conference-website/playbooks/vars_common.yaml

domain: staging.conference.blender.org
host: web-1.internal
project_name: Blender Conference
project_slug: blender-conference
service_name: "{{ project_slug }}-{{ env }}"
background_service_name: '{{ service_name }}-background'
django_settings_module: conference.settings
uwsgi_module: conference.wsgi:application
python_version: "3.10"
delete_venv: false  # set to true if venv has to be re-created from scratch

# Set to true if ingress == application:
# meaning that SSL is terminated by and Django app is run on the same host.
single_host: false

dir:
  source: "/opt/{{ service_name }}"
  static: "/var/www/{{ service_name }}/static"
  media: "/var/www/{{ service_name }}/media"
  errors: "/var/www/{{ service_name }}/html/errors"

env_file: "{{ dir.source }}/.env"
uwsgi_pid: "{{ dir.source }}/{{ service_name }}.pid"
uwsgi_socket: "{{ dir.source }}/uwsgi.sock"

nginx:
  user: www-data
  group: www-data
nginx_conf_dir: /etc/nginx
user: "bcon-{{ env }}"
group: "{{ nginx.group }}"
client_max_body_size: "25M"
rate_limit:
  name: 'hundred_per_minute'
  size: '10m'
  rate: '100r/m'
  burst: 50
  delay: 10

aliases: null # This project doesn't use cron
certbot:
  email: root@blender.org

source_url: https://projects.blender.org/infrastructure/{{ project_slug }}.git
branch: production

ssl_only: false
ca_certificate: /usr/local/share/ca-certificates/cloud-init-ca-cert-1.crt

db_user: conference_staging
db_name: conference_staging
db_host: db-postgres-2.internal
# db_password: 'SET-PER-ENV-ENCRYPTED'

blender_id_url: https://id.blender.org/
blender_id_oauth_client: 'SET-IN-VAULT'
blender_id_oauth_secret: 'SET-IN-VAULT'

# The following variables should be encrypted with Ansible Vault
# and stored in environments/<env>/group_vars/all/99_vault.yaml.
# These should only be needed during first time use of `install.yaml`.

# sentry_dsn:
# (for staging only) allowed_ips:

include_common_services:
  - background
  - background-restart
  - clearsessions
  - notify-email@