---
# =================================================================
# Production Configuration for mini-vps (Client Projects)
# =================================================================
# This host runs production services requiring high uptime
# Currently hosting: Sigvild Gallery, Devigo

# =================================================================
# TLS Configuration - Production Setup
# =================================================================
caddy_tls_enabled: true
caddy_domain: "health.sigvild.no"
caddy_tls_email: "{{ vault_caddy_tls_email }}"

# DNS Challenge Configuration (Cloudflare)
caddy_dns_provider: "cloudflare"
cloudflare_api_token: "{{ vault_cloudflare_api_token }}"

# Production Let's Encrypt CA
caddy_acme_ca: "https://acme-v02.api.letsencrypt.org/directory"

# =================================================================
# API Service Registration Configuration
# =================================================================
# Services now self-register using Caddy's admin API
caddy_api_enabled: true
caddy_server_name: "main"

# =================================================================
# Sigvild Gallery Configuration
# =================================================================
sigvild_gallery_frontend_domain: "sigvild.no"
sigvild_gallery_api_domain: "api.sigvild.no"

sigvild_gallery_local_project_path: "{{ lookup('env', 'HOME') }}/sigvild-gallery/"

# Backup configuration
sigvild_gallery_backup_enabled: true
sigvild_gallery_backup_local_path: "{{ lookup('env', 'HOME') }}/sigvild-gallery-backup/"

# Vault-encrypted passwords (create with ansible-vault)
sigvild_gallery_pb_su_email: "{{ vault_pb_su_email}}"
sigvild_gallery_pb_su_password: "{{ vault_pb_su_password}}"
sigvild_gallery_host_password: "{{ vault_sigvild_host_password }}"
sigvild_gallery_guest_password: "{{ vault_sigvild_guest_password }}"

# =================================================================
# Devigo Configuration (Docker-based deployment)
# =================================================================
devigo_domain: "devigo.no"
devigo_www_domain: "www.devigo.no"
devigo_primary_domain: "devigo.no"  # Apex is primary
devigo_docker_dir: "/opt/devigo"
devigo_ghcr_image: "ghcr.io/jnschaffer/rustan:prod"
github_username: "{{ vault_github_username }}"
github_token: "{{ vault_github_token }}"

# Decap OAuth (integrated service)
devigo_oauth_domain: "decap.jnss.me"
devigo_oauth_client_id: "{{ vault_devigo_oauth_client_id }}"
devigo_oauth_client_secret: "{{ vault_devigo_oauth_client_secret }}"
devigo_oauth_trusted_origins:
  - "https://devigo.no"
  - "https://www.devigo.no"

# =================================================================
# Security & Logging
# =================================================================
caddy_log_level: "INFO"
caddy_log_format: "json"
caddy_systemd_security: true