# Required Groups
# ===============

# Hosts that aren't ready for Rocky 9 yet.
[el8:children]
# libstrp is broken: https://community.asterisk.org/t/erro-loading-srtp-on-asterisk-20-and-centos-9/95766
# Might be worth building our own, locally?
asterisk_servers

# Rspamd not yet available for EL9: https://github.com/rspamd/rspamd/issues/4215
imap_servers
rspamd_servers

# Unifi controller depends on MongoDB 3.6 (though I'm running 4.4 without any
# issues on Rocky 8). Unfortunately, only MongoDB 6.0 is currently packaged
# for EL9: https://repo.mongodb.org/yum/redhat/9/mongodb-org/ 
unifi_controllers

# Prosody needs lua-ldap. There's no package for EL9 and it appears to be
# abandoned: https://src.fedoraproject.org/rpms/lua-ldap
# Apparently lua-ldap can be installed from luarocks. Should investigate that.
xmpp_servers


# Required Variables
# ==================
[all:vars]
ansible_python_interpreter = /usr/libexec/platform-python
freeipa_realm = '{{ domain | upper }}'
freeipa_basedn = "dc={{ domain.split('.') | join(',dc=') }}"
freeipa_hosts = "{{ groups['freeipa_servers'] | map('regex_replace', '$', '.' ~ domain) }}"
freeipa_ldap_uri = "{{ groups['freeipa_servers'] | map('regex_replace', '^(.*)$', 'ldap://\\1.' ~ domain) | join(' ') }}"
freeipa_master = "{{ groups['freeipa_master'][0] }}"
freeipa_sysaccount_basedn = 'cn=sysaccounts,cn=etc,{{ freeipa_basedn }}'
freeipa_user_basedn = 'cn=users,cn=accounts,{{ freeipa_basedn }}'
freeipa_group_basedn = 'cn=groups,cn=accounts,{{ freeipa_basedn }}'
freeipa_accounts_basedn = 'cn=accounts,{{ freeipa_basedn }}'
freeipa_service_basedn = 'cn=services,cn=accounts,{{ freeipa_basedn }}'
ipa_host = '{{ freeipa_master }}.{{ domain }}'
ipa_user = admin
ipa_pass = '{{ freeipa_admin_password }}'

[dav_servers:vars]
apache_can_sendmail = True
apache_can_network_connect_db = True
apache_can_connect_ldap = True
apache_gssapi = True
nagios_http_status = 401

[el8:vars]
proxmox_template = rocky8.8
proxmox_bios = seabios

[freeipa_master:vars]
# The initial FreeIPA installation requires an upstream DNS server to bootstrap itself.
proxmox_nameservers = '{{ freeipa_dns_forwarders }}'
# Don't update all freeipa servers at once
dnf_automatic_on_calendar = '*-*-1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31 04:00:00'

[freeipa_replicas:vars]
# Don't update all freeipa servers at once
dnf_automatic_on_calendar = '*-*-2,4,6,8,10,12,14,16,18,20,22,24,26,28,30 04:00:00'

[freeipa_servers:vars]
dnf_automatic_restart = False

[git_servers:vars]
apache_gssapi = True

[linux_desktops:vars]
tuned_profile = desktop

[linux_laptops:vars]
tuned_profile = powersave
rsyslog_forward = no

[nagios_servers:vars]
apache_gssapi = True

[matrix_servers:vars]
apache_ssl_listen_ports='[443,{{ synapse_client_port }},{{ synapse_federation_port }}]'

[opnsense_firewalls:vars]
ansible_python_interpreter = /usr/local/bin/python3

[photostructure_servers:vars]
apache_gssapi = True
nagios_http_status = 401

[proxmox_hypervisors:vars]
ansible_python_interpreter = /usr/bin/python3

[proxmox_instances:vars]
tuned_profile = virtual-guest
grub_cmdline = 'console=ttyS0,115200n8 no_timer_check net.ifnames=0'

[rspamd_servers:vars]
apache_gssapi = True
nagios_http_status = 401

[syncthing_servers:vars]
apache_gssapi = True

[ttrss_servers:vars]
apache_gssapi = True
apache_can_sendmail = True
apache_can_network_connect_db = True
apache_can_network_connect = True
apache_can_connect_ldap = True

[wiki_servers:vars]
apache_gssapi = True
apache_can_sendmail = True
apache_can_network_connect_db = True
apache_can_connect_ldap = True
apache_can_network_connect = True
nagios_http_status = 401

[xmpp_servers:vars]
apache_can_network_connect = True
nagios_https_vhosts = '["{{ prosody_http_host | default(ansible_fqdn) }}"]'

[mastodon_servers:vars]
nagios_https_vhosts = '["{{ mastodon_web_domain }}"]'

[matrix_servers:vars]
nagios_https_vhosts = '["{{ synapse_server_name }}"]'


# Nagios hostgroups
# =================
[nagios_net_snmp_clients:children]
nagios_ansible_managed_clients
opnsense_firewalls

[nagios_check_load:children]
nagios_net_snmp_clients

[nagios_check_mem:children]
nagios_net_snmp_clients

[nagios_check_disk:children]
nagios_net_snmp_clients

[nagios_check_interfaces:children]
nagios_net_snmp_clients
switches
access_points

[nagios_check_systemd:children]
nagios_ansible_managed_clients

[nagios_check_ssh:children]
baremetal
proxmox_instances
switches
access_points

[nagios_check_zfs:children]
nfs_servers
proxmox_hypervisors

[nagios_check_https:children]
freeipa_servers
yum_mirrors
ttrss_servers
znc_servers
dav_servers
bitwarden_servers
cups_servers
web_servers
git_servers
syncthing_servers
wiki_servers
jellyfin_servers
privbrowse_servers
photostructure_servers
rspamd_servers
unifi_controllers
xmpp_servers
mastodon_servers
matrix_servers

# vi: ft=dosini