# Note that the matching is done with re.match()
'.*\.cert\.sunet\.se$':
  soc:
  sunet::starship:
  sunet::server:
    fail2ban: false
    ssh_allow_from_anywhere: false
    install_scriptherder: true
  sunet::nagios::nrpe:
    checks:
      - nrpe_check_apt
      - nrpe_check_dynamic_disk
      - nrpe_check_entropy
      - nrpe_check_load
      - nrpe_check_memory
      - nrpe_check_ntp_time
      - nrpe_check_reboot
      - nrpe_check_scriptherder
      - nrpe_check_total_procs_lax
      - nrpe_check_uptime
      - nrpe_check_users
      - nrpe_check_zombie_procs

'^(?!.*rsyslog).*$':
  soc::rsyslog::client:

'^vul-dashboard-test.cert.sunet.se$':
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::sso:
    hostname: 'vul-dashboard-test.cert.sunet.se'
    email: 'cert@cert.sunet.se'
    service_endpoint: 'http://dashboard-dev:8000'
    user_header: 'X-Remote-User'
    groups:
      - 'sunet-cert'
    satosa: true
    satosa_certbot: false
    proxy: 'https://test-sso-proxy1.cert.sunet.se/idp'
    entity_id: 'https://test-sso-proxy.cert.sunet.se/idp'
  soc::vuln_dashboard:

'^internal-sto3-dev-ci-1.cert.sunet.se$':
  sunet::dockerhost2:
  soc::runner:

test-sso-proxy1.cert.sunet.se:
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::satosa:
    certprovider: 'certbot'

monitor-dev.cert.sunet.se:
  sunet::dockerhost2:
  soc::naemon_monitor:
    domain: monitor-dev.cert.sunet.se
    thruk_admins:
      - bjorklund@sunet.se
    default_host_group: sunet::nagios::nrpe
    nrpe_group: sunet::nagios::nrpe
    thruk_extra_volumes:
      - '/opt/naemon_monitor/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml:ro'
      - '/opt/naemon_monitor/frontend.xml:/etc/shibboleth/frontend.xml:ro'
      - '/opt/naemon_monitor/attribute-map.xml:/etc/shibboleth/attribute-map.xml:ro'
      - '/opt/naemon_monitor/attribute-policy.xml:/etc/shibboleth/attribute-policy.xml:ro'

graylog-dev.cert.sunet.se:
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::sso:
    groups:
      - sunet-cert
    entity_id: 'https://test-sso-proxy.cert.sunet.se/idp'
    user_header: 'X-Remote-User'
    unset_auth_header: true
    service_endpoint: 'http://server:9000'

# This test machine is no more, soon.
# rt-test.cert.sunet.se:
#  sunet::certbot::acmed:
#  soc::sso:
#    ssotype: 'apache'
#    groups:
#      - 'sunet-cert'
#    satosa: true
#    entity_id: 'https://test-sso-proxy.cert.sunet.se/idp'

zammad-test.cert.sunet.se:
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::sso:
    service_endpoint: 'http://zammad-nginx:8080'
    groups:
      - 'sunet-cert'
    entity_id: 'https://test-sso-proxy.cert.sunet.se/idp'
    user_header: 'Remote-User'
    passthrough: ['/api', '/oauth']

internal-sto3-test-rsyslog-1.cert.sunet.se:
  soc::rsyslog::server:
    gelf_graylog_servers: ['89.47.185.185:12201']
    relp_port: 2514

internal-sto1-test-iris-1.cert.sunet.se:
  sunet::dockerhost2:
  sunet::certbot::acmed: