phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
self-hosting/group_vars/all/vars
Paul-Henri Froidmont a2ba31fab2 Use harden role on controller host
2018-07-23 00:46:10 +02:00

47 lines
1.5 KiB
Text
Raw Blame History

---
kubectl_version: "1.11.0"
k8s_release: "1.11.1"
k8s_apiserver_secure_port: "6443"
k8s_ca_conf_directory: "{{ '~/k8s/certs' | expanduser }}"
k8s_config_directory: "{{ '~/k8s/configs' | expanduser }}"
k8s_ca_certificate_owner: "root"
k8s_ca_certificate_group: "root"
k8s_config_cluster_name: banditlair.com
k8s_encryption_config_directory: "{{k8s_config_directory}}"
k8s_interface: "{{peervpn_conf_interface}}"
etcd_version: "3.2.18"
harden_linux_root_password: "{{k8s_scaleway_root_password}}"
harden_linux_deploy_user: deploy
harden_linux_deploy_user_password: "{{k8s_scaleway_deploy_user_password}}"
harden_linux_deploy_user_home: /home/deploy
harden_linux_ufw_defaults_user:
"^DEFAULT_FORWARD_POLICY": 'DEFAULT_FORWARD_POLICY="ACCEPT"'
harden_linux_deploy_user_public_keys:
- authorized-keys/ansible-controller
- authorized-keys/froidmpa-laptop
- authorized-keys/froidmpa-desktop
harden_linux_ufw_allow_networks:
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"
harden_linux_sysctl_settings_user:
"net.ipv4.ip_forward": 1
"net.ipv6.conf.default.forwarding": 1
"net.ipv6.conf.all.forwarding": 1
harden_linux_ufw_logging: 'on'
harden_linux_sshguard_whitelist:
- "127.0.0.0/8"
- "::1/128"
- "212.83.165.111"
- "10.3.0.0/24"
- "10.200.0.0/16"
peervpn_conf_networkname: "peervpn"
peervpn_conf_psk: "{{k8s_peervpn_pre_shared_key}}"
peervpn_conf_initpeers: "master1.banditlair.com 7000"
peervpn_conf_enabletunneling: "yes"
peervpn_conf_interface: "tap0"
peervpn_conf_port: 7000
peervpn_conf_enableipv6: "no"
Reference in a new issue View git blame Copy permalink