a5e19eff60
- roles/vhosts/common: add docker/docker-compose/colima to macOS brew deps (headless container runtime for qmd PG memory-bridge tests) - roles/vhosts/qmd: bump qmd_version - .gitignore: ignore inventory/__pycache__/ Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
103 lines
3.4 KiB
YAML
103 lines
3.4 KiB
YAML
enable_set_timezone: true # 默认启用 Set timezone
|
||
enable_set_hostname: true # 默认启用 Set hostname
|
||
enable_all_hosts_update: false # 默认不更新所有主机的条目
|
||
|
||
rsyslog_log_rotation: # 可选的日志管理配置
|
||
enable: true # 启用 rsyslog 日志管理
|
||
rotate_count: 4 # 默认保留的日志文件数量
|
||
rotate_frequency: daily # 默认每周轮换, 可选:daily, hourly
|
||
max_log_size: 100M # 默认日志文件最大大小
|
||
|
||
journald_log_rotation: # 启用 journald 日志管理
|
||
enable: true # 启用 journald 日志管理
|
||
max_log_size: 100M # 默认日志文件最大大小
|
||
max_files: 100 # 默认保留的最大日志文件数
|
||
max_file_sec: 1month # 默认日志文件保存的最大时长
|
||
system_max_use: 1G # 默认系统日志最大使用空间
|
||
runtime_max_use: 500M # 默认运行时日志最大使用空间
|
||
|
||
# 总开关
|
||
enable_common: true
|
||
|
||
# macOS (Darwin) baseline: shared Homebrew CLI prerequisites used by helper
|
||
# scripts across roles (e.g. jq is required by vault's init_vault_admin.sh).
|
||
# macOS ships curl/base64 already; jq is not present by default.
|
||
#
|
||
# docker/docker-compose/colima provide a headless container runtime on macOS
|
||
# (colima runs the Docker daemon in a lightweight VM; the docker formula is the
|
||
# CLI only, no Docker Desktop). Needed for container workloads such as the qmd
|
||
# PostgreSQL memory-bridge integration tests (test/pg-compose.yml). Each formula
|
||
# installs a /opt/homebrew/bin/<name> binary, so the task's `creates` check stays
|
||
# idempotent. After install, start the runtime once with `colima start`.
|
||
common_darwin_brew_packages:
|
||
- jq
|
||
- docker
|
||
- docker-compose
|
||
- colima
|
||
|
||
common_firewall:
|
||
enabled: true
|
||
ssh_port: 22
|
||
http_port: 80
|
||
https_port: 443
|
||
allow_comments:
|
||
ssh: XWorkmate SSH
|
||
http: XWorkmate HTTP
|
||
https: XWorkmate HTTPS
|
||
|
||
common_security_limits:
|
||
enabled: true
|
||
nofile_soft: 1048576
|
||
nofile_hard: 1048576
|
||
root_nofile_soft: 1048576
|
||
root_nofile_hard: 1048576
|
||
pam_enable: true
|
||
pam_files:
|
||
- /etc/pam.d/common-session
|
||
- /etc/pam.d/common-session-noninteractive
|
||
|
||
repo:
|
||
apt:
|
||
enabled: false # 是否配置仓库/keys
|
||
enable_universe: false # Ubuntu 是否启用 universe 仓库
|
||
auto_update_cache: true # 是否在 repo_setup 后自动 apt update
|
||
key_dir: /etc/apt/keyrings # keyring 目录
|
||
keyrings: [] # 自定义 keyring 定义(由调用方传入)
|
||
legacy_paths: # 清理的遗留路径
|
||
- /etc/apt/sources.list.d/hashicorp.sources
|
||
- /usr/share/keyrings/hashicorp-archive-keyring.gpg
|
||
entries: [] # 声明式仓库定义
|
||
yum:
|
||
enabled: false # 预留 RPM 系列配置
|
||
entries: []
|
||
cleanup_paths: []
|
||
|
||
packages:
|
||
apt:
|
||
enabled: true # 是否安装软件包
|
||
base_dependencies: # APT 前置依赖(避免未规范化源时更新)
|
||
- ca-certificates
|
||
- gnupg
|
||
list: # 要安装的软件包
|
||
- auditd
|
||
- uidmap
|
||
- fuse-overlayfs
|
||
yum:
|
||
enabled: true
|
||
list:
|
||
- audit
|
||
- uidmap
|
||
- fuse-overlayfs
|
||
|
||
packages_cleanup:
|
||
enabled: false
|
||
ubuntu:
|
||
purge: true
|
||
list:
|
||
- snapd
|
||
- resolvconf
|
||
- popularity-contest
|
||
- apport
|
||
- whoopsie
|
||
- modemmanager
|