homelab/ansible-collection
0
0
Fork 0
Code Issues 1 Pull requests 1 Releases 159 Activity Actions
ansible-collection/roles/common/meta/argument_specs.yml

179 lines
4.6 KiB
YAML
Raw Permalink Blame History

# Ansible Roles for managing Auengun.net Infrastructure & Testing/Learning.
# Source available at git.auengun.net/homelab/ansible-collection
# Copyright (C) 2023 GregoryDosh
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# SPDX-License-Identifier: AGPL-3.0-or-later
# SPDX-FileCopyrightText: 2023 GregoryDosh
---
argument_specs:
main:
options:
INSTALL_QEMU_AGENT:
type: bool
default: true
LXC_SSH_TUNEUP:
type: bool
default: false
GRAFANA_ALLOY_INSTALL:
type: bool
default: true
GRAFANA_ALLOY_OBSERVE_ALLOY:
type: bool
default: true
GRAFANA_ALLOY_OBSERVE_DOCKER:
type: bool
default: true
GRAFANA_ALLOY_VERSION:
required: true
type: str
GRAFANA_ALLOY_PACKAGE_DEB_URL:
required: true
type: str
LDAPD_BINDDN:
type: str
LDAPD_BINDPW:
type: str
PAM_AUENGUN_SSH_ENABLE:
type: bool
default: true
PAM_AUENGUN_SSH_DEFAULT:
type: str
PAM_AUENGUN_SSH_PRIORITY:
type: int
PAM_MKHOMEDIR_SPM_ENABLE:
type: bool
default: true
PAM_MKHOMEDIR_SPM_DEFAULT:
type: str
PAM_MKHOMEDIR_SPM_PRIORITY:
type: int
PAM_SHARED_MODULE_PATH:
type: str
PAM_AUENGUN_SSH_AUTHORIZED_PRINCIPALS:
type: str
SSSD_DEFAULT_SHELL:
type: str
SSSD_LDAP_FILTER:
type: str
CERT_RENEWAL_SERVICE_NAME:
type: str
default: cert-renew
CERT_SAN:
type: list
elements: str
default:
- "{{ inventory_hostname_short }}.auengun.net"
- "{{ inventory_hostname_short }}.virt.auengun.net"
CERT_RENEWAL_RESTART_SYSTEMD_SERVICES:
type: list
elements: str
default: []
HEALTHCHECK_SITE_API_KEY:
required: true
type: str
STEP_BIN_INSTALL:
type: bool
default: true
STEP_BIN_VERSION:
required: true
type: str
STEP_BIN_NAME:
type: str
default: step-cli
STEP_USER_NAME:
type: str
default: root
STEP_GROUP_NAME:
type: str
default: root
STEP_PATH:
type: path
default: /etc/step-ca/
STEP_CONFIG_PATH:
type: path
default: "{{ STEP_PATH }}/config/"
STEP_CERTS_PATH:
type: path
default: "{{ STEP_PATH }}/certs/"
STEP_CERTS_ACME_CA_PROVISIONER:
type: str
required: true
STEP_CERTS_ACME_CRT:
type: str
default: acme.crt
STEP_CERTS_ACME_KEY:
type: str
default: acme.key
STEP_CERTS_ROOT_CRT:
type: str
default: root_ca.crt
STEP_CERTS_BUNDLE_CRT:
type: str
default: bundle.crt # fullchain.pem
STEP_CERTS_SSH_ROOT:
type: str
default: ssh_host_ecdsa
STEP_CERTS_SSH_PRIVATE_KEY:
type: str
default: "{{ STEP_CERTS_SSH_ROOT }}"
STEP_CERTS_SSH_PUBLIC_KEY:
type: str
default: "{{ STEP_CERTS_SSH_ROOT }}.pub"
STEP_CERTS_SSH_HOST_CERT:
type: str
default: "{{ STEP_CERTS_SSH_ROOT }}-cert.pub"
STEP_CERTS_SSH_TRUSTED_USER_CA_KEYS:
type: str
default: trusted_user_ca_key.crt
STEP_CERTS_SYSTEMD_EXTRA_CONFIG:
type: str
STEP_BOOTSTRAP_URL:
type: str
default: https://ca.auengun.net
STEP_BOOTSTRAP_FINGERPRINT:
required: true
type: str
STEP_BOOTSTRAP_HOST:
type: bool
default: true
STEP_BOOTSTRAP_HOST_TRUST:
type: bool
default: true
STEP_WEBROOT_PATH:
type: str
STEP_HC_RENEWAL_NAME:
type: str
default: "Cert - ACME/SSH - {{ inventory_hostname_short }} 🔄"
STEP_HC_RENEWAL_TIMEOUT:
type: int
default: 86400
STEP_HC_RENEWAL_GRACE:
type: int
default: 300
STEP_HC_RENEWAL_TAGS:
type: str
default: "certs 🔄 {{ inventory_hostname_short }}"
Reference in a new issue View git blame Copy permalink