configure to provision demo.bitmask.net

author: sgk <sgk@riseup.net> 2024-02-22 11:32:26 +0530
committer: sgk <sgk@riseup.net> 2024-02-22 11:32:26 +0530
commit: b0aab0e58b2c28e63aa128f85f2d45851c27fa31 (patch)
tree: 2641f383f736be1b03175fa8f22eac15397a0653
parent: 9e7b91a99a40bfbe9d31b69b62a7635f69527a4e (diff)
2 files changed, 38 insertions, 42 deletions
diff --git a/group_vars/all/config.yml b/group_vars/all/config.yml
index c615004..93ee49e 100644
--- a/group_vars/all/config.yml
+++ b/group_vars/all/config.yml
@@ -1,33 +1,34 @@
 ---
-float_debian_dist: bullseye
+float_debian_dist: bookworm 
 float_limit_bind_to_known_interfaces: true
 domain: infra.bitmask.net
 domain_public:
-  - float.bitmask.net
+  - demo.bitmask.net
 net_overlays:
   - name: vpn0
     network: 172.16.1.0/24
 enable_ssh: true
 enable_osquery: false
 alert_email: root@bitmask.net
-alertmanager_smtp_from: float@bitmask.net
+alertmanager_smtp_from: demo@bitmask.net
 alertmanager_smtp_smarthost: smtp.bitmask.net:25
 alertmanager_smtp_require_tls: true
 alertmanager_smtp_auth_username: float
 alertmanager_smtp_auth_password: somepassword
 alertmanager_smtp_hello: float.bitmask.net
-geoip_account_id: 1234
-geoip_license_key: Welcome123
+geoip_account_id: 255595
+geoip_license_key: Pufl3DucM3R4LkqF
 # optional: 'custom_vpn_web_domains' can be a list of additional domains
 # that vpnweb should respond to, eg. custom_vpn_web_domains: [api.foo.net]
 
 admins:
   - name: admin
     email: "admin@bitmask.net"
-    password: "$s$16384$8$1$c479e8eb722f1b071efea7826ccf9c20$96d63ebed0c64afb746026f56f71b2a1f8796c73141d2d6b1958d4ea26c60a0b"
+    password: "$a2$3$32768$4$1307a966235024303ac28250ac78bff6$c27653c759b3fb755406c3c9ce5264d2ae8c3775c9d2274c467365bc01474942"
     ssh_keys:
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICF6TDr56rmY8TMRCG5KSde0yajXktsUV3Q+7vRRN25D"
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBYvrtfHSy+W4CQCkmlm2/rV1J5xpzpRVqB8SfHFtnG5"
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0aQ6m/foqJlc4xSb585ZvoJWiNlkn15Jm4445yiZky"
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGRfVmBUpsLdFPae/ni0NYMbb5QR87MevNggi/wHHjl"
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIxNQ1ftUTzhiFklddB7r8p0F4LLkIwqFdsWpjAhIF/T"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4G2wGMcwDkui/wcln6ZXYSgOFrFHazkp5W6gsl9iu0 sgk (0xacab.org)"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB1MLvhMd/hQJ2jk9cHIO36F6bHiKKaMvd3FIrd0Bto9 sgk leap-flydeb"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJG0w53U1BJSnRFEOQz8Mv02oLDBc/+GeoIeMFDltIhO cyberta (0xacab.org)"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGRfVmBUpsLdFPae/ni0NYMbb5QR87MevNggi/wHHjl kwadronaut (0xacab.org)"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJ74YccRVXPFtUcQxSD+DiPtOEX9ht/YnHREV4sy9u1 kwadronaut (0xacab.org)"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA19eteHP+bMQZIKx/aNXDat8ZAIvc+1UGE2SbAcH6jd max-b@riseup.net"
diff --git a/hosts.yml b/hosts.yml
index 48ce324..5fd9622 100644
--- a/hosts.yml
+++ b/hosts.yml
@@ -1,56 +1,51 @@
-# NOTE: This is an example hosts.yml, you will need to edit to fit your needs
 hosts:
-  floatapp1:
-    ansible_host: floatapp1.float.bitmask.net
+  donkey:
+    # donkey floatapp1
+    ansible_host: 37.218.241.207
     groups: [backend]
     ips:
-      - 37.218.241.84
+      - 37.218.241.207
     # The 'ip_vpn0' is for the internal network overlay only. Assign an unique
     # value for each host
     ip_vpn0: 172.16.1.1
-  floatrp1:
-    ansible_host: floatrp1.float.bitmask.net
+  koala:  
+    # koala reverse proxy
+    ansible_host: 37.218.241.31
     groups: [frontend]
     ips:
-      - 37.218.241.85
+      - 37.218.241.31
     # The 'ip_vpn0' is for the internal network overlay only. Assign an unique
     # value for each host
     ip_vpn0: 172.16.1.2
-  gateway1:
-    ansible_host: gateway1.float.bitmask.net
+  mullet:
+    ansible_host: 37.218.241.208
     groups: [gateway]
     ips:
-      - 37.218.242.191
+      - 37.218.241.208
+      - 37.218.241.141
     # The 'ip_vpn0' is for the internal network overlay only. Assign an unique
     # value for each host
-    ip_vpn0: 172.16.1.3
+    #    ip_vpn0: 172.16.1.3
     # Set the egress source address for ipv4. This address should be distinct
     # from the 'ip' value above to prevent traffic leaks.
-    egress_ip: 37.218.242.216
+    egress_ip: 37.218.241.141
+    location: Miami
+    ansible_vpn0: 172.16.1.3
+    ip_vpn0: 172.16.1.3
+  cod:
+    ansible_host: 37.218.245.94
+    groups: [gateway, bridge]
+    ips:
+      - 37.218.245.94
+      - 37.218.245.4
+    ip_vpn0: 172.16.1.4
+    egress_ip: 37.218.245.4
     location: Amsterdam
-  gateway2:
-    ansible_host: gateway2.float.bitmask.net
-    groups: [gateway]
     ip_vpn0: 172.16.1.4
-    ips:
-      - 204.13.164.252
-    # If the gateway has ipv6, assign it an address here. This address will be
-    # used as the incoming ipv6 address for the gateway.
-      - 2620:13:4000:4000:8080::252
-    # Set the egress source address for ipv4. This address should be distinct
-    # from the 'ip' value above to prevent traffic leaks.
-    egress_ip: 204.13.164.84
-    # For each gateway that has ipv6, you should allocate two ipv6 netblocks for
-    # each gateway, one for TCP and one for UDP connections. These ipv6
-    # netblocks should be in a different network than the ip6 address that you
-    # configured above. These are used by Openvpn to allocate client IPs, and
-    # they will be used for egress source addresses.
-    openvpn_tcp_network6: "2620:13:4000:eeee:eeee:eeee:eeee:0000/116"
-    openvpn_udp_network6: "2620:13:4000:ffff:ffff:ffff:ffff:0000/116"
-    location: Seattle
 group_vars:
   all:
     ansible_user: root
     ansible_become: false
     testing: false
     disable_restricted_sysctl: true
+
author	sgk <sgk@riseup.net>	2024-02-22 11:32:26 +0530
committer	sgk <sgk@riseup.net>	2024-02-22 11:32:26 +0530
commit	b0aab0e58b2c28e63aa128f85f2d45851c27fa31 (patch)
tree	2641f383f736be1b03175fa8f22eac15397a0653
parent	9e7b91a99a40bfbe9d31b69b62a7635f69527a4e (diff)