---
loc_certbot:
  - mail: root@crans.org
    certname: crans.org
    domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"

loc_service_certbot:
  config:
    "crans.org":
      zone: _acme-challenge.crans.org
      server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
      port: 53
      key:
        name: certbot_challenge.
        secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
        algorithm: HMAC-SHA512
    "crans.eu":
      zone: _acme-challenge.crans.org
      server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
      port: 53
      key:
        name: certbot_challenge.
        secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
        algorithm: HMAC-SHA512
    "crans.fr":
      zone: _acme-challenge.crans.org
      server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
      port: 53
      key:
        name: certbot_challenge.
        secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
        algorithm: HMAC-SHA512

loc_nginx:
  servers: []
  ssl:
    - name: crans.org
      cert: /etc/letsencrypt/live/crans.org/fullchain.pem
      cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
      trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem


glob_reverseproxy:
  redirect_dnames:
    - crans.eu
    - crans.fr

  reverseproxy_sites:
    # Services web Crans
    - {from: belenios.crans.org, to: 172.16.10.111}
    - {from: cas.crans.org, to: 172.16.10.120}
    - {from: constellation-dev.crans.org, to: 172.16.10.167}
    - {from: eclats.crans.org, to: 172.16.10.104}
    - {from: ethercalc.crans.org, to: "172.16.10.133:8000"}
    - {from: framadate.crans.org, to: 172.16.10.109}
    - {from: ftps.crans.org, to: 172.16.10.113}
    - {from: galene-token.crans.org, to: "172.16.10.115:3000"}
    - {from: grafana.crans.org, to: "172.16.10.121:3000"}
    - {from: hedgedoc.crans.org, to: "172.16.10.128:3000"}
    - {from: helloworld.crans.org, to: 172.16.10.131}
    - {from: imprimante.crans.org, to: 172.16.10.131}
    - {from: intranet.crans.org, to: 172.16.10.156}
    - {from: linx.crans.org, to: "172.16.10.119:8080"}
    - {from: lists.crans.org, to: 172.16.10.110}
    - {from: matrix.crans.org, to: "172.16.10.123:8008"}
    - {from: mirrors.crans.org, to: 172.16.10.104}
    - {from: nextcloud.crans.org, to: 172.16.10.137}
    - {from: onlyoffice.crans.org, to: 172.16.10.148}
    - {from: owncloud.crans.org, to: 172.16.10.136}
    - {from: pad.crans.org, to: "172.16.10.130:9001"}
    - {from: re2o.crans.org, to: 172.16.10.156}
    - {from: re2o-dev.crans.org, to: 172.16.10.166}
    - {from: roundcube.crans.org, to: 172.16.10.107}
    - {from: tmpad.crans.org, to: "172.16.10.130:9002"}
    - {from: webirc.crans.org, to: "172.16.10.31:9000"}
    - {from: webmail.crans.org, to: 172.16.10.107}
    - {from: wiki.crans.org, to: 172.16.10.161}
    - {from: zero.crans.org, to: 172.16.10.130}
    - {from: hosts.crans.org, to: 172.16.10.114}

    # Zamok
    - {from: amap.crans.org, to: 172.16.10.31}
    - {from: bonvivens.crans.org, to: 172.16.10.31}
    - {from: perso.crans.org, to: 172.16.10.31}

  redirect_sites:
    - {from: crans.org, to: www.crans.org}

    # Aliases or legacy support
    - {from: adopteunpingouin.crans.org, to: install-party.crans.org}
    - {from: clubs.crans.org, to: perso.crans.org}
    - {from: i-p.crans.org, to: install-party.crans.org}
    - {from: pot-vieux.crans.org, to: perso.crans.org/club-vieux}

    # To the wiki
    - {from: television.crans.org, to: wiki.crans.org/CransTv}
    - {from: tv.crans.org, to: wiki.crans.org/CransTv}
    - {from: wikipedia.crans.org, to: wiki.crans.org}

  static_sites:
    - autoconfig.crans.org
    - install-party.crans.org
    - www.crans.org