inventory, roles, config, docs: update all files to refactor the ansible variables structure

2026-04-01 21:30:56 +09:00
parent d1e0eb30c0
commit 84d961c7e3
62 changed files with 321 additions and 254 deletions
--- a/ansible/roles/app/tasks/services/set_gitea.yaml
+++ b/ansible/roles/app/tasks/services/set_gitea.yaml
@@ -20,7 +20,7 @@
  ansible.builtin.copy:
    content: |
      {{ hostvars['console']['ca']['root']['crt'] }}
-    dest: "{{ node['home_path'] }}/containers/gitea/ssl/ilnmors_root_ca.crt"
+    dest: "{{ node['home_path'] }}/containers/gitea/ssl/{{ root_cert_filename }}"
    owner: "{{ gitea_subuid }}"
    group: "svadmins"
    mode: "0440"
--- a/ansible/roles/app/tasks/services/set_immich.yaml
+++ b/ansible/roles/app/tasks/services/set_immich.yaml
@@ -70,7 +70,7 @@
  ansible.builtin.copy:
    content: |
      {{ hostvars['console']['ca']['root']['crt'] }}
-    dest: "{{ node['home_path'] }}/containers/immich/ssl/ilnmors_root_ca.crt"
+    dest: "{{ node['home_path'] }}/containers/immich/ssl/{{ root_cert_filename }}"
    owner: "{{ ansible_user }}"
    group: "svadmins"
    mode: "0440"
--- a/ansible/roles/app/tasks/services/set_paperless.yaml
+++ b/ansible/roles/app/tasks/services/set_paperless.yaml
@@ -69,7 +69,7 @@
  ansible.builtin.copy:
    content: |
      {{ hostvars['console']['ca']['root']['crt'] }}
-    dest: "{{ node['home_path'] }}/containers/paperless/ssl/ilnmors_root_ca.crt"
+    dest: "{{ node['home_path'] }}/containers/paperless/ssl/{{ root_cert_filename }}"
    owner: "{{ paperless_subuid }}"
    group: "svadmins"
    mode: "0440"
@@ -101,7 +101,7 @@
                "client_id": "paperless",
                "secret": "{{ hostvars['console']['paperless']['oidc']['secret'] }}",
                "settings": {
-                  "server_url": "https://authelia.ilnmors.com/.well-known/openid-configuration",
+                  "server_url": "https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}/.well-known/openid-configuration",
                  "token_auth_method": "client_secret_post"
                }
              }
--- a/ansible/roles/app/tasks/services/set_vaultwarden.yaml
+++ b/ansible/roles/app/tasks/services/set_vaultwarden.yaml
@@ -15,7 +15,7 @@
  ansible.builtin.copy:
    content: |
      {{ hostvars['console']['ca']['root']['crt'] }}
-    dest: "{{ node['home_path'] }}/containers/vaultwarden/ssl/ilnmors_root_ca.crt"
+    dest: "{{ node['home_path'] }}/containers/vaultwarden/ssl/{{ root_cert_filename }}"
    owner: "{{ ansible_user }}"
    group: "svadmins"
    mode: "0440"
@@ -34,7 +34,8 @@
      value: "{{ hostvars['console']['vaultwarden']['admin']['hash'] }}"
    - name: "VW_DATABASE_URL"
      value: "postgresql://vaultwarden:{{ hostvars['console']['postgresql']['password']['vaultwarden'] | urlencode | replace('/', '%2F') }}\
-        @{{ infra_uri['postgresql']['domain'] }}/vaultwarden_db?sslmode=verify-full&sslrootcert=/etc/ssl/vaultwarden/ilnmors_root_ca.crt"
+        @{{ services['postgresql']['domain'] }}.{{ domain['internal'] }}/vaultwarden_db?sslmode=verify-full&\
+        sslrootcert=/etc/ssl/vaultwarden/{{ root_cert_filename }}"
  notify: "notification_restart_vaultwarden"
  no_log: true

--- a/ansible/roles/app/tasks/services/set_vikunja.yaml
+++ b/ansible/roles/app/tasks/services/set_vikunja.yaml
@@ -20,7 +20,7 @@
  ansible.builtin.copy:
    content: |
      {{ hostvars['console']['ca']['root']['crt'] }}
-    dest: "{{ node['home_path'] }}/containers/vikunja/ssl/ilnmors_root_ca.crt"
+    dest: "{{ node['home_path'] }}/containers/vikunja/ssl/{{ root_cert_filename }}"
    owner: "{{ vikunja_subuid }}"
    group: "svadmins"
    mode: "0440"
--- a/ansible/roles/auth/tasks/services/set_authelia.yaml
+++ b/ansible/roles/auth/tasks/services/set_authelia.yaml
@@ -27,7 +27,7 @@
  ansible.builtin.copy:
    content: |
      {{ hostvars['console']['ca']['root']['crt'] }}
-    dest: "{{ node['home_path'] }}/containers/authelia/certs/ilnmors_root_ca.crt"
+    dest: "{{ node['home_path'] }}/containers/authelia/certs/{{ root_cert_filename }}"
    owner: "{{ ansible_user }}"
    group: "svadmins"
    mode: "0440"
--- a/ansible/roles/common/tasks/node/deploy_root_ca.yaml
+++ b/ansible/roles/common/tasks/node/deploy_root_ca.yaml
@@ -2,7 +2,7 @@
 - name: Deploy root_ca.crt
  ansible.builtin.copy:
    content: "{{ hostvars['console']['ca']['root']['crt'] }}"
-    dest: "/usr/local/share/ca-certificates/ilnmors_root_ca.crt"
+    dest: "/usr/local/share/ca-certificates/{{ root_cert_filename }}"
    owner: "root"
    group: "root"
    mode: "0644"
--- a/ansible/roles/common/tasks/services/set_caddy.yaml
+++ b/ansible/roles/common/tasks/services/set_caddy.yaml
@@ -54,7 +54,7 @@
 - name: Deploy root crt for build
  ansible.builtin.copy:
    content: "{{ hostvars['console']['ca']['root']['crt'] }}"
-    dest: "{{ node['home_path'] }}/containers/caddy/build/ilnmors_root_ca.crt"
+    dest: "{{ node['home_path'] }}/containers/caddy/build/{{ root_cert_filename }}"
    owner: "{{ ansible_user }}"
    group: "svadmins"
    mode: "0640"
@@ -62,7 +62,7 @@

 - name: Build caddy container image
  containers.podman.podman_image:
-    name: "ilnmors.internal/{{ node['name'] }}/caddy"
+    name: "{{ domain['internal'] }}/{{ node['name'] }}/caddy"
    # check tags from container file
    tag: "{{ version['containers']['caddy'] }}"
    state: "build"
--- a/ansible/roles/common/tasks/services/set_kopia.yaml
+++ b/ansible/roles/common/tasks/services/set_kopia.yaml
@@ -37,9 +37,9 @@
        KOPIA_PASSWORD: "{{ hostvars['console']['kopia']['user']['console'] }}"
      ansible.builtin.shell: |
        /usr/bin/kopia repository connect server \
-        --url=https://{{ infra_uri['kopia']['domain'] }}:{{ infra_uri['kopia']['ports']['https'] }} \
+        --url=https://{{ services['kopia']['domain'] }}.{{ domain['internal'] }}:{{ services['kopia']['ports']['https'] }} \
        --override-username=console \
-        --override-hostname=console.ilnmors.internal
+        --override-hostname=console.{{ domain['internal'] }}
      changed_when: false
      failed_when: is_kopia_connected.rc != 0
      register: "is_kopia_connected"
--- a/ansible/roles/console/tasks/node/set_ssh_client.yaml
+++ b/ansible/roles/console/tasks/node/set_ssh_client.yaml
@@ -23,7 +23,7 @@
  become: true
  ansible.builtin.copy:
    content: |
-      @cert-authority *.ilnmors.internal {{ hostvars['console']['ssh']['ca']['pub'] }}
+      @cert-authority *.{{ domain['internal'] }} {{ hostvars['console']['ssh']['ca']['pub'] }}
    dest: "/etc/ssh/ssh_known_hosts"
    owner: "root"
    group: "root"
--- a/ansible/roles/fw/tasks/services/set_ddns.yaml
+++ b/ansible/roles/fw/tasks/services/set_ddns.yaml
@@ -21,8 +21,8 @@
  become: true

