configpolicy/group_vars/all.yml

sshca_url: https://sshca.pyrocufflink.blue
ssh_trusted_user_ca_keys: >-
  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyi18IfxAf9wLnyffnMrThYpqxVwu0rsuiLoqW6rcwF sshca.pyrocufflink.blue

certbot_account_email: dustin@hatch.name
smtp:
  mode: relay
  host: mail.pyrocufflink.blue

dch_networks:
  jazz:
    description: Legacy network
    vlan_id: 1
    ipv4_address: 172.31.0.0/27
    router_iface: vlan1
    dns_search:
    - pyrocufflink.jazz
    dns_servers:
    - fd99:8cd7:6528:fe1e::4:1
    - fd99:8cd7:6528:fe1e::3:1
    dns_servers_v4:
    - 172.30.0.4
    sla_id: 1
    ntp_servers:
    - tyrande.pyrocufflink.jazz

  mgmt:
    description: Management network
    vlan_id: 10
    router_iface: vlan10
    ipv4_address: 172.30.0.240/28
    ntp_servers:
    - dc0.pyrocufflink.blue
    dns_servers_v4:
    - 172.30.0.4

  blue:
    description: pyrocufflink.blue AD domain members only
    vlan_id: 30
    ipv4_address: 172.30.0.0/26
    ipv6_address: fd99:8cd7:6528:fe1e::/64
    router_iface: vlan30
    dns_search:
    - pyrocufflink.blue
    dns_servers:
    - fd99:8cd7:6528:fe1e::4:1
    - fd99:8cd7:6528:fe1e::3:1
    dns_servers_v4:
    - 172.30.0.4
    sla_id: 30
    ntp_servers:
    - dc0.pyrocufflink.blue

  red:
    description: Non-domain member machines
    vlan_id: 101
    ipv4_address: 172.31.1.0/24
    router_iface: vlan101
    dns_servers:
    - fd99:8cd7:6528:fe1e::4:1
    - fd99:8cd7:6528:fe1e::3:1
    dns_servers_v4:
    - 172.30.0.4
    sla_id: 101
    ntp_servers:
    - dc0.pyrocufflink.blue

  guest:
    description: Guest Wi-Fi
    vlan_id: 100
    ipv4_address: 172.24.100.0/24
    router_iface: vlan100

  dmz:
    description: DMZ
    vlan_id: 254
    router_iface: vlan254


firemon_networks:
- 192.168.0.0/16
- 172.16.0.0/20
- 172.24.16.0/20
- 172.28.33.0/24
- 10.64.11.0/24