Merge pull request 'separate-vault-vars' (!101) from separate-vault-vars into master

Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/101 Reviewed-by: Alexander Dahl <alex@netz39.de> Reviewed-by: tux <tux@netz39.de>
2022-11-04 18:36:43 +00:00 · 2022-11-04 18:36:43 +00:00 · 9a873d934a
commit 9a873d934a
parent 118e442ea8 6ad7482cd1
16 changed files with 174 additions and 184 deletions
--- a/README.md
+++ b/README.md
@ -11,6 +11,11 @@ ansible -i inventory.yml all --list-hosts
 ansible-galaxy install -r requirements.yml
 ```

+## Edit vault encrypted vars files
+```bash
+ansible-vault edit group_vars/all/vault
+```
+
 ## Call with
 ```bash
 ansible-playbook -i inventory.yml --ask-vault-pass main.yml
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -0,0 +1,59 @@
+---
+server_admin: "admin@netz39.de"
+
+ag_timezone: Europe/Berlin
+
+users:
+  - logname: "alex"
+    viewname: "Alexander Dahl"
+    email: "alex@netz39.de"
+    ssh_pub:
+      - !unsafe >
+        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVZPAE3XE8Ek1Ji4sCIHxLVx+bi2qpsTSsYhBqtYysnFn9AHJj14BR59D0Si05sfVkmL4OQoo7Q98oIxy33PgtqoUfgXk9dc7dlsye3t/gsAb25ABnqG/ZYe65nZLN7BzRM1/QZIbd6sSu6eXrNFCh0ikB5se4zgVkDO8t6h2dnz4FvTuIM2Bi/PnIJTqb8+uLQE1vS3A7tTx100ZKXxr81dlo2Y1JBP6WrS1W1IyFiG6wofl2XTY02ssyoENQyR89lLMJYKvm5xlhL/L69gtMsqIX9UBQFk8Rpq04ZIwN6b0K4R142GZvxdJNdQULgtI3gPkKgH7FDoFsRHNA6b/9 adahl@ada
+      - !unsafe >
+        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvczlb1+9d1BjuLk5ZcQt2Z0Dh61Vg91i47tM48CN2koJ4I/9vgN37l6mnr383zD8kQkXDGmCYpXOa48WocyyUuP3h75DCjANYcWOsohQfFu2F1ZOiiVCGduDntzS2nbZEF2W3nZNLQ6/dKKEeaSxu5RjKflkWakghkMt3H4KN20bxzYzHQMLhRYFEGHpskOqeaXKPkqqEP+u5kToINtmXwegCvQFnlx4fNrysFII79buBNlcLsO1X4ABucVMYT/OJnBpJEfEcNFUKrJZRGgM8aDbUpkV9LRY2lywvoKJhiRMc7x7kK0LWOTdPJri+SJhW6fEW4JKCRTSHVN8OS8S/ alex@buffy
+      - !unsafe >
+        ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsGvQ1COtwA4ERf+Z/IMxlw4RadCVKIQzB6v8n20dDM+bfBmTxk7NeSGbdB/vjvUV0Oq47KfDISDAlwhSv0aSpij3d7twPWrFz7eoFWAGO2mnz39btA1i9ygMypsP56NHZDsgokPoCSX3viKyFhh6qgt6cCOJYwLZix4VoFKaQ7GlqoVKAHz9v3r/Lq15oTRcCoqP7FID4Fp1a51fY2XQltALoQnfZVhqpnJB30U0uv79QCAHS5IC75fmRjm1vo/mmu0Kbu4+KfU2+MIpzx2Y6xyntIpB1Nuk9Xn1ptKw1CmgKcNOKNGkKuegripoAHv6oylTjge61ksDPjhAyisNGQ== alex@falbala
+      - !unsafe >
+        ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqx9VCxrcbUrGJ9MOTcS0Jq09bZz3gNKL4mvOXhnMhjbt0IrEENcexwVbk4pSHsezz4LKapvqmT+0U4WiCsU/DtwzLlV7Qgbjoo+Buwzll9Hi+xGn6xIHwvAZoltj2IioIIQgRxF+B/mqGaOU2KN/Yq/2ODMGvPj00VQ2+otLX3XrFoUJX5oot7GsonY2RxrSgOhWCosApgt4MxcuKjyS6VS8RDfdNn522VEPlKevUz5gY7sK5cKcAS3j29+VdXpqewa6jcz0KmQroLXFyJzPkTH2lt5AIurojGtZqbkas/TQPSExun9XpkA3gxuwVKD/uLl/R/7ecagNKdl/+Rtsbw== alex@tiffy
+      - !unsafe >
+        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC92+JJ7C0WYgripJ9hSIb2D/QMzw/rMmeFTTcO34DJNAVIQtq9nb8Ev7s8Bjz3VR7/LS4kQlyB6dp1RLuObPYRafY0695lja4lwgy7iY1OAYCNM71OYyyztcoHEz3fGO4tzNx5Z1tI9zLpS1Wr7ENeKOKBqmFIgZno67Gq+NZr3LHNvnvAsbMsZXOdnld0LmG0Um35WEN60UYz3k6QUYBfaYrHnX2OP9auK5QDnd2jVTdNLRbBus7VtIsCfK3szLa+dFyd/ISPCB/YsZj1i0WmO766Y4GqFTZhIZUok4JuU8pl/7Y9CSKRMx4sp/3LYIAyOsL5EJxmg3fEfYsRK0gb alex@toshy
