# core_provisioner_version: 0.2.8 # provisioner_name: hcl_domino_standalone_provisioner # provisioner_version: 0.1.24 --- hosts: - settings: # Vagrant Debug debug_build: false # Identifiers hostname: ::SERVER_HOSTNAME:: domain: ::SERVER_DOMAIN:: server_id: '::SERVER_ID::' # Extra Actions post_provision: ::POST_PROVISION:: ## This calls extra things after Ansible completes, like syncing the new SSH key from the lockdown role, or the id_files or the support bundle # Resources vcpus: ::RESOURCES_CPU:: memory: ::RESOURCES_RAM:: # Console Access consoleport: ::SERVER_ID:: consolehost: 0.0.0.0 show_console: ::SHOW_CONSOLE:: ## Some people have reported issues when VBox doesn't show the Console, default to false # Box information box: 'STARTcloud/debian12-server' box_url: ::BOX_URL:: # Should default to 'https://boxvault.startcloud.com' but can be set to 'https://vagrantcloud.com' box_version: 2025.5.24 box_arch: amd64 ## Next release needs to be changed to this ::BOX_ARCH:: # Provider Specific Settings provider_type: virtualbox ## Next release needs to be chagned to this ::VAGRANT_PROVIDER:: os_type: 'Debian_64' firmware_type: UEFI # Setup Variables setup_wait: 420 # Vagrant Configurations vagrant_user: ::SERVER_DEFAULT_USER:: # startcloud vagrant_user_pass: ::SERVER_DEFAULT_USER_PASS:: # 'STARTcloud24@!' vagrant_user_private_key_path: ./id_rsa vagrant_ssh_insert_key: true vagrant_ssh_forward_agent: true vagrant_ssh_keep_alive: true plugins: install: - name: vagrant-scp-sync version: latest remove: - name: vagrant-scp # UTM Provider Specific Settings utm: notes: "Vagrant: For testing plugin development" # Custom VM notes/description check_guest_additions: false # Check for qemu-guest-agent functional_9pfs: false # VirtFS 9P filesystem support customizations: # Custom AppleScript commands # - event: "pre-boot" # command: ["customize_vm.applescript", ":id", "--some-option", "value"] # - event: "post-boot" # command: ["some_script.applescript", ":id", "--another-option"] # Custom AppleScript commands networks: # if ::NO_BRIDGE_INTERFACE:: # TO SHI DEVs, if user wants to to disable the external bridged interface, then you should remove the below block - type: external address: ::NETWORK_ADDRESS:: netmask: ::NETWORK_NETMASK:: gateway: ::NETWORK_GATEWAY:: autoconf: false vlan: dhcp4: ::NETWORK_DHCP4:: dhcp6: false is_control: false route: default provisional: false bridge: ::NETWORK_BRIDGE:: nic_type: virtio mac: auto dns: - nameserver: ::NETWORK_DNS_NAMESERVER_1:: - nameserver: ::NETWORK_DNS_NAMESERVER_2:: disks: boot: array: null dataset: null volume_name: null mount: / size: 48G additional_disks: # if ::ADDITIONAL_DISK:: # TO SHI DEVs, if user wants to store thier data on a secondary disk, you would enable this block # - array: null # dataset: null # sparse: true # live: false # filesystem: xfs # mount: ::ADDITIONAL_DISK_MOUNT_POINT:: # size: ::ADDITIONAL_DISK_SIZE:: # port: 5 # device: vdb # #driver: virtio-scsi #Only add if your template doesn't already use virtio-scsi(the new templates do) # volume_name: disk1 provisioning: shell: enabled: false scripts: - './scripts/aliases.sh' ansible: enabled: true playbooks: - local: - description: "This playbook imports Hosts.yml variables into a generated playbook: /vagrant/ansible/playbook.yml" playbook: ansible/generate-playbook.yml ansible_python_interpreter: /usr/bin/python3 compatibility_mode: 2.0 install_mode: pip ssh_pipelining: true verbose: false callbacks: profile_tasks run: always remote_collections: false collections: [] - description: "This playbook configures the machine using the generated playbook: /vagrant/ansible/playbook.yml" playbook: ansible/playbook.yml ansible_python_interpreter: /usr/bin/python3 compatibility_mode: 2.0 install_mode: pip ssh_pipelining: true verbose: false callbacks: profile_tasks run: once remote_collections: false collections: - startcloud.startcloud_roles - startcloud.hcl_roles - description: "This playbook configures the machine for roles tagged as always, using the generated playbook: /vagrant/ansible/playbook.yml" playbook: ansible/always-playbook.yml ansible_python_interpreter: /usr/bin/python3 compatibility_mode: 2.0 install_mode: pip ssh_pipelining: true verbose: false callbacks: profile_tasks run: not_first remote_collections: false collections: - startcloud.startcloud_roles folders: - description: "Disables VBoxSF, do not enable" map: . to: /vagrant type: virtualbox disabled: true automount: true - description: "Directory for Ansible Scripts" map: ./provisioners/ansible/ to: /vagrant/ansible/ type: ::SYNC_METHOD:: ## rsync or scp args: - '--verbose' - '--archive' - '--delete' - '-z' - '--copy-links' - description: "Directory for Ansible Collections" map: ./provisioners/ansible_collections/ to: /vagrant/ansible_collections/ type: ::SYNC_METHOD:: ## rsync or scp args: - '--verbose' - '--archive' - '--delete' - '-z' - '--copy-links' - description: "Directory for Application Installers" map: ./installers/ to: /vagrant/installers/ type: ::SYNC_METHOD:: ## rsync or scp - description: "Directory for Pre-Signed SSLs" map: ./ssls/ to: /secure/ type: ::SYNC_METHOD:: ## rsync or scp - description: "Directory for Server and User IDs" map: ./id-files/ to: /id-files/ type: ::SYNC_METHOD:: ## rsync or scp syncback: ::SYNCBACK_ID_FILES:: ## Should Default to True vars: # Secrets Override: If you don't want to use a secrets file you can override secrets here # Uncomment and fill in these lines if you want to download the installers for this instance # Note that the installer names must match the names on the download server. #secrets: # installer_base_url: ::DOWNLOAD_BASE_URL:: # installer_url_user: ::DOWNLOAD_AUTH_USER:: # installer_url_pass: ::DOWNLOAD_AUTH_PASS:: ## Provisioner Debug debug_all: ::DEBUG_ALL_ANSIBLE_TASKS:: # GitHub Runner Variables git_runner_github_token: ::SECRETS_github_runner_token:: git_runner_org: ::SECRETS_github_runner_org:: git_runner_name: ::SECRETS_github_runner_name:: git_runner_ephemeral: ::SECRETS_github_runner_ephemeral:: ## SSL selfsigned_enabled: ::CERT_SELFSIGNED:: haproxy_ssl_redirect: true letsencrypt_enabled: false letsencrypt_staging_enabled: false ## Lockdown Variables lockdown_cleanup_debug_files: ::LOCKDOWN_CLEANUP_DEBUG_FILES:: ## Use Proxy for downloads and updates use_proxy: ::USE_HTTP_PROXY:: proxy_server: ::HTTP_PROXY_HOST:: proxy_port: ::HTTP_PROXY_PORT:: ## Extra Packages extra_packages: ['htop'] ## Domino Configuration Variables #domino_server_name: "DoMiNO-iS-dVMb" # Defaults to settings.hostname if not set #domino_server_domain: "some-domino-org-different-than-vms-domain.tld" # Defaults to settings.domain if not set domino_organization: ::SERVER_ORGANIZATION:: domino_admin_notes_id_password: ::DOMINO_ADMIN_PASSWORD:: domino_oidc_debug: false #domino_oidc_external_providers: # - name: null # base_url: null # client_id: null # client_secret: null ## Safe-ids to cross-certify (only works for initial/standalone server) # You need to add a file matching this name to id-files/user-safe-ids user_safe_id: ::USER_SAFE_ID:: ## Additional server options is_additional_server: ::DOMINO_IS_ADDITIONAL_INSTANCE:: domino_server_id: ::DOMINO_SERVER_ID:: origin_server: ::DOMINO_ORIGIN_HOSTNAME:: origin_server_ip: ::DOMINO_ORIGIN_SERVER_IP:: # ots: Use One Touch Setup to generate the ID (server names are incremented, ie mail1 mail2 mail3 . .) # asja: Use Custom Additional Server Java Applet to generate the additional server ID #domino_server_id_creation_tool: ::DOMINO_SERVER_ID_CREATION_TOOL:: ## OTS Additional Server Settings # For use in Domino 14 and above, uncomment out these and set as needed #ots_generate_server_names: # - ::DOMINO_ADITIONAL_HOSTNAME::.::SERVER_DOMAIN:: # For use in Domino 12 and below #ots_generate_server_id_count: ::DOMINO_SERVER_CLUSTERMATES:: #ots_generate_server_id_pattern: ::DOMINO_SERVER_CLUSTERMATES_PATTERN:: ## ASJA Server Settings # If using ASJA instead of OTS to generated Server IDs uncomment these lines #asja_generate_server_ids: # - name: additional-demo.startcloud.com # pass: "" ## Genesis Variables genesis_packages: - netmonitor - SuperHumanPortal ## Domino Installer Variables domino_hash: ::DOMINO_HASH:: # REPLACEME: Update Domino installer and version if needed, and update the versions as well # If you want to use a local copy, it must match the below name and be added to `./installers/domino/archives` domino_server_installer_tar: ::DOMINO_INSTALLER:: domino_major_version: ::DOMINO_INSTALLER_MAJOR_VERSION:: domino_minor_version: ::DOMINO_INSTALLER_MINOR_VERSION:: domino_patch_version: ::DOMINO_INSTALLER_PATCH_VERSION:: ## Domino fixpack Variables domino_fp_hash: ::DOMINO_FP_HASH:: domino_installer_fixpack_install: ::DOMINO_INSTALLER_FIXPACK_INSTALL:: domino_fixpack_version: ::DOMINO_INSTALLER_FIXPACK_VERSION:: domino_server_fixpack_tar: ::DOMINO_INSTALLER_FIXPACK:: ## Domino Hotfix Variables domino_hf_hash: ::DOMINO_HF_HASH:: domino_installer_hotfix_install: ::DOMINO_INSTALLER_HOTFIX_INSTALL:: domino_hotfix_version: ::DOMINO_INSTALLER_HOTFIX_VERSION:: domino_server_hotfix_tar: ::DOMINO_INSTALLER_HOTFIX:: ## Jedi Overrides jedi_enabled: true ## If you prefer Nashed Domino Management, but want to have Jedi Installed, set this to False, otherwise if you want Jedi to manage domino, set this to true ## Leap Variables leap_hash: ::LEAP_HASH:: leap_archive: ::LEAP_INSTALLER:: leap_version: ::LEAP_INSTALLER_VERSION:: ## Nomad Web Variables nomadweb_hash: ::NOMADWEB_HASH:: nomadweb_archive: ::NOMADWEB_INSTALLER:: nomadweb_version: ::NOMADWEB_VERSION:: nomad_hotfix_archive: ::NOMADWEB_HOTFIX_INSTALLER:: ### NEW VARIABLES NEEDED FOR DOMINO HOTFIX, Default to False, until the HF button is added in SHI nomad_hotfix_version: ::NOMADWEB_VERSION_HOTFIX_INSTALL:: # "HF1" nomad_hotfix_install: ::NOMADWEB_HOTFIX_INSTALL:: # Default to False, HCL may provide Hotfixes, for example HF1 fixes and issue that requires Nomad to be restarted after HTTP comes up ## Traveler Variables traveler_hash: ::TRAVELER_HASH:: traveler_archive: ::TRAVELER_INSTALLER:: traveler_base_version: ::TRAVELER_INSTALLER_VERSION:: traveler_fixpack_install: ::TRAVELER_FP_INSTALL:: ## NEW VARIABLE, Traveler now fully supprots fixpacks traveler_fixpack_archive: ::TRAVELER_FP_INSTALLER:: traveler_fixpack_version: ::TRAVELER_FP_INSTALLER_VERSION:: ## Verse Variables verse_hash: ::VERSE_HASH:: verse_archive: ::VERSE_INSTALLER:: verse_base_version: ::VERSE_INSTALLER_VERSION:: ## Domino Rest API Variables domino_rest_api_hash: ::DOMINO_REST_API_HASH:: domino_rest_api_version: ::DOMINO_REST_API_INSTALLER_VERSION:: domino_rest_api_archive: ::DOMINO_REST_API_INSTALLER:: ## Hosts entries for /etc/hosts ## Really only needed for Standalone #etc_hosts_entries: # - hostname: ::DOMINO_ORIGIN_HOSTNAME::.::DOMINO_ORIGIN_DOMAIN:: # aliases: # - ::DOMINO_ORIGIN_HOSTNAME:: # ip: ::DOMINO_ORIGIN_SERVER_IP:: roles: - name: startcloud.startcloud_roles.setup - name: startcloud.startcloud_roles.networking tags: always - name: startcloud.startcloud_roles.disks - name: startcloud.startcloud_roles.hostname - name: startcloud.startcloud_roles.dependencies - name: startcloud.startcloud_roles.mdns - name: startcloud.startcloud_roles.service_user - name: startcloud.startcloud_roles.sdkman_install - name: startcloud.startcloud_roles.sdkman_java vars: java_version: 17.0.16-zulu - name: startcloud.startcloud_roles.sdkman_java vars: java_version: LATEST - name: startcloud.startcloud_roles.sdkman_maven - name: startcloud.startcloud_roles.sdkman_gradle - name: startcloud.startcloud_roles.ssl - name: startcloud.hcl_roles.domino_reset when: ::ROLE_DOMINO_RESET:: - name: startcloud.hcl_roles.domino_install - name: startcloud.hcl_roles.domino_vagrant_rest_api - name: startcloud.hcl_roles.domino_service_nash - name: startcloud.hcl_roles.domino_java_config - name: startcloud.hcl_roles.domino_java_tools - name: startcloud.startcloud_roles.git_runner when: false # ::ROLE_GIT_RUNNER:: - name: startcloud.hcl_roles.domino_updatesite - name: startcloud.hcl_roles.domino_config - name: startcloud.hcl_roles.domino_genesis - name: startcloud.hcl_roles.domino_genesis_applications - name: startcloud.hcl_roles.domino_cross_certify - name: startcloud.hcl_roles.domino_java_app_example when: true - name: startcloud.hcl_roles.domino_oidc when: ::ROLE_OIDC:: # Default to true - name: startcloud.hcl_roles.domino_leap when: ::ROLE_LEAP:: - name: startcloud.hcl_roles.domino_traveler when: ::ROLE_TRAVELER:: - name: startcloud.hcl_roles.domino_traveler_htmo when: ::ROLE_TRAVELER_HTMO:: - name: startcloud.hcl_roles.domino_verse when: ::ROLE_VERSE:: - name: startcloud.hcl_roles.domino_rest_api when: ::ROLE_DOMINO_RESTAPI:: - name: startcloud.hcl_roles.domino_nomadweb when: ::ROLE_NOMADWEB:: - name: startcloud.hcl_roles.domino_jedi when: ::ROLE_JEDI:: - name: startcloud.hcl_roles.domino_vagrant_readme when: true - name: startcloud.startcloud_roles.quick_start tags: always when: ::ROLE_STARTCLOUD_QUICK_START:: - name: startcloud.startcloud_roles.haproxy when: ::ROLE_STARTCLOUD_HAPROXY:: - name: startcloud.startcloud_roles.vagrant_readme when: ::ROLE_STARTCLOUD_VAGRANT_README:: - name: startcloud.startcloud_roles.lockdown when: ::ROLE_LOCKDOWN::