55 lines
1.7 KiB
Text
55 lines
1.7 KiB
Text
---
|
|
# ============================================================
|
|
# Linderhof Secrets
|
|
# ============================================================
|
|
# Generated by setup.sh
|
|
# Edit with: ansible-vault edit $LINDERHOF_DIR/group_vars/all/vault.yml
|
|
# ============================================================
|
|
|
|
# hetzner
|
|
hcloud_token: "$hcloud_token"
|
|
|
|
# mail
|
|
# passwords generated with: openssl rand -base64 32
|
|
mail_passwords:
|
|
$admin_user@$domain: "$admin_mail_password"
|
|
git@$domain: "$git_mail_password"
|
|
notifications@$domain: "$notifications_mail_password"
|
|
rspamd_web_password: "$rspamd_web_password"
|
|
rainloop_admin_password: "$rainloop_admin_password"
|
|
|
|
# forgejo
|
|
# keys generated with: openssl rand -hex 32
|
|
forgejo_secret_key: "$forgejo_secret_key"
|
|
forgejo_internal_token: "$forgejo_internal_token"
|
|
forgejo_jwt_secret: "$forgejo_jwt_secret"
|
|
forgejo_smtp_password: "$notifications_mail_password"
|
|
|
|
# monitoring
|
|
# password generated with: openssl rand -base64 32
|
|
grafana_admin_password: "$grafana_admin_password"
|
|
|
|
# tuwunel
|
|
# token generated with: openssl rand -base64 32
|
|
tuwunel_registration_token: "$tuwunel_registration_token"
|
|
|
|
# goaccess
|
|
# password generated with: openssl rand -base64 32
|
|
goaccess_password: "$goaccess_password"
|
|
|
|
# diun (uses the notifications mail account)
|
|
diun_email_password: "$notifications_mail_password"
|
|
|
|
# restic
|
|
# password generated with: openssl rand -base64 32
|
|
restic_password: "$restic_password"
|
|
|
|
# fail2ban (optional — IPs/CIDRs to whitelist)
|
|
# fail2ban_ignoreip: "your-home-ip/32"
|
|
|
|
# DKIM public keys — one entry per domain
|
|
# Retrieve after first mail deployment:
|
|
# docker exec mailserver cat /tmp/docker-mailserver/rspamd/dkim/$domain/mail.pub
|
|
# Format: "v=DKIM1; k=rsa; p=<base64 public key>"
|
|
dkim_keys:
|
|
$domain: ""
|