---
###############################################################################
# DO NOT EDIT. Set your variables in `vars/user.yml` instead.
# This is a reference of all the variables.
###############################################################################

# # common
common_timezone: 'Etc/UTC'
# domain: (required)
# main_user_name: (required)
admin_email: "{{ main_user_name }}@{{ domain }}"
main_user_shell: "/bin/bash"
# encfs_password: (required)
friendly_networks:
  - ""

# ssh
kex_algorithms: "diffie-hellman-group-exchange-sha256"
ciphers: "aes256-ctr,aes192-ctr,aes128-ctr"
macs: "hmac-sha2-512,hmac-sha2-256,hmac-ripemd160"

# ntp
ntp_servers:
  # use nearby ntp servers by default
  - 0.pool.ntp.org
  - 1.pool.ntp.org
  - 2.pool.ntp.org
  - 3.pool.ntp.org
  # use servers tailored to the server location
  # See http://www.pool.ntp.org/en/use.html
  # - 0.north-america.pool.ntp.org
  # - 1.north-america.pool.ntp.org
  # - 2.north-america.pool.ntp.org
  # - 3.north-america.pool.ntp.org

# collectd
collectd_version: 5.4.1
collectd_librato_version: 0.0.10
collectd_librato_email: "" # (optional)
collectd_librato_api_token: "" # (optional)

# google authenticator
google_auth_version: 1.0

# database
db_admin_username: 'postgres'
# db_admin_password: (required)

# ircbouncer
znc_version: 1.4
# irc_nick: (required)
# irc_ident: (required)
# irc_realname: (required)
# irc_quitmsg: (required)
# irc_password_hash: (required)
# irc_password_salt: (required)

# mailserver
mail_server_hostname: "mail.{{ domain }}"
mail_server_autoconfig_hostname: "autoconfig.{{ domain }}"
mail_db_username: mailuser
# mail_db_password: (required)
mail_db_database: mailserver
# mail_virtual_domains: (required)
# mail_virtual_users: (required)
# mail_virtual_aliases: (required)
mail_db_opendmarc_username: opendmarc
# mail_db_opendmarc_password: (required)
mail_db_opendmarc_database: opendmarc

# z-push
zpush_version: 2.1.1-1788

# owncloud
owncloud_domain: "cloud.{{ domain }}"
owncloud_db_username: owncloud
# owncloud_db_password: (required)
owncloud_db_database: owncloud

# tarsnap
tarsnap_version: 1.0.36.1

# vpn
# Notes about security: https://blog.g3rt.nl/openvpn-security-tips.html
# Check privacy: http://witch.valdikss.org.ru/
# openvpn_key_country: (required)
# openvpn_key_province: (required)
# openvpn_key_city: (required)
# openvpn_key_org: (required)
# openvpn_key_ou: (required)
openvpn_days_valid: "1825"
openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
openvpn_key_size: "2048"
openvpn_cipher: "AES-256-CBC"
openvpn_auth_digest: "SHA512"
openvpn_path: "/etc/openvpn"
openvpn_ca: "{{ openvpn_path }}/ca"
openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"
openvpn_hmac_firewall: "{{ openvpn_path }}/ta.key"
openvpn_server: "{{ domain }}"
openvpn_port: "1194"
openvpn_protocol: "udp"
openvpn_mtu: "1300"
openvpn_verb: "3" # "0" for anonymity
# uncomment for openvpn 2.3.3 and >2.3.4
openvpn_tls_version_min: "" # "tls-version-min 1.2"
openvpn_tls_cipher: "" # "tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
# openvpn_clients: (required)

# webmail
webmail_domain: "{{ mail_server_hostname }}"
webmail_db_username: "roundcube"
# webmail_db_password: (required)
webmail_db_database: "roundcube"
carddav_version: "1.0.0"

# xmpp
prosody_admin: "{{ admin_email }}"
prosody_virtual_domain: "{{ domain }}"
# prosody_accounts: (required)

# news
selfoss_domain: "news.{{ domain }}"
selfoss_db_username: selfoss
# selfoss_db_password: (required)
selfoss_db_database: selfoss
selfoss_version: 2.14

# git
cgit_version: 0.12
cgit_domain: "git.{{ domain }}"
gitolite_version: 3.6.4

# wallabag
wallabag_version: 1.9.1
wallabag_domain: "read.{{ domain }}"
# wallabag_salt: (required)
wallabag_db_username: wallabag
# wallabag_db_password: (required)
wallabag_db_database: wallabag