mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-26 22:26:03 +02:00
664deb67ab
This is meant as a internal authenticated and encrypted network which we can use for internal services, we don't want to expose to the internet or when encryption is desired but not easily implementable.
26 lines
684 B
YAML
26 lines
684 B
YAML
---
|
|
|
|
- name: setup state.archlinux.org (terraform state store)
|
|
hosts: state.archlinux.org
|
|
remote_user: root
|
|
roles:
|
|
- { role: common }
|
|
- { role: tools }
|
|
- { role: firewalld }
|
|
- { role: wireguard }
|
|
- { role: sshd }
|
|
- { role: certbot }
|
|
- { role: borg_client, tags: ["borg"] }
|
|
- { role: root_ssh }
|
|
- role: postgres
|
|
postgres_listen_addresses: "*"
|
|
postgres_max_connections: 100
|
|
postgres_ssl: 'on'
|
|
postgres_shared_buffers: 512MB
|
|
postgres_ssl_hosts4: ['0.0.0.0/0']
|
|
postgres_ssl_hosts6: ['::/0']
|
|
- { role: terraform_state }
|
|
- { role: prometheus_exporters }
|
|
- { role: promtail }
|
|
- { role: fail2ban }
|