ansible/host_vars/irc.adm.crans.org.yml

---
interfaces:
  adm: ens18
  srv: ens19

loc_nginx:
  service_name: "thelounge"
  servers:
    - server_name:
        - "irc.crans.org"
        - "irc"
      default: true
      ssl: crans.org
      locations:
        - filter: "^~ /web/"
          params:
            - "proxy_pass http://localhost:9000/"
            - "include \"/etc/nginx/snippets/options-proxypass.conf\""
        - filter: "~ ^/$"
          params:
            - "return 302 https://irc.crans.org/web/"
        - filter: "/"
          params:
            - "return 302 \"https://wiki.crans.org/VieCrans/UtiliserIrc#Via_l.27interface_web\""

loc_thelounge:
  public: "true"

loc_inspircd:
  cloak:
    name: crans
    key: "{{ vault.inspircd.cloak.key }}"
  diepass: "{{ vault.inspircd.diepass }}"
  restartpass: "{{ vault.inspircd.restartpass }}"
  opers: "{{ vault.inspircd.opers }}"
  server:
    name: irc.crans.org
    description: Crans IRC server
    network: Crans
  admin:
    name: Pierre-Elliott Bécue
    nick: PEB
    email: root@crans.org
  bind:
    - address: "{{ query('ldap', 'ip', 'irc', 'srv') | ansible.utils.ipv4 | first }}"
      type: clients
      clair: 6667
      ssl: 6697
    - address: "{{ query('ldap', 'ip', 'irc', 'srv') | ansible.utils.ipv6 | first }}"
      type: clients
      clair: 6667
      ssl: 6697
    - address: "{{ query('ldap', 'ip', 'irc', 'adm') | ansible.utils.ipv4 | first }}"
      type: clients
      clair: 6667
    - address: 127.0.0.1
      type: servers
      clair: 6668
  connect:
    - name: zamok
      allows:
        ipv4: "{{ query('ldap', 'ip', 'zamok', 'srv') | ansible.utils.ipv4 | first }}/32"
        ipv6: "{{ query('ldap', 'ip', 'zamok', 'srv') | ansible.utils.ipv6 | first }}/128"
      threshold: 1
    - name: irc
      allows:
        ipv4: "{{ query('ldap', 'ip', 'irc', 'srv') | ansible.utils.ipv4 | first }}/32"
        ipv6: "{{ query('ldap', 'ip', 'irc', 'srv') | ansible.utils.ipv6 | first }}/128"
      threshold: 1
    - name: gitlab
      allows:
        ipv4: "{{ query('ldap', 'ip', 'gitzly', 'srv') | ansible.utils.ipv4 | first }}/32"
        ipv6: "{{ query('ldap', 'ip', 'gitzly', 'srv') | ansible.utils.ipv6 | first }}/128"
      threshold: 10
      commandrate: 10000
    - name: monitoring
      allows:
        ipv4: "{{ query('ldap', 'ip', 'fyre', 'adm') | ansible.utils.ipv4 | first }}/32"
        ipv6: "{{ query('ldap', 'ip', 'fyre', 'adm') | ansible.utils.ipv6 | first }}/128"
      threshold: 10
      commandrate: 10000
      modes: true
  dns: "{{ query('ldap', 'ip', 'romanesco', 'srv') | ansible.utils.ipv4 | first }}"
  services:
    name: services.irc.crans.org
    port: 6668
    recvpass: "{{ vault.anope.recvpass }}"
    sendpass: "{{ vault.anope.sendpass }}"

loc_anope:
  recvpass: "{{ vault.anope.recvpass }}"
  sendpass: "{{ vault.anope.sendpass }}"
  options_seed: "{{ vault.anope.options_seed }}"
  services_roots: "{{ vault.anope.services_roots }}"
  services_host: "services.irc.crans.org"