---
network_vip_interfaces:
  - device: eth1
    vhid: 24
    ipaddr: 172.20.24.1
    netmask: 255.255.0.0
    pass: "{{ vip24_pass }}"
    priority: "{{ vip24_priority }}"

firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
  - {proto: tcp, port: 53, from: [172.20.24.0/24]}
  - {proto: udp, port: 53, from: [172.20.24.0/24]}
  - {proto: tcp, port: 631, from: [172.20.20.0/22]}
  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
firewall_raw:
  - "-A INPUT -i eth1 -d 224.0.0.0/8 -j ACCEPT"
  - "-A INPUT -i eth1 -p vrrp -j ACCEPT"

dhcpd_template: dhcpd.conf.print.j2
dhcpd_ldap_filter: >-
  (&(objectClass=ieee802Device)(objectClass=ipHost)(cn=*.print.foo.sh))
sssd_allow_groups:
  - sysadm
unbound_zones:
  - 24.20.172.in-addr.arpa
  - print.foo.sh