inventory/host_vars/ch-apps/whawty.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

---
_whawty_auth_zfs_base_:
  pool: storage
  name: whawty/auth

whawty_auth_instances:
  passwd.chaos-at-home.org:
    version: 0.3-rc2
    port: 3080
    store: "{{ whawty_auth_store__chaos_at_home }}"
    sync:
      port: 3022
      authorized_keys:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsY3QIaN/S05EHZ9IF6GWgXG0wAh5qAxgQAq7ZLtNP8 whawty-auth-sync-chaos-at-home@ch-http-proxy
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHoyvg0McwpPFAT642lm9MIGG2/6Hi+hFe8IvmroDar whawty-auth-sync-chaos-at-home@ch-pan
    ldap:
      port: 636
      hostnames:
      - ldap.chaos-at-home.org
      tls:
        certificate_provider: static-ca
        certificate_config:
          ca:
            key_content: "{{ chaos_at_home_internal_ca_key }}"
            cert_content: "{{ chaos_at_home_internal_ca_cert }}"
          key:
            type: RSA
            size: 4096
          cert:
            key_usage:
            - digitalSignature
            - keyAgreement
            key_usage_critical: yes
            extended_key_usage:
            - serverAuth
            extended_key_usage_critical: yes
            create_subject_key_identifier: yes
            not_before: +0h
            not_after: +365d
            renew_margin: +70d
    storage:
      type: zfs
      parent: "{{ _whawty_auth_zfs_base_ }}"
      name: passwd.chaos-at-home.org
      properties:
        quota: 128M
    publish:
      zone: "{{ apps_publish_zone__chaos_at_home }}"
      hostnames:
      - passwd.chaos-at-home.org
      tls:
        certificate_provider: acmetool
        certificate_config:
          request:
            challenge:
              http-self-test: false