Automated solution for hosting email, web, DNS, XMPP, Git, and ZNC on OpenBSD.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

vars-sample.yml 5.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110
  1. # Copy this file to vars.yml and make your changes. READ EACH OPTION CAREFULLY!
  2. # :-)
  3. ---
  4. # ===== REQUIRED VARIABLES =====
  5. hostname: puffy # the hostname of this machine
  6. domain: example.com # your domain name
  7. provision_username: admin # username for the local user that will run ansible. account must already
  8. # exist as a normal account in /etc/passwd and be a member of the wheel group.
  9. # This will also be your backdoor account in case ldap goes down.
  10. username: your_username # username of your "real" account that you will use once everything is set up.
  11. # This account will not exist until you create it with `dankctl useradd`.
  12. ssh_keys: # ssh keys for the provision account. you MUST add an SSH key for yourself here
  13. # or you will be locked out!
  14. - ssh-ed25519 AAAAasdf....
  15. interface: vio0 # name of your primary network interface
  16. ip: 203.0.113.41 # IPv4 address of this server
  17. ip6: 2001:db8::2 # IPv6 address of this server
  18. netmask: 255.255.255.0 # netmask (given to you by your hosting provider)
  19. gateway: 203.0.113.1 # default gateway (given to you by your hosting provider)
  20. nameservers: # upstream DNS servers (given to you by your hosting provider)
  21. - 8.8.8.8 # (but any public DNS servers will work)
  22. - 8.8.4.4
  23. timezone: America/New_York # your timezone
  24. secondary_nameservers: # IP addresses of your slave nameservers (where to send NOTIFYs and zone XFERs)
  25. - 203.0.113.200 # This information should be given to you by your secondary DNS provider.
  26. - 203.0.113.201 # I recommend DNS Made Easy (https://dnsmadeeasy.com/)
  27. - 203.0.113.202
  28. public_nameservers: # IPv4 addresses of your secondary DNS provider's PUBLIC nameservers.
  29. - 203.0.113.210 # AKA where clients on the WWW should query for your domain. This
  30. - 203.0.113.211 # assumes a "hidden master" configuration. Not necessarily the same
  31. - 203.0.113.212 # addresses as above.
  32. public_nameservers_ip6: # IPv6 addresses of your secondary DNS provider's PUBLIC nameservers.
  33. - 2001:db8::10 # Same as above, but for AAAA records.
  34. - 2001:db8::11
  35. - 2001:db8::12
  36. ntp_servers: # Upstream NTP servers
  37. - 0.us.pool.ntp.org # Your hosting provider may provide closer NTP servers in their datacenter.
  38. - 1.us.pool.ntp.org # Otherwise, these are fine if you are in the USA.
  39. - 2.us.pool.ntp.org
  40. - 3.us.pool.ntp.org
  41. sshd_port: 11522 # SSH port. Don't choose 22 unless you like being hammered 24/7 by botnets!
  42. ldap_rootpw: changeme # The default is changeme. You may want to put this in an ansible vault. It
  43. # will be converted to a blowfish hash in ldapd.conf.
  44. davical_adminpw: changeme # This is the default password for the "admin" caldav user. You should change
  45. # it in the web interface when you log in for the first time.
  46. # ===== OPTIONAL VARIABLES =====
  47. private_interface: vio1 # If your hosting provider provides a private network, you can set it here.
  48. private_ip: 10.0.0.10
  49. private_netmask: 255.255.240.0
  50. private_mtu: 1450
  51. private_cidr: 10.0.0.0/20
  52. ldap_admins: # By default, only your LDAP username is given R/W access to the LDAP tree.
  53. - bob # List any additional usernames here to give them write access to LDAP.
  54. - alice # Be careful! By modifying their own group these users could easily get root.
  55. ssh_users: # By default, only the provision account is added to the ssh group. List any
  56. - bob # additional user accounts here to grant them SSH access. The accounts
  57. - alice # must already exist.
  58. spamd_whitelist: # Mail from any IP or CIDR block listed here will never sent to spamd.
  59. - 203.0.113.0/24
  60. a_records: # Any additional subdomains defined here will be added as A/AAAA records to
  61. dankhost1: # your zonefile.
  62. ip: 203.0.113.240
  63. ip6: 2001:db8::40
  64. dankhost2:
  65. ip: 203.0.113.241
  66. ip6: 2001:db8::41
  67. srv_records: # Define any additional SRV records for DNS here.
  68. - { service: matrix, port: 8448, proto: tcp, host: matrix }
  69. open_ports: # By default, thie firewall blocks all inbound traffic except for the services
  70. - 6000 # managed by this playbook. List any additional TCP ports here that you'd like
  71. - 6001 # opened to the internet.
  72. - 6002
  73. open_udp_ports: # same thing, but for UDP
  74. - 7000
  75. etc_hosts: # put any entries for /etc/hosts here.
  76. intranet_host: 10.0.0.10
  77. # Add any mail aliases here. The default example forwards all mail addressed to
  78. # administrator@exmaple.com to your mailbox.
  79. # All mail for 'root' is forwarded to you by default.
  80. mail_aliases:
  81. administrator: '{{ username }}'
  82. # ===== OTHER OPTIONS =====
  83. # For an exhaustive list of options you can override, run the following command:
  84. #
  85. # $ cat roles/*/defaults/*