# By convention, variables defined in this file are safe to use in all roles. # # In other words, this should be the only place where you should see variables # without a 'rolename_' prefix. --- timezone: America/New_York domain: ipa.example.com # changeme email_domain: example.com # changeme organization: ACME, Inc. # changeme # This variable will be used to configure an SSID with certificate-based auth # for any hosts in the linux-laptops group. linux_laptop_wifi_ssid: acme-wifi # Hosts in these CIDRs should be capable of kerberos authentication. # We use this in many apache configs to determine when to force GSSAPI auth. kerberized_cidrs: # changeme - 10.10.12.0/24 backup_path: ~/backups # Use your external MX hostname so that TLS validation works. mail_host: mx1.exmaple.com imap_host: imap.{{ domain }} rspamd_host: rspamd.{{ domain }} # changeme: specify your vlans here. # This dictionary is used to discover which VLAN a host belongs to. # The appropriate VLAN object will end up in the `vlan` variable in host_vars. vlans: mgmt: id: 11 cidr: 10.10.11.0/24 gateway: 10.10.11.1 dns_servers: # freeipa servers - 10.10.12.2 - 10.10.12.3 ntp_servers: ['10.10.11.1'] trusted: id: 12 cidr: 10.10.12.0/23 dns_servers: # freeipa servers - 10.10.12.2 - 10.10.12.3 gateway: 10.10.12.1 ntp_servers: ['10.10.12.1'] voip: id: 14 cidr: 10.10.14.0/24 gateway: 10.10.14.1 dns_servers: # freeipa servers - 10.10.12.2 - 10.10.12.3 ntp_servers: ['10.10.14.1'] print: id: 15 cidr: 10.10.15.0/24 gateway: 10.10.15.1 dns_servers: # freeipa servers - 10.10.12.2 - 10.10.12.3 ntp_servers: ['10.10.15.1'] vpn: id: 16 cidr: 10.10.16.0/24 gateway: 10.10.16.1 dns_servers: # freeipa servers - 10.10.12.2 - 10.10.12.3 ntp_servers: ['10.10.16.1'] dmz: id: 19 cidr: 10.10.19.0/24 dns_servers: # freeipa servers - 10.10.12.2 - 10.10.12.3 gateway: 10.10.19.1 ntp_servers: ['10.10.19.1'] # standard freeipa variables freeipa_ds_password: '{{ vault_freeipa_ds_password }}' freeipa_admin_password: '{{ vault_freeipa_admin_password }}'