---
freshrss_version: latest
freshrss_service_directory: /var/lib/docker/services/freshrss
freshrss_url: http://localhost

freshrss_container_name: freshrss
freshrss_image: "xoxys/freshrss:{{ freshrss_version }}"
freshrss_restart_policy: on-failure
freshrss_exposed_port: 61000
freshrss_exposed_ip: 127.0.0.1
freshrss_extra_hosts: []
# freshrss_memory_limit: 512m # defaults to not set
# freshrss_memory_reservation: 256m # defaults to not set
# freshrss_cpu_shares: 1024 # defaults to not set
# freshrss_http_proxy: # defaults to not set
# freshrss_https_proxy: # defaults to not set
# freshrss_no_proxy: # defaults to not set

freshrss_cap_add: []
freshrss_cap_drop: []
freshrss_security_opt: []
# freshrss_pids_limit: # defaults to not set

freshrss_healthcheck:
  test: '["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost"]'
  interval: 30s
  timeout: 5s
  retries: 5

freshrss_environment: "production"
freshrss_default_user: "admin"
freshrss_default_password: "freshrss"
# Salt is used to make crypto more unique.
# Can be generated with e.g. cat /proc/sys/kernel/random/uuid | sha1sum | awk '{print $1}'
# freshrss_salt: # defaults to not set
# Specify address of the freshrss instance,
# used when building absolute urls, e.g. for websub.
freshrss_base_url: "http://localhost/"
freshrss_language: "en"
freshrss_title: "freshrss"
# freshrss_meta_description: # defaults to not set
freshrss_allow_anonymous: "false"
freshrss_allow_anonymous_refresh: "false"
freshrss_auth_type: "form"
freshrss_api_enabled: "false"
freshrss_unsafe_autologin_enabled: "false"
freshrss_simplepie_syslog_enabled: "true"
freshrss_pubsubhubbub_enabled: "false"
freshrss_allow_robots: "false"
freshrss_allow_referrer: "false"
freshrss_limits_cookie_duration: "2592000"
freshrss_limits_cache_duration: "800"
freshrss_limits_timeout: "15"
freshrss_limits_max_inactivity: "10800"
freshrss_limits_max_feeds: "16384"
freshrss_limits_max_categories: "16384"
freshrss_limits_max_registrations: "1"
# freshrss_curlopt_ssl_verifyhost: # defaults to not set
# freshrss_curlopt_ssl_verifypeer: # defaults to not set
# freshrss_curlopt_proxytype: # defaults to not set
# freshrss_curlopt_proxy: # defaults to not set
# freshrss_curlopt_proxyport: # defaults to not set
# freshrss_curlopt_proxyauth: # defaults to not set
# freshrss_curlopt_proxyuserpwd: # defaults to not set
## comma-seperated string, extensions must be installed!
freshrss_extensions_enabled: "Tumblr-GDPR"

freshrss_postgres_ssl_mode: disable
freshrss_postgres_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt
freshrss_postgres_server: "{{ inventory_hostname }}"
freshrss_postgres_port: 5432
freshrss_postgres_superuser: postgres
freshrss_postgres_password: postgres

freshrss_postgres_db:
  name: freshrss
  lc_collate: en_US.UTF-8
  lc_ctype: en_US.UTF-8'
  encoding: UTF-8
  template: template0
  login_user: "{{ freshrss_postgres_superuser }}"
  login_password: "{{ freshrss_postgres_password }}"
  # login_unix_socket: # defaults to not set
  port: "{{ freshrss_postgres_port }}"
  # owner: # defaults to not set
  state: present

freshrss_postgres_user:
  name: pgfreshrss
  password: freshrss
  encrypted: 'yes'
  # priv: # defaults to not set
  # role_attr_flags: # defaults to not set
  db: "{{ freshrss_postgres_db.name }}"
  login_user: "{{ freshrss_postgres_superuser }}"
  login_password: "{{ freshrss_postgres_password }}"
  # login_unix_socket: # defaults to not set
  port: "{{ freshrss_postgres_port }}"
  state: present

freshrss_iptables_enabled: False
freshrss_open_ports:
  - name: allow_freshrss_web
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport {{ freshrss_exposed_port }} -j ACCEPT
    state: present