This repository has been archived by the owner on Oct 7, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathapnscp-vars.yml
153 lines (126 loc) · 6.96 KB
/
apnscp-vars.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
####################################################################################
# ██████╗ ███████╗ █████╗ ██████╗ ███╗ ███╗███████╗██╗
# ██╔══██╗██╔════╝██╔══██╗██╔══██╗████╗ ████║██╔════╝██║
# ██████╔╝█████╗ ███████║██║ ██║██╔████╔██║█████╗ ██║ (or be destroyed)
# ██╔══██╗██╔══╝ ██╔══██║██║ ██║██║╚██╔╝██║██╔══╝ ╚═╝
# ██║ ██║███████╗██║ ██║██████╔╝██║ ╚═╝ ██║███████╗██╗
# ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═════╝ ╚═╝ ╚═╝╚══════╝╚═╝
#####################################################################################
# This is part of the core apnscp configuration - it is updated with each new release
# To make changes, copy this file to /root prior to running this playbook:
#
# cp /usr/local/apnscp/resources/playbooks/apnscp-vars.yml /root
# cd /usr/local/apnscp/resources/playbooks && ansible-playbook bootstrap.yml
#
# Alternatively use cpcmd config_set apnscp.bootstrapper to change values here
# or override any Playbook default. See README.md
#
#####################################################################################
# Default PHP interpreter
# Automatically upgrade when new versions are available
# Provide a patch level, e.g. 7.2.4, to prevent automatic updates
system_php_version: 7.2
# Development build of apnscp, includes symbols in php and other risky behavior
apnscp_debug: false
# Email address of the owner of the server
# Used for Let's Encrypt registration, login notifications,
# and other events
# Note, it can be changed at a later date using
# apnscp/bin/cmd common_set_email [email protected]
apnscp_admin_email:
# Server hostname. Set this value to automatically
# configure hostname on install. A resolvable
# domain is necessary for post-install notice email.
# Hostname should be one level deeper than your domain e.g.
# domain is apnscp.com, system_hostname is paixhans.apnscp.com
system_hostname:
# Server/admin is miserly. Reduce service memory usage
# when possible. Not recommended. Not fully tested.
has_low_memory: false
# Filesystem template population can take several minutes to complete
# - auto detects if apnscp_filesystem_template exists and populates if not
# - yes populates all packages from apnscp/initialize-filesystem-template/vars/main.yml
# - no bypasses fst creation
populate_filesystem_template: auto
# apnscp update policy. Possible values:
# - edge: nightly updates off Gitlab - DEFAULT
# - minor: update patch levels (3.0.x)
# - major: update minor levels (3.x.x)
# - all: update all releases (x.x.x)
# - false: disable updates
apnscp_update_policy: major
# Automatic update policy with yum. Possible values:
# - default: yum upgrade (always update) - DEFAULT
# - security: yum --security upgrade
# - security-severity: yum --sec-severity=critical upgrade
# - minimal: yum --bugfix upgrade-minimal
# - minimal-security: yum --security upgrade-minimal
# - minimal-security-severity: yum --sec-severity=critical upgrade-minimal
# - false: disable
yum_update_policy: default
# Perform nightly panel updates? Panel may be updated manually with
# "upcp" or running build/upcp.sh. Panel follows apnscp_update_policy
# Setting apnscp_update_policy to false disables updates.
apnscp_nightly_update: true
# Default IPv4 address for apnscp to listen to. If undefined will
# use the first address that has external routing
#apnscp_ip4_address:
# Default hostnames to request SSL for.
# Additional SSL hostnames may be requested by running apnscp/register-ssl
ssl_hostnames: ["{{ ansible_nodename | regex_search('\\.') | ternary(ansible_nodename,None)}}"]
# Use the following password. Note, can be changed at a later date using
# apnscp/bin/cmd auth_change_password NEWPASSWORD
apnscp_admin_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
# Optional admin to user otherwise "admin"
# rspamd increases memory utilization by 75-100 MB
apnscp_admin_user: admin
# Spam filter engine, spamassassin or rspamd
spamfilter: spamassassin
# Disable direct control panel access
# Use the CLI (AddDomain, EditDomain, cpcmd) to access services
panel_headless: false
# Allow users to run daemons on their account
# Opens up 40000-49999/tcp + udp
user_daemons: true
# Reboot and resume playbook as needed
apnscp_bootstrapper_reboot: true
# Disable clamav if server memory is limited
# Frees 85 - 100 MB
clamav_enabled: "{{ not (has_low_memory | bool) | default(true) | ternary(true, false) }}"
# Enable sending mail by this server from authenticated third-party
# sources. Does not affect relaying mail that originates FROM this server
# but rather who can connect.
mail_enabled: true
# Use a global spamassassin database for bayesian storage.
spamassassin_global: true
# Enable Passenger - allows a dead simple system to run
# Node, Python, and Ruby applications with automatic restarts
passenger_enabled: "{{ not (has_low_memory | bool) }}"
# Place each account's InnoDB data files in a separate directory
# Loses performance benefits, increases overhead, but allows for storage tracking
# May potential cause cyclic segfault in MariaDB if
# a user goes over quota with InnoDB data
mysqld_per_account_innodb: "{{ data_center_mode }}"
# Horde is a different beast of dependencies and
# requires more care than other webmail options
enable_horde: "{{ mail_enabled | bool }}"
# Run the entire playbook once a month to verify platform integrity
# Results will be emailed to admin email on server
monthly_platform_check: true
# apnscp provides a watchdog service to reboot your server when all hope is lost
# Set this to a value CPU x process depth. On a 2 CPU system the system is deemed
# out to lunch if more than 50 processes are waiting for CPU acknowledgement.
# Reboots are often faster than recovering on virtualized platforms
# Set to None/False to disable this feature
watchdog_load_threshold: "{{ ansible_processor_count * 25 }}"
# Uncomment + set to forward all nightly cron messages from anacron to this address
# Leave as "{{ apnscp_admin_email }}" to use the appliance admin email
# anacron_address: "{{ apnscp_admin_email }}"
# Set the panel secret used to encrypt cookies
# In multi-server setups this should be overridden and consistent among all servers
# See also https://github.com/apisnetworks/cp-proxy
cookie_secret: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=48') }}"
# Update nameservers in /etc/resolv.conf with CloudFlare
# Helps during install when flakey nameservers can cause network timeouts
# Set dns_robust_nameservers to override CF defaults
use_robust_dns: false