.gitignore

@@ -1,4 +1,3 @@
 vault-pass.gpg-*
 roles/*
 !roles/requirements.yml
-.vscode/

.vault/vault-keys

@@ -1 +1,4 @@
-88CBCAD842520E46
+D749E2966193DF63
+EE3E0A7A87192BB7
+3C8D0C7EF49AB5A3
+388DD8D74903017E

files/manifests/secret-digitalocean-dns.yaml

@@ -1,19 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-37303132393466333261633739343530323037363563346263393337306262386434616236623830
-6439616662356337653935346434323638326432363531660a333235636264313765646330363263
-31616232373735373834393965353930316161393265366431653639646438376534656462326337
-3036653763363530330a333461643731636535643532323139393238353431313034323066363635
-31336534383163303233383936383533663437663637323335326335356135653063303133643764
-35613638663736636166353734303333666332633434313766346332373565633166356561643030
-64626163636562323964346137313238633036396232393766393137663134396663613933646539
-63666435333763323862636536313436383133343031363232333433656264386139653030383465
-63333137356463303865393939303463333031383563393837623261333734353261326333316461
-66343135656631396230303665373033663431356464636163613333643362383162613861393435
-32626562653337313638623764646463663034363065306633346365303366643166633436643936
-32653865363631623839313533333831386339633837353233313730643939336265343764643131
-34363734616237373237303039643261376664376636386164643433366436353162656232336330
-39336436353235396633313265353939373262303637373830623439303132386666646130626330
-62653462343838303266343830366565666639353362343662653234396365353339343330623039
-37653335323564323762653338666634363237303830653736623963306564643831353233663630
-32386131373263613139326534633432666364656561663461643031663230643366363036336631
-3039393835346431346231636665396138393336343963333466

files/manifests/wildcard-pwa-realitynetwork.yaml

@@ -1,15 +1,15 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: pwa.laconic.com
+  name: pwa.realitynetwork.store
   namespace: default
 spec:
-  secretName: pwa.laconic.com
+  secretName: pwa.realitynetwork.store
   issuerRef:
     name: letsencrypt-prod-wild
     kind: ClusterIssuer
     group: cert-manager.io
-  commonName: "*.pwa.laconic.com"
+  commonName: "*.pwa.realitynetwork.store"
   dnsNames:
-    - "pwa.laconic.com"
-    - "*.pwa.laconic.com"
+    - "pwa.realitynetwork.store"
+    - "*.pwa.realitynetwork.store"

group_vars/all/vault.yml

@@ -1,7 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
-37613532616632663366373332616133316237633564386464643032636137356436623331313365
-3164613836383930663466306133336263393764306662620a616131366561306334656535663432
-31323566373730353338356365663764386266383831666637646361626433343162313039343964
-3837666333343133630a343534366535613765336134623532323038633466666538356235323464
-65326264393765383138393661616537323864333036353130633461383865643030366363623437
-6162376537646461343066316234663730663466303931646630
+35636534633536663965623866666430613934363036343661343362346534353764326662396365
+3039363533323464353932373436356362353261343836620a616132336266346238336338653434
+35616334333832356134353466623333363235373066396663363839656663326666323164393265
+6338323565323936350a356136353231613765366531366431363864356565653938613963656233
+66613965396531636331353463333436376337363932393033303937383263336637663435373262
+3361356561306233303030313438363637343433356463626536

group_vars/lcn_cad/k8s-vault.yml

@@ -1,8 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-32623937306230646432336339336134316263616136383264623030623930633664346263643165
-3539396565353163656432303038613736343430643765330a353465613136396436613565396638
-63396333363766353737363438383262623539376666316531303535663832303363356631633735
-6666643461626262350a393136306662666232356532366666323765356330333838363162356330
-61333233666634373666636630623865333838653762393634306464336636633633646266623263
-33373831613266373839383666326264376362646638386566656362656130383861633933666564
-383930616533303265633661363335633064

group_vars/rnt_cad/k8s-vault.yml

@@ -0,0 +1,20 @@
+$ANSIBLE_VAULT;1.1;AES256
+63643362636263346139663662346435343861333538623731363763303034386334396261383233
+6233306462326530343561333665656330663134653466330a353532613764633361623966396161
+33396332363966623862373036653862626237396631623637613134373266626534656334306465
+3537653237303461620a386534333031366366323332646363613265323531356331633338356430
+61396561313334633133623066613762613966366633323435656464303765353231373461363664
+61616433306361623631373530366331393132326663303532323461623962393739343364373735
+32313365646231313334373038353536333438386337623962623364313732663030396364346435
+35653663633366373036646435323865666139653133636439613034613733333830306339383936
+32333139646135316630643338653564613530623465313862396634356363373064366366343364
+39313638323631393966373263396361613331646162313736346233656137666563303939323933
+38626434396566333362623638663634393934623030633633363563343037396433386531356635
+31323731383161313330333337656536383630616331653637306238316365643930336233383433
+34643864373936393932356630376265316234333737353531653431313237306335383866656232
+37323064656134376237346436396565633732613364616366666638333836333331356534623166
+37633039336533373536356562663739316138633431366136653639343239396432636162353061
+35363133656131393366333734653634616430366531656230616637666136333161343633373839
+39636261396638666361333534643065366636313530623563663839643338633038613133336239
+35343636353135323033623037613637313464353733393366336435663835623030653636323734
+396637393534353535623266386361303332

group_vars/rnt_cad/k8s.yml

@@ -1,22 +1,13 @@
 ---
-# default context is used for stack orchestrator deployments, for testing a custom context name can be usefull
-#k8s_cluster_name: lcn-cad-cluster
 k8s_cluster_name: default
-k8s_cluster_url: lcn-cad-cluster-control.laconic.com
-k8s_taint_servers: false
+k8s_cluster_url: rnt-cad-cluster-control.realitynetwork.store
+k8s_taint_servers: true
 
 k8s_acme_email: "{{ support_email }}"
 
