|
|
|
---
|
|
|
|
|
|
|
|
TIMEZONE: "Europe/Berlin"
|
|
|
|
|
|
|
|
ansible_user: zocker
|
|
|
|
|
|
|
|
ansible_become: yes
|
|
|
|
ansible_become_pass: "{{ zocker_password }}"
|
|
|
|
|
|
|
|
zocker_authorized_keys_url: "https://git.banananet.work/zocker.keys"
|
|
|
|
|
|
|
|
update_scripts_directory: "/root/update"
|
|
|
|
|
|
|
|
backup_gpg_fingerprint: "73D09948B2392D688A45DC8393E1BD26F6B02FB7"
|
|
|
|
backups_directory: "/backups"
|
|
|
|
backups_databases_directory: "{{ backups_directory }}/databases"
|
|
|
|
backups_files_directory: "{{ backups_directory }}/files"
|
|
|
|
|
|
|
|
global_local_user: "{{ lookup('env', 'USER') }}"
|
|
|
|
|
|
|
|
global_helper_directory: "/ansible/helpers"
|
|
|
|
global_webservers_directory: "/var/webservers"
|
|
|
|
global_socket_directory: "/var/run"
|
|
|
|
|
|
|
|
global_credentials_directory: "credentials"
|
|
|
|
global_public_key_directory: "public_keys"
|
|
|
|
global_ssh_key_directory: "{{ global_public_key_directory }}/ssh"
|
|
|
|
global_ssh_host_key_directory: "{{ global_ssh_key_directory }}/hosts"
|
|
|
|
|
|
|
|
global_wireguard_private_directory: "{{ global_credentials_directory }}/wireguard"
|
|
|
|
global_wireguard_public_directory: "{{ global_public_key_directory }}/wireguard/keys"
|
|
|
|
global_wireguard_peers_directory: "{{ global_public_key_directory }}/wireguard/peers"
|
|
|
|
|
|
|
|
ssh_host_key_types:
|
|
|
|
- ecdsa
|
|
|
|
- ed25519
|
|
|
|
- rsa
|
|
|
|
|
|
|
|
# (Backend) Port Mappings
|
|
|
|
|
|
|
|
backend_smtp_port: 12891
|
|
|
|
backend_imap_port: 12892
|
|
|
|
|
|
|
|
# Application configurations
|
|
|
|
|
|
|
|
global_ansible_facts_directory: "/etc/ansible/facts.d"
|
|
|
|
|
|
|
|
global_apt_sources_directory: "/etc/apt/sources.list.d"
|
|
|
|
|
|
|
|
global_ip_discover_server_name: "nvak.banananet.work"
|
|
|
|
global_ip_discover_url: "https://keys.banananet.work/ping"
|
|
|
|
global_ip_discover_register_pass: "{{ lookup('password', 'credentials/ip_discover/register_pass chars=digits,ascii_letters length=256') }}"
|
|
|
|
|
|
|
|
global_interfaces_directory: "/etc/network/interfaces.d"
|
|
|
|
|
|
|
|
global_ssh_configuration_directory: "/etc/ssh/"
|
|
|
|
global_ssh_configuration_environment_directory: "/ansible/ssh_configuration"
|
|
|
|
global_ssh_configuration_link_name: "config"
|
|
|
|
global_ssh_configuration_link: "{{ global_ssh_configuration_environment_directory }}/{{ global_ssh_configuration_link_name }}"
|
|
|
|
|
|
|
|
global_wireguard_configuration_directory: "/etc/wireguard"
|
|
|
|
global_wireguard_configuration_environment_directory: "/ansible/wireguard_configuration"
|
|
|
|
global_wireguard_configuration_link_name: "wireguard"
|
|
|
|
global_wireguard_configuration_link: "{{ global_wireguard_configuration_environment_directory }}/{{ global_wireguard_configuration_link_name }}"
|
|
|
|
global_wireguard_port: 51820
|
|
|
|
global_wireguard_ipv4_subnet: 22
|
|
|
|
global_wireguard_ipv4_netmask: "{{ ('0.0.0.0/' + (global_wireguard_ipv4_subnet | string)) | ipaddr('netmask') }}"
|
|
|
|
global_wireguard_ipv4_range: "10.162.4.0/{{ global_wireguard_ipv4_subnet }}"
|
|
|
|
# TODO Wireguard IPv6 Support
|
|
|
|
|
|
|
|
global_systemd_configuration_directory: "/etc/systemd/system"
|
|
|
|
|
|
|
|
# Debian Repository Mirror
|
|
|
|
debian_repository_mirror: "http://deb.debian.org/debian/"
|