nixos-servers/legacy/projects/hermes/ansible/inventory/host_vars/hermes.yml

apt_install_packages:
  - qemu-guest-agent
  - dnsutils

ssh_ca_dir: /root/ssh_ca
ssh_ca_user_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
ssh_ca_host_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x Host Certficate Authority for DMZ"
ssh_ca_user_ca_private_key: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  64343164666336316635323733353839373835316465653038333062386438363131353566626130
  6531653835313838396638366330386331383533303435300a306333363238633864623864393665
  31393036346532353134646466666465386633303061346662393430666532366137323866646561
  3131653064323565370a656361326462336238333464353635303066323565633865663032313661
  38366238613361626161633862353938326365306634303166346461366531663063343264353533
  61656630633734643639333738616566326531653264306134363837616365643039626262613433
  61656361326234313130386533363761366665383064643735316133313133643865616536306466
  33303733663834646435303935633436383632306330616264343263303861313635383866636163
  39653064373966643437636530326235653131616366396563386139333837616535616135323337
  66626161336539356637373138613464376133373234353863383330313362623236633462386234
  31386635613936306262346264343732623761303331623831353061343035626361623639326530
  62643139663733666662623039396461623334666565663439613430353364626162653731303535
  32396638393534363533303039343938346339656266303766613931316337333635373664643461
  37303332386233663937636631373935613231356262346530323337393733373764613864616563
  66383137393738316638393530616234653264613363383663366261303433636236326632323734
  35616133386438613636663631653139386466303534636263393633633663303664326137373139
  35626336653966396335623330663161333432306538316664376231616161353235353032633438
  62363663613135616462323363333863376532623764663066616431636632653938666263383731
  65666564656130383262373964386631643332323066386635643032663833306565643164376239
  32383732393236336235363936303063663963343061306161643331623330326139663836323561
  31353532313639613563393938643333326462653833623531613935363265333534663762333831
  36376264636432656537313834373036623339306430333837323836303134323062306265356430
  39663238363338666362663364643063613337646237356431383237616465643634313166643435
  32623864313537336634373631396465643362333237646462336362656430653036656263613162
  64306662313934643661333462306336333561626335303866306131326538653264343465633139
  3466663135663239616135353764373532323935613233316132
ssh_ca_host_ca_private_key: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  34613835376232653534353636303364613437666563653530363564346164656136643732626234
  6430316165623933666461646639303435386433333335660a393538303835616366333066353665
  64663236353233383236656365356264653963366464303433313133386430646230363634353465
  6365313836666534330a633832303963616162623631663732623236383665383333323032383364
  36313663366461643733373836326335386562663362326438353033376431356537326133646338
  31623064303662616464343639346663323437333038346664393166333930336539373031313161
  39343365373238383661343234666430336131323666313032333666306333366566336361383536
  64626261363138323766306239303133376632386235666633363461303135613865343161356266
  33333634613761616336653162396662633131333336613264663764333761633032313436376534
  65376631383239666235313939363265643364376638623630373839303236633635356431356263
  66366535656335326335616666316534366232353262336164663562613439623135303262356130
  36316134366366623331393230396132366535356435613563663937376639653339343761306431
  33353331306334336133316234326133663939636430376139376231383966346363303362386265
  32356166363231613962383434333536356138623039663561313137653037663231666666646230
  66323932333031626637616434383737623634353933613861326666313737636133333438656634
  31363461373639366464343836333031313632346465346535303139623038633330356334633866
  61303765353439303966623030303966656465353538323932343536393764616566386261306466
  36343237393333376366303933373139353161376262333739353138666162663339393136303634
  39383433323563666661313631613761343532373736386537626433323631323465623736653165
  35356163356361346438366430636563656531363164306534353865393039643136366634323638
  62656261396635353332376661353661353931663932386465643238343031376235363239303832
  63393437613362623963306364356363396134623739656265326433356134303835356266326465
  64623631353163653438376534316162666330663963363064326161656335383639356164393237
  39346231666362313632363737623139373632376461373362656563616566633265653438393361
  39393734393061653639313365633931373963666635316138663538356265386562373837393530
  6537646639613534666533626339356335396634613765616664

external_ipv4_address: "192.145.57.90"
external_ipv6_address: "2a0d:6e00:1a77::1"

bind_zone_ttl: 1h
bind_allow_query:
  - any
bind_listen_ipv4:
  - any
bind_dnssec_enable: false
bind_zones:
  - name: kun.is

    primaries:
      - 192.168.30.7

    name_servers:
      - ns1.kun.is.
      - ns2.kun.is.

    hosts:
      - name: ns
        ip: "{{external_ipv4_address}}"
      - name: ns1
        ip: "{{external_ipv4_address}}"
      - name: ns2
        ip: "{{external_ipv4_address}}"
      - name: '*'
        ip: "{{external_ipv4_address}}"
      - name: fcfe5d31d5b7ae1af0b352a6b4c75d3f
        aliases:
          - verify.bing.com.
    text:
      - name: '@'
        text: "\\\"google-site-verification=sznWJNdSZfiAESJhnDQEJ6hf06W9vndvhMi6wP_HH04\\\""

  - name: geokunis2.nl
    primaries:
      - 192.168.30.7

    name_servers:
      - ns.geokunis2.nl.
      - ns0.transip.net.
      - ns1.transip.nl.
      - ns2.transip.eu.

    hosts:
      - name: '@'
        ip: "{{external_ipv4_address}}"
        ipv6: 2a0d:6e00:1a77:30:b62e:99ff:fe77:1bda
      - name: mail
        ip: "{{external_ipv4_address}}"
      - name: wg
        ip: "{{external_ipv4_address}}"
        ipv6: "{{external_ipv6_address}}"
      - name: wg4
        ip: "{{external_ipv4_address}}"
      - name: wg6
        ipv6: "{{external_ipv6_address}}"
      - name: tuindersweijde
        ip: "{{external_ipv4_address}}"
      - name: ns
        ip: "{{external_ipv4_address}}"
        ipv6: 2a0d:6e00:1a77:30:c8fe:c0ff:feff:ee07
      - name: files
        ip: "{{external_ipv4_address}}"
        ipv6: 2a0d:6e00:1a77:30:b62e:99ff:fe77:1bda
      - name: cyberchef
        ip: "{{external_ipv4_address}}"
        ipv6: 2a0d:6e00:1a77:30:c8fe:c0ff:feff:ee03
      - name: inbucket
        ip: "{{external_ipv4_address}}"
      - name: kms
        ip: "{{external_ipv4_address}}"

    mail_servers:
      - name: mail
        preference: 10

    caa:
      - name: '@'
        text: "0 issue \\\"letsencrypt.org\\\""