# General pause_duration: "120" # Database delay to wait for the central database before continue tasks ip4_address: "127.0.0.1" # Change thie in inventory to the ip address of your server backups_folder_path: "/Backups/" # Path to the backups folder ## Domain primary_domain_tld: "localhost" # Top Level Domain of the server primary_domain_sld: "cymais" # Second Level Domain of the server primary_domain: "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server # Administrator administrator_username: "administrator" # Username of the administrator administrator_email: "{{administrator_username}}@{{primary_domain}}" # Email of the administrator #user_administrator_initial_password: EXAMPLE_PASSWORD_123456 # Example initialisation password needs to be set in inventory file # Email Configuration system_email_local: no-reply system_email_domain: "{{primary_domain}}" system_email_username: "{{system_email_local}}@{{system_email_domain}}" system_email_host: "mail.{{primary_domain}}" system_email_smtp_port: 465 system_email_tls: true system_email_start_tls: false system_email_from: "{{system_email_username}}" system_email_smtp: true # Test Email test_email: "test@{{primary_domain}}" # Mode # The following modes can be combined with each other mode_reset: false # Cleans up all CyMaIS files. It's necessary to run to whole playbook and not particial roles when using this function. mode_debug: false # Prints well formated debug information mode_test: false # Executes test routines instead of productive routines mode_update: true # Executes updates mode_backup: true # Activates the backup before the update procedure mode_setup: false # Execute the setup and initializing procedures # Server Tact Variables ## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance hours_server_awake: "0..23" ## Random delay for systemd timers to avoid peak loads. randomized_delay_sec: "5min" ## Schedule for Health Checks on_calendar_health_btrfs: "*-*-* 00:00:00" # Check once per day the btrfs for errors on_calendar_health_journalctl: "*-*-* 00:00:00" # Check once per day the journalctl for errors on_calendar_health_disc_space: "*-*-* 06,12,18,00:00:00" # Check four times per day if there is sufficient disc space on_calendar_health_docker_container: "*-*-* {{ hours_server_awake }}:00:00" # Check once per hour if the docker containers are healthy on_calendar_health_docker_volumes: "*-*-* {{ hours_server_awake }}:15:00" # Check once per hour if the docker volumes are healthy on_calendar_health_nginx: "*-*-* {{ hours_server_awake }}:45:00" # Check once per hour if all webservices are available ## Schedule for Cleanup Tasks on_calendar_cleanup_backups: "*-*-* 00,06,12,18:30:00" # Cleanup backups every 6 hours, MUST be called before disc space cleanup on_calendar_cleanup_disc_space: "*-*-* 07,13,19,01:30:00" # Cleanup disc space every 6 hours ## Schedule for Backup Tasks on_calendar_backup_docker_to_local: "*-*-* 03:30:00" on_calendar_backup_remote_to_local: "*-*-* 21:30:00" ## Schedule for Maintenance Tasks on_calendar_heal_docker: "*-*-* {{ hours_server_awake }}:30:00" # Heal unhealthy docker instances once per hour on_calendar_renew_lets_encrypt_certificates: "*-*-* 12,00:30:00" # Renew Mailu certificates twice per day on_calendar_deploy_certificates: "*-*-* 13,01:30:00" # Deploy letsencrypt certificates twice per day to docker containers on_calendar_msi_keyboard_color: "*-*-* *:*:00" # Change the keyboard color every minute on_calendar_cleanup_failed_docker: "*-*-* 12:00:00" # Clean up failed docker backups every noon on_calendar_btrfs_auto_balancer: "Sat *-*-01..07 00:00:00" # Execute btrfs auto balancer every first Saturday of a month on_calendar_restart_docker: "Sun *-*-* 08:00:00" # Restart docker instances every Sunday at 8:00 AM # Storage Space-Related Configurations size_percent_maximum_backup: 75 # Maximum storage space in percent for backups size_percent_cleanup_disc_space: 85 # Threshold for triggering cleanup actions size_percent_disc_space_warning: 90 # Warning threshold in percent for free disk space # Path Variables for Key Directories and Scripts path_administrator_home: "/home/administrator/" path_administrator_scripts: "{{path_administrator_home}}scripts/" path_docker_volumes: "{{path_administrator_home}}volumes/docker/" path_docker_compose_instances: "{{path_administrator_home}}docker-compose/" path_system_lock_script: "{{path_administrator_scripts}}system-maintenance-lock.py" # Runtime Variables for Process Control activate_all_timers: false # Activates all timers, independend if the handlers had been triggered nginx_matomo_tracking: false # Activates matomo tracking on all html pages # System maintenance Services ## Timeouts to wait for other services to stop system_maintenance_lock_timeout_cleanup_services: "15min" system_maintenance_lock_timeout_storage_optimizer: "10min" system_maintenance_lock_timeout_backup_services: "1h" system_maintenance_lock_timeout_heal_docker: "30min" system_maintenance_lock_timeout_update_docker: "2min" system_maintenance_lock_timeout_restart_docker: "{{system_maintenance_lock_timeout_update_docker}}" ## Services ### Defined Services for Backup Tasks system_maintenance_backup_services: - "backup-docker-to-local" - "backup-remote-to-local" - "backup-data-to-usb" - "backup-docker-to-local-everything" ### Defined Services for System Cleanup system_maintenance_cleanup_services: - "cleanup-backups" - "cleanup-disc-space" - "cleanup-failed-docker-backups" ### Services that Manipulate the System system_maintenance_manipulation_services: - "heal-docker" - "update-docker" - "system-storage-optimizer" - "restart-docker" ## Total System Maintenance Services system_maintenance_services: "{{ system_maintenance_backup_services + system_maintenance_cleanup_services + system_maintenance_manipulation_services }}" ### Define Variables for Docker Volume Health services whitelisted_anonymous_docker_volumes: [] # Webserver Configuration ## Nginx-Specific Path Configurations nginx_configuration_directory: "/etc/nginx/conf.d/" # General configuration dir nginx_servers_directory: "{{nginx_configuration_directory}}servers/" # Contains server blogs nginx_maps_directory: "{{nginx_configuration_directory}}maps/" # Contains mappins nginx_streams_directory: "{{nginx_configuration_directory}}streams/" # Contains streams configuration e.g. for ldaps nginx_well_known_root: "/usr/share/nginx/well-known/" # Path where well-known files are stored nginx_homepage_root: "/usr/share/nginx/homepage/" # Path where the static homepage files are stored ## Nginx static repository nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file ## Domains ### Service Domains domain_akaunting: "accounting.{{primary_domain}}" domain_attendize: "tickets.{{primary_domain}}" domain_baserow: "baserow.{{primary_domain}}" domain_bigbluebutton: "meet.{{primary_domain}}" domain_bluesky_api: "bluesky.{{primary_domain}}" domain_bluesky_web: "bskyweb.{{primary_domain}}" domain_discourse: "forum.{{primary_domain}}" domain_elk: "elk.{{primary_domain}}" domain_friendica: "friendica.{{primary_domain}}" domain_funkwhale: "music.{{primary_domain}}" domain_gitea: "git.{{primary_domain}}" domain_gitlab: "gitlab.{{primary_domain}}" domain_keycloak: "auth.{{primary_domain}}" domain_ldap: "ldap.{{primary_domain}}" domain_listmonk: "newsletter.{{primary_domain}}" domain_mailu: "{{system_email_host}}" domain_mastodon: "microblog.{{primary_domain}}" domains_mastodon_alternates: ["mastodon.{{primary_domain}}"] domain_matomo: "matomo.{{primary_domain}}" domain_matrix_synapse: "matrix.{{primary_domain}}" domain_matrix_element: "element.{{primary_domain}}" domain_moodle: "academy.{{primary_domain}}" domain_mediawiki: "wiki.{{primary_domain}}" domain_nextcloud: "cloud.{{primary_domain}}" domain_openproject: "project.{{primary_domain}}" domain_pixelfed: "picture.{{primary_domain}}" domain_peertube: "video.{{primary_domain}}" domains_peertube: [] domain_portfolio: "{{primary_domain}}" domain_roulette: "roulette.{{primary_domain}}" domain_taiga: "kanban.{{primary_domain}}" domain_yourls: "s.{{primary_domain}}" domains_wordpress: ["wordpress.{{primary_domain}}","blog.{{primary_domain}}"] ### Domain Redirects redirect_domain_mappings: - { source: "akaunting.{{primary_domain}}", target: "{{domain_akaunting}}" } - { source: "bbb.{{primary_domain}}", target: "{{domain_bigbluebutton}}" } - { source: "discourse.