inventory, roles, config, docs: update all files to refactor the ansible variables structure

2026-04-01 21:30:56 +09:00
parent d1e0eb30c0
commit 84d961c7e3
62 changed files with 321 additions and 254 deletions
--- a/config/services/systemd/common/alloy/config.alloy.j2
+++ b/config/services/systemd/common/alloy/config.alloy.j2
@@ -6,7 +6,7 @@
 //// Metric ouput
 prometheus.remote_write "prometheus" {
    endpoint {
-        url = "https://{{ infra_uri['prometheus']['domain'] }}:{{ infra_uri['prometheus']['ports']['https'] }}/api/v1/write"
+        url = "https://{{ services['prometheus']['domain'] }}.{{ domain['internal'] }}:{{ services['prometheus']['ports']['https'] }}/api/v1/write"
    }
 }

@@ -71,8 +71,8 @@ prometheus.scrape "system" {
 ////// For Crowdsec metrics
 prometheus.scrape "crowdsec" {
    targets = [
-        { "__address__" = "{{ infra_uri['crowdsec']['domain'] }}:6060", "job" = "crowdsec" },
-        { "__address__" = "{{ infra_uri['crowdsec']['domain'] }}:60601", "job" = "crowdsec-bouncer" },
+        { "__address__" = "{{ services['crowdsec']['domain'] }}.{{ domain['internal'] }}:6060", "job" = "crowdsec" },
+        { "__address__" = "{{ services['crowdsec']['domain'] }}.{{ domain['internal'] }}:60601", "job" = "crowdsec-bouncer" },
    ]
    honor_labels = true
    forward_to = [prometheus.relabel.default_label.receiver]
@@ -83,7 +83,7 @@ prometheus.scrape "crowdsec" {
 ////// For postgresql metrics
 prometheus.exporter.postgres "postgresql" {
    data_source_names = [
-        "postgres://alloy@{{ infra_uri['postgresql']['domain'] }}:{{ infra_uri['postgresql']['ports']['tcp'] }}/postgres?sslmode=verify-full",
+        "postgres://alloy@{{ services['postgresql']['domain'] }}.{{ domain['internal'] }}:{{ services['postgresql']['ports']['tcp'] }}/postgres?sslmode=verify-full",
    ]
 }
 prometheus.scrape "postgresql" {
@@ -93,7 +93,7 @@ prometheus.scrape "postgresql" {
 ///// For certificates metrics
 prometheus.scrape "x509" {
    targets = [
-        { "__address__" = "{{ node['name'] }}.ilnmors.internal:9793" },
+        { "__address__" = "{{ node['name'] }}.{{ domain['internal'] }}:{{ services['x509-exporter']['ports']['http'] }}" },
    ]
    forward_to = [prometheus.relabel.default_label.receiver]
 }
@@ -103,7 +103,7 @@ prometheus.scrape "x509" {
 ////// For Input Caddy metrics
 prometheus.scrape "caddy" {
    targets = [
-        { "__address__" = "{{ node['name'] }}.ilnmors.internal:443" },
+        { "__address__" = "{{ node['name'] }}.{{ domain['internal'] }}:443" },
    ]
    scheme = "https"
    forward_to = [prometheus.relabel.default_label.receiver]
@@ -114,8 +114,8 @@ prometheus.scrape "caddy" {
 //// Logs output
 loki.write "loki" {
    endpoint {
-        url = "https://{{ infra_uri['loki']['domain'] }}:{{ infra_uri['loki']['ports']['https'] }}/loki/api/v1/push"
-        tenant_id = "ilnmors.internal"
+        url = "https://{{ services['loki']['domain'] }}.{{ domain['internal'] }}:{{ services['loki']['ports']['https'] }}/loki/api/v1/push"
+        tenant_id = "{{ domain['internal'] }}"
    }
 }
 //// Logs relabel
--- a/config/services/systemd/common/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml.j2
+++ b/config/services/systemd/common/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml.j2
@@ -8,7 +8,7 @@ log_compression: true
 log_max_size: 100
 log_max_backups: 3
 log_max_age: 30
-api_url: "https://{{ infra_uri['crowdsec']['domain'] }}:{{ infra_uri['crowdsec']['ports']['https'] }}"
+api_url: "https://{{ services['crowdsec']['domain'] }}.{{ domain['internal'] }}:{{ services['crowdsec']['ports']['https'] }}"
 api_key: "{{ hostvars['console']['crowdsec']['bouncer']['fw'] }}"
 insecure_skip_verify: false
 disable_ipv6: false
--- a/config/services/systemd/common/crowdsec/bouncers/whitelists.yaml.j2
+++ b/config/services/systemd/common/crowdsec/bouncers/whitelists.yaml.j2
@@ -13,7 +13,7 @@ whitelist:
 {% if node['name'] == 'auth' %}
    expression:
        # budget local-first sql scrap rule
-        - "evt.Meta.target_fqdn == 'budget.ilnmors.com' && evt.Meta.http_path contains '/data/migrations/'"
+        - "evt.Meta.target_fqdn == '{{ services['actualbudget']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/data/migrations/'"
        # immich thumbnail request 404 error false positive
-        - "evt.Meta.target_fqdn == 'immich.ilnmors.com' && evt.Meta.http_path contains '/api/assets/' && evt.Meta.http_path contains '/thumbnail'"
+        - "evt.Meta.target_fqdn == '{{ services['immich']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_path contains '/api/assets/' && evt.Meta.http_path contains '/thumbnail'"
 {% endif %}
--- a/config/services/systemd/common/crowdsec/etc/local_api_credentials.yaml.j2
+++ b/config/services/systemd/common/crowdsec/etc/local_api_credentials.yaml.j2
@@ -1,3 +1,3 @@
-url: https://{{ infra_uri['crowdsec']['domain'] }}:{{ infra_uri['crowdsec']['ports']['https'] }}
+url: https://{{ services['crowdsec']['domain'] }}.{{ domain['internal'] }}:{{ services['crowdsec']['ports']['https'] }}
 login: {{ node['name'] }}
 password: {{ hostvars['console']['crowdsec']['machine'][node['name']] }}
--- a/config/services/systemd/common/kopia/kopia-backup.service.j2
+++ b/config/services/systemd/common/kopia/kopia-backup.service.j2
@@ -32,9 +32,9 @@ BindPaths=/var/cache/kopia
 EnvironmentFile=/etc/secrets/{{ kopia_uid }}/kopia.env

