# Note that the matching is done with re.match()
'.*\.cert\.sunet\.se$':
  soc:
  sunet::server:
    fail2ban: false
    ssh_allow_from_anywhere: false

'^internal-sto1-dev-vulndash-1.cert.sunet.se$':
#  soc::sso:
#    hostname: 'vd-dev.cert.sunet.se'
#    email: 'cert@cert.sunet.se'
#    service_endpoint: 'http://nginx:80'
#    x_remote_user: true
#    groups:
#      - 'sunet-cert'
#    certbot: false

test-sso-proxy1.cert.sunet.se:
  sunet::starship:
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::satosa:
    ext_cert: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/fullchain.pem'
    ext_cert_key: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/privkey.pem'
    ext_cert_vol: '/etc/letsencrypt'