---
interfaces:
  adm: eth0
  srv: eth1

postfix:
  primary: true
  secondary: false
  public: true
  dkim: true
  titanic: false

loc_certbot:
  - mail: root@crans.org
    certname: crans.org
    domains: "*.adm.crans.org, *.crans.org"

loc_service_certbot:
  config:
    "crans.org":
      zone: _acme-challenge.crans.org
      server: 172.16.10.147
      port: 53
      key:
        name: certbot_challenge.
        secret: "{{ vault.certbot_dns_secret }}"
        algorithm: HMAC-SHA512
    "adm.crans.org":
      zone: _acme-challenge.adm.crans.org
      server: 172.16.10.147
      port: 53
      key:
        name: certbot_adm_challenge.
        secret: "{{ vault.certbot_adm_dns_secret }}"
        algorithm: HMAC-SHA512