# Note that the matching is done with re.match()
'.*\.cert\.sunet\.se$':
  soc:
  sunet::starship:
  sunet::server:
    fail2ban: false
    ssh_allow_from_anywhere: false

'^vul-dashboard-test.cert.sunet.se$':
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::sso:
    hostname: 'vul-dashboard-test.cert.sunet.se'
    email: 'cert@cert.sunet.se'
    service_endpoint: 'http://dev:8000'
    x_remote_user: true
    groups:
      - 'sunet-cert'
    satosa: true
    satosa_certbot: false
    proxy: 'https://test-sso-proxy1.cert.sunet.se/idp'

test-sso-proxy1.cert.sunet.se:
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::satosa:
    ext_cert: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/fullchain.pem'
    ext_cert_key: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/privkey.pem'
    ext_cert_vol: '/etc/letsencrypt'

intelmq-dev.cert.sunet.se:
  soc::intelmq:
    use_snakeoil: true