From 17b9f2e07d1999e5db41ee86c5322c4ba5596b99 Mon Sep 17 00:00:00 2001 From: Sudoix Date: Wed, 8 Jan 2025 10:14:05 +0100 Subject: [PATCH] add inventory and group vars --- deployment/inventory/group_vars/all.yml | 70 +++++++++++++++++++++++++ deployment/inventory/servers.ini.sample | 24 +++++++++ 2 files changed, 94 insertions(+) create mode 100644 deployment/inventory/group_vars/all.yml create mode 100644 deployment/inventory/servers.ini.sample diff --git a/deployment/inventory/group_vars/all.yml b/deployment/inventory/group_vars/all.yml new file mode 100644 index 00000000..fdbc555d --- /dev/null +++ b/deployment/inventory/group_vars/all.yml @@ -0,0 +1,70 @@ +# General +install_ansible_modules: "true" +disable_transparent_huge_pages: "true" + +# Docker and Docker Compose +compose_version: "3" +docker_gpg_key_url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}" +docker_gpg_key_path: "/etc/apt/keyrings/docker.asc" +docker_apt_repo: "https://download.docker.com/linux/{{ ansible_distribution | lower }}" +docker_data_path: "/data_docker" + +# Postgres +use_postgres: "true" # Change me to "false" if you have postgres already running +postgres_dir: "{{ docker_data_path }}/postgres" +postgres_data_dir: "{{ postgres_dir }}/data" +postgres_container_name: "postgres_vaultwarden" +postgres_docker_image: "postgres:15-alpine" +postgres_port: "5432" +postgres_user: "vaultwarden" +postgres_password: "S3cret" # It's better to use ansible vault :) +postgres_db: "vaultwarden" +postgres_host: "postgres.yourdomain.com" # Set to FQDN or IP address + +# Vaultwarden +vaultwarden_dir: "{{ docker_data_path }}/vaultwarden" +vaultwarden_data_dir: "{{ vaultwarden_dir }}/data" +vaultwarden_container_name: "vaultwarden" +vaultwarden_docker_image: "vaultwarden/server:1.32.7" +vaultwarden_port: "1234" +vaultwarden_domain: "vault.yourdomain.com" +vaultwarden_environment: + - DOMAIN: "https://{{ vaultwarden_domain }}" + - LOGIN_RATELIMIT_MAX_BURST: "10" + - ADMIN_TOKEN: "YourReallyStrongAdminTokenHere" + - DATABASE_URL: postgresql://{{ postgres_user }}:{{ postgres_password }}@{{ postgres_host }}:{{ postgres_port }}/{{ postgres_db }} + - LOGIN_RATELIMIT_SECONDS: 60 + - ADMIN_RATELIMIT_MAX_BURST: 10 + - ADMIN_RATELIMIT_SECONDS: 60 + - SENDS_ALLOWED: true + - EMERGENCY_ACCESS_ALLOWED: true + - WEB_VAULT_ENABLED: true + - SIGNUPS_ALLOWED: false + - SIGNUPS_VERIFY: true + - SIGNUPS_VERIFY_RESEND_TIME: 3600 + - SIGNUPS_VERIFY_RESEND_LIMIT: 5 + - SMTP_HOST: smtp.youremaildomain.com + - SMTP_FROM: vaultwarden@youremaildomain.com + - SMTP_FROM_NAME: Vaultwarden + - SMTP_SECURITY: SECURITYMETHOD + - SMTP_PORT: XXXX + - SMTP_USERNAME: vaultwarden@youremaildomain.com + - SMTP_PASSWORD: YourReallyStrongPasswordHere + - SMTP_AUTH_MECHANISM: Mechanism + +# Keepalived +use_keepalived: "true" # Change me to "false" if you want to run without keepalived(three servers) +vrrp_check_nginx_script_path: "/usr/local/bin/check_nginx.sh" +vrrp_interface: "eth0" +vrrp_auth_password: "your_password" +vrrp_virtual_ip: "192.168.100.100/24" + +# Nginx +nginx_dir: "{{ docker_data_path }}/nginx" +nginx_data_dir: "{{ nginx_dir }}/conf.d" +nginx_certs_dir: "{{ nginx_dir }}/certs" +nginx_certs_email: "youremail@yourdomain.com" +nginx_container_name: "nginx_vaultwarden" +nginx_docker_image: "nginx:1.25-alpine" +nginx_http_port: "80" +nginx_https_port: "443" diff --git a/deployment/inventory/servers.ini.sample b/deployment/inventory/servers.ini.sample new file mode 100644 index 00000000..5a8c648a --- /dev/null +++ b/deployment/inventory/servers.ini.sample @@ -0,0 +1,24 @@ +[all] +vaultwarden-srv-1 ansible_host=188.121.112.240 private_ip=192.168.1.100 +vaultwarden-srv-2 ansible_host=188.121.112.241 private_ip=192.168.1.101 +nginx-srv-1 ansible_host=188.121.112.242 private_ip=192.168.1.102 +nginx-srv-2 ansible_host=188.121.112.243 private_ip=192.168.1.103 +postgres-srv ansible_host=188.121.112.244 private_ip=192.168.1.104 + +[vaultwarden] +vaultwarden-srv-1 +vaultwarden-srv-2 + +[nginx] +nginx-srv-1 +nginx-srv-2 + +[postgres] +postgres-srv + +[all:vars] +ansible_user=ubuntu +ansible_port=22 +ansible_python_interpreter = "/usr/bin/python3" +ansible_host_key_checking=False +domain="yourdomain.local" # change it to your domain, It use just in /etc/hosts file to add host entries \ No newline at end of file