu_sockets: 1 
+bios_type: seabios
+
+# cloud init vars
+ci_target_dir: "/home/vmadmin"
+ci_memory_size: 512
+ci_base_id: 1000
+ci_disk_size: "10G"
+ci_storage: "fast-pool"
+ci_user: "admin"
+ci_debian_name: "debiantest"
+ci_bridge: "vmbr0"
+ci_vlan: 20
+ci_sshkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxbdj9XqeorxBqfhWaJp8JonsIhD0g6qSYRdBKqIyHARglr+mG0hjdeDg1TPxGUnuJUDmG1vC0gbSoaKyiPrwf3nbCfqVXT2k+aY4VepV4g4TLTTUVuTXiyVdd83sE5uiF7DDOfoYU34oZ0bHBjpJfuBHHYhipnZTdxdXhxUtDSmJ8kIz3F7NEiKA66U/4JYRolI5jYhIhdUGgEpxxWz+pCsrZIo9N+VkJfqvMoVs+GVOyUMLjmJDB+zBC28V7yaVtt3kQVl38hhYxOhDkrSdaV+PyyTatZxNVW1u9WcdVhCnyke1bmEIbjXBvSHC2MH6VKiXCCkA9YEjUNEYGbkYPfe3wiZMh7OQnMlTSs/cV6T5UUGbmcJQnsys1PR/szzDLAvFziK4q6TvvyzDXyBZPKoBT8SXjeRNWdhWIlsJA7Z8+GTxGr2Ow9WjDDHHU2gL8yWkZvMfGO6MUo6K4ItLW/H1HtasAcHBXjvRFiHiK2WAB55GRrMkwNU1TLRmNvmT27blbe/+c52EySs8FLNlGEgW3/80YUnwEkOWZ2hRsbe8BnxRVr28wjwzWSc4RJP7AXMcn73J1hBZ6mvrQK5V0pneLXXpjdebflwwVc1mAVoFXt8w5etGHn+bx5kKINlzXW1h7PPg/7kexqX7bVYRjcyI0Ot5/rsCikKuyAqDVhQ== picard@titan"
+ssh_key_local: data/common/id_rsa.pub
+ssh_key_dest: "/home/{{ci_user}}/ci_sshkey"
+nameserver: 192.168.20.1
+
+# proxmox backup server
+pbs_admin: "backupadmin@pbs"
+pbs_user: "backup@pbs"
+#pbs_host: "proxmox.home.local"
+pbs_host: "192.168.10.11"
+pbs_datastore: "onsite"
+pbs_datastore_path: "/mnt/backup/onsite"
+pbs_keep_last: "3"
+pbs_keep_daily: "13"
+pbs_keep_weekly: "8"
+pbs_keep_monthly: "11"
+pbs_keep_yearly: "4"
+pbs_fingerprint: "90:39:30:90:e9:11:7b:48:3f:88:a6:78:8d:62:c1:e4:c2:7a:ac:29:44:f7:88:5b:1e:25:f4:f7:b4:69:58:ac"
+
+
+# distro base
+base_packages:
+  - openssh-server
+  - ufw
+  - rsync
+  - htop
+  - vim
+  - sudo
+  - qemu-guest-agent
+  - git
+
+#####################
+#                   #
+#     Services      #
+#                   #
+#####################
+
+# common
+nginx_cert: data/common/fullchain.pem
+services_domain: chudnick.com
+oidc_issuer: "https://auth.chudnick.com"
+
+# chronyd
+chrony_config: data/chronyd/chrony.conf
+
+# msmtp_mta
+msmtp_mta_packages: 
+  - msmtp
+  - msmtp-mta
+msmtp_mta_config: data/msmtp_mta/msmtprc
+
+# prometheus server
+prometheus_package: prometheus
+management_ip: 192.168.10.254
+grafana_server_ip: 192.168.20.32
+prometheus_port: '9090'
+prometheus_nginx_config: data/grafana/grafana.conf
+prometheus_config: data/prometheus-server/prometheus.yml
+prometheus_defaults: data/prometheus-server/defaults
+
+# prometheus node exporter
+node_exporter_debian_package: prometheus-node-exporter
+node_exporter_fedora_package: golang-github-prometheus-node-exporter
+prometheus_server_ip: 192.168.20.32
+node_exporter_port: '9100'
+
+# prometheus nginx exporter
+nginx_exporter_debian_package: prometheus-nginx-exporter
+nginx_exporter_fedora_package: golang-github-prometheus-nginx-exporter
+nginx_exporter_port: '9113'
+nginx_exporter_config: data/prometheus-nginx-exporter/metrics.conf
+nginx_exporter_defaults: data/prometheus-nginx-exporter/defaults
+
+# grafana
+grafana_package:
+  - grafana
+  - nginx
+grafana_config: data/grafana/grafana.ini.j2
+grafana_nginx_config: data/grafana/grafana.conf
+grafana_url: https://monitoring.chudnick.com/grafana
+grafana_admin: admin
+grafana_email: admin@home.local
