home-stack-ansible/group_vars/all.yml

users:
  marchambault:
    # generated with `openssl passwd -salt <salt> -1 <plaintext>`
    default_password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          35393364373830636539356334653263306262613038643231313762626537383637616534643237
          3433636332383765653665643235633464343433636435300a623365666266366665363966303033
          34656561653763636438303166363631636138616563636331323866643166323232353834376165
          3939303664343638300a326131333663333365373036666634363235636663333465343337313638
          39356365633332643132336438373131313239653231383735656436636332303034303466626232
          3461626364346238666434303839373839633661616166613364
    authorized_keys:
      - https://github.com/badjware.keys

haproxy:
  routing:
    https:
      - frontend:
          - cloud.badjware.dev
          - code.badjware.dev
          - drone.badjware.dev
          - ci.badjware.dev
          - grafana.badjware.dev
          - jellyfin.badjware.dev
          - actual.badjware.dev
        backend:
          - server: 192.168.20.20:8443
          - server: 192.168.20.21:8443
          - server: 192.168.20.22:8443
          - server: 192.168.20.23:8443
          - server: 192.168.20.24:8443
          - server: 192.168.20.20
            extra_param: backup
          - server: 192.168.20.21
            extra_param: backup
          - server: 192.168.20.22
            extra_param: backup
          - server: 192.168.20.23
            extra_param: backup
          - server: 192.168.20.24
            extra_param: backup
      - frontend:
          - longhorn.badjware.dev
          - traefik.badjware.dev
          - prometheus.badjware.dev
          - deluge.badjware.dev
        backend:
          - server: 192.168.20.20:8443
          - server: 192.168.20.21:8443
          - server: 192.168.20.22:8443
          - server: 192.168.20.23:8443
          - server: 192.168.20.24:8443
          - server: 192.168.20.20
            extra_param: backup
          - server: 192.168.20.21
            extra_param: backup
          - server: 192.168.20.22
            extra_param: backup
          - server: 192.168.20.23
            extra_param: backup
          - server: 192.168.20.24
            extra_param: backup
        allowlist:
          - 127.0.0.1
          - 192.168.20.20/24
          - 192.168.30.20/24
          - 10.100.0.0/24
      - frontend:
          - hass.badjware.dev
        backend:
          - server: 192.168.31.20:8123
        ssl: false
      - frontend:
          - zigbee2mqtt.badjware.dev
        backend:
          - server: 192.168.31.20:8080
        allowlist:
          - 192.168.30.20 # only allow pallet
        ssl: false
      - frontend:
          - s3.badjware.dev
        backend:
          - server: 192.168.20.30:9000
        ssl: false
      # - frontend:
      #     - kubernetes-dashboard.badjnet.home
      #     - traefik.badjnet.home
      #     - longhorn.badjnet.home
      #     - grafana.badjnet.home
      #     - prometheus.badjnet.home
      #   backend:
      #     - 192.168.20.20
      #     - 192.168.20.21
      #     - 192.168.20.22
      #     - 192.168.20.23
    tcp:
      - frontend: "30022" # gitea-ssh
        backend:
          - server: 192.168.20.20:2222
          - server: 192.168.20.21:2222
          - server: 192.168.20.22:2222
          - server: 192.168.20.23:2222
          - server: 192.168.20.24:2222
          - server: 192.168.20.20:30022
            extra_param: backup
          - server: 192.168.20.21:30022
            extra_param: backup
          - server: 192.168.20.22:30022
            extra_param: backup
          - server: 192.168.20.23:30022
            extra_param: backup
          - server: 192.168.20.24:30022
            extra_param: backup
      - frontend: "58846" # deluge-daemon
        backend:
          - server: 192.168.20.20:58846
          - server: 192.168.20.21:58846
          - server: 192.168.20.22:58846
          - server: 192.168.20.23:58846
          - server: 192.168.20.24:58846
          - server: 192.168.20.20:31000
            extra_param: backup
          - server: 192.168.20.21:31000
            extra_param: backup
          - server: 192.168.20.22:31000
            extra_param: backup
          - server: 192.168.20.23:31000
            extra_param: backup
          - server: 192.168.20.24:31000
            extra_param: backup
      - frontend: "6881" # deluge-torrent
        backend:
          - server: 192.168.20.20:6881
          - server: 192.168.20.21:6881
          - server: 192.168.20.22:6881
          - server: 192.168.20.23:6881
          - server: 192.168.20.24:6881
          - server: 192.168.20.20:31001
            extra_param: backup
          - server: 192.168.20.21:31001
            extra_param: backup
          - server: 192.168.20.22:31001
            extra_param: backup
          - server: 192.168.20.23:31001
            extra_param: backup
          - server: 192.168.20.24:31001
            extra_param: backup

letsencrypt:
  domains:
    - badjware.dev
    - '*.badjware.dev'
  email: marchambault@badjware.dev
  digitalocean:
    token: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          35643864626166636564363831336663363335356530316464353864643030316662633230343763
          3439343831386632366137376137383936396164646237640a633132356332636134653832666636
          63386235636632613666393036643737633635613139326362353166653264633536633037306632
          3461313436326139330a366265343131366436653635623138373736353262653633666337623935
          31653964336664313261373031613566636337643934316430306638626631633434366164306639
          30616238613334633933343339393938326561633036633062323463636161336665373732626330
          37386264353239353435643266333033353931336637343038353765396134333763386637653638
          35343739666634323562

