mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-26 21:45:20 +02:00
Kevin Veen-Birkenbach
3a839cfe37
This commit restructures systemctl service definitions and category mappings. Motivation: Alarm-related bugs revealed inconsistencies in service and role handling. Preparation step: lays the groundwork for fixing the alarm issues by aligning categories, roles, and service templates.
81 lines
3.8 KiB
YAML
81 lines
3.8 KiB
YAML
SOFTWARE_NAME: "Infinito.Nexus" # Name of the software
|
|
|
|
# Deployment
|
|
ENVIRONMENT: "production" # Possible values: production, development
|
|
DEPLOYMENT_MODE: "single" # Use single, if you deploy on one server. Use cluster if you setup in cluster mode.
|
|
|
|
# If true, sensitive credentials will be masked or hidden from all Ansible task logs
|
|
# Recommendet to set to true
|
|
# @todo needs to be implemented everywhere
|
|
MASK_CREDENTIALS_IN_LOGS: true
|
|
|
|
HOST_CURRENCY: "EUR"
|
|
HOST_TIMEZONE: "UTC"
|
|
|
|
# https://en.wikipedia.org/wiki/ISO_639
|
|
HOST_LL: "en" # Some applications are case sensitive
|
|
HOST_LL_CC: "{{HOST_LL}}_GB"
|
|
|
|
HOST_DATE_FORMAT: "YYYY-MM-DD"
|
|
HOST_TIME_FORMAT: "HH:mm"
|
|
|
|
HOST_THOUSAND_SEPARATOR: "."
|
|
HOST_DECIMAL_MARK: ","
|
|
|
|
# Web
|
|
WEB_PROTOCOL: "https" # Web protocol type. Use https or http. If you run local you need to change it to http
|
|
WEB_PORT: "{{ 443 if WEB_PROTOCOL == 'https' else 80 }}" # Default port web applications will listen to
|
|
|
|
# Domain
|
|
PRIMARY_DOMAIN: "localhost" # Primary Domain of the server
|
|
|
|
DNS_PROVIDER: cloudflare # The DNS Provider\Registrar for the domain
|
|
|
|
HOSTING_PROVIDER: hetzner # Provider which hosts the server
|
|
|
|
# Which ACME method to use: webroot, cloudflare, or hetzner
|
|
CERTBOT_ACME_CHALLENGE_METHOD: "cloudflare"
|
|
CERTBOT_CREDENTIALS_DIR: /etc/certbot
|
|
CERTBOT_CREDENTIALS_FILE: "{{ CERTBOT_CREDENTIALS_DIR }}/{{ CERTBOT_ACME_CHALLENGE_METHOD }}.ini"
|
|
CERTBOT_DNS_PROPAGATION_WAIT_SECONDS: 300 # How long should the script wait for DNS propagation before continuing
|
|
CERTBOT_FLAVOR: san # Possible options: san (recommended, with a dns flavor like cloudflare, or hetzner), wildcard(doesn't function with www redirect), dedicated
|
|
|
|
# Letsencrypt
|
|
LETSENCRYPT_WEBROOT_PATH: "/var/lib/letsencrypt/" # Path where Certbot stores challenge webroot files
|
|
LETSENCRYPT_BASE_PATH: "/etc/letsencrypt/" # Base directory containing Certbot configuration, account data, and archives
|
|
LETSENCRYPT_LIVE_PATH: "{{ LETSENCRYPT_BASE_PATH }}live/" # Symlink directory for the current active certificate and private key
|
|
|
|
## Docker
|
|
DOCKER_RESTART_POLICY: "unless-stopped" # Default restart parameter for docker containers
|
|
DOCKER_VARS_FILE: "{{ playbook_dir }}/roles/docker-compose/vars/docker-compose.yml" # File containing docker compose variables used by other services
|
|
DOCKER_WHITELISTET_ANON_VOLUMES: [] # Volumes which should be ignored during docker anonymous health check
|
|
|
|
# Asyn Confitguration
|
|
ASYNC_ENABLED: "{{ not MODE_DEBUG | bool }}" # Activate async, deactivated for debugging
|
|
ASYNC_TIME: "{{ 300 if ASYNC_ENABLED | bool else omit }}" # Run for mnax 5min
|
|
ASYNC_POLL: "{{ 0 if ASYNC_ENABLED | bool else 10 }}" # Don't wait for task
|
|
|
|
# default value if not set via CLI (-e) or in playbook vars
|
|
allowed_applications: []
|
|
|
|
# helper
|
|
_applications_nextcloud_oidc_flavor: >-
|
|
{{
|
|
applications
|
|
| get_app_conf(
|
|
'web-app-nextcloud',
|
|
'oidc.flavor',
|
|
False,
|
|
'oidc_login'
|
|
if applications
|
|
| get_app_conf('web-app-nextcloud','features.ldap',False, True)
|
|
else 'sociallogin'
|
|
)
|
|
}}
|
|
|
|
# Role-based access control
|
|
# @See https://en.wikipedia.org/wiki/Role-based_access_control
|
|
RBAC:
|
|
GROUP:
|
|
NAME: "/roles" # Name of the group which holds the RBAC roles
|
|
CLAIM: "groups" # Name of the claim containing the RBAC groups |