---
rocky_ipa_realm: "ROCKYLINUX.ORG"
rocky_ldap_bind_dn: "uid=binder,cn=sysaccounts,cn=etc,dc=rockylinux,dc=org"
rocky_ldap_user_basedn: "cn=users,cn=accounts,dc=rockylinux,dc=org"
rocky_ldap_group_basedn: "cn=groups,cn=accounts,dc=rockylinux,dc=org"
rocky_ldap_account_basedn: "cn=accounts,dc=rockylinux,dc=org"
# Requires jinja 2.9+
rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
rocky_ipaserver_lb: "ipa-us-east-2.rockylinux.org"
# These will be in a vault
rocky_ldap_bind_pw: "{{ ipa_binder_password }}"

rocky_smtp_address: "email-smtp.us-east-2.amazonaws.com"
rocky_smtp_port: "587"
# username / pw need to be setup
rocky_smtp_domain: "rockylinux.org"
rocky_smtp_authentication: "login"
rocky_smtp_enable_starttls_auto: "true"
rocky_smtp_tls: "true"
rocky_smtp_openssl_verify_mode: "none"
rocky_smtp_ca_path: "/etc/pki/tls/certs"
rocky_smtp_ca_file: "/etc/pki/tls/certs/ca-bundle.crt"
allowed_rsyslog_clients:
  - 127.0.0.1
  - 10.32.0.0/16
  - 10.61.0.0/16
remote_rsyslog_host: ""
...