# Variables Senstivie data should be encrypted using [ansible-vault](https://docs.ansible.com/ansible/latest/cli/ansible-vault.html). ## bacula_catalog_name Name of the Bacula catalog. ```yaml bacula_catalog_name: HomeCatalog ``` ## bacula_clients List of Bacula Clients. ```yaml bacula_clients: - name: pilote-fd address: localhost catalog: HomeCatalog password: *** file_retention: 60 days job_retention: 6 months autoprune: 'yes' - name: vps-fd address: 192.168.0.1 catalog: HomeCatalog password: *** file_retention: 60 days job_retention: 6 months autoprune: 'yes' - name: storage1-fd address: 192.168.0.2 catalog: HomeCatalog password: *** file_retention: 60 days job_retention: 6 months autoprune: 'yes' ``` ## bacula_device_archive_device Directory of the Device where to store Bacula backups. ```yaml bacula_device_archive_device: /storage/bacula/backup ``` ## bacula_device_name Name of the Bacula Device. ```yaml bacula_device_name: FileStorage ``` ## bacula_director_address Address of the Bacula director. ```yaml bacula_director_address: 127.0.0.1 ``` ## bacula_director_name Name of the Bacula director. ```yaml bacula_director_name: pilote-dir ``` ## bacula_director_password Password of the Bacula director. ```yaml bacula_director_password: *** ``` ## bacula_filedaemon_address Address of the Bacula Client (File Daemon). ```yaml bacula_filedaemon_address: 127.0.0.1 ``` ## bacula_filedaemon_name Name of the Bacula Client (File Daemon). ```yaml bacula_filedaemon_name: pilote-fd ``` ## bacula_filedaemon_password Password of the Bacula Client (File Daemon). ```yaml bacula_filedaemon_password: *** ``` ## bacula_filesets List of Bacula File Sets. ```yaml bacula_filesets: - name: DebianFileSet include: options: signature: MD5 compression: GZIP files: - /etc - /var/log - /root - /home exclude: files: - '*~' - name: CatalogFileSet include: options: signature: MD5 compression: GZIP files: - /var/lib/bacula/bacula.sql - name: InfluxDBFileSet include: options: signature: MD5 files: - /var/lib/bacula/influxdb - name: GrafanaFileSet include: options: signature: MD5 files: - /var/lib/bacula/grafana ``` ## bacula_jobs List of Bacula Jobs. ```yaml bacula_jobs: - name: BackupPilote client: pilote-fd fileset: DebianFileSet - name: BackupStorage1 client: storage1-fd fileset: DebianFileSet - name: BackupStorage2 client: storage2-fd fileset: DebianFileSet - name: BackupStorage3 client: storage3-fd fileset: DebianFileSet - name: BackupCatalog client: pilote-fd level: Full fileset: CatalogFileSet schedule: DefaultScheduleAfterBackup run_before_job: /etc/bacula/scripts/make_catalog_backup.pl HomeCatalog run_after_job: /etc/bacula/scripts/delete_catalog_backup priority: 11 # run after main backup - name: BackupInfluxDB client: storage1-fd fileset: InfluxDBFileSet schedule: DefaultScheduleAfterBackup client_run_before_job: /etc/bacula/scripts/influxdb-backup %l client_run_after_job: /etc/bacula/scripts/influxdb-cleanup priority: 11 # run after main backup - name: BackupGrafana client: storage1-fd level: Full fileset: GrafanaFileSet schedule: DefaultScheduleAfterBackup client_run_before_job: /etc/bacula/scripts/grafana-backup client_run_after_job: /etc/bacula/scripts/grafana-cleanup priority: 11 # run after main backup - name: RestoreFiles type: Restore client: storage1-fd storage: storage1-sd fileset: DebianFileSet # required but not used pool: FullFile # required but not used messages: Standard where: /storage/bacula/restore ``` ## bacula_pools List of Bacula Pools. ```yaml bacula_pools: - name: FullFile pool_type: Backup recycle: 'yes' auto_prune: 'yes' volume_retention: 10 years storage: storage1-sd maximum_volume_bytes: 1G maximum_volumes: 100 labelformat: Full- - name: DiffFile pool_type: Backup recycle: 'yes' auto_prune: 'yes' volume_retention: 6 weeks storage: storage1-sd maximum_volume_bytes: 1G maximum_volumes: 100 labelformat: Diff- - name: IncrFile pool_type: Backup recycle: 'yes' auto_prune: 'yes' volume_retention: 3 weeks storage: storage1-sd maximum_volume_bytes: 1G maximum_volumes: 100 labelformat: Incr- ``` ## bacula_schedules List of Bacula Schedules. ```yaml bacula_schedules: - name: DefaultSchedule runs: - datetime: 1st sun at 0:00 job_overrides: level: Full - datetime: 2nd-5th sun at 0:00 job_overrides: level: Differential - datetime: mon-sat at 0:00 job_overrides: level: Incremental - name: DefaultScheduleAfterBackup runs: - datetime: sun-sat at 0:00 job_overrides: level: Full ``` ## bacula_storage_address Address of the Bacula Storage. ```yaml bacula_storage_address: 127.0.0.1 ``` ## bacula_storage_name Name of the Bacula Storage. ```yaml bacula_storage_name: storage1-sd ``` ## bacula_storage_password Password of the Bacula Storage. ```yaml bacula_storage_password: *** ``` ## bacula_storages List of Bacula Storages. ```yaml bacula_storages: - name: storage1-sd address: 192.168.0.2 password: *** device: FileStorage media_type: File ``` ## easyrsa_ca_dir Path to the CA directory to create. ```yaml easyrsa_ca_dir: /var/lib/easyrsa ``` ## easyrsa_clients List of client hostnames that will have RSA certificates. ```yaml easyrsa_clients: - pilote - storage1 - storage2 - storage3 - vps ``` ## hostname Name of the remote host. ```yaml hostname: pilote ``` ## local_subnet Local subnet where the remote host lives. ```yaml local_subnet: 192.168.0.0/24 ``` ## mosquitto_passwords List of usernames and passwords to defined mosquitto users. ```yaml mosquitto_passwords: - user: telegraf hash: '$***' - user: nagios hash: '$***' ``` See [mosquitto_passwd](https://mosquitto.org/man/mosquitto_passwd-1.html) command to generate the hash file. ## nagios_commands List of Nagios commands. ```yaml nagios_commands: - command_name: check_https_vhost_certificate command_line: /usr/lib/nagios/plugins/check_http --ssl --sni -I '$HOSTADDRESS$' -H '$ARG1$' -C '$ARG2$' ``` ## nagios_contact_groups List of Nagios contact groups. ```yaml nagios_contact_groups: - contactgroup_name: admins alias: Nagios Administrators members: - admin - telegram ``` ## nagios_contacts List of Nagios contacts. ```yaml nagios_contacts: - contact_name: admin use: generic-contact alias: Nagios Admin email: noreply@nonexistant.com host_notifications_enabled: 0 service_notifications_enabled: 0 - contact_name: telegram use: generic-contact alias: Telegram notifications pager: 000000000 email: noreply@nonexistant.com service_notification_commands: notify-service-by-telegram host_notification_commands: notify-host-by-telegram ``` ## nagios_hostgroups List of Nagios host groups. ```yaml nagios_hostgroups: - hostgroup_name: linux-servers alias: Linux servers members: - pilote - vps - storage1 - storage2 - storage3 - hostgroup_name: web-servers alias: Web servers members: - vps ``` ## nagios_hosts List of Nagios hosts. ```yaml nagios_hosts: - use: home-host host_name: pilote alias: pilote address: 127.0.0.1 - use: home-host host_name: vps alias: vps address: 10.8.0.1 ``` ## nagios_host_templates List of Nagios host templates. ```yaml nagios_host_templates: - name: home-host use: generic-host check_command: check-host-alive