--- # ================================================================= # Valkey Infrastructure Role - Simplified Configuration # ================================================================= # Provides Valkey (Redis-compatible) as shared infrastructure for applications # Applications manage their own Valkey database selections and usage # ================================================================= # Essential Configuration # ================================================================= # Service Management valkey_service_enabled: true valkey_service_state: "started" # Network Security (Unix socket only - no TCP) valkey_bind: "" # Disable TCP, socket-only mode valkey_port: 0 # Disable TCP port valkey_protected_mode: false # Not needed for socket-only mode # Unix Socket Configuration valkey_unix_socket_enabled: true valkey_unix_socket_path: "/var/run/valkey/valkey.sock" # Note: 777 allows containers running as any UID to access the socket # This is needed for containers that start as root and switch to unprivileged users (e.g., Nextcloud) # Security is maintained via password authentication (requirepass) # Alternative: Use TCP on 127.0.0.1:6379 (see documentation) valkey_unix_socket_perm: "777" # Group-Based Access Control valkey_client_group: "valkey-clients" valkey_client_group_create: true # Authentication valkey_password: "{{ vault_valkey_password }}" # ================================================================= # Performance Settings (Conservative Defaults) # ================================================================= # Memory Management valkey_maxmemory: "256mb" valkey_maxmemory_policy: "allkeys-lru" # Persistence (balanced approach) valkey_save_enabled: true valkey_save_intervals: - "900 1" # Save if 1 key changed in 900s - "300 10" # Save if 10 keys changed in 300s - "60 10000" # Save if 10000 keys changed in 60s # RDB and AOF settings valkey_rdbcompression: true valkey_rdbchecksum: true valkey_appendonly: false # RDB only for simplicity # ================================================================= # Security Configuration # ================================================================= valkey_timeout: 300 valkey_tcp_keepalive: 300 valkey_tcp_backlog: 511 # ================================================================= # Database Configuration # ================================================================= # Database allocation for applications # Applications should use different database numbers: # - authentik: database 1 # - nextcloud: database 2 # - future services: database 3, 4, etc. valkey_databases: 16 # ================================================================= # Logging Configuration # ================================================================= valkey_loglevel: "notice" valkey_syslog_enabled: true valkey_syslog_ident: "valkey" # ================================================================= # Infrastructure Notes # ================================================================= # This role provides minimal Valkey infrastructure # Applications should configure their own Valkey usage: # # Environment variables in application configs: # - VALKEY_HOST: "{{ ansible_default_ipv4.address }}" or "127.0.0.1" # - VALKEY_PORT: "6379" # - VALKEY_PASSWORD: "{{ vault_valkey_password }}" # - VALKEY_DB: "1" (or 2, 3, etc. - unique per application) # # Note: Applications can also use REDIS_* environment variables # for compatibility since Valkey is fully Redis-compatible