-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvault.yml.example
More file actions
70 lines (59 loc) · 2.86 KB
/
vault.yml.example
File metadata and controls
70 lines (59 loc) · 2.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
---
# ==============================================================================
# REQUIRED VARIABLES - Deployment fails without these
# ==============================================================================
# Domain & SSL Configuration
# Validation: Domain must be valid FQDN, email must be valid format
vault_domain_name: "yourdomain.com"
vault_letsencrypt_email: "admin@yourdomain.com"
# Cloudflare API for Let's Encrypt DNS-01 Challenge
# Required for: Traefik SSL certificate automation
# How to get: Cloudflare dashboard → API Tokens → Create Token (Zone:Read, DNS:Edit)
# Validation: Must have proper permissions
vault_cloudflare_api_token: "your-cloudflare-api-token"
# Service Authentication
# DNS Server (pi-dns)
vault_pihole_admin_password: "your-secure-admin-password"
vault_pihole_webpassword: "your-secure-web-password"
# Automation Stack (pi-automation)
# Generate: htpasswd -nbB admin your-password
vault_traefik_basic_auth: "admin:$2y$10$your-bcrypt-hash"
# Generate: openssl rand -base64 32
vault_influxdb3_session_secret_key: "your-session-secret-key-min-32-chars"
# Monitoring Stack (debian-monitoring)
vault_grafana_admin_password: "your-secure-grafana-password"
# Backup Configuration
# Storage connection
vault_backup_repository_base: "sftp:backup-user@backup-server.com:/backups"
vault_backup_storage_host: "backup-server.com"
vault_backup_storage_user: "backup-user"
vault_backup_storage_port: 22
# Per-service backup passwords (MUST be unique, 32+ characters each)
# Validation: Minimum 32 characters
# Generate: openssl rand -base64 32
vault_restic_dns_password: "your-32-character-secure-restic-password"
vault_restic_music_password: "your-32-character-secure-restic-password"
vault_restic_automation_password: "your-32-character-secure-restic-password"
vault_restic_monitoring_password: "your-32-character-secure-restic-password"
# ==============================================================================
# OPTIONAL VARIABLES - Only required for specific features
# ==============================================================================
# YouTube Sync (music-stack)
# Required only if: youtube_sync_enabled: true in host_vars
vault_youtube_playlists:
- "https://www.youtube.com/playlist?list=YOUR_PLAYLIST_ID"
vault_youtube_quality: "bestaudio[ext=m4a]/best[ext=mp4]/best"
vault_youtube_concurrent: 3
vault_youtube_extra_args: "--embed-metadata --embed-thumbnail"
# SMTP Alerting (monitoring)
# Required only if: alerting enabled
vault_smtp_host: "smtp.gmail.com"
vault_smtp_port: 587
vault_smtp_username: "alerts@yourdomain.com"
vault_smtp_password: "your-smtp-app-password"
vault_alertmanager_email: "admin@yourdomain.com"
# Optional Services (automation)
vault_vaultwarden_admin_token: "your-vaultwarden-admin-token"
vault_watchtower_api_token: "your-watchtower-api-token"
vault_dozzle_username: "admin"
vault_dozzle_password: "your-dozzle-password"