From 55a700af40b71a1d8943cc338a46ba5ec2d64a30 Mon Sep 17 00:00:00 2001 From: Administrator Date: Mon, 23 Mar 2026 23:02:38 +0500 Subject: [PATCH] Update file 09-ansible-variables.md --- docs/09-ansible-variables.md | 459 +---------------------------------- 1 file changed, 3 insertions(+), 456 deletions(-) diff --git a/docs/09-ansible-variables.md b/docs/09-ansible-variables.md index 9384bfe..996d073 100644 --- a/docs/09-ansible-variables.md +++ b/docs/09-ansible-variables.md @@ -481,462 +481,9 @@ ansible-vault edit vault.yml - Переменные, связанные с портами, используют схему: для каждого сервиса выделен уникальный порт в диапазоне 451xx, чтобы избежать конфликтов при пробросе на хост. --- -
-📄 Полный файл group_vars/all.yml -\```yaml ---- -# ============================================================================= -# ОБЩИЕ НАСТРОЙКИ (GLOBAL) -# ============================================================================= -timezone: Asia/Yekaterinburg -system_locale: ru_RU.UTF-8 -x11_display_host: "192.168.1.101" -admin_user: root - -# Базовые пакеты для всех серверов -base_packages: - - curl - - wget - - gnupg - - ca-certificates - - software-properties-common - - tree - - htop - - nano - - git - - apt-transport-https - - net-tools - - dnsutils - - iputils-ping - - traceroute - - sudo - - mc - - iftop - - pv - - jq - - unzip - -# Пользовательские директории -custom_directories: - - /opt/scripts - - /etc/apt/keyrings - -# SSH ключи (публичные части — безопасно хранить открыто) -ssh_public_keys: - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8/+/WFFYDu4ljy1j9+bWp6MiXZ9a0iodoPHq+nEpIr ansible@git" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbvnGZxQEGYuScClONbkbfVn2+Uo1kYYztXqMf9ku1lHkw+7IZa00LOMwv7QGBRvrtBcw+TWqaMst5FZ3R6oWcQc+nkBEYoRXe4f3AuuFAl9C9F6sEYM8fX6mAHIlWQhFyVslazZtVTQwnfRV0rnbtCduCu9liywM3fShFqBVwq7Y4nBjG648Zq+VfCHpbBE9XkZaMDyeOXdtppmLetywnBS33mbXMDgH09PMlRz097xfZLkpFdSi8WtDOtKSBiEHtZ+H0EZ42Cda2xMnqlgVtPxWGUirvv6CvDyTmuMzrjALZoSKhl3iD6Szd1YOJcAw6bv9gbJKxPkZchrB65ZXT ZailonOlimp" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCy3BrhfJx6+ey4h4ZHgBNsuCbgKNwY83lhE/FuHdFxy4NmjiHSH4yXyPz3Qt+mz/VnSQ2rzzsY9xkDs/V+6e3LmXGuhhk65mwYKhWneWTAgprM6CN2PUi5d5P8MXUXDwgVR+XivfI4Y/Bpe8RvGyssuzgra38R5UKZCXKn9lrumkZKq9+GlMKUDLZp5C3/xA/GuI/C4Q+2BT1vOJSM86/7w5VPcd3IjYVTgNA4/V1fR9S/zB0OEkDfK2euqq2zTb6EzDxOGSYcXeH3t37bo0smKqnIehQmkbguLjsGYHEuP4ZE62DJwPZAMwRjn20wf6Nmzy9VQsDGl6Li4nl/TApouQSFbm4NjJOGN7KDT/R54Oq8VCi9rjHOvIg7vxZc3c+ckQGPNmj8FDoyy2Jj9Q1yEUdcSwdI4KvXn0VN2wlJTuN3pzStAI9wMhlUPx7w4DsAiftAvR8OLYSCch9khK146TYWtv4skqd9N0skNJMFVun9VuqT85IXqh6DVecY1fVyTd9qFgz3OfF0idQ4rMI2hxNAZjEZH2gTtb1eYT1UMeBzpBOuQbmWODgCK33Ec3nvV+XXj561Hj5Qpf9bg8i3TTM1dQImKE8macUPn9GwCdshdEJ9VlUwrB9z7SXTtLysgziTkpes5r84Cp/j5tem+7VLOln316d34nz0KU9/Qw== ansible@olimp" - -# Пакеты для удаления -cleanup_packages: - - gparted - -# ============================================================================= -# СЕТЕВЫЕ НАСТРОЙКИ -# ============================================================================= -server_ips: - olimp: "192.168.1.200" # Proxmox - gateway: "192.168.1.201" # NPM, Dashy, Heimdall - data: "192.168.1.202" # Bitwarden, Mealie, Bookstack - media: "192.168.1.203" # Jellyfin, Ampache, Calibre - photo: "192.168.1.204" # Immich - nextcloud: "192.168.1.205" # Nextcloud - talk: "192.168.1.206" # Matrix, Mumble, Snikket, TeamSpeak - games: "192.168.1.207" # Minecraft - manage: "192.168.1.208" # Grafana, Loki, MeshCentral - git: "192.168.1.209" # GitLab - ansible: "192.168.1.210" # Ansible - torrent: "192.168.1.211" # Qbittorrent, TorrServer - -# ============================================================================= -# МОНИТОРИНГ (VictoriaMetrics, Grafana, Loki) -# ============================================================================= -monitoring_ports: - node_exporter: 9100 - proxmox_exporter: 9223 - vmagent: 8429 - victoriametrics: 8428 - loki: 3100 - promtail: 9080 - -monitoring_groups: - node_exporter_servers: - - "{{ server_ips.olimp }}" - - "{{ server_ips.gateway }}" - - "{{ server_ips.data }}" - - "{{ server_ips.media }}" - - "{{ server_ips.photo }}" - - "{{ server_ips.talk }}" - - "{{ server_ips.games }}" - - "{{ server_ips.manage }}" - - "{{ server_ips.git }}" - - "{{ server_ips.ansible }}" - - "{{ server_ips.torrent }}" - proxmox_servers: - - "{{ server_ips.olimp }}" - promtail_servers: - - "{{ server_ips.gateway }}" - - "{{ server_ips.data }}" - - "{{ server_ips.media }}" - - "{{ server_ips.photo }}" - - "{{ server_ips.talk }}" - - "{{ server_ips.games }}" - - "{{ server_ips.manage }}" - - "{{ server_ips.git }}" - - "{{ server_ips.ansible }}" - - "{{ server_ips.torrent }}" - -# Proxmox Exporter -pve_exporter_user: "pve_exporter@pve" -pve_exporter_token_name: "grafana" -pve_exporter_token_value: "{{ vault_pve_exporter_token }}" - -# VictoriaMetrics & Grafana -victoriametrics_retention_months: 2 -victoriametrics_version: v1.101.0 -grafana_version: 11.2.0 -grafana_admin_user: admin -grafana_admin_password: "{{ vault_grafana_admin_password }}" -grafana_root_url: https://mon.zailon.ru - -# Loki -loki_version: "2.9.2" -loki_retention_days: 30 - -# cAdvisor -cadvisor_enabled: true -cadvisor_base_dir: "/opt/cadvisor" -cadvisor_port: 8080 - -# ============================================================================= -# СЕРВИСЫ: GATEWAY (192.168.1.201) -# ============================================================================= -npm_base_dir: "/opt/npm" -npm_data_dir: "/opt/npm/data" -npm_letsencrypt_dir: "/opt/npm/letsencrypt" - -heimdall_base_dir: "/opt/heimdall" -heimdall_config_dir: "/opt/heimdall/config" -heimdall_port: "45131" - -dashy_base_dir: "/opt/dashy" -dashy_config_dir: "{{ dashy_base_dir }}/config" -dashy_port: "45132" -dashy_domain: "start.zailon.ru" - -# ============================================================================= -# СЕРВИСЫ: DATA (192.168.1.202) -# ============================================================================= -# Bitwarden -bitwarden_base_dir: "/mnt/bitwarden" -bitwarden_data_dir: "{{ bitwarden_base_dir }}/vw-data" -bitwarden_port: "45131" -bitwarden_admin_token: "{{ vault_bitwarden_admin_token }}" -bitwarden_websocket_enabled: true -bitwarden_signups_allowed: false -bitwarden_smtp_host: "smtp.mail.ru" -bitwarden_smtp_port: "465" -bitwarden_smtp_ssl: true -bitwarden_smtp_username: "zailon@bk.ru" -bitwarden_smtp_password: "{{ vault_bitwarden_smtp_password }}" -bitwarden_smtp_from: "zailon@bk.ru" -bitwarden_domain: "https://bw.zailon.ru" - -# Mealie -mealie_base_dir: "/mnt/mealie" -mealie_data_dir: "/mnt/mealie/data" -mealie_port: "45132" -mealie_db_type: "sqlite" -mealie_db_password: "{{ vault_mealie_db_password }}" - -# Bookstack -bookstack_base_dir: "/mnt/bookstack" -bookstack_config_dir: "/mnt/bookstack/config" -bookstack_uploads_dir: "/mnt/bookstack/uploads" -bookstack_db_dir: "/mnt/bookstack/db" -bookstack_port: "45133" - -# ============================================================================= -# СЕРВИСЫ: MEDIA (192.168.1.203) -# ============================================================================= -service_config_base: "/mnt/service" - -# Jellyfin -jellyfin_base_dir: "{{ service_config_base }}/jellyfin" -jellyfin_config_dir: "{{ jellyfin_base_dir }}/config" -jellyfin_cache_dir: "{{ jellyfin_base_dir }}/cache" -jellyfin_logs_dir: "{{ jellyfin_base_dir }}/logs" -jellyfin_media_path: "/mnt/video" -jellyfin_port: "45131" -jellyfin_hw_acceleration: true - -# Audiobookshelf -audiobookshelf_base_dir: "{{ service_config_base }}/audiobookshelf" -audiobookshelf_config_dir: "{{ audiobookshelf_base_dir }}/config" -audiobookshelf_db_dir: "{{ audiobookshelf_base_dir }}/db" -audiobookshelf_port: "45132" - -# Calibre Web -calibre_base_dir: "{{ service_config_base }}/calibre" -calibre_library_dir: "/mnt/books/calibre" -calibre_config_dir: "{{ calibre_base_dir }}/config" -calibre_web_port: "45133" -calibre_web_db_path: "{{ calibre_config_dir }}/app.db" -calibre_web_enable_uploading: true -calibre_web_enable_conversion: true -calibre_web_enable_registration: false -calibre_web_enable_webdav: true -calibre_web_enable_opds: true - -# Ampache -ampache_base_dir: "{{ service_config_base }}/ampache" -ampache_config_dir: "{{ ampache_base_dir }}/config" -ampache_logs_dir: "{{ ampache_base_dir }}/logs" -ampache_mysql_dir: "{{ ampache_base_dir }}/mysql" -ampache_port: "45134" - -# Flibusta -flibusta_base_dir: "/mnt/service/flibusta" -flibusta_source_archives_dir: "/mnt/books/flibusta" -flibusta_web_port: "45137" -flibusta_db_port: "45138" -flibusta_db_user: "flibusta" -flibusta_db_password: "{{ vault_flibusta_db_password }}" -flibusta_db_name: "flibusta" - -# ============================================================================= -# СЕРВИСЫ: PHOTO (192.168.1.204) -# ============================================================================= -immich_base_dir: "/mnt/immich" -immich_port: "45131" -immich_db_username: "postgres" -immich_db_password: "{{ vault_immich_db_password }}" -immich_db_name: "immich" -immich_version: "release" - -# ============================================================================= -# СЕРВИСЫ: TALK (192.168.1.206) -# ============================================================================= -# Mumble -mumble_base_dir: "/mnt/mumble" -mumble_data_dir: "{{ mumble_base_dir }}/data" -mumble_port: "45131" -mumble_ice_port: "6502" -mumble_max_users: "100" -mumble_server_password: "{{ vault_mumble_server_password }}" -mumble_superuser_password: "{{ vault_mumble_superuser_password }}" - -# Matrix (Synapse) -matrix_base_dir: "/mnt/matrix" -matrix_data_dir: "{{ matrix_base_dir }}/data" -matrix_config_dir: "{{ matrix_base_dir }}/config" -matrix_media_dir: "{{ matrix_base_dir }}/media" -matrix_postgres_dir: "{{ matrix_base_dir }}/postgres" -matrix_port: "45132" -matrix_domain: "matrix.zailon.ru" -matrix_server_name: "{{ matrix_domain }}" -matrix_registration_enabled: false -matrix_report_stats: "no" -matrix_postgres_user: "synapse" -matrix_postgres_password: "{{ vault_matrix_postgres_password }}" -matrix_postgres_db: "synapse" -matrix_synapse_secret: "{{ vault_matrix_synapse_secret }}" -matrix_macaroon_secret: "{{ vault_matrix_macaroon_secret }}" -matrix_form_secret: "{{ vault_matrix_form_secret }}" - -# Snikket (XMPP) -snikket_base_dir: "/mnt/snikket" -snikket_data_dir: "{{ snikket_base_dir }}/snikket_data" -snikket_nginx_custom_dir: "{{ snikket_base_dir }}/nginx-custom" -snikket_backup_dir: "/backup/snikket" -snikket_domain: "chat.zailon.ru" -snikket_admin_email: "zailon@bk.ru" -snikket_external_ip: "188.73.191.202" -snikket_http_port: 8080 -snikket_https_port: 8443 -snikket_xmpp_port: 5222 -snikket_component_port: 5349 -snikket_turn_port: 3478 -snikket_turn_tls_port: 5349 -snikket_rtp_min_port: 50000 -snikket_rtp_max_port: 50100 -snikket_enable_acme: false -snikket_disable_tls: true -snikket_trusted_proxy: "*" -snikket_max_file_size: "500M" -snikket_image_tag: "dev" -snikket_create_initial_invite: false -snikket_backup_enabled: true -snikket_backup_retention_days: 30 -snikket_admin_password: "{{ vault_snikket_admin_password }}" -snikket_invite_token: "{{ vault_snikket_invite_token }}" - -# TeamSpeak -teamspeak_base_dir: "/mnt/teamspeak" -teamspeak_data_dir: "{{ teamspeak_base_dir }}/data" -teamspeak_logs_dir: "{{ teamspeak_base_dir }}/logs" -teamspeak_query_port: "10011" -teamspeak_voice_port: "9987" -teamspeak_file_port: "30033" - -# ============================================================================= -# СЕРВИСЫ: GAMES (192.168.1.207) -# ============================================================================= -minecraft_base_dir: "/mnt/minecraft" -minecraft_data_dir: "{{ minecraft_base_dir }}/data" -minecraft_port: "25565" -minecraft_memory: "4G" -minecraft_version: "1.21.1" -minecraft_neoforge_version: "21.1.0" -minecraft_type: "NEOFORGE" -minecraft_eula: "true" -minecraft_motd: "Minecraft @ zailon.ru" -minecraft_online_mode: "true" -minecraft_mods: - - "https://mediafilez.forgecdn.net/files/7178/775/create-1.21.1-6.0.8.jar" - -# ============================================================================= -# СЕРВИСЫ: MANAGE (192.168.1.208) -# ============================================================================= -meshcentral_base_dir: "/opt/meshcentral" -meshcentral_data_dir: "/mnt/mesh/meshcentral-data" -meshcentral_files_dir: "/mnt/mesh/meshcentral-files" -meshcentral_backup_dir: "/mnt/mesh/meshcentral-backup" -meshcentral_port: "45131" - -# Grafana -grafana_base_dir: /mnt/grafana -grafana_data_dir: "{{ grafana_base_dir }}/data" -grafana_config_dir: "{{ grafana_base_dir }}/config" -grafana_vm_data_dir: "{{ grafana_base_dir }}/victoriametrics" -grafana_vmagent_tmp_dir: "{{ grafana_base_dir }}/vmagent/tmp" -grafana_vmagent_config: "{{ grafana_base_dir }}/vmagent/vmagent.yaml" -grafana_port: 45132 - -# Loki -loki_base_dir: "/mnt/loki" -loki_config_dir: "{{ loki_base_dir }}/config" -loki_data_dir: "{{ loki_base_dir }}/data" -loki_server_host: "{{ server_ips.manage }}" -loki_server_port: "{{ monitoring_ports.loki }}" - -# Promtail -promtail_config_dir: "/etc/promtail" -promtail_data_dir: "/var/lib/promtail" - -# ============================================================================= -# СЕРВИСЫ: GIT (192.168.1.209) -# ============================================================================= -gitlab_base_dir: "/mnt/git" -gitlab_config_dir: "{{ gitlab_base_dir }}/config" -gitlab_logs_dir: "{{ gitlab_base_dir }}/logs" -gitlab_data_dir: "{{ gitlab_base_dir }}/data" -gitlab_backup_dir: "{{ gitlab_base_dir }}/backup" -gitlab_http_port: "45130" -gitlab_ssh_port: "2222" -gitlab_version: "17.5.5-ce.0" -gitlab_hostname: "git.zailon.ru" -gitlab_external_url: "https://git.zailon.ru" -gitlab_root_password: "{{ vault_gitlab_root_password }}" - -# ============================================================================= -# СЕРВИСЫ: TORRENT (192.168.1.211) -# ============================================================================= -qbittorrent_base_dir: "/mnt/service/qbittorrent" -qbittorrent_config_dir: "{{ qbittorrent_base_dir }}/appdata" -qbittorrent_downloads_dir: "{{ qbittorrent_base_dir }}/downloads" -qbittorrent_puid: 1000 -qbittorrent_pgid: 1003 -qbittorrent_port_webui: 8080 -qbittorrent_port_torrent: 6881 -qbittorrent_smb_credentials_dir: "/etc/smb-creds" - -# Учётные данные для SMB-шар -qbittorrent_smb_creds: - olimp: - username: "Olimp" - password: "{{ vault_smb_olimp_password }}" - file: "olimp" - qb: - username: "qb" - password: "{{ vault_samba_password_qb }}" - file: "qb" - -# Маунты SMB-шар -qbittorrent_shares: - - name: downloads - src: "//192.168.1.101/Downloads" - dest: "/mnt/downloads" - credential: "olimp" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.olimp.file }}" - - - name: abook - src: "//192.168.1.203/Abook" - dest: "/mnt/abook" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - - name: music - src: "//192.168.1.203/Music" - dest: "/mnt/audio" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - - name: books - src: "//192.168.1.203/Books" - dest: "/mnt/books" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - - name: films - src: "//192.168.1.203/Films" - dest: "/mnt/video/films" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - - name: mult - src: "//192.168.1.203/Mult" - dest: "/mnt/video/mult" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - - name: anime - src: "//192.168.1.203/Anime" - dest: "/mnt/video/anime" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - - name: serial - src: "//192.168.1.203/Serial" - dest: "/mnt/video/serial" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - - name: mserials - src: "//192.168.1.203/Mserials" - dest: "/mnt/video/mserials" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - - name: doc - src: "//192.168.1.203/Doc" - dest: "/mnt/video/doc" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - - name: ztube - src: "//192.168.1.203/Ztube" - dest: "/mnt/video/ztube" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - - name: show - src: "//192.168.1.203/Show" - dest: "/mnt/video/show" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - - name: games - src: "//192.168.1.207/Games" - dest: "/mnt/games" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - -torrserver_base_dir: "/mnt/service/torrserver" -torrserver_config_dir: "{{ torrserver_base_dir }}/config" -torrserver_torrents_dir: "{{ torrserver_base_dir }}/torrents" -torrserver_port: "45132" -... -\``` -
+## 🔗 Исходные файлы +- [`group_vars/all.yml`](../group_vars/all.yml) — полный файл с переменными. +- [`vault.yml`](../vault.yml) — зашифрованный файл с секретами (требуется пароль). --- [Плейбуки и запуск](09-ansible-playbooks.md)* \ No newline at end of file