--- # Controls the identifier for this MASH stack. # This affects user/groups, systemd service names, container names, container networks, base installation path, etc. mash_playbook_identifier: mash mash_playbook_user_username: "{{ mash_playbook_identifier }}" mash_playbook_user_groupname: "{{ mash_playbook_identifier }}" mash_playbook_user_home: "{{ mash_playbook_base_path }}" # By default, the playbook creates the user (`mash_playbook_user_username`) # and group (`mash_playbook_user_groupname`) with a random id. # To use a specific user/group id, override these variables. mash_playbook_uid: ~ mash_playbook_gid: ~ # A secret used as a base, for generating various other secrets. # You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). mash_playbook_generic_secret_key: '' # Controls the prefix used for all service identifiers. # This affects systemd service names, container names, container networks, etc. mash_playbook_service_identifier_prefix: "{{ mash_playbook_identifier }}-" # Controls the prefix of the base directory for all services. # Example: `/mash/{PREFIX}traefik`. # If `mash_playbook_identifier` is the default (mash), we intentionally use an empty prefix. mash_playbook_service_base_directory_name_prefix: "{{ '' if mash_playbook_identifier == 'mash' else (mash_playbook_identifier + '-') }}" # Controls the base path where all services will be installed mash_playbook_base_path: "/{{ mash_playbook_identifier }}" mash_playbook_base_path_mode: "750" # The architecture that your server runs. # Recognized values by us are 'amd64', 'arm32' and 'arm64'. # Not all architectures support all services, so your experience (on non-amd64) may vary. mash_playbook_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else ('arm64' if ansible_architecture == 'aarch64' else ('arm32' if ansible_architecture.startswith('armv') else '')) }}" # Specifies the type of reverse-proxy used by the playbook. # # Changing this has an effect on whether a reverse-proxy is installed at all and what its type is, # as well as how all other services are configured. # # Valid options and a description of their behavior: # # - `playbook-managed-traefik` # - the playbook will run a managed Traefik instance (mash-traefik) # - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`) # - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email` # # - `other-traefik-container` # - this playbook will not install Traefik # - nevertheless, the playbook expects that you would install Traefik yourself via other means # - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure entrypoints, etc.) # - you need to set `mash_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network # # - `none` # - no reverse-proxy will be installed # - no port exposure will be done for any of the container services # - it's up to you to expose the ports you want, etc. mash_playbook_reverse_proxy_type: playbook-managed-traefik # Controls whether to install Docker or not # Also see `devture_docker_sdk_for_python_installation_enabled`. mash_playbook_docker_installation_enabled: true # Controls whether to attach Traefik labels to services. # This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook, # yet still use Traefik installed in another way. mash_playbook_traefik_labels_enabled: "{{ mash_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" # Controls the additional network that reverse-proxyable services will be connected to. mash_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled else '' }}"