pillar.example

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
strongswan:
  # override default core settings in lookup dict
  # lookup:
  #   apparmor:
  #     add_rules: false

  # default config
  config:
    strictcrlpolicy: 'yes'
    uniqueids: 'no'

  conn:
    # option %default conn
    _default:
      keyingtries: 1

    # other conn
    conn_a:
      left: 10.10.1.1
      leftsubnet: 10.10.1.0/32
      right: 10.20.1.1
      rightsubnet: 10.20.1.0/32
      ike: 3des-sha1-modp1024
      esp: 3des-sha1
      authby: secret
      auto: add

    conn_b:
      left: 10.10.2.1
      leftsubnet: 10.10.2.0/32
      right: 10.20.2.1
      rightsubnet: 10.20.1.0/32
      ike: 3des-sha1-modp1024
      esp: 3des-sha1
      authby: secret
      auto: add

  # define secrets
  secrets:
    conn_a:
      - '10.10.1.1 : PSK "v+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL"'

    conn_b:
      - 'alice@strongswan.org : EAP "x3.dEhgN"'

  tofs:
    # The files_switch key serves as a selector for alternative
    # directories under the formula files directory. See TOFS pattern
    # doc for more info.
    # Note: Any value not evaluated by `config.get` will be used literally.
    # This can be used to set custom paths, as many levels deep as required.
    # files_switch:
    #   - any/path/can/be/used/here
    #   - id
    #   - roles
    #   - osfinger
    #   - os
    #   - os_family
    # All aspects of path/file resolution are customisable using the options below.
    # This is unnecessary in most cases; there are sensible defaults.
    # Default path: salt://< path_prefix >/< dirs.files >/< dirs.default >
    #         I.e.: salt://template/files/default
    # path_prefix: template_alt
    # dirs:
    #   files: files_alt
    #   default: default_alt
    # The entries under `source_files` are prepended to the default source files
    # given for the state
    source_files:
      ipsec-global-options:
        - 'alt_ipsec.conf.jinja'
      ipsec-conn-config:
        - 'alt_connection.conf.jinja'
      ipsec-global-secrets:
        - 'alt_ipsec.secrets.jinja'
      ipsec-secret-config:
        - 'alt_secret.secrets.jinja'