---
# file: roles/nginx/defaults/main.yml

# path config
nginx_confd_path: /etc/nginx/conf.d

# parent directory of vhost roots
nginx_root_prefix: /var/www

# 1 hour timeout
nginx_ssl_session_timeout: 1h
# 10MB -> 40,000 sessions
nginx_ssl_session_cache: shared:SSL:10m
# 1400 bytes to fit in one MTU (default is 16k!)
nginx_ssl_buffer_size: 1400
nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem
nginx_ssl_protocols: 'TLSv1 TLSv1.1 TLSv1.2'

# install certbot + dependencies?
# True unless you're in development and using "localhost" + snakeoil certs
use_letsencrypt: True

# Directory root for Let's Encrypt certs
letsencrypt_root: /etc/letsencrypt/live

# Location of Let's Encrypt's certbot script
letsencrypt_certbot_dest: /opt/certbot-auto

# stable is 1.14.x
# mainline is 1.15.x
nginx_version: mainline

# Dependencies of certbot-auto on Ubuntu 16.04 "xenial"
# taken after running certbot-auto on a clean install
letsencrypt_ubuntu_xenial_deps:
  - augeas-doc
  - augeas-tools
  - binutils
  - cpp
  - cpp-5
  - dialog
  - gcc
  - gcc-5
  - libasan2
  - libatomic1
  - libcc1-0
  - libcilkrts5
  - libexpat1-dev
  - libffi-dev
  - libgcc-5-dev
  - libgomp1
  - libisl15
  - libitm1
  - liblsan0
  - libmpc3
  - libmpx0
  - libpython-dev
  - libpython2.7
  - libpython2.7-dev
  - libquadmath0
  - libssl-dev
  - libtsan0
  - libubsan0
  - python-dev
  - python-pip-whl
  - python-pkg-resources
  - python-virtualenv
  - python2.7-dev
  - python3-virtualenv
  - virtualenv
  - zlib1g-dev

# Dependencies of certbot-auto on Ubuntu 18.04 "bionic"
# taken after running certbot-auto on a clean install
letsencrypt_ubuntu_bionic_deps:
  - augeas-lenses
  - binutils
  - binutils-common
  - binutils-x86-64-linux-gnu
  - cpp
  - cpp-7
  - gcc
  - gcc-7
  - gcc-7-base
  - libasan4
  - libatomic1
  - libaugeas0
  - libbinutils
  - libc-dev-bin
  - libc6-dev
  - libcc1-0
  - libcilkrts5
  - libexpat1-dev
  - libffi-dev
  - libgcc-7-dev
  - libgomp1
  - libisl19
  - libitm1
  - liblsan0
  - libmpc3
  - libmpx2
  - libpython-dev
  - libpython2.7
  - libpython2.7-dev
  - libquadmath0
  - libssl-dev
  - libtsan0
  - libubsan0
  - linux-libc-dev
  - python-dev
  - python-pip-whl
  - python-pkg-resources
  - python-virtualenv
  - python2.7-dev
  - python3-virtualenv
  - virtualenv

# Dependencies of certbot-auto on Debian 9 "stretch"
# taken after running certbot-auto on a clean install
letsencrypt_debian_stretch_deps:
  - augeas-doc
  - augeas-tools
  - autoconf
  - automake
  - binutils
  - bison
  - cpp
  - cpp-6
  - flex
  - gcc-6
  - gcc-doc
  - gcc-multilib
  - gdb
  - libasan3
  - libatomic1
  - libc-dev-bin
  - libc6-dev
  - libcc1-0
  - libcilkrts5
  - libexpat1-dev
  - libffi-dev
  - libgcc-6-dev
  - libgomp1
  - libisl15
  - libitm1
  - liblsan0
  - libmpc3
  - libmpx2
  - libpython-dev
  - libpython2.7
  - libpython2.7-dev
  - libquadmath0
  - libssl-dev
  - libtool
  - libtsan0
  - libubsan0
  - linux-libc-dev
  - make
  - python-dev
  - python-pip-whl
  - python-pkg-resources
  - python-virtualenv
  - python2.7-dev
  - python3-virtualenv
  - virtualenv

# vim: set ts=2 sw=2: