initial commit

group_vars/all/applications.yml

@@ -0,0 +1,35 @@
+ppm_apps:
+  - on_server: ppm.pfoe.be
+    user: git
+    chicken_egg_appdefinition: ../forgejo/
+    appconfig:
+      code:
+        type: localfiles
+        directory: forgejo
+      restic:
+        url: "{{ lookup('file', 'passwords/ppm-forgejo-url') }}"
+        password: "{{ lookup('file', 'passwords/ppm-forgejo-password') }}"
+        backupname: "{{ lookup('file', 'passwords/ppm-forgejo-name') }}"
+      config:
+        publicurl: ppm.pfoe.be
+
+  - on_server: ppm.pfoe.be
+    user: nginx
+    chicken_egg_appdefinition: ../nginx/
+    firewall_redirect:
+      - from: 8080
+        to: 80
+      - from: 8443
+        to: 443
+    appconfig:
+      code:
+        type: localfiles
+        directory: nginx
+
+  - on_server: ppm.pfoe.be
+    user: runner
+    chicken_egg_appdefinition: ../forgejo-runner/
+    appconfig:
+      code:
+        type: localfiles
+        directory: forgejo-runner

group_vars/all/firewall.yml

@@ -0,0 +1,7 @@
+# I prefer not to share the list of admins in a public repo, so refer to passwords...
+# The format for the ssh ranges is as follows:
+# - name: The name that is in a comment in the generated file.  Not used anywhere else
+#   type: ipv4 # or ipv6
+#   range: 10.10.10.10/32 # The range, MUST be a valid range, not an ip address, ie there must be a / and the netmask
+
+firewall_ssh_ranges: "{{ lookup('file', 'passwords/firewall_ssh_ranges.yml') | from_yaml }}"

group_vars/all/ppm.yml

@@ -0,0 +1 @@
+ppm_binary: "{{ lookup('pipe', 'pwd') }}/../ppm/out/ppm"

group_vars/all/rootuser.yml

@@ -0,0 +1,3 @@
+root_password: "{{ lookup('file', 'passwords/root_password_hashed') }}"
+# ssh keys are public, but I prefer not to share the list of admins in a public repo
+root_sshkeys: "{{ lookup('file', 'passwords/root_sshkeys.yml') | from_yaml }}"