-
-
Notifications
You must be signed in to change notification settings - Fork 78
/
Copy pathvars.yml
226 lines (169 loc) · 10.1 KB
/
vars.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
# SPDX-FileCopyrightText: 2023 - 2025 Slavi Pantaleev
# SPDX-FileCopyrightText: 2023 Julian-Samuel Gebühr
#
# SPDX-License-Identifier: AGPL-3.0-or-later
---
# Below is an example which installs a few services on the host, in different configuration.
# You should tweak this example as you see fit and enable the services that you need.
########################################################################
# #
# Playbook #
# #
########################################################################
# Put a strong secret below, generated with `pwgen -s 64 1` or in another way
# Various other secrets will be derived from this secret automatically.
mash_playbook_generic_secret_key: ''
########################################################################
# #
# /Playbook #
# #
########################################################################
########################################################################
# #
# Docker #
# #
########################################################################
# To disable Docker installation (in case you'd be installing Docker in another way),
# remove the line below.
mash_playbook_docker_installation_enabled: true
# To disable Docker SDK for Python installation (in case you'd be installing the SDK in another way),
# remove the line below.
devture_docker_sdk_for_python_installation_enabled: true
# Controls whether container networks will be created with IPv6 support.
#
# If you also have IPv6 support on your server/network and AAAA DNS records pointing to the server,
# enabling this will effectively give you full public IPv6 connectivity (powered by NAT66).
#
# We recommend leaving this enabled even if you don't currently have IPv6 connectivity on your server/network.
# This way, once you eventually get IPv6 connectivity, you won't have to change anything (besides DNS records).
#
# Flipping this setting later on requires manual work (stopping services, deleting and recreating all container networks).
#
# In the future, this setting will likely default to `true`, so if you really want IPv6 disabled, explicitly set this to `false`.
#
# People managing Docker themselves and running an older Docker version will need additional configuration.
#
# Learn more in `docs/configuring-ipv6.md`.
devture_systemd_docker_base_ipv6_enabled: true
########################################################################
# #
# /Docker #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.timesync #
# #
########################################################################
# To ensure the server's clock is synchronized (using systemd-timesyncd/ntpd),
# we enable the timesync service.
devture_timesync_installation_enabled: true
########################################################################
# #
# /com.devture.ansible.role.timesync #
# #
########################################################################
########################################################################
# #
# traefik #
# #
########################################################################
# Most services require a reverse-proxy, so we enable Traefik here.
#
# Learn more about the Traefik service in docs/services/traefik.md
#
# If your server already runs Traefik, you will run into port conflicts by installing it twice.
# See docs/interoperability.md for solutions.
mash_playbook_reverse_proxy_type: playbook-managed-traefik
########################################################################
# #
# /traefik #
# #
########################################################################
########################################################################
# #
# postgres #
# #
########################################################################
# Most services require a Postgres database, so we enable Postgres here.
#
# Learn more about the Postgres service in docs/services/postgres.md
postgres_enabled: true
# Put a strong password below, generated with `pwgen -s 64 1` or in another way
postgres_connection_password: ''
########################################################################
# #
# /postgres #
# #
########################################################################
########################################################################
# #
# exim_relay #
# #
########################################################################
# Various services need to send out email.
#
# Enabling this Exim relay SMTP mailer service automatically wires
# all other services to send email through it.
#
# exim-relay then gives you a centralized place for configuring email-sending.
# By default, exim-relay attempts to deliver emails directly. It may or
# may not work, depending on your domain configuration.
#
# Exim-relay supports DomainKeys Identified Mail (DKIM), and you may
# probably want to consider enabling it in order to improve deliverability.
# Without proper authentication setting, your outgoing email is most
# likely to be quarantined as spam at recipient's mail servers.
#
# Alternatively, you can have the exim-relay use via an external SMTP
# server to relay emails.
#
# See docs/services/exim-relay.md for details about configuration.
exim_relay_enabled: true
exim_relay_hostname: mash.example.com
exim_relay_sender_address: "someone@{{ exim_relay_hostname }}"
########################################################################
# #
# /exim_relay #
# #
########################################################################
########################################################################
# #
# miniflux #
# #
########################################################################
# Learn more about the Miniflux service in docs/services/miniflux.md
#
# This service is only here as an example. If you don't wish to use the
# Miniflux service, remove the whole section.
miniflux_enabled: true
miniflux_hostname: mash.example.com
miniflux_path_prefix: /miniflux
miniflux_admin_login: your-username-here
miniflux_admin_password: a-strong-password-here
########################################################################
# #
# /miniflux #
# #
########################################################################
########################################################################
# #
# uptime-kuma #
# #
########################################################################
# Learn more about the Uptime Kuma service in docs/services/uptime-kuma.md
#
# This service is only here as an example. If you don't wish to use the
# Uptime Kuma service, remove the whole section.
uptime_kuma_enabled: true
uptime_kuma_hostname: uptime-kuma.example.com
# For now, hosting Uptime Kuma under a path is not supported.
# See: https://github.com/louislam/uptime-kuma/issues/147
# uptime_kuma_path_prefix: /uptime-kuma
########################################################################
# #
# /uptime-kuma #
# #
########################################################################
# You can add additional services here, as you see fit.
# To discover new services and configuration, see docs/supported-services.md