Update 2 files

- /group_vars/all.yml - /vault.yml
2025-10-30 05:42:37 +00:00 · 2025-10-30 05:42:37 +00:00 · a8ba8abbbe
commit a8ba8abbbe
parent 6147b6f171
2 changed files with 39 additions and 65 deletions
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -4,11 +4,8 @@ timezone: Asia/Yekaterinburg
 system_locale: ru_RU.UTF-8
 proxmox_node: "Olimp"
 # Настройки пользователей
 admin_user: root
 # Список пакетов для установки на всех хостах
 base_packages:
  - curl
  - wget
@ -24,68 +21,56 @@ base_packages:
  - dnsutils
  - iputils-ping
  - traceroute
-# Дополнительные настройки
+
 system_scripts: []
 custom_directories:
  - /opt/scripts
  - /etc/apt/keyrings
-# ------------192.168.1.201 gateway------------
+# ------------ gateway (192.168.1.201) ------------
 # MNP
 npm_base_dir: "/opt/npm"
 npm_data_dir: "/opt/npm/data"
 npm_letsencrypt_dir: "/opt/npm/letsencrypt"
 # Heimdall
 heimdall_base_dir: "/opt/heimdall"
 heimdall_config_dir: "/opt/heimdall/config"
 heimdall_port: "45131"
 # ------------ Dashy ------------
 dashy_base_dir: "/opt/dashy"
 dashy_config_dir: "{{ dashy_base_dir }}/config"
 dashy_port: "45132"
 dashy_domain: "start.zailon.ru"
-# ------------192.168.1.202 data------------
+# ------------ data (192.168.1.202) ------------
 # Bookstack
 bookstack_base_dir: "/mnt/bookstack"
 bookstack_config_dir: "/mnt/bookstack/config"
 bookstack_uploads_dir: "/mnt/bookstack/uploads"
 bookstack_db_dir: "/mnt/bookstack/db"
 bookstack_port: "45133"
 # Mealie
 mealie_base_dir: "/mnt/mealie"
 mealie_data_dir: "/mnt/mealie/data"
 mealie_port: "45132"
 mealie_db_type: "sqlite"
-mealie_db_password: "secure_password_123"
+mealie_db_password: "{{ vault_mealie_db_password }}"
 # Bitwarden
 bitwarden_base_dir: "/mnt/bitwarden"
 bitwarden_data_dir: "{{ bitwarden_base_dir }}/vw-data"
 bitwarden_port: "45131"
-
+bitwarden_admin_token: "{{ vault_bitwarden_admin_token }}"
 bitwarden_admin_token: "QMhEngkv2a5s5S1AOp96A7rxiwz9BTCHGORY3EHcUYEP9wy07/+HxYGimL/FQAwl"
 bitwarden_websocket_enabled: true
 bitwarden_signups_allowed: false
 bitwarden_smtp_host: "smtp.mail.ru"
 bitwarden_smtp_port: "465"
 bitwarden_smtp_ssl: true
 bitwarden_smtp_username: "zailon@bk.ru"
-bitwarden_smtp_password: "khhyw8Ri9WrabwqM2vbC"
+bitwarden_smtp_password: "{{ vault_bitwarden_smtp_password }}"
 bitwarden_smtp_from: "zailon@bk.ru"
 bitwarden_domain: "https://bw.zailon.ru"
-# ------------192.168.1.203 media------------
+# ------------ media (192.168.1.203) ------------
 # Media базовые дериктории
 service_config_base: "/mnt/service"
 # Jellyfin
 jellyfin_base_dir: "{{ service_config_base }}/jellyfin"
 jellyfin_config_dir: "{{ jellyfin_base_dir }}/config"
 jellyfin_cache_dir: "{{ jellyfin_base_dir }}/cache"
@ -94,20 +79,17 @@ jellyfin_media_path: "/mnt/video"
 jellyfin_port: "45131"
 jellyfin_hw_acceleration: true
 # Audiobookshelf
 audiobookshelf_base_dir: "{{ service_config_base }}/audiobookshelf"
 audiobookshelf_config_dir: "{{ audiobookshelf_base_dir }}/config"
 audiobookshelf_db_dir: "{{ audiobookshelf_base_dir }}/db"
 audiobookshelf_port: "45132"
 # Ampache
 ampache_base_dir: "{{ service_config_base }}/ampache"
 ampache_config_dir: "{{ ampache_base_dir }}/config"
 ampache_logs_dir: "{{ ampache_base_dir }}/logs"
 ampache_mysql_dir: "{{ ampache_base_dir }}/mysql"
 ampache_port: "45134"
 # Calibre
 calibre_base_dir: "{{ service_config_base }}/calibre"
 calibre_library_dir: "/mnt/books"
 calibre_config_dir: "{{ calibre_base_dir }}/config"
@ -119,30 +101,23 @@ calibre_web_enable_registration: false
 calibre_web_enable_webdav: true
 calibre_web_enable_opds: true
-# ------------192.168.1.204 photo------------
+# ------------ photo (192.168.1.204) ------------
 # Immich variables
 immich_base_dir: "/mnt/immich"
 immich_port: "45131"
 immich_db_username: "postgres"
-immich_db_password: "postgres"
+immich_db_password: "{{ vault_immich_db_password }}"
 immich_db_name: "immich"
 immich_version: "release"
 # immich_public_url: "https://photos.yourdomain.com"  # раскомментирую если нужно
-# ------------192.168.1.206 talk------------
+# ------------ talk (192.168.1.206) ------------
 # Mumble
 mumble_base_dir: "/mnt/mumble"
 mumble_data_dir: "{{ mumble_base_dir }}/data"
 mumble_port: "45131"
 mumble_ice_port: "6502"
-mumble_server_password: "passw0rd"
+mumble_server_password: "{{ vault_mumble_server_password }}"
-mumble_superuser_password: "13qeadZC"
+mumble_superuser_password: "{{ vault_mumble_superuser_password }}"
