1.0.0 Release IaaS

2026-03-15 04:41:02 +09:00
commit a7365da431
292 changed files with 36059 additions and 0 deletions
--- a/ansible/inventory/host_vars/app.yaml
+++ b/ansible/inventory/host_vars/app.yaml
@@ -0,0 +1,41 @@
+---
+# Node Factors
+node:
+  name: "app"
+  uid: 2004
+  home_path: "/home/app"
+  ssh_san: "app,app.ilnmors.internal"
+  local_san: "localhost app.ilnmors.internal"
+# VM Factors
+vm:
+  name: "app"
+  cpu: 4
+  shares: 1024
+  memory: 16
+  storage: 256
+  lan_mac: "0a:49:6e:4d:03:00"
+  lan_net: "lan-net"
+  lan_group: "vlan10-access"
+  # PCIe passthrough address
+  # result of `lspci | grep -i -e "sata controller" -e "vga"` and parse it.
+  # Ex) 04:00.0 > domain: "0x0000", bus: "0x04", slot: "0x00", function: "0x0"
+  pass_through:
+    igpu:
+      address: "0000:00:02.0"
+      domain: "0x0000"
+      bus: "0x00"
+      slot: "0x02"
+      function: "0x0"
+    sata_controller: # Additional SATA Controller
+      address: "0000:04:00.0"
+      domain: "0x0000"
+      bus: "0x04"
+      slot: "0x00"
+      function: "0x0"
+
+# BTRFS configuration for hdd which is passthroughed
+storage:
+  btrfs:
+    label: "APP_DATA"
+    level: "raid10"
+    mount_point: "/home/app/data"
--- a/ansible/inventory/host_vars/auth.yaml
+++ b/ansible/inventory/host_vars/auth.yaml
@@ -0,0 +1,18 @@
+---
+# Node Factors
+node:
+  name: "auth"
+  uid: 2003
+  home_path: "/home/auth"
+  ssh_san: "auth,auth.ilnmors.internal"
+  local_san: "localhost auth.ilnmors.internal"
+# VM Factors
+vm:
+  name: "auth"
+  cpu: 2
+  shares: 512
+  memory: 2
+  storage: 64
+  lan_mac: "0a:49:6e:4d:02:00"
+  lan_net: "lan-net"
+  lan_group: "vlan10-access"
--- a/ansible/inventory/host_vars/console.yaml
+++ b/ansible/inventory/host_vars/console.yaml
@@ -0,0 +1,25 @@
+---
+# Secret management
+age_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          32343637656262323931313061323861393737663736626538396165613563323531316639346637
+          3766363134663963396634353764323166353936626633300a356338363036373165363335333665
+          38316638386661623265306538303739616638316565373864316364623539383736343366646463
+          3464613666663836310a666531386136326439616637393035333534303661373433343830323665
+          66613736613133616439393163653166306261376231646163323266616431623531313964326132
+          33653638373537323363316363646534323362353836373665636265663939353862663532313230
+          30643038313138626464626161373835646665326334393834616234643931656536343130316238
+          61656264643830616639
+# Node Factors
+node:
+  name: "console"
+  uid: 2999
+  home_path: "/home/console"
+  workspace_path: "{{ node.home_path }}/workspace"
+  homelab_path: "{{ node.home_path }}/workspace/homelab"
+  data_path: "{{ node.homelab_path }}/data"
+  config_path: "{{ node.homelab_path }}/config"
+  ssh_san: "console,console.ilnmors.internal"
+  ssh_users: "vmm,fw,infra,auth,app"
+  local_san: "localhost console.ilnmors.internal"
+# ansible_python_interpreter: "{{ ansible_playbook_python }}"
--- a/ansible/inventory/host_vars/fw.yaml
+++ b/ansible/inventory/host_vars/fw.yaml
@@ -0,0 +1,98 @@
+---
+# Node Factors
+node:
+  name: "fw"
+  uid: 2001
+  home_path: "/home/fw"
+  ssh_san: "fw,fw.ilnmors.internal"
+  local_san: "localhost fw.ilnmors.internal"
+
+# VM Factors
+vm:
+  name: "fw"
+  cpu: 2
+  shares: 2048
+  memory: 4
+  storage: 64
+  wan_mac: "0a:49:6e:4d:00:00"
+  lan_mac: "0a:49:6e:4d:00:01"
+  wan_net: "wan-net"
+  lan_net: "lan-net"
+  lan_group: "vlan-trunk"
+
+# Network Factors
+# LLA is like MAC address for L3 (Network layer). Usually, subnet is used to seperate network.
+network4:
+  subnet:
+    client: "192.168.1.0/24"
+    server: "192.168.10.0/24"
+    user: "192.168.20.0/24"
+    wg: "192.168.99.0/24"
+    lla: "169.254.0.0/16"
+  # You can use "{{ hostvars['fw']['network4']['firewall'].values() | join(', ') }}" for all
+  firewall:
+    client: "192.168.1.1"
+    server: "192.168.10.1"
+    user: "192.168.20.1"
+    wg: "192.168.99.1"
+  blocky:
+    server: "192.168.10.2"
+  bind:
+    server: "192.168.10.3"
+  console:
+    client: "192.168.1.20"
+    wg: "192.168.99.20"
+  vmm:
+    client: "192.168.1.10"
+    server: "192.168.10.10"
+  infra:
+    server: "192.168.10.11"
+  auth:
+    server: "192.168.10.12"
+  app:
+    server: "192.168.10.13"
+  switch:
+    client: "192.168.1.2"
+  nas:
+    client: "192.168.1.11"
+  printer:
+    client: "192.168.1.101"
+
+network6:
+  subnet:
+    client: "fd00:1::/64"
+    server: "fd00:10::/64"
+    wg: "fd00:99::/64"
+    lla: "fe80::/10"
+  firewall:
+    client: "fd00:1::1"
+    server: "fd00:10::1"
+    wg: "fd00:99::1"
+  blocky:
+    server: "fd00:10::2"
+  bind:
+    server: "fd00:10::3"
+  console:
+    client: "fd00:1::20"
+    wg: "fd00:99::20"
+  vmm:
+    client: "fd00:1::10"
+    server: "fd00:10::10"
+  infra:
+    server: "fd00:10::11"
+  auth:
+    server: "fd00:10::12"
+  app:
+    server: "fd00:10::13"
+  switch:
+    client: "fd00:1::2"
+  nas:
+    client: "fd00:1::11"
+  printer:
+    client: "fd00:1::101"
+
+# Suricata Factors
+# suricata_home_net: '[10.0.0.0/8,172.16.0.0/12,192.168.0.0/16]'
+suricata:
+  home_net: '[10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fd00::/8,fe80::/8]'
+  interfaces: ["wan", "client", "server", "user"]
--- a/ansible/inventory/host_vars/infra.yaml
+++ b/ansible/inventory/host_vars/infra.yaml
@@ -0,0 +1,19 @@
+---
+# Node Factors
+node:
+  name: "infra"
+  uid: 2002
+  home_path: "/home/infra"
+  ssh_san: "infra,infra.ilnmors.internal"
+  local_san: "localhost infra.ilnmors.internal"
+
+# VM Factors
+vm:
+  name: "infra"
+  cpu: 2
+  shares: 1024
+  memory: 6
+  storage: 256
+  lan_mac: "0a:49:6e:4d:01:00"
+  lan_net: "lan-net"
+  lan_group: "vlan10-access"