---
debian_mirror: http://deb.debian.org/debian

postfix:
  primary: false
  secondary: true
  public: true
  dkim: true
  titanic: false

to_backup:
  - {
  name: "var",
  path: "/var",
  auth_users: "backupcrans",
  secrets_file: "/etc/rsyncd.secrets",
  hosts_allow: ["zephir.adm.crans.org", "10.231.136.6", "172.31.0.1"],
  }
  - {
  name: "slash",
  path: "/",
  auth_users: "backupcrans",
  secrets_file: "/etc/rsyncd.secrets",
  hosts_allow: ["zephir.adm.crans.org", "10.231.136.6", "172.31.0.1"],
  }

loc_slapd:
  ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}"
  replica: true
  replica_rid: 4

loc_moinmoin:
  main: false

loc_certbot:
  - dns_rfc2136_server: '172.16.10.147'
    dns_rfc2136_name: certbot_adm_challenge.
    dns_rfc2136_secret: "{{ vault.certbot_adm_dns_secret }}"
    mail: root@crans.org
    certname: adm.crans.org
    domains: "*.adm.crans.org"
  - dns_rfc2136_server: '172.16.10.147'
    dns_rfc2136_name: certbot_challenge.
    dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
    mail: root@crans.org
    certname: crans.org
    domains: "*.crans.org"

loc_nginx:
  service_name: wiki
  ssl:
    - name: adm.crans.org
      cert: /etc/letsencrypt/live/adm.crans.org/fullchain.pem
      cert_key: /etc/letsencrypt/live/adm.crans.org/privkey.pem
      trusted_cert: /etc/letsencrypt/live/adm.crans.org/chain.pem
    - name: crans.org
      cert: /etc/letsencrypt/live/crans.org/fullchain.pem
      cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
      trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
  servers:
    - server_name:
        - "wiki2.crans.org"
      ssl : "crans.org"
      access_log: "/var/log/nginx/wiki.log combined"
      error_log: "/var/log/nginx/wiki.error.log"
      additional_params:
        - "rewrite ^/$ $scheme://wiki2.crans.org/PageAccueil"
        - "client_max_body_size 15M"

      locations:
        - filter: "/wiki"
          params:
            - "alias /var/local/wiki/htdocs/"

        - filter: "/robots.txt"
          params:
            - "alias /var/local/wiki/robots.txt"

        - filter: "/favicon.ico"
          params:
            - "alias /var/local/wiki/favicon.ico"

        - filter: "/www-sitemap.xml"
          params:
            - "alias /var/local/wiki/www-sitemap.xml"

        - filter: "/"
          params:
            - "uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket"
            - "include uwsgi_params"

loc_reverseproxy:
  reverseproxy_sites:
    - {from: status.crans.org, to: "127.0.0.1:8080"}
    - {from: git2.crans.org, to: "127.0.0.1:3000"}
    - {from: git2.adm.crans.org, to: "127.0.0.1:3000", ssl: adm.crans.org}

  redirect_sites: []

  static_sites: []