From 16a72f60149be4be63f961273a8f525fd47e0d6a Mon Sep 17 00:00:00 2001 From: Felix Stupp Date: Mon, 24 May 2021 14:05:37 +0200 Subject: [PATCH] group_vars/all: extracted os_defaults from general vars.yml --- group_vars/all/os_defaults.yml | 92 ++++++++++++++++++++++++++++++++++ group_vars/all/vars.yml | 85 ------------------------------- 2 files changed, 92 insertions(+), 85 deletions(-) create mode 100644 group_vars/all/os_defaults.yml diff --git a/group_vars/all/os_defaults.yml b/group_vars/all/os_defaults.yml new file mode 100644 index 0000000..ac49ba3 --- /dev/null +++ b/group_vars/all/os_defaults.yml @@ -0,0 +1,92 @@ +--- +# === Constants defined by OS packages / applications +# seperated in arbitary system/kernel and applications/packages +# each group is sorted alphabetically + +# general system/kernel constants + +global_fstab_file: "/etc/fstab" + +global_resolv_conf: "/etc/resolv.conf" +global_pamd: "/etc/pam.d" + +global_proc_hidepid_service_whitelist: + - "{{ global_systemd_login_service_name }}" + - "{{ global_systemd_user_service_name }}" + +global_users_directory: "/home" + +# application constants + +global_ansible_facts_directory: "/etc/ansible/facts.d" + +global_apparmor_profiles_directory: "/etc/apparmor.d" +global_apparmor_profiles_local_directory: "{{ global_apparmor_profiles_directory }}/local" + +global_apt_sources_directory: "/etc/apt/sources.list.d" + +global_bind_service_name: "named.service" +global_bind_configuration_directory: "/etc/bind" +global_bind_data_directory: "/var/lib/bind" + +global_certbot_configuration_directory: "/etc/letsencrypt" +global_certbot_configuration_file: "{{ global_certbot_configuration_directory }}/cli.ini" +global_certbot_certificates_directory: "/etc/letsencrypt/live" + +global_chromium_configuration_directory: "/etc/chromium" +global_chromium_managed_policies_file: "{{ global_chromium_configuration_directory }}/policies/managed/managed_policies.json" + +global_dnsmasq_configuration_file: "/etc/dnsmasq.conf" +global_dnsmasq_configuration_directory: "/etc/dnsmasq.d" + +global_docker_service_name: "docker.service" +global_docker_configuration_directory: "/etc/docker" +global_docker_daemon_configuration_file: "{{ global_docker_configuration_directory }}/daemon.json" + +global_fail2ban_service_name: "fail2ban.service" +global_fail2ban_system_directory: "/etc/fail2ban" +global_fail2ban_configuration_directory: "{{ global_fail2ban_system_directory }}/fail2ban.d" +global_fail2ban_actions_directory: "{{ global_fail2ban_system_directory }}/action.d" +global_fail2ban_filters_directory: "{{ global_fail2ban_system_directory }}/filter.d" +global_fail2ban_jails_directory: "{{ global_fail2ban_system_directory }}/jail.d" + +global_interfaces_directory: "/etc/network/interfaces.d" + +global_lightdm_configuration_directory: "/etc/lightdm" + +global_log_directory: "/var/log" + +global_mysql_socket_path: "/var/run/mysqld/mysqld.sock" + +global_nfs_port: "2049" # for version 4 +global_nfs_directory: "{{ global_webservers_directory }}/nfs" + +global_nginx_system_user: www-data +global_nginx_service_name: "nginx.service" +global_nginx_installation_directory: "/etc/nginx" + +global_plymouth_themes_directory: "/usr/share/plymouth/themes" + +global_redis_configuration_directory: "/etc/redis" +global_redis_service_name: "redis-server.service" + +global_ssh_service_name: "sshd.service" +global_ssh_configuration_directory: "/etc/ssh/" +global_ssh_configuration_environment_directory: "{{ global_configuration_environment_directory }}/ssh" +global_ssh_configuration_link_name: "config" +global_ssh_configuration_link: "{{ global_ssh_configuration_environment_directory }}/{{ global_ssh_configuration_link_name }}" + +global_sudoers_directory: "/etc/sudoers.d" + +global_wireguard_configuration_directory: "/etc/wireguard" + +global_systemd_preset_directory: "/lib/systemd/system" +global_systemd_configuration_directory: "/etc/systemd/system" +global_systemd_journal_configuration_directory: "/etc/systemd/journald.conf.d" +global_systemd_login_service_name: "systemd-logind.service" +global_systemd_network_directory: "/etc/systemd/network" +global_systemd_network_service_name: "systemd-networkd.service" +global_systemd_network_system_user: "systemd-network" +global_systemd_user_service_name: "user@.service" + +global_zsh_antigen_source: "/usr/share/zsh-antigen/antigen.zsh" diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index daa46f5..415ca23 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -96,36 +96,8 @@ raspbian_repository_mirror: "http://raspbian.raspberrypi.org/raspbian/" raspbian_archive_repository_mirror: "http://archive.raspberrypi.org/debian/" raspbian_repository_use_sources: yes -# System configuration - -global_fstab_file: "/etc/fstab" - -global_proc_hidepid_service_whitelist: - - "{{ global_systemd_login_service_name }}" - - "{{ global_systemd_user_service_name }}" - -global_users_directory: "/home" - # Application configurations -global_ansible_facts_directory: "/etc/ansible/facts.d" - -global_apparmor_profiles_directory: "/etc/apparmor.d" -global_apparmor_profiles_local_directory: "{{ global_apparmor_profiles_directory }}/local" - -global_apt_sources_directory: "/etc/apt/sources.list.d" - -global_bind_service_name: "named.service" -global_bind_configuration_directory: "/etc/bind" -global_bind_data_directory: "/var/lib/bind" - -global_certbot_configuration_directory: "/etc/letsencrypt" -global_certbot_configuration_file: "{{ global_certbot_configuration_directory }}/cli.ini" -global_certbot_certificates_directory: "/etc/letsencrypt/live" - -global_chromium_configuration_directory: "/etc/chromium" -global_chromium_managed_policies_file: "{{ global_chromium_configuration_directory }}/policies/managed/managed_policies.json" - global_dns_upstream_servers: # Quad9 DNS with DNSSEC support, without EDNS - "9.9.9.9" @@ -133,73 +105,16 @@ global_dns_upstream_servers: - "2620:fe::fe" - "2620:fe::9" -global_dnsmasq_configuration_file: "/etc/dnsmasq.conf" -global_dnsmasq_configuration_directory: "/etc/dnsmasq.d" - -global_docker_service_name: "docker.service" -global_docker_configuration_directory: "/etc/docker" -global_docker_daemon_configuration_file: "{{ global_docker_configuration_directory }}/daemon.json" - -global_fail2ban_service_name: "fail2ban.service" -global_fail2ban_system_directory: "/etc/fail2ban" -global_fail2ban_configuration_directory: "{{ global_fail2ban_system_directory }}/fail2ban.d" -global_fail2ban_actions_directory: "{{ global_fail2ban_system_directory }}/action.d" -global_fail2ban_filters_directory: "{{ global_fail2ban_system_directory }}/filter.d" -global_fail2ban_jails_directory: "{{ global_fail2ban_system_directory }}/jail.d" - global_ip_discover_url: "https://keys.banananet.work/ping" global_ip_discover_register_pass: "{{ lookup('password', 'credentials/ip_discover/register_pass chars=digits,ascii_letters length=256') }}" -global_interfaces_directory: "/etc/network/interfaces.d" - -global_lightdm_configuration_directory: "/etc/lightdm" - -global_log_directory: "/var/log" - -global_mysql_socket_path: "/var/run/mysqld/mysqld.sock" - -global_nfs_port: "2049" # for version 4 -global_nfs_directory: "{{ global_webservers_directory }}/nfs" - -global_nginx_system_user: www-data -global_nginx_service_name: "nginx.service" -global_nginx_installation_directory: "/etc/nginx" - -global_pamd: "/etc/pam.d" - -global_plymouth_themes_directory: "/usr/share/plymouth/themes" - -global_redis_configuration_directory: "/etc/redis" -global_redis_service_name: "redis-server.service" - -global_resolv_conf: "/etc/resolv.conf" - -global_ssh_service_name: "sshd.service" -global_ssh_configuration_directory: "/etc/ssh/" -global_ssh_configuration_environment_directory: "{{ global_configuration_environment_directory }}/ssh" -global_ssh_configuration_link_name: "config" -global_ssh_configuration_link: "{{ global_ssh_configuration_environment_directory }}/{{ global_ssh_configuration_link_name }}" - -global_sudoers_directory: "/etc/sudoers.d" - -global_wireguard_configuration_directory: "/etc/wireguard" global_wireguard_port: 51820 global_wireguard_ipv4_subnet: 22 global_wireguard_ipv4_netmask: "{{ ('0.0.0.0/' + (global_wireguard_ipv4_subnet | string)) | ipaddr('netmask') }}" global_wireguard_ipv4_range: "10.162.4.0/{{ global_wireguard_ipv4_subnet }}" # TODO Wireguard IPv6 Support -global_systemd_preset_directory: "/lib/systemd/system" -global_systemd_configuration_directory: "/etc/systemd/system" -global_systemd_journal_configuration_directory: "/etc/systemd/journald.conf.d" global_systemd_journal_max_storage: 1G -global_systemd_login_service_name: "systemd-logind.service" -global_systemd_network_directory: "/etc/systemd/network" -global_systemd_network_service_name: "systemd-networkd.service" -global_systemd_network_system_user: "systemd-network" -global_systemd_user_service_name: "user@.service" - -global_zsh_antigen_source: "/usr/share/zsh-antigen/antigen.zsh" # Miscellaneous