---
interfaces:
  adm: ens18
  srv: ens19

loc_certbot:
  - dns_rfc2136_server: '172.16.10.147'
    dns_rfc2136_name: certbot_challenge.
    dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
    mail: root@crans.org
    certname: crans.org
    domains: "*.crans.org"

  - dns_rfc2136_server: '172.16.10.147'
    dns_rfc2136_name: certbot_adm_challenge.
    dns_rfc2136_secret: "{{ vault.certbot_adm_dns_secret }}"
    mail: root@crans.org
    certname: adm.crans.org
    domains: "*.adm.crans.org"

loc_nginx:
  ssl:
    - name: adm.crans.org
      cert: /etc/letsencrypt/live/adm.crans.org/fullchain.pem
      cert_key: /etc/letsencrypt/live/adm.crans.org/privkey.pem
      trusted_cert: /etc/letsencrypt/live/adm.crans.org/chain.pem
    - name: crans.org
      cert: /etc/letsencrypt/live/crans.org/fullchain.pem
      cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
      trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
  servers: []

loc_reverseproxy:
  reverseproxy_sites:
    - {from: gitlab.crans.org, to: "127.0.0.1:8000"}
    - {from: gitlab.adm.crans.org, to: "127.0.0.1:8000", ssl: adm.crans.org}

  redirect_sites: []

  static_sites: []