91 lines
4.8 KiB
YAML
91 lines
4.8 KiB
YAML
---
|
|
|
|
# Controls the identifier for this MASH stack.
|
|
# This affects user/groups, systemd service names, container names, container networks, base installation path, etc.
|
|
mash_playbook_identifier: mash
|
|
|
|
mash_playbook_user_username: "{{ mash_playbook_identifier }}"
|
|
mash_playbook_user_groupname: "{{ mash_playbook_identifier }}"
|
|
|
|
mash_playbook_user_home: "{{ mash_playbook_base_path }}"
|
|
|
|
# By default, the playbook creates the user (`mash_playbook_user_username`)
|
|
# and group (`mash_playbook_user_groupname`) with a random id.
|
|
# To use a specific user/group id, override these variables.
|
|
mash_playbook_uid: ~
|
|
mash_playbook_gid: ~
|
|
|
|
# A secret used as a base, for generating various other secrets.
|
|
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
|
mash_playbook_generic_secret_key: ''
|
|
|
|
# Controls the prefix used for all service identifiers.
|
|
# This affects systemd service names, container names, container networks, etc.
|
|
mash_playbook_service_identifier_prefix: "{{ mash_playbook_identifier }}-"
|
|
|
|
# Controls the prefix of the base directory for all services.
|
|
# Example: `/mash/{PREFIX}traefik`.
|
|
# If `mash_playbook_identifier` is the default (mash), we intentionally use an empty prefix.
|
|
mash_playbook_service_base_directory_name_prefix: "{{ '' if mash_playbook_identifier == 'mash' else (mash_playbook_identifier + '-') }}"
|
|
|
|
# Controls the base path where all services will be installed
|
|
mash_playbook_base_path: "/{{ mash_playbook_identifier }}"
|
|
mash_playbook_base_path_mode: "750"
|
|
|
|
# The architecture that your server runs.
|
|
# Recognized values by us are 'amd64', 'arm32' and 'arm64'.
|
|
# Not all architectures support all services, so your experience (on non-amd64) may vary.
|
|
mash_playbook_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else ('arm64' if ansible_architecture == 'aarch64' else ('arm32' if ansible_architecture.startswith('armv') else '')) }}"
|
|
|
|
# Specifies the type of reverse-proxy used by the playbook.
|
|
#
|
|
# Changing this has an effect on whether a reverse-proxy is installed at all and what its type is,
|
|
# as well as how all other services are configured.
|
|
#
|
|
# Valid options and a description of their behavior:
|
|
#
|
|
# - `playbook-managed-traefik`
|
|
# - the playbook will run a managed Traefik instance (mash-traefik)
|
|
# - Traefik will do SSL termination, unless you disable it (e.g. `traefik_config_entrypoint_web_secure_enabled: false`)
|
|
# - if SSL termination is enabled (as it is by default), you need to populate: `traefik_config_certificatesResolvers_acme_email`
|
|
#
|
|
# - `other-traefik-container`
|
|
# - this playbook will not install Traefik
|
|
# - nevertheless, the playbook expects that you would install Traefik yourself via other means
|
|
# - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure entrypoints, etc.)
|
|
# - you need to set `mash_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network
|
|
#
|
|
# - `none`
|
|
# - no reverse-proxy will be installed
|
|
# - no port exposure will be done for any of the container services
|
|
# - it's up to you to expose the ports you want, etc.
|
|
mash_playbook_reverse_proxy_type: none
|
|
|
|
# Controls whether to install Docker or not
|
|
# Also see `devture_docker_sdk_for_python_installation_enabled`.
|
|
mash_playbook_docker_installation_enabled: false
|
|
|
|
mash_playbook_docker_installation_daemon_options: "{{ mash_playbook_docker_installation_daemon_options_auto | combine(mash_playbook_docker_installation_daemon_options_custom, recursive=True) }}"
|
|
|
|
mash_playbook_docker_installation_daemon_options_auto:
|
|
experimental: "{{ devture_systemd_docker_base_ipv6_enabled }}"
|
|
ip6tables: "{{ devture_systemd_docker_base_ipv6_enabled }}"
|
|
|
|
mash_playbook_docker_installation_daemon_options_custom: {}
|
|
|
|
# Controls whether to attach Traefik labels to services.
|
|
# This is separate from `traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
|
|
# yet still use Traefik installed in another way.
|
|
mash_playbook_traefik_labels_enabled: "{{ mash_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
|
|
|
|
# Controls the additional network that reverse-proxyable services will be connected to.
|
|
mash_playbook_reverse_proxyable_services_additional_network: "{{ traefik_container_network if traefik_enabled | default(false) else '' }}"
|
|
|
|
# Controls whether various services should expose metrics publicly.
|
|
# If Prometheus is operating on the same machine, exposing metrics publicly is not necessary.
|
|
mash_playbook_metrics_exposure_enabled: false
|
|
mash_playbook_metrics_exposure_hostname: ''
|
|
mash_playbook_metrics_exposure_path_prefix: /metrics
|
|
mash_playbook_metrics_exposure_http_basic_auth_enabled: false
|
|
# See https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
|
|
mash_playbook_metrics_exposure_http_basic_auth_users: ''
|