--- # Use Python 3 ansible_python_interpreter: /usr/bin/python3 # LDAP binding # You can hash LDAP passwords with `slappasswd` tool ldap_base: 'dc=auro,dc=re' ldap_master_ipv4: '10.128.0.21' ldap_master_uri: "ldap://re2o-ldap.adm.auro.re" ldap_user_tree: "cn=Utilisateurs,{{ ldap_base }}" ldap_nslcd_bind_dn: "cn=nslcd,ou=service-users,{{ ldap_base }}" ldap_nslcd_passwd: "{{ vault_ldap_nslcd_passwd }}" ldap_matrix_bind_dn: "cn=matrix,ou=service-users,{{ ldap_base }}" ldap_matrix_password: "{{ vault_ldap_matrix_password }}" ldap_replica_password: "{{ vault_ldap_replica_password }}" ldap_admin_password: "{{ vault_ldap_admin_password }}" ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}" # Databases postgresql_services_url: 'services-bdd.adm.auro.re' postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}" postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}" postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}" # Scripts will tell users to go there to manage their account intranet_url: 'https://re2o.auro.re/' # Users in that group will be able to `sudo` sudo_group: 'sudoldap' # SSH keys for root account to use when LDAP is broken ssh_pub_keys: "{{ vault_ssh_pub_keys }}" # Monitoring monitoring_mail: 'monitoring.aurore@lists.crans.org' # Matrix matrix_webhooks_secret: "{{ vault_matrix_webhooks_secret }}" matrix_discord_client_id: "559305991494303747" matrix_discord_bot_token: "{{ vault_matrix_discord_bot_token }}" ### # DNS ### # Dernier octet (en décimal) de l'addresse des serveurs DNS récursifs de chaque # résidence. dns_host_suffix_main: 253 dns_host_suffix_backup: 153 backup_dns_servers: - "80.67.169.12" # French Data Network (FDN) (ns0.fdn.fr) # Finally raised! mtu: 1500 subnet_ids: ap: "14{{ apartment_block_id }}" users_wired: "{{ apartment_block_id }}0" users_wifi: "{{ apartment_block_id }}1" users_banni: "{{ apartment_block_id }}2" users_accueil: "{{ apartment_block_id }}3" # Keepalived keepalived_password: "{{ vault_keepalived_password[apartment_block] }}" # Re2o config re2o_secret_key: "{{ vault_re2o_secret_key }}" re2o_db_password: "{{ vault_re2o_db_password }}" re2o_aes_key: "{{ vault_re2o_aes_key }}" # Radius radius_secret_aurore: "{{ vault_radius_secrets.aurore }}" radius_secret_wifi: "{{ vault_radius_secrets.wifi }}" radius_secret_wired: "{{ vault_radius_secrets.wired[apartment_block] }}" radius_secret_federez: "{{ vault_radius_secrets.federez }}" radius_pg_replication_password: "{{ vault_re2o_db_user_passwords.replication }}" radius_pg_re2o_ro_password: "{{ vault_re2o_db_user_passwords.re2o_ro }}" # DHCP dhcp_failover_enabled: true apartment_block_dhcp: "{{ apartment_block }}" # Careful, this is not byte-aligned, just nibble-aligned (RIPE gave us a /28). # However, we ALWAYS keep the trailing 0 to have byte alignment. ipv6_base_prefix: "2a09:6840" is_aurore_host: "{{ 'aurore_vm' in group_names }}"