Skip to content

Accounts and Settings

Warning

This is a reference discussing an aspect of the install process. If you are looking for the steps to follow to install, they are here.

On this page, we break down the options available in the following files:

  • /srv/git/saltbox/accounts.yml
  • /srv/git/saltbox/settings.yml
  • /srv/git/saltbox/adv_settings.yml

Options in accounts.yml

Note: There must always be a space between the key and the value in YAML files. key: value NOT key:value

Each tab shows a "section" in the file.

apprise:

apprise - Apprise notification URL

This parameter is optional. Information about constructing the URL can be found here. This will be used to send out messages during certain tasks (e.g. backup).

This parameter is not nested:

apprise: somescheme://something_else_here/perhaps_a_token

not

apprise:
  somescheme://something_else_here/perhaps_a_token
cloudflare:
  email:
  api:

email: E-mail address used for the Cloudflare account.

api: Global API Key.

These parameters are optional. Default is blank. Fill this in to have Saltbox add subdomains on Cloudflare, automatically; leave it blank, to have all Cloudflare related functions disabled. Cloudflare does not support all top-level domains though its API. Refer to this page. As of 2022/11/03: "DNS API cannot be used for domains with .cf, .ga, .gq, .ml, or .tk TLDs."

dockerhub:
  user:
  token:

user - Docker Hub username.

token - Docker Hub access token.

Note that this is a Docker Hub token, not your Docker Hub password. You create one of these in the security tab of your account settings at dockerhub, and it will look something like: dckr_pat_EZ-YVvzrb_OzZyToNyGeEzErBiLl

This parameter is optional. Entering Dockerhub credentials increases the number of images one can pull.

plex:
  user:
  pass:
  tfa: no

user - Plex username or email address on the profile.

pass - Plex password. See the password considerations below. Wrap the password in quotes if it contains anything other than letters and numbers.

tfa - "yes" or "no" depending on whether you want to use the two-factor authentication [TFA] compatible Plex connection system.

This parameter is required. This will be used to claim the Plex server under your username and generate Plex Access Tokens for apps such as Autoscan, etc. Note: The "tfa" setting controls whether Saltbox uses the newer authentication method or not; this newer method is required for use with TFA, but will work even with it off; it's the "Open an URL, log into Plex, grant access to this app" workflow you may be familiar with from other contexts. If you use the tfa workflow, a random client ID and a Plex Access Token will be stored in /opt/saltbox/plex.ini for later use. Consider securing this file if you are running Saltbox on a shared machine.

---
user:
  name: seed
  pass: password123
  domain: testsaltbox.ml
  email: your@email.com
  ssh_key:

name: User name for the server.

This parameter is required. If user account with this name does not already exist, it will be created during install. Also used to create first-time logins for various apps. Default is seed.

pass: Password for the user account and for misc apps.

This parameter is required. Sets password for the server's user account when creating a new account. This will not change the password of an existing account. Also used to create first-time logins for NZBGet, qbittorrent, NZBHydra2, and potentially other apps. Don't leave it blank, even if you are planning to use SSH keys to connect to your box. This user and password are used to set up authentication for some applications in this repo and Sandbox, and a blank password may cause trouble there. Don't leave it as password123. See the password considerations below. Relevant XKCD

domain: Domain name for the Saltbox server.

This parameter is required. If you don't have one, see here. This should be the domain "below" the saltbox subdomains. For example, if you want to access Sonarr at "sonarr.domain.tld", enter "domain.tld". If you want "sonarr.foo.domain.tld", enter "foo.domain.tld".

email: E-mail address.

This parameter is required if you're using the reverse proxy. This is used for the Let's Encrypt SSL certificates. It does not have to be an email address at the domain above.

ssh_key: SSH Key

This parameter is optional. This is used to provision a SSH key in your user's authorized_keys file This parameter accepts either the public key or a GitHub url (i.e. https://github.com/charlie.keys) which will pull the keys you have added to your GitHub account.


Options in settings.yml

Note: Having {{ user }} in the path tells Ansible to fill in the username, automatically. You do not need to fill in your actual username.

Note: There must always be a space between the key and the value in YAML files. key: value NOT key:value

Each tab shows a "section" in the file.

authelia:
  master: yes
  subdomain: login

master - Is this the master machine in a split feeder/media setup?

subdomain - subdomain for the Authelia login page

Default is login.

---
downloads: /mnt/unionfs/downloads

downloads: Where downloads go.

