---
# timezone
timezone: 'Europe/Rome'
default_locale_lang: "en_US.UTF-8"
default_deb_locale_messages: "C.UTF-8"
default_el_locale_messages: "en_US.UTF-8"
locales_list:
  - {name: '{{ default_locale_lang }}'}
  - {name: 'en_US.UTF-8'}
  - {name: 'en_US'}
  - {name: 'it_IT.UTF-8'}
  - {name: 'it_IT'}

domain_name: '{{ ansible_domain }}'

sysctl_custom_file: /etc/sysctl.d/90-custom-values.conf
sysctl_opts_reload: yes
sysctl_custom_file_state: present

# Only name and value are mandatory. The others have defaults
sysctl_custom_options: []
# - name: 'net.nf_conntrack_max'
#   value: '32768'
#   sysctlfile: '{{ sysctl_custom_file }}'
#   sysctl_reload: '{{ sysctl_opts_reload }}'
#   sysctlfile_state: '{{ sysctl_custom_file_state }}'

ubuntu_configure_additional_interfaces: true
ubuntu_second_int_name: "enp8s0"
ubuntu_netplan_interfaces:
  - name: "{{ ubuntu_second_int_name }}"
    dhcp4: true
    mtu: "{{ ansible_enp8s0.mtu }}"
disable_ipv6: false
ipv6_sysctl_value: 1
ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf
#
# Define the following variables to manage additional disks and mount points, even static nfs ones
additional_disks: false
disks_and_mountpoints_list: []
#  - { mountpoint: '/data', device: 'xvda3', fstype: 'xfs', opts: 'noatime', state: 'mounted', create_filesystem: True }

ansible_python3_debs:
  - python3-lxml

ansible_python3_el:
  - python3-lxml

idmap_verbosity: 0
idmap_conf_options:
  - { section: 'General', option: 'Domain', value: '{{ domain_name }}', state: 'present' }
  - { section: 'General', option: 'Verbosity', value: '{{ idmap_verbosity }}', state: 'present' }

# autofs mount points
autofs_client_mountpoint: false
autofs_conf_options:
  - { section: 'autofs', option: 'master_map_name', value: '/etc/auto.master', state: 'present' }
  - { section: 'autofs', option: 'timeout', value: '300', state: 'present' }
  - { section: 'autofs', option: 'negative_timeout', value: '60', state: 'present' }
  - { section: 'autofs', option: 'mount_nfs_default_protocol', value: '4', state: 'present' }
  - { section: 'autofs', option: 'logging', value: 'none', state: 'present' }
  - { section: 'amd', option: 'dismount_interval', value: '300', state: 'present' }

autofs_packages_deb:
  - autofs

autofs_packages_el:
  - autofs

# path: without the initial /
autofs_maps: []
#  - { map_name: 'data', mountpoint_prefix: '/', path: 'data', nfs_server: 'nfs.example.com', remote_export: '/export', is_home: False }

nfs_server_enabled: false
nfs_server_ganesha_enabled: '{{ nfs_server_enabled }}'

nfs_server_kernel_el_pkgs:
  - nfs-utils
  - nfs4-acl-tools

nfs_server_kernel_deb_pkgs:
  - nfs-kernel-server
  - nfs4-acl-tools
  - nfstrace
  - nfswatch

nfs_server_exports: []
# name, id, path, options, clients
# (*) indicate an optional parameter
# - name: export_filename
#   id: 1
#   path: /export
#   options: 'rw,sync,fsid=1,root_squash,no_wdelay'
#   clients:
#     - host1
#     - hostN

nfs_ganesha_conf_files:
  - ganesha.conf

nfs_server_ganesha_el_repos:
  - centos-release-nfs-ganesha28
  - centos-release-ceph-nautilus
nfs_server_ganesha_el_pkgs:
  - nfs-utils
  - nfs4-acl-tools
  - nfs-ganesha
  - nfs-ganesha-vfs
  - librados2

nfs_server_ganesha_deb_pkgs:
  - 'nfs-ganesha'
  - 'nfs-ganesha-vfs'
  - 'nfs-ganesha-xfs'

