boma/roles/base/molecule/default/converge.yml

29 lines
817 B
YAML
Raw Permalink Normal View History

---
- name: Converge
hosts: all
become: true
gather_facts: true
vars:
base__firewall_apply: false
base__firewall_control_addr: 10.10.0.99 # test control-node LAN address
# Exercise the mesh concern's include path with the live actions gated off, so it
# runs hermetically (no coordinator/key needed) and must be a clean no-op.
base__mesh_enabled: true
base__mesh_manage: false
base__mesh_setup_key: "dummy-molecule-key"
firewall_zones:
lan: 10.30.0.0/24
srv: 10.20.0.0/24
mgmt: 10.10.0.0/24
firewall_catalog:
reverse_proxy:
host: instance
ingress:
- { from: lan, port: 443, proto: tcp }
photoprism:
host: instance
ingress:
- { from: srv, port: 2342, proto: tcp }
roles:
- role: base