--- postgres_users_no_log: false local_users: webwaffel: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - l3d@bsns.l3d webwaffelpodcast: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - l3d@bsns.l3d files: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - l3d@bsns.l3d preview: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - l3d@bsns.l3d see: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - l3d@bsns.l3d winkekatze: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - l3d@bsns.l3d m2: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - l3d@bsns.l3d klima: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - l3d@bsns.l3d roles: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - l3d@bsns.l3d sshd__allowed_users: - "root" - "ansible" - "l3d" - "webwaffel" - "webwaffelpodcast" - "gitea" - "files" - "preview" - 'see' - 'winkekatze' - 'm2' - 'klima' - 'roles' sshd__allowed_groups: - "root" - "ansible" - "l3d" - "webwaffel" - "webwaffelpodcast" - "gitea" - "files" - "preview" - 'see' - 'winkekatze' - 'm2' - 'klima' - 'roles' local_accounts: - 'l3d' - 'webwaffel' - 'webwaffelpodcast' - 'files' - 'preview' - 'see' - 'winkekatze' - 'm2' - 'klima' - 'roles' # acmetool config acme_reload_services: - 'nginx' acme_restart_services: - 'gitea' acme_domain_unwant_list: - name: 'backwesen.de' - name: 'www.backwesen.de' # - name: 'example.com' nginx_sites: - name: 'c3woc.de' webroot: user: 'webwaffel' - name: 'www.c3woc.de' - name: 'waffel.tv' - name: 'www.waffel.tv' - name: 'c3woc.org' - name: 'waffel.li' - name: 'www.waffel.li' - name: 'www.camp.waffel.li' - name: '37c3.waffel.li' - name: 'www.37c3.waffel.li' - name: 'www.c3woc.org' - name: 'c3woc.eu' - name: 'www.c3woc.eu' - name: 'c3woc.cn' - name: 'www.c3woc.cn' - name: 'waffeln.eskalieren.jetzt' - name: 'waffeln.fehlerfrei.org' - name: 'www.waffeln.fehlerfrei.org' - name: 'l3d.space' - name: 'www.l3d.space' - name: 'ansible.l3d.space' webroot: user: 'roles' - name: 'www.ansible.l3d.space' - name: 'l3d.yt' - name: 'www.l3d.yt' - name: 'l3d.ch' - name: 'www.l3d.ch' - name: 'l3d.me' - name: 'www.l3d.me' - name: 'podcast.c3woc.de' webroot: user: 'webwaffelpodcast' - name: 'www.podcast.c3woc.de' - name: 'podcast.c3woc.org' - name: 'www.podcast.c3woc.org' - name: 'podcast.c3woc.eu' - name: 'www.podcast.c3woc.eu' - name: 'angel.systems' - name: 'www.angel.systems' - name: 'einhornsystem.de' - name: 'www.einhornsystem.de' - name: 'git.l3d.ch' - name: 'www.git.l3d.ch' - name: 'files.l3d.ch' webroot: user: 'files' - name: 'www.files.l3d.ch' - name: 'preview.c3woc.de' webroot: user: 'preview' - name: 'waffelpate.de' - name: 'www.waffelpate.de' - name: 'xn--see-br-0xa.se' webroot: user: 'see' - name: 'www.xn--see-br-0xa.se' - name: 'thelaend.xn--see-br-0xa.se' - name: 'www.thelaend.xn--see-br-0xa.se' - name: 'aalen-geekend-23.winkekatze.tv' webroot: user: 'winkekatze' - name: 'www.aalen-geekend-23.winkekatze.tv' - name: 'winkekatze.tv' webroot: user: 'winkekatze' - name: 'www.winkekatze.tv' - name: 'klima-streik.de' webroot: user: 'klima' - name: 'www.klima-streik.de' - name: 'node-exporter.web01.l3d.space' - name: 'nginx-exporter.web01.l3d.space' acme_notification_email: "{{ _acme_notification_email }}" # firewall fail2ban_destemail: "{{ _fail2ban_destemail }}" firewall_allowed_tcp_ports: - "22" - "80" - "443" # gitea settings gitea_app_name: 'git.l3d.ch' gitea_http_domain: 'git.l3d.ch' gitea_root_url: 'https://git.l3d.ch' gitea_protocol: 'http' gitea_shell: '/bin/bash' gitea_lfs_server_enabled: true gitea_lfs_content_path: "{{ gitea_home }}/data/lfs" gitea_repository_root: "{{ gitea_home }}/repos" gitea_ssh_domain: "{{ gitea_http_domain }}" gitea_start_ssh: "{{ _gitea_start_ssh }}" gitea_ssh_port: 22 gitea_require_signin: false gitea_password_check_pwn: true gitea_actions_enabled: true gitea_actions_default_actions_url: 'self' # gitea db gitea_db_type: mysql gitea_db_host: "{{ _gitea_db_host }}" gitea_db_name: "{{ _gitea_db_name }}" gitea_db_user: "{{ _gitea_db_user }}" gitea_db_password: "{{ _gitea_db_password }}" gitea_db_ssl: "{{ _gitea_db_ssl }}" gitea_db_path: false # gitea mail gitea_mailer_enabled: true gitea_mailer_protocol: 'smtps' gitea_mailer_smtp_addr: 'mail01.l3d.space' gitea_mailer_smtp_port: '465' gitea_mailer_user: 'git@l3d.ch' gitea_mailer_password: "{{ _gitea_mail_password }}" gitea_mailer_from: 'git@l3d.ch' gitea_subject_prefix: 'git' gitea_mailer_host: 'mail01.l3d.space:465' # federation gitea_federation_enabled: true gitea_federation_share_user_stats: true # gitea other gitea_fail2ban_enabled: true gitea_metrics_enabled: true gitea_metrics_token: "{{ _gitea_metrics_token }}" gitea_repo_indexer_enabled: true gitea_enable_notify_mail: true gitea_other_show_footer_version: false gitea_other_show_footer_template_load_time: false gitea_customize_logo: true gitea_customize_footer: true gitea_enable_cors: true gitea_default_repo_units: 'repo.code,repo.releases,repo.pulls' gitea_disabled_repo_units: 'repo.wiki,repo.ext_wiki,repo.projects' gitea_enable_push_create_user: true gitea_repository_upload_max_size: 30 gitea_attachment_types: '*/*' gitea_attachment_max_size: 35 # gitea secrets gitea_disable_git_hooks: "{{ _gitea_disable_git_hooks }}" gitea_disable_registration: "{{ _gitea_disable_registration }}" gitea_show_registration_button: "{{ _gitea_show_registration_button }}" # l3d.nginx_exporter nginx_exporter_listen_address: '127.0.0.1:9113' nginx_exporter_scrape_uri: 'https://node-exporter.web01.l3d.space/nginx_status'