37 lines
1.6 KiB
YAML
37 lines
1.6 KiB
YAML
---
|
|
# set some ansible directories
|
|
ansible_dir_root: /srv/ansible
|
|
ansible_private: /srv/private
|
|
|
|
# set group name with gid 0
|
|
ansible_wheel: root
|
|
|
|
# mail settings
|
|
mail_server: mail.foo.sh
|
|
mail_domain: foo.sh
|
|
|
|
# ldap settings
|
|
ldap_basedn: dc=foo,dc=sh
|
|
ldap_server: [ldap.foo.sh]
|
|
|
|
# log server
|
|
log_server: loghost.foo.sh
|
|
|
|
# kerberos settings
|
|
kerberos_realm: FOO.SH
|
|
|
|
# tls protocols and ciphers
|
|
tls_protocols: TLSv1.2
|
|
tls_ciphers: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
|
tls_ciphers_compat: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
|
|
|
# defaults for tls diretories
|
|
tls_certs: /etc/pki/tls/certs
|
|
tls_private: /etc/pki/tls/private
|
|
tls_bundle: /etc/pki/tls/cert.pem
|
|
|
|
# url where installer data is located
|
|
boot_url: https://boot.foo.sh
|
|
|
|
# hardcode this for now
|
|
ansible_datacenter: home
|