Ansible configuration policy for the private network/home lab of Dustin C. Hatch
http://dustin.hatch.name/
Dustin
0500adadfa
The `zabbix.yml` playbook applies to hosts that are not members of the *pyrocufflink.blue* domain, and thus have different passwords for `sudo`. Using the `-e` argument to `ansible-playbook` and specifying a single Vault-encrypted file that defines the `ansible_become_password` variable effectively forces Ansible to try to use that password on every host. This is because variables defined on the command line, or read from a file specified on the command line, have the highest precedence. To use different passwords on different hosts, the normal variable scoping rules have to be used. To that end, one `sudo-pass` file is created in the `group_vars/pyrocufflink` directory, so it will apply to all machines that are members of the *pyrocufflink.blue* domain. Additionally, another `sudo-pass` file is created in the `host_vars/gw0` directory; it will only apply to the gateway device. |
||
|---|---|---|
| ci | ||
| group_vars | ||
| host_vars | ||
| roles | ||
| vault | ||
| .gitignore | ||
| .vault-secret.sh | ||
| ansible.cfg | ||
| ansible.yml | ||
| base.yml | ||
| certbot.yml | ||
| dch-gw.yml | ||
| dch-root-ca.crt | ||
| dch-vpn.yml | ||
| dhcpcd.yml | ||
| dhcpd.yml | ||
| domain-controller.yml | ||
| dyngroups.yml | ||
| firewalld.yml | ||
| gitea.yml | ||
| hostname.yml | ||
| hosts | ||
| jenkins-slave.yml | ||
| named-server.yml | ||
| network.yml | ||
| ntp.yml | ||
| postgresql.yml | ||
| pyrocufflink.yml | ||
| radius.yml | ||
| radvd.yml | ||
| remount.yml | ||
| samba-dc.yml | ||
| smtp-relay.yml | ||
| zabbix-agent.yml | ||
| zabbix-server.yml | ||
| zabbix.yml | ||