+      - !unsafe >
+        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmU7MfOFuc6z5Vbwh4CbBFSg19f8B9rUO2ITjgmEvkY alex@lemmy
+    sudo: yes
+    docker: yes
+  - logname: "kwasir"
+    viewname: "Peter Seidel"
+    email: "kwasir@netz39.de"
+    sudo: yes
+    docker: yes
+  - logname: "tux"
+    viewname: "Stefan Haun"
+    email: "tux@netz39.de"
+    ssh_pub:
+      - !unsafe >
+        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvxbl9eiBojG2zKw2eSftwaMpA4XeONJpPK++WBUBJi+4RhvtN+8YX55cGsRlAA2pvW1a6hxjuR/NEA0+EAZ8ueNaOrMJjHvuUSzO76YF1gHlusAbhYvNl4EYZz/lkrFM4oaa/4/WirgUvSKnpPQx2YgX/AEkIwzk6nQLve+NmijkWdWzaww5snjbAEsgo+iEqeLPRfzbxX4Esp8bqFy3qD0SGgJM8iWlUaWCoQI1HhU4lVBtwdR6cJQ3QnmhUidRLOpIpX1sBRM8Cnwc5g2u3OpsaxPd77+5hXtxKjQUby/YLGmr6L2x1tWYqkV+GZA0Lh3fwM0BjDVT/Y/a+HUVh tux@netz39.de
+    sudo: yes
+    docker: yes
+  - logname: "dkdent"
+    viewname: "David Kilias"
+    email: "dkdent@netz39.de"
+    ssh_pub:
+      - !unsafe >
+        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQd8PoC3umGO8o2ryMlTrzYsKW0KMAzTrQxYXOwvWA7 david@Rhea
+    sudo: yes
+    docker: yes
+  - logname: "mg95"
+    viewname: "Maximilian Grau"
+    email: "mg-95@t-online.de"
+    ssh_pub:
+      - !unsafe >
+        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbBAe+a2Trndg//SektpCCk51L57EOfxSItPLtdKNAz mg@mg-POWER-PC
+      - !unsafe >
+        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+g0OG72020L0J8CHWUGItkjiX3ibrGQeiRc+cowQ7QOmX4/ifa7PraTlthpqFX24yfYpgF0vEIViySeaLsGyHWbmVstcbnpwyGcL/EdA7UDnHI9nf2mha8xfzD+4O/6pchTEWif4HVnHDSAZOsBGuuGDSHkL8+Mq28AnBZErumB7C4319/WvrfRYM00DC15oVImEeGHIALCS+3OXzNGuXTMk2dyDb2u8pjykxZ/MxE9Jgt6FwXwxvsmloSP6bmyitZ+ZtS3gHkLetRVcvnLlRL7juXHbKsAB830RDH5b6/zQCeQ8vON8rfOOSknRD16YK/fe+P2u1Kyiic8mXuI2y/mX9uQq2q4Lr6rUCuNPcA9MZBghmdECZk+oGS/pzvDnFYTXzFor9UusIeR9F6SOilC2tmVdxs9K5xNUIQnsx8pVjUeb72ZMZIOI4A7H4sRuuQeuDG7UZpN6RKtU6uCC3/8d/0hd4CydQr2PAgBo+8VyuABAxav96+k1GN6OEIJbk736xrVoLxjCbUFimrJikj0t89J4WpJdYS1rRG+oEyAIK0mFJ7MFh1og3pGLbbO49d6GLSGlxsb4JtMkhYQJ3QN1QjKKBEreOmOZslvxaFcrVHd22SIgzvYrwQJ/eM/e7PNMCoOxOZDiN58zDAy5x4As6RI53jDiAFvxqJS7RjQ== maximilian.grau@st.ovgu.de
+    sudo: yes
+    docker: yes
+
+# Data for DD24 dyndns updates
+dyndns_domain: "dyndns.n39.eu"
+dyndns_password: "{{ vault_dyndns_password }}"
--- a/group_vars/all/vault
+++ b/group_vars/all/vault
@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+34303066383937623831333466333965323161376134353838346235323662373164303163363734
+3134626237346361656533636161363331666537633538380a613761643431356530343663626666
+62646361316364333533316638646261373661633863363733366337373338336565366536386237
+3138646266613837310a396139363830613463393861336161363533343362383462623265356563
+31333862613937306463353130316365636634353862363039663762326263313366363530636631
+3630653638333831303432316266633833643739643533353536
--- a/host_vars/krypton.n39.eu/vars.yml
+++ b/host_vars/krypton.n39.eu/vars.yml
@ -0,0 +1,2 @@
+server_admin: "admin+krypton@netz39.de"
+ldap_admin_password: "{{ vault_ldap_admin_password }}"
--- a/host_vars/krypton.n39.eu/vault
+++ b/host_vars/krypton.n39.eu/vault