#Protocols = 3,4,9P;
nfs_server_ganesha_server_protocols: '4'
nfs_server_ganesha_path_pseudo: False
nfs_server_ganesha_mdcache: False
nfs_server_ganesha_mdcache_hwmark: 100000
nfs_server_ganesha_exports: []
# name, id, path, pseudo_path, access_type (RW, RO), protocols (global), squash (true,false), disable_actl (true,false), sectype, fsal (VFS, XFS), clients
# (*) indicate an optional parameter
# - name: export_filename
#   id: 1
#   path: /export
#   pseudo: /nfs_export
#   access_type(*): 'RW'
#   protocols(*): '{{ nfs_server_ganesha_server_protocols }}'
#   squash(*): 'root_squash'
#   disable_acl(*): 'false'
#   sectype(*): 'sys'
#   nfs_commit(*): 'false'
#   delegations(*): 'none'
#   fsal: 'VFS'
#   clients:
#     - host1
#     - hostN

# tmpreaper
tmpreaper_install: false
tmpreaper_use_ctime: true
tmpreaper_protect_extra: ''
tmpreaper_dirs: '/tmp/.'
tmpreaper_extra_dirs: ''
tmpreaper_delay: '256'
tmpreaper_additional_options: ''
tmpreaper_time: '7d'

#
enable_env_proxy: False
env_proxy_http_host: 'localhost'
env_proxy_http_port: '3128'
env_proxy_http_protocol: 'http'
env_proxy_https_protocol: '{{ env_proxy_http_protocol }}'
env_proxy_http_url: '{{ env_proxy_http_protocol }}://{{ env_proxy_http_host }}:{{ env_proxy_http_port }}'
env_proxy_https_url: '{{ env_proxy_http_url }}'
env_proxy_protocols:
  - 'http_proxy'
  - 'https_proxy'
  - 'ftp_proxy'
  - 'HTTP_PROXY'
  - 'HTTPS_PROXY'
  - 'FTP_PROXY'
env_proxy_use_authentication: False
env_proxy_username: ''
env_proxy_password: ''
no_proxy_targets:
  - '::1'
  - '127.0.0.1'
  - 'localhost'

# A generic PKI directory where the local certificates will be stored
pki_dir: /etc/pki
pki_subdirs:
  - certs
  - keys
pki_install_a_custom_ca: false
self_signed_cert: "{{ pki_dir }}/selfsigned/cert"
self_signed_fullchain: "{{ pki_dir }}/selfsigned/fullchain"
self_signed_key: "{{ pki_dir }}/selfsigned/privkey"
self_signed_subject: "/CN={{ ansible_fqdn }} self signed"

mkcert_create_certificate: false
mkcert_cert_name: "{{ ansible_fqdn}}.pem"
mkcert_cert_dest_path: "{{ pki_dir }}/certs/{{ mkcert_cert_name }}"
mkcert_key_name: "{{ ansible_fqdn}}-key.pem"
mkcert_key_dest_path: "{{ pki_dir }}/keys/{{ mkcert_key_name }}"
mkcert_dsn_and_ip_list: "{{ ansible_fqdn }} {% for ip in ansible_all_ipv4_addresses %}{{ ip }} {% endfor %}"
mkcert_ca_host: localhost

trusted_ca_el_anchors_path: '/etc/pki/ca-trust/source/anchors'
trusted_ca_deb_path: '/usr/local/share/ca-certificates'
# it shoudn't be needed
trusted_ca_letsencrypt_install: false
trusted_ca_letsencrypt_ca_certificates_url: https://letsencrypt.org/certs
trusted_ca_letsencrypt_ca_files:
  - { ca_src: 'isrgrootx1.pem', ca: 'isrgrootx1.crt', name: 'isrg-root-x1' }
  - { ca_src: 'isrg-root-x2.pem', ca: 'isrg-root-x2.crt', name: 'isrg-root-x2-not-cross' }
  - { ca_src: 'lets-encrypt-e1.pem', ca: 'lets-encrypt-e1.crt', name: 'lets-encrypt-e1' }
  - { ca_src: 'lets-encrypt-e2.pem', ca: 'lets-encrypt-e2.crt', name: 'lets-encrypt-e2' }
  - { ca_src: 'lets-encrypt-r3.pem', ca: 'lets-encrypt-r3.crt', name: 'lets-encrypt-r3-not-cross' }
  - { ca_src: 'lets-encrypt-r4.pem', ca: 'lets-encrypt-r4.crt', name: 'lets-encrypt-r4-not-cross' }

expired_ca_letsencrypt_ca_files:
  - isrg-root-x2-cross-signed.pem
  - lets-encrypt-r3-cross-signed.pem
  - lets-encrypt-x3-cross-signed.pem
  - letsencryptauthorityx3.pem

trusted_ca_additional_ca_files: []
#  - { ca_url: 'https://example.com/foo-ca.pem', ca: 'foo-ca.pem', name: 'foo-ca' }