-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.yml
More file actions
103 lines (82 loc) · 4.18 KB
/
main.yml
File metadata and controls
103 lines (82 loc) · 4.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
---
# ============================================================================
# Image / version
# ============================================================================
# Container image for the Arcane server (control plane).
arcane_server_image: "ghcr.io/getarcaneapp/arcane"
# Image tag. Pin to a specific release (e.g. "1.17.3") for reproducible
# deployments; "latest" pulls the latest stable on every run.
arcane_server_version: "latest"
# ============================================================================
# Networking
# ============================================================================
# Host port to publish the Arcane UI / API on.
arcane_server_port: 3552
# Public URL the Arcane UI is reachable on, injected as APP_URL into the
# container. Set this if you put Arcane behind a reverse proxy.
arcane_server_app_url: "http://{{ ansible_host | default(inventory_hostname) }}:{{ arcane_server_port }}"
# ============================================================================
# Filesystem layout
# ============================================================================
# Directory on the target host where .env + docker-compose.yml are written.
arcane_server_install_dir: "/opt/arcane"
# Name of the Docker named volume used for persisted Arcane data
# (DB, keys, settings).
arcane_server_data_volume: "arcane-data"
# Extra host-path volumes to mount into the container. Useful for exposing
# an existing /srv/projects or /srv/builds directory to Arcane. Each entry:
# - host_path: /srv/projects
# container_path: /app/data/projects
# read_only: false # optional, defaults to false
arcane_server_extra_volumes: []
# ============================================================================
# Runtime user
# ============================================================================
# Optional UID/GID for the Arcane process inside the container. Leave empty
# to use the image default. When set, both must be numeric.
arcane_server_puid: ""
arcane_server_pgid: ""
# Container timezone, used by Arcane's cron/scheduler subsystem.
arcane_server_timezone: "UTC"
# ============================================================================
# Secrets
# ============================================================================
#
# Both values MUST be stable across runs; regenerating them invalidates the
# Arcane database and logs every user out. The role follows this logic:
#
# 1. If you pass a value explicitly (via inventory / group_vars /
# ansible-vault), that value wins.
# 2. Otherwise the role generates a random value on the first run and
# persists it into `{{ arcane_server_install_dir }}/.secrets/` on the
# target host, reading it back on subsequent runs so it stays stable.
#
# For production setups pin these via ansible-vault; auto-generation is a
# convenience for homelab / first-run bootstraps.
arcane_server_encryption_key: ""
arcane_server_jwt_secret: ""
# ============================================================================
# Healthcheck
# ============================================================================
# Inline compose healthcheck tuning.
arcane_server_healthcheck_interval: "10s"
arcane_server_healthcheck_timeout: "3s"
arcane_server_healthcheck_retries: 5
arcane_server_healthcheck_start_period: "15s"
# Active post-deploy probe: after `docker compose up`, wait up to
# N seconds for /api/health to return 200. Set to 0 to skip.
arcane_server_healthcheck_wait: 60
# ============================================================================
# Upgrade / rollout
# ============================================================================
# Restart policy applied to the compose service.
arcane_server_restart_policy: "unless-stopped"
# Pull policy for the compose image. "always" refreshes on every run;
# "missing" only pulls if the tag is not present locally.
arcane_server_pull_policy: "always"
# When true, the role performs a safety backup of the named data volume
# into {{ arcane_server_install_dir }}/backups/ before pulling a new image.
# Kept for forward-compat — the v0.1 implementation is a no-op stub and
# will be wired in v0.2.
arcane_server_backup_before_upgrade: false
arcane_server_backup_retention: 5