@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+61633462653865653066373564306134326236663834373337623166373130306534653434313735
+6164316532363832373535376630663038656632356536320a626165386434306433313139353165
+39343463396233386532613336303338653964323566303837383636313266656238383639623031
+6530386664623333620a366264396538336539663635373034323039396539663439376461666430
+61613933626630646134346634626132393737353862626136363362353662373236343265643737
+61633732356665626338303238633631363733316661626436346239663762353634653064316561
+373133323139653733313963383964383733
--- a/host_vars/platon.n39.eu/vars.yml
+++ b/host_vars/platon.n39.eu/vars.yml
@ -0,0 +1,4 @@
+server_admin: "admin+platon@netz39.de"
+mac: "b8:27:eb:8f:98:2f"
+gatekeeper_user: pi
+gatekeeper_sip_registration: "{{ vault_gatekeeper_sip_registration }}"
--- a/host_vars/platon.n39.eu/vault
+++ b/host_vars/platon.n39.eu/vault
@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+36333666633432646134393762356236373430353961343566326162333638633832383739323636
+6163346463643561666535386165383764333463333137660a343366623434383130623965383638
+66653434613432323065616432646632663232666332373362346330633861316334623264623936
+3031626164323036310a346437646236313936373034373134393463363532616565313632383730
+63303635376562313265363562336361366132623937353266313339666437383561343361376266
+38323566313332373833646633653337643666303431383661383961316139376465616535363633
+64373933336633323364613263656439386135666532366335636136343864333639346666323238
+62383039613861616563
--- a/host_vars/pottwal.n39.eu/vars.yml
+++ b/host_vars/pottwal.n39.eu/vars.yml
@ -0,0 +1,36 @@
+server_admin: "admin+pottwal@netz39.de"
+ansible_python_interpreter: /usr/bin/python3
+data_dir: "/srv/data"
+
+# These values need to be set up in RabbitMQ
+cleanuri_amqp_host: "rabbitmq.n39.eu"
+cleanuri_amqp_user: "cleanuri"
+cleanuri_amqp_pass: "{{ vault_cleanuri_amqp_pass }}"
+cleanuri_amqp_vhost: "/cleanuri"
+
+shlink_host_port: 8083
+shlink_domain_name: sl.n39.eu
+shlink_geolite_license_key: "{{ vault_shlink_geolite_license_key }}"
+
+hedgedoc_host_port: 8084
+hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.9.3
+hedgedoc_postgres_password: "{{ vault_hedgedoc_postgres_password }}"
+
+redmine_host_port: 8087
+redmine_image: redmine:4.2.7
+redmine_mysql_image: mysql:5.7
+redmine_database: redmine
+redmine_database_password: "{{ vault_redmine_database_password }}"
+
+influxdb_host_port: 8088
+influxdb_image: influxdb:2.4-alpine
+influxdb_init_username: admin
+influxdb_init_password: "{{ vault_influxdb_init_password }}"
+
+gitea_host_port: 9091
+
+prosody_data_dir: "{{ data_dir }}/prosody"
+prosody_domain_name: jabber.n39.eu
+jabber_host_port: 8086
+
+uptimekuma_host_port: 8085
--- a/host_vars/pottwal.n39.eu/vault
+++ b/host_vars/pottwal.n39.eu/vault
@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.1;AES256
+34613130633764366239396165376133363264316231303664373664366264623464643465343738
+3331616138303039616434633839383438336233633237340a303932343861333131306661323037
+33363561303461653461393530366135376138343962393037306530643639653062313461323564