 - name: Deploy ddns service files
-  ansible.builtin.copy:
-    src: "{{ hostvars['console']['node']['config_path'] }}/services/systemd/fw/ddns/{{ item }}"
+  ansible.builtin.template:
+    src: "{{ hostvars['console']['node']['config_path'] }}/services/systemd/fw/ddns/{{ item }}.j2"
    dest: "{{ node['home_path'] }}/.config/systemd/user/{{ item }}"
    owner: "{{ ansible_user }}"
    group: "svadmins"
--- a/ansible/roles/infra/tasks/services/set_ca_server.yaml
+++ b/ansible/roles/infra/tasks/services/set_ca_server.yaml
@@ -50,15 +50,15 @@
    group: "svadmins"
    mode: "{{ item.mode }}"
  loop:
-    - name: "ilnmors_root_ca.crt"
+    - name: "{{ root_cert_filename }}"
      value: "{{ hostvars['console']['ca']['root']['crt'] }}"
      path: "{{ node['home_path'] }}/containers/ca/certs"
      mode: "0440"
-    - name: "ilnmors_intermediate_ca.crt"
+    - name: "{{ intermediate_cert_filename }}"
      value: "{{ hostvars['console']['ca']['intermediate']['crt'] }}"
      path: "{{ node['home_path'] }}/containers/ca/certs"
      mode: "0440"
-    - name: "ilnmors_intermediate_ca.key"
+    - name: "{{ intermediate_key_filename }}"
      value: "{{ hostvars['console']['ca']['intermediate']['key'] }}"
      path: "{{ node['home_path'] }}/containers/ca/secrets"
      mode: "0400"
--- a/ansible/roles/infra/tasks/services/set_grafana.yaml
+++ b/ansible/roles/infra/tasks/services/set_grafana.yaml
@@ -23,7 +23,7 @@
  ansible.builtin.copy:
    content: |
      {{ hostvars['console']['ca']['root']['crt'] }}
-    dest: "{{ node['home_path'] }}/containers/grafana/ssl/ilnmors_root_ca.crt"
+    dest: "{{ node['home_path'] }}/containers/grafana/ssl/{{ root_cert_filename }}"
    owner: "{{ grafana_subuid }}"
    group: "svadmins"
    mode: "0400"
@@ -61,10 +61,10 @@
  notify: "notification_restart_grafana"
  no_log: true