contact_groups: admins notification_options: - d - u - r check_interval: 5 retry_interval: 5 # retry every 5 minutes max_check_attempts: 12 # alert at 1 hour (12x5 minutes) notification_interval: 720 # resend notifications every 12 hours ``` ## nagios_htdigest_users List of users for basic authentication. ```yaml nagios_htdigest_users: - name: admin hash: '...' ``` ## nagios_service_dependencies List of Nagios service dependencies. ```yaml nagios_service_dependencies: - host_name: pilote service_description: ovhcloud_voip dependent_host_name: pilote dependent_service_description: ovhcloud_ping execution_failure_criteria: u notification_failure_criteria: u ``` ## nagios_services List of Nagios services. ```yaml nagios_services: - use: home-service hostgroup_name: linux-servers service_description: load check_command: check_nrpe_nossl!check_load - use: home-service hostgroup_name: web-servers service_description: https_monitoring_tld_certificate check_command: check_https_vhost_certificate!monitoring.tld!1 ``` ## nagios_service_templates List of Nagios service templates. ```yaml nagios_service_templates: - name: home-service use: generic-service contact_groups: admins check_interval: 5 retry_interval: 5 # retry every 5 minutes max_check_attempts: 12 # alert at 1 hour (12x5 minutes) notification_interval: 720 # 12 hours - name: public-service use: generic-service contact_groups: admins check_interval: 1 retry_interval: 1 # retry every minute max_check_attempts: 3 # alert after 3 minutes notification_interval: 60 # 1 hour ``` ## nagios_telegram_auth_key Key used to authenticate to the Telegram API. See [how to create a bot](https://core.telegram.org/bots#3-how-do-i-create-a-bot). ```yaml nagios_telegram_auth_key: '***' ``` ## nagios_telegram_chat_id Unique identifier for the target chat or username of the target channel (in the format `@channelusername`). See [API specifications](https://core.telegram.org/bots/api#sendmessage). ```yaml nagios_telegram_chat_id: 000000000 ``` ## nrpe_allowed_hosts List of IP addresses or ranges allowed to talk to the NRPE daemon. ```yaml nrpe_allowed_hosts: - 10.8.0.0/24 - 127.0.0.1 ``` ## nrpe_commands List of NRPE commands. ```yaml nrpe_commands: - name: check_load line: /usr/lib/nagios/plugins/check_load -r -w 1,1,1 -c 4,4,4 - name: check_openvpn line: '/usr/lib/nagios/plugins/check_procs -c 1: -C openvpn' - name: check_openvpn_cert line: >- /opt/check_ssl_cert/check_ssl_cert -f /etc/openvpn/client.crt --ignore-maximum-validity --ignore-incomplete-chain --allow-empty-san --ignore-sct --warning 15 --critical 1 ``` ## nrpe_opts Options for the NRPE daemon. ```yaml nrpe_opts: '-n' # Disable TLS ``` ## openvpn_ca Content of the certificate of the Certificate Authority (CA) used to certify VPN connections. ```yaml openvpn_ca: | -----BEGIN CERTIFICATE----- ``` ## openvpn_cert Content of the certificate used to authenticate to the VPN server. ```yaml openvpn_cert: | -----BEGIN CERTIFICATE----- ``` ## openvpn_key Content of the private key used to authenticate to the VPN server. ```yaml openvpn_key: ``` ## openvpn_remote_host Hostname or IP address of the remote VPN server. ```yaml openvpn_remote_host: vpn.fqdn ``` ## openvpn_subnet Subnet used by OpenVPN to group clients. ```yaml openvpn_subnet: 10.8.0.0/24 ``` ## openvpn_ta Content of the OpenVPN static key used for TLS authentication. ```yaml openvpn_ta: ``` ## ovh_application_key Application key used to authenticate to the OVH API. ```yaml ovh_application_key: deadbeef ``` See [first steps with the OVHcloud