+6363386239636333660a333065396531616564313839643936346362653564353430316531653163
+64643766653761643665626330653162636165626631623630316366613639363339303062623432
+39386631346265656262656437353032383362653866333935313961316131393664633339346134
+62323561653361306366313831643763336631326235343235623937386533363233623031386431
+62613537396566326164663862333032393431666662653534333331323835666131613239653664
+66626233633238373830393134656537373839623762653836616333373961623838356163323238
+36323235386233643536613766663039353331643139613333336266626262343138656433313163
+34313361316663616233373832393332373766373135396637646430383262613966303036313662
+63323535663133383839666463643036643463646262363737366366633630313662316436383737
+32323830633564663039313835633739346433316562643966613737323662623637386264326666
+66383564353738643963323530323139313136633062326366313863386433306439663433396333
+39316465333431636461306137346465623630313038346531383139333432656366393031613931
+39346664663838656439393039663566333466366336363636643532343031613730323838356436
+3635
--- a/host_vars/radon.n39.eu/vars.yml
+++ b/host_vars/radon.n39.eu/vars.yml
@ -0,0 +1,6 @@
+server_admin: "admin+radon@netz39.de"
+pwr_meter_amqp_user: "pwr-meter"
+pwr_meter_amqp_pass: "{{ vault_pwr_meter_amqp_pass }}"
+pwr_meter_api_token: "{{ vault_pwr_meter_api_token }}"
+# See https://gitea.n39.eu/Netz39_Admin/config.descartes/src/branch/live/dns_dhcp.txt
+brotherql_printer_ip: "172.23.48.53"
--- a/host_vars/radon.n39.eu/vault
+++ b/host_vars/radon.n39.eu/vault
@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+61393134306361663861356132333135633566626136383536363763646134386338363362343830
+6339626232333037613437386634396138323438643037390a366338353862653439323961626532
+37393438326261363563323233333364323536373735383834383134653935383436356137396166
+3531326465363438310a663232306138333866373637336234326166666261333332386632316163
+61616339656436666233343339383835643934366661366333386363386639306631643366623333
+30666430623435633961613932323239343239623532316662323937346634656136396539303036
+63363365363861646333386364373263303037663266323832663761633633663136616338323362
+36326561623063646666373034333335373135343736633066393937653234313932363138643065
+38646231333564303861633231353535623436326135303463613738346231633962
--- a/host_vars/tau.netz39.de/vars.yml
+++ b/host_vars/tau.netz39.de/vars.yml
@ -0,0 +1,2 @@
+server_admin: "admin+tau@netz39.de"
+mysql_root_pw: "{{ vault_mysql_root_pw }}"
--- a/host_vars/tau.netz39.de/vault
+++ b/host_vars/tau.netz39.de/vault
@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+63323761323733353533323465366663633863346437613938626633366363643765656664343832
+3361376139623139613937656438356132626338646338310a333635633630363836363038383039
+61386466653166356134393361653538643237623365663135636463363039363234623834376634
+6134636464323837620a373264346365353731666330646538316535636532363633333433633863
+39633362613134636137363537613433363738313135343534323436643236363035
--- a/host_vars/unicorn.n39.eu/vars.yml
+++ b/host_vars/unicorn.n39.eu/vars.yml
