-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtracon.yml
executable file
·142 lines (119 loc) · 4.04 KB
/
tracon.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
- hosts: docker_servers
gather_facts: yes
roles:
- role: base
tags: [base]
- role: node-exporter
tags: [node-exporter]
- role: docker
tags: [docker]
- role: prebackup
tags: [prebackup]
- role: nginx
tags: [nginx]
- hosts: postgresql_servers
gather_facts: yes
roles:
- role: base
tags: [base]
- role: node-exporter
tags: [node-exporter]
- role: prebackup
tags: [prebackup]
- role: nginx
tags: [nginx]
- role: postgresql
tags: [postgresql]
- role: letsencrypt
tags: [letsencrypt]
letsencrypt_domains:
# ugly
- name: siilo.tracon.fi
subject_alt_name: "DNS:siilo.tracon.fi"
# default site
- role: redirect
tags: [redirect]
redirect_default: true
redirect_hostname: "{{ inventory_hostname }}"
redirect_allowed_hosts: "{{ inventory_hostname }}"
redirect_target: https://2020.tracon.fi
redirect_ssl_certificate: /srv/letsencrypt/secrets/siilo.tracon.fi/chained.pem
redirect_ssl_certificate_key: /srv/letsencrypt/secrets/siilo.tracon.fi/domain.key
- hosts: barman_servers
gather_facts: yes
roles:
- role: base
tags: [base]
- role: node-exporter
tags: [node-exporter]
- role: postgresql-barman
tags: [postgresql-barman]
- hosts: hop_servers
gather_facts: yes
roles:
- role: base
tags: [base]
nameservers:
- 8.8.8.8
- 8.8.4.4
- role: node-exporter
tags: [node-exporter]
- role: prebackup
tags: [prebackup]
- role: nginx
tags: [nginx]
- role: redirect
tags: [redirect]
redirect_hostname: "{{ inventory_hostname }}"
redirect_allowed_hosts: "{{ inventory_hostname }} www.{{ inventory_hostname }}"
redirect_target: https://kompassi.eu
redirect_default: true
redirect_ssl_certificate: /srv/letsencrypt/secrets/putki.tracon.fi/chained.pem
redirect_ssl_certificate_key: /srv/letsencrypt/secrets/putki.tracon.fi/domain.key
- role: proxy
tags: [proxy]
proxy_hostname: vara.kompassi.eu
# qb2.con2.fi
proxy_target: https://91.105.252.82
proxy_ssl_certificate: /srv/letsencrypt/secrets/vara.kompassi.eu/chained.pem
proxy_ssl_certificate_key: /srv/letsencrypt/secrets/vara.kompassi.eu/domain.key
# NOTE: not managed via ansible, see
# https://github.com/con2/kompassi/blob/b3f8482203a70584e3610121dc48512ff36d84d7/kubernetes/ingress/generate_backup_ingress_tls.sh
proxy_ssl_trusted_certificate: /srv/letsencrypt/secrets/vara.kompassi.eu/backup-ingress-tls.crt
- role: proxy
tags: [proxy]
proxy_hostname: vara.kirppu.tracon.fi
# qb2.con2.fi
proxy_target: https://91.105.252.82
proxy_ssl_certificate: /srv/letsencrypt/secrets/vara.kirppu.tracon.fi/chained.pem
proxy_ssl_certificate_key: /srv/letsencrypt/secrets/vara.kirppu.tracon.fi/domain.key
# NOTE: not managed via ansible, see
# https://github.com/con2/kompassi/blob/b3f8482203a70584e3610121dc48512ff36d84d7/kubernetes/ingress/generate_backup_ingress_tls.sh
proxy_ssl_trusted_certificate: /srv/letsencrypt/secrets/vara.kompassi.eu/backup-ingress-tls.crt
- role: letsencrypt
tags: [letsencrypt]
letsencrypt_domains:
- name: putki.tracon.fi
subject_alt_name: "DNS:putki.tracon.fi"
- name: vara.kompassi.eu
subject_alt_name: "DNS:vara.kompassi.eu"
- name: vara.kirppu.tracon.fi
subject_alt_name: "DNS:vara.kirppu.tracon.fi"
- hosts: atlassian_servers
gather_facts: yes
roles:
- role: atlassian
tags: [atlassian]
- role: letsencrypt
tags: [letsencrypt]
letsencrypt_domains:
- name: confluence.tracon.fi
subject_alt_name: "DNS:confluence.tracon.fi,DNS:jira.tracon.fi,DNS:crowd.tracon.fi"
- role: proxy
tags: [proxy]
proxy_hostname: infotv-insecure.tracon.fi
# nuoli.kompassi.eu
proxy_target: https://infotv.tracon.fi
proxy_ssl: false
- role: oidentd
tags: [oidentd]