---

# Define domain for the test site that should be used.
testsite_domain: example.com

# Derive some additional values that will be used - basing them on domain.
testsite_domain_underscores: "{{ testsite_domain | regex_replace('\\.', '_') }}"
testsite_domain_alternative: "{{ testsite_domain | regex_replace('\\.[^.]+$', '.something') }}"
testsite_ldap_base: "{{ testsite_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"

# Configuration for roles bootstrap and preseed.
ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

# Configuration for role 'common', shared across all servers.
os_users:
  - name: admin
    uid: 1000
    additional_groups:
      - sudo
    authorized_keys:
      - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    password: '$6$/aerscJY6aevRG$ABBCymEDtk2mHW/dklre9dMEdgZNJvVHsGLCzgjGmy61FssZ.KW7ePcO2wsMGIkHcg3mZlrA4dhYh.APq9OQu0'
  - name: johndoe
    uid: 1001
    additional_groups:
      - office
      - developer
    password: '$6$cJnUatae7cMz23fl$O3HE2TslnEaKaTDSZnvuDDrfqILAiuMV1wOPGVnkUQFxUu3gIWZOyO7AI1OWYkqeQMVBiezpSqYNiQy6NF6bi0'

os_groups:
  - name: office
    gid: 1500
  - name: developer
    gid: 1501

common_packages:
  - emacs-nox
  - screen
  - debconf-utils
  - colordiff
  - unzip

ca_certificates:
  "ca": "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"

incoming_connection_limit: 2/second

incoming_connection_limit_burst: 6

# Default LDAP client configuration.
ldap_client_config:
  - comment: Set the base DN
    option: BASE
    value: "{{ testsite_ldap_base }}"
  - comment: Set the default URI
    option: URI
    value: ldap://ldap.{{ testsite_domain }}/
  - comment: Set the LDAP TLS truststore
    option: TLS_CACERT
    value: /etc/ssl/certs/ca.pem
  - comment: Enforce TLS
    option: TLS_REQCERT
    value: demand

# Enable and configure backups
enable_backup: true

backup_additional_encryption_keys:
  - "{{ lookup('pipe', 'gpg2 --homedir \"' + inventory_dir + '/backup_keyring' + '\" --armor --export backup.' + testsite_domain ) }}"

backup_encryption_key: "{{ lookup('pipe', 'gpg2 --homedir \"' + inventory_dir + '/backup_keyring' + '\" --armor --export-secret-keys ' + ansible_fqdn ) }}"

backup_server: "backup.{{ testsite_domain }}"

backup_server_host_ssh_public_keys:
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}"
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key.pub') }}"
  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key.pub') }}"

backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/' + ansible_fqdn) }}"

# Set-up prompt.
prompt_colour: light_purple
prompt_id: MAR

# Set-up NTP time synchronisation.
ntp_servers:
  - "0.debian.pool.ntp.org"
  - "1.debian.pool.ntp.org"
  - "2.debian.pool.ntp.org"
  - "3.debian.pool.ntp.org"