--- public_ip: 0.0.0.0 domain: "example.com" organization: 'ExampleOrg' letsencrypt_email: 'admin@example.com' # Put the TLS X.509 Subject Prefix elements (before OU) x509_subj_prefix: C: 'IT' #ST: '' L: 'Firenze' O: '{{ organization }}' # Put here the public key of the user CAs. # The first one will be used also to check if host certificate are # updated. ssh_user_ca: - "ssh-ed25519 AAAA(...) SSH User CA - Active Production key" - "ssh-ed25519 AAAA(...) Older not-expired key" # - "ssh-ed25519 AAAA(...) Revoked key" ssh_server_ca: "ssh-ed25519 AAAA(...) SSH Server CA - Active Production key" monitoring_host: 'status' # Do not change -> probably will soon be moved elsewhere openssl_x509_prefix: >- {% for k, v in x509_subj_prefix.items() %}/{{k}}={{v}}{% endfor %} # Put TLS Certificate of your Root Certification Authority tls_root_ca: | -----BEGIN CERTIFICATE----- ######################### -----END CERTIFICATE----- # Put TLS Certificate for OpenVPN Server Intermediate CA tls_intermediate_server_ca: | -----BEGIN CERTIFICATE----- ######################### -----END CERTIFICATE----- # Put TLS Certificate for OpenVPN Users Intermediate CA tls_intermediate_user_ca: | -----BEGIN CERTIFICATE----- ########################## -----END CERTIFICATE----- # Optionals customization #openvpn_tls_server_ca: '{{ tls_intermediate_server_ca }}' #openvpn_tls_user_ca: '{{ tls_intermediate_server_ca }}'