nodes['ovh.icinga2'] = {
    'bundles': {
        'bird',
        'icinga2',
        'php',
        'postgresql',
        'simple-icinga-dashboard',
        'unbound',
        'wireguard',
        'zfs',
    },
    'groups': {
        'debian-buster',
        'webserver',
    },
    'metadata': {
        'interfaces': {
            'eth0': {
                'ips': {
                    '51.195.44.8',
                    '2001:41d0:701:1100::2618/128'
                },
                'gateway4': '51.195.44.1',
                'gateway6': '2001:41d0:701:1100::1'
            },
            'dummy-snat': {
                'ips': {
                    '172.19.136.3',
                },
            },
        },
        'apt': {
            'packages': {
                'php-imagick': {},
            },
        },
        'bird': {
            'static_routes': {
                '172.19.136.3/32',
            },
        },
        'icinga2': {
            'api_users': {
                # Used with <https://git.kunsmann.eu/kunsi/icinga2beamer>
                'dashboard': {
                    'password': vault.password_for('ovh.icinga2 icinga2 api_user dashboard'),
                    'permissions': {
                        'objects/query/Service'
                    },
                },
                'icinga2beamer': {
                    'password': vault.decrypt('encrypt$gAAAAABf3wM9YS5ZpRdhp3xyIFX21_MK0omzqHqykWbWdkZWp2xyJ6awaUSXODnZQ5j-rws6n0yrpaeMdXoj1irb2FrgxMDTdfCh88hIsqcKGOObzwGaRg6Ze0tuiMrzIfOO3tRnc9Kd'),
                    'permissions': {
                        'objects/query/Host',
                        'objects/query/Service'
                    },
                },
            },
            'restrict-to': {
                '172.19.138.0/24',
            },
            'sipgate_user': bwpass.attr('sipgate.de/hi@kunsmann.eu', 'icinga_tokenid'),
            'sipgate_pass': bwpass.attr('sipgate.de/hi@kunsmann.eu', 'icinga_token'),
        },
        'icinga2_api': {
            'custom': {
                # redundant monitoring of services/hosts
                'services': {
                    '_.qzwi.de CERTIFICATE': {
                        'check_command': 'check_https_cert_at_url',
                        'vars.domain': 'cloud.qzwi.de',
                    },
                    'flauschekatze.space CERTIFICATE': {
                        'check_command': 'check_https_cert_at_url',
                        'vars.domain': 'flauschekatze.space',
                    },
                    'matrix.flauschekatze.space CERTIFICATE': {
                        'check_command': 'check_https_cert_at_url',
                        'vars.domain': 'matrix.flauschekatze.space',
                    },
                },
            },
        },
        'nginx': {
            'vhosts': {
                'icingaweb': {
                    'domain': 'icinga.kunsmann.eu',
                    'webroot': '/usr/share/icingaweb2/public',
                    'extras': True,
                },
                'icinga_statusmonitor': {
                    'domain': 'statusmonitor.icinga.kunsmann.eu',
                    'locations': {
                        '/': {
                            'target': 'http://127.0.0.1:5000/',
                        }
                    },
                },
                'statuspage': {
                    'domain': 'status.franzi.business',
                    'ssl': '_.franzi.business',
                    'webroot': '/opt/simple-icinga-dashboard/out',
                },
            },
        },
        'php': {
            'version': '7.4',
            'packages': {
                'curl',
                'gd',
                'intl',
                'json',
                'ldap',
                'mysql',
                'opcache',
                'pgsql',
                'readline',
                'xml',
            },
        },
        'postgresql': {
            'version': '11',
        },
        'simple-icinga-dashboard': {
            'icinga2_api': {
                'baseurl': 'https://127.0.0.1:5665',
                'username': 'dashboard',
                'password': vault.password_for('ovh.icinga2 icinga2 api_user dashboard'),
            },
            'filters': {
                'services': '"checks_with_sms" in service.groups',
            },
            'output': {
                'page_title': 'franzi.business Service Status',
            },
            'prettify': {
                'CONTENT': '',
                'NGINX':  'WEBSERVER',
                'PROCESS': 'SERVICE',
            },
        },
        'wireguard': {
            'peers': {
                'ovh.wireguard': {
                    'snat_to': '172.19.136.3',
                },
            },
        },
        'zfs': {
            'pools': {
                'tank': {
                    'when_creating': {
                        'config': [{
                            'devices': {
                                '/dev/sdb'
                            },
                        }],
                    },
                },
            },
        },
        'vm': {
            'cpu': 1,
            'ram': 2,
        },
    },
}