boma/inventories/production/group_vars/all/vars.yml
sjat 7b5fd17e55 inventory: add ubongo to control group; set ssh-from-control addr
Wire the now-built physical control node ubongo (10.20.10.151) into the
production control group (the documented manual exception), and activate the
dormant base__firewall_control_addr knob (ADR-021 ssh-from-control source).
Forward-wiring only: no host has the base role applied yet.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-11 10:32:24 +02:00

41 lines
1.1 KiB
YAML

---
# Variables applied to all managed hosts
# Secrets belong in vault.yml alongside this file — never here
# Ansible connection
ansible_user: ansible
ansible_python_interpreter: /usr/bin/python3
# SSH authorised keys — add one entry per person
# Format: "ssh-ed25519 AAAA... user@host"
base__ssh_authorised_keys: []
# Timezone
base__timezone: Europe/Copenhagen
# Domain
base__domain: baobab.band
base__internal_zone: boma.baobab.band
# DNS — internal resolvers on srv VLAN
base__dns_servers:
- 10.20.0.10
- 10.20.0.11
# NTP
base__ntp_servers:
- 0.pool.ntp.org
- 1.pool.ntp.org
# Network — srv VLAN (where all managed VMs live)
network__srv_gateway: 10.20.0.1
network__srv_subnet: 10.20.0.0/24
# Services base directory (for Docker Compose deployments)
services__base_dir: /opt/services
# Unattended upgrades — security patches only
base__unattended_upgrades_enabled: true
# Management plane — activates the dormant ssh-from-control firewall rule
base__firewall_control_addr: "10.20.10.151" # ubongo (control node) LAN address — ADR-021 ssh-from-control source