¶
Overview¶
is
Deployment¶
sb install sandbox-sure
Role Defaults¶
Variables can be customized using the Inventory. (1)
-
Example override
sure_name: "custom_value"Avoid overriding variables ending in
_defaultWhen overriding variables that end in
_default(likesure_docker_envs_default), you replace the entire default configuration. Future updates that add new default values will not be applied to your setup, potentially breaking functionality.Instead, use the corresponding
_customvariable (likesure_docker_envs_custom) to add your changes. Custom values are merged with defaults, ensuring you receive updates.
sure_name
# Type: string
sure_name: sure
sure_role_onboarding_state
# Valid options: open, closed, invite_only
# Type: string
sure_role_onboarding_state: "open"
sure_role_rails_force_ssl
# Valid options: "true", "false"
# Type: string
sure_role_rails_force_ssl: "false"
sure_role_rails_assume_ssl
# Valid options: "true", "false"
# Type: string
sure_role_rails_assume_ssl: "true"
sure_role_sidekiq_web_username
# Type: string
sure_role_sidekiq_web_username: "{{ user.name }}"
sure_role_sidekiq_web_password
# Type: string
sure_role_sidekiq_web_password: "{{ user.pass }}"
sure_role_openai_access_token
# Type: string
sure_role_openai_access_token: ""
sure_role_openai_model
# Type: string
sure_role_openai_model: ""
sure_role_openai_uri_base
# Type: string
sure_role_openai_uri_base: ""
sure_role_langfuse_host
# Type: string
sure_role_langfuse_host: "https://cloud.langfuse.com"
sure_role_langfuse_public_key
# Type: string
sure_role_langfuse_public_key: ""
sure_role_langfuse_secret_key
# Type: string
sure_role_langfuse_secret_key: ""
sure_role_twelve_data_api_key
# Type: string
sure_role_twelve_data_api_key: ""
sure_role_exchange_rate_provider
# Valid options: twelve_data, yahoo_finance
# Type: string
sure_role_exchange_rate_provider: "yahoo_finance"
sure_role_securities_provider
# Valid options: twelve_data, yahoo_finance
# Type: string
sure_role_securities_provider: "yahoo_finance"
sure_role_smtp_address
# Type: string
sure_role_smtp_address: ""
sure_role_smtp_port
# Type: string
sure_role_smtp_port: ""
sure_role_smtp_username
# Type: string
sure_role_smtp_username: ""
sure_role_smtp_password
# Type: string
sure_role_smtp_password: ""
sure_role_smtp_tls_enabled
# Valid options: "true", "false"
# Type: string
sure_role_smtp_tls_enabled: "true"
sure_role_email_sender
# Type: string
sure_role_email_sender: ""
sure_role_redis_name
# Type: string
sure_role_redis_name: "{{ sure_name }}-redis"
sure_role_redis_docker_image_tag
# Type: string
sure_role_redis_docker_image_tag: "8-alpine"
sure_role_redis_paths_folder
# Type: string
sure_role_redis_paths_folder: "{{ sure_name }}"
sure_role_redis_paths_location
# Type: string
sure_role_redis_paths_location: "{{ server_appdata_path }}/{{ sure_role_redis_paths_folder }}/redis"
sure_role_postgres_deploy
# Type: bool (true/false)
sure_role_postgres_deploy: true
sure_role_postgres_name
# Type: string
sure_role_postgres_name: "{{ sure_name }}-postgres"
sure_role_postgres_user
# If empty it will fallback to postgres role default
# Type: string
sure_role_postgres_user: ""
sure_role_postgres_password
# If empty it will fallback to postgres role default
# Type: string
sure_role_postgres_password: ""
sure_role_postgres_docker_env_db
# Type: string
sure_role_postgres_docker_env_db: "{{ sure_name }}_production"
sure_role_postgres_docker_image_tag
# Type: string
sure_role_postgres_docker_image_tag: "16"
sure_role_postgres_docker_image_repo
# Type: string
sure_role_postgres_docker_image_repo: "postgres"
