66 lines
2.9 KiB
YAML
66 lines
2.9 KiB
YAML
|
---
|
||
|
|
# @var authorized_key_file: authorized_keys # The default authorized_keys file used for SSH.
|
||
|
|
authorized_key_file: authorized_keys
|
||
|
|
|
||
|
|
# @var certbot_admin_email: admin@example.com # The e-mail you would like associated with free Let's Encrypt SSL certificates.
|
||
|
|
certbot_admin_email: '{{ admin_email }}'
|
||
|
|
|
||
|
|
# @var certbot_certs: [] # An array of Let's Encrypt SSL request settings.
|
||
|
|
certbot_certs: []
|
||
|
|
# @example #
|
||
|
|
# # In this example, every host that has the `certbot_certs` settings below will request wildcard domain certificates
|
||
|
|
# # for all of the domains listed under `domains`. Let's Encrypt has rate-limits so make sure you do not provision
|
||
|
|
# # a large number of hosts that are all requesting the same certificate over and over again. We used to do this but
|
||
|
|
# # have moved towards implementing the SSL certificates on the firewall and then using HAProxy to send requests to their
|
||
|
|
# # final destination over a ZeroTier connection over the LAN. This way, we mimic end-to-end encryption and only have one
|
||
|
|
# # machine handling SSL certificates.
|
||
|
|
# certbot_certs:
|
||
|
|
# - email: '{{ cloudflare_email }}'
|
||
|
|
# domains:
|
||
|
|
# - '*.megabyte.space'
|
||
|
|
# - '*.home.megabyte.space'
|
||
|
|
# - '*.lab.megabyte.space'
|
||
|
|
# @end
|
||
|
|
|
||
|
|
# @var dns_provider: 1.1.1.1#cloudflare-dns.com # Default DNS-over-TLS address.
|
||
|
|
dns_provider: 10.0.0.1#pfsense.lab.megabyte.space
|
||
|
|
|
||
|
|
# @var dns_fallback_provider: 1.0.0.1#cloudflare-dns.com # Fallback DNS-over-TLS address.
|
||
|
|
dns_fallback_provider: 10.0.0.1#pfsense.lab.megabyte.space
|
||
|
|
|
||
|
|
# @var docker_users: [] # Array of users that should be able to access Docker with elevated permissions (e.g. sudo).
|
||
|
|
docker_users:
|
||
|
|
- "{{ ansible_user | default(lookup('env', 'USER')) }}"
|
||
|
|
|
||
|
|
_netdata_rooms:
|
||
|
|
do: 0f7a2d28-77c0-4eb1-970b-22405a3886f7
|
||
|
|
general: fb8e46ae-4354-454a-b676-46cda89c2e9b
|
||
|
|
james: 495e99ef-60b4-43a4-bb60-4e05accf58a2
|
||
|
|
|
||
|
|
# @var netdata_rooms: {} # A mapping of VLAN IDs that correlate to [netdata](https://www.netdata.cloud/) rooms.
|
||
|
|
netdata_rooms:
|
||
|
|
cloud: '{{ _netdata_rooms.do }}'
|
||
|
|
guest: '{{ _netdata_rooms.james }}'
|
||
|
|
iot: '{{ _netdata_rooms.james }}'
|
||
|
|
kubernetes: '{{ _netdata_rooms.james }}'
|
||
|
|
management: '{{ _netdata_rooms.james }}'
|
||
|
|
offline: '{{ _netdata_rooms.james }}'
|
||
|
|
unifi: '{{ _netdata_rooms.james }}'
|
||
|
|
work: '{{ _netdata_rooms.james }}'
|
||
|
|
|
||
|
|
# @var security_autoupdate_mail_to: emailAddressString # The e-mail to notify when there is an issue with autoupdates.
|
||
|
|
security_autoupdate_mail_to: '{{ admin_email }}'
|
||
|
|
|
||
|
|
# @var ssh_global_keys: [] # List of SSH keys to include from `files/ssh/` as IdentityFiles (for all hosts)
|
||
|
|
ssh_global_keys:
|
||
|
|
- id_ed25519_sk_yubi_nano
|
||
|
|
- id_ed25519_sk_yubi_nanoc_blue
|
||
|
|
- id_ed25519_sk_yubi_nfc_red
|
||
|
|
- id_ed25519_sk_yubi_nfc_yellow
|
||
|
|
- id_ed25519_sk_yubi_nano_auto_nopass_13147527
|
||
|
|
- id_ed25519_sk_yubi_nano_auto_nopass_13191326
|
||
|
|
- id_ed25519_sk_yubi_nano_auto_nopass_13196452
|
||
|
|
- id_ed25519_sk_yubi_nano_auto_pass_13147527
|
||
|
|
- id_ed25519_sk_yubi_nano_auto_pass_13191326
|
||
|
|
- id_ed25519_sk_yubi_nano_auto_pass_13196452
|