ansible/host_vars/tealc.adm.crans.org.yml

---
interfaces:
  disable: true

loc_needrestart:
  override:
    - regex: 'postgresql'
      mode: 'i'

debian_mirror: 'file:/pool/mirror/pub/debian'

loc_postgres:
  version: 13
  hosts:
    - db: etherpad
      user: crans
      map: {name: etherpad, system: etherpad, pg: crans}
    - db: etherpad_tmp
      user: crans
      map: {name: etherpad_tmp, system: etherpad, pg: crans}
    - db: roundcube
      user: roundcube
      map: {name: webmail, system: www-data, pg: roundcube}
    - {db: cas, user: cas}
    - {db: owncloud, user: owncloud}
    - {db: sqlgrey, user: sqlgrey, method: ident}
    - {db: re2o, user: re2o}
    - {db: re2o_test, user: re2o}
    - {db: mailman3, user: mailman3}
    - {db: mailman3web, user: mailman3web}
    - {db: all, user: all, subnets: ['127.0.0.1/32', '::1/128'], local: true}
    - {db: replication, user: replication, local: true}
  addresses: "['tealc.adm.crans.org'] + {{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipaddr('address') }}"
  backup:
    dir: /var/local/db-backup
    frequency: "{{ 60 | random(seed=inventory_hostname) }} {{ ((24 | random(seed=inventory_hostname))+12)%24 }} * * *"

loc_borg:
  to_backup:
    - /etc
    - /var
    - /pool/home

loc_restic:
  config:
    base:
      to_backup:
        - /etc
        - /var
    pool:
      to_exclude:
        - "*.pyc"
        - "\\#*\\#"
        - "*~"
      to_backup:
        - /pool/home
      retention:
        - [--keep-daily, 4]
        - [--keep-weekly, 4]
        - [--keep-monthly, 6]
      backup_extra_param: " --exclude-if-present .nobackup"

loc_rsyslog_server:
  name: tealc
  root: /pool/logs
  rules:
    - name: cablage
      rotate: 365
      ips:
        - 172.16.33
        - 172.16.34
      programs:
        - firewall
        - radiusd
        - dhcpd
  modules:
    - name: imudp
      index: 53
    - name: imrelp
      index: 52
      vars:
        - name: InputRELPServerRun
          value: 20514

loc_mtail:
  config:
    - dhcpd.mtail
  remove:
    - radiusd.mtail

loc_nginx:
  service_name: ftp
  ssl: []
  servers:
    - server_name:
        - "mirror2"
        - "mirror2.*"
      root: "/pool/mirror/pub"
      locations:
        - filter: "/"
          params:
            - "autoindex on"
            - "autoindex_exact_size off"
            - "add_before_body /.html/HEADER.html"
            - "add_after_body /.html/FOOTER.html"