systemd_mounts: diskstation_git: share: diskstation.ducamps.win:/volume2/git mount: /mnt/diskstation/git type: nfs options: - " " automount: true diskstation_CardDav: share: diskstation.ducamps.win:/volume2/CardDav mount: /mnt/diskstation/CardDav type: nfs options: - " " automount: true backup_disk: share: /dev/sda1 mount: /mnt/backup type: ntfs-3g options: - uid=1024 - guid=100 - vers=3.0 automount: true diskstation_home: share: //diskstation.ducamps.win/homes/admin mount: /mnt/diskstation/home type: cifs options: - credentials=/etc/creds/.diskstation_credentials - uid=1024 - gid=100 - vers=3.0 automount: true diskstation_photo: share: //diskstation.ducamps.win/photo mount: /mnt/diskstation/photo type: cifs options: - credentials=/etc/creds/.diskstation_credentials - uid=1024 - gid=100 - vers=3.0 automount: true diskstation_music: share: //diskstation.ducamps.win/music mount: /mnt/diskstation/music type: cifs options: - credentials=/etc/creds/.diskstation_credentials - uid=1024 - gid=100 - vers=3.0 automount: true systemd_mounts_enabled: - diskstation_git - diskstation_music - backup_disk - diskstation_photo - diskstation_home - diskstation_CardDav credentials_files: 1: type: smb path: /etc/creds/.diskstation_credentials username: admin password: "{{ vault_default_password }}" syncthing_address: "0.0.0.0:8384" syncthing_gui_user: "{{user.name}}" syncthing_gui_password: $2a$10$nJZ8YN/1mB84Cbi79BKka.6SFMAKF.CBwyCNJDA9qUgXdkcuBilx2 notification_mail: "{{ user.mail }}" ssmtp_mailhub: smtp.{{ domain.name }}:587 ssmtp_hostname: "{{ domain.name }}" ssmtp_auth_user: "{{ user.mail }}" ssmtp_auth_pass: "{{ vault_default_password }}" rsynclocations: - name: backup nas location: /mnt/backup readonly: "no" rsynchostalloawed: 192.168.1.10 fail2ban_destmail: "{{ user.mail }}" fail2ban_sendmail: "{{ user.mail }}" Gandi_API_KEYS: "{{ vault_gandi_API_Keys }}" Gandi_Domain: "{{ domain.name }}" Gandi_Record: www certbot_auto_renew_user: root certbot_create_if_missing: true certbot_cert_name: "{{domain.name}}" certbot_certs: - email: "{{user.mail}}" domains: - www.{{domain.name}} - git.{{domain.name}} - supysonic.{{domain.name}} - syno.{{domain.name}} - file.{{domain.name}} nginx_vhosts: - listen: "80" server_name: "_" filename: "redirect80.conf" state: "present" template: "{{ nginx_vhost_template }}" extra_parameters: | return 301 https://$host; - listen: "443 ssl" server_name: "www.{{domain.name}}" root: "/usr/share/nginx/html/" error_page: "404 /404/404.html" filename: "default.conf" state: "present" template: "{{ nginx_vhost_template }}" extra_parameters: | include /etc/nginx/conf.d/{{domain.name}}.ssl; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } location / { rewrite ^/.well-known/carddav /radicale/$remote_user/carddav/ redirect; rewrite ^/.well-known/caldav /radicale/$remote_user/caldav/ redirect; index index.php index.html index.htm ; default_type text/html; } location =/ { rewrite ^ /starter; } location /radicale/ { # The trailing / is important! proxy_pass http://localhost:5232/; # The / is important! proxy_set_header X-Script-Name /radicale; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Authorization; } location ~ \.php$ { # try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_read_timeout 800; fastcgi_index index.php; include fastcgi_params; } include /etc/nginx/conf.d/*.default; - listen: "443 ssl" server_name: "git.{{domain.name}}" filename: "gitea.conf" state: "present" template: "{{ nginx_vhost_template }}" extra_parameters: | include /etc/nginx/conf.d/{{domain.name}}.ssl; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; proxy_pass http://localhost:3000; } - listen: "443 ssl" server_name: "syno.{{domain.name}}" filename: "syno.conf" state: "present" template: "{{ nginx_vhost_template }}" extra_parameters: | include /etc/nginx/conf.d/{{domain.name}}.ssl; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; proxy_pass http://192.168.1.10:5000; } - listen: "443 ssl" server_name: "supysonic.{{domain.name}}" filename: "supysonic.conf" state: "present" template: "{{ nginx_vhost_template }}" extra_parameters: | include /etc/nginx/conf.d/{{domain.name}}.ssl; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; proxy_pass http://localhost:8001; } - listen: "443 ssl" server_name: "file.{{domain.name}}" filename: "cloudcommander.conf" state: "present" template: "{{ nginx_vhost_template }}" extra_parameters: | include /etc/nginx/conf.d/{{domain.name}}.ssl; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; proxy_pass http://localhost:8000; } nginx_realIP_Proxy: 192.168.1.10/24 php_extention_enable: - iconv - mysqli - pdo_mysql - soap - intl mysql_root_password: "{{ vault_mysql_root }}" mysql_root_password_update: true # Users. mysql_users: - name: dump host: localhost password: "{{ vault_mysql_dump }}" priv: "*.*:SELECT,SHOW DATABASES,LOCK TABLES" ttrss_db_password: "{{ vault_mysql_ttrss }}" ttrss_log_destination: "" ttrss_SQl_target_file: /mnt/diskstation/git/backup/mysql/last/ttrss.sql bind_listen_ipv4: ['any'] bind_allow_query: ['any'] bind_zone_master_server_ip: 192.168.1.10 bind_zone_domains: - name: ducamps.win hostmaster_email: "vincent@ducamps.win" - name: 1.168.192.in-addr.arpa hostmaster_email: "vincent@ducamps.win" bind_forwarders: - '1.1.1.1' - '80.67.169.40' bind_recursion: true bind_allow_recursion: - "192.168.1.0/24" gitea_http_listen: 0.0.0.0 gitea_db_type: mysql gitea_db_host: localhost:3306 gitea_db_name: gitea gitea_db_user: gitea gitea_db_password: "{{ vault_mysql_gitea }}" gitea_ssh_domain: "{{ansible_hostname}}" gitea_start_ssh: false gitea_ssh_port: 22 gitea_SQl_target_file: /mnt/diskstation/git/backup/mysql/last/gitea.sql supysonic_db_password: "{{ vault_mysql_supysonic }}" supysonic_force_site_update: true docker_users: "{{user.name}}"