-
Notifications
You must be signed in to change notification settings - Fork 679
/
securedrop
57 lines (45 loc) · 1.93 KB
/
securedrop
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
---
# Variables that apply to both the app and monitor server go in this file
# If the monitor or app server need different values define the variable in
# hosts_vars/app.yml or host_vars/mon.yml
securedrop_app_code_version: "0.11.0~rc1"
grsecurity: true
install_local_packages: false
# Establish if we are in CI environment
amazon_builder: "{{ true if ( 'amazon' in ansible_product_version and ansible_virtualization_type != 'docker' ) else false }}"
# Ansible v1 default reference to remote host
remote_host_ref: "{{ ansible_ssh_host|default(inventory_hostname) }}"
# Packages required for working on SecureDrop within development VM. Same list
# is used on the build VM to pull in required packages.
development_dependencies: []
# These profiles are referenced by multiple machines, such as Application Server
# for direct copying at install time, and the build machine for including them
# in the deb packages.
apparmor_profiles:
- usr.sbin.tor
- usr.sbin.apache2
# Installing the securedrop-app-code.deb package
securedrop_app_code_deb: "securedrop-app-code-{{ securedrop_app_code_version }}-amd64" # do not enter .deb extension
# Apt package dependencies for running the SecureDrop application.
appserver_dependencies:
- gnupg2
- haveged
- python
- python-pip
- secure-delete
- sqlite3
- apparmor-utils
- redis-server
- supervisor
- libpython2.7-dev
tor_apt_repo_url: https://tor-apt.freedom.press
# Enable Tor over SSH by default
enable_ssh_over_tor: true
# If file is present on system at the end of ansible run
# force a reboot. Needed because of the de-coupled nature of
# the many roles of the current prod playbook
securedrop_cond_reboot_file: /tmp/sd-reboot-now
# If you bump this, also remember to bump in molecule/builder/tests/vars.yml
securedrop_pkg_grsec:
ver: "4.4.162"
depends: "intel-microcode,linux-image-4.4.144-grsec,linux-firmware-image-4.4.144-grsec,linux-image-4.4.162-grsec,linux-firmware-image-4.4.162-grsec"