Default is /mnt/unionfs/downloads.

rclone:
  enabled: true
  remotes:
    - remote: google
      template: google
      upload: true
      upload_from: /mnt/local/Media
      vfs_cache:
        enabled: false
        max_age: 504h
        size: 50G
  version: latest

enabled: Use this to toggle Rclone related deployments like mounts and cloudplow.

remotes: This variable takes a list of dictionaries formatted like the example. Add as many remotes as you wish, like this:

rclone:
  enabled: true
  remotes:
    - remote: google
      template: google
      ...
    - remote: dropbox
      template: dropbox
      ...
    - remote: minio
      template: /opt/templates/myminio.j2
      ...

remotes/remote: The name of the rclone remote for this mount. You can also specify a path to use for the remote. remote: "google:Media" quotes are important.

remotes/template: The name of the template you want to use for the mount. Currently Saltbox supports 4 options: google, dropbox, sftp and a path to a file ("/opt/mycustomfolder/remote.j2") containing either jinja2 template or an actual copy of a systemd service file. You should put the template file in a folder in /opt so that it moves with your install after a restore.

remotes/upload: Toggles whether you intend to upload to this remote using Cloudplow.

remotes/upload_from: The local path Cloudplow will use to upload from if the remote was upload enabled.

remotes/vfs_cache/enabled: Toggle for using Rclone VFS file cache.

remotes/vfs_cache/max_age: Defines the max age of files in the cache.

remotes/vfs_cache/size: Defines the max size of the cache. The cache can grow above this value in actual usage (polls the cache once a minute) so leave some headroom when using this.

version: Rclone version that is installed by Saltbox. Choices are latest, current, beta, or a specific version number (e.g. 1.42). Default is latest.

shell: bash

shell: Type of shell to use.

Choices are bash or zsh. Default is bash.

transcodes: /mnt/local/transcodes

transcodes: Path of temporary transcoding files.

Default is "/mnt/local/transcodes".

Note: It is recommended to not use /tmp or /dev/shm as a transcode location because the paths are cleared on reboots, causing Docker to create the folder as root and Plex transcoder to crash. Another reason why not to: https://forums.plex.tv/discussion/comment/1502936/#Comment_1502936.


Options in adv_settings.yml

Note: There must always be a space between the key and the value in YAML files. key: value NOT key:value

Each tab shows a "section" in the file.

dns:
  ipv4: yes
  ipv6: no
  proxied: no

ipv4: Enable/disable IPv4 configuration.

Default is yes.

ipv6: Enable/disable IPv6 configuration.

Default is no.

proxied - Controls whether Cloudflare records should be "proxied" or "DNS only".

Default is no.

docker:
  json_driver: no

json_driver - make docker logs available as JSON

gpu:
  intel: yes
  nvidia: no

intel: Should system be set up for Intel GPU?

Default is yes.

nvidia: Should system be set up for NVidia GPU?

Default is no.

mounts:
  ipv4_only: no

ipv4_only: Should Rclone use IPv4 only?

Default is no.

---
system:
  timezone: auto

timezone: Timezone to use on the server.

Default is auto, which will pick the timezone based on geolocation of the server. Enter a "TZ database name" as shown in this table. For example, "America/Costa_Rica". timedatectl list-timezones at your server's command prompt will also list the options.

traefik:
  cert:
    http_validation: no
    zerossl: no
  error_pages: no
  hsts: no
  metrics: no
  provider: cloudflare
  subdomains:
    dash: dash
    jaeger: jaeger
    metrics: metrics
  tracing: no

cert.http_validation: Use HTTP (HTTP-01) certificate validation method. Required if not using Cloudflare.

Default is no.

cert.zerossl: Use ZeroSSL instead of Let's Encrypt for generation of certificates.

Default is no.

error_pages: enable styled error pages.

Default is no. See here for configuration details.

hsts: enable HSTS.

Default is no.

metrics: enable metrics subdomain.

Default is no.

provider: DNS provider.

Default is cloudflare.

subdomain.dash: traefik dashboard subdomain.

Default is dash.

subdomain.jaeger: traefik jaeger subdomain.

Default is jaeger.

subdomain.metrics: traefik metrics subdomain.

Default is metrics.

tracing: Enable tracing.

Default is no.


Password considerations

These are a YAML files, and values you enter here are subject to YAML file format rules. If you use special characters in your password, wrap the password in quotes [or escape the characters correctly, if you are familiar with that concept]. It would be easiest to avoid using quote characters themselves within your password.

For example:

  • pass: MyP4s5w0rd1s4w350m3
  • pass: "!@#$%^&*"
  • pass: multiple words work fine unquoted
  • pass: "or quote them to be safe"