# PASSWORDS AND SECRETS: akaunting_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" akaunting_setup_admin_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" baserow_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" bigbluebutton_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" bigbluebutton_etherpad_api_key: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" bigbluebutton_fsesl_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" bigbluebutton_rails_secret: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" bigbluebutton_shared_secret: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" bigbluebutton_postgresql_secret: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" bigbluebutton_turn_secret: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" central_mariadb_root_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" central_postgres_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" discourse_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" gitlab_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" gitlab_initial_root_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" gitea_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" listmonk_admin_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" listmonk_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" mailu_api_token: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" mailu_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" mailu_initial_root_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" mailu_secret_key: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" mastodon_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" mastodon_otp_secret: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" mastodon_secret_key_base: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" mastodon_vapid_private_key: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" mastodon_vapid_public_key: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" matomo_auth_token: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" matomo_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" matrix_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" matrix_generic_secret_key: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" matrix_form_secret: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" matrix_macaroon_secret_key: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" matrix_registration_shared_secret: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" nextcloud_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" openproject_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" peertube_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" peertube_secret: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" pixelfed_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" pixelfed_app_key: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" wordpress_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" yourls_database_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" yourls_user_password: "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD" # General setup: false # Pass CLI commands to execute the setup tasks for the different roles verbose: false # Prints well formated debug information top_domain: "localhost" # Change this in inventory to your domain ip4_address: "127.0.0.1" # Change thie in inventory to the ip address of your server backups_folder_path: "/Backups/" # Path to the backups folder # Server Tact Variables ## Ours in which the server is 100% working. Rest of the time is reserved for maintanance hours_server_awake: "0..1,9..23" ## Random delay for systemd timers to avoid peak loads. randomized_delay_sec: "5min" ## Schedule for Health Checks on_calendar_health_btrfs: "*-*-* 00:00:00" # Check once per day the btrfs for errors on_calendar_health_journalctl: "*-*-* 00:00:00" # Check once per day the journalctl for errors on_calendar_health_disc_space: "*-*-* 06,12,18,00:00:00" # Check four times per day if there is sufficient disc space on_calendar_health_docker_container: "*-*-* {{ hours_server_awake }}:00:00" # Check once per hour if the docker containers are healthy on_calendar_health_docker_volumes: "*-*-* {{ hours_server_awake }}:15:00" # Check once per hour if the docker volumes are healthy on_calendar_health_nginx: "*-*-* {{ hours_server_awake }}:45:00" # Check once per hour if all webservices are available ## Schedule for Cleanup Tasks on_calendar_cleanup_backups: "*-*-* 00,06,12,18:30:00" # Cleanup backups every 6 hours, MUST be called before disc space cleanup on_calendar_cleanup_disc_space: "*-*-* 07,13,19,01:30:00" # Cleanup disc space every 6 hours ## Schedule for Backup Tasks on_calendar_backup_docker_to_local: "*-*-* 03:30:00" on_calendar_backup_remote_to_local: "*-*-* 21:30:00" ## Schedule for Maintenance Tasks on_calendar_heal_docker: "*-*-* {{ hours_server_awake }}:30:00" # Heal unhealthy docker instances once per hour on_calendar_renew_lets_encrypt_certificates: "*-*-* 12,00:30:00" # Renew Mailu certificates twice per day on_calendar_deploy_mailu_certificates: "*-*-* 13,01:30:00" # Deploy Mailu certificates twice per day on_calendar_msi_keyboard_color: "*-*-* *:*:00" # Change the keyboard color every minute on_calendar_cleanup_failed_docker: "*-*-* 12:00:00" # Clean up failed docker backups every noon # Storage Space-Related Configurations