2022-01-14 19:46:59 +01:00
|
|
|
---
|
2022-02-11 18:39:35 +01:00
|
|
|
# Custom variables ────────────────────────────────────────────────────────────
|
|
|
|
|
2022-01-14 19:46:59 +01:00
|
|
|
rootfs: btrfs
|
2022-02-11 18:39:35 +01:00
|
|
|
|
2022-01-14 19:46:59 +01:00
|
|
|
username: follie
|
2022-02-11 18:39:35 +01:00
|
|
|
|
2022-05-16 11:24:58 +02:00
|
|
|
# See roles/user/defaults/main.yml for a list of accepted shells
|
|
|
|
usershell: fish
|
|
|
|
|
2022-02-11 18:39:35 +01:00
|
|
|
repository: https://mirror.math.princeton.edu/pub/alpinelinux
|
|
|
|
|
2022-08-18 14:56:44 +02:00
|
|
|
# Additional kernel command-line parameters (added to the bootloader)
|
|
|
|
additional_kernel_parameters:
|
2022-06-19 20:27:32 +02:00
|
|
|
- init_on_free=1
|
|
|
|
- page_alloc.shuffle=1
|
|
|
|
- lockdown=integrity
|
|
|
|
|
|
|
|
# 'seatd' or 'elogind'
|
2022-02-11 18:39:35 +01:00
|
|
|
seat_manager: seatd
|
|
|
|
|
2022-08-07 11:33:21 +02:00
|
|
|
# acpid implementation to use when elogind is not present
|
|
|
|
# 'busybox' or 'acpid'
|
|
|
|
acpid_daemon: busybox
|
|
|
|
|
2022-05-20 18:55:40 +02:00
|
|
|
# busybox's mdev, skarnet's mdevd or eudev's udev
|
|
|
|
device_manager: mdevd
|
|
|
|
|
2022-08-18 14:56:44 +02:00
|
|
|
# Should polkit be used for stuff
|
|
|
|
# (have no effect when seat_manager == 'elogind')
|
2022-06-19 20:27:32 +02:00
|
|
|
polkit: false
|
2022-02-11 18:39:35 +01:00
|
|
|
|
2022-02-17 17:33:22 +01:00
|
|
|
# Should be a file name in /usr/share/consolefonts/
|
|
|
|
console_font: ter-h22b.psf.gz
|
|
|
|
|
2022-06-19 20:27:32 +02:00
|
|
|
# 'dnscrypt-proxy' or 'unbound'
|
|
|
|
dns_resolver: dnscrypt-proxy
|
|
|
|
|
|
|
|
dnscrypt:
|
|
|
|
adblock: true
|
|
|
|
server_names:
|
|
|
|
- quad9-doh-ip4-port443-filter-pri
|
|
|
|
- quad9-doh-ip6-port443-filter-pri
|
|
|
|
- quad9-dnscrypt-ip4-filter-pri
|
2022-07-19 17:36:13 +02:00
|
|
|
- cloudflare-security
|
|
|
|
- cloudflare-security-ipv6
|
2022-06-19 20:27:32 +02:00
|
|
|
ephemeral_keys: true
|
|
|
|
tls_disable_session_tickets: true
|
|
|
|
tls_cipher_suite: [52392, 49199]
|
|
|
|
bootstrap_resolvers:
|
|
|
|
- 9.9.9.9:53
|
|
|
|
- 1.1.1.1:53
|
2022-07-19 17:36:13 +02:00
|
|
|
netprobe_address: 1.1.1.1:53
|
2022-06-19 20:27:32 +02:00
|
|
|
local_doh:
|
|
|
|
enabled: false
|
|
|
|
listen_addresses:
|
|
|
|
- 127.0.0.1:3012
|
|
|
|
path: '/dns-query'
|
|
|
|
anonymized_dns: # not compatible with DoH and ODoH servers
|
|
|
|
enabled: false
|
|
|
|
routes:
|
|
|
|
- server_name: '*'
|
|
|
|
via:
|
|
|
|
- anon-tiarap
|
|
|
|
- anon-tiarap-ipv6
|
|
|
|
- anon-cs-tokyo
|
|
|
|
- anon-cs-sk
|
|
|
|
|
2022-01-28 17:43:31 +01:00
|
|
|
unbound_upstream_nameservers:
|
|
|
|
- 9.9.9.9@853#dns.quad9.net
|
|
|
|
- 149.112.112.112@853#dns.quad9.net
|
|
|
|
- 2620:fe::fe@853#dns.quad9.net
|
|
|
|
- 2620:fe::9@853#dns.quad9.net
|
2022-07-19 17:36:13 +02:00
|
|
|
- 1.1.1.1@853#cloudflare-dns.com
|
|
|
|
- 1.0.0.1@853#cloudflare-dns.com
|
|
|
|
- 2606:4700:4700::1111@853#cloudflare-dns.com
|
|
|
|
- 2606:4700:4700::1001@853#cloudflare-dns.com
|
2022-01-14 19:46:59 +01:00
|
|
|
|
2022-02-11 18:39:35 +01:00
|
|
|
# 'virtlockd' and 'virtlogd' will always be started. Don't list them here
|
|
|
|
libvirt_daemons:
|
|
|
|
- virtinterfaced
|
|
|
|
- virtnetworkd
|
|
|
|
- virtnodedevd
|
|
|
|
- virtqemud
|
|
|
|
- virtstoraged
|
|
|
|
|
2022-04-04 08:27:06 +02:00
|
|
|
# For libvirt's NAT firewall rules
|
|
|
|
# IPv6 is optional (https://wiki.gentoo.org/wiki/QEMU/KVM_IPv6_Support)
|
|
|
|
libvirt_bridges:
|
|
|
|
- name: virbr0
|
|
|
|
ip4: 192.168.122.0/24
|
|
|
|
|
|
|
|
# Public facing network interfaces
|
|
|
|
# https://wiki.alpinelinux.org/wiki/Configure_Networking
|
|
|
|
network_interfaces:
|
|
|
|
- name: eth0
|
|
|
|
ip4_type: dhcp
|
|
|
|
ip6_type: auto
|
|
|
|
|
2022-05-10 18:13:35 +02:00
|
|
|
# Punching holes on the machine
|
2022-04-04 08:27:06 +02:00
|
|
|
# 546/UDP (IPv6 link-local client) is hardcoded (opened) so don't specify it here
|
|
|
|
opened_ports:
|
|
|
|
tcp: []
|
|
|
|
udp: []
|
|
|
|
|
2022-03-28 20:15:28 +02:00
|
|
|
# 'podman' or 'nerdctl'
|
|
|
|
rootless_container_cli: podman
|
|
|
|
|
2022-07-23 13:43:38 +02:00
|
|
|
# earlyoom kills processes on its own so make it optional
|
|
|
|
earlyoom:
|
|
|
|
set_priority: true
|
|
|
|
mem_min_percent: 5,2
|
|
|
|
swap_min_percent: 10,5
|
|
|
|
|
2022-05-10 18:13:35 +02:00
|
|
|
# Configure waydroid base image
|
|
|
|
waydroid:
|
|
|
|
rom_type: lineage # lineage, bliss
|
2022-06-19 20:27:32 +02:00
|
|
|
system_type: VANILLA # FOSS, GAPPS, VANILLA
|
2022-05-10 18:13:35 +02:00
|
|
|
|
2022-02-14 06:55:43 +01:00
|
|
|
# Secrets encrypted with ansible-vault ────────────────────────────────────────
|
|
|
|
|
2022-02-11 18:39:35 +01:00
|
|
|
password: '{{ vault_password }}'
|