@ -0,0 +1 @@
+server_admin: "admin+unicorn@netz39.de"
--- a/inventory.yml
+++ b/inventory.yml
@ -1,168 +1,12 @@
 ---
 all:
-  vars:
-    server_admin: "admin@netz39.de"
-
-    ag_timezone: Europe/Berlin
-
-    users:
-      - logname: "alex"
-        viewname: "Alexander Dahl"
-        email: "alex@netz39.de"
-        ssh_pub:
-          - !unsafe >
-            ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVZPAE3XE8Ek1Ji4sCIHxLVx+bi2qpsTSsYhBqtYysnFn9AHJj14BR59D0Si05sfVkmL4OQoo7Q98oIxy33PgtqoUfgXk9dc7dlsye3t/gsAb25ABnqG/ZYe65nZLN7BzRM1/QZIbd6sSu6eXrNFCh0ikB5se4zgVkDO8t6h2dnz4FvTuIM2Bi/PnIJTqb8+uLQE1vS3A7tTx100ZKXxr81dlo2Y1JBP6WrS1W1IyFiG6wofl2XTY02ssyoENQyR89lLMJYKvm5xlhL/L69gtMsqIX9UBQFk8Rpq04ZIwN6b0K4R142GZvxdJNdQULgtI3gPkKgH7FDoFsRHNA6b/9 adahl@ada
-          - !unsafe >
-            ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvczlb1+9d1BjuLk5ZcQt2Z0Dh61Vg91i47tM48CN2koJ4I/9vgN37l6mnr383zD8kQkXDGmCYpXOa48WocyyUuP3h75DCjANYcWOsohQfFu2F1ZOiiVCGduDntzS2nbZEF2W3nZNLQ6/dKKEeaSxu5RjKflkWakghkMt3H4KN20bxzYzHQMLhRYFEGHpskOqeaXKPkqqEP+u5kToINtmXwegCvQFnlx4fNrysFII79buBNlcLsO1X4ABucVMYT/OJnBpJEfEcNFUKrJZRGgM8aDbUpkV9LRY2lywvoKJhiRMc7x7kK0LWOTdPJri+SJhW6fEW4JKCRTSHVN8OS8S/ alex@buffy
-          - !unsafe >
-            ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsGvQ1COtwA4ERf+Z/IMxlw4RadCVKIQzB6v8n20dDM+bfBmTxk7NeSGbdB/vjvUV0Oq47KfDISDAlwhSv0aSpij3d7twPWrFz7eoFWAGO2mnz39btA1i9ygMypsP56NHZDsgokPoCSX3viKyFhh6qgt6cCOJYwLZix4VoFKaQ7GlqoVKAHz9v3r/Lq15oTRcCoqP7FID4Fp1a51fY2XQltALoQnfZVhqpnJB30U0uv79QCAHS5IC75fmRjm1vo/mmu0Kbu4+KfU2+MIpzx2Y6xyntIpB1Nuk9Xn1ptKw1CmgKcNOKNGkKuegripoAHv6oylTjge61ksDPjhAyisNGQ== alex@falbala
-          - !unsafe >
-            ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqx9VCxrcbUrGJ9MOTcS0Jq09bZz3gNKL4mvOXhnMhjbt0IrEENcexwVbk4pSHsezz4LKapvqmT+0U4WiCsU/DtwzLlV7Qgbjoo+Buwzll9Hi+xGn6xIHwvAZoltj2IioIIQgRxF+B/mqGaOU2KN/Yq/2ODMGvPj00VQ2+otLX3XrFoUJX5oot7GsonY2RxrSgOhWCosApgt4MxcuKjyS6VS8RDfdNn522VEPlKevUz5gY7sK5cKcAS3j29+VdXpqewa6jcz0KmQroLXFyJzPkTH2lt5AIurojGtZqbkas/TQPSExun9XpkA3gxuwVKD/uLl/R/7ecagNKdl/+Rtsbw== alex@tiffy
-          - !unsafe >
-            ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC92+JJ7C0WYgripJ9hSIb2D/QMzw/rMmeFTTcO34DJNAVIQtq9nb8Ev7s8Bjz3VR7/LS4kQlyB6dp1RLuObPYRafY0695lja4lwgy7iY1OAYCNM71OYyyztcoHEz3fGO4tzNx5Z1tI9zLpS1Wr7ENeKOKBqmFIgZno67Gq+NZr3LHNvnvAsbMsZXOdnld0LmG0Um35WEN60UYz3k6QUYBfaYrHnX2OP9auK5QDnd2jVTdNLRbBus7VtIsCfK3szLa+dFyd/ISPCB/YsZj1i0WmO766Y4GqFTZhIZUok4JuU8pl/7Y9CSKRMx4sp/3LYIAyOsL5EJxmg3fEfYsRK0gb alex@toshy
-          - !unsafe >
-            ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmU7MfOFuc6z5Vbwh4CbBFSg19f8B9rUO2ITjgmEvkY alex@lemmy
-        sudo: yes
-        docker: yes
-      - logname: "kwasir"
-        viewname: "Peter Seidel"
-        email: "kwasir@netz39.de"
-        sudo: yes
-        docker: yes
-      - logname: "tux"
-        viewname: "Stefan Haun"
-        email: "tux@netz39.de"
-        ssh_pub:
-          - !unsafe >
