diff options
author | sgk <sgk@riseup.net> | 2024-02-22 11:32:26 +0530 |
---|---|---|
committer | sgk <sgk@riseup.net> | 2024-02-22 11:32:26 +0530 |
commit | b0aab0e58b2c28e63aa128f85f2d45851c27fa31 (patch) | |
tree | 2641f383f736be1b03175fa8f22eac15397a0653 | |
parent | 9e7b91a99a40bfbe9d31b69b62a7635f69527a4e (diff) |
configure to provision demo.bitmask.net
-rw-r--r-- | group_vars/all/config.yml | 23 | ||||
-rw-r--r-- | hosts.yml | 57 |
2 files changed, 38 insertions, 42 deletions
diff --git a/group_vars/all/config.yml b/group_vars/all/config.yml index c615004..93ee49e 100644 --- a/group_vars/all/config.yml +++ b/group_vars/all/config.yml @@ -1,33 +1,34 @@ --- -float_debian_dist: bullseye +float_debian_dist: bookworm float_limit_bind_to_known_interfaces: true domain: infra.bitmask.net domain_public: - - float.bitmask.net + - demo.bitmask.net net_overlays: - name: vpn0 network: 172.16.1.0/24 enable_ssh: true enable_osquery: false alert_email: root@bitmask.net -alertmanager_smtp_from: float@bitmask.net +alertmanager_smtp_from: demo@bitmask.net alertmanager_smtp_smarthost: smtp.bitmask.net:25 alertmanager_smtp_require_tls: true alertmanager_smtp_auth_username: float alertmanager_smtp_auth_password: somepassword alertmanager_smtp_hello: float.bitmask.net -geoip_account_id: 1234 -geoip_license_key: Welcome123 +geoip_account_id: 255595 +geoip_license_key: Pufl3DucM3R4LkqF # optional: 'custom_vpn_web_domains' can be a list of additional domains # that vpnweb should respond to, eg. custom_vpn_web_domains: [api.foo.net] admins: - name: admin email: "admin@bitmask.net" - password: "$s$16384$8$1$c479e8eb722f1b071efea7826ccf9c20$96d63ebed0c64afb746026f56f71b2a1f8796c73141d2d6b1958d4ea26c60a0b" + password: "$a2$3$32768$4$1307a966235024303ac28250ac78bff6$c27653c759b3fb755406c3c9ce5264d2ae8c3775c9d2274c467365bc01474942" ssh_keys: - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICF6TDr56rmY8TMRCG5KSde0yajXktsUV3Q+7vRRN25D" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBYvrtfHSy+W4CQCkmlm2/rV1J5xpzpRVqB8SfHFtnG5" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0aQ6m/foqJlc4xSb585ZvoJWiNlkn15Jm4445yiZky" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGRfVmBUpsLdFPae/ni0NYMbb5QR87MevNggi/wHHjl" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIxNQ1ftUTzhiFklddB7r8p0F4LLkIwqFdsWpjAhIF/T" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4G2wGMcwDkui/wcln6ZXYSgOFrFHazkp5W6gsl9iu0 sgk (0xacab.org)" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB1MLvhMd/hQJ2jk9cHIO36F6bHiKKaMvd3FIrd0Bto9 sgk leap-flydeb" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJG0w53U1BJSnRFEOQz8Mv02oLDBc/+GeoIeMFDltIhO cyberta (0xacab.org)" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGRfVmBUpsLdFPae/ni0NYMbb5QR87MevNggi/wHHjl kwadronaut (0xacab.org)" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJ74YccRVXPFtUcQxSD+DiPtOEX9ht/YnHREV4sy9u1 kwadronaut (0xacab.org)" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA19eteHP+bMQZIKx/aNXDat8ZAIvc+1UGE2SbAcH6jd max-b@riseup.net" @@ -1,56 +1,51 @@ -# NOTE: This is an example hosts.yml, you will need to edit to fit your needs hosts: - floatapp1: - ansible_host: floatapp1.float.bitmask.net + donkey: + # donkey floatapp1 + ansible_host: 37.218.241.207 groups: [backend] ips: - - 37.218.241.84 + - 37.218.241.207 # The 'ip_vpn0' is for the internal network overlay only. Assign an unique # value for each host ip_vpn0: 172.16.1.1 - floatrp1: - ansible_host: floatrp1.float.bitmask.net + koala: + # koala reverse proxy + ansible_host: 37.218.241.31 groups: [frontend] ips: - - 37.218.241.85 + - 37.218.241.31 # The 'ip_vpn0' is for the internal network overlay only. Assign an unique # value for each host ip_vpn0: 172.16.1.2 - gateway1: - ansible_host: gateway1.float.bitmask.net + mullet: + ansible_host: 37.218.241.208 groups: [gateway] ips: - - 37.218.242.191 + - 37.218.241.208 + - 37.218.241.141 # The 'ip_vpn0' is for the internal network overlay only. Assign an unique # value for each host - ip_vpn0: 172.16.1.3 + # ip_vpn0: 172.16.1.3 # Set the egress source address for ipv4. This address should be distinct # from the 'ip' value above to prevent traffic leaks. - egress_ip: 37.218.242.216 + egress_ip: 37.218.241.141 + location: Miami + ansible_vpn0: 172.16.1.3 + ip_vpn0: 172.16.1.3 + cod: + ansible_host: 37.218.245.94 + groups: [gateway, bridge] + ips: + - 37.218.245.94 + - 37.218.245.4 + ip_vpn0: 172.16.1.4 + egress_ip: 37.218.245.4 location: Amsterdam - gateway2: - ansible_host: gateway2.float.bitmask.net - groups: [gateway] ip_vpn0: 172.16.1.4 - ips: - - 204.13.164.252 - # If the gateway has ipv6, assign it an address here. This address will be - # used as the incoming ipv6 address for the gateway. - - 2620:13:4000:4000:8080::252 - # Set the egress source address for ipv4. This address should be distinct - # from the 'ip' value above to prevent traffic leaks. - egress_ip: 204.13.164.84 - # For each gateway that has ipv6, you should allocate two ipv6 netblocks for - # each gateway, one for TCP and one for UDP connections. These ipv6 - # netblocks should be in a different network than the ip6 address that you - # configured above. These are used by Openvpn to allocate client IPs, and - # they will be used for egress source addresses. - openvpn_tcp_network6: "2620:13:4000:eeee:eeee:eeee:eeee:0000/116" - openvpn_udp_network6: "2620:13:4000:ffff:ffff:ffff:ffff:0000/116" - location: Seattle group_vars: all: ansible_user: root ansible_become: false testing: false disable_restricted_sysctl: true + |