computer-playbook/group_vars/all/00_general.yml

HOST_CURRENCY:            "EUR"
HOST_TIMEZONE:            "UTC"

# https://en.wikipedia.org/wiki/ISO_639
HOST_LL:                  "en"          # Some applications are case sensitive
HOST_LL_CC:               "{{HOST_LL}}_{{HOST_LL | upper }}"

HOST_DATE_FORMAT:         "YYYY-MM-DD"
HOST_TIME_FORMAT:         "HH:mm"

HOST_THOUSAND_SEPARATOR:  "."
HOST_DECIMAL_MARK:        ","

# Deployment mode
deployment_mode:        "single"      # Use single, if you deploy on one server. Use cluster if you setup in cluster mode.

web_protocol:           "https"       # Web protocol type. Use https or http. If you run local you need to change it to http

## Domain
primary_domain_tld:     "localhost"                                     # Top Level Domain of the server
primary_domain_sld:     "cymais"                                        # Second Level Domain of the server
primary_domain:         "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server

# Helper Variables

# Helper Variables for administrator
_users_administrator_username:  "{{ users.administrator.username | default('administrator') }}"
_users_administrator_email:     "{{ users.administrator.email | default(_users_administrator_username ~ '@' ~ primary_domain) }}"

# Helper Variables for bounce
_users_bounce_username:        "{{ users.bounce.username | default('bounce') }}"
_users_bounce_email:           "{{ users.bounce.email | default(_users_bounce_username ~ '@' ~ primary_domain) }}"

# Helper Variables for no-reply
_users_no_reply_username:       "{{ users['no-reply'].username | default('no-reply') }}"
_users_no_reply_email:          "{{ users['no-reply'].email | default(_users_no_reply_username ~ '@' ~ primary_domain) }}"

# Administrator
default_users:
  administrator:
    username:           "{{_users_administrator_username}}"     # Username of the administrator
    email:              "{{_users_administrator_email}}"        # Email of the administrator
    password:           "{{ansible_become_password}}"           # Example initialisation password needs to be set in inventory file
    uid:                1001                                    # Posix User ID
    gid:                1001                                    # Posix Group ID
    is_admin:           true                                    # Define as admin user

  bounce:
    username:           "{{ _users_bounce_username }}"          # Bounce-handler account username
    email:              "{{ _users_bounce_email }}"             # Email address for handling bounces
    password:           "{{ansible_become_password}}"           # Example initialisation password needs to be set in inventory file
    uid:                1002                                    # Posix User ID for bounce
    gid:                1002                                    # Posix Group ID for bounce

  no-reply:
    username:           "{{ _users_no_reply_username }}"        # No-reply account username
    email:              "{{ _users_no_reply_email }}"           # Email address for outgoing no-reply mails
    password:           "{{ansible_become_password}}"           # Example initialisation password needs to be set in inventory file
    uid:                1003                                    # Posix User ID for no-reply
    gid:                1003                                    # Posix Group ID for no-reply


# Test Email
test_email:             "test@{{primary_domain}}"

# Server Tact Variables 

## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
hours_server_awake:                       "0..23"

## Random delay for systemd timers to avoid peak loads.
randomized_delay_sec:                     "5min"

# Runtime Variables for Process Control
activate_all_timers:                       false   # Activates all timers, independend if the handlers had been triggered

# One Wildcard Certificate for All Subdomains
# Enables a single Let's Encrypt wildcard certificate for all subdomains instead of individual certificates.
# Default: false (recommended for automatic setup).
# Setting this to true requires additional manual configuration.
# Using a wildcard certificate can improve performance by reducing TLS handshakes.
# To enable, update your inventory file.
# For detailed setup instructions, visit: 
# https://github.com/kevinveenbirkenbach/cymais/tree/master/roles/nginx-docker-cert-deploy
enable_wildcard_certificate:              false  

# This enables debugging in ansible and in the apps
# You SHOULD NOT enable this on production servers
enable_debug:                             false

# Which ACME method to use: webroot, cloudflare, or hetzner
certbot_acme_challenge_method:            "webroot"
certbot_credentials_dir:                  /etc/certbot
certbot_credentials_file:                 "{{ certbot_credentials_dir }}/{{ certbot_acme_challenge_method }}.ini"
# certbot_dns_api_token                   # Define in inventory file