vps/env.yml

domain: viyurz.fr
ldap_base_dn: dc=viyurz,dc=fr
timezone: "Europe/Paris"
host_uid: 1000
project_dir: "{{ ansible_env['HOME'] }}/docker-projects/{{ role_name }}"
docker_host: "unix:///run/user/{{ host_uid }}/docker.sock"

# UID shift for mapping between host & containers
uid_shift: 99999


# cifs_credentials is undefined when we run the backup playbook
# as a cronjob, so set empty default value to prevent errors,
# which is fine because we don't use it.
cifs_host: "{{ cifs_credentials['username'] | default('') }}.your-storagebox.de"

cifs_mounts:
  backups:
    src: "//{{ cifs_host }}/backup/backups"
    path: /mnt/storagebox/backups 
    uid: 0
    gid: "{{ host_uid }}"
    file_mode: 640
    dir_mode: 750
  storagebox:
    src: "//{{ cifs_host }}/backup"
    path: /mnt/storagebox
    uid: 0
    gid: 0
    file_mode: 640
    dir_mode: 751
  syncthing:
    src: "//{{ cifs_host }}/backup/syncthing"
    path: /mnt/storagebox/syncthing
    uid: "{{ users['syncthing'] + uid_shift }}"
    gid: "{{ users['syncthing'] + uid_shift }}"
    file_mode: 640
    dir_mode: 750


projects:
  - authelia
  - coturn
  - element
  - etebase
  - hedgedoc
  - homepage
  - lldap
  - mailserver
  - nginx
  - postgres
  - searxng
  - stump
  - synapse
  - syncthing
  - uptime-kuma
  - vaultwarden


projects_to_backup:
  - authelia
  - etebase
  - hedgedoc
  - lldap
  - mailserver
  - postgres
  - stump
  - synapse
  - uptime-kuma
  - vaultwarden


borg_repodir: "{{ cifs_mounts['backups']['path'] }}/borg"
borg_passphrase_file: /etc/borg-passphrase.txt
borg_prune_options: |
  --keep-within=1d
  --keep-daily=7
  --keep-weekly=4
  --keep-monthly=12
  --keep-yearly=10


# Ports exposed to host
ports:
  authelia: 9091
  coturn_listening: 3478
  coturn_tls_listening: 5349
  coturn_relay_min: 49152
  coturn_relay_max: 49172
  element: 8084
  etebase: 3735
  hedgedoc: 8086
  homepage: 8082
  lldap: 17170
  mailserver_smtp: 1025
  mailserver_smtps: 1465
  mailserver_imaps: 1993
  mailserver_jmap: 1443
  postgres: 5432
  searxng: 8083
  stump: 10801
  synapse: 8008
  syncthing_discosrv: 8443
  # Public port, forwarded to 22067 by nftables
  syncthing_relaysrv: 143
  syncthing_webui: 8384
  syncthing_tcp: 18880
  syncthing_udp: 22000
  uptime_kuma: 3001
  vaultwarden: 8081
  wireguard: 51820


# UID in containers
users:
  authelia: 1008
  coturn: 666
  etebase: 373
  hedgedoc: 1004
  homepage: 8686
  lldap: 1007
  mailserver: 8 # Do not change
  postgres: 70
  searxng: 977
  searxng_redis: 999
  stump: 1005
  synapse: 991
  syncthing: 1001
  syncthing_discosrv: 1002
  syncthing_relaysrv: 1003
  uptime_kuma: 1006
  vaultwarden: 1000
  wireguard: 1009


volumes:
  coturn_tls_certificate_file: "/etc/letsencrypt/live/turn.{{ domain }}/fullchain.pem"
  coturn_tls_certificate_key_file: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem"
  etebase_datadir: /mnt/etebasedata
  hedgedoc_uploadsdir: /mnt/hedgedocuploads
  lldap_datadir: /mnt/lldapdata
  mailserver_datadir: /mnt/mailserverdata
  mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"
  mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem"
  postgres_datadir: /mnt/postgresdata
  stump_configdir: /mnt/stump/config
  stump_datadir: /mnt/stump/data
  synapse_datadir: /mnt/synapsedata
  syncthing_datadir: "{{ cifs_mounts['syncthing']['path'] }}"
  uptime_kuma_datadir: /mnt/uptimekumadata
  vaultwarden_datadir: /mnt/vwdata


