ansible-infra/roles/common/defaults/main.yml

---
# defaults file for common
node_exporter_path: /
node_exporter_port: 9100
node_exporter_public_port: "9180"
node_exporter_password: password

nginx_config_dir: /etc/nginx/conf.d
nginx_ssl_dir: /etc/nginx/ssl
nginx_dhparam_size: 2048

users:
  - name: ppbe
  - name: coco
    groups: []
user_default_groups:
  - sudo

openssh_port: "22"

backup_owner: backup-sync
backup_group: "{{ backup_owner }}"
backup_chroot_dir: /mnt/backup

storage_box_enabled: no
storage_box_host: "{{ storage_box_username.split('-') | first }}.your-storagebox.de"
storage_box_port: 23
storage_box_path: /home/backup
storage_box_mount:
  path: "{{ backup_chroot_dir }}"
  owner: "{{ backup_owner }}"
  group: "{{ backup_group }}"
  options: "{{ storage_box_default_mount_options }}"
storage_box_username: u123456-sub1
storage_box_password: somesecret

borg_encryption_mode: keyfile
borg_repository: |-
  {%- if storage_box_enabled -%}
  {{ storage_box_host }}:{{ storage_box_path }}/borg
  {%- else -%}
  {{ backup_chroot_dir }}/borg
  {%- endif -%}  

borgmatic_config_dir: /etc/borgmatic
borgmatic_config:
  location:
    source_directories:
      - /
    repositories:
      - "{{ borg_repository }}"
    exclude_patterns:
      - /dev
      - /home/*/.cache
      - /home/*/.gvfs
      - /lib*
      - /media
      - /mnt
      - /proc
      - /tmp
      - /run
      - /swap*
      - /sys
      - /usr/src/linux-headers*
      - /var/backups
      - /var/cache/apt/archives
      - /var/lib
      - /var/log
      - /var/run
      - /var/snap
    exclude_caches: true
  storage:
    umask: "{{ borg_umask }}"
    encryption_passphrase: "{{ vault_borg_passphrase }}"
    compression: zlib,7
  retention:
    keep_daily: 7
    keep_weekly: 4
    keep_monthly: 6

borgmatic_cron_hour: "3"
borgmatic_cron_minute: "0"
borgmatic_check_cron_weekday: "0"
borgmatic_check_cron_hour: "2"
borgmatic_check_cron_minute: "0"

smtp_accounts:
  example:
    host: mail.example.com
    port: 587
    from: no-reply@example.com
    username: ahoy@example.com
    password: secret
smtp_default_account: example
smtp_default_recipient: contact@example.com
smtp_aliases_path: /etc/aliases

postfix_sasl_secrets_path: /etc/postfix/sasl/passwd
postfix_senders_map_path: /etc/postfix/senders