M host_vars/xenrox.net/vars.yml => host_vars/xenrox.net/vars.yml +9 -9
@@ 18,13 18,13 @@ hostname: avalon.xenrox.net
srht: true
# PostgreSQL settings
-pg_max_connections: 200
-pg_shared_buffers: 8GB
-pg_work_mem: 64MB
-pg_maintenance_work_mem: 2GB
-pg_effective_io_concurrency: 100
-pg_effective_cache_size: 24GB
+postgres_max_connections: 200
+postgres_shared_buffers: 8GB
+postgres_work_mem: 64MB
+postgres_maintenance_work_mem: 2GB
+postgres_effective_io_concurrency: 100
+postgres_effective_cache_size: 24GB
-pg_logging_collector: on # noqa yaml[truthy]
-pg_log_min_duration_statement: 15ms
-pg_log_line_prefix: "%d %m [%p] "
+postgres_logging_collector: on # noqa yaml[truthy]
+postgres_log_min_duration_statement: 15ms
+postgres_log_line_prefix: "%d %m [%p] "
M roles/ntfy_server/defaults/main.yml => roles/ntfy_server/defaults/main.yml +1 -1
@@ 1,2 1,2 @@
---
-ntfy_enable_metrics: false
+ntfy_server_enable_metrics: false
M roles/ntfy_server/templates/server.yml.j2 => roles/ntfy_server/templates/server.yml.j2 +1 -1
@@ 328,7 328,7 @@ enable-reservations: true
# - metrics-listen-http exposes the metrics endpoint via a dedicated [IP]:port. If set, this option implicitly
# enables metrics as well, e.g. "10.0.1.1:9090" or ":9090"
#
-enable-metrics: {{ ntfy_enable_metrics }}
+enable-metrics: {{ ntfy_server_enable_metrics }}
# metrics-listen-http:
# Profiling
M roles/ntfy_server/vars/main.yml => roles/ntfy_server/vars/main.yml +1 -1
@@ 1,2 1,2 @@
---
-ntfy_enable_metrics: true
+ntfy_server_enable_metrics: true
M roles/postgres/defaults/main.yml => roles/postgres/defaults/main.yml +9 -9
@@ 1,11 1,11 @@
---
-pg_max_connections: 100
-pg_shared_buffers: 128MB
-pg_work_mem: 4MB
-pg_maintenance_work_mem: 64MB
-pg_effective_io_concurrency: 1
-pg_effective_cache_size: 4GB
+postgres_max_connections: 100
+postgres_shared_buffers: 128MB
+postgres_work_mem: 4MB
+postgres_maintenance_work_mem: 64MB
+postgres_effective_io_concurrency: 1
+postgres_effective_cache_size: 4GB
-pg_logging_collector: off # noqa yaml[truthy]
-pg_log_min_duration_statement: -1
-pg_log_line_prefix: "%m [%p] "
+postgres_logging_collector: off # noqa yaml[truthy]
+postgres_log_min_duration_statement: -1
+postgres_log_line_prefix: "%m [%p] "
M roles/postgres/templates/postgresql.conf.j2 => roles/postgres/templates/postgresql.conf.j2 +9 -9
@@ 62,7 62,7 @@
# defaults to 'localhost'; use '*' for all
# (change requires restart)
#port = 5432 # (change requires restart)
-max_connections = {{ pg_max_connections }} # (change requires restart)
+max_connections = {{ postgres_max_connections }} # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
#unix_socket_directories = '/run/postgresql' # comma-separated list of directories
# (change requires restart)
@@ 124,7 124,7 @@ ssl_key_file = '/var/lib/postgres/data/privkey.pem'
# - Memory -
-shared_buffers = {{ pg_shared_buffers }} # min 128kB
+shared_buffers = {{ postgres_shared_buffers }} # min 128kB
# (change requires restart)
#huge_pages = try # on, off, or try
# (change requires restart)
@@ 135,9 135,9 @@ shared_buffers = {{ pg_shared_buffers }} # min 128kB
# (change requires restart)
# Caution: it is not advisable to set max_prepared_transactions nonzero unless
# you actively intend to use prepared transactions.
-work_mem = {{ pg_work_mem }} # min 64kB
+work_mem = {{ postgres_work_mem }} # min 64kB
#hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem
-maintenance_work_mem = {{ pg_maintenance_work_mem }} # min 1MB
+maintenance_work_mem = {{ postgres_maintenance_work_mem }} # min 1MB
#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
#logical_decoding_work_mem = 64MB # min 64kB
#max_stack_depth = 2MB # min 100kB
@@ 184,7 184,7 @@ dynamic_shared_memory_type = posix # the default is the first option
# - Asynchronous Behavior -
#backend_flush_after = 0 # measured in pages, 0 disables
-effective_io_concurrency = {{ pg_effective_io_concurrency }} # 1-1000; 0 disables prefetching
+effective_io_concurrency = {{ postgres_effective_io_concurrency }} # 1-1000; 0 disables prefetching
#maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching
#max_worker_processes = 8 # (change requires restart)
