This repository has been archived by the owner on Oct 7, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
apnscp-internals.yml
124 lines (122 loc) · 5 KB
/
apnscp-internals.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
---
####################################
# Don't change below here #
####################################
DEV_TAG: ">>> DEVELOPMENT PLAY ONLY - REMOVE BEFORE FLIGHT <<<"
apnscp_release_repo: https://gitlab.com/apisnetworks/apnscp.git
apnscp_last_run_vars: /root/apnscp-vars-runtime.yml
apnscp_bootstrapper_log: /root/apnscp-bootstrapper.log
apnscp_user_defaults: /root/apnscp-vars.yml
# SRS - reformatting forwarded email
postsrsd_enabled: "{{ mail_enabled | bool }}"
# haproxy terminates SNI SSL for mail
haproxy_enabled: "{{ (mail_enabled | bool) and not (has_low_memory | bool) }}"
# Restrict last/lastlog usage
wtmp_limit_snooping: true
# Enable apnscp testing repo
apnscp_testing_repo: "{{ apnscp_debug }}"
# Location of apnscp
apnscp_root: /usr/local/apnscp
# Account root
apnscp_account_root: /home/virtual
# Location of FST
apnscp_filesystem_template: "{{ apnscp_account_root }}/FILESYSTEMTEMPLATE"
# Filelists provide additional resources for service installation
apnscp_filelists: "{{apnscp_root}}/storage/opcenter/filelists"
# Default apnscp user - not tested
apnscp_system_user: apnscp
# apnscp PHP version
apnscp_php_version: 7.2
# apnscp module API, ZTS is with event MPM. Must match apnscp_php_version build
apnscp_php_module_api: 20170718-zts
# Location of apnscp r/w shared path
apnscp_shared_root: /.socket
# apnscp repo + CA data
apnscp_ca_rpm: http://yum.apnscp.com/apnscp-latest.rpm
# Platform version. Changes internally with each new release
apnscp_platform_version: 7.5
# Any-version support. Set to true to implicitly enable all AV languages below
anyversion_enabled: '{{ passenger_enabled }}'
# By default this is tied to Passenger's presence
# Or individually toggle languages below. May break Passenger!
anyversion_python: '{{ anyversion_enabled }}'
anyversion_ruby: '{{ anyversion_enabled }}'
anyversion_node: '{{ anyversion_enabled }}'
anyversion_go: '{{ anyversion_enabled }}'
# apnscp fixes
nvm_version: master
pyenv_version: 1.2.4
pyenv_virtenv_version: 1.1.5
rbenv_version: 1.1.1
goenv_version: 1.14.0
# Default MySQL version
mariadb_version: 10.3
# Default PostgreSQL version
pgsql_version: 10
# Others may be installed via "rbenv install", this is used primarily for
# bootstrapping Passenger. system Ruby shipped with RHEL 7 (2.0) is too
# old and too broken to be of use
sys_ruby_version: "{{ (anyversion_ruby or passenger_enabled) | ternary('2.4.5','system') }}"
rbenv_usergems_version: ad2fd08
# 4.x kernel from EL. Newer technology, potentially less stable
prefer_experimental_kernel: false
# Enable remote FTP connections. FTP will always be enable for Wordpress
# to operate. If off, WebDAV, sftp, ssh (rsync), and git are the only
# means to manage files
ftp_enabled: yes
# Maximum PASV port when user_daemons disabled. Supports up to 10 concurrent transfers
pasv_max_port: 40010
# Enable outgoing filtering with rspamd - experimental
rspamd_enabled: "{{ spamfilter == 'rspamd' }}"
# Use SpamAssassin or rspamd for spam filtering. rspamd is experimental
spamassassin_enabled: '{{ (spamfilter == "spamassassin") and (mail_enabled | bool) }}'
# Enable installing MongoDB
mongodb_enabled: false
# apnscp is part of a multi-server environment
# requires extra configuration
# see https://github.com/apisnetworks/cp-proxy
data_center_mode: false
# Allow remote database connections
allow_remote_db: "{{ data_center_mode }}"
# Location for per-user mail
maildir_location: ~/Mail
# Perform an account creation validation at the end of this playbook
# Allows for consistency checks
apnscp_verify_account: true
# Run Bootstrapper after update (upcp --auto)
apnscp_update_bootstrapper: "{{ apnscp_nightly_update }}"
# apnscp hostname used for email/LE setup
# ${HOSTNAME} will use ansible_nodename or your system hostname
apnscp_hostname: "${HOSTNAME}"
# Enable SELinux
# true is absolutely guaranteed to break your system
# debug places selinux in permissive mode
# off disables selinux alltogether
#
# off is recommended - a reboot is required
# Only enable if you plan on helping out!
use_selinux: false
# Backwards compatibility
clamav_enable: "{{ clamav_enabled | default(true) }}"
# CI via Docker
dockerized: false
# Virus scanning group used by ClamAV
clamav_scan_group: virusgroup
# Change sshd port - note that ssh is monitored for
# brute-force and attackers blocked following
# fail2ban/configure-jails settings. Change at your own risk.
sshd_port: 22
# Maximum number of retries for components that may fail due
# to flaky network settings
network_max_retries: 3
compile_max_jobs: "{{ (not has_low_memory) | ternary(ansible_processor_vcpus + 1, 1) }}"
# Ansible lockfile
bootstrapper_acquire_lock: true
bootstrapper_lock_file: "{{ apnscp_root }}/storage/run/.ansible.lock"
bootstrapper_lock_max_wait: 900
# IPv4/6 family detection
has_ipv4: "{{ (ansible_all_ipv4_addresses | length) > 0 }}"
has_ipv6: "{{ (ansible_all_ipv6_addresses | length) > 0 }}"
# Robust nameservers
# Reference performance: https://www.dnsperf.com/#!dns-resolvers
dns_robust_nameservers: '{{ has_ipv4 | ternary(["1.0.0.1","1.1.1.1"], ["2606:4700:4700::1111","2606:4700:4700::1001"]) }}'