size_percent_maximum_backup: 75 # Maximum storage space in percent for backups size_percent_disc_space_warning: 85 # Warning threshold in percent for free disk space size_percent_cleanup_disc_space: 90 # Threshold for triggering cleanup actions # Path Variables for Key Directories and Scripts path_administrator_home: "/home/administrator/" path_administrator_scripts: "{{path_administrator_home}}scripts/" path_docker_volumes: "{{path_administrator_home}}volumes/docker/" path_docker_compose_instances: "{{path_administrator_home}}docker-compose/" path_system_lock_script: "{{path_administrator_scripts}}system-maintenance-lock.py" # Runtime Variables for Process Control activate_all_timers: false # Activates all timers, independend if the handlers had been triggered nginx_matomo_tracking: false # Activates matomo tracking on all html pages execute_updates: true # Executes updates force_backup_before_update: true # Activates the backup before the update procedure # System maintenance Services ## Timeouts to wait for other services to stop sytem_maintenance_lock_timeoutcleanup_services: "15min" sytem_maintenance_lock_timeoutbackup_services: "1h" sytem_maintenance_lock_timeoutheal_docker: "30min" sytem_maintenance_lock_timeoutupdate_docker: "2min" ## Services ### Defined Services for Backup Tasks system_maintenance_backup_services: - "backup-docker-to-local" - "backup-remote-to-local" - "backup-data-to-usb" - "backup-docker-to-local-everything" ### Defined Services for System Cleanup system_maintenance_cleanup_services: - "cleanup-backups" - "cleanup-disc-space" - "cleanup-failed-docker-backups" ### Services that Manipulate the System system_maintenance_manipulation_services: - "heal-docker" - "update-docker" ## Total System Maintenance Services system_maintenance_services: "{{ system_maintenance_backup_services + system_maintenance_cleanup_services + system_maintenance_manipulation_services }}" ### Define Variables for Docker Volume Health services whitelisted_anonymous_docker_volumes: [] # Webserver Configuration ## Nginx-Specific Path Configurations nginx_configuration_directory: "/etc/nginx/conf.d/" # General configuration dir nginx_servers_directory: "{{nginx_configuration_directory}}servers/" # Contains server blogs nginx_maps_directory: "{{nginx_configuration_directory}}maps/" # Contains mappins nginx_upstreams_directory: "{{nginx_configuration_directory}}upstreams/" # Contains upstream configurations ## Docker Applications ### Enable Central MariaDB enable_central_database: true ### Domain Names for Various Services domain_akaunting: "akaunting.{{top_domain}}" domain_baserow: "baserow.{{top_domain}}" domain_bigbluebutton: "meet.{{top_domain}}" domain_elk: "elk.{{top_domain}}" domain_discourse: "forum.{{top_domain}}" domain_funkwhale: "music.{{top_domain}}" domain_gitea: "git.{{top_domain}}" domain_gitlab: "gitlab.{{top_domain}}" domain_listmonk: "newsletter.{{top_domain}}" domain_mailu: "mail.{{top_domain}}" domain_mastodon: "microblog.{{top_domain}}" domains_mastodon_alternates: [] domain_matomo: "matomo.{{top_domain}}" domain_matrix_synapse: "matrix.{{top_domain}}" domain_matrix_element: "element.{{top_domain}}" domain_mediawiki: "wiki.{{top_domain}}" domain_nextcloud: "cloud.{{top_domain}}" domain_pixelfed: "picture.{{top_domain}}" domain_peertube: "video.{{top_domain}}" domains_peertube: [] domain_roulette: "roulette.{{top_domain}}" domain_attendize: "tickets.{{top_domain}}" domain_yourls: "s.{{top_domain}}" domain_openproject: "project.{{top_domain}}" domains_wordpress: ["wordpress.{{top_domain}}","blog.{{top_domain}}"] ### Common Configurations postgres_default_version: "16" ### Docker Role Specific Parameters #### Akaunting version_akaunting: "latest" akaunting_company_name: "DUMMY_VALUE_NEEDS_TO_BE_CHANGED" akaunting_company_email: "DUMMY_VALUE_NEEDS_TO_BE_CHANGED" akaunting_setup_admin_email: "DUMMY_VALUE_NEEDS_TO_BE_CHANGED" #### Listmonk listmonk_admin_username: "admin" #### Mastodon version_mastodon: "latest" mastodon_single_user_mode: false #### Matrix matrix_playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start matrix_role: "compose" # Role to setup Matrix. Valid values: ansible, compose #### Mailu version_mailu: "2.0" mailu_domain: "{{top_domain}}" #### Nextcloud version_nextcloud: "production" # Danger: Nextcloud can't skipp major version updates. #### Pixelfed pixelfed_app_name: "Pictures" #### YOURLS yourls_user: "admin" # Routing Configurations for Domain Redirections redirect_domain_mappings: - { source: "bbb.{{top_domain}}", target: "{{domain_bigbluebutton}}" } - { source: "discourse.{{top_domain}}", target: "{{domain_discourse}}" } - { source: "funkwhale.{{top_domain}}", target: "{{domain_funkwhale}}" } - { source: "gitea.{{top_domain}}", target: "{{domain_gitea}}" } - { source: "listmonk.{{top_domain}}", target: "{{domain_listmonk}}" } - { source: "mastodon.{{top_domain}}", target: "{{domain_mastodon}}" } - { source: "nextcloud.{{top_domain}}", target: "{{domain_nextcloud}}" } - { source: "openproject.{{top_domain}}", target: "{{domain_openproject}}" } - { source: "peertube.{{top_domain}}", target: "{{domain_peertube}}" } - { source: "pictures.{{top_domain}}", target: "{{domain_pixelfed}}" } - { source: "pixelfed.{{top_domain}}", target: "{{domain_pixelfed}}" } - { source: "short.{{top_domain}}", target: "{{domain_yourls}}" } - { source: "videos.{{top_domain}}", target: "{{domain_peertube}}" }