group_vars/all: extracted os_defaults from general vars.yml

3 years ago · 16a72f6014
parent 88b904abc7
commit 16a72f6014
2 changed files with 92 additions and 85 deletions
--- a/group_vars/all/os_defaults.yml
+++ b/group_vars/all/os_defaults.yml
@ -0,0 +1,92 @@
+---
+# === Constants defined by OS packages / applications
+# seperated in arbitary system/kernel and applications/packages
+# each group is sorted alphabetically
+
+# general system/kernel constants
+
+global_fstab_file: "/etc/fstab"
+
+global_resolv_conf: "/etc/resolv.conf"
+global_pamd: "/etc/pam.d"
+
+global_proc_hidepid_service_whitelist:
+  - "{{ global_systemd_login_service_name }}"
+  - "{{ global_systemd_user_service_name }}"
+
+global_users_directory: "/home"
+
+# application constants
+
+global_ansible_facts_directory: "/etc/ansible/facts.d"
+
+global_apparmor_profiles_directory: "/etc/apparmor.d"
+global_apparmor_profiles_local_directory: "{{ global_apparmor_profiles_directory }}/local"
+
+global_apt_sources_directory: "/etc/apt/sources.list.d"
+
+global_bind_service_name: "named.service"
+global_bind_configuration_directory: "/etc/bind"
+global_bind_data_directory: "/var/lib/bind"
+
+global_certbot_configuration_directory: "/etc/letsencrypt"
+global_certbot_configuration_file: "{{ global_certbot_configuration_directory }}/cli.ini"
+global_certbot_certificates_directory: "/etc/letsencrypt/live"
+
+global_chromium_configuration_directory: "/etc/chromium"
+global_chromium_managed_policies_file: "{{ global_chromium_configuration_directory }}/policies/managed/managed_policies.json"
+
+global_dnsmasq_configuration_file: "/etc/dnsmasq.conf"
+global_dnsmasq_configuration_directory: "/etc/dnsmasq.d"
+
+global_docker_service_name: "docker.service"
+global_docker_configuration_directory: "/etc/docker"
+global_docker_daemon_configuration_file: "{{ global_docker_configuration_directory }}/daemon.json"
+
+global_fail2ban_service_name: "fail2ban.service"
+global_fail2ban_system_directory: "/etc/fail2ban"
+global_fail2ban_configuration_directory: "{{ global_fail2ban_system_directory }}/fail2ban.d"
+global_fail2ban_actions_directory: "{{ global_fail2ban_system_directory }}/action.d"
+global_fail2ban_filters_directory: "{{ global_fail2ban_system_directory }}/filter.d"
+global_fail2ban_jails_directory: "{{ global_fail2ban_system_directory }}/jail.d"
+
+global_interfaces_directory: "/etc/network/interfaces.d"
+
+global_lightdm_configuration_directory: "/etc/lightdm"
+
+global_log_directory: "/var/log"
+
+global_mysql_socket_path: "/var/run/mysqld/mysqld.sock"
+
+global_nfs_port: "2049" # for version 4
+global_nfs_directory: "{{ global_webservers_directory }}/nfs"
+
+global_nginx_system_user: www-data
+global_nginx_service_name: "nginx.service"
+global_nginx_installation_directory: "/etc/nginx"
+
+global_plymouth_themes_directory: "/usr/share/plymouth/themes"
+
+global_redis_configuration_directory: "/etc/redis"
+global_redis_service_name: "redis-server.service"
+
+global_ssh_service_name: "sshd.service"
+global_ssh_configuration_directory: "/etc/ssh/"
+global_ssh_configuration_environment_directory: "{{ global_configuration_environment_directory }}/ssh"
+global_ssh_configuration_link_name: "config"
+global_ssh_configuration_link: "{{ global_ssh_configuration_environment_directory }}/{{ global_ssh_configuration_link_name }}"
+
+global_sudoers_directory: "/etc/sudoers.d"
+
+global_wireguard_configuration_directory: "/etc/wireguard"
+
+global_systemd_preset_directory: "/lib/systemd/system"
+global_systemd_configuration_directory: "/etc/systemd/system"
+global_systemd_journal_configuration_directory: "/etc/systemd/journald.conf.d"
+global_systemd_login_service_name: "systemd-logind.service"
+global_systemd_network_directory: "/etc/systemd/network"
+global_systemd_network_service_name: "systemd-networkd.service"
+global_systemd_network_system_user: "systemd-network"
+global_systemd_user_service_name: "user@.service"
+
+global_zsh_antigen_source: "/usr/share/zsh-antigen/antigen.zsh"
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -96,36 +96,8 @@ raspbian_repository_mirror: "http://raspbian.raspberrypi.org/raspbian/"
 raspbian_archive_repository_mirror: "http://archive.raspberrypi.org/debian/"
 raspbian_repository_use_sources: yes

