ansible_user: vagrant
update_hostname: yes
firewall_disable_ufw: true
firewall_flush_rules_and_chains: false
firewall_additional_rules:
  - "iptables -P INPUT DENY"
firewall_allowed_tcp_ports:
  - "22"
  - "80"
  - "443"
  # Jitsi
  - "4443"
firewall_allowed_udp_ports:
  # Jitsi
  - "10000"
users:
  - deploy
sudoers: []
docker_user: deploy
cryptpad_install_user: "{{ docker_user }}"
cryptpad_virtual_host: pad.satt.local
cryptpad_safe_virtual_host: pad-sandbox.satt.local
cryptpad_admin_email: admin@example.tld
cryptpad_block_daily_check: yes
nextcloud_install_user: "{{ docker_user }}"
nextcloud_mariadb_root_password: password
nextcloud_mariadb_user: nextcloud
nextcloud_mariadb_password: password
nextcloud_admin_user: admin
nextcloud_admin_password: password
nextcloud_trusted_domains: satt.local
nextcloud_overwrite_cli_url: http://nextcloud.satt.local
nextcloud_overwrite_host: nextcloud.satt.local
nextcloud_overwrite_protocol: http
nextcloud_enable_restic_compose_backup: False
nextcloud_virtual_host: nextcloud.satt.local
collabora_install_user: "{{ docker_user }}"
collabora_virtual_host: collabora.satt.local
collabora_domain_regex_pattern: nextcloud\.satt\.local
collabora_admin_user: admin
collabora_admin_password: password
onlyoffice_install_user: "{{ docker_user }}"
onlyoffice_virtual_host: documentserver.satt.local
onlyoffice_allow_origin_list: "{{ nextcloud_overwrite_cli_url }}"
onlyoffice_jwt_enabled: "true"
onlyoffice_jwt_secret: topsecrettoken
onlyoffice_jwt_header: Authorization
jitsi_install_user: "{{ docker_user }}"
jitsi_public_url: https://jitsi.satt.local
jitsi_docker_host_address: "{{ ansible_host }}"
jitsi_exposed_http_port: 8000
jitsi_exposed_https_port: 8443
jitsi_timezone: Europe/Amsterdam
jitsi_enable_letsencrypt: False
jitsi_virtual_host: jitsi.satt.local
jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443
jitsi_web_channel_last_n: 2
traefik_install_user: "{{ docker_user }}"
traefik_expose_internally: True
traefik_expose_externally: False
traefik_enable_acme: False
traefik_use_acme_staging: False
traefik_dns_challenge_provider: False