From 75b53a302c008343bc82e5c7d92b1b9574388ac9 Mon Sep 17 00:00:00 2001 From: zailon Date: Thu, 14 May 2026 14:40:54 +0500 Subject: [PATCH] =?UTF-8?q?=D0=9E=D0=B1=D0=BD=D0=BE=D0=B2=D0=B8=D1=82?= =?UTF-8?q?=D1=8C=20group=5Fvars/all.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- group_vars/all.yml | 902 +++++++++++++++++++++++---------------------- 1 file changed, 457 insertions(+), 445 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index d920409..10f9741 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,446 +1,458 @@ ---- -# ============================================================================= -# ОБЩИЕ НАСТРОЙКИ (GLOBAL) -# ============================================================================= -timezone: Asia/Yekaterinburg -system_locale: ru_RU.UTF-8 -x11_display_host: "192.168.1.101" -admin_user: zailon - -# Включить мониторинг Docker для Node Exporter -enable_docker_monitoring: true - -# Базовые пакеты для всех серверов -base_packages: - - curl - - wget - - gnupg - - ca-certificates - - software-properties-common - - tree - - htop - - nano - - git - - apt-transport-https - - net-tools - - dnsutils - - iputils-ping - - traceroute - - sudo - - mc - - iftop - - pv - - jq - - unzip - - python3-requests - - python3-passlib - -# Пользовательские директории -custom_directories: - - /opt/scripts - - /etc/apt/keyrings - -# SSH ключи (публичные части) -ssh_public_keys: - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8/+/WFFYDu4ljy1j9+bWp6MiXZ9a0iodoPHq+nEpIr ansible@Olimp" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbvnGZxQEGYuScClONbkbfVn2+Uo1kYYztXqMf9ku1lHkw+7IZa00LOMwv7QGBRvrtBcw+TWqaMst5FZ3R6oWcQc+nkBEYoRXe4f3AuuFAl9C9F6sEYM8fX6mAHIlWQhFyVslazZtVTQwnfRV0rnbtCduCu9liywM3fShFqBVwq7Y4nBjG648Zq+VfCHpbBE9XkZaMDyeOXdtppmLetywnBS33mbXMDgH09PMlRz097xfZLkpFdSi8WtDOtKSBiEHtZ+H0EZ42Cda2xMnqlgVtPxWGUirvv6CvDyTmuMzrjALZoSKhl3iD6Szd1YOJcAw6bv9gbJKxPkZchrB65ZXT ZailonOlimp" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCy3BrhfJx6+ey4h4ZHgBNsuCbgKNwY83lhE/FuHdFxy4NmjiHSH4yXyPz3Qt+mz/VnSQ2rzzsY9xkDs/V+6e3LmXGuhhk65mwYKhWneWTAgprM6CN2PUi5d5P8MXUXDwgVR+XivfI4Y/Bpe8RvGyssuzgra38R5UKZCXKn9lrumkZKq9+GlMKUDLZp5C3/xA/GuI/C4Q+2BT1vOJSM86/7w5VPcd3IjYVTgNA4/V1fR9S/zB0OEkDfK2euqq2zTb6EzDxOGSYcXeH3t37bo0smKqnIehQmkbguLjsGYHEuP4ZE62DJwPZAMwRjn20wf6Nmzy9VQsDGl6Li4nl/TApouQSFbm4NjJOGN7KDT/R54Oq8VCi9rjHOvIg7vxZc3c+ckQGPNmj8FDoyy2Jj9Q1yEUdcSwdI4KvXn0VN2wlJTuN3pzStAI9wMhlUPx7w4DsAiftAvR8OLYSCch9khK146TYWtv4skqd9N0skNJMFVun9VuqT85IXqh6DVecY1fVyTd9qFgz3OfF0idQ4rMI2hxNAZjEZH2gTtb1eYT1UMeBzpBOuQbmWODgCK33Ec3nvV+XXj561Hj5Qpf9bg8i3TTM1dQImKE8macUPn9GwCdshdEJ9VlUwrB9z7SXTtLysgziTkpes5r84Cp/j5tem+7VLOln316d34nz0KU9/Qw== ansible@olimp" - -# Пакеты для удаления -cleanup_packages: - - gparted - -# ============================================================================= -# DOCKER SETTINGS (LXC-safe versions) -# ============================================================================= -# Безопасные версии пакетов Docker для LXC -docker_ce_version: "5:28.2.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release }}" -docker_ce_cli_version: "5:28.2.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release }}" -containerd_io_version: "1.7.28-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release }}" -runc_safe_version: "1.1.12-0ubuntu3" - -# Список пакетов для фиксации -docker_pinned_packages: - - "docker-ce={{ docker_ce_version }}" - - "docker-ce-cli={{ docker_ce_cli_version }}" - - "containerd.io={{ containerd_io_version }}" - - "runc={{ runc_safe_version }}" - -# Включить фиксацию версий в LXC -lxc_docker_pin_enabled: true - -# Пакеты для исключения из upgrade в LXC (через APT pinning) -docker_exclude_packages_lxc: - - containerd.io - - runc - - docker-ce - - docker-ce-cli - -# ============================================================================= -# СЕТЕВЫЕ НАСТРОЙКИ -# ============================================================================= -server_ips: - olimp: "192.168.1.200" - gateway: "192.168.1.201" - data: "192.168.1.202" - media: "192.168.1.203" - photo: "192.168.1.204" - nextcloud: "192.168.1.205" - talk: "192.168.1.206" - games: "192.168.1.207" - manage: "192.168.1.208" - git: "192.168.1.209" - ansible: "192.168.1.210" - torrent: "192.168.1.211" - -# ============================================================================= -# МОНИТОРИНГ (VictoriaMetrics, Grafana, Loki) -# ============================================================================= -monitoring_ports: - node_exporter: 9100 - proxmox_exporter: 9223 - vmagent: 8429 - victoriametrics: 8428 - loki: 3100 - promtail: 9080 - -monitoring_groups: - node_exporter_servers: - - "{{ server_ips.olimp }}" - - "{{ server_ips.gateway }}" - - "{{ server_ips.data }}" - - "{{ server_ips.media }}" - - "{{ server_ips.photo }}" - - "{{ server_ips.talk }}" - - "{{ server_ips.games }}" - - "{{ server_ips.manage }}" - - "{{ server_ips.git }}" - - "{{ server_ips.ansible }}" - - "{{ server_ips.torrent }}" - proxmox_servers: - - "{{ server_ips.olimp }}" - promtail_servers: - - "{{ server_ips.gateway }}" - - "{{ server_ips.data }}" - - "{{ server_ips.media }}" - - "{{ server_ips.photo }}" - - "{{ server_ips.talk }}" - - "{{ server_ips.games }}" - - "{{ server_ips.manage }}" - - "{{ server_ips.git }}" - - "{{ server_ips.ansible }}" - - "{{ server_ips.torrent }}" - -pve_exporter_user: "pve_exporter@pve" -pve_exporter_token_name: "grafana" -pve_exporter_token_value: "{{ vault_pve_exporter_token }}" - -victoriametrics_retention_months: 2 -victoriametrics_version: v1.101.0 -grafana_version: 11.2.0 -grafana_admin_user: admin -grafana_admin_password: "{{ vault_grafana_admin_password }}" -grafana_root_url: https://mon.zailon.ru - -loki_version: "2.9.2" -loki_retention_days: 30 - -cadvisor_enabled: true -cadvisor_base_dir: "/opt/cadvisor" -cadvisor_port: 8080 - -# ============================================================================= -# СЕРВИСЫ: GATEWAY (192.168.1.201) -# ============================================================================= -npm_base_dir: "/opt/npm" -npm_data_dir: "/opt/npm/data" -npm_letsencrypt_dir: "/opt/npm/letsencrypt" -heimdall_base_dir: "/opt/heimdall" -heimdall_config_dir: "/opt/heimdall/config" -heimdall_port: "45131" -dashy_base_dir: "/opt/dashy" -dashy_config_dir: "{{ dashy_base_dir }}/config" -dashy_port: "45132" -dashy_domain: "start.zailon.ru" - -# ============================================================================= -# СЕРВИСЫ: DATA (192.168.1.202) -# ============================================================================= -bitwarden_base_dir: "/mnt/bitwarden" -bitwarden_data_dir: "{{ bitwarden_base_dir }}/vw-data" -bitwarden_port: "45131" -bitwarden_admin_token: "{{ vault_bitwarden_admin_token }}" -bitwarden_websocket_enabled: true -bitwarden_signups_allowed: false -bitwarden_smtp_host: "smtp.mail.ru" -bitwarden_smtp_port: "465" -bitwarden_smtp_ssl: true -bitwarden_smtp_username: "zailon@bk.ru" -bitwarden_smtp_password: "{{ vault_bitwarden_smtp_password }}" -bitwarden_smtp_from: "zailon@bk.ru" -bitwarden_domain: "https://bw.zailon.ru" - -mealie_base_dir: "/mnt/mealie" -mealie_data_dir: "/mnt/mealie/data" -mealie_port: "45132" -mealie_db_type: "sqlite" -mealie_db_password: "{{ vault_mealie_db_password }}" - -bookstack_base_dir: "/mnt/bookstack" -bookstack_config_dir: "/mnt/bookstack/config" -bookstack_uploads_dir: "/mnt/bookstack/uploads" -bookstack_db_dir: "/mnt/bookstack/db" -bookstack_port: "45133" - -# ============================================================================= -# СЕРВИСЫ: MEDIA (192.168.1.203) -# ============================================================================= -service_config_base: "/mnt/service" - -jellyfin_base_dir: "{{ service_config_base }}/jellyfin" -jellyfin_config_dir: "{{ jellyfin_base_dir }}/config" -jellyfin_cache_dir: "{{ jellyfin_base_dir }}/cache" -jellyfin_logs_dir: "{{ jellyfin_base_dir }}/logs" -jellyfin_media_path: "/mnt/video" -jellyfin_port: "45131" -jellyfin_hw_acceleration: true - -audiobookshelf_base_dir: "{{ service_config_base }}/audiobookshelf" -audiobookshelf_config_dir: "{{ audiobookshelf_base_dir }}/config" -audiobookshelf_db_dir: "{{ audiobookshelf_base_dir }}/db" -audiobookshelf_port: "45132" - -calibre_base_dir: "{{ service_config_base }}/calibre" -calibre_library_dir: "/mnt/books/calibre" -calibre_config_dir: "{{ calibre_base_dir }}/config" -calibre_web_port: "45133" -calibre_web_db_path: "{{ calibre_config_dir }}/app.db" -calibre_web_enable_uploading: true -calibre_web_enable_conversion: true -calibre_web_enable_registration: false -calibre_web_enable_webdav: true -calibre_web_enable_opds: true - -ampache_base_dir: "{{ service_config_base }}/ampache" -ampache_config_dir: "{{ ampache_base_dir }}/config" -ampache_logs_dir: "{{ ampache_base_dir }}/logs" -ampache_mysql_dir: "{{ ampache_base_dir }}/mysql" -ampache_port: "45134" - -flibusta_base_dir: "/mnt/service/flibusta" -flibusta_source_archives_dir: "/mnt/books/flibusta" -flibusta_web_port: "45137" -flibusta_db_port: "45138" -flibusta_db_user: "flibusta" -flibusta_db_password: "{{ vault_flibusta_db_password }}" -flibusta_db_name: "flibusta" - -# ============================================================================= -# СЕРВИСЫ: PHOTO (192.168.1.204) -# ============================================================================= -immich_base_dir: "/mnt/immich" -immich_port: "45131" -immich_db_username: "postgres" -immich_db_password: "{{ vault_immich_db_password }}" -immich_db_name: "immich" -immich_version: "release" - -# ============================================================================= -# СЕРВИСЫ: TALK (192.168.1.206) -# ============================================================================= -mumble_base_dir: "/mnt/mumble" -mumble_data_dir: "{{ mumble_base_dir }}/data" -mumble_port: "45131" -mumble_ice_port: "6502" -mumble_max_users: "100" -mumble_server_password: "{{ vault_mumble_server_password }}" -mumble_superuser_password: "{{ vault_mumble_superuser_password }}" - -matrix_base_dir: "/mnt/matrix" -matrix_data_dir: "{{ matrix_base_dir }}/data" -matrix_config_dir: "{{ matrix_base_dir }}/config" -matrix_media_dir: "{{ matrix_base_dir }}/media" -matrix_postgres_dir: "{{ matrix_base_dir }}/postgres" -matrix_port: "45132" -matrix_domain: "matrix.zailon.ru" -matrix_server_name: "{{ matrix_domain }}" -matrix_registration_enabled: false -matrix_report_stats: "no" -matrix_postgres_user: "synapse" -matrix_postgres_password: "{{ vault_matrix_postgres_password }}" -matrix_postgres_db: "synapse" -matrix_synapse_secret: "{{ vault_matrix_synapse_secret }}" -matrix_macaroon_secret: "{{ vault_matrix_macaroon_secret }}" -matrix_form_secret: "{{ vault_matrix_form_secret }}" - -snikket_base_dir: "/mnt/snikket" -snikket_data_dir: "{{ snikket_base_dir }}/snikket_data" -snikket_nginx_custom_dir: "{{ snikket_base_dir }}/nginx-custom" -snikket_backup_dir: "/backup/snikket" -snikket_domain: "chat.zailon.ru" -snikket_admin_email: "zailon@bk.ru" -snikket_external_ip: "188.73.191.202" -snikket_http_port: 8080 -snikket_https_port: 8443 -snikket_xmpp_port: 5222 -snikket_component_port: 5349 -snikket_turn_port: 3478 -snikket_turn_tls_port: 5349 -snikket_rtp_min_port: 50000 -snikket_rtp_max_port: 50100 -snikket_enable_acme: false -snikket_disable_tls: true -snikket_trusted_proxy: "*" -snikket_max_file_size: "500M" -snikket_image_tag: "dev" -snikket_create_initial_invite: false -snikket_backup_enabled: true -snikket_backup_retention_days: 30 -snikket_admin_password: "{{ vault_snikket_admin_password }}" -snikket_invite_token: "{{ vault_snikket_invite_token }}" - -teamspeak_base_dir: "/mnt/teamspeak" -teamspeak_data_dir: "{{ teamspeak_base_dir }}/data" -teamspeak_logs_dir: "{{ teamspeak_base_dir }}/logs" -teamspeak_query_port: "10011" -teamspeak_voice_port: "9987" -teamspeak_file_port: "30033" - -# ============================================================================= -# СЕРВИСЫ: GAMES (192.168.1.207) -# ============================================================================= -minecraft_base_dir: "/mnt/minecraft" -minecraft_data_dir: "{{ minecraft_base_dir }}/data" -minecraft_port: "25565" -minecraft_memory: "4G" -minecraft_version: "1.21.1" -minecraft_neoforge_version: "21.1.0" -minecraft_type: "NEOFORGE" -minecraft_eula: "true" -minecraft_motd: "Minecraft @ zailon.ru" -minecraft_online_mode: "true" -minecraft_mods: - - "https://mediafilez.forgecdn.net/files/7178/775/create-1.21.1-6.0.8.jar" - -# ============================================================================= -# СЕРВИСЫ: MANAGE (192.168.1.208) -# ============================================================================= -meshcentral_base_dir: "/opt/meshcentral" -meshcentral_data_dir: "/mnt/mesh/meshcentral-data" -meshcentral_files_dir: "/mnt/mesh/meshcentral-files" -meshcentral_backup_dir: "/mnt/mesh/meshcentral-backup" -meshcentral_port: "45131" - -grafana_base_dir: /mnt/grafana -grafana_data_dir: "{{ grafana_base_dir }}/data" -grafana_config_dir: "{{ grafana_base_dir }}/config" -grafana_vm_data_dir: "{{ grafana_base_dir }}/victoriametrics" -grafana_vmagent_tmp_dir: "{{ grafana_base_dir }}/vmagent/tmp" -grafana_vmagent_config: "{{ grafana_base_dir }}/vmagent/vmagent.yaml" -grafana_port: 45132 - -loki_base_dir: "/mnt/loki" -loki_config_dir: "{{ loki_base_dir }}/config" -loki_data_dir: "{{ loki_base_dir }}/data" -loki_server_host: "{{ server_ips.manage }}" -loki_server_port: "{{ monitoring_ports.loki }}" - -promtail_config_dir: "/etc/promtail" -promtail_data_dir: "/var/lib/promtail" - -# ============================================================================= -# СЕРВИСЫ: GIT (192.168.1.209) -# ============================================================================= -gitlab_base_dir: "/mnt/git" -gitlab_config_dir: "{{ gitlab_base_dir }}/config" -gitlab_logs_dir: "{{ gitlab_base_dir }}/logs" -gitlab_data_dir: "{{ gitlab_base_dir }}/data" -gitlab_backup_dir: "{{ gitlab_base_dir }}/backup" -gitlab_http_port: "45130" -gitlab_ssh_port: "2222" -gitlab_version: "17.5.5-ce.0" -gitlab_hostname: "git.zailon.ru" -gitlab_external_url: "https://git.zailon.ru" -gitlab_root_password: "{{ vault_gitlab_root_password }}" - -# ============================================================================= -# СЕРВИСЫ: TORRENT (192.168.1.211) -# ============================================================================= -qbittorrent_base_dir: "/mnt/service/qbittorrent" -qbittorrent_config_dir: "{{ qbittorrent_base_dir }}/appdata" -qbittorrent_downloads_dir: "{{ qbittorrent_base_dir }}/downloads" -qbittorrent_puid: 1000 -qbittorrent_pgid: 1003 -qbittorrent_port_webui: 8080 -qbittorrent_port_torrent: 6881 -qbittorrent_smb_credentials_dir: "/etc/smb-creds" - -qbittorrent_smb_creds: - olimp: - username: "Olimp" - password: "{{ vault_smb_olimp_password }}" - file: "olimp" - qb: - username: "qb" - password: "{{ vault_samba_password_qb }}" - file: "qb" - -qbittorrent_shares: - - name: downloads - src: "//192.168.1.101/Downloads" - dest: "/mnt/downloads" - credential: "olimp" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.olimp.file }}" - - name: abook - src: "//192.168.1.203/Abook" - dest: "/mnt/abook" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: music - src: "//192.168.1.203/Music" - dest: "/mnt/audio" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: books - src: "//192.168.1.203/Books" - dest: "/mnt/books" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: films - src: "//192.168.1.203/Films" - dest: "/mnt/video/films" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: mult - src: "//192.168.1.203/Mult" - dest: "/mnt/video/mult" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: anime - src: "//192.168.1.203/Anime" - dest: "/mnt/video/anime" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: serial - src: "//192.168.1.203/Serial" - dest: "/mnt/video/serial" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: mserials - src: "//192.168.1.203/Mserials" - dest: "/mnt/video/mserials" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: doc - src: "//192.168.1.203/Doc" - dest: "/mnt/video/doc" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: ztube - src: "//192.168.1.203/Ztube" - dest: "/mnt/video/ztube" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: show - src: "//192.168.1.203/Show" - dest: "/mnt/video/show" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - - name: games - src: "//192.168.1.207/Games" - dest: "/mnt/games" - opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - -torrserver_base_dir: "/mnt/service/torrserver" -torrserver_config_dir: "{{ torrserver_base_dir }}/config" -torrserver_torrents_dir: "{{ torrserver_base_dir }}/torrents" +--- +# ============================================================================= +# ОБЩИЕ НАСТРОЙКИ (GLOBAL) +# ============================================================================= +timezone: Asia/Yekaterinburg +system_locale: ru_RU.UTF-8 +x11_display_host: "192.168.1.101" +admin_user: zailon + +# Включить мониторинг Docker для Node Exporter +enable_docker_monitoring: true + +# Базовые пакеты для всех серверов +base_packages: + - curl + - wget + - gnupg + - ca-certificates + - software-properties-common + - tree + - htop + - nano + - git + - apt-transport-https + - net-tools + - dnsutils + - iputils-ping + - traceroute + - sudo + - mc + - iftop + - pv + - jq + - unzip + - python3-requests + - python3-passlib + +# Пользовательские директории +custom_directories: + - /opt/scripts + - /etc/apt/keyrings + +# SSH ключи (публичные части) +ssh_public_keys: + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8/+/WFFYDu4ljy1j9+bWp6MiXZ9a0iodoPHq+nEpIr ansible@Olimp" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbvnGZxQEGYuScClONbkbfVn2+Uo1kYYztXqMf9ku1lHkw+7IZa00LOMwv7QGBRvrtBcw+TWqaMst5FZ3R6oWcQc+nkBEYoRXe4f3AuuFAl9C9F6sEYM8fX6mAHIlWQhFyVslazZtVTQwnfRV0rnbtCduCu9liywM3fShFqBVwq7Y4nBjG648Zq+VfCHpbBE9XkZaMDyeOXdtppmLetywnBS33mbXMDgH09PMlRz097xfZLkpFdSi8WtDOtKSBiEHtZ+H0EZ42Cda2xMnqlgVtPxWGUirvv6CvDyTmuMzrjALZoSKhl3iD6Szd1YOJcAw6bv9gbJKxPkZchrB65ZXT ZailonOlimp" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCy3BrhfJx6+ey4h4ZHgBNsuCbgKNwY83lhE/FuHdFxy4NmjiHSH4yXyPz3Qt+mz/VnSQ2rzzsY9xkDs/V+6e3LmXGuhhk65mwYKhWneWTAgprM6CN2PUi5d5P8MXUXDwgVR+XivfI4Y/Bpe8RvGyssuzgra38R5UKZCXKn9lrumkZKq9+GlMKUDLZp5C3/xA/GuI/C4Q+2BT1vOJSM86/7w5VPcd3IjYVTgNA4/V1fR9S/zB0OEkDfK2euqq2zTb6EzDxOGSYcXeH3t37bo0smKqnIehQmkbguLjsGYHEuP4ZE62DJwPZAMwRjn20wf6Nmzy9VQsDGl6Li4nl/TApouQSFbm4NjJOGN7KDT/R54Oq8VCi9rjHOvIg7vxZc3c+ckQGPNmj8FDoyy2Jj9Q1yEUdcSwdI4KvXn0VN2wlJTuN3pzStAI9wMhlUPx7w4DsAiftAvR8OLYSCch9khK146TYWtv4skqd9N0skNJMFVun9VuqT85IXqh6DVecY1fVyTd9qFgz3OfF0idQ4rMI2hxNAZjEZH2gTtb1eYT1UMeBzpBOuQbmWODgCK33Ec3nvV+XXj561Hj5Qpf9bg8i3TTM1dQImKE8macUPn9GwCdshdEJ9VlUwrB9z7SXTtLysgziTkpes5r84Cp/j5tem+7VLOln316d34nz0KU9/Qw== ansible@olimp" + +# Пакеты для удаления +cleanup_packages: + - gparted + +# ============================================================================= +# DOCKER SETTINGS (LXC-safe versions) +# ============================================================================= +# Безопасные версии пакетов Docker для LXC +docker_ce_version: "5:28.2.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release }}" +docker_ce_cli_version: "5:28.2.2-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release }}" +containerd_io_version: "1.7.28-1~ubuntu.{{ ansible_distribution_version }}~{{ ansible_distribution_release }}" +runc_safe_version: "1.1.12-0ubuntu3" + +# Список пакетов для фиксации +docker_pinned_packages: + - "docker-ce={{ docker_ce_version }}" + - "docker-ce-cli={{ docker_ce_cli_version }}" + - "containerd.io={{ containerd_io_version }}" + - "runc={{ runc_safe_version }}" + +# Включить фиксацию версий в LXC +lxc_docker_pin_enabled: true + +# Пакеты для исключения из upgrade в LXC (через APT pinning) +docker_exclude_packages_lxc: + - containerd.io + - runc + - docker-ce + - docker-ce-cli + +# ============================================================================= +# СЕТЕВЫЕ НАСТРОЙКИ +# ============================================================================= +server_ips: + olimp: "192.168.1.200" + gateway: "192.168.1.201" + data: "192.168.1.202" + media: "192.168.1.203" + photo: "192.168.1.204" + nextcloud: "192.168.1.205" + talk: "192.168.1.206" + games: "192.168.1.207" + manage: "192.168.1.208" + git: "192.168.1.209" + ansible: "192.168.1.210" + torrent: "192.168.1.211" + +# ============================================================================= +# МОНИТОРИНГ (VictoriaMetrics, Grafana, Loki) +# ============================================================================= +monitoring_ports: + node_exporter: 9100 + proxmox_exporter: 9223 + vmagent: 8429 + victoriametrics: 8428 + loki: 3100 + promtail: 9080 + +monitoring_groups: + node_exporter_servers: + - "{{ server_ips.olimp }}" + - "{{ server_ips.gateway }}" + - "{{ server_ips.data }}" + - "{{ server_ips.media }}" + - "{{ server_ips.photo }}" + - "{{ server_ips.talk }}" + - "{{ server_ips.games }}" + - "{{ server_ips.manage }}" + - "{{ server_ips.git }}" + - "{{ server_ips.ansible }}" + - "{{ server_ips.torrent }}" + proxmox_servers: + - "{{ server_ips.olimp }}" + promtail_servers: + - "{{ server_ips.gateway }}" + - "{{ server_ips.data }}" + - "{{ server_ips.media }}" + - "{{ server_ips.photo }}" + - "{{ server_ips.talk }}" + - "{{ server_ips.games }}" + - "{{ server_ips.manage }}" + - "{{ server_ips.git }}" + - "{{ server_ips.ansible }}" + - "{{ server_ips.torrent }}" + +pve_exporter_user: "pve_exporter@pve" +pve_exporter_token_name: "grafana" +pve_exporter_token_value: "{{ vault_pve_exporter_token }}" + +victoriametrics_retention_months: 2 +victoriametrics_version: v1.101.0 +grafana_version: 11.2.0 +grafana_admin_user: admin +grafana_admin_password: "{{ vault_grafana_admin_password }}" +grafana_root_url: https://mon.zailon.ru + +loki_version: "2.9.2" +loki_retention_days: 30 + +cadvisor_enabled: true +cadvisor_base_dir: "/opt/cadvisor" +cadvisor_port: 8080 + +# ============================================================================= +# СЕРВИСЫ: GATEWAY (192.168.1.201) +# ============================================================================= +npm_base_dir: "/opt/npm" +npm_data_dir: "/opt/npm/data" +npm_letsencrypt_dir: "/opt/npm/letsencrypt" +heimdall_base_dir: "/opt/heimdall" +heimdall_config_dir: "/opt/heimdall/config" +heimdall_port: "45131" +dashy_base_dir: "/opt/dashy" +dashy_config_dir: "{{ dashy_base_dir }}/config" +dashy_port: "45132" +dashy_domain: "start.zailon.ru" + +# ============================================================================= +# СЕРВИСЫ: DATA (192.168.1.202) +# ============================================================================= +bitwarden_base_dir: "/mnt/bitwarden" +bitwarden_data_dir: "{{ bitwarden_base_dir }}/vw-data" +bitwarden_port: "45131" +bitwarden_admin_token: "{{ vault_bitwarden_admin_token }}" +bitwarden_websocket_enabled: true +bitwarden_signups_allowed: false +bitwarden_smtp_host: "smtp.mail.ru" +bitwarden_smtp_port: "465" +bitwarden_smtp_ssl: true +bitwarden_smtp_username: "zailon@bk.ru" +bitwarden_smtp_password: "{{ vault_bitwarden_smtp_password }}" +bitwarden_smtp_from: "zailon@bk.ru" +bitwarden_domain: "https://bw.zailon.ru" + +mealie_base_dir: "/mnt/mealie" +mealie_data_dir: "/mnt/mealie/data" +mealie_port: "45132" +mealie_db_type: "sqlite" +mealie_db_password: "{{ vault_mealie_db_password }}" + +bookstack_base_dir: "/mnt/bookstack" +bookstack_config_dir: "/mnt/bookstack/config" +bookstack_uploads_dir: "/mnt/bookstack/uploads" +bookstack_db_dir: "/mnt/bookstack/db" +bookstack_port: "45133" + +# ============================================================================= +# СЕРВИСЫ: MEDIA (192.168.1.203) +# ============================================================================= +service_config_base: "/mnt/service" + +jellyfin_base_dir: "{{ service_config_base }}/jellyfin" +jellyfin_config_dir: "{{ jellyfin_base_dir }}/config" +jellyfin_cache_dir: "{{ jellyfin_base_dir }}/cache" +jellyfin_logs_dir: "{{ jellyfin_base_dir }}/logs" +jellyfin_media_path: "/mnt/video" +jellyfin_port: "45131" +jellyfin_hw_acceleration: true + +audiobookshelf_base_dir: "{{ service_config_base }}/audiobookshelf" +audiobookshelf_config_dir: "{{ audiobookshelf_base_dir }}/config" +audiobookshelf_db_dir: "{{ audiobookshelf_base_dir }}/db" +audiobookshelf_port: "45132" + +calibre_base_dir: "{{ service_config_base }}/calibre" +calibre_library_dir: "/mnt/books/calibre" +calibre_config_dir: "{{ calibre_base_dir }}/config" +calibre_web_port: "45133" +calibre_web_db_path: "{{ calibre_config_dir }}/app.db" +calibre_web_enable_uploading: true +calibre_web_enable_conversion: true +calibre_web_enable_registration: false +calibre_web_enable_webdav: true +calibre_web_enable_opds: true + +ampache_base_dir: "{{ service_config_base }}/ampache" +ampache_config_dir: "{{ ampache_base_dir }}/config" +ampache_logs_dir: "{{ ampache_base_dir }}/logs" +ampache_mysql_dir: "{{ ampache_base_dir }}/mysql" +ampache_port: "45134" + +flibusta_base_dir: "/mnt/service/flibusta" +flibusta_source_archives_dir: "/mnt/books/flibusta" +flibusta_web_port: "45137" +flibusta_db_port: "45138" +flibusta_db_user: "flibusta" +flibusta_db_password: "{{ vault_flibusta_db_password }}" +flibusta_db_name: "flibusta" + +navidrome_base_dir: "{{ service_config_base }}/navidrome" +navidrome_data_dir: "{{ navidrome_base_dir }}/data" +navidrome_plugins_dir: "{{ navidrome_base_dir }}/plugins" +navidrome_port: "45136" +navidrome_default_language: "ru" +navidrome_music_folder: "/mnt/audio" +navidrome_log_level: "info" +navidrome_plugins_enabled: true +navidrome_plugins_autoreload: false +navidrome_plugins_log_level: "info" +navidrome_plugins_cache_size: "200MB" + +# ============================================================================= +# СЕРВИСЫ: PHOTO (192.168.1.204) +# ============================================================================= +immich_base_dir: "/mnt/immich" +immich_port: "45131" +immich_db_username: "postgres" +immich_db_password: "{{ vault_immich_db_password }}" +immich_db_name: "immich" +immich_version: "release" + +# ============================================================================= +# СЕРВИСЫ: TALK (192.168.1.206) +# ============================================================================= +mumble_base_dir: "/mnt/mumble" +mumble_data_dir: "{{ mumble_base_dir }}/data" +mumble_port: "45131" +mumble_ice_port: "6502" +mumble_max_users: "100" +mumble_server_password: "{{ vault_mumble_server_password }}" +mumble_superuser_password: "{{ vault_mumble_superuser_password }}" + +matrix_base_dir: "/mnt/matrix" +matrix_data_dir: "{{ matrix_base_dir }}/data" +matrix_config_dir: "{{ matrix_base_dir }}/config" +matrix_media_dir: "{{ matrix_base_dir }}/media" +matrix_postgres_dir: "{{ matrix_base_dir }}/postgres" +matrix_port: "45132" +matrix_domain: "matrix.zailon.ru" +matrix_server_name: "{{ matrix_domain }}" +matrix_registration_enabled: false +matrix_report_stats: "no" +matrix_postgres_user: "synapse" +matrix_postgres_password: "{{ vault_matrix_postgres_password }}" +matrix_postgres_db: "synapse" +matrix_synapse_secret: "{{ vault_matrix_synapse_secret }}" +matrix_macaroon_secret: "{{ vault_matrix_macaroon_secret }}" +matrix_form_secret: "{{ vault_matrix_form_secret }}" + +snikket_base_dir: "/mnt/snikket" +snikket_data_dir: "{{ snikket_base_dir }}/snikket_data" +snikket_nginx_custom_dir: "{{ snikket_base_dir }}/nginx-custom" +snikket_backup_dir: "/backup/snikket" +snikket_domain: "chat.zailon.ru" +snikket_admin_email: "zailon@bk.ru" +snikket_external_ip: "188.73.191.202" +snikket_http_port: 8080 +snikket_https_port: 8443 +snikket_xmpp_port: 5222 +snikket_component_port: 5349 +snikket_turn_port: 3478 +snikket_turn_tls_port: 5349 +snikket_rtp_min_port: 50000 +snikket_rtp_max_port: 50100 +snikket_enable_acme: false +snikket_disable_tls: true +snikket_trusted_proxy: "*" +snikket_max_file_size: "500M" +snikket_image_tag: "dev" +snikket_create_initial_invite: false +snikket_backup_enabled: true +snikket_backup_retention_days: 30 +snikket_admin_password: "{{ vault_snikket_admin_password }}" +snikket_invite_token: "{{ vault_snikket_invite_token }}" + +teamspeak_base_dir: "/mnt/teamspeak" +teamspeak_data_dir: "{{ teamspeak_base_dir }}/data" +teamspeak_logs_dir: "{{ teamspeak_base_dir }}/logs" +teamspeak_query_port: "10011" +teamspeak_voice_port: "9987" +teamspeak_file_port: "30033" + +# ============================================================================= +# СЕРВИСЫ: GAMES (192.168.1.207) +# ============================================================================= +minecraft_base_dir: "/mnt/minecraft" +minecraft_data_dir: "{{ minecraft_base_dir }}/data" +minecraft_port: "25565" +minecraft_memory: "4G" +minecraft_version: "1.21.1" +minecraft_neoforge_version: "21.1.0" +minecraft_type: "NEOFORGE" +minecraft_eula: "true" +minecraft_motd: "Minecraft @ zailon.ru" +minecraft_online_mode: "true" +minecraft_mods: + - "https://mediafilez.forgecdn.net/files/7178/775/create-1.21.1-6.0.8.jar" + +# ============================================================================= +# СЕРВИСЫ: MANAGE (192.168.1.208) +# ============================================================================= +meshcentral_base_dir: "/opt/meshcentral" +meshcentral_data_dir: "/mnt/mesh/meshcentral-data" +meshcentral_files_dir: "/mnt/mesh/meshcentral-files" +meshcentral_backup_dir: "/mnt/mesh/meshcentral-backup" +meshcentral_port: "45131" + +grafana_base_dir: /mnt/grafana +grafana_data_dir: "{{ grafana_base_dir }}/data" +grafana_config_dir: "{{ grafana_base_dir }}/config" +grafana_vm_data_dir: "{{ grafana_base_dir }}/victoriametrics" +grafana_vmagent_tmp_dir: "{{ grafana_base_dir }}/vmagent/tmp" +grafana_vmagent_config: "{{ grafana_base_dir }}/vmagent/vmagent.yaml" +grafana_port: 45132 + +loki_base_dir: "/mnt/loki" +loki_config_dir: "{{ loki_base_dir }}/config" +loki_data_dir: "{{ loki_base_dir }}/data" +loki_server_host: "{{ server_ips.manage }}" +loki_server_port: "{{ monitoring_ports.loki }}" + +promtail_config_dir: "/etc/promtail" +promtail_data_dir: "/var/lib/promtail" + +# ============================================================================= +# СЕРВИСЫ: GIT (192.168.1.209) +# ============================================================================= +gitlab_base_dir: "/mnt/git" +gitlab_config_dir: "{{ gitlab_base_dir }}/config" +gitlab_logs_dir: "{{ gitlab_base_dir }}/logs" +gitlab_data_dir: "{{ gitlab_base_dir }}/data" +gitlab_backup_dir: "{{ gitlab_base_dir }}/backup" +gitlab_http_port: "45130" +gitlab_ssh_port: "2222" +gitlab_version: "17.5.5-ce.0" +gitlab_hostname: "git.zailon.ru" +gitlab_external_url: "https://git.zailon.ru" +gitlab_root_password: "{{ vault_gitlab_root_password }}" + +# ============================================================================= +# СЕРВИСЫ: TORRENT (192.168.1.211) +# ============================================================================= +qbittorrent_base_dir: "/mnt/service/qbittorrent" +qbittorrent_config_dir: "{{ qbittorrent_base_dir }}/appdata" +qbittorrent_downloads_dir: "{{ qbittorrent_base_dir }}/downloads" +qbittorrent_puid: 1000 +qbittorrent_pgid: 1003 +qbittorrent_port_webui: 8080 +qbittorrent_port_torrent: 6881 +qbittorrent_smb_credentials_dir: "/etc/smb-creds" + +qbittorrent_smb_creds: + olimp: + username: "Olimp" + password: "{{ vault_smb_olimp_password }}" + file: "olimp" + qb: + username: "qb" + password: "{{ vault_samba_password_qb }}" + file: "qb" + +qbittorrent_shares: + - name: downloads + src: "//192.168.1.101/Downloads" + dest: "/mnt/downloads" + credential: "olimp" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.olimp.file }}" + - name: abook + src: "//192.168.1.203/Abook" + dest: "/mnt/abook" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" + - name: music + src: "//192.168.1.203/Music" + dest: "/mnt/audio" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" + - name: books + src: "//192.168.1.203/Books" + dest: "/mnt/books" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" + - name: films + src: "//192.168.1.203/Films" + dest: "/mnt/video/films" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" + - name: mult + src: "//192.168.1.203/Mult" + dest: "/mnt/video/mult" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" + - name: anime + src: "//192.168.1.203/Anime" + dest: "/mnt/video/anime" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" + - name: serial + src: "//192.168.1.203/Serial" + dest: "/mnt/video/serial" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" + - name: mserials + src: "//192.168.1.203/Mserials" + dest: "/mnt/video/mserials" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" + - name: doc + src: "//192.168.1.203/Doc" + dest: "/mnt/video/doc" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" + - name: ztube + src: "//192.168.1.203/Ztube" + dest: "/mnt/video/ztube" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" + - name: show + src: "//192.168.1.203/Show" + dest: "/mnt/video/show" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" + - name: games + src: "//192.168.1.207/Games" + dest: "/mnt/games" + opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" + +torrserver_base_dir: "/mnt/service/torrserver" +torrserver_config_dir: "{{ torrserver_base_dir }}/config" +torrserver_torrents_dir: "{{ torrserver_base_dir }}/torrents" torrserver_port: "45132" \ No newline at end of file