systems/infrastructure
1
Fork 0
Code Issues 1 Pull requests 17 Activity Actions

Move variables to 1 place

Browse source 
Much easier to manage
This commit is contained in:
Jake Howard 2020-01-17 22:31:50 +00:00
parent 7b57e438c1
commit 78fa36f20a
Signed by: jake
GPG key ID: 57AFB45680EDD477
11 changed files with 89 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
ansible/group_vars/all/haproxy.yml Normal file
View file

@ -0,0 +1,12 @@
haproxy:
stats_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
61356632383432353833616431393962613037646634656133316135363465313962663061633830
6564343466343965363233623138383961653733343834340a653563393039333764613131653735
30636333633137636664396566623831653831646562323232656233366563656464326333336339
3266363638356436370a323566326637356366373063643163613833636531373032313532336663
61633261633665626364343763313361656661393466373932363165306263303937306136303937
36626534393139353135383035383934633136363730643132333037393839373337396430333535
39386139353935663635346561616332356534373532643765646366373563323035306466626266
37303535663465363637653237343365333434663230356534316530376164306132613466303738
37666163616666626334363538343933313466313433353033613766653634646239

2
ansible/group_vars/all/hosts.yml Normal file
View file

@ -0,0 +1,2 @@
hosts:
casey_ip: 108.61.221.88

40
ansible/group_vars/all/wireguard.yml Normal file
View file

@ -0,0 +1,40 @@
wireguard:
public_ip: "{{ hosts.casey_ip }}"
port: 51820
server:
ip: "10.23.0.1"
public_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
38663861323433663733306266313862383538613562616531656262616665393130626564666539
6636666561663137623166383432396163653835346335650a616139306431363934383031353161
63656233623963316238663366613237613165663238343937313062616565333038326664373463
6463623861656362350a636564363163353736613032386533613163333039336637356433633037
66663563666263613737336235316565663337636339613933343939323563393034353431343932
6339386262333134373465616637613534333839333265613563
private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
39333362373534343265623337353037343238623365633863373333323166646562326234336633
3265653136326337306439623331393733346237326630340a346466316562643432656330313764
64303535663736356561623636366261343830366561343463653561343337353034626533306634
3334323935303734660a373961303535646336663637346137316337383132346665366336353139
34313137366239323361386136396666646362306538616661643164383166326335666638336230
6432363064313239656338356630626235336239356662326362
clients:
intersect:
ip: "10.23.0.2"
public_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
36376136643534323433666161366363646630393165326264633266383535396362613461326631
3837323462643738633261666638306264666237313634350a363339396464373735366437346666
34393334626338653139653664656532343666376265343331613832646437643364643734383930
3139333464396561650a323164393361393261373135333834663961626337636662663433613339
31393961616535633763623839373463316336643835323762373837336366376232663333646532
6131636532623734633964393338626134616466613032306364
private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
32346134373364616630633466636666343261393338636534396465613361666639333433646461
3063373061313836303331613438303839333763393264610a636165616665383137643132383064
66383638636638346539303638653765623438616663636639333663326463306134343862646437
3334636537393863340a383665623363343761633438343838393562653335303437306139373035
31366135353861313064343562353163326238373630346631613734303732666235613332653431
3866663137353330666539373861633836303839386331363366

10
ansible/roles/gateway/files/haproxy.cfg
View file

@ -40,23 +40,23 @@ defaults
listen https listen https
bind *:443 bind *:443
mode tcp mode tcp
server default {{ wireguard.intersect_ip }}:443 check send-proxy server default {{ wireguard.intersect.ip }}:443 check send-proxy
listen http listen http
bind *:80 bind *:80
stats enable stats enable
stats show-node stats show-node
stats uri /haproxy stats uri /haproxy
stats auth stats:{{ haproxy_stats_pass }} stats auth stats:{{ haproxy.stats_pass }}
server default {{ wireguard.intersect_ip }}:80 check server default {{ wireguard.intersect.ip }}:80 check
listen matrix listen matrix
bind *:8448 bind *:8448
mode tcp mode tcp
server default {{ wireguard.intersect_ip }}:8448 check server default {{ wireguard.clients.intersect.ip }}:8448 check
listen gitea listen gitea
bind *:3022 bind *:3022
mode tcp mode tcp
server default {{ wireguard.intersect_ip }}:3022 check server default {{ wireguard.clients.intersect.ip }}:3022 check

14
ansible/roles/gateway/files/wireguard.conf
View file

@ -1,9 +1,11 @@
[Interface] [Interface]
Address = {{ wireguard.server_ip }} Address = {{ wireguard.server.ip }}
PrivateKey = {{ wireguard.server_private_key }} PrivateKey = {{ wireguard.server.private_key }}
ListenPort = {{ wireguard.server_port }} ListenPort = {{ wireguard.port }}
{% for name, config in wireguard.clients.items() %}
[Peer] [Peer]
# intersect # {{ name }}
PublicKey = {{ wireguard.intersect_public_key }} PublicKey = {{ config.public_key }}
AllowedIPs = {{ wireguard.intersect_ip }}/32 AllowedIPs = {{ config.ip }}/32
{% endfor %}

