-
Notifications
You must be signed in to change notification settings - Fork 13
/
main.yml
114 lines (108 loc) · 2.61 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
---
# Playbook Defaults
backnet_host: "{{ inventory_hostname }}-int"
# Base Deps
kernelcare_included: false
epel_included: true
remi_included: true
hosts_file_included: true
# Manage NTP
ntp_enabled: true
ntp_manage_config: true
ntp_servers:
- "ntp.nexcess.net iburst"
- "time01.nexcess.net iburst"
- "time02.nexcess.net iburst"
# Server Defaults
server_update: true
server_selinux_enforcing: false
server_epel_override: true
server_epel_mirror: "mirror.us-midwest-1.nexcess.net"
server_services_unused: []
server_adjust_limits: true
server_pam:
nofile:
soft: 999999
hard: 999999
nproc:
soft: 999999
hard: 999999
core:
soft: 0
hard: 0
priority:
soft: 4
hard: 4
server_set_sysctl_base: true
server_sysctl:
- key: "net.core.somaxconn"
value: 32768
- key: "net.core.netdev_max_backlog"
value: 32768
- key: "net.ipv4.tcp_max_tw_buckets"
value: 32768
- key: "net.ipv4.tcp_max_syn_backlog"
value: 65536
- key: "net.ipv4.tcp_syn_retries"
value: 2
- key: "net.ipv4.tcp_synack_retries"
value: 2
- key: "net.ipv4.tcp_fin_timeout"
value: 15
- key: "net.netfilter.nf_conntrack_max"
value: 1048576
- key: "net.ipv4.ip_local_port_range"
value: "10240 62000"
- key: "net.ipv6.route.max_size"
value: 16384
- key: "fs.file-max"
value: 1048576
- key: "vm.panic_on_oom"
value: 1
- key: "kernel.panic"
value: 90
server_set_sysctl_10g: false
server_sysctl_10g:
- key: "net.core.rmem_max"
value: 16777216
- key: "net.core.wmem_max"
value: 16777216
- key: "net.ipv4.tcp_rmem"
value: "4096 87380 16777216"
- key: "net.ipv4.tcp_wmem"
value: "4096 65536 16777216"
- key: "net.ipv4.tcp_slow_start_after_idle"
value: 0
- key: "net.ipv4.tcp_sack"
value: 0
- key: "net.ipv4.tcp_window_scaling"
value: 1
- key: "net.ipv4.tcp_moderate_rcvbuf"
value: 1
server_extra_sysctl: {}
server_set_udev_rules: true
server_udev_rules:
- key: 50-ioscheduler
value: |
KERNEL=="sd[a-z]", ATTR{queue/scheduler}="noop"
KERNEL=="sd[a-z]", ATTR{queue/nr_requests}="256"
server_extra_udev_rules: []
server_ssh_known_hosts_command: "ssh-keyscan -H -T 10"
server_ssh_known_hosts_file: "/etc/ssh/ssh_known_hosts"
server_ssh_known_hosts:
- "github.com"
server_bash_aliases: {}
server_bash_history: true
server_proc_hidepid: false
server_proc_hidepid_level: '1'
server_proc_hidepid_group: 'adm'
server_mount_opts: []
# server_mount_opts:
# - point: "/"
# opts: "defaults,noatime"
server_mount_opts_remount: false
# Firewall Defaults
firewall_included: true
# Vagrant env vars
vagrant_hostv4: "127.0.0.1"
vagrant_hostv6: "::1/128"