+prometheus_url: https://monitoring.chudnick.com/prometheus
+influxdb_url: http://monitoring.home.local:8086
+influx_database: proxmox
+influx_user: readonly
+loki_url: http://monitoring.home.local:3100
+grafana_dashboard_main: data/grafana/main.json
+
+# loki
+loki_nginx_config: data/loki/loki.conf
+loki_config: data/loki/config.yml
+loki_repo: "https://github.com/grafana/loki"
+loki_version: "v2.7.1"
+
+# promtail
+promtail_config: data/promtail/config.yml
+
+# influxdb
+influxdb_packages:
+  - influxdb
+  - influxdb-client
+influx_config: data/influxdb/influxdb.conf
+influx_data: data/influxdb/influx_data/
+
+# pihole
+pihole_packages:
+  - git
+  - unbound
+  - dns-root-data
+  - lighttpd-mod-openssl
+pihole_setupvars: data/pihole/setupVars.conf
+pihole_unboundconf: data/pihole/pihole_unbound.conf
+
+# unattended upgrades
+unattended_upgrades_packages:
+  - unattended-upgrades
+  - powermgmt-base
+  - python3-gi
+uu_mail_to: sam@chudnick.com
+uu_mail_from: Unattended Upgrades <monitoring@chudnick.com>
+
+# ipaserver
+ipa_dns_ip: 192.168.20.34
+
+# ipaclient
+ipaclient_domain: home.local
+ipaclient_realm: HOME.LOCAL
+ipaclient_mkhomedir: yes
+ipaclient_servers: ipasrv.home.local
+ipaclient_ntp_servers: ntp.home.local
+
+# ipabackup
+ipabackup_name: ipa-full-2022-08-27-07-56-01
+ipabackup_from_controller: yes
+
+# game server
+sunshine_repo: https://github.com/LizardByte/Sunshine
+sunshine_version: v0.20.1
+sunshine_packages:
+  - build-essential
+  - cmake
+  - libavdevice-dev
+  - libboost-filesystem-dev
+  - libboost-log-dev
+  - libboost-program-options-dev
+  - libboost-thread-dev
+  - libcap-dev
+  - libcurl4-openssl-dev
+  - libdrm-dev
+  - libevdev-dev
+  - libmfx-dev
+  - libnuma-dev
+  - libopus-dev
+  - libpulse-dev
+  - libssl-dev
+  - libva-dev
+  - libvdpau-dev
+  - libwayland-dev
+  - libx11-dev
+  - libxcb-shm0-dev
+  - libxcb-xfixes0-dev
+  - libxcb1-dev
+  - libxfixes-dev
+  - libxrandr-dev
+  - libxtst-dev
+  - nodejs
+  - npm
+  - nvidia-cuda-dev
+  - nvidia-cuda-toolkit
+  - xz-utils
+
+game_server_packages:
+  - xorg
+  - task-xfce-desktop
+  - firmware-amd-graphics
+  - amd64-microcode
+  - xserver-xorg-video-all
+  - linux-headers-6.0.0-0.deb11.2-amd64
+  - nginx
+  - ssl-cert
+games_user: gamer
+game_server_nginx_config: data/game_server/sunshine_proxy.conf
+steam_packages:
+  - steam
+  - mesa-vulkan-drivers
+  - libglx-mesa0:i386
+  - mesa-vulkan-drivers:i386
+  - libgl1-mesa-dri:i386
+lightdm_config: data/game_server/lightdm.conf
+xfce_xinit: data/game_server/xinitrc
+
+# jenkins
+jenkins_nginx_config: data/jenkins/jenkins.conf
+jenkins_config: data/jenkins/configuration.yml.j2
+jenkins_packages:
+  - openjdk-11-jre-headless
+  - nginx
+  - git
+  - ansible
+  - jenkins
+  - python3-proxmoxer
+jenkins_username: 7238a8bf-8945-47bc-85c3-d0356ad3428e
+jenkins_url: "https://jenkins.chudnick.com"
+
+
+# docker rootless
+docker_packages:
+  - docker-ce
+  - docker-ce-cli
+  - docker-ce-rootless-extras
+  - docker-compose-plugin
+  - uidmap
+  - dbus-user-session
+  - slirp4netns
+  - fuse-overlayfs
+  - acl
+docker_username: docker_rootless
+docker_uid: "2000"
+docker_home: /srv/docker
+docker_registry_url: "gitea.chudnick.com"
+docker_registry_username: "sam"
