Alan Orth
ebda406de3
Instead of iterating over fifteen packages with a loop that does fifteen separate apt transactions, it is better to give the apt module a list so it can install them all in one transaction. This is both quicker and te- chnically more safe for dependency resolution.
168 lines
3.0 KiB
YAML
168 lines
3.0 KiB
YAML
---
|
|
# file: roles/nginx/defaults/main.yml
|
|
|
|
# path config
|
|
nginx_confd_path: /etc/nginx/conf.d
|
|
|
|
# parent directory of vhost roots
|
|
nginx_root_prefix: /var/www
|
|
|
|
# 1 hour timeout
|
|
nginx_ssl_session_timeout: 1h
|
|
# 10MB -> 40,000 sessions
|
|
nginx_ssl_session_cache: shared:SSL:10m
|
|
# 1400 bytes to fit in one MTU (default is 16k!)
|
|
nginx_ssl_buffer_size: 1400
|
|
nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem
|
|
nginx_ssl_protocols: 'TLSv1 TLSv1.1 TLSv1.2'
|
|
|
|
# install certbot + dependencies?
|
|
# True unless you're in development and using "localhost" + snakeoil certs
|
|
use_letsencrypt: True
|
|
|
|
# Directory root for Let's Encrypt certs
|
|
letsencrypt_root: /etc/letsencrypt/live
|
|
|
|
# Location of Let's Encrypt's certbot script
|
|
letsencrypt_certbot_dest: /opt/certbot-auto
|
|
|
|
# stable is 1.14.x
|
|
# mainline is 1.15.x
|
|
nginx_version: mainline
|
|
|
|
# Dependencies of certbot-auto on Ubuntu 16.04 "xenial"
|
|
# taken after running certbot-auto on a clean install
|
|
letsencrypt_ubuntu_xenial_deps:
|
|
- augeas-doc
|
|
- augeas-tools
|
|
- binutils
|
|
- cpp
|
|
- cpp-5
|
|
- dialog
|
|
- gcc
|
|
- gcc-5
|
|
- libasan2
|
|
- libatomic1
|
|
- libcc1-0
|
|
- libcilkrts5
|
|
- libexpat1-dev
|
|
- libffi-dev
|
|
- libgcc-5-dev
|
|
- libgomp1
|
|
- libisl15
|
|
- libitm1
|
|
- liblsan0
|
|
- libmpc3
|
|
- libmpx0
|
|
- libpython-dev
|
|
- libpython2.7
|
|
- libpython2.7-dev
|
|
- libquadmath0
|
|
- libssl-dev
|
|
- libtsan0
|
|
- libubsan0
|
|
- python-dev
|
|
- python-pip-whl
|
|
- python-pkg-resources
|
|
- python-virtualenv
|
|
- python2.7-dev
|
|
- python3-virtualenv
|
|
- virtualenv
|
|
- zlib1g-dev
|
|
|
|
# Dependencies of certbot-auto on Ubuntu 18.04 "bionic"
|
|
# taken after running certbot-auto on a clean install
|
|
letsencrypt_ubuntu_bionic_deps:
|
|
- augeas-lenses
|
|
- binutils
|
|
- binutils-common
|
|
- binutils-x86-64-linux-gnu
|
|
- cpp
|
|
- cpp-7
|
|
- gcc
|
|
- gcc-7
|
|
- gcc-7-base
|
|
- libasan4
|
|
- libatomic1
|
|
- libaugeas0
|
|
- libbinutils
|
|
- libc-dev-bin
|
|
- libc6-dev
|
|
- libcc1-0
|
|
- libcilkrts5
|
|
- libexpat1-dev
|
|
- libffi-dev
|
|
- libgcc-7-dev
|
|
- libgomp1
|
|
- libisl19
|
|
- libitm1
|
|
- liblsan0
|
|
- libmpc3
|
|
- libmpx2
|
|
- libpython-dev
|
|
- libpython2.7
|
|
- libpython2.7-dev
|
|
- libquadmath0
|
|
- libssl-dev
|
|
- libtsan0
|
|
- libubsan0
|
|
- linux-libc-dev
|
|
- python-dev
|
|
- python-pip-whl
|
|
- python-pkg-resources
|
|
- python-virtualenv
|
|
- python2.7-dev
|
|
- python3-virtualenv
|
|
- virtualenv
|
|
|
|
# Dependencies of certbot-auto on Debian 9 "stretch"
|
|
# taken after running certbot-auto on a clean install
|
|
letsencrypt_debian_stretch_deps:
|
|
- augeas-doc
|
|
- augeas-tools
|
|
- autoconf
|
|
- automake
|
|
- binutils
|
|
- bison
|
|
- cpp
|
|
- cpp-6
|
|
- flex
|
|
- gcc-6
|
|
- gcc-doc
|
|
- gcc-multilib
|
|
- gdb
|
|
- libasan3
|
|
- libatomic1
|
|
- libc-dev-bin
|
|
- libc6-dev
|
|
- libcc1-0
|
|
- libcilkrts5
|
|
- libexpat1-dev
|
|
- libffi-dev
|
|
- libgcc-6-dev
|
|
- libgomp1
|
|
- libisl15
|
|
- libitm1
|
|
- liblsan0
|
|
- libmpc3
|
|
- libmpx2
|
|
- libpython-dev
|
|
- libpython2.7
|
|
- libpython2.7-dev
|
|
- libquadmath0
|
|
- libssl-dev
|
|
- libtool
|
|
- libtsan0
|
|
- libubsan0
|
|
- linux-libc-dev
|
|
- make
|
|
- python-dev
|
|
- python-pip-whl
|
|
- python-pkg-resources
|
|
- python-virtualenv
|
|
- python2.7-dev
|
|
- python3-virtualenv
|
|
- virtualenv
|
|
|
|
# vim: set ts=2 sw=2:
|