---
interfaces:
  adm: eth0
  srv: eth1

postfix:
  primary: true
  secondary: false
  public: true
  dkim: true
  titanic: false

loc_certbot:
  - mail: root@crans.org
    certname: crans.org
    domains: "*.adm.crans.org, *.crans.org"

loc_service_certbot:
  config:
    "crans.org":
      zone: _acme-challenge.crans.org
      server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
      port: 53
      key:
        name: certbot_challenge.
        secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
        algorithm: HMAC-SHA512
    "adm.crans.org":
      zone: _acme-challenge.adm.crans.org
      server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}"
      port: 53
      key:
        name: certbot_adm_challenge.
        secret: "{{ vault.bind.rfc2136_keys['certbot_adm_challenge.'].secret }}"
        algorithm: HMAC-SHA512