debops.core default variables

Custom local facts

core__facts

Dictionary of custom facts that are set globally on all hosts.

core__facts: {}
core__group_facts

Dictionary of custom facts that are set in a group of hosts.

core__group_facts: {}
core__host_facts

Dictionary of custom facts that are set on specific hosts.

core__host_facts: {}
core__remove_facts

List of custom fact keys which will be removed if found.

core__remove_facts: []
core__reset_facts

If True, Ansible will not add facts that are already present on a host to the dictionary, and only store those specified in inventory.

core__reset_facts: False

Tags stored as local facts

core__tags

Global list of tags to set on all hosts.

core__tags: []
core__group_tags

List of tags to set for a group of hosts.

core__group_tags: []
core__host_tags

List of tags to set on a given host.

core__host_tags: []
core__static_tags

Override any combination of global, group or host tags with a static set.

core__static_tags: []
core__remove_tags

Specify a list of tags to remove from a tag list, if they're present.

core__remove_tags: []
core__reset_tags

If True, Ansible will not merge current set of tags on a host and will create a new list of tags from inventory variables.

core__reset_tags: False

Core facts

core__ansible_controllers

List of IP addresses or CIDR subnets which contain hosts that are used to execute Ansible playbooks. Other roles that maintain host security can source the ansible_local.core.ansible_controllers list and add the entries found there to IP address whitelist.

core__ansible_controllers: []
core__active_controller

IP address from which the SSH connection to a given host originates. It usually is the external IP address of Ansible Controller host, but it might be an internal IP address of a gateway or SSH jumphost through which the connection is proxied. This IP address will be added to list of Ansible Controllers defined above.

core__active_controller: '{{ ((ansible_env.SSH_CLIENT.split(" ") | first)
                              if (ansible_env | d() and ansible_env.SSH_CLIENT | d())
                              else "") }}'
core__admin_groups

List of the system groups which contain the system administrator accounts. If you don't want this functionality, make this list empty.

core__admin_groups: [ 'admins' ]
core__admin_users

List of system administrator accounts. Ansible will check what accounts are in the groups specified above and include them in this list automatically. These accounts are used in different roles to automatically create administrative accounts in different services.

To override the admin accounts autodetected by Ansible, specify them in this list.

core__admin_users: '{{ ((ansible_local.core.admin_users
                         if (ansible_local.core.admin_users | d())
                         else [])
                        + [(ansible_user
                             if (ansible_user is defined and
                                 ansible_user not in
                                 (core__admin_blacklist_default_users
                                  + core__admin_blacklist_users))
                             else lookup("env", "USER"))])
                        | unique }}'
core__admin_blacklist_default_users

List of user accounts which will not be included by Ansible in the system administrator account list. This is used to avoid creating common, static admin account names in various services.

core__admin_blacklist_default_users:
  - 'admin'
  - 'ansible'
  - 'debian'
  - 'pi'
  - 'root'
  - 'ubuntu'
  - 'user'
core__admin_blacklist_users

Additional list of user accounts to not include in the system administrator account list.

core__admin_blacklist_users: []
core__admin_public_email

List of public system administrator e-mail addresses. The addresses specified here will be used as publicly visible admin contact information by the Ansible roles that use them.

This variable can be used as a final destination by the system MTA.

core__admin_public_email: [ '{{ ("root@" + ansible_domain)
                                if ansible_domain | d()
                                else "root" }}' ]
core__admin_private_email

List of private system administrator e-mail addresses. They will be used by other Ansible roles to sent important system messages to the administrator. These e-mail addresses are visible to all users on a given host, but should not be visible from outside of a host.

If none are specified, list of admin user accounts will be used instead. The mail delivery to these accounts is left to the system MTA.

This variable shouldn't be used as a final destination by the system MTA, otherwise it might result in an undeliverable error. It can be used as an alias.

core__admin_private_email: []
core__cache_valid_time

Time in seconds which specifies how long APT cache should be considered valid between updates.

core__cache_valid_time: '{{ (60 * 60 * 24) }}'
core__distribution

You can override this variable if you use a Linux distribution that is not correctly detected by Ansible, like Raspberry Pi OS. It is stored as a local fact and takes precedence over Ansible's auto-detected distribution name on all roles that support it. Ref: https://github.com/debops/debops/issues/2046

core__distribution: '{{ ansible_lsb.id
                        if (ansible_lsb.id | d())
                        else ansible_distribution }}'
core__distribution_release

You can override this variable if you use a Linux distribution release that is not correctly detected by Ansible. It is stored as a local fact and takes precedence over Ansible's auto-detected distribution release on all roles that support it.

core__distribution_release: '{{ ansible_lsb.codename
                                if (ansible_lsb.codename | d())
                                else ansible_distribution_release }}'
core__homedir_umask

Default umask for home directories.

core__homedir_umask: '0027'
core__unsafe_writes

Enable or disable use of the unsafe_writes parameter in Ansible tasks that deal with files. See Global unsafe writes for more details.

core__unsafe_writes: False

Core packages

core__base_packages

List of packages required by Ansible local fact scripts.

core__base_packages: [ 'bash', 'libcap2-bin', 'lsb-release', 'dbus', 'dirmngr' ]
core__packages

List of additional packages to install.

core__packages: []
core__group_packages

List of additional packages to install for a group.

core__group_packages: []
core__host_packages

List of additional packages to install for a host.

core__host_packages: []