the file my setup.yml
---
all:
hosts:
vars:
ssh_key: "{{ lookup('file', '~/.ssh/forem.pub') }}"
app_protocol: https://
database_pool_size: 10
force_ssl_in_rails: "true"
lang: en_US.UTF-8
node_env: "{{ forem_environment }}"
rack_env: "{{ forem_environment }}"
rack_timeout_service_timeout: 300
rack_timeout_wait_timeout: 300
rails_env: "{{ forem_environment }}"
rails_log_to_stdout: "true"
rails_serve_static_files: enabled
redis_sessions_url: redis://localhost:6379
redis_sidekiq_url: redis://localhost:6379
redis_url: redis://localhost:6379
session_expiry_seconds: 1209600
web_concurrency: 2
forem_context: selfhost
forem_container_tag: quay.io/forem/forem:latest
children:
forems:
hosts:
forem:
ansible_connection: local
ansible_python_interpreter: /usr/bin/python3 # on macOS, this may need to be /usr/local/bin/python3
# CHANGE_REQUIRED β forem_domain_name: example.com
forem_domain_name: awmbtc.xyz
# CHANGE_REQUIRED β default_email: your_email@example.com
default_email: awmbtc@gmail.com
forem_subdomain_name: dis # can be subdomain, i.e. "community" in community.mainwebsite.com
forem_server_hostname: host # You may change to something else if you choose (i.e. server, srv, etc)
# CHANGE_OPTIONAL - strict-origin-when-cross-origin enables embedded youtube video playback
referrer_policy: "same-origin"
# referrer_policy: "strict-origin-when-cross-origin"
app_domain: "{{ forem_subdomain_name }}.{{ forem_domain_name }}"
secret_key_base: "{{ vault_secret_key_base }}"
session_key: _FOREMSELFHOST_Session
imgproxy_key: "{{ vault_imgproxy_key }}"
imgproxy_salt: "{{ vault_imgproxy_salt }}"
forem_version: latest
forem_environment: production
dd_api_key: "{{ vault_dd_api_key }}"
honeybadger_api_key: "{{ vault_honeybadger_api_key }}"
honeybadger_js_api_key: "{{ vault_honeybadger_js_api_key }}"
honeycomb_api_key: "{{ vault_honeycomb_api_key }}"
postgres_user: forem_production
postgres_password: "{{ vault_forem_postgres_password }}"
postgres_host: localhost
pusher_app_id: "{{ vault_pusher_app_id }}"
pusher_beams_id: "{{ vault_pusher_beams_id }}"
pusher_beams_key: "{{ vault_pusher_beams_key }}"
pusher_cluster: us2
pusher_key: "{{ vault_pusher_key }}"
pusher_secret: "{{ vault_pusher_secret }}"
recaptcha_secret: "{{ vault_recaptcha_secret }}"
recaptcha_site: "{{ vault_recaptcha_site }}"
sendgrid_api_key: "{{ vault_sendgrid_api_key }}"
sendgrid_api_key_id: "{{ vault_sendgrid_api_key_id }}"
slack_channel: "#forem-activity"
slack_webhook_url: "{{ vault_slack_webhook_url }}"
# Required Ansible Vault secret variables
# Use the following example commands below in a terminal to generate the required variables with Ansible Vault encrypt_string
# See this URL to learn more about ansible-vault:
# https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-individual-variables-with-ansible-vault
# echo -n $(pwgen -1 128)|ansible-vault encrypt_string --stdin-name vault_secret_key_base
# This is an example of an encrypted vault_secret_key_base variable looks like
# vault_secret_key_base: !vault |
# $ANSIBLE_VAULT;1.1;AES256
# 31626639326433353437623836636431303161363438396661636130646434396430633032343264
# 3433343031316634636133636663666130303330636366350a616333366666656633353136363865
# 32333739623836623362343862623963333834656236333433333665666531373534316238633039
# 3136396237363839350a633764313365343033623061316364646135356336373062313433383866
# 62613738336463366639323230626465353630646161323931396333333764633633303532656632
# 33653839363465313863303533613062666364363563353264613439306539366665383462663234
# 62313161333566373962396561376166333766366233396533356539393738623666656635373436
# 36323064393461393836626537366239363433393261383137366664343734663161323162613634
# 35353863356462326435656435373261386230356631396464653937643463323536656538313036
# 346661356161386132643837386161376337
vault_secret_key_base: !vault |
$ANSIBLE_VAULT;1.1;AES256
64356332613064653661316138616635323330366638653736373531303131653738396634613766
6335366333663535663339633038663938373137303961390a666435393662316564346563383736
39386365616163396137326661383338393533616634326562373738396366353364626266636134
3330306333356663390a656433363533613336356462653937303835373032613162636462326335
61326138636666336565623935663433323135353565623631636333363036316662343238333631
30373531376666616361623234323939356638366238663639363730326264613632336332393263
62366566633934633532366466666638386464346461363064613539613631326534616334343135
37336230386563393961623337363731653137316631383039633636666532663432323965633062
65306661366161393063363264363137323461616163336535376466663662313938363031616635
37616335336461666537333938666437346134643733666162326637653030396432393965666235
386636396531613265623335623437326330
# echo -n $(xxd -g 2 -l 64 -p /dev/random | tr -d '\n') | ansible-vault encrypt_string --stdin-name vault_imgproxy_key
# This is an example of an encrypted vault_imgproxy_key variable looks like
# vault_imgproxy_key: !vault |
# $ANSIBLE_VAULT;1.1;AES256
# 35646264656466303662316162353030343266366562633733623133326663656430356138306266
# 6564343661366430383637633433343364363538316633340a336436653162363032646430333861
# 33643061636336613361373430396332663964333230626661336637623336666366623839323564
# 6432363731363339360a383361323863343131323837636633643261383034316534663634613835
# 32316565343937306536343232313530383935386231333830343339653838303533383037616333
# 33613732366236653466373233366234646437353166326164313764626439393165333861653538
# 61343135373966303931656633363331313838653039626264396136623438626261356632356463
# 64643666613930383938373337363238373032323166333730653734353463656139623838313939
# 34626539626339353263376231623731656362636666636435366531346232363836613739386464
# 303435353334366338646161333636643062
vault_imgproxy_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
63653439626166353234343337316334373135383466333261663931616363323162623332326331
6465343439393138373435616434633838363064633238390a666361323365396461343463363132
62613362653339343133353835656132663665376562366639633464656439396531326331313664
3161323262393732660a303438636535613965336466323939626536303466666233313265623962
39373362336139663332303833333363623065356234366262313163663238616630656530383331
36396233666634613361613763336336333135613337336661333339323964313532383135343662
62616666343163306564326235663934313565366231633531346439613764363735633234386434
39613465623261643730653733663438316333646565353062316238326331326438396562383636
62643064356435393065633431656231393232626639646465643363626265663364313733376263
30316234316436386334326235663734383265623639333537373336373834336265333061343139
653338363538333036616239323464373736
# echo -n $(xxd -g 2 -l 64 -p /dev/random | tr -d '\n') | ansible-vault encrypt_string --stdin-name vault_imgproxy_salt
# This is an example of an encrypted vault_imgproxy_salt variable looks like
# vault_imgproxy_salt: !vault |
# $ANSIBLE_VAULT;1.1;AES256
# 32353437333561633733306239333164363165386437313632373761663535373661633261343833
# 3534303539333235643530613530323964373530353437330a656636626432336633636132616430
# 62316331396436626662303134343964366635316435653264386437653238643964363935643637
# 3433623566346265640a343539303166333439626136343336643232643930393261313035313933
# 36353833376139306266623261623561373235633432333462323230623665633562333565323235
# 36366338646134633738323661656530663261336430633235643938383236353832626138356434
# 30663337353235303038336239343934383065613532343137313038643330346436306261666130
# 34323137633531393665343564613131343431373835336436656239313738303033333065623964
# 30643262313833396234623937616632623561656664393739663266313531366332623434336565
# 316634303133623165643138643831373630
vault_imgproxy_salt: !vault |
$ANSIBLE_VAULT;1.1;AES256
30376433363931633765323832353163393265323734353034353063383939626136663639386163
3733386332333733303431313565326565373438366434350a646561373865373562633464393732
32333061666437316531396130343263346363393563666466356565373862386333346264636263
6531363562623637340a356537633365373863326663653066633264336564396535326236383739
39626237333838623730643230353030393032656662313338316232366137386638623730313033
64623866393639393464343636343133366136393566643631633766663234303063313264313563
39343934663837663764643435393134393264386138613765383436613661316565613764383561
64616364396537623430396538663934326636383161383864333965613734616434613565613331
66356263656635636230613963646563323438623932353662393332333066613631366631376261
30326537623061346539376534316439323437353263613336386432623439323062313639653638
633338343835363835633461613138323931
# echo -n $(pwgen -1 128)|ansible-vault encrypt_string --stdin-name vault_forem_postgres_password
# This is an example of an encrypted vault_forem_postgres_password variable looks like
# vault_forem_postgres_password: !vault |
# $ANSIBLE_VAULT;1.1;AES256
# 32316238646635623832303464343262313831326131376662653037633265316166653439346163
# 6231366436316431303164323634663137663866303036390a323736346236633835613962613634
# 64616233353663643832636435396461393962616264623866613031633931396464346238646564
# 3030336139303735640a646133313066383535643763353938663865363361356463623162366234
# 37656661613334376361353331343437636633646331366466646130383731613939616639313638
# 66613131333735383763656335393762346464346234626633313138376439633965363030616337
# 65643663306266623764643732376535336339383334363131636537376531613738653764343865
# 39316264633764383264396530393532333639643062333838373531626263623965366462633534
# 33343834346333393737353432303065386433303065336563393634393065303838313162653035
# 32306565616362346466643366356463656639333162343030323338656532613132303164373134
# 343463383266383361303634356133326431
vault_forem_postgres_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
35386663613632626637393564343238316230613638616164313462383464343065373931343262
3230336430386131306135666438613865623061623338360a333666323966616331326638323836
65366535356639306330663131313135303831326333363135336339623335336236333338643238
3138643535396239340a666235336334393736333664353237343739653036636134386632636566
64353735313033396332353139363766646435653763626562653831356265313261613062633661
61353662633166643930303439386136633232663766303566633733363936383763376532343637
65626265323233376138333831373261656162353131363765656438653538393263613736616337
37306565633766373436323434663063386561383262633965383036326231333235346130303431
38323666303364663630303333343136333734363236623066666464623063346638303635613430
38373439643865633864616138653330376363663930643265333436656637633530313861313462
373938643865383839643535643433323437
# Optional Ansible Vault variables
# echo -n foobarbaz | ansible-vault encrypt_string --stdin-name vault_my_cool_vaulted_var
vault_my_cool_vaulted_var: !vault |
$ANSIBLE_VAULT;1.1;AES256
64313035306231386261366263653062353638313339346335663230316632643438636338336161
3230363030646135666332313630373338313066373538640a376636393464643763383631303963
65336461633261346230366139376238643462616261393537626338316633386562323062623266
3134343961303339640a356264393764373939356462323634613664386363616331613663333036
6337
vault_cloudinary_api_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
62376538366237313532333737666532336538316332323838386131326538303337653464303138
6462313261653732313733363034643966336262323236360a393832323561316434353438353035
61383163313838356334323838323032643134303038633263303563653834373039326462653362
6263633637376462330a666636393066303063373965343437626164393639336532373561623433
3536
vault_dd_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
38373039363862636263303263326435623066333537333166303066383962316337636137623231
6639303862373131613764333365346338383239323364330a656532656265353164393834616138
39323230393839663661633837343264623466623436323566626230386461346432633338333733
6135373564386334320a323936333436383963363731326237323031616336376461386431343766
6631
vault_honeybadger_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
31633938353034393238356365613063313636303037663037313066336139383131316538343964
3934376364353462306131623235353162313464663131610a653936393630346262383266326535
64656564316237383865323234646133363561316466646634336439626330636331646436616530
3230376662346636360a336363626166323939353334363238663637643239303534613362353163
3664
vault_honeybadger_js_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
32313531383136396233353231386161373165353639373734373065376530306639613763626337
3666303964633238353763343334663438373633643230350a326563653666346363353166656534
37396632343266643737303265656539653937313136663135376439306439623933336336613739
3734666561343362610a613664626134663961386234303034376537363264376664663833336262
6432
vault_honeycomb_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
30383739653764613230326234323061363666346634636133613064616266333835653636373638
6135343435666363376639643538383234336335626566300a313338373434646631316361633332
61643636336263363430386338356361373366613339336132383235316332666131393536613438
3831336232313734350a343761376537636332396362613837316164666632396336646132306438
3831
vault_pusher_app_id: !vault |
$ANSIBLE_VAULT;1.1;AES256
35316631616137646132323763636362633331363561323432353839393137323261656538343566
3032386135323438373535316639636565323861663030380a346433643231346161386337663033
38383430663736356332356131343666626639366536656161616436393766373361656434656362
6366346365653063370a386533613931646230376461653261626633303437613164656332626536
6264
vault_pusher_beams_id: !vault |
$ANSIBLE_VAULT;1.1;AES256
65623931313866616231383534306239303866633066616533373162396137633336363765326436
6466316661393865626562306637636238623536346362630a303734646434393638336231346165
62616136636466316161373539346364366366313837356265346161623134613938393834376535
6138383464653838620a373938663633333164353030623030656161353931363431663734366239
3833
vault_pusher_beams_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
61306439373134306134353336373464353033643432636661346565356161623464363939653336
3463386130613330366232666330643431633830313537640a663032363536303466666238633662
31376464376564653836646132633138306530383330326364376134643834323764623637653063
6635653566383732660a633738346133633739303931383336646534343434616437643935656235
3836
vault_pusher_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
62353938616265653066323961613237663837383533666237343861316133386537303765646566
3335333135623031366430346162623961373938316237630a303235663131386335313930306130
34663664616237333130303662383736393233653738613266666664323666326664376135616238
3562616634643039360a643264396662356532303363623265626463383737326266636536343466
3038
vault_pusher_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
31316439373461663162373631303633393964623732316463393463316235373431393762326130
3535643864646663353463376438316639313139323966650a396335396639666466343736396166
39346161373630313639383330656134373430363038353237383963653661636436623561336339
3930336137313538660a666139646139333566376561343930366263396564303134383434613632
6662
vault_recaptcha_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
66613236616139316264643862636431363838313564326234353139636239383065366234653738
3961346665616638313634336561393236656530363564380a666262363138656366396336643636
32336364623934646639373161646633663261393262633135613639376433316530376264396331
6635376639333661620a373065663531393237353063616637363731663166633863376562633166
3131
vault_recaptcha_site: !vault |
$ANSIBLE_VAULT;1.1;AES256
62613266386138323266383261383638653230373862636635306630353332393739633164323237
3635656262316236396632636139396639323735316338300a636562613139393739346630636635
63343863313738313637616133376464366335623336373936353134626137306465643961636461
6366623461383166650a326231303466633233656433383261376365323033323533323233623432
6464
vault_sendgrid_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
65633964396563336633313737333463626363353434653934623030303062643231313031623739
6534303833386233303561666661326665383935393831630a333732626265663036633932643138
61623562663264636535376536383030646262333066396536613262306262643465626239623939
3762663136613838610a323134303637656634666634653063653763636362386533643664666639
6666
vault_sendgrid_api_key_id: !vault |
$ANSIBLE_VAULT;1.1;AES256
65373235333132623264376438323538613238396131663337653061636231383964376531363562
3066376164396332616139326231646631613035633630610a363830373537346135306132616238
36396334656536343663626666393338663962326365383538643263646434353739666336623165
3039323832643633340a653739303766356637623666343165303333383062616136316531313965
3339
vault_slack_webhook_url: !vault |
$ANSIBLE_VAULT;1.1;AES256
65383463383064353738343135666232633832353332356162346437636536626335666431376662
3463616564643131363765333962643766373437373138610a623766666237306265663938643339
32613030303031396362633761663262396133646436326531333734356566626633373038336535
3036663831333831640a613264336238336666316130313231653064346562666236303361633562
3237
Top comments (3)
I got some different errors
@awmbtc it is very likely that your vault secrets are not positioned properly. In the sense, the indentation in your ansible script is not in the proper space/tab, I had this issue myself.
Have to play around with the indentation to try. Unfortunately i don't see any other help.
if i'm not mistaken it's usually 1 or 2 tabs spacing from the start of the line.
The first user registered and jumped directly to email verification?
The mailbox server is not set at all, how to receive the verification code?
The first user can't pass the mailbox verification, so the mailbox server can't be set. How to solve it?