---
# The home-server project produces a multi-purpose setup using Ansible.
# Copyright © 2018–2023 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
env: prod

# Short personal nickname that will be mostly used as part of filenames under /etc.
nickname: personal

# Hostname and IPv4 address of the DMZ.
DMZ: dmz
DMZ_IP: 192.168.1.254

# Hostname and IPv4 address of the back-end server (with all the data).
SafeZone: home
SafeZone_IP: 192.168.1.253

# Domain names that the certificate should cover.
acme_domains: 'example.org muc.example.org pubsub.example.org ssh.example.org'

# Public key that Ansible will use to manage the server, and IP address of the controller PC.
# The public key (`….pub` file) is generated as the result of running `ssh-keygen -t ed25519`.
ansible_authorized_key: 'ssh-ed25519 AAAA0000bbbb1111CCCC2222dddd3333EEEE4444ffff5555GGGG6666hhhh7777IIII me@my-pc'
ansible_master: 192.168.1.252

# The email address associated to root, for commits in the git repository that stores changes to /etc.
git_contact_email: hostmaster@example.org

# Subdomain-name that will serve DNS packets for Iodine (DNS tunnel). Choose it short!
iodine_domain: dt.example.org

# Additional ACL for LDAP.
# This is typically used to give extra powers to users, for example regarding aliases management.
ldap_extra_acl: |
  access to dn.subtree="ou=Aliases,dc=example,dc=org"
          by dn.base="uid=me,ou=Users,dc=example,dc=org" write
          by self read
          by * read

# Root of the LDAP directory. Usually the domain-name with commas instead of dots, and “dc=” in front of each level.
ldap_root: dc=example,dc=org

# Non-system mail aliases (stored in LDAP, in contrast to system aliases, which are stored in /etc/mail/aliases).
# Each entry in the list contains:
# — alias: a unique mail alias, either new or with existing associated recipients;
# — member: the login name of the user to add as a recipient for the alias.
mail_alias_memberships: '[
    {"alias": "shop", "member": "you"},
    {"alias": "throwable", "member": "me"},
    {"alias": "family", "member": "me"},
    {"alias": "family", "member": "you"}
  ]'

# DKIM selector to use (see http://yalis.fr/cms/index.php/post/2014/01/31/Why-buy-a-domain-name-Secure-mail%2E).
# See the “dmz_exim” role for the storage of the private and public keys.
mail_dkim_selector: home

# All local mail destinations, which include managed domains, as well as host names.
mail_local_domains: 'home dmz localhost example.org *.example.org *.local'

# Motion monitored cameras
motion_cameras: '[
    {
      "id": 1, "name": "street door",
      "url": "rtsp://user:password@street.example.org:554/videoMain",
      "width": 640, "height": 360,
      "mask_file": "example_mask_640_360.pgm",
      "framerate": 5
    },
    {
      "id": 2, "name": "garden door",
      "url": "rtsp://user:password@garden.example.org:554/videoMain",
      "width": 640, "height": 360,
      "mask_file": null,
      "framerate": 5
    }
  ]'

# Start Of Authority: the root domain name configured on the server.
net_soa: example.org

# Space-separated list of the XMPP accounts that are considered administrators of the XMPP service.
xmpp_admins: 'me@example.org'