84 lines
3.3 KiB
YAML
84 lines
3.3 KiB
YAML
|
---
|
|||
|
|
# The home-server project produces a multi-purpose setup using Ansible.
|
|||
|
|
# Copyright © 2018–2023 Y. Gablin, under the GPL-3.0-or-later license.
|
|||
|
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
|||
|
|
env: prod
|
|||
|
|
|
|||
|
|
# Short personal nickname that will be mostly used as part of filenames under /etc.
|
|||
|
|
nickname: personal
|
|||
|
|
|
|||
|
|
# Hostname and IPv4 address of the DMZ.
|
|||
|
|
DMZ: dmz
|
|||
|
|
DMZ_IP: 192.168.1.254
|
|||
|
|
|
|||
|
|
# Hostname and IPv4 address of the back-end server (with all the data).
|
|||
|
|
SafeZone: home
|
|||
|
|
SafeZone_IP: 192.168.1.253
|
|||
|
|
|
|||
|
|
# Domain names that the certificate should cover.
|
|||
|
|
acme_domains: 'example.org muc.example.org pubsub.example.org ssh.example.org'
|
|||
|
|
|
|||
|
|
# Public key that Ansible will use to manage the server, and IP address of the controller PC.
|
|||
|
|
# The public key (`….pub` file) is generated as the result of running `ssh-keygen -t ed25519`.
|
|||
|
|
ansible_authorized_key: 'ssh-ed25519 AAAA0000bbbb1111CCCC2222dddd3333EEEE4444ffff5555GGGG6666hhhh7777IIII me@my-pc'
|
|||
|
|
ansible_master: 192.168.1.252
|
|||
|
|
|
|||
|
|
# The email address associated to root, for commits in the git repository that stores changes to /etc.
|
|||
|
|
git_contact_email: hostmaster@example.org
|
|||
|
|
|
|||
|
|
# Subdomain-name that will serve DNS packets for Iodine (DNS tunnel). Choose it short!
|
|||
|
|
iodine_domain: dt.example.org
|
|||
|
|
|
|||
|
|
# Additional ACL for LDAP.
|
|||
|
|
# This is typically used to give extra powers to users, for example regarding aliases management.
|
|||
|
|
ldap_extra_acl: |
|
|||
|
|
access to dn.subtree="ou=Aliases,dc=example,dc=org"
|
|||
|
|
by dn.base="uid=me,ou=Users,dc=example,dc=org" write
|
|||
|
|
by self read
|
|||
|
|
by * read
|
|||
|
|
|
|||
|
|
# Root of the LDAP directory. Usually the domain-name with commas instead of dots, and “dc=” in front of each level.
|
|||
|
|
ldap_root: dc=example,dc=org
|
|||
|
|
|
|||
|
|
# Non-system mail aliases (stored in LDAP, in contrast to system aliases, which are stored in /etc/mail/aliases).
|
|||
|
|
# Each entry in the list contains:
|
|||
|
|
# — alias: a unique mail alias, either new or with existing associated recipients;
|
|||
|
|
# — member: the login name of the user to add as a recipient for the alias.
|
|||
|
|
mail_alias_memberships: '[
|
|||
|
|
{"alias": "shop", "member": "you"},
|
|||
|
|
{"alias": "throwable", "member": "me"},
|
|||
|
|
{"alias": "family", "member": "me"},
|
|||
|
|
{"alias": "family", "member": "you"}
|
|||
|
|
]'
|
|||
|
|
|
|||
|
|
# DKIM selector to use (see http://yalis.fr/cms/index.php/post/2014/01/31/Why-buy-a-domain-name-Secure-mail%2E).
|
|||
|
|
# See the “dmz_exim” role for the storage of the private and public keys.
|
|||
|
|
mail_dkim_selector: home
|
|||
|
|
|
|||
|
|
# All local mail destinations, which include managed domains, as well as host names.
|
|||
|
|
mail_local_domains: 'home dmz localhost example.org *.example.org *.local'
|
|||
|
|
|
|||
|
|
# Motion monitored cameras
|
|||
|
|
motion_cameras: '[
|
|||
|
|
{
|
|||
|
|
"id": 1, "name": "street door",
|
|||
|
|
"url": "rtsp://user:password@street.example.org:554/videoMain",
|
|||
|
|
"width": 640, "height": 360,
|
|||
|
|
"mask_file": "example_mask_640_360.pgm",
|
|||
|
|
"framerate": 5
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"id": 2, "name": "garden door",
|
|||
|
|
"url": "rtsp://user:password@garden.example.org:554/videoMain",
|
|||
|
|
"width": 640, "height": 360,
|
|||
|
|
"mask_file": null,
|
|||
|
|
"framerate": 5
|
|||
|
|
}
|
|||
|
|
]'
|
|||
|
|
|
|||
|
|
# Start Of Authority: the root domain name configured on the server.
|
|||
|
|
net_soa: example.org
|
|||
|
|
|
|||
|
|
# Space-separated list of the XMPP accounts that are considered administrators of the XMPP service.
|
|||
|
|
xmpp_admins: 'me@example.org'
|