sure_role_postgres_docker_healthcheck
# Type: dict
sure_role_postgres_docker_healthcheck:
test: ["CMD-SHELL", "pg_isready -d {{ lookup('role_var', '_postgres_docker_env_db', role='sure') }} -U {{ lookup('role_var', '_postgres_user', role='sure') if (lookup('role_var', '_postgres_user', role='sure') | length > 0) else lookup('role_var', '_docker_env_user', role='postgres') }}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
sure_role_postgres_paths_folder
# Type: string
sure_role_postgres_paths_folder: "{{ sure_name }}"
sure_role_postgres_paths_location
# Type: string
sure_role_postgres_paths_location: "{{ server_appdata_path }}/{{ sure_role_postgres_paths_folder }}/postgres"
sure_role_web_subdomain
# Type: string
sure_role_web_subdomain: "{{ sure_name }}"
sure_role_web_domain
# Type: string
sure_role_web_domain: "{{ user.domain }}"
sure_role_web_port
# Type: string
sure_role_web_port: "3000"
sure_role_web_url
# Type: string
sure_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='sure') + '.' + lookup('role_var', '_web_domain', role='sure')
if (lookup('role_var', '_web_subdomain', role='sure') | length > 0)
else lookup('role_var', '_web_domain', role='sure')) }}"
sure_role_web_host
# Type: string
sure_role_web_host: "{{ (lookup('role_var', '_web_subdomain', role='sure') + '.' + lookup('role_var', '_web_domain', role='sure')
if (lookup('role_var', '_web_subdomain', role='sure') | length > 0)
else lookup('role_var', '_web_domain', role='sure')) }}"
sure_role_dns_record
# Type: string
sure_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='sure') }}"
sure_role_dns_zone
# Type: string
sure_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='sure') }}"
sure_role_dns_proxy
# Type: bool (true/false)
sure_role_dns_proxy: "{{ dns_proxied }}"
sure_role_traefik_sso_middleware
# Type: string
sure_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"
sure_role_traefik_middleware_default
# Type: string
sure_role_traefik_middleware_default: "{{ traefik_default_middleware }}"
sure_role_traefik_middleware_custom
# Type: string
sure_role_traefik_middleware_custom: ""
sure_role_traefik_certresolver
# Type: string
sure_role_traefik_certresolver: "{{ traefik_default_certresolver }}"
sure_role_traefik_enabled
# Type: bool (true/false)
sure_role_traefik_enabled: true
sure_role_traefik_api_enabled
# Type: bool (true/false)
sure_role_traefik_api_enabled: false
sure_role_traefik_api_endpoint
# Type: string
sure_role_traefik_api_endpoint: ""
Container
sure_role_docker_container
# Type: string
sure_role_docker_container: "{{ sure_name }}"
Image
sure_role_docker_image_pull
# Type: bool (true/false)
sure_role_docker_image_pull: true
sure_role_docker_image_repo
# Type: string
sure_role_docker_image_repo: "ghcr.io/we-promise/sure"
Valid options in Sure docs: latest, stable
sure_role_docker_image_tag
# Type: string
sure_role_docker_image_tag: "stable"
sure_role_docker_image
# Type: string
sure_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='sure') }}:{{ lookup('role_var', '_docker_image_tag', role='sure') }}"
Envs
sure_role_docker_envs_default
# Type: dict
sure_role_docker_envs_default:
TZ: "{{ tz }}"
PORT: "{{ lookup('role_var', '_web_port', role='sure') }}"
SELF_HOSTED: "true"
ONBOARDING_STATE: "{{ lookup('role_var', '_onboarding_state', role='sure') }}"
SECRET_KEY_BASE: "{{ sure_saltbox_facts.facts.secret_key }}"
RAILS_FORCE_SSL: "{{ lookup('role_var', '_rails_force_ssl', role='sure') }}"
RAILS_ASSUME_SSL: "{{ lookup('role_var', '_rails_assume_ssl', role='sure') }}"
APP_DOMAIN: "{{ lookup('role_var', '_web_host', role='sure') }}"
