ISTI-ansible-roles
/
ansible-role-os-bootstrap
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ansible-role-os-bootstrap/defaults/main.yml

307 lines
7.5 KiB
YAML
Raw Blame History

---
# timezone
timezone: Europe/Rome
default_locale_lang: en_US.UTF-8
default_deb_locale_messages: C.UTF-8
default_el_locale_messages: en_US.UTF-8
locales_list:
- { name: "{{ default_locale_lang }}" }
- { name: en_US.UTF-8 }
- { name: en_US }
- { name: it_IT.UTF-8 }
- { name: it_IT }
domain_name: "{{ ansible_domain }}"
configure_grub_cmdline_parameters: false
grub_cmdline_additional_parameters: ""
sysctl_custom_file: /etc/sysctl.d/90-custom-values.conf
sysctl_opts_reload: true
sysctl_custom_file_state: present
explicitly_set_hostname: true
custom_etc_hosts_entries: ""
custom_etc_hosts_entries_adjunct: ""
# Only name and value are mandatory. The others have defaults
sysctl_custom_options: []
# - name: 'net.nf_conntrack_max'
# value: '32768'
# sysctlfile: '{{ sysctl_custom_file }}'
# sysctl_reload: '{{ sysctl_opts_reload }}'
# sysctlfile_state: '{{ sysctl_custom_file_state }}'
ubuntu_configure_additional_interfaces: false
ubuntu_configure_additional_int_dhcp_overrides: true
ubuntu_configure_additional_ints_list: []
disable_ipv6: false
ipv6_sysctl_value: 1
ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf
#
# Define the following variables to manage additional disks and mount points, even static nfs ones
additional_disks: false
disks_and_mountpoints_list: []
# - { mountpoint: '/data', device: 'xvda3', fstype: 'xfs', opts: 'noatime', state: 'mounted', create_filesystem: True }
swap_device: false
swap_device_name: /dev/vdxxxxx
ansible_python3_debs:
- python3-lxml
ansible_python3_el:
- python3-lxml
#
enable_env_proxy: false
env_proxy_http_host: localhost
env_proxy_http_port: "3128"
env_proxy_http_protocol: http
env_proxy_https_protocol: "{{ env_proxy_http_protocol }}"
env_proxy_http_url: "{{ env_proxy_http_protocol }}://{{ env_proxy_http_host }}:{{ env_proxy_http_port }}"
env_proxy_https_url: "{{ env_proxy_http_url }}"
env_proxy_protocols:
- http_proxy
- https_proxy
- ftp_proxy
- HTTP_PROXY
- HTTPS_PROXY
- FTP_PROXY
env_proxy_use_authentication: false
env_proxy_username: ""
env_proxy_password: ""
no_proxy_targets:
- ::1
- 127.0.0.1
- localhost
# A generic PKI directory where the local certificates will be stored
pki_dir: /etc/pki
pki_subdirs:
- certs
- keys
pki_install_a_custom_ca: false
self_signed_cert: "{{ pki_dir }}/selfsigned/cert"
self_signed_fullchain: "{{ pki_dir }}/selfsigned/fullchain"
self_signed_key: "{{ pki_dir }}/selfsigned/privkey"
self_signed_subject: /CN={{ ansible_fqdn }} self signed
mkcert_create_certificate: false
mkcert_cert_name: "{{ ansible_fqdn }}.pem"
mkcert_cert_dest_path: "{{ pki_dir }}/certs"
mkcert_cert_file_path: "{{ mkcert_cert_dest_path }}/{{ mkcert_cert_name }}"
mkcert_key_name: "{{ ansible_fqdn }}-key.pem"
mkcert_key_dest_path: "{{ pki_dir }}/keys"
mkcert_key_file_path: "{{ mkcert_key_dest_path }}/{{ mkcert_key_name }}"
mkcert_dsn_and_ip_list: "{{ ansible_fqdn }} {% for ip in ansible_all_ipv4_addresses %}{{ ip }} {% endfor %}"
mkcert_ca_host: localhost
trusted_ca_el_anchors_path: /etc/pki/ca-trust/source/anchors
trusted_ca_deb_path: /usr/local/share/ca-certificates
# it shoudn't be needed
trusted_ca_letsencrypt_install: false
trusted_ca_letsencrypt_ca_certificates_url: https://letsencrypt.org/certs
trusted_ca_letsencrypt_ca_files:
- { ca_src: isrgrootx1.pem, ca: isrgrootx1.crt, name: isrg-root-x1 }
- { ca_src: isrg-root-x2.pem, ca: isrg-root-x2.crt, name: isrg-root-x2-not-cross }
- { ca_src: 2024/e5.pem, ca: lets-encrypt-e5.crt, name: lets-encrypt-e5 }
- { ca_src: 2024/e6.pem, ca: lets-encrypt-e6.crt, name: lets-encrypt-e6 }
- { ca_src: 2024/r10.pem, ca: lets-encrypt-r10.crt, name: lets-encrypt-r10-not-cross }
- { ca_src: 2024/r11.pem, ca: lets-encrypt-r11.crt, name: lets-encrypt-r11-not-cross }
- { ca_src: 2024/e7.pem, ca: lets-encrypt-e7.crt, name: lets-encrypt-e7 }
- { ca_src: 2024/e7-cross.pem, ca: lets-encrypt-e7-cross.crt, name: lets-encrypt-e7-cross }
- { ca_src: 2024/e8.pem, ca: lets-encrypt-e8.crt, name: lets-encrypt-e8 }
- { ca_src: 2024/e8-cross.pem, ca: lets-encrypt-e8-cross.crt, name: lets-encrypt-e8-cross }
- { ca_src: 2024/r12.pem, ca: lets-encrypt-r12.crt, name: lets-encrypt-r12-not-cross }
- { ca_src: 2024/r13.pem, ca: lets-encrypt-r13.crt, name: lets-encrypt-r13-not-cross }
expired_ca_letsencrypt_ca_files:
- isrg-root-x2-cross-signed.pem
- lets-encrypt-r3-cross-signed.pem
- lets-encrypt-x3-cross-signed.pem
- letsencryptauthorityx3.pem
trusted_ca_additional_ca_files: []
# - { ca_url: 'https://example.com/foo-ca.pem', ca: 'foo-ca.pem', name: 'foo-ca' }
#
# External Repos (EL/RedHat)
#
centos_install_epel: true
centos_epel_repo_url: epel-release
centos_install_release_scl: false
rh_install_elrepo: false
rh_elrepo_repo_url: http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
#
# CentOS/EL Basic Setup
#
centos_pkg_state: latest
centos_set_dns_servers: false
dns1: 208.67.220.220
dns2: 208.67.222.222
configure_domain_name_in_interface: false
centos_packages_to_install:
- dstat
- lsof
- strace
- traceroute
- bind-utils
- yum-cron
- whois
- iotop
- policycoreutils-python-utils
- firewalld
- ipset
- psmisc
- tcpdump
- tuned
- bash-completion
- rsync
- bzip2
- wget
- curl
- unzip
centos_packages_from_epel:
- htop
- lbzip2
centos_packages_cleanup: true
centos_remove_avahi: false
centos_remove_networkmanager: false
centos_disable_avahi: true
centos_disable_networkmanager: false
centos_packages_to_remove:
- ppp
- wpa_supplicant
centos_nm_packages:
- NetworkManager-tui
- ModemManager-glib
- NetworkManager-glib
- NetworkManager
centos_avahi_packages:
- avahi
- avahi-libs
- avahi-autoipd
centos_services_to_be_disabled:
- acpid
centos_enable_locate: false
centos_locate_package:
- mlocate
centos_hw_packages:
- smartmontools
- system-storage-manager
centos_selinux_daemons_dump_core: false
selinux_policy_type: targeted
selinux_policy_state: enforcing
# selinux_booleans:
# - { name: '', state: '', persistent: 'yes' }
manage_root_ssh_keys: true
#
# Ubuntu/Debian General Setup
#
use_apt_proxy: false
apt_proxy_url: http://localhost:3128
dist_upgrade: false
pkg_state: present
common_packages:
- acl
- zile
- dstat
- iotop
- curl
- wget
- vim-tiny
- psmisc
- tcpdump
- lsof
- strace
- rsync
- multitail
- unzip
- htop
- tree
- bind9-host
- bash-completion
- sudo
- apt-transport-https
- nano
- xmlstarlet
- bsdutils
- less
# Set this variable in your playbook
# additional_packages:
# - pkg1
# - pkg2
# Unattended upgrades
unatt_allowed_origins:
- ${distro_id}:${distro_codename}-security
# unatt_blacklisted:
# - libc6
unatt_autofix: "true"
# When true, the procedure is really slow
unatt_minimalsteps: "false"
unatt_install_on_shutdown: "false"
# unatt_email: sysadmin@example.org
unatt_email_on_error: "false"
unatt_autoremove: "true"
unatt_autoreboot: "false"
unatt_autoreboot_time: now
#
# Package cleanup (Debian/Ubuntu)
#
cleanup_base_packages: true
base_packages_to_remove:
- ppp
- at
- snapd
cleanup_x_base_packages: false
x_base_packages_to_remove:
- firefox-locale-en
- x11-common
cleanup_nfs_packages: false
nfs_packages:
- nfs-common
- portmap
cleanup_rpcbind_packages: false
rpcbind_packages:
- rpcbind
cleanup_exim_email_server: true
exim_email_server_pkgs:
- exim4
- exim4-base
- exim4-config
- exim4-daemon-light
disable_apport_service: true
ubuntu_remove_lxd: true
ubuntu_lxd_pkgs:
- lxd
- lxcfs
disable_some_not_needed_services: false
services_to_be_disabled:
- rpcbind
- atd
- acpid
Reference in New Issue View Git Blame Copy Permalink