 mumble_max_users: "100"
 # Matrix Synapse
 matrix_base_dir: "/mnt/matrix"
 matrix_data_dir: "{{ matrix_base_dir }}/data"
 matrix_config_dir: "{{ matrix_base_dir }}/config"
@ -154,21 +129,19 @@ matrix_server_name: "{{ matrix_domain }}"
 matrix_registration_enabled: false
 matrix_report_stats: "no"
 matrix_postgres_user: "synapse"
-matrix_postgres_password: "13qeadZC"
+matrix_postgres_password: "{{ vault_matrix_postgres_password }}"
 matrix_postgres_db: "synapse"
 matrix_synapse_secret: "{{ vault_matrix_synapse_secret }}"
 matrix_macaroon_secret: "{{ vault_matrix_macaroon_secret }}"
 matrix_form_secret: "{{ vault_matrix_form_secret }}"
 # ------------192.168.1.208 manage------------
-# MeshCentral
+# ------------ manage (192.168.1.228) ------------
 meshcentral_base_dir: "/opt/meshcentral"
 meshcentral_data_dir: "/mnt/mesh/meshcentral-data"
 meshcentral_files_dir: "/mnt/mesh/meshcentral-files"
 meshcentral_backup_dir: "/mnt/mesh/meshcentral-backup"
 meshcentral_port: "45131"
 # Grafana (для будущего использования)
 grafana_base_dir: "/opt/grafana"
 grafana_data_dir: "{{ grafana_base_dir }}/data"
 grafana_port: "45132"
--- a/vault.yml
+++ b/vault.yml
@ -1,24 +1,25 @@
-$ANSIBLE_VAULT;1.1;AES256
+# SSH ключи (публичные — можно хранить в открытом виде, но если хочешь — оставь здесь)
-38366636356431366631363566313532343532653438653662323338306133633631346230333333
+ssh_public_keys:
-6333303938616238353236653366653537353861393565340a326566383965623733306563653263
+  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbvnGZxQEGYuScClONbkbfVn2+Uo1kYYztXqMf9ku1lHkw+7IZa00LOMwv7QGBRvrtBcw+TWqaMst5FZ3R6oWcQc+nkBEYoRXe4f3AuuFAl9C9F6sEYM8fX6mAHIlWQhFyVslazZtVTQwnfRV0rnbtCduCu9liywM3fShFqBVwq7Y4nBjG648Zq+VfCHpbBE9XkZaMDyeOXdtppmLetywnBS33mbXMDgH09PMlRz097xfZLkpFdSi8WtDOtKSBiEHtZ+H0EZ42Cda2xMnqlgVtPxWGUirvv6CvDyTmuMzrjALZoSKhl3iD6Szd1YOJcAw6bv9gbJKxPkZchrB65ZXT ZailonOlimp"
-34323766616434643462313830623166373064323034353637393062623065373138356261383564
+  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvRBW+2Xpck2tznhWJyls5J/4wUoVYdyFM6JTU7uogK ansible@olimp"
-3165643135636663310a633065383238623334343163343361633065303465383862643564646533
+
-63386637626362623534396535383364626337366162363238323130336361663466316234643766
+# Matrix
-34336236346533646339313636303566666261353237393234326635303539363239623561346362
+vault_matrix_postgres_password: "13qeadZC"
-30336464663361326633366661396462646564323038303533636631613638313066333439653263
+vault_matrix_synapse_secret: "f9e5c2071a178dd8260c7a07b8e133417ff0d7c5d5ca12efdb215d56e19f05f4"
-36336132633936313231666464393137393839346537303436653039646631643332656531363066
+vault_matrix_macaroon_secret: "11e917490abf2306026ee6e3f49137ca911bd166dc0b8f4bccd62602bf9e6966"
-64343037656136383731313231386232653138626432613834316232643638306162636564623264
+vault_matrix_form_secret: "f61c53b083b51e14d2875940971b9e2d5f9ea4c69944cecf458075bf055eca45"
-38333934636535306361303537326634346433626535333165343036613961353039313035353164
+vault_matrix_admin_password: "13qeadZC"
-38653564626634616433396634343166336231333966663330323532353431343830396464626665
+
-64326232366337383165396365303930363734666363376465343731653537303531353632653833
+# Bitwarden
-63663839316434363536353962656232633963313231383838336134303035636436633731346535
+vault_bitwarden_admin_token: "QMhEngkv2a5s5S1AOp96A7rxiwz9BTCHGORY3EHcUYEP9wy07/+HxYGimL/FQAwl"
-61613630323962303934643730356263343164616235646163383238626138626361363562343333
+vault_bitwarden_smtp_password: "khhyw8Ri9WrabwqM2vbC"
-62633030306433633663663031666363663934663639366462303433663036353734653765333630
+
-35306138626565346464373435316633376264633735323265313964373861326630393163303265
+# Mealie
-31616338326664633130623333343936363934616365643537613130643430623766636635386638
+vault_mealie_db_password: "secure_password_123"
-38363432616464313532643066323164613532623938323633666437316132396230353365613939
+
-32653636363337393339313639646638613632336166343065633863393036363235373863306433
+# Mumble
-30366530376137376636306261633638396131356232343334613835643131646636323236386634
+vault_mumble_server_password: "passw0rd"
-30333130636536313236386335623232653138353835366536396237636435636162616165346163
+vault_mumble_superuser_password: "13qeadZC"
-36633830383963636138313630373662333861653635303134656532306561643233393263666266
+
-323232326333646561653661313433346365
+# Immich
 vault_immich_db_password: "postgres"