APIs](https://help.ovhcloud.com/csm/en-gb-api-getting-started-ovhcloud-api?id=kb_article_view&sysparm_article=KB0042784). ## ovh_application_secret Application secret used to authenticate to the OVH API. ```yaml ovh_application_secret: deadbeef ``` See [first steps with the OVHcloud APIs](https://help.ovhcloud.com/csm/en-gb-api-getting-started-ovhcloud-api?id=kb_article_view&sysparm_article=KB0042784). ## ovh_consumer_key Consumer key used to authenticate to the OVH API. ```yaml ovh_consumer_key: deadbeef ``` See [first steps with the OVHcloud APIs](https://help.ovhcloud.com/csm/en-gb-api-getting-started-ovhcloud-api?id=kb_article_view&sysparm_article=KB0042784). ## ovh_endpoint Endpoint of the OVH API. ```yaml ovh_endpoint: ovh-eu ``` See [first steps with the OVHcloud APIs](https://help.ovhcloud.com/csm/en-gb-api-getting-started-ovhcloud-api?id=kb_article_view&sysparm_article=KB0042784). ## serial2mqtt_host Hostname or IP address used by serial2mqtt to send messages to the MQTT broker. ```yaml serial2mqtt_host: localhost ``` ## serial2mqtt_interface Name of the serial interface name used by serial2mqtt to gather metrics produced by the Arduino board. ```yaml serial2mqtt_interface: /dev/ttyACM0 ``` ## serial2mqtt_password Password used by serial2mqtt to send messages to the MQTT broker. ```yaml serial2mqtt_password: *** ``` ## serial2mqtt_port Port used by serial2mqtt to send messages to the MQTT broker. ```yaml serial2mqtt_port: 1883 ``` ## serial2mqtt_topic_prefix Add this prefix to topic names on the MQTT broker for serial2mqtt messages. ```yaml serial2mqtt_topic_prefix: sensors ``` ## serial2mqtt_username Username used by serial2mqtt to send messages to the MQTT broker. ```yaml serial2mqtt_username: telegraf ``` ## ssh_authorized_keys List of SSH authorized keys. ```yaml ssh_authorized_keys: - user: root key: ssh-ed25519 hash comment: desktop ``` Used by [ansible.posix.authorized_keys](https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html) module. ## telegraf_influxdb_database Name of the InfluxDB database used by telegraf to send metrics. ```yaml telegraf_influxdb_database: metrics ``` ## telegraf_influxdb_password Password of the InfluxDB user used by telegraf to send metrics. ```yaml telegraf_influxdb_password: *** ``` ## telegraf_influxdb_urls List of InfluxDB endpoints used by telegraf to send metrics. ```yaml telegraf_influxdb_urls: - https://192.168.0.1:8088 ``` ## telegraf_influxdb_username Name of the InfluxDB user used by telegraf to send metrics. ```yaml telegraf_influxdb_username: telegraf ``` ## telegraf_mqtt_consumer_password Password used to authenticate to the MQTT broker for telegraf. ```yaml telegraf_mqtt_consumer_password: *** ``` ## telegraf_mqtt_consumer_servers List of MQTT brokers for telegraf. ```yaml telegraf_mqtt_consumer_servers: - tcp://localhost:1883 ``` ## telegraf_mqtt_consumer_topics List of MQTT topics to consume for telegraf. ```yaml telegraf_mqtt_consumer_topics: - sensors/humidity - sensors/temperature ``` ## telegraf_mqtt_consumer_username Name used to authenticate to the MQTT broker for telegraf. ```yaml telegraf_mqtt_consumer_username: telegraf ``` ## telegraf_ping_ip IP address of the host to ping for latency metrics. ```yaml telegraf_ping_ip: 192.168.0.1 ``` ## timezone Alias of the time zone. ```yaml timezone: Europe/Brussels ``` ## users List of users to configure on the remote host. ```yaml users: - name: root password: hash ``` Used by [ansible.builtin.user](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html) module.