ansible/host_vars/redisdead.adm.crans.org.yml

---
interfaces:
  adm: eth0
  srv: eth1

loc_unattended:
  reboot: true

loc_needrestart:
  override: []

postfix:
  primary: true
  secondary: false
  public: true
  dkim: true
  titanic: false

loc_certbot:
  - mail: root@crans.org
    certname: crans.org
    domains: "*.adm.crans.org, *.crans.org"

loc_service_certbot:
  config:
    "crans.org":
      zone: _acme-challenge.crans.org
      server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
      port: 53
      key:
        name: certbot_challenge.
        secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
        algorithm: HMAC-SHA512
    "adm.crans.org":
      zone: _acme-challenge.adm.crans.org
      server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}"
      port: 53
      key:
        name: certbot_adm_challenge.
        secret: "{{ vault.bind.rfc2136_keys['certbot_adm_challenge.'].secret }}"
        algorithm: HMAC-SHA512