-# k3s bundles traefik as the default ingress controller, we will disable it and use nginx instead
 k8s_disable: 
   - traefik
 
-# secrets can be stored in a file or as a template, the template secrets gets dynamically base64 encoded while file based secrets must be encoded by hand
-k8s_secrets:
-  - name: digitalocean-dns
-    type: file
-    source: secret-digitalocean-dns.yaml
-
 k8s_manifests:
   # ingress controller, replaces traefik which is explicitly disabled
   - name: ingress-nginx
@@ -26,7 +17,7 @@ k8s_manifests:
   # cert-manager, required for letsencrypt
   - name: cert-manager
     type: url
-    source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml
+    source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml
   
   # issuer for basic http certs
   - name: letsencrypt-prod
@@ -50,6 +41,6 @@ k8s_manifests:
         secret_key: access-token
 
   # initiate wildcard cert
-  - name: pwa.laconic.com
+  - name: pwa.realitynetwork.store
     type: file
-    source: wildcard-pwa-laconic.yaml
+    source: wildcard-pwa-realitynetwork.yaml

host_vars/rnt-cad-cluster-control/firewalld.yml

@@ -13,4 +13,5 @@ firewalld_add:
     sources:
       - 10.42.0.0/16
       - 10.43.0.0/16
-      - 159.203.31.82/32
+      - 142.93.110.163/32
+      - 147.182.158.116/32

host_vars/rnt-cad-cluster-worker/firewalld.yml

@@ -0,0 +1,15 @@
+---
+firewalld_add:
+  - name: public
+    interfaces:
+      - enp9s0
+    services:
+      - http
+      - https
+
+  - name: trusted
+    sources:
+      - 10.42.0.0/16
+      - 10.43.0.0/16
+      - 142.93.110.163/32
+      - 147.182.150.60/32

host_vars/rnt-daemon/firewalld.yml

@@ -7,10 +7,11 @@ firewalld_add:
       - http
       - https
     ports:
-      - 26657/tcp
-      - 26656/tcp
+      - 22657/tcp
+      - 22656/tcp
       - 1317/tcp
 
   - name: trusted
     sources:
-      - 147.182.144.6/32
+      - 147.182.150.60/32
+      - 147.182.158.116/32

host_vars/rnt-daemon/nginx.yml

@@ -6,16 +6,16 @@ nginx_proxy_send_timeout: 1200
 nginx_proxy_connection_timeout: 75
 
 nginx_sites:
-  - name: lcn-console
-    url: lcn-console.laconic.com
+  - name: rnt-console
+    url: rnt-console.realitynetwork.store
     upstream: http://localhost:8080
     template: basic-proxy
     ssl: true
 
-  - name: lcn-daemon
-    url: lcn-daemon.laconic.com
+  - name: rnt-daemon
+    url: rnt-daemon.realitynetwork.store
     upstream: http://localhost:9473
     configs:
-      - rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.laconic.com permanent
+      - rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.realitynetwork.store permanent
     template: websocket-proxy
     ssl: true

hosts

@@ -1,12 +1,14 @@
 [all]
-lcn-daemon ansible_host=159.203.31.82
-lcn-cad-cluster-control ansible_host=147.182.144.6
+rnt-daemon ansible_host=142.93.110.163
+rnt-cad-cluster-control ansible_host=147.182.150.60
+rnt-cad-cluster-worker ansible_host=147.182.158.116
 
 [so]
-lcn-daemon
+rnt-daemon
 
-[lcn_cad]
-lcn-cad-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip=147.182.144.6
+[rnt_cad]
+rnt-cad-cluster-control k8s_node_type=bootstrap
+rnt-cad-cluster-worker k8s_node_type=agent k8s_pod_limit=1024 k8s_external_ip=147.182.158.116
 
 [k8s:children]
-lcn_cad
+rnt_cad

roles/requirements.yml

@@ -1,20 +1,20 @@
 ---
 - name: firewalld
   scm: git
-  src: https://git.vdb.to/cerc-io/ansible-role-firewalld
+  src: https://github.com/srwadleigh/ansible-role-firewalld
   version: main
 
 - name: nginx
   scm: git
-  src: https://git.vdb.to/cerc-io/ansible-role-nginx
+  src: https://github.com/srwadleigh/ansible-role-nginx
   version: main
 
 - name: so
   scm: git
-  src: https://git.vdb.to/cerc-io/ansible-role-so
+  src: https://github.com/srwadleigh/ansible-role-so
   version: main
 
 - name: k8s
   scm: git
-  src: https://git.vdb.to/cerc-io/ansible-role-k8s
+  src: https://github.com/srwadleigh/ansible-role-k8s
   version: main