---
server_username: "{{ username }}"
server_user_group: "{{ server_username }}"
server_user_home: "/home/{{ server_username }}"
effective_username: "{{ server_username }}"
effective_user_group: "{{ server_user_group }}"
effective_user_home: "{{ server_user_home }}"
server_container_stack_dir: /opt/docker/server
ai_agents_enabled: false

profile_packages:
  - avahi-daemon
  - dmidecode
  - dosfstools
  - gh
  - gnupg
  - gpg-agent
  - netcat-openbsd
  - openssh-server
  - parted
  - pciutils
  - pinentry-curses
  - ranger
  - rsync

server_dotfiles:
  - src: .gnupg/gpg-agent.conf
    dest: .gnupg/gpg-agent.conf
    mode: "0600"
  - src: .gitignore_global
    dest: .gitignore_global
    mode: "0644"
  - src: .themes.gitignore
    dest: .themes.gitignore
    mode: "0644"
  - src: duckdns/
    dest: duckdns/
    mode: preserve

server_templates:
  - src: server/.gitconfig.j2
    dest: .gitconfig
    mode: "0644"
  - src: server/docker-compose.yml.j2
    dest: "{{ server_container_stack_dir }}/docker-compose.yml"
    owner: root
    group: root
    mode: "0600"
    no_log: true

server_directories:
  - path: "{{ server_user_home }}/.gnupg"
    owner: "{{ server_username }}"
    group: "{{ server_user_group }}"
    mode: "0700"
  - path: "{{ server_container_stack_dir }}"
    owner: root
    group: root
    mode: "0755"
  - path: /opt/navidrome/data
    owner: "{{ server_username }}"
    group: "{{ server_user_group }}"
    mode: "0755"
  - path: /opt/music
    owner: "{{ server_username }}"
    group: "{{ server_user_group }}"
    mode: "0755"
  - path: /opt/npm/data
    owner: root
    group: root
    mode: "0755"
  - path: /opt/npm/letsencrypt
    owner: root
    group: root
    mode: "0755"
  - path: /opt/postgres/data
    owner: root
    group: root
    mode: "0755"
  - path: /opt/gitea/data
    owner: root
    group: root
    mode: "0755"
  - path: /opt/syncthing/config
    owner: root
    group: root
    mode: "0755"
  - path: /srv/syncthing
    owner: root
    group: root
    mode: "0755"
  - path: /srv/syncthing/data
    owner: "1000"
    group: "1000"
    mode: "0755"
  - path: /srv/nextcloud
    owner: root
    group: root
    mode: "0755"
  - path: /srv/nextcloud/data
    owner: root
    group: root
    mode: "0755"

server_ufw_rules:
  - rule: allow
    name: OpenSSH
  - rule: allow
    port: "22000"
    proto: tcp
    comment: Syncthing sync traffic
  - rule: allow
    port: "22000"
    proto: udp
    comment: Syncthing QUIC sync traffic
  - rule: allow
    port: "21027"
    proto: udp
    comment: Syncthing local discovery

server_sshd_settings:
  PermitRootLogin: "no"

server_sshd_allow_users:
  - "{{ server_username }}"