---
profiles::puppet::autosign::subnet_ranges:
  - '198.18.13.0/24'
  - '198.18.14.0/24'
  - '198.18.15.0/24'
  - '198.18.16.0/24'
  - '198.18.17.0/24'

profiles::puppet::autosign::domains:
  - '*.main.unkin.net'

# profiles::puppet::autosign::nodes:
#  - 'somenode.main.unkin.net'

profiles::puppet::cobbler_enc::cobbler_scheme: https
profiles::puppet::cobbler_enc::cobbler_hostname: cobbler.main.unkin.net
profiles::puppet::cobbler_enc::version: 'system'
profiles::puppet::cobbler_enc::packages:
  - 'requests'
  - 'PyYAML'
profiles::puppet::enc::repo: https://git.unkin.net/unkinben/puppet-enc.git
profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git
profiles::puppet::g10k::bin_path: '/opt/puppetlabs/bin/g10k'
profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml'
profiles::puppet::g10k::environments_path: '/etc/puppetlabs/code/environments'
profiles::puppet::g10k::default_environment: 'develop'
profiles::puppet::gems::puppet:
  - 'deep_merge'
  - 'ipaddr'
  - 'hiera-eyaml'

profiles::helpers::certmanager::vault_config:
  addr: 'https://vault.query.consul:8200'
  mount_point: 'pki_int'
  approle_path: 'approle'
  role_name: 'servers_default'
  output_path: '/tmp/certmanager'
  role_id: "%{lookup('certmanager::role_id')}"

profiles::puppet::server::agent_server: 'puppet.query.consul'
profiles::puppet::server::report_server: 'puppet.query.consul'
profiles::puppet::server::ca_server: 'puppetca.query.consul'
profiles::puppet::server::dns_alt_names:
  - "%{facts.networking.fqdn}"
  - "%{facts.networking.hostname}"
  - puppetmaster.main.unkin.net
  - puppet.main.unkin.net
  - puppet.service.consul
  - puppet.query.consul
  - puppetmaster
  - puppet

consul::services:
  puppet:
    service_name: 'puppet'
    tags:
      - 'puppet'
      - 'master'
    address: "%{facts.networking.ip}"
    port: 8140
    checks:
      - id: 'puppet_https_check'
        name: 'Puppet HTTPS Check'
        http: "https://%{facts.networking.fqdn}:8140/status/v1/simple"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: puppet
    disposition: write
  - resource: service
    segment: puppetca
    disposition: write