You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
187 lines
6.5 KiB
YAML
187 lines
6.5 KiB
YAML
---
|
|
|
|
TIMEZONE: "Europe/Berlin"
|
|
|
|
local_user: "{{ lookup('env','USER') }}"
|
|
|
|
global_username: zocker
|
|
global_admin_mail: felix.stupp@outlook.com
|
|
|
|
ansible_user: "{{ global_username }}"
|
|
|
|
ansible_become: yes
|
|
ansible_become_pass: "{{ zocker_password }}"
|
|
|
|
zocker_authorized_keys_url: "https://git.banananet.work/zocker.keys"
|
|
|
|
update_scripts_directory: "/root/update"
|
|
|
|
backup_gpg_fingerprint: "73D09948B2392D688A45DC8393E1BD26F6B02FB7"
|
|
backups_to_keep: 1
|
|
backups_directory: "/backups"
|
|
backups_files_directory: "{{ backups_directory }}/files"
|
|
backups_mysql_database_directory: "{{ backups_directory }}/mysql_databases"
|
|
backup_scripts_directory: "/root/backup"
|
|
backup_files_scripts_directory: "{{ backup_scripts_directory }}/files"
|
|
backup_mysql_database_scripts_directory: "{{ backup_scripts_directory }}/mysql_databases"
|
|
|
|
global_local_user: "{{ lookup('env', 'USER') }}"
|
|
|
|
global_deployment_directory: "/ansible"
|
|
global_configuration_environment_directory: "{{ global_deployment_directory }}/configurations"
|
|
global_helper_directory: "{{ global_deployment_directory }}/helpers"
|
|
global_webservers_directory: "/var/webservers"
|
|
global_socket_directory: "/var/run"
|
|
|
|
global_credentials_directory: "credentials"
|
|
global_public_key_directory: "public_keys"
|
|
|
|
global_dns_list_directory: "{{ global_public_key_directory }}/dns"
|
|
global_dns_changes_directory: "{{ global_configuration_environment_directory }}/dns_changes"
|
|
global_dns_session_key_name: "local-ddns"
|
|
global_dns_session_key_path: "/var/run/named/session.key"
|
|
global_dns_session_key_algorithm: "hmac-sha512"
|
|
global_dns_update_key_algorithm: "ED25519"
|
|
global_dns_ttl: "{{ 60 * 60 }}" # default if omitted in all cases
|
|
|
|
global_ssh_key_directory: "{{ global_public_key_directory }}/ssh"
|
|
global_ssh_host_key_directory: "{{ global_ssh_key_directory }}/hosts"
|
|
|
|
global_validate_shell_script: "/usr/bin/shellcheck %s" # TODO add "--format="
|
|
global_validate_sudoers_file: "/usr/sbin/visudo -c -f %s"
|
|
|
|
global_wireguard_private_directory: "{{ global_credentials_directory }}/wireguard"
|
|
global_wireguard_public_directory: "{{ global_public_key_directory }}/wireguard/keys"
|
|
global_wireguard_peers_directory: "{{ global_public_key_directory }}/wireguard/peers"
|
|
|
|
nginx_status_page_acl: |
|
|
allow 127.0.0.0/8;
|
|
allow ::1;
|
|
allow {{ ansible_default_ipv4.address }};
|
|
allow {{ ansible_default_ipv6.address }};
|
|
allow {{ global_wireguard_ipv4_range }};
|
|
deny all;
|
|
|
|
phpfpm_status_page_path: "/.well-known/php-fpm-status"
|
|
|
|
ssh_host_key_types:
|
|
- ed25519
|
|
- rsa
|
|
|
|
# (Backend) Port Mappings
|
|
|
|
backend_smtp_port: 12891
|
|
backend_imap_port: 12892
|
|
|
|
# OS-specific Default Configuration
|
|
|
|
debian_repository_mirror: "http://deb.debian.org/debian/"
|
|
debian_repository_use_sources: yes
|
|
|
|
raspbian_repository_mirror: "http://raspbian.raspberrypi.org/raspbian/"
|
|
raspbian_archive_repository_mirror: "http://archive.raspberrypi.org/debian/"
|
|
raspbian_repository_use_sources: yes
|
|
|
|
# System configuration
|
|
|
|
global_users_directory: "/home"
|
|
|
|
# Application configurations
|
|
|
|
global_ansible_facts_directory: "/etc/ansible/facts.d"
|
|
|
|
global_apparmor_profiles_directory: "/etc/apparmor.d"
|
|
global_apparmor_profiles_local_directory: "{{ global_apparmor_profiles_directory }}/local"
|
|
|
|
global_apt_sources_directory: "/etc/apt/sources.list.d"
|
|
|
|
global_bind_service_name: "named.service"
|
|