wireguard:
  address: 10.100.0.1/24
  port: 7353
  peers:
      # pixel
    - public_key: 3mkPtY29F3/0WhSIEUkSAHJexJWOJfFzc6LOzBX9Hjc=
      allowed_ips: 10.100.0.2/32
      # pallet
    - public_key: ZbLgn0EnkKbv8L6nxysix/fRoASNGFIIvEuLn/aLbm4=
      allowed_ips: 10.100.0.3/32

homeassistant:
  version: 2024.1.3

zigbee2mqtt:
  serial:
    port: /dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0
initial commit 2021-08-25 04:33:56 +00:00			`users:`
			`marchambault:`
			# generated with `openssl passwd -salt <salt> -1 <plaintext>`
			`default_password: !vault \|`
			`$ANSIBLE_VAULT;1.1;AES256`
			`35393364373830636539356334653263306262613038643231313762626537383637616534643237`
			`3433636332383765653665643235633464343433636435300a623365666266366665363966303033`
			`34656561653763636438303166363631636138616563636331323866643166323232353834376165`
			`3939303664343638300a326131333663333365373036666634363235636663333465343337313638`
			`39356365633332643132336438373131313239653231383735656436636332303034303466626232`
			`3461626364346238666434303839373839633661616166613364`
			`authorized_keys:`
			`- https://github.com/badjware.keys`
cleanup bastion 2023-02-20 15:37:36 +00:00
			`haproxy:`
			`routing:`
			`https:`
			`- frontend:`
			`- cloud.badjware.dev`
			`- code.badjware.dev`
			`- drone.badjware.dev`
bump k3s to v1.24.10+k3s1 2023-03-10 03:50:26 +00:00			`- ci.badjware.dev`
cleanup bastion 2023-02-20 15:37:36 +00:00			`- grafana.badjware.dev`
add deluge 2023-09-22 05:06:59 +00:00			`- jellyfin.badjware.dev`
setup home-assistant with zigbee2mqtt 2024-01-16 22:42:39 +00:00			`- actual.badjware.dev`
cleanup bastion 2023-02-20 15:37:36 +00:00			`backend:`
configure proxy to prefer hostport and use nodeport as backup only 2023-09-22 05:21:21 +00:00			`- server: 192.168.20.20:8443`
			`- server: 192.168.20.21:8443`
			`- server: 192.168.20.22:8443`
			`- server: 192.168.20.23:8443`
			`- server: 192.168.20.24:8443`
cleanup bastion 2023-02-20 15:37:36 +00:00			`- server: 192.168.20.20`
configure proxy to prefer hostport and use nodeport as backup only 2023-09-22 05:21:21 +00:00			`extra_param: backup`
cleanup bastion 2023-02-20 15:37:36 +00:00			`- server: 192.168.20.21`
			`extra_param: backup`
			`- server: 192.168.20.22`
			`extra_param: backup`
			`- server: 192.168.20.23`
			`extra_param: backup`
			`- server: 192.168.20.24`
			`extra_param: backup`
better logging 2023-06-07 18:22:35 +00:00			`- frontend:`
add allowlist support 2023-06-09 05:11:35 +00:00			`- longhorn.badjware.dev`
			`- traefik.badjware.dev`
cleanup haproxy config 2023-06-09 05:21:05 +00:00			`- prometheus.badjware.dev`
add deluge 2023-09-22 05:06:59 +00:00			`- deluge.badjware.dev`
better logging 2023-06-07 18:22:35 +00:00			`backend:`
configure proxy to prefer hostport and use nodeport as backup only 2023-09-22 05:21:21 +00:00			`- server: 192.168.20.20:8443`
			`- server: 192.168.20.21:8443`
			`- server: 192.168.20.22:8443`
			`- server: 192.168.20.23:8443`
			`- server: 192.168.20.24:8443`
better logging 2023-06-07 18:22:35 +00:00			`- server: 192.168.20.20`
configure proxy to prefer hostport and use nodeport as backup only 2023-09-22 05:21:21 +00:00			`extra_param: backup`
better logging 2023-06-07 18:22:35 +00:00			`- server: 192.168.20.21`
			`extra_param: backup`
			`- server: 192.168.20.22`
			`extra_param: backup`
			`- server: 192.168.20.23`
			`extra_param: backup`
			`- server: 192.168.20.24`
			`extra_param: backup`
add allowlist support 2023-06-09 05:11:35 +00:00			`allowlist:`
			`- 127.0.0.1`
			`- 192.168.20.20/24`
			`- 192.168.30.20/24`
setup home-assistant with zigbee2mqtt 2024-01-16 22:42:39 +00:00			`- 10.100.0.0/24`
			`- frontend:`
			`- hass.badjware.dev`
			`backend:`
			`- server: 192.168.31.20:8123`
			`ssl: false`
			`- frontend:`
			`- zigbee2mqtt.badjware.dev`
			`backend:`
			`- server: 192.168.31.20:8080`
