---
  ########
  # USER #
  ########

management_user_list:
  - name: stephane
    shell: '/bin/bash'
    authorized_keys:
      - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane"
        exclusive: yes
    sudo:
      hosts: ALL
      as: ALL
      commands: ALL
      nopasswd: ALL
  - name: staffadmin
    shell: '/bin/bash'
    state: absent
    authorized_keys:
      - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane"
        exclusive: yes
    sudo:
      hosts: ALL
      as: ALL
      commands: ALL
      nopasswd: ALL

  ################
  # SSH - CLIENT #
  ################

# ssh_drop_in_name: null
# #ssh_user: root

# ssh:
#   # noqa var-naming
#   Compression: true
#   GSSAPIAuthentication: false
#   # wokeignore:rule=master
#   ControlMaster: auto
#   ControlPath: ~/.ssh/.cm%C
#   Match:
#     - Condition: "final all"
#       GSSAPIAuthentication: true
#   Host:

#     - Condition: example
#       Hostname: example.com
#       User: somebody
# ssh_ForwardX11: false

  #################
  # SSH - SERVEUR #
  #################

sshd_skip_defaults: true
sshd_config_file: /etc/ssh/sshd_config

sshd_AuthorizedKeysFile: .ssh/authorized_keys
sshd_AcceptEnv: "LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION LC_ALL"
sshd_Protocol: 2
sshd_LoginGraceTime: 30
sshd_SyslogFacility: AUTH
sshd_LogLevel: VERBOSE
sshd_PermitRootLogin: 'no'
sshd_StrictModes: 'yes'
sshd_IgnoreRhosts: 'yes'
sshd_HostbasedAuthentication: 'no'
sshd_PasswordAuthentication: 'no'
sshd_PermitEmptyPasswords: 'no'
sshd_ChallengeResponseAuthentication: 'no'
sshd_GSSAPIAuthentication: 'no'
sshd_X11DisplayOffset: 10
sshd_PrintMotd: 'yes'
sshd_PrintLastLog: 'yes'
sshd_TCPKeepAlive: 'yes'
sshd_Subsystem: "sftp  /usr/lib/openssh/sftp-server"
sshd_UsePAM: 'yes'
sshd_UseDNS: 'no'
sshd_KexAlgorithms: "curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256"
sshd_Ciphers: "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr"
sshd_MACs: "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com"
sshd_HostKey:
  - /etc/ssh/ssh_host_rsa_key


  #######
  # APT #
  #######

apt_upgrade: true
apt_repositories: []
apt_ppas: []
  # # nginx ppa repo
  # - repo: ppa:nginx/stable
  #   # not needed on ubuntu distribution
  #   #codename: trusty
# apt_packages:
#   - name: openssh-server


  #########
  # ALERT #
  #########

alert_username: jingohalert
alert_password: jMVmbM2VQ5gEiV
alert_vault: "Jingoh0947;"
alert_list_server:
  - '"163.172.84.28"'
  - '"37.187.127.90"'
alert_server_ssl: gitea.jingoh.fr