|
|
- ---
- public_ip: 0.0.0.0
- domain: "example.com"
- organization: 'ExampleOrg'
- letsencrypt_email: 'admin@example.com'
-
- # Put the TLS X.509 Subject Prefix elements (before OU)
- x509_subj_prefix:
- C: 'IT'
- #ST: ''
- L: 'Firenze'
- O: '{{ organization }}'
-
- # Put here the public key of the user CAs.
- # The first one will be used also to check if host certificate are
- # updated.
- ssh_user_ca:
- - "ssh-ed25519 AAAA(...) SSH User CA - Active Production key"
- - "ssh-ed25519 AAAA(...) Older not-expired key"
- # - "ssh-ed25519 AAAA(...) Revoked key"
-
- ssh_server_ca: "ssh-ed25519 AAAA(...) SSH Server CA - Active Production key"
-
- monitoring_host: 'status'
-
- # Do not change -> probably will soon be moved elsewhere
- openssl_x509_prefix: >-
- {% for k, v in x509_subj_prefix.items() %}/{{k}}={{v}}{% endfor %}
-
- # Put TLS Certificate of your Root Certification Authority
- tls_root_ca: |
- -----BEGIN CERTIFICATE-----
- #########################
- -----END CERTIFICATE-----
- # Put TLS Certificate for OpenVPN Server Intermediate CA
- tls_intermediate_server_ca: |
- -----BEGIN CERTIFICATE-----
- #########################
- -----END CERTIFICATE-----
- # Put TLS Certificate for OpenVPN Users Intermediate CA
- tls_intermediate_user_ca: |
- -----BEGIN CERTIFICATE-----
- ##########################
- -----END CERTIFICATE-----
-
- # Optionals customization
- #openvpn_tls_server_ca: '{{ tls_intermediate_server_ca }}'
- #openvpn_tls_user_ca: '{{ tls_intermediate_server_ca }}'
|
