---
install_jumphost: ch-jump

install:
  vm:
    memory: 2G
    numcpus: 2
    autostart: True
  disks:
    primary: /dev/sda
    scsi:
      sda:
        type: zfs
        name: root
        size: 10g
  interfaces:
  - bridge: br-svc
    name: svc0

network:
  nameservers: "{{ network_zones.svc.dns }}"
  domain: "{{ host_domain }}"
  systemd_link:
    interfaces: "{{ install.interfaces }}"
  primary: &_network_primary_
    name: svc0
    address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}"
    gateway: "{{ network_zones.svc.gateway }}"
    static_routes:
    - destination: "{{ network_zones.lan.prefix }}"
      gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
  interfaces:
  - *_network_primary_


acme_directory_server: "{{ acme_directory_server_le_live_v2 }}"


whawty_nginx_sso_backends:
  chaos-at-home:
    port: 1234
    login_url: https://login.chaos-at-home.org/login

whawty_nginx_sso_logins:
  chaos-at-home:
    hostname: login.chaos-at-home.org
    tls:
      certificate_provider: acmetool
      certificate_config:
        request:
          challenge:
            http-self-test: false
    config:
      cookie:
        domain: ".chaos-at-home.org"
        name: __Secure-chaos-at-home-sso
        secure: yes
        expire: 23h
        keys:
        - name: 2023-11
          ed25519:
            private-key: "{{ vault_whawty_nginx_sso_login_keys['chaos-at-home']['2023-11'] }}"
      auth:
        static:
          autoreload: yes
      web:
        listen: 127.0.0.1:1234
        login:
          title: "chaoSSO login"

whawty_nginx_sso_login_static_credentials__chaos-at-home: "{{ vault_whawty_nginx_sso_login_static_credentials['chaos-at-home'] }}"