-            ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvxbl9eiBojG2zKw2eSftwaMpA4XeONJpPK++WBUBJi+4RhvtN+8YX55cGsRlAA2pvW1a6hxjuR/NEA0+EAZ8ueNaOrMJjHvuUSzO76YF1gHlusAbhYvNl4EYZz/lkrFM4oaa/4/WirgUvSKnpPQx2YgX/AEkIwzk6nQLve+NmijkWdWzaww5snjbAEsgo+iEqeLPRfzbxX4Esp8bqFy3qD0SGgJM8iWlUaWCoQI1HhU4lVBtwdR6cJQ3QnmhUidRLOpIpX1sBRM8Cnwc5g2u3OpsaxPd77+5hXtxKjQUby/YLGmr6L2x1tWYqkV+GZA0Lh3fwM0BjDVT/Y/a+HUVh tux@netz39.de
-        sudo: yes
-        docker: yes
-      - logname: "dkdent"
-        viewname: "David Kilias"
-        email: "dkdent@netz39.de"
-        ssh_pub:
-          - !unsafe >
-            ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQd8PoC3umGO8o2ryMlTrzYsKW0KMAzTrQxYXOwvWA7 david@Rhea
-        sudo: yes
-        docker: yes
-      - logname: "mg95"
-        viewname: "Maximilian Grau"
-        email: "mg-95@t-online.de"
-        ssh_pub:
-          - !unsafe >
-            ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbBAe+a2Trndg//SektpCCk51L57EOfxSItPLtdKNAz mg@mg-POWER-PC
-          - !unsafe >
-            ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+g0OG72020L0J8CHWUGItkjiX3ibrGQeiRc+cowQ7QOmX4/ifa7PraTlthpqFX24yfYpgF0vEIViySeaLsGyHWbmVstcbnpwyGcL/EdA7UDnHI9nf2mha8xfzD+4O/6pchTEWif4HVnHDSAZOsBGuuGDSHkL8+Mq28AnBZErumB7C4319/WvrfRYM00DC15oVImEeGHIALCS+3OXzNGuXTMk2dyDb2u8pjykxZ/MxE9Jgt6FwXwxvsmloSP6bmyitZ+ZtS3gHkLetRVcvnLlRL7juXHbKsAB830RDH5b6/zQCeQ8vON8rfOOSknRD16YK/fe+P2u1Kyiic8mXuI2y/mX9uQq2q4Lr6rUCuNPcA9MZBghmdECZk+oGS/pzvDnFYTXzFor9UusIeR9F6SOilC2tmVdxs9K5xNUIQnsx8pVjUeb72ZMZIOI4A7H4sRuuQeuDG7UZpN6RKtU6uCC3/8d/0hd4CydQr2PAgBo+8VyuABAxav96+k1GN6OEIJbk736xrVoLxjCbUFimrJikj0t89J4WpJdYS1rRG+oEyAIK0mFJ7MFh1og3pGLbbO49d6GLSGlxsb4JtMkhYQJ3QN1QjKKBEreOmOZslvxaFcrVHd22SIgzvYrwQJ/eM/e7PNMCoOxOZDiN58zDAy5x4As6RI53jDiAFvxqJS7RjQ== maximilian.grau@st.ovgu.de
-        sudo: yes
-        docker: yes
-
-    # Data for DD24 dyndns updates
-    dyndns_domain: "dyndns.n39.eu"
-    dyndns_password: !vault |
-      $ANSIBLE_VAULT;1.1;AES256
-      65653833376630636530373933326362316164353965643732323634393934383764376563613063
-      6632333438636434376666666132313139393363366665380a353737326231613862333866323031
-      30353966366436613433363937643463613332643133643637643232633238373638303063646635
-      3132306530356431630a333538616466643933643230383165646362643738616237383937666332
-      3164
-
  hosts:
    tau.netz39.de:
-      server_admin: "admin+tau@netz39.de"
-      mysql_root_pw: !vault |
-        $ANSIBLE_VAULT;1.1;AES256
-        64313138383833643866383332623265383863623332343864306537633931326139303638303761
-        6464653933613663643632383935376164393033363233330a313063613832396166666464666136
-        36633532393231663634663034666666356332373438646130643161383134653739663066626538
-        3661663132343639310a613431653031626434323064313465373866666332353931313836623465
-        3461
    pottwal.n39.eu:
-      server_admin: "admin+pottwal@netz39.de"
-
-      # These values need to be set up in RabbitMQ
-      cleanuri_amqp_host: "rabbitmq.n39.eu"
-      cleanuri_amqp_user: "cleanuri"
-      cleanuri_amqp_pass: !vault |
-        $ANSIBLE_VAULT;1.1;AES256
-        36623438333666666263616562386561383564343534383130633336663130323562316337623532
