---
interfaces:
  adm: eth0
  srv: eth1

postfix:
  primary: true
  secondary: false
  public: true
  dkim: true
  titanic: false

loc_certbot:
  - mail: root@crans.org
    certname: crans.org
    domains: "*.adm.crans.org, *.crans.org"

loc_service_certbot:
  config:
    crans.org:
      zone: _acme-challenge.crans.org
      server: 172.16.10.147
      port: 53
      key:
        name: certbot_challenge.
        secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}"
        algorithm: HMAC-SHA512
    adm.crans.org:
      zone: _acme-challenge.adm.crans.org
      server: 172.16.10.147
      port: 53
      key:
        name: certbot_adm_challenge.
        secret: "{{ vault.bind.keys['certbot_adm_challenge.'].secret }}"
        algorithm: HMAC-SHA512