1.0.0 Release IaaS

2026-03-15 04:41:02 +09:00
commit a7365da431
292 changed files with 36059 additions and 0 deletions
@@ -0,0 +1,34 @@
+# localhost
+127.0.0.1 {{ node['local_san'] }}
+::1 {{ node['local_san'] }}
+{% if node['name'] == 'console' %}
+# Hosts IPv4
+{{ hostvars['fw']['network4']['firewall']['server'] }} fw.ilnmors.internal
+{{ hostvars['fw']['network4']['vmm']['client'] }} init.vmm.ilnmors.internal
+{{ hostvars['fw']['network4']['vmm']['server'] }} vmm.ilnmors.internal
+{{ hostvars['fw']['network4']['infra']['server'] }} infra.ilnmors.internal
+{{ hostvars['fw']['network4']['auth']['server'] }} auth.ilnmors.internal
+{{ hostvars['fw']['network4']['app']['server'] }} app.ilnmors.internal
+# Hosts IPv6
+{{ hostvars['fw']['network6']['firewall']['server'] }} fw.ilnmors.internal
+{{ hostvars['fw']['network6']['vmm']['client'] }} init.vmm.ilnmors.internal
+{{ hostvars['fw']['network6']['vmm']['server'] }} vmm.ilnmors.internal
+{{ hostvars['fw']['network6']['infra']['server'] }} infra.ilnmors.internal
+{{ hostvars['fw']['network6']['auth']['server'] }} auth.ilnmors.internal
+{{ hostvars['fw']['network6']['app']['server'] }} app.ilnmors.internal
+{% else %}
+# IPv4
+# Crowdsec, blocky, bind(fw)
+{{ hostvars['fw']['network4']['firewall']['server'] }} ntp.ilnmors.internal crowdsec.ilnmors.internal
+{{ hostvars['fw']['network4']['blocky']['server'] }} blocky.ilnmors.internal
+{{ hostvars['fw']['network4']['bind']['server'] }} bind.ilnmors.internal
+# DB, LDAP, CA, Prometheus, Loki, mail (infra)
+{{ hostvars['fw']['network4']['infra']['server'] }} postgresql.ilnmors.internal ldap.ilnmors.internal prometheus.ilnmors.internal loki.ilnmors.internal mail.ilnmors.internal ca.ilnmors.internal
+# IPv6
+# Crowdsec, blocky, bind(fw)
+{{ hostvars['fw']['network6']['firewall']['server'] }} ntp.ilnmors.internal crowdsec.ilnmors.internal
+{{ hostvars['fw']['network6']['blocky']['server'] }} blocky.ilnmors.internal
+{{ hostvars['fw']['network6']['bind']['server'] }} bind.ilnmors.internal
+# DB, LDAP, CA, Prometheus, Loki, mail (infra)
+{{ hostvars['fw']['network6']['infra']['server'] }} postgresql.ilnmors.internal ldap.ilnmors.internal prometheus.ilnmors.internal loki.ilnmors.internal mail.ilnmors.internal ca.ilnmors.internal
+{% endif %}
@@ -0,0 +1,5 @@
+[Match]
+MACAddress={{ hostvars[target_vm]['vm']['lan_mac'] }}
+
+[Link]
+Name=eth0
@@ -0,0 +1,13 @@
+[Match]
+Name=eth0
+
+[Network]
+# IPv4
+Address={{ hostvars['fw']['network4'][target_vm]['server'] }}/24
+Gateway={{ hostvars['fw']['network4']['firewall']['server'] }}
+DNS={{ hostvars['fw']['network4']['blocky']['server'] }}
+# IPv6
+IPv6AcceptRA=false
+Address={{ hostvars['fw']['network6'][target_vm]['server'] }}/64
+Gateway={{ hostvars['fw']['network6']['firewall']['server'] }}
+DNS={{ hostvars['fw']['network6']['blocky']['server'] }}
@@ -0,0 +1,6 @@
+[Resolve]
+{% if node['name'] in ['vmm', 'fw'] %}
+DNS=1.1.1.2 1.0.0.2
+DNS=2606:4700:4700::1112 2606:4700:4700::1002
+{% endif %}
+cache=false
@@ -0,0 +1,2 @@
+HostKey /etc/ssh/ssh_host_ed25519_key
+HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
@@ -0,0 +1 @@
+PermitRootLogin no
@@ -0,0 +1 @@
+TrustedUserCAKeys /etc/ssh/local_ssh_ca.pub
@@ -0,0 +1,3 @@
+[Time]
+NTP=ntp.ilnmors.internal
+FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org
				`@@ -0,0 +1 @@`
				`TrustedUserCAKeys /etc/ssh/local_ssh_ca.pub`