Initial commit after Claude implementation
This commit is contained in:
Ian Roddis
@@ -0,0 +1,116 @@
|
||||
---
|
||||
# =============================================================================
|
||||
# SOVEREIGN DEPLOYMENT CONFIGURATION
|
||||
# All variables for this deployment are defined here.
|
||||
# =============================================================================
|
||||
|
||||
# Base domain - all services are subdomains of this
|
||||
base_domain: "example.com"
|
||||
|
||||
# Base directory for all service data
|
||||
sovereign_base_dir: /opt/sovereign
|
||||
|
||||
# Traefik
|
||||
traefik_acme_email: "admin@{{ base_domain }}"
|
||||
traefik_domain: "traefik.{{ base_domain }}"
|
||||
traefik_dashboard_password: "changeme" # htpasswd hash
|
||||
|
||||
# Authentik
|
||||
authentik_domain: "auth.{{ base_domain }}"
|
||||
authentik_version: "2024.10.5"
|
||||
authentik_secret_key: "change-me-to-a-50-char-random-string"
|
||||
authentik_db_password: "changeme_authentik_db"
|
||||
authentik_admin_email: "admin@{{ base_domain }}"
|
||||
authentik_admin_password: "changeme_admin"
|
||||
|
||||
# Graylog
|
||||
graylog_domain: "logs.{{ base_domain }}"
|
||||
graylog_version: "6.0"
|
||||
graylog_password_secret: "changeme_graylog_secret_min_16_chars" # min 16 chars
|
||||
graylog_root_password_sha2: "changeme_sha256_of_password" # echo -n yourpassword | sha256sum
|
||||
graylog_host: "127.0.0.1" # host IP reachable from containers
|
||||
graylog_gelf_port: 12201
|
||||
|
||||
# Stalwart Mail
|
||||
stalwart_domain: "mail.{{ base_domain }}"
|
||||
stalwart_admin_password: "changeme_mail_admin"
|
||||
stalwart_version: "latest"
|
||||
|
||||
# Roundcube
|
||||
roundcube_domain: "webmail.{{ base_domain }}"
|
||||
roundcube_version: "latest"
|
||||
roundcube_db_password: "changeme_roundcube_db"
|
||||
roundcube_des_key: "changeme_24_char_des_key____"
|
||||
|
||||
# Wazuh
|
||||
wazuh_domain: "wazuh.{{ base_domain }}"
|
||||
wazuh_version: "4.9.0"
|
||||
wazuh_admin_password: "changeme_wazuh_admin"
|
||||
wazuh_api_password: "changeme_wazuh_api"
|
||||
|
||||
# WireGuard / Headscale
|
||||
wireguard_domain: "vpn.{{ base_domain }}"
|
||||
headscale_domain: "headscale.{{ base_domain }}"
|
||||
headscale_version: "0.23.0"
|
||||
wireguard_port: 51820
|
||||
headscale_noise_private_key: "" # generated on first run
|
||||
|
||||
# Matrix / Element
|
||||
matrix_domain: "matrix.{{ base_domain }}"
|
||||
element_domain: "chat.{{ base_domain }}"
|
||||
matrix_version: "v1.118.0"
|
||||
matrix_registration_secret: "changeme_registration_secret"
|
||||
matrix_db_password: "changeme_matrix_db"
|
||||
|
||||
# Jitsi
|
||||
jitsi_domain: "meet.{{ base_domain }}"
|
||||
jitsi_version: "stable-9753"
|
||||
jitsi_jicofo_auth_password: "changeme_jicofo"
|
||||
jitsi_jvb_auth_password: "changeme_jvb"
|
||||
jitsi_jibri_recorder_password: "changeme_jibri_recorder"
|
||||
jitsi_jibri_xmpp_password: "changeme_jibri_xmpp"
|
||||
jitsi_turn_secret: "changeme_turn"
|
||||
|
||||
# MinIO
|
||||
minio_domain: "s3.{{ base_domain }}"
|
||||
minio_console_domain: "minio.{{ base_domain }}"
|
||||
minio_version: "latest"
|
||||
minio_root_user: "minioadmin"
|
||||
minio_root_password: "changeme_minio"
|
||||
minio_nextcloud_bucket: "nextcloud"
|
||||
minio_nextcloud_access_key: "nextcloud"
|
||||
minio_nextcloud_secret_key: "changeme_nextcloud_s3"
|
||||
|
||||
# Nextcloud
|
||||
nextcloud_domain: "cloud.{{ base_domain }}"
|
||||
nextcloud_version: "29"
|
||||
nextcloud_admin_user: "admin"
|
||||
nextcloud_admin_password: "changeme_nextcloud"
|
||||
nextcloud_db_password: "changeme_nextcloud_db"
|
||||
nextcloud_db_root_password: "changeme_nextcloud_db_root"
|
||||
|
||||
# Vaultwarden
|
||||
vaultwarden_domain: "vault.{{ base_domain }}"
|
||||
vaultwarden_version: "latest"
|
||||
vaultwarden_admin_token: "changeme_vaultwarden_admin_token"
|
||||
vaultwarden_db_password: "changeme_vaultwarden_db"
|
||||
|
||||
# Forgejo
|
||||
forgejo_domain: "git.{{ base_domain }}"
|
||||
forgejo_version: "latest"
|
||||
forgejo_db_password: "changeme_forgejo_db"
|
||||
forgejo_secret_key: "changeme_forgejo_secret"
|
||||
forgejo_internal_token: "changeme_forgejo_internal_token"
|
||||
forgejo_lfs_jwt_secret: "changeme_forgejo_lfs_jwt"
|
||||
forgejo_admin_user: "admin"
|
||||
forgejo_admin_password: "changeme_forgejo_admin"
|
||||
forgejo_admin_email: "admin@{{ base_domain }}"
|
||||
forgejo_ssh_port: 2222
|
||||
|
||||
# SMTP (for services that send email)
|
||||
smtp_host: "stalwart"
|
||||
smtp_port: 587
|
||||
smtp_from: "noreply@{{ base_domain }}"
|
||||
smtp_user: "noreply@{{ base_domain }}"
|
||||
smtp_password: "changeme_smtp"
|
||||
smtp_tls: "starttls"
|
||||
@@ -0,0 +1,6 @@
|
||||
all:
|
||||
hosts:
|
||||
sovereign:
|
||||
ansible_host: "{{ lookup('env', 'SOVEREIGN_HOST') | default('your-server-ip') }}"
|
||||
ansible_user: "{{ lookup('env', 'SOVEREIGN_USER') | default('ubuntu') }}"
|
||||
ansible_ssh_private_key_file: "{{ lookup('env', 'SOVEREIGN_SSH_KEY') | default('~/.ssh/id_rsa') }}"
|
||||
Reference in New Issue
Block a user