---
# Define domain for the test site that should be used.
testsite_domain: example.com
# Derive some additional values that will be used - basing them on domain.
testsite_domain_underscores: "{{ testsite_domain | regex_replace('\\.', '_') }}"
testsite_domain_alternative: "{{ testsite_domain | regex_replace('\\.[^.]+$', '.something') }}"
testsite_ldap_base: "{{ testsite_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"
# Configuration for roles bootstrap and preseed.
ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
# Configuration for role 'common', shared across all servers.
os_users:
- name: admin
uid: 1000
additional_groups:
- sudo
authorized_keys:
- "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
password: '$6$/aerscJY6aevRG$ABBCymEDtk2mHW/dklre9dMEdgZNJvVHsGLCzgjGmy61FssZ.KW7ePcO2wsMGIkHcg3mZlrA4dhYh.APq9OQu0'
- name: johndoe
uid: 1001
additional_groups:
- office
- developer
password: '$6$cJnUatae7cMz23fl$O3HE2TslnEaKaTDSZnvuDDrfqILAiuMV1wOPGVnkUQFxUu3gIWZOyO7AI1OWYkqeQMVBiezpSqYNiQy6NF6bi0'
os_groups:
- name: office
gid: 1500
- name: developer
gid: 1501
common_packages:
- emacs24-nox
- screen
- debconf-utils
- colordiff
- unzip
ca_certificates:
"ca": "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"
incoming_connection_limit: 2/second
incoming_connection_limit_burst: 6
# Default LDAP client configuration.
ldap_client_config:
- comment: Set the base DN
option: BASE
value: "{{ testsite_ldap_base }}"
- comment: Set the default URI
option: URI
value: ldap://ldap.{{ testsite_domain }}/
- comment: Set the LDAP TLS truststore
option: TLS_CACERT
value: /etc/ssl/certs/ca.pem
- comment: Enforce TLS
option: TLS_REQCERT
value: demand
# Enable and configure backups
enable_backup: true
backup_additional_encryption_keys:
- "{{ lookup('pipe', 'gpg2 --homedir \"' + inventory_dir + '/backup_keyring' + '\" --armor --export backup.' + testsite_domain ) }}"
backup_encryption_key: "{{ lookup('pipe', 'gpg2 --homedir \"' + inventory_dir + '/backup_keyring' + '\" --armor --export-secret-keys ' + ansible_fqdn ) }}"
backup_server: "backup.{{ testsite_domain }}"
backup_server_host_ssh_public_keys:
- "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key.pub') }}"
- "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}"
- "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key.pub') }}"
- "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key.pub') }}"
backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/' + ansible_fqdn) }}"
# Set-up prompt.
prompt_colour: light_purple
prompt_id: MAR
# Set-up NTP time synchronisation.
ntp_servers:
- "0.debian.pool.ntp.org"
- "1.debian.pool.ntp.org"
- "2.debian.pool.ntp.org"
- "3.debian.pool.ntp.org"