hetzner-ansible/host_vars/prodnso-spkbz-cuskfzbrief-01/plain.yml

---

dns: hetzner
domain: "kfzbrief-bautzen.de"
domain_env: "smardigo.digital"
traefik_letsencrypt_provider: "hetzner"

# hetzner mail server
connect_mail_protocol: "smtp"
connect_mail_host: "mail.your-server.de"
connect_mail_port: "587"
connect_mail_user: "{{ connect_mail_user_vault }}"
connect_mail_password: "{{ connect_mail_password_vault }}"
connect_mail_properties_simulation: false
connect_mail_properties_base_url: "https://smardigo.kfzbrief-bautzen.de"
connect_mail_properties_base_url_extern: "https://smardigo.kfzbrief-bautzen.de"
connect_mail_properties_sender: "{{ connect_mail_user_vault }}"
connect_mail_properties_sender_alias: "noreply-smardigo"
connect_mail_properties_smtp_auth: true
connect_mail_properties_smtp_starttls_enable: true
connect_mail_properties_smtp_starttls_required: true

# smardigo.fzbrief-bautzen.de
connect_external_subdomain: "smardigo"
connect_labels_additional: [
  '"traefik.http.routers.{{ connect_id }}-extern.service={{ connect_id }}-extern"',
  '"traefik.http.routers.{{ connect_id }}-extern.rule=Host(`{{ connect_external_subdomain }}.{{ domain }}`)"',
  '"traefik.http.routers.{{ connect_id }}-extern.entrypoints=websecure"',
  '"traefik.http.routers.{{ connect_id }}-extern.tls=true"',
  '"traefik.http.routers.{{ connect_id }}-extern.tls.certresolver=letsencrypt"',
  '"traefik.http.services.{{ connect_id }}-extern.loadbalancer.server.port={{ service_port }}"',
]

server_hcloud_firewall_objects:
   -
     name: "customer-access-to-{{ inventory_hostname }}"
     state: present
     rules:
     -
        direction: in
        protocol: tcp
        port: '443'
        source_ips: "{{ additional_ip_adresses_vault }}"
        destination_ips: []
        description: customer specific access to https services
     apply_to:
     -
       type: server
       server:
         id: '{{ stage_server_id }}'