			`allowlist:`
			`- 192.168.30.20 # only allow pallet`
			`ssl: false`
cleanup bastion 2023-02-20 15:37:36 +00:00			`- frontend:`
			`- s3.badjware.dev`
			`backend:`
			`- server: 192.168.20.30:9000`
			`ssl: false`
			`# - frontend:`
			`# - kubernetes-dashboard.badjnet.home`
			`# - traefik.badjnet.home`
			`# - longhorn.badjnet.home`
			`# - grafana.badjnet.home`
			`# - prometheus.badjnet.home`
			`# backend:`
			`# - 192.168.20.20`
			`# - 192.168.20.21`
			`# - 192.168.20.22`
			`# - 192.168.20.23`
			`tcp:`
add deluge 2023-09-22 05:06:59 +00:00			`- frontend: "30022" # gitea-ssh`
cleanup bastion 2023-02-20 15:37:36 +00:00			`backend:`
configure proxy to prefer hostport and use nodeport as backup only 2023-09-22 05:21:21 +00:00			`- server: 192.168.20.20:2222`
			`- server: 192.168.20.21:2222`
			`- server: 192.168.20.22:2222`
			`- server: 192.168.20.23:2222`
			`- server: 192.168.20.24:2222`
cleanup bastion 2023-02-20 15:37:36 +00:00			`- server: 192.168.20.20:30022`
configure proxy to prefer hostport and use nodeport as backup only 2023-09-22 05:21:21 +00:00			`extra_param: backup`
cleanup bastion 2023-02-20 15:37:36 +00:00			`- server: 192.168.20.21:30022`
			`extra_param: backup`
			`- server: 192.168.20.22:30022`
			`extra_param: backup`
			`- server: 192.168.20.23:30022`
			`extra_param: backup`
			`- server: 192.168.20.24:30022`
			`extra_param: backup`
add deluge 2023-09-22 05:06:59 +00:00			`- frontend: "58846" # deluge-daemon`
			`backend:`
			`- server: 192.168.20.20:58846`
			`- server: 192.168.20.21:58846`
			`- server: 192.168.20.22:58846`
			`- server: 192.168.20.23:58846`
			`- server: 192.168.20.24:58846`
			`- server: 192.168.20.20:31000`
			`extra_param: backup`
			`- server: 192.168.20.21:31000`
			`extra_param: backup`
			`- server: 192.168.20.22:31000`
			`extra_param: backup`
			`- server: 192.168.20.23:31000`
			`extra_param: backup`
			`- server: 192.168.20.24:31000`
			`extra_param: backup`
			`- frontend: "6881" # deluge-torrent`
			`backend:`
			`- server: 192.168.20.20:6881`
			`- server: 192.168.20.21:6881`
			`- server: 192.168.20.22:6881`
			`- server: 192.168.20.23:6881`
			`- server: 192.168.20.24:6881`
			`- server: 192.168.20.20:31001`
			`extra_param: backup`
			`- server: 192.168.20.21:31001`
			`extra_param: backup`
			`- server: 192.168.20.22:31001`
			`extra_param: backup`
			`- server: 192.168.20.23:31001`
			`extra_param: backup`
			`- server: 192.168.20.24:31001`
			`extra_param: backup`
cleanup bastion 2023-02-20 15:37:36 +00:00
			`letsencrypt:`
			`domains:`
			`- badjware.dev`
			`- '*.badjware.dev'`
			`email: marchambault@badjware.dev`
			`digitalocean:`
			`token: !vault \|`
			`$ANSIBLE_VAULT;1.1;AES256`
			`35643864626166636564363831336663363335356530316464353864643030316662633230343763`
			`3439343831386632366137376137383936396164646237640a633132356332636134653832666636`
			`63386235636632613666393036643737633635613139326362353166653264633536633037306632`
			`3461313436326139330a366265343131366436653635623138373736353262653633666337623935`
			`31653964336664313261373031613566636337643934316430306638626631633434366164306639`
			`30616238613334633933343339393938326561633036633062323463636161336665373732626330`
			`37386264353239353435643266333033353931336637343038353765396134333763386637653638`
add wireguard 2023-12-23 21:36:22 +00:00			`35343739666634323562`

			`wireguard:`
			`address: 10.100.0.1/24`
			`port: 7353`
			`peers:`
			`# pixel`
			`- public_key: 3mkPtY29F3/0WhSIEUkSAHJexJWOJfFzc6LOzBX9Hjc=`
			`allowed_ips: 10.100.0.2/32`
			`# pallet`
setup home-assistant with zigbee2mqtt 2024-01-16 22:42:39 +00:00			`- public_key: ZbLgn0EnkKbv8L6nxysix/fRoASNGFIIvEuLn/aLbm4=`
			`allowed_ips: 10.100.0.3/32`

			`homeassistant:`
			`version: 2024.1.3`

			`zigbee2mqtt:`
			`serial:`
			`port: /dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0`