install_files/ansible-base/group_vars/all/securedrop

---
# Variables that apply to both the app and monitor server go in this file
# If the monitor or app server need different values define the variable in
# hosts_vars/app.yml or host_vars/mon.yml
securedrop_app_code_version: "1.6.0~rc1"
securedrop_app_code_sdist_version: "securedrop-app-code-1.6.0-rc1"
securedrop_app_code_sdist_name: "{{ securedrop_app_code_sdist_version }}.tar.gz"

grsecurity: true
install_local_packages: false

# Are we in CI environment?
ci_builder: false

# Ansible v1 default reference to remote host
remote_host_ref: "{{ ansible_host|default(inventory_hostname) }}"

# Packages required for working on SecureDrop within development VM. Same list
# is used on the build VM to pull in required packages.
development_dependencies: []

# These profiles are referenced by multiple machines, such as Application Server
# for direct copying at install time, and the build machine for including them
# in the deb packages.
apparmor_profiles:
  - usr.sbin.tor
  - usr.sbin.apache2

# Installing the securedrop-app-code.deb package
securedrop_staging_install_target_distro: xenial
securedrop_app_code_deb: "securedrop-app-code_{{ securedrop_app_code_version }}+{{ securedrop_staging_install_target_distro }}_amd64" # do not enter .deb extension

# Enable Tor over SSH by default
enable_ssh_over_tor: true

# If file is present on system at the end of ansible run
# force a reboot. Needed because of the de-coupled nature of
# the many roles of the current prod playbook
securedrop_cond_reboot_file: /tmp/sd-reboot-now

# If you bump this, also remember to bump in molecule/builder-xenial/tests/vars.yml
securedrop_pkg_grsec:
  ver: "4.14.188"
  depends: "linux-image-4.14.188-grsec-securedrop,linux-image-4.14.175-grsec-securedrop,intel-microcode"