# Note that the matching is done with re.match()
'.*\.cert\.sunet\.se$':
  soc:
  sunet::starship:
  sunet::server:
    fail2ban: false
    ssh_allow_from_anywhere: false
    install_scriptherder: true
  sunet::nagios::nrpe:
    checks:
      - nrpe_check_apt
      - nrpe_check_dynamic_disk
      - nrpe_check_entropy
      - nrpe_check_load
      - nrpe_check_memory
      - nrpe_check_ntp_time
      - nrpe_check_reboot
      - nrpe_check_scriptherder
      - nrpe_check_total_procs_lax
      - nrpe_check_uptime
      - nrpe_check_users
      - nrpe_check_zombie_procs

'^vul-dashboard-test.cert.sunet.se$':
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::sso:
    hostname: 'vul-dashboard-test.cert.sunet.se'
    email: 'cert@cert.sunet.se'
    service_endpoint: 'http://dashboard-dev:8000'
    x_remote_user: true
    groups:
      - 'sunet-cert'
    satosa: true
    satosa_certbot: false
    proxy: 'https://test-sso-proxy1.cert.sunet.se/idp'
    entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
#  soc::vuln_dashboard:

test-sso-proxy1.cert.sunet.se:
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::satosa:
    ext_cert: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/fullchain.pem'
    ext_cert_key: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/privkey.pem'
    ext_cert_vol: '/etc/letsencrypt'

intelmq-dev.cert.sunet.se:
  soc::intelmq:
    use_snakeoil: true
    use_shib: true
  soc::sso:
    ssotype: 'apache'
    groups:
      - 'sunet-cert'
    satosa: true
    entityID: 'https://test-sso-proxy.cert.sunet.se/idp'

monitor-dev.cert.sunet.se:
  sunet::dockerhost2:
  soc::naemon_monitor:
    domain: monitor-dev.cert.sunet.se
    thruk_admins:
      - bjorklund@sunet.se
    default_host_group: sunet::nagios::nrpe
    nrpe_group: sunet::nagios::nrpe
    naemon_extra_volumes:
      - '/opt/naemon_monitor/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml:ro'
      - '/opt/naemon_monitor/frontend.xml:/etc/shibboleth/frontend.xml:ro'
      - '/opt/naemon_monitor/attribute-map.xml:/etc/shibboleth/attribute-map.xml:ro'
      - '/opt/naemon_monitor/attribute-policy.xml:/etc/shibboleth/attribute-policy.xml:ro'

graylog-dev.cert.sunet.se:
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::sso:
    groups:
      - sunet-cert
    entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
    x_remote_user: true
    service_endpoint: 'http://server:9000'
    extra_proxy_conf: '/opt/sso/apache/graylog.conf'

rt-test.cert.sunet.se:
  sunet::certbot::acmed:
  soc::sso:
    ssotype: 'apache'
    groups:
      - 'sunet-cert'
    satosa: true
    entityID: 'https://test-sso-proxy.cert.sunet.se/idp'