debops.core default variables
Custom local facts
- core__facts
Dictionary of custom facts that are set globally on all hosts.
core__facts: {}
- core__group_facts
Dictionary of custom facts that are set in a group of hosts.
core__group_facts: {}
- core__host_facts
Dictionary of custom facts that are set on specific hosts.
core__host_facts: {}
- core__remove_facts
List of custom fact keys which will be removed if found.
core__remove_facts: []
- core__reset_facts
If True
, Ansible will not add facts that are already present on a host to
the dictionary, and only store those specified in inventory.
core__reset_facts: False
Core facts
- core__ansible_controllers
List of IP addresses or CIDR subnets which contain hosts that are used to
execute Ansible playbooks. Other roles that maintain host security can source
the ansible_local.core.ansible_controllers
list and add the entries found
there to IP address whitelist.
core__ansible_controllers: []
- core__active_controller
IP address from which the SSH connection to a given host originates. It usually is the external IP address of Ansible Controller host, but it might be an internal IP address of a gateway or SSH jumphost through which the connection is proxied. This IP address will be added to list of Ansible Controllers defined above.
core__active_controller: '{{ ((ansible_env.SSH_CLIENT.split(" ") | first)
if (ansible_env | d() and ansible_env.SSH_CLIENT | d())
else "") }}'
- core__admin_groups
List of the system groups which contain the system administrator accounts. If you don't want this functionality, make this list empty.
core__admin_groups: [ 'admins' ]
- core__admin_users
List of system administrator accounts. Ansible will check what accounts are in the groups specified above and include them in this list automatically. These accounts are used in different roles to automatically create administrative accounts in different services.
To override the admin accounts autodetected by Ansible, specify them in this list.
core__admin_users: '{{ ((ansible_local.core.admin_users
if (ansible_local.core.admin_users | d())
else [])
+ [(ansible_user
if (ansible_user is defined and
ansible_user not in
(core__admin_blacklist_default_users
+ core__admin_blacklist_users))
else lookup("env", "USER"))])
| unique }}'
- core__admin_blacklist_default_users
List of user accounts which will not be included by Ansible in the system administrator account list. This is used to avoid creating common, static admin account names in various services.
core__admin_blacklist_default_users:
- 'admin'
- 'ansible'
- 'debian'
- 'pi'
- 'root'
- 'ubuntu'
- 'user'
- core__admin_blacklist_users
Additional list of user accounts to not include in the system administrator account list.
core__admin_blacklist_users: []
- core__admin_public_email
List of public system administrator e-mail addresses. The addresses specified here will be used as publicly visible admin contact information by the Ansible roles that use them.
This variable can be used as a final destination by the system MTA.
core__admin_public_email: [ '{{ ("root@" + ansible_domain)
if ansible_domain | d()
else "root" }}' ]
- core__admin_private_email
List of private system administrator e-mail addresses. They will be used by other Ansible roles to sent important system messages to the administrator. These e-mail addresses are visible to all users on a given host, but should not be visible from outside of a host.
If none are specified, list of admin user accounts will be used instead. The mail delivery to these accounts is left to the system MTA.
This variable shouldn't be used as a final destination by the system MTA, otherwise it might result in an undeliverable error. It can be used as an alias.
core__admin_private_email: []
- core__cache_valid_time
Time in seconds which specifies how long APT cache should be considered valid between updates.
core__cache_valid_time: '{{ (60 * 60 * 24) }}'
- core__distribution
You can override this variable if you use a Linux distribution that is not correctly detected by Ansible, like Raspberry Pi OS. It is stored as a local fact and takes precedence over Ansible's auto-detected distribution name on all roles that support it. Ref: https://github.com/debops/debops/issues/2046
core__distribution: '{{ ansible_lsb.id
if (ansible_lsb.id | d())
else ansible_distribution }}'
- core__distribution_release
You can override this variable if you use a Linux distribution release that is not correctly detected by Ansible. It is stored as a local fact and takes precedence over Ansible's auto-detected distribution release on all roles that support it.
core__distribution_release: '{{ ansible_lsb.codename
if (ansible_lsb.codename | d())
else ansible_distribution_release }}'
- core__homedir_umask
Default umask for home directories.
core__homedir_umask: '0027'
- core__unsafe_writes
Enable or disable use of the unsafe_writes
parameter in Ansible tasks
that deal with files. See Global unsafe writes for more details.
core__unsafe_writes: False
Core packages
- core__base_packages
List of packages required by Ansible local fact scripts.
core__base_packages: [ 'bash', 'libcap2-bin', 'lsb-release', 'dbus', 'dirmngr' ]
- core__packages
List of additional packages to install.
core__packages: []
- core__group_packages
List of additional packages to install for a group.
core__group_packages: []
- core__host_packages
List of additional packages to install for a host.
core__host_packages: []