add matrix federation items, rename some things

carpenike · Oct 26, 2021 · e07f1bd · e07f1bd
1 parent 61855b0
commit e07f1bd
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 35 deletions.
diff --git a/ansible/inventory/group_vars/all/address_book.yaml b/ansible/inventory/group_vars/all/address_book.yaml
@@ -146,8 +146,8 @@ address_book:
       ipv4_addr: 10.20.10.18
       groups:
         - utility
-    3com:
-      hostname: 3com
+    sw-3com:
+      hostname: sw-3com
       network: mgmt
       dhcp_client: false
       ipv4_addr: 10.9.18.254
@@ -213,8 +213,23 @@ address_book:
       ipv4_addr: 10.9.18.106
       groups:
         - tplink_eap_devices
-
-        # bcs:
+    ap-upstairs:
+      hostname: ap-upstairs
+      mac_addr: c0:06:c3:aa:81:28
+      network: mgmt
+      dhcp_client: true
+      ipv4_addr: 10.9.18.107
+      groups:
+        - tplink_eap_devices
+    ap-basement:
+      hostname: ap-basement
+      mac_addr: c0:06:c3:aa:84:ea
+      network: mgmt
+      dhcp_client: true
+      ipv4_addr: 10.9.18.108
+      groups:
+        - tplink_eap_devices
+    # bcs:
     #   hostname: bcs
     #   mac_addr: aa:00:02:00:24:0f
     #   network: wired
@@ -250,8 +265,8 @@ address_book:
         - print_clients
         - mgmt_nodes
 
-    hp_printer:
-      hostname: hp_printer
+    hp-printer:
+      hostname: hp-printer
       mac_addr: f8:0d:ac:7b:d9:90
       network: iot
       dhcp_client: true
@@ -288,8 +303,8 @@ address_book:
         - android_tvs
         - chromecast_players
         - airplay_devices
-    nvidia_shield_tv_basement:
-      hostname: nvidia_shield_tv_basement
+    nvidia-shield-tv-basement:
+      hostname: nvidia-shield-tv-basement
       mac_addr: 48:b0:2d:13:b7:a0
       network: iot
       dhcp_client: true
@@ -301,8 +316,8 @@ address_book:
         - android_tvs
         - chromecast_players
         - airplay_devices
-    nvidia_shield_tv_masterbedroom:
-      hostname: nvidia_shield_tv_masterbedroom
+    nvidia-shield-tv-master-bedroom:
+      hostname: nvidia-shield-tv-master-bedroom
       mac_addr: 48:b0:2d:13:d1:d6
       network: iot
       dhcp_client: true
@@ -314,8 +329,8 @@ address_book:
         - android_tvs
         - chromecast_players
         - airplay_devices
-    firetv_bar_tv:
-      hostname: firetv_bar_tv
+    firetv-bar-tv:
+      hostname: firetv-bar-tv
       mac_addr: 74:ec:b2:5a:c3:47
       network: iot
       dhcp_client: true
@@ -351,8 +366,8 @@ address_book:
       groups:
         - media_players
         - google_device
-    sonos_kitchen-1:
-      hostname: sonos_kitchen_1
+    sonos-kitchen-1:
+      hostname: sonos-kitchen-1
       mac_addr: 34:7e:5c:1e:04:82
       network: iot
       dhcp_client: true
@@ -361,8 +376,8 @@ address_book:
         - media_players
         - sonos_players
         - airplay_devices
-    sonos_kitchen-2:
-      hostname: sonos_kitchen_2
+    sonos-kitchen-2:
+      hostname: sonos-kitchen-2
       mac_addr: 34:7e:5c:1e:04:4c
       network: iot
       dhcp_client: true
@@ -371,8 +386,8 @@ address_book:
         - media_players
         - sonos_players
         - airplay_devices
-    sonos_upstairs_hallway:
-      hostname: sonos_upstairs_hallway
+    sonos-upstairs-hallway:
+      hostname: sonos-upstairs-hallway
       mac_addr: 5c:aa:fd:4e:d2:9e
       network: iot
       dhcp_client: true
@@ -381,8 +396,8 @@ address_book:
         - media_players
         - sonos_players
         - airplay_devices
-    sonos_basement:
-      hostname: sonos_basement
+    sonos-basement:
+      hostname: sonos-basement
       mac_addr: 5c:aa:fd:4e:d6:24
       network: iot
       dhcp_client: true
@@ -391,8 +406,8 @@ address_book:
         - media_players
         - sonos_players
         - airplay_devices
-    sonos_bar:
-      hostname: sonos_bar
+    sonos-bar:
+      hostname: sonos-bar
       mac_addr: 48:a6:b8:f9:11:b6
       network: iot
       dhcp_client: true
@@ -401,8 +416,8 @@ address_book:
         - media_players
         - sonos_players
         - airplay_devices
-    sonos_move:
-      hostname: sonos_move
+    sonos-move:
+      hostname: sonos-move
       mac_addr: 48:a6:b8:e0:cd:ec
       network: iot
       dhcp_client: true
@@ -411,8 +426,8 @@ address_book:
         - media_players
         - sonos_players
         - airplay_devices
-    sonos_office:
-      hostname: sonos_office
+    sonos-office:
+      hostname: sonos-office
       mac_addr: 48:a6:b8:68:81:b5
       network: iot
       dhcp_client: true
@@ -421,8 +436,8 @@ address_book:
         - media_players
         - sonos_players
         - airplay_devices
-    sonos_livingroom_tv:
-      hostname: sonos_livingroom_tv
+    sonos-livingroom-tv:
+      hostname: sonos-livingroom-tv
       mac_addr: 54:2a:1b:87:58:10
       network: iot
       dhcp_client: true
@@ -431,8 +446,8 @@ address_book:
         - media_players
         - sonos_players
         - airplay_devices
-    sonos_masterbedroom_tv:
-      hostname: sonos_masterbedroom_tv
+    sonos-master-bedroom-tv:
+      hostname: sonos-master-bedroom-tv
       mac_addr: 48:a6:b8:b3:9f:e7
       network: iot
       dhcp_client: true
@@ -450,8 +465,8 @@ address_book:
       groups:
         - media_players
         - lg_tvs
-    lg_masterbedroom_tv:
-      hostname: lg_masterbedroom_tv
+    lg_master-bedroom_tv:
+      hostname: lg-master-bedroom-tv
       mac_addr: ac:f1:08:59:b5:46
       network: iot
       dhcp_client: true
@@ -593,7 +608,7 @@ address_book:
       groups:
         - esphome_devices
     garage-front-lights:
-      hostname: garage_front_lights
+      hostname: garage-front-lights
       mac_addr: 68:c6:3a:fb:70:ae
       network: iot
       dhcp_client: true