# Service-specific variables
synapse:
  max_upload_size: 50M
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`domain: viyurz.fr`
Add LLDAP. 2024-03-30 17:28:32 +01:00			`ldap_base_dn: dc=viyurz,dc=fr`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`timezone: "Europe/Paris"`
			`host_uid: 1000`
Replace docker_projects_dir by project_dir variable. 2024-03-30 11:58:59 +01:00			`project_dir: "{{ ansible_env['HOME'] }}/docker-projects/{{ role_name }}"`
Add {{ docker_host }} variable. 2024-03-30 11:32:39 +01:00			`docker_host: "unix:///run/user/{{ host_uid }}/docker.sock"`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00
			`# UID shift for mapping between host & containers`
			`uid_shift: 99999`


Add borg backup playbook/roles/tasks + Implement for Vaultwarden. 2024-02-22 19:09:43 +01:00			`# cifs_credentials is undefined when we run the backup playbook`
			`# as a cronjob, so set empty default value to prevent errors,`
			`# which is fine because we don't use it.`
			`cifs_host: "{{ cifs_credentials['username'] \| default('') }}.your-storagebox.de"`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00
			`cifs_mounts:`
			`backups:`
			`src: "//{{ cifs_host }}/backup/backups"`
			`path: /mnt/storagebox/backups`
			`uid: 0`
			`gid: "{{ host_uid }}"`
			`file_mode: 640`
			`dir_mode: 750`
			`storagebox:`
			`src: "//{{ cifs_host }}/backup"`
			`path: /mnt/storagebox`
			`uid: 0`
			`gid: 0`
			`file_mode: 640`
			`dir_mode: 751`
			`syncthing:`
			`src: "//{{ cifs_host }}/backup/syncthing"`
			`path: /mnt/storagebox/syncthing`
			`uid: "{{ users['syncthing'] + uid_shift }}"`
			`gid: "{{ users['syncthing'] + uid_shift }}"`
			`file_mode: 640`
			`dir_mode: 750`


			`projects:`
Add Authelia. 2024-03-31 18:26:05 +02:00			`- authelia`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`- coturn`
			`- element`
			`- etebase`
			`- hedgedoc`
			`- homepage`
Add LLDAP. 2024-03-30 17:28:32 +01:00			`- lldap`
Add Stalwart mailserver. 2024-03-16 13:49:47 +01:00			`- mailserver`
Rename role reverse-proxy to nginx + split configuration. 2024-04-01 10:27:06 +02:00			`- nginx`
Add postgres role/container. 2024-03-29 20:56:28 +01:00			`- postgres`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`- searxng`
Add Stump. 2024-04-20 12:48:37 +02:00			`- stump`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`- synapse`
			`- syncthing`
Add Uptime Kuma role. 2024-03-08 16:35:07 +01:00			`- uptime-kuma`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`- vaultwarden`


Add borg backup playbook/roles/tasks + Implement for Vaultwarden. 2024-02-22 19:09:43 +01:00			`projects_to_backup:`
Add Authelia. 2024-03-31 18:26:05 +02:00			`- authelia`
Add Etebase backup tasks. 2024-02-23 12:51:17 +01:00			`- etebase`
Add Hedgedoc backup tasks. 2024-03-05 11:15:10 +01:00			`- hedgedoc`
Add LLDAP. 2024-03-30 17:28:32 +01:00			`- lldap`
Add Stalwart mailserver. 2024-03-16 13:49:47 +01:00			`- mailserver`
Add postgres role/container. 2024-03-29 20:56:28 +01:00			`- postgres`
Add Stump. 2024-04-20 12:48:37 +02:00			`- stump`
Add Synapse backup tasks. 2024-02-23 12:17:32 +01:00			`- synapse`
Add Uptime Kuma role. 2024-03-08 16:35:07 +01:00			`- uptime-kuma`
Add borg backup playbook/roles/tasks + Implement for Vaultwarden. 2024-02-22 19:09:43 +01:00			`- vaultwarden`


			`borg_repodir: "{{ cifs_mounts['backups']['path'] }}/borg"`
			`borg_passphrase_file: /etc/borg-passphrase.txt`
			`borg_prune_options: \|`
			`--keep-within=1d`
			`--keep-daily=7`
			`--keep-weekly=4`
			`--keep-monthly=12`
			`--keep-yearly=10`


