dogeystamp
c70e33e629
- make variables less clunky - make docker-compose run after wireguard (this seems janky right now)
51 lines
1.4 KiB
YAML
51 lines
1.4 KiB
YAML
---
|
|
|
|
# these settings should be modified in host_vars,
|
|
# cause they're mostly defaults
|
|
|
|
# set up external data disk
|
|
# also see roles/filesystems/defaults/main.yml
|
|
external_disk: no
|
|
# this exists solely because one time my external disk's ext4 partition disappeared?
|
|
# anyways now it keeps a copy of files away from syncthing in case it turns evil
|
|
# it's just an rsync shell script
|
|
backup_disk: no
|
|
|
|
# where data goes
|
|
# if you have external_disk on, you should probably set this to a path there
|
|
dataroot: /var/lib/serv_data
|
|
|
|
# send dynamic DNS update for this domain
|
|
dyndns_domain: null
|
|
# dyndns_domain: d.nerdpol.ovh
|
|
|
|
# limit this to, for example, your VPN subnet or your local subnet
|
|
# alternatively, 0.0.0.0/0 to open up the internal services to all
|
|
# for multiple subnets, separate with spaces
|
|
internal_cidr: "{{ local_subnet }}"
|
|
|
|
# this is set true in group_vars/bastion/vars.yml
|
|
enable_ddclient: false
|
|
|
|
# real public facing domain
|
|
# use CNAME entries to redirect subdomains to dyndns_domain
|
|
# this could be the same as dyndns_domain if your registrar supports dyndns
|
|
domain: null
|
|
# domain: dogeystamp.com
|
|
|
|
# local dns forwards here
|
|
dns_forward: 1.1.1.1
|
|
|
|
# clone dotfiles and stuff
|
|
enable_dotfiles: yes
|
|
|
|
escalation_method: doas
|
|
|
|
# set up static IP
|
|
enable_connection: yes
|
|
|
|
# use a wireguard network between bastion and fleet host for the reverse proxy
|
|
# see roles/wireguard/defaults/main.yml for further config settings
|
|
wireguard_services: true
|
|
wireguard_interface: "wg0"
|