forked from notthebee/ansible-easy-vpn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
inventory.yml
executable file
·93 lines (66 loc) · 2.39 KB
/
inventory.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# Please don't edit this file directly! It will be reset when you update the git repository
# Instead, put your variable customizations into custom.yml
all:
hosts:
localhost:
ansible_connection: local
vars:
username: notthebee
root_host: example.duckdns.org
enable_username_creation: yes
user_shell: /bin/bash
enable_passwordless_sudo: yes
# Whether or not you want to generate a public key pair for SSH auth
# The playbook will not generate a new pair if $HOME/.ssh/authorized_keys exists and isn't empty
enable_ssh_keygen: yes
# Uncomment this line if you already have a public SSH key and put your public key in it
# This overrides `enable_ssh_keygen`
# ssh_public_key: ""
authelia_host: "auth.{{ root_host }}"
wireguard_host: "wg.{{ root_host }}"
wireguard_port: "51820"
dns_nameservers:
- 1.1.1.1
- 1.0.0.1
# Language and time settings
# Check here for the list of possible locales
# https://docs.oracle.com/cd/E23824_01/html/E26033/glset.html
locale: en_US.UTF-8
timezone: Europe/Berlin
# Set the time at which the system should reboot after installing updates (24H format)
autoupdate_reboot_time: 03:00
docker_dir: "/opt/docker"
# You can set it to a different port in order to avoid automated scanner bots
ssh_port: 22
# Optional e-mail for notifications (unattended upgrades, banned IPs, etc.)
# Leave everything in place if you don't want any notifications
email_login: root@localhost
email: "{{ email_login }}"
email_recipient: "{{ email_login }}"
email_smtp_host: smtp.localhost.com
email_smtp_port: 465
# MSMTP
msmtp_accounts:
- account: mailbox
host: "{{ email_smtp_host }}"
port: "{{ email_smtp_port }}"
auth: "on"
from: "{{ email }}"
user: "{{ email_login }}"
password: "{{ email_password }}"
msmtp_default_account: "mailbox"
msmtp_alias_default: "{{ email }}"
# By default, only access via the SSH port and 51820/udp is allowed
# The rest of the ports are closed
enable_ufw: true
ufw_ports:
- port: "{{ wireguard_port }}"
proto: "udp"
- port: "80"
proto: "tcp"
- port: "443"
proto: "tcp"
- port: "{{ ssh_port }}"
proto: "tcp"
# Fail2Ban only comes with the SSH jail by default
enable_fail2ban: true