+docker_config: data/docker/daemon.json
+
+#####################
+#                   #
+# Docker Containers #
+#                   #
+#####################
+
+# authelia
+authelia_repo: "https://github.com/authelia/authelia"
+authelia_version: "master"
+authelia_nginx_config: data/authelia/authelia.conf
+authelia_config: data/authelia/configuration.yml
+authelia_network_name: authelia_net
+authelia_subnet: 172.25.0.0/24
+authelia_gateway: 172.25.0.1
+authelia_ipv4: 172.25.0.2
+redis_authelia_ipv4: 172.25.0.3
+authelia_proxy_snippet: data/authelia/proxy.conf
+authelia_location_snippet: data/authelia/authelia-location.conf
+authelia_request_snippet: data/authelia/authelia-authrequest.conf
+
+# searxng
+searxng_repo: "https://github.com/searxng/searxng"
+searxng_config: data/searxng/settings.yml
+searxng_uwsgi_config: data/searxng/uwsgi.ini
+searxng_nginx_config: data/searxng/searxng.conf
+searxng_network_name: searxng_net
+searxng_subnet: 172.25.1.0/24
+searxng_gateway: 172.25.1.1
+searxng_ipv4: 172.25.1.2
+redis_searxng_ipv4: 172.25.1.3
+
+# pihole_exporter
+pihole_exporter_repo: "https://github.com/eko/pihole-exporter/"
+pihole_exporter_version: "v0.3.0"
+pihole_exporter_network_name: pihole_exporter_net
+pihole_exporter_subnet: 172.25.2.0/24
+pihole_exporter_gateway: 172.25.2.1
+pihole_ip: 192.168.20.34
+pihole_api_port: '9617'
+pihole_exporter_nginx_config: data/pihole-exporter/pihole-exporter.conf
+
+# drawio
+drawio_repo: "https://github.com/jgraph/docker-drawio"
+drawio_nginx_config: data/drawio/drawio.conf
+drawio_network_name: drawio_net
+drawio_subnet: 172.25.3.0/24
+drawio_gateway: 172.25.3.1
+drawio_ipv4: 172.25.3.2
+drawio_plantuml_ipv4: 172.25.3.3
+drawio_export_ipv4: 172.25.3.4
+drawio_base_url: drawio.home.local
+
+# jellyfin
+jellyfin_repo: "https://github.com/jellyfin/jellyfin"
+jellyfin_version: "v10.8.8"
+jellyfin_nginx_config: data/jellyfin/jellyfin.conf
+jellyfin_network_name: jellyfin_net
+jellyfin_subnet: 172.25.4.0/24
+jellyfin_gateway: 172.25.4.1
+jellyfin_ipv4: 172.25.4.2
+jellyfin_config: data/jellyfin/config
+jellyfin_web_config: data/jellyfin/web-config.json
+jellyfin_media: data/jellyfin/media
+jellyfin_url: https://jellyfin.chudnick.com
+
+# navidrome
+navidrome_repo: "https://github.com/navidrome/navidrome"
+navidrome_version: "v0.48.0"
+navidrome_nginx_config: data/navidrome/navidrome.conf
+navidrome_network_name: navidrome_net
+navidrome_subnet: 172.25.5.0/24
+navidrome_gateway: 172.25.5.1
+navidrome_ipv4: 172.25.5.2
+
+# radicale
+radicale_repo: "https://github.com/Kozea/Radicale"
+radicale_version: "v3.1.8"
+radicale_config: data/radicale/config
+radicale_users: data/radicale/users
+radicale_nginx_config: data/radicale/radicale.conf
+radicale_network_name: radicale_net
+radicale_subnet: 172.25.6.0/24
+radicale_gateway: 172.25.6.1
+radicale_ipv4: 172.25.6.2
+
+# freshrss
+freshrss_repo: "https://github.com/FreshRSS/FreshRSS"
+freshrss_version: "v1.20.2"
+freshrss_nginx_config: data/freshrss/freshrss.conf
+freshrss_network_name: freshrss_net
+freshrss_subnet: 172.25.7.0/24
+freshrss_gateway: 172.25.7.1
+freshrss_ipv4: 172.25.7.2
+
+# homer
+homer_repo: "https://github.com/bastienwirtz/homer"
+homer_version: "v22.11.2"
+homer_nginx_config: data/homer/homer.conf
