inventory/host_vars/node001/main.yml

@@ -0,0 +1,8 @@
+ansible_port: "{{ vault_node001.ansible_port }}"
+ansible_user: "{{ vault_node001.ansible_user }}"
+host_backup:
+  backup:
+    hc_uid: "{{ vault_node001.backup.hc_uid }}"
+    uptime_kuma_token: "{{ vault_node001.backup.uptime_kuma_token }}"
+    volumes:
+      - minecraft-2_data

inventory/host_vars/node002/main.yml

@@ -0,0 +1,17 @@
+ansible_port: "{{ vault_node002.ansible_port }}"
+ansible_user: "{{ vault_node002.ansible_user }}"
+host_backup:
+  backup:
+    hc_uid: "{{ vault_node002.backup.hc_uid }}"
+    uptime_kuma_token: "{{ vault_node002.backup.uptime_kuma_token }}"
+    volumes:
+      - forgejo_data
+      - homebox_data
+      - influxdb_data
+      - jellyfin_config
+      #- jellyfin_media # TODO
+      - reitanlage-oranienburg_data
+      - synapse_media_store
+      - tandoor_mediafiles
+      - uptime-kuma_data
+

inventory/host_vars/node003/main.yml

@@ -0,0 +1,8 @@
+ansible_port: "{{ vault_node003.ansible_port }}"
+ansible_user: "{{ vault_node003.ansible_user }}"
+host_backup:
+  backup:
+    hc_uid: "{{ vault_node003.backup.hc_uid }}"
+    uptime_kuma_token: "{{ vault_node003.backup.uptime_kuma_token }}"
+    volumes:
+      - minio_data

inventory/serguzim.net.yml

@@ -4,47 +4,7 @@ all:
       ansible_connection: local
     node001:
       ansible_host: node001.serguzim.net
-      ansible_port: "{{ vault_node001.ansible_port }}"
-      ansible_user: "{{ vault_node001.ansible_user }}"
-      host_vpn:
-        domain: node001.vpn.serguzim.net
-        ip: 100.64.0.1
-      host_backup:
-        hc_uid: "{{ vault_node001.backup.hc_uid }}"
-        uptime_kuma_token: "{{ vault_node001.backup.uptime_kuma_token }}"
-        volumes:
-          - minecraft-2_data
-
     node002:
       ansible_host: node002.serguzim.net
-      ansible_port: "{{ vault_node002.ansible_port }}"
-      ansible_user: "{{ vault_node002.ansible_user }}"
-      host_vpn:
-        domain: node002.vpn.serguzim.net
-        ip: 100.64.0.2
-      host_backup:
-        hc_uid: "{{ vault_node002.backup.hc_uid }}"
-        uptime_kuma_token: "{{ vault_node002.backup.uptime_kuma_token }}"
-        volumes:
-          - forgejo_data
-          - homebox_data
-          - influxdb_data
-          - jellyfin_config
-          #- jellyfin_media # TODO
-          - reitanlage-oranienburg_data
-          - synapse_media_store
-          - tandoor_mediafiles
-          - uptime-kuma_data
-
     node003:
       ansible_host: node003.serguzim.net
-      ansible_port: "{{ vault_node003.ansible_port }}"
-      ansible_user: "{{ vault_node003.ansible_user }}"
-      host_vpn:
-        domain: node003.vpn.serguzim.net
-        ip: 100.64.0.3
-      host_backup:
-        hc_uid: "{{ vault_node003.backup.hc_uid }}"
-        uptime_kuma_token: "{{ vault_node003.backup.uptime_kuma_token }}"
-        volumes:
-          - minio_data

node002.yml

@@ -12,6 +12,7 @@
       tags: [caddy, reverse-proxy, webserver]
       vars:
         caddy_ports_extra:
+          - 8008:8008
           - 8448:8448
 
 

roles/backup/vars/main.yml

@@ -2,11 +2,11 @@
 backup_svc:
   name: backup
 
-backup_volumes_service: "{{ host_backup.volumes | map_backup_volumes_service }}"
+backup_volumes_service: "{{ host_backup.backup.volumes | map_backup_volumes_service }}"
 
 backup_env:
-  HC_UID: "{{ host_backup.hc_uid }}"
+  HC_UID: "{{ host_backup.backup.hc_uid }}"
-  UPTIME_KUMA_TOKEN: "{{ host_backup.uptime_kuma_token }}"
+  UPTIME_KUMA_TOKEN: "{{ host_backup.backup.uptime_kuma_token }}"
 
   RESTIC_REPOSITORY: "{{ vault_backup.restic.repository }}"
   RESTIC_PASSWORD: "{{ vault_backup.restic.password }}"
@@ -28,4 +28,4 @@ backup_compose:
           - --retry-lock=1m
         restart: never
         hostname: "{{ ansible_facts.hostname }}"
-    volumes: "{{ host_backup.volumes | map_backup_volumes }}"
+    volumes: "{{ host_backup.backup.volumes | map_backup_volumes }}"

roles/caddy/templates/Caddyfile.j2

@@ -2,7 +2,6 @@
 	email {{ admin_email }}
 
 	servers {
-		metrics
 		strict_sni_host on
 	}
 }

roles/caddy/vars/main.yml

@@ -8,15 +8,12 @@ caddy_ports_default:
   - 80:80
   - 443:443
   - 443:443/udp
-  - "{{ host_vpn.ip }}:2019:2019"
 caddy_ports: "{{ caddy_ports_default | union(caddy_ports_extra) }}"
 
 caddy_svc:
   name: caddy
 
 caddy_env:
-  CADDY_ADMIN: 0.0.0.0:2019
-
   ACMEDNS_USER: "{{ caddy_acmedns_user }}"
   ACMEDNS_PASS: "{{ caddy_acmedns_pass }}"
   ACMEDNS_SUBD: "{{ caddy_acmedns_subd }}"

roles/forgejo/vars/main.yml

@@ -8,6 +8,7 @@ forgejo_svc:
     host: "{{ postgres.host }}"
     port: "{{ postgres.port }}"
   ssh_port: 22
+  ssh_port_alt: 3022
 
 forgejo_env:
   FORGEJO__database__DB_TYPE: postgres
@@ -89,5 +90,6 @@ forgejo_compose:
       app:
         ports:
           - "{{ svc.ssh_port }}:{{ svc.ssh_port }}"
+          - "{{ svc.ssh_port_alt }}:{{ svc.ssh_port }}"
     volumes:
       data:

roles/synapse/vars/main.yml

@@ -12,8 +12,10 @@ synapse_svc:
         reverse_proxy synapse:8008
     }
   extra_svcs:
-    - domain: matrix.msrg.cc:8448
+    - domain: msrg.cc:8008
       additional_domains:
+        - matrix.msrg.cc:8448
+        - matrix.msrg.cc:8008
         - msrg.cc:8448
       docker_host: synapse
       port: 8008

roles/telegraf/vars/main.yml

@@ -8,7 +8,6 @@ telegraf_svc:
     bucket: metrics
   prometheus_unprotected:
     urls:
-      - http://node002.vpn.serguzim.net:2019/metrics
       - https://matrix.msrg.cc/_synapse/metrics
       - https://push.serguzim.me/metrics
       - https://tick.serguzim.me/metrics