---
server_username: "{{ username }}"
server_user_group: "{{ server_username }}"
server_user_home: "/home/{{ server_username }}"
effective_username: "{{ server_username }}"
effective_user_group: "{{ server_user_group }}"
effective_user_home: "{{ server_user_home }}"
server_container_stack_dir: /opt/docker/server

profile_packages:
  - avahi-daemon
  - dmidecode
  - dosfstools
  - gh
  - netcat-openbsd
  - openssh-server
  - parted
  - pciutils
  - ranger
  - rsync

server_dotfiles:
  - src: .gitignore_global
    dest: .gitignore_global
    mode: "0644"
  - src: .themes.gitignore
    dest: .themes.gitignore
    mode: "0644"
  - src: duckdns/
    dest: duckdns/
    mode: preserve

server_templates:
  - src: server/.gitconfig.j2
    dest: .gitconfig
    mode: "0644"
  - src: server/docker-compose.yml.j2
    dest: "{{ server_container_stack_dir }}/docker-compose.yml"
    owner: root
    group: root
    mode: "0600"
    no_log: true

server_directories:
  - path: "{{ server_container_stack_dir }}"
    owner: root
    group: root
    mode: "0755"
  - path: /opt/navidrome/data
    owner: "{{ server_username }}"
    group: "{{ server_user_group }}"
    mode: "0755"
  - path: /opt/music
    owner: "{{ server_username }}"
    group: "{{ server_user_group }}"
    mode: "0755"
  - path: /opt/npm/data
    owner: root
    group: root
    mode: "0755"
  - path: /opt/npm/letsencrypt
    owner: root
    group: root
    mode: "0755"
  - path: /opt/postgres/data
    owner: root
    group: root
    mode: "0755"
  - path: /opt/gitea/data
    owner: root
    group: root
    mode: "0755"

server_ufw_rules:
  - rule: allow
    name: OpenSSH

server_sshd_settings:
  PermitRootLogin: "no"

server_sshd_allow_users:
  - "{{ server_username }}"