---
munin_hosts:
  - name: "localhost"
    address: "127.0.0.1"
    extra: ["use_node_name yes"]
  - name: "host.example.org"
    address: "ssh://munin-async@host.example.org/ -W localhost:4949"

munin_admin_user: "{{ vault_munin_admin_user }}"
munin_admin_password: "{{ vault_munin_admin_password }}"

private_key_munin_user_host: "{{ vault_private_key_munin_user_host }}"
public_key_munin_user_host: "{{ vault_public_key_munin_user_host }}"

munin_alerts: []

# Role ansible-role-certbot : defina auto renew, schedule, ...
certbot_auto_renew: true
certbot_auto_renew_user: "root"
certbot_auto_renew_hour: "3"
certbot_auto_renew_minute: "30"
certbot_auto_renew_options: "--quiet --no-self-upgrade"
certbot_admin_email: contact@wirebrass.fr
certbot_create_if_missing: true
certbot_create_method: standalone
certbot_create_standalone_stop_services:
  - nginx
certbot_certs:
  - domains:
    - "{{ inventory_hostname }}"

nginx_remove_default_vhost: true
nginx_vhosts:
  - listen: "80"
    server_name: "{{ inventory_hostname }}"
    return: "301 https://{{ inventory_hostname }}$request_uri"
    filename: "{{ inventory_hostname }}.80.conf"
  - listen: "443 ssl http2"
    server_name: "{{ inventory_hostname }}"
    root: "/var/cache/munin/www/static"
    filename: "{{ inventory_hostname }}.conf"
    extra_parameters: |
      ssl_certificate     /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem;
      ssl_protocols       TLSv1.2;
      ssl_ciphers         HIGH:!aNULL:!MD5;
      location = / {
          rewrite ^/$ munin/ redirect; break;
      }
      location /munin/static/ {
          alias /etc/munin/static/;
          expires modified +1w;
      }
      location /munin/ {
          auth_basic            "Restricted";
          auth_basic_user_file  /etc/munin/munin-htpasswd;

          alias /var/cache/munin/www/;
          expires modified +310s;
      }