--- install_jumphost: ch-jump install: vm: memory: 1G numcpus: 1 autostart: False disks: primary: /dev/sda scsi: sda: type: zfs name: root size: 15g properties: 'syncoid:sync': 'false' interfaces: - bridge: br-svc name: svc0 - bridge: br-iot name: iot0 network: nameservers: "{{ network_zones.svc.dns }}" domain: "{{ host_domain }}" systemd_link: interfaces: "{{ install.interfaces }}" primary: &_network_primary_ name: svc0 address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}" gateway: "{{ network_zones.svc.gateway }}" static_routes: - destination: "{{ network_zones.lan.prefix }}" gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}" interfaces: - *_network_primary_ - name: iot0 address: "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) }}" ntp_variant: systemd-timesyncd ### mosquitto_client_tls: foo-consumer: certificate_provider: managed-ca certificate_config: ca: host: ch-testvm-prometheus name: foo cert: common_name: consumer organization_name: "spreadspace" organizational_unit_name: "ansible" san_extra: - "IP:192.168.32.43" extended_key_usage: - clientAuth extended_key_usage_critical: yes create_subject_key_identifier: yes not_after: +100w foo-producer: certificate_provider: managed-ca certificate_config: ca: host: ch-testvm-prometheus name: foo cert: common_name: producer organization_name: "spreadspace" organizational_unit_name: "ansible" san_extra: - "IP:192.168.32.43" extended_key_usage: - clientAuth extended_key_usage_critical: yes create_subject_key_identifier: yes not_after: +100w