You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
1.4 KiB
48 lines
1.4 KiB
---
|
|
public_ip: 0.0.0.0
|
|
domain: "example.com"
|
|
organization: 'ExampleOrg'
|
|
letsencrypt_email: 'admin@example.com'
|
|
|
|
# Put the TLS X.509 Subject Prefix elements (before OU)
|
|
x509_subj_prefix:
|
|
C: 'IT'
|
|
#ST: ''
|
|
L: 'Firenze'
|
|
O: '{{ organization }}'
|
|
|
|
# Put here the public key of the user CAs.
|
|
# The first one will be used also to check if host certificate are
|
|
# updated.
|
|
ssh_user_ca:
|
|
- "ssh-ed25519 AAAA(...) SSH User CA - Active Production key"
|
|
- "ssh-ed25519 AAAA(...) Older not-expired key"
|
|
# - "ssh-ed25519 AAAA(...) Revoked key"
|
|
|
|
ssh_server_ca: "ssh-ed25519 AAAA(...) SSH Server CA - Active Production key"
|
|
|
|
monitoring_host: 'status'
|
|
|
|
# Do not change -> probably will soon be moved elsewhere
|
|
openssl_x509_prefix: >-
|
|
{% for k, v in x509_subj_prefix.items() %}/{{k}}={{v}}{% endfor %}
|
|
|
|
# Put TLS Certificate of your Root Certification Authority
|
|
tls_root_ca: |
|
|
-----BEGIN CERTIFICATE-----
|
|
#########################
|
|
-----END CERTIFICATE-----
|
|
# Put TLS Certificate for OpenVPN Server Intermediate CA
|
|
tls_intermediate_server_ca: |
|
|
-----BEGIN CERTIFICATE-----
|
|
#########################
|
|
-----END CERTIFICATE-----
|
|
# Put TLS Certificate for OpenVPN Users Intermediate CA
|
|
tls_intermediate_user_ca: |
|
|
-----BEGIN CERTIFICATE-----
|
|
##########################
|
|
-----END CERTIFICATE-----
|
|
|
|
# Optionals customization
|
|
#openvpn_tls_server_ca: '{{ tls_intermediate_server_ca }}'
|
|
#openvpn_tls_user_ca: '{{ tls_intermediate_server_ca }}'
|