majic-ansible-roles Files · roles/xmpp_server/molecule/default/group

Files @ a9700f6fe020

Branch filter:

Location: majic-ansible-roles/roles/xmpp_server/molecule/default/group_vars/parameters-optional.yml

a9700f6fe020 1.3 KiB text/x-yaml Show Annotation Show as Raw Download as Raw

branko

MAR-230: Drop support for older TLS versions from the xmpp_server role:

- Update documentation.
- Include TLSv1.3 ciphers in default configuration for documentation
purposes - although ciphers are not configurable.
- Update the tests. Drop the workarounds for enabling the older
versions via OpenSSL policies.

---

xmpp_administrators:
  - jane.doe@domain2
  - mick.doe@domain3
xmpp_domains:
  - domain2
  - domain3
xmpp_ldap_base_dn: dc=local
xmpp_ldap_password: prosodypassword
xmpp_ldap_server: ldap-server
xmpp_server_archive_expiration: "1w"
xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_xmpp.cert.pem') }}"
xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_xmpp.key.pem') }}"
xmpp_server_tls_protocol: "tlsv1_3+"
# At least one non-TLSv1.3 cipher has to be included in order to
# ensure TLSv1.3 gets initialised.
xmpp_server_tls_ciphers: "ECDHE-RSA-CHACHA20-POLY1305:!aNULL:!MD5:!EXPORT"

# common
ca_certificates:
  testca: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"

# backup_client
enable_backup: true
backup_client_username: "bak-parameters-optional-{{ ansible_distribution_release }}"
backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
backup_server: backup-server
backup_server_host_ssh_public_keys:
  - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
  - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
  - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional') }}"