#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers
@@ 390,7 390,7 @@ min_wal_size = 80MB
#parallel_tuple_cost = 0.1 # same scale as above
#min_parallel_table_scan_size = 8MB
#min_parallel_index_scan_size = 512kB
-effective_cache_size = {{ pg_effective_cache_size }}
+effective_cache_size = {{ postgres_effective_cache_size }}
#jit_above_cost = 100000 # perform JIT compilation if available
# and query more expensive than this;
@@ 436,7 436,7 @@ effective_cache_size = {{ pg_effective_cache_size }}
# requires logging_collector to be on.
# This is used when logging to stderr:
-logging_collector = {{ pg_logging_collector }} # Enable capturing of stderr and csvlog
+logging_collector = {{ postgres_logging_collector }} # Enable capturing of stderr and csvlog
# into log files. Required to be on for
# csvlogs.
# (change requires restart)
@@ 502,7 502,7 @@ logging_collector = {{ pg_logging_collector }} # Enable capturing of stderr and
# fatal
# panic (effectively off)
-log_min_duration_statement = {{ pg_log_min_duration_statement }} # -1 is disabled, 0 logs all statements
+log_min_duration_statement = {{ postgres_log_min_duration_statement }} # -1 is disabled, 0 logs all statements
# and their durations, > 0 logs only
# statements running at least this number
# of milliseconds
@@ 539,7 539,7 @@ log_min_duration_statement = {{ pg_log_min_duration_statement }} # -1 is disable
#log_duration = off
#log_error_verbosity = default # terse, default, or verbose messages
#log_hostname = off
-log_line_prefix = '{{ pg_log_line_prefix }}' # special values:
+log_line_prefix = '{{ postgres_log_line_prefix }}' # special values:
# %a = application name
# %u = user name
# %d = database name
M roles/setup_archlinux/tasks/main.yml => roles/setup_archlinux/tasks/main.yml +1 -1
@@ 1,7 1,7 @@
---
- name: Install useful tools
community.general.pacman:
- name: "{{ archlinux_packages }}"
+ name: "{{ setup_archlinux_packages }}"
state: present
- name: Set hostname
M roles/setup_archlinux/vars/main.yml => roles/setup_archlinux/vars/main.yml +1 -1
@@ 1,5 1,5 @@
---
-archlinux_packages:
+setup_archlinux_packages:
- dfrs
- eza
- git
M roles/teamspeak/defaults/main.yml => roles/teamspeak/defaults/main.yml +1 -1
@@ 1,2 1,2 @@
---
-expose_serverquery: false
+teamspeak_expose_serverquery: false
M roles/teamspeak/templates/teamspeak.xml.j2 => roles/teamspeak/templates/teamspeak.xml.j2 +1 -1
@@ 4,7 4,7 @@
<description>TeamSpeak 3 server.</description>
<port protocol="udp" port="9987"/>
<port protocol="tcp" port="30033"/>
-{% if expose_serverquery %}
+{% if teamspeak_expose_serverquery %}
<port protocol="tcp" port="10011"/>
{% endif %}
</service>
M roles/wireguard_vpn_server/templates/wg1.netdev.j2 => roles/wireguard_vpn_server/templates/wg1.netdev.j2 +1 -1
@@ 7,7 7,7 @@ Description=WireGuard VPN wg1
ListenPort=51821
PrivateKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard_vpn/xenrox.net.key:content') | trim }}
-{% for client in wireguard_clients %}
+{% for client in wireguard_vpn_server_wireguard_clients %}
[WireGuardPeer]
PublicKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard_vpn/' ~ client.name ~ '.pub:content') | trim }}
PresharedKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard_vpn/' ~ client.name ~ '.psk:content') | trim }}
M roles/wireguard_vpn_server/vars/main.yml => roles/wireguard_vpn_server/vars/main.yml +1 -1
@@ 1,5 1,5 @@
---
-wireguard_clients:
+wireguard_vpn_server_wireguard_clients:
- name: localhost
address: 10.200.200.2
- name: smartphone
M roles/xenrox/defaults/main.yml => roles/xenrox/defaults/main.yml +2 -2
@@ 1,5 1,5 @@
---
# Set to true for hosts whose playbooks are executed in the CI/CD pipeline
-ci_deploy_target: false
-ssh_pubkeys:
+xenrox_ci_deploy_target: false
+xenrox_ssh_pubkeys:
- yubikey.pub
M roles/xenrox/tasks/main.yml => roles/xenrox/tasks/main.yml +3 -3
@@ 32,12 32,12 @@
- name: Add SSH public key for auto-deployment
ansible.builtin.set_fact:
- ssh_pubkeys: "{{ ssh_pubkeys + ['xenrox_ansible.pub'] }}"
- when: ci_deploy_target
+ xenrox_ssh_pubkeys: "{{ xenrox_ssh_pubkeys + ['xenrox_ansible.pub'] }}"
+ when: xenrox_ci_deploy_target
- name: Read SSH public keys
ansible.builtin.set_fact:
- authorized_keys: "{% for key in ssh_pubkeys %}{{ lookup('file', '../public_keys/' + key) }}\n{% endfor %}"
+ authorized_keys: "{% for key in xenrox_ssh_pubkeys %}{{ lookup('file', '../public_keys/' + key) }}\n{% endfor %}"
- name: Deposit ssh pub key
ansible.posix.authorized_key: