Kris Lamoureux
d2473533d5
- Upgrade base OS from Debian 11 to Rocky Linux 9 - Configure 100GB XFS filesystem with auto-expansion - Replace Docker with rootless Podman for improved security - Add nginx reverse proxy for non-privileged port handling - Move the Traefik dashboard from port 8443 to 9443 - Configure SELinux contexts for container operations
72 lines
2.0 KiB
YAML
72 lines
2.0 KiB
YAML
###############
|
|
### Secrets ###
|
|
###############
|
|
# These are sample public passwords not encrypted in Ansible Vault, unlike production
|
|
secret:
|
|
TRAEFIK_DREAMHOST_APIKEY: DHap1pa55w0rd!
|
|
WORDPRESS_DB_PASSWORD: WPpa55w0rd!
|
|
NEXTCLOUD_MYSQL_PASSWORD: NCdbpa55w0rd!
|
|
NEXTCLOUD_ADMIN_PASSWORD: NCadm1npa55w0rd!
|
|
|
|
##############
|
|
### Common ###
|
|
##############
|
|
users:
|
|
oci:
|
|
uid: 2000
|
|
gid: 2000
|
|
home: true
|
|
ansible_temp: true
|
|
|
|
################
|
|
#### MariaDB ###
|
|
################
|
|
databases:
|
|
- name: wordpress
|
|
pass: "{{ secret.WORDPRESS_DB_PASSWORD }}"
|
|
- name: nextcloud
|
|
pass: "{{ secret.NEXTCLOUD_MYSQL_PASSWORD }}"
|
|
|
|
#######################
|
|
### Webserver Stack ###
|
|
#######################
|
|
webserver:
|
|
###############
|
|
### Traefik ###
|
|
###############
|
|
# TRAEFIK_VERSION: latest
|
|
# TRAEFIK_ROOT_DOMAIN: local.freeitathens.org
|
|
# TRAEFIK_DOMAIN: traefik.local.freeitathens.org
|
|
# TRAEFIK_DASHBOARD: true
|
|
# TRAEFIK_EXPOSED_DEFAULT: false
|
|
# TRAEFIK_WEB_ENABLED: true
|
|
TRAEFIK_DEBUG: true
|
|
TRAEFIK_ACME_PROVIDER: dreamhost
|
|
TRAEFIK_ACME_CASERVER: https://localhost/directory
|
|
TRAEFIK_ACME_EMAIL: admin@example.org
|
|
TRAEFIK_DREAMHOST_APIKEY: "{{ secret.TRAEFIK_DREAMHOST_APIKEY }}"
|
|
|
|
#################
|
|
### WordPress ###
|
|
#################
|
|
# WORDPRESS_VERSION: latest
|
|
# WORDPRESS_DOMAIN: www.local.freeitathens.org
|
|
# WORDPRESS_DB_HOST: host.docker.internal
|
|
# WORDPRESS_DB_NAME: wordpress
|
|
# WORDPRESS_DB_USER: wordpress
|
|
# WORDPRESS_WEB_ENABLED: true
|
|
WORDPRESS_DB_PASSWORD: "{{ secret.WORDPRESS_DB_PASSWORD }}"
|
|
|
|
#################
|
|
### Nextcloud ###
|
|
#################
|
|
# NEXTCLOUD_VERSION: stable
|
|
# NEXTCLOUD_DOMAIN: cloud.local.freeitathens.org
|
|
# NEXTCLOUD_MYSQL_HOST: host.docker.internal
|
|
# NEXTCLOUD_MYSQL_DATABASE: nextcloud
|
|
# NEXTCLOUD_MYSQL_USER: nextcloud
|
|
# NEXTCLOUD_WEB_ENABLED: true
|
|
# NEXTCLOUD_ADMIN: admin
|
|
NEXTCLOUD_ADMIN_PASSWORD: "{{ secret.NEXTCLOUD_ADMIN_PASSWORD }}"
|
|
NEXTCLOUD_MYSQL_PASSWORD: "{{ secret.NEXTCLOUD_MYSQL_PASSWORD }}"
|