---
interfaces:
  cachan-adm: ens18
  srv: ens19

loc_home_nounou:
  ip: 172.17.10.9
  mountpoint: /rpool/home

loc_ldap:
  servers:
    - 172.17.10.9
  base: 'dc=crans,dc=org'

glob_ntp_client:
  servers:
    - terenez.cachan-adm.crans.org

debian_mirror: http://mirror.cachan-adm.crans.org/debian

loc_certbot:
  - dns_rfc2136_server: '185.230.79.9'
    dns_rfc2136_name: certbot_challenge.
    dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
    mail: root@crans.org
    certname: crans.org
    domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"

loc_nginx:
  servers: []
  ssl:
    - name: crans.org
      cert: /etc/letsencrypt/live/crans.org/fullchain.pem
      cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
      trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
  real_ip_from:
    - "172.17.0.0/16"
    - "fd00:0:0:3000::/56"

loc_reverseproxy:
  reverseproxy_sites:
    - {from: ftps.crans.org, to: 172.17.10.30}
    - {from: intranet-cachan.crans.org, to: 172.17.10.203}
    - {from: re2o-cachan.crans.org, to: 172.17.10.203}

  redirect_sites: []

loc_borg:
  remote:
    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
  ssh_options: ""

glob_prometheus_node_exporter:
  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"

glob_prometheus_nginx_exporter:
  listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"

loc_rsyslog_client:
  server: "{{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipv4 | first }}"