1 files changed, 31 insertions, 19 deletions

diff --git a/inventory/host_vars/ch-apps/whawty.yml b/inventory/host_vars/ch-apps/whawty.yml
index a909f780..6d6d8aab 100644
--- a/inventory/host_vars/ch-apps/whawty.yml
+++ b/inventory/host_vars/ch-apps/whawty.yml
@@ -1,34 +1,46 @@
 ---
+_whawty_auth_zfs_base_:
+  pool: storage
+  name: whawty/auth
+
 whawty_auth_instances:
-  test:
+  passwd.chaos-at-home.org:
     version: 0.2-rc9
     port: 3080
     store:
-      default: 1
+      default: 2
       params:
       - id: 1
+        scryptauth:
+          hmackey: "{{ vault_whawty_auth_scryptauth_hmackeys['passwd.chaos-at-home.org']['1'] }}"
+          cost: 12
+      - id: 2
+        scryptauth:
+          hmackey: "{{ vault_whawty_auth_scryptauth_hmackeys['passwd.chaos-at-home.org']['2'] }}"
+          cost: 12
+      - id: 3
         argon2id:
           time: 1
           memory: 65536
           threads: 4
           length: 32
-    hostnames:
-    - passwd.example.com
-    tls:
-      certificate_provider: selfsigned
-      cert:
-        organization_name: "chaos-at-home"
-        organizational_unit_name: "ansible"
-        key_usage:
-        - digitalSignature
-        - keyAgreement
-        key_usage_critical: yes
-        extended_key_usage:
-        - serverAuth
-        extended_key_usage_critical: yes
-        create_subject_key_identifier: yes
-        not_after: +52w
-        renew_margin: +42d
     sync:
       port: 3022
       authorized_keys: "{{ users.equinox.ssh }}"
+    storage:
+      type: zfs
+      parent: "{{ _whawty_auth_zfs_base_ }}"
+      name: passwd.chaos-at-home.org
+      properties:
+        quota: 128M
+    publish:
+      zone: "{{ apps_publish_zone__chaos_at_home }}"
+      hostnames:
+      #- passwd.chaos-at-home.org
+      - passwd-ng.chaos-at-home.org
+      tls:
+        certificate_provider: acmetool
+        certificate_config:
+          request:
+            challenge:
+              http-self-test: false