ansible-nas/group_vars/all.yml.dist

###
### Ansible NAS Features
###
# Set these options to true or false to toggle specific features

# External Access
# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your 
# home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip.
# You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "availble_externally" 
# settings.
traefik_enabled: false

# BitTorrent
# If you plan to use Transmission with OpenVPN, you'll need to copy group_vars/vpn_credentials.yml.dist
# to group_vars/vpn_credentials.yml, then update it with your own settings.
transmission_with_openvpn_enabled: false
transmission_enabled: false

# Plex
plex_enabled: false
tautulli_enabled: false

# Emby
emby_enabled: false

# minidlna
minidlna_enabled: false

# Media Sourcing
sonarr_enabled: false
sickchill_enabled: false
couchpotato_enabled: false
radarr_enabled: false
get_iplayer_enabled: false
jackett_enabled: false

# Music
airsonic_enabled: false
mymediaforalexa_enabled: false

# News
miniflux_enabled: false

# System Management
heimdall_enabled: true
portainer_enabled: true
glances_enabled: false
stats_enabled: false
guacamole_enabled: false
netdata_enabled: false
watchtower_enabled: false
cloudflare_ddns_enabled: false

# Backup & Restore
duplicati_enabled: false
nextcloud_enabled: false
gitea_enabled: false
timemachine_enabled: false

# IRC
znc_enabled: false
thelounge_enabled: false

# Password Management
bitwarden_enabled: false

###
### General
###
# Sets the hostname of your Ansible NAS
ansible_nas_hostname: ansible-nas

# Sets the timezone for your Ansible NAS
# You can find a list here https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ansible_nas_timezone: Etc/UTC

# Update all apt packages when playbook is run
keep_packages_updated: false

# Will be added to the docker group to give user command line access to docker
ansible_nas_user: david

# Your email and domain, used for LetsEncrypt SSL certs
ansible_nas_email: me@example.com

# Applications will have subdomain SSL certificates created, eg ansible-nas.<your-domain>, nextcloud.<your-domain>
ansible_nas_domain: example.com

###
### Docker
###
# Where you want Docker to store images
docker_image_directory: "{{ docker_home }}/data"

# Where you want Docker to store its container data.
docker_home: /mnt/Volume2/docker

# Docker storage driver, see https://docs.docker.com/storage/storagedriver/select-storage-driver/#supported-backing-filesystems
# You might want to change this to ZFS, depending on your underlying filesystem.
docker_storage_driver: overlay2

###
### Samba
###
# The location where all shares will be created by default. Can be overridden on a per-share basis.
# This path will be mounted to backup containers, Duplicati
samba_shares_root: /mnt/Volume3

# Where stuff downloaded will be stored
downloads_root: "{{ samba_shares_root }}/downloads"

# Where your movies are stored
movies_root: "{{ samba_shares_root }}/movies"

# Where your TV episodes are stored
tv_root: "{{ samba_shares_root }}/tv"

# Where torrent files are stored (picked up by Transmission for downloading)
torrents_root: "{{ samba_shares_root }}/torrents"

# Where music is stored
music_root: "{{ samba_shares_root }}/music"

# Where podcasts are stored
podcasts_root: "{{ samba_shares_root }}/podcasts"

# The description that'll appear next to your Ansible-NAS box when browsing your network
samba_server_string: Ansible NAS

# Shares you want published over Samba.
samba_shares:
  - name: downloads
    comment: 'Stuff downloaded'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ downloads_root }}"

  - name: movies
    comment: 'Movies'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ movies_root }}"

  - name: tv
    comment: 'TV Episodes'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ tv_root }}"

  - name: music
    comment: 'Music'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ samba_shares_root }}/music"

  - name: podcasts
    comment: 'Podcasts'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ samba_shares_root }}/podcasts"

  - name: dump
    comment: 'File dump'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ samba_shares_root }}/dump"

  - name: games
    comment: 'Games'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ samba_shares_root }}/games"

  - name: photos
    comment: 'Pictures'
    guest_ok: yes
    public: yes
    writable: yes
    browsable: yes
    path: "{{ samba_shares_root }}/photos"

###
### Cloudflare
###
# Cloudflare is a great free DNS option for domains. If you use the cloudflare_ddns container then you'll need to
# set the options below.

# Your domain name
cloudflare_zone: "{{ ansible_nas_domain }}"

# The hostname you want the container to update. You shouldn't need to change this.
cloudflare_host: "*.{{ cloudflare_zone }}"

# Email address used to register for Cloudflare
cloudflare_email: "{{ ansible_nas_email }}"

# Cloudflare 'Global API Key', can be found on the 'My Profile' page
cloudflare_api_key: abcdeabcdeabcdeabcde1234512345

##################################################################
###### You shouldn't need to edit anything below this point ######
##################################################################

###
### General
###
# Extra packages to install
ansible_nas_extra_packages:
  - smartmontools
  - htop
  - zfsutils-linux
  - bonnie++
  - unzip
  - lm-sensors

ansible_python_interpreter: /usr/bin/python3

###
### Samba
###
# Seems to break browsing of the \\server-name shares root when enabled
samba_mitigate_cve_2017_7494: false

# The account used when Samba shares are accessed. Shouldn't need to change this unless you want to
# mess with Samba user permissions.
samba_guest_account: ansible-nas

# How Samba behaves when an unknown user connects, see Samba docs for more info
samba_map_to_guest: Bad Password

# The Netbios hostname used by Samba on your network
samba_netbios_name: "{{ ansible_nas_hostname }}"

###
### Traefik
###
traefik_docker_image: traefik:latest
traefik_data_directory: "{{ docker_home }}/traefik"
traefik_debug: "false"

###
### Heimdall
###
heimdall_available_externally: "false"
heimdall_docker_image: linuxserver/heimdall:latest
heimdall_data_directory: "{{ docker_home }}/heimdall"

###
### Transmission
###
transmission_available_externally: "false"
transmission_with_openvpn_available_externally: "false"
transmission_config_directory: "{{ docker_home }}/transmission/config"
transmission_download_directory: "{{ downloads_root }}"
transmission_watch_directory: "{{ torrents_root }}"
transmission_user_id: 0
transmission_group_id: 0
transmission_local_network: "192.168.1.0/24"


###
### Plex
###
plex_available_externally: "false"
plex_config_directory: "{{ docker_home }}/plex/config"
plex_movies_directory: "{{ movies_root }}"
plex_tv_directory: "{{ tv_root }}"
plex_user_id: 0
plex_group_id: 0

###
### Emby
###
emby_available_externally: "false"
emby_config_directory: "{{ docker_home }}/emby/config"
emby_movies_directory: "{{ movies_root }}"
emby_tv_directory: "{{ tv_root }}"
emby_user_id: 0
emby_group_id: 0

###
### Tautulli
###
tautulli_available_externally: "false"
tautulli_config_directory: "{{ docker_home }}/tautulli/config"
tautulli_user_id: 0
tautulli_group_id: 0


###
### Duplicati
###
duplicati_available_externally: "false"
duplicati_data_directory: "{{ docker_home }}/duplicati/config"


###
### Sonarr
###
sonarr_available_externally: "false"
sonarr_data_directory: "{{ docker_home }}/sonarr/config"
sonarr_tv_directory: "{{ tv_root }}"
sonarr_download_directory: "{{ downloads_root }}"
sonarr_user_id: 0
sonarr_group_id: 0


###
### Radarr
###
radarr_available_externally: "false"
radarr_movies_directory: "{{ movies_root }}"
radarr_download_directory: "{{ downloads_root }}"
radarr_data_directory: "{{ docker_home }}/radarr"
radarr_user_id: 0
radarr_group_id: 0


###
### Couchpotato
###
couchpotato_available_externally: "false"
couchpotato_config_directory: "{{ docker_home }}/couchpotato/config"
couchpotato_movies_directory: "{{ movies_root }}"
couchpotato_downloads_directory: "{{ downloads_root }}"
couchpotato_torrents_directory: "{{ torrents_root }}"
couchpotato_user_id: 0
couchpotato_group_id: 0


###
### Sickchill
###
sickchill_available_externally: "false"
sickchill_config_directory: "{{ docker_home }}/sickchill/config"
sickchill_tv_directory: "{{ tv_root }}"
sickchill_downloads_directory: "{{ downloads_root }}"
sickchill_user_id: 0
sickchill_group_id: 0

