---
glob_certbot:
  - mail: root@crans.org
    certname: crans.org
    domains: "*.crans.org"

glob_service_certbot:
  name: certbot
  install_dir: /var/local/services/certbot
  dependencies:
    - python3-dnspython
  git:
    remote: https://gitlab.adm.crans.org/nounous/certbot
    version: main
  config:
    "crans.org":
      zone: _acme-challenge.crans.org
      server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
      port: 53
      key:
        name: certbot_challenge.
        secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
        algorithm: HMAC-SHA512