#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
---

# Usage: check_prerequisites.yml
return_status: 200
server_file: "{{ role_path }}/files/.ipavars.yml"
file_mode: '0644'

# Usage: firewall_settings.yml
https_port1: "80/tcp"
https_port2: "443/tcp"
ldap_port1: "389/tcp"
ldap_port2: "636/tcp"
kerberos_port1: "88/tcp"
kerberos_port2: "464/tcp"
kerberos_port3: "88/udp"
kerberos_port4: "464/udp"
dns_port1: "53/tcp"
dns_port2: "53/udp"
dt_port1: "7389/tcp"
ntp_port1: "123/udp"

# Usage: enable_dnf_module.yml
os_supported_centos: "centos"
os_supported_rocky: "rocky"

# Usage: install_packages.yml
ipa_server_packages:
  - bind
  - bind-dyndb-ldap
  - ipa-server-dns
  - freeipa-server

# Usage: install_ipa_server.yml
resolv_conf_path: /etc/resolv.conf
temp_resolv_conf_path: /tmp/resolv.conf
ms_ipa_admin_username: admin

# Usage: ipa_configuration.yml
sysadmin_sudo_rule: sysadmin_sudo
sysadmin_sudo_rule_description: "Allow users to run sudo commands"
sysadmin_user_group: sysadmin
sysadmin_group_description: "User group with sudo permission"

# Usage: session_timeout.yml
sshd_conf_file: /etc/ssh/sshd_config

# Usage: configure_alerting.yml
mail_packages:
  - mailx
  - postfix
  
# Usage: install_snoopy.yml
snoopy_packages:
  - gcc
  - gzip
  - make
  - procps
  - socat
  - tar
  - wget
snoopy_mode: 0755
snoopy_url: https://github.com/a2o/snoopy/raw/install/install/install-snoopy.sh
snoopy_path: /var/lib

# Usage: user_monitor.yml
psacct: psacct
acct: acct

# Usage: install_389ds.yml
ds389_packages:
  - 389-ds
  - db48-utils
  - python3-argcomplete
ldap1_search_key: "No such instance"
ds389_pwpolicy_search_key: "passwordlockoutduration: {{ lockout_duration }}"
ldap1_config_path: "{{ role_path }}/files/ldap1.inf"
ldap_instance: ldap1
ldap1_output_path: /var/log/ldap1_output.txt
ldap_services:
  - ldap
  - ldaps
dsrc_path: /root/.dsrc
kerberos_packages:
  - krb5
  - krb5-server
  - krb5-client
kerberos_principal_path: /var/lib/kerberos/krb5kdc/principal
kerberos_conf_path: /etc/krb5.conf
kerberos_env_path: /usr/lib/mit/sbin/

# Usage: restrict_nonessentials.yml
service_status: ['enabled','alias','static','indirect','enabled-runtime','active','inactive']