From 244340c6667db2498e9be365f36eb85ddfb2f8d5 Mon Sep 17 00:00:00 2001
From: ASoTNetworks <dev@aseriesoftubez.com>
Date: Tue, 9 Jul 2024 15:23:23 -0400
Subject: [PATCH] initial commit

---
 .vault/vault-keys                               |  5 +----
 ansible.cfg                                     |  2 +-
 files/manifests/secret-digitalocean-dns.yaml    | 17 +----------------
 ...tynetwork.yaml => wildcard-l-earthball.yaml} | 10 +++++-----
 group_vars/all/vault.yml                        |  9 ++-------
 group_vars/lx_cad/k8s-vault.yml                 | 10 ++++++++++
 group_vars/{rnt_cad => lx_cad}/k8s.yml          | 17 +++++++++++++----
 group_vars/rnt_cad/k8s-vault.yml                |  8 --------
 .../firewalld.yml                               |  6 +++---
 .../firewalld.yml                               |  6 +++---
 .../{rnt-daemon => lx-daemon}/firewalld.yml     |  6 +++---
 host_vars/{rnt-daemon => lx-daemon}/nginx.yml   | 10 +++++-----
 hosts                                           | 16 ++++++++--------
 13 files changed, 55 insertions(+), 67 deletions(-)
 rename files/manifests/{wildcard-pwa-realitynetwork.yaml => wildcard-l-earthball.yaml} (51%)
 create mode 100644 group_vars/lx_cad/k8s-vault.yml
 rename group_vars/{rnt_cad => lx_cad}/k8s.yml (64%)
 delete mode 100644 group_vars/rnt_cad/k8s-vault.yml
 rename host_vars/{rnt-cad-cluster-control => lx-cad-cluster-control}/firewalld.yml (74%)
 rename host_vars/{rnt-cad-cluster-worker => lx-cad-cluster-worker}/firewalld.yml (71%)
 rename host_vars/{rnt-daemon => lx-daemon}/firewalld.yml (74%)
 rename host_vars/{rnt-daemon => lx-daemon}/nginx.yml (61%)