###
### Netdata
###
netdata_available_externally: "false"

###
### OpenVPN
###
openvpn_config_directory: "{{ docker_home }}/openvpn"


###
### Portainer
###
portainer_available_externally: "false"
portainer_data_directory: "{{ docker_home }}/portainer/config"


###
### ZNC
###
znc_available_externally: "false"
znc_data_directory: "{{ docker_home }}/znc"
znc_user_id: 0
znc_group_id: 0


###
### Stats
###
grafana_available_externally: "false"
telegraf_data_directory: "{{ docker_home }}/telegraf"
influxdb_data_directory: "{{ docker_home }}/influxdb"
grafana_data_directory: "{{ docker_home }}/grafana"
stat_collection_interval: 15s

###
### Gitea
###
gitea_available_externally: "false"
gitea_data_directory: "{{ docker_home }}/gitea"

###
### Glances
###
glances_available_externally: "false"

###
### Nextcloud
###
nextcloud_available_externally: "false"
nextcloud_data_directory: "{{ docker_home }}/nextcloud"

###
### nginx
###
nginx_data_directory: "{{ docker_home }}/nginx"

###
### Guacamole
###
guacamole_available_externally: "false"
guacamole_docker_image: guacamole/guacamole:0.9.14
guacamole_guacd_docker_image: guacamole/guacd:0.9.14
guacamole_data_directory: "{{ docker_home }}/guacamole"

###
### Miniflux
###
miniflux_available_externally: "false"
miniflux_data_directory: "{{ docker_home }}/miniflux"
miniflux_admin_username: admin
miniflux_admin_password: supersecure

###
### Airsonic
###
airsonic_available_externally: "false"
airsonic_data_directory: "{{ docker_home }}/airsonic"

###
### Watchtower
###
# Sets the 6 field cron schedule to use for checks and updates. This will check at 5am daily.
watchtower_cron_schedule: 0 0 5 * * *

# Sets the Watchtower Docker start command. Different options can be supplied based on whether you want to receive
# notifications or not, some examples are provided below. See https://github.com/v2tec/watchtower for more info.

# No notifications
watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --debug"

# Email notifications
# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'email' --notification-email-from 'ansible@nas.com' --notification-email-to '{{ ansible_nas_email }}' --notification-email-server 'my.email.server.com' --notification-email-server-port '25' --notification-email-server-user 'email_username' --notification-email-server-password 'top-secret'"

# Slack notifications
# watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --notifications 'slack' --notification-slack-hook-url 'https://hooks.slack.com/services/xxx/yyyyyyyyyyyyyyy' --notification-slack-identifier 'ansible-nas'"

###
### Time Machine
###
timemachine_data_directory: "{{ docker_home }}/timemachine"
timemachine_volume_size_limit: 0
timemachine_password: timemachine
timemachine_share_name: TimeMachine
timemachine_log_level: error

###
### minidlna
###
minidlna_media_directory1: "{{ movies_root }}"
minidlna_media_directory2: "{{ tv_root }}"
minidlna_friendly_name: "{{ ansible_nas_hostname }}"

###
### get_iplayer
###
get_iplayer_config_directory: "{{ docker_home }}/get_iplayer"
get_iplayer_download_directory: "{{ tv_root }}/iplayer_downloads"

###
### mymediaforalexa
###
mymediaforalexa_media_directory: "{{ music_root }}"
mymediaforalexa_data_directory: "{{ docker_home }}/mymediaforalexa"

###
### Jackett
###
jackett_available_externally: "false"
jackett_data_directory: "{{ docker_home }}/jackett"

###
### The Lounge
###
thelounge_available_externally: "false"
thelounge_data_directory: "{{ docker_home }}/thelounge"

###
### Bitwarden
###
bitwarden_available_externally: "false"
bitwarden_data_directory: "{{ docker_home }}/bitwarden"

# Keep this token secret, this is password to access admin area of your server!
# This token can be anything, but it's recommended to use a long, randomly generated string of characters,
# for example running openssl rand -base64 48
bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321

# To create a user set this to "true", and reprovision the container by re-running the ansible-nas playbook.
# Once you have created your user, set to "false" and run one more time.
# Target just Bitwarden by running: ansible-playbook -i inventory nas.yml -b -K -t bitwarden
bitwarden_allow_signups: false