domain: viyurz.fr ldap_base_dn: dc=viyurz,dc=fr timezone: "Europe/Paris" host_uid: 1000 project_dir: "{{ ansible_env['HOME'] }}/docker-projects/{{ role_name }}" docker_host: "unix:///run/user/{{ host_uid }}/docker.sock" # UID shift for mapping between host & containers uid_shift: 99999 # cifs_credentials is undefined when we run the backup playbook # as a cronjob, so set empty default value to prevent errors, # which is fine because we don't use it. cifs_host: "{{ cifs_credentials['username'] | default('') }}.your-storagebox.de" cifs_mounts: backups: src: "//{{ cifs_host }}/backup/backups" path: /mnt/storagebox/backups uid: 0 gid: "{{ host_uid }}" file_mode: 640 dir_mode: 750 storagebox: src: "//{{ cifs_host }}/backup" path: /mnt/storagebox uid: 0 gid: 0 file_mode: 640 dir_mode: 751 syncthing: src: "//{{ cifs_host }}/backup/syncthing" path: /mnt/storagebox/syncthing uid: "{{ users['syncthing'] + uid_shift }}" gid: "{{ users['syncthing'] + uid_shift }}" file_mode: 640 dir_mode: 750 projects: - coturn - element - etebase - hedgedoc - homepage - lldap - mailserver - postgres - reverse-proxy - searxng - synapse - syncthing - uptime-kuma - vaultwarden projects_to_backup: - etebase - hedgedoc - lldap - mailserver - postgres - synapse - uptime-kuma - vaultwarden borg_repodir: "{{ cifs_mounts['backups']['path'] }}/borg" borg_passphrase_file: /etc/borg-passphrase.txt hedgedoc_mysql_root_password_file: "/etc/hedgedoc-mysql-root-password.txt" borg_prune_options: | --keep-within=1d --keep-daily=7 --keep-weekly=4 --keep-monthly=12 --keep-yearly=10 # Ports exposed to host ports: coturn_listening: 3478 coturn_tls_listening: 5349 coturn_relay_min: 49152 coturn_relay_max: 49172 element: 8084 etebase: 3735 hedgedoc: 8086 homepage: 8082 lldap: 17170 mailserver_smtp: 1025 mailserver_smtps: 1465 mailserver_imaps: 1993 mailserver_jmap: 1443 postgres: 5432 searxng: 8083 synapse: 8008 syncthing_discosrv: 8443 # Public port, forwarded to 22067 by nftables syncthing_relaysrv: 143 syncthing_webui: 8384 syncthing_tcp: 18880 syncthing_udp: 22000 uptime_kuma: 3001 vaultwarden: 8081 # UID in containers users: coturn: 666 etebase: 373 hedgedoc: 1004 hedgedoc_mysql: 1005 homepage: 8686 lldap: 1007 mailserver: 8 postgres: 70 searxng: 977 searxng_redis: 999 synapse: 991 synapse_postgres: 70 syncthing: 1001 syncthing_discosrv: 1002 syncthing_relaysrv: 1003 uptime_kuma: 1006 vaultwarden: 1000 volumes: coturn_tls_certificate_file: "/etc/letsencrypt/live/turn.{{ domain }}/fullchain.pem" coturn_tls_certificate_key_file: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem" etebase_datadir: /mnt/etebasedata hedgedoc_mysql_datadir: /mnt/hedgedoc/mysql-data hedgedoc_configdir: /mnt/hedgedoc/config lldap_datadir: /mnt/lldapdata mailserver_datadir: /mnt/mailserverdata mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem" mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem" postgres_datadir: /mnt/postgresdata synapse_datadir: /mnt/synapsedata synapse_postgres_datadir: /mnt/synapsepgdata syncthing_datadir: "{{ cifs_mounts['syncthing']['path'] }}" uptime_kuma_datadir: /mnt/uptimekumadata vaultwarden_datadir: /mnt/vwdata # Service-specific variables reverse_proxy: ssl_certificate_file: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem" ssl_certificate_key_file: "/etc/letsencrypt/live/{{ domain }}/privkey.pem" ssl_trusted_certificate_file: "/etc/letsencrypt/live/{{ domain }}/chain.pem" resolver: "185.12.64.12 [a01:4ff:ff00::add:2] [2a01:4ff:ff00::add:1]" synapse: max_upload_size: 50M