 ExecStartPre=/usr/bin/kopia repository connect server \
-    --url=https://{{ infra_uri['kopia']['domain'] }}:{{ infra_uri['kopia']['ports']['https'] }} \
+    --url=https://{{ services['kopia']['domain'] }}.{{ domain['internal'] }}:{{ services['kopia']['ports']['https'] }} \
    --override-username={{ node['name'] }} \
-    --override-hostname={{ node['name'] }}.ilnmors.internal
+    --override-hostname={{ node['name'] }}.{{ domain['internal'] }}

 {% if node['name'] == 'infra' %}
 ExecStart=/usr/bin/kopia snapshot create \
--- a/config/services/systemd/fw/ddns/ddns.service.j2
+++ b/config/services/systemd/fw/ddns/ddns.service.j2
@@ -12,4 +12,4 @@ StandardError=journal
 EnvironmentFile=/etc/secrets/%U/ddns.env

 # Run the script
-ExecStart=/usr/local/bin/ddns.sh -d "ilnmors.com"
+ExecStart=/usr/local/bin/ddns.sh -d "{{ domain['public'] }}"
--- a/config/services/systemd/fw/ddns/ddns.timer.j2
+++ b/config/services/systemd/fw/ddns/ddns.timer.j2
--- a/config/services/systemd/fw/kea/kea-dhcp4.conf.j2
+++ b/config/services/systemd/fw/kea/kea-dhcp4.conf.j2
@@ -19,7 +19,7 @@
                    },
                    {
                        "name": "domain-name",
-                        "data": "ilnmors.internal."
+                        "data": "{{ domain['internal'] }}."
                    }
                ],
                "reservations": [
@@ -65,7 +65,7 @@
                    },
                    {
                        "name": "domain-name",
-                        "data": "ilnmors.internal."
+                        "data": "{{ domain['internal'] }}."
                    }
                ],
                "id": 2,