diff --git a/ansible/inventory/host_vars/fw/firewall_rules.yml b/ansible/inventory/host_vars/fw/firewall_rules.yml
@@ -482,3 +482,11 @@ vyos_firewall_rules:
       address-group: k8s_nodes
     destination:
       port: 587
+
+  accept_matrix_federation_from_k8s_nodes:
+    action: accept
+    protocol: tcp
+    source:
+      address-group: k8s_nodes
+    destination:
+      port: 8448
diff --git a/ansible/inventory/host_vars/fw/firewall_zones.yml b/ansible/inventory/host_vars/fw/firewall_zones.yml
@@ -53,6 +53,7 @@ vyos_firewall_zones:
           - accept_mullvad_vpn_from_k8s_nodes: null
           - accept_ubnt_cloud_from_k8s_nodes: null
           - accept_imaps_from_k8s_nodes: null
+          - accept_matrix_federation_from_k8s_nodes: null
       - ignoreZones:
           - video
           - wireless

diff --git a/ansible/inventory/host_vars/fw/main.sops.yml b/ansible/inventory/host_vars/fw/main.sops.yml
@@ -12,14 +12,15 @@ secure_values:
       domains:
         - ENC[AES256_GCM,data:PkTG+rC0hcDq1nO5,iv:whDost3Mumx3u6oeoL0cQJ30LnV3SsoV5kfhppqdBs0=,tag:kE8ESHK35NxC/J/DSgu8qw==,type:str]
         - ENC[AES256_GCM,data:En8VMPv0kg==,iv:oUEng6K/BotBKQ9tiDCe7jc+KvnScypfxLJD1lLxoAc=,tag:IjV5TPQzQ0UTg+sUJYMWKg==,type:str]
+        - ENC[AES256_GCM,data:hZYRZQ9TIumnA+YE,iv:U3zLzLRj0MOApdnOJinMGTrl70WIriYFqwoPCQjKr30=,tag:sEamUCJyz821M7zlByGZGA==,type:str]
 sops:
   kms: []
   gcp_kms: []
   azure_kv: []
   hc_vault: []
   age: []
-  lastmodified: "2021-09-23T21:25:11Z"
-  mac: ENC[AES256_GCM,data:viy+m2l6HRtJFx3R8Q+cz53dFOk081nC6tLB+jaHQCzGLe4rXmQtidYdE1R2fNjHIGUr34jlXaaMOLzAnu2uFISJuGblPmWZ1TVVH8j8D2OES70jxXgayNihVpfeJ1CGHPgeWOlWwoP2KuArq3Cwr5iKXgQRnf+KdVtQkxrYxco=,iv:ipW7Bl/pY07FK24MiIoHS13U8mWc+4wxgC1uhjzJMEE=,tag:Di3/we86h5AT/Us8tdxlBg==,type:str]
+  lastmodified: "2021-10-23T23:10:35Z"
+  mac: ENC[AES256_GCM,data:z0rPO2coiZdDEeaytgmBqdB/2Xmy4KyBdLesbUsRbWNt1JIJKt+TIAGPGc5M72/Zsnb2AHdkW/4Ym34OOGXdqwdrmXfwl0TnobgT/E+IGaIuljhp1NH7rcLyNvAPG8xbuvw4Dm9QHpkN7rL0jjHrra6QbYqDnQwP914A3KkSoFQ=,iv:0gaNiITuFjqNpTHf9eo1yCSMY0i2Vo0OQHW/jg6MAqw=,tag:30fuWpROTwiTEK6O24vdSg==,type:str]
   pgp:
     - created_at: "2021-06-29T00:45:38Z"
       enc: |