mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-01-10 02:07:25 +01:00
228 lines
11 KiB
Plaintext
228 lines
11 KiB
Plaintext
# General
|
|
pause_duration: "120" # Database delay to wait for the central database before continue tasks
|
|
top_domain: "localhost" # Change this in inventory to your domain
|
|
ip4_address: "127.0.0.1" # Change thie in inventory to the ip address of your server
|
|
backups_folder_path: "/Backups/" # Path to the backups folder
|
|
|
|
# Administrator
|
|
administrator_username: "administrator" # Username of the administrator
|
|
administrator_email: "{{administrator_username}}@{{top_domain}}" # Email of the administrator
|
|
|
|
# Mode
|
|
|
|
# The following modes can be combined with each other
|
|
mode_reset: false # Cleans up all CyMaIS files. It's necessary to run to whole playbook and not particial roles when using this function.
|
|
mode_debug: false # Prints well formated debug information
|
|
mode_test: false # Executes test routines instead of productive routines
|
|
mode_update: true # Executes updates
|
|
mode_backup: true # Activates the backup before the update procedure
|
|
mode_setup: false # Execute the setup and initializing procedures
|
|
|
|
|
|
# Server Tact Variables
|
|
|
|
## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
|
|
hours_server_awake: "0..23"
|
|
|
|
## Random delay for systemd timers to avoid peak loads.
|
|
randomized_delay_sec: "5min"
|
|
|
|
## Schedule for Health Checks
|
|
on_calendar_health_btrfs: "*-*-* 00:00:00" # Check once per day the btrfs for errors
|
|
on_calendar_health_journalctl: "*-*-* 00:00:00" # Check once per day the journalctl for errors
|
|
on_calendar_health_disc_space: "*-*-* 06,12,18,00:00:00" # Check four times per day if there is sufficient disc space
|
|
on_calendar_health_docker_container: "*-*-* {{ hours_server_awake }}:00:00" # Check once per hour if the docker containers are healthy
|
|
on_calendar_health_docker_volumes: "*-*-* {{ hours_server_awake }}:15:00" # Check once per hour if the docker volumes are healthy
|
|
on_calendar_health_nginx: "*-*-* {{ hours_server_awake }}:45:00" # Check once per hour if all webservices are available
|
|
|
|
## Schedule for Cleanup Tasks
|
|
on_calendar_cleanup_backups: "*-*-* 00,06,12,18:30:00" # Cleanup backups every 6 hours, MUST be called before disc space cleanup
|
|
on_calendar_cleanup_disc_space: "*-*-* 07,13,19,01:30:00" # Cleanup disc space every 6 hours
|
|
|
|
## Schedule for Backup Tasks
|
|
on_calendar_backup_docker_to_local: "*-*-* 03:30:00"
|
|
on_calendar_backup_remote_to_local: "*-*-* 21:30:00"
|
|
|
|
## Schedule for Maintenance Tasks
|
|
on_calendar_heal_docker: "*-*-* {{ hours_server_awake }}:30:00" # Heal unhealthy docker instances once per hour
|
|
on_calendar_renew_lets_encrypt_certificates: "*-*-* 12,00:30:00" # Renew Mailu certificates twice per day
|
|
on_calendar_deploy_mailu_certificates: "*-*-* 13,01:30:00" # Deploy Mailu certificates twice per day
|
|
on_calendar_msi_keyboard_color: "*-*-* *:*:00" # Change the keyboard color every minute
|
|
on_calendar_cleanup_failed_docker: "*-*-* 12:00:00" # Clean up failed docker backups every noon
|
|
on_calendar_btrfs_auto_balancer: "Sat *-*-01..07 00:00:00" # Execute btrfs auto balancer every first Saturday of a month
|
|
on_calendar_restart_docker: "Sun *-*-* 08:00:00" # Restart docker instances every Sunday at 8:00 AM
|
|
|
|
# Storage Space-Related Configurations
|
|
size_percent_maximum_backup: 75 # Maximum storage space in percent for backups
|
|
size_percent_cleanup_disc_space: 85 # Threshold for triggering cleanup actions