-# System configuration
-
-global_fstab_file: "/etc/fstab"
-
-global_proc_hidepid_service_whitelist:
-  - "{{ global_systemd_login_service_name }}"
-  - "{{ global_systemd_user_service_name }}"
-
-global_users_directory: "/home"
-
 # Application configurations

-global_ansible_facts_directory: "/etc/ansible/facts.d"
-
-global_apparmor_profiles_directory: "/etc/apparmor.d"
-global_apparmor_profiles_local_directory: "{{ global_apparmor_profiles_directory }}/local"
-
-global_apt_sources_directory: "/etc/apt/sources.list.d"
-
-global_bind_service_name: "named.service"
-global_bind_configuration_directory: "/etc/bind"
-global_bind_data_directory: "/var/lib/bind"
-
-global_certbot_configuration_directory: "/etc/letsencrypt"
-global_certbot_configuration_file: "{{ global_certbot_configuration_directory }}/cli.ini"
-global_certbot_certificates_directory: "/etc/letsencrypt/live"
-
-global_chromium_configuration_directory: "/etc/chromium"
-global_chromium_managed_policies_file: "{{ global_chromium_configuration_directory }}/policies/managed/managed_policies.json"
-
 global_dns_upstream_servers:
  # Quad9 DNS with DNSSEC support, without EDNS
  - "9.9.9.9"
@ -133,73 +105,16 @@ global_dns_upstream_servers:
  - "2620:fe::fe"
  - "2620:fe::9"

-global_dnsmasq_configuration_file: "/etc/dnsmasq.conf"
-global_dnsmasq_configuration_directory: "/etc/dnsmasq.d"
-
-global_docker_service_name: "docker.service"
-global_docker_configuration_directory: "/etc/docker"
-global_docker_daemon_configuration_file: "{{ global_docker_configuration_directory }}/daemon.json"
-
-global_fail2ban_service_name: "fail2ban.service"
-global_fail2ban_system_directory: "/etc/fail2ban"
-global_fail2ban_configuration_directory: "{{ global_fail2ban_system_directory }}/fail2ban.d"
-global_fail2ban_actions_directory: "{{ global_fail2ban_system_directory }}/action.d"
-global_fail2ban_filters_directory: "{{ global_fail2ban_system_directory }}/filter.d"
-global_fail2ban_jails_directory: "{{ global_fail2ban_system_directory }}/jail.d"
-
 global_ip_discover_url: "https://keys.banananet.work/ping"
 global_ip_discover_register_pass: "{{ lookup('password', 'credentials/ip_discover/register_pass chars=digits,ascii_letters length=256') }}"

-global_interfaces_directory: "/etc/network/interfaces.d"
-
-global_lightdm_configuration_directory: "/etc/lightdm"
-
-global_log_directory: "/var/log"
-
-global_mysql_socket_path: "/var/run/mysqld/mysqld.sock"
-
-global_nfs_port: "2049" # for version 4
-global_nfs_directory: "{{ global_webservers_directory }}/nfs"
-
-global_nginx_system_user: www-data
-global_nginx_service_name: "nginx.service"
-global_nginx_installation_directory: "/etc/nginx"
-
-global_pamd: "/etc/pam.d"
-
-global_plymouth_themes_directory: "/usr/share/plymouth/themes"
-
-global_redis_configuration_directory: "/etc/redis"
-global_redis_service_name: "redis-server.service"
-
-global_resolv_conf: "/etc/resolv.conf"
-
-global_ssh_service_name: "sshd.service"
-global_ssh_configuration_directory: "/etc/ssh/"
-global_ssh_configuration_environment_directory: "{{ global_configuration_environment_directory }}/ssh"
-global_ssh_configuration_link_name: "config"
-global_ssh_configuration_link: "{{ global_ssh_configuration_environment_directory }}/{{ global_ssh_configuration_link_name }}"
-
-global_sudoers_directory: "/etc/sudoers.d"
-
-global_wireguard_configuration_directory: "/etc/wireguard"
 global_wireguard_port: 51820
 global_wireguard_ipv4_subnet: 22
 global_wireguard_ipv4_netmask: "{{ ('0.0.0.0/' + (global_wireguard_ipv4_subnet | string)) | ipaddr('netmask') }}"
 global_wireguard_ipv4_range: "10.162.4.0/{{ global_wireguard_ipv4_subnet }}"
 # TODO Wireguard IPv6 Support

-global_systemd_preset_directory: "/lib/systemd/system"
-global_systemd_configuration_directory: "/etc/systemd/system"
-global_systemd_journal_configuration_directory: "/etc/systemd/journald.conf.d"
 global_systemd_journal_max_storage: 1G
-global_systemd_login_service_name: "systemd-logind.service"
-global_systemd_network_directory: "/etc/systemd/network"
-global_systemd_network_service_name: "systemd-networkd.service"
-global_systemd_network_system_user: "systemd-network"
-global_systemd_user_service_name: "user@.service"
-
-global_zsh_antigen_source: "/usr/share/zsh-antigen/antigen.zsh"

 # Miscellaneous