#!/bin/sh

site=myhomelab
domain=idm.example.com
email_domain=example.com
turn_domain=turn.example.com
locale=en_US.UTF-8
ntp_pools='pool.ntp.org'
root_password=changeme
boxconf_password=changeme
root_authorized_keys='ssh-ed25519 changeme
ssh-ed25519 changeme'
root_mail_alias="you@${email_domain}"
smtp_host_ip=1.2.3.4
pkg_host_ip=1.2.3.4
timezone=America/New_York

# hostname  id  ipv4
idm_server_list="\
idm1      1   1.2.3.4
idm2      2   5.6.7.8"

reverse_dns_zones="0.168.192.in-addr.arpa  12.11.10.in-addr.arpa"

kerberized_cidrs=192.168.0.0/24

rspamd_privkey='changeme with: rspamadm keypair'
rspamd_pubkey='changeme with: rspamadm keypair'
rspamd_ro_password='changeme'
rspamd_rw_password='changeme'

# These are needed for icinga radius checks.
icinga_radius_cidr=192.168.0.0/24
icinga_radius_secret='changeme'

###############################################################################
# Variables following this line do not (generally) need to be changed.
###############################################################################
nproc=$(nproc)

allowed_tcp_ports=ssh
bootstrap_resolvers='1.1.1.1'
enable_serial_console=true
graphics_type=intel
boxconf_username='s-boxconf'
host_keytab_groupname=hostkeytab
host_keytab_gid=788
lmtp_port=25
quota_status_port=10993
icinga_username='s-icinga'
icinga_local_user=icinga
icinga_home_dir=/var/spool/icinga2
icinga_uid=183
krb5_ticket_lifetime=24h
krb5_renew_lifetime=7d
nslcd_min_uid=1000
nscd_ttl=600
nscd_negative_ttl=20
prosody_username='s-prosody'
prosody_uid=20005
rspamd_port=11334
ssh_authzkeys_uid=789
ssh_authzkeys_username=sshkeys
tcp_buffer_size=2097152  # suitable for 1 GigE
wifi_access_role='wifi-access'

nginx_nofile=2048
nginx_worker_connections=768
if [ "$nproc" -gt 4 ]; then
  nginx_worker_processes=4
else
  nginx_worker_processes=$nproc
fi