+homer_network_name: homer_net
+homer_subnet: 172.25.9.0/24
+homer_gateway: 172.25.9.1
+homer_ipv4: 172.25.9.2
+homer_assets_dir: data/homer/
+
+# invidious
+invidious_repo: "https://github.com/iv-org/invidious"
+invidious_nginx_config: data/invidious/invidious.conf.j2
+invidious_network_name: invidious_net
+invidious_subnet: 172.25.10.0/24
+invidious_gateway: 172.25.10.1
+invidious_ipv4: 172.25.10.2
+invidious_db_ipv4: 172.25.10.3
+invidious_server_name: "invidious.chudnick.com"
+invidious_external_port: 8002
+  #invidious_username: sam
+  #invidious_version: "v0.3.0-remote_user"
+
+# gitea
+gitea_repo: "https://github.com/go-gitea/gitea"
+gitea_git_uid: "1100"
+gitea_version: "v1.17.3"
+gitea_nginx_config: data/gitea/gitea.conf
+gitea_config: data/gitea/app.ini
+gitea_network_name: gitea_net
+gitea_subnet: 172.25.11.0/24
+gitea_gateway: 172.25.11.1
+gitea_ipv4: 172.25.11.2
+gitea_external_port: 8003
+
+# cadvisor
+cadvisor_repo: "https://github.com/google/cadvisor"
+cadvisor_version: "v0.46.0"
+cadvisor_nginx_config: data/cadvisor/cadvisor.conf
+cadvisor_network_name: cadvisor_net
+cadvisor_subnet: 172.25.12.0/24
+cadvisor_gateway: 172.25.12.1
+cadvisor_ipv4: 172.25.12.2
+cadvisor_external_port: 8004
+
+# nextcloud
+nextcloud_version: "25.0.2"
+nextcloud_nginx_config: data/nextcloud/nextcloud.conf
+nextcloud_network_name: nextcloud_net
+nextcloud_subnet: 172.25.13.0/24
+nextcloud_gateway: 172.25.13.1
+nextcloud_ipv4: 172.25.13.2
+nextcloud_redis_ipv4: 172.25.13.3
+nextcloud_postgres_ipv4: 172.25.13.4
+nextcloud_cron_ipv4: 172.25.13.5
+nextcloud_external_port: 8005
+nextcloud_postgres_db: "nextcloud"
+nextcloud_postgres_user: "nextcloud"
+nextcloud_admin: "admin"
+nextcloud_trusted_domains: "nextcloud.chudnick.com"
+
+# renovate
+renovate_network_name: renovate_net
+renovate_subnet: 172.25.14.0/24
+renovate_gateway: 172.25.14.1
+renovate_ipv4: 172.25.14.2
+renovate_endpoint: "https://gitea.chudnick.com/api/v1/"
+renovate_author: "renovate[bot] <renovate@chudnick.com>"
+
+# photoprism
+photoprism_admin_user: "admin"
+photoprism_auth_mode: "password"
+photoprism_site_url: "https://photos.chudnick.com"
+photoprism_nginx_config: data/photoprism/photoprism.conf
+photoprism_network_name: photoprism_net
+photoprism_subnet: 172.25.15.0/24
+photoprism_gateway: 172.25.15.1
+photoprism_ipv4: 172.25.15.2
+photoprism_external_port: 8006
+
+# gluetun
+gluetun_network_name: gluetun_net
+gluetun_subnet: 172.25.16.0/24
+gluetun_gateway: 172.25.16.1
+gluetun_ipv4: 172.25.16.2
+
+# qbittorrent
+qbittorrent_nginx_config: data/qbittorrent/qbittorrent.conf.j2
+qbittorrent_external_port: "8007"
+qbittorrent_server_name: qbittorrent.chudnick.com
+
+# sonarr
+sonarr_nginx_config: data/sonarr/sonarr.conf.j2
+sonarr_external_port: 8008
+sonarr_server_name: sonarr.chudnick.com
+
+# radarr
+radarr_nginx_config: data/radarr/radarr.conf.j2
+radarr_external_port: 8009
+radarr_server_name: radarr.chudnick.com
+
+# lidarr
+lidarr_nginx_config: data/lidarr/lidarr.conf.j2
+lidarr_external_port: 8010
+lidarr_server_name: lidarr.chudnick.com
+
+# readarr
+readarr_nginx_config: data/readarr/readarr.conf.j2
+readarr_external_port: 8011
+readarr_server_name: readarr.chudnick.com
+
+# prowlarr