|
|
size_percent_disc_space_warning: 90 # Warning threshold in percent for free disk space
|
|
|
|
|
|
# Path Variables for Key Directories and Scripts
|
|
path_administrator_home: "/home/administrator/"
|
|
path_administrator_scripts: "{{path_administrator_home}}scripts/"
|
|
path_docker_volumes: "{{path_administrator_home}}volumes/docker/"
|
|
path_docker_compose_instances: "{{path_administrator_home}}docker-compose/"
|
|
path_system_lock_script: "{{path_administrator_scripts}}system-maintenance-lock.py"
|
|
|
|
|
|
# Runtime Variables for Process Control
|
|
activate_all_timers: false # Activates all timers, independend if the handlers had been triggered
|
|
nginx_matomo_tracking: false # Activates matomo tracking on all html pages
|
|
|
|
# System maintenance Services
|
|
|
|
## Timeouts to wait for other services to stop
|
|
system_maintenance_lock_timeout_cleanup_services: "15min"
|
|
system_maintenance_lock_timeout_storage_optimizer: "10min"
|
|
system_maintenance_lock_timeout_backup_services: "1h"
|
|
system_maintenance_lock_timeout_heal_docker: "30min"
|
|
system_maintenance_lock_timeout_update_docker: "2min"
|
|
system_maintenance_lock_timeout_restart_docker: "{{system_maintenance_lock_timeout_update_docker}}"
|
|
|
|
## Services
|
|
|
|
### Defined Services for Backup Tasks
|
|
system_maintenance_backup_services:
|
|
- "backup-docker-to-local"
|
|
- "backup-remote-to-local"
|
|
- "backup-data-to-usb"
|
|
- "backup-docker-to-local-everything"
|
|
|
|
### Defined Services for System Cleanup
|
|
system_maintenance_cleanup_services:
|
|
- "cleanup-backups"
|
|
- "cleanup-disc-space"
|
|
- "cleanup-failed-docker-backups"
|
|
|
|
### Services that Manipulate the System
|
|
system_maintenance_manipulation_services:
|
|
- "heal-docker"
|
|
- "update-docker"
|
|
- "system-storage-optimizer"
|
|
- "restart-docker"
|
|
|
|
## Total System Maintenance Services
|
|
system_maintenance_services: "{{ system_maintenance_backup_services + system_maintenance_cleanup_services + system_maintenance_manipulation_services }}"
|
|
|
|
### Define Variables for Docker Volume Health services
|
|
whitelisted_anonymous_docker_volumes: []
|
|
|
|
# Webserver Configuration
|
|
|
|
## Nginx-Specific Path Configurations
|
|
nginx_configuration_directory: "/etc/nginx/conf.d/" # General configuration dir
|
|
nginx_servers_directory: "{{nginx_configuration_directory}}servers/" # Contains server blogs
|
|
nginx_maps_directory: "{{nginx_configuration_directory}}maps/" # Contains mappins
|
|
nginx_upstreams_directory: "{{nginx_configuration_directory}}upstreams/" # Contains upstream configurations
|
|
nginx_well_known_root: "/usr/share/nginx/well-known/" # Path where well-known files are stored
|
|
nginx_homepage_root: "/usr/share/nginx/homepage/" # Path where the static homepage files are stored
|
|
|
|
## Domains
|
|
|
|
### Service Domains
|
|
domain_akaunting: "accounting.{{top_domain}}"
|
|
domain_attendize: "tickets.{{top_domain}}"
|
|
domain_baserow: "baserow.{{top_domain}}"
|
|
domain_bigbluebutton: "meet.{{top_domain}}"
|
|
domain_discourse: "forum.{{top_domain}}"
|
|
domain_elk: "elk.{{top_domain}}"
|
|
domain_funkwhale: "music.{{top_domain}}"
|
|
domain_gitea: "git.{{top_domain}}"
|
|
domain_gitlab: "gitlab.{{top_domain}}"
|
|
domain_listmonk: "newsletter.{{top_domain}}"
|
|
domain_mailu: "mail.{{top_domain}}"
|
|
domain_mastodon: "microblog.{{top_domain}}"
|
|
domains_mastodon_alternates: ["mastodon.{{top_domain}}"]
|
|
domain_matomo: "matomo.{{top_domain}}"
|
|
domain_matrix_synapse: "matrix.{{top_domain}}"
|
|