- name: Deploy provisioing and dashboard files
-  ansible.builtin.copy:
-    src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/grafana/etc/provisioning/"
-    dest: "{{ node['home_path'] }}/containers/grafana/etc/provisioning/"
+- name: Deploy provisioing file
+  ansible.builtin.template:
+    src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/grafana/etc/provisioning/datasources/datasources.yaml.j2"
+    dest: "{{ node['home_path'] }}/containers/grafana/etc/provisioning/datasources/datasources.yaml"
    owner: "{{ grafana_subuid }}"
    group: "svadmins"
    mode: "0400"
--- a/ansible/roles/infra/tasks/services/set_ldap.yaml
+++ b/ansible/roles/infra/tasks/services/set_ldap.yaml
@@ -25,7 +25,7 @@
    group: "svadmins"
    mode: "{{ item.mode }}"
  loop:
-    - name: "ilnmors_root_ca.crt"
+    - name: "{{ root_cert_filename }}"
      value: "{{ hostvars['console']['ca']['root']['crt'] }}"
      mode: "0440"
    - name: "ldap.crt"
@@ -50,7 +50,7 @@
    # urlencode doesn't fix `/` as `%2F`. It needs replace
    - name: "LLDAP_DATABASE_URL"
      value: "postgres://ldap:{{ hostvars['console']['postgresql']['password']['ldap'] | urlencode | replace('/', '%2F') }}\
-        @{{ infra_uri['postgresql']['domain'] }}/ldap_db?sslmode=verify-full&sslrootcert=/etc/ssl/ldap/ilnmors_root_ca.crt"
+        @{{ services['postgresql']['domain'] }}.{{ domain['internal'] }}/ldap_db?sslmode=verify-full&sslrootcert=/etc/ssl/ldap/{{ root_cert_filename }}"
    - name: "LLDAP_KEY_SEED"
      value: "{{ hostvars['console']['ldap']['seed_key'] }}"
    - name: "LLDAP_JWT_SECRET"
@@ -78,7 +78,7 @@
        detach: false
        env:
          TZ: "Asia/Seoul"
-          LLDAP_LDAP_BASE_DN: "dc=ilnmors,dc=internal"
+          LLDAP_LDAP_BASE_DN: "{{ domain['dc'] }}"
        secrets:
          - "LLDAP_DATABASE_URL,type=env"
          - "LLDAP_KEY_SEED,type=env"
--- a/ansible/roles/infra/tasks/services/set_loki.yaml
+++ b/ansible/roles/infra/tasks/services/set_loki.yaml
@@ -18,8 +18,8 @@
  become: true

 - name: Deploy loki configuration file
-  ansible.builtin.copy:
-    src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/loki/etc/loki.yaml"
+  ansible.builtin.template:
+    src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/loki/etc/loki.yaml.j2"
    dest: "{{ node['home_path'] }}/containers/loki/etc/loki.yaml"
    owner: "{{ loki_subuid }}"
    group: "svadmins"
@@ -37,7 +37,7 @@
    group: "svadmins"
    mode: "{{ item.mode }}"
  loop:
-    - name: "ilnmors_root_ca.crt"
+    - name: "{{ root_cert_filename }}"
      value: "{{ hostvars['console']['ca']['root']['crt'] }}"
      mode: "0440"
    - name: "loki.crt"
--- a/ansible/roles/infra/tasks/services/set_postgresql.yaml
+++ b/ansible/roles/infra/tasks/services/set_postgresql.yaml
@@ -42,7 +42,7 @@

 - name: Build postgresql container image
  containers.podman.podman_image:
-    name: "ilnmors.internal/{{ node['name'] }}/postgres"
+    name: "{{ domain['internal'] }}/{{ node['name'] }}/postgres"
    # check tags from container file
    tag: "pg{{ version['containers']['postgresql'] }}-vectorchord{{ version['containers']['vectorchord'] }}"
    state: "build"
@@ -75,7 +75,7 @@
    group: "svadmins"
    mode: "{{ item.mode }}"
  loop:
-    - name: "ilnmors_root_ca.crt"
+    - name: "{{ root_cert_filename }}"
      value: "{{ hostvars['console']['ca']['root']['crt'] }}"
      mode: "0440"
    - name: "postgresql.crt"
--- a/ansible/roles/infra/tasks/services/set_prometheus.yaml
+++ b/ansible/roles/infra/tasks/services/set_prometheus.yaml
@@ -41,7 +41,7 @@
    group: "svadmins"
    mode: "{{ item.mode }}"
  loop:
-    - name: "ilnmors_root_ca.crt"
+    - name: "{{ root_cert_filename }}"
      value: "{{ hostvars['console']['ca']['root']['crt'] }}"
      mode: "0440"
    - name: "prometheus.crt"