-
-
Notifications
You must be signed in to change notification settings - Fork 15
/
example.config.yml
235 lines (200 loc) · 14.7 KB
/
example.config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
---
# Location where configuration files will be stored.
config_dir: '~'
#
# This is the simplyfied configuration file.
# For advanced configuration see `advanced.config.yml`
#
# _____ _ _____
# |_ _|_|_____ ___|__ |___ ___ ___
# | | | | | -_| __| . | | -_|
# |_| |_|_|_|_|___|_____|___|_|_|___|
# Your timezone for all services.
ur_timezone: "Europe/Kyiv"
# _____ _ _
# | _ |___ ___| |_ ___|_|___ ___ ___
# | __| . | _| _| .'| | | -_| _|
# |__| |___|_| |_| |__,|_|_|_|___|_|
# Portainer configuration.
portainer_enable: true # Set true to enable Portainer
remove_portainer: false # Set true to remove Portainer
# _____ _ _ ____ _____ _____
# | | |___| |_ ___ _ _ ___ _| | | \| | | __|
# | | | | . | . | | | | . |_| | | | | |__ |
# |_____|_|_|___|___|___|_|_|___|_|____/|_|___|_____| Dont't use with .Tech.DNS at the same time!
# Unbound DNS configuration.
unbound_dns_enable: true # Set true to enable Unbound DNS. Don't use with Technition DNS at the same time!
remove_unbound_dns: false # Set true to remove Unbound DNS
unbound_dns_identitiy: "unbound-dns" # Report this identity rather than the hostname of the server.
unbound_dns_hide: "yes" # Send minimum information to upstream servers, reduce responce size, refuse .id and .version queries
unbound_dns_ipv4: "yes" # enable ipv4 support.
unbound_dns_ipv6: "no" # enable ipv6 support
unbound_dns_num_threads: "1" # Keep 1, unless understand you really need it.
unbound_dns_upstream_4_pihole: "127.0.0.1#5335" # Use local Unbound DNS as upstream DNS server IP.
# _____ _____ _____ _____ _____
# | __| _ |_____| __ | _ | | __|___ ___ _ _ ___ ___
# |__ | | | __ -| | |__ | -_| _| | | -_| _|
# |_____|__|__|_|_|_|_____|__|__| |_____|___|_| \_/|___|_|
# SAMBA Server. Testing only. Not ready for production.
samba_enable: false # Set true to enable SAMBA
remove_samba: false # Set true to remove SAMBA
samba_user: "admin" # SAMBA username
samba_password: "gagaZush" # !Change this password!
samba_netbios_name: "Raspberry-gw" # SAMBA NetBIOS name
samba_workgroup: "WORKGROUP" # SAMBA workgroup
samba_torrents_share: false # Set true to enable torrents share
# _____ _ _____ _
# | _ |_| | |___| |___
# | __| | | . | | -_|
# |__| |_|__|__|___|_|___| Dont't use with .Tech.DNS at the same time!
# Pi-hole configuration.
pihole_enable: true # Set true to enable Pi-Hole. Don't use with Technition DNS at the same time!
remove_pihole: false # Set true to remove Pi-Hole
pihole_with_unbound: true # Enable Pi-Hole to use Unbound DNS as upstream DNS server.
pihole_password: "gagaZush" # !Change this password!
pihole_hostname: pihole # Pi-Hole hostname. Leave it as is.
# _____ _ ____ _____ _____
# |_ _|___ ___| |_ | \| | | __|
# _ | | | -_| _| |_| | | | | |__ |_
# |_| |_| |___|___|_|_|_|____/|_|___|_____|_| Don't use with PiHole and UnboundDNS at the same time!
# Technitium DNS Server configuration.
tech_dns_enable: false # Set true to enable Technitium DNS. Don't use with Pi-hole at the same time!
remove_tech_dns: false # Set true to remove Technitium DNS
tech_dns_password: "gagaZush" # !Change this password!
tech_dns_hostname: tech-dns
tech_dns_server: tech-dns # The primary domain name used by this DNS Server to identify itself.
tech_dns_ipv6: false # Enable IPv6 support
tech_dns_blocking: true # Sets DNS server to block domain names using Blocked Zone and Block List Zone.
tech_dns_forwarders: "1.1.1.1, 8.8.8.8" # List of DNS servers to forward DNS queries to.
tech_dns_forwarder_proto: "Https" # Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson.
tech_dns_inside_vpn: false # DOESN'T WORK YET! # Set true to route Technitium DNS traffic via internal OpenVPN client
# _____ _____ _____ _____
# | |___ ___ ___| | | _ | | |
# | | | . | -_| | | | __| | | |
# |_____| _|___|_|_|\___/|__| |_|___|
# |_|
# OpenVPN Server configuration.
ovpn_server_enable: false # Set true to enable OpenVPN server
remove_ovpn_server: false # Set true to remove OpenVPN server
ovpnui_user: "admin" # OpenVPN UI username
ovpnui_password: "gagaZush" # !Change this password!
ovpn_trusted_subnet: "10.0.70.0/24" # Trusted users subnet
ovpn_guest_subnet: "10.0.71.0/24" # Guest users subnet
ovpn_home_subnet: "192.168.0.0/24" # Your home network subnet
ovpn_remote: "remote 123.234.123.12 12345 udp" # OpenVPN client.ovpn profile connect line.
# EasyRSA configuration parameters.
easyrsa_dn: "org" # Leave this as-is. "org" for traditional, "cn_only" for CN only.
easyrsa_req_country: "UA" # The two-letter country code (e.g. US).
easyrsa_req_province: "KY" # The state or province (e.g. CA or California).
easyrsa_req_city: "Kyiv" # The city of the organization.
easyrsa_req_org: "SweetHome" # The name of the organization.
easyrsa_req_email: "sweet@home.net" # The email address of the organization.
easyrsa_req_ou: "MyOrganizationalUnit" # The name of the organizational unit.
easyrsa_req_cn: "server" # The name of the common name.
easyrsa_key_size: 2048 # Leave this as-is. Size in bits for your keypairs. The recommended value is 2048. up to 4096.
easyrsa_ca_expire: 3650 # Number of days until the root CA expires.
easyrsa_cert_expire: 825 # Number of days until certificates expire.
easyrsa_cert_renew: 30 # Number of days before expiration to automatically renew certificates.
easyrsa_crl_days: 180 # Number of days until the CRL expires.
# OpenVPN Client configuration for qBittorrent only. OpenVPN server is not required.
ovpn_client_enable: false # Set true to enable internal OpenVPN client used for qBittorrent. OpenVPN server is not required.
remove_ovpn_client: false # Set true to remove internal OpenVPN client used for qBittorrent. OpenVPN server is not required.
ovpn_client_cert: "webinstall-client.ovpn" # Set your ovpn-client certificate name
ovpn_client_allowed_subnet: "192.168.88.0/24" # Allowed subnet for ovpn-client. You must have your local network defined here.
ovpn_client_secret: "webinstall-credentials.txt" # Filename with ovpn-client user and password, "example-credentials.txt"
ovpn_client_killswitch: true # Allow subnet access and block all other traffic if ovpn-client is down
# _____ _ _____
# | __| |_ _ ___|_ _|_ _ ___
# | | | | | | -_| | | | | | |
# |_____|_|___|___| |_| |___|_|_|
# Universal VPN Client for multiple VPN Providers
gluetun_vpnclient_enable: false # Set true to enable Gluetun (OpenVPN or Wireguard)
remove_gluetun: false # Set true to remove Gluetun
gluetun_server_countries: "Netherlands" # Comma separated list of countries
gluetun_server_cities: "Amsterdam" # Comma separated list of cities
gluetun_server_update_per: 0 # Period to update your servers list using the built-in Gluetun update mechanisms.
# See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
gluetun_vpn_service_provider: custom # Set your VPN provider: cyberghost, expressvpn, fastestvpn, hidemyass, ipvanish, ivpn, nordvpn, perfect privacy, privado, private internet access, privatevpn, protonvpn, purevpn, slickvpn, surfshark, torguard, vpnsecure, vpn unlimited, vyprvpn, wevpn, windscribe
# See the list of all providers https://github.com/qdm12/gluetun-wiki/tree/main/setup/providers
gluetun_vpn_type: openvpn # Set your VPN type: openvpn, wireguard
# OPENVPN CLIENT PART:
gluetun_openvpn_user: "none" # Set your OpenVPN username
gluetun_openvpn_password: "none" # Set your OpenVPN password
gluetun_vpnclient_custom: false # Set true to enable custom OpenVPN configuration below
glue_ovpn_custom_conf: "webinstall-client.ovpn" # Set your OpenVPN custom configuration. See
# WIREGUARD CLIENT PART:
gluetun_wireguard_private_key: "TblPoK...2c=" # Valid base 58 Wireguard Client key. Wireguard client private key to use.
gluetun_wireguard_public_key: "none" # Valid base 58 Wireguard Server key. Wireguard Server public key to use.
gluetun_wireguard_preshared_key: "none" #
gluetun_wireguard_address: "10.99.99.99/32" # Valid IP network interface address in the format xx.xx.xx.xx/xx or ff:ff:ff...:ff/128
gluetun_wireguard_endpoint_ip: "none" # Valid IP address in the format xx.xx.xx.xx:xxxxx or [ff:ff:ff...:ff]:xxxxx
gluetun_wireguard_endpoint_port: "none" # Valid port number in the format xxxx
# _ _ _ _ _____ _
# | | | |_|___ ___| __|_ _ ___ ___ _| |
# | | | | | _| -_| | | | | .'| _| . |
# |_____|_|_| |___|_____|___|__,|_| |___|
# WireGuard Server configuration.
wireguard_server_enable: false # Set true to enable WireGuard Server and its Web-UI
remove_wireguard: false # Set true to remove WireGuard Server
wireguard_password: "gagaZush" # !Change this password! Web-UI password
wireguard_user: "admin" # Wireguard UI username
wireguard_serverurl: "wg.example.com"
# _____ _ _ _____ _
# ___| __ |_| |_|_ _|___ ___ ___ ___ ___| |_
# | . | __ -| | _| | | | . | _| _| -_| | _|
# |_ |_____|_|_| |_| |___|_| |_| |___|_|_|_|
# |_|
# QbitTorrent configuration.
qbittorrent_enable: false # Set true to enable qBittorrent and its WebUI
remove_qbittorrent: false # Set true to remove qBittorrent
qbittorrent_default_password: admin/adminadmin # !Change this password wia WebUI!
# Local VPN configuration. Allows qBittorrent runs through VPN client connection.
qbittorrent_inside_vpn: false # Set true to route qBitTorrent traffic via internal OpenVPN client
qbittorrent_inside_gluetun: false # Set true to route qBitTorrent traffic via Gluetun VPN client
qbittorrent_webui_port: 8090 # Do not change it unless you know what you are doing.
# _____ _ _
# | |___ ___|_| |_ ___ ___ ___
# | | | | . | | | _| . | _|_ -|
# |_|_|_|___|_|_|_|_| |___|_| |___|
# Raspberry-monitoring configuration.
monitoring_enable: true # Set true to enable base Raspberry monitoring
remove_monitoring: false # Set true to remove base Raspberry monitoring
monitoring_grafana_admin_password: "admin" # Is only used the first time when Grafana starts up
monitoring_days_keep_interval: 90d # How long to keep data in Prometheus DB (decrease if you have less than 5Gb of free disk space)
monitoring_speedtest_interval: 60m # How often to run speedtest (don't change without purpose)
monitoring_ping_interval: 30s # How often to ping hosts (don't change without purpose)
# OpenVPN monitoring configuration. # Requires `monitoring_enable`
openvpn_monitoring_enable: false # Set true to enable OpenVPN server Grafana dashboard
remove_openvpn_monitoring: false # Set true to remove OpenVPN server Grafana dashboard
# PiKVM monitoring configuration. # Requires `monitoring_enable`
pikvm_monitoring_enable: false # Set true to enable PiKVM Grafana dashboard
remove_pikvm_monitoring: false # Set true to remove PiKVM Grafana dashboard
pikvm_target_ip: "192.168.88.3" # Pi-KVM IP address
pikvm_web_user: "admin" # Pi-KVM side preconfigured Web-UI username
pikvm_web_password: "gagaZush" # !Change this password! Pi-KVM side preconfigured Web-UI password
# AirGradient monitoring configuration. # Requires `monitoring_enable`
airgradient_monitoring_enable: false # Set true to enable Airgradient Grafana dashboard
remove_airgradient_monitoring: false # Set true to remove Airgradient Grafana dashboard
# Starlink monitoring configuration. # Requires `monitoring_enable`
starlink_monitoring_enable: false # Set true to enable StarLink dishy Grafana dashboard
remove_starlink_monitoring: false # Set true to remove StarLink dishy Grafana dashboard
starlink_ip: "10.10.10.1" # Dishy IP address
starlink_port: 9817 # Dishy port to get statistics from
# Shelly Plug monitoring configuration. # Set true to enable Shelly Plug Grafana dashboard
shelly_plug_monitoring_enable: false # Set true or false
remove_shelly_plug_monitoring: false # Set true to remove Shelly Plug Grafana dashboard
shelly_plug_hostname: shelly-host-or-ip
shelly_ip: "192.168.88.66"
shelly_port: 9924
shelly_plug_http_username: "admin" # username
shelly_plug_http_password: "gagaZush" # !Change this password!
# __ __
# \ \ / / _____ _____ __ __
# \ V /__ | __ | _ | | |
# / \__|| -| |_ _|
# / /^\ \ |__|__|__|__| |_|
# \/ \/ Shadowsocks fast tunnel proxy.
# experimental container with X-UI supports Shadowsocks, VMess, VLESS, XTLS and Trojan protocols
# !Beaware! some XRAY protocols from the list are prohibited in PRC. Don't use this if you are in PRC.
xray_enable: false # Set true to enable X-RAY x-ui eXperimental
remove_xray: false