The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`# Ports exposed to host`
			`ports:`
Add Authelia. 2024-03-31 18:26:05 +02:00			`authelia: 9091`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`coturn_listening: 3478`
			`coturn_tls_listening: 5349`
			`coturn_relay_min: 49152`
			`coturn_relay_max: 49172`
			`element: 8084`
			`etebase: 3735`
			`hedgedoc: 8086`
			`homepage: 8082`
Add LLDAP. 2024-03-30 17:28:32 +01:00			`lldap: 17170`
Add Stalwart mailserver. 2024-03-16 13:49:47 +01:00			`mailserver_smtp: 1025`
			`mailserver_smtps: 1465`
			`mailserver_imaps: 1993`
			`mailserver_jmap: 1443`
Add postgres role/container. 2024-03-29 20:56:28 +01:00			`postgres: 5432`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`searxng: 8083`
Add Stump. 2024-04-20 12:48:37 +02:00			`stump: 10801`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`synapse: 8008`
			`syncthing_discosrv: 8443`
Syncthing: Add relaysrv with nftables forwarding to unprivileged port. 2024-02-19 11:03:16 +01:00			`# Public port, forwarded to 22067 by nftables`
			`syncthing_relaysrv: 143`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`syncthing_webui: 8384`
Syncthing: Change TCP port to 18880 from 5432. 2024-03-29 19:12:21 +01:00			`syncthing_tcp: 18880`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`syncthing_udp: 22000`
Add Uptime Kuma role. 2024-03-08 16:35:07 +01:00			`uptime_kuma: 3001`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`vaultwarden: 8081`
Add Stump. 2024-04-20 12:48:37 +02:00			`wireguard: 51820`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00

			`# UID in containers`
			`users:`
Add Authelia. 2024-03-31 18:26:05 +02:00			`authelia: 1008`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`coturn: 666`
			`etebase: 373`
			`hedgedoc: 1004`
Update homepage role for V2. 2024-02-25 19:15:58 +01:00			`homepage: 8686`
Add LLDAP. 2024-03-30 17:28:32 +01:00			`lldap: 1007`
Stalwart mail: Migrate to PostgreSQL & LLDAP. 2024-04-06 21:43:34 +02:00			`mailserver: 8 # Do not change`
Add postgres role/container. 2024-03-29 20:56:28 +01:00			`postgres: 70`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`searxng: 977`
			`searxng_redis: 999`
Add Stump. 2024-04-20 12:48:37 +02:00			`stump: 1005`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`synapse: 991`
			`syncthing: 1001`
			`syncthing_discosrv: 1002`
Syncthing: Add relaysrv with nftables forwarding to unprivileged port. 2024-02-19 11:03:16 +01:00			`syncthing_relaysrv: 1003`
Add Uptime Kuma role. 2024-03-08 16:35:07 +01:00			`uptime_kuma: 1006`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`vaultwarden: 1000`
Add Stump. 2024-04-20 12:48:37 +02:00			`wireguard: 1009`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00

			`volumes:`
			`coturn_tls_certificate_file: "/etc/letsencrypt/live/turn.{{ domain }}/fullchain.pem"`
			`coturn_tls_certificate_key_file: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem"`
			`etebase_datadir: /mnt/etebasedata`
Migrate Hedgedoc from MySQL to PostgreSQL. 2024-04-04 20:26:59 +02:00			`hedgedoc_uploadsdir: /mnt/hedgedocuploads`
Add LLDAP. 2024-03-30 17:28:32 +01:00			`lldap_datadir: /mnt/lldapdata`
Add Stalwart mailserver. 2024-03-16 13:49:47 +01:00			`mailserver_datadir: /mnt/mailserverdata`
			`mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"`
			`mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem"`
Add postgres role/container. 2024-03-29 20:56:28 +01:00			`postgres_datadir: /mnt/postgresdata`
Add Stump. 2024-04-20 12:48:37 +02:00			`stump_configdir: /mnt/stump/config`
			`stump_datadir: /mnt/stump/data`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`synapse_datadir: /mnt/synapsedata`
			`syncthing_datadir: "{{ cifs_mounts['syncthing']['path'] }}"`
Add Uptime Kuma role. 2024-03-08 16:35:07 +01:00			`uptime_kuma_datadir: /mnt/uptimekumadata`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`vaultwarden_datadir: /mnt/vwdata`


			`# Service-specific variables`
			`synapse:`
			`max_upload_size: 50M`