DB_HOST: "{{ lookup('role_var', '_postgres_name', role='sure') }}"
DB_PORT: "5432"
POSTGRES_USER: "{{ lookup('role_var', '_postgres_user', role='sure')
if (lookup('role_var', '_postgres_user', role='sure') | length > 0)
else lookup('role_var', '_docker_env_user', role='postgres') }}"
POSTGRES_PASSWORD: "{{ lookup('role_var', '_postgres_password', role='sure')
if (lookup('role_var', '_postgres_password', role='sure') | length > 0)
else lookup('role_var', '_docker_env_password', role='postgres') }}"
POSTGRES_DB: "{{ lookup('role_var', '_postgres_docker_env_db', role='sure') }}"
REDIS_URL: "redis://{{ lookup('role_var', '_redis_name', role='sure') }}:6379/1"
SIDEKIQ_WEB_USERNAME: "{{ lookup('role_var', '_sidekiq_web_username', role='sure') }}"
SIDEKIQ_WEB_PASSWORD: "{{ lookup('role_var', '_sidekiq_web_password', role='sure') }}"
OPENAI_ACCESS_TOKEN: "{{ lookup('role_var', '_openai_access_token', role='sure')
if (lookup('role_var', '_openai_access_token', role='sure') | length > 0)
else omit }}"
OPENAI_MODEL: "{{ lookup('role_var', '_openai_model', role='sure')
if (lookup('role_var', '_openai_model', role='sure') | length > 0)
else omit }}"
OPENAI_URI_BASE: "{{ lookup('role_var', '_openai_uri_base', role='sure')
if (lookup('role_var', '_openai_uri_base', role='sure') | length > 0)
else omit }}"
LANGFUSE_HOST: "{{ lookup('role_var', '_langfuse_host', role='sure') }}"
LANGFUSE_PUBLIC_KEY: "{{ lookup('role_var', '_langfuse_public_key', role='sure')
if (lookup('role_var', '_langfuse_public_key', role='sure') | length > 0)
else omit }}"
LANGFUSE_SECRET_KEY: "{{ lookup('role_var', '_langfuse_secret_key', role='sure')
if (lookup('role_var', '_langfuse_secret_key', role='sure') | length > 0)
else omit }}"
TWELVE_DATA_API_KEY: "{{ lookup('role_var', '_twelve_data_api_key', role='sure')
if (lookup('role_var', '_twelve_data_api_key', role='sure') | length > 0)
else omit }}"
EXCHANGE_RATE_PROVIDER: "{{ lookup('role_var', '_exchange_rate_provider', role='sure') }}"
SECURITIES_PROVIDER: "{{ lookup('role_var', '_securities_provider', role='sure') }}"
SMTP_ADDRESS: "{{ lookup('role_var', '_smtp_address', role='sure')
if (lookup('role_var', '_smtp_address', role='sure') | length > 0)
else omit }}"
SMTP_PORT: "{{ lookup('role_var', '_smtp_port', role='sure')
if (lookup('role_var', '_smtp_address', role='sure') | length > 0)
else omit }}"
SMTP_USERNAME: "{{ lookup('role_var', '_smtp_username', role='sure')
if (lookup('role_var', '_smtp_address', role='sure') | length > 0)
else omit }}"
SMTP_PASSWORD: "{{ lookup('role_var', '_smtp_password', role='sure')
if (lookup('role_var', '_smtp_address', role='sure') | length > 0)
else omit }}"
SMTP_TLS_ENABLED: "{{ lookup('role_var', '_smtp_tls_enabled', role='sure')
if (lookup('role_var', '_smtp_address', role='sure') | length > 0)
else omit }}"
EMAIL_SENDER: "{{ lookup('role_var', '_email_sender', role='sure')
if (lookup('role_var', '_email_sender', role='sure') | length > 0)
else omit }}"
sure_role_docker_envs_custom
# Type: dict
sure_role_docker_envs_custom: {}
Volumes
sure_role_docker_volumes_default
# Type: list
sure_role_docker_volumes_default:
- "{{ lookup('role_var', '_paths_location', role='sure') }}/storage:/rails/storage"
sure_role_docker_volumes_custom
# Type: list
sure_role_docker_volumes_custom: []
Hostname
sure_role_docker_hostname
# Type: string
sure_role_docker_hostname: "{{ sure_name }}"
Networks
sure_role_docker_networks_alias
# Type: string
sure_role_docker_networks_alias: "{{ sure_name }}"
sure_role_docker_networks_default
# Type: list
sure_role_docker_networks_default: []
sure_role_docker_networks_custom
