mirror of
https://github.com/fscotto/infra.git
synced 2026-05-30 15:39:58 +00:00
126 lines
2.6 KiB
YAML
126 lines
2.6 KiB
YAML
---
|
|
server_username: "{{ username }}"
|
|
server_user_group: "{{ server_username }}"
|
|
server_user_home: "/home/{{ server_username }}"
|
|
effective_username: "{{ server_username }}"
|
|
effective_user_group: "{{ server_user_group }}"
|
|
effective_user_home: "{{ server_user_home }}"
|
|
server_container_stack_dir: /opt/docker/server
|
|
ai_agents_enabled: false
|
|
|
|
profile_packages:
|
|
- avahi-daemon
|
|
- dmidecode
|
|
- dosfstools
|
|
- gh
|
|
- gnupg
|
|
- gpg-agent
|
|
- netcat-openbsd
|
|
- openssh-server
|
|
- parted
|
|
- pciutils
|
|
- pinentry-curses
|
|
- ranger
|
|
- rsync
|
|
|
|
server_dotfiles:
|
|
- src: .gnupg/gpg-agent.conf
|
|
dest: .gnupg/gpg-agent.conf
|
|
mode: "0600"
|
|
- src: .gitignore_global
|
|
dest: .gitignore_global
|
|
mode: "0644"
|
|
- src: .themes.gitignore
|
|
dest: .themes.gitignore
|
|
mode: "0644"
|
|
- src: duckdns/
|
|
dest: duckdns/
|
|
mode: preserve
|
|
|
|
server_templates:
|
|
- src: server/.gitconfig.j2
|
|
dest: .gitconfig
|
|
mode: "0644"
|
|
- src: server/docker-compose.yml.j2
|
|
dest: "{{ server_container_stack_dir }}/docker-compose.yml"
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
no_log: true
|
|
|
|
server_directories:
|
|
- path: "{{ server_user_home }}/.gnupg"
|
|
owner: "{{ server_username }}"
|
|
group: "{{ server_user_group }}"
|
|
mode: "0700"
|
|
- path: "{{ server_container_stack_dir }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
- path: /opt/navidrome/data
|
|
owner: "{{ server_username }}"
|
|
group: "{{ server_user_group }}"
|
|
mode: "0755"
|
|
- path: /opt/music
|
|
owner: "{{ server_username }}"
|
|
group: "{{ server_user_group }}"
|
|
mode: "0755"
|
|
- path: /opt/npm/data
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
- path: /opt/npm/letsencrypt
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
- path: /opt/postgres/data
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
- path: /opt/gitea/data
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
- path: /opt/syncthing/config
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
- path: /srv/syncthing
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
- path: /srv/syncthing/data
|
|
owner: "1000"
|
|
group: "1000"
|
|
mode: "0755"
|
|
- path: /srv/nextcloud
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
- path: /srv/nextcloud/data
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
|
|
server_ufw_rules:
|
|
- rule: allow
|
|
name: OpenSSH
|
|
- rule: allow
|
|
port: "22000"
|
|
proto: tcp
|
|
comment: Syncthing sync traffic
|
|
- rule: allow
|
|
port: "22000"
|
|
proto: udp
|
|
comment: Syncthing QUIC sync traffic
|
|
- rule: allow
|
|
port: "21027"
|
|
proto: udp
|
|
comment: Syncthing local discovery
|
|
|
|
server_sshd_settings:
|
|
PermitRootLogin: "no"
|
|
|
|
server_sshd_allow_users:
|
|
- "{{ server_username }}"
|