blob: c3e29c522ff6a263e53da1d31f7ec68f50b66a37 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
# This is a sample file with fake secrets. For a real deployment, encrypt this
# file with `ansible-vault encrypt` and add your own secrets.
---
# apache
vault_apache_sysaccount_password: changeme
# archiver
vault_archive_ssh_privkey: |
-----BEGIN OPENSSH PRIVATE KEY-----
AAAAAAAAAAAAchangeme
-----END OPENSSH PRIVATE KEY-----
# asterisk
vault_asterisk_ari_users:
- name: nagios
readonly: yes
password: changeme
vault_asterisk_password_salt: changeme
vault_asterisk_sip_extensions:
- name: 6001
context: house-phones
mailbox: 6000@default
cid_name: Living Room
password: changeme
- name: 6002
context: house-phones
mailbox: 6000@default
cid_name: Kitchen
password: changeme
vault_asterisk_sip_trunks:
- name: upstream-provider
host: 'sip.example.com:5060'
username: changeme
password: changeme
# coturn
vault_coturn_auth_secret: changeme
# freeipa
vault_freeipa_admin_password: changeme
vault_freeipa_ds_password: changeme
# freeradius
vault_freeradius_clients:
- name: unifi
address: '{{ vlans.mgmt.cidr }}'
secret: changeme
# invidious
vault_invidious_db_password: changeme
vault_invidious_hmac_key: changeme
# jellyfin
vault_jellyfin_sysaccount_password: changeme
# mediawiki
vault_mediawiki_admin_password: changeme
vault_mediawiki_upgrade_key: changeme
vault_mediawiki_secret_key: changeme
vault_mediawiki_sysaccount_password: changeme
# nagios
vault_nagios_snmp_auth_pass: changeme
vault_nagios_snmp_priv_pass: changeme
vault_nagios_ssh_privkey: |
-----BEGIN OPENSSH PRIVATE KEY-----
AAAAAAAAAAAAAAAAchangeme
-----END OPENSSH PRIVATE KEY-----
# nitter
vault_nitter_hmac_key: changeme
# prosody
vault_prosody_le_ssh_privkey: |
-----BEGIN OPENSSH PRIVATE KEY-----
AAAAAAAAAAAAAAAAchangeme
-----END OPENSSH PRIVATE KEY-----
vault_prosody_sysaccount_password: changeme
# proxmox
vault_proxmox_api_password: changeme
vault_proxmox_password_salt: changeme
# psitransfer
vault_psitransfer_admin_password: changeme
# root user
vault_root_password_salt: changeme
vault_root_password: changeme
# rspamd
vault_rspamd_password: changeme
vault_rspamd_password_hash: $2$changeme # generate with `rspamadm pw`
vault_rspamd_privkey: changeme # generate with `rspamadm keypair`
vault_rspamd_dkim_keys: # generate with `rspamadm dkim_keygen`
example.com: |
-----BEGIN RSA PRIVATE KEY-----
AAAAAAAAAAAAAAAAchangeme
-----END RSA PRIVATE KEY-----
# teddit
vault_teddit_reddit_app_id: changeme
# vaultwarden
vault_vaultwarden_admin_token: changeme # generate with `openssl rand -base64 48`
|