global_bind_configuration_directory: "/etc/bind"
|
|
global_bind_data_directory: "/var/lib/bind"
|
|
|
|
global_certbot_configuration_directory: "/etc/letsencrypt"
|
|
global_certbot_configuration_file: "{{ global_certbot_configuration_directory }}/cli.ini"
|
|
global_certbot_certificates_directory: "/etc/letsencrypt/live"
|
|
|
|
global_chromium_configuration_directory: "/etc/chromium"
|
|
global_chromium_managed_policies_file: "{{ global_chromium_configuration_directory }}/policies/managed/managed_policies.json"
|
|
|
|
global_dns_upstream_servers:
|
|
- "9.9.9.11"
|
|
- "149.112.112.11"
|
|
- "2620:fe::11"
|
|
- "2620:fe::fe:11"
|
|
|
|
global_dnsmasq_configuration_file: "/etc/dnsmasq.conf"
|
|
global_dnsmasq_configuration_directory: "/etc/dnsmasq.d"
|
|
|
|
global_fail2ban_service_name: "fail2ban.service"
|
|
global_fail2ban_system_directory: "/etc/fail2ban"
|
|
global_fail2ban_configuration_directory: "{{ global_fail2ban_system_directory }}/fail2ban.d"
|
|
global_fail2ban_actions_directory: "{{ global_fail2ban_system_directory }}/action.d"
|
|
global_fail2ban_filters_directory: "{{ global_fail2ban_system_directory }}/filter.d"
|
|
global_fail2ban_jails_directory: "{{ global_fail2ban_system_directory }}/jail.d"
|
|
|
|
global_ip_discover_url: "https://keys.banananet.work/ping"
|
|
global_ip_discover_register_pass: "{{ lookup('password', 'credentials/ip_discover/register_pass chars=digits,ascii_letters length=256') }}"
|
|
|
|
global_interfaces_directory: "/etc/network/interfaces.d"
|
|
|
|
global_lightdm_configuration_directory: "/etc/lightdm"
|
|
|
|
global_log_directory: "/var/log"
|
|
|
|
global_mysql_socket_path: "/var/run/mysqld/mysqld.sock"
|
|
|
|
global_nfs_port: "2049" # for version 4
|
|
global_nfs_directory: "{{ global_webservers_directory }}/nfs"
|
|
|
|
global_nginx_system_user: www-data
|
|
global_nginx_service_name: "nginx.service"
|
|
global_nginx_installation_directory: "/etc/nginx"
|
|
|
|
global_pamd: "/etc/pam.d"
|
|
|
|
global_plymouth_themes_directory: "/usr/share/plymouth/themes"
|
|
|
|
global_redis_configuration_directory: "/etc/redis"
|
|
global_redis_service_name: "redis-server.service"
|
|
|
|
global_resolv_conf: "/etc/resolv.conf"
|
|
|
|
global_ssh_service_name: "sshd.service"
|
|
global_ssh_configuration_directory: "/etc/ssh/"
|
|
global_ssh_configuration_environment_directory: "{{ global_configuration_environment_directory }}/ssh"
|
|
global_ssh_configuration_link_name: "config"
|
|
global_ssh_configuration_link: "{{ global_ssh_configuration_environment_directory }}/{{ global_ssh_configuration_link_name }}"
|
|
|
|
global_sudoers_directory: "/etc/sudoers.d"
|
|
|
|
global_wireguard_configuration_directory: "/etc/wireguard"
|
|
global_wireguard_port: 51820
|
|
global_wireguard_ipv4_subnet: 22
|
|
global_wireguard_ipv4_netmask: "{{ ('0.0.0.0/' + (global_wireguard_ipv4_subnet | string)) | ipaddr('netmask') }}"
|
|
global_wireguard_ipv4_range: "10.162.4.0/{{ global_wireguard_ipv4_subnet }}"
|
|
# TODO Wireguard IPv6 Support
|
|
|
|
global_systemd_preset_directory: "/lib/systemd/system"
|
|
global_systemd_configuration_directory: "/etc/systemd/system"
|
|
global_systemd_journal_configuration_directory: "/etc/systmed/journald.conf.d"
|
|
global_systemd_journal_max_storage: 1G
|
|
global_systemd_network_directory: "/etc/systemd/network"
|
|
global_systemd_network_service_name: "systemd-networkd.service"
|
|
global_systemd_network_system_user: "systemd-network"
|
|
|
|
global_zsh_antigen_source: "/usr/share/zsh-antigen/antigen.zsh"
|
|
|
|
# Projects
|
|
|
|
# WG Minecraft
|
|
project_wg_minecraft_port: 25566
|
|
|
|
# Miscellaneous
|
|
|
|
## IP Blocklist
|
|
|
|
global_ip_blocklist: "{{ (lookup('file', 'misc/blocklists/ipv4.txt')).split('\n') }}"
|