configpolicy/host_vars/gw1.pyrocufflink.blue/main.yml

host_uses_firewalld: false

burp_backup:
- include: /etc
- exclude: /etc/selinux
- exclude: /etc/udev/hwdb.bin

restic_include:
- /etc
restic_exclude:
- /etc/selinux
- /etc/udev/hwdb.bin

nut_monitor_password: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  30313966316233643038626638343734356135393436333666353539666633373764343237363764
  3263626334333965353833316136613562366232653264370a633866396263643438393136343331
  38336337346434356164393961656663333162353035396662326138616666623164396363346331
  3866663235393232320a386230346639643836623063373634383966663334626136313234333435
  33313038643935343635366365626630613365316233393536373232616563396636323064366631
  3734346263623832396439386463323430323437643537623262

sudo_use_pam_ssh_agent: true
sudo_authorized_ssh_keys: |
  sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIF4yQAS0bAQ9Ymxgxv828MsX0z4ff/Fs//0PQOtPexRJAAAABHNzaDo= dustin@rosalina.pyrocufflink.blue
  sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINal4+Gn/KuyP6YTsQuW4cphfDcjrS428osVIqnqMfagAAAABHNzaDo= dustin@luma.pyrocufflink.blue
# Default flags include -n, which makes Ansible complain about a "missing
# become password," even though it would never actually prompt for one.
ansible_become_flags: -H

promtail_scrape_configs:
- '{{ promtail_default_scrape.journal }}'
- job_name: named
  static_configs:
  - labels:
      __path__: /var/log/named/*.log
      job: named
  pipeline_stages:
  - regex:
      expression: ^(?P<timestamp>\S+?) (?P<message>.*)
  - timestamp:
      source: timestamp
      format: '2006-01-02T15:04:05.000'
  - output:
      source: message

dnf_automatic_reboot: never

chrony_pools:
- 1.fedora.pool.ntp.org iburst
- 2.fedora.pool.ntp.org iburst
- 3.fedora.pool.ntp.org iburst
- 4.fedora.pool.ntp.org iburst

chrony_allow:
- 172.30.0.0/16
- 172.31.1.0/24
- 172.24.100.0/24
- 192.168.1.0/24