diff --git a/.vault/vault-keys b/.vault/vault-keys
index 9dddb9f..8e2d8ed 100644
--- a/.vault/vault-keys
+++ b/.vault/vault-keys
@@ -1,4 +1 @@
-D749E2966193DF63
-EE3E0A7A87192BB7
-3C8D0C7EF49AB5A3
-388DD8D74903017E
+55F7FC933CCA4A47F5AA3C802F84305F02B16995
\ No newline at end of file
diff --git a/ansible.cfg b/ansible.cfg
index 5d3b69a..a8231ec 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,3 +1,3 @@
 [defaults]
 roles_path = roles:galaxy-roles:git-roles:ansible-roles:~/.ansible/roles
-vault_password_file = .vault/vault-open.sh
+# vault_password_file = .vault/vault-open.sh
diff --git a/files/manifests/secret-digitalocean-dns.yaml b/files/manifests/secret-digitalocean-dns.yaml
index 4d469f8..4a23a92 100644
--- a/files/manifests/secret-digitalocean-dns.yaml
+++ b/files/manifests/secret-digitalocean-dns.yaml
@@ -1,16 +1 @@
-$ANSIBLE_VAULT;1.1;AES256
-32383162626163663734653236646538626464643665323334666363306662363434346133653737
-3766373965626437376630303837663339383664643466300a336463366335636634336437303036
-32626138646662633337663037393538336438643363303962326263656636316336346462643937
-6337363463626265630a663964386638633133613465363436376533346336333066663664363062
-65333864353338656437333762313937376538376634383438643134313266366236393039376131
-35646533353539633436343435316465386534646663316234336263363163343463626632663837
-66633432376136323961336437613465303635303966343530383162653766373736333661386163
-30303233333939626537303631313532373130363866306165343732653064643866393933323230
-31373035653332363961343464613134626464643733313666333861623961373264303462633334
-63653638356666656163343266353133396236313231643664313764663761363634643063323466
-36623266393166316138343239393663393739666266653730323766643566343936386436666164
-30616637656563626634306634336631613564396234613836396537636363643466323762393166
-33623534613462306130356631626265373462343065333132666439623333663135336437323536
-36303131386135333763356565323962666233353263353331653065333435613138343939393530
-633664316538643432303731366233653831
+dop_v1_cf3fddc6f6c9e008e62c454a3db645038634c253a526a3bbbcf27618789ae587
\ No newline at end of file
diff --git a/files/manifests/wildcard-pwa-realitynetwork.yaml b/files/manifests/wildcard-l-earthball.yaml
similarity index 51%
rename from files/manifests/wildcard-pwa-realitynetwork.yaml
rename to files/manifests/wildcard-l-earthball.yaml
index 3af5555..8229b0b 100644
--- a/files/manifests/wildcard-pwa-realitynetwork.yaml
+++ b/files/manifests/wildcard-l-earthball.yaml
@@ -1,15 +1,15 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: pwa.realitynetwork.store
+  name: l.stg.earthball.xyz
   namespace: default
 spec:
-  secretName: pwa.realitynetwork.store
+  secretName: l.stg.earthball.xyz
   issuerRef:
     name: letsencrypt-prod-wild
     kind: ClusterIssuer
     group: cert-manager.io
-  commonName: "*.pwa.realitynetwork.store"
+  commonName: "*.l.stg.earthball.xyz"
   dnsNames:
-    - ".pwa.realitynetwork.store"
-    - "*.pwa.realitynetwork.store"
+    - "l.stg.earthball.xyz"
+    - "*.l.stg.earthball.xyz"
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index 73a890e..dd3bd52 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,7 +1,2 @@
-$ANSIBLE_VAULT;1.1;AES256
-35636534633536663965623866666430613934363036343661343362346534353764326662396365
-3039363533323464353932373436356362353261343836620a616132336266346238336338653434
-35616334333832356134353466623333363235373066396663363839656663326666323164393265
-6338323565323936350a356136353231613765366531366431363864356565653938613963656233
-66613965396531636331353463333436376337363932393033303937383263336637663435373262
-3361356561306233303030313438363637343433356463626536
+---
+support_email: someone@example.com
diff --git a/group_vars/lx_cad/k8s-vault.yml b/group_vars/lx_cad/k8s-vault.yml
new file mode 100644
index 0000000..a7b48c6
--- /dev/null
+++ b/group_vars/lx_cad/k8s-vault.yml
@@ -0,0 +1,10 @@
+---
+k8s_cluster_token: 18cd2efad6ba0df6cfe1e559ffacb0e2
+
+k8s_secrets:
+  - name: digitalocean-dns
+    type: template
+    namespace: cert-manager
+    secrets:
+      - key: access-token
+        value: dop_v1_cf3fddc6f6c9e008e62c454a3db645038634c253a526a3bbbcf27618789ae587
\ No newline at end of file
diff --git a/group_vars/rnt_cad/k8s.yml b/group_vars/lx_cad/k8s.yml
similarity index 64%
rename from group_vars/rnt_cad/k8s.yml
rename to group_vars/lx_cad/k8s.yml
index 3cf85c0..ccd652b 100644
--- a/group_vars/rnt_cad/k8s.yml
+++ b/group_vars/lx_cad/k8s.yml
@@ -1,11 +1,20 @@
 ---
-k8s_cluster_name: default
-k8s_cluster_url: rnt-cad-cluster-control.realitynetwork.store
+k8s_cluster_name: lx-cad
+k8s_cluster_url: lx-cad-cluster-control.l.stg.earthball.xyz
 k8s_taint_servers: true
 
 k8s_acme_email: "{{ support_email }}"
 
+k8s_disable: 
+  - traefik
+
 k8s_manifests:
+  # ingress controller, replaces traefik which is explicitly disabled
+  - name: ingress-nginx
+    type: url
+    source: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml
+
+  # cert-manager, required for letsencrypt
   - name: cert-manager
     type: url
     source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml
@@ -32,6 +41,6 @@ k8s_manifests:
         secret_key: access-token
 