{{primary_domain}}", target: "{{domain_discourse}}" } - { source: "funkwhale.{{primary_domain}}", target: "{{domain_funkwhale}}" } - { source: "gitea.{{primary_domain}}", target: "{{domain_gitea}}" } - { source: "keycloak.{{primary_domain}}", target: "{{domain_keycloak}}" } - { source: "listmonk.{{primary_domain}}", target: "{{domain_listmonk}}" } - { source: "moodle.{{primary_domain}}", target: "{{domain_moodle}}" } - { source: "nextcloud.{{primary_domain}}", target: "{{domain_nextcloud}}" } - { source: "openproject.{{primary_domain}}", target: "{{domain_openproject}}" } - { source: "peertube.{{primary_domain}}", target: "{{domain_peertube}}" } - { source: "pictures.{{primary_domain}}", target: "{{domain_pixelfed}}" } - { source: "pixelfed.{{primary_domain}}", target: "{{domain_pixelfed}}" } - { source: "short.{{primary_domain}}", target: "{{domain_yourls}}" } - { source: "taiga.{{primary_domain}}", target: "{{domain_taiga}}" } - { source: "videos.{{primary_domain}}", target: "{{domain_peertube}}" } ## Docker Applications ### Enable Central MariaDB enable_central_database: true enable_central_database_mailu: "{{enable_central_database}}" ### Enable Storage Optimizer for Docker Volumes enable_system_storage_optimizer: true ### Docker Role Specific Parameters docker_restart_policy: "unless-stopped" #### Akaunting akaunting_version: "latest" akaunting_company_name: "{{primary_domain}}" akaunting_company_email: "{{administrator_email}}" akaunting_setup_admin_email: "{{administrator_email}}" #### Attendize attendize_version: "latest" #### Baserow baserow_version: "latest" #### Big Blue Button bigbluebutton_enable_greenlight: "true" #### Bluesky bluesky_administrator_email: "{{administrator_email}}" bluesky_pds_version: "latest" #### Friendica friendica_version: "latest" #### Gitea gitea_version: "latest" #### Gitlab gitlab_version: "latest" #### Joomla joomla_version: "latest" #### Keycloak keycloak_version: "latest" keycloak_administrator_username: "{{administrator_username}}" #### LDAP ldap_lam_version: "latest" ldap_openldap_version: "latest" ldap_phpldapadmin_version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest ldap_webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin ldap_administrator_username: "{{administrator_username}}" ldap_administrator_password: "{{user_administrator_initial_password}}" #CHANGE for security reasons ldap_administrator_database_password: "{{user_administrator_initial_password}}" #CHANGE for security reasons ldap_lam_administrator_password: "{{user_administrator_initial_password}}" #CHANGE for security reasons #### Listmonk listmonk_admin_username: "{{administrator_username}}" listmonk_public_api_activated: False # Security hole. Can be used for spaming listmonk_version: "latest" #### MariaDB mariadb_version: "latest" #### Matomo matomo_version: "latest" #### Mastodon mastodon_version: "latest" mastodon_single_user_mode: false #### Matrix matrix_administrator_username: "{{administrator_username}}" # Accountname of the matrix admin matrix_playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start matrix_role: "compose" # Role to setup Matrix. Valid values: ansible, compose matrix_server_name: "{{primary_domain}}" # Adress for the account names etc. matrix_synapse_version: "latest" matrix_element_version: "latest" #### Mailu mailu_version: "2024.06" mailu_domain: "{{primary_domain}}" mailu_subnet: "192.168.203.0/24" #### Moodle moodle_site_name: "Global Learning Academy on {{primary_domain}}" moodle_administrator_name: "{{administrator_username}}" moodle_administrator_email: "{{administrator_email}}" moodle_version: "latest" #### MyBB mybb_version: "latest" #### Nextcloud nextcloud_version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/ #### Peertube peertube_version: "bookworm" #### Pixelfed pixelfed_app_name: "Pictures on {{primary_domain}}" pixelfed_version: "latest" #### Postgres # Please set an version in your inventory file - Rolling release for postgres isn't recommended postgres_database_version: "latest" #### Taiga taiga_version: "latest" #### YOURLS yourls_administrator_username: "{{administrator_username}}" yourls_version: "latest"