--- l3d_users__local_users: - name: 'weechat' state: 'present' admin: false pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}" - name: 'mailwebuser' state: 'present' admin: false pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}" # mail domains additional_dns_maildomains: 'mail.l3d.space imap.l3d.space smtp.l3d.space' # mailserver mailserver_domain: "{{ _mailserver_domain }}" postfix__inet_interfaces: "127.0.0.1, ::1, {{ hostvars[ inventory_hostname ].ansible_default_ipv4.address }}, {{ hostvars[ inventory_hostname ].ansible_default_ipv6.address }}" # mail mysql access mailserver__mysql_password: "{{ _mailserver__mysql_password }}" mailserver__mysql_user: "{{ _mailserver__mysql_user }}" mailserver__mysql_database: "{{ _mailserver__mysql_database }}" mailserver__ssl_cert: "{{ _mailserver__ssl_cert }}" mailserver__ssl_key: "{{ _mailserver__ssl_key }}" postfix__db_user: "{{ _mailserver__mysql_user }}" postfix__db_password: "{{ _mailserver__mysql_password }}" postfix__db_name: "{{ _mailserver__mysql_database }}" acme_domain_unwant_list: [] # - name: 'example.com' nginx_sites: - name: 'mail.l3d.space' webroot: user: 'mailwebuser' - name: "{{ mailserver_domain }}" - name: 'node-exporter.mail01.l3d.space' - name: 'nginx-exporter.mail01.l3d.space' # letsencrypt acme_notification_email: "{{ _acme_notification_email }}" # acmetool config acme_reload_services: - 'nginx' acme_restart_services: - 'rspamd' - 'dovecot' - 'unbound' - 'redis-server' # firewall fail2ban_destemail: "{{ _fail2ban_destemail }}" firewall_allowed_tcp_ports: - "22" - "25" - "80" - "143" - "443" - "465" - "587" - "993" - "4190" - "42023" # mysql mysql_bind_address: "{{ _mysql_bind_address }}" mysql_root_password: "{{ _mysql_root_password }}" # weechat weechat__install: true weechat__autostart: true weechat__user: 'weechat' weechat__home_directory: '/home/weechat' weechat__install_plugins: true weechat__use_custom_config: true weechat__custom_private_repo: 'gitea@git.l3d.ch:l3d/weechat-config.git' weechat__custom_gen_ssh_key_pair: true weechat__custom_version: 'main' # postfix postfix__myhostname: "{{ mailserver_domain }}" postfix__tls_cert: "{{ mailserver__ssl_cert }}" postfix__tls_key: "{{ mailserver__ssl_key }}" # fail2ban fail2ban_jail_configuration: - option: 'enabled' value: 'true' section: 'postfix' - option: 'mode' value: 'extra' section: 'postfix' - option: 'enabled' value: 'true' section: 'dovecot' nginx__infrastructure_domain__enabled: false # l3d.time.ntp ntp_statistics: true # l3d.nginx_exporter nginx_exporter_listen_address: '127.0.0.1:9113' nginx_exporter_scrape_uri: 'https://node-exporter.mail01.l3d.space/nginx_status'