# Do not edit this directly. # # Use # group_vars/inventory_name/vars.yml # host_vars/your_hostname/vars.yml # for plaintext variables. # # For secrets, use the same paths with vault.yml instead of vars.yml. ### Misc settings # Email address for Let's Encrypt and DNS email: dogeystamp@disroot.org # Could be sudo instead escalation_method: doas sshd_port: 2500 # Username for the priviledged user admin_username: maestro # Username for unpriviledged user username: dogeystamp # Create an SFTP read-only user (leave blank to disable) sftp_ro_username: dogeystamp-mobile # Git repos (could be localhost if Gitea is installed) dots_repo: http://localhost:3000/dogeystamp/dots.git site_repo: http://localhost:3000/dogeystamp/website.git # Drive with all the data stored on it (should be separate from OS drive) # This is the raw partition, and not the mapped crypt device secondary_disk: /dev/sdb # Web root for nginx and other applications webroot: /srv/http # Data root dataroot: /var/www/data # Extra packages util_pack: - neovim - neofetch - fish - htop - tmux - git - cronie - progress - rsync - man-db ### Network settings (nameserver, address, etc.) domain: d.nerdpol.ovh # Forward DNS queries to dns_forward: 1.1.1.1 # Local IP address subnet local_subnet: 192.168.0.0/24 # CIDR prefix subnet_prefix: /24 # Static address of the server (locally) # Preferably have another one to SSH into with Ansible, as we change the IP midway # in connection.yml local_ip: 192.168.0.3 # Gateway address (this is your router's IP) gateway: 192.168.0.1 # Connection interface for static IP interface: eth0 # Email to send renewal notices to acme_email: "{{ email }}" ### Mediawiki farm variables # Internal names for the wikis, used for filenames and URLs wiki_names: - wiki - rw ### Placeholders for secret vault (change these in host_vars/your_hostname/vault.yml) ddclient_pass: "secret" # Gitea secrets lfs_jwt_secret: "secret" jwt_secret: "secret" # Mediawiki secrets wgUpgradeKey: "secret" # This should have the same amount of elements as wiki_names. wgSecretKey: - "wiki_secret" - "rw_secret" # Matrix Synapse secrets registration_shared_secret: "secret" macaroon_secret_key: "secret" form_secret: "secret" ### Role switches # Dotfile deployment enable_dotfiles: yes # LUKS crypto and filesystem mounts enable_filesystems: yes # Firewall (UFW) enable_firewall: yes # Use NetworkManager to configure a proper static IP address in LAN enable_connection: yes # Dynamic DNS client enable_ddclient: yes # Nameserver (if you can't do NAT hairpinning) enable_nameserver: yes # SSL ACME (Let's Encrypt) enable_ssl: yes # nginx: necessary for gitea, synapse, wiki, and website. enable_webserver: yes # Git server enable_gitea: yes # Matrix server enable_synapse: yes # MediaWiki enable_wiki: yes # Personal website enable_website: yes # SFTP read-only user enable_sftpr: yes # Mailserver (local only) enable_mail: yes