42
ansible/roles/gateway/tasks/haproxy.yml
View file

@ -1,25 +1,21 @@
- name: Install Haproxy # - name: Install Haproxy
apt: # apt:
name: haproxy # name: haproxy
become: true # become: true
become_user: root # become_user: root
- name: Import vault # - name: Haproxy config
include_vars: # template:
file: vars/gateway.yml # src: files/haproxy.cfg
# dest: /etc/haproxy/haproxy.cfg
# validate: /usr/sbin/haproxy -c -- %s
# backup: yes
# become: true
# become_user: root
# register: haproxy_config
- name: Haproxy config # - name: Restart Haproxy
template: # service:
src: files/haproxy.cfg # name: haproxy
dest: /etc/haproxy/haproxy.cfg # state: reloaded
validate: /usr/sbin/haproxy -c -- %s # when: haproxy_config.changed
backup: yes
become: true
become_user: root
register: haproxy_config
- name: Restart Haproxy
service:
name: haproxy
state: reloaded
when: haproxy_config.changed

4
ansible/roles/gateway/tasks/main.yml
View file

@ -1,7 +1,3 @@
- name: Import wireguard variables
include_vars:
file: vars/wireguard.yml
- name: Configure HAproxy - name: Configure HAproxy
include: haproxy.yml include: haproxy.yml

2
ansible/roles/gateway/tasks/wireguard.yml
View file

@ -42,7 +42,7 @@
- name: Enable wireguard - name: Enable wireguard
service: service:
name: wg-quick@wg0 name: wg-quick@wg0
state: reloaded state: restarted
enabled: true enabled: true
when: wireguard_conf.changed when: wireguard_conf.changed
become: true become: true

11
ansible/roles/gateway/vars/gateway.yml
View file

@ -1,11 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
33643130633631366239623166623161626335633438656130386638333764363531313238306339
6438323233313136633065623933613463613065336639330a373365366566303164303232386362
36333333396163343135383336653261343464323638373836623530323031353035653431363736
6162333162653938640a363337356361643833383264323731343862366330333839653330663831
63646638316165326430356661346539376365383231323233613533613866666533613635646339
32346661333631383466363437653537373631393030316632363136613965343966313339613634
37353138363538343934616539363366356466393663636161333739376137306364356261353130
38643432303135333861623261626231373137303261313061386363313361313764316265343636
30653234636333373464613864633065373633343132633435343664313861363032343133373534
3363386232616333626635643462356362643363666133303463

2
ansible/roles/ssh-bastion/tasks/main.yml
View file

@ -24,3 +24,5 @@
name: sshd name: sshd
state: reloaded state: reloaded
when: sshd_config.changed when: sshd_config.changed
become: true
become_user: root

26
ansible/vars/wireguard.yml
View file

@ -1,26 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
32306163623065373337346431363262336565326231316162383363346337616538616536383235
3735316334343437373065386533366332303139353466340a633639643233356136383431653065
37636637373562323561303235333733663164663037643632653562383461646561616238666331
6433393062313035340a353535393737646538633563633639393061653634386231373663663461
31323334363733393938616161666139356564626534613839626332653961363163346265333937
63646133616430353264303636663034366630323861303666313234363134343462343235623734
34306233663263383237626237363731343565303235303932353038353937303234386630383838
65633266353539656533396133646664316561313732656131303561336339343835643638643035
37663338363438353638663936353232623332623366356635313962303964633266613130386233
62323764386535653637626637303562316234333239393435633234373437653232326361653638
35613766656437306566343866663236333536323532646635613833383863336564613933666635
30343036626637333330663030386135636538663361623134366336653762363965653234346561
66633530326366313138376137306432376531333230383839376131366433636461393264353363
38336231396237316262326132373032303938623762366465323139656438333466343230353137
38656137383361316532353137663736303736323935323830376437313462623632303331363739
61343037323663633830633638313032643165306365636630386237646266346139333664663437
38323030363437386638363431623863346361636364396636383934663739303635316136323937
30663034613665663236303936396164343430336536363538396234623663613837643737333733
31393665626361343032303865376566633333333939373866323762663432623366313263613937
31313139663131623366333532636137383563306233343139616562343163323337643362363237
31623039363863613732633861323038366632643439376632386139653030643066643566646436
65316430343561613332323665366332316332386563323963313638363266356237363461373762
61656431666631633235633636393761653061356264333734643936306532333238356264306536
64386230343065346330333061396639343937306530353831643365373038393361633334346633
3964