   # initiate wildcard cert
-  - name: pwa.realitynetwork.store
+  - name: l.stg.earthball.xyz
     type: file
-    source: wildcard-pwa-realitynetwork.yaml
+    source: wildcard-l-earthball.yaml
diff --git a/group_vars/rnt_cad/k8s-vault.yml b/group_vars/rnt_cad/k8s-vault.yml
deleted file mode 100644
index 114140f..0000000
--- a/group_vars/rnt_cad/k8s-vault.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39633338616237663666373535663038646563353438346363333632616133353661323532623265
-6464306261363038386234396334363136336435656663390a626133313233396664646130386361
-39326232343834663665376534666230303034303362333265356263336361626362393939623961
-6234393862366365360a353461386639633132633437653832383663303136343761333132333738
-33336131323364333063393732643366666563393839303333303663366334613238626537636530
-64323062353134346431373536623162353731623833623832353636643063646463623833613135
-643430356133643436373339643066613165
diff --git a/host_vars/rnt-cad-cluster-control/firewalld.yml b/host_vars/lx-cad-cluster-control/firewalld.yml
similarity index 74%
rename from host_vars/rnt-cad-cluster-control/firewalld.yml
rename to host_vars/lx-cad-cluster-control/firewalld.yml
index 0ae25d2..775ad35 100644
--- a/host_vars/rnt-cad-cluster-control/firewalld.yml
+++ b/host_vars/lx-cad-cluster-control/firewalld.yml
@@ -2,7 +2,7 @@
 firewalld_add:
   - name: public
     interfaces:
-      - enp9s0
+      - eth0
     services:
       - http
       - https
@@ -13,5 +13,5 @@ firewalld_add:
     sources:
       - 10.42.0.0/16
       - 10.43.0.0/16
-      - 142.93.110.163/32
-      - 147.182.158.116/32
+      - 146.190.250.234/32
+      - 138.197.140.188/32
diff --git a/host_vars/rnt-cad-cluster-worker/firewalld.yml b/host_vars/lx-cad-cluster-worker/firewalld.yml
similarity index 71%
rename from host_vars/rnt-cad-cluster-worker/firewalld.yml
rename to host_vars/lx-cad-cluster-worker/firewalld.yml
index fc1d2d8..63837cf 100644
--- a/host_vars/rnt-cad-cluster-worker/firewalld.yml
+++ b/host_vars/lx-cad-cluster-worker/firewalld.yml
@@ -2,7 +2,7 @@
 firewalld_add:
   - name: public
     interfaces:
-      - enp9s0
+      - eth0
     services:
       - http
       - https
@@ -11,5 +11,5 @@ firewalld_add:
     sources:
       - 10.42.0.0/16
       - 10.43.0.0/16
-      - 142.93.110.163/32
-      - 147.182.150.60/32
+      - 146.190.250.234/32
+      - 138.197.136.93/32
diff --git a/host_vars/rnt-daemon/firewalld.yml b/host_vars/lx-daemon/firewalld.yml
similarity index 74%
rename from host_vars/rnt-daemon/firewalld.yml
rename to host_vars/lx-daemon/firewalld.yml
index d5fc36f..9b982d9 100644
--- a/host_vars/rnt-daemon/firewalld.yml
+++ b/host_vars/lx-daemon/firewalld.yml
@@ -2,7 +2,7 @@
 firewalld_add:
   - name: public
     interfaces:
-      - ens3
+      - eth0
     services:
       - http
       - https
@@ -13,5 +13,5 @@ firewalld_add:
 
   - name: trusted
     sources:
-      - 147.182.150.60/32
-      - 147.182.158.116/32
+      - 138.197.140.188/32
+      - 138.197.136.93/32
diff --git a/host_vars/rnt-daemon/nginx.yml b/host_vars/lx-daemon/nginx.yml
similarity index 61%
rename from host_vars/rnt-daemon/nginx.yml
rename to host_vars/lx-daemon/nginx.yml
index 42dd959..b009c4a 100644
--- a/host_vars/rnt-daemon/nginx.yml
+++ b/host_vars/lx-daemon/nginx.yml
@@ -6,16 +6,16 @@ nginx_proxy_send_timeout: 1200
 nginx_proxy_connection_timeout: 75
 
 nginx_sites:
-  - name: rnt-console
-    url: rnt-console.realitynetwork.store
+  - name: lx-console
+    url: lx-console.l.stg.earthball.xyz
     upstream: http://localhost:8080
     template: basic-proxy
     ssl: true
 
-  - name: rnt-daemon
-    url: rnt-daemon.realitynetwork.store
+  - name: lx-daemon
+    url: lx-daemon.l.stg.earthball.xyz
     upstream: http://localhost:9473
     configs:
-      - rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.realitynetwork.store permanent
+      - rewrite ^/deployer(/.*)? https://webapp-deployer.l.stg.earthball.xyz permanent
     template: websocket-proxy
     ssl: true
diff --git a/hosts b/hosts
index 0bba790..7a1fc24 100644
--- a/hosts
+++ b/hosts
@@ -1,14 +1,14 @@
 [all]
-rnt-daemon ansible_host=142.93.110.163
-rnt-cad-cluster-control ansible_host=147.182.150.60
-rnt-cad-cluster-worker ansible_host=147.182.158.116
+lx-daemon ansible_host=146.190.250.234
+lx-cad-cluster-control ansible_host=138.197.136.93
+lx-cad-cluster-worker ansible_host=138.197.140.188
 
 [so]
-rnt-daemon
+lx-daemon
 
-[rnt_cad]
-rnt-cad-cluster-control k8s_node_type=bootstrap
-rnt-cad-cluster-worker k8s_node_type=agent k8s_pod_limit=1024 k8s_external_ip=147.182.158.116
+[lx_cad]
+lx-cad-cluster-control k8s_node_type=bootstrap
+lx-cad-cluster-worker k8s_node_type=agent k8s_pod_limit=1024 k8s_external_ip=138.197.140.188
 
 [k8s:children]
-rnt_cad
+lx_cad