ansible/group_vars/all/vars.yml

---
# LDAP binding
# You can hash LDAP passwords with `slappasswd` tool
ldap_base: 'dc=auro,dc=re'
ldap_master_ipv4: '10.128.0.11'
ldap_master_uri: "ldap://{{ ldap_master_ipv4 }}"
ldap_nslcd_bind_dn: "cn=nslcd,ou=service-users,{{ ldap_base }}"
ldap_nslcd_passwd: "{{ vault_ldap_nslcd_passwd }}"
ldap_replica_password: "{{ vault_ldap_replica_password }}"
ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"

# Scripts will tell users to go there to manage their account
intranet_url: 'https://re2o.auro.re/'

# Users in that group will be able to `sudo`
sudo_group: 'sudoldap'

# SSH keys for root account to use when LDAP is broken
ssh_pub_keys: "{{ vault_ssh_pub_keys }}"

# Monitoring
monitoring_mail: 'monitoring.aurore@lists.crans.org'

# Nginx Proxy
reversed_proxy_subdomains:
  - name: re2o
    from: re2o.auro.re
    to: 10.128.0.10
  - name: intranet
    from: intranet.auro.re
    to: 10.128.0.10
  - name: pad
    from: pad.auro.re
    to: 10.128.0.52
  - name: phabricator
    from: phabricator.auro.re
    to: 10.128.0.50
  - name: wiki
    from: wiki.auro.re
    to: 10.128.0.51
  - name: www
    from: www.auro.re
    to: 10.128.0.52
  - name: main
    from: auro.re
    to: 10.128.0.52
  - name: re2o-test
    from: re2o-test.auro.re
    to: 10.128.0.100