domain_matrix_element: "element.{{top_domain}}"
|
|
domain_moodle: "academy.{{top_domain}}"
|
|
domain_mediawiki: "wiki.{{top_domain}}"
|
|
domain_nextcloud: "cloud.{{top_domain}}"
|
|
domain_openproject: "project.{{top_domain}}"
|
|
domain_pixelfed: "picture.{{top_domain}}"
|
|
domain_peertube: "video.{{top_domain}}"
|
|
domains_peertube: []
|
|
domain_roulette: "roulette.{{top_domain}}"
|
|
domain_taiga: "kanban.{{top_domain}}"
|
|
domain_yourls: "s.{{top_domain}}"
|
|
domains_wordpress: ["wordpress.{{top_domain}}","blog.{{top_domain}}"]
|
|
|
|
### Domain Redirects
|
|
redirect_domain_mappings:
|
|
- { source: "akaunting.{{top_domain}}", target: "{{domain_akaunting}}" }
|
|
- { source: "bbb.{{top_domain}}", target: "{{domain_bigbluebutton}}" }
|
|
- { source: "discourse.{{top_domain}}", target: "{{domain_discourse}}" }
|
|
- { source: "funkwhale.{{top_domain}}", target: "{{domain_funkwhale}}" }
|
|
- { source: "gitea.{{top_domain}}", target: "{{domain_gitea}}" }
|
|
- { source: "listmonk.{{top_domain}}", target: "{{domain_listmonk}}" }
|
|
- { source: "moodle.{{top_domain}}", target: "{{domain_moodle}}" }
|
|
- { source: "nextcloud.{{top_domain}}", target: "{{domain_nextcloud}}" }
|
|
- { source: "openproject.{{top_domain}}", target: "{{domain_openproject}}" }
|
|
- { source: "peertube.{{top_domain}}", target: "{{domain_peertube}}" }
|
|
- { source: "pictures.{{top_domain}}", target: "{{domain_pixelfed}}" }
|
|
- { source: "pixelfed.{{top_domain}}", target: "{{domain_pixelfed}}" }
|
|
- { source: "short.{{top_domain}}", target: "{{domain_yourls}}" }
|
|
- { source: "taiga.{{top_domain}}", target: "{{domain_taiga}}" }
|
|
- { source: "videos.{{top_domain}}", target: "{{domain_peertube}}" }
|
|
|
|
## Docker Applications
|
|
|
|
### Enable Central MariaDB
|
|
enable_central_database: true
|
|
enable_central_database_mailu: "{{enable_central_database}}"
|
|
|
|
### Enable Storage Optimizer for Docker Volumes
|
|
enable_system_storage_optimizer: true
|
|
|
|
### Common Configurations
|
|
postgres_default_version: "16"
|
|
|
|
### Docker Role Specific Parameters
|
|
docker_restart_policy: "unless-stopped"
|
|
|
|
#### Akaunting
|
|
akaunting_version: "latest"
|
|
akaunting_company_name: "{{top_domain}}"
|
|
akaunting_company_email: "{{administrator_email}}"
|
|
akaunting_setup_admin_email: "{{administrator_email}}"
|
|
|
|
#### Big Blue Button
|
|
bigbluebutton_enable_greenlight: "true"
|
|
|
|
#### Listmonk
|
|
listmonk_admin_username: "admin"
|
|
listmonk_public_api_activated: False # Security hole. Can be used for spaming
|
|
|
|
#### Mastodon
|
|
mastodon_version: "latest"
|
|
mastodon_single_user_mode: false
|
|
|
|
#### Matrix
|
|
matrix_admin_name: "{{administrator_username}}" # Accountname of the matrix admin
|
|
matrix_playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
|
|
matrix_role: "compose" # Role to setup Matrix. Valid values: ansible, compose
|
|
matrix_server_name: "{{top_domain}}" # Adress for the account names etc.
|
|
|
|
#### Mailu
|
|
mailu_version: "2.0"
|
|
mailu_domain: "{{top_domain}}"
|
|
mailu_subnet: "192.168.203.0/24"
|
|
|
|
#### Moodle
|
|
moodle_site_name: "Global Learning Academy on {{top_domain}}"
|
|
moodle_user_name: "{{administrator_username}}"
|
|
moodle_user_email: "{{administrator_email}}"
|
|
|
|
#### Nextcloud
|
|
nextcloud_version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
|
|
|
|
#### Peertube
|
|
peertube_version: "bookworm"
|
|
|
|
#### Pixelfed
|
|
pixelfed_app_name: "Pictures on {{top_domain}}"
|
|
|
|
#### YOURLS
|
|
yourls_user: "{{administrator_username}}" |