vars.yml.example

---
network_hostname: "pi.home.lan"
network_ip: "192.168.1.250"
network_subnet: "192.168.1.0/24"
network_gateway: "192.168.1.1"
network_broadcast: "192.168.1.255"
network_mask: 255.255.255.0
network_interface: "eth0"
network_dhcp_range_from: "192.168.1.110"
network_dhcp_range_to: "192.168.1.200"
network_dhcp_nameservers: "192.168.1.250"
network_dhcp_gateway: "192.168.1.250"
network_reverse: "1.168.192.in-addr.arpa"
network_router: true
network_mode: static
network_domain: home.lan
network_nameserver: 127.0.0.1

raspberry_version: 4

dhcp_reservations:
  - { hostname: "<name>", mac: "<mac>", ip: "<ip>" }
env:
  - "LANG=en_US.UTF-8"
  - "LC_ALL=en_US.UTF-8"
  - "EDITOR=vim"
  - "HISTSIZE=1000"
  - "HISTFILESIZE=1000"
  - "HISTCONTROL=ignoredups:erasedups"

dnscrypt_proxy:
  version: 2.1.5
  listen_addresses: ["127.0.0.1:53", "{{ network_ip}}:53"]
  cache: true
  cache_size: 4096
  servernames: ["cloudflare", "nic.cz"]
  blocklists:
    - https://big.oisd.nl/
  cloaking_rules:
    - "pi {{ network_ip }}"
  forwarding_rules:
    - "168.192.in-addr.arpa 192.168.0.1"
  block_patterns:
    - "*.lan"
    - "*.local"
    - "*.localdomain"
    - "*.workgroup"

unbound:
  cache_min_ttl: 1200
  cache_max_ttl: 14400
  threads: 4
  static_records:
    - { hostname: "pi", ip: "192.168.1.250" }
    - { hostname: "navidrome", ip: "192.168.1.250" }
    - { hostname: "notes", ip: "192.168.1.250" }
    - { hostname: "static", ip: "192.168.1.250" }
  dhcp_reservations: "{{ dhcp_reservations }}"
  forward_addrs:
    - 193.17.47.1@853#odvr.nic.cz
    - 185.43.135.1@853#odvr.nic.cz
  refused_zones:
    - "local"
    - "localdomain"
    - "workgroup"
    - "mshome.net"

sysctl_options:
  - { name: "kernel.dmesg_restrict", value: "1" }
  - { name: "kernel.kptr_restrict", value: "2" }
  - { name: "kernel.sysrq", value: "0" }
  - { name: "net.ipv4.ip_forward", value: "1" }
  - { name: "net.ipv6.conf.all.disable_ipv6", value: "1" }
  - { name: "net.ipv6.conf.default.disable_ipv6", value: "1" }
  - { name: "vm.swappiness", value: "10" }
  - { name: "net.ipv4.conf.all.rp_filter", value: "1" }
  - { name: "net.ipv4.conf.default.rp_filter", value: "1" }

samba:
  share_name: SOME_NAME
  share_path: /mnt/data

minidlna:
  port: 8200
  interface: eth0
  friendly_name: SOME_NAME
  media_dirs:
    - { type: V, path: /mnt/data/Movies/Film }
    - { type: V, path: /mnt/data/Movies/Series }
    - { type: V, path: /mnt/data/Movies/Documentary }
    - { type: V, path: /mnt/data/Tutorials }
    - { type: A, path: /mnt/data/AudioBooks }

navidrome:
  version: 0.52.0
  working_directory: /var/lib/navidrome
  bin_directory: /opt/navidrome
  music_directory: /mnt/data/Music
  external_services: false
  theme: Nord

yt_dlp_version: 2023.03.04

mount:
  points:
    - { path: /mnt/data, owner: nobody, group: nogroup, mode: "0755" }

nginx_reject_ips: ["192.168.1.106"]
nginx_static_sites:
  - { "server_name": "example.{{ network.domain }}" }
  - { "server_name": "foobar.{{ network.domain }}", "allowed_origins": ["youtube.com", "soundcloud.com"] }