-        6262336637646435666334653834643535316463366132320a393265616331376465383766643539
-        65656130356132333832396266313939326333323161316163653335376266303239663534303731
-        3666383966383463350a616461666534656232666235323333313139353363663763633261346533
-        64623232626531616235386235313763336465366466343334316361396239636337
-      cleanuri_amqp_vhost: "/cleanuri"
-
-      shlink_geolite_license_key: !vault |
-        $ANSIBLE_VAULT;1.1;AES256
-        33626234393039623132663736656363356562383235353737313034613630626339303263366665
-        6133333035663566356532303131373066646632363233330a333230376231616461343262623138
-        31356239323439666632333033616366663762646366343839663463633665333863343437343334
-        3665386538393066380a383366346235343531306561643534663035646537666534383536333230
-        34613761363237633865306332653631323366343232353666343165666664343838
-      hedgedoc_postgres_password: !vault |
-        $ANSIBLE_VAULT;1.1;AES256
-        66333336393263316230626630626234383238343238396463373331633738343663376439653963
-        3536656431633631396634383137323938313663363665370a366132323464373731323564386239
-        38656238663565386631306263333166633064313762343139373735626439666665356530383363
-        3134373261386435310a626461376537643937643838636638313033383463356663396464643361
-        36333766383139376331336633646633396430323663366636616431643134666536
-      redmine_database_password: !vault |
-        $ANSIBLE_VAULT;1.1;AES256
-        31343936363663616665346336616366313761363866353533646464393163363161306331323639
-        3030643563363731646365643362626664633130656265330a623566333734343562393432636336
-        32366339366433626466306634383563343633343736393735336130363462346265646431393839
-        3566326231663663340a383731353935366234643132386438663736313938356266613432303232
-        3165
-      influxdb_init_username: admin
-      influxdb_init_password: !vault |
-        $ANSIBLE_VAULT;1.1;AES256
-        30316166356665623137386637353262316230616462356365333734323464363438666461323262
-        6463643839386563313765323534386365396131323462650a313737643139656638373265623433
-        37663136346132623166336139303234323433616634336332663133653532643336303362303161
-        3231306434626336370a363265643462366231326263313563306366393930633765633934386362
-        34316566643132353936636661623365663331333636636462316366623366383864
    unicorn.n39.eu:
-      server_admin: "admin+unicorn@netz39.de"
    platon.n39.eu:
-      server_admin: "admin+platon@netz39.de"
-      mac: "b8:27:eb:8f:98:2f"
-      gatekeeper_user: pi
-      gatekeeper_sip_registration: !vault |
-        $ANSIBLE_VAULT;1.1;AES256
-        31306464613437343762323366393132323231306362393762636361353230353632333834663430
-        3133663661396566623664323134353737643039646263320a333434326561383962643739346265
-        61376631393266393737306261393137353364353637623335386663613834373233633264316130
-        3931316365663739380a616334626264376164376165346263353366363234646462383637383034
-        62343231636664623938356233363137383166306232373063306362366265333061623532393066
-        6261613435373465336463376431366164373538376465343031
    radon.n39.eu:
-      server_admin: "admin+radon@netz39.de"
-      pwr_meter_amqp_user: "pwr-meter"
-      pwr_meter_amqp_pass: !vault |
-        $ANSIBLE_VAULT;1.1;AES256
-        62343631383061663837393636663230303734313662353262333537346635343533383736636365
-        3430646130313661653462383961386430343234323338360a643261343238326165333839333931
-        38303738353139653935333632393838336331633739373433636438613162333235346335383933
-        3462313739363833340a343534383664353565613566613032623565393264313032313861363131
-        39646437353963393430336233653934383034373830313935356666336439333438
-      pwr_meter_api_token: !vault |
-        $ANSIBLE_VAULT;1.1;AES256
-        36393038376632373362383162623866346630656664313330623432633335366461313732643439
-        3062353665373030343264613832653463383064323139350a613439666436383365666535316634
-        32303064323664326538366331303733656565323332323331333962386165316566643764663262
-        6132316461393562370a323564316335343231643266373139323161316663313237326261306531
-        65656162653866383632383265343133626637316566333366386164396465353231636636616335
-        3461663034653936306666313437323734393361306432623639
-      # See https://gitea.n39.eu/Netz39_Admin/config.descartes/src/branch/live/dns_dhcp.txt
-      brotherql_printer_ip: "172.23.48.53"
    krypton.n39.eu:
-      server_admin: "admin+krypton@netz39.de"
-      ldap_admin_password: !vault |
-        $ANSIBLE_VAULT;1.1;AES256
-        30646262643765616236666665363366353934333264343064383265316162333033653839396466
-        3262306131373461323032363234323161613431613133360a396531343438313165666163646363
-        65333334666132313834663839626431373339646631366261316139333233666566383131353035
-        3765613264626637660a343562363166313535613964336261356530353732333965313830653865
-        39373837643837663630333765306463616234363535613666333862396632643961
    oganesson.n39.eu:
    holmium.n39.eu:

--- a/pottwal.yml
+++ b/pottwal.yml
@ -2,33 +2,6 @@
 - hosts: pottwal.n39.eu
  become: true

-  vars:
-    ansible_python_interpreter: /usr/bin/python3
-
-    data_dir: "/srv/data"
-
-    gitea_host_port: 9091
-
-    shlink_host_port: 8083
-    shlink_domain_name: sl.n39.eu
-
-    prosody_data_dir: "{{ data_dir }}/prosody"
-    prosody_domain_name: jabber.n39.eu
-    jabber_host_port: 8086
-
-    hedgedoc_host_port: 8084
-    hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.9.3
-
-    redmine_host_port: 8087
-    redmine_image: redmine:4.2.7
-    redmine_mysql_image: mysql:5.7
-    redmine_database: redmine
-
-    influxdb_host_port: 8088
-    influxdb_image: influxdb:2.4-alpine
-
-    uptimekuma_host_port: 8085
-
  roles:
    - role: docker_setup
      vars:
@ -42,7 +15,7 @@
          - name: gitea.n39.eu
          - name: uritools.n39.eu
          - name: uritools-api.n39.eu
-          - name: sl.n39.eu
+          - name: "{{ shlink_domain_name }}"
          - name: pad.n39.eu
          - name: "{{ prosody_domain_name }}"
            alternate_names: