---
loc_slapd:
  ip: "{{ query('ldap', 'ip', 'sam', 'adm') | ipv4 | first }}"
  replica: true
  replica_rid: 1

loc_postgres:
  version: 13
  replica: true
  addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"

loc_certbot:
  - mail: root@crans.org
    certname: crans.org
    domains: "*.adm.crans.org, *.crans.org"

loc_service_certbot:
  config:
    "crans.org":
      zone: _acme-challenge.crans.org
      server: 172.16.10.147
      port: 53
      key:
        name: certbot_challenge.
        secret: "{{ vault.certbot_dns_secret }}"
        algorithm: HMAC-SHA512
    "adm.crans.org":
      zone: _acme-challenge.adm.crans.org
      server: 172.16.10.147
      port: 53
      key:
        name: certbot_adm_challenge.
        secret: "{{ vault.certbot_adm_dns_secret }}"
        algorithm: HMAC-SHA512