--- # ============================================================================= # ОБЩИЕ НАСТРОЙКИ (GLOBAL) # ============================================================================= timezone: Asia/Yekaterinburg system_locale: ru_RU.UTF-8 x11_display_host: "192.168.1.101" admin_user: root # Базовые пакеты для всех серверов base_packages: - curl - wget - gnupg - ca-certificates - software-properties-common - tree - htop - nano - git - apt-transport-https - net-tools - dnsutils - iputils-ping - traceroute - sudo - mc - iftop - pv - jq - unzip # Пользовательские директории custom_directories: - /opt/scripts - /etc/apt/keyrings # SSH ключи ssh_public_keys: - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8/+/WFFYDu4ljy1j9+bWp6MiXZ9a0iodoPHq+nEpIr ansible@Olimp" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbvnGZxQEGYuScClONbkbfVn2+Uo1kYYztXqMf9ku1lHkw+7IZa00LOMwv7QGBRvrtBcw+TWqaMst5FZ3R6oWcQc+nkBEYoRXe4f3AuuFAl9C9F6sEYM8fX6mAHIlWQhFyVslazZtVTQwnfRV0rnbtCduCu9liywM3fShFqBVwq7Y4nBjG648Zq+VfCHpbBE9XkZaMDyeOXdtppmLetywnBS33mbXMDgH09PMlRz097xfZLkpFdSi8WtDOtKSBiEHtZ+H0EZ42Cda2xMnqlgVtPxWGUirvv6CvDyTmuMzrjALZoSKhl3iD6Szd1YOJcAw6bv9gbJKxPkZchrB65ZXT ZailonOlimp" # Пакеты для удаления cleanup_packages: - gparted # ============================================================================= # СЕТЕВЫЕ НАСТРОЙКИ # ============================================================================= server_ips: olimp: "192.168.1.200" # Proxmox gateway: "192.168.1.201" # NPM, Dashy, Heimdall data: "192.168.1.202" # Bitwarden, Mealie, Bookstack media: "192.168.1.203" # Jellyfin, Ampache, Calibre photo: "192.168.1.204" # Immich nextcloud: "192.168.1.205" # Nextcloud talk: "192.168.1.206" # Matrix, Mumble, Snikket, TeamSpeak games: "192.168.1.207" # Minecraft manage: "192.168.1.208" # Grafana, Loki, MeshCentral git: "192.168.1.209" # GitLab ansible: "192.168.1.210" # Ansible torrent: "192.168.1.211" # Qbittorrent, TorrServer # ============================================================================= # МОНИТОРИНГ (VictoriaMetrics, Grafana, Loki) # ============================================================================= monitoring_ports: node_exporter: 9100 proxmox_exporter: 9223 vmagent: 8429 victoriametrics: 8428 loki: 3100 promtail: 9080 monitoring_groups: node_exporter_servers: - "{{ server_ips.olimp }}" - "{{ server_ips.gateway }}" - "{{ server_ips.data }}" - "{{ server_ips.media }}" - "{{ server_ips.photo }}" - "{{ server_ips.talk }}" - "{{ server_ips.games }}" - "{{ server_ips.manage }}" - "{{ server_ips.git }}" - "{{ server_ips.ansible }}" - "{{ server_ips.torrent }}" proxmox_servers: - "{{ server_ips.olimp }}" promtail_servers: - "{{ server_ips.gateway }}" - "{{ server_ips.data }}" - "{{ server_ips.media }}" - "{{ server_ips.photo }}" - "{{ server_ips.talk }}" - "{{ server_ips.games }}" - "{{ server_ips.manage }}" - "{{ server_ips.git }}" - "{{ server_ips.ansible }}" - "{{ server_ips.torrent }}" # Proxmox Exporter pve_exporter_user: "pve_exporter@pve" pve_exporter_token_name: "grafana" pve_exporter_token_value: "{{ vault_pve_exporter_token }}" # VictoriaMetrics & Grafana victoriametrics_retention_months: 2 victoriametrics_version: v1.101.0 grafana_version: 11.2.0 grafana_admin_user: admin grafana_admin_password: "{{ vault_grafana_admin_password }}" grafana_root_url: https://mon.zailon.ru # Loki loki_version: "2.9.2" loki_retention_days: 30 # cAdvisor cadvisor_enabled: true cadvisor_base_dir: "/opt/cadvisor" cadvisor_port: 8080 # ============================================================================= # СЕРВИСЫ: GATEWAY (192.168.1.201) # ============================================================================= npm_base_dir: "/opt/npm" npm_data_dir: "/opt/npm/data" npm_letsencrypt_dir: "/opt/npm/letsencrypt" heimdall_base_dir: "/opt/heimdall" heimdall_config_dir: "/opt/heimdall/config" heimdall_port: "45131" dashy_base_dir: "/opt/dashy" dashy_config_dir: "{{ dashy_base_dir }}/config" dashy_port: "45132" dashy_domain: "start.zailon.ru" # ============================================================================= # СЕРВИСЫ: DATA (192.168.1.202) # ============================================================================= # Bitwarden bitwarden_base_dir: "/mnt/bitwarden" bitwarden_data_dir: "{{ bitwarden_base_dir }}/vw-data" bitwarden_port: "45131" bitwarden_admin_token: "{{ vault_bitwarden_admin_token }}" bitwarden_websocket_enabled: true bitwarden_signups_allowed: false bitwarden_smtp_host: "smtp.mail.ru" bitwarden_smtp_port: "465" bitwarden_smtp_ssl: true bitwarden_smtp_username: "zailon@bk.ru" bitwarden_smtp_password: "{{ vault_bitwarden_smtp_password }}" bitwarden_smtp_from: "zailon@bk.ru" bitwarden_domain: "https://bw.zailon.ru" # Mealie mealie_base_dir: "/mnt/mealie" mealie_data_dir: "/mnt/mealie/data" mealie_port: "45132" mealie_db_type: "sqlite" mealie_db_password: "{{ vault_mealie_db_password }}" # Bookstack bookstack_base_dir: "/mnt/bookstack" bookstack_config_dir: "/mnt/bookstack/config" bookstack_uploads_dir: "/mnt/bookstack/uploads" bookstack_db_dir: "/mnt/bookstack/db" bookstack_port: "45133" # ============================================================================= # СЕРВИСЫ: MEDIA (192.168.1.203) # ============================================================================= service_config_base: "/mnt/service" # Jellyfin jellyfin_base_dir: "{{ service_config_base }}/jellyfin" jellyfin_config_dir: "{{ jellyfin_base_dir }}/config" jellyfin_cache_dir: "{{ jellyfin_base_dir }}/cache" jellyfin_logs_dir: "{{ jellyfin_base_dir }}/logs" jellyfin_media_path: "/mnt/video" jellyfin_port: "45131" jellyfin_hw_acceleration: true # Audiobookshelf audiobookshelf_base_dir: "{{ service_config_base }}/audiobookshelf" audiobookshelf_config_dir: "{{ audiobookshelf_base_dir }}/config" audiobookshelf_db_dir: "{{ audiobookshelf_base_dir }}/db" audiobookshelf_port: "45132" # Calibre Web calibre_base_dir: "{{ service_config_base }}/calibre" calibre_library_dir: "/mnt/books/calibre" calibre_config_dir: "{{ calibre_base_dir }}/config" calibre_web_port: "45133" calibre_web_db_path: "{{ calibre_config_dir }}/app.db" calibre_web_enable_uploading: true calibre_web_enable_conversion: true calibre_web_enable_registration: false calibre_web_enable_webdav: true calibre_web_enable_opds: true # Ampache ampache_base_dir: "{{ service_config_base }}/ampache" ampache_config_dir: "{{ ampache_base_dir }}/config" ampache_logs_dir: "{{ ampache_base_dir }}/logs" ampache_mysql_dir: "{{ ampache_base_dir }}/mysql" ampache_port: "45134" # Flibusta flibusta_base_dir: "/mnt/service/flibusta" flibusta_source_archives_dir: "/mnt/books/flibusta" flibusta_web_port: "45137" flibusta_db_port: "45138" flibusta_db_user: "flibusta" flibusta_db_password: "{{ vault_flibusta_db_password }}" flibusta_db_name: "flibusta" # ============================================================================= # СЕРВИСЫ: PHOTO (192.168.1.204) # ============================================================================= immich_base_dir: "/mnt/immich" immich_port: "45131" immich_db_username: "postgres" immich_db_password: "{{ vault_immich_db_password }}" immich_db_name: "immich" immich_version: "release" # ============================================================================= # СЕРВИСЫ: TALK (192.168.1.206) # ============================================================================= # Mumble mumble_base_dir: "/mnt/mumble" mumble_data_dir: "{{ mumble_base_dir }}/data" mumble_port: "45131" mumble_ice_port: "6502" mumble_max_users: "100" mumble_server_password: "{{ vault_mumble_server_password }}" mumble_superuser_password: "{{ vault_mumble_superuser_password }}" # Matrix (Synapse) matrix_base_dir: "/mnt/matrix" matrix_data_dir: "{{ matrix_base_dir }}/data" matrix_config_dir: "{{ matrix_base_dir }}/config" matrix_media_dir: "{{ matrix_base_dir }}/media" matrix_postgres_dir: "{{ matrix_base_dir }}/postgres" matrix_port: "45132" matrix_domain: "matrix.zailon.ru" matrix_server_name: "{{ matrix_domain }}" matrix_registration_enabled: false matrix_report_stats: "no" matrix_postgres_user: "synapse" matrix_postgres_password: "{{ vault_matrix_postgres_password }}" matrix_postgres_db: "synapse" matrix_synapse_secret: "{{ vault_matrix_synapse_secret }}" matrix_macaroon_secret: "{{ vault_matrix_macaroon_secret }}" matrix_form_secret: "{{ vault_matrix_form_secret }}" # Snikket (XMPP) snikket_base_dir: "/mnt/snikket" snikket_data_dir: "{{ snikket_base_dir }}/snikket_data" snikket_nginx_custom_dir: "{{ snikket_base_dir }}/nginx-custom" snikket_backup_dir: "/backup/snikket" snikket_domain: "chat.zailon.ru" snikket_admin_email: "zailon@bk.ru" snikket_external_ip: "188.73.191.202" snikket_http_port: 8080 snikket_https_port: 8443 snikket_xmpp_port: 5222 snikket_component_port: 5349 snikket_turn_port: 3478 snikket_turn_tls_port: 5349 snikket_rtp_min_port: 50000 snikket_rtp_max_port: 50100 snikket_enable_acme: false snikket_disable_tls: true snikket_trusted_proxy: "*" snikket_max_file_size: "500M" snikket_image_tag: "dev" snikket_create_initial_invite: false snikket_backup_enabled: true snikket_backup_retention_days: 30 snikket_admin_password: "{{ vault_snikket_admin_password }}" snikket_invite_token: "{{ vault_snikket_invite_token }}" # TeamSpeak teamspeak_base_dir: "/mnt/teamspeak" teamspeak_data_dir: "{{ teamspeak_base_dir }}/data" teamspeak_logs_dir: "{{ teamspeak_base_dir }}/logs" teamspeak_query_port: "10011" teamspeak_voice_port: "9987" teamspeak_file_port: "30033" # ============================================================================= # СЕРВИСЫ: GAMES (192.168.1.207) # ============================================================================= minecraft_base_dir: "/mnt/minecraft" minecraft_data_dir: "{{ minecraft_base_dir }}/data" minecraft_port: "25565" minecraft_memory: "4G" minecraft_version: "1.21.1" minecraft_neoforge_version: "21.1.0" minecraft_type: "NEOFORGE" minecraft_eula: "true" minecraft_motd: "Minecraft @ zailon.ru" minecraft_online_mode: "true" minecraft_mods: - "https://mediafilez.forgecdn.net/files/7178/775/create-1.21.1-6.0.8.jar" # ============================================================================= # СЕРВИСЫ: MANAGE (192.168.1.208) # ============================================================================= meshcentral_base_dir: "/opt/meshcentral" meshcentral_data_dir: "/mnt/mesh/meshcentral-data" meshcentral_files_dir: "/mnt/mesh/meshcentral-files" meshcentral_backup_dir: "/mnt/mesh/meshcentral-backup" meshcentral_port: "45131" # Grafana grafana_base_dir: /mnt/grafana grafana_data_dir: "{{ grafana_base_dir }}/data" grafana_config_dir: "{{ grafana_base_dir }}/config" grafana_vm_data_dir: "{{ grafana_base_dir }}/victoriametrics" grafana_vmagent_tmp_dir: "{{ grafana_base_dir }}/vmagent/tmp" grafana_vmagent_config: "{{ grafana_base_dir }}/vmagent/vmagent.yaml" grafana_port: 45132 # Loki loki_base_dir: "/mnt/loki" loki_config_dir: "{{ loki_base_dir }}/config" loki_data_dir: "{{ loki_base_dir }}/data" loki_server_host: "{{ server_ips.manage }}" loki_server_port: "{{ monitoring_ports.loki }}" # Promtail promtail_config_dir: "/etc/promtail" promtail_data_dir: "/var/lib/promtail" # ============================================================================= # СЕРВИСЫ: GIT (192.168.1.209) # ============================================================================= gitlab_base_dir: "/mnt/git" gitlab_config_dir: "{{ gitlab_base_dir }}/config" gitlab_logs_dir: "{{ gitlab_base_dir }}/logs" gitlab_data_dir: "{{ gitlab_base_dir }}/data" gitlab_backup_dir: "{{ gitlab_base_dir }}/backup" gitlab_http_port: "45130" gitlab_ssh_port: "2222" gitlab_version: "17.5.5-ce.0" gitlab_hostname: "git.zailon.ru" gitlab_external_url: "https://git.zailon.ru" gitlab_root_password: "{{ vault_gitlab_root_password }}" # ============================================================================= # СЕРВИСЫ: TORRENT (192.168.1.211) # ============================================================================= qbittorrent_base_dir: "/mnt/service/qbittorrent" qbittorrent_config_dir: "{{ qbittorrent_base_dir }}/appdata" qbittorrent_downloads_dir: "{{ qbittorrent_base_dir }}/downloads" qbittorrent_puid: 1000 qbittorrent_pgid: 1003 qbittorrent_port_webui: 8080 qbittorrent_port_torrent: 6881 qbittorrent_smb_credentials_dir: "/etc/smb-creds" # Учётные данные для SMB-шар qbittorrent_smb_creds: olimp: username: "Olimp" password: "{{ vault_smb_olimp_password }}" file: "olimp" qb: username: "qb" password: "{{ vault_samba_password_qb }}" file: "qb" # Маунты SMB-шар qbittorrent_shares: - name: downloads src: "//192.168.1.101/Downloads" dest: "/mnt/downloads" credential: "olimp" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.olimp.file }}" - name: abook src: "//192.168.1.203/Abook" dest: "/mnt/abook" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - name: music src: "//192.168.1.203/Music" dest: "/mnt/audio" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - name: books src: "//192.168.1.203/Books" dest: "/mnt/books" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - name: films src: "//192.168.1.203/Films" dest: "/mnt/video/films" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - name: mult src: "//192.168.1.203/Mult" dest: "/mnt/video/mult" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - name: anime src: "//192.168.1.203/Anime" dest: "/mnt/video/anime" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - name: serial src: "//192.168.1.203/Serial" dest: "/mnt/video/serial" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - name: mserials src: "//192.168.1.203/Mserials" dest: "/mnt/video/mserials" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - name: doc src: "//192.168.1.203/Doc" dest: "/mnt/video/doc" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - name: ztube src: "//192.168.1.203/Ztube" dest: "/mnt/video/ztube" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - name: show src: "//192.168.1.203/Show" dest: "/mnt/video/show" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" - name: games src: "//192.168.1.207/Games" dest: "/mnt/games" opts: "rw,uid={{ qbittorrent_puid }},gid={{ qbittorrent_pgid }},file_mode=0644,dir_mode=0755,vers=3.0,credentials=/etc/smb-creds/{{ qbittorrent_smb_creds.qb.file }}" torrserver_base_dir: "/mnt/service/torrserver" torrserver_config_dir: "{{ torrserver_base_dir }}/config" torrserver_torrents_dir: "{{ torrserver_base_dir }}/torrents" torrserver_port: "45132"