Ian Roddis
139 lines
4.4 KiB
YAML
139 lines
4.4 KiB
YAML
---
|
|
# =============================================================================
|
|
# SOVEREIGN DEPLOYMENT CONFIGURATION
|
|
# All variables for this deployment are defined here.
|
|
# =============================================================================
|
|
|
|
# Base domain - all services are subdomains of this
|
|
base_domain: "example.com"
|
|
|
|
# =============================================================================
|
|
# BRANDING
|
|
# Applied across all services that support custom branding.
|
|
# =============================================================================
|
|
|
|
# Display name shown in service UIs and email subjects
|
|
tenant_name: "Example Corp"
|
|
|
|
# Path to a logo image on the Ansible control machine (PNG or SVG recommended).
|
|
# Leave empty to use each service's default logo.
|
|
# Example: "files/logo.png"
|
|
tenant_logo_local_path: ""
|
|
|
|
# Primary brand colour (hex). Used for backgrounds, buttons, and highlights.
|
|
tenant_primary_color: "#2563eb"
|
|
|
|
# Accent / secondary colour (hex).
|
|
tenant_accent_color: "#1e40af"
|
|
|
|
# Base directory for all service data
|
|
sovereign_base_dir: /opt/sovereign
|
|
|
|
# Traefik
|
|
traefik_acme_email: "admin@{{ base_domain }}"
|
|
traefik_domain: "traefik.{{ base_domain }}"
|
|
traefik_dashboard_password: "changeme" # htpasswd hash
|
|
|
|
# Authentik
|
|
authentik_domain: "auth.{{ base_domain }}"
|
|
authentik_version: "2024.10.5"
|
|
authentik_secret_key: "change-me-to-a-50-char-random-string"
|
|
authentik_db_password: "changeme_authentik_db"
|
|
authentik_admin_email: "admin@{{ base_domain }}"
|
|
authentik_admin_password: "changeme_admin"
|
|
|
|
# Graylog
|
|
graylog_domain: "logs.{{ base_domain }}"
|
|
graylog_version: "6.0"
|
|
graylog_password_secret: "changeme_graylog_secret_min_16_chars" # min 16 chars
|
|
graylog_root_password_sha2: "changeme_sha256_of_password" # echo -n yourpassword | sha256sum
|
|
graylog_host: "127.0.0.1" # host IP reachable from containers
|
|
graylog_gelf_port: 12201
|
|
|
|
# Stalwart Mail
|
|
stalwart_domain: "mail.{{ base_domain }}"
|
|
stalwart_admin_password: "changeme_mail_admin"
|
|
stalwart_version: "latest"
|
|
|
|
# Roundcube
|
|
roundcube_domain: "webmail.{{ base_domain }}"
|
|
roundcube_version: "latest"
|
|
roundcube_db_password: "changeme_roundcube_db"
|
|
roundcube_des_key: "changeme_24_char_des_key____"
|
|
|
|
# Wazuh
|
|
wazuh_domain: "wazuh.{{ base_domain }}"
|
|
wazuh_version: "4.9.0"
|
|
wazuh_admin_password: "changeme_wazuh_admin"
|
|
wazuh_api_password: "changeme_wazuh_api"
|
|
|
|
# WireGuard / Headscale
|
|
wireguard_domain: "vpn.{{ base_domain }}"
|
|
headscale_domain: "headscale.{{ base_domain }}"
|
|
headscale_version: "0.23.0"
|
|
wireguard_port: 51820
|
|
headscale_noise_private_key: "" # generated on first run
|
|
|
|
# Matrix / Element
|
|
matrix_domain: "matrix.{{ base_domain }}"
|
|
element_domain: "chat.{{ base_domain }}"
|
|
matrix_version: "v1.118.0"
|
|
matrix_registration_secret: "changeme_registration_secret"
|
|
matrix_db_password: "changeme_matrix_db"
|
|
|
|
# Jitsi
|
|
jitsi_domain: "meet.{{ base_domain }}"
|
|
jitsi_version: "stable-9753"
|
|
jitsi_jicofo_auth_password: "changeme_jicofo"
|
|
jitsi_jvb_auth_password: "changeme_jvb"
|
|
jitsi_jibri_recorder_password: "changeme_jibri_recorder"
|
|
jitsi_jibri_xmpp_password: "changeme_jibri_xmpp"
|
|
jitsi_turn_secret: "changeme_turn"
|
|
|
|
# MinIO
|
|
minio_domain: "s3.{{ base_domain }}"
|
|
minio_console_domain: "minio.{{ base_domain }}"
|
|
minio_version: "latest"
|
|
minio_root_user: "minioadmin"
|
|
minio_root_password: "changeme_minio"
|
|
minio_nextcloud_bucket: "nextcloud"
|
|
minio_nextcloud_access_key: "nextcloud"
|
|
minio_nextcloud_secret_key: "changeme_nextcloud_s3"
|
|
|
|
# Nextcloud
|
|
nextcloud_domain: "cloud.{{ base_domain }}"
|
|
nextcloud_version: "29"
|
|
nextcloud_admin_user: "admin"
|
|
nextcloud_admin_password: "changeme_nextcloud"
|
|
nextcloud_db_password: "changeme_nextcloud_db"
|
|
nextcloud_db_root_password: "changeme_nextcloud_db_root"
|
|
|
|
# Vaultwarden
|
|
vaultwarden_domain: "vault.{{ base_domain }}"
|
|
vaultwarden_version: "latest"
|
|
vaultwarden_admin_token: "changeme_vaultwarden_admin_token"
|
|
vaultwarden_db_password: "changeme_vaultwarden_db"
|
|
|
|
# Forgejo
|
|
forgejo_domain: "git.{{ base_domain }}"
|
|
forgejo_version: "latest"
|
|
forgejo_db_password: "changeme_forgejo_db"
|
|
forgejo_secret_key: "changeme_forgejo_secret"
|
|
forgejo_internal_token: "changeme_forgejo_internal_token"
|
|
forgejo_lfs_jwt_secret: "changeme_forgejo_lfs_jwt"
|
|
forgejo_admin_user: "admin"
|
|
forgejo_admin_password: "changeme_forgejo_admin"
|
|
forgejo_admin_email: "admin@{{ base_domain }}"
|
|
forgejo_ssh_port: 2222
|
|
|
|
# Website
|
|
website_nginx_version: "alpine"
|
|
|
|
# SMTP (for services that send email)
|
|
smtp_host: "stalwart"
|
|
smtp_port: 587
|
|
smtp_from: "noreply@{{ base_domain }}"
|
|
smtp_user: "noreply@{{ base_domain }}"
|
|
smtp_password: "changeme_smtp"
|
|
smtp_tls: "starttls"
|