+prowlarr_nginx_config: data/prowlarr/prowlarr.conf.j2
+prowlarr_external_port: 8012
+prowlarr_server_name: prowlarr.chudnick.com
+
+# bookstack
+bookstack_nginx_config: data/bookstack/bookstack.conf.j2
+bookstack_network_name: bookstack_net
+bookstack_subnet: 172.25.17.0/24
+bookstack_gateway: 172.25.17.1
+bookstack_ipv4: 172.25.17.2
+bookstack_db_ipv4: 172.25.17.3
+bookstack_server_name: "wiki.chudnick.com"
+bookstack_external_port: 8013
+
+# pywttr-docker
+pywttr_docker_nginx_config: data/pywttr_docker/pywttr_docker.conf.j2
+pywttr_docker_network_name: pywttr_docker_net
+pywttr_docker_subnet: 172.25.18.0/24
+pywttr_docker_gateway: 172.25.18.1
+pywttr_docker_ipv4: 172.25.18.2
+pywttr_docker_db_ipv4: 172.25.18.3
+pywttr_docker_server_name: "weather.chudnick.com"
+pywttr_docker_external_port: 8014
+
+# text-generation-webui
+text_generation_nginx_config: data/text_generation/text_generation.conf.j2
+text_generation_network_name: text_generation_net
+text_generation_subnet: 172.25.19.0/24
+text_generation_gateway: 172.25.19.1
+text_generation_ipv4: 172.25.19.2
+text_generation_db_ipv4: 172.25.19.3
+text_generation_server_name: "gpt.chudnick.com"
+text_generation_external_port: 8015
+text_generation_api_port: 5005
+text_generation_api_stream_port: 5000
+
+# kanboard
+kanboard_config: data/kanboard/config.php
+kanboard_nginx_config: data/kanboard/kanboard.conf.j2
+kanboard_network_name: kanboard_net
+kanboard_subnet: 172.25.20.0/24
+kanboard_gateway: 172.25.20.1
+kanboard_ipv4: 172.25.20.2
+kanboard_db_ipv4: 172.25.20.3
+kanboard_server_name: "tasks.chudnick.com"
+kanboard_external_port: 8016
+
+# firefly
+firefly_nginx_config: data/firefly/firefly.conf.j2
+firefly_network_name: firefly_net
+firefly_subnet: 172.25.21.0/24
+firefly_gateway: 172.25.21.1
+firefly_ipv4: 172.25.21.2
+firefly_db_ipv4: 172.25.21.3
+firefly_cron_ipv4: 172.25.21.4
+firefly_server_name: "finances.chudnick.com"
+firefly_external_port: 8017
+firefly_postgres_db: "firefly"
+firefly_postgres_user: "firefly"
+firefly_importer_ipv4: 172.25.21.5
+firefly_importer_server_name: "finimporter.chudnick.com"
+firefly_importer_external_port: 8018
+
+# home_assistant
+home_assistant_config: data/home_assistant/configuration.yaml
+home_assistant_nginx_config: data/home_assistant/home_assistant.conf.j2
+home_assistant_network_name: home_assistant_net
+home_assistant_subnet: 172.25.22.0/24
+home_assistant_gateway: 172.25.22.1
+home_assistant_ipv4: 172.25.22.2
+home_assistant_server_name: "homeassistant.chudnick.com"
+home_assistant_external_port: 8019
+
+# vaultwarden
+vaultwarden_nginx_config: data/vaultwarden/vaultwarden.conf.j2
+vaultwarden_network_name: vaultwarden_net
+vaultwarden_subnet: 172.25.23.0/24
+vaultwarden_gateway: 172.25.23.1
+vaultwarden_ipv4: 172.25.23.2
+vaultwarden_server_name: "vaultwarden.chudnick.com"
+vaultwarden_external_port: 8020
+
+######################
+#                    #
+# Networking Devices #
+#                    #
+######################
+
+# router
+router_hostname: charon
+ntp_server_ip: 192.168.20.2
+router_ip: 192.168.10.1
+router_user: data
+local_interface: enp34s0
+network_config_file: /etc/network/interfaces
+
+# ap
+ap_hostname: sol
+ap_ip: 192.168.10.2
-- 
cgit v1.2.3