---
datadisks:
  - {size: 10, type: nvme}

unbound_zones:
  - 25.20.172.in-addr.arpa
  - oob.foo.sh
dhcpd_template: dhcpd.conf.oob.j2
dhcpd_ldap_filter: >-
  (&(objectClass=ieee802Device)(objectClass=ipHost)(cn=*.oob.foo.sh))

network_vip_interfaces:
  - device: eth0
    vhid: 11
    ipaddr: 172.20.20.21
    netmask: 255.255.240.0
    pass: "{{ vip21_pass }}"
  - device: eth1
    vhid: 25
    ipaddr: 172.20.25.1
    netmask: 255.255.255.0
    pass: "{{ vip25_pass }}"
    priority: "{{ vip25_priority }}"

firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 25, from: [172.20.25.0/24]}
  - {proto: tcp, port: 53, from: [172.20.25.0/24]}
  - {proto: udp, port: 53, from: [172.20.25.0/24]}
  - {proto: udp, port: 69, from: [172.20.25.0/24]}
  - {proto: udp, port: 123, from: [172.20.25.0/24]}
  - {proto: tcp, port: 443, from: [172.20.25.0/24]}
  - {proto: udp, port: 514, from: [172.20.25.0/24]}
  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
  - {proto: tcp, port: 9116, from: [172.20.20.0/22]}
firewall_raw:
  - "ip daddr 224.0.0.0/8 accept"

sssd_allow_groups:
  - sysadm