samba_use_winbind: false
samba_server_role: active directory domain controller
samba_options:
- idmap_ldb:use rfc2307: 'yes'

samba_dc_log_level: 1

samba_shares:
- name: sysvol
  path: /var/lib/samba/sysvol
  read_only: no
- name: netlogon
  path: /var/lib/samba/sysvol/{{ krb5_realm|lower }}/scripts
  read_only: no

samba_tls_enabled: true
samba_tls_keyfile: /etc/samba/server.key
samba_tls_certfile: /etc/samba/server.cer
samba_tls_cafile: /etc/samba/ca.crt

collectd_processes:
- name: samba
- name: smbd
- name: krb5kdc
- name: winbindd

admin_users:
- 'PYROCUFFLINK\dustin'
- 'PYROCUFFLINK\jenkins'

haproxy_resolvers:
- name: local
  nameservers:
  - name: local
    address: 127.0.0.1:53
  options:
    accepted_payload_size: 8192

samba_cert_acme_server: https://ca.pyrocufflink.blue:32599/acme/acme/directory
samba_cert_acme_email: '{{ ansible_hostname }}@pyrocufflink.net'