---
interfaces:
  disable: true

loc_borg:
  to_exclude:
    - /var/mail
    - /var/lib/lxcfs

loc_service_home:
  name: home
  install_dir: /var/local/services/home
  cron:
    frequency: "* * * * *"
  dependencies:
    - python3-jinja2
    - python3-ldap
  git:
    remote: https://gitlab.adm.crans.org/nounous/home.git
    version: master
  config:
    ldap_server: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}"
    binddn: "{{ vault.services.home.ldap.binddn }}"
    password: "{{ vault.services.home.ldap.bindpass }}"
    rootdn: cn=Utilisateurs,dc=crans,dc=org
    home_dir: /pool/home
    mail_dir: /pool/mail
    home_quota: /usr/sbin/zfs set userquota@{user}=30G pool/home
    mail_quota: /usr/sbin/zfs set userquota@{user}=10G pool/mail

loc_service_backup:
  name: backup
  install_dir: /var/local/services/backup
  cron:
    frequency: "0 0 * * *"
  dependencies:
    - python3-jinja2
    - python3-ldap
  generated: yes
  git:
    remote: https://gitlab.adm.crans.org/nounous/backup.git
    version: master
  config:
    binddn: cn=home,ou=service-users,dc=crans,dc=org
    password: "{{ vault.ldap_home_password }}"
    rootdn: cn=Utilisateurs,dc=crans,dc=org
    ldap_server: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}"
    borg_key: "{{ vault.borg.encryption_passphrase }}"