# Type: list
sure_role_docker_networks_custom: []
Restart Policy
sure_role_docker_restart_policy
# Type: string
sure_role_docker_restart_policy: unless-stopped
sure_role_depends_on
# Type: string
sure_role_depends_on: "{{ lookup('role_var', '_postgres_name', role='sure') }},{{ lookup('role_var', '_redis_name', role='sure') }}"
sure_role_depends_on_delay
# Type: string (quoted number)
sure_role_depends_on_delay: "0"
sure_role_depends_on_healthchecks
# Type: string ("true"/"false")
sure_role_depends_on_healthchecks: "false"
The following advanced options are available via create_docker_container but are not defined in the role. See: docker_container module
Resource Limits
sure_role_docker_blkio_weight
# Type: int
sure_role_docker_blkio_weight:
sure_role_docker_cpu_period
# Type: int
sure_role_docker_cpu_period:
sure_role_docker_cpu_quota
# Type: int
sure_role_docker_cpu_quota:
sure_role_docker_cpu_shares
# Type: int
sure_role_docker_cpu_shares:
sure_role_docker_cpus
# Type: string
sure_role_docker_cpus:
sure_role_docker_cpuset_cpus
# Type: string
sure_role_docker_cpuset_cpus:
sure_role_docker_cpuset_mems
# Type: string
sure_role_docker_cpuset_mems:
sure_role_docker_kernel_memory
# Type: string
sure_role_docker_kernel_memory:
sure_role_docker_memory
# Type: string
sure_role_docker_memory:
sure_role_docker_memory_reservation
# Type: string
sure_role_docker_memory_reservation:
sure_role_docker_memory_swap
# Type: string
sure_role_docker_memory_swap:
sure_role_docker_memory_swappiness
# Type: int
sure_role_docker_memory_swappiness:
sure_role_docker_shm_size
# Type: string
sure_role_docker_shm_size:
Security & Devices
sure_role_docker_cap_drop
# Type: list
sure_role_docker_cap_drop:
sure_role_docker_cgroupns_mode
# Type: string
sure_role_docker_cgroupns_mode:
sure_role_docker_device_cgroup_rules
# Type: list
sure_role_docker_device_cgroup_rules:
sure_role_docker_device_read_bps
# Type: list
sure_role_docker_device_read_bps:
sure_role_docker_device_read_iops
# Type: list
sure_role_docker_device_read_iops:
sure_role_docker_device_requests
# Type: list
sure_role_docker_device_requests:
sure_role_docker_device_write_bps
# Type: list
sure_role_docker_device_write_bps:
sure_role_docker_device_write_iops
# Type: list
sure_role_docker_device_write_iops:
sure_role_docker_devices
# Type: list
sure_role_docker_devices:
sure_role_docker_groups
# Type: list
sure_role_docker_groups:
sure_role_docker_privileged
# Type: bool (true/false)
sure_role_docker_privileged:
sure_role_docker_security_opts
# Type: list
sure_role_docker_security_opts:
sure_role_docker_user
# Type: string
sure_role_docker_user:
sure_role_docker_userns_mode
# Type: string
sure_role_docker_userns_mode:
Networking
sure_role_docker_dns_opts
# Type: list
sure_role_docker_dns_opts:
sure_role_docker_dns_search_domains
# Type: list
sure_role_docker_dns_search_domains:
sure_role_docker_dns_servers
# Type: list
sure_role_docker_dns_servers:
sure_role_docker_domainname
# Type: string
sure_role_docker_domainname:
sure_role_docker_exposed_ports
# Type: list
sure_role_docker_exposed_ports:
sure_role_docker_hosts
# Type: dict
sure_role_docker_hosts:
sure_role_docker_hosts_use_common
# Type: bool (true/false)
sure_role_docker_hosts_use_common:
sure_role_docker_ipc_mode
# Type: string
sure_role_docker_ipc_mode:
sure_role_docker_links
# Type: list
sure_role_docker_links:
sure_role_docker_network_mode
# Type: string
sure_role_docker_network_mode:
sure_role_docker_pid_mode
# Type: string
sure_role_docker_pid_mode:
sure_role_docker_ports
# Type: list
sure_role_docker_ports:
sure_role_docker_uts
# Type: string
sure_role_docker_uts:
Storage
sure_role_docker_keep_volumes
# Type: bool (true/false)
sure_role_docker_keep_volumes:
sure_role_docker_mounts
# Type: list
sure_role_docker_mounts:
sure_role_docker_storage_opts
# Type: dict
sure_role_docker_storage_opts:
sure_role_docker_tmpfs
# Type: list
sure_role_docker_tmpfs:
sure_role_docker_volume_driver
# Type: string
sure_role_docker_volume_driver:
sure_role_docker_volumes_from
# Type: list
sure_role_docker_volumes_from:
sure_role_docker_volumes_global
# Type: bool (true/false)
sure_role_docker_volumes_global:
sure_role_docker_working_dir
# Type: string
sure_role_docker_working_dir:
Monitoring & Lifecycle
sure_role_docker_auto_remove
# Type: bool (true/false)
sure_role_docker_auto_remove:
sure_role_docker_cleanup
# Type: bool (true/false)
sure_role_docker_cleanup:
sure_role_docker_force_kill
# Type: string
sure_role_docker_force_kill:
sure_role_docker_healthcheck
# Type: dict
sure_role_docker_healthcheck:
sure_role_docker_healthy_wait_timeout
# Type: int
sure_role_docker_healthy_wait_timeout:
sure_role_docker_init
# Type: bool (true/false)
sure_role_docker_init:
sure_role_docker_kill_signal
# Type: string
sure_role_docker_kill_signal:
sure_role_docker_log_driver
# Type: string
sure_role_docker_log_driver:
sure_role_docker_log_options
# Type: dict
sure_role_docker_log_options:
sure_role_docker_oom_killer
# Type: bool (true/false)
sure_role_docker_oom_killer:
sure_role_docker_oom_score_adj
# Type: int
sure_role_docker_oom_score_adj:
sure_role_docker_output_logs
# Type: bool (true/false)
sure_role_docker_output_logs:
sure_role_docker_paused
# Type: bool (true/false)
sure_role_docker_paused:
sure_role_docker_recreate
# Type: bool (true/false)
sure_role_docker_recreate:
sure_role_docker_restart_retries
# Type: int
sure_role_docker_restart_retries:
sure_role_docker_stop_signal
# Type: string
sure_role_docker_stop_signal:
sure_role_docker_stop_timeout
# Type: int
sure_role_docker_stop_timeout:
Other Options
sure_role_docker_capabilities
# Type: list
sure_role_docker_capabilities:
sure_role_docker_cgroup_parent
# Type: string
sure_role_docker_cgroup_parent:
sure_role_docker_commands
# Type: list
sure_role_docker_commands:
sure_role_docker_create_timeout
# Type: int
sure_role_docker_create_timeout:
sure_role_docker_entrypoint
# Type: string
sure_role_docker_entrypoint:
sure_role_docker_env_file
# Type: string
sure_role_docker_env_file:
sure_role_docker_labels
# Type: dict
sure_role_docker_labels:
sure_role_docker_labels_use_common
# Type: bool (true/false)
sure_role_docker_labels_use_common:
sure_role_docker_read_only
# Type: bool (true/false)
sure_role_docker_read_only:
sure_role_docker_runtime
# Type: string
sure_role_docker_runtime:
sure_role_docker_sysctls
# Type: list
sure_role_docker_sysctls:
sure_role_docker_ulimits
# Type: list
sure_role_docker_ulimits:
sure_role_autoheal_enabled
# Enable or disable Autoheal monitoring for the container created when deploying
# Type: bool (true/false)
sure_role_autoheal_enabled: true
sure_role_diun_enabled
# Enable or disable Diun update notifications for the container created when deploying
# Type: bool (true/false)
sure_role_diun_enabled: true
sure_role_dns_enabled
# Enable or disable automatic DNS record creation for the container
# Type: bool (true/false)
sure_role_dns_enabled: true
sure_role_docker_controller
# Enable or disable Saltbox Docker Controller management for the container
# Type: bool (true/false)
sure_role_docker_controller: true
sure_role_docker_networks_alias_custom
# Type: list
sure_role_docker_networks_alias_custom:
sure_role_docker_volumes_download
# Type: bool (true/false)
sure_role_docker_volumes_download:
sure_role_themepark_addons
# Type: string
sure_role_themepark_addons:
sure_role_themepark_app
# Type: string
sure_role_themepark_app:
sure_role_themepark_theme
# Type: string
sure_role_themepark_theme:
sure_role_traefik_api_middleware
# Type: string
sure_role_traefik_api_middleware:
sure_role_traefik_api_middleware_http
# Type: string
sure_role_traefik_api_middleware_http:
sure_role_traefik_autodetect_enabled
# Enable Traefik autodetect middleware for the container
# Type: bool (true/false)
sure_role_traefik_autodetect_enabled: false
sure_role_traefik_crowdsec_enabled
# Enable CrowdSec middleware for the container
# Type: bool (true/false)
sure_role_traefik_crowdsec_enabled: false
sure_role_traefik_error_pages_enabled
# Enable custom error pages middleware for the container
# Type: bool (true/false)
sure_role_traefik_error_pages_enabled: false
sure_role_traefik_gzip_enabled
# Enable gzip compression middleware for the container
# Type: bool (true/false)
sure_role_traefik_gzip_enabled: false
sure_role_traefik_middleware_http
# Type: string
sure_role_traefik_middleware_http:
sure_role_traefik_middleware_http_api_insecure
# Type: bool (true/false)
sure_role_traefik_middleware_http_api_insecure:
sure_role_traefik_middleware_http_insecure
# Type: bool (true/false)
sure_role_traefik_middleware_http_insecure:
sure_role_traefik_priority
# Type: string
sure_role_traefik_priority:
sure_role_traefik_robot_enabled
# Enable robots.txt middleware for the container
# Type: bool (true/false)
sure_role_traefik_robot_enabled: true
sure_role_traefik_tailscale_enabled
# Enable Tailscale-specific Traefik configuration for the container
# Type: bool (true/false)
sure_role_traefik_tailscale_enabled: false
sure_role_traefik_wildcard_enabled
# Enable wildcard certificate for the container
# Type: bool (true/false)
sure_role_traefik_wildcard_enabled: true
sure_role_web_api_http_port
# Type: string (quoted number)
sure_role_web_api_http_port:
sure_role_web_api_http_scheme
# Type: string ("http"/"https")
sure_role_web_api_http_scheme:
sure_role_web_api_http_serverstransport
# Type: dict/omit
sure_role_web_api_http_serverstransport:
sure_role_web_api_port
# Type: string (quoted number)
sure_role_web_api_port:
sure_role_web_api_scheme
# Type: string ("http"/"https")
sure_role_web_api_scheme:
sure_role_web_api_serverstransport
# Type: dict/omit
sure_role_web_api_serverstransport:
sure_role_web_fqdn_override
# Override the Traefik fully qualified domain name (FQDN) for the container
# Type: list
sure_role_web_fqdn_override:
Example Override
sure_role_web_fqdn_override:
- "{{ traefik_host }}"
- "sure2.{{ user.domain }}"
- "sure.otherdomain.tld"
Note: Include {{ traefik_host }} to preserve the default FQDN alongside your custom entries
sure_role_web_host_override
# Override the Traefik web host configuration for the container
# Type: string
sure_role_web_host_override:
Example Override
sure_role_web_host_override: "Host(`{{ traefik_host }}`) || Host(`{{ 'sure2.' + user.domain }}`)"
Note: Use {{ traefik_host }} to include the default host configuration in your custom rule
sure_role_web_http_port
# Type: string (quoted number)
sure_role_web_http_port:
sure_role_web_http_scheme
# Type: string ("http"/"https")
sure_role_web_http_scheme:
sure_role_web_http_serverstransport
# Type: dict/omit
sure_role_web_http_serverstransport:
sure_role_web_scheme
# URL scheme to use for web access to the container
# Type: string ("http"/"https")
sure_role_web_scheme:
sure_role_web_serverstransport
# Type: dict/omit
sure_role_web_serverstransport: