blob: d123d1e7a1a0590f88bb6d3a4c8492448c3e64c8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
# -*- mode: yaml; -*-
---
ansible_ssh_host: vultr.liwt.net
ansible_ssh_port: 8864
ansible_python_interpreter: /usr/local/bin/python2.7
network:
hostname: vultr
domain: liwt.net
interface: vtnet0
ipv4:
address: 45.77.201.74
netmask: 255.255.254.0
gateway: 45.77.200.1
ipv6:
address: 2001:19f0:5:3166::c0f:fee
prefixlen: 64
pf:
# number of simulataneous connections allowed from one host
max_conn: 100
# rate of new connections allowed from one host
max_conn_rate: 15/5 # 15 of connections per 5 seconds
domains:
- name: liwt.net
# sub-domains for which to request certificates
sub:
- mail
- www
- git
- name: aaronly.me
sub:
- www
- name: 233233.xyz
sub:
- www
- g
- zw
- name: 1314233.xyz
sub:
- www
dns:
ttl: 1h
refresh: 10800
retry: 1800
expire: 4w
minimum: 1d
nameservers:
- name: afraid
xfr_ip: 174.37.196.55
ns:
- ns2.afraid.org
- name: 1984hosting
xfr_ip: 93.95.224.6
ns:
- ns0.1984.is
- ns1.1984.is
- ns2.1984.is
mail:
domains:
- liwt.net # primary
- aaronly.me
# user database, for both Postfix (receiving mails and transport to
# Dovecot) and Dovecot (auth users and deliver mails to disk)
userdb:
- name: root
aliases:
- postmaster
- hostmaster
- webmaster
- abuse
- name: aly
# for app/device-specific passwords
devices:
- laptop
- office
- phone
- tablet
- name: lulu
- name: wt
aliases:
- weitian
devices:
- laptop
- office
- phone
- tablet
# Virtual user for local mail delivery (e.g., by Dovecot)
vuser:
name: vmail # user & group name
id: 5000 # uid & gid
home: /home/vmail
dkim:
selector: default
bits: 2048
port: 8901
dmarc:
p: none # policy for the domain
sp: none # policy for subdomains of this domain
aspf: r # alignment mode for SPF (r: relaxed; s: strict)
pct: 100 # percent of messages subjected to filtering
# reporting URI of aggregate reports
# Free DMARC weekly digests by https://dmarc.postmarkapp.com/
rua:
liwt.net: re+yis1v8izxn0@dmarc.postmarkapp.com
aaronly.me: re+f6lpmirefcg@dmarc.postmarkapp.com
# To avoid trashing by GMail
google-site-verification:
liwt.net: n-dVRtkDeJ8k4BuSphkV-GVso0zJJWO-Z6GYoz6ayOQ
aaronly.me: rSh99lenrfS-HnzvEahEDYTj9UvoKeX4NdWmDzD-pxo
shadowsocks:
port: 8989
password: "{{ vault_shadowsocks_password }}"
method: "chacha20-ietf-poly1305"
vpn:
interface: tun0
network4: 10.6.20.0
port: 8080
# vim: set ft=yaml sw=2: #
|
