--- # ============================================================ # Linderhof Secrets # ============================================================ # Generated by setup.sh # Edit with: ansible-vault edit $LINDERHOF_DIR/group_vars/all/vault.yml # ============================================================ # hetzner hcloud_token: "$hcloud_token" # mail # passwords generated with: openssl rand -base64 32 mail_passwords: $admin_user@$domain: "$admin_mail_password" git@$domain: "$git_mail_password" notifications@$domain: "$notifications_mail_password" rspamd_web_password: "$rspamd_web_password" rainloop_admin_password: "$rainloop_admin_password" # forgejo # keys generated with: openssl rand -hex 32 forgejo_secret_key: "$forgejo_secret_key" forgejo_internal_token: "$forgejo_internal_token" forgejo_jwt_secret: "$forgejo_jwt_secret" forgejo_smtp_password: "$notifications_mail_password" # monitoring # password generated with: openssl rand -base64 32 grafana_admin_password: "$grafana_admin_password" # tuwunel # token generated with: openssl rand -base64 32 tuwunel_registration_token: "$tuwunel_registration_token" # goaccess # password generated with: openssl rand -base64 32 goaccess_password: "$goaccess_password" # diun (uses the notifications mail account) diun_email_password: "$notifications_mail_password" # restic # password generated with: openssl rand -base64 32 restic_password: "$restic_password" # fail2ban (optional — IPs/CIDRs to whitelist) # fail2ban_ignoreip: "your-home-ip/32" # DKIM public keys — one entry per domain # Retrieve after first mail deployment: # docker exec mailserver cat /tmp/docker-mailserver/rspamd/dkim/$domain/mail.pub # Format: "v=DKIM1; k=rsa; p=" dkim_keys: $domain: ""